]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/oignon/networking.nix
shell: add gnupg
[julm/julm-nix.git] / hosts / oignon / networking.nix
1 { pkgs, lib, ... }:
2 {
3 imports = [
4 ../../nixos/profiles/dnscrypt-proxy2.nix
5 ../../nixos/profiles/wireguard/wg-intra.nix
6 ../../nixos/profiles/networking/ssh.nix
7 ../../nixos/profiles/networking/wifi.nix
8 networking/nftables.nix
9 ];
10 install.substituteOnDestination = false;
11 #networking.domain = "sourcephile.fr";
12 networking.useDHCP = false;
13
14 networking.nftables.ruleset = lib.mkAfter ''
15 table inet filter {
16 chain input {
17 goto input-net
18 }
19 chain output {
20 ip daddr 10.0.0.0/8 counter goto output-lan
21 ip daddr 172.16.0.0/12 counter goto output-lan
22 ip daddr 192.168.0.0/16 counter goto output-lan
23 ip daddr 224.0.0.0/3 counter goto output-lan
24 jump output-net
25 log level warn prefix "output-net: " counter drop
26 }
27 }
28 '';
29
30 networking.interfaces = { };
31
32 networking.networkmanager = {
33 enable = true;
34 unmanaged = [
35 ];
36 };
37 environment.etc."NetworkManager/system-connections/Prixtel.nmconnection" = {
38 mode = "600";
39 text = ''
40 [connection]
41 id=Prixtel
42 uuid=b223f550-dff1-4ba3-9755-cd4557faaa5a
43 type=gsm
44 autoconnect=false
45 permissions=user:julm:;
46
47 [gsm]
48 apn=sl2sfr
49 number=*99#
50 home-only=true
51
52 [ppp]
53
54 [ipv4]
55 method=auto
56
57 [ipv6]
58 addr-gen-mode=stable-privacy
59 method=disabled
60
61 [proxy]
62 '';
63 };
64
65 networking.wireguard.wg-intra.peers = {
66 mermet.enable = true;
67 losurdo.enable = true;
68 patate.enable = true;
69 aubergine.enable = true;
70 };
71
72 environment.systemPackages = [
73 pkgs.iw
74 pkgs.modem-manager-gui
75 ];
76 }