Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2016-11-28 23:29:18 +01:00
commit ab5b81b0b4
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
9 changed files with 16 additions and 82 deletions

View File

@ -29,9 +29,10 @@ let
tables = mkOption {
type = with types; attrsOf (attrsOf (submodule ({
options = {
#TODO: find out good defaults.
policy = mkOption {
type = str;
default = "-";
default = "ACCEPT";
};
rules = mkOption {
type = nullOr (listOf (submodule ({
@ -133,30 +134,9 @@ let
#=====
rules = iptables-version:
let
#TODO: find out good defaults.
tables-defaults = {
nat.PREROUTING.policy = "ACCEPT";
nat.INPUT.policy = "ACCEPT";
nat.OUTPUT.policy = "ACCEPT";
nat.POSTROUTING.policy = "ACCEPT";
filter.INPUT.policy = "ACCEPT";
filter.FORWARD.policy = "ACCEPT";
filter.OUTPUT.policy = "ACCEPT";
#if someone specifies any other rules on this chain, the default rules get lost.
#is this wanted beahiviour or a bug?
#TODO: implement abstraction of rules
filter.INPUT.rules = [
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
];
};
tables = tables-defaults // cfg.tables;
in
pkgs.writeText "krebs-iptables-rules${iptables-version}" ''
${buildTables iptables-version tables}
'';
pkgs.writeText "krebs-iptables-rules${iptables-version}" ''
${buildTables iptables-version cfg.tables}
'';
startScript = pkgs.writeDash "krebs-iptables_start" ''
set -euf

View File

@ -17,7 +17,6 @@ with import <stockholm/lib>;
../2configs/elster.nix
../2configs/steam.nix
../2configs/wine.nix
../2configs/chromium-patched.nix
../2configs/git.nix
../2configs/skype.nix
../2configs/teamviewer.nix

View File

@ -31,6 +31,7 @@ in {
environment.systemPackages = with pkgs; [
acpi
dic
dmenu
gitAndTools.qgit
lm_sensors

View File

@ -36,7 +36,7 @@ in {
};
builder_pre = ''
# prepare grab_repo step for stockholm
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental', alwaysUseLatest=True)
grab_repo = steps.Git(repourl=stockholm_repo, mode='full')
# TODO: get nixpkgs/stockholm paths from krebs
env_lass = {

View File

@ -1,48 +0,0 @@
{ config, pkgs, ... }:
#settings to test:
#
#"ForceEphemeralProfiles": true,
let
masterPolicy = pkgs.writeText "master.json" ''
{
"PasswordManagerEnabled": false,
"DefaultGeolocationSetting": 2,
"RestoreOnStartup": 1,
"AutoFillEnabled": false,
"BackgroundModeEnabled": false,
"DefaultBrowserSettingEnabled": false,
"SafeBrowsingEnabled": false,
"ExtensionInstallForcelist": [
"cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx",
"ihlenndgcmojhcghmfjfneahoeklbjjh;https://clients2.google.com/service/update2/crx"
]
}
'';
master_preferences = pkgs.writeText "master_preferences" ''
{
"browser": {
"custom_chrome_frame": true
},
"extensions": {
"theme": {
"id": "",
"use_system": true
}
}
}
'';
in {
environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy;
#environment.systemPackages = [
# #pkgs.chromium
# (pkgs.lib.overrideDerivation pkgs.chromium (attrs: {
# buildCommand = attrs.buildCommand + ''
# touch $out/TEST123
# '';
# }))
#];
}

View File

@ -14,8 +14,8 @@ with import <stockholm/lib>;
];
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-uriel.pubkey
lass-shodan.pubkey
lass-helios.pubkey
makefu.pubkey
];
};

View File

@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "ee52e9809185bdf44452f2913e3f6ef839c15c4e";
ref = "ece0cea127f0a8799a6bd3b12c368193491f9058";
};
}

View File

@ -175,8 +175,8 @@ let
"Syntastic config
let g:syntastic_python_checkers=['flake8']
nmap <esc>q :buffer
nmap <M-q> :buffer
nmap <esc>q :buffer
nmap <M-q> :buffer
cnoremap <C-A> <Home>

View File

@ -88,6 +88,7 @@ rec {
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
fastcgi_read_timeout 120;
# Disable gzip to avoid the removal of the ETag header
gzip off;
@ -164,10 +165,11 @@ rec {
user = nginx
group = nginx
pm = dynamic
pm.max_children = 5
pm.max_children = 32
pm.max_requests = 500
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.min_spare_servers = 2
pm.max_spare_servers = 5
listen.owner = nginx
listen.group = nginx
php_admin_value[error_log] = 'stderr'