Add custom DNS and tailscale routes

2025-03-23 21:24:14 +01:00 · 2025-03-23 21:24:14 +01:00 · 0960e0eebf
commit 0960e0eebf
parent cf2bc3a764
1 changed files with 19 additions and 0 deletions
--- a/hosts/dalinar/default.nix
+++ b/hosts/dalinar/default.nix
@ -24,6 +24,8 @@
      device = lib.mkForce "/dev/disk/by-uuid/26973b85-9c65-488b-93fb-8992ea0f8d50";
      crypttabExtraOpts = [ "tpm2-device=auto" ];
    };
+    # Required for subnet route advertising in Tailscale
+    kernel.sysctl."net.ipv4.ip_forward" = 1;
    # Required for ZFS, see https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/index.html
    supportedFilesystems = [ "zfs" ];
    zfs = {
@ -69,6 +71,7 @@
  users.users.root.hashedPassword = "$6$JdgM.TQt0/0988od$yPVgGZ5zu6HjG.sVjzEWJBm4L7XEReuplrqLRekPq/GrAyk5GrFmPM9hdzrmD28PDX9AtxaClYM5emsJ75YfJ0";

  environment.systemPackages = with pkgs; [
+    ethtool
    htop
    sbctl
    tmux
@ -81,6 +84,15 @@
  programs.neovim.enable = true;

  services.tailscale.enable = true;
+  services.networkd-dispatcher = {
+    enable = true;
+    rules."50-tailscale" = {
+      onState = ["routable"];
+      script = ''
+        ${pkgs.ethtool}/bin/ethtool -K eno1 rx-udp-gro-forwarding on rx-gro-list off
+      '';
+    };
+  };

  services.zfs.autoScrub.enable = true;

@ -128,6 +140,13 @@
        ];
        clientGroupsBlock.default = [ "ads" ];
      };
+      customDNS = {
+        mapping = {
+          # This mapping is recursive so foo.dalinar.home.johannes-rothe.de also resolves
+          "dalinar.home.johannes-rothe.de" = "172.16.0.2";
+          "base.home.johannes-rothe.de" = "172.16.0.3";
+        };
+      };
      ports = {
        dns = 53;
        http = 4000; # port for prometheus metrics