1 files changed, 55 insertions, 30 deletions

diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index 819a208a..6627d87b 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -1,47 +1,72 @@
 { config, lib, pkgs, ... }:
 
+with lib;
 let
 
-  ip = (lib.head config.krebs.build.host.nets.internet.addrs4);
+  external-ip = head config.krebs.build.host.nets.internet.addrs4;
+  internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
 in {
   imports = [
-    ../../tv/2configs/CAC-CentOS-7-64bit.nix
-    ../2configs/base.nix
-    ../2configs/base-sources.nix
-    ../2configs/tinc-basic-retiolum.nix
+      # TODO: copy this config or move to krebs
+      ../../tv/2configs/CAC-CentOS-7-64bit.nix
+      ../2configs/base.nix
+      ../2configs/unstable-sources.nix
+      ../2configs/tinc-basic-retiolum.nix
+
+      ../2configs/bepasty-dual.nix
+
+      ../2configs/iodined.nix
+
+      # Reaktor
+      ../2configs/Reaktor/simpleExtend.nix
   ];
 
-  networking.firewall.allowPing = true;
-  networking.interfaces.enp2s1.ip4 = [
-      {
-        address = ip;
-        prefixLength = 24;
-      }
-    ];
-    networking.defaultGateway = "104.233.87.1";
-    networking.nameservers = [
-      "8.8.8.8"
-    ];
+  krebs.build = {
+    user = config.krebs.users.makefu;
+    target = "root@wry";
+    host = config.krebs.hosts.wry;
+  };
 
-  # based on ../../tv/2configs/CAC-Developer-2.nix
-  sound.enable = false;
+
+
+  krebs.Reaktor.enable = true;
+
+  # bepasty to listen only on the correct interfaces
+  krebs.bepasty.servers.internal.nginx.listen  = [ "${internal-ip}:80" ];
+  krebs.bepasty.servers.external.nginx.listen  = [ "${external-ip}:80" "${external-ip}:443 ssl" ];
 
   # prepare graphs
-  nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
   krebs.nginx.enable = true;
-  makefu.tinc_graphs.enable = true;
-  makefu.tinc_graphs.krebsNginx = {
+  krebs.retiolum-bootstrap.enable = true;
+
+  nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
+  krebs.tinc_graphs = {
     enable = true;
-    # TODO: remove hard-coded hostname
-    hostnames_complete  = [ "graphs.wry" ];
-    hostnames_anonymous = [ "graphs.krebsco.de" ];
+    nginx = {
+      enable = true;
+      # TODO: remove hard-coded hostname
+      complete = {
+        listen = [ "${internal-ip}:80" ];
+        server-names = [ "graphs.wry" ];
+      };
+      anonymous = {
+        listen = [ "${external-ip}:80" ] ;
+        server-names = [ "graphs.krebsco.de" ];
+      };
+    };
   };
-  networking.firewall.allowedTCPPorts = [80];
-
-  krebs.build = {
-    user = config.krebs.users.makefu;
-    target = "root@${ip}";
-    host = config.krebs.hosts.wry;
+  networking = {
+    firewall.allowPing = true;
+    firewall.allowedTCPPorts = [ 53 80 443 ];
+    interfaces.enp2s1.ip4 = [{
+      address = external-ip;
+      prefixLength = 24;
+    }];
+    defaultGateway = "104.233.87.1";
+    nameservers = [ "8.8.8.8" ];
   };
 
+
+  # based on ../../tv/2configs/CAC-Developer-2.nix
+  sound.enable = false;
 }