summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/lass/default.nix31
-rw-r--r--lass/1systems/prism/config.nix28
-rw-r--r--lass/1systems/red/config.nix30
-rw-r--r--lass/1systems/red/source.nix4
-rw-r--r--lass/2configs/websites/lassulus.nix1
5 files changed, 93 insertions, 1 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 99010481b..48df04bcb 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -639,6 +639,37 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
};
+ red = {
+ monitoring = false;
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.13";
+ ip6.addr = "42:0:0:0:0:0:0:12ed";
+ aliases = [
+ "red.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG
+ 4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF
+ Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI
+ phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0
+ FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox
+ TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa
+ mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w
+ oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE
+ cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ
+ 7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa
+ 5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW
+ ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
+ };
};
users = {
lass = {
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 7b581d905..d1faf77bd 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -304,6 +304,34 @@ in {
];
}
<stockholm/lass/2configs/go.nix>
+ {
+ environment.systemPackages = [ pkgs.cryptsetup ];
+ systemd.services."container@red".reloadIfChanged = mkForce false;
+ containers.red = {
+ config = { ... }: {
+ environment.systemPackages = [ pkgs.git ];
+ services.openssh.enable = true;
+ users.users.root.openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ ];
+ };
+ autoStart = false;
+ enableTun = true;
+ privateNetwork = true;
+ hostAddress = "10.233.2.3";
+ localAddress = "10.233.2.4";
+ };
+ services.nginx.virtualHosts."rote-allez-fraktion.de" = {
+ enableACME = true;
+ addSSL = true;
+ locations."/" = {
+ extraConfig = ''
+ proxy_set_header Host rote-allez-fraktion.de;
+ proxy_pass http://10.233.2.4;
+ '';
+ };
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix
new file mode 100644
index 000000000..8c60aed62
--- /dev/null
+++ b/lass/1systems/red/config.nix
@@ -0,0 +1,30 @@
+with import <stockholm/lib>;
+{ config, lib, pkgs, ... }:
+let
+ inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
+ servephpBB
+ ;
+in
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs>
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/websites>
+ <stockholm/lass/2configs/websites/sqlBackup.nix>
+ (servephpBB [ "rote-allez-fraktion.de" ])
+ ];
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
+ ];
+
+ krebs.build.host = config.krebs.hosts.red;
+ boot.isContainer = true;
+ networking.useDHCP = false;
+
+ services.nginx.enable = true;
+ environment.systemPackages = [
+ pkgs.mk_sql_pair
+ ];
+}
diff --git a/lass/1systems/red/source.nix b/lass/1systems/red/source.nix
new file mode 100644
index 000000000..f2bad743c
--- /dev/null
+++ b/lass/1systems/red/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/lass/source.nix> {
+ name = "red";
+ secure = true;
+}
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index b9811221c..53f1eea5c 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -10,7 +10,6 @@ in {
imports = [
./default.nix
../git.nix
- (servephpBB [ "rote-allez-fraktion.de" ])
];
security.acme = {