summaryrefslogtreecommitdiffstats
path: root/lass/1systems
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2019-01-16 11:20:14 +0100
committertv <tv@krebsco.de>2019-01-16 11:20:14 +0100
commit6cef97deb3a96731a4737f05513e2e5855f60685 (patch)
treec21b0eef944b80adecb7d95aa79ba4a475ef6dd1 /lass/1systems
parent2d2ab95f0707209c4c248d43cb57877a50a37991 (diff)
parenta1d9c22bbd8eff9198f378e9007ddf4cb9ee2e5c (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/1systems')
-rw-r--r--lass/1systems/blue/source.nix15
-rw-r--r--lass/1systems/daedalus/config.nix4
-rw-r--r--lass/1systems/mors/config.nix2
-rw-r--r--lass/1systems/prism/config.nix31
-rw-r--r--lass/1systems/prism/physical.nix10
5 files changed, 53 insertions, 9 deletions
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index 8f748ab8f..a32c3a829 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -1,11 +1,14 @@
{ lib, pkgs, ... }:
{
nixpkgs = lib.mkForce {
- file = toString (pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
- sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
- });
+ derivation = ''
+ with import <nixpkgs> {};
+ pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}";
+ sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}";
+ }
+ '';
};
}
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index 305b3f70e..e28fbf2f8 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -6,9 +6,8 @@ with import <stockholm/lib>;
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/games.nix>
- <stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/backup.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
{
# bubsy config
users.users.bubsy = {
@@ -72,6 +71,7 @@ with import <stockholm/lib>;
#remote control
environment.systemPackages = with pkgs; [
x11vnc
+ torbrowser
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 46cdbbb66..b6565dc6a 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -35,6 +35,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/print.nix>
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain
@@ -147,6 +148,7 @@ with import <stockholm/lib>;
OnCalendar = "00:37";
};
+ nixpkgs.config.android_sdk.accept_license = true;
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true;
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 6c454b4ac..df2778bef 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -82,6 +82,13 @@ with import <stockholm/lib>;
];
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
};
+ users.users.kmein = {
+ uid = genid_uint31 "kmein";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.kmein.pubkey
+ ];
+ };
}
{
#hotdog
@@ -309,7 +316,7 @@ with import <stockholm/lib>;
{ precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
- { v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; }
+ { v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; }
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
];
services.dnsmasq = {
@@ -390,6 +397,28 @@ with import <stockholm/lib>;
ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
chown download: /var/download/finished
'';
+
+ fileSystems."/export/download" = {
+ device = "/var/lib/containers/yellow/var/download";
+ options = [ "bind" ];
+ };
+ services.nfs.server = {
+ enable = true;
+ exports = ''
+ /export 42::/16(insecure,ro,crossmnt)
+ '';
+ lockdPort = 4001;
+ mountdPort = 4002;
+ statdPort = 4000;
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
+ { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
+ ];
}
];
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 116bdb92f..a2b5efb29 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -40,6 +40,16 @@
fsType = "zfs";
};
+ fileSystems."/var/lib/nextcloud" = {
+ device = "tank/nextcloud";
+ fsType = "zfs";
+ };
+
+ fileSystems."/var/lib/libvirt" = {
+ device = "tank/libvirt";
+ fsType = "zfs";
+ };
+
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";