summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/backups.nix99
-rw-r--r--lass/2configs/baseX.nix3
-rw-r--r--lass/2configs/buildbot-standalone.nix55
-rw-r--r--lass/2configs/default.nix (renamed from lass/2configs/base.nix)27
-rw-r--r--lass/2configs/downloading.nix1
-rw-r--r--lass/2configs/exim-retiolum.nix14
-rw-r--r--lass/2configs/exim-smarthost.nix53
-rw-r--r--lass/2configs/fastpoke-pages.nix101
-rw-r--r--lass/2configs/games.nix2
-rw-r--r--lass/2configs/mail.nix95
-rw-r--r--lass/2configs/newsbot-js.nix1
-rw-r--r--lass/2configs/pass.nix1
-rw-r--r--lass/2configs/websites/domsen.nix85
-rw-r--r--lass/2configs/websites/fritz.nix69
-rw-r--r--lass/2configs/websites/wohnprojekt-rhh.de.nix17
15 files changed, 449 insertions, 174 deletions
diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix
new file mode 100644
index 000000000..ca9ff20a1
--- /dev/null
+++ b/lass/2configs/backups.nix
@@ -0,0 +1,99 @@
+{ config, lib, ... }:
+with config.krebs.lib;
+{
+
+ krebs.backup.plans = {
+ } // mapAttrs (_: recursiveUpdate {
+ snapshots = {
+ daily = { format = "%Y-%m-%d"; retain = 7; };
+ weekly = { format = "%YW%W"; retain = 4; };
+ monthly = { format = "%Y-%m"; retain = 12; };
+ yearly = { format = "%Y"; };
+ };
+ }) {
+ dishfire-http-prism = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; };
+ startAt = "03:00";
+ };
+ dishfire-http-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; };
+ startAt = "03:05";
+ };
+ dishfire-http-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-http"; };
+ startAt = "03:10";
+ };
+ dishfire-sql-prism = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; };
+ startAt = "03:15";
+ };
+ dishfire-sql-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; };
+ startAt = "03:20";
+ };
+ dishfire-sql-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-sql"; };
+ startAt = "03:25";
+ };
+ prism-chat-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
+ startAt = "03:30";
+ };
+ prism-chat-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; };
+ startAt = "03:35";
+ };
+ prism-sql-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
+ startAt = "03:40";
+ };
+ prism-sql-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; };
+ startAt = "03:45";
+ };
+ prism-http-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
+ startAt = "03:50";
+ };
+ prism-http-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; };
+ startAt = "03:55";
+ };
+ uriel-home-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.uriel; path = "/home"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/uriel-home"; };
+ startAt = "04:00";
+ };
+ mors-home-uriel = {
+ method = "push";
+ src = { host = config.krebs.hosts.mors; path = "/home"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; };
+ startAt = "05:00";
+ };
+ };
+}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 6c52240af..79fc4744f 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -4,7 +4,7 @@ let
mainUser = config.users.extraUsers.mainUser;
in {
imports = [
- ./base.nix
+ ./default.nix
#./urxvt.nix
./xserver
];
@@ -39,6 +39,7 @@ in {
push
slock
sxiv
+ xclip
xorg.xbacklight
xsel
zathura
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 8c71553fe..604d0728d 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -1,15 +1,16 @@
{ lib, config, pkgs, ... }:
