{ lib, vmixLib, ... }: with lib; with vmixLib.network; { macvtaps = mkOption { description = "Macvtap network definitions available to VMs in this namespace."; type = types.attrsOf (types.submodule { options = { uplink.iface = mkOption { type = types.str; description = "Host interface name to attach the macvtap device to."; }; uplink.namespace = mkOption { type = types.nullOr types.str; default = null; description = "Optional network namespace where the uplink interface exists. Null means the host namespace."; }; }; }); }; wan = { enable = mkOption { type = types.bool; default = true; description = "Enable forwarding traffic to and from the namespace to the rest of the networks on the host including the internet. (iptables FORWARD chain on the host)"; }; masquerade = mkOption { type = types.bool; default = true; description = "Masquerade outgoing traffic using host's IP"; }; host.reachable = mkOption { type = types.bool; default = true; description = "Allow talking to the host itself from the namespace and VMs on the lan (iptables INPUT chain on the host)"; }; host.addNSLansRoutes = mkOption { type = types.bool; default = true; description = "add routes to the LAN on host so the vms are reachable from the host"; }; # host.dns.addNSLansResolver = mkOption { # type = types.bool; # default = true; # }; dns.resolver.enable = mkOption { type = types.bool; default = true; description = "Add dnsmasq's built in resolver to lan clients DHCP responses"; }; dns.resolver.useHostResolvConf = mkOption { type = types.bool; default = false; description = "Use host's resolvconf for upstreaming dns queries"; }; dns.resolver.upstream = mkOption { type = types.listOf (types.strMatching regex.ipv4); default = []; description = "Upstream DNS servers for dnsmasq's built in resolver"; }; forwardPorts = mkOption { type = types.attrsOf types.int; default = {}; description = "Map host TCP port to namespace destination TCP port."; }; }; lans = mkOption { description = "Layer-2 LAN bridge networks and DHCP settings for the namespace."; type = types.attrsOf (types.submodule { options.domain = mkOption { type = types.nullOr types.str; default = null; description = "Domain name for the hosts of this lan."; }; options.ipv4 = { range = mkOption { type = types.strMatching regex.cidr4; description = "IPv4 Range in x.x.x.x/y format to be assigned to the network."; }; address = mkOption { type = types.nullOr (types.strMatching regex.ipv4); default = null; description = "IPv4 address to attach to the bridge interface of this Lan."; }; dhcp.enable = mkOption { type = types.bool; default = true; description = "Whether to start a DHCP server within this network."; }; dhcp.startAddress = mkOption { type = types.nullOr (types.strMatching regex.ipv4); description = "Starting IP Address for DHCP clients."; default = null; }; dhcp.endAddress = mkOption { type = types.nullOr (types.strMatching regex.ipv4); description = "Ending IP Address for DHCP clients."; default = null; }; dhcp.dns.addresses = mkOption { type = types.nullOr (types.listOf (types.strMatching regex.ipv4)); description = "List of IP Addresses to pass as DNS servers in the DHCP response. These servers are only passed if dnsmasq's built in resolver is not enabled via wan.dns.resolver.enable"; }; dhcp.statics = mkOption { description = "Static IP leases for mac addresses"; type = types.attrsOf (types.strMatching regex.ipv4); default = {}; }; }; }); }; # routes.internal.add = mkOption { # description = "Additional routes to add on the internal network"; # }; # routes.host.add = mkOption { # description = "Addtional routes to add on the host's network namespace"; # }; }