pyrox.dev / nix
My Nix Configuration
fork atom
nix / nixosModules / default-config / networking.nix
at 0f2e217fc1c8fd1706f6068d0e408760212a937b 1.2 kB view raw
1{ pkgs, lib, ... }: 2{ 3 networking = { 4 networkmanager.plugins = lib.mkForce [ pkgs.networkmanager-openvpn ]; 5 nameservers = [ 6 "9.9.9.9" 7 "fd42:d42:d42:53::1" 8 "fd42:d42:d42:54::1" 9 "172.23.0.53" 10 "172.20.0.53" 11 ]; 12 timeServers = [ 13 "0.pool.ntp.org" 14 "1.pool.ntp.org" 15 "2.pool.ntp.org" 16 "3.pool.ntp.org" 17 ]; 18 resolvconf.extraConfig = '' 19 name_servers="9.9.9.9 fd42:d42:d42:53::1 fd42:d42:d42:54::1 172.23.0.53 172.20.0.53" 20 ''; 21 }; 22 boot.kernel.sysctl = { 23 # Disable ICMP Redirects 24 # https://askubuntu.com/questions/118273/what-are-icmp-redirects-and-should-they-be-blocked 25 "net.ipv4.conf.all.accept_redirects" = 0; 26 "net.ipv4.conf.default.accept_redirects" = 0; 27 "net.ipv4.conf.all.secure_redirects" = 0; 28 "net.ipv4.conf.default.secure_redirects" = 0; 29 "net.ipv6.conf.all.accept_redirects" = 0; 30 "net.ipv6.conf.default.accept_redirects" = 0; 31 }; 32 # Disable *-wait-online services as they block rebuilds often. 33 # https://github.com/NixOS/nixpkgs/issues/180175 34 systemd.services = { 35 NetworkManager-wait-online.enable = lib.mkForce false; 36 systemd-networkd-wait-online.enable = lib.mkForce false; 37 }; 38}