diff options
author | makefu <github@syntax-fehler.de> | 2022-12-12 19:44:00 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2022-12-12 19:44:00 +0100 |
commit | 6eb5e44b7e5bdc8b1b3b5ffe40c146841f7afd10 (patch) | |
tree | f706bf7c3c7a289f680ac329caa2b578e5145a56 /lass/1systems/green/config.nix | |
parent | 96e934dc8a353cff91ef824f6a125ed49996d058 (diff) | |
parent | 3884243448869bdf09f6434b385e532c7c26ae88 (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/1systems/green/config.nix')
-rw-r--r-- | lass/1systems/green/config.nix | 97 |
1 files changed, 38 insertions, 59 deletions
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 5cf7d9242..4c98091f1 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -11,78 +11,50 @@ with import <stockholm/lib>; <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/sync/sync.nix> <stockholm/lass/2configs/sync/decsync.nix> - <stockholm/lass/2configs/sync/weechat.nix> + <stockholm/lass/2configs/weechat.nix> <stockholm/lass/2configs/bitlbee.nix> - <stockholm/lass/2configs/IM.nix> + <stockholm/lass/2configs/muchsync.nix> <stockholm/lass/2configs/pass.nix> <stockholm/lass/2configs/git-brain.nix> + <stockholm/lass/2configs/et-server.nix> + <stockholm/lass/2configs/consul.nix> + + <stockholm/lass/2configs/atuin-server.nix> ]; krebs.build.host = config.krebs.hosts.green; - users.users.mainUser.openssh.authorizedKeys.keys = [ - config.krebs.users.lass-android.pubkey - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rn3003CkJMk3jZrh/3MC6nVorHRymlFSI4x1brCKY" # weechat ssh tunnel - ]; - - krebs.bindfs = { - "/home/lass/.weechat" = { - source = "/var/state/lass_weechat"; - options = [ - "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}" - "--create-for-user=${toString config.users.users.syncthing.uid}" - ]; - }; - "/home/lass/Maildir" = { - source = "/var/state/lass_mail"; - options = [ - "-M ${toString config.users.users.mainUser.uid}" - ]; - }; - "/var/lib/bitlbee" = { - source = "/var/state/bitlbee"; - options = [ - "-M ${toString config.users.users.bitlbee.uid}" - ]; - clearTarget = true; - }; - "/home/lass/.ssh" = { - source = "/var/state/lass_ssh"; - options = [ - "-M ${toString config.users.users.mainUser.uid}" - ]; - clearTarget = true; - }; - "/home/lass/.gnupg" = { - source = "/var/state/lass_gnupg"; - options = [ - "-M ${toString config.users.users.mainUser.uid}" - ]; - clearTarget = true; - }; - "/var/lib/git" = { - source = "/var/state/git"; - options = [ - "-M ${toString config.users.users.git.uid}" - ]; - clearTarget = true; - }; + lass.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlUMf943qEQG64ob81p6dgoHq4jUjq7tSvmSdEOEU2y"; }; - systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" '' - sleep 1 - mkdir -p /home/lass/notmuch - chown lass: /home/lass/notmuch - ln -sfTr /home/lass/notmuch /home/lass/Maildir/.notmuch + systemd.tmpfiles.rules = [ + "d /home/lass/.local/share 0700 lass users -" + "d /home/lass/.local 0700 lass users -" - mkdir -p /home/lass/notmuch/muchsync - chown lass: /home/lass/notmuch/muchsync - mkdir -p /home/lass/Maildir/.muchsync - ln -sfTr /home/lass/Maildir/.muchsync /home/lass/notmuch/muchsync/tmp - ''; + "d /var/state/lass_mail 0700 lass users -" + "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail" + + "d /var/state/lass_ssh 0700 lass users -" + "L+ /home/lass/.ssh - - - - ../../var/state/lass_ssh" + "d /var/state/lass_gpg 0700 lass users -" + "L+ /home/lass/.gnupg - - - - ../../var/state/lass_gpg" + "d /var/state/lass_sync 0700 lass users -" + "L+ /home/lass/sync - - - - ../../var/state/lass_sync" + + "d /var/state/git 0700 git nogroup -" + "L+ /var/lib/git - - - - ../../var/state/git" + ]; + + users.users.mainUser.openssh.authorizedKeys.keys = [ + config.krebs.users.lass-android.pubkey + config.krebs.users.lass-tablet.pubkey + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKgpZwye6yavIs3gUIYvSi70spDa0apL2yHR0ASW74z8" # weechat ssh tunnel + ]; krebs.iptables.tables.nat.PREROUTING.rules = [ { predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } @@ -93,4 +65,11 @@ with import <stockholm/lib>; HostKeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa ''; + + services.dovecot2 = { + enable = true; + mailLocation = "maildir:~/Maildir"; + }; + + networking.firewall.allowedTCPPorts = [ 143 ]; } |