From b310c0306a64a568f122d88116e4827eab23e512 Mon Sep 17 00:00:00 2001 From: kat witch Date: Sun, 4 Jul 2021 21:50:13 +0100 Subject: [PATCH] Source cleanups and renaming. Module inhousing & changes. --- default.nix | 2 +- hosts/athame/nixos/default.nix | 6 +- hosts/dummy/nixos/default.nix | 2 +- hosts/ostara/nixos/default.nix | 4 +- hosts/samhain/nixos/default.nix | 8 +- hosts/samhain/nixos/jellyfin.nix | 4 +- hosts/samhain/nixos/virtualhosts.nix | 4 +- hosts/yule/nixos/default.nix | 4 +- modules/home/default.nix | 2 +- modules/nixos/default.nix | 8 +- .../{katnet => fw-abstraction}/default.nix | 4 +- modules/nixos/nftables/default.nix | 134 ++++++++++++++++++ nix/sources.json | 71 ++-------- pkgs/default.nix | 18 +-- ...-enable-omemo-by-default-in-new-conv.patch | 115 +++++++++++++++ profiles/common/net.nix | 2 +- profiles/common/nix.nix | 10 +- profiles/common/ssh.nix | 4 +- profiles/gui/mpd.nix | 4 +- services/asterisk.nix | 8 +- services/loki.nix | 2 +- services/murmur.nix | 4 +- services/netdata.nix | 2 +- services/nginx.nix | 4 +- services/node-exporter.nix | 2 +- services/syncplay.nix | 2 +- services/taskserver.nix | 2 +- services/xmpp.nix | 2 +- 28 files changed, 315 insertions(+), 119 deletions(-) rename modules/nixos/{katnet => fw-abstraction}/default.nix (97%) create mode 100644 modules/nixos/nftables/default.nix create mode 100644 pkgs/dino/0001-add-an-option-to-enable-omemo-by-default-in-new-conv.patch diff --git a/default.nix b/default.nix index f5393170..034997f3 100644 --- a/default.nix +++ b/default.nix @@ -25,7 +25,7 @@ rec { sources2drvs = sources: mapAttrs (_: source2drv) (getSources sources); in recurseIntoAttrs rec { local = sources2drvs sources; - hexchen = sources2drvs (import sources.nix-hexchen {}).sources; + hexchen = sources2drvs (import sources.hexchen {}).sources; all = attrValues local ++ attrValues hexchen; allStr = toString all; }; diff --git a/hosts/athame/nixos/default.nix b/hosts/athame/nixos/default.nix index b779c2d8..bc2bb384 100644 --- a/hosts/athame/nixos/default.nix +++ b/hosts/athame/nixos/default.nix @@ -58,10 +58,10 @@ with lib; interface = "enp1s0"; }; - katnet.public.interfaces = singleton "enp1s0"; - katnet.private.interfaces = singleton "hexnet"; + kw.fw.public.interfaces = singleton "enp1s0"; + kw.fw.private.interfaces = singleton "hexnet"; - katnet.public.tcp.ports = singleton 52969; + kw.fw.public.tcp.ports = singleton 52969; deploy.tf.dns.records.kittywitch_athame_v6 = { tld = "kittywit.ch."; diff --git a/hosts/dummy/nixos/default.nix b/hosts/dummy/nixos/default.nix index c6ce0909..b4f7c411 100644 --- a/hosts/dummy/nixos/default.nix +++ b/hosts/dummy/nixos/default.nix @@ -3,7 +3,7 @@ with lib; let - hexchen = (import sources.nix-hexchen) { }; + hexchen = (import sources.hexchen) { }; hexYgg = filterAttrs (_: c: c.enable) (mapAttrs (_: host: host.config.hexchen.network) hexchen.hosts); in diff --git a/hosts/ostara/nixos/default.nix b/hosts/ostara/nixos/default.nix index 6993e147..c8bcd7a7 100644 --- a/hosts/ostara/nixos/default.nix +++ b/hosts/ostara/nixos/default.nix @@ -18,9 +18,9 @@ with lib; networking.interfaces.enp1s0.useDHCP = true; networking.interfaces.wlp2s0.useDHCP = true; - katnet.public.interfaces = singleton "wlp2s0"; + kw.fw.public.interfaces = singleton "wlp2s0"; - katnet.public.tcp.ports = [ 9981 9982 ]; + kw.fw.public.tcp.ports = [ 9981 9982 ]; hardware.firmware = [ pkgs.libreelec-dvb-firmware ]; diff --git a/hosts/samhain/nixos/default.nix b/hosts/samhain/nixos/default.nix index 6e602f7d..fe28f788 100644 --- a/hosts/samhain/nixos/default.nix +++ b/hosts/samhain/nixos/default.nix @@ -3,7 +3,7 @@ with lib; let - hexchen = (import sources.nix-hexchen) { }; + hexchen = (import sources.hexchen) { }; hexYgg = filterAttrs (_: c: c.enable) (mapAttrs (_: host: host.config.hexchen.network) hexchen.hosts); in @@ -71,14 +71,14 @@ in # package = pkgs.ckb-next; #}; - katnet.private.interfaces = singleton "hexnet"; - katnet.public.interfaces = singleton "br"; + kw.fw.private.interfaces = singleton "hexnet"; + kw.fw.public.interfaces = singleton "br"; hardware.openrazer = { enable = true; }; - katnet.private.tcp.ports = [ 10445 ]; + kw.fw.private.tcp.ports = [ 10445 ]; systemd.timers.kat-glauca-dns = { timerConfig = { diff --git a/hosts/samhain/nixos/jellyfin.nix b/hosts/samhain/nixos/jellyfin.nix index cee2bf61..0b0c777c 100644 --- a/hosts/samhain/nixos/jellyfin.nix +++ b/hosts/samhain/nixos/jellyfin.nix @@ -1,12 +1,12 @@ { config, lib, pkgs, ... }: { - katnet.public.tcp.ranges = [{ + kw.fw.public.tcp.ranges = [{ from = 32768; to = 60999; }]; - katnet.private.tcp.ranges = [{ + kw.fw.private.tcp.ranges = [{ from = 32768; to = 60999; }]; diff --git a/hosts/samhain/nixos/virtualhosts.nix b/hosts/samhain/nixos/virtualhosts.nix index fb77bd95..0a44d341 100644 --- a/hosts/samhain/nixos/virtualhosts.nix +++ b/hosts/samhain/nixos/virtualhosts.nix @@ -3,8 +3,8 @@ with lib; { - katnet.private.tcp.ports = singleton 1935; - katnet.public.tcp.ports = singleton 1935; + kw.fw.private.tcp.ports = singleton 1935; + kw.fw.public.tcp.ports = singleton 1935; services.nginx.virtualHosts = { "samhain.net.kittywit.ch" = { diff --git a/hosts/yule/nixos/default.nix b/hosts/yule/nixos/default.nix index 4b5392ea..2227b83c 100644 --- a/hosts/yule/nixos/default.nix +++ b/hosts/yule/nixos/default.nix @@ -25,8 +25,8 @@ with lib; boot.loader.efi.canTouchEfiVariables = true; boot.supportedFilesystems = [ "zfs" ]; - katnet.private.interfaces = singleton "hexnet"; - katnet.public.interfaces = [ "enp1s0" "wlp2s0" ]; + kw.fw.private.interfaces = singleton "hexnet"; + kw.fw.public.interfaces = [ "enp1s0" "wlp2s0" ]; networking.hostId = "dddbb888"; networking.hostName = "yule"; diff --git a/modules/home/default.nix b/modules/home/default.nix index 07b4b294..2c36e19b 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -2,7 +2,7 @@ { disabledModules = [ "programs/vim.nix" ]; - imports = with (import (sources.arc-nixexprs + "/modules")).home-manager; [ base16 syncplay konawall i3gopher weechat shell ] ++ [ + imports = with (import (sources.nixexprs + "/modules")).home-manager; [ base16 syncplay konawall i3gopher weechat shell ] ++ [ ./vim.nix ./deploy-tf (sources.tf-nix + "/modules/home/secrets.nix") diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index a41668b1..b991674f 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1,15 +1,13 @@ { sources, lib, ... }: -let hexchen = (import