-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use an overlay to pick up a critical bug-fix from the lastest version. Without this, lpass is unusable due to a certificate change that took place. lastpass/lastpass-cli#409 lastpass/lastpass-cli#410
- Loading branch information
1 parent
c8a728d
commit 6428e09
Showing
5 changed files
with
66 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,3 @@ | ||
| /machines/self.nix | ||
|
|
||
| *.private.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,8 @@ | ||
| { | ||
| services = { | ||
| xserver = import ./xserver.nix; | ||
| emacs.enable = true; | ||
| gnome3.gpaste.enable = true; | ||
| openvpn = import ./openvpn; | ||
| xserver = import ./xserver.nix; | ||
| }; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| { | ||
| servers = { | ||
| sumall = import ./sumall.nix; | ||
| }; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| { | ||
| autoStart = false; | ||
|
|
||
| # This setting adds the following to the client config: | ||
| # | ||
| # script-security 2 | ||
| # up ''${pkgs.update-resolv-conf}/libexec/openvpn/update-resolv-conf | ||
| # down ''${pkgs.update-resolv-conf}/libexec/openvpn/update-resolv-conf | ||
| # | ||
| updateResolvConf = true; | ||
|
|
||
| config = '' | ||
| # We are a client, using a routed IP tunnel. | ||
| client | ||
| dev tun | ||
| # Server is enforcing IPv4 only. We should do the same? | ||
| proto udp4 | ||
| # No need to bind to a specific local port number. | ||
| nobind | ||
| # Downgrade privileges after initialization. | ||
| user nobody | ||
| group nogroup | ||
| # Try to preserve some state across restarts. | ||
| persist-key | ||
| persist-tun | ||
| # Verify server certificate to protect against mitm. | ||
| remote-cert-tls server | ||
| # Specify same cipher option as the server uses. | ||
| cipher AES-256-CBC | ||
| # Server has compression enabled, so we can too. | ||
| comp-lzo yes | ||
| # Don't cache passwords in memory | ||
| auth-nocache | ||
| ${builtins.readFile ./sumall.private.conf} | ||
| ''; | ||
| } |