Regenerated
This commit is contained in:
@@ -0,0 +1,12 @@
|
||||
# --- This file has been auto-generated. For permanent changes alter the appropriate block in the README.org. ---
|
||||
{ ... }:
|
||||
{
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
nssmdns4 = true;
|
||||
publish = {
|
||||
enable = true;
|
||||
addresses = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -0,0 +1,68 @@
|
||||
# --- This file has been auto-generated. For permanent changes alter the appropriate block in the README.org. ---
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
# Use nftables as the firewall backend
|
||||
networking.nftables.enable = true;
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
|
||||
# LAN-only ports — Wi-Fi interface
|
||||
interfaces."wlan0" = {
|
||||
allowedTCPPorts = [
|
||||
631 # CUPS / IPP network printing
|
||||
9100 # AppSocket/JetDirect printing
|
||||
6566 # SANE network scanner
|
||||
57621 # Spotify Connect
|
||||
57622 # Spotify local file sync
|
||||
];
|
||||
allowedTCPPortRanges = [
|
||||
{ from = 1714; to = 1764; } # KDE Connect
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
5353 # mDNS / Avahi (printer + device discovery)
|
||||
631 # CUPS / IPP
|
||||
67 # DHCP
|
||||
123 # NTP time sync
|
||||
1900 # UPnP device discovery
|
||||
57621 # Spotify Connect
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{ from = 1714; to = 1764; } # KDE Connect
|
||||
];
|
||||
};
|
||||
|
||||
# LAN-only ports — ethernet (ready for when you plug in)
|
||||
interfaces."enp0s31f6" = {
|
||||
allowedTCPPorts = [
|
||||
631 # CUPS / IPP network printing
|
||||
9100 # AppSocket/JetDirect printing
|
||||
6566 # SANE network scanner
|
||||
57621 # Spotify Connect
|
||||
57622 # Spotify local file sync
|
||||
];
|
||||
allowedTCPPortRanges = [
|
||||
{ from = 1714; to = 1764; } # KDE Connect
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
5353 # mDNS / Avahi (printer + device discovery)
|
||||
631 # CUPS / IPP
|
||||
67 # DHCP
|
||||
123 # NTP time sync
|
||||
1900 # UPnP device discovery
|
||||
57621 # Spotify Connect
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{ from = 1714; to = 1764; } # KDE Connect
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# Firewall management tools
|
||||
environment.systemPackages = with pkgs; [
|
||||
nixos-firewall-tool # CLI: sudo nixos-firewall-tool open tcp 8080
|
||||
firewall-config # GUI: graphical firewall manager (Wayland-compatible)
|
||||
];
|
||||
services.firewalld.enable = true;
|
||||
}
|
||||
@@ -9,8 +9,6 @@
|
||||
# Let DHCP be default unless overridden elsewhere
|
||||
useDHCP = lib.mkDefault true;
|
||||
|
||||
# Hostname comes from host.nix, do NOT redefine here
|
||||
|
||||
#################################
|
||||
# NetworkManager (primary stack)
|
||||
#################################
|
||||
@@ -28,20 +26,6 @@
|
||||
# Allow user control via NM / CLI
|
||||
settings.General.EnableNetworkConfiguration = true;
|
||||
};
|
||||
|
||||
#################################
|
||||
# Firewall
|
||||
#################################
|
||||
firewall = {
|
||||
enable = true;
|
||||
# KDE Connect support
|
||||
allowedTCPPortRanges = [
|
||||
{ from = 1714; to = 1764; }
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{ from = 1714; to = 1764; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
#################################
|
||||
|
||||
Reference in New Issue
Block a user