From 817efa5f9d26effaa4c7a8efd6710fec4eb33300 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 27 Apr 2018 15:14:35 +0200
Subject: l prism.r: kill kaepsele container

---
 lass/1systems/prism/config.nix | 20 --------------------
 1 file changed, 20 deletions(-)

(limited to 'lass/1systems/prism/config.nix')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 983604f8..68f1826b 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -189,26 +189,6 @@ in {
         localAddress = "10.233.2.2";
       };
     }
-    {
-      #kaepsele
-      systemd.services."container@kaepsele".reloadIfChanged = mkForce false;
-      containers.kaepsele = {
-        config = { ... }: {
-          imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
-          environment.systemPackages = [ pkgs.git ];
-          services.openssh.enable = true;
-          users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
-            lass.pubkey
-            tv.pubkey
-          ];
-        };
-        autoStart = true;
-        enableTun = true;
-        privateNetwork = true;
-        hostAddress = "10.233.2.3";
-        localAddress = "10.233.2.4";
-      };
-    }
     {
       #onondaga
       systemd.services."container@onondaga".reloadIfChanged = mkForce false;
-- 
cgit v1.2.3


From 2701bdd97f0f2ea8681b1d66670eb68ea0f11017 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 27 Apr 2018 19:34:36 +0200
Subject: l: use prometheus as monitoring

---
 lass/1systems/prism/config.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'lass/1systems/prism/config.nix')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 68f1826b..f8178a20 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -217,13 +217,12 @@ in {
     <stockholm/lass/2configs/repo-sync.nix>
     <stockholm/lass/2configs/binary-cache/server.nix>
     <stockholm/lass/2configs/iodined.nix>
-    <stockholm/lass/2configs/monitoring/server.nix>
-    <stockholm/lass/2configs/monitoring/monit-alarms.nix>
     <stockholm/lass/2configs/paste.nix>
     <stockholm/lass/2configs/syncthing.nix>
     <stockholm/lass/2configs/reaktor-coders.nix>
     <stockholm/lass/2configs/ciko.nix>
     <stockholm/lass/2configs/container-networking.nix>
+    <stockholm/lass/2configs/monitoring/prometheus-server.nix>
     { # quasi bepasty.nix
       imports = [
         <stockholm/lass/2configs/bepasty.nix>
-- 
cgit v1.2.3


From 92c123397188ae6cf115197862e8d79015995356 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 17:26:43 +0200
Subject: l prism.r: run go-shortener

---
 lass/1systems/prism/config.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/1systems/prism/config.nix')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index f8178a20..7b581d90 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -303,6 +303,7 @@ in {
         { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
       ];
     }
+    <stockholm/lass/2configs/go.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.prism;
-- 
cgit v1.2.3


From 1820b1753011eb42bb9be30011e6fbd11993b201 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 23:18:05 +0200
Subject: l: add red.r

---
 lass/1systems/prism/config.nix | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'lass/1systems/prism/config.nix')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 7b581d90..d1faf77b 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -304,6 +304,34 @@ in {
       ];
     }
     <stockholm/lass/2configs/go.nix>
+    {
+      environment.systemPackages = [ pkgs.cryptsetup ];
+      systemd.services."container@red".reloadIfChanged = mkForce false;
+      containers.red = {
+        config = { ... }: {
+          environment.systemPackages = [ pkgs.git ];
+          services.openssh.enable = true;
+          users.users.root.openssh.authorizedKeys.keys = [
+            config.krebs.users.lass.pubkey
+          ];
+        };
+        autoStart = false;
+        enableTun = true;
+        privateNetwork = true;
+        hostAddress = "10.233.2.3";
+        localAddress = "10.233.2.4";
+      };
+      services.nginx.virtualHosts."rote-allez-fraktion.de" = {
+        enableACME = true;
+        addSSL = true;
+        locations."/" = {
+          extraConfig = ''
+            proxy_set_header Host rote-allez-fraktion.de;
+            proxy_pass http://10.233.2.4;
+          '';
+        };
+      };
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.prism;
-- 
cgit v1.2.3


From 02e24615adeac1ab6062ba83748eafe7418ac3ed Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 1 May 2018 15:36:07 +0200
Subject: l prism.r: enable ipv4 forwarding

---
 lass/1systems/prism/config.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/1systems/prism/config.nix')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index d1faf77b..89ea749c 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -104,6 +104,7 @@ in {
       ];
     }
     { # TODO make new hfos.nix out of this vv
+      boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
       users.users.riot = {
         uid = genid "riot";
         isNormalUser = true;
-- 
cgit v1.2.3