default.nix
1 { inputs, config, pkgs, lib, self, hostname, ... }: let 2 3 networking = config.modules.networking; 4 5 in { 6 options.modules.networking = { 7 tailscale = { 8 enable = lib.mkEnableOption "enable tailscale"; 9 }; 10 resolved = { 11 enable = lib.mkEnableOption "use systemd-resolved"; 12 }; 13 }; 14 15 config = { 16 networking = { 17 hostName = hostname; 18 networkmanager = { 19 enable = true; 20 }; 21 nftables = { 22 enable = true; 23 }; 24 nameservers = lib.mkDefault [ 25 "192.168.10.156#dns-1.spacetime.technology" 26 ]; 27 hosts = lib.trivial.mergeAttrs 28 (builtins.listToAttrs (builtins.map (x: 29 {name = (lib.findFirst (x: builtins.hasAttr "inet" x) "0.0.0.0" x.ip).inet; value = [(x.hostname + ".arbel.local")];} 30 ) inputs.inventory.list)) 31 {}; 32 proxy = { 33 # default = "http://user:password@proxy:port/"; 34 # noProxy = "127.0.0.1,localhost,internal.domain"; 35 }; 36 firewall = { 37 enable = true; 38 trustedInterfaces = lib.mkIf networking.tailscale.enable [ config.services.tailscale.interfaceName ]; # check_this 39 # allowedUDPPorts = [ ... ]; 40 # allowedTCPPorts = [ ... ]; 41 }; 42 }; 43 services = { 44 resolved = lib.mkIf networking.resolved.enable { 45 enable = true; 46 dnssec = "false"; #"allow-downgrade"; 47 dnsovertls = "opportunistic"; 48 fallbackDns = [ 49 "85.130.157.152#dns.spacetime.technology" 50 "192.168.10.112#dns-master.home.spacetime.technology" 51 "192.168.10.114#dns-replica.home.spacetime.technology" 52 ]; 53 }; 54 tailscale = { 55 enable = networking.tailscale.enable; 56 openFirewall = true; 57 useRoutingFeatures = "both"; 58 interfaceName = "tailscale0"; 59 }; 60 tor = { 61 enable = lib.mkDefault false; 62 #openFirewall = true; 63 settings = { 64 Sandbox = true; 65 TransPort = [ 9040 ]; 66 DNSPort = 5353; 67 VirtualAddrNetworkIPv4 = "172.30.0.0/16"; 68 }; 69 }; 70 }; 71 systemd.services.NetworkManager-wait-online.enable = false; 72 }; 73 }