7 files changed, 92 insertions, 133 deletions

diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index 98f509050..5aa35f5a7 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -2,18 +2,18 @@
 
 let
   inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
-  inherit (lib) head;
 
-  ip = (head config.krebs.build.host.nets.internet.addrs4);
+  ip = config.krebs.build.host.nets.internet.ip4.addr;
 in {
   imports = [
     ../.
     ../2configs/os-templates/CAC-CentOS-7-64bit.nix
-    ../2configs/base.nix
+    ../2configs/default.nix
+    ../2configs/exim-retiolum.nix
     ../2configs/retiolum.nix
-    ../2configs/fastpoke-pages.nix
     ../2configs/git.nix
     ../2configs/realwallpaper.nix
+    ../2configs/privoxy-retiolum.nix
     {
       networking.interfaces.enp2s1.ip4 = [
         {
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index c7d016cd3..b5e551952 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -4,9 +4,9 @@
   imports = [
     ../.
     <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
-    ../2configs/base.nix
+    ../2configs/default.nix
+    ../2configs/exim-retiolum.nix
     ../2configs/git.nix
-    ../2configs/websites/fritz.nix
     {
       boot.loader.grub = {
         device = "/dev/vda";
@@ -26,10 +26,19 @@
         fsType = "ext4";
       };
 
+      fileSystems."/srv/http" = {
+        device = "/dev/pool/srv_http";
+        fsType = "ext4";
+      };
+
       fileSystems."/boot" = {
         device = "/dev/vda1";
         fsType = "ext4";
       };
+      fileSystems."/bku" = {
+        device = "/dev/pool/bku";
+        fsType = "ext4";
+      };
     }
     {
       networking.dhcpcd.allowInterfaces = [
@@ -40,6 +49,20 @@
     {
       sound.enable = false;
     }
+    {
+      environment.systemPackages = with pkgs; [
+        mk_sql_pair
+      ];
+    }
+    {
+      imports = [
+        ../2configs/websites/fritz.nix
+      ];
+      krebs.iptables.tables.filter.INPUT.rules = [
+         { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
+         { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
+      ];
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.dishfire;
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index 2ff6dba70..97734a7bd 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -2,14 +2,14 @@
 
 let
   inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
-  inherit (lib) head;
 
-  ip = (head config.krebs.build.host.nets.internet.addrs4);
+  ip = config.krebs.build.host.nets.internet.ip4.addr;
 in {
   imports = [
     ../.
     ../2configs/os-templates/CAC-CentOS-7-64bit.nix
-    ../2configs/base.nix
+    ../2configs/default.nix
+    ../2configs/exim-retiolum.nix
     ../2configs/retiolum.nix
     ../2configs/realwallpaper-server.nix
     ../2configs/privoxy-retiolum.nix
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index cc98c2c5b..bc210c995 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -5,10 +5,13 @@ with builtins;
   imports = [
     ../.
     ../2configs/baseX.nix
+    ../2configs/exim-retiolum.nix
     ../2configs/browsers.nix
     ../2configs/programs.nix
     ../2configs/git.nix
     ../2configs/pass.nix
+    ../2configs/fetchWallpaper.nix
+    ../2configs/backups.nix
     #{
     #  users.extraUsers = {
     #    root = {
@@ -52,6 +55,11 @@ with builtins;
     "/boot" = {
       device = "/dev/sda1";
     };
+
+    "/bku" = {
+      device = "/dev/pool/bku";
+      fsType = "ext4";
+    };
   };
 
