diff options
Diffstat (limited to 'lass/2configs')
| -rw-r--r-- | lass/2configs/base.nix | 12 | ||||
| -rw-r--r-- | lass/2configs/baseX.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/downloading.nix | 18 | ||||
| -rw-r--r-- | lass/2configs/git.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/retiolum.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/ts3.nix | 19 |
6 files changed, 43 insertions, 12 deletions
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 6fa9c5b2..11bc4f08 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -15,8 +15,8 @@ with lib; { users.extraUsers = { root = { - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; mainUser = { @@ -27,11 +27,9 @@ with lib; createHome = true; useDefaultShell = true; extraGroups = [ - "audio" - "wheel" ]; - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; }; @@ -50,7 +48,7 @@ with lib; source = { git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "33bdc011f5360288cd10b9fda90da2950442b2ab"; + rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80"; }; dir.secrets = { host = config.krebs.hosts.mors; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1f5c3de5..3be3676a 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -8,6 +8,8 @@ in { ./urxvt.nix ]; + users.extraUsers.mainUser.extraGroups = [ "audio" ]; + time.timeZone = "Europe/Berlin"; virtualisation.libvirtd.enable = true; diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 5052da5c..e80b7400 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -1,6 +1,10 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: -{ +with lib; + +let + rpc-password = import <secrets/transmission-pw.nix>; +in { imports = [ ../3modules/folderPerms.nix ]; @@ -10,9 +14,13 @@ name = "download"; home = "/var/download"; createHome = true; + useDefaultShell = true; extraGroups = [ "download" ]; + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; }; transmission = { @@ -41,8 +49,8 @@ rpc-authentication-required = true; rpc-whitelist-enabled = false; rpc-username = "download"; - #add rpc-password in secrets - rpc-password = "test123"; + inherit rpc-password; + peer-port = 51413; }; }; @@ -50,6 +58,8 @@ enable = true; tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } + { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } ]; }; diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 2164b2e3..7e8fc03c 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -33,6 +33,8 @@ let web-routes-wai-custom = {}; go = {}; newsbot-js = {}; + kimsufi-check = {}; + realwallpaper = {}; }; restricted-repos = mapAttrs make-restricted-repo ( diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 7f0bcc5e..d26a2f4c 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -16,7 +16,7 @@ enable = true; hosts = ../../krebs/Zhosts; connectTo = [ - "fastpoke" + "prism" "cloudkrebs" "echelon" "pigstarter" diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix new file mode 100644 index 00000000..5b92d091 --- /dev/null +++ b/lass/2configs/ts3.nix @@ -0,0 +1,19 @@ +{ config, ... }: + +{ + services.teamspeak3 = { + enable = true; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + #voice port + { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; } + { predicate = "-p udp --dport 9987"; target = "ACCEPT"; } + ##file transfer port + #{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; } + #{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; } + ##query port + #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; } + #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; } + ]; +} |