summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/prism.nix50
-rw-r--r--lass/2configs/baseX.nix2
-rw-r--r--lass/2configs/exim-smarthost.nix2
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--lass/2configs/repo-sync.nix1
-rw-r--r--lass/2configs/websites/domsen.nix2
-rw-r--r--lass/2configs/websites/lassulus.nix91
7 files changed, 99 insertions, 51 deletions
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 51d106b5e..8b4f1d7a2 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -25,26 +25,6 @@ in {
../2configs/binary-cache/server.nix
../2configs/iodined.nix
{
- imports = [
- ../2configs/git.nix
- ];
- krebs.nginx.servers.cgit = {
- server-names = [
- "cgit.lassul.us"
- ];
- locations = [
- (nameValuePair "/.well-known/acme-challenge" ''
- root /var/lib/acme/challenges/cgit.lassul.us/;
- '')
- ];
- ssl = {
- enable = true;
- certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
- certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem";
- };
- };
- }
- {
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
# Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
@@ -164,7 +144,6 @@ in {
users.users.chat.openssh.authorizedKeys.keys = [
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHF9tijlMoEevRZCG1AggukxWggfxPHUwg6Ye113ODG6PZ2m98oSmnsjixDy4GfIJjy+8HBbkwS6iH+fsNk86QtAgFNMjBl+9YvEzNRBzcyCqdOkZFvvZvV2oYA7I15il4ln62PDPKjEIS3YPhZPSwc6GhrlsFTnIG56NF/93IhF7R/FA== JuiceSSH"
config.krebs.users.lass-uriel.pubkey
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQ8DJhHAqmdrB2+qkV/OuKjR4QDXUww2TWItyDrs+/6F58WacMozgaZr2goA5JQJ5d19nC3LzYb4yLGguADsp987I6cAu5iXPT5PHKc0eRWDN+AGlpTgUtN1BvVrnJZaUJrR9WlHhFYlkOkzAsB15fKYciVWsyxBCVZ+3oiTEjs2L/sfbrgailWqHIUWDftUnJx8EFmSUVZ2GZWklMcgBo0FJD1i0x5u2dQGguNY+28DzQmKgUMS+xD/uUZvrFIWr9I6CBqhsuHJo8n85BT3B3QdG8ARLt5FKPr5L3My6UjlxOkKrDNLjJFjERFCsuIxnrO3tQhvKXQYlOyskHokocYSdcIq8svghJLA3kmRYIjHjZ4y1BNENsk79WyYNMAi5y+A0Evmu+g3ks/DiW3vI/Sw/D3Uc7ilbImpaoL5qUC4+WZM3J2b3Z1AU5D1QiojpKkB9Qt1bokCm8hrRCG9ZDKqAD6IqmI1ARRjfgA4zKwKUhmMqG4p55YGGVf9OeK0rXgX0Z2InyFXeBaU2aBcDfdKD/65w5MnC9CsJnjELdd4r9u2ugTPExzOo3WUlNuOTB1WoZ8CiY2OVGle/E/MzKUDfGuIFhUsFeX0YcLHPbo+mesISNUPaeadSuMuHE8W4FOeEq51toBo/gkxgjtqqWMOd9SxnDQTMBKq3L/w7nEQ== lass@mors"
];
}
{
@@ -174,6 +153,7 @@ in {
imports = [
../2configs/websites/wohnprojekt-rhh.de.nix
../2configs/websites/domsen.nix
+ ../2configs/websites/lassulus.nix
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
@@ -186,34 +166,6 @@ in {
};
}
{
- security.acme = {
- certs."lassul.us" = {
- email = "lass@lassul.us";
- webroot = "/var/lib/acme/challenges/lassul.us";
- plugins = [
- "account_key.json"
- "key.pem"
- "fullchain.pem"
- "full.pem"
- ];
- allowKeysForGroup = true;
- group = "lasscert";
- };
- };
- users.groups.lasscert.members = [
- "dovecot2"
- "ejabberd"
- "exim"
- "nginx"
- ];
- krebs.nginx.servers."lassul.us" = {
- server-names = [ "lassul.us" ];
- locations = [
- (lib.nameValuePair "/.well-known/acme-challenge" ''
- root /var/lib/acme/challenges/lassul.us/;
- '')
- ];
- };
lass.ejabberd = {
enable = true;
hosts = [ "lassul.us" ];
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 2649ecab9..4b05e3296 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -49,6 +49,8 @@ in {
mpv-poll
yt-next
+
+ youtube-tools
#window manager stuff
#haskellPackages.xmobar
#haskellPackages.yeganesh
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 00a3612fd..3ed8be77f 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -29,6 +29,8 @@ with config.krebs.lib;
{ from = "finanzamt@lassul.us"; to = lass.mail; }
{ from = "netzclub@lassul.us"; to = lass.mail; }
{ from = "nebenan@lassul.us"; to = lass.mail; }
+ { from = "feed@lassul.us"; to = lass.mail; }
+ { from = "art@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 6e9138b61..73c96e876 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "354fd3728952c229fee4f2924737c601d7ab4725";
+ ref = "b8ede35d2efa96490857c22c751e75d600bea44f";
};
}
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index 027f31fe0..eae583a84 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -92,6 +92,7 @@ in {
(sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger")
(sync-remote "xintmap" "https://github.com/4z3/xintmap")
(sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper")
+ (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog")
(sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs")
(sync-retiolum "go")
(sync-retiolum "much")
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index e05f40d97..3a3e60d39 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -191,7 +191,7 @@ in {
server_set_id = $auth1
'';
internet-aliases = [
- { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
+ { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
];
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
new file mode 100644
index 000000000..04c19fad0
--- /dev/null
+++ b/lass/2configs/websites/lassulus.nix
@@ -0,0 +1,91 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+ inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ genid
+ ;
+
+in {
+ imports = [
+ ../git.nix
+ ];
+
+ security.acme = {
+ certs."lassul.us" = {
+ email = "lass@lassul.us";
+ webroot = "/var/lib/acme/challenges/lassul.us";
+ plugins = [
+ "account_key.json"
+ "key.pem"
+ "fullchain.pem"
+ "full.pem"
+ ];
+ allowKeysForGroup = true;
+ group = "lasscert";
+ };
+ certs."cgit.lassul.us" = {
+ email = "lassulus@gmail.com";
+ webroot = "/var/lib/acme/challenges/cgit.lassul.us";
+ plugins = [
+ "account_key.json"
+ "key.pem"
+ "fullchain.pem"
+ ];
+ group = "nginx";
+ allowKeysForGroup = true;
+ };
+ };
+
+ users.groups.lasscert.members = [
+ "dovecot2"
+ "ejabberd"
+ "exim"
+ "nginx"
+ ];
+
+ krebs.nginx.servers."lassul.us" = {
+ server-names = [ "lassul.us" ];
+ locations = [
+ (nameValuePair "/" ''
+ root /srv/http/lassul.us;
+ '')
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/lassul.us/;
+ '')
+ ];
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/lassul.us/fullchain.pem";
+ certificate_key = "/var/lib/acme/lassul.us/key.pem";
+ };
+ };
+
+ krebs.nginx.servers.cgit = {
+ server-names = [
+ "cgit.lassul.us"
+ ];
+ locations = [
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/cgit.lassul.us/;
+ '')
+ ];
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
+ certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem";
+ };
+ };
+
+ users.users.blog = {
+ uid = genid "blog";
+ description = "lassul.us blog deployment";
+ home = "/srv/http/lassul.us";
+ useDefaultShell = true;
+ createHome = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ ];
+ };
+}
+