From 07a56f4d03da08739cafe7c0006a01a9ff8e345a Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 8 Apr 2019 19:02:42 +0200 Subject: l mors.r: disable hardening --- lass/1systems/mors/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems/mors') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 250d96e53..fa5fb5518 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -36,7 +36,7 @@ with import ; - + # { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain -- cgit v1.2.3 From 6e28354f923f25b4bddc4835fe1d1457de71412c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 16:36:34 +0200 Subject: l: sync .weechat --- lass/1systems/mors/config.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass/1systems/mors') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index fa5fb5518..52bcc9e15 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -52,10 +52,12 @@ with import ; krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; } + { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; } { -- cgit v1.2.3 From 0dc099791b311afabf4ce26de98e9ab628b2d2a0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:41:51 +0200 Subject: l mors.r: add dns update scripts --- lass/1systems/mors/config.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'lass/1systems/mors') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 52bcc9e15..3db29a712 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -137,6 +137,18 @@ with import ; (pkgs.writeDashBin "btc-kraken" '' ${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]' '') + (pkgs.writeDashBin "krebsco.de" '' + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + ${pkgs.brain}/bin/brain show krebs-secrets/ovh-secrets.json > "$TMPDIR"/ovh-secrets.json + OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.krebszones}/bin/krebszones import + ${pkgs.coreutils}/bin/rm -rf "$TMPDIR" + '') + (pkgs.writeDashBin "lassul.us" '' + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + ${pkgs.pass}/bin/pass show admin/ovh/api.config > "$TMPDIR"/ovh-secrets.json + OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.ovh-zone}/bin/ovh-zone import /etc/zones/lassul.us lassul.us + ${pkgs.coreutils}/bin/rm -rf "$TMPDIR" + '') ]; #TODO: fix this shit -- cgit v1.2.3 From 2e6376fbd04000597557e69bce0c00ee0db5277e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:50:47 +0200 Subject: l mors.r: sync the_playlist with prism.r --- lass/1systems/mors/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems/mors') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 3db29a712..706c3f58b 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -51,7 +51,7 @@ with import ; { krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } - { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; } + { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" "prism" ]; } { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ -- cgit v1.2.3 From bfff3b0a698bd5a7ea1f90511c2578bdb4828b97 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:00:06 +0200 Subject: l: reorganize syncs --- lass/1systems/mors/config.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'lass/1systems/mors') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 706c3f58b..01410cdb6 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -26,6 +26,8 @@ with import ; + + @@ -50,14 +52,10 @@ with import ; } { krebs.syncthing.folders = [ - { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" "prism" ]; } - { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ - { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } - { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; } { -- cgit v1.2.3 From 9f19b5f9619688a8249c0db5fcc9aec4d2fc7fbf Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:05:20 +0200 Subject: l mors.r: add transgui to pkgs --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems/mors') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 01410cdb6..69b931a95 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -92,6 +92,7 @@ with import ; pkgs.ovh-zone pkgs.bank pkgs.adb-sync + pkgs.transgui ]; } { -- cgit v1.2.3 From d0d3fcb2d2b9ed82dd1ff2864b9fbbd88aa65ff4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:24:50 +0200 Subject: l mors.r: remove chromecast firewall rule --- lass/1systems/mors/config.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lass/1systems/mors') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 69b931a95..7e183f40f 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -43,8 +43,6 @@ with import ; krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } - #chromecast - { predicate = "-p udp -m multiport --sports 32768:61000 -m multiport --dports 32768:61000"; target = "ACCEPT"; } #quake3 { predicate = "-p tcp --dport 27950:27965"; target = "ACCEPT"; } { predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; } -- cgit v1.2.3 From 2a89d6587d5ee5d3151b5e5be05e152a539e78d0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 18 Apr 2019 10:16:02 +0200 Subject: l syncs: use permown, use attrs --- lass/1systems/mors/config.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'lass/1systems/mors') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 7e183f40f..f911b79d6 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -49,12 +49,15 @@ with import ; ]; } { - krebs.syncthing.folders = [ - { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" "prism" ]; } - ]; - lass.ensure-permissions = [ - { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } - ]; + krebs.syncthing.folders."the_playlist" = { + path = "/home/lass/tmp/the_playlist"; + peers = [ "mors" "phone" "prism" ]; + }; + krebs.permown."/home/lass/tmp/the_playlist" = { + owner = "lass"; + group = "syncthing"; + umask = "0007"; + }; } { lass.umts = { -- cgit v1.2.3