feat: cleanup and update

rootfs/etc/iptables/ip6tables.rules

@@ -1,7 +0,0 @@
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i lo -j ACCEPT
-COMMIT

rootfs/etc/iptables/iptables.rules

@@ -1,7 +0,0 @@
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i lo -j ACCEPT
-COMMIT

rootfs/etc/nftables.conf

@@ -0,0 +1,29 @@
+#!/usr/bin/nft -f
+# vim:set ts=2 sw=2 et:
+
+destroy table inet filter
+table inet filter {
+  chain input {
+    type filter hook input priority filter; policy drop;
+
+    ct state invalid counter drop
+
+    iif "lo"                       counter accept
+    ip protocol {icmp,icmpv6}      counter accept
+    ct state {established,related} counter accept
+
+    counter comment "dropped"
+  }
+
+  chain forward {
+    type filter hook forward priority filter; policy drop;
+
+    counter comment "dropped"
+  }
+
+  chain output {
+    type filter hook output priority filter; policy accept;
+
+    counter comment "accepted"
+  }
+}

rootfs/etc/pacman.d/hooks/10-nvidia.hook

@@ -1,13 +0,0 @@
-[Trigger]
-Operation=Install
-Operation=Upgrade
-Operation=Remove
-Type=Package
-Target=nvidia
-
-[Action]
-Description=Update NVIDIA module in initcpio
-Depends=mkinitcpio
-When=PostTransaction
-NeedsTargets
-Exec=/bin/sh -c 'while read -r trg; do case $trg in linux) exit 0; esac; done; /usr/bin/mkinitcpio -P'