nixos-config/machines/calcite/network.nix
2025-03-04 18:32:55 +08:00

78 lines
1.7 KiB
Nix

{
config,
pkgs,
lib,
...
}:
{
imports = [ ];
# Enable networking
networking = {
networkmanager = {
enable = true;
dns = "default";
settings = {
main = {
rc-manager = "resolvconf";
};
};
};
};
networking.resolvconf = {
enable = true;
dnsExtensionMechanism = false;
useLocalResolver = false;
};
services.kresd = {
enable = true;
listenPlain = [ ];
extraConfig = ''
log_level("notice")
net.listen('127.0.0.1', 53)
modules = { 'hints > iterate', 'stats', 'predict' }
cache.size = 100 * MB
trust_anchors.remove(".")
policy.add(policy.all(policy.TLS_FORWARD( {
{ "8.8.8.8", hostname="dns.google" } })))
'';
# policy.add(policy.suffix(policy.FORWARD({ "100.100.100.100" }), policy.todnames({ 'coho-tet.ts.net' })))
};
# Enable Tailscale
services.tailscale = {
enable = true;
extraUpFlags = [ "--accept-dns=false" ];
};
# services.tailscale.useRoutingFeatures = "both";
services.dae.enable = true;
services.dae.configFile = "/var/lib/dae/config.dae";
systemd.services.dae.after = lib.mkIf (config.networking.networkmanager.enable) [
"NetworkManager-wait-online.service"
];
# Open ports in the firewall.
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 3389 ];
networking.firewall.allowedUDPPorts = [
3389
41641
];
networking.firewall.trustedInterfaces = [ "tailscale0" ];
# Use nftables to manager firewall
networking.nftables.enable = true;
programs.wireshark = {
enable = true;
package = pkgs.wireshark-qt;
};
programs.kdeconnect = {
enable = true;
package = pkgs.valent;
};
}