Regenerated

Droidnix/README.org

@@ -1333,7 +1333,24 @@ in
 }
 #+END_SRC
 
+** =generated/modules/traveldroid/system/avahi.nix=
+Avahi helps discovering services
+#+BEGIN_SRC nix :tangle generated/modules/traveldroid/system/avahi.nix  :noweb yes :mkdirp yes :eval never
+{ ... }:
+{
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    publish = {
+      enable = true;
+      addresses = true;
+    };
+  };
+}
+#+END_SRC
+
 ** =generated/modules/traveldroid/system/bluetooth.nix=
+Installing Bluetooth services and supporting aps
 #+BEGIN_SRC nix :tangle generated/modules/traveldroid/system/bluetooth.nix  :noweb yes :mkdirp yes :eval never
 { lib, config, pkgs, home-manager, ... }:
 
@@ -1353,6 +1370,7 @@ in
 #+END_SRC
 
 ** =generated/modules/traveldroid/system/copy_scripts.nix=
+This copies any scripts from /generated/.config/scripts to ~/.config/scripts and makes any .sh files executable.
 #+BEGIN_SRC nix :tangle generated/modules/traveldroid/system/copy_scripts.nix  :noweb yes :mkdirp yes :eval never
 { lib, config, pkgs, flakeRoot, ... }:
 let
@@ -1411,6 +1429,78 @@ This sets the dbus implementation
 }
 #+END_SRC
 
+** =generated/modules/traveldroid/system/firewall.nix=
+This sets the firewall.
+#+BEGIN_SRC nix :tangle generated/modules/traveldroid/system/firewall.nix :noweb yes :mkdirp yes :eval never
+{ pkgs, ... }:
+
+{
+  # Use nftables as the firewall backend
+  networking.nftables.enable = true;
+
+  networking.firewall = {
+    enable = true;
+
+    # LAN-only ports — Wi-Fi interface
+    interfaces."wlan0" = {
+      allowedTCPPorts = [
+        631    # CUPS / IPP network printing
+        9100   # AppSocket/JetDirect printing
+        6566   # SANE network scanner
+        57621  # Spotify Connect
+        57622  # Spotify local file sync
+      ];
+      allowedTCPPortRanges = [
+        { from = 1714; to = 1764; }  # KDE Connect
+      ];
+      allowedUDPPorts = [
+        5353   # mDNS / Avahi (printer + device discovery)
+        631    # CUPS / IPP
+        67     # DHCP
+        123    # NTP time sync
+        1900   # UPnP device discovery
+        57621  # Spotify Connect
+      ];
+      allowedUDPPortRanges = [
+        { from = 1714; to = 1764; }  # KDE Connect
+      ];
+    };
+
+    # LAN-only ports — ethernet (ready for when you plug in)
+    interfaces."enp0s31f6" = {
+      allowedTCPPorts = [
+        631    # CUPS / IPP network printing
+        9100   # AppSocket/JetDirect printing
+        6566   # SANE network scanner
+        57621  # Spotify Connect
+        57622  # Spotify local file sync
+      ];
+      allowedTCPPortRanges = [
+        { from = 1714; to = 1764; }  # KDE Connect
+      ];
+      allowedUDPPorts = [
+        5353   # mDNS / Avahi (printer + device discovery)
+        631    # CUPS / IPP
+        67     # DHCP
+        123    # NTP time sync
+        1900   # UPnP device discovery
+        57621  # Spotify Connect
+      ];
+      allowedUDPPortRanges = [
+        { from = 1714; to = 1764; }  # KDE Connect
+      ];
+    };
+  };
+
+  # Firewall management tools
+  environment.systemPackages = with pkgs; [
+    nixos-firewall-tool  # CLI: sudo nixos-firewall-tool open tcp 8080
+    firewall-config      # GUI: graphical firewall manager (Wayland-compatible)
+  ];
+  services.firewalld.enable = true;
+}
+#+END_SRC
+
 ** =generated/modules/traveldroid/system/gnome-keyring.nix=
 This sets the dbus implementation
 #+BEGIN_SRC nix :tangle generated/modules/traveldroid/system/gnome-keyring.nix :noweb yes :mkdirp yes :eval never
@@ -1518,8 +1608,6 @@ This sets the networking.
     # Let DHCP be default unless overridden elsewhere
     useDHCP = lib.mkDefault true;
 
