in
{
imports = [
- ../../share/nebula/sourcephile.fr.nix
+ ../../domains/sourcephile.fr/nebula.nix
];
services.nebula.networks.${domain} = {
listen.port = 10006;
networking.nftables.ruleset = ''
table inet filter {
chain input-${iface} {
- }
- chain output-${iface} {
- counter accept
+ tcp dport ipp counter accept comment "cupsd: IPP"
+ tcp dport sane-port counter accept comment "saned: control port"
+ # NoticeNote: not actually useful because there is a rule `ct related accept` before
+ ct helper "sane" counter accept comment "saned: data ports"
}
}
'';