diff options
Diffstat (limited to 'lass/2configs')
-rw-r--r-- | lass/2configs/backups.nix | 99 | ||||
-rw-r--r-- | lass/2configs/baseX.nix | 3 | ||||
-rw-r--r-- | lass/2configs/buildbot-standalone.nix | 55 | ||||
-rw-r--r-- | lass/2configs/default.nix (renamed from lass/2configs/base.nix) | 27 | ||||
-rw-r--r-- | lass/2configs/downloading.nix | 1 | ||||
-rw-r--r-- | lass/2configs/exim-retiolum.nix | 14 | ||||
-rw-r--r-- | lass/2configs/exim-smarthost.nix | 53 | ||||
-rw-r--r-- | lass/2configs/fastpoke-pages.nix | 101 | ||||
-rw-r--r-- | lass/2configs/games.nix | 2 | ||||
-rw-r--r-- | lass/2configs/mail.nix | 95 | ||||
-rw-r--r-- | lass/2configs/newsbot-js.nix | 1 | ||||
-rw-r--r-- | lass/2configs/pass.nix | 1 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 85 | ||||
-rw-r--r-- | lass/2configs/websites/fritz.nix | 69 | ||||
-rw-r--r-- | lass/2configs/websites/wohnprojekt-rhh.de.nix | 17 |
15 files changed, 449 insertions, 174 deletions
diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix new file mode 100644 index 000000000..ca9ff20a1 --- /dev/null +++ b/lass/2configs/backups.nix @@ -0,0 +1,99 @@ +{ config, lib, ... }: +with config.krebs.lib; +{ + + krebs.backup.plans = { + } // mapAttrs (_: recursiveUpdate { + snapshots = { + daily = { format = "%Y-%m-%d"; retain = 7; }; + weekly = { format = "%YW%W"; retain = 4; }; + monthly = { format = "%Y-%m"; retain = 12; }; + yearly = { format = "%Y"; }; + }; + }) { + dishfire-http-prism = { + method = "pull"; + src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; }; + startAt = "03:00"; + }; + dishfire-http-mors = { + method = "pull"; + src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; }; + startAt = "03:05"; + }; + dishfire-http-uriel = { + method = "pull"; + src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-http"; }; + startAt = "03:10"; + }; + dishfire-sql-prism = { + method = "pull"; + src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; }; + startAt = "03:15"; + }; + dishfire-sql-mors = { + method = "pull"; + src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; }; + startAt = "03:20"; + }; + dishfire-sql-uriel = { + method = "pull"; + src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-sql"; }; + startAt = "03:25"; + }; + prism-chat-mors = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/home/chat"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; }; + startAt = "03:30"; + }; + prism-chat-uriel = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/home/chat"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; }; + startAt = "03:35"; + }; + prism-sql-mors = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; }; + startAt = "03:40"; + }; + prism-sql-uriel = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; }; + startAt = "03:45"; + }; + prism-http-mors = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; }; + startAt = "03:50"; + }; + prism-http-uriel = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; }; + startAt = "03:55"; + }; + uriel-home-mors = { + method = "pull"; + src = { host = config.krebs.hosts.uriel; path = "/home"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/uriel-home"; }; + startAt = "04:00"; + }; + mors-home-uriel = { + method = "push"; + src = { host = config.krebs.hosts.mors; path = "/home"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; }; + startAt = "05:00"; + }; + }; +} diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 6c52240af..79fc4744f 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -4,7 +4,7 @@ let mainUser = config.users.extraUsers.mainUser; in { imports = [ - ./base.nix + ./default.nix #./urxvt.nix ./xserver ]; @@ -39,6 +39,7 @@ in { push slock sxiv + xclip xorg.xbacklight xsel zathura diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 8c71553fe..604d0728d 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -1,15 +1,16 @@ { lib, config, pkgs, ... }: { - #networking.firewall.allowedTCPPorts = [ 8010 9989 ]; - krebs.buildbot.master = { + krebs.buildbot.master = let + stockholm-mirror-url = http://cgit.prism/stockholm ; + in { slaves = { testslave = "lasspass"; }; change_source.stockholm = '' - stockholm_repo = 'http://cgit.mors/stockholm' + stockholm_repo = '${stockholm-mirror-url}' cs.append(changes.GitPoller( stockholm_repo, - workdir='stockholm-poller', branch='master', + workdir='stockholm-poller', branches=True, project='stockholm', pollinterval=120)) ''; @@ -20,10 +21,12 @@ builderNames=["fast-tests"])) ''; fast-tests-scheduler = '' - # test the master real quick + # test everything real quick sched.append(schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch="master"), - name="fast-master-test", + ## all branches + change_filter=util.ChangeFilter(branch_re=".