diff options
Diffstat (limited to 'lass/2configs')
| -rw-r--r-- | lass/2configs/default.nix | 4 | ||||
| -rw-r--r-- | lass/2configs/mail.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/nixpkgs.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/repo-sync.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/websites/util.nix | 41 |
5 files changed, 27 insertions, 24 deletions
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index a7d2a6cef..21a2ec038 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -194,7 +194,9 @@ with import <stockholm/lib>; { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-i retiolum"; target = "REJECT"; precedence = -10000; } + { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } + { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } + { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } ]; }; }; diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index c637b08fb..872acc003 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -12,7 +12,7 @@ let msmtp = pkgs.writeBashBin "msmtp" '' ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \ - ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@ + ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} "$@" ''; muttrc = pkgs.writeText "muttrc" '' diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index e665b6c6f..caca98746 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0195ab84607ac3a3aa07a79d2d6c2781b1bb6731"; + ref = "ee52e9809185bdf44452f2913e3f6ef839c15c4e"; }; } diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index baa4bb380..765769936 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -41,7 +41,7 @@ let mirror.url = "${mirror}${name}"; }; tv = { - origin.url = "http://cgit.ni.i/${name}"; + origin.url = "http://cgit.ni.r/${name}"; mirror.url = "${mirror}${name}"; }; lassulus = { diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 55be8a8d9..3356fe9a8 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -8,28 +8,29 @@ rec { let domain = head domains; in { - security.acme = { - certs."${domain}" = { - email = "lassulus@gmail.com"; - webroot = "/var/lib/acme/challenges/${domain}"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - ]; - group = "nginx"; - allowKeysForGroup = true; - extraDomains = genAttrs domains (_: null); - }; - }; + #security.acme = { + # certs."${domain}" = { + # email = "lassulus@gmail.com"; + # webroot = "/var/lib/acme/challenges/${domain}"; + # plugins = [ + # "account_key.json" + # "key.pem" + # "fullchain.pem" + # ]; + # group = "nginx"; + # allowKeysForGroup = true; + # extraDomains = genAttrs domains (_: null); + # }; + #}; krebs.nginx.servers."${domain}" = { + ssl.acmeEnable = true; server-names = domains; - locations = [ - (nameValuePair "/.well-known/acme-challenge" '' - root /var/lib/acme/challenges/${domain}/; - '') - ]; + #locations = [ + # (nameValuePair "/.well-known/acme-challenge" '' + # root /var/lib/acme/challenges/${domain}/; + # '') + #]; }; }; @@ -37,7 +38,7 @@ rec { { imports = [ ( manageCerts domains ) - ( activateACME (head domains) ) + #( activateACME (head domains) ) ]; }; |