Merge remote-tracking branch 'prism/master'

9 files changed, 103 insertions, 54 deletions

diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 51d106b5..8b4f1d7a 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -25,26 +25,6 @@ in {
     ../2configs/binary-cache/server.nix
     ../2configs/iodined.nix
     {
-      imports = [
-        ../2configs/git.nix
-      ];
-      krebs.nginx.servers.cgit = {
-        server-names = [
-          "cgit.lassul.us"
-        ];
-        locations = [
-          (nameValuePair "/.well-known/acme-challenge" ''
-            root /var/lib/acme/challenges/cgit.lassul.us/;
-          '')
-        ];
-        ssl = {
-          enable = true;
-          certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
-          certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem";
-        };
-      };
-    }
-    {
       users.extraGroups = {
         # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
         #    Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
@@ -164,7 +144,6 @@ in {
       users.users.chat.openssh.authorizedKeys.keys = [
         "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHF9tijlMoEevRZCG1AggukxWggfxPHUwg6Ye113ODG6PZ2m98oSmnsjixDy4GfIJjy+8HBbkwS6iH+fsNk86QtAgFNMjBl+9YvEzNRBzcyCqdOkZFvvZvV2oYA7I15il4ln62PDPKjEIS3YPhZPSwc6GhrlsFTnIG56NF/93IhF7R/FA== JuiceSSH"
         config.krebs.users.lass-uriel.pubkey
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQ8DJhHAqmdrB2+qkV/OuKjR4QDXUww2TWItyDrs+/6F58WacMozgaZr2goA5JQJ5d19nC3LzYb4yLGguADsp987I6cAu5iXPT5PHKc0eRWDN+AGlpTgUtN1BvVrnJZaUJrR9WlHhFYlkOkzAsB15fKYciVWsyxBCVZ+3oiTEjs2L/sfbrgailWqHIUWDftUnJx8EFmSUVZ2GZWklMcgBo0FJD1i0x5u2dQGguNY+28DzQmKgUMS+xD/uUZvrFIWr9I6CBqhsuHJo8n85BT3B3QdG8ARLt5FKPr5L3My6UjlxOkKrDNLjJFjERFCsuIxnrO3tQhvKXQYlOyskHokocYSdcIq8svghJLA3kmRYIjHjZ4y1BNENsk79WyYNMAi5y+A0Evmu+g3ks/DiW3vI/Sw/D3Uc7ilbImpaoL5qUC4+WZM3J2b3Z1AU5D1QiojpKkB9Qt1bokCm8hrRCG9ZDKqAD6IqmI1ARRjfgA4zKwKUhmMqG4p55YGGVf9OeK0rXgX0Z2InyFXeBaU2aBcDfdKD/65w5MnC9CsJnjELdd4r9u2ugTPExzOo3WUlNuOTB1WoZ8CiY2OVGle/E/MzKUDfGuIFhUsFeX0YcLHPbo+mesISNUPaeadSuMuHE8W4FOeEq51toBo/gkxgjtqqWMOd9SxnDQTMBKq3L/w7nEQ== lass@mors"
       ];
     }
     {
@@ -174,6 +153,7 @@ in {
       imports = [
         ../2configs/websites/wohnprojekt-rhh.de.nix
         ../2configs/websites/domsen.nix
+        ../2configs/websites/lassulus.nix
       ];
       krebs.iptables.tables.filter.INPUT.rules = [
          { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
@@ -186,34 +166,6 @@ in {
       };
     }
     {
-      security.acme = {
-        certs."lassul.us" = {
-          email = "lass@lassul.us";
-          webroot = "/var/lib/acme/challenges/lassul.us";
-          plugins = [
-            "account_key.json"
-            "key.pem"
-            "fullchain.pem"
-            "full.pem"
-          ];
-          allowKeysForGroup = true;
-          group = "lasscert";
-        };
-      };
-      users.groups.lasscert.members = [
-        "dovecot2"
-        "ejabberd"
-        "exim"
-        "nginx"
-      ];
-      krebs.nginx.servers."lassul.us" = {
-        server-names = [ "lassul.us" ];
-        locations = [
-          (lib.nameValuePair "/.well-known/acme-challenge" ''
-            root /var/lib/acme/challenges/lassul.us/;
-          '')
-        ];
-      };
       lass.ejabberd = {
         enable = true;
         hosts = [ "lassul.us" ];
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index aa5286ae..e1417c83 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -9,6 +9,7 @@ with config.krebs.lib;
     ../2configs/exim-retiolum.nix
     {
       # locke config
+      i18n.defaultLocale ="de_DE.UTF-8";
       time.timeZone = "Europe/Berlin";
       services.xserver.enable = true;
       users.users.locke = {
@@ -28,6 +29,7 @@ with config.krebs.lib;
         systemWide = true;
       };
       environment.systemPackages = with pkgs; [
+        pavucontrol
         firefox
         hexchat
         networkmanagerapplet
@@ -51,8 +53,8 @@ with config.krebs.lib;
     #loader.grub.version = 2;
     #loader.grub.device = "/dev/sda";
 
