diff options
| author | tv <tv@krebsco.de> | 2016-02-08 03:23:28 +0100 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2016-02-08 03:35:29 +0100 |
| commit | 8e93530796982db49ddeb06201d2f5bb57d51ccc (patch) | |
| tree | 0c2982f48ca668cc034f4c10485c6a5b0e841d81 /lass/2configs/base.nix | |
| parent | 7a9f130c1230faf9662000dbd9ba8f06170bf254 (diff) | |
| parent | 5856d240888e89dbed141087c9580026f52dff59 (diff) | |
Merge remote-tracking branch 'cloudkrebs/master'
Diffstat (limited to 'lass/2configs/base.nix')
| -rw-r--r-- | lass/2configs/base.nix | 37 |
1 files changed, 23 insertions, 14 deletions
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 66e12b262..4c73fc0ce 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -17,7 +17,8 @@ with lib; root = { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.uriel.pubkey + config.krebs.users.lass-uriel.pubkey + config.krebs.users.lass-helios.pubkey ]; }; mainUser = { @@ -31,7 +32,7 @@ with lib; ]; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.uriel.pubkey + config.krebs.users.lass-uriel.pubkey ]; }; }; @@ -47,20 +48,21 @@ with lib; exim-retiolum.enable = true; build = { user = config.krebs.users.lass; - source = { - git.nixpkgs = { + source = mapAttrs (_: mkDefault) ({ + nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix"; + nixpkgs = symlink:stockholm/nixpkgs; + secrets = "/home/lass/secrets/${config.krebs.build.host.name}"; + #secrets-common = "/home/lass/secrets/common"; + stockholm = "/home/lass/stockholm"; + stockholm-user = "symlink:stockholm/lass"; + upstream-nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119"; + rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; + dev = "/home/lass/src/nixpkgs"; }; - dir.secrets = { - host = config.krebs.hosts.mors; - path = "/home/lass/secrets/${config.krebs.build.host.name}"; - }; - dir.stockholm = { - host = config.krebs.hosts.mors; - path = "/home/lass/stockholm"; - }; - }; + } // optionalAttrs config.krebs.build.host.secure { + #secrets-master = "/home/lass/secrets/master"; + }); }; }; @@ -89,6 +91,7 @@ with lib; git jq parallel + proot #style most @@ -176,4 +179,10 @@ with lib; noipv4ll ''; + #CVE-2016-0777 and CVE-2016-0778 workaround + #https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt + programs.ssh.extraConfig = '' + UseRoaming no + ''; + } |