From 797dd8cc2ac3b67ec385e0350db1c3c77012486f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:44:57 +0200 Subject: l: sync more with syncthing --- lass/2configs/syncthing.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 164e8967..842abc19 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -3,6 +3,7 @@ with import ; { services.syncthing = { enable = true; + group = "syncthing"; }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} @@ -14,7 +15,15 @@ with import ; key = toString ; peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); folders = [ - { path = "/tmp/testsync"; peers = [ "icarus" "mors" "skynet" ]; } + { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism"]; } ]; }; + + system.activationScripts.syncthing-home = '' + ${pkgs.coreutils}/bin/chmod a+x /home/lass + ''; + + lass.ensure-permissions = [ + { folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; } + ]; } -- cgit v1.2.3 From 15fe4f74471fd4da438a7939fbad50ca41ae36b5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:58:28 +0200 Subject: l backups: don't mount /backups --- lass/2configs/backup.nix | 8 -------- 1 file changed, 8 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix index d23cf9a4..94272fdb 100644 --- a/lass/2configs/backup.nix +++ b/lass/2configs/backup.nix @@ -2,19 +2,11 @@ with import ; { - fileSystems = { - "/backups" = { - device = "/dev/pool/backup"; - fsType = "ext4"; - }; - }; users.users.backup = { useDefaultShell = true; home = "/backups"; createHome = true; openssh.authorizedKeys.keys = with config.krebs.hosts; [ - mors.ssh.pubkey - prism.ssh.pubkey blue.ssh.pubkey ]; }; -- cgit v1.2.3 From cbc493e82b1550b5fb1715fd78a05d0ba3a4745b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:05:03 +0200 Subject: l blue: open port 9998 --- lass/2configs/blue.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index cdd77e84..aad8411b 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -23,8 +23,8 @@ with (import ); krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";} - { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";} - { predicate = "-i wiregrill -p tcp --dport 9999"; target = "ACCEPT";} + { predicate = "-i retiolum -p tcp --dport 9998:9999"; target = "ACCEPT";} + { predicate = "-i wiregrill -p tcp --dport 9998:9999"; target = "ACCEPT";} ]; systemd.services.chat = let -- cgit v1.2.3 From d820e42a584160f3ff7d00a8ccf19ae82717ba90 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:08:11 +0200 Subject: l: import backup.nix --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 085cc04b..646d3e0c 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -4,6 +4,7 @@ with import ; imports = [ ./binary-cache/client.nix + ./backup.nix ./gc.nix ./mc.nix ./vim.nix -- cgit v1.2.3 From d817fe8a18625eb684f06de97e058f66ebbea50d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:08:32 +0200 Subject: l: don't authorize shodan/icarus --- lass/2configs/default.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 646d3e0c..9dc2eed2 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -43,8 +43,6 @@ with import ; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey - config.krebs.users.lass-shodan.pubkey - config.krebs.users.lass-icarus.pubkey ]; }; }; -- cgit v1.2.3 From 7d971fc78e35bbc0a84d51b45a5aaa18dfa65a59 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:09:37 +0200 Subject: l icarus.r: share prism in local network --- lass/2configs/prism-share.nix | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 lass/2configs/prism-share.nix (limited to 'lass/2configs') diff --git a/lass/2configs/prism-share.nix b/lass/2configs/prism-share.nix new file mode 100644 index 00000000..70e616ec --- /dev/null +++ b/lass/2configs/prism-share.nix @@ -0,0 +1,39 @@ +with import ; +{ config, pkgs, ... }: + +{ + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 139"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 445"; target = "ACCEPT"; } + { predicate = "-p udp --dport 137"; target = "ACCEPT"; } + { predicate = "-p udp --dport 138"; target = "ACCEPT"; } + ]; + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + services.samba = { + enable = true; + enableNmbd = true; + shares = { + incoming = { + path = "/mnt/prism"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} -- cgit v1.2.3 From 7bcf1f327a16b2cd4d54742f1689cc46ec99cb44 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:11:38 +0200 Subject: l virtualbox: disable ExtensionPack --- lass/2configs/virtualbox.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index cfb835d7..cd270bdf 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -6,7 +6,6 @@ let in { #services.virtualboxHost.enable = true; virtualisation.virtualbox.host.enable = true; - nixpkgs.config.virtualbox.enableExtensionPack = true; virtualisation.virtualbox.host.enableHardening = false; users.extraUsers = { -- cgit v1.2.3 From 33283cb99c9a9494f8530542f1ab72a432b1709c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:14:54 +0200 Subject: l: remove prometheus monitoring --- lass/2configs/default.nix | 1 - lass/2configs/monitoring/node-exporter.nix | 15 -- lass/2configs/monitoring/prometheus-server.nix | 217 ------------------------- 3 files changed, 233 deletions(-) delete mode 100644 lass/2configs/monitoring/node-exporter.nix delete mode 100644 lass/2configs/monitoring/prometheus-server.nix (limited to 'lass/2configs') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 9dc2eed2..7ee83c17 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -8,7 +8,6 @@ with import ; ./gc.nix ./mc.nix ./vim.nix - ./monitoring/node-exporter.nix ./zsh.nix ./htop.nix ./security-workarounds.nix diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix deleted file mode 100644 index 561e3a25..00000000 --- a/lass/2configs/monitoring/node-exporter.