diff --git a/base.nix b/base.nix index f577ca6..64ec6b8 100644 --- a/base.nix +++ b/base.nix @@ -48,7 +48,7 @@ ripgrep rsync tree - unstable.eza + eza wget ]; diff --git a/flake.lock b/flake.lock index dafe8f3..543d841 100644 --- a/flake.lock +++ b/flake.lock @@ -7,16 +7,16 @@ ] }, "locked": { - "lastModified": 1695108154, - "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", + "lastModified": 1702676849, + "narHash": "sha256-XqcREaTS38/QOsN8fk8PP325/UXHyF9enbP5ZPw5aiA=", "owner": "nix-community", "repo": "home-manager", - "rev": "07682fff75d41f18327a871088d20af2710d4744", + "rev": "aa99c2f4e9847cbb7e46fac0844ea1eb164b3b3a", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.05", + "ref": "release-23.11", "repo": "home-manager", "type": "github" } @@ -26,11 +26,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1697936579, - "narHash": "sha256-nMyepKnwoHMzu2OpXvG2ZhU081TV9ENmWCo0vWxs6AI=", + "lastModified": 1701507532, + "narHash": "sha256-Zzv8OFB7iilzDGe6z2t/j8qRtR23TN3N8LssGsvRWEA=", "owner": "dali99", "repo": "nixos-matrix-modules", - "rev": "e09814657187c8ed1a5fe1646df6d8da1eb2dee9", + "rev": "046194cdadc50d81255a9c57789381ed1153e2b1", "type": "github" }, "original": { @@ -46,11 +46,11 @@ ] }, "locked": { - "lastModified": 1698429334, - "narHash": "sha256-Gq3+QabboczSu7RMpcy79RSLMSqnySO3wsnHQk4DfbE=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "afe83cbc2e673b1f08d32dd0f70df599678ff1e7", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -62,16 +62,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1698696950, - "narHash": "sha256-FHFL58t6lMumvWqwundC8fDDDLOIvc+JJBNIAlPjrDY=", + "lastModified": 1702346276, + "narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "017ef2132a5bda50bd713aeabce8f918502d4ec1", + "rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } @@ -93,11 +93,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1698544399, - "narHash": "sha256-vhRmPyEyoPkrXF2iykBsWHA05MIaOSmMRLMF7Hul6+s=", + "lastModified": 1702148972, + "narHash": "sha256-h2jODFP6n+ABrUWcGRSVPRFfLOkM9TJ2pO+h+9JcaL0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d87c5d8c41c9b3b39592563242f3a448b5cc4bc9", + "rev": "b8f33c044e51de6dde3ad80a9676945e0e4e3227", "type": "github" }, "original": { @@ -125,11 +125,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1698548647, - "narHash": "sha256-7c03OjBGqnwDW0FBaBc+NjfEBxMkza+dxZGJPyIzfFE=", + "lastModified": 1702177193, + "narHash": "sha256-J2409SyXROoUHYXVy9h4Pj0VU8ReLuy/mzBc9iK4DBg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "632c3161a6cc24142c8e3f5529f5d81042571165", + "rev": "d806e546f96c88cd9f7d91c1c19ebc99ba6277d9", "type": "github" }, "original": { @@ -140,11 +140,11 @@ }, "unstable": { "locked": { - "lastModified": 1698611440, - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", + "lastModified": 1702312524, + "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", + "rev": "a9bf124c46ef298113270b1f84a164865987a91c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ffbe97b..1d65d3b 100644 --- a/flake.nix +++ b/flake.nix @@ -2,13 +2,13 @@ description = "Felixalb System flake"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nix-darwin.url = "github:lnl7/nix-darwin/master"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; - home-manager.url = "github:nix-community/home-manager/release-23.05"; + home-manager.url = "github:nix-community/home-manager/release-23.