nix: polish flake.nix

[sourcephile-nix.git] / machines / mermet / networking.nix

diff --git a/machines/mermet/networking.nix b/machines/mermet/networking.nix
index 54ae0af01cf56d8ccf00374e8687d07858023179..71023178e3778990538b3771e04f57ed5c45549a 100644 (file)
--- a/machines/mermet/networking.nix
+++ b/machines/mermet/networking.nix
@@ -1,7 +1,6 @@
-{ pkgs, lib, config, name, ipv4, machines, ... }:
+{ pkgs, lib, config, machineName, ipv4, machines, ... }:
 with builtins;
 let
-  inherit (builtins.extraBuiltins) pass-to-file;
   inherit (config) networking users;
   netIPv4        = ipv4;
   netIPv4Gateway = "80.67.180.134";
@@ -14,6 +13,8 @@ in
 {
 imports = [
   networking/nftables.nix
+  networking/ssh.nix
+  networking/wireguard.nix
 ];
 boot.initrd.network = {
   enable = true;
@@ -104,10 +105,9 @@ services.knot.extraConfig = lib.mkBefore ''
     #listen: ::@53
 '';
 
-networking = rec {
-  hostName   = name;
-  domainBase = "sourcephile";
-  domain     = "${domainBase}.fr";
+networking = {
+  hostName = machineName;
+  domain = "sourcephile.fr";
   
   useDHCP = false;
   defaultGateway = {
@@ -123,8 +123,8 @@ networking = rec {
   #nameservers = [ ];
   nftables.ruleset = ''
     add rule inet filter input  iifname "enp1s0" goto net2fw
-    add rule inet filter output oifname "enp1s0" goto fw2net
-    add rule inet filter fw2net ip daddr ${machines.losurdo.extraArgs.ipv4} counter accept comment "losurdo"
+    add rule inet filter output oifname "enp1s0" jump fw2net
+    add rule inet filter output oifname "enp1s0" log level warn prefix "fw2net: " counter drop
     
     add rule inet filter input  iifname "enp2s0" goto lan2fw
     add rule inet filter output oifname "enp2s0" goto fw2lan