From 1320d41152289b2a8dc1e931604844116b7cc503 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 15 Aug 2021 17:54:47 +0200 Subject: l yellow.r: rotate ovpn --- lass/1systems/yellow/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 178a5adf1..dc3b4b566 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -164,7 +164,7 @@ with import ; client dev tun proto udp - remote 91.207.172.77 1194 + remote 196.240.57.43 1194 resolv-retry infinite remote-random nobind -- cgit v1.2.3 From 0d84e80619bee56591ac96ca1891169d4cbcd8a1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 15 Aug 2021 18:49:23 +0200 Subject: l: add flix.r alias --- lass/1systems/prism/config.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 89a386139..bc3807545 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -305,6 +305,12 @@ with import ; localAddress = "10.233.2.14"; }; + services.nginx.virtualHosts."flix.r" = { + locations."/".extraConfig = '' + proxy_pass http://10.233.2.14:80/; + proxy_set_header Accept-Encoding ""; + ''; + }; services.nginx.virtualHosts."lassul.us" = { locations."^~ /flix/".extraConfig = '' if ($scheme != "https") { -- cgit v1.2.3 From 8f6dec66dcc7a9b7e88c8604653a61783d91d632 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 19 Aug 2021 22:49:09 +0200 Subject: mic92: add samba to prism --- lass/1systems/prism/config.nix | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index bc3807545..1ef4637e3 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -385,7 +385,44 @@ with import ; mountdPort = 4002; statdPort = 4000; }; + + services.samba = { + enable = true; + extraConfig = '' + workgroup = WORKGROUP + netbios name = PRISM + server string = PRISM + hosts allow = 42::/16 + map to guest = Bad User + max log size = 50 + dns proxy = no + security = user + + [global] + syslog only = yes + ''; + shares.public = { + comment = "Warez"; + path = "/export"; + public = "yes"; + "only guest" = "yes"; + "create mask" = "0644"; + "directory mask" = "2777"; + writable = "no"; + printable = "no"; + }; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + # netbios + { predicate = "-i retiolum -p tcp --dport 139"; target = "ACCEPT"; } + # smbd + { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } + # netbios-ns + { predicate = "-i retiolum -p udp --dport 137"; target = "ACCEPT"; } + # nmbd + { predicate = "-i retiolum -p udp --dport 138"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } -- cgit v1.2.3 From bb846b5ca921aa07ab85ef0a6258be96d475c78b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 25 Aug 2021 12:05:18 +0200 Subject: l prism.r: add c.r cyberlocker --- lass/2configs/paste.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'lass') diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index 0cf62ec0b..f0847f02a 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -2,6 +2,18 @@ with import ; { + services.nginx.virtualHosts.cyberlocker = { + serverAliases = [ "c.r" ]; + locations."/".extraConfig = '' + client_max_body_size 4G; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port}; + ''; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + ''; + }; services.nginx.virtualHosts.paste = { serverAliases = [ "p.r" ]; locations."/".extraConfig = '' @@ -58,6 +70,12 @@ with import ; (. ${pkgs.htgen-imgur}/bin/htgen-imgur) ''; }; + krebs.htgen.cyberlocker = { + port = 7772; + script = /* sh */ '' + (. ${pkgs.htgen-cyberlocker}/bin/htgen-cyberlocker) + ''; + }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";} ]; -- cgit v1.2.3 From 33714185ea1331c2fb82a831eaa9900076028c2a Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 25 Aug 2021 12:05:35 +0200 Subject: l paste: allow CORS --- lass/2configs/paste.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lass') diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index f0847f02a..98ba7c731 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -31,6 +31,10 @@ with import ; proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port}; proxy_pass_header Server; ''; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + ''; }; services.nginx.virtualHosts."p.krebsco.de" = { enableACME = true; @@ -51,6 +55,10 @@ with import ; proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port}; proxy_pass_header Server; ''; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + ''; }; krebs.htgen.paste = { -- cgit v1.2.3 From 6db453c84d00b515abb36a784b0ba1f1e75011e0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 26 Aug 2021 09:58:42 +0200 Subject: l paste: add c.krebsco.de --- lass/2configs/paste.