From cc31cd69b728aa722fa1b27eb70cf35580b275f6 Mon Sep 17 00:00:00 2001 From: Grimmauld Date: Tue, 25 Feb 2025 22:09:20 +0100 Subject: [PATCH] reenable ipv6 --- common/firefox.nix | 9 +++++++-- configuration.nix | 1 + hardening/default.nix | 8 ++++---- hardening/encrypt-dns.nix | 2 +- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/common/firefox.nix b/common/firefox.nix index cfa0536..133b5a3 100644 --- a/common/firefox.nix +++ b/common/firefox.nix @@ -91,9 +91,15 @@ in }; SearchEngines = { - # Default = "DuckDuckGo"; + Default = "SearXNG"; Remove = ["Bing" "Amazon.ca" "eBay"]; Add = [ + { + Name = "SearXNG"; + URLTemplate = "http://search.grimmauld.de/search?q={searchTerms}&safesearch=1&categories=general"; + IconURL = "https://raw.githubusercontent.com/searxng/searxng/refs/heads/master/searx/static/themes/simple/img/favicon.svg"; + Alias = "searx"; + } { Name = "Nix Package Search"; URLTemplate = "https://search.nixos.org/packages?channel=unstable&query={searchTerms}"; @@ -152,7 +158,6 @@ in "network.connectivity-service.DNSv6.domain" = "::1"; "network.dns.localDomains" = "::1"; "network.dns.forceResolve" = true; - "network.dns.disableIPv6" = true; "extensions.formautofill.addresses.enabled" = false; "extensions.formautofill.creditCards.enabled" = false; diff --git a/configuration.nix b/configuration.nix index f2218fe..be9012b 100644 --- a/configuration.nix +++ b/configuration.nix @@ -17,6 +17,7 @@ nix.package = pkgs.lix; nixpkgs.config.allowUnfree = true; zramSwap.enable = true; + networking.enableIPv6 = true; # zramSwap.memoryPercent = 50; grimmShared = { diff --git a/hardening/default.nix b/hardening/default.nix index b28fcaf..eb05887 100644 --- a/hardening/default.nix +++ b/hardening/default.nix @@ -23,14 +23,14 @@ systemd.oomd.enable = false; boot.kernel.sysctl = { - "net.ipv6.conf.all.accept_ra" = 0; - "net.ipv6.conf.default.accept_ra" = 0; + # "net.ipv6.conf.all.accept_ra" = 0; + # "net.ipv6.conf.default.accept_ra" = 0; "net.ipv4.conf.all.send_redirects"=0; "net.ipv4.conf.default.accept_source_route"=0; "net.ipv4.conf.all.accept_redirects"=0; "net.ipv4.conf.default.accept_redirects"=0; - "net.ipv6.conf.all.accept_redirects"=0; - "net.ipv6.conf.default.accept_redirects"=0; + # "net.ipv6.conf.all.accept_redirects"=0; + # "net.ipv6.conf.default.accept_redirects"=0; "net.ipv4.conf.all.secure_redirects"=0; "net.ipv4.conf.default.secure_redirects"=0; "net.ipv4.conf.all.log_martians"=1; diff --git a/hardening/encrypt-dns.nix b/hardening/encrypt-dns.nix index a09364e..f50e7c0 100644 --- a/hardening/encrypt-dns.nix +++ b/hardening/encrypt-dns.nix @@ -30,7 +30,7 @@ odoh_servers = false; require_nolog = true; require_nofilter = true; - listen_addresses = [ "127.0.0.1:53" ]; + listen_addresses = [ "127.0.0.1:53" "[::1]:53" ]; proxy = "socks5://${config.services.tor.torsocks.server}"; force_tcp = true;