Merge remote-tracking branch 'cd/master'

1 files changed, 13 insertions, 5 deletions

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 57c4620c4..c4a2d6baa 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -1,21 +1,18 @@
 { config, lib, pkgs, ... }:
 
-with lib;
+with config.krebs.lib;
 
 {
   krebs.enable = true;
 
   krebs.build = {
     user = config.krebs.users.tv;
-    target = mkDefault "root@${config.krebs.build.host.name}";
     source = mapAttrs (_: mkDefault) ({
       nixos-config = "symlink:stockholm/tv/1systems/${config.krebs.build.host.name}.nix";
-      nixpkgs = symlink:stockholm/nixpkgs;
       secrets = "/home/tv/secrets/${config.krebs.build.host.name}";
       secrets-common = "/home/tv/secrets/common";
       stockholm = "/home/tv/stockholm";
-      stockholm-user = "symlink:stockholm/tv";
-      upstream-nixpkgs = {
+      nixpkgs = {
         url = https://github.com/NixOS/nixpkgs;
         rev = "77f8f35d57618c1ba456d968524f2fb2c3448295";
         dev = "/home/tv/nixpkgs";
@@ -45,6 +42,7 @@ with lib;
           tv = {
             isNormalUser = true;
             uid = 1337;
+            extraGroups = [ "tv" ];
           };
         };
       };
@@ -165,6 +163,7 @@ with lib;
 
     {
       tv.iptables.enable = true;
+      tv.iptables.accept-echo-request = "internet";
     }
 
     {
@@ -184,6 +183,15 @@ with lib;
       ];
     }
     {
+      environment.systemPackages = [
+        pkgs.get
+        pkgs.krebszones
+        pkgs.nix-prefetch-scripts
+        pkgs.push
+      ];
+    }
+
+    {
       systemd.tmpfiles.rules = let
         forUsers = flip map users;
         isUser = { name, group, ... }: