From 197d20e981632349bc6fc517f181978922ca9574 Mon Sep 17 00:00:00 2001 From: nik gaffney Date: Fri, 2 Aug 2024 11:17:40 +0200 Subject: [PATCH] Put in earplugs --- config/framework13-system.org | 16 +++++++++++--- config/framework13-system.scm | 39 ++++++++++++++++++++++------------- config/home-configuration.org | 6 ++++++ config/home-configuration.scm | 4 +++- 4 files changed, 47 insertions(+), 18 deletions(-) diff --git a/config/framework13-system.org b/config/framework13-system.org index 71e8928..a9cfaa9 100644 --- a/config/framework13-system.org +++ b/config/framework13-system.org @@ -229,7 +229,7 @@ use dovecot for local IMAP #+end_src *** iptables -=iptables= configuration to allow SSH on port 22, IMAPS on 993, wireguard (wg0), mDNS and local smb for 192.168.0.0/16 +=iptables= configuration to allow SSH on port 22, IMAPS on 993, wireguard (wg0), syncthing, mDNS and local smb for 192.168.0.0/16 #+BEGIN_SRC scheme :session (service iptables-service-type @@ -267,7 +267,12 @@ wireguard -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -i wg0 -j ACCEPT #+end_src - +syncthing +#+BEGIN_SRC scheme +-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT +-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT +#+END_SRC +otherwise #+BEGIN_SRC scheme -A INPUT -j REJECT --reject-with icmp-port-unreachable -A INPUT -m conntrack --ctstate INVALID -j DROP @@ -306,7 +311,12 @@ wireguard -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -i wg0 -j ACCEPT #+end_src - +syncthing +#+BEGIN_SRC scheme +-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT +-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT +#+END_SRC +otherwise #+BEGIN_SRC scheme -A INPUT -j REJECT --reject-with icmp6-port-unreachable -A INPUT -m conntrack --ctstate INVALID -j DROP diff --git a/config/framework13-system.scm b/config/framework13-system.scm index 0967541..f158fb7 100644 --- a/config/framework13-system.scm +++ b/config/framework13-system.scm @@ -1,6 +1,6 @@ ;; -*- mode: scheme; coding: utf-8; -*- ;; -;; tangled from framework13-system.org on 2024-06-18 12:53:06+02:00) +;; tangled from framework13-system.org on 2024-08-02 11:16:35+02:00) (use-modules (gnu) (gnu packages) @@ -158,6 +158,9 @@ COMMIT -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -i wg0 -j ACCEPT +-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT +-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT + -A INPUT -j REJECT --reject-with icmp-port-unreachable -A INPUT -m conntrack --ctstate INVALID -j DROP COMMIT @@ -189,6 +192,9 @@ COMMIT -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -i wg0 -j ACCEPT +-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT +-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT + -A INPUT -j REJECT --reject-with icmp6-port-unreachable -A INPUT -m conntrack --ctstate INVALID -j DROP COMMIT @@ -306,19 +312,24 @@ writable = yes (targets (list "/boot/efi")) (keyboard-layout keyboard-layout))) - (swap-devices (list (swap-space - (target (file-system-label "swap"))))) + (mapped-devices (list (mapped-device + (source (uuid + "9b5d47cd-d865-4ec9-81ec-30565fa767e4")) + (target "cryptroot") + (type luks-device-mapping)))) - (file-systems (cons* (file-system - (mount-point "/boot/efi") - (device (uuid "8B3C-3BC0" 'fat32)) - (type "vfat")) - (file-system - (mount-point "/") - (device (uuid - "e0ece027-0396-4546-8aba-2ce91285d061" - 'ext4)) - (type "ext4")) - %base-file-systems)) + (file-systems (cons* (file-system + (mount-point "/boot/efi") + (device (uuid "0D77-7016" 'fat32)) + (type "vfat")) + (file-system + (mount-point "/") + (device "/dev/mapper/cryptroot") + (type "ext4") + (dependencies mapped-devices)) %base-file-systems)) + +;; (swap-devices (list (swap-space +;; (target (file-system-label "swap"))))) + (swap-devices `("/mnt/swapfile")) ) ;; end operating-system declaration diff --git a/config/home-configuration.org b/config/home-configuration.org index aa86dbd..7737039 100644 --- a/config/home-configuration.org +++ b/config/home-configuration.org @@ -240,6 +240,12 @@ the zsh dotfiles are added manually rather than using dotfiles-service (duplicat ;; ssh config in 'dotfiles' #+END_SRC +*** syncthing +using [[https://syncthing.net/][syncthing]] for local & point-to-point filesync across machines (see also nextcloud) +#+BEGIN_SRC scheme + (service home-syncthing-service-type) +#+END_SRC + *** sound via pipewire which requires dbus (see also [[https://guix.gnu.org/manual/devel/en/html_node/Sound-Home-Services.html][guix manual]]) diff --git a/config/home-configuration.scm b/config/home-configuration.scm index 398eeba..98d8ed4 100644 --- a/config/home-configuration.scm +++ b/config/home-configuration.scm @@ -1,6 +1,6 @@ ;; -*- mode: scheme; coding: utf-8; -*- ;; -;; tangled from home-configuration.org on 2024-04-14 14:56:58+02:00) +;; tangled from home-configuration.org on 2024-08-02 11:17:18+02:00) (use-modules (gnu) (gnu home) @@ -149,6 +149,8 @@ ;; ssh config in 'dotfiles' + (service home-syncthing-service-type) + (service home-dbus-service-type) (service home-pipewire-service-type