summaryrefslogtreecommitdiffstats
path: root/lass/1systems
diff options
context:
space:
mode:
Diffstat (limited to 'lass/1systems')
-rw-r--r--lass/1systems/dishfire.nix31
-rw-r--r--lass/1systems/mors.nix7
-rw-r--r--lass/1systems/prism.nix24
-rw-r--r--lass/1systems/shodan.nix14
4 files changed, 68 insertions, 8 deletions
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index b5e551952..ec9f53694 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -5,7 +5,7 @@
../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/default.nix
- ../2configs/exim-retiolum.nix
+ #../2configs/exim-retiolum.nix
../2configs/git.nix
{
boot.loader.grub = {
@@ -63,6 +63,35 @@
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
];
}
+ {
+ #TODO: abstract & move to own file
+ krebs.exim-smarthost = {
+ enable = true;
+ relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
+ config.krebs.hosts.mors
+ config.krebs.hosts.uriel
+ config.krebs.hosts.helios
+ ];
+ system-aliases = [
+ { from = "mailer-daemon"; to = "postmaster"; }
+ { from = "postmaster"; to = "root"; }
+ { from = "nobody"; to = "root"; }
+ { from = "hostmaster"; to = "root"; }
+ { from = "usenet"; to = "root"; }
+ { from = "news"; to = "root"; }
+ { from = "webmaster"; to = "root"; }
+ { from = "www"; to = "root"; }
+ { from = "ftp"; to = "root"; }
+ { from = "abuse"; to = "root"; }
+ { from = "noc"; to = "root"; }
+ { from = "security"; to = "root"; }
+ { from = "root"; to = "lass"; }
+ ];
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.dishfire;
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index a7a1fd253..beb5659d0 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -29,6 +29,7 @@
../2configs/cbase.nix
../2configs/mail.nix
../2configs/krebs-pass.nix
+ ../2configs/umts.nix
#../2configs/buildbot-standalone.nix
{
#risk of rain port
@@ -131,8 +132,8 @@
};
services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0"
'';
#TODO activationScripts seem broken, fix them!
@@ -146,7 +147,7 @@
#Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp]
#echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
#Autosuspend for USB device Biometric Coprocessor
- echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
+ #echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
#Runtime PMs
echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 6ed80ac39..9a9bd4730 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -210,6 +210,30 @@ in {
'')
];
}
+ {
+ services.nix-serve = {
+ enable = true;
+ secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+ };
+ systemd.services.nix-serve = {
+ requires = ["secret.service"];
+ after = ["secret.service"];
+ };
+ krebs.secret.files.nix-serve-key = {
+ path = "/run/secret/nix-serve.key";
+ owner.name = "nix-serve";
+ source-path = toString <secrets> + "/nix-serve.key";
+ };
+ krebs.nginx = {
+ enable = true;
+ servers.nix-serve = {
+ server-names = [ "cache.prism.r" ];
+ locations = lib.singleton (lib.nameValuePair "/" ''
+ proxy_pass http://localhost:${toString config.services.nix-serve.port};
+ '');
+ };
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 6829428ff..073d86790 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -5,6 +5,7 @@ with builtins;
imports = [
../.
../2configs/baseX.nix
+ ../2configs/git.nix
../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/programs.nix
@@ -67,10 +68,15 @@ with builtins;
"/boot" = {
device = "/dev/sda1";
};
+
+ "/home/lass" = {
+ device = "/dev/pool/home-lass";
+ fsType = "ext4";
+ };
};
- #services.udev.extraRules = ''
- # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
- # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
- #'';
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ '';
}