2021-05-30 19:10:28 +00:00
|
|
|
{
|
2023-10-07 14:45:42 +00:00
|
|
|
flake,
|
2022-11-22 11:30:54 +00:00
|
|
|
config,
|
|
|
|
pkgs,
|
|
|
|
lib,
|
|
|
|
...
|
2023-10-07 14:45:42 +00:00
|
|
|
}: {
|
|
|
|
# disable NetworkManager and systemd-networkd -wait-online by default
|
|
|
|
systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false;
|
|
|
|
systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false;
|
|
|
|
|
2023-11-14 17:44:46 +00:00
|
|
|
networking.hosts = {
|
2024-08-16 08:54:06 +00:00
|
|
|
"128.140.109.213" = [ "vpn.b12f.io" "frikandel-initrd.b12f.io" ];
|
|
|
|
"2a01:4f8:c2c:b60::" = [ "vpn.b12f.io" "frikandel-initrd.b12f.io" ];
|
2023-11-06 20:43:48 +00:00
|
|
|
};
|
|
|
|
|
2023-10-07 14:45:42 +00:00
|
|
|
networking.networkmanager = {
|
|
|
|
# Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff.
|
2023-10-07 19:11:08 +00:00
|
|
|
enable = lib.mkDefault true;
|
2023-10-07 14:45:42 +00:00
|
|
|
wifi.backend = lib.mkDefault "iwd";
|
|
|
|
};
|
|
|
|
|
|
|
|
networking.firewall.enable = true;
|
2023-10-24 15:56:14 +00:00
|
|
|
networking.nftables.enable = true;
|
2023-10-07 14:45:42 +00:00
|
|
|
|
2024-01-24 20:02:10 +00:00
|
|
|
services.resolved = {
|
2024-02-01 21:37:47 +00:00
|
|
|
enable = lib.mkDefault true;
|
2024-01-24 20:02:10 +00:00
|
|
|
fallbackDns = [
|
|
|
|
"193.110.81.0#dns0.eu"
|
|
|
|
"2a0f:fc80::#dns0.eu"
|
|
|
|
"185.253.5.0#dns0.eu"
|
|
|
|
"2a0f:fc81::#dns0.eu"
|
|
|
|
];
|
|
|
|
dnssec = "false";
|
|
|
|
extraConfig = ''
|
|
|
|
DNSOverTLS=opportunistic
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2024-03-30 14:35:32 +00:00
|
|
|
# Don't expose SSH via public interfaces
|
2024-08-18 22:22:59 +00:00
|
|
|
networking.firewall.interfaces.wg-private.allowedTCPPorts = [22];
|
2024-03-30 14:35:32 +00:00
|
|
|
|
2023-10-07 14:45:42 +00:00
|
|
|
# For rage encryption, all hosts need a ssh key pair
|
|
|
|
services.openssh = {
|
2023-10-10 09:56:36 +00:00
|
|
|
enable = true;
|
2023-10-09 20:52:28 +00:00
|
|
|
allowSFTP = lib.mkDefault false;
|
2023-10-07 14:45:42 +00:00
|
|
|
|
2023-10-10 09:56:36 +00:00
|
|
|
openFirewall = lib.mkDefault false;
|
2023-10-07 14:45:42 +00:00
|
|
|
|
|
|
|
settings.PasswordAuthentication = lib.mkDefault false;
|
|
|
|
settings.KbdInteractiveAuthentication = false;
|
|
|
|
|
|
|
|
extraConfig = ''
|
|
|
|
AllowTcpForwarding yes
|
|
|
|
X11Forwarding no
|
|
|
|
AllowAgentForwarding no
|
|
|
|
AllowStreamLocalForwarding no
|
|
|
|
AuthenticationMethods publickey
|
|
|
|
'';
|
2021-05-30 19:10:28 +00:00
|
|
|
};
|
|
|
|
}
|