summaryrefslogtreecommitdiffstats
path: root/2configs/lass
diff options
context:
space:
mode:
Diffstat (limited to '2configs/lass')
-rw-r--r--2configs/lass/base.nix70
-rw-r--r--2configs/lass/desktop-base.nix6
-rw-r--r--2configs/lass/fastpoke-pages.nix104
-rw-r--r--2configs/lass/git-repos.nix4
-rw-r--r--2configs/lass/identity.nix48
-rw-r--r--2configs/lass/retiolum.nix29
6 files changed, 221 insertions, 40 deletions
diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix
index 5e5b8a7b1..494cafa95 100644
--- a/2configs/lass/base.nix
+++ b/2configs/lass/base.nix
@@ -3,14 +3,37 @@
with lib;
{
imports = [
- ./sshkeys.nix
../../3modules/lass/iptables.nix
+ ../../2configs/lass/vim.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
(import /root/src/secrets/hashedPasswords.nix);
}
-
+ {
+ users.extraUsers = {
+ root = {
+ openssh.authorizedKeys.keys = map readFile [
+ ../../Zpubkeys/lass.ssh.pub
+ ];
+ };
+ mainUser = {
+ name = "lass";
+ uid = 1337;
+ home = "/home/lass";
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ extraGroups = [
+ "audio"
+ "wheel"
+ ];
+ openssh.authorizedKeys.keys = map readFile [
+ ../../Zpubkeys/lass.ssh.pub
+ ];
+ };
+ };
+ }
];
nix.useChroot = true;
@@ -30,6 +53,8 @@ with lib;
'';
environment.systemPackages = with pkgs; [
+ nmap
+
git
most
rxvt_unicode.terminfo
@@ -77,11 +102,11 @@ with lib;
"sendmail"
];
- services.gitolite = {
- enable = true;
- dataDir = "/home/gitolite";
- adminPubkey = config.sshKeys.lass.pub;
- };
+ #services.gitolite = {
+ # enable = true;
+ # dataDir = "/home/gitolite";
+ # adminPubkey = config.sshKeys.lass.pub;
+ #};
services.openssh = {
enable = true;
@@ -102,35 +127,12 @@ with lib;
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
- { predicate = "-i lo"; target = "ACCEPT"; }
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- { predicate = "-p icmp"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; }
+ { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
+ { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+ { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
+ { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
];
};
};
- #Networking.firewall = {
- # enable = true;
-
- # allowedTCPPorts = [
- # 22
- # ];
-
- # extraCommands = ''
- # iptables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
- # iptables -A INPUT -j ACCEPT -i lo
- # #http://serverfault.com/questions/84963/why-not-block-icmp
- # iptables -A INPUT -j ACCEPT -p icmp
-
- # #TODO: fix Retiolum firewall
- # #iptables -N RETIOLUM
- # #iptables -A INPUT -j RETIOLUM -i retiolum
- # #iptables -A RETIOLUM -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
- # #iptables -A RETIOLUM -j REJECT -p tcp --reject-with tcp-reset
- # #iptables -A RETIOLUM -j REJECT -p udp --reject-with icmp-port-unreachable
- # #iptables -A RETIOLUM -j REJECT --reject-with icmp-proto-unreachable
- # #iptables -A RETIOLUM -j REJECT
- # '';
- #};
}
diff --git a/2configs/lass/desktop-base.nix b/2configs/lass/desktop-base.nix
index ee7a94bc9..9b98e4a8b 100644
--- a/2configs/lass/desktop-base.nix
+++ b/2configs/lass/desktop-base.nix
@@ -55,11 +55,9 @@ in {
displayManager.auto.enable = true;
displayManager.auto.user = mainUser.name;
- layout = "us,de";
+ layout = "us";
xkbModel = "evdev";
- xkbVariant = "altgr-intl,nodeadkeys";
- xkbOptions = "grp:caps_toggle";
-
+ xkbVariant = "altgr-intl";
};
}
diff --git a/2configs/lass/fastpoke-pages.nix b/2configs/lass/fastpoke-pages.nix
new file mode 100644
index 000000000..4db4847f4
--- /dev/null
+++ b/2configs/lass/fastpoke-pages.nix
@@ -0,0 +1,104 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ createStaticPage = domain:
+ {
+ tv.nginx.servers."${domain}" = {
+ server-names = [
+ "${domain}"
+ "www.${domain}"
+ ];
+ locations = [
+ (nameValuePair "/" ''
+ root /var/lib/http/${domain};
+ '')
+ ];
