bash: add zfs aliases
[julm/julm-nix.git] / hosts / courge / networking.nix
index 350df80b89b05d5a40734df3fd5348d02b6e11eb..fae0bea64a62d0af6f450c5359bd39b65a16261a 100644 (file)
@@ -3,18 +3,19 @@
   imports = [
     ../../nixos/profiles/dnscrypt-proxy2.nix
     ../../nixos/profiles/wireguard/wg-intra.nix
-    ../../nixos/profiles/networking/ssh.nix
-    ../../nixos/profiles/networking/wifi.nix
+    ../../nixos/profiles/networking/remote.nix
     ./wireguard.nix
     networking/nftables.nix
   ];
-  install.substituteOnDestination = false;
-  #networking.domain = "wg";
-  networking.useDHCP = false;
+  install.substituteOnDestination = true;
 
   networking.nftables.ruleset = lib.mkAfter ''
     table inet filter {
       chain input {
+        ip daddr 10.0.0.0/8 counter goto input-lan
+        ip daddr 172.16.0.0/12 counter goto input-lan
+        ip daddr 192.168.0.0/16 counter goto input-lan
+        ip daddr 224.0.0.0/3 counter goto input-lan
         goto input-net
       }
       chain output {
     }
   '';
 
-  networking.interfaces = { };
-
-  networking.networkmanager = {
-    enable = true;
-    unmanaged = [
-    ];
-  };
-
+  networking.networkmanager.enable = true;
   services.avahi.enable = true;
-  services.avahi.openFirewall = false;
-  services.avahi.publish.enable = false;
-
   services.openssh.settings.X11Forwarding = true;
+  services.vnstat.enable = true;
   systemd.services.sshd.serviceConfig.LoadCredentialEncrypted = [
     "host.key:${ssh/host.key.cred}"
   ];
-
-  services.vnstat.enable = true;
 }