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; matrix-synapse-next.url = "github:dali99/nixos-matrix-modules"; diff --git a/hosts/janeway/services/postgresql.nix b/hosts/janeway/services/postgresql.nix index 7547b6d..83b4285 100644 --- a/hosts/janeway/services/postgresql.nix +++ b/hosts/janeway/services/postgresql.nix @@ -7,7 +7,7 @@ services.postgresqlBackup = { enable = true; - location = "/backup/postgresql/"; + location = "/data/backup/postgresql/"; startAt = "*-*-* 03:15:00"; backupAll = true; }; diff --git a/hosts/sarek/configuration.nix b/hosts/sarek/configuration.nix index 01685fa..22eebbe 100644 --- a/hosts/sarek/configuration.nix +++ b/hosts/sarek/configuration.nix @@ -7,10 +7,10 @@ ../../base.nix ../../common/metrics-exporters.nix + ./services/flame.nix + ./services/hedgedoc.nix ./services/nginx.nix ./services/postgresql.nix - ./services/hedgedoc.nix - ./services/flame.nix ]; # Boot and console is handled by proxmoxLXC. @@ -30,14 +30,24 @@ }; sops.defaultSopsFile = ../../secrets/sarek/sarek.yaml; + virtualisation.docker.enable = true; + virtualisation.oci-containers.backend = "docker"; - virtualisation.podman = { - enable = true; - dockerCompat = true; # Make `docker` shell alias - defaultNetwork.settings.dns_enabled = true; - }; - - virtualisation.oci-containers.backend = "podman"; + # Undo https://github.com/NixOS/nixpkgs/commit/59e37267556eb917146ca3110ab7c96905b9ffbd to work on unprivileged LXC containers + system.activationScripts.var = lib.mkForce '' + # Various log/runtime directories. + mkdir -p /var/tmp + chmod 1777 /var/tmp + # Empty, immutable home directory of many system accounts. + mkdir -p /var/empty + # Make sure it's really empty + ${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true + find /var/empty -mindepth 1 -delete + chmod 0555 /var/empty + chown root:root /var/empty + ${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true + ''; + systemd.tmpfiles.rules = lib.mkForce []; system.stateVersion = "23.05"; } diff --git a/hosts/sarek/services/hedgedoc.nix b/hosts/sarek/services/hedgedoc.nix index 37b9506..a63a238 100644 --- a/hosts/sarek/services/hedgedoc.nix +++ b/hosts/sarek/services/hedgedoc.nix @@ -78,7 +78,7 @@ in { UMask = "0007"; RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ]; SystemCallArchitectures = "native"; - SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; + # SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; }; }; @@ -88,9 +88,7 @@ in { ensureDatabases = [ "hedgedoc" ]; ensureUsers = [{ name = "hedgedoc"; - ensurePermissions = { - "DATABASE \"hedgedoc\"" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; }]; }; } diff --git a/hosts/voyager/configuration.nix b/hosts/voyager/configuration.nix index 7c9afd2..13b3bf2 100644 --- a/hosts/voyager/configuration.nix +++ b/hosts/voyager/configuration.nix @@ -11,13 +11,10 @@ ./exports.nix ./services/snappymail.nix - #./vms.nix - ./services/calibre.nix ./services/fancontrol.nix ./services/gitea.nix ./services/jellyfin.nix - ./services/jupyter.nix ./services/kanidm.nix ./services/metrics ./services/nginx @@ -26,9 +23,6 @@ ./services/timemachine.nix ./services/transmission.nix ./services/vaultwarden.nix - # ./services/searx.nix - # ./services/code-server.nix - ]; networking = { @@ -84,7 +78,7 @@ ) zfs screen - exa + eza ]; services.snappymail = { diff --git a/hosts/voyager/services/gitea.nix b/hosts/voyager/services/gitea.nix index d71238b..5a5d315 100644 --- a/hosts/voyager/services/gitea.nix +++ b/hosts/voyager/services/gitea.nix @@ -3,11 +3,10 @@ let cfg = config.services.gitea; domain = "git.feal.no"; httpPort = 3004; - /* sshPort = 2222; */ + #sshPort = 2222; in { services.gitea = { enable = true; - package = pkgs.unstable.gitea; appName = "felixalbs Gitea"; database = { type = "postgres"; diff --git a/hosts/voyager/services/jupyter.nix b/hosts/voyager/services/jupyter.nix deleted file mode 100644 index b27ca94..0000000 --- a/hosts/voyager/services/jupyter.nix +++ /dev/null @@ -1,128 +0,0 @@ -{ config, pkgs, lib, ... }: let - cfg = config.services.jupyter; -in { - sops.secrets."jupyter/password" = { - restartUnits = [ "jupyter.service" ]; - owner = cfg.user; - group = cfg.group; - }; - - users.users."jupyter".group = "jupyter"; - users.groups."jupyter".members = [ "nginx" ]; - - services.jupyter = { - enable = true; - group = "jupyter"; - password = let - readFile = f: "open('${f}', 'r', encoding='utf8').read().strip()"; - in - readFile config.sops.secrets."jupyter/password".path; - - /* kernels = { */ - /* pythonDS = let */ - /* env = (pkgs.python310.withPackages (pythonPackages: with pythonPackages; [ */ - /* numpy */ - /* matplotlib */ - /* ipykernel */ - /* ])); */ - /* in { */ - /* displayName = "Python for data science"; */ - /* argv = [ */ - /* "${env.interpreter}" */ - /* "-m" */ - /* "ipykernel_launcher" */ - /* "-f" */ - /* "{connection_file}" */ - /* ]; */ - /* language = "python"; */ - /* logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png"; */ - /* logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png"; */ - /* }; */ - /* }; */ - kernels = { - python3 = let - env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ - ipykernel - pandas - numpy - scipy - scikit-learn - ])); - in { - displayName = "Python 3 for statistics"; - argv = [ - "${env.interpreter}" - "-m" - "ipykernel_launcher" - "-f" - "{connection_file}" - ]; - language = "python"; - logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png"; - logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png"; - }; - }; - }; - - systemd.services.jupyter = let - notebookConfig = pkgs.writeText "jupyter_config.py" '' - c.NotebookApp.notebook_dir = 'notebooks' - c.NotebookApp.open_browser = False - c.NotebookApp.password = ${cfg.password} - c.NotebookApp.password_required = True - - c.NotebookApp.sock = '/run/jupyter/jupyter.sock' - c.NotebookApp.sock_mode = '0660' - c.NotebookApp.local_hostnames = ['jupyter.feal.no'] - - c.ConnectionFileMixin.transport = 'ipc' - - ${cfg.notebookConfig} - ''; - in { - environment = { - JUPYTER_DATA_DIR = "$STATE_DIRECTORY/data"; - JUPYTER_RUNTIME_DIR = "$RUNTIME_DIRECTORY"; - }; - serviceConfig = { - RuntimeDirectory = "jupyter"; - StateDirectory = "jupyter"; - - # Hardening - CapabilityBoundingSet = ""; - LockPersonality = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateMounts = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectProc = "invisible"; - ProtectSystem = "strict"; - RemoveIPC = true; - RestrictSUIDSGID = true; - UMask = "0007"; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; - SystemCallArchitectures = "native"; - - ExecStartPre = '' - ${pkgs.coreutils}/bin/mkdir -p /var/lib/jupyter/{notebooks,data} - ''; - ExecStart = lib.mkForce '' - ${cfg.package}/bin/${cfg.command} --NotebookApp.config_file=${notebookConfig} - ''; - }; - }; - - services.nginx.virtualHosts."jupyter.feal.no" = { - locations."