From 35902b25e35b75f64a8ac01a6b5d0baea2d4154e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 30 Dec 2015 02:04:43 +0100
Subject: l 2 base: checkout nixpkgs to /var/src/

---
 lass/2configs/base.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/2configs/base.nix')

diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 66e12b262..4685e1713 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -51,6 +51,7 @@ with lib;
         git.nixpkgs = {
           url = https://github.com/Lassulus/nixpkgs;
           rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119";
+          target-path = "/var/src/nixpkgs";
         };
         dir.secrets = {
           host = config.krebs.hosts.mors;
-- 
cgit v1.2.3


From 4ce4b0053fde81608a8f2e3ecb2888a71203801b Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sun, 17 Jan 2016 13:09:10 +0100
Subject: l 2 base: nixpkgs rev 93d8671 -> d0e3cca

---
 lass/2configs/base.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs/base.nix')

diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 4685e1713..eca3becd6 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -50,7 +50,7 @@ with lib;
       source = {
         git.nixpkgs = {
           url = https://github.com/Lassulus/nixpkgs;
-          rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119";
+          rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
           target-path = "/var/src/nixpkgs";
         };
         dir.secrets = {
-- 
cgit v1.2.3


From c6cec0234b5543d23e2b8afe9b2340395de8184c Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sun, 17 Jan 2016 13:10:14 +0100
Subject: l 2 base: CVE-2016-0778 workaround

---
 lass/2configs/base.nix | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'lass/2configs/base.nix')

diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index eca3becd6..ab7cda7d3 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -177,4 +177,10 @@ with lib;
     noipv4ll
   '';
 
+  #CVE-2016-0777 and CVE-2016-0778 workaround
+  #https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
+  programs.ssh.extraConfig = ''
+    UseRoaming no
+  '';
+
 }
-- 
cgit v1.2.3


From e3806dfa40d61eb70b543ba34758b1c8a4d11aef Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 15:54:43 +0100
Subject: l 2: give helios & uriel more access

---
 lass/2configs/base.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'lass/2configs/base.nix')

diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index ab7cda7d3..5505da67f 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -17,7 +17,8 @@ with lib;
         root = {
           openssh.authorizedKeys.keys = [
             config.krebs.users.lass.pubkey
-            config.krebs.users.uriel.pubkey
+            config.krebs.users.lass_uriel.pubkey
+            config.krebs.users.lass_helios.pubkey
           ];
         };
         mainUser = {
@@ -31,7 +32,7 @@ with lib;
           ];
           openssh.authorizedKeys.keys = [
             config.krebs.users.lass.pubkey
-            config.krebs.users.uriel.pubkey
+            config.krebs.users.lass_uriel.pubkey
           ];
         };
       };
-- 
cgit v1.2.3


From f73feaccd7a28d06d1d62d08795574b232f0c8b9 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 6 Feb 2016 19:28:07 +0100
Subject: l 2 base: krebs.source adapt to api change

---
 lass/2configs/base.nix | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

(limited to 'lass/2configs/base.nix')

diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 5505da67f..6dceace18 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -48,21 +48,21 @@ with lib;
     exim-retiolum.enable = true;
     build = {
       user = config.krebs.users.lass;
-      source = {
-        git.nixpkgs = {
+      source = mapAttrs (_: mkDefault) ({
+        nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix";
+        nixpkgs = symlink:stockholm/nixpkgs;
+        secrets = "/home/lass/secrets/${config.krebs.build.host.name}";
+        #secrets-common = "/home/lass/secrets/common";
+        stockholm = "/home/lass/stockholm";
+        stockholm-user = "symlink:stockholm/lass";
+        upstream-nixpkgs = {
           url = https://github.com/Lassulus/nixpkgs;
           rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
-          target-path = "/var/src/nixpkgs";
+          dev = "/home/lass/src/nixpkgs";
         };
-        dir.secrets = {
-          host = config.krebs.hosts.mors;
-          path = "/home/lass/secrets/${config.krebs.build.host.name}";
-        };
-        dir.stockholm = {
-          host = config.krebs.hosts.mors;
-          path = "/home/lass/stockholm";
-        };
-      };
+      } // optionalAttrs config.krebs.build.host.secure {
+        #secrets-master = "/home/lass/secrets/master";
+      });
     };
   };
 
-- 
cgit v1.2.3


From d98a8c0be822655da317e101e26f2063a20b910c Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 6 Feb 2016 19:28:56 +0100
Subject: l 2 base: require pkgs.proot for stockholm

---
 lass/2configs/base.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/2configs/base.nix')

diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 6dceace18..7212698bb 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -91,6 +91,7 @@ with lib;
     git
     jq
     parallel
+    proot
 
   #style
     most
-- 
cgit v1.2.3

[cgit] Unable to lock slot /tmp/cgit/1c000000.lock: No such file or directory (2)