ip_forward: consolidate the options to fix servo build
This commit is contained in:
parent
c03cea2d4e
commit
a725d42bf5
|
@ -24,9 +24,6 @@ in
|
|||
sane.ports.openFirewall = true;
|
||||
sane.ports.openUpnp = true;
|
||||
|
||||
# this is needed to forward packets from the VPN to the host
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
|
||||
# unless we add interface-specific settings for each VPN, we have to define nameservers globally.
|
||||
# networking.nameservers = [
|
||||
# "1.1.1.1"
|
||||
|
|
|
@ -20,6 +20,11 @@
|
|||
# networking.firewall.checkReversePath = false; # or "loose" to keep it partially.
|
||||
# networking.firewall.enable = false; #< set false to debug
|
||||
|
||||
# this is needed to forward packets from the VPN to the host.
|
||||
# this is required separately by servo and by any `sane-vpn` users,
|
||||
# however Nix requires this be set centrally, in only one location (i.e. here)
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
|
||||
# the default backend is "wpa_supplicant".
|
||||
# wpa_supplicant reliably picks weak APs to connect to.
|
||||
# see: <https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/474>
|
||||
|
|
|
@ -156,10 +156,6 @@ let
|
|||
};
|
||||
};
|
||||
in lib.mkMerge [
|
||||
{
|
||||
# has to be here instead of in the VPN definitions because it can't be defined more than once (even if identical)
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
}
|
||||
(def-ovpn "us" {
|
||||
endpoint = "vpn31.prd.losangeles.ovpn.com:9929";
|
||||
publicKey = "VW6bEWMOlOneta1bf6YFE25N/oMGh1E1UFBCfyggd0k=";
|
||||
|
|
Loading…
Reference in New Issue