{ config, lib, pkgs, ... }: { # Assign a static IP networking = { hostName = "unit"; hostId = "737d82f4"; interfaces.eth0 = { useDHCP = false; ipv4.addresses = [{ address = "10.0.1.3"; prefixLength = 24; }]; }; defaultGateway = { address = "10.0.1.1"; interface = "eth0"; }; nameservers = [ "1.1.1.1" "8.8.8.8" ]; enableIPv6 = false; }; # Enable zeroconf services.avahi = { enable = true; nssmdns = true; publish = { enable = true; userServices = true; domain = true; workstation = true; }; reflector = true; }; # Firewall configuration networking.firewall = { allowedTCPPorts = [ 445 # Samba 139 # Samba ]; allowedUDPPorts = [ 137 # Samba 138 # Samba 1194 # Wireguard ]; extraCommands = '' iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -o eth0 -j MASQUERADE ''; }; # Enable NAT for wireguard networking.nat = { enable = true; externalInterface = "eth0"; internalInterfaces = [ "wg0" ]; }; # Wireguard setup networking.wireguard.interfaces = { wg0 = { ips = [ "10.9.0.1/24" ]; listenPort = 1194; privateKeyFile = "/home/coace/.wg/keys/privatekey"; peers = [ # Amin { # Placeholder public key publicKey = "XMkTztU2Y8hw6Fu/2o4Gszij+EmNacvFMXuZyHS1n38="; allowedIPs = [ "10.9.0.2/32" ]; } # Fernando { # Placeholder public key publicKey = "XMkTztU2Y8hw6Fu/2o4Gszij+EmNacvFMXuZyHS1n38="; allowedIPs = [ "10.9.0.3/32" ]; } ]; }; }; }