diff options
author | tv <tv@krebsco.de> | 2018-12-07 13:20:49 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2018-12-07 13:20:49 +0100 |
commit | 1d3a3c8104eac3e9a4ee7cdd961fcd61f706d173 (patch) | |
tree | 53ad5d4d3ecc88eeabba682fd1741bf3d1d96aa8 /lass/1systems/prism/config.nix | |
parent | bfcf6ad0adaedf0d069850824fbbb55e4af20c5e (diff) | |
parent | 43be8e6bb38ea99ed489a8b6633ebb33b96b6282 (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/1systems/prism/config.nix')
-rw-r--r-- | lass/1systems/prism/config.nix | 77 |
1 files changed, 70 insertions, 7 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a9fbae695..83cc96771 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -25,7 +25,7 @@ with import <stockholm/lib>; { # TODO make new hfos.nix out of this vv boot.kernel.sysctl."net.ipv4.ip_forward" = 1; users.users.riot = { - uid = genid "riot"; + uid = genid_uint31 "riot"; isNormalUser = true; extraGroups = [ "libvirtd" ]; openssh.authorizedKeys.keys = [ @@ -44,21 +44,21 @@ with import <stockholm/lib>; } { users.users.tv = { - uid = genid "tv"; + uid = genid_uint31 "tv"; isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.tv.pubkey ]; }; users.users.makefu = { - uid = genid "makefu"; + uid = genid_uint31 "makefu"; isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; }; users.extraUsers.dritter = { - uid = genid "dritter"; + uid = genid_uint31 "dritter"; isNormalUser = true; extraGroups = [ "download" @@ -75,7 +75,7 @@ with import <stockholm/lib>; ]; }; users.users.hellrazor = { - uid = genid "hellrazor"; + uid = genid_uint31 "hellrazor"; isNormalUser = true; extraGroups = [ "download" @@ -168,7 +168,7 @@ with import <stockholm/lib>; } { users.users.jeschli = { - uid = genid "jeschli"; + uid = genid_uint31 "jeschli"; isNormalUser = true; openssh.authorizedKeys.keys = with config.krebs.users; [ jeschli.pubkey @@ -207,7 +207,6 @@ with import <stockholm/lib>; RandomizedDelaySec = "2min"; }; } - <stockholm/lass/2configs/downloading.nix> <stockholm/lass/2configs/minecraft.nix> { services.taskserver = { @@ -324,6 +323,15 @@ with import <stockholm/lib>; } ]; }; + services.dnsmasq = { + enable = true; + resolveLocalQueries = false; + + extraConfig= '' + except-interface=lo + interface=wg0 + ''; + }; } { krebs.iptables.tables.filter.INPUT.rules = [ @@ -338,6 +346,61 @@ with import <stockholm/lib>; ]; } + { + systemd.services."container@yellow".reloadIfChanged = mkForce false; + containers.yellow = { + config = { ... }: { + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.13"; + localAddress = "10.233.2.14"; + }; + + services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' + if ($scheme != "https") { + rewrite ^ https://$host$uri permanent; + } + auth_basic "Restricted Content"; + auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' + krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0 + ''}; + proxy_pass http://10.233.2.14:9091; + ''; + + users.groups.download = {}; + users.users = { + download = { + createHome = true; + group = "download"; + name = "download"; + home = "/var/download"; + useDefaultShell = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + lass-shodan.pubkey + lass-icarus.pubkey + lass-daedalus.pubkey + lass-helios.pubkey + makefu.pubkey + wine-mors.pubkey + ]; + }; + }; + + system.activationScripts.downloadFolder = '' + mkdir -p /var/download + chmod 775 /var/download + ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || : + chown download: /var/download/finished + ''; + } ]; krebs.build.host = config.krebs.hosts.prism; |