Merge remote-tracking branch 'prism/master'

author: tv <tv@krebsco.de> 2016-07-22 13:22:13 +0200
committer: tv <tv@krebsco.de> 2016-07-22 13:22:13 +0200
commit: 45c62ec4d3ec61ba593657676f5a09d47622564e (patch)
tree: 7937fbefaddc5e0168e44ab1d6e355c42192d7e8 /lass
parent: 8b58e6e6e25e38586f3cc8879aa0444d4fdf6f0d (diff)
parent: 0bd78c3b0de0fa79322e9031f45dcc62abd094d1 (diff)
11 files changed, 73 insertions, 38 deletions
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 77d72a5ac..1bc8d5744 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -226,7 +226,7 @@ in {
     {
       users.users.tv = {
         uid = genid "tv";
-        home = "/home/tv";
+        inherit (config.krebs.users.tv) home;
         group = "users";
         createHome = true;
         useDefaultShell = true;
diff --git a/lass/2configs/audit.nix b/lass/2configs/audit.nix
new file mode 100644
index 000000000..644741a5b
--- /dev/null
+++ b/lass/2configs/audit.nix
@@ -0,0 +1,9 @@
+{ ... }:
+
+{
+  security.audit = {
+    rules = [
+      "-a task,never"
+    ];
+  };
+}
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 4c63d857c..5afb23687 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -86,17 +86,17 @@ in {
                       ["make \
                             test \
                             ssh=${sshWrapper} \
-                            target=build@localhost:${config.users.users.build.home}/testbuild \
+                            target=build@localhost${config.users.users.build.home}/testbuild \
                             method=build \
                             system={}".format(i)])
 
-        for i in [ "pornocauster", "wry" ]:
+        for i in [ "pornocauster", "wry", "vbob", "wbob", "shoney" ]:
           addShell(f,name="build-{}".format(i),env=env_makefu,
                   command=nixshell + \
                       ["make \
                             test \
                             ssh=${sshWrapper} \
-                            target=build@localhost:${config.users.users.build.home}/testbuild \
+                            target=build@localhost${config.users.users.build.home}/testbuild \
                             method=build \
                             system={}".format(i)])
 
@@ -147,7 +147,7 @@ in {
     password = "lasspass";
     packages = with pkgs; [ gnumake jq nix populate ];
     extraEnviron = {
-      NIX_PATH="nixpkgs=/var/src/nixpkgs";
+      NIX_PATH="/var/src";
     };
   };
   config.krebs.iptables = {
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 81abff3ed..622ef1185 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -3,13 +3,14 @@
 with config.krebs.lib;
 {
   imports = [
-    ../2configs/vim.nix
-    ../2configs/zsh.nix
-    ../2configs/mc.nix
-    ../2configs/retiolum.nix
-    ../2configs/nixpkgs.nix
+    ../2configs/audit.nix
     ../2configs/binary-cache/client.nix
     ../2configs/gc.nix
+    ../2configs/mc.nix
+    ../2configs/nixpkgs.nix
+    ../2configs/retiolum.nix
+    ../2configs/vim.nix
+    ../2configs/zsh.nix
     ./backups.nix
     {
       users.extraUsers =
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index cf9b631c8..597d20721 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -5,9 +5,6 @@ with config.krebs.lib;
 let
   rpc-password = import <secrets/transmission-pw>;
 in {
-  imports = [
-    ../3modules/folderPerms.nix
-  ];
 
   users.extraUsers = {
     download = {
@@ -64,15 +61,4 @@ in {
       { predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
     ];
   };
-
-  lass.folderPerms = {
-    enable = true;
-    permissions = [
-      {
-        path = "/var/download";
-        permission = "775";
-        owner = "transmission:download";
-      }
-    ];
-  };
 }
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 1ba99c8cb..00a3612fd 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -27,7 +27,6 @@ with config.krebs.lib;
       { from = "lass@aidsballs.de"; to = lass.mail; }
       { from = "wordpress@ubikmedia.de"; to = lass.mail; }
       { from = "finanzamt@lassul.us"; to = lass.mail; }
-      { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
       { from = "netzclub@lassul.us"; to = lass.mail; }
       { from = "nebenan@lassul.us"; to = lass.mail; }
     ];
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 0f940a369..b758bc24a 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -1,8 +1,8 @@
 { ... }:
 
