oignon: install pandoc and texlive

[julm/julm-nix.git] / hosts / aubergine / networking.nix

diff --git a/hosts/aubergine/networking.nix b/hosts/aubergine/networking.nix
index 0ef35f884af14b955f5e30c5f3df12ed076b445a..8184ce6b01ac9a362e3233b143f6a0e113f2b6c2 100644 (file)
--- a/hosts/aubergine/networking.nix
+++ b/hosts/aubergine/networking.nix
@@ -8,7 +8,7 @@ with (import networking/names-and-numbers.nix);
     networking/wifi.nix
     networking/lte.nix
     networking/nftables.nix
-    wireguard/wg-intra.nix
+    ./wireguard.nix
     ../../nixos/profiles/dnscrypt-proxy2.nix
     ../../nixos/profiles/wireguard/wg-intra.nix
     ../../nixos/profiles/networking/ssh.nix
@@ -20,6 +20,10 @@ with (import networking/names-and-numbers.nix);
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
   networking.nftables.ruleset = mkAfter ''
     table inet filter {
+      chain forward-to-lan {
+        #jump forward-connectivity
+        counter accept
+      }
       chain forward-to-net {
         #jump forward-connectivity
         counter accept
@@ -48,4 +52,11 @@ with (import networking/names-and-numbers.nix);
     "${wifiIPv4}.1:53"
   ];
 
+  services.openssh.settings.X11Forwarding = true;
+
+  services.vnstat.enable = true;
+
+  systemd.services.sshd.serviceConfig.LoadCredentialEncrypted = [
+    "host.key:${ssh/host.key.cred}"
+  ];
 }