Merge remote-tracking branch 'cd/master' into pre-merge

5 files changed, 36 insertions, 9 deletions

diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index b0b8ff573..7db3f8333 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -156,6 +156,7 @@
     get
     genid
     teamspeak_client
+    hashPassword
   ];
 
   #TODO: fix this shit
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 570cdfb7c..87334c3c2 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -8,6 +8,8 @@ in {
   imports = [
     ../2configs/base.nix
     ../2configs/downloading.nix
+    ../2configs/git.nix
+    ../2configs/ts3.nix
     {
       users.extraGroups = {
         # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
@@ -82,6 +84,9 @@ in {
       #workaround for server dying after 6-7h
       boot.kernelPackages = pkgs.linuxPackages_4_2;
     }
+    {
+      nixpkgs.config.allowUnfree = true;
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 057af7bc4..11bc4f089 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -15,8 +15,8 @@ with lib;
     {
       users.extraUsers = {
         root = {
-          openssh.authorizedKeys.keys = map readFile [
-            ../../krebs/Zpubkeys/lass.ssh.pub
+          openssh.authorizedKeys.keys = [
+            config.krebs.users.lass.pubkey
           ];
         };
         mainUser = {
@@ -28,8 +28,8 @@ with lib;
           useDefaultShell = true;
           extraGroups = [
           ];
-          openssh.authorizedKeys.keys = map readFile [
-            ../../krebs/Zpubkeys/lass.ssh.pub
+          openssh.authorizedKeys.keys = [
+            config.krebs.users.lass.pubkey
           ];
         };
       };
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 553a3a557..e80b74007 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -1,7 +1,10 @@
 { config, lib, pkgs, ... }:
 
 with lib;
-{
+
+let
+  rpc-password = import <secrets/transmission-pw.nix>;
+in {
   imports = [
     ../3modules/folderPerms.nix
   ];
@@ -15,8 +18,8 @@ with lib;
       extraGroups = [
         "download"
       ];
-      openssh.authorizedKeys.keys = map readFile [
-        ../../krebs/Zpubkeys/lass.ssh.pub
+      openssh.authorizedKeys.keys = [
+        config.krebs.users.lass.pubkey
       ];
     };
 
@@ -46,8 +49,7 @@ with lib;
       rpc-authentication-required = true;
       rpc-whitelist-enabled = false;
       rpc-username = "download";
-      #add rpc-password in secrets
-      rpc-password = "test123";
+      inherit rpc-password;
       peer-port = 51413;
     };
   };
diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix
new file mode 100644
index 000000000..5b92d0919
--- /dev/null
+++ b/lass/2configs/ts3.nix
@@ -0,0 +1,19 @@
+{ config, ... }:
+
+{
+  services.teamspeak3 = {
+    enable = true;
+  };
+
+  krebs.iptables.tables.filter.INPUT.rules = [
+    #voice port
+    { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; }
+    { predicate = "-p udp --dport 9987"; target = "ACCEPT"; }
+    ##file transfer port
+    #{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; }
+    #{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; }
+    ##query port
+    #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; }
+    #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; }
+  ];
+}