hosts/carotte/nebula.nix

   1 { pkgs, lib, config, inputs, ... }:
   2 let
   3   domain = "sourcephile.fr";
   4   port = 10005;
   5   ipv4Prefix = "10.0.0";
   6 in
   7 {
   8   imports = [
   9     (inputs.julm-nix + "/share/nebula/sourcephile.fr.nix")
  10   ];
  11   services.nebula.networks.${domain} = {
  12     enable = true;
  13     listen.port = port;
  14     isLighthouse = false;
  15     isRelay = false;
  16     firewall = {
  17       outbound = [{ port = "any"; proto = "any"; host = "any"; }];
  18       inbound = [{ port = "any"; proto = "any"; host = "any"; }];
  19     };
  20   };
  21   networking.nftables.ruleset = ''
  22   '';
  23   networking.networkmanager.unmanaged = [ config.services.nebula.networks.${domain}.tun.device ];
  24   #boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
  25 }