summaryrefslogtreecommitdiffstats
path: root/lass/1systems/prism/config.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2018-05-03 18:45:55 +0200
committermakefu <github@syntax-fehler.de>2018-05-03 18:45:55 +0200
commit8156ab92378422d36d0af55c8d4b3b5742f4305c (patch)
treefcbcb08991681dcd24a88d7a9bac7f22840df575 /lass/1systems/prism/config.nix
parent45377068c0bfbb009b7cbe41dbca97dd44c9c955 (diff)
parent28d6704a0d617ca7d379b836ab9fdd4d6a0be868 (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/1systems/prism/config.nix')
-rw-r--r--lass/1systems/prism/config.nix53
1 files changed, 31 insertions, 22 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 983604f8e..89ea749c5 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -104,6 +104,7 @@ in {
];
}
{ # TODO make new hfos.nix out of this vv
+ boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = {
uid = genid "riot";
isNormalUser = true;
@@ -190,26 +191,6 @@ in {
};
}
{
- #kaepsele
- systemd.services."container@kaepsele".reloadIfChanged = mkForce false;
- containers.kaepsele = {
- config = { ... }: {
- imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
- environment.systemPackages = [ pkgs.git ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
- lass.pubkey
- tv.pubkey
- ];
- };
- autoStart = true;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.3";
- localAddress = "10.233.2.4";
- };
- }
- {
#onondaga
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
containers.onondaga = {
@@ -237,13 +218,12 @@ in {
<stockholm/lass/2configs/repo-sync.nix>
<stockholm/lass/2configs/binary-cache/server.nix>
<stockholm/lass/2configs/iodined.nix>
- <stockholm/lass/2configs/monitoring/server.nix>
- <stockholm/lass/2configs/monitoring/monit-alarms.nix>
<stockholm/lass/2configs/paste.nix>
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/reaktor-coders.nix>
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
+ <stockholm/lass/2configs/monitoring/prometheus-server.nix>
{ # quasi bepasty.nix
imports = [
<stockholm/lass/2configs/bepasty.nix>
@@ -324,6 +304,35 @@ in {
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
];
}
+ <stockholm/lass/2configs/go.nix>
+ {
+ environment.systemPackages = [ pkgs.cryptsetup ];
+ systemd.services."container@red".reloadIfChanged = mkForce false;
+ containers.red = {
+ config = { ... }: {
+ environment.systemPackages = [ pkgs.git ];
+ services.openssh.enable = true;
+ users.users.root.openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ ];
+ };
+ autoStart = false;
+ enableTun = true;
+ privateNetwork = true;
+ hostAddress = "10.233.2.3";
+ localAddress = "10.233.2.4";
+ };
+ services.nginx.virtualHosts."rote-allez-fraktion.de" = {
+ enableACME = true;
+ addSSL = true;
+ locations."/" = {
+ extraConfig = ''
+ proxy_set_header Host rote-allez-fraktion.de;
+ proxy_pass http://10.233.2.4;
+ '';
+ };
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;