modules/network: init kresd
This commit is contained in:
parent
effcdee7f9
commit
e45eb7807f
SSH key fingerprint:
SHA256:UU5pRTl7NiLFJbWJZa+snLylZSXIz5rgHmwjzv8v4oE
5 changed files with 98116 additions and 23 deletions
|
|
@ -22,8 +22,17 @@ in
|
|||
signing.enable = true;
|
||||
};
|
||||
comin.enable = true;
|
||||
network.localdns.enable = true;
|
||||
};
|
||||
|
||||
nix.settings.substituters = [
|
||||
"https://nix-community.cachix.org"
|
||||
];
|
||||
nix.settings.trusted-public-keys = [
|
||||
# Compare to the key published at https://nix-community.org/cache
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
];
|
||||
|
||||
# Bootloader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
|
@ -56,6 +65,7 @@ in
|
|||
security.pam.services.login.enableGnomeKeyring = lib.mkForce false;
|
||||
|
||||
programs.ssh.agentPKCS11Whitelist = "${config.security.tpm2.pkcs11.package}/lib/libtpm_pkcs11.so";
|
||||
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gtk2;
|
||||
|
||||
networking.hostName = "calcite";
|
||||
|
||||
|
|
@ -198,6 +208,7 @@ in
|
|||
|
||||
hardware.pulseaudio.enable = false;
|
||||
security.rtkit.enable = true;
|
||||
services.avahi.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
wireplumber.enable = true;
|
||||
|
|
@ -206,6 +217,23 @@ in
|
|||
pulse.enable = true;
|
||||
# If you want to use JACK applications, uncomment this
|
||||
jack.enable = true;
|
||||
|
||||
# Airplay client
|
||||
raopOpenFirewall = true;
|
||||
extraConfig.pipewire = {
|
||||
"10-airplay" = {
|
||||
"context.modules" = [
|
||||
{
|
||||
name = "libpipewire-module-raop-discover";
|
||||
|
||||
# increase the buffer size if you get dropouts/glitches
|
||||
# args = {
|
||||
# "raop.latency.ms" = 500;
|
||||
# };
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
|
|
|
|||
|
|
@ -4,11 +4,14 @@
|
|||
lib,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (config.my-lib.settings)
|
||||
internalDomain
|
||||
;
|
||||
in
|
||||
{
|
||||
imports = [ ];
|
||||
|
||||
# Enable networking
|
||||
networking = {
|
||||
networkmanager = {
|
||||
enable = true;
|
||||
|
|
@ -21,27 +24,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
networking.resolvconf = {
|
||||
enable = true;
|
||||
dnsExtensionMechanism = false;
|
||||
useLocalResolver = false;
|
||||
};
|
||||
|
||||
services.kresd = {
|
||||
enable = true;
|
||||
listenPlain = [ ];
|
||||
extraConfig = ''
|
||||
log_level("notice")
|
||||
net.listen('127.0.0.1', 53)
|
||||
modules = { 'hints > iterate', 'stats', 'predict' }
|
||||
cache.size = 100 * MB
|
||||
trust_anchors.remove(".")
|
||||
policy.add(policy.all(policy.TLS_FORWARD( {
|
||||
{ "8.8.8.8", hostname="dns.google" } })))
|
||||
'';
|
||||
# policy.add(policy.suffix(policy.FORWARD({ "100.100.100.100" }), policy.todnames({ 'coho-tet.ts.net' })))
|
||||
};
|
||||
|
||||
# Enable Tailscale
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue