Skip to content

0lzi/vyos-lab

10 Branches0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

0lzi0lzi
update ssh key
Feb 14, 2025
49d7be2 · Feb 14, 2025

History

37 Commits
group_vars
group_vars
Feb 11, 2025
roles
roles
Feb 11, 2025
vars
vars
Feb 14, 2025
.envrc
.envrc
Jan 29, 2025
.gitignore
.gitignore
Jan 29, 2025
README.md
README.md
Feb 13, 2025
ansible.cfg
ansible.cfg
Jan 3, 2025
flake.lock
flake.lock
Jan 29, 2025
flake.nix
flake.nix
Jan 29, 2025
hosts
hosts
Jan 29, 2025
pyproject.toml
pyproject.toml
Feb 13, 2025
requirements.yml
requirements.yml
Jan 3, 2025
uv.lock
uv.lock
Feb 13, 2025
vyos_base.yml
vyos_base.yml
Jan 14, 2025
vyos_firewall.yml
vyos_firewall.yml
Jan 14, 2025
vyos_networks.yml
vyos_networks.yml
Jan 14, 2025
vyos_port-forward.yml
vyos_port-forward.yml
Jan 22, 2025
vyos_users.yml
vyos_users.yml
Jan 18, 2025

Repository files navigation

Vyos Home-Lab setup

Notes getting vyos up and running

VM

Make sure it has 2 interfaces one for WAN one for LAN/SDN network

Boot

install image

Ansible setup with UV

prerequisites: uv:

  • sudo apt install -y pipx && pipx install uv
  • brew install uv

With uv installed , run uv sync --frozen then go into the venv . .venv/bin/activate then install ansible requirements, ansible-galaxy install -r requirements.yml

Run the playbooks as normal eg ansible-playbook vyos_base.yml

Ansible setup nix

nix develop to use the flake.nix

with direnv direnv allow . and add eval "$(direnv hook bash)" to ~/.bashrc install direnv via Nix config, Home-manager or via nix-env -i direnv

Initial manual config

set system host-name 'firewall'
set interfaces ethernet eth0 address '10.0.1.254/24' # SDN network
set interfaces ethernet eth1 address '192.168.1.252/24'# Local/WAN network
set interfaces ethernet eth1 address dhcp # WAN not tested
set protocols static route 0.0.0.0/0 next-hop 192.168.1.254 # Router gateway if not using ISP/dhcp
set service dns forwarding allow-from '10.0.1.0/24' # Allow dns forwarding from SDN
set service dns forwarding listen-address '127.0.0.1'
set service ssh listen-address '192.168.1.252' # Set ssh listen address and port
set service ssh port '22'
set system login user <username> authentication plaintext-password foo
set system login user <username> authentication public-keys <keyname> key 'key'
set system login user oli authentication public-keys <keyname> type 'ssh-ed25519'
delete system login user vyos
set system name-server 192.168.1.114 # Set DNS server
set system name-server 192.168.1.115 # Set DNS server
# Set up DCHP for devnet
set service dhcp-server shared-network-name devnet authoritative
set service dhcp-server shared-network-name devnet description 'testing'
set service dhcp-server shared-network-name devnet subnet 10.0.1.0/24 option default-router '10.0.1.254'
set service dhcp-server shared-network-name devnet subnet 10.0.1.0/24 option name-server '192.168.1.114'
set service dhcp-server shared-network-name devnet subnet 10.0.1.0/24 range 0 start '10.0.1.1'
set service dhcp-server shared-network-name devnet subnet 10.0.1.0/24 range 0 stop '10.0.1.10'
set service dhcp-server shared-network-name devnet subnet 10.0.1.0/24 subnet-id '1'

# Set up SNAT
set nat source rule 1 description 'devnet via eth1'
set nat source rule 1 outbound-interface name 'eth1'
set nat source rule 1 source address '10.0.1.0/24'
set nat source rule 1 translation address 'masquerade'

# Set up firewall

About

repo for playing with vyos in home-lab

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages