From 740f8c8ccfca38d7fc164a8c99bb6df6249c0d22 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 30 Nov 2018 04:35:00 +0100
Subject: l: move download stuff to yellow.r

---
 lass/1systems/prism/config.nix | 58 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 57 insertions(+), 1 deletion(-)

(limited to 'lass/1systems/prism')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index a9fbae69..57298b1b 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -207,7 +207,6 @@ with import <stockholm/lib>;
         RandomizedDelaySec = "2min";
       };
     }
-    <stockholm/lass/2configs/downloading.nix>
     <stockholm/lass/2configs/minecraft.nix>
     {
       services.taskserver = {
@@ -338,6 +337,63 @@ with import <stockholm/lib>;
       ];
 
     }
+    {
+      systemd.services."container@yellow".reloadIfChanged = mkForce false;
+      containers.yellow = {
+        config = { ... }: {
+          environment.systemPackages = [ pkgs.git ];
+          services.openssh.enable = true;
+          users.users.root.openssh.authorizedKeys.keys = [
+            config.krebs.users.lass.pubkey
+          ];
+        };
+        autoStart = false;
+        enableTun = true;
+        privateNetwork = true;
+        hostAddress = "10.233.2.13";
+        localAddress = "10.233.2.14";
+      };
+
+      services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = ''
+        if ($scheme != "https") {
+          rewrite ^ https://$host$uri permanent;
+        }
+        auth_basic "Restricted Content";
+        auth_basic_user_file ${pkgs.writeText "transmission-user-pass" ''
+          krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
+        ''};
+        proxy_pass http://10.233.2.14:9091;
+      '';
+
+      users.groups.download = {};
+      users.users = {
+        download = {
+          createHome = true;
+          group = "download";
+          name = "download";
+          home = "/var/download";
+          useDefaultShell = true;
+          openssh.authorizedKeys.keys = with config.krebs.users; [
+            lass.pubkey
+            lass-shodan.pubkey
+            lass-icarus.pubkey
+            lass-daedalus.pubkey
+            lass-helios.pubkey
+            makefu.pubkey
+            wine-mors.pubkey
+          ];
+        };
+      };
+
+      system.activationScripts.downloadFolder = ''
+        mkdir -p /var/download
+        chmod 775 /var/download
+        ln -fs /var/download/finished /var/lib/containers/yellow/var/download/finished || :
+        chown download: /var/download/finished
+        ln -fs /var/download/incoming /var/lib/containers/yellow/var/download/incoming || :
+        chown download: /var/download/incoming
+      '';
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.prism;
-- 
cgit v1.2.3


From 02350fd5ece71ea018583feadba51f5936803d80 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 30 Nov 2018 04:35:39 +0100
Subject: l prism.r: add /var/download mount

---
 lass/1systems/prism/physical.nix | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'lass/1systems/prism')

diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 4388c13f..116bdb92 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -25,6 +25,11 @@
     fsType = "zfs";
   };
 
+  fileSystems."/var/download" = {
+    device = "tank/download";
+    fsType = "zfs";
+  };
+
   fileSystems."/var/lib/containers" = {
     device = "tank/containers";
     fsType = "zfs";
-- 
cgit v1.2.3


From 7f5431a4999fea9626df300f707aa8c62de894e3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 30 Nov 2018 08:30:08 +0100
Subject: l prism.r: use symlinks correctly, remove incoming link

---
 lass/1systems/prism/config.nix | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'lass/1systems/prism')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 57298b1b..24fa3fd7 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -388,10 +388,8 @@ with import <stockholm/lib>;
       system.activationScripts.downloadFolder = ''
         mkdir -p /var/download
         chmod 775 /var/download
-        ln -fs /var/download/finished /var/lib/containers/yellow/var/download/finished || :
+        ln -fs /var/lib/containers/yellow/var/download/finished /var/download/finished || :
         chown download: /var/download/finished
-        ln -fs /var/download/incoming /var/lib/containers/yellow/var/download/incoming || :
-        chown download: /var/download/incoming
       '';
     }
   ];
-- 
cgit v1.2.3


From 7a0756c78a0d568001fa74e47c0f00aad94bd5fd Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 2 Dec 2018 05:44:57 +0100
Subject: l prism: fix download links (again)

---
 lass/1systems/prism/config.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/1systems/prism')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 24fa3fd7..0ca39447 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -388,7 +388,7 @@ with import <stockholm/lib>;
       system.activationScripts.downloadFolder = ''
         mkdir -p /var/download
         chmod 775 /var/download
-        ln -fs /var/lib/containers/yellow/var/download/finished /var/download/finished || :
+        ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
         chown download: /var/download/finished
       '';
     }
-- 
cgit v1.2.3


From 79e5320e6b1da4d9d3569fe2b4f42c5d9db7c641 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 3 Dec 2018 09:47:35 +0100
Subject: l: use genid_uint31 where needed

---
 lass/1systems/prism/config.nix | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'lass/1systems/prism')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 0ca39447..e2097e93 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -25,7 +25,7 @@ with import <stockholm/lib>;
     { # TODO make new hfos.nix out of this vv
       boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
       users.users.riot = {
-        uid = genid "riot";
+        uid = genid_uint31 "riot";
         isNormalUser = true;
         extraGroups = [ "libvirtd" ];
         openssh.authorizedKeys.keys = [
@@ -44,21 +44,21 @@ with import <stockholm/lib>;
     }
     {
       users.users.tv = {
-        uid = genid "tv";
+        uid = genid_uint31 "tv";
         isNormalUser = true;
         openssh.authorizedKeys.keys = [
           config.krebs.users.tv.pubkey
         ];
       };
       users.users.makefu = {
-        uid = genid "makefu";
+        uid = genid_uint31 "makefu";
         isNormalUser = true;
         openssh.authorizedKeys.keys = [
           config.krebs.users.makefu.pubkey
         ];
       };
       users.extraUsers.dritter = {
-        uid = genid "dritter";
+        uid = genid_uint31 "dritter";
         isNormalUser = true;
         extraGroups = [
           "download"
@@ -75,7 +75,7 @@ with import <stockholm/lib>;
         ];
       };
       users.users.hellrazor = {
-        uid = genid "hellrazor";
+        uid = genid_uint31 "hellrazor";
         isNormalUser = true;
         extraGroups = [
           "download"
@@ -168,7 +168,7 @@ with import <stockholm/lib>;
     }
     {
       users.users.jeschli = {
-        uid = genid "jeschli";
+        uid = genid_uint31 "jeschli";
         isNormalUser = true;
         openssh.authorizedKeys.keys = with config.krebs.users; [
           jeschli.pubkey
-- 
cgit v1.2.3


From d04c6be43d5c63f98a0c89aad512f19f1ffa6329 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 6 Dec 2018 14:20:04 +0100
Subject: l prism.r: add dnsmasq for wireguard

---
 lass/1systems/prism/config.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'lass/1systems/prism')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index e2097e93..83cc9677 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -323,6 +323,15 @@ with import <stockholm/lib>;
           }
         ];
       };
+      services.dnsmasq = {
+        enable = true;
+        resolveLocalQueries = false;
+
+        extraConfig= ''
+          except-interface=lo
+          interface=wg0
+        '';
+      };
     }
     {
       krebs.iptables.tables.filter.INPUT.rules = [
-- 
cgit v1.2.3