diff options
Diffstat (limited to 'krebs')
| -rw-r--r-- | krebs/2configs/ircd.nix | 18 | ||||
| -rw-r--r-- | krebs/2configs/shack/glados/default.nix | 9 | ||||
| -rw-r--r-- | krebs/3modules/lass/default.nix | 52 |
3 files changed, 63 insertions, 16 deletions
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 789fc2f2f..0de07a027 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -5,6 +5,8 @@ 6667 6669 ]; + systemd.services.charybdis.serviceConfig.LimitNOFILE = 16384; + krebs.charybdis = { enable = true; motd = '' @@ -15,7 +17,7 @@ serverinfo { name = "${config.krebs.build.host.name}.irc.r"; sid = "1as"; - description = "miep!"; + description = "irc!"; network_name = "irc.r"; vhost = "0.0.0.0"; @@ -26,7 +28,7 @@ #ssl_dh_params = "etc/dh.pem"; #ssld_count = 1; - default_max_clients = 100000; + default_max_clients = 2048; #nicklen = 30; }; @@ -38,12 +40,12 @@ */ host = "0.0.0.0"; port = 6667; - sslport = 6697; + #sslport = 6697; /* Listen on IPv6 (if you used host= above). */ host = "::"; port = 6667; - sslport = 6697; + #sslport = 6697; }; class "users" { @@ -53,9 +55,9 @@ number_per_ip_global = 4096; cidr_ipv4_bitlen = 24; cidr_ipv6_bitlen = 64; - number_per_cidr = 65536; - max_number = 100000; - sendq = 10 megabyte; + number_per_cidr = 65535; + max_number = 65535; + sendq = 1000 megabyte; }; privset "op" { @@ -91,7 +93,7 @@ use_knock = yes; knock_delay = 5 minutes; knock_delay_channel = 1 minute; - max_chans_per_user = 15; + max_chans_per_user = 150; max_bans = 100; max_bans_large = 500; default_split_user_count = 0; diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index d546564c5..53d6e6f4a 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -1,5 +1,11 @@ { config, pkgs, lib, ... }: let + unstable = import (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ../../../nixpkgs-unstable.json).rev; + sha256 = (lib.importJSON ../../../nixpkgs-unstable.json).sha256; + }) {}; in { services.nginx.virtualHosts."hass.shack" = { serverAliases = [ "glados.shack" ]; @@ -40,6 +46,9 @@ in { { enable = true; autoExtraComponents = true; + package = unstable.home-assistant.overrideAttrs (old: { + doInstallCheck = false; + }); config = { homeassistant = { name = "Glados"; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index c5cf5cb15..6978c0b4e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -125,7 +125,6 @@ in { ip6.addr = r6 "1e1"; aliases = [ "uriel.r" - "cgit.uriel.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -151,7 +150,6 @@ in { ip6.addr = r6 "dea7"; aliases = [ "mors.r" - "cgit.mors.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -185,7 +183,6 @@ in { ip6.addr = r6 "50da"; aliases = [ "shodan.r" - "cgit.shodan.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -220,7 +217,6 @@ in { ip6.addr = r6 "1205"; aliases = [ "icarus.r" - "cgit.icarus.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -254,7 +250,6 @@ in { ip6.addr = r6 "daed"; aliases = [ "daedalus.r" - "cgit.daedalus.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -286,7 +281,6 @@ in { ip6.addr = r6 "5ce7"; aliases = [ "skynet.r" - "cgit.skynet.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -688,11 +682,53 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU "; syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN"; }; + + coaxmetal = { + cores = 16; + nets = { + retiolum = { + ip4.addr = "10.243.0.17"; + ip6.addr = r6 "17"; + aliases = [ + "coaxmetal.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA + xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK + gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU + WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek + ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32 + G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F + G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO + IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX + K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE + 7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly + bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo + l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "17"; + aliases = [ + "coaxmetal.w" + ]; + wireguard.pubkey = '' + lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38= + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET "; + syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ"; + }; + }; users = rec { - lass = lass-blue; + lass = lass-yubikey; lass-yubikey = { - mail = lass.mail; + mail = "lass@lassul.us"; pubkey = builtins.readFile ./ssh/yubikey.rsa; pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp; }; |