diff options
Diffstat (limited to 'lass')
-rw-r--r-- | lass/1systems/prism.nix | 50 | ||||
-rw-r--r-- | lass/2configs/baseX.nix | 2 | ||||
-rw-r--r-- | lass/2configs/exim-smarthost.nix | 2 | ||||
-rw-r--r-- | lass/2configs/nixpkgs.nix | 2 | ||||
-rw-r--r-- | lass/2configs/repo-sync.nix | 1 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 2 | ||||
-rw-r--r-- | lass/2configs/websites/lassulus.nix | 91 |
7 files changed, 99 insertions, 51 deletions
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 51d106b5e..8b4f1d7a2 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -25,26 +25,6 @@ in { ../2configs/binary-cache/server.nix ../2configs/iodined.nix { - imports = [ - ../2configs/git.nix - ]; - krebs.nginx.servers.cgit = { - server-names = [ - "cgit.lassul.us" - ]; - locations = [ - (nameValuePair "/.well-known/acme-challenge" '' - root /var/lib/acme/challenges/cgit.lassul.us/; - '') - ]; - ssl = { - enable = true; - certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; - certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem"; - }; - }; - } - { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) @@ -164,7 +144,6 @@ in { users.users.chat.openssh.authorizedKeys.keys = [ "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHF9tijlMoEevRZCG1AggukxWggfxPHUwg6Ye113ODG6PZ2m98oSmnsjixDy4GfIJjy+8HBbkwS6iH+fsNk86QtAgFNMjBl+9YvEzNRBzcyCqdOkZFvvZvV2oYA7I15il4ln62PDPKjEIS3YPhZPSwc6GhrlsFTnIG56NF/93IhF7R/FA== JuiceSSH" config.krebs.users.lass-uriel.pubkey - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQ8DJhHAqmdrB2+qkV/OuKjR4QDXUww2TWItyDrs+/6F58WacMozgaZr2goA5JQJ5d19nC3LzYb4yLGguADsp987I6cAu5iXPT5PHKc0eRWDN+AGlpTgUtN1BvVrnJZaUJrR9WlHhFYlkOkzAsB15fKYciVWsyxBCVZ+3oiTEjs2L/sfbrgailWqHIUWDftUnJx8EFmSUVZ2GZWklMcgBo0FJD1i0x5u2dQGguNY+28DzQmKgUMS+xD/uUZvrFIWr9I6CBqhsuHJo8n85BT3B3QdG8ARLt5FKPr5L3My6UjlxOkKrDNLjJFjERFCsuIxnrO3tQhvKXQYlOyskHokocYSdcIq8svghJLA3kmRYIjHjZ4y1BNENsk79WyYNMAi5y+A0Evmu+g3ks/DiW3vI/Sw/D3Uc7ilbImpaoL5qUC4+WZM3J2b3Z1AU5D1QiojpKkB9Qt1bokCm8hrRCG9ZDKqAD6IqmI1ARRjfgA4zKwKUhmMqG4p55YGGVf9OeK0rXgX0Z2InyFXeBaU2aBcDfdKD/65w5MnC9CsJnjELdd4r9u2ugTPExzOo3WUlNuOTB1WoZ8CiY2OVGle/E/MzKUDfGuIFhUsFeX0YcLHPbo+mesISNUPaeadSuMuHE8W4FOeEq51toBo/gkxgjtqqWMOd9SxnDQTMBKq3L/w7nEQ== lass@mors" ]; } { @@ -174,6 +153,7 @@ in { imports = [ ../2configs/websites/wohnprojekt-rhh.de.nix ../2configs/websites/domsen.nix + ../2configs/websites/lassulus.nix ]; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport http"; target = "ACCEPT"; } @@ -186,34 +166,6 @@ in { }; } { - security.acme = { - certs."lassul.us" = { - email = "lass@lassul.us"; - webroot = "/var/lib/acme/challenges/lassul.us"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - "full.pem" - ]; - allowKeysForGroup = true; - group = "lasscert"; - }; - }; - users.groups.lasscert.members = [ - "dovecot2" - "ejabberd" - "exim" - "nginx" - ]; - krebs.nginx.servers."lassul.us" = { - server-names = [ "lassul.us" ]; - locations = [ - (lib.nameValuePair "/.well-known/acme-challenge" '' - root /var/lib/acme/challenges/lassul.us/; - '') - ]; - }; lass.ejabberd = { enable = true; hosts = [ "lassul.us" ]; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 2649ecab9..4b05e3296 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -49,6 +49,8 @@ in { mpv-poll yt-next + + youtube-tools #window manager stuff #haskellPackages.xmobar #haskellPackages.yeganesh diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 00a3612fd..3ed8be77f 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -29,6 +29,8 @@ with config.krebs.lib; { from = "finanzamt@lassul.us"; to = lass.mail; } { from = "netzclub@lassul.us"; to = lass.mail; } { from = "nebenan@lassul.us"; to = lass.mail; } + { from = "feed@lassul.us"; to = lass.mail; } + { from = "art@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 6e9138b61..73c96e876 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "354fd3728952c229fee4f2924737c601d7ab4725"; + ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; }; } diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 027f31fe0..eae583a84 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -92,6 +92,7 @@ in { (sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger") (sync-remote "xintmap" "https://github.com/4z3/xintmap") (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper") + (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog") (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs") (sync-retiolum "go") (sync-retiolum "much") diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index e05f40d97..3a3e60d39 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -191,7 +191,7 @@ in { server_set_id = $auth1 ''; internet-aliases = [ - { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } + { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; } { from = "mail@jla-trading.com"; to = "jla-trading"; } { from = "testuser@lassul.us"; to = "testuser"; } ]; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix new file mode 100644 index 000000000..04c19fad0 --- /dev/null +++ b/lass/2configs/websites/lassulus.nix @@ -0,0 +1,91 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; }) + genid + ; + +in { + imports = [ + ../git.nix + ]; + + security.acme = { + certs."lassul.us" = { + email = "lass@lassul.us"; + webroot = "/var/lib/acme/challenges/lassul.us"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + "full.pem" + ]; + allowKeysForGroup = true; + group = "lasscert"; + }; + certs."cgit.lassul.us" = { + email = "lassulus@gmail.com"; + webroot = "/var/lib/acme/challenges/cgit.lassul.us"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + ]; + group = "nginx"; + allowKeysForGroup = true; + }; + }; + + users.groups.lasscert.members = [ + "dovecot2" + "ejabberd" + "exim" + "nginx" + ]; + + krebs.nginx.servers."lassul.us" = { + server-names = [ "lassul.us" ]; + locations = [ + (nameValuePair "/" '' + root /srv/http/lassul.us; + '') + (nameValuePair "/.well-known/acme-challenge" '' + root /var/lib/acme/challenges/lassul.us/; + '') + ]; + ssl = { + enable = true; + certificate = "/var/lib/acme/lassul.us/fullchain.pem"; + certificate_key = "/var/lib/acme/lassul.us/key.pem"; + }; + }; + + krebs.nginx.servers.cgit = { + server-names = [ + "cgit.lassul.us" + ]; + locations = [ + (nameValuePair "/.well-known/acme-challenge" '' + root /var/lib/acme/challenges/cgit.lassul.us/; + '') + ]; + ssl = { + enable = true; + certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; + certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem"; + }; + }; + + users.users.blog = { + uid = genid "blog"; + description = "lassul.us blog deployment"; + home = "/srv/http/lassul.us"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; +} + |