Merge branch 'master' of prism.r:stockholm

author: jeschli <jeschli@gmail.com> 2019-01-29 19:17:43 +0100
committer: jeschli <jeschli@gmail.com> 2019-01-29 19:17:43 +0100
commit: 924c8fb748a92720c75750cee528ac2f4b7c5c8e (patch)
tree: 1a3b956f7f8527e533040cee1138810fe304bbc9 /lass/1systems/prism
parent: 06b6454af78e8236a67d69cab94f62c32054be47 (diff)
parent: e64bbd8d6864e21f9e7b6b9a11cf95c976bdc109 (diff)
2 files changed, 33 insertions, 6 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index df2778bef..23746d210 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -36,10 +36,10 @@ with import <stockholm/lib>;
       # TODO write function for proxy_pass (ssl/nonssl)
 
       krebs.iptables.tables.filter.FORWARD.rules = [
-        { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
+        { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; }
       ];
       krebs.iptables.tables.nat.PREROUTING.rules = [
-        { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
+        { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; }
       ];
     }
     {
@@ -379,6 +379,7 @@ with import <stockholm/lib>;
           name = "download";
           home = "/var/download";
           useDefaultShell = true;
+          uid = genid "download";
           openssh.authorizedKeys.keys = with config.krebs.users; [
             lass.pubkey
             lass-shodan.pubkey
@@ -420,6 +421,16 @@ with import <stockholm/lib>;
          { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
       ];
     }
+    {
+      nix.trustedUsers = [ "Mic92" ];
+      users.users.Mic92 = {
+        uid = genid_uint31 "Mic92";
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [
+          config.krebs.users.Mic92.pubkey
+        ];
+      };
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 116bdb92f..9a84e9d63 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -40,6 +40,16 @@
     fsType = "zfs";
   };
 
+  fileSystems."/var/lib/nextcloud" = {
+    device = "tank/nextcloud";
+    fsType = "zfs";
+  };
+
+  fileSystems."/var/lib/libvirt" = {
+    device = "tank/libvirt";
+    fsType = "zfs";
+  };
+
   nix.maxJobs = lib.mkDefault 8;
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
 
@@ -53,9 +63,15 @@
     defaultGateway = "95.216.1.129";
     # Use google's public DNS server
     nameservers = [ "8.8.8.8" ];
-    interfaces.eth0 = {
-      ipAddress = "95.216.1.150";
-      prefixLength = 26;
-    };
+    interfaces.eth0.ipv4.addresses = [
+      {
+        address = "95.216.1.150";
+        prefixLength = 26;
+      }
+      {
+        address = "95.216.1.130";
+        prefixLength = 26;
+      }
+    ];
   };
 }
author	jeschli <jeschli@gmail.com>	2019-01-29 19:17:43 +0100
committer	jeschli <jeschli@gmail.com>	2019-01-29 19:17:43 +0100
commit	924c8fb748a92720c75750cee528ac2f4b7c5c8e (patch)
tree	1a3b956f7f8527e533040cee1138810fe304bbc9 /lass/1systems/prism
parent	06b6454af78e8236a67d69cab94f62c32054be47 (diff)
parent	e64bbd8d6864e21f9e7b6b9a11cf95c976bdc109 (diff)