summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-12-07 13:20:49 +0100
committertv <tv@krebsco.de>2018-12-07 13:20:49 +0100
commit1d3a3c8104eac3e9a4ee7cdd961fcd61f706d173 (patch)
tree53ad5d4d3ecc88eeabba682fd1741bf3d1d96aa8 /lass/2configs
parentbfcf6ad0adaedf0d069850824fbbb55e4af20c5e (diff)
parent43be8e6bb38ea99ed489a8b6633ebb33b96b6282 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/baseX.nix6
-rw-r--r--lass/2configs/binary-cache/server.nix1
-rw-r--r--lass/2configs/blue-host.nix1
-rw-r--r--lass/2configs/downloading.nix65
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/mail.nix10
-rw-r--r--lass/2configs/radio.nix3
-rw-r--r--lass/2configs/tests/dummy-secrets/nordvpn.txt0
-rw-r--r--lass/2configs/websites/fritz.nix70
-rw-r--r--lass/2configs/websites/lassulus.nix22
10 files changed, 23 insertions, 156 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 9b44e8f0e..d781f8c71 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -126,6 +126,12 @@ in {
restartIfChanged = false;
};
+ nixpkgs.config.packageOverrides = super: {
+ dmenu = pkgs.writeDashBin "dmenu" ''
+ ${pkgs.fzfmenu}/bin/fzfmenu "$@"
+ '';
+ };
+
krebs.xresources.enable = true;
lass.screenlock.enable = true;
}
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
index 86158c468..d3775b5df 100644
--- a/lass/2configs/binary-cache/server.nix
+++ b/lass/2configs/binary-cache/server.nix
@@ -26,6 +26,7 @@
'';
};
virtualHosts."cache.krebsco.de" = {
+ forceSSL = true;
serverAliases = [ "cache.lassul.us" ];
enableACME = true;
locations."/".extraConfig = ''
diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
index fba996743..9cf294afd 100644
--- a/lass/2configs/blue-host.nix
+++ b/lass/2configs/blue-host.nix
@@ -81,6 +81,7 @@ in {
host = "${host}.r",
targetdir = "/var/lib/containers/.blue",
rsync = {
+ archive = true,
owner = true,
group = true,
};
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
deleted file mode 100644
index 8d0fb0d02..000000000
--- a/lass/2configs/downloading.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
- users.extraUsers = {
- download = {
- name = "download";
- home = "/var/download";
- createHome = true;
- useDefaultShell = true;
- extraGroups = [
- "download"
- ];
- openssh.authorizedKeys.keys = with config.krebs.users; [
- lass.pubkey
- lass-shodan.pubkey
- lass-icarus.pubkey
- lass-daedalus.pubkey
- lass-helios.pubkey
- makefu.pubkey
- wine-mors.pubkey
- ];
- };
-
- transmission = {
- extraGroups = [
- "download"
- ];
- };
- };
-
- users.extraGroups = {
- download = {
- members = [
- "download"
- "transmission"
- ];
- };
- };
-
- krebs.rtorrent = {
- enable = true;
- web = {
- enable = true;
- port = 9091;
- basicAuth = import <secrets/torrent-auth>;
- };
- rutorrent.enable = true;
- enableXMLRPC = true;
- listenPort = 51413;
- downloadDir = "/var/download/finished";
- # dump old torrents into watch folder to have them re-added
- watchDir = "/var/download/watch";
- };
-
- krebs.iptables = {
- enable = true;
- tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
- ];
- };
-}
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 9bb70d1c2..1ee45bb41 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -93,6 +93,7 @@ with import <stockholm/lib>;
{ from = "neocron@lassul.us"; to = lass.mail; }
{ from = "osmocom@lassul.us"; to = lass.mail; }
{ from = "lesswrong@lassul.us"; to = lass.mail; }
+ { from = "nordvpn@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 9ea91ae19..36e797a96 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -174,6 +174,16 @@ let
macro pager a "<modify-labels>-archive\n" # tag as Archived
+ bind index U noop
+ bind index u noop
+ bind pager U noop
+ bind pager u noop
+ macro index U "<modify-labels>+unread\n"
+ macro index u "<modify-labels>-unread\n"
+ macro pager U "<modify-labels>+unread\n"
+ macro pager u "<modify-labels>-unread\n"
+
+
bind index t noop
bind pager t noop
macro index t "<modify-labels>" # tag as Archived
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 85faded14..987632cd1 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -5,7 +5,6 @@ with import <stockholm/lib>;
let
name = "radio";
mainUser = config.users.extraUsers.mainUser;
- inherit (import <stockholm/lib>) genid;
admin-password = import <secrets/icecast-admin-pw>;
source-password = import <secrets/icecast-source-pw>;
@@ -31,7 +30,7 @@ in {
"${name}" = rec {
inherit name;
group = name;
- uid = genid name;
+ uid = genid_uint31 name;
description = "radio manager";
home = "/home/${name}";
useDefaultShell = true;
diff --git a/lass/2configs/tests/dummy-secrets/nordvpn.txt b/lass/2configs/tests/dummy-secrets/nordvpn.txt
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/nordvpn.txt
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
deleted file mode 100644
index 14d6ce9ec..000000000
--- a/lass/2configs/websites/fritz.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with lib;
-let
- inherit (import <stockholm/lib>)
- genid
- head
- ;
- inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
- servePage
- serveWordpress
- ;
-
- msmtprc = pkgs.writeText "msmtprc" ''
- account default
- host localhost
- '';
-
- sendmail = pkgs.writeDash "msmtp" ''
- exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
- '';
-
-in {
-
- services.nginx.enable = true;
-
- imports = [
- ./default.nix
- ./sqlBackup.nix
-
- (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])
-
- (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ])
-
- (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
-
- (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
-
- (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
-
- (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
-
- (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
- ];
-
- lass.mysqlBackup.config.all.databases = [
- "eastuttgart_de"
- "radical_dreamers_de"
- "spielwaren_kern_de"
- "ttf_kleinaspach_de"
- ];
-
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.fritz.pubkey
- ];
-
- users.users.goldbarrendiebstahl = {
- home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de";
- uid = genid "goldbarrendiebstahl";
- createHome = true;
- useDefaultShell = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.fritz.pubkey
- ];
- };
-
- services.phpfpm.phpOptions = ''
- sendmail_path = ${sendmail} -t
- '';
-}
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index b72b20928..17af0d00d 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -3,7 +3,7 @@
with lib;
let
inherit (import <stockholm/lib>)
- genid
+ genid_uint31
;
in {
@@ -22,7 +22,7 @@ in {
krebs.tinc_graphs.enable = true;
users.users.lass-stuff = {
- uid = genid "lass-stuff";
+ uid = genid_uint31 "lass-stuff";
description = "lassul.us blog cgi stuff";
home = "/var/empty";
};
@@ -66,22 +66,6 @@ in {
locations."/tinc".extraConfig = ''
alias ${config.krebs.tinc_graphs.workingDir}/external;
'';
- locations."/urlaubyay2018".extraConfig = ''
- autoindex on;
- alias /srv/http/lassul.us-media/india2018;
- auth_basic "Restricted Content";
- auth_basic_user_file ${pkgs.writeText "pics-user-pass" ''
- paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0
- ''};
- '';
- locations."/heilstadt".extraConfig = ''
- autoindex on;
- alias /srv/http/lassul.us-media/grabowsee2018;
- auth_basic "Restricted Content";
- auth_basic_user_file ${pkgs.writeText "pics-user-pass" ''
- c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0
- ''};
- '';
locations."/krebspage".extraConfig = ''
default_type "text/html";
alias ${pkgs.krebspage}/index.html;
@@ -140,7 +124,7 @@ in {
};
users.users.blog = {
- uid = genid "blog";
+ uid = genid_uint31 "blog";
description = "lassul.us blog deployment";
home = "/srv/http/lassul.us";
useDefaultShell = true;