summaryrefslogtreecommitdiffstats
path: root/tv/2configs/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'tv/2configs/default.nix')
-rw-r--r--tv/2configs/default.nix13
1 files changed, 11 insertions, 2 deletions
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 741955eee..a9ba1eadd 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -14,7 +14,7 @@ with config.krebs.lib;
stockholm = "/home/tv/stockholm";
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
- rev = "87fe38fd0e19ca83fc3ea338f8e0e7b12971d204";
+ rev = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f";
};
} // optionalAttrs config.krebs.build.host.secure {
secrets-master = "/home/tv/secrets/master";
@@ -25,6 +25,7 @@ with config.krebs.lib;
imports = [
<secrets>
+ ./audit.nix
./backup.nix
./nginx
./vim.nix
@@ -152,6 +153,7 @@ with config.krebs.lib;
services.cron.enable = false;
services.nscd.enable = false;
services.ntp.enable = false;
+ services.timesyncd.enable = true;
}
{
@@ -168,13 +170,20 @@ with config.krebs.lib;
}
{
+ services.journald.extraConfig = ''
+ SystemMaxUse=1G
+ RuntimeMaxUse=128M
+ '';
+ }
+
+ {
services.openssh = {
enable = true;
hostKeys = [
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
- tv.iptables.input-internet-accept-new-tcp = singleton "ssh";
+ tv.iptables.input-internet-accept-tcp = singleton "ssh";
}
{