summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2022-12-06 01:33:28 +0100
committertv <tv@krebsco.de>2022-12-06 01:33:28 +0100
commit2f17a36ab546bc1271649ce03504a6d4db0738e9 (patch)
tree973b884a257bd336db954a709996e2fe3ca24503
parent426d6e2e5cdbe52cf776400cec85036f4cb86b79 (diff)
parent645c3564f75589531abcf17fd3c3f920d93a394a (diff)
Merge remote-tracking branch 'prism/master'
-rw-r--r--kartei/kmein/default.nix22
-rw-r--r--kartei/lass/default.nix11
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/2configs/mastodon-proxy.nix24
-rw-r--r--krebs/2configs/mastodon.nix40
-rw-r--r--lass/1systems/prism/config.nix1
-rw-r--r--lass/2configs/xmonad.nix9
7 files changed, 102 insertions, 6 deletions
diff --git a/kartei/kmein/default.nix b/kartei/kmein/default.nix
index 8e9e108e6..39125e35c 100644
--- a/kartei/kmein/default.nix
+++ b/kartei/kmein/default.nix
@@ -138,6 +138,28 @@ in
wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ=";
};
};
+ tabula = {
+ nets.retiolum = {
+ ip4.addr = "10.243.2.78";
+ aliases = [ "tabula.r" "tabula.kmein.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA4cdFDoKRA9t+r686w6gH1u4UjEQJBmhsf3tkPEkv7nyVr4ahcZQk
+ rQwlhNRJwv0wekwO0qG19VoAmBkVMzYu5JWn9WeYfIEUtP3ndPa7tqWQ4qIkYh8q
+ 4KQ03Y3CZav5ClK9rLO7gj+dsP+BhVdqhte4pJANs4CyglYkyu6p0P4+R2P0tfcq
+ LTl8RB+SXuafqzhoQD+yhhA1HR8O1o9gHJjKiEVrSLwSFfD8WWH55yeWzIYAbuv8
+ 8a5VzhS5zvDYUFTP1WUPTeGlKsJdslSZqsrZmBDpkh1iEpRzQUnwQNMJ/uGXIldE
+ 3FKKoL9LKlvr1Iz9IcuxO4QLk+DoC8+Jc7yQrwIiQQCwAfwdyY6KcRDAqna1WZRd
+ MFRvPd6y1BmLVJMG43VpWm5POE9Gw5nj5IzSNAFshoNljf246y2+wf8EtULqtrJD
+ DMckquiYRnzQPco9PgjLfH/6SnlB/oXhvT4+rB4KceSoFKOLWq1pFogDGDy0xyB0
+ ufkPsXiYE2KRnkozDJWlKSqrkM3GSR2lTM5cAmLh8VzxkI6LeJu8/6qxFa6J6tn4
+ +kH8yjbcLqjmuUykfOZ2eL4GniaFexDvZcGgLD1I5f1ylEmSuU6boyx83WkCH7NH
+ 1cmaBDQsy4x0gMUYlLDVDW7X2PECoq5mQ61FHBNkdNOujOM/JPnYf4UCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "eZsnMScJdH5k/W3Y5fILnz5Kc01R+dRzjjE/cnu96VF";
+ };
+ };
tahina = {
nets.retiolum = {
ip4.addr = "10.243.2.74";
diff --git a/kartei/lass/default.nix b/kartei/lass/default.nix
index c995d8b8c..e17e000dd 100644
--- a/kartei/lass/default.nix
+++ b/kartei/lass/default.nix
@@ -59,11 +59,12 @@ in {
cores = 4;
extraZones = {
"krebsco.de" = ''
- cache IN A ${nets.internet.ip4.addr}
- p IN A ${nets.internet.ip4.addr}
- c IN A ${nets.internet.ip4.addr}
- paste IN A ${nets.internet.ip4.addr}
- prism IN A ${nets.internet.ip4.addr}
+ cache 60 IN A ${nets.internet.ip4.addr}
+ p 60 IN A ${nets.internet.ip4.addr}
+ c 60 IN A ${nets.internet.ip4.addr}
+ paste 60 IN A ${nets.internet.ip4.addr}
+ prism 60 IN A ${nets.internet.ip4.addr}
+ social 60 IN A ${nets.internet.ip4.addr}
'';
"lassul.us" = ''
$TTL 3600
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 02749dafe..a34df4bdc 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -14,6 +14,7 @@
<stockholm/krebs/2configs/mud.nix>
<stockholm/krebs/2configs/cal.nix>
+ <stockholm/krebs/2configs/mastodon.nix>
## shackie irc bot
<stockholm/krebs/2configs/shack/reaktor.nix>
diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix
new file mode 100644
index 000000000..4d359c3fe
--- /dev/null
+++ b/krebs/2configs/mastodon-proxy.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+{
+ services.nginx = {
+ enable = true;
+ virtualHosts."social.krebsco.de" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ # TODO use this in 22.11
+ # recommendedProxySettings = true;
+ proxyPass = "http://hotdog.r";
+ proxyWebsockets = true;
+ extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Server $host;
+ '';
+ };
+ };
+ };
+}
diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix
new file mode 100644
index 000000000..d0c1943cc
--- /dev/null
+++ b/krebs/2configs/mastodon.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+{
+ services.postgresql = {
+ enable = true;
+ dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
+ package = pkgs.postgresql_11;
+ };
+ systemd.tmpfiles.rules = [
+ "d /var/state/postgresql 0700 postgres postgres -"
+ ];
+
+ services.mastodon = {
+ enable = true;
+ localDomain = "social.krebsco.de";
+ configureNginx = true;
+ trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr;
+ smtp.createLocally = false;
+ smtp.fromAddress = "mastodon@social.krebsco.de";
+ };
+
+ services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
+ forceSSL = lib.mkForce false;
+ enableACME = lib.mkForce false;
+ locations."@proxy".extraConfig = ''
+ proxy_redirect off;
+ proxy_pass_header Server;
+ proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+ '';
+ };
+
+ networking.firewall.allowedTCPPorts = [
+ 80
+ ];
+
+ environment.systemPackages = [
+ (pkgs.writers.writeDashBin "tootctl" ''
+ sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@"
+ '')
+ ];
+}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 7bffc39aa..75f84bca9 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -111,6 +111,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/jitsi.nix>
<stockholm/lass/2configs/fysiirc.nix>
<stockholm/lass/2configs/bgt-bot>
+ <stockholm/krebs/2configs/mastodon-proxy.nix>
{
services.tor = {
enable = true;
diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix
index 05d719b8f..8784da379 100644
--- a/lass/2configs/xmonad.nix
+++ b/lass/2configs/xmonad.nix
@@ -151,7 +151,14 @@ myKeyMap =
, ("M4-S-q", return ())
- , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
+ , ("M4-d", floatNext True >> spawn "${pkgs.writers.writeDash "clipmenu" ''
+ PATH=${lib.makeBinPath [
+ pkgs.coreutils
+ pkgs.gawk
+ pkgs.dmenu
+ ]}
+ ${pkgs.clipmenu}/bin/clipmenu
+ ''}")
, ("M4-<F2>", windows copyToAll)