more simplification of the configuration

author: Franck Cuny <franck@fcuny.net> 2025-10-09 19:21:46 -0700
committer: Franck Cuny <franck@fcuny.net> 2025-10-09 19:21:46 -0700
commit: a0c2fdc90aefe9fc2e5d8f75eb7e7a1ef4974b2e (patch)
tree: ae2bbf86c8392c0722a373ae11ec20abd7201bf8 /modules/nixos
parent: move common modules under modules/ (diff)
download: infra-a0c2fdc90aefe9fc2e5d8f75eb7e7a1ef4974b2e.tar.gz
1 files changed, 36 insertions, 0 deletions
diff --git a/modules/nixos/base.nix b/modules/nixos/base.nix
index f3dece1..9ed3abc 100644
--- a/modules/nixos/base.nix
+++ b/modules/nixos/base.nix
@@ -16,6 +16,42 @@
     };
   };
 
+  networking = {
+    useNetworkd = true;
+    # Used by systemd-resolved, not directly by resolv.conf.
+    nameservers = [
+      "8.8.8.8#dns.google"
+      "1.0.0.1#cloudflare-dns.com"
+    ];
+    firewall = {
+      enable = true;
+      allowPing = true;
+      logRefusedConnections = false;
+    };
+  };
+
+  systemd.network = {
+    enable = true;
+  };
+
+  services.resolved = {
+    enable = true;
+    dnssec = "false";
+  };
+
+  services.fail2ban = {
+    enable = true;
+    ignoreIP = [
+      "10.100.0.0/24" # wireguard
+    ];
+    bantime = "1h";
+    bantime-increment = {
+      enable = true;
+      maxtime = "168h";
+      factor = "4";
+    };
+  };
+
   i18n = {
     defaultLocale = "en_US.UTF-8";
     supportedLocales = [
author	Franck Cuny <franck@fcuny.net>	2025-10-09 19:21:46 -0700
committer	Franck Cuny <franck@fcuny.net>	2025-10-09 19:21:46 -0700
commit	a0c2fdc90aefe9fc2e5d8f75eb7e7a1ef4974b2e (patch)
tree	ae2bbf86c8392c0722a373ae11ec20abd7201bf8 /modules/nixos
parent	move common modules under modules/ (diff)
download	infra-a0c2fdc90aefe9fc2e5d8f75eb7e7a1ef4974b2e.tar.gz