diff options
author | makefu <github@syntax-fehler.de> | 2019-02-05 22:31:39 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2019-02-05 22:31:39 +0100 |
commit | a9ec59e87d65c1f72f346e0568a542715502576f (patch) | |
tree | c50f29688cc9ffe6ab0d00cf1d3ce0706b5b3bfb /lass/1systems | |
parent | 80c2ab739d2d51bf47b07fd6f39508a85077b0e6 (diff) | |
parent | 932d11ed9346fbef640604d1107be39e7c11be85 (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/1systems')
-rw-r--r-- | lass/1systems/blue/source.nix | 14 | ||||
-rw-r--r-- | lass/1systems/mors/config.nix | 1 |
2 files changed, 11 insertions, 4 deletions
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index a32c3a829..a52771a4d 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,13 +1,19 @@ { lib, pkgs, ... }: { nixpkgs = lib.mkForce { - derivation = '' - with import <nixpkgs> {}; + derivation = let + rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; + sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; + in '' + with import (builtins.fetchTarball { + url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; + sha256 = "${sha256}"; + }) {}; pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs"; - rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}"; - sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}"; + rev = "${rev}"; + sha256 = "${sha256}"; } ''; }; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index b6565dc6a..f35ebff56 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -36,6 +36,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/network-manager.nix> <stockholm/lass/2configs/nfs-dl.nix> + <stockholm/lass/2configs/hardening.nix> { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain |