From 644649e7250f7ef5c553cd6ad404d544097ed698 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 18 Feb 2016 08:36:18 +0100 Subject: ma 2 mycube: cleanup --- makefu/2configs/deployment/mycube.connector.one.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix index 6a32656b4..38fc4a243 100644 --- a/makefu/2configs/deployment/mycube.connector.one.nix +++ b/makefu/2configs/deployment/mycube.connector.one.nix @@ -16,7 +16,7 @@ in { vassals = { mycube-flask = { type = "normal"; - python2Packages = self: with self; [ pkgs.mycube-flask self.flask self.redis self.werkzeug self.jinja2 self.markupsafe itsdangerous ]; + python2Packages = self: with self; [ pkgs.mycube-flask flask redis werkzeug jinja2 markupsafe itsdangerous ]; socket = wsgi-sock; }; }; -- cgit v1.2.3 From 54dc51d341f5a3b253341a20a4e35b1ed03a3244 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 18 Feb 2016 08:37:40 +0100 Subject: ma 2 laptop: add user to "dialout" --- makefu/2configs/main-laptop.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index c3e43723c..452cdfb23 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -12,6 +12,9 @@ with config.krebs.lib; ./fetchWallpaper.nix ./zsh-user.nix ]; + + users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; + environment.systemPackages = with pkgs;[ vlc firefox -- cgit v1.2.3 From 74cfe87654638106f2d2a1a698814b41c2e904f2 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 18 Feb 2016 22:14:16 +0100 Subject: ma 2 default: apply cve-2015-7547 hotfix --- makefu/2configs/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 83018e9f8..3043a1af3 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -4,6 +4,13 @@ with config.krebs.lib; { system.stateVersion = "15.09"; + system.replaceRuntimeDependencies = with pkgs.lib; + [{original = pkgs.glibc; replacement = pkgs.stdenv.lib.overrideDerivation pkgs.glibc (oldAttr: { patches = oldAttr.patches ++ + [(pkgs.fetchurl { url = "https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/development/libraries/glibc/cve-2015-7547.patch"; + sha256 = "0awpc4rp2x27rjpj83ps0rclmn73hsgfv2xxk18k82w4hdxqpp5r";})]; + });} + ]; + imports = [ { users.extraUsers = -- cgit v1.2.3