From 525dff002e7fe360b0c9803f1004ad2c8749c319 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 13 Nov 2015 12:24:29 +0100
Subject: m 1 gum: disable ipv6, open up fw

---
 makefu/1systems/gum.nix | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 8dd347b4..63db7a71 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -16,7 +16,6 @@ in {
 
   krebs.build.target = "root@gum.krebsco.de";
   krebs.build.host = config.krebs.hosts.gum;
-
   # Chat
   environment.systemPackages = with pkgs;[
     weechat
@@ -33,21 +32,24 @@ in {
   services.udev.extraRules = ''
     SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
   '';
+  boot.kernelParams = [ "ipv6.disable=1" ];
   networking = {
-  firewall = {
-      allowPing = true;
-      allowedTCPPorts = [
-        # smtp
-        25
-        # http
-        80 443
-        # tinc
-        655
-      ];
-      allowedUDPPorts = [
-        # tinc
-        655 53
-      ];
+    enableIPv6 = false;
+    firewall = {
+        allowPing = true;
+        logRefusedConnections = false;
+        allowedTCPPorts = [
+          # smtp
+          25
+          # http
+          80 443
+          # tinc
+          655
+        ];
+        allowedUDPPorts = [
+          # tinc
+          655 53
+        ];
     };
     interfaces.et0.ip4 = [{
       address = external-ip;
-- 
cgit v1.2.3


From e0ae8c1a3fe333de8a14b04b4a7e2dd01163b727 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 13 Nov 2015 12:25:18 +0100
Subject: m 1 {gum,wry}: disable dropped packet logging

---
 makefu/1systems/wry.nix | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index ba94972f..cd39b4b9 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -59,9 +59,12 @@ in {
   };
 
   networking = {
-    firewall.allowPing = true;
-    firewall.allowedTCPPorts = [ 53 80 443 ];
-    firewall.allowedUDPPorts = [ 655 ];
+  firewall = {
+      allowPing = true;
+      logRefusedConnections = false;
+      allowedTCPPorts = [ 53 80 443 ];
+      allowedUDPPorts = [ 655 ];
+    };
     interfaces.enp2s1.ip4 = [{
       address = external-ip;
       prefixLength = 24;
-- 
cgit v1.2.3


From 78660ea002d5912eb8d06da1895cc6e34bd5e6eb Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 14 Nov 2015 01:48:49 +0100
Subject: m 1 filepimp: remove legacy imports

---
 makefu/1systems/filepimp.nix | 2 --
 1 file changed, 2 deletions(-)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
index fb1a5755..66ea2ce9 100644
--- a/makefu/1systems/filepimp.nix
+++ b/makefu/1systems/filepimp.nix
@@ -7,8 +7,6 @@
 {
   imports =
     [ # Include the results of the hardware scan.
-      ../2configs/default.nix
-      ../2configs/fs/vm-single-partition.nix
       ../2configs/fs/single-partition-ext4.nix
       ../2configs/tinc-basic-retiolum.nix
     ];
-- 
cgit v1.2.3


From 2b9d7bdda10689e8bd8f7ed39830fd274c02457b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 14 Nov 2015 01:49:31 +0100
Subject: m 1 gum: add swap to server config

---
 makefu/1systems/gum.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 8dd347b4..44ab8c6f 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -9,6 +9,7 @@ in {
       # TODO: copy this config or move to krebs
       ../2configs/tinc-basic-retiolum.nix
       ../2configs/headless.nix
+      ../2configs/fs/simple-swap.nix
       ../2configs/fs/single-partition-ext4.nix
       # ../2configs/iodined.nix
 
-- 
cgit v1.2.3


From b69dcc6086c16ae996575bb00a1f55a14c26b63e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 13:54:55 +0100
Subject: m 1 gum: add ssh repo

---
 makefu/1systems/gum.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index d8b7ed5f..63ad1833 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -12,6 +12,7 @@ in {
       ../2configs/fs/simple-swap.nix
       ../2configs/fs/single-partition-ext4.nix
       # ../2configs/iodined.nix
+      ../2configs/git/cgit-retiolum.nix
 
   ];
 
-- 
cgit v1.2.3


From b2ac9b092a36c3196469099c73c64c8ca6626be0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 22:16:55 +0100
Subject: makefu: fix cgit for wry, add gc to wry

---
 makefu/1systems/wry.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index cd39b4b9..cd2b3f65 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -24,11 +24,11 @@ in {
       # other nginx
       ../2configs/nginx/euer.wiki.nix
       ../2configs/nginx/euer.blog.nix
+      ../2configs/nginx/euer.test.nix
 
       # collectd
       ../2configs/collectd/collectd-base.nix
   ];
-
   krebs.build.host = config.krebs.hosts.wry;
 
   krebs.Reaktor.enable = true;
@@ -73,5 +73,9 @@ in {
     nameservers = [ "8.8.8.8" ];
   };
 
-  environment.systemPackages = [ pkgs.translate-shell ];
+  # small machine - do not forget to gc every day
+  nix.gc.automatic = true;
+  nix.gc.dates = "03:10";
+
+  environment.systemPackages = [ ];
 }
-- 
cgit v1.2.3