-{ lib, ... }:
+{ pkgs, lib, ... }:
with lib;
with (import networking/names-and-numbers.nix);
{
networking/wifi.nix
networking/lte.nix
networking/nftables.nix
- ./wireguard.nix
../../nixos/profiles/dnscrypt-proxy2.nix
- ../../nixos/profiles/wireguard/wg-intra.nix
+ ../../nixos/profiles/printing.nix
../../nixos/profiles/networking/ssh.nix
];
install.substituteOnDestination = false;
- networking.domain = "wg";
+ networking.domain = "sp";
networking.useDHCP = false;
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.nftables.ruleset = mkAfter ''
table inet filter {
+ chain forward-to-lan {
+ #jump forward-connectivity
+ counter accept
+ }
chain forward-to-net {
#jump forward-connectivity
counter accept
}
'';
- services.avahi.enable = true;
- services.avahi.openFirewall = true;
- services.avahi.publish.enable = true;
+ networking.networkmanager.enable = true;
+ services.avahi = {
+ enable = true;
+ openFirewall = true;
+ publish = {
+ enable = true;
+ addresses = true;
+ domain = true;
+ hinfo = true;
+ userServices = true;
+ workstation = true;
+ };
+ reflector = true;
+ };
# WARNING: settings.listen_addresses are not merged...
# hence there all defined here.
services.dnscrypt-proxy2.settings.listen_addresses = [
"${wifiIPv4}.1:53"
];
+ services.openssh.settings.X11Forwarding = true;
+
services.vnstat.enable = true;
systemd.services.sshd.serviceConfig.LoadCredentialEncrypted = [
"host.key:${ssh/host.key.cred}"
];
+
+ programs.wireshark = {
+ enable = true;
+ package = pkgs.wireshark-cli;
+ };
}
sourcephile / git / julm / julm-nix.git / blobdiff