nixos-config/machines/calcite/network.nix

59 lines
1.3 KiB
Nix
Raw Normal View History

2024-01-07 17:03:42 +00:00
{ config, pkgs, ...}:
{
2024-01-07 17:03:42 +00:00
imports = [ ];
2023-09-26 15:32:52 +00:00
# Enable networking
networking = {
networkmanager = {
enable = true;
2023-05-27 01:39:16 +00:00
dns = "systemd-resolved";
};
2023-05-27 01:39:16 +00:00
};
systemd.services.NetworkManager-wait-online.enable = false;
2023-05-27 01:39:16 +00:00
services.resolved = {
enable = true;
2024-08-20 13:09:31 +00:00
extraConfig = ''
Cache=no
'';
};
# Enable Tailscale
services.tailscale.enable = true;
# services.tailscale.useRoutingFeatures = "both";
2024-06-11 10:18:07 +00:00
services.dae.enable = true;
services.dae.configFile = "/var/lib/dae/config.dae";
2024-01-07 17:03:42 +00:00
custom.sing-box = {
2024-06-11 10:18:07 +00:00
enable = false;
2024-01-07 17:03:42 +00:00
configFile = {
urlFile = config.sops.secrets.sing_box_url.path;
hash = "6ca5bc8a16f8c413227690aceeee2c12c02cab09473c216b849af1e854b98588";
};
overrideSettings.experimental.clash_api.external_ui = "${config.nur.repos.linyinfeng.yacd}";
};
# Open ports in the firewall.
2023-09-26 15:32:52 +00:00
networking.firewall.enable = true;
2023-11-30 04:07:23 +00:00
networking.firewall.allowedTCPPorts = [ 3389 ];
networking.firewall.allowedUDPPorts = [ 3389 41641 ];
2023-05-27 01:39:16 +00:00
networking.firewall.trustedInterfaces = [
"tailscale0"
];
2023-09-26 15:32:52 +00:00
# Use nftables to manager firewall
networking.nftables.enable = true;
# Add gsconnect, open firewall
programs.kdeconnect = {
enable = true;
package = pkgs.gnomeExtensions.gsconnect;
};
programs.wireshark = {
enable = true;
package = pkgs.wireshark-qt;
};
2023-05-27 01:39:16 +00:00
}