Source cleanups and renaming. Module inhousing & changes.

default.nix

@@ -25,7 +25,7 @@ rec {
       sources2drvs = sources: mapAttrs (_: source2drv) (getSources sources);
     in recurseIntoAttrs rec {
       local = sources2drvs sources;
-      hexchen = sources2drvs (import sources.nix-hexchen {}).sources;
+      hexchen = sources2drvs (import sources.hexchen {}).sources;
       all = attrValues local ++ attrValues hexchen;
       allStr = toString all;
     };

hosts/athame/nixos/default.nix

@@ -58,10 +58,10 @@ with lib;
     interface = "enp1s0";
   };
 
-  katnet.public.interfaces = singleton "enp1s0";
+  kw.fw.public.interfaces = singleton "enp1s0";
-  katnet.private.interfaces = singleton "hexnet";
+  kw.fw.private.interfaces = singleton "hexnet";
 
-  katnet.public.tcp.ports = singleton 52969;
+  kw.fw.public.tcp.ports = singleton 52969;
 
   deploy.tf.dns.records.kittywitch_athame_v6 = {
     tld = "kittywit.ch.";

hosts/dummy/nixos/default.nix

@@ -3,7 +3,7 @@
 with lib;
 
 let
-  hexchen = (import sources.nix-hexchen) { };
+  hexchen = (import sources.hexchen) { };
   hexYgg = filterAttrs (_: c: c.enable)
     (mapAttrs (_: host: host.config.hexchen.network) hexchen.hosts);
 in

hosts/ostara/nixos/default.nix

@@ -18,9 +18,9 @@ with lib;
   networking.interfaces.enp1s0.useDHCP = true;
   networking.interfaces.wlp2s0.useDHCP = true;
 
-  katnet.public.interfaces = singleton "wlp2s0";
+  kw.fw.public.interfaces = singleton "wlp2s0";
 
-  katnet.public.tcp.ports = [ 9981 9982 ];
+  kw.fw.public.tcp.ports = [ 9981 9982 ];
 
   hardware.firmware = [ pkgs.libreelec-dvb-firmware ];
 

hosts/samhain/nixos/default.nix

@@ -3,7 +3,7 @@
 with lib;
 
 let
-  hexchen = (import sources.nix-hexchen) { };
+  hexchen = (import sources.hexchen) { };
   hexYgg = filterAttrs (_: c: c.enable)
     (mapAttrs (_: host: host.config.hexchen.network) hexchen.hosts);
 in
@@ -71,14 +71,14 @@ in
   #  package = pkgs.ckb-next;
   #};
 
-  katnet.private.interfaces = singleton "hexnet";
+  kw.fw.private.interfaces = singleton "hexnet";
-  katnet.public.interfaces = singleton "br";
+  kw.fw.public.interfaces = singleton "br";
 
   hardware.openrazer = {
     enable = true;
   };
 
-  katnet.private.tcp.ports = [ 10445 ];
+  kw.fw.private.tcp.ports = [ 10445 ];
 
   systemd.timers.kat-glauca-dns = {
     timerConfig = {

hosts/samhain/nixos/jellyfin.nix

@@ -1,12 +1,12 @@
 { config, lib, pkgs, ... }:
 
 {
-  katnet.public.tcp.ranges = [{
+  kw.fw.public.tcp.ranges = [{
     from = 32768;
     to = 60999;
   }];
 
-  katnet.private.tcp.ranges = [{
+  kw.fw.private.tcp.ranges = [{
     from = 32768;
     to = 60999;
   }];

hosts/samhain/nixos/virtualhosts.nix

@@ -3,8 +3,8 @@
 with lib;
 
 {
-  katnet.private.tcp.ports = singleton 1935;
+  kw.fw.private.tcp.ports = singleton 1935;
-  katnet.public.tcp.ports = singleton 1935;
+  kw.fw.public.tcp.ports = singleton 1935;
 
   services.nginx.virtualHosts = {
     "samhain.net.kittywit.ch" = {

hosts/yule/nixos/default.nix

@@ -25,8 +25,8 @@ with lib;
   boot.loader.efi.canTouchEfiVariables = true;
   boot.supportedFilesystems = [ "zfs" ];
 
-  katnet.private.interfaces = singleton "hexnet";
+  kw.fw.private.interfaces = singleton "hexnet";
-  katnet.public.interfaces = [ "enp1s0" "wlp2s0" ];
+  kw.fw.public.interfaces = [ "enp1s0" "wlp2s0" ];
 
   networking.hostId = "dddbb888";
   networking.hostName = "yule";

modules/home/default.nix

@@ -2,7 +2,7 @@
 
 {
   disabledModules = [ "programs/vim.nix" ];
-  imports = with (import (sources.arc-nixexprs + "/modules")).home-manager; [ base16 syncplay konawall i3gopher weechat shell ] ++ [
+  imports = with (import (sources.nixexprs + "/modules")).home-manager; [ base16 syncplay konawall i3gopher weechat shell ] ++ [
     ./vim.nix
     ./deploy-tf
     (sources.tf-nix + "/modules/home/secrets.nix")

modules/nixos/default.nix

@@ -1,15 +1,13 @@
 { sources, lib, ... }:
 
-let hexchen = (import sources.nix-hexchen) { };
-in
 {
   imports = [
-    ./katnet
+    ./nftables
+    ./fw-abstraction
     ./deploy-tf
-    (sources.pbb-nixfiles + "/modules/nftables")
     (sources.tf-nix + "/modules/nixos/secrets.nix")
     (sources.tf-nix + "/modules/nixos/secrets-users.nix")
-    hexchen.modules.hexnet
+    (sources.hexchen + "/modules/hexnet")
   ];
 
   # stubs for hexchens modules, until more generalized

modules/nixos/fw-abstraction/default.nix

@@ -2,10 +2,10 @@
 
 with lib;
 
-let cfg = config.katnet;
+let cfg = config.kw.fw;
 in
 {
-  options.katnet = {
+  options.kw.fw = {
     public.tcp.ports = mkOption {
       type = types.listOf types.port;
       default = [ ];

