5 files changed, 172 insertions, 40 deletions
diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix
index 5e5b8a7b..494cafa9 100644
--- a/2configs/lass/base.nix
+++ b/2configs/lass/base.nix
@@ -3,14 +3,37 @@
 with lib;
 {
   imports = [
-    ./sshkeys.nix
     ../../3modules/lass/iptables.nix
+    ../../2configs/lass/vim.nix
     {
       users.extraUsers =
         mapAttrs (_: h: { hashedPassword = h; })
                  (import /root/src/secrets/hashedPasswords.nix);
     }
-
+    {
+      users.extraUsers = {
+        root = {
+          openssh.authorizedKeys.keys = map readFile [
+            ../../Zpubkeys/lass.ssh.pub
+          ];
+        };
+        mainUser = {
+          name = "lass";
+          uid = 1337;
+          home = "/home/lass";
+          group = "users";
+          createHome = true;
+          useDefaultShell = true;
+          extraGroups = [
+            "audio"
+            "wheel"
+          ];
+          openssh.authorizedKeys.keys = map readFile [
+            ../../Zpubkeys/lass.ssh.pub
+          ];
+        };
+      };
+    }
   ];
 
   nix.useChroot = true;
@@ -30,6 +53,8 @@ with lib;
   '';
 
   environment.systemPackages = with pkgs; [
+    nmap
+
     git
     most
     rxvt_unicode.terminfo
@@ -77,11 +102,11 @@ with lib;
     "sendmail"
   ];
 
-  services.gitolite = {
-    enable = true;
-    dataDir = "/home/gitolite";
-    adminPubkey = config.sshKeys.lass.pub;
-  };
+  #services.gitolite = {
+  #  enable = true;
+  #  dataDir = "/home/gitolite";
+  #  adminPubkey = config.sshKeys.lass.pub;
+  #};
 
   services.openssh = {
     enable = true;
@@ -102,35 +127,12 @@ with lib;
       filter.INPUT.policy = "DROP";
       filter.FORWARD.policy = "DROP";
       filter.INPUT.rules = [
-        { predicate = "-i lo"; target = "ACCEPT"; }
-        { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
-        { predicate = "-p icmp"; target = "ACCEPT"; }
-        { predicate = "-p tcp --dport 22"; target = "ACCEPT"; }
+        { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
+        { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+        { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
+        { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
       ];
     };
   };
 
-  #Networking.firewall = {
-  #  enable = true;
-
-  #  allowedTCPPorts = [
-  #    22
-  #  ];
-
-  #  extraCommands = ''
-  #    iptables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
-  #    iptables -A INPUT -j ACCEPT -i lo
-  #    #http://serverfault.com/questions/84963/why-not-block-icmp
-  #    iptables -A INPUT -j ACCEPT -p icmp
-
-  #    #TODO: fix Retiolum firewall
-  #    #iptables -N RETIOLUM
-  #    #iptables -A INPUT -j RETIOLUM -i retiolum
-  #    #iptables -A RETIOLUM -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
-  #    #iptables -A RETIOLUM -j REJECT -p tcp --reject-with tcp-reset
-  #    #iptables -A RETIOLUM -j REJECT -p udp --reject-with icmp-port-unreachable
-  #    #iptables -A RETIOLUM -j REJECT        --reject-with icmp-proto-unreachable
-  #    #iptables -A RETIOLUM -j REJECT
-  #  '';
-  #};
 }
diff --git a/2configs/lass/desktop-base.nix b/2configs/lass/desktop-base.nix
index ee7a94bc..9b98e4a8 100644
--- a/2configs/lass/desktop-base.nix
+++ b/2configs/lass/desktop-base.nix
@@ -55,11 +55,9 @@ in {
     displayManager.auto.enable = true;
     displayManager.auto.user = mainUser.name;
 
-    layout = "us,de";
+    layout = "us";
     xkbModel = "evdev";
-    xkbVariant = "altgr-intl,nodeadkeys";
-    xkbOptions = "grp:caps_toggle";
-
+    xkbVariant = "altgr-intl";
   };
 
