From acd91d2263840c6c4b97195239c4e1a1f8287cdf Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 27 Jan 2022 12:19:47 +0100 Subject: krebs modules: reorder main imports --- krebs/3modules/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index b58b5203..cc4f4d49 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -19,13 +19,13 @@ let ./current.nix ./dns.nix ./ergo.nix - ./exim.nix ./exim-retiolum.nix ./exim-smarthost.nix + ./exim.nix ./fetchWallpaper.nix + ./git.nix ./github-hosts-sync.nix ./github-known-hosts.nix - ./git.nix ./go.nix ./hidden-ssh.nix ./hosts.nix @@ -38,11 +38,12 @@ let ./nixpkgs.nix ./on-failure.nix ./os-release.nix - ./permown.nix ./per-user.nix + ./permown.nix ./power-action.nix ./reaktor2.nix ./realwallpaper.nix + ./repo-sync.nix ./retiolum-bootstrap.nix ./rtorrent.nix ./secret.nix @@ -55,7 +56,6 @@ let ./tinc_graphs.nix ./upstream ./urlwatch.nix - ./repo-sync.nix ./xresources.nix ./zones.nix ]; -- cgit v1.2.3 From 109f6ab1c5bef23922c6e96b3f3f2dedc81b6d78 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 27 Jan 2022 12:20:31 +0100 Subject: krebs modules: reorder externals --- krebs/3modules/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index cc4f4d49..e8f0d35e 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -102,13 +102,13 @@ let imp = lib.mkMerge [ { krebs = import ./external { inherit config; }; } + { krebs = import ./external/kmein.nix { inherit config; }; } + { krebs = import ./external/mic92.nix { inherit config; }; } + { krebs = import ./external/palo.nix { inherit config; }; } { krebs = import ./jeschli { inherit config; }; } { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } - { krebs = import ./external/palo.nix { inherit config; }; } - { krebs = import ./external/mic92.nix { inherit config; }; } - { krebs = import ./external/kmein.nix { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { -- cgit v1.2.3 From 8c81dde1f3b3ce8edcad2ca42ff973c06c13d788 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 28 Jan 2022 23:34:21 +0100 Subject: l: add acl module --- lass/3modules/acl.nix | 64 +++++++++++++++++++++++++++++++++++++++++++++++ lass/3modules/default.nix | 1 + 2 files changed, 65 insertions(+) create mode 100644 lass/3modules/acl.nix diff --git a/lass/3modules/acl.nix b/lass/3modules/acl.nix new file mode 100644 index 00000000..b87ca2e0 --- /dev/null +++ b/lass/3modules/acl.nix @@ -0,0 +1,64 @@ +{ config, lib, pkgs, ... }: let + generateACLs = attrs: + lib.mapAttrsToList (path: rules: pkgs.writeDash "acl-${builtins.baseNameOf path}" '' + mkdir -p "${path}" + ${generateRules rules path} + '') attrs; + + generateRules = rules: path: + lib.concatStrings ( + lib.mapAttrsToList (_: rule: '' + setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path} + ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"} + ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))} + '') rules + ); + + parents = dir: + if dir == "/" then + [ dir ] + else + [ dir ] ++ parents (builtins.dirOf dir) + ; +in { + options.lass.acl = lib.mkOption { + type = lib.types.attrsOf (lib.types.attrsOf (lib.types.submodule ({ config, ... }: { + options = { + rule = lib.mkOption { + type = lib.types.str; + default = config._module.args.name; + }; + default = lib.mkOption { + type = lib.types.bool; + default = !config.parents; + }; + recursive = lib.mkOption { + type = lib.types.bool; + default = !config.parents; + }; + parents = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + apply ACL to every parent folder + ''; + }; + }; + }))); + default = {}; + }; + config = lib.mkIf (config.lass.acl != {}) { + systemd.services.set_acl = { + wantedBy = [ "multi-user.target" ]; + path = [ + pkgs.acl + pkgs.coreutils + ]; + serviceConfig = { + ExecStart = generateACLs config.lass.acl; + RemainAfterExit = true; + Type = "oneshot"; + }; + }; + }; +} diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 570bb45b..0373bd44 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -1,6 +1,7 @@ _: { imports = [ + ./acl.nix ./dnsmasq.nix ./folderPerms.nix ./hosts.nix -- cgit v1.2.3 From 088ff202cc41d516279ea8671d76c1716589df7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 28 Jan 2022 10:13:51 +0100 Subject: mic92: drop ipv4 for yasmin, nardole, bill, graham, ryan --- krebs/3modules/external/mic92.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 27a2beed..45a139d8 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -306,7 +306,6 @@ in { aliases = [ "yasmin.i" ]; }; nets.retiolum = { - ip4.addr = "10.243.29.197"; aliases = [ "yasmin.r" ]; @@ -414,7 +413,6 @@ in { }; retiolum = { via = internet; - ip4.addr = "10.243.29.195"; aliases = [ "bill.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -445,7 +443,6 @@ in { }; retiolum = { via = internet; - ip4.addr = "10.243.29.173"; aliases = [ "nardole.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -736,7 +733,6 @@ in { }; retiolum = { via = internet; - ip4.addr = "10.243.29.198"; aliases = [ "ryan.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -764,7 +760,6 @@ in { }; retiolum = { via = internet; - ip4.addr = "10.243.29.199"; aliases = [ "graham.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From 248b3459c7102b094987b8ce9c798f001faacde9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 28 Jan 2022 10:36:12 +0100 Subject: mic92: drop philipsaendig, drop rock ip4 --- krebs/3modules/external/mic92.nix | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 45a139d8..dd6f4f45 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -279,25 +279,6 @@ in { ''; }; }; - philipsaendig = { - owner = config.krebs.users.mic92; - nets.retiolum = { - ip4.addr = "10.243.29.193"; - aliases = [ - "philipsaendig.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAyWdCrXD0M9CIt0ZgVB6W5ozOvLDoxPmGzLBJUnAZV8f9oqfaIEIX - 5TIaxozN3QMEgS0ChaOHTNFiQZjiiwJL/wPx1eFvKfDkkn7ayrRS/pP+bKhcDpKl - 4tPejipee9T2ZhYg9tbk291CDBe1fHR5S2F8kPm8OuqwE2Fv9N8wldcsDLxHcTZl - +wp4Oe/Wn5WLvZb3SUao17vKnNBLfMMCGC01yRfhZub41NkGYVWBjErsIVxQ+/rF - Y7DdCekus+BQCKz+beEmtzG7d0Xwqwkif51HQ05CvwFNEtdUGodd8OrIO+gpIV6S - oN+Q5zxsenLo6QRfsLD+nn7A7qbzd57kUwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; yasmin = { owner = config.krebs.users.mic92; nets.internet = { @@ -467,7 +448,6 @@ in { owner = config.krebs.users.mic92; nets = { retiolum = { - ip4.addr = "10.243.29.171"; aliases = [ "rock.r" ]; -- cgit v1.2.3 From 57341fa82f22806032e5411261a7bba6d0c5384f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 29 Jan 2022 19:14:21 +0100 Subject: l acl: use a simple unit per path --- lass/3modules/acl.nix | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/lass/3modules/acl.nix b/lass/3modules/acl.nix index b87ca2e0..81eeae92 100644 --- a/lass/3modules/acl.nix +++ b/lass/3modules/acl.nix @@ -1,19 +1,4 @@ { config, lib, pkgs, ... }: let - generateACLs = attrs: - lib.mapAttrsToList (path: rules: pkgs.writeDash "acl-${builtins.baseNameOf path}" '' - mkdir -p "${path}" - ${generateRules rules path} - '') attrs; - - generateRules = rules: path: - lib.concatStrings ( - lib.mapAttrsToList (_: rule: '' - setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path} - ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"} - ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))} - '') rules - ); - parents = dir: if dir == "/" then [ dir ] @@ -48,17 +33,23 @@ in { default = {}; }; config = lib.mkIf (config.lass.acl != {}) { - systemd.services.set_acl = { + systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceChars ["/"] ["_"] path}" { wantedBy = [ "multi-user.target" ]; path = [ pkgs.acl pkgs.coreutils ]; serviceConfig = { - ExecStart = generateACLs config.lass.acl; + ExecStart = pkgs.writers.writeDash "acl" (lib.concatStrings ( + lib.mapAttrsToList (_: rule: '' + setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path} + ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"} + ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))} + '') rules + )); RemainAfterExit = true; - Type = "oneshot"; + Type = "simple"; }; - }; + }) config.lass.acl; }; } -- cgit v1.2.3 From fca55dd3e94fed2a9d903341f0ffa79bc42f062d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 29 Jan 2022 19:14:53 +0100 Subject: tinc: restart via reload for less downtimes --- krebs/3modules/tinc.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 21ddde1c..4a54d295 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -233,6 +233,7 @@ with import ; cfg.iproutePackage cfg.tincPackage ]; + reloadIfChanged = true; serviceConfig = { Restart = "always"; LoadCredential = filter (x: x != "") [ @@ -260,7 +261,7 @@ with import ; "-o PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/rsa_key" "--pidfile=/var/run/tinc.