{
imports = [
../../nixos/profiles/dnscrypt-proxy2.nix
- ../../nixos/profiles/wireguard/wg-intra.nix
- ../../nixos/profiles/networking/ssh.nix
- ../../nixos/profiles/networking/wifi.nix
- ./wireguard.nix
+ ../../nixos/profiles/networking/remote.nix
+ ./nebula.nix
networking/nftables.nix
];
install.substituteOnDestination = false;
- #networking.domain = "wg";
- networking.useDHCP = false;
networking.nftables.ruleset = lib.mkAfter ''
table inet filter {
}
'';
- networking.interfaces = { };
-
- networking.networkmanager = {
- enable = true;
- unmanaged = [
- ];
- };
-
+ networking.networkmanager.enable = true;
services.avahi.enable = true;
- services.avahi.openFirewall = false;
- services.avahi.publish.enable = false;
-
services.openssh.settings.X11Forwarding = true;
+ services.vnstat.enable = true;
systemd.services.sshd.serviceConfig.LoadCredentialEncrypted = [
"host.key:${ssh/host.key.cred}"
];
-
- services.vnstat.enable = true;
+ services.openssh.extraConfig = ''
+ Match User julm
+ ForceCommand systemd-inhibit --who="SSH session" --why="Active ssh user blocks suspend" --what=idle --mode=block bash
+ '';
}