Merge remote-tracking branch 'lass/master'

9 files changed, 16 insertions, 82 deletions

diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index a4a4de6f9..09b493c20 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -29,9 +29,10 @@ let
     tables = mkOption {
       type = with types; attrsOf (attrsOf (submodule ({
         options = {
+          #TODO: find out good defaults.
           policy = mkOption {
             type = str;
-            default = "-";
+            default = "ACCEPT";
           };
           rules = mkOption {
             type = nullOr (listOf (submodule ({
@@ -133,30 +134,9 @@ let
 #=====
 
   rules = iptables-version:
-    let
-      #TODO: find out good defaults.
-      tables-defaults = {
-        nat.PREROUTING.policy = "ACCEPT";
-        nat.INPUT.policy = "ACCEPT";
-        nat.OUTPUT.policy = "ACCEPT";
-        nat.POSTROUTING.policy = "ACCEPT";
-        filter.INPUT.policy = "ACCEPT";
-        filter.FORWARD.policy = "ACCEPT";
-        filter.OUTPUT.policy = "ACCEPT";
-
-        #if someone specifies any other rules on this chain, the default rules get lost.
-        #is this wanted beahiviour or a bug?
-        #TODO: implement abstraction of rules
-        filter.INPUT.rules = [
-          { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
-        ];
-      };
-      tables = tables-defaults // cfg.tables;
-
-    in
-      pkgs.writeText "krebs-iptables-rules${iptables-version}" ''
-        ${buildTables iptables-version tables}
-      '';
+    pkgs.writeText "krebs-iptables-rules${iptables-version}" ''
+      ${buildTables iptables-version cfg.tables}
+    '';
 
   startScript = pkgs.writeDash "krebs-iptables_start" ''
     set -euf
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 742d42bf8..99705cbf1 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -17,7 +17,6 @@ with import <stockholm/lib>;
     ../2configs/elster.nix
     ../2configs/steam.nix
     ../2configs/wine.nix
-    ../2configs/chromium-patched.nix
     ../2configs/git.nix
     ../2configs/skype.nix
     ../2configs/teamviewer.nix
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 4b05e3296..fbab23500 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -31,6 +31,7 @@ in {
   environment.systemPackages = with pkgs; [
 
     acpi
+    dic
     dmenu
     gitAndTools.qgit
     lm_sensors
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 7422abdc8..e7fbccb77 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -36,7 +36,7 @@ in {
     };
     builder_pre = ''
       # prepare grab_repo step for stockholm
-      grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental', alwaysUseLatest=True)
+      grab_repo = steps.Git(repourl=stockholm_repo, mode='full')
 
       # TODO: get nixpkgs/stockholm paths from krebs
       env_lass = {
diff --git a/lass/2configs/chromium-patched.nix b/lass/2configs/chromium-patched.nix
deleted file mode 100644
index d9d7760dd..000000000
--- a/lass/2configs/chromium-patched.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{ config, pkgs, ... }:
-
-#settings to test:
-#
-      #"ForceEphemeralProfiles": true,
-let
-  masterPolicy = pkgs.writeText "master.json" ''
-    {
-      "PasswordManagerEnabled": false,
-      "DefaultGeolocationSetting": 2,
-      "RestoreOnStartup": 1,
-      "AutoFillEnabled": false,
-      "BackgroundModeEnabled": false,
-      "DefaultBrowserSettingEnabled": false,
-      "SafeBrowsingEnabled": false,
-      "ExtensionInstallForcelist": [
-        "cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx",
-        "ihlenndgcmojhcghmfjfneahoeklbjjh;https://clients2.google.com/service/update2/crx"
-      ]
-    }
-  '';
-
-  master_preferences = pkgs.writeText "master_preferences" ''
-    {
-      "browser": {
-        "custom_chrome_frame": true
-      },
-
-      "extensions": {
-        "theme": {
-          "id": "",
-          "use_system": true
-        }
-      }
-    }
-  '';
-in {
-  environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy;
-
-  #environment.systemPackages = [
-  #  #pkgs.chromium
-  #  (pkgs.lib.overrideDerivation pkgs.chromium (attrs: {
-  #    buildCommand = attrs.buildCommand + ''
-  #      touch $out/TEST123
-  #    '';
-  #  }))
-  #];
-}
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 79a609e2b..ca0aded78 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -14,8 +14,8 @@ with import <stockholm/lib>;
       ];
       openssh.authorizedKeys.keys = with config.krebs.users; [
         lass.pubkey
-        lass-uriel.pubkey
         lass-shodan.pubkey
+        lass-helios.pubkey
         makefu.pubkey
       ];
     };
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index caca98746..be54d120a 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
 {
   krebs.build.source.nixpkgs.git = {
     url = https://github.com/nixos/nixpkgs;
-    ref = "ee52e9809185bdf44452f2913e3f6ef839c15c4e";
+    ref = "ece0cea127f0a8799a6bd3b12c368193491f9058";
   };
 }
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index aac2b96d4..bfaae24c8 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -175,8 +175,8 @@ let
     "Syntastic config
     let g:syntastic_python_checkers=['flake8']
 
-    nmap <esc>q :buffer
-    nmap <M-q> :buffer
+    nmap <esc>q :buffer 
+    nmap <M-q> :buffer 
 
     cnoremap <C-A> <Home>
 
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index 3356fe9a8..0b2a6faac 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -88,6 +88,7 @@ rec {
           # set max upload size
           client_max_body_size 10G;
           fastcgi_buffers 64 4K;
+          fastcgi_read_timeout 120;
 
           # Disable gzip to avoid the removal of the ETag header
           gzip off;
@@ -164,10 +165,11 @@ rec {
         user = nginx
         group = nginx
         pm = dynamic
-        pm.max_children = 5
+        pm.max_children = 32
+        pm.max_requests = 500
         pm.start_servers = 2
-        pm.min_spare_servers = 1
-        pm.max_spare_servers = 3
+        pm.min_spare_servers = 2
+        pm.max_spare_servers = 5
         listen.owner = nginx
         listen.group = nginx
         php_admin_value[error_log] = 'stderr'