{
- #networking.firewall.allowedTCPPorts = [ 8010 9989 ];
- krebs.buildbot.master = {
+ krebs.buildbot.master = let
+ stockholm-mirror-url = http://cgit.prism/stockholm ;
+ in {
slaves = {
testslave = "lasspass";
};
change_source.stockholm = ''
- stockholm_repo = 'http://cgit.mors/stockholm'
+ stockholm_repo = '${stockholm-mirror-url}'
cs.append(changes.GitPoller(
stockholm_repo,
- workdir='stockholm-poller', branch='master',
+ workdir='stockholm-poller', branches=True,
project='stockholm',
pollinterval=120))
'';
@@ -20,10 +21,12 @@
builderNames=["fast-tests"]))
'';
fast-tests-scheduler = ''
- # test the master real quick
+ # test everything real quick
sched.append(schedulers.SingleBranchScheduler(
- change_filter=util.ChangeFilter(branch="master"),
- name="fast-master-test",
+ ## all branches
+ change_filter=util.ChangeFilter(branch_re=".*"),
+ # treeStableTimer=10,
+ name="fast-all-branches",
builderNames=["fast-tests"]))
'';
};
@@ -38,7 +41,10 @@
deps = [ "gnumake", "jq","nix","rsync" ]
# TODO: --pure , prepare ENV in nix-shell command:
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
- nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
+ nixshell = ["nix-shell",
+ "-I", "stockholm=.",
+ "-I", "nixpkgs=/var/src/nixpkgs",
+ "-p" ] + deps + [ "--run" ]
# prepare addShell function
def addShell(factory,**kwargs):
@@ -48,13 +54,26 @@
fast-tests = ''
f = util.BuildFactory()
f.addStep(grab_repo)
- addShell(f,name="mors-eval",env=env,
- command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"])
+ for i in [ "prism", "mors", "echelon" ]:
+ addShell(f,name="populate-{}".format(i),env=env,
+ command=nixshell + \
+ ["{}( make system={} eval.config.krebs.build.populate \
+ | jq -er .)".format("!" if "failing" in i else "",i)])
+
+ addShell(f,name="build-test-minimal",env=env,
+ command=nixshell + \
+ ["nix-instantiate \
+ --show-trace --eval --strict --json \
+ -I nixos-config=./shared/1systems/test-minimal-deploy.nix \
+ -I secrets=. \
+ -A config.system.build.toplevel"]
+ )
bu.append(util.BuilderConfig(name="fast-tests",
slavenames=slavenames,
factory=f))
- '';
+
+ '';
};
enable = true;
web.enable = true;
@@ -72,7 +91,17 @@
masterhost = "localhost";
username = "testslave";
password = "lasspass";
- packages = with pkgs;[ git nix ];
- extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
+ packages = with pkgs;[ git nix gnumake jq rsync ];
+ extraEnviron = {
+ NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix";
+ };
+ };
+ krebs.iptables = {
+ tables = {
+ filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 9989"; target = "ACCEPT"; }
+ ];
+ };
};
}
diff --git a/lass/2configs/base.nix b/lass/2configs/default.nix
index 8017d4270..2f6ffa18e 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/default.nix
@@ -7,10 +7,11 @@ with config.krebs.lib;
../2configs/zsh.nix
../2configs/mc.nix
../2configs/retiolum.nix
+ ./backups.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
- (import /root/secrets/hashedPasswords.nix);
+ (import <secrets/hashedPasswords.nix>);
}
{
users.extraUsers = {
@@ -18,7 +19,6 @@ with config.krebs.lib;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-uriel.pubkey
- config.krebs.users.lass-helios.pubkey
];
};
mainUser = {
@@ -45,7 +45,6 @@ with config.krebs.lib;
krebs = {
enable = true;
search-domain = "retiolum";
- exim-retiolum.enable = true;
build = {
user = config.krebs.users.lass;
source = mapAttrs (_: mkDefault) ({
@@ -55,7 +54,7 @@ with config.krebs.lib;
stockholm = "/home/lass/stockholm";
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
- rev = "40c586b7ce2c559374df435f46d673baf711c543";
+ rev = "e781a8257b4312f6b138c7d0511c77d8c06ed819";
dev = "/home/lass/src/nixpkgs";
};
} // optionalAttrs config.krebs.build.host.secure {
@@ -85,9 +84,12 @@ with config.krebs.lib;
MANPAGER=most
'';
+ nixpkgs.config.allowUnfree = true;
+
environment.systemPackages = with pkgs; [
#stockholm
git
+ gnumake
jq
parallel
proot
@@ -102,12 +104,18 @@ with config.krebs.lib;
#network
iptables
+ iftop
#stuff for dl
aria2
#neat utils
krebspaste
+
+ #unpack stuff
+ p7zip
+ unzip
+ unrar
];
programs.bash = {
@@ -145,10 +153,6 @@ with config.krebs.lib;
'';
};
- security.setuidPrograms = [
- "sendmail"
- ];
-
services.openssh = {
enable = true;
hostKeys = [
@@ -165,6 +169,13 @@ with config.krebs.lib;
krebs.iptables = {
enable = true;
tables = {
+ nat.PREROUTING.rules = [
+ { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
+ { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
+ ];
+ nat.OUTPUT.rules = [
+ { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
+ ];
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 115cb8b61..ccd751413 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -20,6 +20,7 @@ in {
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
+ config.krebs.users.lass-uriel.pubkey
];
};
diff --git a/lass/2configs/exim-retiolum.nix b/lass/2configs/exim-retiolum.nix
new file mode 100644
index 000000000..ea2f553b8
--- /dev/null
+++ b/lass/2configs/exim-retiolum.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+{
+ krebs.exim-retiolum.enable = true;
+ krebs.setuid.sendmail = {
+ filename = "${pkgs.exim}/bin/exim";
+ mode = "4111";
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
+ ];
+}
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
new file mode 100644
index 000000000..2efb6f367
--- /dev/null
+++ b/lass/2configs/exim-smarthost.nix
@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+{
+ krebs.exim-smarthost = {
+ enable = true;
+ dkim = [
+ { domain = "lassul.us"; }
+ ];
+ sender_domains = [
+ "lassul.us"
+ "aidsballs.de"
+ ];
+ relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
+ config.krebs.hosts.mors
+ config.krebs.hosts.uriel
+ config.krebs.hosts.helios
+ ];
+ internet-aliases = with config.krebs.users; [
+ { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
+ { from = "lass@lassul.us"; to = lass.mail; }
+ { from = "lassulus@lassul.us"; to = lass.mail; }
+ { from = "test@lassul.us"; to = lass.mail; }
+ { from = "outlook@lassul.us"; to = lass.mail; }
+ { from = "steuer@aidsballs.de"; to = lass.mail; }
+ { from = "lass@aidsballs.de"; to = lass.mail; }
+ ];
+ system-aliases = [
+ { from = "mailer-daemon"; to = "postmaster"; }
+ { from = "postmaster"; to = "root"; }
+ { from = "nobody"; to = "root"; }
+ { from = "hostmaster"; to = "root"; }
+ { from = "usenet"; to = "root"; }
+ { from = "news"; to = "root"; }
+ { from = "webmaster"; to = "root"; }
+ { from = "www"; to = "root"; }
+ { from = "ftp"; to = "root"; }
+ { from = "abuse"; to = "root"; }
+ { from = "noc"; to = "root"; }
+ { from = "security"; to = "root"; }
