diff options
author | lassulus <lassulus@lassul.us> | 2017-07-12 19:11:29 +0200 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2017-07-12 19:11:29 +0200 |
commit | b19ebc2abd8f383d477d35040e833cd9c05319ab (patch) | |
tree | 778a882e0faebc82360c06165b4b00726468b8aa /lass/1systems/dishfire/config.nix | |
parent | 5efedd139a20d71268af2afd069dbd595414650f (diff) | |
parent | cd47613a4d8daf185f4ac0f8ef43af11985a2f65 (diff) |
Merge branch 'staging/source'
Diffstat (limited to 'lass/1systems/dishfire/config.nix')
-rw-r--r-- | lass/1systems/dishfire/config.nix | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix new file mode 100644 index 000000000..416edeb82 --- /dev/null +++ b/lass/1systems/dishfire/config.nix @@ -0,0 +1,96 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + <stockholm/lass/2configs/git.nix> + { + boot.loader.grub = { + device = "/dev/vda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "ehci_pci" + "uhci_hcd" + "virtio_pci" + "virtio_blk" + ]; + + fileSystems."/" = { + device = "/dev/mapper/pool-nix"; + fsType = "ext4"; + }; + + fileSystems."/srv/http" = { + device = "/dev/pool/srv_http"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + fileSystems."/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; + } + { + networking.dhcpcd.allowInterfaces = [ + "enp*" + "eth*" + ]; + } + { + sound.enable = false; + } + { + environment.systemPackages = with pkgs; [ + mk_sql_pair + ]; + } + { + imports = [ + <stockholm/lass/2configs/websites/fritz.nix> + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + { predicate = "-p tcp --dport https"; target = "ACCEPT"; } + ]; + } + { + #TODO: abstract & move to own file + krebs.exim-smarthost = { + enable = true; + relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + config.krebs.hosts.mors + config.krebs.hosts.uriel + ]; + system-aliases = [ + { from = "mailer-daemon"; to = "postmaster"; } + { from = "postmaster"; to = "root"; } + { from = "nobody"; to = "root"; } + { from = "hostmaster"; to = "root"; } + { from = "usenet"; to = "root"; } + { from = "news"; to = "root"; } + { from = "webmaster"; to = "root"; } + { from = "www"; to = "root"; } + { from = "ftp"; to = "root"; } + { from = "abuse"; to = "root"; } + { from = "noc"; to = "root"; } + { from = "security"; to = "root"; } + { from = "root"; to = "lass"; } + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + ]; + } + ]; + + krebs.build.host = config.krebs.hosts.dishfire; +} |