Price Hiller
02334f5601
All checks were successful
Check Formatting of Files / Check-Formatting (push) Successful in 1m14s
106 lines
2.5 KiB
Nix
Executable File
106 lines
2.5 KiB
Nix
Executable File
{ hostname, ... }:
|
|
|
|
let
|
|
networks_dhcp_use_dns = "no";
|
|
networks_dhcp = "ipv4";
|
|
networks_multicast_dns = "no";
|
|
networks_ipv6_privacy = "yes";
|
|
networks_ipv6_accept_ra = "yes";
|
|
networks_network_config = {
|
|
DHCP = networks_dhcp;
|
|
MulticastDNS = networks_multicast_dns;
|
|
IPv6PrivacyExtensions = networks_ipv6_privacy;
|
|
IPv6AcceptRA = networks_ipv6_accept_ra;
|
|
};
|
|
resolved_nameservers = [
|
|
"1.1.1.1#cloudflare-dns.com"
|
|
"9.9.9.9#dns.quad9.net"
|
|
"8.8.8.8#dns.google"
|
|
"2606:4700:4700::1111#cloudflare-dns.com"
|
|
"2620:fe::9#dns.quad9.net"
|
|
"2001:4860:4860::8888#dns.google"
|
|
];
|
|
resolved_fallback_nameservers = [
|
|
"1.1.1.1#one.one.one.one"
|
|
"1.0.0.1#one.one.one.one"
|
|
];
|
|
in
|
|
{
|
|
systemd.network = {
|
|
enable = true;
|
|
# HACK: Disable wait-online, check in on https://github.com/NixOS/nixpkgs/pull/258680 &
|
|
# https://github.com/NixOS/nixpkgs/issues/247608
|
|
wait-online.enable = false;
|
|
networks = {
|
|
"10-wlan" = {
|
|
matchConfig.Name = [ "wl*" ];
|
|
networkConfig = networks_network_config;
|
|
dhcpV4Config = {
|
|
RouteMetric = 600;
|
|
UseDNS = networks_dhcp_use_dns;
|
|
};
|
|
ipv6AcceptRAConfig = {
|
|
RouteMetric = 600;
|
|
UseDNS = networks_dhcp_use_dns;
|
|
};
|
|
};
|
|
"10-ethernet" = {
|
|
matchConfig.Name = [
|
|
"en*"
|
|
"eth*"
|
|
];
|
|
networkConfig = networks_network_config;
|
|
dhcpV4Config = {
|
|
RouteMetric = 100;
|
|
UseDNS = networks_dhcp_use_dns;
|
|
};
|
|
ipv6AcceptRAConfig = {
|
|
RouteMetric = 100;
|
|
UseDNS = networks_dhcp_use_dns;
|
|
};
|
|
};
|
|
"10-wwan" = {
|
|
matchConfig.Name = [ "ww*" ];
|
|
networkConfig = networks_network_config;
|
|
dhcpV4Config = {
|
|
RouteMetric = 700;
|
|
UseDNS = networks_dhcp_use_dns;
|
|
};
|
|
ipv6AcceptRAConfig = {
|
|
RouteMetric = 700;
|
|
UseDNS = networks_dhcp_use_dns;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
services.resolved = {
|
|
enable = true;
|
|
dnssec = "allow-downgrade";
|
|
domains = [ "~." ];
|
|
fallbackDns = resolved_fallback_nameservers;
|
|
llmnr = "resolve";
|
|
extraConfig = ''
|
|
MulticastDNS=yes
|
|
DNSOverTLS=yes
|
|
CacheFromLocalhost=no
|
|
Cache=yes
|
|
'';
|
|
};
|
|
networking = {
|
|
useNetworkd = true;
|
|
enableIPv6 = true;
|
|
nameservers = resolved_nameservers;
|
|
nftables.enable = true;
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [
|
|
80
|
|
443
|
|
2200
|
|
];
|
|
};
|
|
hostName = "${hostname}";
|
|
};
|
|
}
|