chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:59:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

整理 system.networking

Browse Source
This commit is contained in:
陈浩南
2023-09-02 21:33:09 +08:00
parent b2ccf88adc
commit 438d1181ff
4 changed files with 58 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
flake.nix
View File

@@ -65,7 +65,6 @@
(inputs: { config.nixpkgs.overlays = [(final: prev: { localPackages =
(import ./local/pkgs { inherit (inputs) lib; pkgs = final; });})]; })
./modules
{ config.nixos.system.hostname = system.name; }
]
++ system.value
);
@@ -130,6 +129,7 @@
modules.modprobeConfig = [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
};
impermanence.enable = true;
networking.hostname = "pc";
};
hardware =
{
@@ -257,6 +257,7 @@
};
kernel.patches = [ "preempt" ];
impermanence.enable = true;
networking.hostname = "vps6";
};
packages.packageSet = "server";
services =
@@ -323,6 +324,7 @@
};
kernel.patches = [ "preempt" ];
impermanence.enable = true;
networking.hostname = "vps4";
};
packages.packageSet = "server";
services =
@@ -368,6 +370,7 @@
};
kernel.patches = [ "preempt" ];
impermanence = { enable = true; nodatacow = "/nix/nodatacow"; };
networking.hostname = "vps7";
};
packages =
{
@@ -421,6 +424,7 @@
};
kernel.patches = [ "preempt" ];
impermanence.enable = true;
networking.hostname = "nas";
};
packages.packageSet = "server";
services =
@@ -483,6 +487,7 @@
modules.modprobeConfig = [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
};
impermanence.enable = true;
networking.hostname = "xmupc1";
};
hardware =
{
@@ -581,6 +586,7 @@
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" "preempt" ];
impermanence.enable = true;
networking.hostname = "yoga";
};
hardware =
{
@@ -637,6 +643,7 @@
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" "preempt" ];
impermanence.enable = true;
networking.hostname = "pe";
};
hardware =
{

2
modules/services/nebula/default.nix
View File

@@ -17,7 +17,7 @@ inputs:
{
enable = true;
ca = ./ca.crt;
cert = ./. + "/${inputs.config.nixos.system.hostname}.crt";
cert = ./. + "/${inputs.config.nixos.system.networking.hostname}.crt";
key = inputs.config.sops.templates."nebula/key-template".path;
firewall.inbound = [ { host = "any"; port = "any"; proto = "any"; } ];
firewall.outbound = [ { host = "any"; port = "any"; proto = "any"; } ];

34
modules/system/default.nix
View File

@@ -10,11 +10,8 @@ inputs:
./impermanence.nix
./gui.nix
./nixpkgs.nix
./networking.nix
];
options.nixos.system = let inherit (inputs.lib) mkOption types; in
{
hostname = mkOption { type = types.nonEmptyStr; };
};
config =
let
inherit (inputs.lib) mkMerge mkIf mkAfter;
@@ -35,43 +32,16 @@ inputs:
dbus.implementation = "broker";
journald.extraConfig = "MaxRetentionSec=7d";
};
networking.networkmanager =
{
enable = true;
extraConfig =
''
[device]
keep-configuration=no
'';
};
time.timeZone = "Asia/Shanghai";
boot =
{
kernel.sysctl =
{
"net.core.rmem_max" = 67108864;
"net.core.wmem_max" = 67108864;
"net.ipv4.tcp_rmem" = "4096 87380 67108864";
"net.ipv4.tcp_wmem" = "4096 65536 67108864";
"net.ipv4.tcp_mtu_probing" = true;
"net.ipv4.tcp_tw_reuse" = true;
"vm.swappiness" = 10;
"net.ipv4.tcp_max_syn_backlog" = 8388608;
"net.core.netdev_max_backlog" = 8388608;
"net.core.somaxconn" = 8388608;
"vm.oom_kill_allocating_task" = true;
"vm.oom_dump_tasks" = false;
"vm.overcommit_memory" = 1;
"dev.i915.perf_stream_paranoid" = false;
"net.ipv4.conf.all.route_localnet" = true;
"net.ipv4.conf.default.route_localnet" = true;
"net.ipv4.conf.all.accept_local" = true;
"net.ipv4.conf.default.accept_local" = true;
"net.ipv4.ip_forward" = true;
"net.ipv4.ip_nonlocal_bind" = true;
"net.bridge.bridge-nf-call-iptables" = false;
"net.bridge.bridge-nf-call-ip6tables" = false;
"net.bridge.bridge-nf-call-arptables" = false;
};
supportedFilesystems = [ "ntfs" ];
consoleLogLevel = 7;
@@ -156,7 +126,5 @@ inputs:
};
virtualisation.oci-containers.backend = "docker";
}
# hostname
{ networking.hostName = system.hostname; }
];
}

48
modules/system/networking.nix Normal file
View File

@@ -0,0 +1,48 @@
inputs:
{
options.nixos.system.networking = let inherit (inputs.lib) mkOption types; in
{
hostname = mkOption { type = types.nonEmptyStr; };
};
config =
let
inherit (inputs.config.nixos.system) networking;
in
{
networking =
{
networkmanager =
{
enable = true;
# let networkmanager ignore the kernel command line `ip=xxx`
extraConfig =
''
[device]
keep-configuration=no
'';
};
hostName = networking.hostname;
};
boot.kernel.sysctl =
{
"net.core.rmem_max" = 67108864;
"net.core.wmem_max" = 67108864;
"net.ipv4.tcp_rmem" = "4096 87380 67108864";
"net.ipv4.tcp_wmem" = "4096 65536 67108864";
"net.ipv4.tcp_mtu_probing" = true;
"net.ipv4.tcp_tw_reuse" = true;
"net.ipv4.tcp_max_syn_backlog" = 8388608;
"net.core.netdev_max_backlog" = 8388608;
"net.core.somaxconn" = 8388608;
"net.ipv4.conf.all.route_localnet" = true;
"net.ipv4.conf.default.route_localnet" = true;
"net.ipv4.conf.all.accept_local" = true;
"net.ipv4.conf.default.accept_local" = true;
"net.ipv4.ip_forward" = true;
"net.ipv4.ip_nonlocal_bind" = true;
"net.bridge.bridge-nf-call-iptables" = false;
"net.bridge.bridge-nf-call-ip6tables" = false;
"net.bridge.bridge-nf-call-arptables" = false;
};
};
}