From 1f943991347be375cb29f764628999c184c064f9 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 23 Oct 2015 16:36:05 +0200
Subject: l 2 git: add kimsufi-check & realwallpaper

---
 lass/2configs/git.nix | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 2164b2e3..7e8fc03c 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -33,6 +33,8 @@ let
     web-routes-wai-custom = {};
     go = {};
     newsbot-js = {};
+    kimsufi-check = {};
+    realwallpaper = {};
   };
 
   restricted-repos = mapAttrs make-restricted-repo (
-- 
cgit v1.2.3


From beca36faf241f610b05379295801a102c696273d Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 23 Oct 2015 16:37:25 +0200
Subject: lass 2 base: nixpkgs rev 33bdc01 -> 0da65a5

---
 lass/2configs/base.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 6fa9c5b2..c4c817ab 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -50,7 +50,7 @@ with lib;
       source = {
         git.nixpkgs = {
           url = https://github.com/Lassulus/nixpkgs;
-          rev = "33bdc011f5360288cd10b9fda90da2950442b2ab";
+          rev = "0da65a5324b1e25d323f982bb0ef2c7fcab9f057";
         };
         dir.secrets = {
           host = config.krebs.hosts.mors;
-- 
cgit v1.2.3


From e6d08eeeb6e7737e8a2594efd579d40525fb21dc Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 24 Oct 2015 16:04:22 +0200
Subject: l 2 base: nixpkgs rev 0da65a5 -> 763ad33

---
 lass/2configs/base.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index c4c817ab..0685a85d 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -50,7 +50,7 @@ with lib;
       source = {
         git.nixpkgs = {
           url = https://github.com/Lassulus/nixpkgs;
-          rev = "0da65a5324b1e25d323f982bb0ef2c7fcab9f057";
+          rev = "763ad3372a9719f1187d800edbbb21a82180b143";
         };
         dir.secrets = {
           host = config.krebs.hosts.mors;
-- 
cgit v1.2.3


From ace11d79badafce313b17c968701739513e95982 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sun, 25 Oct 2015 21:13:45 +0100
Subject: l 2 base: nixpkgs 763ad33 -> 6d31e9b

---
 lass/2configs/base.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 0685a85d..fe6aa836 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -50,7 +50,7 @@ with lib;
       source = {
         git.nixpkgs = {
           url = https://github.com/Lassulus/nixpkgs;
-          rev = "763ad3372a9719f1187d800edbbb21a82180b143";
+          rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
         };
         dir.secrets = {
           host = config.krebs.hosts.mors;
-- 
cgit v1.2.3


From db889e085d8b4b15cab83116562085ab27bc0acb Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 30 Oct 2015 18:35:21 +0100
Subject: lass 2 base*: reorganize groups

---
 lass/2configs/base.nix  | 2 --
 lass/2configs/baseX.nix | 2 ++
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index fe6aa836..057af7bc 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -27,8 +27,6 @@ with lib;
           createHome = true;
           useDefaultShell = true;
           extraGroups = [
-            "audio"
-            "wheel"
           ];
           openssh.authorizedKeys.keys = map readFile [
             ../../krebs/Zpubkeys/lass.ssh.pub
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 1f5c3de5..3be3676a 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -8,6 +8,8 @@ in {
     ./urxvt.nix
   ];
 
+  users.extraUsers.mainUser.extraGroups = [ "audio" ];
+
   time.timeZone = "Europe/Berlin";
 
   virtualisation.libvirtd.enable = true;
-- 
cgit v1.2.3


From 6bf12a65f534103771f51e74b7d750dd1ce42d29 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 31 Oct 2015 00:10:43 +0100
Subject: l 2 downloading: allow login via ssh

---
 lass/2configs/downloading.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 5052da5c..b8b20d0e 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -1,5 +1,6 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
+with lib;
 {
   imports = [
     ../3modules/folderPerms.nix
@@ -10,9 +11,13 @@
       name = "download";
       home = "/var/download";
       createHome = true;
+      useDefaultShell = true;
       extraGroups = [
         "download"
       ];
+      openssh.authorizedKeys.keys = map readFile [
+        ../../krebs/Zpubkeys/lass.ssh.pub
+      ];
     };
 
     transmission = {
-- 
cgit v1.2.3


From 7fc5c721f41869bf45a2da776db63950f905b7a0 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 31 Oct 2015 00:11:45 +0100
Subject: l 2 downloading: open ports for transmission

