nix: update to nixos-24.11
[julm/julm-nix.git] / hosts / aubergine / networking.nix
index 3728b9b6ab146edba040903928b7bee8ff44d616..db3b990cd53342335cdd19de0eed8ba1fb2a42d1 100644 (file)
@@ -9,16 +9,19 @@ with (import networking/names-and-numbers.nix);
     networking/lte.nix
     networking/nftables.nix
     ../../nixos/profiles/dnscrypt-proxy2.nix
-    ../../nixos/profiles/wireguard/wg-intra.nix
     ../../nixos/profiles/networking/ssh.nix
   ];
   install.substituteOnDestination = false;
-  networking.domain = "wg";
+  networking.domain = "sp";
   networking.useDHCP = false;
 
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
   networking.nftables.ruleset = mkAfter ''
     table inet filter {
+      chain forward-to-lan {
+        #jump forward-connectivity
+        counter accept
+      }
       chain forward-to-net {
         #jump forward-connectivity
         counter accept
@@ -33,19 +36,36 @@ with (import networking/names-and-numbers.nix);
     }
   '';
 
-  services.avahi.enable = true;
-  services.avahi.openFirewall = true;
-  services.avahi.publish.enable = true;
+  networking.networkmanager.enable = true;
+  services.avahi = {
+    enable = true;
+    openFirewall = true;
+    nssmdns4 = true;
+    publish = {
+      enable = true;
+      addresses = true;
+      domain = true;
+      hinfo = true;
+      userServices = true;
+      workstation = true;
+    };
+  };
+  # WARNING: settings.listen_addresses are not merged...
+  # hence there all defined here.
   services.dnscrypt-proxy2.settings.listen_addresses = [
     "127.0.0.1:53"
     "[::1]:53"
+    "${eth1IPv4}.1:53"
+    "${eth2IPv4}.1:53"
+    "${eth3IPv4}.1:53"
+    "${wifiIPv4}.1:53"
   ];
 
-  networking.wireguard.wg-intra.peers = {
-    mermet.enable = true;
-    losurdo.enable = true;
-    oignon.enable = true;
-    patate.enable = true;
-  };
+  services.openssh.settings.X11Forwarding = true;
+
+  services.vnstat.enable = true;
 
+  systemd.services.sshd.serviceConfig.LoadCredentialEncrypted = [
+    "host.key:${ssh/host.key.cred}"
+  ];
 }