summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2023-02-27 15:01:09 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2023-02-27 15:01:09 +0100
commit4800e3a8c7e9f6bbb668c50a29f689a83de223c7 (patch)
tree9c8c967f277085dd740dc67c4e002118d1fa169d
parentf122223243cbb50fa65d96646bc06f53567fd815 (diff)
downloadnixos-4800e3a8c7e9f6bbb668c50a29f689a83de223c7.tar
nixos-4800e3a8c7e9f6bbb668c50a29f689a83de223c7.tar.gz
nixos-4800e3a8c7e9f6bbb668c50a29f689a83de223c7.tar.bz2
nixos-4800e3a8c7e9f6bbb668c50a29f689a83de223c7.tar.xz
nixos-4800e3a8c7e9f6bbb668c50a29f689a83de223c7.zip
...
-rw-r--r--_sources/generated.json22
-rw-r--r--_sources/generated.nix22
-rw-r--r--flake.lock27
-rw-r--r--flake.nix7
-rw-r--r--hosts/sif/ruleset.nft6
-rw-r--r--overlays/batman-adv.nix14
-rw-r--r--system-profiles/core.nix6
7 files changed, 62 insertions, 42 deletions
diff --git a/_sources/generated.json b/_sources/generated.json
index 3868083c..bf649edd 100644
--- a/_sources/generated.json
+++ b/_sources/generated.json
@@ -175,7 +175,7 @@
175 }, 175 },
176 "mpv-subselect": { 176 "mpv-subselect": {
177 "cargoLocks": null, 177 "cargoLocks": null,
178 "date": "2022-11-04", 178 "date": "2023-02-22",
179 "extract": null, 179 "extract": null,
180 "name": "mpv-subselect", 180 "name": "mpv-subselect",
181 "passthru": null, 181 "passthru": null,
@@ -185,12 +185,12 @@
185 "fetchSubmodules": false, 185 "fetchSubmodules": false,
186 "leaveDotGit": false, 186 "leaveDotGit": false,
187 "name": null, 187 "name": null,
188 "rev": "98c69499903c89d1b81b6fd7d5bb9fa8969d6fa9", 188 "rev": "5d2fb7ab73fc0e36d44109e75c9be26bd42084e2",
189 "sha256": "sha256-nOTgvxykTPT6w93cW76U5QPf8GN3MlpBlQWUpEfoEk4=", 189 "sha256": "sha256-8TZhrB9wjmytxA29fuCUGKZYPxsMYj8zDUjuuP0U0Dc=",
190 "type": "git", 190 "type": "git",
191 "url": "https://github.com/CogentRedTester/mpv-sub-select" 191 "url": "https://github.com/CogentRedTester/mpv-sub-select"
192 }, 192 },
193 "version": "98c69499903c89d1b81b6fd7d5bb9fa8969d6fa9" 193 "version": "5d2fb7ab73fc0e36d44109e75c9be26bd42084e2"
194 }, 194 },
195 "postfix-mta-sts-resolver": { 195 "postfix-mta-sts-resolver": {
196 "cargoLocks": null, 196 "cargoLocks": null,
@@ -201,11 +201,11 @@
201 "pinned": false, 201 "pinned": false,
202 "src": { 202 "src": {
203 "name": null, 203 "name": null,
204 "sha256": "sha256-AcWGxvXtzMiVTTWL3TmsY+tBI9vIGhRRifEjfpAGQ44=", 204 "sha256": "sha256-zO/DTAkJYnSiZFKloxTKmYgNHYGznaHyah71wgi9f44=",
205 "type": "url", 205 "type": "url",
206 "url": "https://github.com/Snawoot/postfix-mta-sts-resolver/archive/refs/tags/v1.1.5.tar.gz" 206 "url": "https://github.com/Snawoot/postfix-mta-sts-resolver/archive/refs/tags/v1.2.0.tar.gz"
207 }, 207 },
208 "version": "1.1.5" 208 "version": "1.2.0"
209 }, 209 },
210 "postfwd": { 210 "postfwd": {
211 "cargoLocks": null, 211 "cargoLocks": null,
@@ -288,7 +288,7 @@
288 }, 288 },
289 "v4l2loopback": { 289 "v4l2loopback": {
290 "cargoLocks": null, 290 "cargoLocks": null,
291 "date": "2022-11-09", 291 "date": "2023-02-19",
292 "extract": null, 292 "extract": null,
293 "name": "v4l2loopback", 293 "name": "v4l2loopback",
294 "passthru": null, 294 "passthru": null,
@@ -300,11 +300,11 @@
300 "name": null, 300 "name": null,
301 "owner": "umlaeute", 301 "owner": "umlaeute",
302 "repo": "v4l2loopback", 302 "repo": "v4l2loopback",
303 "rev": "8902b3f11413166e7823c377dbf876bae1fab137", 303 "rev": "fb410fc7af40e972058809a191fae9517b9313af",
