domain = "sourcephile.fr";
port = toString config.services.nebula.networks.${domain}.listen.port;
iface = config.services.nebula.networks.${domain}.tun.device;
+ IPv4Prefix = "10.0.0";
in
{
environment.systemPackages = with pkgs; [ nebula ];
];
install.target = lib.mkDefault "\"\${NIXOS_TARGET:-root@${config.networking.hostName}.sp}\"";
networking.hosts = {
- "10.0.0.1" = [ "mermet.sp" ];
- "10.0.0.2" = [ "losurdo.sp" ];
- "10.0.0.3" = [ "oignon.sp" ];
- "10.0.0.4" = [ "patate.sp" ];
- "10.0.0.5" = [ "carotte.sp" ];
- "10.0.0.6" = [ "aubergine.sp" ];
- "10.0.0.7" = [ "courge.sp" ];
+ "${IPv4Prefix}.1" = [ "mermet.sp" ];
+ "${IPv4Prefix}.2" = [ "losurdo.sp" ];
+ "${IPv4Prefix}.3" = [ "oignon.sp" ];
+ "${IPv4Prefix}.4" = [ "patate.sp" ];
+ "${IPv4Prefix}.5" = [ "carotte.sp" ];
+ "${IPv4Prefix}.6" = [ "aubergine.sp" ];
+ "${IPv4Prefix}.7" = [ "courge.sp" ];
};
services.nebula.networks.${domain} = {
enable = true;
listen.host = lib.mkDefault "0.0.0.0";
tun.device = lib.mkDefault "neb-sourcephile";
staticHostMap = {
- "10.0.0.1" = [ "mermet.${domain}:10001" ];
- "10.0.0.2" = [ "losurdo.${domain}:10002" ];
+ "${IPv4Prefix}.1" = [ "mermet.${domain}:10001" ];
+ "${IPv4Prefix}.2" = [ "losurdo.${domain}:10002" ];
};
lighthouses = [
- "10.0.0.1"
- "10.0.0.2"
+ "${IPv4Prefix}.1"
+ "${IPv4Prefix}.2"
];
relays = [
- "10.0.0.1"
+ "${IPv4Prefix}.1"
];
firewall = {
inbound = [
}
'';
networking.networkmanager.unmanaged = [ iface ];
+ services.fail2ban.ignoreIP = [
+ "${IPv4Prefix}.1" # mermet.sp
+ "${IPv4Prefix}.2" # losurdo.sp
+ "${IPv4Prefix}.3" # oignon.sp
+ ];
}
sourcephile / git / julm / julm-nix.git / commitdiff