   #services.udev.extraRules = ''
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 1f7a13c56..e12c8321f 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -4,6 +4,7 @@
   imports = [
     ../.
     ../2configs/baseX.nix
+    ../2configs/exim-retiolum.nix
     ../2configs/programs.nix
     ../2configs/bitcoin.nix
     ../2configs/browsers.nix
@@ -26,6 +27,8 @@
     ../2configs/libvirt.nix
     ../2configs/fetchWallpaper.nix
     ../2configs/cbase.nix
+    ../2configs/mail.nix
+    ../2configs/krebs-pass.nix
     #../2configs/buildbot-standalone.nix
     {
       #risk of rain port
@@ -33,124 +36,28 @@
         { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
       ];
     }
-    {
-      #static-nginx-test
-      imports = [
-        ../3modules/static_nginx.nix
-      ];
-      lass.staticPage."testserver.de" = {
-        #sslEnable = true;
-        #certificate = "${toString <secrets>}/testserver.de/server.cert";
-        #certificate_key = "${toString <secrets>}/testserver.de/server.pem";
-        ssl = {
-          enable = true;
-          certificate = "${toString <secrets>}/testserver.de/server.cert";
-          certificate_key = "${toString <secrets>}/testserver.de/server.pem";
-        };
-      };
-      networking.extraHosts = ''
-        10.243.0.2 testserver.de
-      '';
-    }
     #{
-    #  #wordpress-test
-    #  #imports = singleton (sitesGenerators.createWordpress "testserver.de");
-    #  imports = [
-    #    ../3modules/wordpress_nginx.nix
-    #  ];
-    #  lass.wordpress."testserver.de" = {
-    #    multiSite = {
-    #      "1" = "testserver.de";
-    #      "2" = "bla.testserver.de";
-    #    };
-    #  };
-
     #  services.mysql = {
     #    enable = true;
     #    package = pkgs.mariadb;
     #    rootPassword = "<secrets>/mysql_rootPassword";
     #  };
-    #  networking.extraHosts = ''
-    #    10.243.0.2 testserver.de
-    #  '';
-    #  krebs.iptables.tables.filter.INPUT.rules = [
-    #    { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
-    #  ];
     #}
     #{
-    #  #owncloud-test
-    #  #imports = singleton (sitesGenerators.createWordpress "testserver.de");
-    #  imports = [
-    #    ../3modules/owncloud_nginx.nix
-    #  ];
-    #  lass.owncloud."owncloud-test.de" = {
+    #  services.elasticsearch = {
+    #    enable = true;
+    #    plugins = [
+    #    #  pkgs.elasticsearchPlugins.elasticsearch_kopf
+    #    ];
+    #  };
+    #}
+    #{
+    #  services.postgresql = {
+    #    enable = true;
+    #    package = pkgs.postgresql;
     #  };
-
-    #  #services.mysql = {
-    #  #  enable = true;
-    #  #  package = pkgs.mariadb;
-    #  #  rootPassword = "<secrets>/mysql_rootPassword";
-    #  #};
-    #  networking.extraHosts = ''
-    #    10.243.0.2 owncloud-test.de
-    #  '';
-    #  krebs.iptables.tables.filter.INPUT.rules = [
-    #    { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
-    #  ];
     #}
     {
-      containers.pythonenv = {
-        config = {
-          services.openssh.enable = true;
-          users.users.root.openssh.authorizedKeys.keys = [
-            config.krebs.users.lass.pubkey
-          ];
-
-          environment = {
-            systemPackages = with pkgs; [
-              git
-              libxml2
-              libxslt
-              libzip
-              python27Full
-              python27Packages.buildout
-              stdenv
-              zlib
-            ];
-
-            pathsToLink = [ "/include" ];
-
-            shellInit = ''
-              # help pip to find libz.so when building lxml
-              export LIBRARY_PATH=/var/run/current-system/sw/lib
-              # ditto for header files, e.g. sqlite
-              export C_INCLUDE_PATH=/var/run/current-system/sw/include
-            '';
-          };
-
-        };
-      };
-    }
-    {
-      services.mysql = {
-        enable = true;
-        package = pkgs.mariadb;
-        rootPassword = "<secrets>/mysql_rootPassword";
-      };
-    }
-    {
-      services.elasticsearch = {
-        enable = true;
-        plugins = [
-        #  pkgs.elasticsearchPlugins.elasticsearch_kopf
-        ];
-      };
-    }
-    {
-      services.postgresql = {
-        enable = true;
-        package = pkgs.postgresql;
-      };
     }
   ];
 
