aubergine: add wwan tools

[julm/julm-nix.git] / nixos / profiles / networking.nix

diff --git a/nixos/profiles/networking.nix b/nixos/profiles/networking.nix
index 97cd6f83aed7fc0f1bd492060a8937f09a8da65b..2dee8af207c82ebdbbe3fb8b9145f63ea20ac223 100644 (file)
--- a/nixos/profiles/networking.nix
+++ b/nixos/profiles/networking.nix
@@ -3,6 +3,9 @@ let
   wg-intra-peers = import wireguard/wg-intra/peers.nix;
 in
 {
+imports = [
+  networking/nftables.nix
+];
 networking = {
   hostName = hostName;
   domain = lib.mkDefault "localdomain";
@@ -21,6 +24,7 @@ networking = {
       powersave = lib.mkDefault false;
     };
   };
+  usePredictableInterfaceNames = true;
 };
 
 programs.mtr.enable = true;
@@ -32,6 +36,19 @@ services.avahi = {
   openFirewall = lib.mkDefault false;
   publish.enable = lib.mkDefault false;
 };
+networking.nftables.ruleset = lib.mkIf config.services.avahi.enable (''
+  table inet filter {
+    chain output-lan {
+      skuid root udp sport mdns udp dport mdns comment "avahi: multicast DNS"
+    }
+  }
+'' + lib.optionalString config.services.avahi.openFirewall ''
+  table inet filter {
+    chain input-lan {
+      udp dport mdns comment "avahi: multicast DNS"
+    }
+  }
+'');
 
 services.openssh = {
   enable = lib.mkDefault true;