hosts/patate/nebula.nix

   1 {
   2   pkgs,
   3   lib,
   4   config,
   5   inputs,
   6   hostName,
   7   ...
   8 }:
   9 let
  10   domain = "sourcephile.fr";
  11   iface = config.services.nebula.networks.${domain}.tun.device;
  12 in
  13 {
  14   imports = [
  15     ../../domains/sourcephile.fr/nebula.nix
  16   ];
  17   services.nebula.networks.${domain} = {
  18     listen.port = 10004;
  19     firewall = {
  20       inbound = [
  21         {
  22           port = "any";
  23           proto = "any";
  24           groups = [
  25             "sourcephile"
  26             "intra"
  27           ];
  28         }
  29       ];
  30       outbound = [
  31         {
  32           port = "any";
  33           proto = "any";
  34           host = "any";
  35         }
  36       ];
  37     };
  38     settings = {
  39       punchy = {
  40         punch = true;
  41         respond = true;
  42       };
  43     };
  44   };
  45   networking.nftables.ruleset = ''
  46     table inet filter {
  47       chain input-${iface} {
  48       }
  49       chain output-${iface} {
  50         counter accept
  51       }
  52     }
  53   '';
  54 }