hosts/aubergine/networking.nix

   1 { lib, ... }:
   2 with (import networking/names-and-numbers.nix);
   3 {
   4   imports = [
   5     networking/ftth.nix
   6     networking/ethernet.nix
   7     networking/wifi.nix
   8     networking/lte.nix
   9     networking/nftables.nix
  10     ../../nixos/profiles/dnscrypt-proxy2.nix
  11     ../../nixos/profiles/wireguard/wg-intra.nix
  12   ];
  13   install.substituteOnDestination = false;
  14   networking.domain = "wg";
  15   networking.useDHCP = false;
  16
  17   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
  18   networking.nftables.ruleset = lib.mkAfter ''
  19     table inet filter {
  20       chain forward-to-net {
  21         #jump forward-connectivity
  22         counter accept
  23       }
  24       chain forward-from-net {
  25         ct state { established, related } accept
  26         log level warn prefix "forward-from-net: " counter drop
  27       }
  28       chain forward {
  29         log level warn prefix "forward: " counter drop
  30       }
  31     }
  32   '';
  33
  34   services.avahi.enable = true;
  35   services.avahi.openFirewall = true;
  36   services.avahi.publish.enable = true;
  37   services.dnscrypt-proxy2.settings.listen_addresses = [
  38     "127.0.0.1:53"
  39     "[::1]:53"
  40   ];
  41
  42   networking.wireguard.wg-intra.peers = {
  43     mermet.enable = true;
  44     losurdo.enable = true;
  45     oignon.enable = true;
  46     patate.enable = true;
  47   };
  48
  49 }