4 files changed, 68 insertions, 8 deletions

diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index b5e55195..ec9f5369 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -5,7 +5,7 @@
     ../.
     <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
     ../2configs/default.nix
-    ../2configs/exim-retiolum.nix
+    #../2configs/exim-retiolum.nix
     ../2configs/git.nix
     {
       boot.loader.grub = {
@@ -63,6 +63,35 @@
          { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
       ];
     }
+    {
+      #TODO: abstract & move to own file
+      krebs.exim-smarthost = {
+        enable = true;
+        relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
+          config.krebs.hosts.mors
+          config.krebs.hosts.uriel
+          config.krebs.hosts.helios
+        ];
+        system-aliases = [
+          { from = "mailer-daemon"; to = "postmaster"; }
+          { from = "postmaster"; to = "root"; }
+          { from = "nobody"; to = "root"; }
+          { from = "hostmaster"; to = "root"; }
+          { from = "usenet"; to = "root"; }
+          { from = "news"; to = "root"; }
+          { from = "webmaster"; to = "root"; }
+          { from = "www"; to = "root"; }
+          { from = "ftp"; to = "root"; }
+          { from = "abuse"; to = "root"; }
+          { from = "noc"; to = "root"; }
+          { from = "security"; to = "root"; }
+          { from = "root"; to = "lass"; }
+        ];
+      };
+      krebs.iptables.tables.filter.INPUT.rules = [
+        { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
+      ];
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.dishfire;
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index a7a1fd25..beb5659d 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -29,6 +29,7 @@
     ../2configs/cbase.nix
     ../2configs/mail.nix
     ../2configs/krebs-pass.nix
+    ../2configs/umts.nix
     #../2configs/buildbot-standalone.nix
     {
       #risk of rain port
@@ -131,8 +132,8 @@
   };
 
   services.udev.extraRules = ''
-    SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
-    SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+    SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
+    SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0"
   '';
 
   #TODO activationScripts seem broken, fix them!
@@ -146,7 +147,7 @@
     #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp]
     #echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
     #Autosuspend for USB device Biometric Coprocessor
-    echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
+    #echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
 
     #Runtime PMs
     echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 6ed80ac3..9a9bd473 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -210,6 +210,30 @@ in {
         '')
       ];
     }
+    {
+      services.nix-serve = {
+        enable = true;
+        secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+      };
+      systemd.services.nix-serve = {
+        requires = ["secret.service"];
+        after = ["secret.service"];
+      };
+      krebs.secret.files.nix-serve-key = {
+        path = "/run/secret/nix-serve.key";
+        owner.name = "nix-serve";
+        source-path = toString <secrets> + "/nix-serve.key";
+      };
+      krebs.nginx = {
+        enable = true;
+        servers.nix-serve = {
+          server-names = [ "cache.prism.r" ];
+          locations = lib.singleton (lib.nameValuePair "/" ''
+            proxy_pass http://localhost:${toString config.services.nix-serve.port};
+          '');
+        };
+      };
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 6829428f..073d8679 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -5,6 +5,7 @@ with builtins;
   imports = [
     ../.
     ../2configs/baseX.nix
+    ../2configs/git.nix
     ../2configs/exim-retiolum.nix
     ../2configs/browsers.nix
     ../2configs/programs.nix
@@ -67,10 +68,15 @@ with builtins;
     "/boot" = {
       device = "/dev/sda1";
     };
+
+    "/home/lass" = {
+      device = "/dev/pool/home-lass";
+      fsType = "ext4";
+    };
   };
 
-  #services.udev.extraRules = ''
-  #  SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
-  #  SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
-  #'';
+  services.udev.extraRules = ''
+    SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
+    SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+  '';
 }