modules/nixos/nftables/default.nix

@@ -0,0 +1,134 @@
+{ pkgs, lib, config, modulesPath, ... }:
+
+let
+  fwcfg = config.networking.firewall;
+  cfg = config.kw.nftables;
+
+  doDocker = config.virtualisation.docker.enable && cfg.generateDockerRules;
+
+  mkPorts = cond: ports: ranges: action: let
+    portStrings = (map (range: "${toString range.from}-${toString range.to}") ranges)
+               ++ (map toString ports);
+  in lib.optionalString (portStrings != []) ''
+    ${cond} dport { ${lib.concatStringsSep ", " portStrings} } ${action}
+  '';
+
+  ruleset = ''
+    table inet filter {
+      chain input {
+        type filter hook input priority filter
+        policy ${cfg.inputPolicy}
+
+        icmpv6 type { echo-request, echo-reply, mld-listener-query, mld-listener-report, mld-listener-done, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, packet-too-big } accept
+        icmp type echo-request accept
+
+        ct state invalid drop
+        ct state established,related accept
+
+        iifname { ${
+          lib.concatStringsSep "," (["lo"] ++ fwcfg.trustedInterfaces)
+        } } accept
+
+        ${mkPorts "tcp" fwcfg.allowedTCPPorts fwcfg.allowedTCPPortRanges "accept"}
+        ${mkPorts "udp" fwcfg.allowedUDPPorts fwcfg.allowedUDPPortRanges "accept"}
+
+        ${
+          lib.concatStringsSep "\n" (lib.mapAttrsToList (name: ifcfg:
+              mkPorts "iifname ${name} tcp" ifcfg.allowedTCPPorts ifcfg.allowedTCPPortRanges "accept"
+            + mkPorts "iifname ${name} udp" ifcfg.allowedUDPPorts ifcfg.allowedUDPPortRanges "accept"
+          ) fwcfg.interfaces)
+        }
+
+        # DHCPv6
+        ip6 daddr fe80::/64 udp dport 546 accept
+
+        ${cfg.extraInput}
+
+        counter
+      }
+      chain output {
+        type filter hook output priority filter
+        policy ${cfg.outputPolicy}
+
+        ${cfg.extraOutput}
+
+        counter
+      }
+      chain forward {
+        type filter hook forward priority filter
+        policy ${cfg.forwardPolicy}
+
+        ${lib.optionalString doDocker ''
+          oifname docker0 ct state invalid drop
+          oifname docker0 ct state established,related accept
+          iifname docker0 accept
+        ''}
+
+        ${cfg.extraForward}
+
+        counter
+      }
+    }
+    ${lib.optionalString doDocker ''
+      table ip nat {
+        chain docker-postrouting {
+          type nat hook postrouting priority 10
+          iifname docker0 masquerade
+        }
+      }
+    ''}
+    ${cfg.extraConfig}
+  '';
+
+in {
+  options = with lib; {
+    kw.nftables = {
+      enable = mkEnableOption "nftables firewall";
+
+      extraConfig = mkOption {
+        type = types.lines;
+        default = "";
+      };
+      extraInput = mkOption {
+        type = types.lines;
+        default = "";
+      };
+      extraOutput = mkOption {
+        type = types.lines;
+        default = "";
+      };
+      extraForward = mkOption {
+        type = types.lines;
+        default = "";
+      };
+      inputPolicy = mkOption {
+        type = types.str;
+        default = "drop";
+      };
+      outputPolicy = mkOption {
+        type = types.str;
+        default = "accept";
+      };
+      forwardPolicy = mkOption {
+        type = types.str;
+        default = "accept";
+      };
+      generateDockerRules = mkOption {
+        type = types.bool;
+        default = true;
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    networking.firewall.enable = false;
+    networking.nftables = {
+      enable = true;
+      inherit ruleset;
+    };
+
+    virtualisation.docker = lib.mkIf doDocker {
+      extraOptions = "--iptables=false";
+    };
+  };
+}

