diff options
| author | makefu <github@syntax-fehler.de> | 2016-01-29 14:22:48 +0100 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2016-01-29 14:22:48 +0100 |
| commit | d3b4d17255899800ec013dfd57e8298a56c1771e (patch) | |
| tree | c55579165f71a552c29ce9b381a57d8a322bb2a0 | |
| parent | 19f599c559798bbc0969c4ff6c677db68a5cc557 (diff) | |
| parent | f6a3c1f3d6b013641b077baf8ddb3a78e75d8b95 (diff) | |
Merge branch 'master' of gum:stockholm into fix-certgum/fix-cert
| -rw-r--r-- | makefu/1systems/omo.nix | 44 | ||||
| -rw-r--r-- | makefu/2configs/urlwatch.nix | 1 |
2 files changed, 39 insertions, 6 deletions
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 552af4e4f..19183fea8 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -31,10 +31,45 @@ in { ../2configs/nginx/omo-share.nix ../3modules ]; + networking.firewall.trustedInterfaces = [ "enp3s0" ]; + # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net + # tcp:80 - nginx for sharing files + # tcp:655 udp:655 - tinc + # tcp:8080 - sabnzbd + networking.firewall.allowedUDPPorts = [ 655 ]; + networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; + # services.openssh.allowSFTP = false; - krebs.build.host = config.krebs.hosts.omo; krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; + # samba share /media/crypt1/share + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/var/empty"; + }; + services.samba = { + enable = true; + shares = { + winshare = { + path = "/media/crypt1/share"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; + # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/ services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; @@ -67,6 +102,7 @@ in { ${pkgs.hdparm}/sbin/hdparm -y ${disk} '') allDisks); + # crypto unlocking boot = { initrd.luks = { devices = let @@ -97,15 +133,11 @@ in { extraModulePackages = [ ]; }; - networking.firewall.allowedUDPPorts = [ 655 ]; - # 8080: sabnzbd - networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; - hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; zramSwap.enable = true; zramSwap.numDevices = 2; - + krebs.build.host = config.krebs.hosts.omo; } diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index a83279ba2..f869f5a78 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -29,6 +29,7 @@ https://pypi.python.org/simple/bepasty/ https://pypi.python.org/simple/xstatic/ http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ + http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ ]; }; } |