hosts/aubergine/nebula.nix

   1 { pkgs, lib, config, inputs, hostName, ... }:
   2 let
   3   domain = "sourcephile.fr";
   4   iface = config.services.nebula.networks.${domain}.tun.device;
   5 in
   6 {
   7   imports = [
   8     ../../share/nebula/sourcephile.fr.nix
   9   ];
  10   services.nebula.networks.${domain} = {
  11     listen.port = 10006;
  12     firewall = {
  13       inbound = [
  14         { port = "any"; proto = "any"; groups = [ "sourcephile" "intra" ]; }
  15       ];
  16       outbound = [
  17         { port = "any"; proto = "any"; host = "any"; }
  18       ];
  19     };
  20     settings = {
  21       punchy = {
  22         #punch = true;
  23         respond = true;
  24       };
  25     };
  26   };
  27   networking.nftables.ruleset = ''
  28     table inet filter {
  29       chain input-${iface} {
  30       }
  31       chain output-${iface} {
  32         counter accept
  33       }
  34     }
  35   '';
  36 }