First commit

2026-02-22 17:28:02 +01:00
parent 7a70268785
commit 6bacf1878e
9011 changed files with 114470 additions and 0 deletions
@@ -0,0 +1,29 @@
+{ config, lib, pkgs, ... }:
+let
+  moduleName = "nixos-networking";
+in
+{
+  networking.nftables.enable = true;
+
+  networking.firewall = {
+    enable = true;
+
+    # Default: no inbound open ports
+    allowedTCPPorts = [ ];
+    allowedUDPPorts = [ ];
+
+    # Home-only exceptions (nftables syntax)
+    extraInputRules = ''
+      # KDE Connect (TCP/UDP 1714-1764) from home LAN
+      ip saddr 192.168.2.0/24 tcp dport 1714-1764 accept
+      ip saddr 192.168.2.0/24 udp dport 1714-1764 accept
+
+      # mDNS / Avahi for printer discovery (UDP 5353) from home LAN
+      ip saddr 192.168.2.0/24 udp dport 5353 accept
+    '';
+  };
+
+  networking.networkmanager.enable = true;
+  services.openssh.enable = true;
+  environment.etc."nixlog/loaded.${moduleName}".text = "loaded\n";
+}