Merge remote-tracking branch 'prism/master'

1 files changed, 14 insertions, 1 deletions

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index d7b0b701a..eec8e34b8 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -195,6 +195,7 @@ with import <stockholm/lib>;
       };
     }
     <stockholm/lass/2configs/minecraft.nix>
+    <stockholm/lass/2configs/codimd.nix>
     {
       services.taskserver = {
         enable = true;
@@ -382,7 +383,7 @@ with import <stockholm/lib>;
       '';
 
       fileSystems."/export/download" = {
-        device = "/var/lib/containers/yellow/var/download";
+        device = "/var/lib/containers/yellow/var/download/finished";
         options = [ "bind" ];
       };
       services.nfs.server = {
@@ -395,6 +396,12 @@ with import <stockholm/lib>;
         statdPort = 4000;
       };
       krebs.iptables.tables.filter.INPUT.rules = [
+         { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
+         { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
+         { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
+         { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; }
+         { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; }
+         { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; }
          { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
          { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
          { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
@@ -456,4 +463,10 @@ with import <stockholm/lib>;
     enable = true;
     freeMemThreshold = 5;
   };
+
+  # prism rsa hack
+  services.openssh.hostKeys = [{
+    path = toString <secrets> + "ssh.id_rsa";
+    type = "rsa";
+  }];
 }