summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/nin/default.nix2
-rw-r--r--lass/1systems/mors.nix4
-rw-r--r--lass/2configs/default.nix1
-rw-r--r--lass/2configs/websites/lassulus.nix10
-rw-r--r--lass/2configs/websites/util.nix8
-rw-r--r--nin/2configs/nixpkgs.nix2
6 files changed, 23 insertions, 4 deletions
diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
index 3231c0e23..d5d13cd1a 100644
--- a/krebs/3modules/nin/default.nix
+++ b/krebs/3modules/nin/default.nix
@@ -38,6 +38,8 @@ with import <stockholm/lib>;
aliases = [
"onondaga.retiolum"
"onondaga.r"
+ "cgit.onondaga.r"
+ "cgit.onondaga.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index a5eaaed9d..d0f835c64 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -126,6 +126,10 @@ with import <stockholm/lib>;
# };
# };
#}
+ {
+ #ipfs-testing
+ services.ipfs.enable = true;
+ }
];
krebs.build.host = config.krebs.hosts.mors;
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index d1810c00c..2441f1b74 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -202,6 +202,7 @@ with import <stockholm/lib>;
filter.INPUT.rules = [
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+ { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 024d2eeb2..3a8979427 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -110,7 +110,10 @@ in {
'';
enableSSL = true;
- extraConfig = "listen 80;";
+ extraConfig = ''
+ listen 80;
+ listen [::]:80;
+ '';
sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem";
sslCertificateKey = "/var/lib/acme/lassul.us/key.pem";
};
@@ -123,7 +126,10 @@ in {
root /var/lib/acme/acme-challenges;
'';
enableSSL = true;
- extraConfig = "listen 80;";
+ extraConfig = ''
+ listen 80;
+ listen [::]:80;
+ '';
sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
};
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index 6e236ab63..d596e9db9 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -17,7 +17,10 @@ rec {
services.nginx.virtualHosts.${domain} = {
enableACME = true;
enableSSL = true;
- extraConfig = "listen 80;";
+ extraConfig = ''
+ listen 80;
+ listen [::]:80;
+ '';
serverAliases = domains;
locations."/".extraConfig = ''
root /srv/http/${domain};
@@ -35,6 +38,7 @@ rec {
serverAliases = domains;
extraConfig = ''
listen 80;
+ listen [::]:80;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
@@ -148,6 +152,8 @@ rec {
serverAliases = domains;
extraConfig = ''
listen 80;
+ listen [::]:80;
+
root /srv/http/${domain}/;
index index.php;
access_log /tmp/nginx_acc.log;
diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix
index 9d73afbe0..27a845bd5 100644
--- a/nin/2configs/nixpkgs.nix
+++ b/nin/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "6b28bd0daf00b8e5e370a04347844cb8614138ff";
+ ref = "d2cd8a0";
};
}