---
 lass/2configs/downloading.nix | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index b8b20d0e..553a3a55 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -48,6 +48,7 @@ with lib;
       rpc-username = "download";
       #add rpc-password in secrets
       rpc-password = "test123";
+      peer-port = 51413;
     };
   };
 
@@ -55,6 +56,8 @@ with lib;
     enable = true;
     tables.filter.INPUT.rules = [
       { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
+      { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
+      { predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
     ];
   };
 
-- 
cgit v1.2.3


From 611f8ef25b4c3984f2f7de7362c4869d1f2f124f Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 31 Oct 2015 00:12:15 +0100
Subject: l 2 retiolum: connect to prism instead of fastpoke

---
 lass/2configs/retiolum.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index 7f0bcc5e..d26a2f4c 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -16,7 +16,7 @@
     enable = true;
     hosts = ../../krebs/Zhosts;
     connectTo = [
-      "fastpoke"
+      "prism"
       "cloudkrebs"
       "echelon"
       "pigstarter"
-- 
cgit v1.2.3


From 10fc9eb4ee5151bee86026cd81a73d333551b612 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 31 Oct 2015 15:09:43 +0100
Subject: l 2: get ssh-keys via api

---
 lass/2configs/base.nix        | 8 ++++----
 lass/2configs/downloading.nix | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 057af7bc..11bc4f08 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -15,8 +15,8 @@ with lib;
     {
       users.extraUsers = {
         root = {
-          openssh.authorizedKeys.keys = map readFile [
-            ../../krebs/Zpubkeys/lass.ssh.pub
+          openssh.authorizedKeys.keys = [
+            config.krebs.users.lass.pubkey
           ];
         };
         mainUser = {
@@ -28,8 +28,8 @@ with lib;
           useDefaultShell = true;
           extraGroups = [
           ];
-          openssh.authorizedKeys.keys = map readFile [
-            ../../krebs/Zpubkeys/lass.ssh.pub
+          openssh.authorizedKeys.keys = [
+            config.krebs.users.lass.pubkey
           ];
         };
       };
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 553a3a55..b9f3449e 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -15,8 +15,8 @@ with lib;
       extraGroups = [
         "download"
       ];
-      openssh.authorizedKeys.keys = map readFile [
-        ../../krebs/Zpubkeys/lass.ssh.pub
+      openssh.authorizedKeys.keys = [
+        config.krebs.users.lass.pubkey
       ];
     };
 
-- 
cgit v1.2.3


From e8d41346d34cf24652e8e77fab6bb0a0dd86a199 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 31 Oct 2015 15:11:15 +0100
Subject: l 2 downloading: get rpc-password from secrets

---
 lass/2configs/downloading.nix | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index b9f3449e..e80b7400 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -1,7 +1,10 @@
 { config, lib, pkgs, ... }:
 
 with lib;
-{
+
+let
+  rpc-password = import <secrets/transmission-pw.nix>;
+in {
   imports = [
     ../3modules/folderPerms.nix
   ];
@@ -46,8 +49,7 @@ with lib;
       rpc-authentication-required = true;
       rpc-whitelist-enabled = false;
       rpc-username = "download";
-      #add rpc-password in secrets
-      rpc-password = "test123";
+      inherit rpc-password;
       peer-port = 51413;
     };
   };
-- 
cgit v1.2.3


From f18a958ce57d2a91af9ba547cbf8cb21e19b99f8 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sun, 1 Nov 2015 19:57:05 +0100
Subject: l 2: add ts3.nix

---
 lass/2configs/ts3.nix | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 lass/2configs/ts3.nix

(limited to 'lass/2configs')

diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix
new file mode 100644
index 00000000..5b92d091
--- /dev/null
+++ b/lass/2configs/ts3.nix
@@ -0,0 +1,19 @@
+{ config, ... }:
+
+{
+  services.teamspeak3 = {
+    enable = true;
+  };
+
+  krebs.iptables.tables.filter.INPUT.rules = [
+    #voice port
+    { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; }
+    { predicate = "-p udp --dport 9987"; target = "ACCEPT"; }
+    ##file transfer port
+    #{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; }
+    #{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; }
+    ##query port
+    #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; }
+    #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; }
+  ];
+}
-- 
cgit v1.2.3