mirror of
https://github.com/ivabus/nixos
synced 2024-11-22 00:15:06 +03:00
Add DoT, networkd
Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
This commit is contained in:
parent
86b8eed465
commit
f9d23bbb12
11 changed files with 45 additions and 18 deletions
|
@ -8,6 +8,7 @@ in {
|
|||
};
|
||||
|
||||
config = lib.mkIf (cfg.enable) {
|
||||
networking.wireless.iwd.enable = true;
|
||||
environment.systemPackages = with pkgs; [
|
||||
lm_sensors
|
||||
];
|
||||
|
|
|
@ -1,20 +1,27 @@
|
|||
{ pkgs, ... }:
|
||||
{ pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
networking.wireless.iwd.enable = true;
|
||||
networking.wireless.iwd.settings = {
|
||||
General = {
|
||||
# Enable DHCP in IWD, TODO: don't do it
|
||||
EnableNetworkConfiguration = true;
|
||||
};
|
||||
networking.firewall.allowPing = true;
|
||||
networking.useNetworkd = lib.mkDefault true;
|
||||
systemd.network.wait-online.enable = lib.mkDefault false;
|
||||
|
||||
# Use systemd-resolved for DoT support.
|
||||
services.resolved = {
|
||||
enable = true;
|
||||
dnssec = "false";
|
||||
extraConfig = ''
|
||||
DNSOverTLS=yes
|
||||
'';
|
||||
};
|
||||
|
||||
# TODO: setup DoH or DoT
|
||||
networking.nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ];
|
||||
# Used by systemd-resolved, not directly by resolv.conf.
|
||||
networking.nameservers = [
|
||||
"8.8.8.8#dns.google"
|
||||
"1.0.0.1#cloudflare-dns.com"
|
||||
];
|
||||
|
||||
networking.enableIPv6 = true;
|
||||
|
||||
services.resolved.enable = true;
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
nssmdns = true;
|
||||
|
|
|
@ -18,7 +18,9 @@
|
|||
|
||||
boot.kernel.sysctl = {
|
||||
"kernel.sysrq" = 0;
|
||||
|
||||
"net.ipv4.icmp_ignore_bogus_error_responces" = 1;
|
||||
"net.ipv4.icmp_echo_ignore_broadcasts" = 1;
|
||||
"net.ipv4.conf.default.rp_filter" = 1;
|
||||
"net.ipv4.conf.all.rp_filter" = 1;
|
||||
"net.ipv4.conf.all.accept_source_route" = 0;
|
||||
|
@ -33,12 +35,18 @@
|
|||
"net.ipv4.conf.default.secure_redirects" = 0;
|
||||
"net.ipv6.conf.all.accept_redirects" = 0;
|
||||
"net.ipv6.conf.default.accept_redirects" = 0;
|
||||
"net.ipv4.ip_forward" = 1;
|
||||
|
||||
"net.ipv6.conf.all.accept_ra" = 0;
|
||||
"net.ipv6.conf.default.accept_ra" = 0;
|
||||
|
||||
"net.ipv4.tcp_syncookies" = 1;
|
||||
"net.ipv4.conf.default.log_martians" = 1;
|
||||
"net.ipv4.conf.all.log_martians" = 1;
|
||||
"net.ipv4.tcp_rfc1337" = 1;
|
||||
|
||||
"net.ipv4.tcp_fastopen" = 3;
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
|
||||
"net.core.default_qdisc" = "cake";
|
||||
};
|
||||
|
||||
|
|
|
@ -26,6 +26,9 @@ in {
|
|||
yggdrasil-client.enable = true;
|
||||
};
|
||||
|
||||
networking.useDHCP = true;
|
||||
|
||||
|
||||
# Setup asahi-specific things. NOTE: you must copy firmware from ESP to /etc/nixos/asahi/firmware
|
||||
hardware.asahi.peripheralFirmwareDirectory = ../../asahi/firmware;
|
||||
hardware.asahi.addEdgeKernelConfig = true;
|
||||
|
|
|
@ -25,7 +25,6 @@
|
|||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/272341f1-b083-497e-b129-aef8732b5b50"; }
|
||||
];
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||
|
|
|
@ -27,6 +27,8 @@ in {
|
|||
yggdrasil-client.enable = true;
|
||||
};
|
||||
|
||||
networking.useDHCP = true;
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
}
|
||||
|
||||
|
|
|
@ -33,6 +33,8 @@ in {
|
|||
cpuFreqGovernor = "ondemand";
|
||||
};
|
||||
|
||||
networking.useDHCP = true;
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
}
|
||||
|
||||
|
|
|
@ -25,6 +25,8 @@ in {
|
|||
yggdrasil-client.enable = true;
|
||||
};
|
||||
|
||||
networking.useDHCP = true;
|
||||
|
||||
services.xserver.videoDrivers=["amdgpu"];
|
||||
boot.initrd.kernelModules=["amdgpu"];
|
||||
|
||||
|
|
|
@ -23,8 +23,6 @@
|
|||
|
||||
swapDevices = [ ];
|
||||
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
|
|
|
@ -4,7 +4,7 @@ let
|
|||
cfg = config.my.roles.gaming;
|
||||
in {
|
||||
options.my.roles.gaming.enable = lib.mkEnableOption "Enable wine & steam";
|
||||
config = lib.mkIf (cfg.enable) (lib.mkMerge {
|
||||
config = lib.mkIf (cfg.enable) ( lib.mkMerge [{
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
hardware.opengl.driSupport32Bit = true;
|
||||
services.pipewire.alsa.support32Bit = true;
|
||||
|
@ -17,6 +17,11 @@ in {
|
|||
wineWowPackages.waylandFull
|
||||
];
|
||||
}
|
||||
# Enable steam only on x86_64 (since we have hosts with ARM, but I don't think I will enable my.roles.gaming on ARM system soon)
|
||||
(lib.mkIf(pkgs.stdenv.isx86_64) {programs.steam.enable = true;}))
|
||||
# Enable steam only on x86_64 (since I have hosts with ARM, but I don't think I will enable my.roles.gaming on ARM system soon)
|
||||
(lib.mkIf(pkgs.stdenv.isx86_64) {
|
||||
programs.steam.enable = true; # Firewall ports used by Steam in-home streaming.
|
||||
networking.firewall.allowedTCPPorts = [ 27036 27037 ];
|
||||
networking.firewall.allowedUDPPorts = [ 27031 27036 ];
|
||||
})
|
||||
]);
|
||||
}
|
|
@ -5,7 +5,7 @@ let
|
|||
in {
|
||||
options.my.roles.latex.enable = lib.mkEnableOption "Enable latex stuff";
|
||||
config = lib.mkIf (cfg.enable){
|
||||
environment.systemPackages = with pkgs;
|
||||
environment.systemPackages = with pkgs; [
|
||||
# Maybe I don't need to use -full variant of texlive
|
||||
# I should find distribution I actually need
|
||||
texlive.combined.scheme-full
|
||||
|
|
Loading…
Reference in a new issue