304 "sha256": "sha256-p/tGXO2+EogR4BdZ+KxonyBnYHznJrqKM6cRg1G37xA=", 304 "sha256": "sha256-0WbxavX/NzHlb0AKZDVjie1KNqGpLC9tTE/j4av+ePc=",
305 "type": "github" 305 "type": "github"
306 }, 306 },
307 "version": "8902b3f11413166e7823c377dbf876bae1fab137" 307 "version": "fb410fc7af40e972058809a191fae9517b9313af"
308 }, 308 },
309 "xcompose": { 309 "xcompose": {
310 "cargoLocks": null, 310 "cargoLocks": null,
diff --git a/_sources/generated.nix b/_sources/generated.nix
index 63c22e7c..175e3854 100644
--- a/_sources/generated.nix
+++ b/_sources/generated.nix
@@ -109,23 +109,23 @@
109 }; 109 };
110 mpv-subselect = { 110 mpv-subselect = {
111 pname = "mpv-subselect"; 111 pname = "mpv-subselect";
112 version = "98c69499903c89d1b81b6fd7d5bb9fa8969d6fa9"; 112 version = "5d2fb7ab73fc0e36d44109e75c9be26bd42084e2";
113 src = fetchgit { 113 src = fetchgit {
114 url = "https://github.com/CogentRedTester/mpv-sub-select"; 114 url = "https://github.com/CogentRedTester/mpv-sub-select";
115 rev = "98c69499903c89d1b81b6fd7d5bb9fa8969d6fa9"; 115 rev = "5d2fb7ab73fc0e36d44109e75c9be26bd42084e2";
116 fetchSubmodules = false; 116 fetchSubmodules = false;
117 deepClone = false; 117 deepClone = false;
118 leaveDotGit = false; 118 leaveDotGit = false;
119 sha256 = "sha256-nOTgvxykTPT6w93cW76U5QPf8GN3MlpBlQWUpEfoEk4="; 119 sha256 = "sha256-8TZhrB9wjmytxA29fuCUGKZYPxsMYj8zDUjuuP0U0Dc=";
120 }; 120 };
121 date = "2022-11-04"; 121 date = "2023-02-22";
122 }; 122 };
123 postfix-mta-sts-resolver = { 123 postfix-mta-sts-resolver = {
124 pname = "postfix-mta-sts-resolver"; 124 pname = "postfix-mta-sts-resolver";
125 version = "1.1.5"; 125 version = "1.2.0";
126 src = fetchurl { 126 src = fetchurl {
127 url = "https://github.com/Snawoot/postfix-mta-sts-resolver/archive/refs/tags/v1.1.5.tar.gz"; 127 url = "https://github.com/Snawoot/postfix-mta-sts-resolver/archive/refs/tags/v1.2.0.tar.gz";
128 sha256 = "sha256-AcWGxvXtzMiVTTWL3TmsY+tBI9vIGhRRifEjfpAGQ44="; 128 sha256 = "sha256-zO/DTAkJYnSiZFKloxTKmYgNHYGznaHyah71wgi9f44=";
129 }; 129 };
130 }; 130 };
131 postfwd = { 131 postfwd = {
@@ -175,15 +175,15 @@
175 }; 175 };
176 v4l2loopback = { 176 v4l2loopback = {
177 pname = "v4l2loopback"; 177 pname = "v4l2loopback";
178 version = "8902b3f11413166e7823c377dbf876bae1fab137"; 178 version = "fb410fc7af40e972058809a191fae9517b9313af";
179 src = fetchFromGitHub ({ 179 src = fetchFromGitHub ({
180 owner = "umlaeute"; 180 owner = "umlaeute";
181 repo = "v4l2loopback"; 181 repo = "v4l2loopback";
182 rev = "8902b3f11413166e7823c377dbf876bae1fab137"; 182 rev = "fb410fc7af40e972058809a191fae9517b9313af";
183 fetchSubmodules = true; 183 fetchSubmodules = true;
184 sha256 = "sha256-p/tGXO2+EogR4BdZ+KxonyBnYHznJrqKM6cRg1G37xA="; 184 sha256 = "sha256-0WbxavX/NzHlb0AKZDVjie1KNqGpLC9tTE/j4av+ePc=";
185 }); 185 });
186 date = "2022-11-09"; 186 date = "2023-02-19";
187 }; 187 };
188 xcompose = { 188 xcompose = {
189 pname = "xcompose"; 189 pname = "xcompose";
diff --git a/flake.lock b/flake.lock
index 5b99ef60..b410c7fd 100644
--- a/flake.lock
+++ b/flake.lock
@@ -74,16 +74,16 @@
74 }, 74 },
75 "flake-utils": { 75 "flake-utils": {
76 "locked": { 76 "locked": {
77 "lastModified": 1667395993, 77 "lastModified": 1676283394,
78 "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", 78 "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
