Firewall

modules/applications/weechat.nix

@@ -2,8 +2,8 @@
 let
   weechat-matrix = pkgs.weechatScripts.weechat-matrix.overrideAttrs (_: {
     src = pkgs.fetchzip {
-      url = "https://github.com/balsoft/weechat-matrix/archive/feat/enable-replies.tar.gz";
+      url = "https://github.com/myii/weechat-matrix/archive/feat/enable-replies.tar.gz";
-      sha256 = "sha256-GdUu/dfFy8bcEF2plon9/c+9zh9nqfAqKQd8cuUT4PE=";
+      sha256 = "sha256-KeTfSdwVosouJwz0aZARKdxNERmFWl96Dl1ps0kbBy4=";
     };
   });
   weechat = pkgs.weechat.override {

modules/network.nix

@@ -1,17 +1,19 @@
-{ pkgs, lib, config, ... }: {
+{ pkgs, lib, config, ... }:
+let
+  localRanges = [
+    { from = 1714; to = 1764; } # KDE connect
+    { from = 6600; to = 6600; } # Mopidy
+  ];
+in {
   networking = {
     networkmanager.enable = true;
     firewall = {
       enable = true;
       allowedTCPPorts = [ 13748 13722 5000 22 80 443 ];
-      interfaces.wlan0.allowedTCPPortRanges = [{
+      interfaces.wlan0.allowedTCPPortRanges = localRanges;
-        from = 1714;
+      interfaces.wlan0.allowedUDPPortRanges = localRanges;
-        to = 1764;
+      interfaces.eth0.allowedUDPPortRanges = localRanges;
-      }];
+      interfaces.eth0.allowedTCPPortRanges = localRanges;
-      interfaces.wlan0.allowedUDPPortRanges = [{
-        from = 1714;
-        to = 1764;
-      }];
     };
     resolvconf.extraConfig = ''
       local_nameservers=""