Regenerated
This commit is contained in:
+444
-352
File diff suppressed because it is too large
Load Diff
+90
-16
@@ -1333,7 +1333,24 @@ in
|
||||
}
|
||||
#+END_SRC
|
||||
|
||||
** =generated/modules/traveldroid/system/avahi.nix=
|
||||
Avahi helps discovering services
|
||||
#+BEGIN_SRC nix :tangle generated/modules/traveldroid/system/avahi.nix :noweb yes :mkdirp yes :eval never
|
||||
{ ... }:
|
||||
{
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
nssmdns4 = true;
|
||||
publish = {
|
||||
enable = true;
|
||||
addresses = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
#+END_SRC
|
||||
|
||||
** =generated/modules/traveldroid/system/bluetooth.nix=
|
||||
Installing Bluetooth services and supporting aps
|
||||
#+BEGIN_SRC nix :tangle generated/modules/traveldroid/system/bluetooth.nix :noweb yes :mkdirp yes :eval never
|
||||
{ lib, config, pkgs, home-manager, ... }:
|
||||
|
||||
@@ -1353,6 +1370,7 @@ in
|
||||
#+END_SRC
|
||||
|
||||
** =generated/modules/traveldroid/system/copy_scripts.nix=
|
||||
This copies any scripts from /generated/.config/scripts to ~/.config/scripts and makes any .sh files executable.
|
||||
#+BEGIN_SRC nix :tangle generated/modules/traveldroid/system/copy_scripts.nix :noweb yes :mkdirp yes :eval never
|
||||
{ lib, config, pkgs, flakeRoot, ... }:
|
||||
let
|
||||
@@ -1411,6 +1429,78 @@ This sets the dbus implementation
|
||||
}
|
||||
#+END_SRC
|
||||
|
||||
** =generated/modules/traveldroid/system/firewall.nix=
|
||||
This sets the firewall.
|
||||
#+BEGIN_SRC nix :tangle generated/modules/traveldroid/system/firewall.nix :noweb yes :mkdirp yes :eval never
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
# Use nftables as the firewall backend
|
||||
networking.nftables.enable = true;
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
|
||||
# LAN-only ports — Wi-Fi interface
|
||||
interfaces."wlan0" = {
|
||||
allowedTCPPorts = [
|
||||
631 # CUPS / IPP network printing
|
||||
9100 # AppSocket/JetDirect printing
|
||||
6566 # SANE network scanner
|
||||
57621 # Spotify Connect
|
||||
57622 # Spotify local file sync
|
||||
];
|
||||
allowedTCPPortRanges = [
|
||||
{ from = 1714; to = 1764; } # KDE Connect
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
5353 # mDNS / Avahi (printer + device discovery)
|
||||
631 # CUPS / IPP
|
||||
67 # DHCP
|
||||
123 # NTP time sync
|
||||
1900 # UPnP device discovery
|
||||
57621 # Spotify Connect
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{ from = 1714; to = 1764; } # KDE Connect
|
||||
];
|
||||
};
|
||||
|
||||
# LAN-only ports — ethernet (ready for when you plug in)
|
||||
interfaces."enp0s31f6" = {
|
||||
allowedTCPPorts = [
|
||||
631 # CUPS / IPP network printing
|
||||
9100 # AppSocket/JetDirect printing
|
||||
6566 # SANE network scanner
|
||||
57621 # Spotify Connect
|
||||
57622 # Spotify local file sync
|
||||
];
|
||||
allowedTCPPortRanges = [
|
||||
{ from = 1714; to = 1764; } # KDE Connect
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
5353 # mDNS / Avahi (printer + device discovery)
|
||||
631 # CUPS / IPP
|
||||
67 # DHCP
|
||||
123 # NTP time sync
|
||||
1900 # UPnP device discovery
|
||||
57621 # Spotify Connect
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{ from = 1714; to = 1764; } # KDE Connect
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# Firewall management tools
|
||||
environment.systemPackages = with pkgs; [
|
||||
nixos-firewall-tool # CLI: sudo nixos-firewall-tool open tcp 8080
|
||||
firewall-config # GUI: graphical firewall manager (Wayland-compatible)
|
||||
];
|
||||
services.firewalld.enable = true;
|
||||
}
|
||||
#+END_SRC
|
||||
|
||||
** =generated/modules/traveldroid/system/gnome-keyring.nix=
|
||||
This sets the dbus implementation
|
||||
#+BEGIN_SRC nix :tangle generated/modules/traveldroid/system/gnome-keyring.nix :noweb yes :mkdirp yes :eval never
|
||||
@@ -1518,8 +1608,6 @@ This sets the networking.
