summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
authorjeschli <jeschli@gmail.com>2019-01-29 19:17:43 +0100
committerjeschli <jeschli@gmail.com>2019-01-29 19:17:43 +0100
commit924c8fb748a92720c75750cee528ac2f4b7c5c8e (patch)
tree1a3b956f7f8527e533040cee1138810fe304bbc9 /lass/2configs
parent06b6454af78e8236a67d69cab94f62c32054be47 (diff)
parente64bbd8d6864e21f9e7b6b9a11cf95c976bdc109 (diff)
Merge branch 'master' of prism.r:stockholm
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/baseX.nix4
-rw-r--r--lass/2configs/default.nix6
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/games.nix1
-rw-r--r--lass/2configs/gc.nix2
-rw-r--r--lass/2configs/hardening.nix11
-rw-r--r--lass/2configs/mail.nix4
-rw-r--r--lass/2configs/radio.nix61
-rw-r--r--lass/2configs/reaktor-coders.nix180
-rw-r--r--lass/2configs/websites/domsen.nix38
-rw-r--r--lass/2configs/websites/lassulus.nix3
11 files changed, 183 insertions, 128 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 1f2bb511f..1d2d1173d 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -9,7 +9,6 @@ in {
./power-action.nix
./copyq.nix
./urxvt.nix
- ./nfs-dl.nix
{
hardware.pulseaudio = {
enable = true;
@@ -75,12 +74,11 @@ in {
nmap
pavucontrol
powertop
- rxvt_unicode_with-plugins
+ rxvt_unicode-with-plugins
sxiv
taskwarrior
termite
xclip
- xephyrify
xorg.xbacklight
xorg.xhost
xsel
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 62a42baf9..2547e8bac 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -2,6 +2,7 @@ with import <stockholm/lib>;
{ config, pkgs, ... }:
{
imports = [
+ <stockholm/krebs/2configs/nscd-fix.nix>
./binary-cache/client.nix
./gc.nix
./mc.nix
@@ -72,7 +73,6 @@ with import <stockholm/lib>;
krebs = {
enable = true;
- search-domain = "r";
build.user = config.krebs.users.lass;
};
@@ -82,9 +82,6 @@ with import <stockholm/lib>;
services.timesyncd.enable = mkForce true;
- #why is this on in the first place?
- services.nscd.enable = false;
-
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
@@ -116,6 +113,7 @@ with import <stockholm/lib>;
#network
iptables
iftop
+ tcpdump
#stuff for dl
aria2
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index f487a9910..555295422 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -96,6 +96,7 @@ with import <stockholm/lib>;
{ from = "nordvpn@lassul.us"; to = lass.mail; }
{ from = "csv-direct@lassul.us"; to = lass.mail; }
{ from = "nintendo@lassul.us"; to = lass.mail; }
+ { from = "overleaf@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 62e3f6d52..a3acb82bb 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -74,7 +74,6 @@ in {
createHome = true;
useDefaultShell = true;
packages = with pkgs; [
- ftb
minecraft
steam-run
dolphinEmu
diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix
index c5073e384..a1bb26049 100644
--- a/lass/2configs/gc.nix
+++ b/lass/2configs/gc.nix
@@ -3,6 +3,6 @@
with import <stockholm/lib>;
{
nix.gc = {
- automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer);
+ automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer);
};
}
diff --git a/lass/2configs/hardening.nix b/lass/2configs/hardening.nix
new file mode 100644
index 000000000..aee4bf06f
--- /dev/null
+++ b/lass/2configs/hardening.nix
@@ -0,0 +1,11 @@
+{ pkgs, lib, ... }:
+with lib;
+{
+ security.chromiumSuidSandbox.enable = true;
+ security.lockKernelModules = false;
+ boot.kernel.sysctl."user.max_user_namespaces" = 63414;
+
+ imports = [
+ <nixpkgs/nixos/modules/profiles/hardened.nix>
+ ];
+}
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 21b9d7b49..52d380b7c 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -51,7 +51,7 @@ let
eloop = [ "to:eloop.org" ];
github = [ "to:github@lassul.us" ];
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
- india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ];
+ india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" "to:hackbeach@mail.hackbeach.in" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
lugs = [ "to:lugs@lug-s.org" ];
meetup = [ "to:meetup@lassul.us" ];
@@ -225,7 +225,7 @@ in {
msmtp
mutt
pkgs.notmuch
- pkgs.much
+ pkgs.haskellPackages.much
tag-new-mails
tag-old-mails
];
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 987632cd1..f88b2627b 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -170,32 +170,45 @@ in {
};
};
- krebs.Reaktor.playlist = {
- nickname = "the_playlist|r";
- channels = [
- "#the_playlist"
- "#krebs"
- ];
- extraEnviron = {
- REAKTOR_HOST = "irc.freenode.org";
- };
- plugins = with pkgs.ReaktorPlugins; [
- (buildSimpleReaktorPlugin "skip" {
- script = "${skip_track}/bin/skip_track";
- pattern = "^skip$";
- })
- (buildSimpleReaktorPlugin "current" {
- script = "${print_current}/bin/print_current";
- pattern = "^current$";
- })
- (buildSimpleReaktorPlugin "suggest" {
- script = "${pkgs.writeDash "suggest" ''
- echo "$@" >> $HOME/playlist_suggest
- ''}";
- pattern = "^suggest: (?P<args>.*)$";
- })
+ krebs.reaktor2.the_playlist = {
+ hostname = "irc.freenode.org";
+ port = "6697";
+ useTLS = true;
+ nick = "the_playlist";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#the_playlist"
+ "#krebs"
+ ];
+ };
+ }
+ {
+ plugin = "system";
+ config = {
+ workdir = config.krebs.reaktor2.the_playlist.stateDir;
+ hooks.PRIVMSG = [
+ {
+ activate = "match";
+ pattern = ''!([^ ]+)(?:\s*(.*))?'';
+ command = 1;
+ arguments = [2];
+ commands = {
+ skip.filename = "${skip_track}/bin/skip_track";
+ current.filename = "${print_current}/bin/print_current";
+ suggest.filename = pkgs.writeDash "suggest" ''
+ echo "$@" >> playlist_suggest
+ '';
+ };
+ }
+ ];
+ };
+ }
];
};
+
services.nginx = {
enable = true;
virtualHosts."radio.lassul.us" = {
diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
index 7cdcdf20c..4baec1976 100644
--- a/lass/2configs/reaktor-coders.nix
+++ b/lass/2configs/reaktor-coders.nix
@@ -1,99 +1,93 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
-{
- krebs.Reaktor.coders = {
- nickname = "Reaktor|lass";
- channels = [ "#coders" "#germany" "#panthermoderns" ];
- extraEnviron = {
- REAKTOR_HOST = "irc.hackint.org";
- };
- plugins = with pkgs.ReaktorPlugins; let
-
- lambdabot = (import (pkgs.fetchFromGitHub {
- owner = "NixOS"; repo = "nixpkgs";
- rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
- sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
- }) {}).lambdabot;
-
- lambdabotflags = ''
- -XStandaloneDeriving -XGADTs -XFlexibleContexts \
- -XFlexibleInstances -XMultiParamTypeClasses \
- -XOverloadedStrings -XFunctionalDependencies \'';
- in [
- sed-plugin
- url-title
- (buildSimpleReaktorPlugin "lambdabot-pl" {
- pattern = "^@pl (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-pl" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@pl $1"
- '';
- })
- (buildSimpleReaktorPlugin "lambdabot-type" {
- pattern = "^@type (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-type" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@type $1"
- '';
- })
- (buildSimpleReaktorPlugin "lambdabot-let" {
- pattern = "^@let (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-let" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@let $1"
- '';
- })
- (buildSimpleReaktorPlugin "lambdabot-run" {
- pattern = "^@run (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-run" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@run $1"
- '';
- })
- (buildSimpleReaktorPlugin "lambdabot-kind" {
- pattern = "^@kind (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-kind" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@kind $1"
- '';
- })
- (buildSimpleReaktorPlugin "ping" {
- pattern = "^!ping (?P<args>.*)$$";
- script = pkgs.writeDash "ping" ''
- exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1
- '';
- })
- (buildSimpleReaktorPlugin "google" {
- pattern = "^!g (?P<args>.*)$$";
- script = pkgs.writeDash "google" ''
- exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \
- ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"'
- '';
- })
- (buildSimpleReaktorPlugin "blockchain" {
- pattern = ".*[Bb]lockchain.*$$";
- script = pkgs.writeDash "blockchain" ''
- exec echo 'DID SOMEBODY SAY BLOCKCHAIN? https://paste.krebsco.de/r99pMoQq/+inline'
