{ config, ... }: let hostname = "jallen-nas"; ipAddress = "10.0.1.18"; gateway = "10.0.1.1"; allowedPorts = [ 2342 3493 61208 9090 9000 # config.services.tailscale.port # 22 ]; in { # Networking configs wlp7s0 networking = { hostName = hostname; hostId = "4b501480"; # Enable Network Manager networkmanager.enable = false; interfaces = { wlp6s0 = { useDHCP = true; ipv4.addresses = [ { address = ipAddress; prefixLength = 24; } ]; }; # br0 = { # useDHCP = false; # ipv4.addresses = [ # { # address = ipAddress; # prefixLength = 24; # } # ]; # }; }; # bridges = { # br0 = { # interfaces = [ "wlp6s0" ]; # }; # }; defaultGateway.address = gateway; nameservers = [ gateway ]; wireless = { enable = true; userControlled.enable = true; secretsFile = config.sops.secrets."wifi".path; allowAuxiliaryImperativeNetworks = true; interfaces = [ "wlp6s0" ]; networks = { "Joey's Jungle 6G" = { # pskRaw = "ext:PSK"; # priority = 1000; psk = "kR8v&3Qd"; extraConfig = '' key_mgmt=SAE ieee80211w=2 ''; }; # "Joey's Jungle 5G" = { # pskRaw = "ext:PSK"; # priority = 1; # }; }; }; firewall = { enable = true; allowPing = true; extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed? allowedTCPPorts = allowedPorts; allowedUDPPorts = allowedPorts; # always allow traffic from your Tailscale network trustedInterfaces = [ "tailscale0" ]; }; # nat = { # enable = true; # internalInterfaces = ["ve-+"]; # externalInterface = "wlp9s0"; # # Lazy IPv6 connectivity for the container # enableIPv6 = true; # }; }; }