sources.nix-hexchen) { }; -in { imports = [ - ./katnet + ./nftables + ./fw-abstraction ./deploy-tf - (sources.pbb-nixfiles + "/modules/nftables") (sources.tf-nix + "/modules/nixos/secrets.nix") (sources.tf-nix + "/modules/nixos/secrets-users.nix") - hexchen.modules.hexnet + (sources.hexchen + "/modules/hexnet") ]; # stubs for hexchens modules, until more generalized diff --git a/modules/nixos/katnet/default.nix b/modules/nixos/fw-abstraction/default.nix similarity index 97% rename from modules/nixos/katnet/default.nix rename to modules/nixos/fw-abstraction/default.nix index cc4af4ef..df6bdc1c 100644 --- a/modules/nixos/katnet/default.nix +++ b/modules/nixos/fw-abstraction/default.nix @@ -2,10 +2,10 @@ with lib; -let cfg = config.katnet; +let cfg = config.kw.fw; in { - options.katnet = { + options.kw.fw = { public.tcp.ports = mkOption { type = types.listOf types.port; default = [ ]; diff --git a/modules/nixos/nftables/default.nix b/modules/nixos/nftables/default.nix new file mode 100644 index 00000000..d30656c3 --- /dev/null +++ b/modules/nixos/nftables/default.nix @@ -0,0 +1,134 @@ +{ pkgs, lib, config, modulesPath, ... }: + +let + fwcfg = config.networking.firewall; + cfg = config.kw.nftables; + + doDocker = config.virtualisation.docker.enable && cfg.generateDockerRules; + + mkPorts = cond: ports: ranges: action: let + portStrings = (map (range: "${toString range.from}-${toString range.to}") ranges) + ++ (map toString ports); + in lib.optionalString (portStrings != []) '' + ${cond} dport { ${lib.concatStringsSep ", " portStrings} } ${action} + ''; + + ruleset = '' + table inet filter { + chain input { + type filter hook input priority filter + policy ${cfg.inputPolicy} + + icmpv6 type { echo-request, echo-reply, mld-listener-query, mld-listener-report, mld-listener-done, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, packet-too-big } accept + icmp type echo-request accept + + ct state invalid drop + ct state established,related accept + + iifname { ${ + lib.concatStringsSep "," (["lo"] ++ fwcfg.trustedInterfaces) + } } accept + + ${mkPorts "tcp" fwcfg.allowedTCPPorts fwcfg.allowedTCPPortRanges "accept"} + ${mkPorts "udp" fwcfg.allowedUDPPorts fwcfg.allowedUDPPortRanges "accept"} + + ${ + lib.concatStringsSep "\n" (lib.mapAttrsToList (name: ifcfg: + mkPorts "iifname ${name} tcp" ifcfg.allowedTCPPorts ifcfg.allowedTCPPortRanges "accept" + + mkPorts "iifname ${name} udp" ifcfg.allowedUDPPorts ifcfg.allowedUDPPortRanges "accept" + ) fwcfg.interfaces) + } + + # DHCPv6 + ip6 daddr fe80::/64 udp dport 546 accept + + ${cfg.extraInput} + + counter + } + chain output { + type filter hook output priority filter + policy ${cfg.outputPolicy} + + ${cfg.extraOutput} + + counter + } + chain forward { + type filter hook forward priority filter + policy ${cfg.forwardPolicy} + + ${lib.optionalString doDocker '' + oifname docker0 ct state invalid drop + oifname docker0 ct state established,related accept + iifname docker0 accept + ''} + + ${cfg.extraForward} + + counter + } + } + ${lib.optionalString doDocker '' + table ip nat { + chain docker-postrouting { + type nat hook postrouting priority 10 + iifname docker0 masquerade + } + } + ''} + ${cfg.extraConfig} + ''; + +in { + options = with lib; { + kw.nftables = { + enable = mkEnableOption "nftables firewall"; + + extraConfig = mkOption { + type = types.lines; + default = ""; + }; + extraInput = mkOption { + type = types.lines; + default = ""; + }; + extraOutput = mkOption { + type = types.lines; + default = ""; + }; + extraForward = mkOption { + type = types.lines; + default = ""; + }; + inputPolicy = mkOption { + type = types.str; + default = "drop"; + }; + outputPolicy = mkOption { + type = types.str; + default = "accept"; + }; + forwardPolicy = mkOption { + type = types.str; + default = "accept"; + }; + generateDockerRules = mkOption { + type = types.bool; + default = true; + }; + }; + }; + + config = lib.mkIf cfg.enable { + networking.firewall.enable = false; + networking.nftables = { + enable = true; + inherit ruleset; + }; + + virtualisation.docker = lib.mkIf doDocker { + extraOptions = "--iptables=false"; + }; + }; +} diff --git a/nix/sources.json b/nix/sources.json index c06ed598..4a346e85 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -1,17 +1,17 @@ { - "NUR": { + "nur": { "branch": "master", "description": "Nix User Repository: User contributed nix packages [maintainer=@Mic92]", "homepage": "https://nur.nix-community.org/", "owner": "nix-community", "repo": "NUR", - "rev": "d7fdf23eec6d5d1907b6977936da5088d9cd0332", - "sha256": "0m4mcalws6255pllmjkmf853i34p0xw3kziaw6rbn6rpv7bsnada", + "rev": "12bc6855f2b7e0b6402d9f26fa6bf11ed63a274a", + "sha256": "00dhqz93kfmhb1qsqfrfsrlnw459czinqq8fqbfnh3jppjv4gskf", "type": "tarball", - "url": "https://github.com/nix-community/NUR/archive/d7fdf23eec6d5d1907b6977936da5088d9cd0332.tar.gz", + "url": "https://github.com/nix-community/NUR/archive/12bc6855f2b7e0b6402d9f26fa6bf11ed63a274a.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, - "arc-nixexprs": { + "nixexprs": { "branch": "master", "description": "nix stuff", "homepage": null, @@ -41,10 +41,10 @@ "homepage": "https://nix-community.github.io/home-manager/", "owner": "nix-community", "repo": "home-manager", - "rev": "7df6656b113ce0d39c8b7d30915cafe046e1d64e", - "sha256": "0dxiicyiw53k3gqbv2k9ajnsghq1a8ln741hx5msa45zdg1r6ci3", + "rev": "ac319fd3149b23a3ad8ee24cb2def6e67acf194c", + "sha256": "0yicwddxlp5bzaklmjfglm5y5xiyqrp4mg70g5x49832nvwclw2s", "type": "tarball", - "url": "https://github.com/nix-community/home-manager/archive/7df6656b113ce0d39c8b7d30915cafe046e1d64e.tar.gz", + "url": "https://github.com/nix-community/home-manager/archive/ac319fd3149b23a3ad8ee24cb2def6e67acf194c.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "niv": { @@ -59,19 +59,7 @@ "url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, - "nix-doom-emacs": { - "branch": "master", - "description": "doom-emacs packaged for Nix", - "homepage": "", - "owner": "vlaci", - "repo": "nix-doom-emacs", - "rev": "71a2ea289967ca81708a1b4820c6e6a8361fca0a", - "sha256": "1gq62yi9q40sdcna83b7ghjm1il91vgl7s0gd0j06y7mwprg1za3", - "type": "tarball", - "url": "https://github.com/vlaci/nix-doom-emacs/archive/71a2ea289967ca81708a1b4820c6e6a8361fca0a.