From 5dd6662a6a7cc8522ab3718e6303f02a4f9ba503 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Fri, 25 Nov 2022 09:08:58 +0100 Subject: kartei: add tahina.r --- kartei/kmein/default.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/kartei/kmein/default.nix b/kartei/kmein/default.nix index 8e9e108e..39125e35 100644 --- a/kartei/kmein/default.nix +++ b/kartei/kmein/default.nix @@ -138,6 +138,28 @@ in wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ="; }; }; + tabula = { + nets.retiolum = { + ip4.addr = "10.243.2.78"; + aliases = [ "tabula.r" "tabula.kmein.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA4cdFDoKRA9t+r686w6gH1u4UjEQJBmhsf3tkPEkv7nyVr4ahcZQk + rQwlhNRJwv0wekwO0qG19VoAmBkVMzYu5JWn9WeYfIEUtP3ndPa7tqWQ4qIkYh8q + 4KQ03Y3CZav5ClK9rLO7gj+dsP+BhVdqhte4pJANs4CyglYkyu6p0P4+R2P0tfcq + LTl8RB+SXuafqzhoQD+yhhA1HR8O1o9gHJjKiEVrSLwSFfD8WWH55yeWzIYAbuv8 + 8a5VzhS5zvDYUFTP1WUPTeGlKsJdslSZqsrZmBDpkh1iEpRzQUnwQNMJ/uGXIldE + 3FKKoL9LKlvr1Iz9IcuxO4QLk+DoC8+Jc7yQrwIiQQCwAfwdyY6KcRDAqna1WZRd + MFRvPd6y1BmLVJMG43VpWm5POE9Gw5nj5IzSNAFshoNljf246y2+wf8EtULqtrJD + DMckquiYRnzQPco9PgjLfH/6SnlB/oXhvT4+rB4KceSoFKOLWq1pFogDGDy0xyB0 + ufkPsXiYE2KRnkozDJWlKSqrkM3GSR2lTM5cAmLh8VzxkI6LeJu8/6qxFa6J6tn4 + +kH8yjbcLqjmuUykfOZ2eL4GniaFexDvZcGgLD1I5f1ylEmSuU6boyx83WkCH7NH + 1cmaBDQsy4x0gMUYlLDVDW7X2PECoq5mQ61FHBNkdNOujOM/JPnYf4UCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "eZsnMScJdH5k/W3Y5fILnz5Kc01R+dRzjjE/cnu96VF"; + }; + }; tahina = { nets.retiolum = { ip4.addr = "10.243.2.74"; -- cgit v1.2.3 From 81b5682c5ff1e36613f844a874e09b897ee13d3e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 29 Nov 2022 22:18:26 +0100 Subject: l xmonad: use clipmenu --- lass/2configs/xmonad.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix index 05d719b8..8784da37 100644 --- a/lass/2configs/xmonad.nix +++ b/lass/2configs/xmonad.nix @@ -151,7 +151,14 @@ myKeyMap = , ("M4-S-q", return ()) - , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") + , ("M4-d", floatNext True >> spawn "${pkgs.writers.writeDash "clipmenu" '' + PATH=${lib.makeBinPath [ + pkgs.coreutils + pkgs.gawk + pkgs.dmenu + ]} + ${pkgs.clipmenu}/bin/clipmenu + ''}") , ("M4-", windows copyToAll) -- cgit v1.2.3 From 645c3564f75589531abcf17fd3c3f920d93a394a Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 2 Dec 2022 09:05:42 +0100 Subject: init social.krebsco.de --- kartei/lass/default.nix | 11 ++++++----- krebs/1systems/hotdog/config.nix | 1 + krebs/2configs/mastodon-proxy.nix | 24 +++++++++++++++++++++++ krebs/2configs/mastodon.nix | 40 +++++++++++++++++++++++++++++++++++++++ lass/1systems/prism/config.nix | 1 + 5 files changed, 72 insertions(+), 5 deletions(-) create mode 100644 krebs/2configs/mastodon-proxy.nix create mode 100644 krebs/2configs/mastodon.nix diff --git a/kartei/lass/default.nix b/kartei/lass/default.nix index 0c314e9e..1452d494 100644 --- a/kartei/lass/default.nix +++ b/kartei/lass/default.nix @@ -59,11 +59,12 @@ in { cores = 4; extraZones = { "krebsco.de" = '' - cache IN A ${nets.internet.ip4.addr} - p IN A ${nets.internet.ip4.addr} - c IN A ${nets.internet.ip4.addr} - paste IN A ${nets.internet.ip4.addr} - prism IN A ${nets.internet.ip4.addr} + cache 60 IN A ${nets.internet.ip4.addr} + p 60 IN A ${nets.internet.ip4.addr} + c 60 IN A ${nets.internet.ip4.addr} + paste 60 IN A ${nets.internet.ip4.addr} + prism 60 IN A ${nets.internet.ip4.addr} + social 60 IN A ${nets.internet.ip4.addr} ''; "lassul.us" = '' $TTL 3600 diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 02749daf..a34df4bd 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -14,6 +14,7 @@ + ## shackie irc bot diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix new file mode 100644 index 00000000..4d359c3f --- /dev/null +++ b/krebs/2configs/mastodon-proxy.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: +{ + services.nginx = { + enable = true; + virtualHosts."social.krebsco.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + # TODO use this in 22.11 + # recommendedProxySettings = true; + proxyPass = "http://hotdog.r"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + ''; + }; + }; + }; +} diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix new file mode 100644 index 00000000..d0c1943c --- /dev/null +++ b/krebs/2configs/mastodon.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: +{ + services.postgresql = { + enable = true; + dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}"; + package = pkgs.postgresql_11; + }; + systemd.tmpfiles.rules = [ + "d /var/state/postgresql 0700 postgres postgres -" + ]; + + services.mastodon = { + enable = true; + localDomain = "social.krebsco.de"; + configureNginx = true; + trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr; + smtp.createLocally = false; + smtp.fromAddress = "mastodon@social.krebsco.de"; + }; + + services.nginx.virtualHosts.${config.services.mastodon.localDomain} = { + forceSSL = lib.mkForce false; + enableACME = lib.mkForce false; + locations."@proxy".extraConfig = '' + proxy_redirect off; + proxy_pass_header Server; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + ''; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + ]; + + environment.systemPackages = [ + (pkgs.writers.writeDashBin "tootctl" '' + sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@" + '') + ]; +} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 7bffc39a..75f84bca 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -111,6 +111,7 @@ with import ; + { services.tor = { enable = true; -- cgit v1.2.3