redo network setup + add tailscale

nixos/flake.lock

@@ -327,11 +327,11 @@
       "locked": {
         "lastModified": 1,
         "narHash": "sha256-rADqSJu492bURPi5fmvPyeG1B5bV3k2hfGR+VfHn1Ig=",
-        "path": "/nix/store/yij96zw3v76xkxzaa1zrp6nw69ih0axh-source/nixos/programs/shadps4",
+        "path": "/nix/store/d3cg1qhfmhwqd8jyba3x1h2n8siw5gvr-source/nixos/programs/shadps4",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/yij96zw3v76xkxzaa1zrp6nw69ih0axh-source/nixos/programs/shadps4",
+        "path": "/nix/store/d3cg1qhfmhwqd8jyba3x1h2n8siw5gvr-source/nixos/programs/shadps4",
         "type": "path"
       }
     },

nixos/hosts/nixos/configuration.nix

@@ -33,7 +33,7 @@
   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
 
   # Enable networking
-  networking.networkmanager.enable = true;
+  # networking.networkmanager.enable = true;
 
   i18n = {
 

nixos/hosts/nixos/hardware-configuration.nix

@@ -184,11 +184,43 @@
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
+  # networking.useDHCP = lib.mkDefault true;
   # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
   # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
   # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
 
+  systemd.network.enable = true;
+
+  networking.nameservers = [
+    "1.1.1.1#one.one.one.one"
+    "1.0.0.1#one.one.one.one"
+  ];
+
+  systemd.network.networks."10-wan" = {
+    # match the interface by name
+    matchConfig.Name = "enp4s0";
+    address = [
+      # configure addresses including subnet mask
+      "192.168.20.2/24"
+    ];
+    routes = [
+      { Gateway = "192.168.20.1"; }
+    ];
+    # make the routes on this interface a dependency for network-online.target
+    linkConfig.RequiredForOnline = "routable";
+  };
+
+  systemd.network.networks."20-work-line" = {
+    # match the interface by name
+    matchConfig.Name = "enp6s0";
+    networkConfig = {
+      # start a DHCP Client for IPv4 Addressing/Routing
+      DHCP = "ipv4";
+    };
+    # make routing on this interface a dependency for network-online.target
+    linkConfig.RequiredForOnline = "routable";
+  };
+
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
   hardware = {

nixos/hosts/nixos/services.nix

@@ -56,10 +56,23 @@
 
     tailscale.enable = true;
 
-    tailscale.extraSetFlags = [
+    # tailscale.extraSetFlags = [
-      "--advertise-exit-node"
+    #   "--advertise-exit-node"
-      "--exit-node-allow-lan-access"
+    #   "--exit-node-allow-lan-access"
-    ];
+    # ];
+
+    resolved = {
+      enable = true;
+      dnssec = "true";
+      domains = [ "~." ];
+      fallbackDns = [
+        "1.1.1.1#one.one.one.one"
+        "1.0.0.1#one.one.one.one"
+      ];
+      dnsovertls = "true";
+    };
+
+
 
     # blocky = {
     #   enable = true;