Put in earplugs
This commit is contained in:
parent
f7a4c002d5
commit
9c8d3817ad
GPG key ID:
989F5E6EDB478160
|
|
@ -31,12 +31,12 @@ echo ";; -*- mode: scheme; coding: utf-8; -*-
|
||||||
(gnu packages shells)
|
(gnu packages shells)
|
||||||
(gnu packages linux)
|
(gnu packages linux)
|
||||||
(gnu packages xdisorg)
|
(gnu packages xdisorg)
|
||||||
(gnu packages emacs-xyz)
|
(gnu packages emacs-xyz))
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
Include non-free linux kernel, modules and firmware from the [[https://gitlab.com/nonguix/nonguix/][nonguix channel]]
|
Include non-free linux kernel, modules and firmware from the [[https://gitlab.com/nonguix/nonguix/][nonguix channel]]
|
||||||
#+begin_src scheme
|
#+begin_src scheme
|
||||||
(nongnu packages linux)
|
(use-modules (nongnu packages linux)
|
||||||
(nongnu system linux-initrd))
|
(nongnu system linux-initrd))
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
|
|
@ -130,6 +130,7 @@ Kernel & driver details
|
||||||
"audio"
|
"audio"
|
||||||
"video"
|
"video"
|
||||||
"www-data"
|
"www-data"
|
||||||
|
"realtime"
|
||||||
"lp")))
|
"lp")))
|
||||||
(user-account
|
(user-account
|
||||||
(name "www-data")
|
(name "www-data")
|
||||||
|
|
@ -141,6 +142,9 @@ Kernel & driver details
|
||||||
#+begin_src scheme
|
#+begin_src scheme
|
||||||
(groups (cons* (user-group
|
(groups (cons* (user-group
|
||||||
(name "www-data"))
|
(name "www-data"))
|
||||||
|
(user-group
|
||||||
|
(system? #t)
|
||||||
|
(name "realtime"))
|
||||||
%base-groups))
|
%base-groups))
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
|
|
@ -196,6 +200,7 @@ Below is the list of enabled system services. To search for any available servi
|
||||||
`(("zzk" ,(local-file "zzk_rsa.pub"))
|
`(("zzk" ,(local-file "zzk_rsa.pub"))
|
||||||
("root" ,(local-file "zzk_rsa.pub"))))))
|
("root" ,(local-file "zzk_rsa.pub"))))))
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
*** mail
|
*** mail
|
||||||
use dovecot for local IMAP
|
use dovecot for local IMAP
|
||||||
#+begin_src scheme
|
#+begin_src scheme
|
||||||
|
|
@ -205,6 +210,43 @@ use dovecot for local IMAP
|
||||||
(mail-location "maildir:%h/Maildir:LAYOUT=fs")))
|
(mail-location "maildir:%h/Maildir:LAYOUT=fs")))
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
|
*** iptables
|
||||||
|
|
||||||
|
=iptables= configuration to allow ssh on port 22, imaps on 993 and local smb for 192.168.0.0/16
|
||||||
|
|
||||||
|
#+BEGIN_SRC scheme :session
|
||||||
|
(service iptables-service-type
|
||||||
|
(iptables-configuration
|
||||||
|
(ipv4-rules (plain-file "iptables.rules" "*filter
|
||||||
|
:INPUT ACCEPT
|
||||||
|
:FORWARD ACCEPT
|
||||||
|
:OUTPUT ACCEPT
|
||||||
|
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
-A INPUT -p tcp --dport 22 -j ACCEPT
|
||||||
|
-A INPUT -p tcp --dport 993 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 137 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 138 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 139 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 445 -j ACCEPT
|
||||||
|
-A INPUT -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
COMMIT
|
||||||
|
"))
|
||||||
|
(ipv6-rules (plain-file "ip6tables.rules" "*filter
|
||||||
|
:INPUT ACCEPT
|
||||||
|
:FORWARD ACCEPT
|
||||||
|
:OUTPUT ACCEPT
|
||||||
|
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
-A INPUT -p tcp --dport 22 -j ACCEPT
|
||||||
|
-A INPUT -p tcp --dport 993 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 137 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 138 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 139 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 445 -j ACCEPT
|
||||||
|
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
|
||||||
|
COMMIT
|
||||||
|
"))))
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
*** display manager
|
*** display manager
|
||||||