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; } - { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; } - ]; - services.prometheus.exporters = { - node = { - enable = true; - enabledCollectors = [ - "systemd" - ]; - }; - }; -} diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix deleted file mode 100644 index b7083c77..00000000 --- a/lass/2configs/monitoring/prometheus-server.nix +++ /dev/null @@ -1,217 +0,0 @@ -{ pkgs, lib, config, ... }: -{ - #networking = { - # firewall.allowedTCPPorts = [ - # 3000 # grafana - # 9090 # prometheus - # 9093 # alertmanager - # ]; - # useDHCP = true; - #}; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; } - ]; - - services = { - prometheus = { - enable = true; - extraFlags = [ - "-storage.local.retention 8760h" - "-storage.local.series-file-shrink-ratio 0.3" - "-storage.local.memory-chunks 2097152" - "-storage.local.max-chunks-to-persist 1048576" - "-storage.local.index-cache-size.fingerprint-to-metric 2097152" - "-storage.local.index-cache-size.fingerprint-to-timerange 1048576" - "-storage.local.index-cache-size.label-name-to-label-values 2097152" - "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040" - ]; - alertmanagerURL = [ "http://localhost:9093" ]; - rules = [ - '' - ALERT node_down - IF up == 0 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Node is down.", - description = "{{$labels.alias}} has been down for more than 5 minutes." - } - ALERT node_systemd_service_failed - IF node_systemd_unit_state{state="failed"} == 1 - FOR 4m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.", - description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}." - } - ALERT node_filesystem_full_90percent - IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Filesystem is running out of space soon.", - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem." - } - ALERT node_filesystem_full_in_4h - IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0 - FOR 5m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.", - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours" - } - ALERT node_filedescriptors_full_in_3h - IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum - FOR 20m - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.", - description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours" - } - ALERT node_load1_90percent - IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9 - FOR 1h - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: Running on high load.", - description = "{{$labels.alias}} is running with > 90% total load for at least 1h." - } - ALERT node_cpu_util_90percent - IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90 - FOR 1h - LABELS { - severity="page" - } - ANNOTATIONS { - summary = "{{$labels.alias}}: High CPU utilization.", - description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h." - } - ALERT node_ram_using_90percent - IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1 - FOR 30m - LABELS { - severity="page" - } - ANNOTATIONS { - summary="{{$labels.alias}}: Using lots of RAM.", - description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.", - } - ALERT node_swap_using_80percent - IF node_memory_SwapTotal - (node_memory_SwapFree + node_memory_SwapCached) > node_memory_SwapTotal * 0.8 - FOR 10m - LABELS { - severity="page" - } - ANNOTATIONS { - summary="{{$labels.alias}}: Running out of swap soon.", - description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now." - } - '' - ]; - scrapeConfigs = [ - { - job_name = "node"; - scrape_interval = "10s"; - static_configs = [ - { - targets = [ - ] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts)); - #labels = { - # alias = "prometheus.example.com"; - #}; - } - ]; - } - ]; - alertmanager = { - enable = true; - listenAddress = "0.0.0.0"; - configuration = { - "global" = { - "smtp_smarthost" = "smtp.example.com:587"; - "smtp_from" = "alertmanager@example.com"; - }; - "route" = { - "group_by" = [ "alertname" "alias" ]; - "group_wait" = "30s"; - "group_interval" = "2m"; - "repeat_interval" = "4h"; - "receiver" = "team-admins"; - }; - "receivers" = [ - { - "name" = "team-admins"; - "email_configs" = [ - { - "to" = "devnull@example.com"; - } - ]; - "webhook_configs" = [ - { - "url" = "http://127.0.0.1:14813/prometheus-alerts"; - "send_resolved" = true; - } - ]; - } - ]; - }; - }; - }; - grafana = { - enable = true; - addr = "0.0.0.0"; - domain = "grafana.example.com"; - rootUrl = "https://grafana.example.com/"; - auth.anonymous.enable = true; - auth.anonymous.org_role = "Admin"; - }; - }; - services.logstash = { - enable = true; - inputConfig = '' - http { - port => 14813 - host => "127.0.0.1" - } - ''; - filterConfig = '' - if ([alerts]) { - ruby { - code => ' - lines = [] - event["alerts"].each {|p| - lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}" - } - event["output"] = lines.join("\n") - ' - } - } - ''; - outputConfig = '' - file { path => "/tmp/logs.json" codec => "json_lines" } - irc { - channels => [ "#noise" ] - host => "irc.r" - nick => "alarm" - codec => "json_lines" - format => "%{output}" - } - ''; - #plugins = [ ]; - }; -} -- cgit v1.2.3 From 2fcb0f760b59a1d01c5b003b45751e80b93bf443 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:18:07 +0200 Subject: l baseX: add xephyrify to pkgs --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1d2d1173..26d6622a 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -79,6 +79,7 @@ in { taskwarrior termite xclip + xephyrify xorg.xbacklight xorg.xhost xsel -- cgit v1.2.3 From a93670a60ee8fd21794846c4526d68aa2f244556 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:18:46 +0200 Subject: l: open port 19999 (netdata) --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 7ee83c17..972b4760 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -209,6 +209,7 @@ with import ; { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } { predicate = "-i retiolum -p udp -m udp --dport 53"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 19999"; target = "ACCEPT"; } ]; }; }; -- cgit v1.2.3 From 77c702b2043e19a98490af80776d9d4cad289a6b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:19:13 +0200 Subject: l mail: add more addresses --- lass/2configs/exim-smarthost.