From 3090179491a0988190b37b2309db4c0baef1ceed Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 4 Jan 2019 16:35:09 +0100
Subject: l: enable o.xanf.org nextcloud

---
 lass/1systems/prism/physical.nix | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'lass/1systems/prism')

diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 116bdb92f..159ee0c90 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -40,6 +40,11 @@
     fsType = "zfs";
   };
 
+  fileSystems."/var/lib/nextcloud" = {
+    device = "tank/nextcloud";
+    fsType = "zfs";
+  };
+
   nix.maxJobs = lib.mkDefault 8;
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
 
-- 
cgit v1.2.3


From 81c4e313d75db79c2a5228d5e5634983a8701001 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 4 Jan 2019 17:25:50 +0100
Subject: l prism: mount libvirt dir on tank zfs

---
 lass/1systems/prism/physical.nix | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'lass/1systems/prism')

diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 159ee0c90..a2b5efb29 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -45,6 +45,11 @@
     fsType = "zfs";
   };
 
+  fileSystems."/var/lib/libvirt" = {
+    device = "tank/libvirt";
+    fsType = "zfs";
+  };
+
   nix.maxJobs = lib.mkDefault 8;
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
 
-- 
cgit v1.2.3


From 77baef49ab6c461e293c27bf51bd0e2cc5f200f4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 22 Jan 2019 16:26:30 +0100
Subject: l prism.r hfos: update ip addresses

---
 lass/1systems/prism/config.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lass/1systems/prism')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index df2778bef..dbd4ceb1c 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -36,10 +36,10 @@ with import <stockholm/lib>;
       # TODO write function for proxy_pass (ssl/nonssl)
 
       krebs.iptables.tables.filter.FORWARD.rules = [
-        { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
+        { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; }
       ];
       krebs.iptables.tables.nat.PREROUTING.rules = [
-        { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
+        { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; }
       ];
     }
     {
-- 
cgit v1.2.3


From b3587bfbfa74c5581987e0dd965189d51d96bcce Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 22 Jan 2019 16:27:18 +0100
Subject: l prism.r: add uid for download user

---
 lass/1systems/prism/config.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/1systems/prism')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index dbd4ceb1c..b4a514d54 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -379,6 +379,7 @@ with import <stockholm/lib>;
           name = "download";
           home = "/var/download";
           useDefaultShell = true;
+          uid = genid "download";
           openssh.authorizedKeys.keys = with config.krebs.users; [
             lass.pubkey
             lass-shodan.pubkey
-- 
cgit v1.2.3


From c893dbd47960335402a9727c879f6f92c104aaf4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 22 Jan 2019 16:27:56 +0100
Subject: l prism.r: add Mic92 to trustedUsers

---
 lass/1systems/prism/config.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'lass/1systems/prism')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index b4a514d54..23746d210 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -421,6 +421,16 @@ with import <stockholm/lib>;
          { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
       ];
     }
+    {
+      nix.trustedUsers = [ "Mic92" ];
+      users.users.Mic92 = {
+        uid = genid_uint31 "Mic92";
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [
+          config.krebs.users.Mic92.pubkey
+        ];
+      };
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.prism;
-- 
cgit v1.2.3


From 04297e6c094a13051ee54d700d6fe55ad1f1ede5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 22 Jan 2019 16:28:50 +0100
Subject: l prism.r: add new ip

---
 lass/1systems/prism/physical.nix | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'lass/1systems/prism')

diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index a2b5efb29..9a84e9d63 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -63,9 +63,15 @@
     defaultGateway = "95.216.1.129";
     # Use google's public DNS server
     nameservers = [ "8.8.8.8" ];
-    interfaces.eth0 = {
-      ipAddress = "95.216.1.150";
-      prefixLength = 26;
-    };
+    interfaces.eth0.ipv4.addresses = [
+      {
+        address = "95.216.1.150";
+        prefixLength = 26;
+      }
+      {
+        address = "95.216.1.130";
+        prefixLength = 26;
+      }
+    ];
   };
 }
-- 
cgit v1.2.3