diff options
Diffstat (limited to 'lass/2configs')
27 files changed, 290 insertions, 283 deletions
diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix index 94272fdb..f5c24178 100644 --- a/lass/2configs/backup.nix +++ b/lass/2configs/backup.nix @@ -6,6 +6,7 @@ with import <stockholm/lib>; useDefaultShell = true; home = "/backups"; createHome = true; + group = "syncthing"; openssh.authorizedKeys.keys = with config.krebs.hosts; [ blue.ssh.pubkey ]; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 5003d227..52d694c4 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -10,6 +10,7 @@ in { ./copyq.nix ./urxvt.nix ./xdg-open.nix + ./yubikey.nix { hardware.pulseaudio = { enable = true; @@ -54,24 +55,26 @@ in { time.timeZone = "Europe/Berlin"; programs.ssh.agentTimeout = "10m"; - programs.ssh.startAgent = true; + programs.ssh.startAgent = false; services.openssh.forwardX11 = true; environment.systemPackages = with pkgs; [ acpi + acpilight ag cabal2nix - cholerab dic dmenu font-size fzfmenu + gimp gitAndTools.qgit git-preview gnome3.dconf lm_sensors ncdu nix-index + nix-review nmap pavucontrol powertop @@ -79,9 +82,10 @@ in { sxiv taskwarrior termite + transgui + wirelesstools xclip xephyrify - xorg.xbacklight xorg.xhost xsel zathura @@ -94,6 +98,12 @@ in { xlibs.fontschumachermisc ]; + services.udev.extraRules = '' + SUBSYSTEM=="backlight", ACTION=="add", \ + RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", \ + RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness" + ''; + services.xserver = { enable = true; layout = "us"; diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix index ad307c79..e4ccffe2 100644 --- a/lass/2configs/br.nix +++ b/lass/2configs/br.nix @@ -5,10 +5,11 @@ with import <stockholm/lib>; <nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix> ]; - krebs.nixpkgs.allowUnfreePredicate = pkg: any (flip hasPrefix pkg.name) [ - "brother-udev-rule-type1-" - "brscan4-" - "mfcl2700dnlpr-" + krebs.nixpkgs.allowUnfreePredicate = pkg: any (eq (packageName pkg)) [ + "brother-udev-rule-type1" + "brscan4" + "brscan4-etc-files" + "mfcl2700dnlpr" ]; hardware.sane = { diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index d214e224..eafab400 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,101 +1,13 @@ { config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - - mainUser = config.users.extraUsers.mainUser; - - browser-select = let - sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) - (mapAttrsToList (name: value: { inherit name value; }) - config.lass.browser.paths); - in pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) - case $BROWSER in - ${concatMapStringsSep "\n" (n: '' - ${n.name}) - export BIN=${n.value.path}/bin/${n.name} - ;; - '') (sortedPaths)} - esac - $BIN "$@" - ''; - - createUser = script: name: groups: precedence: dpi: - { - lass.xjail.${name} = { - inherit script groups dpi; - }; - environment.systemPackages = [ - config.lass.xjail-bins.${name} - (pkgs.writeDashBin "cx-${name}" '' - DISPLAY=:${toString (genid_uint31 name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip - '') - ]; - lass.browser.paths.${name} = { - path = config.lass.xjail-bins.${name}; - inherit precedence; - }; - }; - - createChromiumUser = name: groups: precedence: - createUser (pkgs.writeDash name '' - ${pkgs.chromium}/bin/chromium "$@" - '') name groups precedence 80; - - createFirefoxUser = name: groups: precedence: - createUser (pkgs.writeDash name '' - ${pkgs.firefox}/bin/firefox "$@" - '') name groups precedence 80; - - createQuteUser = name: groups: precedence: - createUser (pkgs.writeDash name '' - ${pkgs.qutebrowser}/bin/qutebrowser "$@" - '') name groups precedence 60; - -in { - - lass.browser.select = browser-select; - - environment.systemPackages = [ - browser-select - ]; - +{ + lass.browser.config = { + cr = { groups = [ "audio" "video" ]; precedence = 9; }; + }; programs.chromium = { enable = true; extensions = [ "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium - "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold + "ihlenndgcmojhcghmfjfneahoeklbjjh" #cVim ]; }; - - imports = [ - { - options.lass.browser.select = mkOption { - type = types.path; - }; - options.lass.browser.paths = mkOption { - type = types.attrsOf (types.submodule ({ - options = { - path = mkOption { - type = types.path; - }; - precedence = mkOption { - type = types.int; - default = 0; - }; - }; - })); - }; - } - ( createFirefoxUser "ff" [ "audio" ] 11 ) - ( createQuteUser "qb" [ "audio" ] 10 ) - ( createChromiumUser "cr" [ "audio" "video" ] 9 ) - ( createChromiumUser "gm" [ "video" "audio" ] 8 ) - ( createChromiumUser "wk" [ "audio" ] 0 ) - ( createChromiumUser "fb" [ "audio" ] 0 ) - ( createChromiumUser "com" [ "audio" ] 0 ) - ( createChromiumUser "fin" [] (-1) ) - ]; } diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix new file mode 100644 index 00000000..5f802148 --- /dev/null +++ b/lass/2configs/codimd.nix @@ -0,0 +1,28 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; + +{ + services.nginx.virtualHosts.codimd = { + enableACME = true; + addSSL = true; + serverName = "codi.lassul.us"; + locations."/".extraConfig = '' + client_max_body_size 4G; + proxy_set_header Host $host; + proxy_pass http://localhost:3091; + ''; + }; + + services.codimd = { + enable = true; + configuration = { + db = { + dialect = "sqlite"; + storage = "/var/lib/codimd/db.codimd.sqlite"; + useCDN = false; + }; + port = 3091; + }; + }; +} + diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 972b4760..dcae2f3e 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -23,8 +23,7 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey - config.krebs.users.lass-shodan.pubkey - config.krebs.users.lass-icarus.pubkey + config.krebs.users.lass-yubikey.pubkey ]; }; mainUser = { @@ -42,6 +41,7 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey + config.krebs.users.lass-yubikey.pubkey ]; }; }; @@ -173,13 +173,7 @@ with import <stockholm/lib>; ''; }; - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; + services.openssh.enable = true; services.journald.extraConfig = '' SystemMaxUse=1G @@ -190,7 +184,9 @@ with import <stockholm/lib>; enable = true; tables = { nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-i retiolum -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } + { predicate = "-i wiregrill -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } + { predicate = "-p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } ]; nat.OUTPUT.rules = [ @@ -217,7 +213,4 @@ with import <stockholm/lib>; networking.dhcpcd.extraConfig = '' noipv4ll ''; - services.netdata = { - enable = true; - }; } diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 4216bd67..a8267299 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -15,6 +15,7 @@ with import <stockholm/lib>; relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors config.krebs.hosts.blue + config.krebs.hosts.xerxes ]; internet-aliases = with config.krebs.users; [ { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822 @@ -103,6 +104,13 @@ with import <stockholm/lib>; { from = "lobsters@lassul.us"; to = lass.mail; } { from = "fysitech@lassul.us"; to = lass.mail; } { from = "threema@lassul.us"; to = lass.mail; } + { from = "ubisoft@lassul.us"; to = lass.mail; } + { from = "kottezeller@lassul.us"; to = lass.mail; } + { from = "pie@lassul.us"; to = lass.mail; } + { from = "vebit@lassul.us"; to = lass.mail; } + { from = "vcvrack@lassul.us"; to = lass.mail; } + { from = "epic@lassul.us"; to = lass.mail; } + { from = "microsoft@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index a3acb82b..c0e6beba 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -10,7 +10,7 @@ let doom = pkgs.writeDash "doom" '' DOOM_DIR=''${DOOM_DIR:-~/doom/} ${vdoom} \ - -file $DOOM_DIR/lib/brutalv20.pk3 \ + -file $DOOM_DIR/lib/brutalv21.pk3 \ "$@" ''; doom1 = pkgs.writeDashBin "doom1" '' @@ -56,15 +56,6 @@ let ''; in { - environment.systemPackages = with pkgs; [ - dolphinEmu - doom1 - doom2 - vdoom1 - vdoom2 - vdoomserver - ]; - users.extraUsers = { games = { name = "games"; @@ -76,7 +67,14 @@ in { packages = with pkgs; [ minecraft steam-run + scummvm dolphinEmu + doom1 + doom2 + vdoom1 + vdoom2 + vdoomserver + retroarchBare ]; }; }; diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index a1bb2604..0ddb63a0 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -3,6 +3,6 @@ with import <stockholm/lib>; { nix.gc = { - automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer); + automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" ] || config.boot.isContainer); }; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 7650f429..eba68c0b 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -180,7 +180,7 @@ let with git // config.krebs.users; repo: singleton { - user = [ lass lass-mors lass-shodan lass-icarus lass-blue ]; + user = [ lass lass-mors lass-blue lass-yubikey ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index 5649041f..89b11934 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, pkgs, ... }: { imports = [ <stockholm/krebs/2configs/hw/x220.nix> @@ -8,7 +8,20 @@ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + extraModulePackages = [ + config.boot.kernelPackages.tp_smapi + config.boot.kernelPackages.acpi_call + ]; + kernelModules = [ + "acpi_call" + "tp_smapi" + ]; }; + + environment.systemPackages = [ + pkgs.tpacpi-bat + ]; + fileSystems = { "/" = { device = "/dev/mapper/pool-root"; @@ -33,4 +46,10 @@ services.logind.lidSwitch = "ignore"; services.logind.lidSwitchDocked = "ignore"; + services.tlp.enable = true; + services.tlp.extraConfig = '' + START_CHARGE_THRESH_BAT0=80 + STOP_CHARGE_THRESH_BAT0=95 + ''; + } diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix index 5b890b59..ab27eb84 100644 --- a/lass/2configs/network-manager.nix +++ b/lass/2configs/network-manager.nix @@ -15,6 +15,8 @@ }; }; networking.networkmanager = { + ethernet.macAddress = "random"; + wifi.macAddress = "random"; enable = true; unmanaged = [ "docker*" diff --git a/lass/2configs/nfs-dl.nix b/lass/2configs/nfs-dl.nix index abbcc1d4..ba53321b 100644 --- a/lass/2configs/nfs-dl.nix +++ b/lass/2configs/nfs-dl.nix @@ -1,7 +1,20 @@ { fileSystems."/mnt/prism" = { - device = "prism.w:/export"; + device = "prism.w:/export/download"; fsType = "nfs"; + options = [ + "timeo=14" + "noauto" + "noatime" + "nodiratime" + "noac" + "nocto" + "x-systemd.automount" + "x-systemd.device-timeout=1" + "x-systemd.idle-timeout=1min" + "x-systemd.requires=retiolum.service" + "x-systemd.requires=wpa_supplicant.service" + ]; }; } diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 1c253a6c..156ebcae 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -2,7 +2,7 @@ { krebs.per-user.lass.packages = with pkgs; [ - pass + (pass.withExtensions (ext: [ ext.pass-otp ])) gnupg ]; diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 88899c55..b24d7af3 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -97,12 +97,17 @@ in { services.icecast = { enable = true; - hostname = "config.krebs.build.host.name"; + hostname = "radio.lassul.us"; admin.password = admin-password; extraConf = '' - <authentication> - <source-password>${source-password}</source-password> - </authentication> + <mount> + <mount-name>/radio.mp3</mount-name> + <password>${source-password}</password> + </mount> + <mount> + <mount-name>/radio.ogg</mount-name> + <password>${source-password}</password> + </mount> ''; }; @@ -194,8 +199,8 @@ in { workdir = config.krebs.reaktor2.the_playlist.stateDir; hooks.PRIVMSG = [ { - activate = "match"; - pattern = ''!([^ ]+)(?:\s*(.*))?''; + #activate = "match"; + pattern = "^\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$"; command = 1; arguments = [2]; commands = { @@ -218,13 +223,18 @@ in { forceSSL = true; enableACME = true; locations."/".extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Real-IP $remote_addr; proxy_pass http://localhost:8000; ''; - locations."/recent".extraConfig = '' + locations."= /recent".extraConfig = '' alias /tmp/played; ''; }; - virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let + virtualHosts."lassul.us".locations."= /the_playlist".extraConfig = let html = pkgs.writeText "index.html" '' <!DOCTYPE html> <html lang="en"> @@ -250,7 +260,7 @@ in { }; krebs.syncthing.folders."the_playlist" = { path = "/home/radio/music/the_playlist"; - peers = [ "mors" "phone" "prism" ]; + peers = [ "mors" "phone" "prism" "xerxes" ]; }; krebs.permown."/home/radio/music/the_playlist" = { owner = "radio"; diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index fb76c573..9932f817 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -20,8 +20,10 @@ "prism" "gum" "ni" - "dishfire" ]; + extraConfig = '' + LocalDiscovery = yes + ''; }; nixpkgs.config.packageOverrides = pkgs: { diff --git a/lass/2configs/ssh-cryptsetup.nix b/lass/2configs/ssh-cryptsetup.nix index c5e1c592..f08f85b4 100644 --- a/lass/2configs/ssh-cryptsetup.nix +++ b/lass/2configs/ssh-cryptsetup.nix @@ -8,8 +8,6 @@ authorizedKeys = with config.krebs.users; [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey - config.krebs.users.lass-shodan.pubkey - config.krebs.users.lass-icarus.pubkey ]; }; }; diff --git a/lass/2configs/starcraft.nix b/lass/2configs/starcraft.nix index 742b877e..c95a610e 100644 --- a/lass/2configs/starcraft.nix +++ b/lass/2configs/starcraft.nix @@ -1,36 +1,5 @@ { config, pkgs, ... }: let mainUser = config.users.extraUsers.mainUser; - newWine = pkgs.wineStaging; - #newWine = pkgs.wineStaging.overrideAttrs (old: { - # name = "wine-3.7"; - # buildInputs = old.buildInputs ++ [ - # pkgs.libuuid.bin - # pkgs.autoconf.out - # ]; - # src = pkgs.fetchurl { - # url = "https://dl.winehq.org/wine/source/3.x/wine-3.7.tar.xz"; - # sha256 = "1drbzk3y0m14lkq3vzwwkvain5shykgcbmyzh6gcb5r4sxh3givn"; - # }; - # postPatch = old.postPatch or "" + '' - # patchShebangs tools - # cp -r ${pkgs.fetchFromGitHub { - # sha256 = "0kam73jqhah7bzji5csxxhhfdp6byhzpcph6xnzjqz2aic5xk7xi"; - # owner = "wine-staging"; - # repo = "wine-staging"; - # rev = "v3.7"; - # }}/patches . - # chmod +w patches - # cd patches - # patchShebangs gitapply.sh - # ./patchinstall.sh DESTDIR="$PWD/.." --all - # cd .. - # ''; - - #}); - #newWine = (import (builtins.fetchGit { - # url = "https://github.com/NixOS/nixpkgs"; - # rev = "696c6bed4e8e2d9fd9b956dea7e5d49531e9d13f"; - #}) {}).wineStaging; in { users.users= { starcraft = { @@ -40,7 +9,7 @@ in { "video" ]; packages = [ - newWine + pkgs.wineWowPackages.minimal pkgs.winetricks pkgs.mpg123 ]; diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix index e1b523e3..701e5047 100644 --- a/lass/2configs/steam.nix +++ b/lass/2configs/steam.nix @@ -11,9 +11,8 @@ # ##TODO: make steam module nixpkgs.config.steam.java = true; - environment.systemPackages = with pkgs; [ - steam - ]; + + users.users.games.packages = [ pkgs.steam ]; #ports for inhome streaming krebs.iptables = { diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 48f2625c..d4df17b9 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -1,5 +1,7 @@ { config, pkgs, ... }: with import <stockholm/lib>; let - peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); + all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts; + own_peers = filterAttrs (n: v: v.owner.name == "lass") all_peers; + mk_peers = mapAttrs (n: v: { id = v.syncthing.id; }); in { services.syncthing = { enable = true; @@ -14,8 +16,8 @@ in { enable = true; cert = toString <secrets/syncthing.cert>; key = toString <secrets/syncthing.key>; - peers = peers; - folders."/home/lass/sync".peers = attrNames peers; + peers = mk_peers all_peers; + folders."/home/lass/sync".peers = attrNames (filterAttrs (n: v: n != "phone") own_peers); }; system.activationScripts.syncthing-home = '' @@ -23,8 +25,9 @@ in { ''; krebs.permown."