nixos/networking.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

{ config, pkgs, ... }:

{
  networking.hostName = "latitude-7490";

  # NetworkManager
  environment.systemPackages = with pkgs; [ networkmanager ];
  networking.networkmanager = {
    enable = true;
    unmanaged = [ "interface-name:ve-*" ];
  };

  # Hosts
  networking.hosts = {
    "10.3.141.1" = [ "raspberrypi.local" ];
    "10.233.1.2" = [ "searx.aristote.fr" "quentin.aristote.fr" "aristote.fr" ];
  };

  # DHCP
  networking.interfaces.enp0s31f6.useDHCP = true;
  networking.interfaces.wlp2s0.useDHCP = true;

  # NAT
  boot.kernel.sysctl = {
    "net.ipv4.ip_forward" = 1;
  };
  networking = {
    nat = {
      enable = true;
      internalInterfaces = [ "ve-+" ];
      externalInterface = "tun0";
    };
  };

  # Firewall
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [
      # Syncthing
      22000
    ];
    allowedTCPPortRanges = [
      # KDEConnect
      {
        from = 1714;
        to = 1764;
      }
    ];
    allowedUDPPorts = [
      # Syncthing
      22000
      21027
      # Wireguard
      # 51820
    ];
    allowedUDPPortRanges = [
      # KDE Connect
      {
        from = 1714;
        to = 1764;
      }
    ];
  };

  # Bluetooth
  hardware.bluetooth.enable = true;
  services.blueman.enable = true;
}