Put in earplugs

This commit is contained in:
nik gaffney 2024-01-23 17:38:27 +01:00
parent 570d8fffb5
commit 5490a8950b
Signed by: nik
GPG key ID: 989F5E6EDB478160
2 changed files with 18 additions and 14 deletions

View file

@ -216,7 +216,7 @@ use dovecot for local IMAP
*** iptables *** iptables
=iptables= configuration to allow SSH on port 22, IMAPS on 993, mDNS and local smb for 192.168.0.0/16 =iptables= configuration to allow SSH on port 22, IMAPS on 993, wireguard (wg0), mDNS and local smb for 192.168.0.0/16
#+BEGIN_SRC scheme :session #+BEGIN_SRC scheme :session
(service iptables-service-type (service iptables-service-type
@ -245,6 +245,8 @@ COMMIT
-A INPUT -p tcp --dport 22 -j ACCEPT -A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT -A INPUT -p tcp --dport 993 -j ACCEPT
-A INPUT -p udp -m udp --dport 5353 -j ACCEPT -A INPUT -p udp -m udp --dport 5353 -j ACCEPT
-A INPUT -p udp -m udp --dport 51820 -j ACCEPT
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT
@ -262,22 +264,22 @@ details can be found (and mostly ignored) in [[https://guix.gnu.org/cookbook/en
#+BEGIN_SRC scheme :session #+BEGIN_SRC scheme :session
(service wireguard-service-type (service wireguard-service-type
(wireguard-configuration (wireguard-configuration
(addresses '("10.0.0.23" "fd24:609a:6c18::23") (addresses '("10.0.0.23" "fd24:609a:6c18::23"))
(port 51820))) (port 51820)
(peers (peers
(list (list
(wireguard-peer (wireguard-peer
(name "lmn") (name "lmn")
(endpoint "example.org:51820") (endpoint "example.org:51820")
(public-key "WHmVhvgxkBxk8fqZU6pWEaH4iVzOcud9JQivwRsaIE8=") (public-key "WHmVhvgxkBxk8fqZU6pWEaH4iVzOcud9JQivwRsaIE8=")
(allowed-ips '("10.0.0.1/32")) (allowed-ips '("10.0.0.1/32" "fd24:609a:6c18::1"))
(keep-alive 25)) (keep-alive 25))
(wireguard-peer (wireguard-peer
(name "beryllium") (name "beryllium")
(endpoint "example.org:51820") (endpoint "example.org:51820")
(public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=") (public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=")
(allowed-ips '("10.0.0.13/32")) (allowed-ips '("10.0.0.13/32" "fd24:609a:6c18::13"))
(keep-alive 25))))) (keep-alive 25))))))
#+END_SRC #+END_SRC
*** display manager *** display manager

View file

@ -1,6 +1,6 @@
;; -*- mode: scheme; coding: utf-8; -*- ;; -*- mode: scheme; coding: utf-8; -*-
;; ;;
;; tangled from framework13-system.org on 2024-01-23 17:18:20+01:00) ;; tangled from framework13-system.org on 2024-01-23 17:38:17+01:00)
(use-modules (gnu) (use-modules (gnu)
(gnu packages) (gnu packages)
@ -149,6 +149,8 @@ COMMIT
-A INPUT -p tcp --dport 22 -j ACCEPT -A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT -A INPUT -p tcp --dport 993 -j ACCEPT
-A INPUT -p udp -m udp --dport 5353 -j ACCEPT -A INPUT -p udp -m udp --dport 5353 -j ACCEPT
-A INPUT -p udp -m udp --dport 51820 -j ACCEPT
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT
@ -160,22 +162,22 @@ COMMIT
(service wireguard-service-type (service wireguard-service-type
(wireguard-configuration (wireguard-configuration
(addresses '("10.0.0.23" "fd24:609a:6c18::23") (addresses '("10.0.0.23" "fd24:609a:6c18::23"))
(port 51820))) (port 51820)
(peers (peers
(list (list
(wireguard-peer (wireguard-peer
(name "lmn") (name "lmn")
(endpoint "example.org:51820") (endpoint "example.org:51820")
(public-key "WHmVhvgxkBxk8fqZU6pWEaH4iVzOcud9JQivwRsaIE8=") (public-key "WHmVhvgxkBxk8fqZU6pWEaH4iVzOcud9JQivwRsaIE8=")
(allowed-ips '("10.0.0.1/32")) (allowed-ips '("10.0.0.1/32" "fd24:609a:6c18::1"))
(keep-alive 25)) (keep-alive 25))
(wireguard-peer (wireguard-peer
(name "beryllium") (name "beryllium")
(endpoint "example.org:51820") (endpoint "example.org:51820")
(public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=") (public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=")
(allowed-ips '("10.0.0.13/32")) (allowed-ips '("10.0.0.13/32" "fd24:609a:6c18::13"))
(keep-alive 25))))) (keep-alive 25))))))
;; (service sddm-service-type ;; (service sddm-service-type
;; (sddm-configuration ;; (sddm-configuration