nixosModules/default-config/networking.nix at ea5d4fab158557ff511921a01dc25e5c42bef866 · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / nixosModules / default-config / networking.nix

at ea5d4fab158557ff511921a01dc25e5c42bef866 1.2 kB view raw

 1{ pkgs, lib, ... }:
 2{
 3  networking = {
 4    networkmanager.plugins = lib.mkForce [ pkgs.networkmanager-openvpn ];
 5    nameservers = [
 6      "9.9.9.9"
 7      "fd42:d42:d42:53::1"
 8      "fd42:d42:d42:54::1"
 9      "172.23.0.53"
10      "172.20.0.53"
11    ];
12    timeServers = [
13      "0.pool.ntp.org"
14      "1.pool.ntp.org"
15      "2.pool.ntp.org"
16      "3.pool.ntp.org"
17    ];
18    resolvconf.extraConfig = ''
19      name_servers="9.9.9.9 fd42:d42:d42:53::1 fd42:d42:d42:54::1 172.23.0.53 172.20.0.53"
20    '';
21  };
22  boot.kernel.sysctl = {
23    # Disable ICMP Redirects
24    # https://askubuntu.com/questions/118273/what-are-icmp-redirects-and-should-they-be-blocked
25    "net.ipv4.conf.all.accept_redirects" = 0;
26    "net.ipv4.conf.default.accept_redirects" = 0;
27    "net.ipv4.conf.all.secure_redirects" = 0;
28    "net.ipv4.conf.default.secure_redirects" = 0;
29    "net.ipv6.conf.all.accept_redirects" = 0;
30    "net.ipv6.conf.default.accept_redirects" = 0;
31  };
32  # Disable *-wait-online services as they block rebuilds often.
33  # https://github.com/NixOS/nixpkgs/issues/180175
34  systemd.services = {
35    NetworkManager-wait-online.enable = lib.mkForce false;
36    systemd-networkd-wait-online.enable = lib.mkForce false;
37  };
38}