cullmann/nixos
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

plain dhcp with dnssec

Browse source
This commit is contained in:
Christoph Cullmann 2023-05-02 19:32:11 +02:00
parent f452ce64c7
commit e522dfefd3
4 changed files with 35 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
common.nix
View file

@ -90,21 +90,46 @@ in
# allow all firmware # allow all firmware
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
# networking via networkd # networking just with the dhcp client
networking.useDHCP = false; networking.useDHCP = true;
systemd.network.enable = true;
systemd.network.networks."10-lan" = {
networkConfig = {
DHCP = "yes";
};
# make routing on this interface a dependency for network-online.target
linkConfig.RequiredForOnline = "routable";
};
# ensure firewall is up, allow ssh and http in # ensure firewall is up, allow ssh and http in
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 22 80 ]; networking.firewall.allowedTCPPorts = [ 22 80 ];
# secure dns with local resolve via fritz.box
networking = {
nameservers = [ "127.0.0.1" "::1" ];
dhcpcd.extraConfig = "nohook resolv.conf";
resolvconf.useLocalResolver = true;
};
environment.etc = {
forwarding_rules = {
text = ''
fritz.box 192.168.13.1
'';
};
};
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/nix/persistent/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
forwarding_rules = "/etc/forwarding_rules";
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
# swap to RAM # swap to RAM
zramSwap.enable = true; zramSwap.enable = true;

3
kuro/hardware-configuration.nix
View file

@ -20,9 +20,6 @@
swapDevices = [ ]; swapDevices = [ ];
# setup our network for later config in common.nix
systemd.network.networks."10-lan".matchConfig.Name = "enp1s0";
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

3
mini/hardware-configuration.nix
View file

@ -20,9 +20,6 @@
swapDevices = [ ]; swapDevices = [ ];
# setup our network for later config in common.nix
systemd.network.networks."10-lan".matchConfig.Name = "eno1";
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

3
neko/hardware-configuration.nix
View file

@ -25,9 +25,6 @@
swapDevices = [ ]; swapDevices = [ ];
# setup our network for later config in common.nix
systemd.network.networks."10-lan".matchConfig.Name = "enp8s0";
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;