summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2018-12-05 16:41:38 +0100
committermakefu <github@syntax-fehler.de>2018-12-05 16:41:38 +0100
commita4556a17f6639efe13e709bf53af15bb2a70c82d (patch)
treec81f829077d32fce39baaf7bfa526d8cac071879 /lass
parent1859d6653a12e1bfda9465780610f63da8f5ce69 (diff)
parente4750d38e76db94a0b255fa143408b8cbe38b61b (diff)
Merge remote-tracking branch 'lass/master' into HEAD
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/archprism/config.nix276
-rw-r--r--lass/1systems/icarus/config.nix4
-rw-r--r--lass/1systems/mors/config.nix5
-rw-r--r--lass/1systems/prism/config.nix14
-rw-r--r--lass/1systems/shodan/config.nix3
-rw-r--r--lass/1systems/yellow/config.nix37
-rw-r--r--lass/2configs/binary-cache/server.nix1
-rw-r--r--lass/2configs/blue-host.nix1
-rw-r--r--lass/2configs/mail.nix10
-rw-r--r--lass/2configs/radio.nix3
-rw-r--r--lass/2configs/websites/fritz.nix70
-rw-r--r--lass/2configs/websites/lassulus.nix6
-rw-r--r--lass/3modules/xjail.nix2
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix1
-rw-r--r--lass/5pkgs/emot-menu/default.nix31
-rw-r--r--lass/5pkgs/fzfmenu/default.nix14
16 files changed, 108 insertions, 370 deletions
diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix
index bed8961b8..0a2ab1611 100644
--- a/lass/1systems/archprism/config.nix
+++ b/lass/1systems/archprism/config.nix
@@ -6,26 +6,10 @@ with import <stockholm/lib>;
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/libvirt.nix>
- {
- services.nginx.enable = true;
- imports = [
- <stockholm/lass/2configs/websites/domsen.nix>
- <stockholm/lass/2configs/websites/lassulus.nix>
- ];
- # needed by domsen.nix ^^
- lass.usershadow = {
- enable = true;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
- ];
- }
{ # TODO make new hfos.nix out of this vv
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = {
- uid = genid "riot";
+ uid = genid_uint31 "riot";
isNormalUser = true;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
@@ -42,153 +26,7 @@ with import <stockholm/lib>;
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; }
];
}
- {
- users.users.tv = {
- uid = genid "tv";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.tv.pubkey
- ];
- };
- users.users.makefu = {
- uid = genid "makefu";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.makefu.pubkey
- ];
- };
- users.extraUsers.dritter = {
- uid = genid "dritter";
- isNormalUser = true;
- extraGroups = [
- "download"
- ];
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
- ];
- };
- users.extraUsers.juhulian = {
- uid = 1339;
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
- ];
- };
- users.users.hellrazor = {
- uid = genid "hellrazor";
- isNormalUser = true;
- extraGroups = [
- "download"
- ];
- openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
- };
- }
- {
- #hotdog
- systemd.services."container@hotdog".reloadIfChanged = mkForce false;
- containers.hotdog = {
- config = { ... }: {
- imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
- environment.systemPackages = [ pkgs.git ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- };
- autoStart = true;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.1";
- localAddress = "10.233.2.2";
- };
- }
- <stockholm/lass/2configs/exim-smarthost.nix>
- <stockholm/lass/2configs/ts3.nix>
- <stockholm/lass/2configs/privoxy-retiolum.nix>
- <stockholm/lass/2configs/radio.nix>
- <stockholm/lass/2configs/binary-cache/server.nix>
- <stockholm/lass/2configs/iodined.nix>
- <stockholm/lass/2configs/paste.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/monitoring/prometheus-server.nix>
- { # quasi bepasty.nix
- imports = [
- <stockholm/lass/2configs/bepasty.nix>
- ];
- krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
- if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
- return 403;
- }
- '';
- }
- {
- services.tor = {
- enable = true;
- };
- }
- {
- lass.ejabberd = {
- enable = true;
- hosts = [ "lassul.us" ];
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
- ];
- }
- {
- imports = [
- <stockholm/lass/2configs/realwallpaper.nix>
- ];
- services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
- alias /var/realwallpaper/realwallpaper.png;
- '';
- }
- {
- users.users.jeschli = {
- uid = genid "jeschli";
- isNormalUser = true;
- openssh.authorizedKeys.keys = with config.krebs.users; [
- jeschli.pubkey
- jeschli-bln.pubkey
- jeschli-bolide.pubkey
- jeschli-brauerei.pubkey
- ];
- };
- krebs.git.rules = [
- {
