From c40c6ead1ec8f632ea85c788a4009d6aad646dbf Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 18 Sep 2017 00:04:06 +0200 Subject: l websites lassul.us: use enableACME --- lass/2configs/websites/lassulus.nix | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 93b817c3..d37dd530 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -14,14 +14,6 @@ in { security.acme = { certs."lassul.us" = { - email = "lass@lassul.us"; - webroot = "/var/lib/acme/acme-challenges"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - "full.pem" - ]; allowKeysForGroup = true; group = "lasscert"; }; @@ -71,13 +63,11 @@ in { ]; services.nginx.virtualHosts."lassul.us" = { + enableACME = true; serverAliases = [ "lassul.us" ]; locations."/".extraConfig = '' root /srv/http/lassul.us; ''; - locations."/.well-known/acme-challenge".extraConfig = '' - root /var/lib/acme/challenges/lassul.us/; - ''; locations."= /retiolum-hosts.tar.bz2".extraConfig = '' alias ${config.krebs.tinc.retiolum.hostsArchive}; ''; -- cgit v1.2.3 From 7e30bd3d1c9ebd7aefde3b00f086806b7a2b287e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 18 Sep 2017 15:04:25 +0200 Subject: l vim: fetchgit -> fetchFromGitHub we need this to clone git repos when our key is not authenticated to github.com --- lass/2configs/vim.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 29800dbe..7f36fcd9 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -106,9 +106,10 @@ let pkgs.vimPlugins.undotree (pkgs.vimUtils.buildVimPlugin { name = "file-line-1.0"; - src = pkgs.fetchgit { - url = git://github.com/bogado/file-line; - rev = "refs/tags/1.0"; + src = pkgs.fetchFromGitHub { + owner = "bogado"; + repo = "file-line"; + rev = "1.0"; sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; }; }) -- cgit v1.2.3 From ca89d9a176cdbda04bacecf809bf2346a615891e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 11:42:50 +0200 Subject: l git: use repo.admins --- lass/2configs/git.nix | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 7bce93ae..3991acad 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -14,7 +14,7 @@ let root-desc = "keep calm and engage"; }; }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + repos = repos; rules = rules; }; @@ -87,8 +87,8 @@ let public = true; }; - make-restricted-repo = name: { collaborators ? [], announce ? false, hooks ? {}, ... }: { - inherit collaborators name; + make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? false, hooks ? {}, ... }: { + inherit admins collaborators name; public = false; hooks = optionalAttrs announce { post-receive = pkgs.git-hooks.irc-announce { @@ -111,15 +111,20 @@ let repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ - optional repo.public { - user = attrValues config.krebs.users; + optional (length (repo.admins or []) > 0) { + user = repo.admins; repo = [ repo ]; - perm = fetch; + perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ optional (length (repo.collaborators or []) > 0) { user = repo.collaborators; repo = [ repo ]; perm = fetch; + } ++ + optional repo.public { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; }; in out -- cgit v1.2.3 From 79c5b963555dd617d88584cb5250f9744ff2a402 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 11:45:33 +0200 Subject: l: use the same font everywhere --- lass/2configs/baseX.nix | 6 ++++++ lass/2configs/xresources.nix | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 3a99e65a..0e0273dc 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -27,6 +27,12 @@ in { lass ALL= (root) NOPASSWD:SETENV: ${pkgs.sshuttle}/bin/.sshuttle-wrapped ''; } + { #font magic + options.lass.myFont = mkOption { + type = types.str; + default = "-schumacher-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; + }; + } ]; users.extraUsers.mainUser.extraGroups = [ "audio" "video" ]; diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix index 2fbc3167..adbcd353 100644 --- a/lass/2configs/xresources.nix +++ b/lass/2configs/xresources.nix @@ -8,8 +8,8 @@ let URxvt*scrollBar: false URxvt*urgentOnBell: true URxvt*SaveLines: 4096 - URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 - URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 + URxvt*font: ${config.lass.myFont} + URxvt*boldFont: ${config.lass.myFont} ! ref https://github.com/muennich/urxvt-perls URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl -- cgit v1.2.3 From 2d1160c0623461ea94d2f573d114909b64ab2b4d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 11:51:22 +0200 Subject: l retiolum: open configured tinc port --- lass/2configs/retiolum.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index e7779f53..fb76c573 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -1,12 +1,14 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { krebs.iptables = { tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } - { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } + filter.INPUT.rules = let + tincport = toString config.krebs.build.host.nets.retiolum.tinc.port; + in [ + { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; } + { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; } ]; }; }; -- cgit v1.2.3 From 24a130424d69f271f8c2b975a623066c8dd3d42d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 20:15:36 +0200 Subject: l: add raf@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index a70d5882..c9d7a369 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -42,6 +42,7 @@ with import ; { from = "securityfocus@lassul.us"; to = lass.mail; } { from = "radio@lassul.us"; to = lass.mail; } { from = "btce@lassul.us"; to = lass.mail; } + { from = "raf@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From 0e11d7af9981c0b24f52c9d15b8b107a8d78b17f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 20:24:32 +0200 Subject: l websites lassulus: serveBB --- lass/2configs/websites/lassulus.nix | 56 +++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index d37dd530..17c39a5f 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -6,10 +6,66 @@ let genid ; + servephpBB = domains: + let + domain = head domains; + + in { + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + serverAliases = domains; + extraConfig = '' + index index.php; + root /srv/http/${domain}/; + access_log /tmp/nginx_acc.log; + error_log /tmp/nginx_err.log; + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + client_max_body_size 100m; + ''; + locations."/".extraConfig = '' + try_files $uri $uri/ /index.php?$args; + ''; + locations."~ \.php(?:$|/)".extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; + fastcgi_intercept_errors on; + ''; + #Directives to send expires headers and turn off 404 error logging. + locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = '' + access_log off; + log_not_found off; + expires max; + ''; + }; + services.phpfpm.poolConfigs."${domain}" = '' + listen = /srv/http/${domain}/phpfpm.pool + user = nginx + group = nginx + pm = dynamic + pm.max_children = 25 + pm.start_servers = 5 + pm.min_spare_servers = 3 + pm.max_spare_servers = 20 + listen.owner = nginx + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; + in { imports = [ ./default.nix ../git.nix + (servephpBB [ "rote-allez-fraktion.de" ]) ]; security.acme = { -- cgit v1.2.3 From 124a6a9a9ad29bf8b972cfc5c34ae6b8e0ce5c70 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 20 Sep 2017 18:16:56 +0200 Subject: l: add termite keybinding --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 0e0273dc..f6390ce4 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -79,6 +79,7 @@ in { youtube-tools rxvt_unicode + termite ]; fonts.fonts = [ -- cgit v1.2.3