diff options
author | tv <tv@krebsco.de> | 2015-12-20 19:37:46 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2015-12-20 19:37:46 +0100 |
commit | c89907175546aa0c39bc6b2c4960f0ea6e6db8c9 (patch) | |
tree | 158bf1a5938fc37efc466b00b3f0906ac2a50d9f /makefu/1systems/gum.nix | |
parent | c09bc6a29f21f1c6bd21575e385b8b3bc5c89b8a (diff) | |
parent | 5821d8438578db623a3e248c52fefa424fad0b51 (diff) |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/1systems/gum.nix')
-rw-r--r-- | makefu/1systems/gum.nix | 68 |
1 files changed, 57 insertions, 11 deletions
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 85cf4c533..417a020fa 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -9,24 +9,71 @@ in { # TODO: copy this config or move to krebs ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix + ../2configs/fs/simple-swap.nix + ../2configs/fs/single-partition-ext4.nix # ../2configs/iodined.nix - - # Reaktor - ../2configs/Reaktor/simpleExtend.nix + ../2configs/git/cgit-retiolum.nix + ../2configs/mattermost-docker.nix + ../2configs/nginx/euer.test.nix ]; + + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + + ###### stable + krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; + krebs.retiolum.extraConfig = '' + ListenAddress = ${external-ip} 53 + ListenAddress = ${external-ip} 655 + ListenAddress = ${external-ip} 21031 + ''; - krebs.Reaktor.enable = true; + # Chat + environment.systemPackages = with pkgs;[ + weechat + bepasty-client-cli + get + ]; + services.bitlbee.enable = true; - # prepare graphs - krebs.nginx.enable = true; + # Hardware + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; + boot.kernelModules = [ "kvm-intel" ]; + # Network + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" + ''; + boot.kernelParams = [ "ipv6.disable=1" ]; networking = { - firewall.allowPing = true; - firewall.allowedTCPPorts = [ 80 443 655 ]; - firewall.allowedUDPPorts = [ 655 ]; - interfaces.enp2s1.ip4 = [{ + enableIPv6 = false; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # tinc + 655 + # tinc-shack + 21032 + # tinc-retiolum + 21031 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + # tinc-retiolum + 21031 + # tinc-shack + 21032 + ]; + }; + interfaces.et0.ip4 = [{ address = external-ip; prefixLength = 24; }]; @@ -34,5 +81,4 @@ in { nameservers = [ "8.8.8.8" ]; }; - # based on ../../tv/2configs/CAC-Developer-2.nix } |