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 55529542..aec59261 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -97,6 +97,9 @@ with import ; { from = "csv-direct@lassul.us"; to = lass.mail; } { from = "nintendo@lassul.us"; to = lass.mail; } { from = "overleaf@lassul.us"; to = lass.mail; } + { from = "box@lassul.us"; to = lass.mail; } + { from = "paloalto@lassul.us"; to = lass.mail; } + { from = "subtitles@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From db87be09f833f148725251dc1f36ac0ed9945e4a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:22:39 +0200 Subject: l mail: filter more mails to security tag --- lass/2configs/mail.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 52d380b7..cc8a6083 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -60,7 +60,10 @@ let paypal = [ "to:paypal@lassul.us" ]; ptl = [ "to:ptl@posttenebraslab.ch" ]; retiolum = [ "to:lass@mors.r" ]; - security = [ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" ]; + security = [ + "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" + "to:security-announce@lists.apple.com" + ]; shack = [ "to:shackspace.de" ]; steam = [ "to:steam@lassul.us" ]; tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ]; -- cgit v1.2.3 From 036f0e90525f81c02119680cdcf9b114b1b8bde8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:22:51 +0200 Subject: l mail: add muchsync to pkgs --- lass/2configs/mail.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index cc8a6083..0803846a 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -228,6 +228,7 @@ in { msmtp mutt pkgs.notmuch + pkgs.muchsync pkgs.haskellPackages.much tag-new-mails tag-old-mails -- cgit v1.2.3 From 2c0e039dbdb39fffb63f6e6ccbff247902fa7e8d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:23:29 +0200 Subject: l reaktor-coders: match scripts at the beginning of line --- lass/2configs/reaktor-coders.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 4baec197..7fd6a2a2 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -29,7 +29,7 @@ in { hooks.url-title { activate = "match"; - pattern = ''@([^ ]+) (.*)$''; + pattern = ''^@([^ ]+) (.*)$''; command = 1; arguments = [2]; env.HOME = config.krebs.reaktor2.coders.stateDir; @@ -66,7 +66,7 @@ in { } { activate = "match"; - pattern = ''!([^ ]+)(?:\s*(.*))?''; + pattern = ''^!([^ ]+)(?:\s*(.*))?''; command = 1; arguments = [2]; commands = { -- cgit v1.2.3 From f17a481e92fd54ef95f57b2e9ba635a0ede72d8c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:24:16 +0200 Subject: l domsen: fix backups --- lass/2configs/websites/domsen.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 7fb24813..ff3506f8 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -234,11 +234,13 @@ in { createHome = true; }; + krebs.on-failure.plans.restic-backups-domsen = {}; services.restic.backups.domsen = { initialize = true; - extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString + "/ssh.id_ed25519"} -s sftp'" ]; + extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -S none -v -p 52222 -i ${toString + "/ssh.id_ed25519"} -s sftp'" ]; repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; passwordFile = toString + "/domsen_backup_pw"; + timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; paths = [ "/srv/http" "/home/domsen/Mail" -- cgit v1.2.3 From 54f1febc184297a8bfa4df8ca6c954b4cb0083bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:24:41 +0200 Subject: l domsen: add https mode for nextcloud --- lass/2configs/websites/domsen.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index ff3506f8..b5848477 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -94,7 +94,7 @@ in { config = { adminpassFile = toString + "/nextcloud_pw"; }; - #https = true; + https = true; nginx.enable = true; }; services.nginx.virtualHosts."o.xanf.org" = { -- cgit v1.2.3 From 81879b0df8e9f1e8910013e251af81db4dd1c37b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:25:07 +0200 Subject: l wine: remove unneeded infos --- lass/2configs/wine.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 71a5cdda..02d7ffc8 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -6,8 +6,6 @@ let in { users.users= { wine = { - name = "wine"; - description = "user for running wine"; home = "/home/wine"; useDefaultShell = true; extraGroups = [ -- cgit v1.2.3 From 162b965b6bc98381a0e87f72eca491ff2dd2b53d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:25:33 +0200 Subject: l zsh: fix SHARE_HISTORY --- lass/2configs/zsh.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 76cac9f5..53106b03 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -28,8 +28,8 @@ } zle -N down-line-or-local-history - setopt share_history - setopt hist_ignore_dups + setopt SHARE_HISTORY + setopt HIST_IGNORE_ALL_DUPS # setopt inc_append_history bindkey '^R' history-incremental-search-backward -- cgit v1.2.3