Fix firefox launch time.

2024-12-20 21:06:04 -05:00 · 2024-12-20 21:06:04 -05:00 · e7ab762ee4
commit e7ab762ee4
parent b314982196
3 changed files with 27 additions and 7 deletions
--- a/nix/configuration/configuration.nix
+++ b/nix/configuration/configuration.nix
@ -9,6 +9,7 @@
      ./boot.nix
      ./zfs.nix
      ./network.nix
+      ./roles/firewall
      ./roles/graphics
      ./roles/sound
      ./roles/sway
@ -88,6 +89,8 @@
    vulkan-tools # for vkcube TODO move to better role
    xorg.xeyes # to test which windows are using x11 TODO move to better role
    ripgrep
+    strace
+    tcpdump
  ];

  services.openssh = {
@ -109,12 +112,6 @@
    ];
  };

-  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 22 ];
-  networking.firewall.allowedUDPPorts = [ ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
  # Check what will be lost with `zfs diff zroot/linux/root@blank`
  boot.initrd.systemd.enable = lib.mkDefault true;
  boot.initrd.systemd.services.zfs-rollback = {
--- a/nix/configuration/network.nix
+++ b/nix/configuration/network.nix
@ -6,7 +6,7 @@
  networking.dhcpcd.enable = false;
  networking.useDHCP = false;
  # networking.nameservers = ["8.8.8.8" "8.8.4.4"];
-  networking.nameservers = [ "194.242.2.2#doh.mullvad.net" "[2a07:e340::2]#doh.mullvad.net" ];
+  networking.nameservers = [ "194.242.2.2#doh.mullvad.net" "2a07:e340::2#doh.mullvad.net" ];
  # networking.nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
  services.resolved = {
    enable = true;
@ -15,6 +15,13 @@
    fallbackDns = [ ];
    dnsovertls = "true";
  };
+
+
+  # Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds.
+  #
+  # Test with: drill @127.0.0.53 odo.home.arpa
+  networking.extraHosts = "127.0.0.1 odo.home.arpa";
+
  networking.wireless.iwd = {
    enable = true;

@ -29,5 +36,6 @@
  environment.systemPackages = with pkgs; [
    iw
    iwd
+    ldns # for drill
  ];
 }
--- a/nix/configuration/roles/firewall/default.nix
+++ b/nix/configuration/roles/firewall/default.nix
@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [];
+
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [
+    22 # ssh
+  ];
+  networking.firewall.allowedUDPPorts = [
+    5353 # mDNS
+  ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+}