]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/aubergine/networking/ftth.nix
aubergine: openssh: allow X11Forwarding
[julm/julm-nix.git] / hosts / aubergine / networking / ftth.nix
1 { lib, ... }:
2 with (import ./names-and-numbers.nix);
3 {
4 networking.interfaces = {
5 ${ftthIface} = {
6 useDHCP = false;
7 };
8 };
9 networking.networkmanager.unmanaged = [ ftthIface ];
10 networking.nftables.ruleset = lib.mkAfter ''
11 table inet filter {
12 chain input {
13 iifname ${ftthIface} jump input-net
14 iifname ${ftthIface} log level warn prefix "input-net: " counter drop
15 }
16 chain output {
17 oifname ${ftthIface} jump output-net
18 oifname ${ftthIface} log level warn prefix "output-net: " counter drop
19 }
20 chain forward-to-net {
21 }
22 chain forward-from-net {
23 }
24 chain forward {
25 iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${ftthIface} goto forward-to-net
26 iifname ${ftthIface} oifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-from-net
27 }
28 }
29 table inet nat {
30 chain postrouting {
31 iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${ftthIface} masquerade
32 }
33 }
34 '';
35 }