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'lass') diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index 98ba7c731..68a55c71c 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -36,6 +36,22 @@ with import ; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; ''; }; + services.nginx.virtualHosts."c.krebsco.de" = { + enableACME = true; + addSSL = true; + serverAliases = [ "c.krebsco.de" ]; + locations."/".extraConfig = '' + if ($request_method != GET) { + return 403; + } + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port}; + ''; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + ''; + }; services.nginx.virtualHosts."p.krebsco.de" = { enableACME = true; addSSL = true; -- cgit v1.2.3 From d2026d3f433c409c8a479f31848cc6c51c8d54c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 26 Aug 2021 20:13:36 +0200 Subject: mic92: allow ipv4 on prism/samba --- lass/1systems/prism/config.nix | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 1ef4637e3..cbaf127c8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -391,8 +391,9 @@ with import ; extraConfig = '' workgroup = WORKGROUP netbios name = PRISM - server string = PRISM - hosts allow = 42::/16 + server string = prism + hosts allow = 42::/16 10.243.0.0/16 + interfaces = tinc.retiolum map to guest = Bad User max log size = 50 dns proxy = no @@ -414,14 +415,8 @@ with import ; }; krebs.iptables.tables.filter.INPUT.rules = [ - # netbios - { predicate = "-i retiolum -p tcp --dport 139"; target = "ACCEPT"; } # smbd { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } - # netbios-ns - { predicate = "-i retiolum -p udp --dport 137"; target = "ACCEPT"; } - # nmbd - { predicate = "-i retiolum -p udp --dport 138"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } -- cgit v1.2.3 From 9e9d5d26d9e8ebe2b7c6308184c25c9de133714e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 26 Aug 2021 21:21:48 +0200 Subject: mic92: samba perf options --- lass/1systems/prism/config.nix | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index cbaf127c8..e3dba69e4 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -388,12 +388,37 @@ with import ; services.samba = { enable = true; + enableNmbd = false; extraConfig = '' workgroup = WORKGROUP netbios name = PRISM - server string = prism + server string = ${config.networking.hostName} + # only allow retiolum addresses hosts allow = 42::/16 10.243.0.0/16 + # Don't bind to the legacy 143 port + smb ports = 445 + # Bind only to allowed interfaces + bind interfaces only = true + # only bind to retiolum network interfaces = tinc.retiolum + + # Use sendfile() for performance gain + use sendfile = true + + # No NetBIOS is needed + disable netbios = true + + # Only mangle non-valid NTFS names, don't care about DOS support + mangled names = illegal + + # Performance optimizations + socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 + + # Disable all printing + load printers = false + disable spoolss = true + printcap name = /dev/null + map to guest = Bad User max log size = 50 dns proxy = no @@ -401,7 +426,7 @@ with import ; [global] syslog only = yes - ''; + ''; shares.public = { comment = "Warez"; path = "/export"; -- cgit v1.2.3 From 1c0af4687cc3499b7cb8ce0799a662e1ce00ae22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 26 Aug 2021 21:38:53 +0200 Subject: mic92: remove breaking samba optoins --- lass/1systems/prism/config.nix | 6 ------ 1 file changed, 6 deletions(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e3dba69e4..421afab2a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -395,12 +395,6 @@ with import ; server string = ${config.networking.hostName} # only allow retiolum addresses hosts allow = 42::/16 10.243.0.0/16 - # Don't bind to the legacy 143 port - smb ports = 445 - # Bind only to allowed interfaces - bind interfaces only = true - # only bind to retiolum network - interfaces = tinc.retiolum # Use sendfile() for performance gain use sendfile = true -- cgit v1.2.3