nix/sources.json

@@ -1,17 +1,17 @@
 {
-    "NUR": {
+    "nur": {
         "branch": "master",
         "description": "Nix User Repository: User contributed nix packages [maintainer=@Mic92]",
         "homepage": "https://nur.nix-community.org/",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "d7fdf23eec6d5d1907b6977936da5088d9cd0332",
+        "rev": "12bc6855f2b7e0b6402d9f26fa6bf11ed63a274a",
-        "sha256": "0m4mcalws6255pllmjkmf853i34p0xw3kziaw6rbn6rpv7bsnada",
+        "sha256": "00dhqz93kfmhb1qsqfrfsrlnw459czinqq8fqbfnh3jppjv4gskf",
         "type": "tarball",
-        "url": "https://github.com/nix-community/NUR/archive/d7fdf23eec6d5d1907b6977936da5088d9cd0332.tar.gz",
+        "url": "https://github.com/nix-community/NUR/archive/12bc6855f2b7e0b6402d9f26fa6bf11ed63a274a.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
-    "arc-nixexprs": {
+    "nixexprs": {
         "branch": "master",
         "description": "nix stuff",
         "homepage": null,
@@ -41,10 +41,10 @@
         "homepage": "https://nix-community.github.io/home-manager/",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "7df6656b113ce0d39c8b7d30915cafe046e1d64e",
+        "rev": "ac319fd3149b23a3ad8ee24cb2def6e67acf194c",
-        "sha256": "0dxiicyiw53k3gqbv2k9ajnsghq1a8ln741hx5msa45zdg1r6ci3",
+        "sha256": "0yicwddxlp5bzaklmjfglm5y5xiyqrp4mg70g5x49832nvwclw2s",
         "type": "tarball",
-        "url": "https://github.com/nix-community/home-manager/archive/7df6656b113ce0d39c8b7d30915cafe046e1d64e.tar.gz",
+        "url": "https://github.com/nix-community/home-manager/archive/ac319fd3149b23a3ad8ee24cb2def6e67acf194c.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "niv": {
@@ -59,19 +59,7 @@
         "url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
-    "nix-doom-emacs": {
+    "hexchen": {
-        "branch": "master",
-        "description": "doom-emacs packaged for Nix",
-        "homepage": "",
-        "owner": "vlaci",
-        "repo": "nix-doom-emacs",
-        "rev": "71a2ea289967ca81708a1b4820c6e6a8361fca0a",
-        "sha256": "1gq62yi9q40sdcna83b7ghjm1il91vgl7s0gd0j06y7mwprg1za3",
-        "type": "tarball",
-        "url": "https://github.com/vlaci/nix-doom-emacs/archive/71a2ea289967ca81708a1b4820c6e6a8361fca0a.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
-    "nix-hexchen": {
         "branch": "main",
         "description": "A cutie's nixfiles",
         "homepage": "",
@@ -99,10 +87,10 @@
         "homepage": "",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "3a8d7958a610cd3fec3a6f424480f91a1b259185",
+        "rev": "09c38c29f2c719cd76ca17a596c2fdac9e186ceb",
-        "sha256": "0bmxrdn9sn6mxvkyyxdlxlzczfh59iy66c55ql144ilc1cjk28is",
