diff options
author | makefu <github@syntax-fehler.de> | 2019-06-14 18:41:27 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2019-06-14 18:41:27 +0200 |
commit | 276ad5f9d54a30c6817d00799af49199a5ef9e4c (patch) | |
tree | d441e34c262f08eddf9d84c01508e698468fbbfb /lass | |
parent | 592d157eba8f1b5ba35f1fca64c2905897468f83 (diff) | |
parent | 4e7af580d81f02f6d07d38917f124f4b99483603 (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass')
-rw-r--r-- | lass/1systems/daedalus/config.nix | 2 | ||||
-rw-r--r-- | lass/1systems/mors/config.nix | 31 | ||||
-rw-r--r-- | lass/1systems/mors/physical.nix | 2 | ||||
-rw-r--r-- | lass/1systems/prism/config.nix | 15 | ||||
-rw-r--r-- | lass/2configs/browsers.nix | 1 | ||||
-rw-r--r-- | lass/2configs/codimd.nix | 28 | ||||
-rw-r--r-- | lass/2configs/exim-smarthost.nix | 3 | ||||
-rw-r--r-- | lass/2configs/network-manager.nix | 2 | ||||
-rw-r--r-- | lass/2configs/radio.nix | 22 | ||||
-rw-r--r-- | lass/2configs/retiolum.nix | 4 | ||||
-rw-r--r-- | lass/2configs/syncthing.nix | 11 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 47 |
12 files changed, 146 insertions, 22 deletions
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 6e3df12f0..df8868034 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -57,6 +57,8 @@ with import <stockholm/lib>; { krebs.per-user.bitcoin.packages = [ pkgs.electrum + pkgs.electron-cash + pkgs.altcoins.litecoin ]; users.extraUsers = { bitcoin = { diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index f911b79d6..5076beeef 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -49,14 +49,31 @@ with import <stockholm/lib>; ]; } { - krebs.syncthing.folders."the_playlist" = { - path = "/home/lass/tmp/the_playlist"; - peers = [ "mors" "phone" "prism" ]; + krebs.syncthing = { + peers.schasch.addresses = [ "schasch.r:22000" ]; + folders = { + the_playlist = { + path = "/home/lass/tmp/the_playlist"; + peers = [ "mors" "phone" "prism" ]; + }; + free_music = { + id = "mu9mn-zgvsw"; + path = "/home/lass/tmp/free_music"; + peers = [ "mors" "schasch" ]; + }; + }; }; - krebs.permown."/home/lass/tmp/the_playlist" = { - owner = "lass"; - group = "syncthing"; - umask = "0007"; + krebs.permown = { + "/home/lass/tmp/free_music" = { + owner = "lass"; + group = "syncthing"; + umask = "0007"; + }; + "/home/lass/tmp/the_playlist" = { + owner = "lass"; + group = "syncthing"; + umask = "0007"; + }; }; } { diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix index 25425f146..6828d70de 100644 --- a/lass/1systems/mors/physical.nix +++ b/lass/1systems/mors/physical.nix @@ -22,7 +22,7 @@ }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:72:f4:88", NAME="wl0" + SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:c4:7a:f1", NAME="et0" ''; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d7b0b701a..eec8e34b8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -195,6 +195,7 @@ with import <stockholm/lib>; }; } <stockholm/lass/2configs/minecraft.nix> + <stockholm/lass/2configs/codimd.nix> { services.taskserver = { enable = true; @@ -382,7 +383,7 @@ with import <stockholm/lib>; ''; fileSystems."/export/download" = { - device = "/var/lib/containers/yellow/var/download"; + device = "/var/lib/containers/yellow/var/download/finished"; options = [ "bind" ]; }; services.nfs.server = { @@ -395,6 +396,12 @@ with import <stockholm/lib>; statdPort = 4000; }; krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; } { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; } { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; } @@ -456,4 +463,10 @@ with import <stockholm/lib>; enable = true; freeMemThreshold = 5; }; + + # prism rsa hack + services.openssh.hostKeys = [{ + path = toString <secrets> + "ssh.id_rsa"; + type = "rsa"; + }]; } diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index d214e224d..c0085995d 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -66,7 +66,6 @@ in { extensions = [ "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium - "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold ]; }; diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix new file mode 100644 index 000000000..5f802148b --- /dev/null +++ b/lass/2configs/codimd.nix @@ -0,0 +1,28 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; + +{ + services.nginx.virtualHosts.codimd = { + enableACME = true; + addSSL = true; + serverName = "codi.lassul.us"; + locations."