*"), + # treeStableTimer=10, + name="fast-all-branches", builderNames=["fast-tests"])) ''; }; @@ -38,7 +41,10 @@ deps = [ "gnumake", "jq","nix","rsync" ] # TODO: --pure , prepare ENV in nix-shell command: # SSL_CERT_FILE,LOGNAME,NIX_REMOTE - nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ] + nixshell = ["nix-shell", + "-I", "stockholm=.", + "-I", "nixpkgs=/var/src/nixpkgs", + "-p" ] + deps + [ "--run" ] # prepare addShell function def addShell(factory,**kwargs): @@ -48,13 +54,26 @@ fast-tests = '' f = util.BuildFactory() f.addStep(grab_repo) - addShell(f,name="mors-eval",env=env, - command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"]) + for i in [ "prism", "mors", "echelon" ]: + addShell(f,name="populate-{}".format(i),env=env, + command=nixshell + \ + ["{}( make system={} eval.config.krebs.build.populate \ + | jq -er .)".format("!" if "failing" in i else "",i)]) + + addShell(f,name="build-test-minimal",env=env, + command=nixshell + \ + ["nix-instantiate \ + --show-trace --eval --strict --json \ + -I nixos-config=./shared/1systems/test-minimal-deploy.nix \ + -I secrets=. \ + -A config.system.build.toplevel"] + ) bu.append(util.BuilderConfig(name="fast-tests", slavenames=slavenames, factory=f)) - ''; + + ''; }; enable = true; web.enable = true; @@ -72,7 +91,17 @@ masterhost = "localhost"; username = "testslave"; password = "lasspass"; - packages = with pkgs;[ git nix ]; - extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; }; + packages = with pkgs;[ git nix gnumake jq rsync ]; + extraEnviron = { + NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; + }; + }; + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8010"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 9989"; target = "ACCEPT"; } + ]; + }; }; } diff --git a/lass/2configs/base.nix b/lass/2configs/default.nix index 8017d4270..2f6ffa18e 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/default.nix @@ -7,10 +7,11 @@ with config.krebs.lib; ../2configs/zsh.nix ../2configs/mc.nix ../2configs/retiolum.nix + ./backups.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) - (import /root/secrets/hashedPasswords.nix); + (import <secrets/hashedPasswords.nix>); } { users.extraUsers = { @@ -18,7 +19,6 @@ with config.krebs.lib; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey config.krebs.users.lass-uriel.pubkey - config.krebs.users.lass-helios.pubkey ]; }; mainUser = { @@ -45,7 +45,6 @@ with config.krebs.lib; krebs = { enable = true; search-domain = "retiolum"; - exim-retiolum.enable = true; build = { user = config.krebs.users.lass; source = mapAttrs (_: mkDefault) ({ @@ -55,7 +54,7 @@ with config.krebs.lib; stockholm = "/home/lass/stockholm"; nixpkgs = { url = https://github.com/NixOS/nixpkgs; - rev = "40c586b7ce2c559374df435f46d673baf711c543"; + rev = "e781a8257b4312f6b138c7d0511c77d8c06ed819"; dev = "/home/lass/src/nixpkgs"; }; } // optionalAttrs config.krebs.build.host.secure { @@ -85,9 +84,12 @@ with config.krebs.lib; MANPAGER=most ''; + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ #stockholm git + gnumake jq parallel proot @@ -102,12 +104,18 @@ with config.krebs.lib; #network iptables + iftop #stuff for dl aria2 #neat utils krebspaste + + #unpack stuff + p7zip + unzip + unrar ]; programs.bash = { @@ -145,10 +153,6 @@ with config.krebs.lib; ''; }; - security.setuidPrograms = [ - "sendmail" - ]; - services.openssh = { enable = true; hostKeys = [ @@ -165,6 +169,13 @@ with config.krebs.lib; krebs.iptables = { enable = true; tables = { + nat.PREROUTING.rules = [ + { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } + ]; + nat.OUTPUT.rules = [ + { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } + ]; filter.INPUT.policy = "DROP"; filter.FORWARD.policy = "DROP"; filter.INPUT.rules = [ diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 115cb8b61..ccd751413 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -20,6 +20,7 @@ in { ]; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + config.krebs.users.lass-uriel.pubkey ]; }; diff --git a/lass/2configs/exim-retiolum.nix b/lass/2configs/exim-retiolum.nix new file mode 100644 index 000000000..ea2f553b8 --- /dev/null +++ b/lass/2configs/exim-retiolum.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +{ + krebs.exim-retiolum.enable = true; + krebs.setuid.sendmail = { + filename = "${pkgs.exim}/bin/exim"; + mode = "4111"; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } + ]; +} diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix new file mode 100644 index 000000000..2efb6f367 --- /dev/null +++ b/lass/2configs/exim-smarthost.