- user = with config.krebs.users; [
- jeschli
- jeschli-bln
- jeschli-bolide
- jeschli-brauerei
- ];
- repo = [ config.krebs.git.repos.xmonad-stockholm ];
- perm = with git; push "refs/heads/jeschli*" [ fast-forward non-fast-forward create delete merge ];
- }
- {
- user = with config.krebs.users; [
- jeschli
- jeschli-bln
- jeschli-bolide
- jeschli-brauerei
- ];
- repo = [ config.krebs.git.repos.stockholm ];
- perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ];
- }
- ];
- }
- {
- krebs.repo-sync.repos.stockholm.timerConfig = {
- OnBootSec = "5min";
- OnUnitInactiveSec = "2min";
- RandomizedDelaySec = "2min";
- };
- }
- <stockholm/lass/2configs/downloading.nix>
- <stockholm/lass/2configs/minecraft.nix>
{
services.taskserver = {
enable = true;
@@ -201,123 +39,11 @@ with import <stockholm/lib>;
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
];
}
- #<stockholm/lass/2configs/go.nix>
- {
- environment.systemPackages = [ pkgs.cryptsetup ];
- systemd.services."container@red".reloadIfChanged = mkForce false;
- containers.red = {
- config = { ... }: {
- environment.systemPackages = [ pkgs.git ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- };
- autoStart = false;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.3";
- localAddress = "10.233.2.4";
- };
- services.nginx.virtualHosts."rote-allez-fraktion.de" = {
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- extraConfig = ''
- proxy_set_header Host rote-allez-fraktion.de;
- proxy_pass http://10.233.2.4;
- '';
- };
- };
- }
- #{
- # imports = [ <stockholm/lass/2configs/backup.nix> ];
- # lass.restic = genAttrs [
- # "daedalus"
- # "icarus"
- # "littleT"
- # "mors"
- # "shodan"
- # "skynet"
- # ] (dest: {
- # dirs = [
- # "/home/chat/.weechat"
- # "/bku/sql_dumps"
- # ];
- # passwordFile = (toString <secrets>) + "/restic/${dest}";
- # repo = "sftp:backup@${dest}.r:/backups/prism";
- # extraArguments = [
- # "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
- # ];
- # timerConfig = {
- # OnCalendar = "00:05";
- # RandomizedDelaySec = "5h";
- # };
- # });
- #}
- {
- users.users.download.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
- ];
- }
- {
- }
- {
- lass.nichtparasoup.enable = true;
- services.nginx = {
- enable = true;
- virtualHosts."lol.lassul.us" = {
- forceSSL = true;
- enableACME = true;
- locations."/".extraConfig = ''
- proxy_pass http://localhost:5001;
- '';
- };
- };
- }
- {
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = [
- { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
- { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.POSTROUTING.rules = [
- { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
- ];
- networking.wireguard.interfaces.wg0 = {
- ips = [ "10.244.1.1/24" ];
- listenPort = 51820;
- privateKeyFile = (toString <secrets>) + "/wireguard.key";
- allowedIPsAsRoutes = true;
- peers = [
- {
- # lass-android
- allowedIPs = [ "10.244.1.2/32" ];
- publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
- }
- ];
- };
- }
{
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
];
}
- {
- services.murmur.enable = true;
- services.murmur.registerName = "lassul.us";
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
- ];
-
- }
];
krebs.build.host = config.krebs.hosts.archprism;
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 1957c8ba4..d2d4bd3eb 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -25,9 +25,5 @@
macchanger
dpass
];
- services.redshift = {
- enable = true;
- provider = "geoclue2";
- };
programs.adb.enable = true;
}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index cac13be2b..207c7c640 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -102,6 +102,7 @@ with import <stockholm/lib>;
urban
mk_sql_pair
remmina
+ transmission
iodine
@@ -148,10 +149,6 @@ with import <stockholm/lib>;
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true;
- services.redshift = {
- enable = true;
- provider = "geoclue2";
- };
lass.restic = genAttrs [
"daedalus"
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 24fa3fd7a..e2097e93a 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -25,7 +25,7 @@ with import <stockholm/lib>;
{ # TODO make new hfos.nix out of this vv
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = {
- uid = genid "riot";
+ uid = genid_uint31 "riot";
isNormalUser = true;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
@@ -44,21 +44,21 @@ with import <stockholm/lib>;
}
{
users.users.tv = {
- uid = genid "tv";
