summaryrefslogtreecommitdiffstats
path: root/lass/1systems
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2019-02-05 22:31:39 +0100
committermakefu <github@syntax-fehler.de>2019-02-05 22:31:39 +0100
commita9ec59e87d65c1f72f346e0568a542715502576f (patch)
treec50f29688cc9ffe6ab0d00cf1d3ce0706b5b3bfb /lass/1systems
parent80c2ab739d2d51bf47b07fd6f39508a85077b0e6 (diff)
parent932d11ed9346fbef640604d1107be39e7c11be85 (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/1systems')
-rw-r--r--lass/1systems/blue/source.nix14
-rw-r--r--lass/1systems/mors/config.nix1
2 files changed, 11 insertions, 4 deletions
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index a32c3a829..a52771a4d 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -1,13 +1,19 @@
{ lib, pkgs, ... }:
{
nixpkgs = lib.mkForce {
- derivation = ''
- with import <nixpkgs> {};
+ derivation = let
+ rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
+ sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
+ in ''
+ with import (builtins.fetchTarball {
+ url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
+ sha256 = "${sha256}";
+ }) {};
pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
- rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}";
- sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}";
+ rev = "${rev}";
+ sha256 = "${sha256}";
}
'';
};
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index b6565dc6a..f35ebff56 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -36,6 +36,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/hardening.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain