summaryrefslogtreecommitdiffstats
path: root/lass/1systems/prism/config.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2019-06-14 18:41:27 +0200
committermakefu <github@syntax-fehler.de>2019-06-14 18:41:27 +0200
commit276ad5f9d54a30c6817d00799af49199a5ef9e4c (patch)
treed441e34c262f08eddf9d84c01508e698468fbbfb /lass/1systems/prism/config.nix
parent592d157eba8f1b5ba35f1fca64c2905897468f83 (diff)
parent4e7af580d81f02f6d07d38917f124f4b99483603 (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/1systems/prism/config.nix')
-rw-r--r--lass/1systems/prism/config.nix15
1 files changed, 14 insertions, 1 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index d7b0b701a..eec8e34b8 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -195,6 +195,7 @@ with import <stockholm/lib>;
};
}
<stockholm/lass/2configs/minecraft.nix>
+ <stockholm/lass/2configs/codimd.nix>
{
services.taskserver = {
enable = true;
@@ -382,7 +383,7 @@ with import <stockholm/lib>;
'';
fileSystems."/export/download" = {
- device = "/var/lib/containers/yellow/var/download";
+ device = "/var/lib/containers/yellow/var/download/finished";
options = [ "bind" ];
};
services.nfs.server = {
@@ -395,6 +396,12 @@ with import <stockholm/lib>;
statdPort = 4000;
};
krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
@@ -456,4 +463,10 @@ with import <stockholm/lib>;
enable = true;
freeMemThreshold = 5;
};
+
+ # prism rsa hack
+ services.openssh.hostKeys = [{
+ path = toString <secrets> + "ssh.id_rsa";
+ type = "rsa";
+ }];
}