${netname}.pid" ]; - ExecReload = "${cfg.tincPackage}/sbin/tinc -n ${netname} reload"; + ExecReload = "${cfg.tincPackage}/sbin/tinc -n ${netname} restart"; SyslogIdentifier = netname; }; }) config.krebs.tinc; -- cgit v1.2.3 From 510bfbc9b22416359a116f9cdbab74207372b2f5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 29 Jan 2022 19:23:36 +0100 Subject: sync-containers: remove obsolete .decalartive --- krebs/3modules/ci.nix | 2 ++ krebs/3modules/sync-containers.nix | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 822dbab6..5efe4178 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -166,6 +166,8 @@ let nick = "buildbot|${hostname}", notify_events = [ 'started', 'finished', 'failure', 'success', 'exception', 'problem' ], channels = [{"channel": "#xxx"}], + showBlameList = True, + authz={'force': True}, ) '']; diff --git a/krebs/3modules/sync-containers.nix b/krebs/3modules/sync-containers.nix index e47f9a3a..e2caa083 100644 --- a/krebs/3modules/sync-containers.nix +++ b/krebs/3modules/sync-containers.nix @@ -97,7 +97,7 @@ in { ${pkgs.coreutils}/bin/chmod a+x /var/lib/containers || : ''; - services.syncthing.declarative.folders = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({ + services.syncthing.folders = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({ devices = ctr.peers; ignorePerms = false; })) cfg.containers); -- cgit v1.2.3 From 9597300c4dc47c32fb2a8ec86e8e91657b78cc07 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 29 Jan 2022 20:50:32 +0100 Subject: types.tinc.extraConfig: str -> lines --- lib/types.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/types.nix b/lib/types.nix index 318e2f23..f312b734 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -7,7 +7,7 @@ let mkOptionType optional optionalAttrs optionals range splitString stringLength substring test testString typeOf; inherit (lib.types) - attrsOf bool either enum int listOf nullOr path str submodule; + attrsOf bool either enum int lines listOf nullOr path str submodule; in rec { @@ -211,7 +211,7 @@ rec { extraConfig = mkOption { description = "Extra Configuration to be appended to the hosts file"; default = ""; - type = str; + type = lines; }; port = mkOption { type = int; -- cgit v1.2.3 From 7ec575267cb7d8e7f6636911ececddccac062ab6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 29 Jan 2022 23:45:55 +0100 Subject: tinc.extraConfig: str -> lines --- krebs/3modules/tinc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 4a54d295..31371af5 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -48,7 +48,7 @@ with import ; }; extraConfig = mkOption { - type = types.str; + type = types.lines; default = ""; description = '' Extra Configuration to be appended to tinc.conf -- cgit v1.2.3 From 100b6fc2438db6ca2c7abe0ad525be3b1dd64895 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 30 Jan 2022 10:47:23 +0100 Subject: move acl module to krebs --- krebs/3modules/acl.nix | 55 +++++++++++++++++++++++++++++++++++++ krebs/3modules/default.nix | 1 + lass/2configs/sync/the_playlist.nix | 6 ++-- lass/3modules/acl.nix | 55 ------------------------------------- lass/3modules/default.nix | 1 - 5 files changed, 59 insertions(+), 59 deletions(-) create mode 100644 krebs/3modules/acl.nix delete mode 100644 lass/3modules/acl.nix diff --git a/krebs/3modules/acl.nix b/krebs/3modules/acl.nix new file mode 100644 index 00000000..9cdbb6cf --- /dev/null +++ b/krebs/3modules/acl.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, ... }: let + parents = dir: + if dir == "/" then + [ dir ] + else + [ dir ] ++ parents (builtins.dirOf dir) + ; +in { + options.krebs.acl = lib.mkOption { + type = lib.types.attrsOf (lib.types.attrsOf (lib.types.submodule ({ config, ... }: { + options = { + rule = lib.mkOption { + type = lib.types.str; + default = config._module.args.name; + }; + default = lib.mkOption { + type = lib.types.bool; + default = !config.parents; + }; + recursive = lib.mkOption { + type = lib.types.bool; + default = !config.parents; + }; + parents = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + apply ACL to every parent folder + ''; + }; + }; + }))); + default = {}; + }; + config = { + systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceChars ["/"] ["_"] path}" { + wantedBy = [ "multi-user.target" ]; + path = [ + pkgs.acl + pkgs.coreutils + ]; + serviceConfig = { + ExecStart = pkgs.writers.writeDash "acl" (lib.concatStrings ( + lib.mapAttrsToList (_: rule: '' + setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path} + ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"} + ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))} + '') rules + )); + RemainAfterExit = true; + Type = "simple"; + }; + }) config.krebs.acl; + }; +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e8f0d35e..fc57d818 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,6 +6,7 @@ let out = { imports = [ + ./acl.nix ./airdcpp.nix ./announce-activation.nix ./apt-cacher-ng.nix diff --git a/lass/2configs/sync/the_playlist.nix b/lass/2configs/sync/the_playlist.nix index 5bbf790a..d8b17d23 100644 --- a/lass/2configs/sync/the_playlist.nix +++ b/lass/2configs/sync/the_playlist.nix @@ -3,7 +3,7 @@ path = "/home/lass/tmp/the_playlist"; devices = [ "mors" "phone" "prism" ]; }; - lass.acl."/home/lass/tmp/the_playlist"."u:syncthing:X".parents = true; - lass.acl."/home/lass/tmp/the_playlist"."u:syncthing:rwX" = {}; - lass.acl."/home/lass/tmp/the_playlist"."u:lass:rwX" = {}; + krebs.acl."/home/lass/tmp/the_playlist"."u:syncthing:X".parents = true; + krebs.acl."/home/lass/tmp/the_playlist"."u:syncthing:rwX" = {}; + krebs.acl."/home/lass/tmp/the_playlist"."u:lass:rwX" = {}; } diff --git a/lass/3modules/acl.nix b/lass/3modules/acl.nix deleted file mode 100644 index 81eeae92..00000000 --- a/lass/3modules/acl.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, lib, pkgs, ... }: let - parents = dir: - if dir == "/" then - [ dir ] - else - [ dir ] ++ parents (builtins.dirOf dir) - ; -in { - options.lass.acl = lib.mkOption { - type = lib.types.attrsOf (lib.types.attrsOf (lib.types.submodule ({ config, ... }: { - options = { - rule = lib.mkOption { - type = lib.types.str; - default = config._module.args.name; - }; - default = lib.mkOption { - type = lib.types.bool; - default = !config.parents; - }; - recursive = lib.mkOption { - type = lib.types.bool; - default = !config.parents; - }; - parents = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - apply ACL to every parent folder - ''; - }; - }; - }))); - default = {}; - }; - config = lib.mkIf (config.lass.acl != {}) { - systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceChars ["/"] ["_"] path}" { - wantedBy = [ "multi-user.target" ]; - path = [ - pkgs.acl - pkgs.coreutils - ]; - serviceConfig = { - ExecStart = pkgs.writers.writeDash "acl" (lib.concatStrings ( - lib.mapAttrsToList (_: rule: '' - setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path} - ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"} - ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))} - '') rules - )); - RemainAfterExit = true; - Type = "simple"; - }; - }) config.lass.acl; - }; -} diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 0373bd44..570bb45b 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -1,7 +1,6 @@ _: { imports = [ - ./acl.nix ./dnsmasq.nix ./folderPerms.nix ./hosts.nix -- cgit v1.2.3 From af2faf380358fca09ee429690875c89eb965ea82 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 30 Jan 2022 10:52:13 +0100 Subject: l the_playlist: share with omo --- lass/2configs/sync/the_playlist.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/sync/the_playlist.nix b/lass/2configs/sync/the_playlist.nix index d8b17d23..c01a11cc 100644 --- a/lass/2configs/sync/the_playlist.nix +++ b/lass/2configs/sync/the_playlist.nix @@ -1,7 +1,7 @@ { services.syncthing.folders.the_playlist = { path = "/home/lass/tmp/the_playlist"; - devices = [ "mors" "phone" "prism" ]; + devices = [ "mors" "phone" "prism" "omo" ]; }; krebs.acl."/home/lass/tmp/the_playlist"."u:syncthing:X".parents = true; krebs.acl."/home/lass/tmp/the_playlist"."u:syncthing:rwX" = {}; -- cgit v1.2.3 From be042e3446905e2517b530403bacc63b6de49d34 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Feb 2022 13:52:21 +0100 Subject: gum.r: set weight to over 9000 we do this so we never route via gum, which tends to eat our packets and makes it impossible to connect to other peers via gum. --- krebs/3modules/makefu/default.nix | 3 +++ lass/2configs/retiolum.nix | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index b3c09db7..f87802b4 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -219,6 +219,9 @@ in { retiolum = { via = internet; ip4.addr = "10.243.0.213"; + # never connect via gum (he eats your packets!) + tinc.weight = 9001; + aliases = [ "gum.r" "backup.makefu.r" diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index a305d3e1..d4d97a88 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -28,9 +28,6 @@ ''; }; - # never connect via gum (he eats our packets!) - krebs.hosts.gum.nets.retiolum.tinc.weight = 9000; - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; -- cgit v1.2.3