diff options
| -rw-r--r-- | nix/machines/common/network.nix | 41 | ||||
| -rw-r--r-- | nix/machines/vm-synology/default.nix | 1 |
2 files changed, 42 insertions, 0 deletions
diff --git a/nix/machines/common/network.nix b/nix/machines/common/network.nix new file mode 100644 index 0000000..fb31099 --- /dev/null +++ b/nix/machines/common/network.nix @@ -0,0 +1,41 @@ +{ + lib, + pkgs, + config, + ... +}: +{ + networking.firewall.allowPing = true; + + # Default to systemd-networkd usage. + networking.useNetworkd = lib.mkDefault true; + systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; + + # Use systemd-resolved for DoT support. + services.resolved = { + enable = true; + dnssec = "false"; + extraConfig = '' + DNSOverTLS=yes + ''; + }; + + # Used by systemd-resolved, not directly by resolv.conf. + networking.nameservers = [ + "8.8.8.8#dns.google" + "1.0.0.1#cloudflare-dns.com" + ]; + + networking.firewall.logRefusedConnections = false; + + boot.kernel.sysctl = { + "net.ipv4.tcp_fastopen" = 3; + "net.ipv4.tcp_tw_reuse" = 1; + }; + + environment.systemPackages = with pkgs; [ + mtr + tcpdump + traceroute + ]; +} diff --git a/nix/machines/vm-synology/default.nix b/nix/machines/vm-synology/default.nix index 8f3b725..966d173 100644 --- a/nix/machines/vm-synology/default.nix +++ b/nix/machines/vm-synology/default.nix @@ -22,6 +22,7 @@ ./git.nix ./hardware.nix ./ingress.nix + ../common/network.nix ]; # Use the systemd-boot EFI boot loader. |