l green.r: setup with sync-containers

author: lassulus <lassulus@lassul.us> 2021-01-23 18:09:13 +0100
committer: lassulus <lassulus@lassul.us> 2021-01-23 18:09:13 +0100
commit: 0b5b4b8eab751d0d1d32573c6f69d08a82b4af1e (patch)
tree: dc751e9360ebbd73a24f97ec0820130ad9295e07 /lass/1systems/green/config.nix
parent: 2185fb0bfa56b365e33d0baf0274499076c1166b (diff)
1 files changed, 69 insertions, 2 deletions
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
index 0b4b50ee4..d7683ff5f 100644
--- a/lass/1systems/green/config.nix
+++ b/lass/1systems/green/config.nix
@@ -9,13 +9,80 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/mail.nix>
 
     <stockholm/lass/2configs/syncthing.nix>
+    <stockholm/lass/2configs/sync/sync.nix>
     <stockholm/lass/2configs/sync/decsync.nix>
     <stockholm/lass/2configs/sync/weechat.nix>
+
+    <stockholm/lass/2configs/bitlbee.nix>
+    <stockholm/lass/2configs/IM.nix>
+    <stockholm/lass/2configs/muchsync.nix>
+    <stockholm/lass/2configs/pass.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.green;
 
-  #networking.nameservers = [ "1.1.1.1" ];
+  users.users.mainUser.openssh.authorizedKeys.keys = [
+    config.krebs.users.lass-android.pubkey
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel
+  ];
+
+  lass.bindfs = {
+    "/home/lass/.weechat" = {
+      source = "/var/state/lass_weechat";
+      options = [
+        "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}"
+        "--create-for-user=${toString config.users.users.syncthing.uid}"
+      ];
+    };
+    "/home/lass/Maildir" = {
+      source = "/var/state/lass_mail";
+      options = [
+        "-M ${toString config.users.users.mainUser.uid}"
+      ];
+    };
+    "/home/lass/sync" = {
+      source = "/var/state/lass_sync";
+      options = [
+        "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}"
+        "--create-for-user=${toString config.users.users.syncthing.uid}"
+      ];
+    };
+    "/var/lib/bitlbee" = {
+      source = "/var/state/bitlbee";
+      options = [
+        "-M ${toString config.users.users.bitlbee.uid}"
+      ];
+      clearTarget = true;
+    };
+    "/home/lass/.ssh" = {
+      source = "/var/state/lass_ssh";
+      options = [
+        "-M ${toString config.users.users.mainUser.uid}"
+      ];
+      clearTarget = true;
+    };
+    "/home/lass/.gnupg" = {
+      source = "/var/state/lass_gnupg";
+      options = [
+        "-M ${toString config.users.users.mainUser.uid}"
+      ];
+      clearTarget = true;
+    };
+  };
 
-  #time.timeZone = "Europe/Berlin";
+  systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" ''
+    sleep 1
+    mkdir -p /home/lass/notmuch
+    chown lass: /home/lass/notmuch
+    ln -sfTr /home/lass/notmuch /home/lass/Maildir/.notmuch
+
+    mkdir -p /home/lass/notmuch/muchsync
+    chown lass: /home/lass/notmuch/muchsync
+    mkdir -p /home/lass/Maildir/.muchsync
+    ln -sfTr /home/lass/Maildir/.muchsync /home/lass/notmuch/muchsync/tmp
+  '';
+
+  krebs.iptables.tables.nat.PREROUTING.rules = [
+    { predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; }
+  ];
 }
author	lassulus <lassulus@lassul.us>	2021-01-23 18:09:13 +0100
committer	lassulus <lassulus@lassul.us>	2021-01-23 18:09:13 +0100
commit	0b5b4b8eab751d0d1d32573c6f69d08a82b4af1e (patch)
tree	dc751e9360ebbd73a24f97ec0820130ad9295e07 /lass/1systems/green/config.nix
parent	2185fb0bfa56b365e33d0baf0274499076c1166b (diff)