{ config, lib, pkgs, ... }: { # Assign a static IP networking = { hostName = "unit"; hostId = "737d82f4"; interfaces.eth0 = { useDHCP = false; ipv4.addresses = [{ address = "10.0.1.3"; prefixLength = 24; }]; }; defaultGateway = { address = "10.0.1.1"; interface = "eth0"; }; nameservers = [ "1.1.1.1" "8.8.8.8" ]; enableIPv6 = false; }; # Enable zeroconf services.avahi = { enable = true; nssmdns = true; publish = { enable = true; addresses = true; domain = true; }; }; # Firewall configuration networking.firewall = { allowedTCPPorts = [ 445 # Samba 139 # Samba 2222 # VM SSH 5000 # Sybase ]; allowedUDPPorts = [ 137 # Samba 138 # Samba 1194 # Wireguard ]; allowPing = true; }; # Enable NAT for wireguard and forward ports to sica VM networking.nat = { enable = true; externalInterface = "eth0"; internalInterfaces = [ "wg0" "br0" ]; forwardPorts = [ { destination = "192.168.122.100:22"; sourcePort = 2222; } { destination = "192.168.122.100:5000"; sourcePort = 5000; } ]; }; # Wireguard setup networking.wireguard.interfaces = { wg0 = { ips = [ "10.9.0.1/24" ]; listenPort = 1194; privateKeyFile = "/home/coace/.wg/keys/privatekey"; peers = [ # Amin { publicKey = "XMkTztU2Y8hw6Fu/2o4Gszij+EmNacvFMXuZyHS1n38="; allowedIPs = [ "10.9.0.2/32" ]; } ]; }; }; # QEMU virtual bridge networking.interfaces.br0 = { ipv4.addresses = [{ address = "192.168.122.1"; prefixLength = 24; }]; }; networking.bridges.br0.interfaces = [ ]; services.dhcpd4 = { enable = true; interfaces = [ "br0" ]; extraConfig = '' option routers 192.168.122.1; option broadcast-address 192.168.122.255; option subnet-mask 255.255.255.0; option domain-name-servers 1.1.1.1, 8.8.8.8; default-lease-time -1; max-lease-time -1; subnet 192.168.122.0 netmask 255.255.255.0 { range 192.168.122.100 192.168.122.200; } ''; }; }