diff options
33 files changed, 334 insertions, 51 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 65da85ac4..48ba00494 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -91,6 +91,7 @@ with config.krebs.lib; "prism.retiolum" "prism.r" "cgit.prism.retiolum" + "cache.prism.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index b5e551952..ec9f53694 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -5,7 +5,7 @@ ../. <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ../2configs/default.nix - ../2configs/exim-retiolum.nix + #../2configs/exim-retiolum.nix ../2configs/git.nix { boot.loader.grub = { @@ -63,6 +63,35 @@ { predicate = "-p tcp --dport https"; target = "ACCEPT"; } ]; } + { + #TODO: abstract & move to own file + krebs.exim-smarthost = { + enable = true; + relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + config.krebs.hosts.mors + config.krebs.hosts.uriel + config.krebs.hosts.helios + ]; + system-aliases = [ + { from = "mailer-daemon"; to = "postmaster"; } + { from = "postmaster"; to = "root"; } + { from = "nobody"; to = "root"; } + { from = "hostmaster"; to = "root"; } + { from = "usenet"; to = "root"; } + { from = "news"; to = "root"; } + { from = "webmaster"; to = "root"; } + { from = "www"; to = "root"; } + { from = "ftp"; to = "root"; } + { from = "abuse"; to = "root"; } + { from = "noc"; to = "root"; } + { from = "security"; to = "root"; } + { from = "root"; to = "lass"; } + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.dishfire; diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index a7a1fd253..beb5659d0 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -29,6 +29,7 @@ ../2configs/cbase.nix ../2configs/mail.nix ../2configs/krebs-pass.nix + ../2configs/umts.nix #../2configs/buildbot-standalone.nix { #risk of rain port @@ -131,8 +132,8 @@ }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0" ''; #TODO activationScripts seem broken, fix them! @@ -146,7 +147,7 @@ #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp] #echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control' #Autosuspend for USB device Biometric Coprocessor - echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' + #echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' #Runtime PMs echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 6ed80ac39..9a9bd4730 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -210,6 +210,30 @@ in { '') ]; } + { + services.nix-serve = { + enable = true; + secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + }; + systemd.services.nix-serve = { + requires = ["secret.service"]; + after = ["secret.service"]; + }; + krebs.secret.files.nix-serve-key = { + path = "/run/secret/nix-serve.key"; + owner.name = "nix-serve"; + source-path = toString <secrets> + "/nix-serve.key"; + }; + krebs.nginx = { + enable = true; + servers.nix-serve = { + server-names = [ "cache.prism.r" ]; + locations = lib.singleton (lib.nameValuePair "/" '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + ''); + }; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 6829428ff..073d86790 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -5,6 +5,7 @@ with builtins; imports = [ ../. ../2configs/baseX.nix + ../2configs/git.nix ../2configs/exim-retiolum.nix ../2configs/browsers.nix ../2configs/programs.nix @@ -67,10 +68,15 @@ with builtins; "/boot" = { device = "/dev/sda1"; }; + + "/home/lass" = { + device = "/dev/pool/home-lass"; + fsType = "ext4"; + }; }; - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" - # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" - #''; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + ''; } diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 16f7502ac..7e969b3ed 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -32,6 +32,7 @@ in { environment.systemPackages = with pkgs; [ + acpi dmenu gitAndTools.qgit lm_sensors @@ -44,6 +45,7 @@ in { sxiv xclip xorg.xbacklight + xorg.xhost xsel zathura diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 604d0728d..151ce562b 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -29,16 +29,26 @@ name="fast-all-branches", builderNames=["fast-tests"])) ''; + build-all-scheduler = '' + # build all lass hosts + sched.append(schedulers.SingleBranchScheduler( + ## only master + change_filter=util.ChangeFilter(branch_re="master"), + # treeStableTimer=10, + name="prism-master", + builderNames=["build-all"])) + ''; }; builder_pre = '' # prepare grab_repo step for stockholm grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') - env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"} + # TODO: get nixpkgs/stockholm paths from krebs + env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true"} # prepare nix-shell # the dependencies which are used by the test script - deps = [ "gnumake", "jq","nix","rsync" ] + deps = [ "gnumake", "jq", "nix", "rsync" ] # TODO: --pure , prepare ENV in nix-shell command: # SSL_CERT_FILE,LOGNAME,NIX_REMOTE nixshell = ["nix-shell", @@ -51,6 +61,25 @@ factory.addStep(steps.ShellCommand(**kwargs)) ''; builder = { + build-all = '' + f = util.BuildFactory() + f.addStep(grab_repo) + #TODO: get hosts via krebs + for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: + addShell(f,name="build-{}".format(i),env=env, + command=nixshell + \ + ["nix-build \ + --show-trace --no-out-link \ + -I nixos-config=./lass/1systems/{}.nix \ + -I secrets=./lass/2configs/tests/dummy-secrets \ + -I stockholm=. \ + -A config.system.build.toplevel".format(i)]) + + bu.append(util.BuilderConfig(name="build-all", + slavenames=slavenames, + factory=f)) + + ''; fast-tests = '' f = util.BuildFactory() f.addStep(grab_repo) @@ -93,7 +122,7 @@ password = "lasspass"; packages = with pkgs;[ git nix gnumake jq rsync ]; extraEnviron = { - NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; + NIX_PATH="nixpkgs=/var/src/nixpkgs"; }; }; krebs.iptables = { diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 1c06acf38..deb3c46c2 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -7,6 +7,7 @@ with config.krebs.lib; ../2configs/zsh.nix ../2configs/mc.nix ../2configs/retiolum.nix + ../2configs/nixpkgs.nix ./backups.nix { users.extraUsers = @@ -40,6 +41,12 @@ with config.krebs.lib; }; }; } + { + nix = { + binaryCaches = ["http://cache.prism.r"]; + binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; + }; + } ]; networking.hostName = config.krebs.build.host.name; @@ -52,14 +59,12 @@ with config.krebs.lib; user = config.krebs.users.lass; source = mapAttrs (_: mkDefault) ({ nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix"; - secrets = "/home/lass/secrets/${config.krebs.build.host.name}"; + secrets = + if getEnv "dummy_secrets" == "true" + then toString <stockholm/lass/2configs/tests/dummy-secrets> + else "/home/lass/secrets/${config.krebs.build.host.name}"; #secrets-common = "/home/lass/secrets/common"; stockholm = "/home/lass/stockholm"; - nixpkgs = { - url = https://github.com/lassulus/nixpkgs; - rev = "f632f8edaf80ffa8bf0b8c9b9064cae3ccbe3894"; - dev = "/home/lass/src/nixpkgs"; - }; } // optionalAttrs config.krebs.build.host.secure { #secrets-master = "/home/lass/secrets/master"; }); @@ -114,8 +119,12 @@ with config.krebs.lib; #neat utils krebspaste + pciutils psmisc + rs + tmux untilport + usbutils #unpack stuff p7zip diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 3639a743a..cf9b631c8 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -21,6 +21,7 @@ in { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey config.krebs.users.lass-uriel.pubkey + config.krebs.users.lass-shodan.pubkey ]; }; diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 8199f2bd7..e9527fec5 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -28,6 +28,7 @@ with config.krebs.lib; { from = "wordpress@ubikmedia.de"; to = lass.mail; } { from = "finanzamt@lassul.us"; to = lass.mail; } { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } + { from = "netzclub@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index f3b65e816..a724e2e45 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -5,7 +5,8 @@ let in { krebs.fetchWallpaper = { enable = true; - url = "cloudkrebs/wallpaper.png"; + unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; + url = "prism/wallpaper.png"; }; } diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index 636b44395..f2b70d831 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -41,7 +41,6 @@ let cryptogon|http://www.cryptogon.com/?feed=rss2|#news csm|http://rss.csmonitor.com/feeds/csm|#news csm_world|http://rss.csmonitor.com/feeds/world|#news - cyberguerrilla|https://www.cyberguerrilla.org/a/2012/?feed=rss2|#news danisch|http://www.danisch.de/blog/feed/|#news dod|http://www.defense.gov/news/afps2.xml|#news dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news @@ -102,7 +101,7 @@ let npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news npr_world|http://www.npr.org/rss/rss.php?id=1004|#news - nsa|http://www.nsa.gov/rss.shtml|#news #bullerei + nsa|https://www.nsa.gov/rss.xml|#news #bullerei nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news painload|https://github.com/krebscode/painload/commits/master.atom|#news phys|http://phys.org/rss-feed/|#news diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix new file mode 100644 index 000000000..c893011a3 --- /dev/null +++ b/lass/2configs/nixpkgs.