{ config, lib, pkgs, this, ... }: with lib; let cfg = config.nixfiles.modules.common.networking; in { options.nixfiles.modules.common.networking.onlyDefault = mkEnableOption "custom networking settings"; config = mkIf (!cfg.onlyDefault) { ark.directories = with config.networking; optional networkmanager.enable "/etc/NetworkManager/system-connections" ++ optional wireless.iwd.enable "/var/lib/iwd"; networking = mkMerge [ { domain = my.domain.shire; hostName = this.hostname; hostId = substring 0 8 (builtins.hashString "md5" this.hostname); # Remove default hostname mappings. This is required at least by the # current implementation of the monitoring module. hosts = { "127.0.0.2" = mkForce [ ]; "::1" = mkForce [ ]; }; # There's no way[1] to configure DNS server priority in # systemd-resolved. The only solution for dealing with a broken VPN # connection is to delete /etc/systemd/resolved.conf and restart the # systemd-resolved service. Otherwise I'll just end up with a random # server from the list most of the time because systemd-resolved # "conveniently" will manage server priority for me... # # [1]: https://askubuntu.com/questions/1116732/how-do-i-list-dns-server-order-in-systemd-resolve # [2]: https://github.com/systemd/systemd/issues/6076 nameservers = with my.configurations.manwe.wireguard; [ ipv6.address ipv4.address ]; useDHCP = false; nftables.enable = true; firewall = { enable = true; rejectPackets = false; allowPing = true; pingLimit = "1/minute burst 5 packets"; logRefusedConnections = false; logRefusedPackets = false; logRefusedUnicastsOnly = false; logReversePathDrops = false; }; } ( let interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. in mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { usePredictableInterfaceNames = false; # NOTE This can break something! interfaces.${interface} = { ipv4.addresses = with this.ipv4; optional (isString address && isInt prefixLength) { inherit address prefixLength; }; ipv6.addresses = with this.ipv6; optional (isString address && isInt prefixLength) { inherit address prefixLength; }; }; defaultGateway = with this.ipv4; mkIf (isString gatewayAddress) { inherit interface; address = gatewayAddress; }; defaultGateway6 = with this.ipv6; mkIf (isString gatewayAddress) { inherit interface; address = gatewayAddress; }; } ) (mkIf this.isHeadful { interfaces.eth0.useDHCP = mkDefault true; networkmanager = { enable = mkDefault true; unmanaged = [ "bridge" "ethernet" "loopback" "wireguard" ]; plugins = mkForce [ ]; wifi.backend = "iwd"; }; wireless = { enable = false; iwd.enable = mkDefault true; userControlled.enable = true; allowAuxiliaryImperativeNetworks = true; }; }) ]; services.resolved = { llmnr = "false"; dnsovertls = "opportunistic"; dnssec = "allow-downgrade"; fallbackDns = dns.mkDoT dns.const.quad9.ecs; }; environment = { shellAliases = listToAttrs ( map ({ name, value }: nameValuePair name "${pkgs.iproute2}/bin/${value}") [ { name = "bridge"; value = "bridge -color=always"; } { name = "ip"; value = "ip -color=always"; } { name = "tc"; value = "tc -color=always"; } ] ); systemPackages = with pkgs; [ ethtool myip nethogs ]; }; }; }