summaryrefslogtreecommitdiffstats
path: root/tv/2configs/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'tv/2configs/default.nix')
-rw-r--r--tv/2configs/default.nix8
1 files changed, 5 insertions, 3 deletions
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index db1bfe5a2..442d7370a 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -14,7 +14,7 @@ with config.krebs.lib;
stockholm.file = "/home/tv/stockholm";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "2568ee3d73bdebd6bab6739adf8a900f3429c8e6";
+ ref = "354fd3728952c229fee4f2924737c601d7ab4725";
};
} // optionalAttrs host.secure {
secrets-master.file = "/home/tv/secrets/master";
@@ -37,6 +37,7 @@ with config.krebs.lib;
# stockholm dependencies
environment.systemPackages = with pkgs; [
git
+ populate
];
}
{
@@ -53,6 +54,7 @@ with config.krebs.lib;
};
}
{
+ security.hideProcessInformation = true;
security.sudo.extraConfig = ''
Defaults env_keep+="SSH_CLIENT"
Defaults mailto="${config.krebs.users.tv.mail}"
@@ -63,13 +65,13 @@ with config.krebs.lib;
{
# TODO check if both are required:
- nix.chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
+ nix.sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ];
nix.requireSignedBinaryCaches = true;
nix.binaryCaches = ["https://cache.nixos.org"];
- nix.useChroot = true;
+ nix.useSandbox = true;
}
{
nixpkgs.config.allowUnfree = false;