- '';
- })
- (buildSimpleReaktorPlugin "shrug" {
- pattern = "^!shrug$";
- script = pkgs.writeDash "shrug" ''
- exec echo '¯\_(ツ)_/¯'
- '';
- })
- (buildSimpleReaktorPlugin "flip" {
- pattern = "^!flip$";
- script = pkgs.writeDash "shrug" ''
- exec echo '(╯°□°)╯ ┻━┻'
- '';
- })
+let
+ hooks = pkgs.reaktor2-plugins.hooks;
+in {
+ krebs.reaktor2.coders = {
+ hostname = "irc.hackint.org";
+ port = "9999";
+ useTLS = true;
+ nick = "reaktor2|lass";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#coders"
+ "#germany"
+ "#panthermoderns"
+ ];
+ };
+ }
+ {
+ plugin = "system";
+ config = {
+ workdir = config.krebs.reaktor2.coders.stateDir;
+ hooks.PRIVMSG = [
+ hooks.sed
+ hooks.url-title
+ {
+ activate = "match";
+ pattern = ''@([^ ]+) (.*)$'';
+ command = 1;
+ arguments = [2];
+ env.HOME = config.krebs.reaktor2.coders.stateDir;
+ commands = let
+ lambdabot = (import (pkgs.fetchFromGitHub {
+ owner = "NixOS"; repo = "nixpkgs";
+ rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
+ sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
+ }) {}).lambdabot;
+ lambdabotWrapper = pkgs.writeDash "lambdabot.wrapper" ''
+ exec ${lambdabot}/bin/lambdabot \
+ -XStandaloneDeriving -XGADTs -XFlexibleContexts \
+ -XFlexibleInstances -XMultiParamTypeClasses \
+ -XOverloadedStrings -XFunctionalDependencies \
+ -e "$@"
+ '';
+ in {
+ pl.filename = pkgs.writeDash "lambdabot-pl" ''
+ ${lambdabotWrapper} "@pl $1"
+ '';
+ type.filename = pkgs.writeDash "lambdabot-type" ''
+ ${lambdabotWrapper} "@type $1"
+ '';
+ "let".filename = pkgs.writeDash "lambdabot-let" ''
+ ${lambdabotWrapper} "@let $1"
+ '';
+ run.filename = pkgs.writeDash "lambdabot-run" ''
+ ${lambdabotWrapper} "@run $1"
+ '';
+ kind.filename = pkgs.writeDash "lambdabot-kind" ''
+ ${lambdabotWrapper} "@kind $1"
+ '';
+ };
+ }
+ {
+ activate = "match";
+ pattern = ''!([^ ]+)(?:\s*(.*))?'';
+ command = 1;
+ arguments = [2];
+ commands = {
+ ping.filename = pkgs.writeDash "ping" ''
+ exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1
+ '';
+ google.filename = pkgs.writeDash "google" ''
+ exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \
+ ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"'
+ '';
+ shrug.filename = pkgs.writeDash "shrug" ''
+ exec echo '¯\_(ツ)_/¯'
+ '';
+ table.filename = pkgs.writeDash "table" ''
+ exec echo '(╯°□°)╯ ┻━┻'
+ '';
+ };
+ }
+ ];
+ };
+ }
];
};
}
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 25dac0ac4..7fb248139 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -88,6 +88,20 @@ in {
file_uploads = on
'';
+ services.nextcloud = {
+ enable = true;
+ hostName = "o.xanf.org";
+ config = {
+ adminpassFile = toString <secrets> + "/nextcloud_pw";
+ };
+ #https = true;
+ nginx.enable = true;
+ };
+ services.nginx.virtualHosts."o.xanf.org" = {
+ enableACME = true;
+ forceSSL = true;
+ };
+
# MAIL STUFF
# TODO: make into its own module
services.dovecot2 = {
@@ -141,6 +155,13 @@ in {
ssl_key = "/var/lib/acme/lassul.us/key.pem";
};
+ users.users.UBIK-SFTP = {
+ uid = genid_uint31 "UBIK-SFTP";
+ home = "/home/UBIK-SFTP";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
users.users.xanf = {
uid = genid_uint31 "xanf";
home = "/home/xanf";
@@ -213,5 +234,22 @@ in {
createHome = true;
};
+ services.restic.backups.domsen = {
+ initialize = true;
+ extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
+ repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES";
+ passwordFile = toString <secrets> + "/domsen_backup_pw";
+ paths = [
+ "/srv/http"
+ "/home/domsen/Mail"
+ "/home/ms/Mail"
+ "/home/klabusterbeere/Mail"
+ "/home/jms/Mail"
+ "/home/bruno/Mail"
+ "/home/akayguen/Mail"
+ "/backups/sql_dumps"
+ ];
+ };
+
}
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 307f1c2b3..27cadd100 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -101,6 +101,9 @@ in {
locations."/pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
'';
+ locations."/pub1".extraConfig = ''
+ alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey};
+ '';
};
security.acme.certs."cgit.lassul.us" = {