+ uid = genid_uint31 "tv";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
];
};
users.users.makefu = {
- uid = genid "makefu";
+ uid = genid_uint31 "makefu";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.makefu.pubkey
];
};
users.extraUsers.dritter = {
- uid = genid "dritter";
+ uid = genid_uint31 "dritter";
isNormalUser = true;
extraGroups = [
"download"
@@ -75,7 +75,7 @@ with import <stockholm/lib>;
];
};
users.users.hellrazor = {
- uid = genid "hellrazor";
+ uid = genid_uint31 "hellrazor";
isNormalUser = true;
extraGroups = [
"download"
@@ -168,7 +168,7 @@ with import <stockholm/lib>;
}
{
users.users.jeschli = {
- uid = genid "jeschli";
+ uid = genid_uint31 "jeschli";
isNormalUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
jeschli.pubkey
@@ -388,7 +388,7 @@ with import <stockholm/lib>;
system.activationScripts.downloadFolder = ''
mkdir -p /var/download
chmod 775 /var/download
- ln -fs /var/lib/containers/yellow/var/download/finished /var/download/finished || :
+ ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
chown download: /var/download/finished
'';
}
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index 8405b0f1f..39c0791fc 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -8,14 +8,13 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/git.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix>
+ <stockholm/lass/2configs/blue-host.nix>
];
krebs.build.host = config.krebs.hosts.shodan;
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index ee14986ac..ff7b23687 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -32,16 +32,51 @@ with import <stockholm/lib>;
};
};
+ services.nginx = {
+ enable = true;
+ package = pkgs.nginx.override {
+ modules = with pkgs.nginxModules; [
+ fancyindex
+ ];
+ };
+ virtualHosts."dl" = {
+ default = true;
+ locations."/Nginx-Fancyindex-Theme-dark" = {
+ extraConfig = ''
+ alias ${pkgs.fetchFromGitHub {
+ owner = "Naereen";
+ repo = "Nginx-Fancyindex-Theme";
+ rev = "e84f7d6a32085c2b6238f85f5fdebe9ceb710fc4";
+ sha256 = "0wzl4ws2w8f0749vxfd1c8c21p3jw463wishgfcmaljbh4dwplg6";
+ }}/Nginx-Fancyindex-Theme-dark;
+ autoindex on;
+ '';
+ };
+ locations."/" = {
+ root = "/var/download/finished";
+ extraConfig = ''
+ fancyindex on;
+ fancyindex_header "/Nginx-Fancyindex-Theme-dark/header.html";
+ fancyindex_footer "/Nginx-Fancyindex-Theme-dark/footer.html";
+ dav_methods PUT DELETE MKCOL COPY MOVE;
+
+ create_full_put_path on;
+ dav_access all:r;
+ '';
+ };
+ };
+ };
+
krebs.iptables = {
enable = true;
tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
];
};
- services.nginx.enable = true;
services.openvpn.servers.nordvpn.config = ''
client
dev tun
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
index 86158c468..d3775b5df 100644
--- a/lass/2configs/binary-cache/server.nix
+++ b/lass/2configs/binary-cache/server.nix
@@ -26,6 +26,7 @@
'';
};
virtualHosts."cache.krebsco.de" = {
+ forceSSL = true;
serverAliases = [ "cache.lassul.us" ];
enableACME = true;
locations."/".extraConfig = ''
diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
index fba996743..9cf294afd 100644
--- a/lass/2configs/blue-host.nix
+++ b/lass/2configs/blue-host.nix
@@ -81,6 +81,7 @@ in {
host = "${host}.r",
targetdir = "/var/lib/containers/.blue",
rsync = {
+ archive = true,
owner = true,
group = true,
};
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 9ea91ae19..36e797a96 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -174,6 +174,16 @@ let
macro pager a "<modify-labels>-archive\n" # tag as Archived
+ bind index U noop
+ bind index u noop
+ bind pager U noop
+ bind pager u noop
+ macro index U "<modify-labels>+unread\n"
+ macro index u "<modify-labels>-unread\n"
+ macro pager U "<modify-labels>+unread\n"
+ macro pager u "<modify-labels>-unread\n"
+
+
bind index t noop
bind pager t noop
macro index t "<modify-labels>" # tag as Archived
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 85faded14..987632cd1 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -5,7 +5,6 @@ with import <stockholm/lib>;
let
name = "radio";
mainUser = config.users.extraUsers.mainUser;
- inherit (import <stockholm/lib>) genid;
admin-password = import <secrets/icecast-admin-pw>;
source-password = import <secrets/icecast-source-pw>;
@@ -31,7 +30,7 @@ in {
"${name}" = rec {
inherit name;
group = name;
- uid = genid name;
+ uid = genid_uint31 name;
description = "radio manager";
home = "/home/${name}";
useDefaultShell = true;
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
