From c4350d4f28b3a021791b70d104848f3419ffc498 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 00:18:51 +0200
Subject: l 1 prism: add new mount for o.ubikmedia.de

---
 lass/1systems/prism.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lass/1systems/prism.nix')

diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 4d40c8d5..9eb1d54d 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -79,6 +79,10 @@ in {
         device = "/dev/pool/download";
       };
 
+      fileSystems."/srv/http/o.ubikmedia.de" = {
+        device = "/dev/pool/owncloud-ubik";
+      };
+
     }
     {
       sound.enable = false;
-- 
cgit v1.2.3


From fae50b203d7d3211eec1221fb07f97416edc729c Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 00:36:22 +0200
Subject: l 1 prism: update JuiceSSH key

---
 lass/1systems/prism.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/1systems/prism.nix')

diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 9eb1d54d..db4f1f60 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -123,7 +123,7 @@ in {
     }
     {
       users.users.chat.openssh.authorizedKeys.keys = [
-        "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH"
+        "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBQjn/3n283RZkBs2CFqbpukyQ3zkLIjewRpKttPa5d4PUiT7/vOlutWH5EP4BxXQSoeZStx8D2alGjxfK+nfDvRJGGofpm23cN4j4i24Fcam1y1H7wqRXO1qbz5AB3qPg== JuiceSSH"
         config.krebs.users.lass-uriel.pubkey
       ];
     }
-- 
cgit v1.2.3


From 38e5cc513cabd4a145bb78db71aa7387bb4278fa Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 9 Apr 2016 00:36:38 +0200
Subject: l 1 prism: allow https in iptables

---
 lass/1systems/prism.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lass/1systems/prism.nix')

diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index db4f1f60..4f6770c3 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -136,7 +136,8 @@ in {
         ../2configs/websites/domsen.nix
       ];
       krebs.iptables.tables.filter.INPUT.rules = [
-         { predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
+         { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
+         { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
       ];
     }
     {
-- 
cgit v1.2.3


From 375277a3c67102fc887b7b67837c8977035d8227 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 11 Apr 2016 16:43:52 +0200
Subject: l 1 prism: new fileschema for better backups

---
 lass/1systems/prism.nix | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'lass/1systems/prism.nix')

diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 80dd8c4e..09a802b5 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -77,8 +77,16 @@ in {
         device = "/dev/pool/download";
       };
 
-      fileSystems."/srv/http/o.ubikmedia.de" = {
-        device = "/dev/pool/owncloud-ubik";
+      fileSystems."/srv/http" = {
+        device = "/dev/pool/http";
+      };
+
+      fileSystems."/srv/o.ubikmedia.de-data" = {
+        device = "/dev/pool/owncloud-ubik-data";
+      };
+
+      fileSystems."/bku" = {
+        device = "/dev/pool/bku";
       };
 
     }
-- 
cgit v1.2.3


From fa039a83d8c2d5f2756856794461ac9795a6ee11 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 12 Apr 2016 15:17:42 +0200
Subject: l 1 *: import exim config from l 2 exim-*

---
 lass/1systems/prism.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/1systems/prism.nix')

diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 09a802b5..e1743c99 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -6,6 +6,7 @@ in {
   imports = [
     ../.
     ../2configs/base.nix
+    ../2configs/exim-smarthost.nix
     ../2configs/downloading.nix
     ../2configs/git.nix
     ../2configs/ts3.nix
-- 
cgit v1.2.3


From 3b2cb2a3f73ad58c489ae854f829d5a4bf723e17 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 15 Apr 2016 14:39:03 +0200
Subject: l 2: base.nix -> default.nix

---
 lass/1systems/prism.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/1systems/prism.nix')

diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index e1743c99..6b674a10 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -5,7 +5,7 @@ let
 in {
   imports = [
     ../.
-    ../2configs/base.nix
+    ../2configs/default.nix
     ../2configs/exim-smarthost.nix
     ../2configs/downloading.nix
     ../2configs/git.nix
-- 
cgit v1.2.3


From 49dcb0771e2e0f2592e356e22f9b784b7ec1a158 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 15 Apr 2016 16:15:22 +0200
Subject: l 1 prism: import privoxy config

---
 lass/1systems/prism.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/1systems/prism.nix')

diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 6b674a10..233ae564 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -12,6 +12,7 @@ in {
     ../2configs/ts3.nix
     ../2configs/bitlbee.nix
     ../2configs/weechat.nix
+    ../2configs/privoxy-retiolum.nix
     {
       users.extraGroups = {
         # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
-- 
cgit v1.2.3


From 9a8179c39069a290433add4c8829eceb8a726e98 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 15 Apr 2016 16:16:36 +0200
Subject: l 1 prism: disable tor client mode