+ { from = "root"; to = "lass"; }
+ ];
+ };
+
+ krebs.setuid.sendmail = {
+ filename = "${pkgs.exim}/bin/exim";
+ mode = "4111";
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
+ ];
+}
diff --git a/lass/2configs/fastpoke-pages.nix b/lass/2configs/fastpoke-pages.nix
deleted file mode 100644
index bf6ea8952..000000000
--- a/lass/2configs/fastpoke-pages.nix
+++ /dev/null
@@ -1,101 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-let
- createStaticPage = domain:
- {
- krebs.nginx.servers."${domain}" = {
- server-names = [
- "${domain}"
- "www.${domain}"
- ];
- locations = [
- (nameValuePair "/" ''
- root /var/lib/http/${domain};
- '')
- ];
- };
- #networking.extraHosts = ''
- # 10.243.206.102 ${domain}
- #'';
- users.extraUsers = {
- ${domain} = {
- name = domain;
- home = "/var/lib/http/${domain}";
- createHome = true;
- };
- };
- };
-
-in {
- imports = map createStaticPage [
- "habsys.de"
- "pixelpocket.de"
- "karlaskop.de"
- "ubikmedia.de"
- "apanowicz.de"
- ];
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
- ];
- };
- };
-
-
- krebs.nginx = {
- enable = true;
- servers = {
- #"habsys.de" = {
- # server-names = [
- # "habsys.de"
- # "www.habsys.de"
- # ];
- # locations = [
- # (nameValuePair "/" ''
- # root /var/lib/http/habsys.de;
- # '')
- # ];
- #};
-
- #"karlaskop.de" = {
- # server-names = [
- # "karlaskop.de"
- # "www.karlaskop.de"
- # ];
- # locations = [
- # (nameValuePair "/" ''
- # root /var/lib/http/karlaskop.de;
- # '')
- # ];
- #};
-
- #"pixelpocket.de" = {
- # server-names = [
- # "pixelpocket.de"
- # "www.karlaskop.de"
- # ];
- # locations = [
- # (nameValuePair "/" ''
- # root /var/lib/http/karlaskop.de;
- # '')
- # ];
- #};
-
- };
- };
-
- #services.postgresql = {
- # enable = true;
- #};
-
- #config.services.vsftpd = {
- # enable = true;
- # userlistEnable = true;
- # userlistFile = pkgs.writeFile "vsftpd-userlist" ''
- # '';
- #};
-}
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 6043a8759..0eec97922 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -13,7 +13,7 @@ in {
name = "games";
description = "user playing games";
home = "/home/games";
- extraGroups = [ "audio" "video" "input" ];
+ extraGroups = [ "audio" "video" "input" "loot" ];
createHome = true;
useDefaultShell = true;
};
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
new file mode 100644
index 000000000..3c7dfcaf6
--- /dev/null
+++ b/lass/2configs/mail.nix
@@ -0,0 +1,95 @@
+{ pkgs, ... }:
+
+let
+
+ msmtprc = pkgs.writeText "msmtprc" ''
+ defaults
+ logfile ~/.msmtp.log
+ account prism
+ host prism.r
+ account default: prism
+ '';
+
+ msmtp = pkgs.writeDashBin "msmtp" ''
+ exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
+ '';
+
+ muttrc = pkgs.writeText "muttrc" ''
+ # gpg
+ source ${pkgs.mutt-kz}/share/doc/mutt-kz/samples/gpg.rc
+ set pgp_use_gpg_agent = yes
+ set pgp_sign_as = 0x976A7E4D
+ set crypt_autosign = yes
+ set crypt_replyencrypt = yes
+
+ # notmuch
+ set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir
+ set nm_record = yes
+ set nm_record_tags = "-inbox me archive"
+ set virtual_spoolfile=yes # enable virtual folders
+ set sendmail="msmtp" # enables parsing of outgoing mail
+ set use_from=yes
+ set envelope_from=yes
+
+ set index_format="%4C %Z %?GI?%GI& ? %[%d/%b] %-16.15F %?M?(%3M)& ? %s %> %?g?%g?"