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + krebs.build.source.nixpkgs = { + url = https://github.com/lassulus/nixpkgs; + rev = "f215f9e91e07473e61c9302aaa312c7350e98f0e"; + }; +} diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 17be327b9..12a4ddf26 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -11,7 +11,7 @@ let source-password = import <secrets/icecast-source-pw>; add_random = pkgs.writeDashBin "add_random" '' - mpc add "$(mpc ls | shuf -n1)" + ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)" ''; skip_track = pkgs.writeDashBin "skip_track" '' @@ -52,7 +52,6 @@ in { print_current ncmpcpp mpc_cli - tmux ]; security.sudo.extraConfig = '' @@ -114,7 +113,7 @@ in { wantedBy = [ "timers.target" ]; timerConfig = { - OnCalendar = "*:*"; + OnCalendar = "*:0/1"; }; }; @@ -123,8 +122,8 @@ in { LIMIT=$1 #in secconds timeLeft () { - playlistDuration=$(mpc --format '%time%' playlist | awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') - currentTime=$(mpc status | awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }') + playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') + currentTime=$(${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }') expr ''${playlistDuration:-0} - ''${currentTime:-0} } @@ -136,15 +135,9 @@ in { description = "radio playlist autoadder"; after = [ "network.target" ]; - path = with pkgs; [ - gawk - mpc_cli - ]; - restartIfChanged = true; serviceConfig = { - Restart = "always"; ExecStart = "${autoAdd} 100"; }; }; diff --git a/lass/2configs/tests/dummy-secrets/cbase.txt b/lass/2configs/tests/dummy-secrets/cbase.txt new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/cbase.txt diff --git a/lass/2configs/tests/dummy-secrets/hashedPasswords.nix b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/lass/2configs/tests/dummy-secrets/icecast-admin-pw b/lass/2configs/tests/dummy-secrets/icecast-admin-pw new file mode 100644 index 000000000..16b542cee --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/icecast-admin-pw @@ -0,0 +1 @@ +"blabla" diff --git a/lass/2configs/tests/dummy-secrets/icecast-source-pw b/lass/2configs/tests/dummy-secrets/icecast-source-pw new file mode 100644 index 000000000..16b542cee --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/icecast-source-pw @@ -0,0 +1 @@ +"blabla" diff --git a/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv b/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv new file mode 100644 index 000000000..215a7fa0c --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv @@ -0,0 +1,3 @@ +-----BEGIN RSA PRIVATE KEY----- +this is a private key +-----END RSA PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/mysql_rootPassword b/lass/2configs/tests/dummy-secrets/mysql_rootPassword new file mode 100644 index 000000000..922a74472 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/mysql_rootPassword @@ -0,0 +1 @@ +blabla123 diff --git a/lass/2configs/tests/dummy-secrets/nix-serve.key b/lass/2configs/tests/dummy-secrets/nix-serve.key new file mode 100644 index 000000000..91448ad2f --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/nix-serve.key @@ -0,0 +1 @@ +key-name:blabla123 diff --git a/lass/2configs/tests/dummy-secrets/repos.nix b/lass/2configs/tests/dummy-secrets/repos.nix new file mode 100644 index 000000000..eed712458 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/repos.nix @@ -0,0 +1 @@ +_: {} diff --git a/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv new file mode 100644 index 000000000..99a4033f6 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv @@ -0,0 +1,4 @@ + +-----BEGIN RSA PRIVATE KEY----- +this is a private key +-----END RSA PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 new file mode 100644 index 000000000..5c12da0b3 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 @@ -0,0 +1,3 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +private key bla +-----END OPENSSH PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_rsa b/lass/2configs/tests/dummy-secrets/ssh.id_rsa new file mode 100644 index 000000000..885cf61f0 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/ssh.id_rsa @@ -0,0 +1,3 @@ +-----BEGIN RSA PRIVATE KEY----- +private key bla +-----END RSA PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/transmission-pw b/lass/2configs/tests/dummy-secrets/transmission-pw new file mode 100644 index 000000000..b71df1a2d --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/transmission-pw @@ -0,0 +1 @@ +"krebskrebs123" diff --git a/lass/2configs/umts.nix b/lass/2configs/umts.nix new file mode 100644 index 000000000..c1fce9ea2 --- /dev/null +++ b/lass/2configs/umts.nix @@ -0,0 +1,62 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +let + nixpkgs-1509 = import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs-channels"; + rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; + sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; + }) {}; + + wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113 + + modem-device = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09"; + + # TODO: currently it is only netzclub + umts-bin = pkgs.writeScriptBin "umts" '' + #!