diff options
author | jeschli <jeschli@gmail.com> | 2019-01-29 19:17:43 +0100 |
---|---|---|
committer | jeschli <jeschli@gmail.com> | 2019-01-29 19:17:43 +0100 |
commit | 924c8fb748a92720c75750cee528ac2f4b7c5c8e (patch) | |
tree | 1a3b956f7f8527e533040cee1138810fe304bbc9 /lass/2configs | |
parent | 06b6454af78e8236a67d69cab94f62c32054be47 (diff) | |
parent | e64bbd8d6864e21f9e7b6b9a11cf95c976bdc109 (diff) |
Merge branch 'master' of prism.r:stockholm
Diffstat (limited to 'lass/2configs')
-rw-r--r-- | lass/2configs/baseX.nix | 4 | ||||
-rw-r--r-- | lass/2configs/default.nix | 6 | ||||
-rw-r--r-- | lass/2configs/exim-smarthost.nix | 1 | ||||
-rw-r--r-- | lass/2configs/games.nix | 1 | ||||
-rw-r--r-- | lass/2configs/gc.nix | 2 | ||||
-rw-r--r-- | lass/2configs/hardening.nix | 11 | ||||
-rw-r--r-- | lass/2configs/mail.nix | 4 | ||||
-rw-r--r-- | lass/2configs/radio.nix | 61 | ||||
-rw-r--r-- | lass/2configs/reaktor-coders.nix | 180 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 38 | ||||
-rw-r--r-- | lass/2configs/websites/lassulus.nix | 3 |
11 files changed, 183 insertions, 128 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1f2bb511f..1d2d1173d 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,7 +9,6 @@ in { ./power-action.nix ./copyq.nix ./urxvt.nix - ./nfs-dl.nix { hardware.pulseaudio = { enable = true; @@ -75,12 +74,11 @@ in { nmap pavucontrol powertop - rxvt_unicode_with-plugins + rxvt_unicode-with-plugins sxiv taskwarrior termite xclip - xephyrify xorg.xbacklight xorg.xhost xsel diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 62a42baf9..2547e8bac 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,6 +2,7 @@ with import <stockholm/lib>; { config, pkgs, ... }: { imports = [ + <stockholm/krebs/2configs/nscd-fix.nix> ./binary-cache/client.nix ./gc.nix ./mc.nix @@ -72,7 +73,6 @@ with import <stockholm/lib>; krebs = { enable = true; - search-domain = "r"; build.user = config.krebs.users.lass; }; @@ -82,9 +82,6 @@ with import <stockholm/lib>; services.timesyncd.enable = mkForce true; - #why is this on in the first place? - services.nscd.enable = false; - systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" ]; @@ -116,6 +113,7 @@ with import <stockholm/lib>; #network iptables iftop + tcpdump #stuff for dl aria2 diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index f487a9910..555295422 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -96,6 +96,7 @@ with import <stockholm/lib>; { from = "nordvpn@lassul.us"; to = lass.mail; } { from = "csv-direct@lassul.us"; to = lass.mail; } { from = "nintendo@lassul.us"; to = lass.mail; } + { from = "overleaf@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 62e3f6d52..a3acb82bb 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -74,7 +74,6 @@ in { createHome = true; useDefaultShell = true; packages = with pkgs; [ - ftb minecraft steam-run dolphinEmu diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index c5073e384..a1bb26049 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -3,6 +3,6 @@ with import <stockholm/lib>; { nix.gc = { - automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer); + automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer); }; } diff --git a/lass/2configs/hardening.nix b/lass/2configs/hardening.nix new file mode 100644 index 000000000..aee4bf06f --- /dev/null +++ b/lass/2configs/hardening.nix @@ -0,0 +1,11 @@ +{ pkgs, lib, ... }: +with lib; +{ + security.chromiumSuidSandbox.enable = true; + security.lockKernelModules = false; + boot.kernel.sysctl."user.max_user_namespaces" = 63414; + + imports = [ + <nixpkgs/nixos/modules/profiles/hardened.nix> + ]; +} diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 21b9d7b49..52d380b7c 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -51,7 +51,7 @@ let eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; - india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ]; + india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" "to:hackbeach@mail.hackbeach.in" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; meetup = [ "to:meetup@lassul.us" ]; @@ -225,7 +225,7 @@ in { msmtp mutt pkgs.notmuch - pkgs.much + pkgs.haskellPackages.much tag-new-mails tag-old-mails ]; diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 987632cd1..f88b2627b 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -170,32 +170,45 @@ in { }; }; - krebs.Reaktor.playlist = { - nickname = "the_playlist|r"; - channels = [ - "#the_playlist" - "#krebs" - ]; - extraEnviron = { - REAKTOR_HOST = "irc.freenode.org"; - }; - plugins = with pkgs.ReaktorPlugins; [ - (buildSimpleReaktorPlugin "skip" { - script = "${skip_track}/bin/skip_track"; - pattern = "^skip$"; - }) - (buildSimpleReaktorPlugin "current" { - script = "${print_current}/bin/print_current"; - pattern = "^current$"; - }) - (buildSimpleReaktorPlugin "suggest" { - script = "${pkgs.writeDash "suggest" '' - echo "$@" >> $HOME/playlist_suggest - ''}"; - pattern = "^suggest: (?P<args>.*)$"; - }) + krebs.reaktor2.the_playlist = { + hostname = "irc.freenode.org"; + port = "6697"; + useTLS = true; + nick = "the_playlist"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#the_playlist" + "#krebs" + ]; + }; + } + { + plugin = "system"; + config = { + workdir = config.krebs.reaktor2.the_playlist.stateDir; + hooks.PRIVMSG = [ + { + activate = "match"; + pattern = ''!([^ ]+)(?:\s*(.*))?''; + command = 1; + arguments = [2]; + commands = { + skip.filename = "${skip_track}/bin/skip_track"; + current.filename = "${print_current}/bin/print_current"; + suggest.filename = pkgs.writeDash "suggest" '' + echo "$@" >> playlist_suggest + ''; + }; + } + ]; + }; + } ]; }; + services.nginx = { enable = true; virtualHosts."radio.lassul.us" = { diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 7cdcdf20c..4baec1976 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -1,99 +1,93 @@ { config, lib, pkgs, ... }: with import <stockholm/lib>; -{ - krebs.Reaktor.coders = { - nickname = "Reaktor|lass"; - channels = [ "#coders" "#germany" "#panthermoderns" ]; - extraEnviron = { - REAKTOR_HOST = "irc.hackint.org"; - }; - plugins = with pkgs.ReaktorPlugins; let - - lambdabot = (import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs"; - rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; - sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; - }) {}).lambdabot; - - lambdabotflags = '' - -XStandaloneDeriving -XGADTs -XFlexibleContexts \ - -XFlexibleInstances -XMultiParamTypeClasses \ - -XOverloadedStrings -XFunctionalDependencies \''; - in [ - sed-plugin - url-title - (buildSimpleReaktorPlugin "lambdabot-pl" { - pattern = "^@pl (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-pl" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@pl $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-type" { - pattern = "^@type (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-type" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@type $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-let" { - pattern = "^@let (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-let" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@let $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-run" { - pattern = "^@run (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-run" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@run $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-kind" { - pattern = "^@kind (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-kind" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@kind $1" - ''; - }) - (buildSimpleReaktorPlugin "ping" { - pattern = "^!ping (?P<args>.*)$$"; - script = pkgs.writeDash "ping" '' - exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 - ''; - }) - (buildSimpleReaktorPlugin "google" { - pattern = "^!g (?P<args>.*)$$"; - script = pkgs.writeDash "google" '' - exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \ - ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"' - ''; - }) - (buildSimpleReaktorPlugin "blockchain" { - pattern = ".*[Bb]lockchain.