From 5c1e92aaf6fc0a3882207a5cb3ff03b7aeab04d6 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:33:33 +0200 Subject: ma gum.r: manage less services --- makefu/1systems/gum/config.nix | 69 +++++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 34 deletions(-) (limited to 'makefu/1systems/gum/config.nix') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 36af23bb..75b0680b 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -8,11 +8,23 @@ in { imports = [ ./hardware-config.nix + { + users.users.lass = { + uid = 9002; + isNormalUser = true; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + makefu.pubkey + ]; + }; + } # - + # # @@ -42,23 +54,24 @@ in { # buildbot + ## Web - - - - - - # - - - - - + # + # + # + # + # + ## + # + # + # + + # # - - - + # + # + # { services.taskserver.enable = true; @@ -71,11 +84,11 @@ in { ''; } # - + # # - + # @@ -98,10 +111,6 @@ in { # }; #} - { # iperf3 - networking.firewall.allowedUDPPorts = [ 5201 ]; - networking.firewall.allowedTCPPorts = [ 5201 ]; - } ]; makefu.dl-dir = "/var/download"; @@ -133,20 +142,12 @@ in { makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; }; - # Chat - environment.systemPackages = with pkgs;[ - weechat - bepasty-client-cli - get - tmux - ]; - # Network networking = { firewall = { - allowPing = true; - logRefusedConnections = false; - allowedTCPPorts = [ + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ # smtp 25 # http @@ -174,9 +175,9 @@ in { # tinc-shack 21032 ]; + }; + nameservers = [ "8.8.8.8" ]; }; - nameservers = [ "8.8.8.8" ]; - }; users.users.makefu.extraGroups = [ "download" "nginx" ]; boot.tmpOnTmpfs = true; } -- cgit v1.2.3 From ea3afff61105fd32be1ea658460329aecf061eec Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Nov 2018 13:50:22 +0100 Subject: ma gum: prepare replacement by nextgum --- makefu/1systems/gum/config.nix | 23 ----------------------- 1 file changed, 23 deletions(-) (limited to 'makefu/1systems/gum/config.nix') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 75b0680b..af2e6f6b 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -8,18 +8,6 @@ in { imports = [ ./hardware-config.nix - { - users.users.lass = { - uid = 9002; - isNormalUser = true; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - makefu.pubkey - ]; - }; - } # @@ -73,16 +61,6 @@ in { # # - { - services.taskserver.enable = true; - services.taskserver.fqdn = config.krebs.build.host.name; - services.taskserver.listenHost = "::"; - services.taskserver.organisations.home.users = [ "makefu" ]; - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ''; - } # # @@ -110,7 +88,6 @@ in { # locations."/".proxyPass = "http://localhost:5000"; # }; #} - ]; makefu.dl-dir = "/var/download"; -- cgit v1.2.3 From 72cd32c0bc7d66536e163b42a9404986e479c597 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Nov 2018 16:22:39 +0100 Subject: ma nextgum.r becomes gum.r --- makefu/1systems/gum/config.nix | 145 +++++++++++++++++++++++++---------------- 1 file changed, 90 insertions(+), 55 deletions(-) (limited to 'makefu/1systems/gum/config.nix') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index af2e6f6b..118b5b9d 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -8,16 +8,22 @@ in { imports = [ ./hardware-config.nix + ./transfer-config.nix + { + users.users.lass = { + uid = 9002; + isNormalUser = true; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + makefu.pubkey + ]; + }; + } # - - - # - # - - - # Security @@ -26,69 +32,90 @@ in { + + # + + # networking + + # + # + + # + + + # ci + # + + + + # services + + + + # sharing - # - - # + # + ## + # + { # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; + } + # - # network + ## network # + + + + - # buildbot - - - - ## Web + # Removed until move: no extra mails + + # Removed until move: avoid letsencrypt ban + ### Web # # - # - # - # + + + ## # # - # - - # - # - # - # - # - - # - # + + + + - # - - + + + + + # - # Temporary: + # sharing + + + + ## Temporary: # + - #{ - # services.dockerRegistry.enable = true; - # networking.firewall.allowedTCPPorts = [ 8443 ]; - - # services.nginx.virtualHosts."euer.krebsco.de" = { - # forceSSL = true; - # enableACME = true; - # extraConfig = '' - # client_max_body_size 1000M; - # ''; - # locations."/".proxyPass = "http://localhost:5000"; - # }; - #} - + # krebs infrastructure services + ]; makefu.dl-dir = "/var/download"; @@ -106,9 +133,7 @@ in { ListenAddress = ${external-ip} 21031 ''; connectTo = [ - "muhbaasu" "tahoe" "flap" "wry" - "ni" - "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs" + "prism" "ni" "enklave" "dishfire" "echelon" "hotdog" ]; }; @@ -119,12 +144,21 @@ in { makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; }; + # Chat + environment.systemPackages = with pkgs;[ + weechat + bepasty-client-cli + tmux + ]; + + # Hardware + # Network networking = { firewall = { - allowPing = true; - logRefusedConnections = false; - allowedTCPPorts = [ + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ # smtp 25 # http @@ -152,9 +186,10 @@ in { # tinc-shack 21032 ]; - }; - nameservers = [ "8.8.8.8" ]; }; + nameservers = [ "8.8.8.8" ]; + }; users.users.makefu.extraGroups = [ "download" "nginx" ]; boot.tmpOnTmpfs = true; + state = [ "/home/makefu/.weechat" ]; } -- cgit v1.2.3 From 8b57f04ff84b53742ef6a8a9677560745075ffb1 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Nov 2018 18:18:35 +0100 Subject: ma gum.r: bye transfer-config --- makefu/1systems/gum/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'makefu/1systems/gum/config.nix') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 118b5b9d..3d2cbac6 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -8,7 +8,6 @@ in { imports = [ ./hardware-config.nix - ./transfer-config.nix { users.users.lass = { uid = 9002; -- cgit v1.2.3