Add custom DNS and tailscale routes

hosts/dalinar/default.nix

@@ -24,6 +24,8 @@
       device = lib.mkForce "/dev/disk/by-uuid/26973b85-9c65-488b-93fb-8992ea0f8d50";
       crypttabExtraOpts = [ "tpm2-device=auto" ];
     };
+    # Required for subnet route advertising in Tailscale
+    kernel.sysctl."net.ipv4.ip_forward" = 1;
     # Required for ZFS, see https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/index.html
     supportedFilesystems = [ "zfs" ];
     zfs = {
@@ -69,6 +71,7 @@
   users.users.root.hashedPassword = "$6$JdgM.TQt0/0988od$yPVgGZ5zu6HjG.sVjzEWJBm4L7XEReuplrqLRekPq/GrAyk5GrFmPM9hdzrmD28PDX9AtxaClYM5emsJ75YfJ0";
 
   environment.systemPackages = with pkgs; [
+    ethtool
     htop
     sbctl
     tmux
@@ -81,6 +84,15 @@
   programs.neovim.enable = true;
 
   services.tailscale.enable = true;
+  services.networkd-dispatcher = {
+    enable = true;
+    rules."50-tailscale" = {
+      onState = ["routable"];
+      script = ''
+        ${pkgs.ethtool}/bin/ethtool -K eno1 rx-udp-gro-forwarding on rx-gro-list off
+      '';
+    };
+  };
 
   services.zfs.autoScrub.enable = true;
 
@@ -128,6 +140,13 @@
         ];
         clientGroupsBlock.default = [ "ads" ];
       };
+      customDNS = {
+        mapping = {
+          # This mapping is recursive so foo.dalinar.home.johannes-rothe.de also resolves
+          "dalinar.home.johannes-rothe.de" = "172.16.0.2";
+          "base.home.johannes-rothe.de" = "172.16.0.3";
+        };
+      };
       ports = {
         dns = 53;
         http = 4000; # port for prometheus metrics