From 91a112c24294154be3b812e2b52e1c651d336aff Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 7 Aug 2015 12:10:02 +0200 Subject: refactor tsp --- makefu/2configs/base.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'makefu/2configs/base.nix') diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix index 8dfb2ef27..792cccc71 100644 --- a/makefu/2configs/base.nix +++ b/makefu/2configs/base.nix @@ -6,7 +6,7 @@ with lib; krebs.enable = true; krebs.search-domain = "retiolum"; - networking.hostName = config.krebs.build.host.name; + users.extraUsers = { root = { openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; @@ -24,6 +24,18 @@ with lib; }; }; + networking.hostName = config.krebs.build.host.name; + nix.maxJobs = config.krebs.build.host.cores + 1; + + krebs.build.deps = { + secrets = { + url = "/home/makefu/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; + services.openssh.enable = true; nix.useChroot = true; -- cgit v1.2.3 From 7bb85d74f8dbf8751344f9248b9365b4543bf20f Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 7 Aug 2015 13:51:49 +0200 Subject: makefu/2configs:add hashedPasswords --- makefu/2configs/base.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'makefu/2configs/base.nix') diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix index 792cccc71..2e18acf7c 100644 --- a/makefu/2configs/base.nix +++ b/makefu/2configs/base.nix @@ -2,7 +2,13 @@ with lib; { - imports = [ ]; + imports = [ + { + users.extraUsers = + mapAttrs (_: h: { hashedPassword = h; }) + (import /root/src/secrets/hashedPasswords.nix); + } + ]; krebs.enable = true; krebs.search-domain = "retiolum"; @@ -39,7 +45,7 @@ with lib; services.openssh.enable = true; nix.useChroot = true; - users.mutableUsers = true; + users.mutableUsers = false; boot.tmpOnTmpfs = true; systemd.tmpfiles.rules = [ -- cgit v1.2.3 From a919ddb3878c59f1306d8d22f46b603aceb90e27 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 7 Aug 2015 15:50:06 +0200 Subject: makefu:include vim.nix --- makefu/2configs/base.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'makefu/2configs/base.nix') diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix index 2e18acf7c..25d92d63d 100644 --- a/makefu/2configs/base.nix +++ b/makefu/2configs/base.nix @@ -8,6 +8,7 @@ with lib; mapAttrs (_: h: { hashedPassword = h; }) (import /root/src/secrets/hashedPasswords.nix); } + ./vim.nix ]; krebs.enable = true; krebs.search-domain = "retiolum"; @@ -32,6 +33,7 @@ with lib; networking.hostName = config.krebs.build.host.name; nix.maxJobs = config.krebs.build.host.cores + 1; + #nix.maxJobs = 1; krebs.build.deps = { secrets = { -- cgit v1.2.3 From 7a378d230d4c75f77f04943b73ad4c883d6750b9 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 11 Aug 2015 19:00:22 +0000 Subject: makefu: move more stuff into base.nix --- makefu/2configs/base.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'makefu/2configs/base.nix') diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix index 25d92d63d..906c74f7d 100644 --- a/makefu/2configs/base.nix +++ b/makefu/2configs/base.nix @@ -50,6 +50,10 @@ with lib; users.mutableUsers = false; boot.tmpOnTmpfs = true; + + networking.firewall.rejectPackets = true; + networking.firewall.allowPing = true; + systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" ]; -- cgit v1.2.3