#+begin_src scheme
|
#+begin_src scheme
|
||||||
;; (service sddm-service-type
|
;; (service sddm-service-type
|
||||||
|
|
@ -219,6 +261,7 @@ use dovecot for local IMAP
|
||||||
(xorg-configuration
|
(xorg-configuration
|
||||||
(keyboard-layout keyboard-layout)
|
(keyboard-layout keyboard-layout)
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
Trackpad config using [[https://www.mankier.com/4/libinput][libinput]]
|
Trackpad config using [[https://www.mankier.com/4/libinput][libinput]]
|
||||||
#+begin_src scheme
|
#+begin_src scheme
|
||||||
(extra-config '("Section \"InputClass\"
|
(extra-config '("Section \"InputClass\"
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
;; -*- mode: scheme; coding: utf-8; -*-
|
;; -*- mode: scheme; coding: utf-8; -*-
|
||||||
;;
|
;;
|
||||||
;; tangled from framework13-system.org on 2024-01-04 14:14:30+01:00)
|
;; tangled from framework13-system.org on 2024-01-17 15:35:13+01:00)
|
||||||
|
|
||||||
(use-modules (gnu)
|
(use-modules (gnu)
|
||||||
(gnu packages)
|
(gnu packages)
|
||||||
|
|
@ -10,9 +10,9 @@
|
||||||
(gnu packages shells)
|
(gnu packages shells)
|
||||||
(gnu packages linux)
|
(gnu packages linux)
|
||||||
(gnu packages xdisorg)
|
(gnu packages xdisorg)
|
||||||
(gnu packages emacs-xyz)
|
(gnu packages emacs-xyz))
|
||||||
|
|
||||||
(nongnu packages linux)
|
(use-modules (nongnu packages linux)
|
||||||
(nongnu system linux-initrd))
|
(nongnu system linux-initrd))
|
||||||
|
|
||||||
(use-service-modules cups
|
(use-service-modules cups
|
||||||
|
|
@ -64,6 +64,7 @@
|
||||||
"audio"
|
"audio"
|
||||||
"video"
|
"video"
|
||||||
"www-data"
|
"www-data"
|
||||||
|
"realtime"
|
||||||
"lp")))
|
"lp")))
|
||||||
(user-account
|
(user-account
|
||||||
(name "www-data")
|
(name "www-data")
|
||||||
|
|
@ -73,6 +74,9 @@
|
||||||
|
|
||||||
(groups (cons* (user-group
|
(groups (cons* (user-group
|
||||||
(name "www-data"))
|
(name "www-data"))
|
||||||
|
(user-group
|
||||||
|
(system? #t)
|
||||||
|
(name "realtime"))
|
||||||
%base-groups))
|
%base-groups))
|
||||||
|
|
||||||
(sudoers-file
|
(sudoers-file
|
||||||
|
|
@ -115,6 +119,37 @@
|
||||||
(dovecot-configuration
|
(dovecot-configuration
|
||||||
(mail-location "maildir:%h/Maildir:LAYOUT=fs")))
|
(mail-location "maildir:%h/Maildir:LAYOUT=fs")))
|
||||||
|
|
||||||
|
(service iptables-service-type
|
||||||
|
(iptables-configuration
|
||||||
|
(ipv4-rules (plain-file "iptables.rules" "*filter
|
||||||
|
:INPUT ACCEPT
|
||||||
|
:FORWARD ACCEPT
|
||||||
|
:OUTPUT ACCEPT
|
||||||
|
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
-A INPUT -p tcp --dport 22 -j ACCEPT
|
||||||
|
-A INPUT -p tcp --dport 993 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 137 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 138 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 139 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 445 -j ACCEPT
|
||||||
|
-A INPUT -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
COMMIT
|
||||||
|
"))
|
||||||
|
(ipv6-rules (plain-file "ip6tables.rules" "*filter
|
||||||
|
:INPUT ACCEPT
|
||||||
|
:FORWARD ACCEPT
|
||||||
|
:OUTPUT ACCEPT
|
||||||
|
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
-A INPUT -p tcp --dport 22 -j ACCEPT
|
||||||
|
-A INPUT -p tcp --dport 993 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 137 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 138 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 139 -j ACCEPT
|
||||||
|
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 445 -j ACCEPT
|
||||||
|
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
|
||||||
|
COMMIT
|
||||||
|
"))))
|
||||||
|
|
||||||
;; (service sddm-service-type
|
;; (service sddm-service-type
|
||||||
;; (sddm-configuration
|
;; (sddm-configuration
|
||||||
;; (display-server "wayland")
|
;; (display-server "wayland")
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue