From ef797743965902b8fa7dbe3329138b297cd7589d Mon Sep 17 00:00:00 2001 From: nin Date: Wed, 6 Sep 2017 00:56:26 +0200 Subject: nin: allow icmp6 --- nin/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index 212fd36..68521c6 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -158,6 +158,7 @@ with import ; filter.INPUT.rules = [ { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } -- cgit v1.2.3 From e8d4a18a09ab4476377a5d095ac7e8318cf32c90 Mon Sep 17 00:00:00 2001 From: nin Date: Wed, 6 Sep 2017 00:57:28 +0200 Subject: nin: add skype --- nin/1systems/hiawatha/config.nix | 1 + nin/2configs/skype.nix | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 nin/2configs/skype.nix diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix index 0e48b41..31b6abe 100644 --- a/nin/1systems/hiawatha/config.nix +++ b/nin/1systems/hiawatha/config.nix @@ -15,6 +15,7 @@ with lib; + ]; krebs.build.host = config.krebs.hosts.hiawatha; diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix new file mode 100644 index 0000000..621dfae --- /dev/null +++ b/nin/2configs/skype.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +let + mainUser = config.users.extraUsers.nin; + inherit (import ) genid; + +in { + users.extraUsers = { + skype = { + name = "skype"; + uid = genid "skype"; + description = "user for running skype"; + home = "/home/skype"; + useDefaultShell = true; + extraGroups = [ "audio" "video" ]; + createHome = true; + }; + }; + + krebs.per-user.skype.packages = [ + pkgs.skype + ]; + + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(skype) NOPASSWD: ALL + ''; +} -- cgit v1.2.3 From a92d1ad21c69772c5314c4407f8c48df7b869914 Mon Sep 17 00:00:00 2001 From: nin Date: Thu, 14 Sep 2017 23:06:24 +0200 Subject: nin nixpkgs: 799435b -> 9e7db9a --- nin/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/source.nix b/nin/source.nix index 183c71b..52881a3 100644 --- a/nin/source.nix +++ b/nin/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "799435b"; + ref = "9e7db9a"; }; } -- cgit v1.2.3 From 5525fb770f0705e0284aee020ee1f3bbacfeb8d6 Mon Sep 17 00:00:00 2001 From: nin Date: Fri, 29 Sep 2017 19:10:33 +0200 Subject: nin nixpkgs 9e7d9a -> 9824ca6 --- nin/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/source.nix b/nin/source.nix index 52881a3..2c80afa 100644 --- a/nin/source.nix +++ b/nin/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "9e7db9a"; + ref = "9824ca6"; }; } -- cgit v1.2.3 From 99f5c3bbe1d601be84f40d777885dcc6887382ff Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 11 Oct 2017 18:12:31 +0200 Subject: types: add cidr and use as net.address --- lib/types.nix | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/lib/types.nix b/lib/types.nix index 70570a6..08dc097 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -92,7 +92,7 @@ rec { default = null; }; addrs = mkOption { - type = listOf addr; + type = listOf cidr; default = optional (config.ip4 != null) config.ip4.addr ++ optional (config.ip6 != null) config.ip6.addr; @@ -109,7 +109,7 @@ rec { type = addr4; }; prefix = mkOption ({ - type = str; # TODO routing prefix (CIDR) + type = cidr4; } // optionalAttrs (config.name == "retiolum") { default = "10.243.0.0/16"; }); @@ -125,7 +125,7 @@ rec { apply = lib.normalize-ip6-addr; }; prefix = mkOption ({ - type = str; # TODO routing prefix (CIDR) + type = cidr6; } // optionalAttrs (config.name == "retiolum") { default = "42::/16"; }); @@ -364,6 +364,26 @@ rec { merge = mergeOneOption; }; + cidr = either cidr4 cidr6; + cidr4 = mkOptionType { + name = "CIDRv4 address"; + check = let + CIDRv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in + concatMapStringsSep "." (const d) (range 1 4) + "(/([1-2]?[0-9]|3[0-2]))?"; + in + test CIDRv4address; + merge = mergeOneOption; + }; + cidr6 = mkOptionType { + name = "CIDRv6 address"; + check = let + # TODO check IPv6 address harder + CIDRv6address = "[0-9a-f.:]+(/([0-9][0-9]?|1[0-2][0-8]))?"; + in + test CIDRv6address; + merge = mergeOneOption; + }; + binary-cache-pubkey = str; pgp-pubkey = str; -- cgit v1.2.3 From b95949b09f4188af8bbc5f74254130d047dd9351 Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 24 Oct 2017 21:43:33 +0200 Subject: n 2 default: update binary-cache --- nin/2configs/default.nix | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index 68521c6..e7bd78e 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -4,6 +4,7 @@ with import ; { imports = [ ../2configs/vim.nix + { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) @@ -45,12 +46,6 @@ with import ; SSL_CERT_FILE = ca-bundle; }; }) - { - nix = { - binaryCaches = ["http://cache.prism.r"]; - binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; - }; - } ]; networking.hostName = config.krebs.build.host.name; -- cgit v1.2.3 From ddf66123f6d28cf92e1492c29c3068941aac5a1b Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 24 Oct 2017 21:45:52 +0200 Subject: nin hiawatha firefox: remove flash --- nin/1systems/hiawatha/config.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix index 31b6abe..fdae354 100644 --- a/nin/1systems/hiawatha/config.nix +++ b/nin/1systems/hiawatha/config.nix @@ -99,10 +99,6 @@ with lib; allowUnfree = true; - firefox = { - enableGoogleTalkPlugin = true; - enableAdobeFlash = true; - }; }; #services.logind.extraConfig = "HandleLidSwitch=ignore"; -- cgit v1.2.3 From 64322c4465f4ffbeaafc546dfd3e29de0e84563f Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 24 Oct 2017 21:48:35 +0200 Subject: n 2 default: add pavucontrol --- nin/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index e7bd78e..0d2253c 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -91,6 +91,7 @@ with import ; gnumake jq proot + pavucontrol populate p7zip termite -- cgit v1.2.3 From 6402cbc33988253eace61dd8d5671fa931e664d7 Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 24 Oct 2017 21:52:28 +0200 Subject: n nixpkgs: 9824ca6 -> c99239b --- nin/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/source.nix b/nin/source.nix index 2c80afa..188ebaf 100644 --- a/nin/source.nix +++ b/nin/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "9824ca6"; + ref = "c99239b"; }; } -- cgit v1.2.3