summaryrefslogtreecommitdiffstats
path: root/lass/1systems/green/config.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2022-12-12 19:44:00 +0100
committermakefu <github@syntax-fehler.de>2022-12-12 19:44:00 +0100
commit6eb5e44b7e5bdc8b1b3b5ffe40c146841f7afd10 (patch)
treef706bf7c3c7a289f680ac329caa2b578e5145a56 /lass/1systems/green/config.nix
parent96e934dc8a353cff91ef824f6a125ed49996d058 (diff)
parent3884243448869bdf09f6434b385e532c7c26ae88 (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/1systems/green/config.nix')
-rw-r--r--lass/1systems/green/config.nix97
1 files changed, 38 insertions, 59 deletions
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
index 5cf7d9242..4c98091f1 100644
--- a/lass/1systems/green/config.nix
+++ b/lass/1systems/green/config.nix
@@ -11,78 +11,50 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/sync/sync.nix>
<stockholm/lass/2configs/sync/decsync.nix>
- <stockholm/lass/2configs/sync/weechat.nix>
+ <stockholm/lass/2configs/weechat.nix>
<stockholm/lass/2configs/bitlbee.nix>
- <stockholm/lass/2configs/IM.nix>
+
<stockholm/lass/2configs/muchsync.nix>
<stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/git-brain.nix>
+ <stockholm/lass/2configs/et-server.nix>
+ <stockholm/lass/2configs/consul.nix>
+
+ <stockholm/lass/2configs/atuin-server.nix>
];
krebs.build.host = config.krebs.hosts.green;
- users.users.mainUser.openssh.authorizedKeys.keys = [
- config.krebs.users.lass-android.pubkey
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rn3003CkJMk3jZrh/3MC6nVorHRymlFSI4x1brCKY" # weechat ssh tunnel
- ];
-
- krebs.bindfs = {
- "/home/lass/.weechat" = {
- source = "/var/state/lass_weechat";
- options = [
- "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}"
- "--create-for-user=${toString config.users.users.syncthing.uid}"
- ];
- };
- "/home/lass/Maildir" = {
- source = "/var/state/lass_mail";
- options = [
- "-M ${toString config.users.users.mainUser.uid}"
- ];
- };
- "/var/lib/bitlbee" = {
- source = "/var/state/bitlbee";
- options = [
- "-M ${toString config.users.users.bitlbee.uid}"
- ];
- clearTarget = true;
- };
- "/home/lass/.ssh" = {
- source = "/var/state/lass_ssh";
- options = [
- "-M ${toString config.users.users.mainUser.uid}"
- ];
- clearTarget = true;
- };
- "/home/lass/.gnupg" = {
- source = "/var/state/lass_gnupg";
- options = [
- "-M ${toString config.users.users.mainUser.uid}"
- ];
- clearTarget = true;
- };
- "/var/lib/git" = {
- source = "/var/state/git";
- options = [
- "-M ${toString config.users.users.git.uid}"
- ];
- clearTarget = true;
- };
+ lass.sync-containers3.inContainer = {
+ enable = true;
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlUMf943qEQG64ob81p6dgoHq4jUjq7tSvmSdEOEU2y";
};
- systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" ''
- sleep 1
- mkdir -p /home/lass/notmuch
- chown lass: /home/lass/notmuch
- ln -sfTr /home/lass/notmuch /home/lass/Maildir/.notmuch
+ systemd.tmpfiles.rules = [
+ "d /home/lass/.local/share 0700 lass users -"
+ "d /home/lass/.local 0700 lass users -"
- mkdir -p /home/lass/notmuch/muchsync
- chown lass: /home/lass/notmuch/muchsync
- mkdir -p /home/lass/Maildir/.muchsync
- ln -sfTr /home/lass/Maildir/.muchsync /home/lass/notmuch/muchsync/tmp
- '';
+ "d /var/state/lass_mail 0700 lass users -"
+ "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail"
+
+ "d /var/state/lass_ssh 0700 lass users -"
+ "L+ /home/lass/.ssh - - - - ../../var/state/lass_ssh"
+ "d /var/state/lass_gpg 0700 lass users -"
+ "L+ /home/lass/.gnupg - - - - ../../var/state/lass_gpg"
+ "d /var/state/lass_sync 0700 lass users -"
+ "L+ /home/lass/sync - - - - ../../var/state/lass_sync"
+
+ "d /var/state/git 0700 git nogroup -"
+ "L+ /var/lib/git - - - - ../../var/state/git"
+ ];
+
+ users.users.mainUser.openssh.authorizedKeys.keys = [
+ config.krebs.users.lass-android.pubkey
+ config.krebs.users.lass-tablet.pubkey
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKgpZwye6yavIs3gUIYvSi70spDa0apL2yHR0ASW74z8" # weechat ssh tunnel
+ ];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; }
@@ -93,4 +65,11 @@ with import <stockholm/lib>;
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
'';
+
+ services.dovecot2 = {
+ enable = true;
+ mailLocation = "maildir:~/Maildir";
+ };
+
+ networking.firewall.allowedTCPPorts = [ 143 ];
}