1 { config, pkgs, lib, hostName, ... }:
4 wlan2Iface = "wlp0s26u1u2";
5 wwanIface = "wwp0s29u1u4";
7 wlan2IPv4 = "192.168.55";
11 ../../nixos/profiles/networking.nix
12 ../../nixos/profiles/dnscrypt-proxy2.nix
13 ../../nixos/profiles/wireguard/wg-intra.nix
14 networking/nftables.nix
16 install.substituteOnDestination = false;
17 #networking.domain = "sourcephile.fr";
18 networking.useDHCP = false;
20 boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
21 networking.nftables.ruleset = ''
22 add rule inet filter input iifname { ${wwanIface} } goto net2fw
23 add rule inet filter output oifname { ${wwanIface} } jump fw2net
24 add rule inet filter output oifname { ${wwanIface} } log level warn prefix "fw2net: " counter drop
26 add rule inet filter input iifname { ${ethIface}, ${wlan1Iface}, ${wlan2Iface} } jump lan2fw
27 add rule inet filter input iifname { ${ethIface}, ${wlan1Iface}, ${wlan2Iface} } log level warn prefix "lan2fw: " counter drop
28 add rule inet filter output oifname { ${ethIface}, ${wlan1Iface}, ${wlan2Iface} } jump fw2lan
29 add rule inet filter output oifname { ${ethIface}, ${wlan1Iface}, ${wlan2Iface} } log level warn prefix "fw2lan: " counter drop
32 add rule inet filter forward iifname { ${ethIface}, ${wlan1Iface}, ${wlan2Iface} } oifname ${wwanIface} counter accept
33 add rule inet filter forward iifname ${wwanIface} oifname { ${ethIface}, ${wlan1Iface}, ${wlan2Iface} } counter accept
36 add rule inet nat postrouting iifname { ${ethIface}, ${wlan1Iface}, ${wlan2Iface} } oifname ${wwanIface} masquerade
39 add rule inet filter fw2intra tcp dport { 80, 443 } counter accept comment "HTTP"
40 add rule inet filter fw2intra tcp dport 9418 counter accept comment "Git"
41 add rule inet filter fw2intra tcp dport ssh counter accept comment "SSH"
42 add rule inet filter fw2intra udp dport 60001-60010 counter accept comment "Mosh"
45 networking.interfaces = {
48 networking.networkmanager = {
53 environment.etc."NetworkManager/system-connections/Prixtel.nmconnection" = {
58 uuid=b223f550-dff1-4ba3-9755-cd4557faaa5a
61 permissions=user:julm:;
74 addr-gen-mode=stable-privacy
81 networking.wireguard.wg-intra.peers = {
83 losurdo.enable = true;
85 aubergine.enable = true;
88 services.openssh.listenAddresses = [
91 environment.systemPackages = [
93 pkgs.modem-manager-gui