 {
-  krebs.build.source.nixpkgs = {
+  krebs.build.source.nixpkgs.git = {
       url = https://github.com/lassulus/nixpkgs;
-      rev = "446d4c1fc10f53cf97abea1996d067ad93de2ded";
+      ref = "c6ca9c8c8b7eb8f8e68868e36fb90e162adf080f";
     };
 }
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index 45a4e2afd..027f31fe0 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -91,12 +91,11 @@ in {
     (sync-remote "repo-sync" "https://github.com/makefu/repo-sync")
     (sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger")
     (sync-remote "xintmap" "https://github.com/4z3/xintmap")
+    (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper")
     (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs")
     (sync-retiolum "go")
     (sync-retiolum "much")
     (sync-retiolum "newsbot-js")
-    (sync-retiolum "painload")
-    (sync-retiolum "realwallpaper")
     (sync-retiolum "stockholm")
     (sync-retiolum "wai-middleware-time")
     (sync-retiolum "web-routes-wai-custom")
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index 89e0f217a..eba40532d 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -12,7 +12,7 @@
     };
   };
 
-  krebs.retiolum = {
+  krebs.tinc.retiolum = {
     enable = true;
     connectTo = [
       "prism"
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 07df2e8de..becd1a872 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -110,14 +110,6 @@ in {
     };
   };
 
-  users.users.domsen = {
-    uid = genid "domsen";
-    description = "maintenance acc for domsen";
-    home = "/home/domsen";
-    useDefaultShell = true;
-    extraGroups = [ "nginx" ];
-    createHome = true;
-  };
 
   #services.phpfpm.phpOptions = ''
   #  extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
@@ -133,5 +125,40 @@ in {
     cat ${pkgs.php}/etc/php-recommended.ini > $out
     echo "$options" >> $out
   '';
+
+  # MAIL STUFF
+  # TODO: make into its own module
+    services.dovecot2 = {
+      enable = true;
+      mailLocation = "maildir:~/Mail";
+    };
+    krebs.iptables.tables.filter.INPUT.rules = [
+      { predicate = "-p tcp --dport pop3"; target = "ACCEPT"; }
+      { predicate = "-p tcp --dport imap"; target = "ACCEPT"; }
+    ];
+  krebs.exim-smarthost = {
+    internet-aliases = [
+      { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
+      { from = "mail@jla-trading.com"; to = "jla-trading"; }
+    ];
+    system-aliases = [
+    ];
+  };
+
+  users.users.domsen = {
+    uid = genid "domsen";
+    description = "maintenance acc for domsen";
+    home = "/home/domsen";
+    useDefaultShell = true;
+    extraGroups = [ "nginx" ];
+    createHome = true;
+  };
+
+  users.users.jla-trading = {
+    uid = genid "jla-trading";
+    home = "/home/jla-trading";
+    useDefaultShell = true;
+    createHome = true;
+  };
 }
 
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 39f0cce06..48d96b1bf 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -7,6 +7,7 @@ let
     head
   ;
   inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
+    manageCerts
     ssl
     servePage
     serveWordpress
@@ -48,6 +49,9 @@ in {
 
     (ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
     (servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
+
+    (manageCerts [ "goldbarrendiebstahl.radical-dreamers.de" ])
+    (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
   ];
 
   lass.mysqlBackup.config.all.databases = [
@@ -74,6 +78,16 @@ in {
     config.krebs.users.fritz.pubkey
   ];
 
+  users.users.goldbarrendiebstahl = {
+    home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de";
+    uid = genid "goldbarrendiebstahl";
+    createHome = true;
+    useDefaultShell = true;
+    openssh.authorizedKeys.keys = [
+      config.krebs.users.fritz.pubkey
+    ];
+  };
+
   services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
      options = ''
       extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
author	tv <tv@krebsco.de>	2016-07-22 13:22:13 +0200
committer	tv <tv@krebsco.de>	2016-07-22 13:22:13 +0200
commit	45c62ec4d3ec61ba593657676f5a09d47622564e (patch)
tree	7937fbefaddc5e0168e44ab1d6e355c42192d7e8 /lass
parent	8b58e6e6e25e38586f3cc8879aa0444d4fdf6f0d (diff)
parent	0bd78c3b0de0fa79322e9031f45dcc62abd094d1 (diff)