{
imports = [
../../nixos/profiles/dnscrypt-proxy2.nix
- ../../nixos/profiles/wireguard/wg-intra.nix
../../nixos/profiles/networking/ssh.nix
+ ../../nixos/profiles/networking/wifi.nix
+ #../../nixos/profiles/openvpn/calyx.nix
networking/nftables.nix
];
install.substituteOnDestination = false;
#networking.domain = "sourcephile.fr";
networking.useDHCP = false;
+ services.tor = {
+ settings = {
+ HashedControlPassword = lib.readFile tor/HashedControlPassword.clear;
+ # https://metrics.torproject.org/rs.html#search/flag:exit%20country:be%20running:true
+ # https://nusenu.github.io/OrNetStats/w/relay/58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.html
+ MapAddress = [
+ "*.gcp.cloud.es.io *.gcp.cloud.es.io.58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.exit"
+ "*.redbee.live *.redbee.live.58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.exit"
+ "*.rtbf.be *.rtbf.be.58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.exit"
+ ];
+ StrictNodes = true;
+ };
+ };
+
networking.nftables.ruleset = lib.mkAfter ''
table inet filter {
chain input {
}
'';
+ networking.hosts = {
+ #"80.67.180.129" = ["salons.sourcephile.fr"];
+ };
+
networking.interfaces = { };
networking.networkmanager = {
'';
};
- networking.wireguard.wg-intra.peers = {
- mermet.enable = true;
- losurdo.enable = true;
- patate.enable = true;
- aubergine.enable = true;
- };
-
environment.systemPackages = [
- pkgs.iw
pkgs.modem-manager-gui
+ #pkgs.tor-ctrl # Not packaged yet
+ ];
+
+ systemd.services.sshd.serviceConfig.LoadCredentialEncrypted = [
+ "host.key:${ssh/host.key.cred}"
];
}