with import ; { config, lib, pkgs, ... }: { imports = [ ]; krebs.build.host = config.krebs.hosts.green; users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel ]; krebs.bindfs = { "/home/lass/.weechat" = { source = "/var/state/lass_weechat"; options = [ "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}" "--create-for-user=${toString config.users.users.syncthing.uid}" ]; }; "/home/lass/Maildir" = { source = "/var/state/lass_mail"; options = [ "-M ${toString config.users.users.mainUser.uid}" ]; }; "/home/lass/sync" = { source = "/var/state/lass_sync"; options = [ "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}" "--create-for-user=${toString config.users.users.syncthing.uid}" ]; }; "/var/lib/bitlbee" = { source = "/var/state/bitlbee"; options = [ "-M ${toString config.users.users.bitlbee.uid}" ]; clearTarget = true; }; "/home/lass/.ssh" = { source = "/var/state/lass_ssh"; options = [ "-M ${toString config.users.users.mainUser.uid}" ]; clearTarget = true; }; "/home/lass/.gnupg" = { source = "/var/state/lass_gnupg"; options = [ "-M ${toString config.users.users.mainUser.uid}" ]; clearTarget = true; }; }; systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" '' sleep 1 mkdir -p /home/lass/notmuch chown lass: /home/lass/notmuch ln -sfTr /home/lass/notmuch /home/lass/Maildir/.notmuch mkdir -p /home/lass/notmuch/muchsync chown lass: /home/lass/notmuch/muchsync mkdir -p /home/lass/Maildir/.muchsync ln -sfTr /home/lass/Maildir/.muchsync /home/lass/notmuch/muchsync/tmp ''; krebs.iptables.tables.nat.PREROUTING.rules = [ { predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } ]; }