xmonad: rofi: import more environment variables

[julm/julm-nix.git] / hosts / aubergine / nebula.nix

diff --git a/hosts/aubergine/nebula.nix b/hosts/aubergine/nebula.nix
index 2a62fb1eef9c73ee68a837f07e5de0e3b6e4699e..2866b5c12bb8c6b0b1f554ea65674dfff25e2617 100644 (file)
--- a/hosts/aubergine/nebula.nix
+++ b/hosts/aubergine/nebula.nix
@@ -1,20 +1,38 @@
-{ pkgs, lib, config, inputs, hostName, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  inputs,
+  hostName,
+  ...
+}:
 let
   domain = "sourcephile.fr";
   iface = config.services.nebula.networks.${domain}.tun.device;
 in
 {
   imports = [
-    ../../share/nebula/sourcephile.fr.nix
+    ../../domains/sourcephile.fr/nebula.nix
   ];
   services.nebula.networks.${domain} = {
     listen.port = 10006;
     firewall = {
       inbound = [
-        { port = "any"; proto = "any"; groups = [ "sourcephile" "intra" ]; }
+        {
+          port = "any";
+          proto = "any";
+          groups = [
+            "sourcephile"
+            "intra"
+          ];
+        }
       ];
       outbound = [
-        { port = "any"; proto = "any"; host = "any"; }
+        {
+          port = "any";
+          proto = "any";
+          host = "any";
+        }
       ];
     };
     settings = {
@@ -27,9 +45,10 @@ in
   networking.nftables.ruleset = ''
     table inet filter {
       chain input-${iface} {
-      }
-      chain output-${iface} {
-        counter accept
+        tcp dport ipp counter accept comment "cupsd: IPP"
+        tcp dport sane-port counter accept comment "saned: control port"
+        # NoticeNote: not actually useful because there is a rule `ct related accept` before
+        ct helper "sane" counter accept comment "saned: data ports"
       }
     }
   '';