+        "sha256": "0i6kcs0zxwfaflcg6wfkwcinfnilkxlb6ad29v01bkhg6asl6ihf",
         "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/3a8d7958a610cd3fec3a6f424480f91a1b259185.tar.gz",
+        "url": "https://github.com/nixos/nixpkgs/archive/09c38c29f2c719cd76ca17a596c2fdac9e186ceb.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixpkgs-mozilla": {
@@ -117,41 +105,6 @@
         "url": "https://github.com/mozilla/nixpkgs-mozilla/archive/3f3fba4e2066f28a1ad7ac60e86a688a92eb5b5f.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
-    "nixpkgs-unstable": {
-        "branch": "nixos-unstable-small",
-        "description": "Nix Packages collection",
-        "homepage": "",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "d8079260a3028ae3221d7a5467443ee3a9edd2b8",
-        "sha256": "0xjcji6z00i49xaanf193n3kr34m4if6qg9npcnh30acv8gx9krk",
-        "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/d8079260a3028ae3221d7a5467443ee3a9edd2b8.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
-    "pbb-nixfiles": {
-        "branch": "main",
-        "builtin": false,
-        "description": "why does this infrastructure keep going down? i'm dead inside",
-        "homepage": "",
-        "ref": "main",
-        "repo": "https://git.petabyte.dev/petabyteboy/nixfiles",
-        "rev": "ce2d8bbb9eaf1bbc9bd00cb60bf633ecbae86415",
-        "sha256": "023frlq7kdvqkwdhxdbcg9c065lqy89gblwvqxk5yjcxhx23scy3",
-        "type": "tarball",
-        "url": "https://git.petabyte.dev/petabyteboy/nixfiles/archive/ce2d8bbb9eaf1bbc9bd00cb60bf633ecbae86415.tar.gz",
-        "url_template": "<repo>/archive/<rev>.tar.gz"
-    },
-    "qyliss-nixlib": {
-        "branch": "master",
-        "builtin": false,
-        "repo": "https://git.qyliss.net/nixlib",
-        "rev": "7c0f1ac9c9cacff84ca6473bdc83eea78aaac1da",
-        "sha256": "1x7gh7lz50i0cs2g1gfnhlkx7vm5b9jcarx650x037whsk7gdvkl",
-        "type": "tarball",
-        "url": "https://git.qyliss.net/nixlib/snapshot/nixlib-7c0f1ac9c9cacff84ca6473bdc83eea78aaac1da.tar.gz",
-        "url_template": "https://git.qyliss.net/nixlib/snapshot/nixlib-<rev>.tar.gz"
-    },
     "tf-nix": {
         "branch": "master",
         "description": "terraform meets nix",

pkgs/default.nix

@@ -4,11 +4,13 @@ let
   pkgs = import sources.nixpkgs { inherit config; };
   overlay = self: super:
   rec {
-
+    dino = super.dino.overrideAttrs ( 
-    dino =
+    { patches ? [], ... }: {
-      super.callPackage "${sources.qyliss-nixlib}/overlays/patches/dino" {
+      patches = patches ++ [
-        inherit (super) dino;
+        ./dino/0001-add-an-option-to-enable-omemo-by-default-in-new-conv.patch
-      };
+      ];
+    }
+    );
 
       discord = super.discord.override { nss = self.nss; };
 