-    # Hostname comes from host.nix, do NOT redefine here
-
     #################################
     # NetworkManager (primary stack)
     #################################
@@ -1537,20 +1625,6 @@ This sets the networking.
       # Allow user control via NM / CLI
       settings.General.EnableNetworkConfiguration = true;
     };
-
-    #################################
-    # Firewall
-    #################################
-    firewall = {
-      enable = true;
-      # KDE Connect support
-      allowedTCPPortRanges = [
-        { from = 1714; to = 1764; }
-      ];
-      allowedUDPPortRanges = [
-        { from = 1714; to = 1764; }
-      ];
-    };
   };
 
   #################################

Droidnix/generated/modules/traveldroid/system/avahi.nix

@@ -0,0 +1,12 @@
+# --- This file has been auto-generated. For permanent changes alter the appropriate block in the README.org. ---
+{ ... }:
+{
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    publish = {
+      enable = true;
+      addresses = true;
+    };
+  };
+}

Droidnix/generated/modules/traveldroid/system/firewall.nix

@@ -0,0 +1,68 @@
+# --- This file has been auto-generated. For permanent changes alter the appropriate block in the README.org. ---
+{ pkgs, ... }:
+
+{
+  # Use nftables as the firewall backend
+  networking.nftables.enable = true;
+
+  networking.firewall = {
+    enable = true;
+
+    # LAN-only ports — Wi-Fi interface
+    interfaces."wlan0" = {
+      allowedTCPPorts = [
+        631    # CUPS / IPP network printing
+        9100   # AppSocket/JetDirect printing
+        6566   # SANE network scanner
+        57621  # Spotify Connect
+        57622  # Spotify local file sync
+      ];
+      allowedTCPPortRanges = [
+        { from = 1714; to = 1764; }  # KDE Connect
+      ];
+      allowedUDPPorts = [
+        5353   # mDNS / Avahi (printer + device discovery)
+        631    # CUPS / IPP
+        67     # DHCP
+        123    # NTP time sync
+        1900   # UPnP device discovery
+        57621  # Spotify Connect
+      ];
+      allowedUDPPortRanges = [
+        { from = 1714; to = 1764; }  # KDE Connect
+      ];
+    };
+
+    # LAN-only ports — ethernet (ready for when you plug in)
+    interfaces."enp0s31f6" = {
+      allowedTCPPorts = [
+        631    # CUPS / IPP network printing
+        9100   # AppSocket/JetDirect printing
+        6566   # SANE network scanner
+        57621  # Spotify Connect
+        57622  # Spotify local file sync
+      ];
+      allowedTCPPortRanges = [
+        { from = 1714; to = 1764; }  # KDE Connect
+      ];
+      allowedUDPPorts = [
+        5353   # mDNS / Avahi (printer + device discovery)
+        631    # CUPS / IPP
+        67     # DHCP
+        123    # NTP time sync
+        1900   # UPnP device discovery
+        57621  # Spotify Connect
+      ];
+      allowedUDPPortRanges = [
+        { from = 1714; to = 1764; }  # KDE Connect
+      ];
+    };
+  };
+
+  # Firewall management tools
+  environment.systemPackages = with pkgs; [
+    nixos-firewall-tool  # CLI: sudo nixos-firewall-tool open tcp 8080
+    firewall-config      # GUI: graphical firewall manager (Wayland-compatible)
+  ];
+  services.firewalld.enable = true;
+}

Droidnix/generated/modules/traveldroid/system/networking.nix

@@ -9,8 +9,6 @@
     # Let DHCP be default unless overridden elsewhere
     useDHCP = lib.mkDefault true;
 
-    # Hostname comes from host.nix, do NOT redefine here
-
     #################################
     # NetworkManager (primary stack)
     #################################
@@ -28,20 +26,6 @@
       # Allow user control via NM / CLI
       settings.General.EnableNetworkConfiguration = true;
     };
-
-    #################################
-    # Firewall
-    #################################
-    firewall = {
-      enable = true;
-      # KDE Connect support
-      allowedTCPPortRanges = [
-        { from = 1714; to = 1764; }
-      ];
-      allowedUDPPortRanges = [
-        { from = 1714; to = 1764; }
-      ];
-    };
   };
 
   #################################