Put in earplugs

This commit is contained in:
nik gaffney 2024-01-31 11:16:06 +01:00
parent 635ed1f88b
commit 99ffa1c345
Signed by: nik
GPG key ID: 989F5E6EDB478160
2 changed files with 15 additions and 8 deletions

View file

@ -98,7 +98,7 @@ Layout is qwerty, CAPS_LOCK is CTRL, Ctrl-Fn-Meta-super to left of SPACE. The =k
** kernel ** kernel
A custom kernel is configured above, kernel arguments are declared here. A custom kernel is configured above, kernel arguments are declared here.
The =hid_sensor_hub= module needs to be disabled for screen dimming and keyboard backlight to work as expecrted. Some other kernel arguments possibly required for (in)compatability with other features include "amdgpu.sg_display=0", "acpi_osi=linux" "acpi_backlight=vendor" The =hid_sensor_hub= module needs to be disabled for screen dimming and keyboard backlight to work as expecrted. Some other kernel arguments possibly required for (in)compatability with other features include ="amdgpu.sg_display=0"=, ="acpi_osi=linux" "acpi_backlight=vendor"=
Kernel & driver details Kernel & driver details
- https://gitlab.com/nonguix/nonguix - https://gitlab.com/nonguix/nonguix
@ -172,7 +172,6 @@ Packages installed system-wide. Users can also install packages under their own
"emacs-exwm" "emacs-exwm"
"openssh-sans-x" "openssh-sans-x"
"nss-certs" "nss-certs"
"htop"
;; xfce ;; xfce
"xfce4-power-manager" "xfce4-power-manager"
"xfce4-screensaver" "xfce4-screensaver"
@ -224,6 +223,9 @@ use dovecot for local IMAP
(service iptables-service-type (service iptables-service-type
(iptables-configuration (iptables-configuration
(ipv4-rules (plain-file "iptables.rules" (ipv4-rules (plain-file "iptables.rules"
#+end_src
**** ipv4 rules
#+BEGIN_SRC scheme
"*nat "*nat
:PREROUTING ACCEPT :PREROUTING ACCEPT
:INPUT ACCEPT :INPUT ACCEPT
@ -231,7 +233,7 @@ use dovecot for local IMAP
:POSTROUTING ACCEPT :POSTROUTING ACCEPT
-A POSTROUTING -o en0 -j MASQUERADE -A POSTROUTING -o en0 -j MASQUERADE
COMMIT COMMIT
*filter ,*filter
:INPUT ACCEPT :INPUT ACCEPT
:FORWARD ACCEPT :FORWARD ACCEPT
:OUTPUT ACCEPT :OUTPUT ACCEPT
@ -248,7 +250,6 @@ SMB
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 445 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 445 -j ACCEPT
#+end_src #+end_src
wireguard wireguard
#+BEGIN_SRC scheme #+BEGIN_SRC scheme
-A INPUT -p udp -m udp --dport 51820 -j ACCEPT -A INPUT -p udp -m udp --dport 51820 -j ACCEPT
-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
@ -260,6 +261,9 @@ wireguard
-A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -m conntrack --ctstate INVALID -j DROP
COMMIT COMMIT
")) "))
#+end_src
**** ipv6 rules
#+BEGIN_SRC scheme
(ipv6-rules (plain-file "ip6tables.rules" (ipv6-rules (plain-file "ip6tables.rules"
"*nat "*nat
:PREROUTING ACCEPT :PREROUTING ACCEPT
@ -321,7 +325,8 @@ details can be found (and mostly ignored) in [[https://guix.gnu.org/cookbook/en
(endpoint "example.org:51820") (endpoint "example.org:51820")
(public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=") (public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=")
(allowed-ips '("10.0.0.13/32" "fded:dada::13/128")) (allowed-ips '("10.0.0.13/32" "fded:dada::13/128"))
(keep-alive 25)))))) (keep-alive 25)))))
(%auto-start? #t))
#+END_SRC #+END_SRC
*** display manager *** display manager

View file

@ -1,6 +1,6 @@
;; -*- mode: scheme; coding: utf-8; -*- ;; -*- mode: scheme; coding: utf-8; -*-
;; ;;
;; tangled from framework13-system.org on 2024-01-31 09:21:35+01:00) ;; tangled from framework13-system.org on 2024-01-31 11:13:11+01:00)
(use-modules (gnu) (use-modules (gnu)
(gnu packages) (gnu packages)
@ -94,7 +94,6 @@
"emacs-exwm" "emacs-exwm"
"openssh-sans-x" "openssh-sans-x"
"nss-certs" "nss-certs"
"htop"
;; xfce ;; xfce
"xfce4-power-manager" "xfce4-power-manager"
"xfce4-screensaver" "xfce4-screensaver"
@ -127,6 +126,7 @@
(service iptables-service-type (service iptables-service-type
(iptables-configuration (iptables-configuration
(ipv4-rules (plain-file "iptables.rules" (ipv4-rules (plain-file "iptables.rules"
"*nat "*nat
:PREROUTING ACCEPT :PREROUTING ACCEPT
:INPUT ACCEPT :INPUT ACCEPT
@ -156,6 +156,7 @@ COMMIT
-A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -m conntrack --ctstate INVALID -j DROP
COMMIT COMMIT
")) "))
(ipv6-rules (plain-file "ip6tables.rules" (ipv6-rules (plain-file "ip6tables.rules"
"*nat "*nat
:PREROUTING ACCEPT :PREROUTING ACCEPT
@ -205,7 +206,8 @@ COMMIT
(endpoint "example.org:51820") (endpoint "example.org:51820")
(public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=") (public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=")
(allowed-ips '("10.0.0.13/32" "fded:dada::13/128")) (allowed-ips '("10.0.0.13/32" "fded:dada::13/128"))
(keep-alive 25)))))) (keep-alive 25)))))
(%auto-start? #t))
;; (service sddm-service-type ;; (service sddm-service-type
;; (sddm-configuration ;; (sddm-configuration