Put in earplugs

This commit is contained in:
nik gaffney 2024-08-02 11:17:40 +02:00
parent 05f88e0273
commit 197d20e981
Signed by: nik
GPG key ID: 989F5E6EDB478160
4 changed files with 47 additions and 18 deletions

View file

@ -229,7 +229,7 @@ use dovecot for local IMAP
#+end_src #+end_src
*** iptables *** iptables
=iptables= configuration to allow SSH on port 22, IMAPS on 993, wireguard (wg0), mDNS and local smb for 192.168.0.0/16 =iptables= configuration to allow SSH on port 22, IMAPS on 993, wireguard (wg0), syncthing, mDNS and local smb for 192.168.0.0/16
#+BEGIN_SRC scheme :session #+BEGIN_SRC scheme :session
(service iptables-service-type (service iptables-service-type
@ -267,7 +267,12 @@ wireguard
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT -A FORWARD -i wg0 -j ACCEPT
#+end_src #+end_src
syncthing
#+BEGIN_SRC scheme
-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT
-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT
#+END_SRC
otherwise
#+BEGIN_SRC scheme #+BEGIN_SRC scheme
-A INPUT -j REJECT --reject-with icmp-port-unreachable -A INPUT -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -m conntrack --ctstate INVALID -j DROP
@ -306,7 +311,12 @@ wireguard
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT -A FORWARD -i wg0 -j ACCEPT
#+end_src #+end_src
syncthing
#+BEGIN_SRC scheme
-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT
-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT
#+END_SRC
otherwise
#+BEGIN_SRC scheme #+BEGIN_SRC scheme
-A INPUT -j REJECT --reject-with icmp6-port-unreachable -A INPUT -j REJECT --reject-with icmp6-port-unreachable
-A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -m conntrack --ctstate INVALID -j DROP

View file

@ -1,6 +1,6 @@
;; -*- mode: scheme; coding: utf-8; -*- ;; -*- mode: scheme; coding: utf-8; -*-
;; ;;
;; tangled from framework13-system.org on 2024-06-18 12:53:06+02:00) ;; tangled from framework13-system.org on 2024-08-02 11:16:35+02:00)
(use-modules (gnu) (use-modules (gnu)
(gnu packages) (gnu packages)
@ -158,6 +158,9 @@ COMMIT
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT -A FORWARD -i wg0 -j ACCEPT
-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT
-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable -A INPUT -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -m conntrack --ctstate INVALID -j DROP
COMMIT COMMIT
@ -189,6 +192,9 @@ COMMIT
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT -A FORWARD -i wg0 -j ACCEPT
-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT
-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-port-unreachable -A INPUT -j REJECT --reject-with icmp6-port-unreachable
-A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -m conntrack --ctstate INVALID -j DROP
COMMIT COMMIT
@ -306,19 +312,24 @@ writable = yes
(targets (list "/boot/efi")) (targets (list "/boot/efi"))
(keyboard-layout keyboard-layout))) (keyboard-layout keyboard-layout)))
(swap-devices (list (swap-space (mapped-devices (list (mapped-device
(target (file-system-label "swap"))))) (source (uuid
"9b5d47cd-d865-4ec9-81ec-30565fa767e4"))
(target "cryptroot")
(type luks-device-mapping))))
(file-systems (cons* (file-system (file-systems (cons* (file-system
(mount-point "/boot/efi") (mount-point "/boot/efi")
(device (uuid "8B3C-3BC0" 'fat32)) (device (uuid "0D77-7016" 'fat32))
(type "vfat")) (type "vfat"))
(file-system (file-system
(mount-point "/") (mount-point "/")
(device (uuid (device "/dev/mapper/cryptroot")
"e0ece027-0396-4546-8aba-2ce91285d061" (type "ext4")
'ext4)) (dependencies mapped-devices)) %base-file-systems))
(type "ext4"))
%base-file-systems)) ;; (swap-devices (list (swap-space
;; (target (file-system-label "swap")))))
(swap-devices `("/mnt/swapfile"))
) ;; end operating-system declaration ) ;; end operating-system declaration

View file

@ -240,6 +240,12 @@ the zsh dotfiles are added manually rather than using dotfiles-service (duplicat
;; ssh config in 'dotfiles' ;; ssh config in 'dotfiles'
#+END_SRC #+END_SRC
*** syncthing
using [[https://syncthing.net/][syncthing]] for local & point-to-point filesync across machines (see also nextcloud)
#+BEGIN_SRC scheme
(service home-syncthing-service-type)
#+END_SRC
*** sound *** sound
via pipewire which requires dbus (see also [[https://guix.gnu.org/manual/devel/en/html_node/Sound-Home-Services.html][guix manual]]) via pipewire which requires dbus (see also [[https://guix.gnu.org/manual/devel/en/html_node/Sound-Home-Services.html][guix manual]])

View file

@ -1,6 +1,6 @@
;; -*- mode: scheme; coding: utf-8; -*- ;; -*- mode: scheme; coding: utf-8; -*-
;; ;;
;; tangled from home-configuration.org on 2024-04-14 14:56:58+02:00) ;; tangled from home-configuration.org on 2024-08-02 11:17:18+02:00)
(use-modules (gnu) (use-modules (gnu)
(gnu home) (gnu home)
@ -149,6 +149,8 @@
;; ssh config in 'dotfiles' ;; ssh config in 'dotfiles'
(service home-syncthing-service-type)
(service home-dbus-service-type) (service home-dbus-service-type)
(service home-pipewire-service-type (service home-pipewire-service-type