/" = { - proxyPass = "http://unix:/run/jupyter/jupyter.sock:/"; - proxyWebsockets = true; - }; - }; -} diff --git a/hosts/voyager/services/nginx/default.nix b/hosts/voyager/services/nginx/default.nix index 23a9300..486a2a0 100644 --- a/hosts/voyager/services/nginx/default.nix +++ b/hosts/voyager/services/nginx/default.nix @@ -4,6 +4,8 @@ enable = true; enableReload = true; + clientMaxBodySize = "100m"; + recommendedProxySettings = true; recommendedTlsSettings = true; recommendedGzipSettings = true; diff --git a/hosts/voyager/services/searx.nix b/hosts/voyager/services/searx.nix deleted file mode 100644 index b70d2f9..0000000 --- a/hosts/voyager/services/searx.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ config, lib, pkgs, ... }: -let - domain = "search.feal.no"; - cfg = config.services.searx.settings; -in { - - sops.secrets."searx/env" = { - restartUnits = [ "searx.service" ]; - }; - - services.searx = { - enable = true; - - settings = { - general = { - debug = false; - instance_name = "Taschmex Searx"; - wiki_url = false; - docs_url = false; - twitter_url = false; - }; - server = { - port = 8090; - bind_address = "127.0.1.2"; - secret_key = "@SEARX_SECRETKEY@"; - base_url = domain; - image_proxy = true; - }; - outgoing = { - request_timeout = 2.0; - useragent_suffix = "searx@albrigtsen.it"; - pool_connections = 100; - pool_maxsize = 10; - }; - }; - - environmentFile = config.sops.secrets."searx/env".path; - }; - - services.nginx.virtualHosts.${domain} = { - locations."/".proxyPass = "http://${cfg.server.bind_address}:${toString cfg.server.port}"; - /* addSSL = true; */ - /* enableACME = true; */ - /* listen = [ */ - /* { */ - /* addr = "0.0.0.0"; */ - /* port = 43443; */ - /* ssl = true; */ - /* } */ - /* { */ - /* addr = "0.0.0.0"; */ - /* port = 43080; */ - /* } */ - /* ]; */ - }; - - networking.firewall.allowedTCPPorts = [ 43443 43080 ]; -} diff --git a/hosts/voyager/services/vaultwarden.nix b/hosts/voyager/services/vaultwarden.nix index 91024c3..9e55475 100644 --- a/hosts/voyager/services/vaultwarden.nix +++ b/hosts/voyager/services/vaultwarden.nix @@ -61,9 +61,7 @@ in { ensureDatabases = [ "vaultwarden" ]; ensureUsers = [{ name = "vaultwarden"; - ensurePermissions = { - "DATABASE \"vaultwarden\"" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; }]; }; } diff --git a/hosts/worf/home.nix b/hosts/worf/home.nix index da34b44..4fd2977 100644 --- a/hosts/worf/home.nix +++ b/hosts/worf/home.nix @@ -14,7 +14,7 @@ emacs iterm2 spotify - unstable.ripes + ripes bat bottom @@ -25,7 +25,7 @@ nix-index nodejs tldr - unstable.eza + eza zellij pandoc diff --git a/hosts/worf/yabai.nix b/hosts/worf/yabai.nix index 6f8698b..fe3964d 100644 --- a/hosts/worf/yabai.nix +++ b/hosts/worf/yabai.nix @@ -5,7 +5,7 @@ let in { services.yabai = { enable = true; - package = pkgs.unstable.yabai; + package = pkgs.yabai; enableScriptingAddition = true; config = { layout = "bsp"; @@ -119,7 +119,7 @@ in { services.sketchybar = { enable = true; - package = pkgs.unstable.sketchybar; + package = pkgs.sketchybar; # The config is handled outside of nix, and is placed in ~/.config/sketchybar }; diff --git a/secrets/voyager/voyager.yaml b/secrets/voyager/voyager.yaml index 02b37e4..0f675b5 100644 --- a/secrets/voyager/voyager.yaml +++ b/secrets/voyager/voyager.yaml @@ -8,10 +8,6 @@ #ENC[AES256_GCM,data:T+pI1ogtfjo57NrOvCuhbs//,iv:mqkwAHWxqvt9XkQX0EKXQyJrK5KOCVDpva1Ok37XvKc=,tag:qrp2QeNrJSDr3ECN6cBDiA==,type:comment] #ENC[AES256_GCM,data:46+Qt0FRlg2tN8A=,iv:4y5C0S75gp4qFFkJ4lOMcPbftOLyzB12wApqNOFYan4=,tag:T/4zLU7d90GkzDohJd2XTg==,type:comment] #ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment] -hedgedoc: - env: ENC[AES256_GCM,data:QaDReiDztJhu8n+Sa2SE9XjQS+YIMvQFqY5nSXKPUBrHk3tvEzmST8ZjjthruGWdKoEDQT0phR2KV660Hza8WQNajC85slVIQK2HFXKK8xYn5qeMQj5U1m85rmSjMNg6Rdb+rCQFWiM2KRfdkiWiAzcgOvGd2ziX3oE4tTTpBs2Jy70B+eXEVqZvYajQUyQZItCPb7BUhkhv8rVbI0Q=,iv:3ZcWie2pwfvUsXhQo1Zlpbq6r85OOWASKiwzfY30BHM=,tag:NyH6w9MQPUWvue/wo8LmAg==,type:str] -searx: - env: ENC[AES256_GCM,data:5tzCZulZV+Ls0/N/WMQ4q2A5w04gmlA12AetbcX4pzn1xKDIe/0RwmuJXcq5qIof/A==,iv:/sFUtakRVNX2n1v72FGPFRQy0UK3jKbMS1Qmnrnm/tA=,tag:sxarQL61SDovipJZAd4Ozg==,type:str] transmission: vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str] matrix: @@ -23,8 +19,6 @@ wireguard: private: ENC[AES256_GCM,data:XF89i1/TF5CpOvixwFDNOpke0YdWQDAMbvf/jOGR7iHKzz4OJu7K33lQbObT,iv:tVGdkkUU83Ba7VxHa7AJaIHFETp2Dy72dya3FDjnPZY=,tag:h9IJVeGnK7gABbu9hWZpww==,type:str] vaultwarden: admintoken: ENC[AES256_GCM,data:mJDiu0tgJQmvmJcJMULmctJvPN6/uM9VaoigHOMFkve9Vd3IMrpDmyJq+ibLpul+hw4PlLARjRzOxdZVcX7AB+uOOOrypppOIfvYC6U=,iv:YcyYLEHeIsCchcEy+fOMiQi8Cgf24AwQDpL7fhogNEU=,tag:1SqpNvuPhfjYIjvvRV34/Q==,type:str] -jupyter: - password: ENC[AES256_GCM,data:MYnrNSesZn97ArnrGS6nHMnSSmDpBCk4/H6zJx1O+M8tjm2SWf25Pk1HcRzdJ5nUyPvMmoaJ0zAdptZYMiGmh2p4emaEbSOerxhEKyrFnuaS3PZRBgEUBAMQ3r0FNwUFNQ+e711t2fHD,iv:gZkwZwFJCn/oSIanNaOhpTZNG9qVvtRlO8f8KvuDR08=,tag:cXvFwQRhd24mcidMOki2Qg==,type:str] sops: kms: [] gcp_kms: [] @@ -58,8 +52,8 @@ sops: NENEM2VLRDBzTWM0ckdPVThaeE0xL2MKTAvsDKgaoj0Fz9CoNbP6s1kROlDbbXtB 4rFRGN+WZJrBioz5nN4kR7mVFKa4w6z6Pu3D5WLyK7UQQkZJ64avdw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-18T12:45:40Z" - mac: ENC[AES256_GCM,data:UfB8zJR4ijFPrm9942XL1uSPCN9wGSM/eEFyT/zEgtUkS8+y8pnRcMrDHBxxgB261us4XLL7lN3gxviPtlHJ3HpoftjRanmRdmyHkeWc3XTPNWHzAsWI9psLWAYOZGympY8nOoFnhgY3WaatMhETs/xB1rIH4k2C8mU3XwsnKhw=,iv:F29buZyeDQgmdZ7BEnpUvXkKcRwIhNvpNq9TJL9pDtk=,tag:b5bh1ATX6bbcboBnpeWApQ==,type:str] + lastmodified: "2023-12-18T22:12:35Z" + mac: ENC[AES256_GCM,data:X20Xx8DdwI9K4SM85I/wWE7GjuQepeT0lWHc85Yqa5Byabs5+zcGmryPo2hOFlkhbhb6U8e6eDKAdi/w/LHPLOmsocc+1RgZfO/mCzSmLBzjphCv3nW470oQNTYIXXlCDQCpEPU7ALe4FHKbuj/cgak4kN9ubnYEOL3tQoJzxk4=,iv:1PKo2A1VUeQ6NONaLCIa70YrhC9PUPQVF1WkYg4hza8=,tag:JUuzTAjNuMiVJwPNljGowQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/shells/ctf.nix b/shells/ctf.nix index 5f2da9c..0b503e9 100644 --- a/shells/ctf.nix +++ b/shells/ctf.nix @@ -39,14 +39,14 @@ in { pkgs ? import {} }: dig nmap rustscan - unstable.thc-hydra + thc-hydra # davtest # cadaver httpie john - unstable.hashcat + hashcat ] ++ lib.optionals (pkgs.stdenv.isLinux) [ sage