feat(networking): improve networkd & resolved configuration

This commit is contained in:
Felix Schröter 2025-05-11 02:20:57 +02:00
parent ab086bc49b
commit b616a73e66
Signed by: felschr
GPG key ID: 671E39E6744C807D
2 changed files with 33 additions and 18 deletions

View file

@ -3,10 +3,18 @@
let let
isAdguardHost = config.services.adguardhome.enable; isAdguardHost = config.services.adguardhome.enable;
interfaces.eth = [ interfaces.lan = [
"enp*" "enp*"
"eth*" "eth*"
]; ];
lan = rec {
IPv4Prefix = "192.168.1";
IPv4CIDR = "${IPv4Prefix}.1/24";
IPv6ULAPrefix = "fd1c:ca95:d74d";
IPv6ULACIDR = "${IPv6ULAPrefix}::/48";
};
nameservers = { nameservers = {
local = [ local = [
"127.0.0.1" "127.0.0.1"
@ -14,8 +22,8 @@ let
]; ];
remote = [ remote = [
# LAN # LAN
"192.168.1.102#dns.felschr.com" "${lan.IPv4Prefix}.102#dns.felschr.com"
"fd1c:ca95:d74d::102#dns.felschr.com" "${lan.IPv6ULAPrefix}::102#dns.felschr.com"
# Tailnet # Tailnet
"100.97.32.60#dns.felschr.com" "100.97.32.60#dns.felschr.com"
@ -24,25 +32,31 @@ let
}; };
in in
{ {
networking.useDHCP = false; networking = {
networking.nameservers = if isAdguardHost then nameservers.local else nameservers.remote; useDHCP = false;
networking.search = [ nameservers = if isAdguardHost then nameservers.local else nameservers.remote;
"lan" nftables.enable = true;
"tail05275.ts.net" firewall.allowedUDPPorts = [
]; 5353 # mDNS
];
networking.nftables.enable = true; networkmanager.dns = "systemd-resolved";
networking.networkmanager.dns = "systemd-resolved"; };
systemd.network = { systemd.network = {
enable = true; enable = true;
wait-online.ignoredInterfaces = [ "tailscale0" ]; wait-online.ignoredInterfaces = [ "tailscale0" ];
networks = { networks = {
"10-lan" = { "10-lan" = {
matchConfig.Name = interfaces.eth; matchConfig.Name = interfaces.lan;
domains = [ "local" ];
networkConfig = { networkConfig = {
DHCP = true; DHCP = "ipv4";
IPv6AcceptRA = true; IPv6AcceptRA = true;
MulticastDNS = true;
UseDomains = true;
};
linkConfig = {
Multicast = true;
}; };
}; };
}; };
@ -58,8 +72,11 @@ in
"1.1.1.1#one.one.one.one" "1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one" "1.0.0.1#one.one.one.one"
]; ];
extraConfig = lib.mkIf isAdguardHost '' extraConfig = ''
DNSStubListener=no MulticastDNS=yes
${lib.optionalString isAdguardHost ''
DNSStubListener=no
''}
''; '';
}; };
} }

View file

@ -2,6 +2,4 @@
{ {
services.printing.enable = true; services.printing.enable = true;
services.avahi.enable = true;
services.avahi.nssmdns4 = true;
} }