Richie/dotfiles
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Files
65a717698bcc55e5613a938b2b651b296d874787
dotfiles/systems/jeeves/networking.nix
T
Richie df817a0b1b fixing jeeves dns
2026-06-04 15:08:04 -04:00

77 lines
1.9 KiB
Nix
Raw Blame History

{
# Docker loads br_netfilter on jeeves. Disable bridge netfilter so
# br-nix-builder behaves like a pure L2 bridge and bridged traffic
# does not hit the host firewall/rpfilter path.
boot.kernel.sysctl = {
"net.bridge.bridge-nf-call-arptables" = 0;
"net.bridge.bridge-nf-call-ip6tables" = 0;
"net.bridge.bridge-nf-call-iptables" = 0;
};
networking = {
hostName = "jeeves";
hostId = "0e15ce35";
firewall = {
enable = true;
interfaces.br-nix-builder = {
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
};
};
useNetworkd = true;
};
systemd.network = {
enable = true;
wait-online = {
enable = false;
anyInterface = true;
};
netdevs = {
"20-br-nix-builder" = {
netdevConfig = {
Kind = "bridge";
Name = "br-nix-builder";
};
};
"30-internet-vlan" = {
netdevConfig = {
Kind = "vlan";
Name = "internet-vlan";
};
vlanConfig.Id = 100;
};
};
networks = {
"10-1GB_Primary" = {
matchConfig.Name = "enp97s0f1";
address = [ "192.168.99.14/24" ];
dns = [
"192.168.99.1"
"2600:4040:abfb:d700::1"
];
routes = [ { Gateway = "192.168.99.1"; } ];
vlan = [ "internet-vlan" ];
dhcpV4Config.UseDNS = false;
dhcpV6Config.UseDNS = false;
ipv6AcceptRAConfig.UseDNS = false;
linkConfig.RequiredForOnline = "routable";
};
"50-internet-vlan" = {
matchConfig.Name = "internet-vlan";
bridge = [ "br-nix-builder" ];
linkConfig.RequiredForOnline = "no";
};
"60-br-nix-builder" = {
matchConfig.Name = "br-nix-builder";
bridgeConfig = { };
networkConfig = {
IPv6AcceptRA = false;
LinkLocalAddressing = "no";
};
linkConfig.RequiredForOnline = "no";
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink