nixos/common/networking.nix

{ pkgs, lib, ... }:

{
  networking.firewall.allowPing = true;

  networking.useNetworkd = lib.mkDefault true;
  systemd.network.wait-online.enable = lib.mkDefault false;

  # Use systemd-resolved for DoT support.
  services.resolved = {
    enable = true;
    dnssec = "false";
    extraConfig = ''
      DNSOverTLS=yes
    '';
  };

  # Used by systemd-resolved, not directly by resolv.conf.
  networking.nameservers = [
    "8.8.8.8#dns.google"
    "1.0.0.1#cloudflare-dns.com"
  ];

  networking.enableIPv6 = true;

  services.avahi = {
    enable = true;
    nssmdns = true;
    publish = {
      enable = true;
      addresses = true;
      domain = true;
      hinfo = true;
      userServices = true;
      workstation = true;
    };
  };

  services.chrony.enable = true;
  networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ];

  # Useful tools
  boot.kernelModules = [ "af_packet" ];
  environment.systemPackages = with pkgs; [ mtr tcpdump traceroute ];
}
Add DoT, networkd Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev> 2023-08-23 10:36:32 +03:00			`{ pkgs, lib, ... }:`
uhhhhhhhhh add secrets refactor things 2023-07-28 15:39:50 +03:00
			`{`
Add DoT, networkd Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev> 2023-08-23 10:36:32 +03:00			`networking.firewall.allowPing = true;`
Aughhthghhhgh Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev> 2023-08-24 11:06:09 +03:00
Add DoT, networkd Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev> 2023-08-23 10:36:32 +03:00			`networking.useNetworkd = lib.mkDefault true;`
			`systemd.network.wait-online.enable = lib.mkDefault false;`

			`# Use systemd-resolved for DoT support.`
			`services.resolved = {`
			`enable = true;`
			`dnssec = "false";`
			`extraConfig = ''`
			`DNSOverTLS=yes`
			`'';`
uhhhhhhhhh add secrets refactor things 2023-07-28 15:39:50 +03:00			`};`

Add DoT, networkd Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev> 2023-08-23 10:36:32 +03:00			`# Used by systemd-resolved, not directly by resolv.conf.`
			`networking.nameservers = [`
			`"8.8.8.8#dns.google"`
			`"1.0.0.1#cloudflare-dns.com"`
			`];`
uhhhhhhhhh add secrets refactor things 2023-07-28 15:39:50 +03:00
Add avahi + enable IPv6 Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev> 2023-07-30 16:47:22 +03:00			`networking.enableIPv6 = true;`

			`services.avahi = {`
			`enable = true;`
			`nssmdns = true;`
Fix avahi conf Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev> 2023-07-30 16:59:19 +03:00			`publish = {`
			`enable = true;`
			`addresses = true;`
			`domain = true;`
			`hinfo = true;`
			`userServices = true;`
			`workstation = true;`
			`};`
Add avahi + enable IPv6 Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev> 2023-07-30 16:47:22 +03:00			`};`

Migrate to chrony + add ntp-server role + minor fixes Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev> 2023-09-02 22:14:13 +03:00			`services.chrony.enable = true;`
uhhhhhhhhh add secrets refactor things 2023-07-28 15:39:50 +03:00			`networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ];`
Add some comments, fix vetus and celerrime Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev> 2023-08-23 09:38:48 +03:00
			`# Useful tools`
Rethink configuration Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev> 2023-08-19 11:06:28 +03:00			`boot.kernelModules = [ "af_packet" ];`
			`environment.systemPackages = with pkgs; [ mtr tcpdump traceroute ];`
Add avahi + enable IPv6 Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev> 2023-07-30 16:47:22 +03:00			`}`