*$$"; - script = pkgs.writeDash "blockchain" '' - exec echo 'DID SOMEBODY SAY BLOCKCHAIN? https://paste.krebsco.de/r99pMoQq/+inline' - ''; - }) - (buildSimpleReaktorPlugin "shrug" { - pattern = "^!shrug$"; - script = pkgs.writeDash "shrug" '' - exec echo '¯\_(ツ)_/¯' - ''; - }) - (buildSimpleReaktorPlugin "flip" { - pattern = "^!flip$"; - script = pkgs.writeDash "shrug" '' - exec echo '(╯°□°)╯ ┻━┻' - ''; - }) +let + hooks = pkgs.reaktor2-plugins.hooks; +in { + krebs.reaktor2.coders = { + hostname = "irc.hackint.org"; + port = "9999"; + useTLS = true; + nick = "reaktor2|lass"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#coders" + "#germany" + "#panthermoderns" + ]; + }; + } + { + plugin = "system"; + config = { + workdir = config.krebs.reaktor2.coders.stateDir; + hooks.PRIVMSG = [ + hooks.sed + hooks.url-title + { + activate = "match"; + pattern = ''@([^ ]+) (.*)$''; + command = 1; + arguments = [2]; + env.HOME = config.krebs.reaktor2.coders.stateDir; + commands = let + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + lambdabotWrapper = pkgs.writeDash "lambdabot.wrapper" '' + exec ${lambdabot}/bin/lambdabot \ + -XStandaloneDeriving -XGADTs -XFlexibleContexts \ + -XFlexibleInstances -XMultiParamTypeClasses \ + -XOverloadedStrings -XFunctionalDependencies \ + -e "$@" + ''; + in { + pl.filename = pkgs.writeDash "lambdabot-pl" '' + ${lambdabotWrapper} "@pl $1" + ''; + type.filename = pkgs.writeDash "lambdabot-type" '' + ${lambdabotWrapper} "@type $1" + ''; + "let".filename = pkgs.writeDash "lambdabot-let" '' + ${lambdabotWrapper} "@let $1" + ''; + run.filename = pkgs.writeDash "lambdabot-run" '' + ${lambdabotWrapper} "@run $1" + ''; + kind.filename = pkgs.writeDash "lambdabot-kind" '' + ${lambdabotWrapper} "@kind $1" + ''; + }; + } + { + activate = "match"; + pattern = ''!([^ ]+)(?:\s*(.*))?''; + command = 1; + arguments = [2]; + commands = { + ping.filename = pkgs.writeDash "ping" '' + exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 + ''; + google.filename = pkgs.writeDash "google" '' + exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \ + ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"' + ''; + shrug.filename = pkgs.writeDash "shrug" '' + exec echo '¯\_(ツ)_/¯' + ''; + table.filename = pkgs.writeDash "table" '' + exec echo '(╯°□°)╯ ┻━┻' + ''; + }; + } + ]; + }; + } ]; }; } diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 25dac0ac4..7fb248139 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -88,6 +88,20 @@ in { file_uploads = on ''; + services.nextcloud = { + enable = true; + hostName = "o.xanf.org"; + config = { + adminpassFile = toString <secrets> + "/nextcloud_pw"; + }; + #https = true; + nginx.enable = true; + }; + services.nginx.virtualHosts."o.xanf.org" = { + enableACME = true; + forceSSL = true; + }; + # MAIL STUFF # TODO: make into its own module services.dovecot2 = { @@ -141,6 +155,13 @@ in { ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; + users.users.UBIK-SFTP = { + uid = genid_uint31 "UBIK-SFTP"; + home = "/home/UBIK-SFTP"; + useDefaultShell = true; + createHome = true; + }; + users.users.xanf = { uid = genid_uint31 "xanf"; home = "/home/xanf"; @@ -213,5 +234,22 @@ in { createHome = true; }; + services.restic.backups.domsen = { + initialize = true; + extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ]; + repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; + passwordFile = toString <secrets> + "/domsen_backup_pw"; + paths = [ + "/srv/http" + "/home/domsen/Mail" + "/home/ms/Mail" + "/home/klabusterbeere/Mail" + "/home/jms/Mail" + "/home/bruno/Mail" + "/home/akayguen/Mail" + "/backups/sql_dumps" + ]; + }; + } diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 307f1c2b3..27cadd100 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -101,6 +101,9 @@ in { locations."/pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; ''; + locations."/pub1".extraConfig = '' + alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey}; + ''; }; security.acme.certs."cgit.lassul.us" = { |