diff options
| -rw-r--r-- | krebs/3modules/lass/ssh/icarus.rsa | 2 | ||||
| -rw-r--r-- | krebs/5pkgs/writers.nix | 2 | ||||
| -rw-r--r-- | lass/1systems/mors.nix | 4 | ||||
| -rw-r--r-- | lass/2configs/default.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/nixpkgs.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/websites/lassulus.nix | 10 | ||||
| -rw-r--r-- | lass/2configs/websites/util.nix | 8 |
7 files changed, 23 insertions, 6 deletions
diff --git a/krebs/3modules/lass/ssh/icarus.rsa b/krebs/3modules/lass/ssh/icarus.rsa index da99fcfd..e3cb7408 100644 --- a/krebs/3modules/lass/ssh/icarus.rsa +++ b/krebs/3modules/lass/ssh/icarus.rsa @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz97C5WVGXgKZ3I7FMvL4TyUv+0rsrSOGI7jj5uQaaHx0SSR0V4tnZtv2hXYrfnkaPHwu2PYUeeUdMBHfbZS6l2dmaXRI9f2WG7182G3IUskMktpi84DMyh0kwK2pWmHoS+Kwo//q+lu4WXIRy4X5wVMVpPT1Oc7boDtqJt4rK8uZkuVmVzGi+5SFaBxspCsdZsX/uDWOeC4/U2l+2Pd4YYl8UdmgN3bJceKTwqKIcbK7AL91My0jrnRSU6XLuED0hcVKzjkjc6bcj1R+Mlch9cflsMQV8TfT6p7VGGvUOtVwhG1+CjraHfilzFn76wINClsQXF/ncKrGabTEWO3zTi12ukAzL2/B0IB0q61tror9uYqeI74WgLjwhnuF98hUL7hnqgV3KB1ytpt6yzXqf1Uz784z9dh0n9r0fLTkeTDbJ4uOz1XzpmAMRwuo0o7/Op7rRBLHohu2Tp6AV8sISKJN5hDGe0wD6861pH9ZrRBiUux6uylzfWp2qrZmERnk0brBl+oDQNhKs3Z0CZmLG4DZWMc5pxpQ5751/8bb6nEorg2ulDZ/h+G3myC+9Zbc/owb/HHOGOBMEpyYYYMvYAfchu50e4xtHd+wMqzFxzjfcM7u6dTdyDEXi6+TFXKBEZyvaAhW2J27HKj4iK6Td2GyK59myPG6OtCnIbw9BPw== lass@icarus +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm4qnRU8/Zyb+7x/QxW1grN+i1qcN39Sr/TSkBdccAPyfPdk8ph/G+wZKgsyr9sl5CgbA4hOsqDBN97dp4dKghKARuk0GldHDgo+2odWwBTa4EOSmE4Bfj3z7r9tW33Y+ujy55L4w5Qw21lj51mbhc0qvC/03xypEeKsLM0RtNAf8TsdGMPGmbha7uCF75VjFJvrHysbjonh6ZQ+Or8N0MSNABZ9oawJQxxBUqtLFhnq20zCJmm281f9GS/EaGYwcpOjiHd4fj3XWyfEIJRK/LRBZXkidvVDN7mhOQY3G+qiGZfPeyged9CRDRFoc5QbZ43NtrmPS+yUtjHQZKynkjI0lA00fegRzb0FkEJmYSy1Vdqgj338CjNwcuTaKJTw2EotMqMuHyk1FllnphafJtgMTMLIGoZRTpJpC91gbP0MGTnRoCwD4McZcz1YD3cxng101QsLsDv/FPxzbyxr+P6rjBB6eP6IhP4k4ALjWzoMURdCo1BW4//zt+PXImUpcX2+urtAMmVBQ8BwZry1hsEcR+r6C1Yb+jzeWGnvtfjXSFv+ZjpA0eEnqeKeh3LDCxybjkok51zdTe97EZ0sDAnKcnrVzpXJwehY02E2N9Sw1HhvWIUUulr09a2bC2rYR7HWryOjaEzT2aKmUyrxPkflCawB8gn2iSbVMWK74VJw== lass@icarus diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index fe8fe5d7..65ee1448 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -257,7 +257,7 @@ with import <stockholm/lib>; pkgs.writeOut (baseNameOf name) { ${optionalString (types.absolute-pathname.check name) name} = { check = pkgs.writeDash "jqcheck.sh" '' - exec ${pkgs.jq}/bin/jq -f "$1" -n + exec ${pkgs.jq}/bin/jq -f "$1" < /dev/null ''; inherit text; }; diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index a5eaaed9..d0f835c6 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -126,6 +126,10 @@ with import <stockholm/lib>; # }; # }; #} + { + #ipfs-testing + services.ipfs.enable = true; + } ]; krebs.build.host = config.krebs.hosts.mors; diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index d1810c00..2441f1b7 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -202,6 +202,7 @@ with import <stockholm/lib>; filter.INPUT.rules = [ { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index aef9dd8b..ad39848b 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "f7b7d8e"; + ref = "6651c72"; }; } diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 024d2eeb..3a897942 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -110,7 +110,10 @@ in { ''; enableSSL = true; - extraConfig = "listen 80;"; + extraConfig = '' + listen 80; + listen [::]:80; + ''; sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem"; sslCertificateKey = "/var/lib/acme/lassul.us/key.pem"; }; @@ -123,7 +126,10 @@ in { root /var/lib/acme/acme-challenges; ''; enableSSL = true; - extraConfig = "listen 80;"; + extraConfig = '' + listen 80; + listen [::]:80; + ''; sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; }; diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 6e236ab6..d596e9db 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -17,7 +17,10 @@ rec { services.nginx.virtualHosts.${domain} = { enableACME = true; enableSSL = true; - extraConfig = "listen 80;"; + extraConfig = '' + listen 80; + listen [::]:80; + ''; serverAliases = domains; locations."/".extraConfig = '' root /srv/http/${domain}; @@ -35,6 +38,7 @@ rec { serverAliases = domains; extraConfig = '' listen 80; + listen [::]:80; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; @@ -148,6 +152,8 @@ rec { serverAliases = domains; extraConfig = '' listen 80; + listen [::]:80; + root /srv/http/${domain}/; index index.php; access_log /tmp/nginx_acc.log; |