+
+ virtual-mailboxes \
+ "INBOX" "notmuch://?query=tag:inbox and NOT tag:killed"\
+ "Unread" "notmuch://?query=tag:unread"\
+ "TODO" "notmuch://?query=tag:TODO"\
+ "Starred" "notmuch://?query=tag:*"\
+ "Archive" "notmuch://?query=tag:archive"\
+ "Sent" "notmuch://?query=tag:sent"\
+ "Junk" "notmuch://?query=tag:junk"
+
+ tag-transforms "junk" "k" \
+ "unread" "u" \
+ "replied" "↻" \
+ "TODO" "T" \
+
+ # notmuch bindings
+ macro index \\\\ "<vfolder-from-query>" # looks up a hand made query
+ macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
+ macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred
+ macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred
+
+
+ #killed
+ bind index d noop
+ bind pager d noop
+
+ bind pager S noop
+ macro index S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
+ macro pager S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
+
+ bind index t noop
+ bind pager t noop
+ macro index t "<modify-labels>+TODO\n" # tag as Archived
+
+
+ # sidebar
+ set sidebar_width = 20
+ set sidebar_visible = yes # set to "no" to disable sidebar view at startup
+ color sidebar_new yellow default
+ # sidebar bindings
+ bind index <left> sidebar-prev # got to previous folder in sidebar
+ bind index <right> sidebar-next # got to next folder in sidebar
+ bind index <space> sidebar-open # open selected folder from sidebar
+ # sidebar toggle
+ macro index ,@) "<enter-command> set sidebar_visible=no; macro index ~ ,@( 'Toggle sidebar'<Enter>"
+ macro index ,@( "<enter-command> set sidebar_visible=yes; macro index ~ ,@) 'Toggle sidebar'<Enter>"
+ macro index ~ ,@( 'Toggle sidebar' # toggle the sidebar
+ '';
+
+ mutt = pkgs.writeDashBin "mutt" ''
+ exec ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@
+ '';
+
+in {
+ environment.systemPackages = [
+ msmtp
+ mutt
+ pkgs.much
+ pkgs.notmuch
+ ];
+}
diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix
index d7c68bd7d..636b44395 100644
--- a/lass/2configs/newsbot-js.nix
+++ b/lass/2configs/newsbot-js.nix
@@ -154,7 +154,6 @@ let
telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news
the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news
tigsource|http://www.tigsource.com/feed/|#news
- times|http://www.thetimes.co.uk/tto/news/rss|#news
tinc|http://tinc-vpn.org/news/index.rss|#news
topix_b|http://www.topix.com/rss/wire/de/berlin|#news
torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news
diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix
index 33eca0a17..610887621 100644
--- a/lass/2configs/pass.nix
+++ b/lass/2configs/pass.nix
@@ -6,5 +6,4 @@
gnupg1
];
- services.xserver.startGnuPGAgent = true;
}
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 109c216c0..a6fdad645 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -1,24 +1,36 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
-{
+let
+ inherit (config.krebs.lib) genid;
+ inherit (import ../../4lib { inherit lib pkgs; })
+ manageCert
+ manageCerts
+ activateACME
+ ssl
+ servePage
+ serveOwncloud
+ serveWordpress;
+
+in {
imports = [
- ../../3modules/static_nginx.nix
- ../../3modules/owncloud_nginx.nix
- ../../3modules/wordpress_nginx.nix
- ];
+ ( ssl [ "reich-gebaeudereinigung.de" ])
+ ( servePage [ "reich-gebaeudereinigung.de" ])
- lass.staticPage = {
- "karlaskop.de" = {};
- "makeup.apanowicz.de" = {};
- "pixelpocket.de" = {};
- "reich-gebaeudereinigung.de" = {};
- };
+ ( manageCerts [ "karlaskop.de" ])
+ ( servePage [ "karlaskop.de" ])
- lass.owncloud = {
- "o.ubikmedia.de" = {
- instanceid = "oc8n8ddbftgh";
- };
- };
+ ( ssl [ "makeup.apanowicz.de" ])
+ ( servePage [ "makeup.apanowicz.de" ])
+
+ ( manageCerts [ "pixelpocket.de" ])
+ ( servePage [ "pixelpocket.de" ])
