From 6c4c700d469d5a824a507b183e961cf99444c621 Mon Sep 17 00:00:00 2001 From: nils Date: Sun, 12 Jan 2025 23:30:15 +0100 Subject: [PATCH] Added NetworkManager config --- docs/gentoo-desktop-setup/installation.md | 41 +++++++++++++++++++++-- 1 file changed, 38 insertions(+), 3 deletions(-) diff --git a/docs/gentoo-desktop-setup/installation.md b/docs/gentoo-desktop-setup/installation.md index 8e07149..ed9dc87 100644 --- a/docs/gentoo-desktop-setup/installation.md +++ b/docs/gentoo-desktop-setup/installation.md @@ -183,16 +183,51 @@ root@chroot:~# echo "" > /etc/hostname ### Internet -NetworkManager is an easy to use network manager. It has compatibility with most VPN protocols, works with Eduroam etc. and also has multiple graphical interfaces. Before emerging it, consider adding some USE flags to your liking: +NetworkManager is an easy to use network manager. It has compatibility with most VPN protocols, works with Eduroam etc. and also has multiple graphical interfaces. On top of this `dnsmasq` can be used for managing DNS queries. Before emerging them, consider adding some USE flags to your liking: -``` title="/etc/portage/package.use/networkmanager" +``` title="/etc/portage/package.use/network" net-misc/networkmanager dhcpcd -wext -modemmanager -ppp +net-dns/dnsmasq dnssec ``` Also make sure the `networkmanager` USE flag is enabled in your `make.conf`. Then emerge `networkmananger`: ``` shell-session -root@chroot:~# emerge -av net-misc/networkmanager +root@chroot:~# emerge -av net-misc/networkmanager net-dns/dnsmasq +``` + +Now configure NetworkManager and Dnsmasq. This is a generally secure recommended setup: + +``` title="/etc/NetworkManager/NetworkManager.conf" +[main] +hostname-mode=none +plugins=ifupdown,keyfile +dns=dnsmasq + +[ifupdown] +managed=true + +[device] +wifi.scan-rand-mac-address=yes + +[connection-mac-randomization] +ethernet.cloned-mac-address=random +wifi.cloned-mac-address=random +``` + +``` title="/etc/dnsmasq.conf.resolv" +nameserver 9.9.9.9 +``` + +``` title="/etc/NetworkManager/dnsmasq.d/resolv" +resolv-file=/etc/dnsmasq.conf.resolv +``` + +``` title="/etc/NetworkManager/dnsmasq.d/dnssec" +dnssec +trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D +trust-anchor=.,38696,8,2,683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16 +dnssec-check-unsigned ``` Then disable any other network services before enabling the `NetworkManager`service: