From 56c22cf8ae9de73bbc1c37ce0b1635ae7af9be64 Mon Sep 17 00:00:00 2001
From: Mel <mel@rnrd.eu>
Date: Fri, 24 Apr 2026 23:35:19 +0200
Subject: Migrate fully to systemd-networkd and nftables

Signed-off-by: Mel <mel@rnrd.eu>
---
 modules/common.nix | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

(limited to 'modules/common.nix')

diff --git a/modules/common.nix b/modules/common.nix
index c363201..9ad59aa 100644
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -28,6 +28,14 @@
 
   networking = {
     hostName = me.name;
+    useDHCP = false;
+    dhcpcd.enable = false;
+    nameservers = [ "1.1.1.1" "1.0.0.1" ];
+
+    nftables = {
+      enable = true;
+      flushRuleset = false;
+    };
 
     firewall = {
       enable = true;
@@ -35,6 +43,15 @@
     };
   };
 
+  systemd.network = {
+    enable = true;
+    wait-online.anyInterface = true;
+  };
+
+  boot.kernel.sysctl = {
+    "net.ipv4.ip_forward" = lib.mkDefault 1;
+  };
+
   services.envfs.enable = true;
 
   virtualisation = {
@@ -86,7 +103,7 @@
     gnupg pinentry-curses age agenix
     inetutils pciutils lshw inxi iw dmidecode
     tcpdump
-    iptables nftables wireguard-tools
+    nftables wireguard-tools
     ffmpeg_7-headless
 
     ripgrep gnumake gdb gcc clang dtc
-- 
cgit 1.4.1