2024-12-20 22:37:44 -05:00
{
config ,
lib ,
pkgs ,
. . .
} :
2024-12-17 15:26:10 -05:00
2025-01-13 17:43:38 -05:00
# Alternative DNS servers:
# "1.0.0.1#cloudflare-dns.com"
# "1.1.1.1#cloudflare-dns.com"
# "2606:4700:4700::1001#cloudflare-dns.com"
# "2606:4700:4700::1111#cloudflare-dns.com"
# "8.8.4.4#dns.google"
# "8.8.8.8#dns.google"
# "2001:4860:4860::8844#dns.google"
# "2001:4860:4860::8888#dns.google"
2024-12-17 15:26:10 -05:00
{
2024-12-20 22:37:44 -05:00
imports = [ ] ;
2024-12-17 15:26:10 -05:00
networking . dhcpcd . enable = false ;
networking . useDHCP = false ;
2025-01-12 22:43:23 -05:00
networking . nameservers = [
" 1 9 4 . 2 4 2 . 2 . 2 # d o h . m u l l v a d . n e t "
" 2 a 0 7 : e 3 4 0 : : 2 # d o h . m u l l v a d . n e t "
] ;
2024-12-17 15:26:10 -05:00
services . resolved = {
enable = true ;
2025-01-15 21:01:30 -05:00
# dnssec = "true";
2025-01-12 22:43:23 -05:00
domains = [ " ~ . " ] ;
2025-01-13 17:43:38 -05:00
fallbackDns = [ ] ;
2025-01-12 22:43:23 -05:00
dnsovertls = " t r u e " ;
2024-12-17 15:26:10 -05:00
} ;
2024-12-20 21:06:04 -05:00
2025-04-16 20:36:08 -04:00
# Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection hanging and timing out. This causes firefox startup to take an extra 10+ seconds.
2024-12-20 21:06:04 -05:00
#
# Test with: drill @127.0.0.53 odo.home.arpa
2025-04-16 20:36:08 -04:00
# TODO: The 127.0.0.1 address should probably be moved to a host-specific file.
2024-12-29 15:12:31 -05:00
networking . extraHosts = ''
2025-04-16 20:36:08 -04:00
127 .0 .0 .1 odo . home . arpa quark . home . arpa
2024-12-29 15:12:31 -05:00
10 .216 .1 .1 homeserver
10 .216 .1 .6 media
2025-01-16 20:51:17 -05:00
#10.216.1.12 odo
2025-01-20 21:00:35 -05:00
10 .216 .1 .14 neelix
2024-12-29 15:12:31 -05:00
10 .217 .1 .1 drmario
10 .217 .2 .1 mrmanager
'' ;
2024-12-20 21:06:04 -05:00
2024-12-17 15:26:10 -05:00
networking . wireless . iwd = {
enable = true ;
settings = {
General = {
EnableNetworkConfiguration = true ;
AddressRandomization = " n e t w o r k " ;
2024-12-19 22:20:55 -05:00
ControlPortOverNL80211 = false ;
2024-12-17 15:26:10 -05:00
} ;
} ;
} ;
environment . systemPackages = with pkgs ; [
iw
iwd
2024-12-20 21:06:04 -05:00
ldns # for drill
2024-12-25 09:13:34 -05:00
arp-scan # To find devices on the network
2025-01-28 21:28:34 -05:00
wavemon
2024-12-17 15:26:10 -05:00
] ;
2025-01-15 21:01:30 -05:00
boot . extraModprobeConfig = ''
# Set wifi to US
options cfg80211 ieee80211_regdom = US
'' ;
2025-04-11 19:22:05 -04:00
boot . kernel . sysctl = {
# Enable TCP packetization-layer PMTUD when an ICMP black hole is detected.
" n e t . i p v 4 . t c p _ m t u _ p r o b i n g " = 1 ;
# Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
# We set this in the kernel config, but include this here for unoptimized builds.
" n e t . i p v 4 . t c p _ c o n g e s t i o n _ c o n t r o l " = " b b r " ;
# Don't do a slow start after a connection has been idle for a single RTO.
" n e t . i p v 4 . t c p _ s l o w _ s t a r t _ a f t e r _ i d l e " = 0 ;
# 3x time to accumulate filesystem changes before flushing to disk.
" v m . d i r t y _ w r i t e b a c k _ c e n t i s e c s " = 1500 ;
# Adjust ttl
" n e t . i p v 4 . i p _ d e f a u l t _ t t l " = 65 ;
" n e t . i p v 6 . c o n f . a l l . h o p _ l i m i t " = 65 ;
" n e t . i p v 6 . c o n f . d e f a u l t . h o p _ l i m i t " = 65 ;
# Enable IPv6 Privacy Extensions
" n e t . i p v 6 . c o n f . a l l . u s e _ t e m p a d d r " = 2 ;
# Enable IPv6 Privacy Extensions
# This is enabled by default in nixos.
# "net.ipv6.conf.default.use_tempaddr" = 2;
} ;
2024-12-17 15:26:10 -05:00
}
