4 files changed, 22 insertions, 94 deletions

diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index 5235c25e5..2a6a70ffd 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -1,6 +1,12 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
-{
+let
+  inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
+  inherit (lib) head;
+
+  ip = (head config.krebs.build.host.nets.internet.addrs4);
+  r_ip = (head config.krebs.build.host.nets.retiolum.addrs4);
+in {
   imports = [
     ../../tv/2configs/CAC-Developer-2.nix
     ../../tv/2configs/CAC-CentOS-7-64bit.nix
@@ -8,14 +14,15 @@
     ../2configs/retiolum.nix
     ../2configs/fastpoke-pages.nix
     ../2configs/new-repos.nix
+    ../2configs/realwallpaper.nix
     {
       networking.interfaces.enp2s1.ip4 = [
         {
-          address = "104.167.113.104";
+          address = ip;
           prefixLength = 24;
         }
       ];
-      networking.defaultGateway = "104.167.113.1";
+      networking.defaultGateway = getDefaultGateway ip;
       networking.nameservers = [
         "8.8.8.8"
       ];
@@ -40,4 +47,8 @@
 
   networking.hostName = "cloudkrebs";
 
+  environment.systemPackages = [
+    pkgs.dic
+  ];
+
 }
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index d1a3f34f7..782674cb0 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -11,6 +11,7 @@ in {
     ../../tv/2configs/CAC-CentOS-7-64bit.nix
     ../2configs/base.nix
     ../2configs/retiolum.nix
+    ../2configs/realwallpaper.nix
     {
       networking.interfaces.enp2s1.ip4 = [
         {
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index b7291a8f2..414afcbba 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -23,6 +23,7 @@
     ../2configs/wordpress.nix
     ../2configs/bitlbee.nix
     ../2configs/firefoxPatched.nix
+    ../2configs/realwallpaper.nix
   ];
 
   krebs.build = {
@@ -174,7 +175,9 @@
 
   environment.systemPackages = with pkgs; [
     cac
+    sshpass
     get
+    genid
   ];
 
   #TODO: fix this shit
@@ -195,21 +198,11 @@
     };
   };
 
-  networking.firewall = {
-    allowPing = true;
-    allowedTCPPorts = [
-      8000
-    ];
-    allowedUDPPorts = [
-      67
-    ];
-  };
-
   services.mongodb = {
     enable = true;
   };
 
-  lass.iptables = {
+  krebs.iptables = {
     tables = {
       filter.INPUT.rules = [
         { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; }
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 9d96e7814..bd3770b43 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -12,6 +12,8 @@ with builtins;
     ../2configs/new-repos.nix
     ../2configs/chromium-patched.nix
     ../2configs/retiolum.nix
+    ../2configs/bitlbee.nix
+    ../2configs/weechat.nix
     {
       users.extraUsers = {
         root = {
@@ -82,9 +84,6 @@ with builtins;
     SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
   '';
 
-  #services.xserver = {
-  #};
-
   services.xserver.synaptics = {
     enable = true;
     twoFingerScroll = true;
@@ -101,80 +100,4 @@ with builtins;
   #for google hangout
 
   users.extraUsers.google.extraGroups = [ "audio" "video" ];
-
-
-  #users.extraGroups = {
-  #  loot = {
-  #    members = [
-  #      "lass"
-  #      "firefox"
-  #      "chromium"
-  #      "google"
-  #    ];
-  #  };
-  #};
-  #
-  # iptables
-  #
-  #networking.firewall.enable = false;
-  #system.activationScripts.iptables =
-  #  let
-  #    log = false;
-  #    when = c: f: if c then f else "";
-  #  in
-  #    ''
-  #      ip4tables() { ${pkgs.iptables}/sbin/iptables "$@"; }
-  #      ip6tables() { ${pkgs.iptables}/sbin/ip6tables "$@"; }
-  #      ipXtables() { ip4tables "$@"; ip6tables "$@"; }
-
-  #      #
-  #      # nat
-  #      #
-
-  #      # reset tables
-  #      ipXtables -t nat -F
-  #      ipXtables -t nat -X
-
-  #      #
-  #      #ipXtables -t nat -A PREROUTING -j REDIRECT ! -i retiolum -p tcp --dport ssh --to-ports 0
-  #      ipXtables -t nat -A PREROUTING -j REDIRECT -p tcp --dport 11423 --to-ports ssh
-
-  #      #
-  #      # filter
-  #      #
-
-  #      # reset tables
-  #      ipXtables -P INPUT DROP
-  #      ipXtables -P FORWARD DROP
-  #      ipXtables -F
-  #      ipXtables -X
-
-  #      # create custom chains
-  #      ipXtables -N Retiolum
-
-  #      # INPUT
-  #      ipXtables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
-  #      ipXtables -A INPUT -j ACCEPT -i lo
-  #      ipXtables -A INPUT -j ACCEPT -p tcp --dport ssh -m conntrack --ctstate NEW
-  #      ipXtables -A INPUT -j ACCEPT -p tcp --dport http -m conntrack --ctstate NEW
-  #      ipXtables -A INPUT -j ACCEPT -p tcp --dport tinc -m conntrack --ctstate NEW
-  #      ipXtables -A INPUT -j Retiolum -i retiolum
-  #      ${when log "ipXtables -A INPUT -j LOG --log-level info --log-prefix 'INPUT DROP '"}
-
-  #      # FORWARD
-  #      ${when log "ipXtables -A FORWARD -j LOG --log-level info --log-prefix 'FORWARD DROP '"}
-
-  #      # Retiolum
-  #      ip4tables -A Retiolum -j ACCEPT -p icmp --icmp-type echo-request
-  #      ip6tables -A Retiolum -j ACCEPT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request
-
-
-  #      ${when log "ipXtables -A Retiolum -j LOG --log-level info --log-prefix 'REJECT '"}
-  #      ipXtables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset
-  #      ip4tables -A Retiolum -j REJECT -p udp --reject-with icmp-port-unreachable
-  #      ip4tables -A Retiolum -j REJECT        --reject-with icmp-proto-unreachable
-  #      ip6tables -A Retiolum -j REJECT -p udp --reject-with icmp6-port-unreachable
-  #      ip6tables -A Retiolum -j REJECT
-
-  #    '';
 }