+
+ ( ssl [ "o.ubikmedia.de" ])
+ ( serveOwncloud [ "o.ubikmedia.de" ])
+
+ ( ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
+ ( serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
+ ];
services.mysql = {
enable = true;
@@ -26,10 +38,41 @@
rootPassword = toString (<secrets/mysql_rootPassword>);
};
- #lass.wordpress = {
- # "ubikmedia.de" = {
- # };
- #};
+ lass.mysqlBackup = {
+ enable = true;
+ config.domsen = {
+ password = toString (<secrets/mysql_rootPassword>);
+ databases = [
+ "ubikmedia_de"
+ "o_ubikmedia_de"
+ ];
+ };
+ };
+ services.mysqlBackup = {
+ enable = true;
+ databases = [
+ "ubikmedia_de"
+ "o_ubikmedia_de"
+ ];
+ location = "/bku/sql_dumps";
+ };
+
+ users.users.domsen = {
+ uid = genid "domsen";
+ description = "maintenance acc for domsen";
+ home = "/home/domsen";
+ useDefaultShell = true;
+ extraGroups = [ "nginx" ];
+ createHome = true;
+ };
+ services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
+ options = ''
+ extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ '';
+ } ''
+ cat ${pkgs.php}/etc/php-recommended.ini > $out
+ echo "$options" >> $out
+ '';
}
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 073f3de14..b02c2e878 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -1,22 +1,57 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
-{
+let
+ inherit (import ../../4lib { inherit lib pkgs; })
+ manageCerts
+ activateACME
+ ssl
+ servePage
+ serveWordpress;
+in {
imports = [
- ../../3modules/static_nginx.nix
- ../../3modules/owncloud_nginx.nix
- ../../3modules/wordpress_nginx.nix
+ #( manageCerts [ "biostase.de" ])
+ #( servePage [ "biostase.de" ])
+
+ #( manageCerts [ "gs-maubach.de" ])
+ #( servePage [ "gs-maubach.de" ])
+
+ #( manageCerts [ "spielwaren-kern.de" ])
+ #( servePage [ "spielwaren-kern.de" ])
+
+ #( manageCerts [ "societyofsimtech.de" ])
+ #( servePage [ "societyofsimtech.de" ])
+
+ #( manageCerts [ "ttf-kleinaspach.de" ])
+ #( servePage [ "ttf-kleinaspach.de" ])
+
+ #( manageCerts [ "edsn.de" ])
+ #( servePage [ "edsn.de" ])
+
+ #( manageCerts [ "eab.berkeley.edu" ])
+ #( servePage [ "eab.berkeley.edu" ])
+
+ ( manageCerts [ "eastuttgart.de" ])
+ ( serveWordpress [ "eastuttgart.de" ])
+
+ ( manageCerts [ "habsys.de" "habsys.eu" ])
+ ( servePage [ "habsys.de" "habsys.eu" ])
];
- lass.staticPage = {
- "biostase.de" = {};
- "gs-maubach.de" = {};
- "spielwaren-kern.de" = {};
- "societyofsimtech.de" = {};
- "ttf-kleinaspach.de" = {};
- "edsn.de" = {};
- "eab.berkeley.edu" = {};
- "habsys.de" = {};
+ services.mysql = {
+ enable = true;
+ package = pkgs.mariadb;
+ rootPassword = toString (<secrets/mysql_rootPassword>);
+ };
+
+ lass.mysqlBackup = {
+ enable = true;
+ config.fritz = {
+ password = toString (<secrets/mysql_rootPassword>);
+ databases = [
+ "eastuttgart_de"
+ ];
+ };
};
#lass.owncloud = {
@@ -24,10 +59,4 @@
# instanceid = "oc8n8ddbftgh";
# };
#};
-
- #services.mysql = {
- # enable = true;
- # package = pkgs.mariadb;
- # rootPassword = toString (<secrets/mysql_rootPassword>);
- #};
}
diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix
index ac784d4c7..858054531 100644
--- a/lass/2configs/websites/wohnprojekt-rhh.de.nix
+++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix
@@ -1,14 +1,17 @@
-{ config, ... }:
+{ config, pkgs, lib, ... }:
-{
+let
+ inherit (config.krebs.lib) genid;
+ inherit (import ../../4lib { inherit lib pkgs; })
+ ssl
+ servePage;
+
+in {
imports = [
- ../../3modules/static_nginx.nix
+ ( ssl [ "wohnprojekt-rhh.de" ])
+ ( servePage [ "wohnprojekt-rhh.de" ])
];
- lass.staticPage = {
- "wohnprojekt-rhh.de" = {};
- };
-
users.users.laura = {
home = "/srv/http/wohnprojekt-rhh.de";
createHome = true;