summaryrefslogtreecommitdiffstats
path: root/lass/1systems
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2017-07-23 00:19:57 +0200
committerlassulus <lassulus@lassul.us>2017-07-23 00:19:57 +0200
commit241b943c3216073023b312b1a1297dc66dceb7af (patch)
tree4b37915496d87655a7b063bbc59097aebdd9feb1 /lass/1systems
parent54a594dc474255b24bbff80bb6be28e6a1a523d4 (diff)
l iso: use networking.firewall
Diffstat (limited to 'lass/1systems')
-rw-r--r--lass/1systems/iso.nix44
1 files changed, 30 insertions, 14 deletions
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix
index 820ef74b8..4431a702c 100644
--- a/lass/1systems/iso.nix
+++ b/lass/1systems/iso.nix
@@ -151,25 +151,41 @@ with import <stockholm/lib>;
systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
}
{
- krebs.iptables = {
+ networking.firewall = {
enable = true;
- tables = {
- filter.INPUT.policy = "DROP";
- filter.FORWARD.policy = "DROP";
- filter.INPUT.rules = [
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
- { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
- { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
- { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
- { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
- { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
- ];
- };
+ allowedTCPPorts = [ 22 ];
};
}
{
krebs.hidden-ssh.enable = true;
}
+ {
+ services.xserver = {
+ enable = true;
+ #videoDrivers = mkForce [ "ati_unfree" ];
+
+ desktopManager.xterm.enable = false;
+ desktopManager.default = "none";
+ displayManager.lightdm.enable = true;
+ displayManager.lightdm.autoLogin = {
+ enable = true;
+ user = "lass";
+ };
+ windowManager.default = "xmonad";
+ windowManager.session = [{
+ name = "xmonad";
+ start = ''
+ ${pkgs.xorg.xhost}/bin/xhost +LOCAL:
+ ${pkgs.xmonad-lass}/bin/xmonad &
+ waitPID=$!
+ '';
+ }];
+
+ layout = "us";
+ xkbModel = "evdev";
+ xkbVariant = "altgr-intl";
+ xkbOptions = "caps:backspace";
+ };
+ }
];
}