Add custom DNS and tailscale routes
This commit is contained in:
parent
cf2bc3a764
commit
0960e0eebf
@ -24,6 +24,8 @@
|
||||
device = lib.mkForce "/dev/disk/by-uuid/26973b85-9c65-488b-93fb-8992ea0f8d50";
|
||||
crypttabExtraOpts = [ "tpm2-device=auto" ];
|
||||
};
|
||||
# Required for subnet route advertising in Tailscale
|
||||
kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
# Required for ZFS, see https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/index.html
|
||||
supportedFilesystems = [ "zfs" ];
|
||||
zfs = {
|
||||
@ -69,6 +71,7 @@
|
||||
users.users.root.hashedPassword = "$6$JdgM.TQt0/0988od$yPVgGZ5zu6HjG.sVjzEWJBm4L7XEReuplrqLRekPq/GrAyk5GrFmPM9hdzrmD28PDX9AtxaClYM5emsJ75YfJ0";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
ethtool
|
||||
htop
|
||||
sbctl
|
||||
tmux
|
||||
@ -81,6 +84,15 @@
|
||||
programs.neovim.enable = true;
|
||||
|
||||
services.tailscale.enable = true;
|
||||
services.networkd-dispatcher = {
|
||||
enable = true;
|
||||
rules."50-tailscale" = {
|
||||
onState = ["routable"];
|
||||
script = ''
|
||||
${pkgs.ethtool}/bin/ethtool -K eno1 rx-udp-gro-forwarding on rx-gro-list off
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services.zfs.autoScrub.enable = true;
|
||||
|
||||
@ -128,6 +140,13 @@
|
||||
];
|
||||
clientGroupsBlock.default = [ "ads" ];
|
||||
};
|
||||
customDNS = {
|
||||
mapping = {
|
||||
# This mapping is recursive so foo.dalinar.home.johannes-rothe.de also resolves
|
||||
"dalinar.home.johannes-rothe.de" = "172.16.0.2";
|
||||
"base.home.johannes-rothe.de" = "172.16.0.3";
|
||||
};
|
||||
};
|
||||
ports = {
|
||||
dns = 53;
|
||||
http = 4000; # port for prometheus metrics
|
||||
|
Loading…
x
Reference in New Issue
Block a user