office: simple-scan: install
[julm/julm-nix.git] / hosts / courge / networking.nix
index 7eea9bb6b6157305300be12cbf1d2095fbb1b782..dfc1a14319914e0e6eda4777239b883744a75849 100644 (file)
@@ -2,15 +2,11 @@
 {
   imports = [
     ../../nixos/profiles/dnscrypt-proxy2.nix
-    ../../nixos/profiles/wireguard/wg-intra.nix
-    ../../nixos/profiles/networking/ssh.nix
-    ../../nixos/profiles/networking/wifi.nix
-    ./wireguard.nix
+    ../../nixos/profiles/networking/remote.nix
+    ./nebula.nix
     networking/nftables.nix
   ];
   install.substituteOnDestination = false;
-  #networking.domain = "wg";
-  networking.useDHCP = false;
 
   networking.nftables.ruleset = lib.mkAfter ''
     table inet filter {
     }
   '';
 
-  networking.interfaces = { };
-
-  networking.networkmanager = {
-    enable = true;
-    unmanaged = [
-    ];
-  };
-
+  networking.networkmanager.enable = true;
   services.avahi.enable = true;
-  services.avahi.openFirewall = false;
-  services.avahi.publish.enable = false;
-
   services.openssh.settings.X11Forwarding = true;
+  services.vnstat.enable = true;
   systemd.services.sshd.serviceConfig.LoadCredentialEncrypted = [
     "host.key:${ssh/host.key.cred}"
   ];
-
-  services.vnstat.enable = true;
+  services.openssh.extraConfig = ''
+    Match User julm
+      ForceCommand systemd-inhibit --who="SSH session" --why="Active ssh user blocks suspend" --what=idle --mode=block bash
+  '';
 }