diff options
| author | lassulus <lassulus@lassul.us> | 2018-12-14 19:24:26 +0100 |
|---|---|---|
| committer | lassulus <lassulus@lassul.us> | 2018-12-14 19:24:26 +0100 |
| commit | 9a9a6d0a90072890b8946266abff1d98647c52fc (patch) | |
| tree | 7b541f19ce2e5455d3ab9e2d546790c60439c07e | |
| parent | a56497f72ce37b08b49e9a1f86f3b8ddad8ad119 (diff) | |
| parent | ce60c288e588d8968535399921e6735cc05acef1 (diff) | |
Merge remote-tracking branch 'gum/master'
43 files changed, 459 insertions, 254 deletions
diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix index 46b386e1..51b4a1af 100644 --- a/krebs/2configs/binary-cache/prism.nix +++ b/krebs/2configs/binary-cache/prism.nix @@ -3,7 +3,7 @@ { nix = { binaryCaches = [ - "http://cache.prism.r" + "https://cache.krebsco.de" ]; binaryCachePublicKeys = [ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix index 056667d8..74f34561 100644 --- a/krebs/2configs/cache.nsupdate.info.nix +++ b/krebs/2configs/cache.nsupdate.info.nix @@ -1,4 +1,4 @@ -{lib, ... }: +{ pkgs, lib, ... }: with lib; let domain = "cache.nsupdate.info"; @@ -17,9 +17,13 @@ in { }; krebs.cachecache = { enable = true; - enableSSL = false; # disable letsencrypt for testing + enableSSL = true; # disable letsencrypt for testing cacheDir = "/var/cache/nix-cache-cache"; maxSize = "10g"; + indexFile = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/krebs/35c3-nixos-cache/master/index.html"; + sha256 = "1vlngzbn0jipigspccgikd7xgixksimdl4wf8ix7d30ljx47p9n0"; + }; # assumes that the domain is reachable from the internet virtualHost = domain; diff --git a/krebs/3modules/cachecache.nix b/krebs/3modules/cachecache.nix index 98932048..2c2d07ff 100644 --- a/krebs/3modules/cachecache.nix +++ b/krebs/3modules/cachecache.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ pkgs, config, lib, ... }: # fork of https://gist.github.com/rycee/f495fc6cc4130f155e8b670609a1e57b @@ -59,15 +59,6 @@ in ''; }; - # webRoot = mkOption { - # type = types.str; - # default = "/"; - # description = '' - # Directory on virtual host that serves the cache. Must end in - # <literal>/</literal>. - # ''; - # }; - resolver = mkOption { type = types.str; description = "Address of DNS resolver."; @@ -82,6 +73,13 @@ in Where nginx should store cached data. ''; }; + indexFile = mkOption { + type = types.path; + default = pkgs.writeText "myindex" "<html>hello world</html>"; + description = '' + Path to index.html file. + ''; + }; maxSize = mkOption { type = types.str; @@ -98,6 +96,7 @@ in systemd.services.nginx.preStart = '' mkdir -p ${cfg.cacheDir} /srv/www/nix-cache-cache chmod 700 ${cfg.cacheDir} /srv/www/nix-cache-cache + ln -fs ${cfg.indexFile} /srv/www/nix-cache-cache/index.html chown ${nginxCfg.user}:${nginxCfg.group} \ ${cfg.cacheDir} /srv/www/nix-cache-cache ''; @@ -143,6 +142,7 @@ in locations."/" = { root = "/srv/www/nix-cache-cache"; + index = "index.html"; extraConfig = '' expires max; add_header Cache-Control $nix_cache_cache_header always; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index d6c1f0b6..befec215 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -551,27 +551,28 @@ in { ci = true; extraZones = { "krebsco.de" = '' + boot.euer IN A ${nets.internet.ip4.addr} cache.euer IN A ${nets.internet.ip4.addr} cache.gum IN A ${nets.internet.ip4.addr} - graph IN A ${nets.internet.ip4.addr} + cgit.euer IN A ${nets.internet.ip4.addr} + dl.euer IN A ${nets.internet.ip4.addr} + dockerhub IN A ${nets.internet.ip4.addr} + euer IN A ${nets.internet.ip4.addr} + ghook IN A ${nets.internet.ip4.addr} + git.euer IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} + graph IN A ${nets.internet.ip4.addr} + gum IN A ${nets.internet.ip4.addr} iso.euer IN A ${nets.internet.ip4.addr} - wg.euer IN A ${nets.internet.ip4.addr} - photostore IN A ${nets.internet.ip4.addr} - o.euer IN A ${nets.internet.ip4.addr} mon.euer IN A ${nets.internet.ip4.addr} - boot.euer IN A ${nets.internet.ip4.addr} - wiki.euer IN A ${nets.internet.ip4.addr} + netdata.euer IN A ${nets.internet.ip4.addr} + o.euer IN A ${nets.internet.ip4.addr} + photostore IN A ${nets.internet.ip4.addr} pigstarter IN A ${nets.internet.ip4.addr} - cgit.euer IN A ${nets.internet.ip4.addr} - git.euer IN A ${nets.internet.ip4.addr} - euer IN A ${nets.internet.ip4.addr} share.euer IN A ${nets.internet.ip4.addr} - gum IN A ${nets.internet.ip4.addr} + wg.euer IN A ${nets.internet.ip4.addr} + wiki.euer IN A ${nets.internet.ip4.addr} wikisearch IN A ${nets.internet.ip4.addr} - dl.euer IN A ${nets.internet.ip4.addr} - ghook IN A ${nets.internet.ip4.addr} - dockerhub IN A ${nets.internet.ip4.addr} io IN NS gum.krebsco.de. ''; }; @@ -596,24 +597,25 @@ in { via = internet; ip4.addr = "10.243.0.213"; aliases = [ - "nextgum.r" - "graph.r" - "cache.gum.r" - "logs.makefu.r" - "stats.makefu.r" "backup.makefu.r" + "blog.gum.r" + "blog.makefu.r" + "cache.gum.r" + "cgit.gum.r" + "dcpp.gum.r" "dcpp.nextgum.r" + "graph.r" "gum.r" - "cgit.gum.r" + "logs.makefu.r" + "netdata.makefu.r" + "nextgum.r" "o.gum.r" - "tracker.makefu.r" "search.makefu.r" - "wiki.makefu.r" - "wiki.gum.r" - "blog.makefu.r" - "blog.gum.r" - "dcpp.gum.r" + "stats.makefu.r" "torrent.gum.r" + "tracker.makefu.r" + "wiki.gum.r" + "wiki.makefu.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/ssh/ulrich.pub b/krebs/3modules/makefu/ssh/ulrich.pub index 88313ee7..8ac69004 100644 --- a/krebs/3modules/makefu/ssh/ulrich.pub +++ b/krebs/3modules/makefu/ssh/ulrich.pub @@ -1 +1 @@ -AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de diff --git a/makefu/0tests/data/secrets/netdata-stream.conf b/makefu/0tests/data/secrets/netdata-stream.conf new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/makefu/0tests/data/secrets/netdata-stream.conf diff --git a/makefu/0tests/data/secrets/nsupdate-cache.nix b/makefu/0tests/data/secrets/nsupdate-cache.nix new file mode 100644 index 00000000..f5e70470 --- /dev/null +++ b/makefu/0tests/data/secrets/nsupdate-cache.nix @@ -0,0 +1 @@ +"derp" diff --git a/makefu/1systems/full/source.nix b/makefu/1systems/full/source.nix deleted file mode 100644 index 1e36c6e8..00000000 --- a/makefu/1systems/full/source.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - name="gum"; - torrent = true; - clever_kexec = true; -} diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 3d2cbac6..dcfa3d0e 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -4,13 +4,14 @@ with import <stockholm/lib>; let external-ip = config.krebs.build.host.nets.internet.ip4.addr; ext-if = config.makefu.server.primary-itf; + allDisks = [ "/dev/sda" "/dev/sdb" ]; in { imports = [ <stockholm/makefu> ./hardware-config.nix { users.users.lass = { - uid = 9002; + uid = 19002; isNormalUser = true; createHome = true; useDefaultShell = true; @@ -20,8 +21,12 @@ in { ]; }; } + # <stockholm/makefu/2configs/stats/client.nix> + <stockholm/makefu/2configs/stats/netdata-server.nix> + <stockholm/makefu/2configs/headless.nix> - # <stockholm/makefu/2configs/smart-monitor.nix> + <stockholm/makefu/2configs/smart-monitor.nix> + { services.smartd.devices = builtins.map (x: { device = x; }) allDisks; } # Security <stockholm/makefu/2configs/sshd-totp.nix> @@ -30,6 +35,8 @@ in { <stockholm/makefu/2configs/tools/core.nix> <stockholm/makefu/2configs/tools/dev.nix> <stockholm/makefu/2configs/tools/sec.nix> + <stockholm/makefu/2configs/tools/desktop.nix> + <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/mosh.nix> # <stockholm/makefu/2configs/gui/xpra.nix> @@ -41,17 +48,47 @@ in { <stockholm/makefu/2configs/iodined.nix> # <stockholm/makefu/2configs/backup.