From 740f8c8ccfca38d7fc164a8c99bb6df6249c0d22 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:35:00 +0100 Subject: l: move download stuff to yellow.r --- lass/2configs/downloading.nix | 65 ------------------------------------------- 1 file changed, 65 deletions(-) delete mode 100644 lass/2configs/downloading.nix (limited to 'lass/2configs') diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix deleted file mode 100644 index 8d0fb0d0..00000000 --- a/lass/2configs/downloading.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - users.extraUsers = { - download = { - name = "download"; - home = "/var/download"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - lass-shodan.pubkey - lass-icarus.pubkey - lass-daedalus.pubkey - lass-helios.pubkey - makefu.pubkey - wine-mors.pubkey - ]; - }; - - transmission = { - extraGroups = [ - "download" - ]; - }; - }; - - users.extraGroups = { - download = { - members = [ - "download" - "transmission" - ]; - }; - }; - - krebs.rtorrent = { - enable = true; - web = { - enable = true; - port = 9091; - basicAuth = import ; - }; - rutorrent.enable = true; - enableXMLRPC = true; - listenPort = 51413; - downloadDir = "/var/download/finished"; - # dump old torrents into watch folder to have them re-added - watchDir = "/var/download/watch"; - }; - - krebs.iptables = { - enable = true; - tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } - { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } - ]; - }; -} -- cgit v1.2.3 From 2a904d988555629deb043e6641434253d544d480 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:37:02 +0100 Subject: l: add nordvpn@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 9bb70d1c..1ee45bb4 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -93,6 +93,7 @@ with import ; { from = "neocron@lassul.us"; to = lass.mail; } { from = "osmocom@lassul.us"; to = lass.mail; } { from = "lesswrong@lassul.us"; to = lass.mail; } + { from = "nordvpn@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From 3f5d31bb2ef3ec4b9cc53d742e9303e1577fb260 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:37:42 +0100 Subject: l websites: remove deprecated stuff --- lass/2configs/websites/lassulus.nix | 16 ---------------- 1 file changed, 16 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index b72b2092..6470d86f 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -66,22 +66,6 @@ in { locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; - locations."/urlaubyay2018".extraConfig = '' - autoindex on; - alias /srv/http/lassul.us-media/india2018; - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' - paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 - ''}; - ''; - locations."/heilstadt".extraConfig = '' - autoindex on; - alias /srv/http/lassul.us-media/grabowsee2018; - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' - c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 - ''}; - ''; locations."/krebspage".extraConfig = '' default_type "text/html"; alias ${pkgs.krebspage}/index.html; -- cgit v1.2.3 From 2e81c4edeed70b9e5a94eb06be4692d757e2bce8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:43:01 +0100 Subject: l: add dummy-secret nordvpn.txt --- lass/2configs/tests/dummy-secrets/nordvpn.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 lass/2configs/tests/dummy-secrets/nordvpn.txt (limited to 'lass/2configs') diff --git a/lass/2configs/tests/dummy-secrets/nordvpn.txt b/lass/2configs/tests/dummy-secrets/nordvpn.txt new file mode 100644 index 00000000..e69de29b -- cgit v1.2.3 From cef8060bedcc33cf4b6e2781bdcbb97c2c0edba4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 07:48:49 +0100 Subject: l: override dmenu with fzfmenu --- lass/2configs/baseX.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9b44e8f0..d781f8c7 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -126,6 +126,12 @@ in { restartIfChanged = false; }; + nixpkgs.config.packageOverrides = super: { + dmenu = pkgs.writeDashBin "dmenu" '' + ${pkgs.fzfmenu}/bin/fzfmenu "$@" + ''; + }; + krebs.xresources.enable = true; lass.screenlock.enable = true; } -- cgit v1.2.3 From 0db666620399b996ff2755750f45113f039a8046 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 23:12:06 +0100 Subject: l binary-cache: fix nginx SSL config --- lass/2configs/binary-cache/server.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index 86158c46..d3775b5d 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -26,6 +26,7 @@ ''; }; virtualHosts."cache.krebsco.de" = { + forceSSL = true; serverAliases = [ "cache.lassul.us" ]; enableACME = true; locations."