diff options
Diffstat (limited to 'lass/1systems')
-rw-r--r-- | lass/1systems/dishfire.nix | 31 | ||||
-rw-r--r-- | lass/1systems/mors.nix | 7 | ||||
-rw-r--r-- | lass/1systems/prism.nix | 24 | ||||
-rw-r--r-- | lass/1systems/shodan.nix | 14 |
4 files changed, 68 insertions, 8 deletions
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index b5e551952..ec9f53694 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -5,7 +5,7 @@ ../. <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ../2configs/default.nix - ../2configs/exim-retiolum.nix + #../2configs/exim-retiolum.nix ../2configs/git.nix { boot.loader.grub = { @@ -63,6 +63,35 @@ { predicate = "-p tcp --dport https"; target = "ACCEPT"; } ]; } + { + #TODO: abstract & move to own file + krebs.exim-smarthost = { + enable = true; + relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + config.krebs.hosts.mors + config.krebs.hosts.uriel + config.krebs.hosts.helios + ]; + system-aliases = [ + { from = "mailer-daemon"; to = "postmaster"; } + { from = "postmaster"; to = "root"; } + { from = "nobody"; to = "root"; } + { from = "hostmaster"; to = "root"; } + { from = "usenet"; to = "root"; } + { from = "news"; to = "root"; } + { from = "webmaster"; to = "root"; } + { from = "www"; to = "root"; } + { from = "ftp"; to = "root"; } + { from = "abuse"; to = "root"; } + { from = "noc"; to = "root"; } + { from = "security"; to = "root"; } + { from = "root"; to = "lass"; } + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.dishfire; diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index a7a1fd253..beb5659d0 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -29,6 +29,7 @@ ../2configs/cbase.nix ../2configs/mail.nix ../2configs/krebs-pass.nix + ../2configs/umts.nix #../2configs/buildbot-standalone.nix { #risk of rain port @@ -131,8 +132,8 @@ }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0" ''; #TODO activationScripts seem broken, fix them! @@ -146,7 +147,7 @@ #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp] #echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control' #Autosuspend for USB device Biometric Coprocessor - echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' + #echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' #Runtime PMs echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 6ed80ac39..9a9bd4730 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -210,6 +210,30 @@ in { '') ]; } + { + services.nix-serve = { + enable = true; + secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + }; + systemd.services.nix-serve = { + requires = ["secret.service"]; + after = ["secret.service"]; + }; + krebs.secret.files.nix-serve-key = { + path = "/run/secret/nix-serve.key"; + owner.name = "nix-serve"; + source-path = toString <secrets> + "/nix-serve.key"; + }; + krebs.nginx = { + enable = true; + servers.nix-serve = { + server-names = [ "cache.prism.r" ]; + locations = lib.singleton (lib.nameValuePair "/" '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + ''); + }; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 6829428ff..073d86790 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -5,6 +5,7 @@ with builtins; imports = [ ../. ../2configs/baseX.nix + ../2configs/git.nix ../2configs/exim-retiolum.nix ../2configs/browsers.nix ../2configs/programs.nix @@ -67,10 +68,15 @@ with builtins; "/boot" = { device = "/dev/sda1"; }; + + "/home/lass" = { + device = "/dev/pool/home-lass"; + fsType = "ext4"; + }; }; - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" - # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" - #''; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + ''; } |