aubergine: nftables: fix DHCP renewal
[julm/julm-nix.git] / hosts / oignon / networking.nix
index 80bf1382c9ea19223aeea61e32b44b08ad9f1e34..281efebcd54ad48965264fab8a740efa9bcbceaa 100644 (file)
@@ -2,14 +2,29 @@
 {
   imports = [
     ../../nixos/profiles/dnscrypt-proxy2.nix
-    ../../nixos/profiles/wireguard/wg-intra.nix
     ../../nixos/profiles/networking/ssh.nix
+    ../../nixos/profiles/networking/wifi.nix
+    #../../nixos/profiles/openvpn/calyx.nix
     networking/nftables.nix
   ];
   install.substituteOnDestination = false;
   #networking.domain = "sourcephile.fr";
   networking.useDHCP = false;
 
+  services.tor = {
+    settings = {
+      HashedControlPassword = lib.readFile tor/HashedControlPassword.clear;
+      # https://metrics.torproject.org/rs.html#search/flag:exit%20country:be%20running:true
+      # https://nusenu.github.io/OrNetStats/w/relay/58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.html
+      MapAddress = [
+        "*.gcp.cloud.es.io *.gcp.cloud.es.io.58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.exit"
+        "*.redbee.live         *.redbee.live.58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.exit"
+        "*.rtbf.be                 *.rtbf.be.58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.exit"
+      ];
+      StrictNodes = true;
+    };
+  };
+
   networking.nftables.ruleset = lib.mkAfter ''
     table inet filter {
       chain input {
     }
   '';
 
+  networking.hosts = {
+    #"80.67.180.129" = ["salons.sourcephile.fr"];
+  };
+
   networking.interfaces = { };
 
   networking.networkmanager = {
     '';
   };
 
-  networking.wireguard.wg-intra.peers = {
-    mermet.enable = true;
-    losurdo.enable = true;
-    patate.enable = true;
-    aubergine.enable = true;
-  };
-
   environment.systemPackages = [
-    pkgs.iw
     pkgs.modem-manager-gui
+    #pkgs.tor-ctrl # Not packaged yet
+  ];
+
+  systemd.services.sshd.serviceConfig.LoadCredentialEncrypted = [
+    "host.key:${ssh/host.key.cred}"
   ];
 }