feat: cleanup and update

2024-04-03 19:33:40 +02:00 · 2024-04-03 19:33:40 +02:00 · 75d1075ca1
commit 75d1075ca1
parent a4947dce17
18 changed files with 86 additions and 88 deletions
--- a/rootfs/etc/iptables/ip6tables.rules
+++ b/rootfs/etc/iptables/ip6tables.rules
@ -1,7 +0,0 @@
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-COMMIT
--- a/rootfs/etc/iptables/iptables.rules
+++ b/rootfs/etc/iptables/iptables.rules
@ -1,7 +0,0 @@
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-COMMIT
--- a/rootfs/etc/nftables.conf
+++ b/rootfs/etc/nftables.conf
@ -0,0 +1,29 @@
+#!/usr/bin/nft -f
+# vim:set ts=2 sw=2 et:
+
+destroy table inet filter
+table inet filter {
+  chain input {
+    type filter hook input priority filter; policy drop;
+
+    ct state invalid counter drop
+
+    iif "lo"                       counter accept
+    ip protocol {icmp,icmpv6}      counter accept
+    ct state {established,related} counter accept
+
+    counter comment "dropped"
+  }
+
+  chain forward {
+    type filter hook forward priority filter; policy drop;
+
+    counter comment "dropped"
+  }
+
+  chain output {
+    type filter hook output priority filter; policy accept;
+
+    counter comment "accepted"
+  }
+}
--- a/rootfs/etc/pacman.d/hooks/10-nvidia.hook
+++ b/rootfs/etc/pacman.d/hooks/10-nvidia.hook
@ -1,13 +0,0 @@
-[Trigger]
-Operation=Install
-Operation=Upgrade
-Operation=Remove
-Type=Package
-Target=nvidia
-
-[Action]
-Description=Update NVIDIA module in initcpio
-Depends=mkinitcpio
-When=PostTransaction
-NeedsTargets
-Exec=/bin/sh -c 'while read -r trg; do case $trg in linux) exit 0; esac; done; /usr/bin/mkinitcpio -P'
--- a/rootfs/usr/local/bin/docker-compose
+++ b/rootfs/usr/local/bin/docker-compose
@ -0,0 +1 @@
+/usr/bin/podman-compose