]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/blackberry/nebula.nix
Add 1 git-crypt collaborator
[julm/julm-nix.git] / hosts / blackberry / nebula.nix
1 { pkgs, lib, config, inputs, hostName, hosts, ... }:
2 let
3 domain = "sourcephile.fr";
4 iface = config.services.nebula.networks.${domain}.tun.device;
5 aubergine = import ../aubergine/networking/names-and-numbers.nix;
6 in
7 {
8 imports = [
9 ../../share/nebula/sourcephile.fr.nix
10 ];
11 services.nebula.networks.${domain} = {
12 listen.port = 10008;
13 firewall = {
14 inbound = [
15 { port = "any"; proto = "any"; groups = [ "sourcephile" "intra" ]; }
16 ];
17 outbound = [
18 { port = "any"; proto = "any"; host = "any"; }
19 ];
20 };
21 staticHostMap = {
22 # Speed up discovering of aubergine at startup
23 "10.0.0.8" = [ "${aubergine.wifiIPv4}.1:${toString hosts.aubergine.config.services.nebula.networks.${domain}.listen.port}" ];
24 };
25 settings = {
26 punchy = {
27 punch = true;
28 respond = true;
29 };
30 };
31 };
32 networking.nftables.ruleset = ''
33 table inet filter {
34 chain input-${iface} {
35 }
36 chain output-${iface} {
37 tcp dport 9091 counter accept comment "Transmission RPC"
38 counter accept
39 }
40 }
41 '';
42 }