Put in earplugs

zzkt · Aug 2, 2024 · 197d20e · 197d20e
1 parent 05f88e0
commit 197d20e
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 19 deletions.
diff --git a/config/framework13-system.org b/config/framework13-system.org
@@ -229,7 +229,7 @@ use dovecot for local IMAP
 #+end_src
 
 *** iptables
-=iptables= configuration to allow SSH on port 22, IMAPS on 993, wireguard (wg0), mDNS and local smb for 192.168.0.0/16
+=iptables= configuration to allow SSH on port 22, IMAPS on 993, wireguard (wg0), syncthing, mDNS and local smb for 192.168.0.0/16
 
 #+BEGIN_SRC scheme :session
            (service iptables-service-type
@@ -267,7 +267,12 @@ wireguard
 -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
 -A FORWARD -i wg0 -j ACCEPT
    #+end_src
-
+syncthing
+#+BEGIN_SRC scheme
+-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT
+-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT
+#+END_SRC
+otherwise
 #+BEGIN_SRC scheme
 -A INPUT -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -m conntrack --ctstate INVALID -j DROP
@@ -306,7 +311,12 @@ wireguard
 -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
 -A FORWARD -i wg0 -j ACCEPT
       #+end_src
-
+syncthing
+#+BEGIN_SRC scheme
+-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT
+-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT
+#+END_SRC
+otherwise
 #+BEGIN_SRC scheme
 -A INPUT -j REJECT --reject-with icmp6-port-unreachable
 -A INPUT -m conntrack --ctstate INVALID -j DROP

diff --git a/config/framework13-system.scm b/config/framework13-system.scm
@@ -1,6 +1,6 @@
 ;; -*- mode: scheme;  coding: utf-8; -*-
 ;;
-;; tangled from framework13-system.org on 2024-06-18 12:53:06+02:00)
+;; tangled from framework13-system.org on 2024-08-02 11:16:35+02:00)
 
 (use-modules (gnu)
              (gnu packages)
@@ -158,6 +158,9 @@ COMMIT
 -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
 -A FORWARD -i wg0 -j ACCEPT
 
+-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT
+-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT
+
 -A INPUT -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -m conntrack --ctstate INVALID -j DROP
 COMMIT
@@ -189,6 +192,9 @@ COMMIT
 -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
 -A FORWARD -i wg0 -j ACCEPT
 
+-A INPUT -p tcp -s 192.168.0.0/16 --dport 8384 -j ACCEPT
+-A INPUT -p tcp -s 192.168.0.0/16 --dport 21027 -j ACCEPT
+
 -A INPUT -j REJECT --reject-with icmp6-port-unreachable
 -A INPUT -m conntrack --ctstate INVALID -j DROP
 COMMIT
@@ -306,19 +312,24 @@ writable = yes
               (targets (list "/boot/efi"))
               (keyboard-layout keyboard-layout)))
 
- (swap-devices (list (swap-space
-                      (target (file-system-label "swap")))))
-
- (file-systems (cons* (file-system
-                       (mount-point "/boot/efi")
-                       (device (uuid "8B3C-3BC0" 'fat32))
-                       (type "vfat"))
-                      (file-system
-                       (mount-point "/")
-                       (device (uuid
-                                "e0ece027-0396-4546-8aba-2ce91285d061"
-                                'ext4))
-                       (type "ext4"))
-                      %base-file-systems))
+  (mapped-devices (list (mapped-device
+                          (source (uuid
+                                   "9b5d47cd-d865-4ec9-81ec-30565fa767e4"))
+                          (target "cryptroot")
+                          (type luks-device-mapping))))
+
+  (file-systems (cons* (file-system
+                         (mount-point "/boot/efi")
+                         (device (uuid "0D77-7016" 'fat32))
+                         (type "vfat"))
+                       (file-system
+                         (mount-point "/")
+                         (device "/dev/mapper/cryptroot")
+                         (type "ext4")
+                         (dependencies mapped-devices)) %base-file-systems))
+
+;; (swap-devices (list (swap-space
+;;                      (target (file-system-label "swap")))))
+  (swap-devices `("/mnt/swapfile"))
 
  ) ;; end operating-system declaration
diff --git a/config/home-configuration.org b/config/home-configuration.org
@@ -240,6 +240,12 @@ the zsh dotfiles are added manually rather than using dotfiles-service (duplicat
   ;; ssh config in 'dotfiles'
 #+END_SRC
 
+*** syncthing
+using [[https://syncthing.net/][syncthing]] for local & point-to-point filesync across machines (see also nextcloud)
+#+BEGIN_SRC scheme
+          (service home-syncthing-service-type)
+#+END_SRC
+
 *** sound
  via pipewire which requires dbus  (see also [[https://guix.gnu.org/manual/devel/en/html_node/Sound-Home-Services.html][guix manual]])
 

diff --git a/config/home-configuration.scm b/config/home-configuration.scm
@@ -1,6 +1,6 @@
 ;; -*- mode: scheme;  coding: utf-8; -*-
 ;;
-;; tangled from home-configuration.org on 2024-04-14 14:56:58+02:00)
+;; tangled from home-configuration.org on 2024-08-02 11:17:18+02:00)
 
 (use-modules (gnu)
              (gnu home)
@@ -149,6 +149,8 @@
 
   ;; ssh config in 'dotfiles'
 
+          (service home-syncthing-service-type)
+
    (service home-dbus-service-type)
 
    (service home-pipewire-service-type