diff options
-rw-r--r-- | lass/1systems/blue/config.nix | 30 | ||||
-rw-r--r-- | lass/2configs/blue.nix | 55 |
2 files changed, 85 insertions, 0 deletions
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index b068c34b0..aef055cf0 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -5,7 +5,37 @@ with import <stockholm/lib>; <stockholm/lass> <stockholm/lass/2configs> <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + + <stockholm/lass/2configs/blue.nix> ]; krebs.build.host = config.krebs.hosts.blue; + + networking.nameservers = [ "1.1.1.1" ]; + + lass.restic = genAttrs [ + "daedalus" + "icarus" + "littleT" + "prism" + "shodan" + "skynet" + ] (dest: { + dirs = [ + "/home/" + "/var/lib" + ]; + passwordFile = (toString <secrets>) + "/restic/${dest}"; + repo = "sftp:backup@${dest}.r:/backups/blue"; + extraArguments = [ + "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" + ]; + timerConfig = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + }; + }); + time.timeZone = "Europe/Berlin"; + users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ]; } diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix new file mode 100644 index 000000000..c0417b865 --- /dev/null +++ b/lass/2configs/blue.nix @@ -0,0 +1,55 @@ +with (import <stockholm/lib>); +{ config, lib, pkgs, ... }: + +{ + + imports = [ + ./bitlbee.nix + ./mail.nix + ./pass.nix + ]; + + services.tor.enable = true; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} + { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";} + ]; + + systemd.services.chat = let + tmux = pkgs.writeDash "tmux" '' + exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' + set-option -g prefix ` + unbind-key C-b + bind ` send-prefix + + set-option -g status off + set-option -g default-terminal screen-256color + + #use session instead of windows + bind-key c new-session + bind-key p switch-client -p + bind-key n switch-client -n + bind-key C-s switch-client -l + ''} "$@" + ''; + in { + description = "chat environment setup"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = false; + + path = [ + pkgs.rxvt_unicode.terminfo + ]; + + serviceConfig = { + User = "lass"; + RemainAfterExit = true; + Type = "oneshot"; + ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat"; + ExecStop = "${tmux} kill-session -t IM"; + }; + }; +} |