@@ -21,9 +23,7 @@ let
 
       notmuch = super.callPackage ./notmuch { inherit (super) notmuch; };
 
-      unstable = import sources.nixpkgs-unstable { inherit (self) config; };
+      nur = import sources.nur {
-
-      nur = import sources.NUR {
         nurpkgs = self;
         pkgs = self;
       };
@@ -85,4 +85,4 @@ let
       (import ../trusted/pkgs { inherit super self; });
 
 in
-  (pkgs.extend (import (sources.arc-nixexprs + "/overlay.nix"))).extend overlay
+  (pkgs.extend (import (sources.nixexprs + "/overlay.nix"))).extend overlay

pkgs/dino/0001-add-an-option-to-enable-omemo-by-default-in-new-conv.patch

@@ -0,0 +1,115 @@
+From cee5e27b157081a3ce55869bd5f649560a6127ea Mon Sep 17 00:00:00 2001
+From: lumi <lumi@pew.im>
+Date: Thu, 17 Oct 2019 16:43:40 +0200
+Subject: [PATCH] add an option to enable omemo by default in new conversations
+
+---
+ libdino/src/entity/settings.vala              | 10 ++++++++++
+ libdino/src/service/conversation_manager.vala |  5 +++++
+ main/data/settings_dialog.ui                  | 12 ++++++++++++
+ main/src/ui/settings_dialog.vala              |  3 +++
+ 4 files changed, 30 insertions(+)
+
+diff --git a/libdino/src/entity/settings.vala b/libdino/src/entity/settings.vala
+index bf1ebed..f9cd734 100644
+--- a/libdino/src/entity/settings.vala
++++ b/libdino/src/entity/settings.vala
+@@ -11,6 +11,7 @@ public class Settings : Object {
+         send_marker_ = col_to_bool_or_default("send_marker", true);
+         notifications_ = col_to_bool_or_default("notifications", true);
+         convert_utf8_smileys_ = col_to_bool_or_default("convert_utf8_smileys", true);
++        omemo_default_ = col_to_bool_or_default("omemo_default", false);
+     }
+ 
+     private bool col_to_bool_or_default(string key, bool def) {
+@@ -53,6 +54,15 @@ public class Settings : Object {
+             convert_utf8_smileys_ = value;
+         }
+     }
++
++    private bool omemo_default_;
++    public bool omemo_default {
++        get { return omemo_default_; }
++        set {
++            db.settings.insert().or("REPLACE").value(db.settings.key, "omemo_default").value(db.settings.value, value.to_string()).perform();
++            omemo_default_ = value;
++        }
++    }
+ }
+ 
+ }
+diff --git a/libdino/src/service/conversation_manager.vala b/libdino/src/service/conversation_manager.vala
+index c473ea7..e980e08 100644
+--- a/libdino/src/service/conversation_manager.vala
++++ b/libdino/src/service/conversation_manager.vala
+@@ -8,6 +8,8 @@ public class ConversationManager : StreamInteractionModule, Object {
+     public static ModuleIdentity<ConversationManager> IDENTITY = new ModuleIdentity<ConversationManager>("conversation_manager");
+     public string id { get { return IDENTITY.id; } }
+ 
++    private Dino.Entities.Settings settings = Dino.Application.get_default().settings;
++
+     public signal void conversation_activated(Conversation conversation);
+     public signal void conversation_deactivated(Conversation conversation);
+ 
+@@ -46,6 +48,9 @@ public class ConversationManager : StreamInteractionModule, Object {
+ 
+         // Create a new converation
+         Conversation conversation = new Conversation(jid, account, type);
++        if (settings.omemo_default) {
++            conversation.encryption = Encryption.OMEMO;
++        }
+         add_conversation(conversation);
+         conversation.persist(db);
+         return conversation;
+diff --git a/main/data/settings_dialog.ui b/main/data/settings_dialog.ui
+index c76f347..23ee7b8 100644
+--- a/main/data/settings_dialog.ui
++++ b/main/data/settings_dialog.ui
+@@ -65,6 +65,18 @@
+                                 <property name="height">1</property>
+                             </packing>
+                         </child>
++                        <child>
++                          <object class="GtkCheckButton" id="omemo_default_checkbutton">
++                            <property name="label" translatable="yes">Enable OMEMO by default</property>
++                            <property name="visible">True</property>
++                          </object>
++                          <packing>
++                              <property name="left_attach">0</property>
++                              <property name="top_attach">4</property>
++                              <property name="width">1</property>
++                              <property name="height">1</property>
++                          </packing>
++                        </child>
+                     </object>
+                 </child>
+             </object>
+diff --git a/main/src/ui/settings_dialog.vala b/main/src/ui/settings_dialog.vala
+index 68c711d..6401a2d 100644
+--- a/main/src/ui/settings_dialog.vala
++++ b/main/src/ui/settings_dialog.vala
+@@ -9,6 +9,7 @@ class SettingsDialog : Dialog {
+     [GtkChild] private CheckButton marker_checkbutton;
+     [GtkChild] private CheckButton notification_checkbutton;
+     [GtkChild] private CheckButton emoji_checkbutton;
++    [GtkChild] private CheckButton omemo_default_checkbutton;
+ 
+     Dino.Entities.Settings settings = Dino.Application.get_default().settings;
+ 
+@@ -19,11 +20,13 @@ class SettingsDialog : Dialog {
+         marker_checkbutton.active = settings.send_marker;
+         notification_checkbutton.active = settings.notifications;
+         emoji_checkbutton.active = settings.convert_utf8_smileys;
++        omemo_default_checkbutton.active = settings.omemo_default;
+ 
+         typing_checkbutton.toggled.connect(() => { settings.send_typing = typing_checkbutton.active; } );
+         marker_checkbutton.toggled.connect(() => { settings.send_marker = marker_checkbutton.active; } );
+         notification_checkbutton.toggled.connect(() => { settings.notifications = notification_checkbutton.active; } );
+         emoji_checkbutton.toggled.connect(() => { settings.convert_utf8_smileys = emoji_checkbutton.active; });
++        omemo_default_checkbutton.toggled.connect(() => { settings.omemo_default = omemo_default_checkbutton.active; });
+     }
+ }
+ 
+-- 
+2.23.0
+

