networking/lte.nix
networking/nftables.nix
../../nixos/profiles/dnscrypt-proxy2.nix
- ../../nixos/profiles/wireguard/wg-intra.nix
../../nixos/profiles/networking/ssh.nix
];
install.substituteOnDestination = false;
- networking.domain = "wg";
+ networking.domain = "sp";
networking.useDHCP = false;
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.nftables.ruleset = mkAfter ''
table inet filter {
+ chain forward-to-lan {
+ #jump forward-connectivity
+ counter accept
+ }
chain forward-to-net {
#jump forward-connectivity
counter accept
}
'';
- services.avahi.enable = true;
- services.avahi.openFirewall = true;
- services.avahi.publish.enable = true;
+ networking.networkmanager.enable = true;
+ services.avahi = {
+ enable = true;
+ openFirewall = true;
+ nssmdns4 = true;
+ publish = {
+ enable = true;
+ addresses = true;
+ domain = true;
+ hinfo = true;
+ userServices = true;
+ workstation = true;
+ };
+ };
+ # WARNING: settings.listen_addresses are not merged...
+ # hence there all defined here.
services.dnscrypt-proxy2.settings.listen_addresses = [
"127.0.0.1:53"
"[::1]:53"
+ "${eth1IPv4}.1:53"
+ "${eth2IPv4}.1:53"
+ "${eth3IPv4}.1:53"
+ "${wifiIPv4}.1:53"
];
- networking.wireguard.wg-intra.peers = {
- mermet.enable = true;
- losurdo.enable = true;
- oignon.enable = true;
- patate.enable = true;
- };
+ services.openssh.settings.X11Forwarding = true;
+
+ services.vnstat.enable = true;
+ systemd.services.sshd.serviceConfig.LoadCredentialEncrypted = [
+ "host.key:${ssh/host.key.cred}"
+ ];
}