Add https github to allowed uris

Make hydra shut up
Add bscpm and gitlab-internal to allowed-uris
2025-10-02 15:57:15 +02:00 · 2025-10-02 15:57:15 +02:00 · 2025-10-02 15:57:15 +02:00 · 2025-10-02 15:57:14 +02:00 · 2025-10-02 15:57:14 +02:00 · 2025-10-02 15:57:14 +02:00
5 changed files with 13 additions and 31 deletions
--- a/m/common/base.nix
+++ b/m/common/base.nix
@ -11,7 +11,7 @@
    ./base/hw.nix
    ./base/net.nix
    ./base/nix.nix
-    ./base/sys-devices.nix
+    ./base/nosv.nix
    ./base/ntp.nix
    ./base/rev.nix
    ./base/ssh.nix
--- a/m/common/base/nosv.nix
+++ b/m/common/base/nosv.nix
@ -0,0 +1,9 @@
+{ ... }:
+{
+  nix.settings.system-features = [ "nosv" ];
+  programs.nix-required-mounts.enable = true;
+  programs.nix-required-mounts.allowedPatterns.nosv.paths = [
+    "/sys/devices/system/cpu"
+    "/sys/devices/system/node"
+  ];
+}
--- a/m/common/base/sys-devices.nix
+++ b/m/common/base/sys-devices.nix
@ -1,9 +0,0 @@
-{
-  nix.settings.system-features = [ "sys-devices" ];
-
-  programs.nix-required-mounts.enable = true;
-  programs.nix-required-mounts.allowedPatterns.sys-devices.paths = [
-    "/sys/devices/system/cpu"
-    "/sys/devices/system/node"
-  ];
-}
--- a/m/fox/wireguard.nix
+++ b/m/fox/wireguard.nix
@ -23,11 +23,11 @@

      peers = [
        # List of allowed peers.
-        {
+        { 
          name = "apex";
          publicKey = "VwhcN8vSOzdJEotQTpmPHBC52x3Hbv1lkFIyKubrnUA=";
          # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
-          allowedIPs = [ "10.106.0.30/32" "10.0.40.7/32" ];
+          allowedIPs = [ "10.106.0.30/32" ];
        }
        {
          name = "raccoon";
@ -40,7 +40,6 @@

  networking.hosts = {
    "10.106.0.30" = [ "apex" ];
-    "10.0.40.7" = [ "hut" ];
    "10.106.0.236" = [ "raccoon" ];
    "10.0.44.4" = [ "tent" ];
  };
--- a/m/weasel/configuration.nix
+++ b/m/weasel/configuration.nix
@ -1,4 +1,4 @@
-{ lib, pkgs, ... }:
+{ lib, ... }:

 {
  imports = [
@ -33,21 +33,4 @@
    } ];
  };

-  services.nix-serve = {
-    enable = true;
-    # Only listen locally, as we serve it via ssh
-    bindAddress = "127.0.0.1";
-    port = 5000;
-    package = pkgs.nix-serve-ng.overrideAttrs (oldAttrs: {
-      src = pkgs.fetchgit {
-        url = "https://jungle.bsc.es/git/abonerib/nix-serve-ng.git";
-        hash = "";
-      };
-    });
-
-    # secretKeyFile = config.age.secrets.nixServe.path;
-    # Public key:
-    # jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=
-  };
-
 }
Author	SHA1	Message	Date
Aleix Boné	7d1e824064	Add https github to allowed uris	2025-10-02 15:57:15 +02:00
Aleix Boné	ffa089fa63	Make hydra shut up	2025-10-02 15:57:15 +02:00
Aleix Boné	b8345ae974	Add bscpm and gitlab-internal to allowed-uris	2025-10-02 15:57:15 +02:00
Aleix Boné	637f026d29	weasel: enable hydra tcp port in firewall	2025-10-02 15:57:14 +02:00
Aleix Boné	fdfd6090a3	hydra: set listen host	2025-10-02 15:57:14 +02:00
Aleix Boné	bde0da03a4	Enable hydra on weasel	2025-10-02 15:57:14 +02:00
Aleix Boné	7a850ecfbc	weasel: use tent cache	2025-10-02 15:57:14 +02:00
Aleix Boné	60b9ba4c82	Add nixfmt-rfc-style to common packages	2025-10-02 15:57:14 +02:00
Aleix Boné	1f3c3d0ff4	Add packages to user abonerib	2025-10-02 15:57:14 +02:00
Aleix Boné	7980d00495	Add nix-output-monitor to default packages	2025-10-02 15:57:13 +02:00
Aleix Boné	4539579576	Set fish shell for user abonerib	2025-10-02 15:57:13 +02:00
Aleix Boné	cb76e7da6d	weasel: create user folders in /var/lib/podman-users /home is a nfs mount, which does not support extra filesystem arguments needed to run podman. We need to have a local home.	2025-10-02 15:57:13 +02:00
Aleix Boné	41f8aea67e	weasel: add podman	2025-10-02 15:57:13 +02:00
Aleix Boné	91fa59e397	Enable nosv system feature	2025-10-02 15:57:13 +02:00