feat(rego-tunnel): optional second VM NIC + robust QCOW2 patch

2025-12-29 06:48:03 +00:00
parent cb7e309915
commit 2dae9f667e
2 changed files with 55 additions and 0 deletions
--- a/apps/rego-tunnel/build/setup-network.sh
+++ b/apps/rego-tunnel/build/setup-network.sh
@@ -16,6 +16,12 @@ VM_NET_IP="${VM_NET_IP:-100.100.0.2}"
 VM_SUBNET="${VM_SUBNET:-100.100.0.0}"
 TARGET_IP="${TARGET_IP:-10.35.33.230}"

+# Optional second bridge/tap for a second VM NIC (pure L2 with the container).
+# This is opt-in: set BRIDGE2_NAME and TAP2_NAME (and optionally BRIDGE2_CIDR).
+BRIDGE2_NAME="${BRIDGE2_NAME:-}"
+TAP2_NAME="${TAP2_NAME:-}"
+BRIDGE2_CIDR="${BRIDGE2_CIDR:-}"
+
 if [[ "$BRIDGE_CIDR" != */* ]]; then
    BRIDGE_CIDR="$BRIDGE_CIDR/24"
 fi
@@ -49,6 +55,31 @@ fi
 ip link set "$TAP_NAME" master "$BRIDGE_NAME" 2>/dev/null || true
 ip link set "$TAP_NAME" up

+# Optional second bridge/tap (no NAT rules are applied here)
+if [ -n "$BRIDGE2_NAME" ] || [ -n "$TAP2_NAME" ]; then
+    if [ -z "$BRIDGE2_NAME" ] || [ -z "$TAP2_NAME" ]; then
+        echo "[rego-tunnel] WARN: BRIDGE2_NAME and TAP2_NAME must both be set to enable the second bridge"
+    else
+        if ! ip link show "$BRIDGE2_NAME" &>/dev/null; then
+            ip link add "$BRIDGE2_NAME" type bridge
+        fi
+        if [ -n "$BRIDGE2_CIDR" ]; then
+            if [[ "$BRIDGE2_CIDR" != */* ]]; then
+                BRIDGE2_CIDR="$BRIDGE2_CIDR/24"
+            fi
+            ip addr show dev "$BRIDGE2_NAME" | grep -qF "$BRIDGE2_CIDR" || ip addr add "$BRIDGE2_CIDR" dev "$BRIDGE2_NAME" 2>/dev/null || true
+        fi
+        ip link set "$BRIDGE2_NAME" up
+
+        if ! ip link show "$TAP2_NAME" &>/dev/null; then
+            ip tuntap add "$TAP2_NAME" mode tap
+        fi
+        ip link set "$TAP2_NAME" master "$BRIDGE2_NAME" 2>/dev/null || true
+        ip link set "$TAP2_NAME" up
+        echo "[rego-tunnel] Second bridge enabled: $BRIDGE2_NAME (tap $TAP2_NAME)"
+    fi
+fi
+
 # Enable IP forwarding
 echo 1 > /proc/sys/net/ipv4/ip_forward

@@ -75,3 +106,8 @@ echo "Bridge: $BRIDGE_NAME = $BRIDGE_CIDR"
 echo "TAP: $TAP_NAME attached to $BRIDGE_NAME"
 echo "Route: $TARGET_IP via $VM_NET_IP (VM)"
 echo "Outbound interface: ${WAN_IF}"
+
+if [ -n "$BRIDGE2_NAME" ] && [ -n "$TAP2_NAME" ]; then
+    echo "Bridge2: $BRIDGE2_NAME${BRIDGE2_CIDR:+ = $BRIDGE2_CIDR}"
+    echo "TAP2: $TAP2_NAME attached to $BRIDGE2_NAME"
+fi