From 6bf12a65f534103771f51e74b7d750dd1ce42d29 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 31 Oct 2015 00:10:43 +0100 Subject: l 2 downloading: allow login via ssh --- lass/2configs/downloading.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lass/2configs/downloading.nix') diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 5052da5c8..b8b20d0ed 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -1,5 +1,6 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: +with lib; { imports = [ ../3modules/folderPerms.nix @@ -10,9 +11,13 @@ name = "download"; home = "/var/download"; createHome = true; + useDefaultShell = true; extraGroups = [ "download" ]; + openssh.authorizedKeys.keys = map readFile [ + ../../krebs/Zpubkeys/lass.ssh.pub + ]; }; transmission = { -- cgit v1.2.3 From 7fc5c721f41869bf45a2da776db63950f905b7a0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 31 Oct 2015 00:11:45 +0100 Subject: l 2 downloading: open ports for transmission --- lass/2configs/downloading.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass/2configs/downloading.nix') diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index b8b20d0ed..553a3a557 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -48,6 +48,7 @@ with lib; rpc-username = "download"; #add rpc-password in secrets rpc-password = "test123"; + peer-port = 51413; }; }; @@ -55,6 +56,8 @@ with lib; enable = true; tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } + { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } ]; }; -- cgit v1.2.3 From 10fc9eb4ee5151bee86026cd81a73d333551b612 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 31 Oct 2015 15:09:43 +0100 Subject: l 2: get ssh-keys via api --- lass/2configs/downloading.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/2configs/downloading.nix') diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 553a3a557..b9f3449e4 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -15,8 +15,8 @@ with lib; extraGroups = [ "download" ]; - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; -- cgit v1.2.3 From e8d41346d34cf24652e8e77fab6bb0a0dd86a199 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 31 Oct 2015 15:11:15 +0100 Subject: l 2 downloading: get rpc-password from secrets --- lass/2configs/downloading.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'lass/2configs/downloading.nix') diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index b9f3449e4..e80b74007 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -1,7 +1,10 @@ { config, lib, pkgs, ... }: with lib; -{ + +let + rpc-password = import ; +in { imports = [ ../3modules/folderPerms.nix ]; @@ -46,8 +49,7 @@ with lib; rpc-authentication-required = true; rpc-whitelist-enabled = false; rpc-username = "download"; - #add rpc-password in secrets - rpc-password = "test123"; + inherit rpc-password; peer-port = 51413; }; }; -- cgit v1.2.3