From bd14fef05308e187d302b55e20054a7a1297b1b0 Mon Sep 17 00:00:00 2001 From: nik gaffney Date: Fri, 26 Jan 2024 10:53:38 +0100 Subject: [PATCH] Put in earplugs --- config/framework13-system.org | 17 ++++++++--------- config/framework13-system.scm | 16 ++++++++-------- 2 files changed, 16 insertions(+), 17 deletions(-) diff --git a/config/framework13-system.org b/config/framework13-system.org index 72743da..03bfc49 100644 --- a/config/framework13-system.org +++ b/config/framework13-system.org @@ -66,7 +66,7 @@ Include non-free linux kernel, modules and firmware from the [[https://gitlab.c * kernel corruption -Some kernel corruption may be required to enable WIFI. Since the non-free kernel from nonguix doesn’t include the driver for RZ616/MT7922 adapter by default it needs to be added explicitly. Defined here and used in the =operating-system= declaration below. +Some kernel corruption may be required to enable WIFI. Since the non-free kernel from nonguix doesn’t include the driver for RZ616/MT7922 adapter by default it needs to be added explicitly. Defined here and used in the =operating-system= declaration below. (see also commit [[https://gitlab.com/nonguix/nonguix/-/commit/3857d86267284000dc48660a5dfd56cb2a8cf004][3857d862]] for the addition of =nonguix-extra-linux-options=) #+begin_src scheme (define-public linux-fw13 @@ -277,13 +277,12 @@ COMMIT #+end_src SMB #+BEGIN_SRC scheme --A INPUT -p udp -m udp -s fd24:609a:6c18::/64 --dport 137 -j ACCEPT --A INPUT -p udp -m udp -s fd24:609a:6c18::/64 --dport 138 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp -s fd24:609a:6c18::/64 --dport 139 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp -s fd24:609a:6c18::/64 --dport 445 -j ACCEPT +-A INPUT -p udp -m udp -s fded:c2f7:43ef::/64 --dport 137 -j ACCEPT +-A INPUT -p udp -m udp -s fded:c2f7:43ef::/64 --dport 138 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp -s fded:c2f7:43ef::/64 --dport 139 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp -s fded:c2f7:43ef::/64 --dport 445 -j ACCEPT #+end_src wireguard - #+BEGIN_SRC scheme -A INPUT -p udp -m udp --dport 51820 -j ACCEPT -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT @@ -304,7 +303,7 @@ details can be found (and mostly ignored) in [[https://guix.gnu.org/cookbook/en #+BEGIN_SRC scheme :session (service wireguard-service-type (wireguard-configuration - (addresses '("10.0.0.23/24" "fd24:609a:6c18::23/64")) + (addresses '("10.0.0.23/32" "fded:dada::23/128")) (private-key "/etc/wireguard/private.key") (port 51820) (peers @@ -313,13 +312,13 @@ details can be found (and mostly ignored) in [[https://guix.gnu.org/cookbook/en (name "lmn") (endpoint "example.org:51820") (public-key "WHmVhvgxkBxk8fqZU6pWEaH4iVzOcud9JQivwRsaIE8=") - (allowed-ips '("10.0.0.1/24" "fd24:609a:6c18::1/64")) + (allowed-ips '("10.0.0.1/24" "fded:dada::1/64")) (keep-alive 25)) (wireguard-peer (name "beryllium") (endpoint "example.org:51820") (public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=") - (allowed-ips '("10.0.0.13/24" "fd24:609a:6c18::13/64")) + (allowed-ips '("10.0.0.13/32" "fded:dada::13/128")) (keep-alive 25)))))) #+END_SRC diff --git a/config/framework13-system.scm b/config/framework13-system.scm index 0f96299..1d6aa32 100644 --- a/config/framework13-system.scm +++ b/config/framework13-system.scm @@ -1,6 +1,6 @@ ;; -*- mode: scheme; coding: utf-8; -*- ;; -;; tangled from framework13-system.org on 2024-01-24 22:29:53+01:00) +;; tangled from framework13-system.org on 2024-01-26 10:45:43+01:00) (use-modules (gnu) (gnu packages) @@ -172,10 +172,10 @@ COMMIT -A INPUT -p tcp --dport 993 -j ACCEPT -A INPUT -p udp -m udp --dport 5353 -j ACCEPT --A INPUT -p udp -m udp -s fd24:609a:6c18::/64 --dport 137 -j ACCEPT --A INPUT -p udp -m udp -s fd24:609a:6c18::/64 --dport 138 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp -s fd24:609a:6c18::/64 --dport 139 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp -s fd24:609a:6c18::/64 --dport 445 -j ACCEPT +-A INPUT -p udp -m udp -s fded:c2f7:43ef::/64 --dport 137 -j ACCEPT +-A INPUT -p udp -m udp -s fded:c2f7:43ef::/64 --dport 138 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp -s fded:c2f7:43ef::/64 --dport 139 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp -s fded:c2f7:43ef::/64 --dport 445 -j ACCEPT -A INPUT -p udp -m udp --dport 51820 -j ACCEPT -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT @@ -188,7 +188,7 @@ COMMIT (service wireguard-service-type (wireguard-configuration - (addresses '("10.0.0.23/24" "fd24:609a:6c18::23/64")) + (addresses '("10.0.0.23/32" "fded:dada::23/128")) (private-key "/etc/wireguard/private.key") (port 51820) (peers @@ -197,13 +197,13 @@ COMMIT (name "lmn") (endpoint "example.org:51820") (public-key "WHmVhvgxkBxk8fqZU6pWEaH4iVzOcud9JQivwRsaIE8=") - (allowed-ips '("10.0.0.1/24" "fd24:609a:6c18::1/64")) + (allowed-ips '("10.0.0.1/24" "fded:dada::1/64")) (keep-alive 25)) (wireguard-peer (name "beryllium") (endpoint "example.org:51820") (public-key "taeID3fNgci9OpE+1UYkS4DYZE6DIlhpLQL1BVN9sg8=") - (allowed-ips '("10.0.0.13/24" "fd24:609a:6c18::13/64")) + (allowed-ips '("10.0.0.13/32" "fded:dada::13/128")) (keep-alive 25)))))) ;; (service sddm-service-type