From 1a88a8ae6447528fc505607f680573c501fc2273 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 12 Dec 2018 18:41:51 +0100 Subject: ma events-publisher: use 1.0.0 --- makefu/1systems/gum/config.nix | 109 +++++++++++++++-------------------------- 1 file changed, 40 insertions(+), 69 deletions(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index a1691da3a..dcfa3d0e5 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -21,8 +21,12 @@ in { ]; }; } + # + + + { services.smartd.devices = builtins.map (x: { device = x; }) allDisks; } # Security @@ -31,6 +35,8 @@ in { + + # @@ -42,17 +48,47 @@ in { # + { # bonus retiolum config for connecting more hosts + krebs.tinc.retiolum = { + extraConfig = '' + ListenAddress = ${external-ip} 53 + ListenAddress = ${external-ip} 655 + ListenAddress = ${external-ip} 21031 + ''; + connectTo = [ + "prism" "ni" "enklave" "eve" "archprism" + ]; + }; + networking.firewall = { + allowedTCPPorts = + [ + 53 + 655 + 21031 + ]; + allowedUDPPorts = + [ + 53 + 655 + 21031 + ]; + }; + } # ci # + # services - + # + { + krebs.exim.enable = mkForce false; + } # sharing @@ -60,13 +96,6 @@ in { # ## # - { # ncdc - environment.systemPackages = [ pkgs.ncdc ]; - networking.firewall = { - allowedUDPPorts = [ 51411 ]; - allowedTCPPorts = [ 51411 ]; - }; - } # ## network @@ -92,10 +121,9 @@ in { # # - + # - @@ -104,7 +132,6 @@ in { - # # sharing @@ -118,7 +145,8 @@ in { # krebs infrastructure services - ]; + ]; + makefu.dl-dir = "/var/download"; services.openssh.hostKeys = [ @@ -128,71 +156,14 @@ in { services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; krebs.build.host = config.krebs.hosts.gum; - krebs.tinc.retiolum = { - extraConfig = '' - ListenAddress = ${external-ip} 53 - ListenAddress = ${external-ip} 655 - ListenAddress = ${external-ip} 21031 - ''; - connectTo = [ - "prism" "ni" "enklave" "eve" "archprism" - ]; - }; - - - # access - users.users = { - root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; - makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; - }; - - # Chat - environment.systemPackages = with pkgs;[ - weechat - bepasty-client-cli - tmux - ]; - - # Hardware - # Network networking = { firewall = { allowPing = true; logRefusedConnections = false; - allowedTCPPorts = [ - # smtp - 25 - # http - 80 443 - # httptunnel - 8080 8443 - # tinc - 655 - # tinc-shack - 21032 - # tinc-retiolum - 21031 - # taskserver - 53589 - # temp vnc - 18001 - # temp reverseshell - 31337 - ]; - allowedUDPPorts = [ - # tinc - 655 53 - # tinc-retiolum - 21031 - # tinc-shack - 21032 - ]; }; nameservers = [ "8.8.8.8" ]; }; users.users.makefu.extraGroups = [ "download" "nginx" ]; - services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - boot.tmpOnTmpfs = true; state = [ "/home/makefu/.weechat" ]; } -- cgit v1.2.3