nix-config/hosts/nas/networking.nix

{ config, ... }:
let
  hostname = "jallen-nas";
  ipAddress = "10.0.1.18";
  gateway = "10.0.1.1";
  allowedPorts = [
    2342
    3493
    61208
    9090
    9000
    #    config.services.tailscale.port
    #    22
  ];
in
{
  # Networking configs enp7s0
  networking = {
    hostName = hostname;

    hostId = "4b501480";

    # Enable Network Manager
    networkmanager.enable = false;

    interfaces = {
      wlp6s0 = {
        useDHCP = false;
        ipv4.addresses = [
          {
            address = ipAddress;
            prefixLength = 24;
          }
        ];
      };

      # br0 = {
      #   useDHCP = false;
      #   ipv4.addresses = [
      #     {
      #       address = ipAddress;
      #       prefixLength = 24;
      #     }
      #   ];
      # };
    };

    # bridges = {
    #   br0 = {
    #     interfaces = [ "wlp6s0" ];
    #   };
    # };

    defaultGateway.address = gateway;
    nameservers = [ gateway ];

    wireless = {
      enable = true;
      secretsFile = config.sops.secrets."wifi".path;
      networks = {
        "Joey's Jungle 5G" = {
          pskRaw = "ext:PSK";
        };
      };
    };

    firewall = {
      enable = true;
      allowPing = true;
      extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed?
      allowedTCPPorts = allowedPorts;
      allowedUDPPorts = allowedPorts;

      # always allow traffic from your Tailscale network
      trustedInterfaces = [ "tailscale0" ];
    };

    # nat = {
    #   enable = true;
    #   internalInterfaces = ["ve-+"];
    #   externalInterface = "wlp9s0";
    #   # Lazy IPv6 connectivity for the container
    #   enableIPv6 = true;
    # };
  };
}