From 57a46ae5ba96abab1be81d7fc2bee00b1c95f19b Mon Sep 17 00:00:00 2001
From: Mathieu Strypsteen <mathieu@strypsteen.me>
Date: Tue, 24 Sep 2024 21:36:10 +0200
Subject: [PATCH] Enable source validation

---
 containers/code-server/Containerfile          | 2 +-
 laptop/etc/NetworkManager/NetworkManager.conf | 1 +
 setup-vyos.sh                                 | 5 ++++-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/containers/code-server/Containerfile b/containers/code-server/Containerfile
index 322a26e..26967a5 100644
--- a/containers/code-server/Containerfile
+++ b/containers/code-server/Containerfile
@@ -1,7 +1,7 @@
 FROM quay.io/fedora/fedora-toolbox:41
 RUN dnf up -y
 RUN dnf install -y bash-color-prompt clang gcc hyperfine java-devel libvirt llvm mtools nodejs-npm openssl-devel parted poetry postgresql-server python3-ipykernel python3-pip qemu-system-x86-core rustup systemd-container vim-enhanced
-RUN dnf install -y https://github.com/coder/code-server/releases/download/v4.93.1-rc.1/code-server-4.93.1-rc.1-amd64.rpm
+RUN dnf install -y https://github.com/coder/code-server/releases/download/v4.93.1/code-server-4.93.1-amd64.rpm
 RUN mkdir /etc/systemd/system/user@.service.d
 RUN mkdir /var/lib/systemd/linger
 RUN touch /var/lib/systemd/linger/coder
diff --git a/laptop/etc/NetworkManager/NetworkManager.conf b/laptop/etc/NetworkManager/NetworkManager.conf
index 17273c6..2b2dedb 100644
--- a/laptop/etc/NetworkManager/NetworkManager.conf
+++ b/laptop/etc/NetworkManager/NetworkManager.conf
@@ -1,3 +1,4 @@
 [connection]
 ipv6.ip6-privacy=2
 wifi.cloned-mac-address=random
+wifi.powersave=2
diff --git a/setup-vyos.sh b/setup-vyos.sh
index 211a726..b3173d7 100644
--- a/setup-vyos.sh
+++ b/setup-vyos.sh
@@ -63,7 +63,7 @@ set service dns forwarding allow-from 127.0.0.1/32
 set service dns forwarding allow-from 192.168.0.0/16
 set service tftp-server directory /config/tftp
 set service tftp-server listen-address 192.168.253.1
-set service monitoring telegraf influxdb url http://home.strypsteen.com
+set service monitoring telegraf influxdb url http://home.server.home.arpa
 set service monitoring telegraf influxdb bucket vyos
 set service monitoring telegraf influxdb authentication organization metrics
 
@@ -72,6 +72,9 @@ set nat source rule 1 translation address masquerade
 set nat66 source rule 1 outbound-interface name eth0
 set nat66 source rule 1 translation address masquerade
 
+set firewall global-options source-validation strict
+set firewall global-options ipv6-source-validation strict
+
 firewall_types="ipv4 ipv6"
 
 for i in ${firewall_types}; do