10 files changed, 103 insertions, 27 deletions

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 140045b9..c683d406 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -59,8 +59,6 @@ let
                   --exclude .graveyard \
                   --exclude old \
                   --rsync-path="mkdir -p \"$2\" && rsync" \
-                  --usermap=\*:0 \
-                  --groupmap=\*:0 \
                   --delete-excluded \
                   -vrLptgoD \
                   "$src" "$dst"
@@ -219,6 +217,37 @@ let
 
   lass-imp = {
     hosts = addNames {
+      echelon = {
+        cores = 4;
+        dc = "lass"; #dc = "cac";
+        nets = rec {
+          internet = {
+            addrs4 = ["162.248.167.198"];
+            aliases = [
+              "echelon.internet"
+            ];
+          };
+          retiolum = {
+            via = internet;
+            addrs4 = ["10.243.206.103"];
+            addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f763"];
+            aliases = [
+              "echelon.retiolum"
+              "cgit.echelon.retiolum"
+            ];
+            tinc.pubkey = ''
+              -----BEGIN RSA PUBLIC KEY-----
+              MIIBCgKCAQEA92ybhDahtGybpAkUNlG5Elxw05MVY4Pg7yK0dQugB4nVq+pnmi78
+              DOMeIciecMHmJM8n9UlUU0eWZVCgHeVd23d6J0hTHCv24p24uHEGGy7XlO/dPJ6A
+              IjROYU0l8c03pipdJ3cDBx6riArSglwmZJ7xH/Iw0BUhRZrPqbtijY7EcG2wc+8K
+              N9N9mBofVMl4EcBiDR/eecK+ro8OkeOmYPtYgFJLvxTYXiPIhOxMAlkOY2fpin/t
+              cgFLUFuN4ag751XjjcNpVovVq95vdg+VhKrrNVWZjJt03owW81BzoryY6CD2kIPq
+              UxK89zEdeYOUT7AxaT/5V5v41IvGFZxCzwIDAQAB
+              -----END RSA PUBLIC KEY-----
+            '';
+          };
+        };
+      };
       cloudkrebs = {
         cores = 1;
         dc = "lass"; #dc = "cac";
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
new file mode 100644
index 00000000..12765a10
--- /dev/null
+++ b/lass/1systems/echelon.nix
@@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ../../tv/2configs/CAC-Developer-2.nix
+    ../../tv/2configs/CAC-CentOS-7-64bit.nix
+    ../2configs/base.nix
+    ../2configs/retiolum.nix
+    ../2configs/fastpoke-pages.nix
+    ../2configs/new-repos.nix
+    {
+      networking.interfaces.enp2s1.ip4 = [
+        {
+          address = "162.248.167.198";
+          prefixLength = 24;
+        }
+      ];
+      networking.defaultGateway = "162.248.167.1";
+      networking.nameservers = [
+        "8.8.8.8"
+      ];
+
+    }
+  ];
+
+  krebs.build = {
+    user = config.krebs.users.lass;
+    target = "root@162.248.167.198";
+    host = config.krebs.hosts.echelon;
+    deps = {
+      secrets = {
+        url = "/home/lass/secrets/${config.krebs.build.host.name}";
+      };
+      stockholm = {
+        url = toString ../..;
+      };
+    };
+  };
+
+  networking.hostName = "cloudkrebs";
+
+}
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 7c3d0812..bb98975e 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -16,7 +16,7 @@ with builtins;
       users.extraUsers = {
         root = {
           openssh.authorizedKeys.keys = map readFile [
-            ../../Zpubkeys/uriel.ssh.pub
+            ../../krebs/Zpubkeys/uriel.ssh.pub
           ];
         };
       };
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index d44a19c1..b29d028d 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -14,7 +14,7 @@ with lib;
       users.extraUsers = {
         root = {
           openssh.authorizedKeys.keys = map readFile [
-            ../../Zpubkeys/lass.ssh.pub
+            ../../krebs/Zpubkeys/lass.ssh.pub
           ];
         };
         mainUser = {
@@ -29,7 +29,7 @@ with lib;
             "wheel"
           ];
           openssh.authorizedKeys.keys = map readFile [
-            ../../Zpubkeys/lass.ssh.pub
+            ../../krebs/Zpubkeys/lass.ssh.pub
           ];
         };
       };
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 9849c829..2aaeda63 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -26,8 +26,17 @@ let
       ];
     };
 
+  #TODO: abstract this
+
 in {
 
+  environment.systemPackages = [
+    (simpleScript "browser-select" ''
+      BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu)
+      $BROWSER $@
+    '')
+  ];
+
   imports = [
     ../3modules/per-user.nix
   ] ++ [
diff --git a/lass/2configs/chromium-patched.nix b/lass/2configs/chromium-patched.nix
index 71518177..d9d7760d 100644
--- a/lass/2configs/chromium-patched.nix
+++ b/lass/2configs/chromium-patched.nix
@@ -37,12 +37,12 @@ let
 in {
   environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy;
 
-  environment.systemPackages = [
-    #pkgs.chromium
-    (pkgs.lib.overrideDerivation pkgs.chromium (attrs: {
-      buildCommand = attrs.buildCommand + ''
-        touch $out/TEST123
-      '';
-    }))
-  ];
+  #environment.systemPackages = [
+  #  #pkgs.chromium
+  #  (pkgs.lib.overrideDerivation pkgs.chromium (attrs: {
+  #    buildCommand = attrs.buildCommand + ''
+  #      touch $out/TEST123
+  #    '';
+  #  }))
+  #];
 }
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index 7c7f2b4d..17cd1d82 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -17,7 +17,7 @@
 
   krebs.retiolum = {
     enable = true;
-    hosts = ../../Zhosts;
+    hosts = ../../krebs/Zhosts;
     connectTo = [
       "fastpoke"
       "cloudkrebs"
diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix
index 7d088fc6..bd895e15 100644
--- a/lass/2configs/steam.nix
+++ b/lass/2configs/steam.nix
@@ -16,15 +16,14 @@
   environment.systemPackages = with pkgs; [
     steam
   ];
-  networking.firewall = {
-    allowedUDPPorts = [
-      27031
-      27036
-    ];
-    allowedTCPPorts = [
-      27036
-      27037
-    ];
+  lass.iptables = {
+    tables = {
+      filter.INPUT.rules = [
+        { predicate = "-p tcp --dport 27031"; target = "ACCEPT"; }
+        { predicate = "-p tcp --dport 27036"; target = "ACCEPT"; }
+        { predicate = "-p udp --dport 27031"; target = "ACCEPT"; }
+        { predicate = "-p udp --dport 27036"; target = "ACCEPT"; }
+      ];
+    };
   };
-
 }
diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix
index ad7ac142..9769cd68 100644
--- a/lass/2configs/virtualbox.nix
+++ b/lass/2configs/virtualbox.nix
@@ -4,7 +4,6 @@ let
   mainUser = config.users.extraUsers.mainUser;
 
 in {
-  virtualisation.virtualbox.host.enable = true;
 
   users.extraUsers = {
     virtual = {
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index c776262f..6df35b90 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -2,10 +2,8 @@
 
 let
   inherit (pkgs) callPackage;
-  kpkgs = import ../../krebs/5pkgs { inherit pkgs; };
 in
 
-kpkgs //
 rec {
   bitlbee-dev = callPackage ./bitlbee-dev.nix {};
   bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; };