Merge remote-tracking branch 'prism/master'

author: tv <tv@krebsco.de> 2016-07-22 13:22:13 +0200
committer: tv <tv@krebsco.de> 2016-07-22 13:22:13 +0200
commit: 45c62ec4d3ec61ba593657676f5a09d47622564e (patch)
tree: 7937fbefaddc5e0168e44ab1d6e355c42192d7e8 /makefu/2configs/default.nix
parent: 8b58e6e6e25e38586f3cc8879aa0444d4fdf6f0d (diff)
parent: 0bd78c3b0de0fa79322e9031f45dcc62abd094d1 (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 4562a123f..c94f1be7d 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -17,7 +17,6 @@ with config.krebs.lib;
   krebs = {
     enable = true;
 
-    dns.providers.siem = "hosts";
     dns.providers.lan  = "hosts";
     search-domain = "retiolum";
     build = {
@@ -25,7 +24,7 @@ with config.krebs.lib;
       source = let inherit (config.krebs.build) host user; in {
         nixpkgs.git = {
           url = https://github.com/nixos/nixpkgs;
-          ref = "0546a4a"; # stable @ 2016-06-11
+          ref = "125ffff"; # stable @ 2016-07-20
         };
         secrets.file =
           if getEnv "dummy_secrets" == "true"
@@ -67,7 +66,7 @@ with config.krebs.lib;
     startAgent = false;
   };
   services.openssh.enable = true;
-  nix.useChroot = true;
+  nix.useSandbox = true;
 
   users.mutableUsers = false;
 
@@ -171,4 +170,10 @@ with config.krebs.lib;
     consoleKeyMap = "us";
     defaultLocale = "en_US.UTF-8";
   };
+  # suppress chrome autit event messages
+  security.audit = {
+      rules = [
+        "-a task,never"
+      ];
+    };
 }
author	tv <tv@krebsco.de>	2016-07-22 13:22:13 +0200
committer	tv <tv@krebsco.de>	2016-07-22 13:22:13 +0200
commit	45c62ec4d3ec61ba593657676f5a09d47622564e (patch)
tree	7937fbefaddc5e0168e44ab1d6e355c42192d7e8 /makefu/2configs/default.nix
parent	8b58e6e6e25e38586f3cc8879aa0444d4fdf6f0d (diff)
parent	0bd78c3b0de0fa79322e9031f45dcc62abd094d1 (diff)