redo network setup + add tailscale

2025-04-04 21:01:52 +11:00 · 2025-04-04 21:01:52 +11:00 · 8cfafb0b9d
commit 8cfafb0b9d
parent 7b7bf07082
4 changed files with 53 additions and 8 deletions
--- a/nixos/hosts/nixos/configuration.nix
+++ b/nixos/hosts/nixos/configuration.nix
@ -33,7 +33,7 @@
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Enable networking
-  networking.networkmanager.enable = true;
+  # networking.networkmanager.enable = true;

  i18n = {

--- a/nixos/hosts/nixos/hardware-configuration.nix
+++ b/nixos/hosts/nixos/hardware-configuration.nix
@ -184,11 +184,43 @@
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
+  # networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;

+  systemd.network.enable = true;
+
+  networking.nameservers = [
+    "1.1.1.1#one.one.one.one"
+    "1.0.0.1#one.one.one.one"
+  ];
+
+  systemd.network.networks."10-wan" = {
+    # match the interface by name
+    matchConfig.Name = "enp4s0";
+    address = [
+      # configure addresses including subnet mask
+      "192.168.20.2/24"
+    ];
+    routes = [
+      { Gateway = "192.168.20.1"; }
+    ];
+    # make the routes on this interface a dependency for network-online.target
+    linkConfig.RequiredForOnline = "routable";
+  };
+
+  systemd.network.networks."20-work-line" = {
+    # match the interface by name
+    matchConfig.Name = "enp6s0";
+    networkConfig = {
+      # start a DHCP Client for IPv4 Addressing/Routing
+      DHCP = "ipv4";
+    };
+    # make routing on this interface a dependency for network-online.target
+    linkConfig.RequiredForOnline = "routable";
+  };
+
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  hardware = {
--- a/nixos/hosts/nixos/services.nix
+++ b/nixos/hosts/nixos/services.nix
@ -56,10 +56,23 @@

    tailscale.enable = true;

-    tailscale.extraSetFlags = [
-      "--advertise-exit-node"
-      "--exit-node-allow-lan-access"
-    ];
+    # tailscale.extraSetFlags = [
+    #   "--advertise-exit-node"
+    #   "--exit-node-allow-lan-access"
+    # ];
+
+    resolved = {
+      enable = true;
+      dnssec = "true";
+      domains = [ "~." ];
+      fallbackDns = [
+        "1.1.1.1#one.one.one.one"
+        "1.0.0.1#one.one.one.one"
+      ];
+      dnsovertls = "true";
+    };
+
+

    # blocky = {
    #   enable = true;