diff options
author | jeschli <jeschli@gmail.com> | 2019-06-25 22:43:02 +0200 |
---|---|---|
committer | jeschli <jeschli@gmail.com> | 2019-06-25 22:43:02 +0200 |
commit | 1cfc265bbfa14b7d9fc6479bcd9cf541e7cdd5eb (patch) | |
tree | 18b95faba964f8072d23afcadcadda4f3eb276af /lass/1systems/prism/config.nix | |
parent | 8079877eee34d0a658e8419adfa8987e648388a8 (diff) | |
parent | 1d23dceb5d2c536790a00fcde30743b958f1018f (diff) |
Merge branch 'master' of prism.r:stockholm
Diffstat (limited to 'lass/1systems/prism/config.nix')
-rw-r--r-- | lass/1systems/prism/config.nix | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d7b0b701a..eec8e34b8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -195,6 +195,7 @@ with import <stockholm/lib>; }; } <stockholm/lass/2configs/minecraft.nix> + <stockholm/lass/2configs/codimd.nix> { services.taskserver = { enable = true; @@ -382,7 +383,7 @@ with import <stockholm/lib>; ''; fileSystems."/export/download" = { - device = "/var/lib/containers/yellow/var/download"; + device = "/var/lib/containers/yellow/var/download/finished"; options = [ "bind" ]; }; services.nfs.server = { @@ -395,6 +396,12 @@ with import <stockholm/lib>; statdPort = 4000; }; krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; } { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; } { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; } @@ -456,4 +463,10 @@ with import <stockholm/lib>; enable = true; freeMemThreshold = 5; }; + + # prism rsa hack + services.openssh.hostKeys = [{ + path = toString <secrets> + "ssh.id_rsa"; + type = "rsa"; + }]; } |