summary refs log tree commit diff
path: root/machines/lapin/devices.nix
blob: 7410f57391ab15b81c5826a4eea5e135fc1513d9 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

{ lib, ... }:

{
  boot = {
    loader.systemd-boot.enable = true;
    kernelModules = [ "wireguard" ];
  };

  networking = {
    # Network configuration is managed with networkd.
    useDHCP = false;
    nameservers = [
      "1.1.1.1" "1.0.0.1"
      "2606:4700:4700::1111" "2606:4700:4700::1001"
    ];
  };

  # Static IPv6 network configuration
  # + soliciting of IPv4 via DHCP.
  systemd.network.enable = true;
  systemd.network.networks."10-wan" = {
    name = "enp1s0";
    DHCP = "ipv4";
    address = [ "2a01:4f8:c012:9493::1" ];
    routes = [ { routeConfig.Gateway = "fe80::1"; } ];
  };

  services.resolved = {
    # LLMNR and MulticastDNS both give DNS timeouts.
    # MDNS specifically for some reason gives Docker bridge interfaces it's scope,
    # which means every DNS request waits for an answer... from every interface... 
    llmnr = "false";
    extraConfig = "MulticastDNS=no";
    dnssec = "false"; # DNSSEC breaks IPv6, for some reason :(
  };
  
  virtualisation.docker.daemon.settings = {
    "experimental" = true;
    "ipv6" = true;
    "ip6tables" = true;
    "fixed-cidr-v6" = "fc00:d0c:b1b1::/48";
    "bip" = "172.17.0.1/24";
    "default-address-pools" = [
      { base = "172.17.0.0/16"; size = 24; }
      { base = "fc00:d0c::/32"; size = 48; }
    ];
  };

  fileSystems = {
    # Mount the large-ish service state folder to a regrowable volume. :)
    "/srv" = {
      device = "/dev/disk/by-id/scsi-0HC_Volume_101611810";
      fsType = "ext4";
      options = [ "defaults" "discard" ];
    };
  };
}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-25 16:03:22 +0000