diff options
Diffstat (limited to 'nix/machines/common/network.nix')
| -rw-r--r-- | nix/machines/common/network.nix | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/nix/machines/common/network.nix b/nix/machines/common/network.nix new file mode 100644 index 0000000..fb31099 --- /dev/null +++ b/nix/machines/common/network.nix @@ -0,0 +1,41 @@ +{ + lib, + pkgs, + config, + ... +}: +{ + networking.firewall.allowPing = true; + + # Default to systemd-networkd usage. + networking.useNetworkd = lib.mkDefault true; + systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; + + # Use systemd-resolved for DoT support. + services.resolved = { + enable = true; + dnssec = "false"; + extraConfig = '' + DNSOverTLS=yes + ''; + }; + + # Used by systemd-resolved, not directly by resolv.conf. + networking.nameservers = [ + "8.8.8.8#dns.google" + "1.0.0.1#cloudflare-dns.com" + ]; + + networking.firewall.logRefusedConnections = false; + + boot.kernel.sysctl = { + "net.ipv4.tcp_fastopen" = 3; + "net.ipv4.tcp_tw_reuse" = 1; + }; + + environment.systemPackages = with pkgs; [ + mtr + tcpdump + traceroute + ]; +} |