diff options
author | makefu <github@syntax-fehler.de> | 2018-05-03 18:45:55 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2018-05-03 18:45:55 +0200 |
commit | 8156ab92378422d36d0af55c8d4b3b5742f4305c (patch) | |
tree | fcbcb08991681dcd24a88d7a9bac7f22840df575 /lass/1systems/prism/config.nix | |
parent | 45377068c0bfbb009b7cbe41dbca97dd44c9c955 (diff) | |
parent | 28d6704a0d617ca7d379b836ab9fdd4d6a0be868 (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/1systems/prism/config.nix')
-rw-r--r-- | lass/1systems/prism/config.nix | 53 |
1 files changed, 31 insertions, 22 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 983604f8e..89ea749c5 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -104,6 +104,7 @@ in { ]; } { # TODO make new hfos.nix out of this vv + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; users.users.riot = { uid = genid "riot"; isNormalUser = true; @@ -190,26 +191,6 @@ in { }; } { - #kaepsele - systemd.services."container@kaepsele".reloadIfChanged = mkForce false; - containers.kaepsele = { - config = { ... }: { - imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ]; - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - tv.pubkey - ]; - }; - autoStart = true; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.3"; - localAddress = "10.233.2.4"; - }; - } - { #onondaga systemd.services."container@onondaga".reloadIfChanged = mkForce false; containers.onondaga = { @@ -237,13 +218,12 @@ in { <stockholm/lass/2configs/repo-sync.nix> <stockholm/lass/2configs/binary-cache/server.nix> <stockholm/lass/2configs/iodined.nix> - <stockholm/lass/2configs/monitoring/server.nix> - <stockholm/lass/2configs/monitoring/monit-alarms.nix> <stockholm/lass/2configs/paste.nix> <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/reaktor-coders.nix> <stockholm/lass/2configs/ciko.nix> <stockholm/lass/2configs/container-networking.nix> + <stockholm/lass/2configs/monitoring/prometheus-server.nix> { # quasi bepasty.nix imports = [ <stockholm/lass/2configs/bepasty.nix> @@ -324,6 +304,35 @@ in { { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } ]; } + <stockholm/lass/2configs/go.nix> + { + environment.systemPackages = [ pkgs.cryptsetup ]; + systemd.services."container@red".reloadIfChanged = mkForce false; + containers.red = { + config = { ... }: { + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.3"; + localAddress = "10.233.2.4"; + }; + services.nginx.virtualHosts."rote-allez-fraktion.de" = { + enableACME = true; + addSSL = true; + locations."/" = { + extraConfig = '' + proxy_set_header Host rote-allez-fraktion.de; + proxy_pass http://10.233.2.4; + ''; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; |