diff options
| author | Mel <mel@rnrd.eu> | 2026-04-24 23:35:19 +0200 |
|---|---|---|
| committer | Mel <mel@rnrd.eu> | 2026-04-24 23:35:19 +0200 |
| commit | 56c22cf8ae9de73bbc1c37ce0b1635ae7af9be64 (patch) | |
| tree | 3ba1ca13dcf1ed9c0013f6bffddaee9392991b16 /modules/common.nix | |
| parent | 127d8ff2c2e77a0cbfc7a2a3c962ef23b5ab7261 (diff) | |
| download | network-56c22cf8ae9de73bbc1c37ce0b1635ae7af9be64.tar.zst network-56c22cf8ae9de73bbc1c37ce0b1635ae7af9be64.zip | |
Migrate fully to systemd-networkd and nftables
Signed-off-by: Mel <mel@rnrd.eu>
Diffstat (limited to 'modules/common.nix')
| -rw-r--r-- | modules/common.nix | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/modules/common.nix b/modules/common.nix index c363201..9ad59aa 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -28,6 +28,14 @@ networking = { hostName = me.name; + useDHCP = false; + dhcpcd.enable = false; + nameservers = [ "1.1.1.1" "1.0.0.1" ]; + + nftables = { + enable = true; + flushRuleset = false; + }; firewall = { enable = true; @@ -35,6 +43,15 @@ }; }; + systemd.network = { + enable = true; + wait-online.anyInterface = true; + }; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = lib.mkDefault 1; + }; + services.envfs.enable = true; virtualisation = { @@ -86,7 +103,7 @@ gnupg pinentry-curses age agenix inetutils pciutils lshw inxi iw dmidecode tcpdump - iptables nftables wireguard-tools + nftables wireguard-tools ffmpeg_7-headless ripgrep gnumake gdb gcc clang dtc |