From 13829a101c76cc01a8dfb85b6272f9bce30e4bf5 Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Mon, 22 Jul 2024 14:11:24 +0300
Subject: [PATCH] aminda-nocron: ensure firewall allows ssh etc.

---
 etc/systemd/system/aminda-nocron-reboot.service    | 13 +++++++++++--
 etc/systemd/system/aminda-nocron-rebootish.service |  1 +
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/etc/systemd/system/aminda-nocron-reboot.service b/etc/systemd/system/aminda-nocron-reboot.service
index 263de2a2..a87bc3d2 100644
--- a/etc/systemd/system/aminda-nocron-reboot.service
+++ b/etc/systemd/system/aminda-nocron-reboot.service
@@ -15,12 +15,21 @@ ExecStartPre=-/usr/bin/systemctl start firewalld.service
 # https://github.com/systemd/zram-generator
 #ExecStart=-/usr/bin/systemctl start /dev/zram0
 ExecStart=-/usr/bin/systemctl enable --now systemd-zram-setup@zram0.service
-# Ensure we really allow ICMPv6 on FEDORA (or firewalld)
+# Ensure we really allow ICMPv6 on FEDORA (or firewalld). Also other essential services.
 ExecStart=-/usr/bin/firewall-cmd --add-protocol=ipv6-icmp
+ExecStart=-/usr/bin/firewall-cmd --add-service=ssh --permanent
+ExecStart=-/usr/bin/firewall-cmd --add-service=mosh --permanent
+ExecStart=-/usr/bin/firewall-cmd --add-service=ntp --permanent
+ExecStart=-/usr/bin/firewall-cmd --add-service=syncthing --permanent
+ExecStart=-/usr/bin/firewall-cmd --add-service=mdns --permanent
+ExecStart=-/usr/bin/firewall-cmd --add-service=kdeconnect --permanent
+ExecStart=-/usr/bin/firewall-cmd --permanent --add-port=9001/udp
+ExecStart=-/usr/bin/firewall-cmd --permanent --add-port=6771/udp
 # 3rd party Xbox controller initialization. See Mikaela/gist/gayming/
 #ExecStart=-/root/fixcontroller.py
 # This is actually in the delayed variant of this service, but anyway
-ExecStart=-/usr/bin/systemctl start yggdrasil.service
+ExecStart=-/usr/bin/systemctl enable --now yggdrasil.service
+ExecStart=-/usr/bin/systemctl enable --now sshguard.service
 User=root
 StandardOutput=journal
 StandardError=journal
diff --git a/etc/systemd/system/aminda-nocron-rebootish.service b/etc/systemd/system/aminda-nocron-rebootish.service
index 3bc33e31..e95e6793 100644
--- a/etc/systemd/system/aminda-nocron-rebootish.service
+++ b/etc/systemd/system/aminda-nocron-rebootish.service
@@ -8,6 +8,7 @@ TimeoutStartSec=infinity
 # Another attempt at ensuring Yggdrasil works with nordvpnd
 ExecStartPre=-/usr/sbin/sysctl net.ipv6.conf.all.disable_ipv6=0
 ExecStart=-/usr/bin/systemctl restart yggdrasil.service
+ExecStart=-/bin/firewall-cmd --reload
 # If they somehow managed to not start already
 ExecStart=-/usr/bin/systemctl enable --now unbound.service
 ExecStart=-/usr/bin/systemctl enable --now systemd-resolved.service