From 4800e3a8c7e9f6bbb668c50a29f689a83de223c7 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 27 Feb 2023 15:01:09 +0100 Subject: ... --- _sources/generated.json | 22 +++++++++++----------- _sources/generated.nix | 22 +++++++++++----------- flake.lock | 27 ++++++++++++++------------- flake.nix | 7 +++++-- hosts/sif/ruleset.nft | 6 ++++-- overlays/batman-adv.nix | 14 ++++++++++++++ system-profiles/core.nix | 6 +++--- 7 files changed, 62 insertions(+), 42 deletions(-) create mode 100644 overlays/batman-adv.nix diff --git a/_sources/generated.json b/_sources/generated.json index 3868083c..bf649edd 100644 --- a/_sources/generated.json +++ b/_sources/generated.json @@ -175,7 +175,7 @@ }, "mpv-subselect": { "cargoLocks": null, - "date": "2022-11-04", + "date": "2023-02-22", "extract": null, "name": "mpv-subselect", "passthru": null, @@ -185,12 +185,12 @@ "fetchSubmodules": false, "leaveDotGit": false, "name": null, - "rev": "98c69499903c89d1b81b6fd7d5bb9fa8969d6fa9", - "sha256": "sha256-nOTgvxykTPT6w93cW76U5QPf8GN3MlpBlQWUpEfoEk4=", + "rev": "5d2fb7ab73fc0e36d44109e75c9be26bd42084e2", + "sha256": "sha256-8TZhrB9wjmytxA29fuCUGKZYPxsMYj8zDUjuuP0U0Dc=", "type": "git", "url": "https://github.com/CogentRedTester/mpv-sub-select" }, - "version": "98c69499903c89d1b81b6fd7d5bb9fa8969d6fa9" + "version": "5d2fb7ab73fc0e36d44109e75c9be26bd42084e2" }, "postfix-mta-sts-resolver": { "cargoLocks": null, @@ -201,11 +201,11 @@ "pinned": false, "src": { "name": null, - "sha256": "sha256-AcWGxvXtzMiVTTWL3TmsY+tBI9vIGhRRifEjfpAGQ44=", + "sha256": "sha256-zO/DTAkJYnSiZFKloxTKmYgNHYGznaHyah71wgi9f44=", "type": "url", - "url": "https://github.com/Snawoot/postfix-mta-sts-resolver/archive/refs/tags/v1.1.5.tar.gz" + "url": "https://github.com/Snawoot/postfix-mta-sts-resolver/archive/refs/tags/v1.2.0.tar.gz" }, - "version": "1.1.5" + "version": "1.2.0" }, "postfwd": { "cargoLocks": null, @@ -288,7 +288,7 @@ }, "v4l2loopback": { "cargoLocks": null, - "date": "2022-11-09", + "date": "2023-02-19", "extract": null, "name": "v4l2loopback", "passthru": null, @@ -300,11 +300,11 @@ "name": null, "owner": "umlaeute", "repo": "v4l2loopback", - "rev": "8902b3f11413166e7823c377dbf876bae1fab137", - "sha256": "sha256-p/tGXO2+EogR4BdZ+KxonyBnYHznJrqKM6cRg1G37xA=", + "rev": "fb410fc7af40e972058809a191fae9517b9313af", + "sha256": "sha256-0WbxavX/NzHlb0AKZDVjie1KNqGpLC9tTE/j4av+ePc=", "type": "github" }, - "version": "8902b3f11413166e7823c377dbf876bae1fab137" + "version": "fb410fc7af40e972058809a191fae9517b9313af" }, "xcompose": { "cargoLocks": null, diff --git a/_sources/generated.nix b/_sources/generated.nix index 63c22e7c..175e3854 100644 --- a/_sources/generated.nix +++ b/_sources/generated.nix @@ -109,23 +109,23 @@ }; mpv-subselect = { pname = "mpv-subselect"; - version = "98c69499903c89d1b81b6fd7d5bb9fa8969d6fa9"; + version = "5d2fb7ab73fc0e36d44109e75c9be26bd42084e2"; src = fetchgit { url = "https://github.com/CogentRedTester/mpv-sub-select"; - rev = "98c69499903c89d1b81b6fd7d5bb9fa8969d6fa9"; + rev = "5d2fb7ab73fc0e36d44109e75c9be26bd42084e2"; fetchSubmodules = false; deepClone = false; leaveDotGit = false; - sha256 = "sha256-nOTgvxykTPT6w93cW76U5QPf8GN3MlpBlQWUpEfoEk4="; + sha256 = "sha256-8TZhrB9wjmytxA29fuCUGKZYPxsMYj8zDUjuuP0U0Dc="; }; - date = "2022-11-04"; + date = "2023-02-22"; }; postfix-mta-sts-resolver = { pname = "postfix-mta-sts-resolver"; - version = "1.1.5"; + version = "1.2.0"; src = fetchurl { - url = "https://github.com/Snawoot/postfix-mta-sts-resolver/archive/refs/tags/v1.1.5.tar.gz"; - sha256 = "sha256-AcWGxvXtzMiVTTWL3TmsY+tBI9vIGhRRifEjfpAGQ44="; + url = "https://github.com/Snawoot/postfix-mta-sts-resolver/archive/refs/tags/v1.2.0.tar.gz"; + sha256 = "sha256-zO/DTAkJYnSiZFKloxTKmYgNHYGznaHyah71wgi9f44="; }; }; postfwd = { @@ -175,15 +175,15 @@ }; v4l2loopback = { pname = "v4l2loopback"; - version = "8902b3f11413166e7823c377dbf876bae1fab137"; + version = "fb410fc7af40e972058809a191fae9517b9313af"; src = fetchFromGitHub ({ owner = "umlaeute"; repo = "v4l2loopback"; - rev = "8902b3f11413166e7823c377dbf876bae1fab137"; + rev = "fb410fc7af40e972058809a191fae9517b9313af"; fetchSubmodules = true; - sha256 = "sha256-p/tGXO2+EogR4BdZ+KxonyBnYHznJrqKM6cRg1G37xA="; + sha256 = "sha256-0WbxavX/NzHlb0AKZDVjie1KNqGpLC9tTE/j4av+ePc="; }); - date = "2022-11-09"; + date = "2023-02-19"; }; xcompose = { pname = "xcompose"; diff --git a/flake.lock b/flake.lock index 5b99ef60..b410c7fd 100644 --- a/flake.lock +++ b/flake.lock @@ -74,16 +74,16 @@ }, "flake-utils": { "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "type": "github" }, "original": { "owner": "numtide", - "ref": "master", + "ref": "main", "repo": "flake-utils", "type": "github" } @@ -158,11 +158,11 @@ ] }, "locked": { - "lastModified": 1674962474, - "narHash": "sha256-qEXdgW5fnMSdQwP1zQYa0fVtI0f3G1f2qNRjUEherCs=", + "lastModified": 1676778053, + "narHash": "sha256-5/NghN1FCFpwCWp6Q3W4Of3keKYx/RgCNFuUmk6YmAA=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "a385f6192f5471c4cebeeb0d2e966b5ccf123df5", + "rev": "688adea5ecff698a49461f77d649cc854b805dbc", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1675328323, - "narHash": "sha256-+c66Ri9L3klvKSrAHGD+VhbMcHdax3WyI5zOOy5U+U4=", + "lastModified": 1677329548, + "narHash": "sha256-ioEmHjeuCVQfJoR7X8jAXuVcEiZxh7A4bR/Jk2DFlmI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "56f5f40f81d15f56aa1470dc8f1d1716ba81fbb0", + "rev": "ac21beda5c7d4182054e35bb330e17f3d4abe0b5", "type": "github" }, "original": { @@ -243,6 +243,7 @@ }, "original": { "owner": "DavHau", + "ref": "e9571cac25d2f509e44fec9dc94a3703a40126ff", "repo": "pypi-deps-db", "type": "github" } @@ -273,11 +274,11 @@ ] }, "locked": { - "lastModified": 1675288837, - "narHash": "sha256-76s8TLENa4PzWDeuIpEF78gqeUrXi6rEJJaKEAaJsXw=", + "lastModified": 1676959847, + "narHash": "sha256-KZS6sIsMXiNyN7jW45MrEo95iEXj6nMLKvxgxO181no=", "owner": "Mic92", "repo": "sops-nix", - "rev": "a81ce6c961480b3b93498507074000c589bd9d60", + "rev": "2c5828439d718a6cddd9a511997d9ac7626a4aff", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 