summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/iptables.nix3
-rw-r--r--krebs/3modules/lass/default.nix6
-rw-r--r--lass/1systems/cloudkrebs.nix4
-rw-r--r--lass/1systems/dishfire.nix17
-rw-r--r--lass/1systems/echelon.nix3
-rw-r--r--lass/1systems/helios.nix1
-rw-r--r--lass/1systems/mors.nix133
-rw-r--r--lass/1systems/prism.nix22
-rw-r--r--lass/1systems/uriel.nix6
-rw-r--r--lass/2configs/backups.nix99
-rw-r--r--lass/2configs/baseX.nix3
-rw-r--r--lass/2configs/default.nix (renamed from lass/2configs/base.nix)26
-rw-r--r--lass/2configs/downloading.nix1
-rw-r--r--lass/2configs/exim-retiolum.nix14
-rw-r--r--lass/2configs/exim-smarthost.nix50
-rw-r--r--lass/2configs/fastpoke-pages.nix101
-rw-r--r--lass/2configs/games.nix2
-rw-r--r--lass/2configs/newsbot-js.nix1
-rw-r--r--lass/2configs/pass.nix1
-rw-r--r--lass/2configs/websites/domsen.nix75
-rw-r--r--lass/2configs/websites/fritz.nix61
-rw-r--r--lass/2configs/websites/wohnprojekt-rhh.de.nix17
-rw-r--r--lass/4lib/default.nix225
-rw-r--r--lass/5pkgs/acronym/default.nix11
-rw-r--r--lass/5pkgs/default.nix2
-rw-r--r--lass/5pkgs/mk_sql_pair/default.nix19
-rw-r--r--lass/5pkgs/urban/default.nix21
-rw-r--r--makefu/1systems/gum.nix4
-rw-r--r--makefu/3modules/default.nix1
-rw-r--r--makefu/3modules/taskserver.nix60
-rw-r--r--makefu/5pkgs/default.nix3
-rw-r--r--makefu/5pkgs/taskserver/default.nix43
32 files changed, 747 insertions, 288 deletions
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index 9596229de..4b99873a1 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -20,6 +20,7 @@ let
flatten
length
hasAttr
+ hasPrefix
mkEnableOption
mkOption
mkIf
@@ -123,7 +124,7 @@ let
buildRule = tn: cn: rule:
#target validation test:
- assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}")));
+ assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target;
#predicate validation test:
#maybe use iptables-test
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index b4686894e..adca66dad 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -12,6 +12,7 @@ with config.krebs.lib;
aliases = [
"dishfire.internet"
];
+ ssh.port = 45621;
};
retiolum = {
via = internet;
@@ -44,6 +45,7 @@ with config.krebs.lib;
aliases = [
"echelon.internet"
];
+ ssh.port = 45621;
};
retiolum = {
via = internet;
@@ -79,6 +81,7 @@ with config.krebs.lib;
aliases = [
"prism.internet"
];
+ ssh.port = 45621;
};
retiolum = {
via = internet;
@@ -143,6 +146,7 @@ with config.krebs.lib;
aliases = [
"cloudkrebs.internet"
];
+ ssh.port = 45621;
};
retiolum = {
via = internet;
@@ -174,6 +178,7 @@ with config.krebs.lib;
gg23 = {
ip4.addr = "10.23.1.12";
aliases = ["uriel.gg23"];
+ ssh.port = 45621;
};
retiolum = {
ip4.addr = "10.243.81.176";
@@ -205,6 +210,7 @@ with config.krebs.lib;
gg23 = {
ip4.addr = "10.23.1.11";
aliases = ["mors.gg23"];
+ ssh.port = 45621;
};
retiolum = {
ip4.addr = "10.243.0.2";
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index 6cfba567a..1bfb11502 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -8,9 +8,9 @@ in {
imports = [
../.
../2configs/os-templates/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
+ ../2configs/default.nix
+ ../2configs/exim-retiolum.nix
../2configs/retiolum.nix
- ../2configs/fastpoke-pages.nix
../2configs/git.nix
../2configs/realwallpaper.nix
{
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index c7d016cd3..dd1d1e541 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -4,7 +4,8 @@
imports = [
../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
- ../2configs/base.nix
+ ../2configs/default.nix
+ ../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/websites/fritz.nix
{
@@ -26,10 +27,19 @@
fsType = "ext4";
};
+ fileSystems."/srv/http" = {
+ device = "/dev/pool/srv_http";
+ fsType = "ext4";
+ };
+
fileSystems."/boot" = {
device = "/dev/vda1";
fsType = "ext4";
};
+ fileSystems."/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "ext4";
+ };
}
{
networking.dhcpcd.allowInterfaces = [
@@ -40,6 +50,11 @@
{
sound.enable = false;
}
+ {
+ environment.systemPackages = with pkgs; [
+ mk_sql_pair
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.dishfire;
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index 80611ee80..97734a7bd 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -8,7 +8,8 @@ in {
imports = [
../.
../2configs/os-templates/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
+ ../2configs/default.nix
+ ../2configs/exim-retiolum.nix
../2configs/retiolum.nix
../2configs/realwallpaper-server.nix
../2configs/privoxy-retiolum.nix
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index cc98c2c5b..0c7c0d8e3 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -5,6 +5,7 @@ with builtins;
imports = [
../.
../2configs/baseX.nix
+ ../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/programs.nix
../2configs/git.nix
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 1f7a13c56..bdc9c3242 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -4,6 +4,7 @@
imports = [
../.
../2configs/baseX.nix
+ ../2configs/exim-retiolum.nix
../2configs/programs.nix
../2configs/bitcoin.nix
../2configs/browsers.nix
@@ -33,124 +34,28 @@
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
];
}
- {
- #static-nginx-test
- imports = [
- ../3modules/static_nginx.nix
- ];
- lass.staticPage."testserver.de" = {
- #sslEnable = true;
- #certificate = "${toString <secrets>}/testserver.de/server.cert";
- #certificate_key = "${toString <secrets>}/testserver.de/server.pem";
- ssl = {
- enable = true;
- certificate = "${toString <secrets>}/testserver.de/server.cert";
- certificate_key = "${toString <secrets>}/testserver.de/server.pem";
- };
- };
- networking.extraHosts = ''
- 10.243.0.2 testserver.de
- '';
- }
#{
- # #wordpress-test
- # #imports = singleton (sitesGenerators.createWordpress "testserver.de");
- # imports = [
- # ../3modules/wordpress_nginx.nix
- # ];
- # lass.wordpress."testserver.de" = {
- # multiSite = {
- # "1" = "testserver.de";
- # "2" = "bla.testserver.de";
- # };
- # };
-
# services.mysql = {
# enable = true;
# package = pkgs.mariadb;
# rootPassword = "<secrets>/mysql_rootPassword";
# };
- # networking.extraHosts = ''
- # 10.243.0.2 testserver.de
- # '';
- # krebs.iptables.tables.filter.INPUT.rules = [
- # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
- # ];
#}
#{
- # #owncloud-test
- # #imports = singleton (sitesGenerators.createWordpress "testserver.de");
- # imports = [
- # ../3modules/owncloud_nginx.nix
- # ];
- # lass.owncloud."owncloud-test.de" = {
+ # services.elasticsearch = {
+ # enable = true;
+ # plugins = [
+ # # pkgs.elasticsearchPlugins.elasticsearch_kopf
+ # ];
+ # };
+ #}
+ #{
+ # services.postgresql = {
+ # enable = true;
+ # package = pkgs.postgresql;
# };
-
- # #services.mysql = {
- # # enable = true;
- # # package = pkgs.mariadb;
- # # rootPassword = "<secrets>/mysql_rootPassword";
- # #};
- # networking.extraHosts = ''
- # 10.243.0.2 owncloud-test.de
- # '';
- # krebs.iptables.tables.filter.INPUT.rules = [
- # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
- # ];
#}
{
- containers.pythonenv = {
- config = {
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
-
- environment = {
- systemPackages = with pkgs; [
- git
- libxml2
- libxslt
- libzip
- python27Full
- python27Packages.buildout
- stdenv
- zlib
- ];
-
- pathsToLink = [ "/include" ];
-
- shellInit = ''
- # help pip to find libz.so when building lxml
- export LIBRARY_PATH=/var/run/current-system/sw/lib
- # ditto for header files, e.g. sqlite
- export C_INCLUDE_PATH=/var/run/current-system/sw/include
- '';
- };
-
- };
- };
- }
- {
- services.mysql = {
- enable = true;
- package = pkgs.mariadb;
- rootPassword = "<secrets>/mysql_rootPassword";
- };
- }
- {
- services.elasticsearch = {
- enable = true;
- plugins = [
- # pkgs.elasticsearchPlugins.elasticsearch_kopf
- ];
- };
- }
- {
- services.postgresql = {
- enable = true;
- package = pkgs.postgresql;
- };
}
];
@@ -158,15 +63,6 @@
networking.wireless.enable = true;
- networking.extraHosts = ''
- 213.239.205.240 wohnprojekt-rhh.de
- 213.239.205.240 karlaskop.de
- 213.239.205.240 makeup.apanowicz.de
- 213.239.205.240 pixelpocket.de
- 213.239.205.240 reich-gebaeudereinigung.de
- 213.239.205.240 o.ubikmedia.de
- '';
-
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
@@ -206,7 +102,7 @@
fsType = "ext4";
};
- "/mnt/backups" = {
+ "/bku" = {
device = "/dev/big/backups";
fsType = "ext4";
};
@@ -293,6 +189,9 @@
get
teamspeak_client
hashPassword
+ urban
+ mk_sql_pair
+ skype
];
#TODO: fix this shit
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 20c919b9b..3eb208935 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -5,12 +5,14 @@ let
in {
imports = [
../.
- ../2configs/base.nix
+ ../2configs/default.nix
+ ../2configs/exim-smarthost.nix
../2configs/downloading.nix
../2configs/git.nix
../2configs/ts3.nix
../2configs/bitlbee.nix
../2configs/weechat.nix
+ ../2configs/privoxy-retiolum.nix
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
@@ -77,6 +79,18 @@ in {
device = "/dev/pool/download";
};
+ fileSystems."/srv/http" = {
+ device = "/dev/pool/http";
+ };
+
+ fileSystems."/srv/o.ubikmedia.de-data" = {
+ device = "/dev/pool/owncloud-ubik-data";
+ };
+
+ fileSystems."/bku" = {
+ device = "/dev/pool/bku";
+ };
+
}
{
sound.enable = false;
@@ -117,7 +131,7 @@ in {
}
{
users.users.chat.openssh.authorizedKeys.keys = [
- "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH"
+ "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBQjn/3n283RZkBs2CFqbpukyQ3zkLIjewRpKttPa5d4PUiT7/vOlutWH5EP4BxXQSoeZStx8D2alGjxfK+nfDvRJGGofpm23cN4j4i24Fcam1y1H7wqRXO1qbz5AB3qPg== JuiceSSH"
config.krebs.users.lass-uriel.pubkey
];
}
@@ -130,13 +144,13 @@ in {
../2configs/websites/domsen.nix
];
krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
];
}
{
services.tor = {
enable = true;
- client.enable = true;
};
}
];
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 4e4eca21f..92996c181 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -5,6 +5,7 @@ with builtins;
imports = [
../.
../2configs/baseX.nix
+ ../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/games.nix
../2configs/pass.nix
@@ -47,6 +48,11 @@ with builtins;
fsType = "ext4";
};
+ "/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "ext4";
+ };
+
"/boot" = {
device = "/dev/sda1";
};
diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix
new file mode 100644
index 000000000..ca9ff20a1
--- /dev/null
+++ b/lass/2configs/backups.nix
@@ -0,0 +1,99 @@
+{ config, lib, ... }:
+with config.krebs.lib;
+{
+
+ krebs.backup.plans = {
+ } // mapAttrs (_: recursiveUpdate {
+ snapshots = {
+ daily = { format = "%Y-%m-%d"; retain = 7; };
+ weekly = { format = "%YW%W"; retain = 4; };
+ monthly = { format = "%Y-%m"; retain = 12; };
+ yearly = { format = "%Y"; };
+ };
+ }) {
+ dishfire-http-prism = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; };
+ startAt = "03:00";
+ };
+ dishfire-http-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; };
+ startAt = "03:05";
+ };
+ dishfire-http-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-http"; };
+ startAt = "03:10";
+ };
+ dishfire-sql-prism = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; };
+ startAt = "03:15";
+ };
+ dishfire-sql-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; };
+ startAt = "03:20";
+ };
+ dishfire-sql-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-sql"; };
+ startAt = "03:25";
+ };
+ prism-chat-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
+ startAt = "03:30";
+ };
+ prism-chat-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; };
+ startAt = "03:35";
+ };
+ prism-sql-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
+ startAt = "03:40";
+ };
+ prism-sql-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; };
+ startAt = "03:45";
+ };
+ prism-http-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
+ startAt = "03:50";
+ };
+ prism-http-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; };
+ startAt = "03:55";
+ };
+ uriel-home-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.uriel; path = "/home"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/uriel-home"; };
+ startAt = "04:00";
+ };
+ mors-home-uriel = {
+ method = "push";
+ src = { host = config.krebs.hosts.mors; path = "/home"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; };
+ startAt = "05:00";
+ };
+ };
+}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 6c52240af..79fc4744f 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -4,7 +4,7 @@ let
mainUser = config.users.extraUsers.mainUser;
in {
imports = [
- ./base.nix
+ ./default.nix
#./urxvt.nix
./xserver
];
@@ -39,6 +39,7 @@ in {
push
slock
sxiv
+ xclip
xorg.xbacklight
xsel
zathura
diff --git a/lass/2configs/base.nix b/lass/2configs/default.nix
index 8017d4270..8c6078ba5 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/default.nix
@@ -7,10 +7,11 @@ with config.krebs.lib;
../2configs/zsh.nix
../2configs/mc.nix
../2configs/retiolum.nix
+ ./backups.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
- (import /root/secrets/hashedPasswords.nix);
+ (import <secrets/hashedPasswords.nix>);
}
{
users.extraUsers = {
@@ -18,7 +19,6 @@ with config.krebs.lib;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-uriel.pubkey
- config.krebs.users.lass-helios.pubkey
];
};
mainUser = {
@@ -45,7 +45,6 @@ with config.krebs.lib;
krebs = {
enable = true;
search-domain = "retiolum";
- exim-retiolum.enable = true;
build = {
user = config.krebs.users.lass;
source = mapAttrs (_: mkDefault) ({
@@ -55,7 +54,7 @@ with config.krebs.lib;
stockholm = "/home/lass/stockholm";
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
- rev = "40c586b7ce2c559374df435f46d673baf711c543";
+ rev = "e781a8257b4312f6b138c7d0511c77d8c06ed819";
dev = "/home/lass/src/nixpkgs";
};
} // optionalAttrs config.krebs.build.host.secure {
@@ -85,9 +84,12 @@ with config.krebs.lib;
MANPAGER=most
'';
+ nixpkgs.config.allowUnfree = true;
+
environment.systemPackages = with pkgs; [
#stockholm
git
+ gnumake
jq
parallel
proot
@@ -108,6 +110,11 @@ with config.krebs.lib;
#neat utils
krebspaste
+
+ #unpack stuff
+ p7zip
+ unzip
+ unrar
];
programs.bash = {
@@ -145,10 +152,6 @@ with config.krebs.lib;
'';
};
- security.setuidPrograms = [
- "sendmail"
- ];
-
services.openssh = {
enable = true;
hostKeys = [
@@ -165,6 +168,13 @@ with config.krebs.lib;
krebs.iptables = {
enable = true;
tables = {
+ nat.PREROUTING.rules = [
+ { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
+ { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
+ ];
+ nat.OUTPUT.rules = [
+ { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
+ ];
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 115cb8b61..ccd751413 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -20,6 +20,7 @@ in {
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
+ config.krebs.users.lass-uriel.pubkey
];
};
diff --git a/lass/2configs/exim-retiolum.nix b/lass/2configs/exim-retiolum.nix
new file mode 100644
index 000000000..ea2f553b8
--- /dev/null
+++ b/lass/2configs/exim-retiolum.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+{
+ krebs.exim-retiolum.enable = true;
+ krebs.setuid.sendmail = {
+ filename = "${pkgs.exim}/bin/exim";
+ mode = "4111";
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
+ ];
+}
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
new file mode 100644
index 000000000..e1aa29c49
--- /dev/null
+++ b/lass/2configs/exim-smarthost.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+{
+ krebs.exim-smarthost = {
+ enable = true;
+ dkim = [
+ { domain = "lassul.us"; }
+ ];
+ sender_domains = [
+ "lassul.us"
+ ];
+ relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
+ config.krebs.hosts.mors
+ config.krebs.hosts.uriel
+ config.krebs.hosts.helios
+ ];
+ internet-aliases = with config.krebs.users; [
+ { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
+ { from = "lass@lassul.us"; to = lass.mail; }
+ { from = "lassulus@lassul.us"; to = lass.mail; }
+ { from = "test@lassul.us"; to = lass.mail; }
+ { from = "outlook@lassul.us"; to = lass.mail; }
+ ];
+ system-aliases = [
+ { from = "mailer-daemon"; to = "postmaster"; }
+ { from = "postmaster"; to = "root"; }
+ { from = "nobody"; to = "root"; }
+ { from = "hostmaster"; to = "root"; }
+ { from = "usenet"; to = "root"; }
+ { from = "news"; to = "root"; }
+ { from = "webmaster"; to = "root"; }
+ { from = "www"; to = "root"; }
+ { from = "ftp"; to = "root"; }
+ { from = "abuse"; to = "root"; }
+ { from = "noc"; to = "root"; }
+ { from = "security"; to = "root"; }
+ { from = "root"; to = "lass"; }
+ ];
+ };
+
+ krebs.setuid.sendmail = {
+ filename = "${pkgs.exim}/bin/exim";
+ mode = "4111";
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
+ ];
+}
diff --git a/lass/2configs/fastpoke-pages.nix b/lass/2configs/fastpoke-pages.nix
deleted file mode 100644
index bf6ea8952..000000000
--- a/lass/2configs/fastpoke-pages.nix
+++ /dev/null
@@ -1,101 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-let
- createStaticPage = domain:
- {
- krebs.nginx.servers."${domain}" = {
- server-names = [
- "${domain}"
- "www.${domain}"
- ];
- locations = [
- (nameValuePair "/" ''
- root /var/lib/http/${domain};
- '')
- ];
- };
- #networking.extraHosts = ''
- # 10.243.206.102 ${domain}
- #'';
- users.extraUsers = {
- ${domain} = {
- name = domain;
- home = "/var/lib/http/${domain}";
- createHome = true;
- };
- };
- };
-
-in {
- imports = map createStaticPage [
- "habsys.de"
- "pixelpocket.de"
- "karlaskop.de"
- "ubikmedia.de"
- "apanowicz.de"
- ];
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport http"; target = "ACCEPT"; }