summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/blue-host.nix26
-rw-r--r--lass/2configs/monitoring/prometheus-server.nix3
-rw-r--r--lass/2configs/websites/domsen.nix7
3 files changed, 33 insertions, 3 deletions
diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
index 83c235f3e..2302c70ec 100644
--- a/lass/2configs/blue-host.nix
+++ b/lass/2configs/blue-host.nix
@@ -8,16 +8,38 @@ with import <stockholm/lib>;
systemd.services."container@blue".reloadIfChanged = mkForce false;
containers.blue = {
config = { ... }: {
- environment.systemPackages = [ pkgs.git ];
+ environment.systemPackages = [
+ pkgs.git
+ pkgs.rxvt_unicode.terminfo
+ ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
- autoStart = true;
+ autoStart = false;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.9";
localAddress = "10.233.2.10";
};
+ environment.systemPackages = [
+ (pkgs.writeDashBin "start-blue" ''
+ set -ef
+ if ping -c1 blue.r; then
+ echo 'blue is already running. bailing out'
+ exit 23
+ fi
+ if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then
+ ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue
+ fi
+ nixos-container start blue
+ nixos-container run blue -- nixos-rebuild -I /var/src switch
+ '')
+ (pkgs.writeDashBin "stop-blue" ''
+ set -ef
+ nixos-container stop blue
+ fusermount -u /var/lib/containers/blue
+ '')
+ ];
}
diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix
index aef671636..b7083c776 100644
--- a/lass/2configs/monitoring/prometheus-server.nix
+++ b/lass/2configs/monitoring/prometheus-server.nix
@@ -177,7 +177,8 @@
addr = "0.0.0.0";
domain = "grafana.example.com";
rootUrl = "https://grafana.example.com/";
- security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
+ auth.anonymous.enable = true;
+ auth.anonymous.org_role = "Admin";
};
};
services.logstash = {
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 828cab95f..4935268a4 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -139,6 +139,13 @@ in {
ssl_key = "/var/lib/acme/lassul.us/key.pem";
};
+ users.users.xanf = {
+ uid = genid_uint31 "xanf";
+ home = "/home/xanf";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
users.users.domsen = {
uid = genid_uint31 "domsen";
description = "maintenance acc for domsen";