diff options
Diffstat (limited to 'lass/2configs/base.nix')
| -rw-r--r-- | lass/2configs/base.nix | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 8017d427..8c6078ba 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -7,10 +7,11 @@ with config.krebs.lib; ../2configs/zsh.nix ../2configs/mc.nix ../2configs/retiolum.nix + ./backups.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) - (import /root/secrets/hashedPasswords.nix); + (import <secrets/hashedPasswords.nix>); } { users.extraUsers = { @@ -18,7 +19,6 @@ with config.krebs.lib; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey config.krebs.users.lass-uriel.pubkey - config.krebs.users.lass-helios.pubkey ]; }; mainUser = { @@ -45,7 +45,6 @@ with config.krebs.lib; krebs = { enable = true; search-domain = "retiolum"; - exim-retiolum.enable = true; build = { user = config.krebs.users.lass; source = mapAttrs (_: mkDefault) ({ @@ -55,7 +54,7 @@ with config.krebs.lib; stockholm = "/home/lass/stockholm"; nixpkgs = { url = https://github.com/NixOS/nixpkgs; - rev = "40c586b7ce2c559374df435f46d673baf711c543"; + rev = "e781a8257b4312f6b138c7d0511c77d8c06ed819"; dev = "/home/lass/src/nixpkgs"; }; } // optionalAttrs config.krebs.build.host.secure { @@ -85,9 +84,12 @@ with config.krebs.lib; MANPAGER=most ''; + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ #stockholm git + gnumake jq parallel proot @@ -108,6 +110,11 @@ with config.krebs.lib; #neat utils krebspaste + + #unpack stuff + p7zip + unzip + unrar ]; programs.bash = { @@ -145,10 +152,6 @@ with config.krebs.lib; ''; }; - security.setuidPrograms = [ - "sendmail" - ]; - services.openssh = { enable = true; hostKeys = [ @@ -165,6 +168,13 @@ with config.krebs.lib; krebs.iptables = { enable = true; tables = { + nat.PREROUTING.rules = [ + { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } + ]; + nat.OUTPUT.rules = [ + { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } + ]; filter.INPUT.policy = "DROP"; filter.FORWARD.policy = "DROP"; filter.INPUT.rules = [ |