Put in earplugs
This commit is contained in:
parent
05f88e0273
commit
197d20e981
4 changed files with 47 additions and 18 deletions
|
@ -229,7 +229,7 @@ use dovecot for local IMAP
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
*** iptables
|
*** iptables
|
||||||
=iptables= configuration to allow SSH on port 22, IMAPS on 993, wireguard (wg0), mDNS and local smb for 192.168.0.0/16
|
=iptables= configuration to allow SSH on port 22, IMAPS on 993, wireguard (wg0), syncthing, mDNS and local smb for 192.168.0.0/16
|
||||||
|
|
||||||
#+BEGIN_SRC scheme :session
|
#+BEGIN_SRC scheme :session
|
||||||
(service iptables-service-type
|
(service iptables-service-type
|
||||||
|
@ -267,7 +267,12 @@ wireguard
|
||||||
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
-A FORWARD -i wg0 -j ACCEPT
|
-A FORWARD -i wg0 -j ACCEPT
|
||||||
#+end_src
|
#+end_src
|
||||||
|
syncthing
|
||||||
|
#+BEGIN_SRC scheme
|
||||||
|
-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT
|
||||||
|
-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT
|
||||||
|
#+END_SRC
|
||||||
|
otherwise
|
||||||
#+BEGIN_SRC scheme
|
#+BEGIN_SRC scheme
|
||||||
-A INPUT -j REJECT --reject-with icmp-port-unreachable
|
-A INPUT -j REJECT --reject-with icmp-port-unreachable
|
||||||
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||||
|
@ -306,7 +311,12 @@ wireguard
|
||||||
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
-A FORWARD -i wg0 -j ACCEPT
|
-A FORWARD -i wg0 -j ACCEPT
|
||||||
#+end_src
|
#+end_src
|
||||||
|
syncthing
|
||||||
|
#+BEGIN_SRC scheme
|
||||||
|
-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT
|
||||||
|
-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT
|
||||||
|
#+END_SRC
|
||||||
|
otherwise
|
||||||
#+BEGIN_SRC scheme
|
#+BEGIN_SRC scheme
|
||||||
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
|
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
|
||||||
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
;; -*- mode: scheme; coding: utf-8; -*-
|
;; -*- mode: scheme; coding: utf-8; -*-
|
||||||
;;
|
;;
|
||||||
;; tangled from framework13-system.org on 2024-06-18 12:53:06+02:00)
|
;; tangled from framework13-system.org on 2024-08-02 11:16:35+02:00)
|
||||||
|
|
||||||
(use-modules (gnu)
|
(use-modules (gnu)
|
||||||
(gnu packages)
|
(gnu packages)
|
||||||
|
@ -158,6 +158,9 @@ COMMIT
|
||||||
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
-A FORWARD -i wg0 -j ACCEPT
|
-A FORWARD -i wg0 -j ACCEPT
|
||||||
|
|
||||||
|
-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT
|
||||||
|
-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT
|
||||||
|
|
||||||
-A INPUT -j REJECT --reject-with icmp-port-unreachable
|
-A INPUT -j REJECT --reject-with icmp-port-unreachable
|
||||||
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||||
COMMIT
|
COMMIT
|
||||||
|
@ -189,6 +192,9 @@ COMMIT
|
||||||
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
-A FORWARD -i wg0 -j ACCEPT
|
-A FORWARD -i wg0 -j ACCEPT
|
||||||
|
|
||||||
|
-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT
|
||||||
|
-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT
|
||||||
|
|
||||||
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
|
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
|
||||||
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||||
COMMIT
|
COMMIT
|
||||||
|
@ -306,19 +312,24 @@ writable = yes
|
||||||
(targets (list "/boot/efi"))
|
(targets (list "/boot/efi"))
|
||||||
(keyboard-layout keyboard-layout)))
|
(keyboard-layout keyboard-layout)))
|
||||||
|
|
||||||
(swap-devices (list (swap-space
|
(mapped-devices (list (mapped-device
|
||||||
(target (file-system-label "swap")))))
|
(source (uuid
|
||||||
|
"9b5d47cd-d865-4ec9-81ec-30565fa767e4"))
|
||||||
|
(target "cryptroot")
|
||||||
|
(type luks-device-mapping))))
|
||||||
|
|
||||||
(file-systems (cons* (file-system
|
(file-systems (cons* (file-system
|
||||||
(mount-point "/boot/efi")
|
(mount-point "/boot/efi")
|
||||||
(device (uuid "8B3C-3BC0" 'fat32))
|
(device (uuid "0D77-7016" 'fat32))
|
||||||
(type "vfat"))
|
(type "vfat"))
|
||||||
(file-system
|
(file-system
|
||||||
(mount-point "/")
|
(mount-point "/")
|
||||||
(device (uuid
|
(device "/dev/mapper/cryptroot")
|
||||||
"e0ece027-0396-4546-8aba-2ce91285d061"
|
(type "ext4")
|
||||||
'ext4))
|
(dependencies mapped-devices)) %base-file-systems))
|
||||||
(type "ext4"))
|
|
||||||
%base-file-systems))
|
;; (swap-devices (list (swap-space
|
||||||
|
;; (target (file-system-label "swap")))))
|
||||||
|
(swap-devices `("/mnt/swapfile"))
|
||||||
|
|
||||||
) ;; end operating-system declaration
|
) ;; end operating-system declaration
|
||||||
|
|
|
@ -240,6 +240,12 @@ the zsh dotfiles are added manually rather than using dotfiles-service (duplicat
|
||||||
;; ssh config in 'dotfiles'
|
;; ssh config in 'dotfiles'
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
|
||||||
|
*** syncthing
|
||||||
|
using [[https://syncthing.net/][syncthing]] for local & point-to-point filesync across machines (see also nextcloud)
|
||||||
|
#+BEGIN_SRC scheme
|
||||||
|
(service home-syncthing-service-type)
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
*** sound
|
*** sound
|
||||||
via pipewire which requires dbus (see also [[https://guix.gnu.org/manual/devel/en/html_node/Sound-Home-Services.html][guix manual]])
|
via pipewire which requires dbus (see also [[https://guix.gnu.org/manual/devel/en/html_node/Sound-Home-Services.html][guix manual]])
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
;; -*- mode: scheme; coding: utf-8; -*-
|
;; -*- mode: scheme; coding: utf-8; -*-
|
||||||
;;
|
;;
|
||||||
;; tangled from home-configuration.org on 2024-04-14 14:56:58+02:00)
|
;; tangled from home-configuration.org on 2024-08-02 11:17:18+02:00)
|
||||||
|
|
||||||
(use-modules (gnu)
|
(use-modules (gnu)
|
||||||
(gnu home)
|
(gnu home)
|
||||||
|
@ -149,6 +149,8 @@
|
||||||
|
|
||||||
;; ssh config in 'dotfiles'
|
;; ssh config in 'dotfiles'
|
||||||
|
|
||||||
|
(service home-syncthing-service-type)
|
||||||
|
|
||||||
(service home-dbus-service-type)
|
(service home-dbus-service-type)
|
||||||
|
|
||||||
(service home-pipewire-service-type
|
(service home-pipewire-service-type
|
||||||
|
|
Loading…
Reference in a new issue