diff options
-rw-r--r-- | krebs/3modules/lass/default.nix | 8 | ||||
-rw-r--r-- | lass/1systems/helios.nix | 11 | ||||
-rw-r--r-- | lass/1systems/mors.nix | 3 | ||||
-rw-r--r-- | lass/1systems/prism.nix | 11 | ||||
-rw-r--r-- | lass/1systems/uriel.nix | 9 | ||||
-rw-r--r-- | lass/2configs/base.nix | 4 | ||||
-rw-r--r-- | lass/2configs/browsers.nix | 13 | ||||
-rw-r--r-- | lass/2configs/retiolum.nix | 2 | ||||
-rw-r--r-- | lass/2configs/weechat.nix | 13 | ||||
-rw-r--r-- | lass/3modules/newsbot-js.nix | 2 | ||||
-rw-r--r-- | tv/2configs/default.nix | 1 |
11 files changed, 41 insertions, 36 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 4bf10ac56..6220a2d6f 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -19,6 +19,7 @@ with config.krebs.lib; addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"]; aliases = [ "dishfire.retiolum" + "dishfire.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -52,6 +53,7 @@ with config.krebs.lib; "echelon.retiolum" "cgit.echelon.retiolum" "go.retiolum" + "go.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -83,6 +85,7 @@ with config.krebs.lib; addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"]; aliases = [ "prism.retiolum" + "prism.r" "cgit.prism.retiolum" ]; tinc.pubkey = '' @@ -114,6 +117,7 @@ with config.krebs.lib; addrs6 = ["42:422a:194f:ff3b:e196:2f82:5cf5:bc00"]; aliases = [ "fastpoke.retiolum" + "fastpoke.r" "cgit.fastpoke.retiolum" ]; tinc.pubkey = '' @@ -144,6 +148,7 @@ with config.krebs.lib; addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"]; aliases = [ "cloudkrebs.retiolum" + "cloudkrebs.r" "cgit.cloudkrebs.retiolum" ]; tinc.pubkey = '' @@ -173,6 +178,7 @@ with config.krebs.lib; addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"]; aliases = [ "uriel.retiolum" + "uriel.r" "cgit.uriel.retiolum" ]; tinc.pubkey = '' @@ -203,6 +209,7 @@ with config.krebs.lib; addrs6 = ["42:0:0:0:0:0:0:dea7"]; aliases = [ "mors.retiolum" + "mors.r" "cgit.mors.retiolum" ]; tinc.pubkey = '' @@ -229,6 +236,7 @@ with config.krebs.lib; addrs6 = ["42:0:0:0:0:0:0:7105"]; aliases = [ "helios.retiolum" + "helios.r" "cgit.helios.retiolum" ]; tinc.pubkey = '' diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 0103b6ec0..2784375c2 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -19,12 +19,11 @@ with builtins; # }; #} { - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } - ]; - }; + services.elasticsearch = { + enable = true; + plugins = [ + pkgs.elasticsearchPlugins.elasticsearch_kopf + ]; }; } ]; diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 9f492e2c6..01d69c403 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -328,7 +328,4 @@ tapButtons = false; twoFingerScroll = true; }; - - #for google hangout - users.extraUsers.gm.extraGroups = [ "audio" "video" ]; } diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 05b3470e5..864e59b21 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -83,10 +83,10 @@ in { { sound.enable = false; } - { - #workaround for server dying after 6-7h - boot.kernelPackages = pkgs.linuxPackages_4_2; - } + #{ + # #workaround for server dying after 6-7h + # boot.kernelPackages = pkgs.linuxPackages_4_2; + #} { nixpkgs.config.allowUnfree = true; } @@ -119,7 +119,8 @@ in { } { users.users.chat.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH" + "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH" + config.krebs.users.lass-uriel.pubkey ]; } { diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index 0758164f0..4e4eca21f 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -15,15 +15,6 @@ with builtins; ../2configs/bitlbee.nix ../2configs/weechat.nix ../2configs/skype.nix - { - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/uriel.ssh.pub - ]; - }; - }; - } ]; krebs.build.host = config.krebs.hosts.uriel; diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index d2c96fdaa..af4ee6d27 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -54,8 +54,8 @@ with config.krebs.lib; #secrets-common = "/home/lass/secrets/common"; stockholm = "/home/lass/stockholm"; nixpkgs = { - url = https://github.com/Lassulus/nixpkgs; - rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; + url = https://github.com/NixOS/nixpkgs; + rev = "885acea1dd82b0354ff2b6bcf1268b3031cf93df"; dev = "/home/lass/src/nixpkgs"; }; } // optionalAttrs config.krebs.build.host.secure { diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index eb764068b..47a16d4cb 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,6 +1,8 @@ { config, lib, pkgs, ... }: let + inherit (config.krebs.lib) genid; + mainUser = config.users.extraUsers.mainUser; createChromiumUser = name: extraGroups: packages: { @@ -8,6 +10,7 @@ let inherit name; inherit extraGroups; home = "/home/${name}"; + uid = genid name; useDefaultShell = true; createHome = true; }; @@ -28,6 +31,7 @@ let inherit name; inherit extraGroups; home = "/home/${name}"; + uid = genid name; useDefaultShell = true; createHome = true; }; @@ -48,16 +52,17 @@ in { environment.systemPackages = [ (pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu) + BROWSER=$(echo -e "ff\ncr\nwk\nfb\ngm\nflash" | dmenu) $BROWSER $@ '') ]; imports = [ - ( createFirefoxUser "ff" [ "audio" ] [ ] ) + ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] ) ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "fb" [ ] [ pkgs.chromium ] ) - ( createChromiumUser "gm" [ ] [ pkgs.chromium ] ) + ( createChromiumUser "wk" [ "audio" ] [ pkgs.chromium ] ) + ( createChromiumUser "fb" [ "audio" ] [ pkgs.chromium ] ) + ( createChromiumUser "gm" [ "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] ) ]; diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index f8a63706e..1646cdea9 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -16,8 +16,6 @@ enable = true; connectTo = [ "prism" - "cloudkrebs" - "echelon" "pigstarter" "gum" "flap" diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index 6a257f0bb..98f5df42a 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -1,14 +1,17 @@ { config, lib, pkgs, ... }: -{ - krebs.per-user.chat.packages = [ - pkgs.weechat - pkgs.tmux +let + inherit (config.krebs.lib) genid; +in { + krebs.per-user.chat.packages = with pkgs; [ + mosh + tmux + weechat ]; users.extraUsers.chat = { home = "/home/chat"; - uid = lib.genid "chat"; + uid = genid "chat"; useDefaultShell = true; createHome = true; openssh.authorizedKeys.keys = [ diff --git a/lass/3modules/newsbot-js.nix b/lass/3modules/newsbot-js.nix index 5e340b26f..0772971da 100644 --- a/lass/3modules/newsbot-js.nix +++ b/lass/3modules/newsbot-js.nix @@ -4,6 +4,8 @@ with builtins; with lib; let + inherit (config.krebs.lib) genid; + cfg = config.lass.newsbot-js; out = { diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 5a1e90bc4..9b83997bb 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -49,6 +49,7 @@ with config.krebs.lib; } { security.sudo.extraConfig = '' + Defaults env_keep+="SSH_CLIENT" Defaults mailto="${config.krebs.users.tv.mail}" Defaults !lecture ''; |