diff options
author | makefu <github@syntax-fehler.de> | 2021-01-27 22:57:15 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2021-01-27 22:57:15 +0100 |
commit | 144edeee1030d647bcc64083efc5834d1628341d (patch) | |
tree | 92f32df8dbc09b1bc36061267967b605628409b7 /lass/1systems/archprism/config.nix | |
parent | 9c6c20f69e7b76e4231ffeae715d2ee5d453bb4d (diff) | |
parent | a2ca5f2e214be259fdb0f9ea92b79d74e6216a51 (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/1systems/archprism/config.nix')
-rw-r--r-- | lass/1systems/archprism/config.nix | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix deleted file mode 100644 index 0a2ab1611..000000000 --- a/lass/1systems/archprism/config.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; - -{ - imports = [ - <stockholm/lass> - <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/libvirt.nix> - { # TODO make new hfos.nix out of this vv - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - users.users.riot = { - uid = genid_uint31 "riot"; - isNormalUser = true; - extraGroups = [ "libvirtd" ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" - ]; - }; - - # TODO write function for proxy_pass (ssl/nonssl) - - krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.179"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; } - ]; - } - <stockholm/lass/2configs/container-networking.nix> - { - services.taskserver = { - enable = true; - fqdn = "lassul.us"; - listenHost = "::"; - listenPort = 53589; - organisations.lass.users = [ "lass" "android" ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } - ]; - } - { - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} - ]; - } - ]; - - krebs.build.host = config.krebs.hosts.archprism; - services.earlyoom = { - enable = true; - freeMemThreshold = 5; - }; -} |