blob: ccf7d75230aa71772f6f9b1447173704a0f28e22 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
{ lib, ... }:
{
boot = {
loader.systemd-boot.enable = true;
kernelModules = [ "wireguard" ];
};
# testing with replacing swap partitions
# and files in lieu of zram.
zramSwap = {
enable = true;
algorithm = "zstd";
swapDevices = 1;
memoryPercent = 50;
};
networking = {
# Network configuration is managed with networkd.
useDHCP = false;
nameservers = [
"1.1.1.1" "1.0.0.1"
"2606:4700:4700::1111" "2606:4700:4700::1001"
];
};
# Static IPv6 network configuration
# + soliciting of IPv4 via DHCP.
systemd.network.enable = true;
systemd.network.networks."10-wan" = {
name = "enp1s0";
DHCP = "ipv4";
address = [ "2a01:4f8:c012:9493::1" ];
routes = [ { Gateway = "fe80::1"; } ];
};
services.resolved = {
# LLMNR and MulticastDNS both give DNS timeouts.
# MDNS specifically for some reason gives Docker bridge interfaces it's scope,
# which means every DNS request waits for an answer... from every interface...
llmnr = "false";
extraConfig = "MulticastDNS=no";
dnssec = "false"; # DNSSEC breaks IPv6, for some reason :(
};
virtualisation.docker.daemon.settings = {
"experimental" = true;
"ipv6" = true;
"ip6tables" = true;
"fixed-cidr-v6" = "fc00:d0c:b1b1::/48";
"bip" = "172.17.0.1/24";
"default-address-pools" = [
{ base = "172.17.0.0/16"; size = 24; }
{ base = "fc00:d0c::/32"; size = 48; }
];
};
fileSystems = {
# Mount the large-ish service state folder to a regrowable volume. :)
"/srv" = {
device = "/dev/disk/by-id/scsi-0HC_Volume_101611810";
fsType = "ext4";
options = [ "defaults" "discard" ];
};
};
}
|
