2024-12-20 22:37:44 -05:00
{
config ,
lib ,
pkgs ,
. . .
} :
2024-12-17 15:26:10 -05:00
2025-01-13 17:43:38 -05:00
# Alternative DNS servers:
# "1.0.0.1#cloudflare-dns.com"
# "1.1.1.1#cloudflare-dns.com"
# "2606:4700:4700::1001#cloudflare-dns.com"
# "2606:4700:4700::1111#cloudflare-dns.com"
# "8.8.4.4#dns.google"
# "8.8.8.8#dns.google"
# "2001:4860:4860::8844#dns.google"
# "2001:4860:4860::8888#dns.google"
2026-03-03 09:33:11 -05:00
let
patchScriptBin =
filename : contents :
( ( pkgs . writeScriptBin filename contents ) . overrideAttrs ( old : {
buildCommand = " ${ old . buildCommand } \n p a t c h S h e b a n g s $ o u t " ;
} ) ) ;
next_hop = ( patchScriptBin " n e x t _ h o p " ( builtins . readFile ./files/next_hop_linux.bash ) ) ;
in
2024-12-17 15:26:10 -05:00
{
2024-12-20 22:37:44 -05:00
imports = [ ] ;
2024-12-17 15:26:10 -05:00
2025-10-11 00:08:02 -04:00
options . me = {
network . enable = lib . mkOption {
type = lib . types . bool ;
default = false ;
example = true ;
description = " W h e t h e r w e w a n t t o i n s t a l l n e t w o r k . " ;
} ;
2024-12-17 15:26:10 -05:00
} ;
2024-12-20 21:06:04 -05:00
2025-10-11 00:08:02 -04:00
config = lib . mkIf config . me . network . enable {
networking . dhcpcd . enable = lib . mkDefault false ;
networking . useDHCP = lib . mkDefault false ;
networking . nameservers = [
" 1 9 4 . 2 4 2 . 2 . 2 # d o h . m u l l v a d . n e t "
" 2 a 0 7 : e 3 4 0 : : 2 # d o h . m u l l v a d . n e t "
] ;
services . resolved = {
enable = true ;
# dnssec = "true";
2026-01-15 18:10:05 -05:00
settings . Resolve . Domains = [ " ~ . " ] ;
settings . Resolve . FallbackDNS = [ ] ;
settings . Resolve . DNSOverTLS = " t r u e " ;
2024-12-17 15:26:10 -05:00
} ;
2025-01-15 21:01:30 -05:00
2025-10-11 00:08:02 -04:00
# Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection hanging and timing out. This causes firefox startup to take an extra 10+ seconds.
#
# Test with: drill @127.0.0.53 odo.home.arpa
# TODO: The 127.0.0.1 address should probably be moved to a host-specific file.
networking . extraHosts = ''
127 .0 .0 .1 $ { config . networking . hostName } . home . arpa
2026-04-04 19:27:35 -04:00
10 .216 .1 .32 homeserver
fdfd:5e8a:ee2d::1:32 homeserver
2025-10-11 00:08:02 -04:00
10 .216 .1 .6 media
10 .216 .1 .12 odo
2026-04-04 19:27:35 -04:00
fdfd:5e8a:ee2d::1:2 odo
2025-10-11 00:08:02 -04:00
10 .216 .1 .14 neelix
10 .216 .1 .15 quark
2026-04-04 19:27:35 -04:00
fdfd:5e8a:ee2d::1:3 quark
2025-10-11 00:08:02 -04:00
10 .217 .1 .1 drmario
10 .217 .2 .1 mrmanager
2026-04-04 19:27:35 -04:00
fdfd:5e8a:ee2d::2:2 mrmanager
172 .16 .16 .245 turtle
172 .16 .16 .251 stream
2025-10-11 00:08:02 -04:00
'' ;
2025-04-11 19:22:05 -04:00
2025-10-11 00:08:02 -04:00
networking . wireless . iwd = {
enable = true ;
2025-06-01 20:10:25 -04:00
2025-10-11 00:08:02 -04:00
settings = {
General = {
EnableNetworkConfiguration = true ;
AddressRandomization = " n e t w o r k " ;
} ;
# Rank = {
# BandModifier2_4GHz = 1.0;
# BandModifier5GHz = 1.0;
# BandModifier6GHz = 1.0;
# };
DriverQuirks = {
PowerSaveDisable = " * " ;
# ath12k_pci
} ;
# Scan = {
# DisablePeriodicScan = true;
# DisableRoamingScan = true;
# };
} ;
} ;
environment . systemPackages = with pkgs ; [
iw
iwd
ldns # for drill
arp-scan # To find devices on the network
wavemon
dhcpcd # For Android USB tethering.
2026-03-03 09:33:11 -05:00
next_hop
2025-10-11 00:08:02 -04:00
] ;
2025-06-01 20:10:25 -04:00
2025-10-11 00:08:02 -04:00
boot . extraModprobeConfig = ''
# Set wifi to US
options cfg80211 ieee80211_regdom = US
'' ;
2025-09-27 17:58:59 -04:00
2025-10-11 00:08:02 -04:00
boot . kernel . sysctl = {
# Enable TCP packetization-layer PMTUD when an ICMP black hole is detected.
" n e t . i p v 4 . t c p _ m t u _ p r o b i n g " = 1 ;
# Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
# We set this in the kernel config, but include this here for unoptimized builds.
" n e t . i p v 4 . t c p _ c o n g e s t i o n _ c o n t r o l " = " b b r " ;
# Don't do a slow start after a connection has been idle for a single RTO.
" n e t . i p v 4 . t c p _ s l o w _ s t a r t _ a f t e r _ i d l e " = 0 ;
# 3x time to accumulate filesystem changes before flushing to disk.
" v m . d i r t y _ w r i t e b a c k _ c e n t i s e c s " = 1500 ;
# Adjust ttl
" n e t . i p v 4 . i p _ d e f a u l t _ t t l " = 65 ;
" n e t . i p v 6 . c o n f . a l l . h o p _ l i m i t " = 65 ;
" n e t . i p v 6 . c o n f . d e f a u l t . h o p _ l i m i t " = 65 ;
# Enable IPv6 Privacy Extensions
" n e t . i p v 6 . c o n f . a l l . u s e _ t e m p a d d r " = 2 ;
# Enable IPv6 Privacy Extensions
# This is enabled by default in nixos.
# "net.ipv6.conf.default.use_tempaddr" = 2;
} ;
2025-09-27 17:58:59 -04:00
2025-10-11 00:08:02 -04:00
environment . persistence . " / p e r s i s t " = lib . mkIf ( config . me . mountPersistence ) {
hideMounts = true ;
directories = [
" / v a r / l i b / i w d " # Wifi settings
] ;
} ;
} ;
2024-12-17 15:26:10 -05:00
}