79 "owner": "numtide", 79 "owner": "numtide",
80 "repo": "flake-utils", 80 "repo": "flake-utils",
81 "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", 81 "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
82 "type": "github" 82 "type": "github"
83 }, 83 },
84 "original": { 84 "original": {
85 "owner": "numtide", 85 "owner": "numtide",
86 "ref": "master", 86 "ref": "main",
87 "repo": "flake-utils", 87 "repo": "flake-utils",
88 "type": "github" 88 "type": "github"
89 } 89 }
@@ -158,11 +158,11 @@
158 ] 158 ]
159 }, 159 },
160 "locked": { 160 "locked": {
161 "lastModified": 1674962474, 161 "lastModified": 1676778053,
162 "narHash": "sha256-qEXdgW5fnMSdQwP1zQYa0fVtI0f3G1f2qNRjUEherCs=", 162 "narHash": "sha256-5/NghN1FCFpwCWp6Q3W4Of3keKYx/RgCNFuUmk6YmAA=",
163 "owner": "Mic92", 163 "owner": "Mic92",
164 "repo": "nix-index-database", 164 "repo": "nix-index-database",
165 "rev": "a385f6192f5471c4cebeeb0d2e966b5ccf123df5", 165 "rev": "688adea5ecff698a49461f77d649cc854b805dbc",
166 "type": "github" 166 "type": "github"
167 }, 167 },
168 "original": { 168 "original": {
@@ -174,11 +174,11 @@
174 }, 174 },
175 "nixpkgs": { 175 "nixpkgs": {
176 "locked": { 176 "locked": {
177 "lastModified": 1675328323, 177 "lastModified": 1677329548,
178 "narHash": "sha256-+c66Ri9L3klvKSrAHGD+VhbMcHdax3WyI5zOOy5U+U4=", 178 "narHash": "sha256-ioEmHjeuCVQfJoR7X8jAXuVcEiZxh7A4bR/Jk2DFlmI=",
179 "owner": "NixOS", 179 "owner": "NixOS",
180 "repo": "nixpkgs", 180 "repo": "nixpkgs",
181 "rev": "56f5f40f81d15f56aa1470dc8f1d1716ba81fbb0", 181 "rev": "ac21beda5c7d4182054e35bb330e17f3d4abe0b5",
182 "type": "github" 182 "type": "github"
183 }, 183 },
184 "original": { 184 "original": {
@@ -243,6 +243,7 @@
243 }, 243 },
244 "original": { 244 "original": {
245 "owner": "DavHau", 245 "owner": "DavHau",
246 "ref": "e9571cac25d2f509e44fec9dc94a3703a40126ff",
246 "repo": "pypi-deps-db", 247 "repo": "pypi-deps-db",
247 "type": "github" 248 "type": "github"
248 } 249 }
@@ -273,11 +274,11 @@
273 ] 274 ]
274 }, 275 },
275 "locked": { 276 "locked": {
276 "lastModified": 1675288837, 277 "lastModified": 1676959847,
277 "narHash": "sha256-76s8TLENa4PzWDeuIpEF78gqeUrXi6rEJJaKEAaJsXw=", 278 "narHash": "sha256-KZS6sIsMXiNyN7jW45MrEo95iEXj6nMLKvxgxO181no=",
278 "owner": "Mic92", 279 "owner": "Mic92",
279 "repo": "sops-nix", 280 "repo": "sops-nix",
280 "rev": "a81ce6c961480b3b93498507074000c589bd9d60", 281 "rev": "2c5828439d718a6cddd9a511997d9ac7626a4aff",
281 "type": "github" 282 "type": "github"
282 }, 283 },
283 "original": { 284 "original": {
diff --git a/flake.nix b/flake.nix
index 0cd53be3..52e0b9e3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -70,7 +70,7 @@
70 type = "github"; 70 type = "github";
71 owner = "numtide"; 71 owner = "numtide";
72 repo = "flake-utils"; 72 repo = "flake-utils";
73 ref = "master"; 73 ref = "main";
74 }; 74 };
75 nix-index-database = { 75 nix-index-database = {
76 type = "github"; 76 type = "github";
@@ -83,7 +83,10 @@
83 }; 83 };
84 84
85 pypi-deps-db = { 85 pypi-deps-db = {
86 url = "github:DavHau/pypi-deps-db"; 86 type = "github";
87 owner = "DavHau";
88 repo = "pypi-deps-db";
89 ref = "e9571cac25d2f509e44fec9dc94a3703a40126ff";
87 flake = false; 90 flake = false;
88 }; 91 };
89 mach-nix = { 92 mach-nix = {
diff --git a/hosts/sif/ruleset.nft b/hosts/sif/ruleset.nft
index 2a1467b8..e2ac45c6 100644
--- a/hosts/sif/ruleset.nft
+++ b/hosts/sif/ruleset.nft