|
||||
# Let DHCP be default unless overridden elsewhere
|
||||
useDHCP = lib.mkDefault true;
|
||||
|
||||
# Hostname comes from host.nix, do NOT redefine here
|
||||
|
||||
#################################
|
||||
# NetworkManager (primary stack)
|
||||
#################################
|
||||
@@ -1537,20 +1625,6 @@ This sets the networking.
|
||||
# Allow user control via NM / CLI
|
||||
settings.General.EnableNetworkConfiguration = true;
|
||||
};
|
||||
|
||||
#################################
|
||||
# Firewall
|
||||
#################################
|
||||
firewall = {
|
||||
enable = true;
|
||||
# KDE Connect support
|
||||
allowedTCPPortRanges = [
|
||||
{ from = 1714; to = 1764; }
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{ from = 1714; to = 1764; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
#################################
|
||||
|
||||
@@ -0,0 +1,12 @@
|
||||
# --- This file has been auto-generated. For permanent changes alter the appropriate block in the README.org. ---
|
||||
{ ... }:
|
||||
{
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
nssmdns4 = true;
|
||||
publish = {
|
||||
enable = true;
|
||||
addresses = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -0,0 +1,68 @@
|
||||
# --- This file has been auto-generated. For permanent changes alter the appropriate block in the README.org. ---
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
# Use nftables as the firewall backend
|
||||
networking.nftables.enable = true;
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
|
||||
# LAN-only ports — Wi-Fi interface
|
||||
interfaces."wlan0" = {
|
||||
allowedTCPPorts = [
|
||||
631 # CUPS / IPP network printing
|
||||
9100 # AppSocket/JetDirect printing
|
||||
6566 # SANE network scanner
|
||||
57621 # Spotify Connect
|
||||
57622 # Spotify local file sync
|
||||
];
|
||||
allowedTCPPortRanges = [
|
||||
{ from = 1714; to = 1764; } # KDE Connect
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
5353 # mDNS / Avahi (printer + device discovery)
|
||||
631 # CUPS / IPP
|
||||
67 # DHCP
|
||||
123 # NTP time sync
|
||||
1900 # UPnP device discovery
|
||||
57621 # Spotify Connect
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{ from = 1714; to = 1764; } # KDE Connect
|
||||
];
|
||||
};
|
||||
|
||||
# LAN-only ports — ethernet (ready for when you plug in)
|
||||
interfaces."enp0s31f6" = {
|
||||
allowedTCPPorts = [
|
||||
631 # CUPS / IPP network printing
|
||||
9100 # AppSocket/JetDirect printing
|
||||
6566 # SANE network scanner
|
||||
57621 # Spotify Connect
|
||||
57622 # Spotify local file sync
|
||||
];
|
||||
allowedTCPPortRanges = [
|
||||
{ from = 1714; to = 1764; } # KDE Connect
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
5353 # mDNS / Avahi (printer + device discovery)
|
||||
631 # CUPS / IPP
|
||||
67 # DHCP
|
||||
123 # NTP time sync
|
||||
1900 # UPnP device discovery
|
||||
57621 # Spotify Connect
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{ from = 1714; to = 1764; } # KDE Connect
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# Firewall management tools
|
||||
environment.systemPackages = with pkgs; [
|
||||
nixos-firewall-tool # CLI: sudo nixos-firewall-tool open tcp 8080
|
||||
firewall-config # GUI: graphical firewall manager (Wayland-compatible)
|
||||
];
|
||||
services.firewalld.enable = true;
|
||||
}
|
||||
@@ -9,8 +9,6 @@
|
||||
# Let DHCP be default unless overridden elsewhere
|
||||
useDHCP = lib.mkDefault true;
|
||||
|
||||
# Hostname comes from host.nix, do NOT redefine here
|
||||
|
||||
#################################
|
||||
# NetworkManager (primary stack)
|
||||
#################################
|
||||
@@ -28,20 +26,6 @@
|
||||
# Allow user control via NM / CLI
|
||||
settings.General.EnableNetworkConfiguration = true;
|
||||
};
|
||||
|
||||
#################################
|
||||
# Firewall
|
||||
#################################
|
||||
firewall = {
|
||||
enable = true;
|
||||
# KDE Connect support
|
||||
allowedTCPPortRanges = [
|
||||
{ from = 1714; to = 1764; }
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{ from = 1714; to = 1764; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
#################################
|
||||
|
||||
Reference in New Issue
Block a user