diff --git a/config/framework13-system.org b/config/framework13-system.org index 491961f..aa2dc31 100644 --- a/config/framework13-system.org +++ b/config/framework13-system.org @@ -98,7 +98,7 @@ Layout is qwerty, CAPS_LOCK is CTRL, Ctrl-Fn-Meta-super to left of SPACE. The =k ** kernel A custom kernel is configured above, kernel arguments are declared here. -The =hid_sensor_hub= module needs to be disabled for screen dimming and keyboard backlight to work as expecrted. Some other kernel arguments possibly required for (in)compatability with other features include "amdgpu.sg_display=0", "acpi_osi=linux" "acpi_backlight=vendor" +The =hid_sensor_hub= module needs to be disabled for screen dimming and keyboard backlight to work as expecrted. Some other kernel arguments possibly required for (in)compatability with other features include ="amdgpu.sg_display=0"=, ="acpi_osi=linux" "acpi_backlight=vendor"= Kernel & driver details - https://gitlab.com/nonguix/nonguix @@ -172,7 +172,6 @@ Packages installed system-wide. Users can also install packages under their own "emacs-exwm" "openssh-sans-x" "nss-certs" - "htop" ;; xfce "xfce4-power-manager" "xfce4-screensaver" @@ -224,6 +223,9 @@ use dovecot for local IMAP (service iptables-service-type (iptables-configuration (ipv4-rules (plain-file "iptables.rules" +#+end_src +**** ipv4 rules +#+BEGIN_SRC scheme "*nat :PREROUTING ACCEPT :INPUT ACCEPT @@ -231,7 +233,7 @@ use dovecot for local IMAP :POSTROUTING ACCEPT -A POSTROUTING -o en0 -j MASQUERADE COMMIT -*filter +,*filter :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT @@ -248,7 +250,6 @@ SMB -A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 445 -j ACCEPT #+end_src wireguard - #+BEGIN_SRC scheme -A INPUT -p udp -m udp --dport 51820 -j ACCEPT -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT @@ -260,6 +261,9 @@ wireguard -A INPUT -m conntrack --ctstate INVALID -j DROP COMMIT ")) + #+end_src +**** ipv6 rules +#+BEGIN_SRC scheme (ipv6-rules (plain-file "ip6tables.rules" "*nat :PREROUTING ACCEPT @@ -321,7 +325,8 @@ details can be found (and mostly ignored) in [[https://guix.gnu.org/cookbook/en (endpoint "example.org:51820") (public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=") (allowed-ips '("10.0.0.13/32" "fded:dada::13/128")) - (keep-alive 25)))))) + (keep-alive 25))))) + (%auto-start? #t)) #+END_SRC *** display manager diff --git a/config/framework13-system.scm b/config/framework13-system.scm index eb218a5..702c0e6 100644 --- a/config/framework13-system.scm +++ b/config/framework13-system.scm @@ -1,6 +1,6 @@ ;; -*- mode: scheme; coding: utf-8; -*- ;; -;; tangled from framework13-system.org on 2024-01-31 09:21:35+01:00) +;; tangled from framework13-system.org on 2024-01-31 11:13:11+01:00) (use-modules (gnu) (gnu packages) @@ -94,7 +94,6 @@ "emacs-exwm" "openssh-sans-x" "nss-certs" - "htop" ;; xfce "xfce4-power-manager" "xfce4-screensaver" @@ -127,6 +126,7 @@ (service iptables-service-type (iptables-configuration (ipv4-rules (plain-file "iptables.rules" + "*nat :PREROUTING ACCEPT :INPUT ACCEPT @@ -156,6 +156,7 @@ COMMIT -A INPUT -m conntrack --ctstate INVALID -j DROP COMMIT ")) + (ipv6-rules (plain-file "ip6tables.rules" "*nat :PREROUTING ACCEPT @@ -205,7 +206,8 @@ COMMIT (endpoint "example.org:51820") (public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=") (allowed-ips '("10.0.0.13/32" "fded:dada::13/128")) - (keep-alive 25)))))) + (keep-alive 25))))) + (%auto-start? #t)) ;; (service sddm-service-type ;; (sddm-configuration