{ pkgs, lib, ... }:
{
imports = [
../../nixos/profiles/dnscrypt-proxy2.nix
../../nixos/profiles/networking/ssh.nix
../../nixos/profiles/networking/wifi.nix
#../../nixos/profiles/openvpn/calyx.nix
networking/nftables.nix
];
install.substituteOnDestination = false;
#networking.domain = "sourcephile.fr";
networking.useDHCP = false;
services.tor = {
settings = {
HashedControlPassword = lib.readFile tor/HashedControlPassword.clear;
# https://metrics.torproject.org/rs.html#search/flag:exit%20country:be%20running:true
# https://nusenu.github.io/OrNetStats/w/relay/58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.html
MapAddress = [
"*.gcp.cloud.es.io *.gcp.cloud.es.io.58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.exit"
"*.redbee.live *.redbee.live.58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.exit"
"*.rtbf.be *.rtbf.be.58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.exit"
];
StrictNodes = true;
};
};
networking.nftables.ruleset = lib.mkAfter ''
table inet filter {
chain input {
goto input-net
}
chain output {
ip daddr 10.0.0.0/8 counter goto output-lan
ip daddr 172.16.0.0/12 counter goto output-lan
ip daddr 192.168.0.0/16 counter goto output-lan
ip daddr 224.0.0.0/3 counter goto output-lan
jump output-net
log level warn prefix "output-net: " counter drop
}
}
'';
networking.hosts = {
#"80.67.180.129" = ["salons.sourcephile.fr"];
};
networking.interfaces = { };
networking.networkmanager = {
enable = true;
unmanaged = [
];
};
environment.etc."NetworkManager/system-connections/Prixtel.nmconnection" = {
mode = "600";
text = ''
[connection]
id=Prixtel
uuid=b223f550-dff1-4ba3-9755-cd4557faaa5a
type=gsm
autoconnect=false
permissions=user:julm:;
[gsm]
apn=sl2sfr
number=*99#
home-only=true
[ppp]
[ipv4]
method=auto
[ipv6]
addr-gen-mode=stable-privacy
method=disabled
[proxy]
'';
};
environment.systemPackages = [
pkgs.modem-manager-gui
#pkgs.tor-ctrl # Not packaged yet
];
systemd.services.sshd.serviceConfig.LoadCredentialEncrypted = [
"host.key:${ssh/host.key.cred}"
];
}