1 { config, pkgs, lib, hostName, ... }:
2 with (import networking/names-and-numbers.nix);
6 networking/ethernet.nix
9 networking/nftables.nix
10 ../../nixos/profiles/networking.nix
11 ../../nixos/profiles/dnscrypt-proxy2.nix
12 ../../nixos/profiles/wireguard/wg-intra.nix
14 install.substituteOnDestination = false;
15 networking.domain = "wg";
16 networking.useDHCP = false;
18 boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
19 networking.nftables.ruleset = lib.mkAfter ''
21 chain forward-to-net {
22 #jump forward-connectivity
25 chain forward-from-net {
26 ct state { established, related } accept
27 log level warn prefix "forward-from-net: " counter drop
30 log level warn prefix "forward: " counter drop
35 services.avahi.openFirewall = true;
36 services.dnscrypt-proxy2.settings.listen_addresses = [
41 networking.wireguard.wg-intra.peers = {
43 losurdo.enable = true;