]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/nebula.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
losurdo: syncoid: fix nftables integration
[sourcephile-nix.git] / hosts / mermet / nebula.nix
1 {
2 pkgs,
3 lib,
4 config,
5 inputs,
6 ...
7 }:
8 let
9 domain = "sourcephile.fr";
10 port = 10001;
11 ipv4Prefix = "10.0.0";
12 in
13 {
14 imports = [
15 (inputs.julm-nix + "/domains/sourcephile.fr/nebula.nix")
16 ];
17 services.nebula.networks.${domain} = {
18 enable = true;
19 listen.port = port;
20 isLighthouse = true;
21 isRelay = true;
22 firewall = {
23 outbound = [
24 {
25 port = "any";
26 proto = "any";
27 host = "any";
28 }
29 ];
30 inbound = [
31 {
32 port = "any";
33 proto = "any";
34 host = "any";
35 }
36 ];
37 };
38 };
39 networking.nftables.ruleset = '''';
40 services.fail2ban.ignoreIP = [
41 "${ipv4Prefix}.1/24"
42 ];
43 }
NixOS configurations for Sourcephile's infrastructure