Conversation
jaysa68
force-pushed
the
login-server-fixes
branch
2 times, most recently
from
a9a2226 to
536a7f4
Compare
|
i think its fine. mostly just cleanup stuff. i can do this later today if needed |
|
side note id prefer if this 500 line change was not squashed into one commit that does a bunch of different changes. it should be commits for each specific part under a login server fixes merge commit... |
jaysa68
force-pushed
the
login-server-fixes
branch
from
0cd644a to
6557858
Compare
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
| mcaselector | ||
|
|
||
| # windows compat | ||
| wine |
There was a problem hiding this comment.
wait how was this relevant to fixing login server. you mentioned it but i forgot
| lastOctet = 129; | ||
| }; | ||
|
|
||
| deployment.allowLocalDeployment = true; |
There was a problem hiding this comment.
are we not building koi on spike?
| }; | ||
| }; | ||
|
|
||
| "ttyd-force-ssl" = { |
There was a problem hiding this comment.
forcing ssl for ttyd is good👍
| enable = lib.mkEnableOption "user-facing packages for login servers"; | ||
| }; | ||
|
|
||
| config = lib.mkIf config.ocf.userPackages.enable { |
There was a problem hiding this comment.
as i mentioned in lab, it might be good to have a module for cli related tools that would be useful on servers that are meant to be "interactive shell hosts". rn ive been sticking it in ocf.graphical.apps.* but its better to probably consolidate it so that the same utilities are loaded from desktops and login servers. i can work on this later but this is good for now :)
There was a problem hiding this comment.
(which is exactly what the userPackages module you created does, i mainly mean cleaning up the stuff that has been littered around everywhere else and consolidating it to this new module; and possibly creating an interactive shell server profile maybe)
| pigz | ||
| ranger | ||
| ncdu | ||
| molly-guard |
There was a problem hiding this comment.
i dont think molly-guard would really be effective given that it doesnt affect systemctl * iirc. other than that, these are some good packages that i use too that should be added (sometimes i forget about them until i need it and realize they arent installed, so i have to run them through comma).
| import nixpkgs { | ||
| inherit overlays system; | ||
| config = { | ||
| permittedInsecurepackages = [ "unifi-controller-9.5.21" ]; |
There was a problem hiding this comment.
i thought unifi controller was just going to be removed since @sophiebsw said it was not needed iirc?. it has a pretty nasty cve...
| ocf.userPackages.enable = true; | ||
|
|
||
| services.openssh.settings.AllowGroups = [ "ocfstaff" ]; | ||
| services.openssh.settings.AllowUsers = [ "ocf-nix-deploy-user" ]; |
There was a problem hiding this comment.
set services.openssh.settings.AllowUsers = [ "ocf-nix-deploy-user" ]; globally in the managed-deployment module?
|
sent my review from three days ago just now oops |
2 participants
see #241