@@ -62,6 +62,7 @@ table inet filter {
62 counter wg-rx {} 62 counter wg-rx {}
63 counter yggdrasil-gre-rx {} 63 counter yggdrasil-gre-rx {}
64 counter quickserve-rx {} 64 counter quickserve-rx {}
65 counter ausweisapp2-rx {}
65 66
66 counter established-rx {} 67 counter established-rx {}
67 68
@@ -115,7 +116,7 @@ table inet filter {
115 116
116 117
117 ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop 118 ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop
118 119
119 120
120 iifname lo counter name rx-lo accept 121 iifname lo counter name rx-lo accept
121 iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject 122 iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject
@@ -128,6 +129,7 @@ table inet filter {
128 udp dport 60000-61000 counter name mosh-rx accept 129 udp dport 60000-61000 counter name mosh-rx accept
129 130
130 tcp dport 8000 counter name quickserve-rx accept 131 tcp dport 8000 counter name quickserve-rx accept
132 udp dport 24727 counter name ausweisapp2-rx accept
131 133
132 udp dport 51820-51822 counter name wg-rx accept 134 udp dport 51820-51822 counter name wg-rx accept
133 iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept 135 iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept
@@ -206,4 +208,4 @@ table ip mss_clamp {
206 208
207 iifname virbr0 oifname != virbr0 tcp flags & (syn|rst) == syn counter name libvirt-mss-clamp tcp option maxseg size set rt mtu 209 iifname virbr0 oifname != virbr0 tcp flags & (syn|rst) == syn counter name libvirt-mss-clamp tcp option maxseg size set rt mtu
208 } 210 }
209} \ No newline at end of file 211}
diff --git a/overlays/batman-adv.nix b/overlays/batman-adv.nix
new file mode 100644
index 00000000..a408a284
--- /dev/null
+++ b/overlays/batman-adv.nix
@@ -0,0 +1,14 @@
1{ final, prev, sources, ... }: {
2 linuxPackages_latest = prev.linuxPackages_latest.extend (self: super: {
3 batman_adv = super.batman_adv.overrideAttrs (oldAttrs: let
4 version = "2023.0";
5 in {
6 version = "${version}-${self.kernel.version}";
7
8 src = prev.fetchurl {
9 url = "http://downloads.open-mesh.org/batman/releases/batman-adv-${version}/batman-adv-${version}.tar.gz";
10 hash = "sha256-LOTsBAYyUue/7DorP6KmGztCx7BNaYumATK/qx1gpc0=";
11 };
12 });
13 });
14}
diff --git a/system-profiles/core.nix b/system-profiles/core.nix
index 4d39d7ea..40bd20c6 100644
--- a/system-profiles/core.nix
+++ b/system-profiles/core.nix
@@ -53,7 +53,7 @@ in {
53 ''; 53 '';
54 nixPath = [ 54 nixPath = [
55 "nixpkgs=/run/nixpkgs" 55 "nixpkgs=/run/nixpkgs"
56 "nixpkgs-overlays=/run/nixpkgs-overlays.nix" 56 # "nixpkgs-overlays=/run/nixpkgs-overlays.nix"
57 ]; 57 ];
58 registry = 58 registry =
59 let override = { self = "nixos"; }; 59 let override = { self = "nixos"; };
@@ -69,13 +69,13 @@ in {
69 69
70 attrValues (import 70 attrValues (import
71 ( 71 (
72 let lock = fromJSON (readFile ${toString ../flake.lock}); in 72 let lock = fromJSON (readFile ${flake + "/flake.lock"}); in
73 fetchTarball { 73 fetchTarball {
74 url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz"; 74 url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz";
75 sha256 = lock.nodes.flake-compat.locked.narHash; 75 sha256 = lock.nodes.flake-compat.locked.narHash;
76 } 76 }
77 ) 77 )
78 { src = ${toString ../.}; } 78 { src = ${flake}; }
79 ).defaultNix.overlays 79 ).defaultNix.overlays
80 ''}" 80 ''}"
81 ]; 81 ];