deleted file mode 100644
index 14d6ce9ec..000000000
--- a/lass/2configs/websites/fritz.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with lib;
-let
- inherit (import <stockholm/lib>)
- genid
- head
- ;
- inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
- servePage
- serveWordpress
- ;
-
- msmtprc = pkgs.writeText "msmtprc" ''
- account default
- host localhost
- '';
-
- sendmail = pkgs.writeDash "msmtp" ''
- exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
- '';
-
-in {
-
- services.nginx.enable = true;
-
- imports = [
- ./default.nix
- ./sqlBackup.nix
-
- (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])
-
- (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ])
-
- (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
-
- (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
-
- (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
-
- (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
-
- (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
- ];
-
- lass.mysqlBackup.config.all.databases = [
- "eastuttgart_de"
- "radical_dreamers_de"
- "spielwaren_kern_de"
- "ttf_kleinaspach_de"
- ];
-
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.fritz.pubkey
- ];
-
- users.users.goldbarrendiebstahl = {
- home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de";
- uid = genid "goldbarrendiebstahl";
- createHome = true;
- useDefaultShell = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.fritz.pubkey
- ];
- };
-
- services.phpfpm.phpOptions = ''
- sendmail_path = ${sendmail} -t
- '';
-}
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 6470d86f7..17af0d00d 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -3,7 +3,7 @@
with lib;
let
inherit (import <stockholm/lib>)
- genid
+ genid_uint31
;
in {
@@ -22,7 +22,7 @@ in {
krebs.tinc_graphs.enable = true;
users.users.lass-stuff = {
- uid = genid "lass-stuff";
+ uid = genid_uint31 "lass-stuff";
description = "lassul.us blog cgi stuff";
home = "/var/empty";
};
@@ -124,7 +124,7 @@ in {
};
users.users.blog = {
- uid = genid "blog";
+ uid = genid_uint31 "blog";
description = "lassul.us blog deployment";
home = "/srv/http/lassul.us";
useDefaultShell = true;
diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix
index 974e11c6e..f6ce7ccc9 100644
--- a/lass/3modules/xjail.nix
+++ b/lass/3modules/xjail.nix
@@ -142,7 +142,7 @@ with import <stockholm/lib>;
users.users = mapAttrs' (_: cfg:
nameValuePair cfg.name {
- uid = genid cfg.name;
+ uid = genid_uint31 cfg.name;
home = "/home/${cfg.name}";
useDefaultShell = true;
createHome = true;
diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix
index c020f975c..f86a4a69b 100644
--- a/lass/5pkgs/custom/xmonad-lass/default.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@@ -113,6 +113,7 @@ myKeyMap =
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
, ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
, ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type")
+ , ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons")
, ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
diff --git a/lass/5pkgs/emot-menu/default.nix b/lass/5pkgs/emot-menu/default.nix
new file mode 100644
index 000000000..d5d84e456
--- /dev/null
+++ b/lass/5pkgs/emot-menu/default.nix
@@ -0,0 +1,31 @@
+{ coreutils, dmenu, gnused, writeDashBin, writeText, xdotool }: let
+
+ emoticons = writeText "emoticons" ''
+¯\(°_o)/¯ | dunno lol shrug dlol
+¯\_(ツ)_/¯ | dunno lol shrug dlol
+( ͡° ͜ʖ ͡°) | lenny
+¯\_( ͡° ͜ʖ ͡°)_/¯ | lenny shrug dlol
+( ゚д゚) | aaah sad noo
+ヽ(^o^)丿 | hi yay hello
+(^o^; | ups hehe
+(^∇^) | yay
+┗(`皿´)┛ | angry argh
+ヾ(^_^) byebye!! | bye
+<(^.^<) <(^.^)> (>^.^)> (7^.^)7 (>^.^<) | dance
+(-.-)Zzz... | sleep
+(∩╹□╹∩) | oh noes woot
+™ | tm
+ζ | zeta
+(╯°□°)╯ ┻━┻ | table flip
+(」゜ロ゜)」 | why woot
+ '';
+
+in
+writeDashBin "emoticons" ''
+ set -efu
+
+ data=$(${coreutils}/bin/cat ${emoticons})
+ emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//')
+ ${xdotool}/bin/xdotool type -- "$emoticon"
+ exit 0
+''
diff --git a/lass/5pkgs/fzfmenu/default.nix b/lass/5pkgs/fzfmenu/default.nix
index 6b5899359..905a5ce6b 100644
--- a/lass/5pkgs/fzfmenu/default.nix
+++ b/lass/5pkgs/fzfmenu/default.nix
@@ -12,8 +12,20 @@ pkgs.writeDashBin "fzfmenu" ''
shift
break
;;
+ -l)
+ # no reason to filter number of lines
+ LINES="$2"
+ shift
+ shift
+ break
+ ;;
+ -i)
+ # we do this anyway
+ shift
+ break
+ ;;
*)
- echo "Unknown option $1"
+ echo "Unknown option $1" >&2
shift
;;
esac