profiles/common/net.nix

@@ -1,5 +1,5 @@
 { config, lib, ... }:
 
 {
-  petabyte.nftables.enable = lib.mkDefault true;
+  kw.nftables.enable = lib.mkDefault true;
 }

profiles/common/nix.nix

@@ -9,14 +9,10 @@
   nix = {
     nixPath = [
       "nixpkgs=${sources.nixpkgs}"
-      "nixpkgs-unstable=${sources.nixpkgs-unstable}"
+      "NUR=${sources.nur}"
-      "NUR=${sources.NUR}"
+      "arc=${sources.nixexprs}"
-      "arc=${sources.arc-nixexprs}"
       "ci=${sources.ci}"
-      "nixpkgs-mozilla=${sources.nixpkgs-mozilla}"
+      "hexy=${sources.hexchen}"
-      "hexy=${sources.nix-hexchen}"
-      "pbb=${sources.pbb-nixfiles}"
-      "qlyiss=${sources.qyliss-nixlib}"
     ];
     binaryCaches = [ "https://arc.cachix.org" "https://kittywitch.cachix.org" ];
     binaryCachePublicKeys =

profiles/common/ssh.nix

@@ -1,11 +1,11 @@
 { config, lib, pkgs, ... }:
 
 {
-  katnet.public.udp.ranges = [{
+  kw.fw.public.udp.ranges = [{
     from = 60000;
     to = 61000;
   }];
-  katnet.private.udp.ranges = [{
+  kw.fw.private.udp.ranges = [{
     from = 60000;
     to = 61000;
   }];

profiles/gui/mpd.nix

@@ -3,6 +3,6 @@
 with lib;
 
 {
-  katnet.private.tcp.ports = [ 6600 32101 ];
+  kw.fw.private.tcp.ports = [ 6600 32101 ];
-  katnet.public.tcp.ports = [ 6600 32101 ];
+  kw.fw.public.tcp.ports = [ 6600 32101 ];
 }

services/asterisk.nix

@@ -4,15 +4,15 @@
 with lib;
 
 {
-  katnet.public.tcp.ports = [ 5160 5060 ];
+  kw.fw.public.tcp.ports = [ 5160 5060 ];
-  katnet.public.udp.ports = [ 5160 5060 ];
+  kw.fw.public.udp.ports = [ 5160 5060 ];
 
-  katnet.public.tcp.ranges = [{
+  kw.fw.public.tcp.ranges = [{
     from = 10000;
     to = 20000;
   }];
 
-  katnet.public.udp.ranges = [{
+  kw.fw.public.udp.ranges = [{
     from = 10000;
     to = 20000;
   }];

services/loki.nix

@@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 
 {
-  katnet.private.tcp.ports = [ 3100 ];
+  kw.fw.private.tcp.ports = [ 3100 ];
   services.loki = {
     enable = true;
     configuration = {

services/murmur.nix

@@ -3,8 +3,8 @@
 with lib;
 
 {
-  katnet.public.tcp.ports = singleton 64738;
+  kw.fw.public.tcp.ports = singleton 64738;
-  katnet.public.udp.ports = singleton 64738;
+  kw.fw.public.udp.ports = singleton 64738;
 
   services.murmur = {
     enable = true;

services/netdata.nix

@@ -1,7 +1,7 @@
 { config, ... }:
 
 {
-  katnet.private.tcp.ports = [ 19999 ];
+  kw.fw.private.tcp.ports = [ 19999 ];
 
   services.netdata = { enable = true; };
 

services/nginx.nix

@@ -12,8 +12,8 @@ with lib;
     '';
   };
 
-  katnet.public.tcp.ports = [ 443 80 ];
+  kw.fw.public.tcp.ports = [ 443 80 ];
-  katnet.private.tcp.ports = [ 443 80 ];
+  kw.fw.private.tcp.ports = [ 443 80 ];
 
   services.nginx = {
     enable = true;

services/node-exporter.nix

@@ -1,7 +1,7 @@
 { config, ... }:
 
 {
-  katnet.private.tcp.ports = [ 9002 ];
+  kw.fw.private.tcp.ports = [ 9002 ];
 
   services.prometheus = {
     exporters = {

services/syncplay.nix

@@ -8,7 +8,7 @@ with lib;
   users.groups."sync-cert".members = [ "nginx" "syncplay" ];
   security.acme = { certs."sync.kittywit.ch" = { group = "sync-cert"; }; };
 
-  katnet.public.tcp.ports = singleton 8999;
+  kw.fw.public.tcp.ports = singleton 8999;
 
   services.nginx.virtualHosts."sync.kittywit.ch" = {
     enableACME = true;

services/taskserver.nix

@@ -3,7 +3,7 @@
 with lib;
 
 {
-  katnet.public.tcp.ports = singleton 53589;
+  kw.fw.public.tcp.ports = singleton 53589;
 
   services.taskserver = {
     enable = true;

services/xmpp.nix

@@ -3,7 +3,7 @@
 with lib;
 
 {
-  katnet.public.tcp.ports = [ 5000 5222 5223 5269 580 5281 5347 5582 ];
+  kw.fw.public.tcp.ports = [ 5000 5222 5223 5269 580 5281 5347 5582 ];
 
   services.postgresql = {
     ensureDatabases = [ "prosody" ];