@@ -158,15 +65,6 @@
 
   networking.wireless.enable = true;
 
-  networking.extraHosts = ''
-    213.239.205.240 wohnprojekt-rhh.de
-    213.239.205.240 karlaskop.de
-    213.239.205.240 makeup.apanowicz.de
-    213.239.205.240 pixelpocket.de
-    213.239.205.240 reich-gebaeudereinigung.de
-    213.239.205.240 o.ubikmedia.de
-  '';
-
   hardware.enableAllFirmware = true;
   nixpkgs.config.allowUnfree = true;
 
@@ -206,7 +104,7 @@
       fsType = "ext4";
     };
 
-    "/mnt/backups" = {
+    "/bku" = {
       device = "/dev/big/backups";
       fsType = "ext4";
     };
@@ -293,6 +191,8 @@
     get
     teamspeak_client
     hashPassword
+    urban
+    mk_sql_pair
   ];
 
   #TODO: fix this shit
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 4d40c8d59..4c0b4e690 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -1,18 +1,28 @@
 { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) head;
-
-  ip = (head config.krebs.build.host.nets.internet.addrs4);
+  ip = config.krebs.build.host.nets.internet.ip4.addr;
 in {
   imports = [
     ../.
-    ../2configs/base.nix
+    ../2configs/default.nix
+    ../2configs/exim-smarthost.nix
     ../2configs/downloading.nix
     ../2configs/git.nix
     ../2configs/ts3.nix
     ../2configs/bitlbee.nix
     ../2configs/weechat.nix
+    ../2configs/privoxy-retiolum.nix
+    {
+      #we need to use old sqlite for buildbot
+      imports = [
+        ../2configs/buildbot-standalone.nix
+      ];
+      krebs.build.source.nixpkgs = lib.mkForce {
+        url = https://github.com/NixOS/nixpkgs;
+        rev = "0d05f172b27e94d9eea3257f42d7e03371e63acc";
+      };
+    }
     {
       users.extraGroups = {
         # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
@@ -79,6 +89,18 @@ in {
         device = "/dev/pool/download";
       };
 
+      fileSystems."/srv/http" = {
+        device = "/dev/pool/http";
+      };
+
+      fileSystems."/srv/o.ubikmedia.de-data" = {
+        device = "/dev/pool/owncloud-ubik-data";
+      };
+
+      fileSystems."/bku" = {
+        device = "/dev/pool/bku";
+      };
+
     }
     {
       sound.enable = false;
@@ -119,7 +141,7 @@ in {
     }
     {
       users.users.chat.openssh.authorizedKeys.keys = [
-        "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH"
+        "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBQjn/3n283RZkBs2CFqbpukyQ3zkLIjewRpKttPa5d4PUiT7/vOlutWH5EP4BxXQSoeZStx8D2alGjxfK+nfDvRJGGofpm23cN4j4i24Fcam1y1H7wqRXO1qbz5AB3qPg== JuiceSSH"
         config.krebs.users.lass-uriel.pubkey
       ];
     }
@@ -132,13 +154,13 @@ in {
         ../2configs/websites/domsen.nix
       ];
       krebs.iptables.tables.filter.INPUT.rules = [
-         { predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
+         { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
+         { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
       ];
     }
     {
       services.tor = {
         enable = true;
-        client.enable = true;
       };
     }
   ];
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 4e4eca21f..92996c181 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -5,6 +5,7 @@ with builtins;
   imports = [
     ../.
     ../2configs/baseX.nix
+    ../2configs/exim-retiolum.nix
     ../2configs/browsers.nix
     ../2configs/games.nix
     ../2configs/pass.nix
@@ -47,6 +48,11 @@ with builtins;
       fsType = "ext4";
     };
 
+    "/bku" = {
+      device = "/dev/pool/bku";
+      fsType = "ext4";
+    };
+
     "/boot" = {
       device = "/dev/sda1";
     };