3 files changed, 31 insertions, 22 deletions
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
index fb1a57552..66ea2ce90 100644
--- a/makefu/1systems/filepimp.nix
+++ b/makefu/1systems/filepimp.nix
@@ -7,8 +7,6 @@
 {
   imports =
     [ # Include the results of the hardware scan.
-      ../2configs/default.nix
-      ../2configs/fs/vm-single-partition.nix
       ../2configs/fs/single-partition-ext4.nix
       ../2configs/tinc-basic-retiolum.nix
     ];
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 8dd347b4f..63ad18339 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -9,14 +9,15 @@ in {
       # TODO: copy this config or move to krebs
       ../2configs/tinc-basic-retiolum.nix
       ../2configs/headless.nix
+      ../2configs/fs/simple-swap.nix
       ../2configs/fs/single-partition-ext4.nix
       # ../2configs/iodined.nix
+      ../2configs/git/cgit-retiolum.nix
 
   ];
 
   krebs.build.target = "root@gum.krebsco.de";
   krebs.build.host = config.krebs.hosts.gum;
-
   # Chat
   environment.systemPackages = with pkgs;[
     weechat
@@ -33,21 +34,24 @@ in {
   services.udev.extraRules = ''
     SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
   '';
+  boot.kernelParams = [ "ipv6.disable=1" ];
   networking = {
-  firewall = {
-      allowPing = true;
-      allowedTCPPorts = [
-        # smtp
-        25
-        # http
-        80 443
-        # tinc
-        655
-      ];
-      allowedUDPPorts = [
-        # tinc
-        655 53
-      ];
+    enableIPv6 = false;
+    firewall = {
+        allowPing = true;
+        logRefusedConnections = false;
+        allowedTCPPorts = [
+          # smtp
+          25
+          # http
+          80 443
+          # tinc
+          655
+        ];
+        allowedUDPPorts = [
+          # tinc
+          655 53
+        ];
     };
     interfaces.et0.ip4 = [{
       address = external-ip;
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index ba94972fb..cd2b3f657 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -24,11 +24,11 @@ in {
       # other nginx
       ../2configs/nginx/euer.wiki.nix
       ../2configs/nginx/euer.blog.nix
+      ../2configs/nginx/euer.test.nix
 
       # collectd
       ../2configs/collectd/collectd-base.nix
   ];
-
   krebs.build.host = config.krebs.hosts.wry;
 
   krebs.Reaktor.enable = true;
@@ -59,9 +59,12 @@ in {
   };
 
   networking = {
-    firewall.allowPing = true;
-    firewall.allowedTCPPorts = [ 53 80 443 ];
-    firewall.allowedUDPPorts = [ 655 ];
+  firewall = {
+      allowPing = true;
+      logRefusedConnections = false;
+      allowedTCPPorts = [ 53 80 443 ];
+      allowedUDPPorts = [ 655 ];
+    };
     interfaces.enp2s1.ip4 = [{
       address = external-ip;
       prefixLength = 24;
@@ -70,5 +73,9 @@ in {
     nameservers = [ "8.8.8.8" ];
   };
 
-  environment.systemPackages = [ pkgs.translate-shell ];
+  # small machine - do not forget to gc every day
+  nix.gc.automatic = true;
+  nix.gc.dates = "03:10";
+
+  environment.systemPackages = [ ];
 }