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> + { # bonus retiolum config for connecting more hosts + krebs.tinc.retiolum = { + extraConfig = '' + ListenAddress = ${external-ip} 53 + ListenAddress = ${external-ip} 655 + ListenAddress = ${external-ip} 21031 + ''; + connectTo = [ + "prism" "ni" "enklave" "eve" "archprism" + ]; + }; + networking.firewall = { + allowedTCPPorts = + [ + 53 + 655 + 21031 + ]; + allowedUDPPorts = + [ + 53 + 655 + 21031 + ]; + }; + } # ci # <stockholm/makefu/2configs/exim-retiolum.nix> <stockholm/makefu/2configs/git/cgit-retiolum.nix> + <stockholm/makefu/2configs/shack/events-publisher> <stockholm/makefu/2configs/shack/gitlab-runner> <stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/taskd.nix> # services - <stockholm/makefu/2configs/sabnzbd.nix> + # <stockholm/makefu/2configs/sabnzbd.nix> <stockholm/makefu/2configs/mail/mail.euer.nix> + { + krebs.exim.enable = mkForce false; + } # sharing <stockholm/makefu/2configs/share/gum.nix> @@ -59,13 +96,6 @@ in { #<stockholm/makefu/2configs/retroshare.nix> ## <stockholm/makefu/2configs/ipfs.nix> #<stockholm/makefu/2configs/syncthing.nix> - { # ncdc - environment.systemPackages = [ pkgs.ncdc ]; - networking.firewall = { - allowedUDPPorts = [ 51411 ]; - allowedTCPPorts = [ 51411 ]; - }; - } # <stockholm/makefu/2configs/opentracker.nix> ## network @@ -91,17 +121,17 @@ in { #<stockholm/makefu/2configs/nginx/public_html.nix> #<stockholm/makefu/2configs/nginx/update.connector.one.nix> <stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> - <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix> + # <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix> <stockholm/makefu/2configs/nginx/iso.euer.nix> - <stockholm/makefu/2configs/shack/events-publisher> + <stockholm/krebs/2configs/cache.nsupdate.info.nix> <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> <stockholm/makefu/2configs/deployment/graphs.nix> <stockholm/makefu/2configs/deployment/owncloud.nix> <stockholm/makefu/2configs/deployment/boot-euer.nix> - <stockholm/makefu/2configs/deployment/bgt/hidden_service.nix> + <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix> + <stockholm/makefu/2configs/bgt/hidden_service.nix> - <stockholm/makefu/2configs/stats/client.nix> # <stockholm/makefu/2configs/logging/client.nix> # sharing @@ -115,7 +145,8 @@ in { # krebs infrastructure services <stockholm/makefu/2configs/stats/server.nix> - ]; + ]; + makefu.dl-dir = "/var/download"; services.openssh.hostKeys = [ @@ -125,70 +156,14 @@ in { services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; krebs.build.host = config.krebs.hosts.gum; - krebs.tinc.retiolum = { - extraConfig = '' - ListenAddress = ${external-ip} 53 - ListenAddress = ${external-ip} 655 - ListenAddress = ${external-ip} 21031 - ''; - connectTo = [ - "prism" "ni" "enklave" "dishfire" "echelon" "hotdog" - ]; - }; - - - # access - users.users = { - root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; - makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; - }; - - # Chat - environment.systemPackages = with pkgs;[ - weechat - bepasty-client-cli - tmux - ]; - - # Hardware - # Network networking = { firewall = { allowPing = true; logRefusedConnections = false; - allowedTCPPorts = [ - # smtp - 25 - # http - 80 443 - # httptunnel - 8080 8443 - # tinc - 655 - # tinc-shack - 21032 - # tinc-retiolum - 21031 - # taskserver - 53589 - # temp vnc - 18001 - # temp reverseshell - 31337 - ]; - allowedUDPPorts = [ - # tinc - 655 53 - # tinc-retiolum - 21031 - # tinc-shack - 21032 - ]; }; nameservers = [ "8.8.8.8" ]; }; users.users.makefu.extraGroups = [ "download" "nginx" ]; - boot.tmpOnTmpfs = true; state = [ "/home/makefu/.weechat" ]; } diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix index bfe29b46..e9670a5a 100644 --- a/makefu/1systems/gum/hardware-config.nix +++ b/makefu/1systems/gum/hardware-config.nix @@ -46,7 +46,7 @@ in { "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" "xhci_pci" "ehci_pci" "ahci" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = [ "dm-thin-pool" "kvm-intel" ]; hardware.enableRedistributableFirmware = true; fileSystems."/" = { device = "/dev/mapper/nixos-root"; @@ -56,10 +56,19 @@ in { device = "/dev/mapper/nixos-lib"; fsType = "ext4"; }; + fileSystems."/var/log" = { + device = "/dev/mapper/nixos-log"; + fsType = "ext4"; + }; fileSystems."/var/download" = { device = "/dev/mapper/nixos-download"; fsType = "ext4"; }; + fileSystems."/var/www/binaergewitter" = { + device = "/dev/mapper/nixos-binaergewitter"; + fsType = "ext4"; + options = [ "nofail" ]; + }; fileSystems."/var/lib/borgbackup" = { device = "/dev/mapper/nixos-backup"; fsType = "ext4"; diff --git a/makefu/1systems/gum/rescue.txt b/makefu/1systems/gum/rescue.txt index 30276b7d..0a3ed96e 100644 --- a/makefu/1systems/gum/rescue.txt +++ b/makefu/1systems/gum/rescue.txt @@ -1,10 +1,14 @@ +ssh gum.i -o StrictHostKeyChecking=no + mount /dev/mapper/nixos-root /mnt mount /dev/sda2 /mnt/boot chroot-prepare /mnt chroot /mnt /bin/sh + journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub) +# ... activating ... export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin /nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix index 6940498f..1e36c6e8 100644 --- a/makefu/1systems/gum/source.nix +++ b/makefu/1systems/gum/source.nix @@ -1,5 +1,5 @@ { - name="nextgum"; + name="gum"; torrent = true; clever_kexec = true; } diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 260f9608..81b1e0ea 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -44,7 +44,8 @@ in { # <stockholm/makefu/2configs/share/omo-timemachine.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> - + # statistics + <stockholm/makefu/2configs/stats/client.nix> # Logging #influx + grafana <stockholm/makefu/2configs/stats/server.nix> @@ -74,7 +75,8 @@ in { "homeassistant-0.77.2" ]; } - <stockholm/makefu/2configs/deployment/homeautomation> + <stockholm/makefu/2configs/homeautomation> + <stockholm/makefu/2configs/homeautomation/google-muell.nix> { makefu.ps3netsrv = { enable = true; diff --git a/makefu/1systems/omo/hw/omo.nix b/makefu/1systems/omo/hw/omo.nix index 1b618a48..31db335b 100644 --- a/makefu/1systems/omo/hw/omo.nix +++ b/makefu/1systems/omo/hw/omo.nix @@ -48,9 +48,8 @@ in { makefu.snapraid = { enable = true; - # TODO: 3 is not protected - disks = map toMapper [ 0 1 ]; - parity = toMapper 2; + disks = map toMapper [ 0 2 3 ]; + parity = toMapper 1; }; fileSystems = let cryptMount = name: diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index