/bin/sh + set -euf + systemctl stop wpa_supplicant + systemctl start umts + trap "systemctl stop umts && systemctl start wpa_supplicant;trap - INT TERM EXIT;exit" INT TERM EXIT + echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf + journalctl -xfu umts + ''; + + wvdial-defaults = '' + Modem = ${modem-device} + Init1 = AT+CFUN=1 + Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + Baud = 460800 + phone= *99# + Username = netzclub + Password = netzclub + Stupid Mode = 1 + Idle Seconds = 0 + ''; + + + out = { + environment.shellAliases = { + umts = "sudo ${umts-bin}/bin/umts"; + }; + + security.sudo.extraConfig = '' + lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts + ''; + + environment.wvdial.dialerDefaults = wvdial-defaults; + + systemd.services.umts = { + description = "UMTS wvdial Service"; + serviceConfig = { + Type = "simple"; + Restart = "always"; + RestartSec = "10s"; + ExecStart = "${wvdial}/bin/wvdial -n"; + }; + }; + }; +in out + diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 45d09c3b9..c69d20633 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -11,9 +11,9 @@ let serveWordpress; msmtprc = pkgs.writeText "msmtprc" '' - account prism + account localhost host localhost - account default: prism + account default: localhost ''; sendmail = pkgs.writeDash "msmtp" '' @@ -23,23 +23,55 @@ let in { imports = [ ./sqlBackup.nix - (ssl [ "reich-gebaeudereinigung.de" ]) - (servePage [ "reich-gebaeudereinigung.de" ]) + (ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) + (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (ssl [ "karlaskop.de" ]) - (servePage [ "karlaskop.de" ]) + (ssl [ "karlaskop.de" "www.karlaskop.de" ]) + (servePage [ "karlaskop.de" "www.karlaskop.de" ]) - (ssl [ "makeup.apanowicz.de" ]) - (servePage [ "makeup.apanowicz.de" ]) + (ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) + (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) - (ssl [ "pixelpocket.de" ]) - (servePage [ "pixelpocket.de" ]) + (ssl [ "pixelpocket.de" "www.pixelpocket.de" ]) + (servePage [ "pixelpocket.de" "www.pixelpocket.de" ]) - (ssl [ "o.ubikmedia.de" ]) - (serveOwncloud [ "o.ubikmedia.de" ]) + (ssl [ "o.ubikmedia.de" "www.o.ubikmedia.de" ]) + (serveOwncloud [ "o.ubikmedia.de" "www.o.ubikmedia.de" ]) - (ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ]) - (serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ]) + (ssl [ + "ubikmedia.de" + "aldona.ubikmedia.de" + "apanowicz.de" + "nirwanabluete.de" + "aldonasiech.com" + "360gradvideo.tv" + "ubikmedia.eu" + "facts.cloud" + "www.ubikmedia.de" + "www.aldona.ubikmedia.de" + "www.apanowicz.de" + "www.nirwanabluete.de" + "www.aldonasiech.com" + "www.360gradvideo.tv" + "www.ubikmedia.eu" + "www.facts.cloud" + ]) + (serveWordpress [ + "ubikmedia.de" + "apanowicz.de" + "nirwanabluete.de" + "aldonasiech.com" + "360gradvideo.tv" + "ubikmedia.eu" + "facts.cloud" + "*.ubikmedia.de" + "www.apanowicz.de" + "www.nirwanabluete.de" + "www.aldonasiech.com" + "www.360gradvideo.tv" + "www.ubikmedia.eu" + "www.facts.cloud" + ]) ]; lass.mysqlBackup.config.all.databases = [ @@ -63,7 +95,7 @@ in { services.phpfpm.phpIni = pkgs.runCommand "php.ini" { options = '' extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = ${sendmail} -t -i" + sendmail_path = "${sendmail} -t -i" ''; } '' cat ${pkgs.php}/etc/php-recommended.ini > $out diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 63efbecb6..c2b8ff116 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -12,6 +12,16 @@ let serveWordpress ; + msmtprc = pkgs.writeText "msmtprc" '' + account localhost + host localhost + account default: localhost + ''; + + sendmail = pkgs.writeDash "msmtp" '' + exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" + ''; + in { imports = [ ./sqlBackup.nix @@ -51,4 +61,14 @@ in { users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.fritz.pubkey ]; + + services.phpfpm.phpIni = pkgs.runCommand "php.ini" { + options = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = "${sendmail} -t -i" + ''; + } '' + cat ${pkgs.php}/etc/php-recommended.ini > $out + echo "$options" >> |