hosts/mermet/nebula.nix

   1 { pkgs, lib, config, inputs, ... }:
   2 let
   3   domain = "sourcephile.fr";
   4   port = 10001;
   5   ipv4Prefix = "10.0.0";
   6 in
   7 {
   8   imports = [
   9     (inputs.julm-nix + "/share/nebula/sourcephile.fr.nix")
  10   ];
  11   services.nebula.networks.${domain} = {
  12     enable = true;
  13     listen.port = port;
  14     isLighthouse = true;
  15     isRelay = true;
  16     firewall = {
  17       outbound = [{ port = "any"; proto = "any"; host = "any"; }];
  18       inbound = [{ port = "any"; proto = "any"; host = "any"; }];
  19     };
  20   };
  21   networking.nftables.ruleset = ''
  22   '';
  23   services.fail2ban.ignoreIP = [
  24     "${ipv4Prefix}.1/24"
  25   ];
  26 }