---
 lass/1systems/prism.nix | 1 -
 1 file changed, 1 deletion(-)

(limited to 'lass/1systems/prism.nix')

diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 233ae564..3eb20893 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -151,7 +151,6 @@ in {
     {
       services.tor = {
         enable = true;
-        client.enable = true;
       };
     }
   ];
-- 
cgit v1.2.3


From 6584cf5b92422c525a60dda5f8381fb10ec763bc Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 19 Apr 2016 12:06:13 +0200
Subject: l 1 prism: import buildbot-standalone

---
 lass/1systems/prism.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/1systems/prism.nix')

diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 3eb20893..2587a8b6 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -13,6 +13,7 @@ in {
     ../2configs/bitlbee.nix
     ../2configs/weechat.nix
     ../2configs/privoxy-retiolum.nix
+    ../2configs/buildbot-standalone.nix
     {
       users.extraGroups = {
         # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
-- 
cgit v1.2.3


From 99d6704398ad24bb42b0dc0a9ca12620caa0220a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 19 Apr 2016 15:44:34 +0200
Subject: l 1 prism: override nixpkgs for buildbot

---
 lass/1systems/prism.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'lass/1systems/prism.nix')

diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 2587a8b6..4c0b4e69 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -13,7 +13,16 @@ in {
     ../2configs/bitlbee.nix
     ../2configs/weechat.nix
     ../2configs/privoxy-retiolum.nix
-    ../2configs/buildbot-standalone.nix
+    {
+      #we need to use old sqlite for buildbot
+      imports = [
+        ../2configs/buildbot-standalone.nix
+      ];
+      krebs.build.source.nixpkgs = lib.mkForce {
+        url = https://github.com/NixOS/nixpkgs;
+        rev = "0d05f172b27e94d9eea3257f42d7e03371e63acc";
+      };
+    }
     {
       users.extraGroups = {
         # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
-- 
cgit v1.2.3


From ac35c00c0454842b20146fad4be16fce628b6816 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 20 May 2016 00:02:10 +0200
Subject: l 1 prism: remove nixpkgs override

---
 lass/1systems/prism.nix | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'lass/1systems/prism.nix')

diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 4c0b4e69..e69fc545 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -18,10 +18,6 @@ in {
       imports = [
         ../2configs/buildbot-standalone.nix
       ];
-      krebs.build.source.nixpkgs = lib.mkForce {
-        url = https://github.com/NixOS/nixpkgs;
-        rev = "0d05f172b27e94d9eea3257f42d7e03371e63acc";
-      };
     }
     {
       users.extraGroups = {
-- 
cgit v1.2.3


From 3c4c71436ade88ec1e6e74bd8af4b4d77a03884e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 20 May 2016 00:02:29 +0200
Subject: l 1 prism: start ejabberd & acme

---
 lass/1systems/prism.nix | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

(limited to 'lass/1systems/prism.nix')

diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index e69fc545..406acda5 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -2,6 +2,10 @@
 
 let
   ip = config.krebs.build.host.nets.internet.ip4.addr;
+
+  inherit (import ../../4lib { inherit lib pkgs; })
+    manageCerts;
+
 in {
   imports = [
     ../.
@@ -159,6 +163,38 @@ in {
         enable = true;
       };
     }
+    {
+      security.acme = {
+        certs."lassul.us" = {
+          email = "lass@lassul.us";
+          webroot = "/var/lib/acme/challenges/lassul.us";
+          plugins = [
+            "account_key.json"
+            "key.pem"
+            "fullchain.pem"
+            "full.pem"
+          ];
+          user = "ejabberd";
+        };
+      };
+      krebs.nginx.servers."lassul.us" = {
+        server-names = [ "lassul.us" ];
+        locations = [
+          (lib.nameValuePair "/.well-known/acme-challenge" ''
+            root /var/lib/acme/challenges/lassul.us/;
+          '')
+        ];
+      };
+      lass.ejabberd = {
+        enable = true;
+        hosts = [ "lassul.us" ];
+        certfile = "/var/lib/acme/lassul.us/full.pem";
+      };
+      krebs.iptables.tables.filter.INPUT.rules = [
+        { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
+        { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
+      ];
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.prism;
-- 
cgit v1.2.3


From 7559fbb735ced3a3d6216fdf1bf8ec9e57f25ddb Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 21 May 2016 13:49:31 +0200
Subject: l 1 prism: import radio.nix

---
 lass/1systems/prism.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/1systems/prism.nix')

diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 406acda5..aa524720 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -17,6 +17,7 @@ in {
     ../2configs/bitlbee.nix
     ../2configs/weechat.nix
     ../2configs/privoxy-retiolum.nix
+    ../2configs/radio.nix
     {
       #we need to use old sqlite for buildbot
       imports = [
-- 
cgit v1.2.3