0cd53be3..52e0b9e3 100644 --- a/flake.nix +++ b/flake.nix @@ -70,7 +70,7 @@ type = "github"; owner = "numtide"; repo = "flake-utils"; - ref = "master"; + ref = "main"; }; nix-index-database = { type = "github"; @@ -83,7 +83,10 @@ }; pypi-deps-db = { - url = "github:DavHau/pypi-deps-db"; + type = "github"; + owner = "DavHau"; + repo = "pypi-deps-db"; + ref = "e9571cac25d2f509e44fec9dc94a3703a40126ff"; flake = false; }; mach-nix = { diff --git a/hosts/sif/ruleset.nft b/hosts/sif/ruleset.nft index 2a1467b8..e2ac45c6 100644 --- a/hosts/sif/ruleset.nft +++ b/hosts/sif/ruleset.nft @@ -62,6 +62,7 @@ table inet filter { counter wg-rx {} counter yggdrasil-gre-rx {} counter quickserve-rx {} + counter ausweisapp2-rx {} counter established-rx {} @@ -115,7 +116,7 @@ table inet filter { ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop - + iifname lo counter name rx-lo accept iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject @@ -128,6 +129,7 @@ table inet filter { udp dport 60000-61000 counter name mosh-rx accept tcp dport 8000 counter name quickserve-rx accept + udp dport 24727 counter name ausweisapp2-rx accept udp dport 51820-51822 counter name wg-rx accept iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept @@ -206,4 +208,4 @@ table ip mss_clamp { iifname virbr0 oifname != virbr0 tcp flags & (syn|rst) == syn counter name libvirt-mss-clamp tcp option maxseg size set rt mtu } -} \ No newline at end of file +} diff --git a/overlays/batman-adv.nix b/overlays/batman-adv.nix new file mode 100644 index 00000000..a408a284 --- /dev/null +++ b/overlays/batman-adv.nix @@ -0,0 +1,14 @@ +{ final, prev, sources, ... }: { + linuxPackages_latest = prev.linuxPackages_latest.extend (self: super: { + batman_adv = super.batman_adv.overrideAttrs (oldAttrs: let + version = "2023.0"; + in { + version = "${version}-${self.kernel.version}"; + + src = prev.fetchurl { + url = "http://downloads.open-mesh.org/batman/releases/batman-adv-${version}/batman-adv-${version}.tar.gz"; + hash = "sha256-LOTsBAYyUue/7DorP6KmGztCx7BNaYumATK/qx1gpc0="; + }; + }); + }); +} diff --git a/system-profiles/core.nix b/system-profiles/core.nix index 4d39d7ea..40bd20c6 100644 --- a/system-profiles/core.nix +++ b/system-profiles/core.nix @@ -53,7 +53,7 @@ in { ''; nixPath = [ "nixpkgs=/run/nixpkgs" - "nixpkgs-overlays=/run/nixpkgs-overlays.nix" + # "nixpkgs-overlays=/run/nixpkgs-overlays.nix" ]; registry = let override = { self = "nixos"; }; @@ -69,13 +69,13 @@ in { attrValues (import ( - let lock = fromJSON (readFile ${toString ../flake.lock}); in + let lock = fromJSON (readFile ${flake + "/flake.lock"}); in fetchTarball { url = "https://github.com/edolstra/flake-compat/archive/''${lock.nodes.flake-compat.locked.rev}.tar.gz"; sha256 = lock.nodes.flake-compat.locked.narHash; } ) - { src = ${toString ../.}; } + { src = ${flake}; } ).defaultNix.overlays ''}" ]; -- cgit v1.2.3