{ lib, ... }: let ports = import ../Cloud/Ports.nix; in { networking = { nameservers = [ "1.1.1.1" ]; hostName = "lithium"; hosts = { "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; }; firewall = { allowedTCPPorts = [ ports.bitcoind ports.delugeWeb ports.et ports.gemini ports.git ports.http ports.https ports.jellyfin ports.jupyter ports.k3s ports.mpd ports.mpd-stream ports.murmur ports.radicale ports.sabten ports.ssh ports.tor ]; allowedTCPPortRanges = [ ports.torrents ports.httpdev ]; allowedUDPPorts = [ ports.dns ports.et ports.murmur ]; allowedUDPPortRanges = [ ports.torrents ]; checkReversePath = false; #extraCommands = lib.mkMerge [ (lib.mkAfter '' # iptables -w -t filter -A nixos-fw -s 192.168.0.0/24 -p udp --dport 53 -i enp1s0 -j nixos-fw-accept # iptables -w -t filter -A nixos-fw -s 192.168.0.0/24 -p tcp --dport 53 -i enp1s0 -j nixos-fw-accept #'') ]; }; # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. useDHCP = false; interfaces.enp2s0.useDHCP = true; }; }