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" - }, - "nix-hexchen": { + "hexchen": { "branch": "main", "description": "A cutie's nixfiles", "homepage": "", @@ -99,10 +87,10 @@ "homepage": "", "owner": "nixos", "repo": "nixpkgs", - "rev": "3a8d7958a610cd3fec3a6f424480f91a1b259185", - "sha256": "0bmxrdn9sn6mxvkyyxdlxlzczfh59iy66c55ql144ilc1cjk28is", + "rev": "09c38c29f2c719cd76ca17a596c2fdac9e186ceb", + "sha256": "0i6kcs0zxwfaflcg6wfkwcinfnilkxlb6ad29v01bkhg6asl6ihf", "type": "tarball", - "url": "https://github.com/nixos/nixpkgs/archive/3a8d7958a610cd3fec3a6f424480f91a1b259185.tar.gz", + "url": "https://github.com/nixos/nixpkgs/archive/09c38c29f2c719cd76ca17a596c2fdac9e186ceb.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgs-mozilla": { @@ -117,41 +105,6 @@ "url": "https://github.com/mozilla/nixpkgs-mozilla/archive/3f3fba4e2066f28a1ad7ac60e86a688a92eb5b5f.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, - "nixpkgs-unstable": { - "branch": "nixos-unstable-small", - "description": "Nix Packages collection", - "homepage": "", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "d8079260a3028ae3221d7a5467443ee3a9edd2b8", - "sha256": "0xjcji6z00i49xaanf193n3kr34m4if6qg9npcnh30acv8gx9krk", - "type": "tarball", - "url": "https://github.com/nixos/nixpkgs/archive/d8079260a3028ae3221d7a5467443ee3a9edd2b8.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" - }, - "pbb-nixfiles": { - "branch": "main", - "builtin": false, - "description": "why does this infrastructure keep going down? i'm dead inside", - "homepage": "", - "ref": "main", - "repo": "https://git.petabyte.dev/petabyteboy/nixfiles", - "rev": "ce2d8bbb9eaf1bbc9bd00cb60bf633ecbae86415", - "sha256": "023frlq7kdvqkwdhxdbcg9c065lqy89gblwvqxk5yjcxhx23scy3", - "type": "tarball", - "url": "https://git.petabyte.dev/petabyteboy/nixfiles/archive/ce2d8bbb9eaf1bbc9bd00cb60bf633ecbae86415.tar.gz", - "url_template": "/archive/.tar.gz" - }, - "qyliss-nixlib": { - "branch": "master", - "builtin": false, - "repo": "https://git.qyliss.net/nixlib", - "rev": "7c0f1ac9c9cacff84ca6473bdc83eea78aaac1da", - "sha256": "1x7gh7lz50i0cs2g1gfnhlkx7vm5b9jcarx650x037whsk7gdvkl", - "type": "tarball", - "url": "https://git.qyliss.net/nixlib/snapshot/nixlib-7c0f1ac9c9cacff84ca6473bdc83eea78aaac1da.tar.gz", - "url_template": "https://git.qyliss.net/nixlib/snapshot/nixlib-.tar.gz" - }, "tf-nix": { "branch": "master", "description": "terraform meets nix", diff --git a/pkgs/default.nix b/pkgs/default.nix index 07836cb0..15b9cd02 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -4,11 +4,13 @@ let pkgs = import sources.nixpkgs { inherit config; }; overlay = self: super: rec { - - dino = - super.callPackage "${sources.qyliss-nixlib}/overlays/patches/dino" { - inherit (super) dino; - }; + dino = super.dino.overrideAttrs ( + { patches ? [], ... }: { + patches = patches ++ [ + ./dino/0001-add-an-option-to-enable-omemo-by-default-in-new-conv.patch + ]; + } + ); discord = super.discord.override { nss = self.nss; }; @@ -21,9 +23,7 @@ let notmuch = super.callPackage ./notmuch { inherit (super) notmuch; }; - unstable = import sources.nixpkgs-unstable { inherit (self) config; }; - - nur = import sources.NUR { + nur = import sources.nur { nurpkgs = self; pkgs = self; }; @@ -85,4 +85,4 @@ let (import ../trusted/pkgs { inherit super self; }); in - (pkgs.extend (import (sources.arc-nixexprs + "/overlay.nix"))).extend overlay + (pkgs.extend (import (sources.nixexprs + "/overlay.nix"))).extend overlay diff --git a/pkgs/dino/0001-add-an-option-to-enable-omemo-by-default-in-new-conv.patch b/pkgs/dino/0001-add-an-option-to-enable-omemo-by-default-in-new-conv.patch new file mode 100644 index 00000000..030c165d --- /dev/null +++ b/pkgs/dino/0001-add-an-option-to-enable-omemo-by-default-in-new-conv.patch @@ -0,0 +1,115 @@ +From cee5e27b157081a3ce55869bd5f649560a6127ea Mon Sep 17 00:00:00 2001 +From: lumi +Date: Thu, 17 Oct 2019 16:43:40 +0200 +Subject: [PATCH] add an option to enable omemo by default in new conversations + +--- + libdino/src/entity/settings.vala | 10 ++++++++++ + libdino/src/service/conversation_manager.vala | 5 +++++ + main/data/settings_dialog.ui | 12 ++++++++++++ + main/src/ui/settings_dialog.vala | 3 +++ + 4 files changed, 30 insertions(+) + +diff --git a/libdino/src/entity/settings.vala b/libdino/src/entity/settings.vala +index bf1ebed..f9cd734 100644 +--- a/libdino/src/entity/settings.vala ++++ b/libdino/src/entity/settings.vala +@@ -11,6 +11,7 @@ public class Settings : Object { + send_marker_ = col_to_bool_or_default("send_marker", true); + notifications_ = col_to_bool_or_default("notifications", true); + convert_utf8_smileys_ = col_to_bool_or_default("convert_utf8_smileys", true); ++ omemo_default_ = col_to_bool_or_default("omemo_default", false); + } + + private bool col_to_bool_or_default(string key, bool def) { +@@ -53,6 +54,15 @@ public class Settings : Object { + convert_utf8_smileys_ = value; + } + } ++ ++ private bool omemo_default_; ++ public bool omemo_default { ++ get { return omemo_default_; } ++ set { ++ db.settings.insert().or("REPLACE").value(db.settings.key, "omemo_default").value(db.settings.value, value.to_string()).perform(); ++ omemo_default_ = value; ++ } ++ } + } + + } +diff --git a/libdino/src/service/conversation_manager.vala b/libdino/src/service/conversation_manager.vala +index c473ea7..e980e08 100644 +--- a/libdino/src/service/conversation_manager.vala ++++ b/libdino/src/service/conversation_manager.vala +@@ -8,6 +8,8 @@ public class ConversationManager : StreamInteractionModule, Object { + public static ModuleIdentity IDENTITY = new ModuleIdentity("conversation_manager"); + public string id { get { return IDENTITY.id; } } + ++ private Dino.Entities.Settings settings = Dino.Application.get_default().settings; ++ + public signal void conversation_activated(Conversation conversation); + public signal void conversation_deactivated(Conversation conversation); + +@@ -46,6 +48,9 @@ public class ConversationManager : StreamInteractionModule, Object { + + // Create a new converation + Conversation conversation = new Conversation(jid, account, type); ++ if (settings.omemo_default) { ++ conversation.encryption = Encryption.OMEMO; ++ } + add_conversation(conversation); + conversation.persist(db); + return conversation; +diff --git a/main/data/settings_dialog.ui b/main/data/settings_dialog.ui +index c76f347..23ee7b8 100644 +--- a/main/data/settings_dialog.ui ++++ b/main/data/settings_dialog.ui +@@ -65,6 +65,18 @@ + 1 + + ++ ++ ++ Enable OMEMO by default ++ True ++ ++ ++ 0 ++ 4 ++ 1 ++ 1 ++ ++ + + + +diff --git a/main/src/ui/settings_dialog.vala b/main/src/ui/settings_dialog.vala +index 68c711d..6401a2d 100644 +--- a/main/src/ui/settings_dialog.vala ++++ b/main/src/ui/settings_dialog.vala +@@ -9,6 +9,7 @@ class SettingsDialog : Dialog { + [GtkChild] private CheckButton marker_checkbutton; + [GtkChild] private CheckButton notification_checkbutton; + [GtkChild] private CheckButton emoji_checkbutton; ++ [GtkChild] private CheckButton omemo_default_checkbutton; + + Dino.Entities.Settings settings = Dino.Application.get_default().settings; + +@@ -19,11 +20,13 @@ class SettingsDialog : Dialog { + marker_checkbutton.active = settings.send_marker; + notification_checkbutton.active = settings.notifications; + emoji_checkbutton.active = settings.convert_utf8_smileys; ++ omemo_default_checkbutton.active = settings.omemo_default; + + typing_checkbutton.toggled.connect(() => { settings.send_typing = typing_checkbutton.active; } ); + marker_checkbutton.toggled.connect(() => { settings.send_marker = marker_checkbutton.active; } ); + notification_checkbutton.toggled.connect(() => { settings.notifications = notification_checkbutton.active; } ); + emoji_checkbutton.toggled.connect(() => { settings.convert_utf8_smileys = emoji_checkbutton.active; }); ++ omemo_default_checkbutton.toggled.connect(() => { settings.omemo_default = omemo_default_checkbutton.active; }); + } + } + +-- +2.23.0 + diff --git a/profiles/common/net.nix b/profiles/common/net.nix index 143e27ba..bd170e63 100644 --- a/profiles/common/net.nix +++ b/profiles/common/net.nix @@ -1,5 +1,5 @@ { config, lib, ... }: { - petabyte.nftables.enable = lib.mkDefault true; + kw.nftables.enable = lib.mkDefault true; } diff --git a/profiles/common/nix.nix b/profiles/common/nix.nix index b23620f6..5a892732 100644 --- a/profiles/common/nix.nix +++ b/profiles/common/nix.nix @@ -9,14 +9,10 @@ nix = { nixPath = [ "nixpkgs=${sources.nixpkgs}" - "nixpkgs-unstable=${sources.nixpkgs-unstable}" - "NUR=${sources.NUR}" - "arc=${sources.arc-nixexprs}" + "NUR=${sources.nur}" + "arc=${sources.nixexprs}" "ci=${sources.ci}" - "nixpkgs-mozilla=${sources.nixpkgs-mozilla}" - "hexy=${sources.nix-hexchen}" - "pbb=${sources.pbb-nixfiles}" - "qlyiss=${sources.qyliss-nixlib}" + "hexy=${sources.hexchen}" ]; binaryCaches = [ "https://arc.cachix.org" "https://kittywitch.cachix.org" ]; binaryCachePublicKeys = diff --git a/profiles/common/ssh.nix b/profiles/common/ssh.nix index ba781608..93d583fd 100644 --- a/profiles/common/ssh.nix +++ b/profiles/common/ssh.nix @@ -1,11 +1,11 @@ { config, lib, pkgs, ... }: { - katnet.public.udp.ranges = [{ + kw.fw.public.udp.ranges = [{ from = 60000; to = 61000; }]; - katnet.private.udp.ranges = [{ + kw.fw.private.udp.ranges = [{ from = 60000; to = 61000; }]; diff --git a/profiles/gui/mpd.nix b/profiles/gui/mpd.nix index 1e5ae819..b4556ca0 100644 --- a/profiles/gui/mpd.nix +++ b/profiles/gui/mpd.nix @@ -3,6 +3,6 @@ with lib; { - katnet.private.tcp.ports = [ 6600 32101 ]; - katnet.public.tcp.ports = [ 6600 32101 ]; + kw.fw.private.tcp.ports = [ 6600 32101 ]; + kw.fw.public.tcp.ports = [ 6600 32101 ]; } diff --git a/services/asterisk.nix b/services/asterisk.nix index 1ed902c4..e96833a7 100644 --- a/services/asterisk.nix +++ b/services/asterisk.nix @@ -4,15 +4,15 @@ with lib; { - katnet.public.tcp.ports = [ 5160 5060 ]; - katnet.public.udp.ports = [ 5160 5060 ]; + kw.fw.public.tcp.ports = [ 5160 5060 ]; + kw.fw.public.udp.ports = [ 5160 5060 ]; - katnet.public.tcp.ranges = [{ + kw.fw.public.tcp.ranges = [{ from = 10000; to = 20000; }]; - katnet.public.udp.ranges = [{ + kw.fw.public.udp.ranges = [{ from = 10000; to = 20000; }]; diff --git a/services/loki.nix b/services/loki.nix index 8716814b..c9d9fa4c 100644 --- a/services/loki.nix +++ b/services/loki.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - katnet.private.tcp.ports = [ 3100 ]; + kw.fw.private.tcp.ports = [ 3100 ]; services.loki = { enable = true; configuration = { diff --git a/services/murmur.nix b/services/murmur.nix index 3522fd2f..4a6db5a0 100644 --- a/services/murmur.nix +++ b/services/murmur.nix @@ -3,8 +3,8 @@ with lib; { - katnet.public.tcp.ports = singleton 64738; - katnet.public.udp.ports = singleton 64738; + kw.fw.public.tcp.ports = singleton 64738; + kw.fw.public.udp.ports = singleton 64738; services.murmur = { enable = true; diff --git a/services/netdata.nix b/services/netdata.nix index 630172ab..783abcdf 100644 --- a/services/netdata.nix +++ b/services/netdata.nix @@ -1,7 +1,7 @@ { config, ... }: { - katnet.private.tcp.ports = [ 19999 ]; + kw.fw.private.tcp.ports = [ 19999 ]; services.netdata = { enable = true; }; diff --git a/services/nginx.nix b/services/nginx.nix index 6306aa86..ccef30eb 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -12,8 +12,8 @@ with lib; ''; }; - katnet.public.tcp.ports = [ 443 80 ]; - katnet.private.tcp.ports = [ 443 80 ]; + kw.fw.public.tcp.ports = [ 443 80 ]; + kw.fw.private.tcp.ports = [ 443 80 ]; services.nginx = { enable = true; diff --git a/services/node-exporter.nix b/services/node-exporter.nix index 701bbf48..def379e0 100644 --- a/services/node-exporter.nix +++ b/services/node-exporter.nix @@ -1,7 +1,7 @@ { config, ... }: { - katnet.private.tcp.ports = [ 9002 ]; + kw.fw.private.tcp.ports = [ 9002 ]; services.prometheus = { exporters = { diff --git a/services/syncplay.nix b/services/syncplay.nix index cae34791..7ecc37f7 100644 --- a/services/syncplay.nix +++ b/services/syncplay.nix @@ -8,7 +8,7 @@ with lib; users.groups."sync-cert".members = [ "nginx" "syncplay" ]; security.acme = { certs."sync.kittywit.ch" = { group = "sync-cert"; }; }; - katnet.public.tcp.ports = singleton 8999; + kw.fw.public.tcp.ports = singleton 8999; services.nginx.virtualHosts."sync.kittywit.ch" = { enableACME = true; diff --git a/services/taskserver.nix b/services/taskserver.nix index e1927db5..7db0c863 100644 --- a/services/taskserver.nix +++ b/services/taskserver.nix @@ -3,7 +3,7 @@ with lib; { - katnet.public.tcp.ports = singleton 53589; + kw.fw.public.tcp.ports = singleton 53589; services.taskserver = { enable = true; diff --git a/services/xmpp.nix b/services/xmpp.nix index b39ff032..76b5dab5 100644 --- a/services/xmpp.nix +++ b/services/xmpp.nix @@ -3,7 +3,7 @@ with lib; { - katnet.public.tcp.ports = [ 5000 5222 5223 5269 580 5281 5347 5582 ]; + kw.fw.public.tcp.ports = [ 5000 5222 5223 5269 580 5281 5347 5582 ]; services.postgresql = { ensureDatabases = [ "prosody" ];