diff options
author | tv <tv@krebsco.de> | 2019-01-16 11:20:14 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2019-01-16 11:20:14 +0100 |
commit | 6cef97deb3a96731a4737f05513e2e5855f60685 (patch) | |
tree | c21b0eef944b80adecb7d95aa79ba4a475ef6dd1 /lass/1systems | |
parent | 2d2ab95f0707209c4c248d43cb57877a50a37991 (diff) | |
parent | a1d9c22bbd8eff9198f378e9007ddf4cb9ee2e5c (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/1systems')
-rw-r--r-- | lass/1systems/blue/source.nix | 15 | ||||
-rw-r--r-- | lass/1systems/daedalus/config.nix | 4 | ||||
-rw-r--r-- | lass/1systems/mors/config.nix | 2 | ||||
-rw-r--r-- | lass/1systems/prism/config.nix | 31 | ||||
-rw-r--r-- | lass/1systems/prism/physical.nix | 10 |
5 files changed, 53 insertions, 9 deletions
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index 8f748ab8f..a32c3a829 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,11 +1,14 @@ { lib, pkgs, ... }: { nixpkgs = lib.mkForce { - file = toString (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; - sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; - }); + derivation = '' + with import <nixpkgs> {}; + pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = "${(lib.importJSON ../../../krebs/nixpkgs.json).rev}"; + sha256 = "${(lib.importJSON ../../../krebs/nixpkgs.json).sha256}"; + } + ''; }; } diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 305b3f70e..e28fbf2f8 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -6,9 +6,8 @@ with import <stockholm/lib>; <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/games.nix> - <stockholm/lass/2configs/steam.nix> <stockholm/lass/2configs/backup.nix> + <stockholm/lass/2configs/nfs-dl.nix> { # bubsy config users.users.bubsy = { @@ -72,6 +71,7 @@ with import <stockholm/lib>; #remote control environment.systemPackages = with pkgs; [ x11vnc + torbrowser ]; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 46cdbbb66..b6565dc6a 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -35,6 +35,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/print.nix> <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/network-manager.nix> + <stockholm/lass/2configs/nfs-dl.nix> { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain @@ -147,6 +148,7 @@ with import <stockholm/lib>; OnCalendar = "00:37"; }; + nixpkgs.config.android_sdk.accept_license = true; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 6c454b4ac..df2778bef 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -82,6 +82,13 @@ with import <stockholm/lib>; ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ]; }; + users.users.kmein = { + uid = genid_uint31 "kmein"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.kmein.pubkey + ]; + }; } { #hotdog @@ -309,7 +316,7 @@ with import <stockholm/lib>; { precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.POSTROUTING.rules = [ - { v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; } + { v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; } { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; } ]; services.dnsmasq = { @@ -390,6 +397,28 @@ with import <stockholm/lib>; ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || : chown download: /var/download/finished ''; + + fileSystems."/export/download" = { + device = "/var/lib/containers/yellow/var/download"; + options = [ "bind" ]; + }; + services.nfs.server = { + enable = true; + exports = '' + /export 42::/16(insecure,ro,crossmnt) + ''; + lockdPort = 4001; + mountdPort = 4002; + statdPort = 4000; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } + ]; } ]; diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 116bdb92f..a2b5efb29 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -40,6 +40,16 @@ fsType = "zfs"; }; + fileSystems."/var/lib/nextcloud" = { + device = "tank/nextcloud"; + fsType = "zfs"; + }; + + fileSystems."/var/lib/libvirt" = { + device = "tank/libvirt"; + fsType = "zfs"; + }; + nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; |