{
imports = [
../../nixos/profiles/dnscrypt-proxy2.nix
- ../../nixos/profiles/wireguard/wg-intra.nix
- ../../nixos/profiles/networking/ssh.nix
- ../../nixos/profiles/networking/wifi.nix
- ../../nixos/profiles/openvpn/calyx.nix
- ./wireguard.nix
+ ../../nixos/profiles/networking/remote.nix
+ ./nebula.nix
networking/nftables.nix
];
install.substituteOnDestination = false;
- #networking.domain = "sourcephile.fr";
- networking.useDHCP = false;
networking.nftables.ruleset = lib.mkAfter ''
table inet filter {
chain input {
+ ip daddr 10.0.0.0/8 counter goto input-lan
+ ip daddr 172.16.0.0/12 counter goto input-lan
+ ip daddr 192.168.0.0/16 counter goto input-lan
+ ip daddr 224.0.0.0/3 counter goto input-lan
goto input-net
}
chain output {
}
'';
- networking.hosts = {
- #"80.67.180.129" = ["salons.sourcephile.fr"];
- };
-
- networking.interfaces = { };
-
- networking.networkmanager = {
- enable = true;
- unmanaged = [
- ];
- };
- environment.etc."NetworkManager/system-connections/Prixtel.nmconnection" = {
- mode = "600";
- text = ''
- [connection]
- id=Prixtel
- uuid=b223f550-dff1-4ba3-9755-cd4557faaa5a
- type=gsm
- autoconnect=false
- permissions=user:julm:;
-
- [gsm]
- apn=sl2sfr
- number=*99#
- home-only=true
-
- [ppp]
-
- [ipv4]
- method=auto
-
- [ipv6]
- addr-gen-mode=stable-privacy
- method=disabled
-
- [proxy]
- '';
- };
-
- environment.systemPackages = [
- pkgs.iw
- pkgs.modem-manager-gui
- ];
-
+ networking.networkmanager.enable = true;
+ services.avahi.enable = true;
+ services.openssh.settings.X11Forwarding = true;
+ services.vnstat.enable = true;
systemd.services.sshd.serviceConfig.LoadCredentialEncrypted = [
"host.key:${ssh/host.key.cred}"
];
+ services.openssh.extraConfig = ''
+ Match User julm
+ ForceCommand systemd-inhibit --who="SSH session" --why="Active ssh user blocks suspend" --what=idle --mode=block bash
+ '';
}
sourcephile / git / julm / julm-nix.git / blobdiff