nixos/modules/base/network.nix

{ ... }: {
  networking = {
    firewall = {
      allowedTCPPorts = [ 1234 1337 8000 8080 ];
      allowedUDPPorts = [ 1234 1337 8000 8080 ];
    };
    nameservers = [ "127.0.0.53" ]; # resolved stub resolver
  };

  # TODO: these systemd networkd settings will be the default once
  # https://github.com/NixOS/nixpkgs/pull/202488 is merged.
  networking.useNetworkd = true;
  systemd.network = {
    enable = true;
    wait-online.anyInterface = true;
  };

  services.resolved = {
    enable = true;
    dnssec = "true";
    fallbackDns = [ "159.69.4.2#dns.caspervk.net" "2a01:4f8:1c0c:70d1::1#dns.caspervk.net" ];
    extraConfig = ''
      DNS=159.69.4.2#dns.caspervk.net 2a01:4f8:1c0c:70d1::1#dns.caspervk.net
      DNSOverTLS=yes
    '';
  };

  services.vnstat.enable = true;
}
Only NetworkManager on desktops 2023-08-12 02:13:50 +02:00			`{ ... }: {`
Base 2023-08-01 15:35:09 +02:00			`networking = {`
			`firewall = {`
			`allowedTCPPorts = [ 1234 1337 8000 8080 ];`
			`allowedUDPPorts = [ 1234 1337 8000 8080 ];`
			`};`
fmt 2023-08-11 19:33:39 +02:00			`nameservers = [ "127.0.0.53" ]; # resolved stub resolver`
Base 2023-08-01 15:35:09 +02:00			`};`

systemd-networkd https://github.com/NixOS/nixpkgs/pull/202488 2023-08-11 18:02:36 +02:00			`# TODO: these systemd networkd settings will be the default once`
			`# https://github.com/NixOS/nixpkgs/pull/202488 is merged.`
			`networking.useNetworkd = true;`
			`systemd.network = {`
			`enable = true;`
			`wait-online.anyInterface = true;`
			`};`

Base 2023-08-01 15:35:09 +02:00			`services.resolved = {`
			`enable = true;`
			`dnssec = "true";`
DoT 2023-08-11 17:45:48 +02:00			`fallbackDns = [ "159.69.4.2#dns.caspervk.net" "2a01:4f8:1c0c:70d1::1#dns.caspervk.net" ];`
Base 2023-08-01 15:35:09 +02:00			`extraConfig = ''`
DoT 2023-08-11 17:45:48 +02:00			`DNS=159.69.4.2#dns.caspervk.net 2a01:4f8:1c0c:70d1::1#dns.caspervk.net`
Base 2023-08-01 15:35:09 +02:00			`DNSOverTLS=yes`
			`'';`
			`};`

			`services.vnstat.enable = true;`
			`}`