f2311fb5..3930406b 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -20,9 +20,6 @@ in { <stockholm/makefu/2configs/mqtt.nix> <stockholm/makefu/2configs/gui/wbob-kiosk.nix> - <stockholm/makefu/2configs/stats/client.nix> - - # <stockholm/makefu/2configs/gui/studio-virtual.nix> # <stockholm/makefu/2configs/audio/jack-on-pulse.nix> # <stockholm/makefu/2configs/audio/realtime-audio.nix> @@ -35,6 +32,8 @@ in { <stockholm/makefu/2configs/bluetooth-mpd.nix> # Sensors + <stockholm/makefu/2configs/stats/client.nix> + <stockholm/makefu/2configs/stats/collectd-client.nix> <stockholm/makefu/2configs/stats/telegraf> <stockholm/makefu/2configs/stats/telegraf/airsensor.nix> <stockholm/makefu/2configs/stats/telegraf/europastats.nix> @@ -51,9 +50,9 @@ in { "homeassistant-0.77.2" ]; } - <stockholm/makefu/2configs/deployment/bureautomation> - <stockholm/makefu/2configs/deployment/bureautomation/mpd.nix> - <stockholm/makefu/2configs/deployment/bureautomation/hass.nix> + <stockholm/makefu/2configs/bureautomation> + <stockholm/makefu/2configs/bureautomation/mpd.nix> + <stockholm/makefu/2configs/bureautomation/hass.nix> (let collectd-port = 25826; influx-port = 8086; diff --git a/makefu/2configs/bgt/auphonic.pub b/makefu/2configs/bgt/auphonic.pub new file mode 100644 index 00000000..37b8e059 --- /dev/null +++ b/makefu/2configs/bgt/auphonic.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvP50lgtHhlC3LKzC1/4yzJNxkZFDSIBvEfavNfchNKJUEBPo82oVtfFgJR5XfjI7c2U9dHl+0q4qMl+9ZiZWr2YgDpAr78kpur4gjWKrnBa2eT9GIfXB3Tm1+OpI2HoeOHUKEK1gKqqe9tJfS+CLb7DLCjulW8zdLiiH6KmvyaH78hGjZv+bpx7H4rItAinl8vGe+ceRIk4tZbmkyhphXbQZa3Ov+imiJXIr7fmX3tkOhUp4YwrVlUK8J0MEa1Kf7ZYWRqvGnKYFQ73LwLPz7UIOZ93zPF4d0R7xqvdEEhIx+u1/gToQZSMUczbVqg3dixr3yeBhFA/6h0lTA61mx diff --git a/makefu/2configs/nginx/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index 6b5687e7..6d64848f 100644 --- a/makefu/2configs/nginx/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -1,12 +1,25 @@ { config, lib, pkgs, ... }: +with import <stockholm/lib>; let - ident = (toString <secrets>) + "/mirrorsync.gum.id_ed25519"; + ident = (builtins.readFile ./auphonic.pub); in { - systemd.services.mirrorsync = { - startAt = "08:00:00"; - path = with pkgs; [ rsync openssh ]; - script = ''rsync -av -e "ssh -i ${ident}" mirrorsync@159.69.132.234:/var/www/html/ /var/www/binaergewitter''; + services.openssh = { + allowSFTP = true; + sftpFlags = [ "-l VERBOSE" ]; + extraConfig = '' + Match User auphonic + ForceCommand internal-sftp + AllowTcpForwarding no + X11Forwarding no + PasswordAuthentication no + ''; + }; + users.users.auphonic = { + uid = genid "auphonic"; + group = "nginx"; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; }; services.nginx = { enable = lib.mkDefault true; diff --git a/makefu/2configs/deployment/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix index c1a31b8d..c1a31b8d 100644 --- a/makefu/2configs/deployment/bgt/hidden_service.nix +++ b/makefu/2configs/bgt/hidden_service.nix diff --git a/makefu/2configs/binary-cache/lass.nix b/makefu/2configs/binary-cache/lass.nix index 46b386e1..51b4a1af 100644 --- a/makefu/2configs/binary-cache/lass.nix +++ b/makefu/2configs/binary-cache/lass.nix @@ -3,7 +3,7 @@ { nix = { binaryCaches = [ - "http://cache.prism.r" + "https://cache.krebsco.de" ]; binaryCachePublicKeys = [ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" diff --git a/makefu/2configs/bitlbee.nix b/makefu/2configs/bitlbee.nix index 17efa711..e955384d 100644 --- a/makefu/2configs/bitlbee.nix +++ b/makefu/2confi |