/".extraConfig = '' -- cgit v1.2.3 From 93e951f2b93fc3d3012f15fd27f9866254f90fa3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:46:17 +0100 Subject: l mail: add read/unread bindings --- lass/2configs/mail.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 9ea91ae1..36e797a9 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -174,6 +174,16 @@ let macro pager a "-archive\n" # tag as Archived + bind index U noop + bind index u noop + bind pager U noop + bind pager u noop + macro index U "+unread\n" + macro index u "-unread\n" + macro pager U "+unread\n" + macro pager u "-unread\n" + + bind index t noop bind pager t noop macro index t "" # tag as Archived -- cgit v1.2.3 From 2dc617874e001c25c1caceccd14ef7c1f74f73bc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 21:27:29 +0100 Subject: l: RIP fritz (uses helsinki) --- lass/2configs/websites/fritz.nix | 70 ---------------------------------------- 1 file changed, 70 deletions(-) delete mode 100644 lass/2configs/websites/fritz.nix (limited to 'lass/2configs') diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix deleted file mode 100644 index 14d6ce9e..00000000 --- a/lass/2configs/websites/fritz.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - inherit (import ) - genid - head - ; - inherit (import {inherit lib pkgs;}) - servePage - serveWordpress - ; - - msmtprc = pkgs.writeText "msmtprc" '' - account default - host localhost - ''; - - sendmail = pkgs.writeDash "msmtp" '' - exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" - ''; - -in { - - services.nginx.enable = true; - - imports = [ - ./default.nix - ./sqlBackup.nix - - (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ]) - - (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ]) - - (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ]) - - (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ]) - - (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ]) - - (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ]) - - (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ]) - ]; - - lass.mysqlBackup.config.all.databases = [ - "eastuttgart_de" - "radical_dreamers_de" - "spielwaren_kern_de" - "ttf_kleinaspach_de" - ]; - - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.fritz.pubkey - ]; - - users.users.goldbarrendiebstahl = { - home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de"; - uid = genid "goldbarrendiebstahl"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.fritz.pubkey - ]; - }; - - services.phpfpm.phpOptions = '' - sendmail_path = ${sendmail} -t - ''; -} -- cgit v1.2.3 From c84b3c35f9f248fcf3081fa7eb0cee706fd8ebeb Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 05:02:12 +0100 Subject: l blue-host: sync all permissions --- lass/2configs/blue-host.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index fba99674..9cf294af 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -81,6 +81,7 @@ in { host = "${host}.r", targetdir = "/var/lib/containers/.blue", rsync = { + archive = true, owner = true, group = true, }; -- cgit v1.2.3 From 79e5320e6b1da4d9d3569fe2b4f42c5d9db7c641 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 09:47:35 +0100 Subject: l: use genid_uint31 where needed --- lass/2configs/radio.nix | 3 +-- lass/2configs/websites/lassulus.nix | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 85faded1..987632cd 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -5,7 +5,6 @@ with import ; let name = "radio"; mainUser = config.users.extraUsers.mainUser; - inherit (import ) genid; admin-password = import ; source-password = import ; @@ -31,7 +30,7 @@ in { "${name}" = rec { inherit name; group = name; - uid = genid name; + uid = genid_uint31 name; description = "radio manager"; home = "/home/${name}"; useDefaultShell = true; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 6470d86f..17af0d00 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -3,7 +3,7 @@ with lib; let inherit (import ) - genid + genid_uint31 ; in { @@ -22,7 +22,7 @@ in { krebs.tinc_graphs.enable = true; users.users.lass-stuff = { - uid = genid "lass-stuff"; + uid = genid_uint31 "lass-stuff"; description = "lassul.us blog cgi stuff"; home = "/var/empty"; }; @@ -124,7 +124,7 @@ in { }; users.users.blog = { - uid = genid "blog"; + uid = genid_uint31 "blog"; description = "lassul.us blog deployment"; home = "/srv/http/lassul.us"; useDefaultShell = true; -- cgit v1.2.3