-    loader.gummiboot.enable = true;
-    loader.gummiboot.timeout = 5;
+    loader.systemd-boot.enable = true;
+    loader.timeout = 5;
 
     initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
     initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 2649ecab..4b05e329 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -49,6 +49,8 @@ in {
 
     mpv-poll
     yt-next
+
+    youtube-tools
   #window manager stuff
     #haskellPackages.xmobar
     #haskellPackages.yeganesh
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 2fc3d373..628fdf61 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -172,7 +172,6 @@ in {
           "hashPassword",
           "haskellPackages.blessings",
           "haskellPackages.email-header",
-          "haskellPackages.megaparsec",
           "haskellPackages.scanner",
           "haskellPackages.xmonad-stockholm",
           "krebspaste",
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 00a3612f..3ed8be77 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -29,6 +29,8 @@ with config.krebs.lib;
       { from = "finanzamt@lassul.us"; to = lass.mail; }
       { from = "netzclub@lassul.us"; to = lass.mail; }
       { from = "nebenan@lassul.us"; to = lass.mail; }
+      { from = "feed@lassul.us"; to = lass.mail; }
+      { from = "art@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 6e9138b6..73c96e87 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
 {
   krebs.build.source.nixpkgs.git = {
     url = https://github.com/nixos/nixpkgs;
-    ref = "354fd3728952c229fee4f2924737c601d7ab4725";
+    ref = "b8ede35d2efa96490857c22c751e75d600bea44f";
   };
 }
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index 027f31fe..eae583a8 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -92,6 +92,7 @@ in {
     (sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger")
     (sync-remote "xintmap" "https://github.com/4z3/xintmap")
     (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper")
+    (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog")
     (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs")
     (sync-retiolum "go")
     (sync-retiolum "much")
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index e05f40d9..3a3e60d3 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -191,7 +191,7 @@ in {
       server_set_id = $auth1
     '';
     internet-aliases = [
-      { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
+      { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
       { from = "mail@jla-trading.com"; to = "jla-trading"; }
       { from = "testuser@lassul.us"; to = "testuser"; }
     ];
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
new file mode 100644
index 00000000..04c19fad
--- /dev/null
+++ b/lass/2configs/websites/lassulus.nix
@@ -0,0 +1,91 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+  inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+    genid
+  ;
+
+in {
+  imports = [
+    ../git.nix
+  ];
+
+  security.acme = {
+    certs."lassul.us" = {
+      email = "lass@lassul.us";
+      webroot = "/var/lib/acme/challenges/lassul.us";
+      plugins = [
+        "account_key.json"
+        "key.pem"
+        "fullchain.pem"
+        "full.pem"
+      ];
+      allowKeysForGroup = true;
+      group = "lasscert";
+    };
+    certs."cgit.lassul.us" = {
+      email = "lassulus@gmail.com";
+      webroot = "/var/lib/acme/challenges/cgit.lassul.us";
+      plugins = [
+        "account_key.json"
+        "key.pem"
+        "fullchain.pem"
+      ];
+      group = "nginx";
+      allowKeysForGroup = true;
+    };
+  };
+
+  users.groups.lasscert.members = [
+    "dovecot2"
+    "ejabberd"
+    "exim"
+    "nginx"
+  ];
+
+  krebs.nginx.servers."lassul.us" = {
+    server-names = [ "lassul.us" ];
+    locations = [
+      (nameValuePair "/" ''
+        root /srv/http/lassul.us;
+      '')
+      (nameValuePair "/.well-known/acme-challenge" ''
+        root /var/lib/acme/challenges/lassul.us/;
+      '')
+    ];
+    ssl = {
+      enable = true;
+      certificate = "/var/lib/acme/lassul.us/fullchain.pem";
+      certificate_key = "/var/lib/acme/lassul.us/key.pem";
+    };
+  };
+
+  krebs.nginx.servers.cgit = {
+    server-names = [
+      "cgit.lassul.us"
+    ];
+    locations = [
+      (nameValuePair "/.well-known/acme-challenge" ''
+        root /var/lib/acme/challenges/cgit.lassul.us/;
+      '')
+    ];
+    ssl = {
+      enable = true;
+      certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
+      certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem";
+    };
+  };
+
+  users.users.blog = {
+    uid = genid "blog";
+    description = "lassul.us blog deployment";
+    home = "/srv/http/lassul.us";
+    useDefaultShell = true;
+    createHome = true;
+    openssh.authorizedKeys.keys = [
+      config.krebs.users.lass.pubkey
+    ];
+  };
+}
+