/home/lass/sync" = { + file-mode = "u+rw,g+rw"; owner = "lass"; group = "syncthing"; - umask = "0007"; + umask = "0002"; }; } diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix index 5b92d091..d0cfdf47 100644 --- a/lass/2configs/ts3.nix +++ b/lass/2configs/ts3.nix @@ -10,8 +10,8 @@ { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; } { predicate = "-p udp --dport 9987"; target = "ACCEPT"; } ##file transfer port - #{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; } - #{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 30033"; target = "ACCEPT"; } + { predicate = "-p udp --dport 30033"; target = "ACCEPT"; } ##query port #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; } #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; } diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 4f7bd443..f55886e2 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -11,6 +11,9 @@ let (hiPrio (pkgs.python3.withPackages (ps: [ ps.python-language-server ps.pyls-isort + ps.pyflakes + ps.flake8 + ps.yapf ]))) ]; @@ -72,10 +75,6 @@ let au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile - "Syntastic config - "let g:syntastic_python_checkers=['flake8'] - "let g:syntastic_python_flake8_post_args='--ignore=E501' - nnoremap <F5> :call LanguageClient_contextMenu()<CR> set hidden let g:LanguageClient_serverCommands = { @@ -83,7 +82,10 @@ let \ 'go': ['~/go/bin/go-langserver'] \ } - let g:LanguageClient_diagnosticsDisplay = { 2: { "signText": "W" } } + let g:LanguageClient_diagnosticsDisplay = { + \ 1: { "signText": "E" }, + \ 2: { "signText": "W" } + \ } nmap <esc>q :buffer nmap <M-q> :buffer @@ -126,7 +128,6 @@ let extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ pkgs.vimPlugins.ack-vim pkgs.vimPlugins.Gundo - #pkgs.vimPlugins.Syntastic pkgs.vimPlugins.undotree pkgs.vimPlugins.vim-go pkgs.vimPlugins.fzf-vim diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 2131c7c6..b9673de7 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -40,6 +40,7 @@ in { "youthtube.xyz" "joemisch.com" "weirdwednesday.de" + "jarugadesign.de" "www.apanowicz.de" "www.nirwanabluete.de" @@ -49,6 +50,7 @@ in { "www.ubikmedia.de" "www.joemisch.com" "www.weirdwednesday.de" + "www.jarugadesign.de" "aldona2.ubikmedia.de" "apanowicz.ubikmedia.de" @@ -63,6 +65,7 @@ in { "freemonkey.ubikmedia.de" "jarugadesign.ubikmedia.de" "crypto4art.ubikmedia.de" + "jarugadesign.ubikmedia.de" ]) ]; @@ -93,6 +96,7 @@ in { hostName = "o.xanf.org"; config = { adminpassFile = toString <secrets> + "/nextcloud_pw"; + overwriteProtocol = "https"; }; https = true; nginx.enable = true; @@ -141,6 +145,7 @@ in { { from = "akayguen@freemonkey.art"; to ="akayguen"; } { from = "bui@freemonkey.art"; to ="bui"; } { from = "kontakt@alewis.de"; to ="klabusterbeere"; } + { from = "hallo@jarugadesign.de"; to ="kasia"; } { from = "testuser@lassul.us"; to = "testuser"; } { from = "testuser@ubikmedia.eu"; to = "testuser"; } @@ -150,6 +155,7 @@ in { "ubikmedia.eu" "ubikmedia.de" "alewis.de" + "jarugadesign.de" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; @@ -234,24 +240,64 @@ in { createHome = true; }; - krebs.on-failure.plans.restic-backups-domsen = {}; + users.users.kasia = { + uid = genid_uint31 "kasia"; + home = "/home/kasia"; + useDefaultShell = true; + createHome = true; + }; + + krebs.on-failure.plans.restic-backups-domsen = { + journalctl = { + lines = 1000; + }; + }; + services.restic.backups.domsen = { initialize = true; - extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ]; - repository = "sftp:efOVcMWSZ@wilhelmstr2.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; + repository = "/backups/domsen"; passwordFile = toString <secrets> + "/domsen_backup_pw"; timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; paths = [ - "/srv/http" "/home/domsen/Mail" "/home/ms/Mail" "/home/klabusterbeere/Mail" "/home/jms/Mail" + "/home/kasia/Mail" "/home/bruno/Mail" "/home/akayguen/Mail" "/backups/sql_dumps" ]; }; + boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576"; + krebs.syncthing.folders = { + domsen-backups = { + path = "/backups/domsen"; + peers = [ "domsen-backup" ]; + }; + domsen-backup-srv-http = { + path = "/srv/http"; + peers = [ "domsen-backup" ]; + }; + }; + + system.activationScripts.domsen-backups = '' + ${pkgs.coreutils}/bin/chmod 750 /backups + ''; + + krebs. |