Put in earplugs
This commit is contained in:
parent
570d8fffb5
commit
5490a8950b
2 changed files with 18 additions and 14 deletions
|
@ -216,7 +216,7 @@ use dovecot for local IMAP
|
||||||
|
|
||||||
*** iptables
|
*** iptables
|
||||||
|
|
||||||
=iptables= configuration to allow SSH on port 22, IMAPS on 993, mDNS and local smb for 192.168.0.0/16
|
=iptables= configuration to allow SSH on port 22, IMAPS on 993, wireguard (wg0), mDNS and local smb for 192.168.0.0/16
|
||||||
|
|
||||||
#+BEGIN_SRC scheme :session
|
#+BEGIN_SRC scheme :session
|
||||||
(service iptables-service-type
|
(service iptables-service-type
|
||||||
|
@ -245,6 +245,8 @@ COMMIT
|
||||||
-A INPUT -p tcp --dport 22 -j ACCEPT
|
-A INPUT -p tcp --dport 22 -j ACCEPT
|
||||||
-A INPUT -p tcp --dport 993 -j ACCEPT
|
-A INPUT -p tcp --dport 993 -j ACCEPT
|
||||||
-A INPUT -p udp -m udp --dport 5353 -j ACCEPT
|
-A INPUT -p udp -m udp --dport 5353 -j ACCEPT
|
||||||
|
-A INPUT -p udp -m udp --dport 51820 -j ACCEPT
|
||||||
|
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT
|
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT
|
||||||
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT
|
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT
|
||||||
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT
|
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT
|
||||||
|
@ -262,22 +264,22 @@ details can be found (and mostly ignored) in [[https://guix.gnu.org/cookbook/en
|
||||||
#+BEGIN_SRC scheme :session
|
#+BEGIN_SRC scheme :session
|
||||||
(service wireguard-service-type
|
(service wireguard-service-type
|
||||||
(wireguard-configuration
|
(wireguard-configuration
|
||||||
(addresses '("10.0.0.23" "fd24:609a:6c18::23")
|
(addresses '("10.0.0.23" "fd24:609a:6c18::23"))
|
||||||
(port 51820)))
|
(port 51820)
|
||||||
(peers
|
(peers
|
||||||
(list
|
(list
|
||||||
(wireguard-peer
|
(wireguard-peer
|
||||||
(name "lmn")
|
(name "lmn")
|
||||||
(endpoint "example.org:51820")
|
(endpoint "example.org:51820")
|
||||||
(public-key "WHmVhvgxkBxk8fqZU6pWEaH4iVzOcud9JQivwRsaIE8=")
|
(public-key "WHmVhvgxkBxk8fqZU6pWEaH4iVzOcud9JQivwRsaIE8=")
|
||||||
(allowed-ips '("10.0.0.1/32"))
|
(allowed-ips '("10.0.0.1/32" "fd24:609a:6c18::1"))
|
||||||
(keep-alive 25))
|
(keep-alive 25))
|
||||||
(wireguard-peer
|
(wireguard-peer
|
||||||
(name "beryllium")
|
(name "beryllium")
|
||||||
(endpoint "example.org:51820")
|
(endpoint "example.org:51820")
|
||||||
(public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=")
|
(public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=")
|
||||||
(allowed-ips '("10.0.0.13/32"))
|
(allowed-ips '("10.0.0.13/32" "fd24:609a:6c18::13"))
|
||||||
(keep-alive 25)))))
|
(keep-alive 25))))))
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
|
||||||
*** display manager
|
*** display manager
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
;; -*- mode: scheme; coding: utf-8; -*-
|
;; -*- mode: scheme; coding: utf-8; -*-
|
||||||
;;
|
;;
|
||||||
;; tangled from framework13-system.org on 2024-01-23 17:18:20+01:00)
|
;; tangled from framework13-system.org on 2024-01-23 17:38:17+01:00)
|
||||||
|
|
||||||
(use-modules (gnu)
|
(use-modules (gnu)
|
||||||
(gnu packages)
|
(gnu packages)
|
||||||
|
@ -149,6 +149,8 @@ COMMIT
|
||||||
-A INPUT -p tcp --dport 22 -j ACCEPT
|
-A INPUT -p tcp --dport 22 -j ACCEPT
|
||||||
-A INPUT -p tcp --dport 993 -j ACCEPT
|
-A INPUT -p tcp --dport 993 -j ACCEPT
|
||||||
-A INPUT -p udp -m udp --dport 5353 -j ACCEPT
|
-A INPUT -p udp -m udp --dport 5353 -j ACCEPT
|
||||||
|
-A INPUT -p udp -m udp --dport 51820 -j ACCEPT
|
||||||
|
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT
|
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT
|
||||||
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT
|
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT
|
||||||
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT
|
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT
|
||||||
|
@ -160,22 +162,22 @@ COMMIT
|
||||||
|
|
||||||
(service wireguard-service-type
|
(service wireguard-service-type
|
||||||
(wireguard-configuration
|
(wireguard-configuration
|
||||||
(addresses '("10.0.0.23" "fd24:609a:6c18::23")
|
(addresses '("10.0.0.23" "fd24:609a:6c18::23"))
|
||||||
(port 51820)))
|
(port 51820)
|
||||||
(peers
|
(peers
|
||||||
(list
|
(list
|
||||||
(wireguard-peer
|
(wireguard-peer
|
||||||
(name "lmn")
|
(name "lmn")
|
||||||
(endpoint "example.org:51820")
|
(endpoint "example.org:51820")
|
||||||
(public-key "WHmVhvgxkBxk8fqZU6pWEaH4iVzOcud9JQivwRsaIE8=")
|
(public-key "WHmVhvgxkBxk8fqZU6pWEaH4iVzOcud9JQivwRsaIE8=")
|
||||||
(allowed-ips '("10.0.0.1/32"))
|
(allowed-ips '("10.0.0.1/32" "fd24:609a:6c18::1"))
|
||||||
(keep-alive 25))
|
(keep-alive 25))
|
||||||
(wireguard-peer
|
(wireguard-peer
|
||||||
(name "beryllium")
|
(name "beryllium")
|
||||||
(endpoint "example.org:51820")
|
(endpoint "example.org:51820")
|
||||||
(public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=")
|
(public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=")
|
||||||
(allowed-ips '("10.0.0.13/32"))
|
(allowed-ips '("10.0.0.13/32" "fd24:609a:6c18::13"))
|
||||||
(keep-alive 25)))))
|
(keep-alive 25))))))
|
||||||
|
|
||||||
;; (service sddm-service-type
|
;; (service sddm-service-type
|
||||||
;; (sddm-configuration
|
;; (sddm-configuration
|
||||||
|
|
Loading…
Reference in a new issue