refactor network configuration

author: Franck Cuny <franck@fcuny.net> 2022-04-05 20:12:56 -0700
committer: Franck Cuny <franck@fcuny.net> 2022-04-05 20:12:56 -0700
commit: f3657271d6ea2408d812d32eea9862b61e49f5d8 (patch)
tree: c6ea56f0616174024c7293ce032b7adacf7ea884 /hosts/tahoe/networking.nix
parent: refactor security to a module (diff)
download: world-f3657271d6ea2408d812d32eea9862b61e49f5d8.tar.gz
1 files changed, 19 insertions, 3 deletions
diff --git a/hosts/tahoe/networking.nix b/hosts/tahoe/networking.nix
index 1b0568e..22a7251 100644
--- a/hosts/tahoe/networking.nix
+++ b/hosts/tahoe/networking.nix
@@ -1,4 +1,6 @@
-{ ... }: {
+{ lib, ... }:
+
+{
   # Use systemd-networkd for networking
   systemd.network = {
     enable = true;
@@ -15,8 +17,22 @@
     };
   };
 
-  networking.private-wireguard.enable = true;
-  networking.firewall.enable = false;
+  networking = {
+    hostName = "tahoe";
+    useNetworkd = true;
+    useDHCP = false;
+    private-wireguard.enable = true;
+    firewall.enable = false;
+  };
+
+  services.nscd.enable = false;
+  system.nssModules = lib.mkForce [ ];
+
+  # Use systemd-resolved
+  services.resolved = {
+    enable = true;
+    dnssec = "false";
+  };
 
   my.services.tailscale.enable = true;
 }
author	Franck Cuny <franck@fcuny.net>	2022-04-05 20:12:56 -0700
committer	Franck Cuny <franck@fcuny.net>	2022-04-05 20:12:56 -0700
commit	f3657271d6ea2408d812d32eea9862b61e49f5d8 (patch)
tree	c6ea56f0616174024c7293ce032b7adacf7ea884 /hosts/tahoe/networking.nix
parent	refactor security to a module (diff)
download	world-f3657271d6ea2408d812d32eea9862b61e49f5d8.tar.gz