config/networking.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

{ ... }:
{
  personal.networking = {
    enable = true;
    firewall.http = true;
    ssh.enable = true;
  };

  networking = {
    hostName = "hermes";
    domain = "aristote.fr";

    useDHCP = false;
    interfaces.ens3.ipv4.addresses = [
      {
        address = "93.95.228.53";
        prefixLength = 24;
      }
    ];
    defaultGateway = "93.95.228.1";
    nameservers = [
      "93.95.224.28"
      "93.95.224.29"
    ];

    # reroute SSH on port 2222 to hephaistos
    nat.enable = true;
    nftables = {
      enable = true;
      ruleset = ''
        table ip nat {
          chain pre {
            type nat hook prerouting priority dstnat; policy accept;
            iifname "ens3" tcp dport 2222 dnat to 100.64.0.3:22
          }
          chain post {
            type nat hook postrouting priority srcnat; policy accept;
            iifname "ens3" ip daddr 100.64.0.3 tcp dport 22 masquerade
          }
        }
      '';
    };

  };

  services.resolved = {
    enable = true;
    dnsovertls = "opportunistic";
  };

  services.tailscale = {
    enable = true;
    openFirewall = true;
    disableTaildrop = true;
  };
}