/".extraConfig = '' + client_max_body_size 4G; + proxy_set_header Host $host; + proxy_pass http://localhost:3091; + ''; + }; + + services.codimd = { + enable = true; + configuration = { + db = { + dialect = "sqlite"; + storage = "/var/lib/codimd/db.codimd.sqlite"; + useCDN = false; + }; + port = 3091; + }; + }; +} + diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 4216bd67a..d1e6b195b 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -103,6 +103,9 @@ with import <stockholm/lib>; { from = "lobsters@lassul.us"; to = lass.mail; } { from = "fysitech@lassul.us"; to = lass.mail; } { from = "threema@lassul.us"; to = lass.mail; } + { from = "ubisoft@lassul.us"; to = lass.mail; } + { from = "kottezeller@lassul.us"; to = lass.mail; } + { from = "pie@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix index 5b890b591..ab27eb841 100644 --- a/lass/2configs/network-manager.nix +++ b/lass/2configs/network-manager.nix @@ -15,6 +15,8 @@ }; }; networking.networkmanager = { + ethernet.macAddress = "random"; + wifi.macAddress = "random"; enable = true; unmanaged = [ "docker*" diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 88899c554..b4efd42fc 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -97,12 +97,17 @@ in { services.icecast = { enable = true; - hostname = "config.krebs.build.host.name"; + hostname = "radio.lassul.us"; admin.password = admin-password; extraConf = '' - <authentication> - <source-password>${source-password}</source-password> - </authentication> + <mount> + <mount-name>/radio.mp3</mount-name> + <password>${source-password}</password> + </mount> + <mount> + <mount-name>/radio.ogg</mount-name> + <password>${source-password}</password> + </mount> ''; }; @@ -194,8 +199,8 @@ in { workdir = config.krebs.reaktor2.the_playlist.stateDir; hooks.PRIVMSG = [ { - activate = "match"; - pattern = ''!([^ ]+)(?:\s*(.*))?''; + #activate = "match"; + pattern = "^\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$"; command = 1; arguments = [2]; commands = { @@ -218,6 +223,11 @@ in { forceSSL = true; enableACME = true; locations."/".extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Real-IP $remote_addr; proxy_pass http://localhost:8000; ''; locations."/recent".extraConfig = '' diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index fb76c5735..9932f8172 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -20,8 +20,10 @@ "prism" "gum" "ni" - "dishfire" ]; + extraConfig = '' + LocalDiscovery = yes + ''; }; nixpkgs.config.packageOverrides = pkgs: { diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 48f2625c1..d4df17b9a 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -1,5 +1,7 @@ { config, pkgs, ... }: with import <stockholm/lib>; let - peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); + all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts; + own_peers = filterAttrs (n: v: v.owner.name == "lass") all_peers; + mk_peers = mapAttrs (n: v: { id = v.syncthing.id; }); in { services.syncthing = { enable = true; @@ -14,8 +16,8 @@ in { enable = true; cert = toString <secrets/syncthing.cert>; key = toString <secrets/syncthing.key>; - peers = peers; - folders."/home/lass/sync".peers = attrNames peers; + peers = mk_peers all_peers; + folders."/home/lass/sync".peers = attrNames (filterAttrs (n: v: n != "phone") own_peers); }; system.activationScripts.syncthing-home = '' @@ -23,8 +25,9 @@ in { ''; krebs.permown."/home/lass/sync" = { + file-mode = "u+rw,g+rw"; owner = "lass"; group = "syncthing"; - umask = "0007"; + umask = "0002"; }; } diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 2131c7c62..9980e0501 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,6 +26,7 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) + (servePage [ "jarugadesign.de" "www.jarugadesign.de" ]) (servePage [ "freemonkey.art" "www.freemonkey.art" @@ -93,6 +94,7 @@ in { hostName = "o.xanf.org"; config = { adminpassFile = toString <secrets> + "/nextcloud_pw"; + overwriteProtocol = "https"; }; https = true; nginx.enable = true; @@ -141,6 +143,7 @@ in { { from = "akayguen@freemonkey.art"; to ="akayguen"; } { from = "bui@freemonkey.art"; to ="bui"; } { from = "kontakt@alewis.de"; to ="klabusterbeere"; } + { from = "hallo@jarugadesign.de"; to ="kasia"; } { from = "testuser@lassul.us"; to = "testuser"; } { from = "testuser@ubikmedia.eu"; to = "testuser"; } @@ -150,6 +153,7 @@ in { "ubikmedia.eu" "ubikmedia.de" "alewis.de" + "jarugadesign.de" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; @@ -234,7 +238,18 @@ in { createHome = true; }; - krebs.on-failure.plans.restic-backups-domsen = {}; + users.users.kasia = { + uid = genid_uint31 "kasia"; + home = "/home/kasia"; + useDefaultShell = true; + createHome = true; + }; + + krebs.on-failure.plans.restic-backups-domsen = { + journalctl = { + lines = 1000; + }; + }; services.restic.backups.domsen = { initialize = true; extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ]; @@ -247,11 +262,41 @@ in { "/home/ms/Mail" "/home/klabusterbeere/Mail" "/home/jms/Mail" + "/home/kasia/Mail" "/home/bruno/Mail" "/home/akayguen/Mail" "/backups/sql_dumps" ]; }; + boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576"; + krebs.permown = { + "/srv/http/ubikmedia.de" = { + owner = "domsen"; + group = "nginx"; + umask = "0007"; + }; + "/srv/http/o.ubikmedia.de" = { + owner = "domsen"; + group = "nginx"; + umask = "0007"; + }; + "/srv/http/freemonkey.art" = { + owner = "domsen"; + group = "nginx"; + umask = "0002"; + }; + "/srv/http/jarugadesign.de" = { + owner = "domsen"; + group = "nginx"; + umask = "0002"; + }; + "/srv/http/reich-gebaeudereinigung.de" = { + owner = "domsen"; + group = "nginx"; + umask = "0002"; + }; + }; + } |