diff options
author | tv <tv@krebsco.de> | 2018-12-07 13:20:49 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2018-12-07 13:20:49 +0100 |
commit | 1d3a3c8104eac3e9a4ee7cdd961fcd61f706d173 (patch) | |
tree | 53ad5d4d3ecc88eeabba682fd1741bf3d1d96aa8 /lass/2configs | |
parent | bfcf6ad0adaedf0d069850824fbbb55e4af20c5e (diff) | |
parent | 43be8e6bb38ea99ed489a8b6633ebb33b96b6282 (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/2configs')
-rw-r--r-- | lass/2configs/baseX.nix | 6 | ||||
-rw-r--r-- | lass/2configs/binary-cache/server.nix | 1 | ||||
-rw-r--r-- | lass/2configs/blue-host.nix | 1 | ||||
-rw-r--r-- | lass/2configs/downloading.nix | 65 | ||||
-rw-r--r-- | lass/2configs/exim-smarthost.nix | 1 | ||||
-rw-r--r-- | lass/2configs/mail.nix | 10 | ||||
-rw-r--r-- | lass/2configs/radio.nix | 3 | ||||
-rw-r--r-- | lass/2configs/tests/dummy-secrets/nordvpn.txt | 0 | ||||
-rw-r--r-- | lass/2configs/websites/fritz.nix | 70 | ||||
-rw-r--r-- | lass/2configs/websites/lassulus.nix | 22 |
10 files changed, 23 insertions, 156 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9b44e8f0e..d781f8c71 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -126,6 +126,12 @@ in { restartIfChanged = false; }; + nixpkgs.config.packageOverrides = super: { + dmenu = pkgs.writeDashBin "dmenu" '' + ${pkgs.fzfmenu}/bin/fzfmenu "$@" + ''; + }; + krebs.xresources.enable = true; lass.screenlock.enable = true; } diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index 86158c468..d3775b5df 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -26,6 +26,7 @@ ''; }; virtualHosts."cache.krebsco.de" = { + forceSSL = true; serverAliases = [ "cache.lassul.us" ]; enableACME = true; locations."/".extraConfig = '' diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index fba996743..9cf294afd 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -81,6 +81,7 @@ in { host = "${host}.r", targetdir = "/var/lib/containers/.blue", rsync = { + archive = true, owner = true, group = true, }; diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix deleted file mode 100644 index 8d0fb0d02..000000000 --- a/lass/2configs/downloading.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ - users.extraUsers = { - download = { - name = "download"; - home = "/var/download"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - lass-shodan.pubkey - lass-icarus.pubkey - lass-daedalus.pubkey - lass-helios.pubkey - makefu.pubkey - wine-mors.pubkey - ]; - }; - - transmission = { - extraGroups = [ - "download" - ]; - }; - }; - - users.extraGroups = { - download = { - members = [ - "download" - "transmission" - ]; - }; - }; - - krebs.rtorrent = { - enable = true; - web = { - enable = true; - port = 9091; - basicAuth = import <secrets/torrent-auth>; - }; - rutorrent.enable = true; - enableXMLRPC = true; - listenPort = 51413; - downloadDir = "/var/download/finished"; - # dump old torrents into watch folder to have them re-added - watchDir = "/var/download/watch"; - }; - - krebs.iptables = { - enable = true; - tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } - { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } - ]; - }; -} diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 9bb70d1c2..1ee45bb41 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -93,6 +93,7 @@ with import <stockholm/lib>; { from = "neocron@lassul.us"; to = lass.mail; } { from = "osmocom@lassul.us"; to = lass.mail; } { from = "lesswrong@lassul.us"; to = lass.mail; } + { from = "nordvpn@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 9ea91ae19..36e797a96 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -174,6 +174,16 @@ let macro pager a "<modify-labels>-archive\n" # tag as Archived + bind index U noop + bind index u noop + bind pager U noop + bind pager u noop + macro index U "<modify-labels>+unread\n" + macro index u "<modify-labels>-unread\n" + macro pager U "<modify-labels>+unread\n" + macro pager u "<modify-labels>-unread\n" + + bind index t noop bind pager t noop macro index t "<modify-labels>" # tag as Archived diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 85faded14..987632cd1 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -5,7 +5,6 @@ with import <stockholm/lib>; let name = "radio"; mainUser = config.users.extraUsers.mainUser; - inherit (import <stockholm/lib>) genid; admin-password = import <secrets/icecast-admin-pw>; source-password = import <secrets/icecast-source-pw>; @@ -31,7 +30,7 @@ in { "${name}" = rec { inherit name; group = name; - uid = genid name; + uid = genid_uint31 name; description = "radio manager"; home = "/home/${name}"; useDefaultShell = true; diff --git a/lass/2configs/tests/dummy-secrets/nordvpn.txt b/lass/2configs/tests/dummy-secrets/nordvpn.txt new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/nordvpn.txt diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix deleted file mode 100644 index 14d6ce9ec..000000000 --- a/lass/2configs/websites/fritz.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - inherit (import <stockholm/lib>) - genid - head - ; - inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;}) - servePage - serveWordpress - ; - - msmtprc = pkgs.writeText "msmtprc" '' - account default - host localhost - ''; - - sendmail = pkgs.writeDash "msmtp" '' - exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" - ''; - -in { - - services.nginx.enable = true; - - imports = [ - ./default.nix - ./sqlBackup.nix - - (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ]) - - (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ]) - - (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ]) - - (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ]) - - (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ]) - - (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ]) - - (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ]) - ]; - - lass.mysqlBackup.config.all.databases = [ - "eastuttgart_de" - "radical_dreamers_de" - "spielwaren_kern_de" - "ttf_kleinaspach_de" - ]; - - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.fritz.pubkey - ]; - - users.users.goldbarrendiebstahl = { - home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de"; - uid = genid "goldbarrendiebstahl"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.fritz.pubkey - ]; - }; - - services.phpfpm.phpOptions = '' - sendmail_path = ${sendmail} -t - ''; -} diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index b72b20928..17af0d00d 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -3,7 +3,7 @@ with lib; let inherit (import <stockholm/lib>) - genid + genid_uint31 ; in { @@ -22,7 +22,7 @@ in { krebs.tinc_graphs.enable = true; users.users.lass-stuff = { - uid = genid "lass-stuff"; + uid = genid_uint31 "lass-stuff"; description = "lassul.us blog cgi stuff"; home = "/var/empty"; }; @@ -66,22 +66,6 @@ in { locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; - locations."/urlaubyay2018".extraConfig = '' - autoindex on; - alias /srv/http/lassul.us-media/india2018; - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' - paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 - ''}; - ''; - locations."/heilstadt".extraConfig = '' - autoindex on; - alias /srv/http/lassul.us-media/grabowsee2018; - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' - c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 - ''}; - ''; locations."/krebspage".extraConfig = '' default_type "text/html"; alias ${pkgs.krebspage}/index.html; @@ -140,7 +124,7 @@ in { }; users.users.blog = { - uid = genid "blog"; + uid = genid_uint31 "blog"; description = "lassul.us blog deployment"; home = "/srv/http/lassul.us"; useDefaultShell = true; |