hosts/blackberry/nebula.nix

   1 {
   2   pkgs,
   3   lib,
   4   config,
   5   inputs,
   6   hostName,
   7   hosts,
   8   ...
   9 }:
  10 let
  11   domain = "sourcephile.fr";
  12   iface = config.services.nebula.networks.${domain}.tun.device;
  13   aubergine = import ../aubergine/networking/names-and-numbers.nix;
  14 in
  15 {
  16   imports = [
  17     ../../domains/sourcephile.fr/nebula.nix
  18   ];
  19   services.nebula.networks.${domain} = {
  20     listen.port = 10008;
  21     firewall = {
  22       inbound = [
  23         {
  24           port = "any";
  25           proto = "any";
  26           groups = [
  27             "sourcephile"
  28             "intra"
  29           ];
  30         }
  31       ];
  32       outbound = [
  33         {
  34           port = "any";
  35           proto = "any";
  36           host = "any";
  37         }
  38       ];
  39     };
  40     staticHostMap = {
  41       # Speed up discovering of aubergine at startup
  42       "10.0.0.6" = [
  43         "${aubergine.eth2IPv4}.1:${
  44           toString hosts.aubergine.config.services.nebula.networks.${domain}.listen.port
  45         }"
  46       ];
  47     };
  48     settings = {
  49       punchy = {
  50         punch = true;
  51         respond = true;
  52       };
  53     };
  54   };
  55   networking.nftables.ruleset = ''
  56     table inet filter {
  57       chain input-${iface} {
  58       }
  59       chain output-${iface} {
  60         tcp dport 9091 counter accept comment "Transmission RPC"
  61         counter accept
  62       }
  63     }
  64   '';
  65 }