 }
diff --git a/2configs/lass/fastpoke-pages.nix b/2configs/lass/fastpoke-pages.nix
new file mode 100644
index 00000000..2fd9a863
--- /dev/null
+++ b/2configs/lass/fastpoke-pages.nix
@@ -0,0 +1,103 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+  imports = [
+    ../../3modules/tv/nginx.nix
+    ../../3modules/lass/iptables.nix
+  ];
+
+  lass.iptables = {
+    tables = {
+      filter.INPUT.rules = [
+        { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
+      ];
+    };
+  };
+
+  #createStaticPage = domain:
+  #  {
+  #    irc.nginx.servers."${domain}" = {
+  #      server-names = [
+  #        "${domain}"
+  #        "www.${domain}"
+  #      ];
+  #      locations = [
+  #        (nameValuePair "/" ''
+  #          root /var/lib/http/${domain};
+  #        '')
+  #      ];
+  #    };
+  #    networking.extraHosts = ''
+  #      10.243.206.102 ${domain}
+  #    '';
+  #  };
+
+  #map createStaticPage [
+  #  "habsys.de"
+  #  "pixelpocket.de"
+  #  "karlaskop.de"
+  #  "ubikmedia.de"
+  #  "apanowicz.de"
+  #  "aidsballs.de"
+  #];
+
+  tv.nginx = {
+    enable = true;
+    servers = {
+
+      "habsys.de" = {
+        server-names = [
+          "habsys.de"
+          "www.habsys.de"
+        ];
+        locations = [
+          (nameValuePair "/" ''
+            root /var/lib/http/habsys.de;
+          '')
+        ];
+      };
+
+      "karlaskop.de" = {
+        server-names = [
+          "karlaskop.de"
+          "www.karlaskop.de"
+        ];
+        locations = [
+          (nameValuePair "/" ''
+            root /var/lib/http/karlaskop.de;
+          '')
+        ];
+      };
+
+      "pixelpocket.de" = {
+        server-names = [
+          "pixelpocket.de"
+          "www.karlaskop.de"
+        ];
+        locations = [
+          (nameValuePair "/" ''
+            root /var/lib/http/karlaskop.de;
+          '')
+        ];
+      };
+
+    };
+  };
+
+  networking.extraHosts = ''
+    10.243.206.102 habsys.de karlaskop.de pixelpocket.de ubikmedia.de apanowicz.de
+    10.243.206.102 aidsballs.de
+  '';
+
+  #services.postgresql = {
+  #  enable = true;
+  #};
+
+  #config.services.vsftpd = {
+  #  enable = true;
+  #  userlistEnable = true;
+  #  userlistFile = pkgs.writeFile "vsftpd-userlist" ''
+  #  '';
+  #};
+}
diff --git a/2configs/lass/git-repos.nix b/2configs/lass/git-repos.nix
index c0c305b8..b4f446ae 100644
--- a/2configs/lass/git-repos.nix
+++ b/2configs/lass/git-repos.nix
@@ -39,7 +39,7 @@ let
           post-receive = git.irc-announce {
             nick = config.networking.hostName; # TODO make this the default
             channel = "#retiolum";
-            server = "ire.retiolum";
+            server = "cd.retiolum";
           };
         };
       };
@@ -63,7 +63,7 @@ let
           post-receive = git.irc-announce {
             nick = config.networking.hostName; # TODO make this the default
             channel = "#retiolum";
-            server = "ire.retiolum";
+            server = "cd.retiolum";
           };
         };
         public = true;
diff --git a/2configs/lass/retiolum.nix b/2configs/lass/retiolum.nix
new file mode 100644
index 00000000..d1389ad2
--- /dev/null
+++ b/2configs/lass/retiolum.nix
@@ -0,0 +1,29 @@
+{ ... }:
+
+{
+  imports = [
+    ../../3modules/lass/iptables.nix
+    ../../3modules/tv/retiolum.nix
+    ../../2configs/tv/exim-retiolum.nix
+  ];
+
+  lass.iptables = {
+    tables = {
+      filter.INPUT.rules = [
+        { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
+        { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
+        { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
+      ];
+    };
+  };
+
+  tv.retiolum = {
+    enable = true;
+    hosts = ../../Zhosts;
+    connectTo = [
+      "fastpoke"
+      "cloudkrebs"
+      "pigstarter"
+    ];
+  };
+}