rekahsoft
/
guix-config
Archived
1
1
Fork 0
Code Releases Activity
This repository has been archived on 2021-03-07. You can view files and clone it, but cannot push or open issues or pull requests.
guix-config/config.scm

91 lines
2.7 KiB
Scheme
Raw Permalink Blame History

(use-modules
(gnu)
(gnu packages)
(gnu packages shells)
(guix profiles)
(guix packages)
(srfi srfi-1))
(use-service-modules desktop docker networking ssh xorg)
(operating-system
(locale "en_CA.utf8")
(timezone "America/Toronto")
(keyboard-layout
(keyboard-layout "us" "altgr-intl"))
(bootloader
(bootloader-configuration
(bootloader grub-efi-bootloader)
(target "/boot/efi")
(keyboard-layout keyboard-layout)))
(mapped-devices
(list (mapped-device
(source
(uuid "a3557b80-26cb-4fa9-8861-3dba1f6b1aa2"))
(target "cryptroot")
(type luks-device-mapping))))
(file-systems
(cons* (file-system
(mount-point "/boot/efi")
(device (uuid "76BA-85FB" 'fat32))
(type "vfat"))
(file-system
(mount-point "/")
(device "/dev/mapper/cryptroot")
(type "ext4")
(dependencies mapped-devices))
%base-file-systems))
(host-name "guixsd")
(users (cons* (user-account
(name "collin")
(comment "Collin Doering")
(group "users")
(shell #~(string-append #$zsh "/bin/zsh"))
(home-directory "/home/collin")
(supplementary-groups
'("wheel" "docker" "kvm" "netdev" "audio" "video")))
%base-user-accounts))
(packages
(append
(map specification->package
'("docker"
"docker-cli"
"docker-compose"
"ratpoison"
"nss-certs"
"xterm"
"recutils"
"emacs"
"emacs-guix"
"emacs-exwm"
"graphviz"
"iptables"
"tmux"
"xterm"
"xrandr"
"xsetroot"))
%base-packages))
(services (cons* (service docker-service-type)
(service iptables-service-type
(iptables-configuration
(ipv4-rules (plain-file "iptables.rules" "*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [628:62522]
:TCP - [0:0]
:UDP - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
-A TCP -p tcp -m tcp --dport 22 -j ACCEPT
COMMIT
"))))
%desktop-services)))
View Git Blame Copy Permalink