]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/oignon/nebula.nix
syncoid: import module isntead of patching nixpkgs
[julm/julm-nix.git] / hosts / oignon / nebula.nix
1 {
2 pkgs,
3 lib,
4 config,
5 inputs,
6 hostName,
7 ...
8 }:
9 let
10 domain = "sourcephile.fr";
11 iface = config.services.nebula.networks.${domain}.tun.device;
12 in
13 {
14 imports = [
15 ../../domains/sourcephile.fr/nebula.nix
16 ];
17 services.nebula.networks.${domain} = {
18 listen.port = 10003;
19 firewall = {
20 inbound = [
21 {
22 port = "any";
23 proto = "any";
24 groups = [
25 "sourcephile"
26 "intra"
27 ];
28 }
29 ];
30 outbound = [
31 {
32 port = "any";
33 proto = "any";
34 host = "any";
35 }
36 ];
37 };
38 settings = {
39 punchy = {
40 punch = true;
41 respond = true;
42 };
43 };
44 };
45 networking.nftables.ruleset = ''
46 table inet filter {
47 chain input-${iface} {
48 }
49 chain output-${iface} {
50 tcp dport 9091 counter accept comment "Transmission RPC"
51 counter accept
52 }
53 }
54 '';
55 }