From 5aa48092fae5cf0eec65a595b6e0c94304555fbf Mon Sep 17 00:00:00 2001
From: Xiao Pan <xyz@flylightning.xyz>
Date: Wed, 14 May 2025 17:41:40 -0700
Subject: add pi config files

---
 pi_configs/etc/modules-load.d/wireguard.conf       |  1 +
 pi_configs/etc/nftables.conf                       | 40 ++++++++++++++++++++++
 .../Spartan_Racing_Charger/.config/labwc/autostart |  1 +
 3 files changed, 42 insertions(+)
 create mode 100644 pi_configs/etc/modules-load.d/wireguard.conf
 create mode 100644 pi_configs/etc/nftables.conf
 create mode 100644 pi_configs/home/Spartan_Racing_Charger/.config/labwc/autostart

(limited to 'pi_configs')

diff --git a/pi_configs/etc/modules-load.d/wireguard.conf b/pi_configs/etc/modules-load.d/wireguard.conf
new file mode 100644
index 0000000..a82c63a
--- /dev/null
+++ b/pi_configs/etc/modules-load.d/wireguard.conf
@@ -0,0 +1 @@
+wireguard
diff --git a/pi_configs/etc/nftables.conf b/pi_configs/etc/nftables.conf
new file mode 100644
index 0000000..9c3532d
--- /dev/null
+++ b/pi_configs/etc/nftables.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/nft -f
+
+# IPv4/IPv6 Simple & Safe firewall ruleset.
+# More examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples/.
+
+# some codes from https://wiki.archlinux.org/title/Nftables
+
+# needed for reload config using `sudo systemctl restart nftables` or `sudo nft -f /etc/nftables.conf`
+flush ruleset
+
+table inet my_table {
+
+	chain my_input {
+		type filter hook input priority filter
+		policy drop
+
+		ct state invalid drop comment "early drop of invalid connections"
+		ct state {established, related} accept comment "allow tracked connections"
+		iifname lo accept comment "allow from loopback"
+		ip protocol icmp accept
+		meta l4proto ipv6-icmp accept
+
+		tcp dport ssh accept
+
+		pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
+		counter comment "count any other traffic"
+	}
+
+	chain my_forward {
+		type filter hook forward priority filter
+		policy drop
+		# Drop everything forwarded to us. We do not forward. That is routers job.
+	}
+
+	chain my_output {
+		type filter hook output priority filter
+		policy accept
+		# Accept every outbound connection
+	}
+}
diff --git a/pi_configs/home/Spartan_Racing_Charger/.config/labwc/autostart b/pi_configs/home/Spartan_Racing_Charger/.config/labwc/autostart
new file mode 100644
index 0000000..c1ff693
--- /dev/null
+++ b/pi_configs/home/Spartan_Racing_Charger/.config/labwc/autostart
@@ -0,0 +1 @@
+/usr/local/bin/remote_plot -l &
-- 
cgit v1.2.3-70-g09d2