diff options
-rw-r--r-- | krebs/3modules/lass/default.nix | 31 | ||||
-rw-r--r-- | lass/1systems/prism/config.nix | 28 | ||||
-rw-r--r-- | lass/1systems/red/config.nix | 30 | ||||
-rw-r--r-- | lass/1systems/red/source.nix | 4 | ||||
-rw-r--r-- | lass/2configs/websites/lassulus.nix | 1 |
5 files changed, 93 insertions, 1 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 99010481b..48df04bcb 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -639,6 +639,37 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym"; }; + red = { + monitoring = false; + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.13"; + ip6.addr = "42:0:0:0:0:0:0:12ed"; + aliases = [ + "red.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG + 4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF + Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI + phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0 + FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox + TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa + mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w + oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE + cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ + 7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa + 5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW + ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp"; + }; }; users = { lass = { diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 7b581d905..d1faf77bd 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -304,6 +304,34 @@ in { ]; } <stockholm/lass/2configs/go.nix> + { + environment.systemPackages = [ pkgs.cryptsetup ]; + systemd.services."container@red".reloadIfChanged = mkForce false; + containers.red = { + config = { ... }: { + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.3"; + localAddress = "10.233.2.4"; + }; + services.nginx.virtualHosts."rote-allez-fraktion.de" = { + enableACME = true; + addSSL = true; + locations."/" = { + extraConfig = '' + proxy_set_header Host rote-allez-fraktion.de; + proxy_pass http://10.233.2.4; + ''; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix new file mode 100644 index 000000000..8c60aed62 --- /dev/null +++ b/lass/1systems/red/config.nix @@ -0,0 +1,30 @@ +with import <stockholm/lib>; +{ config, lib, pkgs, ... }: +let + inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;}) + servephpBB + ; +in +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/websites> + <stockholm/lass/2configs/websites/sqlBackup.nix> + (servephpBB [ "rote-allez-fraktion.de" ]) + ]; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } + ]; + + krebs.build.host = config.krebs.hosts.red; + boot.isContainer = true; + networking.useDHCP = false; + + services.nginx.enable = true; + environment.systemPackages = [ + pkgs.mk_sql_pair + ]; +} diff --git a/lass/1systems/red/source.nix b/lass/1systems/red/source.nix new file mode 100644 index 000000000..f2bad743c --- /dev/null +++ b/lass/1systems/red/source.nix @@ -0,0 +1,4 @@ +import <stockholm/lass/source.nix> { + name = "red"; + secure = true; +} diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index b9811221c..53f1eea5c 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -10,7 +10,6 @@ in { imports = [ ./default.nix ../git.nix - (servephpBB [ "rote-allez-fraktion.de" ]) ]; security.acme = { |