Merge remote-tracking branch 'prism/staging/jeschli'

3 files changed, 22 insertions, 0 deletions

diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix
index 7fb2409..6d788d2 100644
--- a/jeschli/2configs/default.nix
+++ b/jeschli/2configs/default.nix
@@ -4,6 +4,7 @@ with import <stockholm/lib>;
   imports = [
     ./vim.nix
     ./retiolum.nix
+    <stockholm/lass/2configs/security-workarounds.nix>
     {
       environment.variables = {
         NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
@@ -63,4 +64,5 @@ with import <stockholm/lib>;
   ];
 
   krebs.enable = true;
+  networking.hostName = config.krebs.build.host.name;
 }
diff --git a/jeschli/2configs/os-templates/CentOS-7-64bit.nix b/jeschli/2configs/os-templates/CentOS-7-64bit.nix
new file mode 100644
index 0000000..fb34e94
--- /dev/null
+++ b/jeschli/2configs/os-templates/CentOS-7-64bit.nix
@@ -0,0 +1,16 @@
+_:
+
+{
+  imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
+
+  boot.loader.grub = {
+    device = "/dev/sda";
+    splashImage = null;
+  };
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
+
+  fileSystems."/" = {
+    device = "/dev/sda1";
+    fsType = "ext4";
+  };
+}
diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix
index 403300b..b611cbe 100644
--- a/jeschli/2configs/retiolum.nix
+++ b/jeschli/2configs/retiolum.nix
@@ -9,6 +9,7 @@
       "gum"
       "ni"
       "dishfire"
+      "enklave"
     ];
   };
 
@@ -16,6 +17,9 @@
     tinc = pkgs.tinc_pre;
   };
 
+  networking.firewall.allowedTCPPorts = [ 655 ];
+  networking.firewall.allowedUDPPorts = [ 655 ];
+
   environment.systemPackages = [
     pkgs.tinc
   ];