Kyle Isom
5d82e27ba4
All nodes now list 1.1.1.1 and 8.8.8.8 as fallback nameservers after MCNS. When MCNS is down, internal names (.svc.mcp.metacircular.net) fail but external DNS (google.com, github.com, etc.) keeps working. Lesson from 2026-04-03 incident: without fallbacks, MCNS failure caused total DNS blackout including external services, forcing Tailscale to be disabled to restore any DNS resolution. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
64 lines
2.0 KiB
Nix
64 lines
2.0 KiB
Nix
{ inputs, pkgs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
inputs.nixos-hardware.nixosModules.framework-12-13th-gen-intel
|
|
./hardware-configuration.nix
|
|
../../configs/desktop-light.nix
|
|
../../configs/qemu.nix
|
|
../../configs/mcpkg.nix
|
|
];
|
|
|
|
# Power optimization for Framework 12 laptop
|
|
|
|
# Thermald works alongside TLP (from nixos-hardware) for better thermal/power management
|
|
services.thermald.enable = true;
|
|
|
|
# WiFi power saving - enables 802.11 power save mode
|
|
networking.networkmanager.wifi.powersave = true;
|
|
|
|
# Bluetooth power optimization - don't power on at boot, disable fast connect
|
|
hardware.bluetooth = {
|
|
powerOnBoot = false;
|
|
settings.General.FastConnectable = false;
|
|
};
|
|
|
|
# Audio power saving - Intel HDA codec powers down after 1 second of silence
|
|
boot.extraModprobeConfig = ''
|
|
options snd_hda_intel power_save=1
|
|
'';
|
|
|
|
# ILITEK USI stylus/touchscreen support
|
|
# The stylus device is misclassified as a keyboard by the default evdev
|
|
# catchall. Force it to use libinput as a tablet device.
|
|
services.xserver.inputClassSections = [
|
|
''
|
|
Identifier "ILITEK stylus tablet"
|
|
MatchProduct "ILIT2901:00 222A:5539 Stylus"
|
|
MatchDevicePath "/dev/input/event*"
|
|
Driver "libinput"
|
|
''
|
|
];
|
|
|
|
# Prevent Tailscale from setting a ~. catch-all on tailscale0,
|
|
# which hijacks all DNS queries through systemd-resolved.
|
|
services.tailscale.extraUpFlags = ["--accept-dns=false"];
|
|
|
|
# DNS: MCNS for internal zones, public resolvers as fallback.
|
|
# When MCNS is down, internal names (.svc.mcp.metacircular.net) fail
|
|
# but external DNS keeps working via 1.1.1.1/8.8.8.8.
|
|
# Lesson from 2026-04-03 incident: without fallbacks, MCNS failure
|
|
# causes total DNS blackout including external services.
|
|
networking.nameservers = [
|
|
"192.168.88.181" # MCNS (LAN)
|
|
"100.95.252.120" # MCNS (Tailnet)
|
|
"1.1.1.1" # Cloudflare (fallback)
|
|
"8.8.8.8" # Google (fallback)
|
|
];
|
|
services.resolved.domains = [
|
|
"~mcp.metacircular.net"
|
|
];
|
|
|
|
services.logind.powerKey = "ignore";
|
|
}
|