imports = [
../../nixos/profiles/dnscrypt-proxy2.nix
../../nixos/profiles/wireguard/wg-intra.nix
- ../../nixos/profiles/networking/ssh.nix
- ../../nixos/profiles/networking/wifi.nix
+ ../../nixos/profiles/networking/remote.nix
./wireguard.nix
networking/nftables.nix
];
- install.substituteOnDestination = false;
- #networking.domain = "wg";
- networking.useDHCP = false;
+ install.substituteOnDestination = true;
networking.nftables.ruleset = lib.mkAfter ''
table inet filter {
chain input {
+ ip daddr 10.0.0.0/8 counter goto input-lan
+ ip daddr 172.16.0.0/12 counter goto input-lan
+ ip daddr 192.168.0.0/16 counter goto input-lan
+ ip daddr 224.0.0.0/3 counter goto input-lan
goto input-net
}
chain output {
}
'';
- networking.interfaces = { };
-
- networking.networkmanager = {
- enable = true;
- unmanaged = [
- ];
- };
-
+ networking.networkmanager.enable = true;
services.avahi.enable = true;
- services.avahi.openFirewall = false;
- services.avahi.publish.enable = false;
-
services.openssh.settings.X11Forwarding = true;
+ services.vnstat.enable = true;
systemd.services.sshd.serviceConfig.LoadCredentialEncrypted = [
"host.key:${ssh/host.key.cred}"
];
-
- services.vnstat.enable = true;
}