greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

netns: rename bridge br0 -> nb-br

Browse Source 
br0 has a high risk of name clashes when nix-bitcoin used as part of a
larger config.
Use a more specific name.
This commit is contained in:
Erik Arvstedt 2020-08-21 22:36:03 +02:00
parent 32e70a7516
commit 8bfb7bb2f8
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
modules/netns-isolation.nix
View File

@ -95,9 +95,9 @@ in {
# Base infrastructure # Base infrastructure
{ {
networking.dhcpcd.denyInterfaces = [ "br0" "br-nb*" "nb-veth*" ]; networking.dhcpcd.denyInterfaces = [ "nb-br" "br-nb*" "nb-veth*" ];
services.tor.client.socksListenAddress = "${bridgeIp}:9050"; services.tor.client.socksListenAddress = "${bridgeIp}:9050";
networking.firewall.interfaces.br0.allowedTCPPorts = [ 9050 ]; networking.firewall.interfaces.nb-br.allowedTCPPorts = [ 9050 ];
boot.kernel.sysctl."net.ipv4.ip_forward" = true; boot.kernel.sysctl."net.ipv4.ip_forward" = true;
security.wrappers.netns-exec = { security.wrappers.netns-exec = {
source = "${pkgs.nix-bitcoin.netns-exec}/netns-exec"; source = "${pkgs.nix-bitcoin.netns-exec}/netns-exec";
@ -112,14 +112,14 @@ in {
requiredBy = [ "tor.service" ]; requiredBy = [ "tor.service" ];
before = [ "tor.service" ]; before = [ "tor.service" ];
script = '' script = ''
${ip} link add name br0 type bridge ${ip} link add name nb-br type bridge
${ip} link set br0 up ${ip} link set nb-br up
${ip} addr add ${bridgeIp}/24 brd + dev br0 ${ip} addr add ${bridgeIp}/24 brd + dev nb-br
${iptables} -w -t nat -A POSTROUTING -s 169.254.${toString cfg.addressblock}.0/24 -j MASQUERADE ${iptables} -w -t nat -A POSTROUTING -s 169.254.${toString cfg.addressblock}.0/24 -j MASQUERADE
''; '';
preStop = '' preStop = ''
${iptables} -w -t nat -D POSTROUTING -s 169.254.${toString cfg.addressblock}.0/24 -j MASQUERADE ${iptables} -w -t nat -D POSTROUTING -s 169.254.${toString cfg.addressblock}.0/24 -j MASQUERADE
${ip} link del br0 ${ip} link del nb-br
''; '';
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@ -150,7 +150,7 @@ in {
${ipNetns} addr add ${v.address}/24 dev ${vethName} ${ipNetns} addr add ${v.address}/24 dev ${vethName}
${ip} link set br-${vethName} up ${ip} link set br-${vethName} up
${ipNetns} link set ${vethName} up ${ipNetns} link set ${vethName} up
${ip} link set br-${vethName} master br0 ${ip} link set br-${vethName} master nb-br
${ipNetns} route add default via ${bridgeIp} ${ipNetns} route add default via ${bridgeIp}
${netnsIptables} -w -P INPUT DROP ${netnsIptables} -w -P INPUT DROP
${netnsIptables} -w -A INPUT -s 127.0.0.1,${bridgeIp},${v.address} -j ACCEPT ${netnsIptables} -w -A INPUT -s 127.0.0.1,${bridgeIp},${v.address} -j ACCEPT