diff options
author | makefu <github@syntax-fehler.de> | 2019-06-14 18:41:27 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2019-06-14 18:41:27 +0200 |
commit | 276ad5f9d54a30c6817d00799af49199a5ef9e4c (patch) | |
tree | d441e34c262f08eddf9d84c01508e698468fbbfb /lass/1systems/prism/config.nix | |
parent | 592d157eba8f1b5ba35f1fca64c2905897468f83 (diff) | |
parent | 4e7af580d81f02f6d07d38917f124f4b99483603 (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/1systems/prism/config.nix')
-rw-r--r-- | lass/1systems/prism/config.nix | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d7b0b701a..eec8e34b8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -195,6 +195,7 @@ with import <stockholm/lib>; }; } <stockholm/lass/2configs/minecraft.nix> + <stockholm/lass/2configs/codimd.nix> { services.taskserver = { enable = true; @@ -382,7 +383,7 @@ with import <stockholm/lib>; ''; fileSystems."/export/download" = { - device = "/var/lib/containers/yellow/var/download"; + device = "/var/lib/containers/yellow/var/download/finished"; options = [ "bind" ]; }; services.nfs.server = { @@ -395,6 +396,12 @@ with import <stockholm/lib>; statdPort = 4000; }; krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; } { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; } { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; } @@ -456,4 +463,10 @@ with import <stockholm/lib>; enable = true; freeMemThreshold = 5; }; + + # prism rsa hack + services.openssh.hostKeys = [{ + path = toString <secrets> + "ssh.id_rsa"; + type = "rsa"; + }]; } |