+ };
+ #networking.extraHosts = ''
+ # 10.243.206.102 ${domain}
+ #'';
+ };
+
+in {
+ imports = [
+ ../../3modules/tv/nginx.nix
+ ../../3modules/lass/iptables.nix
+ ] ++ map createStaticPage [
+ "habsys.de"
+ "pixelpocket.de"
+ "karlaskop.de"
+ "ubikmedia.de"
+ "apanowicz.de"
+ "aidsballs.de"
+ ];
+
+ lass.iptables = {
+ tables = {
+ filter.INPUT.rules = [
+ { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
+ ];
+ };
+ };
+
+
+ tv.nginx = {
+ enable = true;
+ servers = {
+
+ #"habsys.de" = {
+ # server-names = [
+ # "habsys.de"
+ # "www.habsys.de"
+ # ];
+ # locations = [
+ # (nameValuePair "/" ''
+ # root /var/lib/http/habsys.de;
+ # '')
+ # ];
+ #};
+
+ #"karlaskop.de" = {
+ # server-names = [
+ # "karlaskop.de"
+ # "www.karlaskop.de"
+ # ];
+ # locations = [
+ # (nameValuePair "/" ''
+ # root /var/lib/http/karlaskop.de;
+ # '')
+ # ];
+ #};
+
+ #"pixelpocket.de" = {
+ # server-names = [
+ # "pixelpocket.de"
+ # "www.karlaskop.de"
+ # ];
+ # locations = [
+ # (nameValuePair "/" ''
+ # root /var/lib/http/karlaskop.de;
+ # '')
+ # ];
+ #};
+
+ };
+ };
+
+ networking.extraHosts = ''
+ 10.243.206.102 habsys.de karlaskop.de pixelpocket.de ubikmedia.de apanowicz.de
+ 10.243.206.102 aidsballs.de
+ '';
+
+ #services.postgresql = {
+ # enable = true;
+ #};
+
+ #config.services.vsftpd = {
+ # enable = true;
+ # userlistEnable = true;
+ # userlistFile = pkgs.writeFile "vsftpd-userlist" ''
+ # '';
+ #};
+}
diff --git a/2configs/lass/git-repos.nix b/2configs/lass/git-repos.nix
index c0c305b85..b4f446aef 100644
--- a/2configs/lass/git-repos.nix
+++ b/2configs/lass/git-repos.nix
@@ -39,7 +39,7 @@ let
post-receive = git.irc-announce {
nick = config.networking.hostName; # TODO make this the default
channel = "#retiolum";
- server = "ire.retiolum";
+ server = "cd.retiolum";
};
};
};
@@ -63,7 +63,7 @@ let
post-receive = git.irc-announce {
nick = config.networking.hostName; # TODO make this the default
channel = "#retiolum";
- server = "ire.retiolum";
+ server = "cd.retiolum";
};
};
public = true;
diff --git a/2configs/lass/identity.nix b/2configs/lass/identity.nix
new file mode 100644
index 000000000..bfaad14d2
--- /dev/null
+++ b/2configs/lass/identity.nix
@@ -0,0 +1,48 @@
+{ config, ... }:
+
+{
+ imports = [ ../../3modules/tv/identity.nix ];
+ tv.identity = {
+ enable = true;
+ search = "retiolum";
+ hosts = {
+ cloudkrebs = {
+ cores = 1;
+ dc = "lass"; #dc = "cac";
+ nets = rec {
+ internet = {
+ addrs4 = ["104.167.113.104"];
+ aliases = [
+ "cloudkrebs.internet"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.206.102"];
+ addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"];
+ aliases = [
+ "cloudkrebs.retiolum"
+ "cgit.cloudkrebs.retiolum"
+ "habsys.de"
+ "pixelpocket.de"
+ "karlaskop.de"
+ "ubikmedia.de"
+ "apanowicz.de"
+ "aidsballs.de"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAttUygCu7G6lIA9y+9rfTpLKIy2UgNDglUVoKZYLs8JPjtAtQVbtA
+ OcWwwPc8ijLQvwJWa8e/shqSzSIrtOe+HJbRGdXLdBLtOuLKpz+ZFHcS+95RS5aF
+ QTehg+QY7pvhbrrwKX936tkMR568suTQG6C8qNC/5jWYO/wIxFMhnQ2iRRKQOq1v
+ 3aGGPC16KeXKVioY9KoV98S3n1rZW1JK07CIsZU4qb5txtLlW6FplJ7UmhVku1WC
+ sgOOj9yi6Zk1t8R2Pwv9gxa3Hc270voj5U+I2hgLV/LjheE8yhQgYHEA4vXerPdO
+ TGSATlSmMtE2NYGrKsLM7pKn286aSpXinwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/2configs/lass/retiolum.nix b/2configs/lass/retiolum.nix
new file mode 100644
index 000000000..d1389ad2a
--- /dev/null
+++ b/2configs/lass/retiolum.nix
@@ -0,0 +1,29 @@
+{ ... }:
+
+{
+ imports = [
+ ../../3modules/lass/iptables.nix
+ ../../3modules/tv/retiolum.nix
+ ../../2configs/tv/exim-retiolum.nix
+ ];
+
+ lass.iptables = {
+ tables = {
+ filter.INPUT.rules = [
+ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
+ ];
+ };
+ };
+
+ tv.retiolum = {
+ enable = true;
+ hosts = ../../Zhosts;
+ connectTo = [
+ "fastpoke"
+ "cloudkrebs"
+ "pigstarter"
+ ];
+ };
+}