diff options
Diffstat (limited to 'lass/1systems/prism.nix')
| -rw-r--r-- | lass/1systems/prism.nix | 81 |
1 files changed, 76 insertions, 5 deletions
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 20c919b9..6ed80ac3 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -2,15 +2,32 @@ let ip = config.krebs.build.host.nets.internet.ip4.addr; + + inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;}) + manageCerts + ; + in { imports = [ ../. - ../2configs/base.nix + ../2configs/default.nix + ../2configs/exim-smarthost.nix ../2configs/downloading.nix - ../2configs/git.nix ../2configs/ts3.nix ../2configs/bitlbee.nix ../2configs/weechat.nix + ../2configs/privoxy-retiolum.nix + ../2configs/radio.nix + ../2configs/buildbot-standalone.nix + { + imports = [ + ../2configs/git.nix + ( manageCerts [ "cgit.lassul.us" ]) + ]; + krebs.nginx.servers.cgit.server-names = [ + "cgit.lassul.us" + ]; + } { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories @@ -77,6 +94,18 @@ in { device = "/dev/pool/download"; }; + fileSystems."/srv/http" = { + device = "/dev/pool/http"; + }; + + fileSystems."/srv/o.ubikmedia.de-data" = { + device = "/dev/pool/owncloud-ubik-data"; + }; + + fileSystems."/bku" = { + device = "/dev/pool/bku"; + }; + } { sound.enable = false; @@ -117,7 +146,7 @@ in { } { users.users.chat.openssh.authorizedKeys.keys = [ - "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH" + "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBQjn/3n283RZkBs2CFqbpukyQ3zkLIjewRpKttPa5d4PUiT7/vOlutWH5EP4BxXQSoeZStx8D2alGjxfK+nfDvRJGGofpm23cN4j4i24Fcam1y1H7wqRXO1qbz5AB3qPg== JuiceSSH" config.krebs.users.lass-uriel.pubkey ]; } @@ -130,15 +159,57 @@ in { ../2configs/websites/domsen.nix ]; krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + { predicate = "-p tcp --dport https"; target = "ACCEPT"; } ]; } { services.tor = { enable = true; - client.enable = true; }; } + { + security.acme = { + certs."lassul.us" = { + email = "lass@lassul.us"; + webroot = "/var/lib/acme/challenges/lassul.us"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + "full.pem" + ]; + user = "ejabberd"; + }; + }; + krebs.nginx.servers."lassul.us" = { + server-names = [ "lassul.us" ]; + locations = [ + (lib.nameValuePair "/.well-known/acme-challenge" '' + root /var/lib/acme/challenges/lassul.us/; + '') + ]; + }; + lass.ejabberd = { + enable = true; + hosts = [ "lassul.us" ]; + certfile = "/var/lib/acme/lassul.us/full.pem"; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } + { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } + ]; + } + { + imports = [ + ../2configs/realwallpaper-server.nix + ]; + krebs.nginx.servers."lassul.us".locations = [ + (lib.nameValuePair "/wallpaper.png" '' + alias /tmp/wallpaper.png; + '') + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; |