hosts/aubergine/networking.nix

   1 { lib, ... }:
   2 with lib;
   3 with (import networking/names-and-numbers.nix);
   4 {
   5   imports = [
   6     networking/ftth.nix
   7     networking/ethernet.nix
   8     networking/wifi.nix
   9     networking/lte.nix
  10     networking/nftables.nix
  11     ../../nixos/profiles/dnscrypt-proxy2.nix
  12     ../../nixos/profiles/wireguard/wg-intra.nix
  13     ../../nixos/profiles/networking/ssh.nix
  14   ];
  15   install.substituteOnDestination = false;
  16   networking.domain = "wg";
  17   networking.useDHCP = false;
  18
  19   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
  20   networking.nftables.ruleset = mkAfter ''
  21     table inet filter {
  22       chain forward-to-net {
  23         #jump forward-connectivity
  24         counter accept
  25       }
  26       chain forward-from-net {
  27         ct state { established, related } accept
  28         log level warn prefix "forward-from-net: " counter drop
  29       }
  30       chain forward {
  31         log level warn prefix "forward: " counter drop
  32       }
  33     }
  34   '';
  35
  36   services.avahi.enable = true;
  37   services.avahi.openFirewall = true;
  38   services.avahi.publish.enable = true;
  39   services.dnscrypt-proxy2.settings.listen_addresses = [
  40     "127.0.0.1:53"
  41     "[::1]:53"
  42   ];
  43
  44   networking.wireguard.wg-intra.peers = {
  45     mermet.enable = true;
  46     losurdo.enable = true;
  47     oignon.enable = true;
  48     patate.enable = true;
  49   };
  50
  51 }