Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2018-01-28 14:50:37 +01:00
commit 044f54b36f
4 changed files with 42 additions and 12 deletions

View File

@ -109,6 +109,8 @@ in {
#} #}
{ # wireguard server { # wireguard server
# opkg install wireguard luci-proto-wireguard
# TODO: networking.nat # TODO: networking.nat
# boot.kernel.sysctl."net.ipv4.ip_forward" = 1; # boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
@ -136,9 +138,23 @@ in {
allowedIPs = [ "10.244.0.3/32" ]; allowedIPs = [ "10.244.0.3/32" ];
publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
} }
{
# x-test
allowedIPs = [ "10.244.0.4/32" ];
publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
}
{
# work-router
allowedIPs = [ "10.244.0.5/32" ];
publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
}
]; ];
}; };
} }
{ # iperf3
networking.firewall.allowedUDPPorts = [ 5201 ];
networking.firewall.allowedTCPPorts = [ 5201 ];
}
]; ];
makefu.dl-dir = "/var/download"; makefu.dl-dir = "/var/download";

View File

@ -61,7 +61,7 @@ with import <stockholm/lib>;
<stockholm/makefu/2configs/hw/tp-x230.nix> <stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/rtl8812au.nix> <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/wwan.nix> <stockholm/makefu/2configs/hw/wwan.nix>
# <stockholm/makefu/2configs/hw/stk1160.nix> <stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/rad1o.nix> # <stockholm/makefu/2configs/rad1o.nix>
# Filesystem # Filesystem
@ -86,6 +86,7 @@ with import <stockholm/lib>;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ pkgs.passwdqc-utils ];
# configure pulseAudio to provide a HDMI sink as well # configure pulseAudio to provide a HDMI sink as well
@ -103,7 +104,4 @@ with import <stockholm/lib>;
''; '';
# hard dependency because otherwise the device will not be unlocked # hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
nix.package = pkgs.nixUnstable;
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
} }

View File

@ -26,6 +26,8 @@ in {
services.nginx = { services.nginx = {
enable = mkDefault true; enable = mkDefault true;
virtualHosts."photostore.krebsco.de" = { virtualHosts."photostore.krebsco.de" = {
enableACME = true;
forceSSL = true;
locations = { locations = {
"/".extraConfig = '' "/".extraConfig = ''
uwsgi_pass unix://${wsgi-sock}; uwsgi_pass unix://${wsgi-sock};

View File

@ -0,0 +1,14 @@
{ pkgs, lib, ... }:
{
# TODO: un-pin linuxPackages somehow
nixpkgs.config.packageOverrides = pkgs: {
linux_4_14 = pkgs.linux_4_14.override {
extraConfig = ''
MEDIA_ANALOG_TV_SUPPORT y
VIDEO_STK1160_COMMON m
VIDEO_STK1160_AC97 y
VIDEO_STK1160 m
'';
};
};
}