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +{ + krebs.exim-smarthost = { + enable = true; + dkim = [ + { domain = "lassul.us"; } + ]; + sender_domains = [ + "lassul.us" + "aidsballs.de" + ]; + relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + config.krebs.hosts.mors + config.krebs.hosts.uriel + config.krebs.hosts.helios + ]; + internet-aliases = with config.krebs.users; [ + { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822 + { from = "lass@lassul.us"; to = lass.mail; } + { from = "lassulus@lassul.us"; to = lass.mail; } + { from = "test@lassul.us"; to = lass.mail; } + { from = "outlook@lassul.us"; to = lass.mail; } + { from = "steuer@aidsballs.de"; to = lass.mail; } + { from = "lass@aidsballs.de"; to = lass.mail; } + ]; + system-aliases = [ + { from = "mailer-daemon"; to = "postmaster"; } + { from = "postmaster"; to = "root"; } + { from = "nobody"; to = "root"; } + { from = "hostmaster"; to = "root"; } + { from = "usenet"; to = "root"; } + { from = "news"; to = "root"; } + { from = "webmaster"; to = "root"; } + { from = "www"; to = "root"; } + { from = "ftp"; to = "root"; } + { from = "abuse"; to = "root"; } + { from = "noc"; to = "root"; } + { from = "security"; to = "root"; } + { from = "root"; to = "lass"; } + ]; + }; + + krebs.setuid.sendmail = { + filename = "${pkgs.exim}/bin/exim"; + mode = "4111"; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + ]; +} diff --git a/lass/2configs/fastpoke-pages.nix b/lass/2configs/fastpoke-pages.nix deleted file mode 100644 index bf6ea8952..000000000 --- a/lass/2configs/fastpoke-pages.nix +++ /dev/null @@ -1,101 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; - -let - createStaticPage = domain: - { - krebs.nginx.servers."${domain}" = { - server-names = [ - "${domain}" - "www.${domain}" - ]; - locations = [ - (nameValuePair "/" '' - root /var/lib/http/${domain}; - '') - ]; - }; - #networking.extraHosts = '' - # 10.243.206.102 ${domain} - #''; - users.extraUsers = { - ${domain} = { - name = domain; - home = "/var/lib/http/${domain}"; - createHome = true; - }; - }; - }; - -in { - imports = map createStaticPage [ - "habsys.de" - "pixelpocket.de" - "karlaskop.de" - "ubikmedia.de" - "apanowicz.de" - ]; - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - ]; - }; - }; - - - krebs.nginx = { - enable = true; - servers = { - #"habsys.de" = { - # server-names = [ - # "habsys.de" - # "www.habsys.de" - # ]; - # locations = [ - # (nameValuePair "/" '' - # root /var/lib/http/habsys.de; - # '') - # ]; - #}; - - #"karlaskop.de" = { - # server-names = [ - # "karlaskop.de" - # "www.karlaskop.de" - # ]; - # locations = [ - # (nameValuePair "/" '' - # root /var/lib/http/karlaskop.de; - # '') - # ]; - #}; - - #"pixelpocket.de" = { - # server-names = [ - # "pixelpocket.de" - # "www.karlaskop.de" - # ]; - # locations = [ - # (nameValuePair "/" '' - # root /var/lib/http/karlaskop.de; - # '') - # ]; - #}; - - }; - }; - - #services.postgresql = { - # enable = true; - #}; - - #config.services.vsftpd = { - # enable = true; - # userlistEnable = true; - # userlistFile = pkgs.writeFile "vsftpd-userlist" '' - # ''; - #}; -} diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 6043a8759..0eec97922 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -13,7 +13,7 @@ in { name = "games"; description = "user playing games"; home = "/home/games"; - extraGroups = [ "audio" "video" "input" ]; + extraGroups = [ "audio" "video" "input" "loot" ]; createHome = true; useDefaultShell = true; }; diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix new file mode 100644 index 000000000..3c7dfcaf6 --- /dev/null +++ b/lass/2configs/mail.nix @@ -0,0 +1,95 @@ +{ pkgs, ... }: + +let + + msmtprc = pkgs.writeText "msmtprc" '' + defaults + logfile ~/.msmtp.log + account prism + host prism.r + account default: prism + ''; + + msmtp = pkgs.writeDashBin "msmtp" '' + exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@ + ''; + + muttrc = pkgs.writeText "muttrc" '' + # gpg + source ${pkgs.mutt-kz}/share/doc/mutt-kz/samples/gpg.rc + set pgp_use_gpg_agent = yes + set pgp_sign_as = 0x976A7E4D + set crypt_autosign = yes + set crypt_replyencrypt = yes + + # notmuch + set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir + set nm_record = yes + set nm_record_tags = "-inbox me archive" + set virtual_spoolfile=yes # enable virtual folders + set sendmail="msmtp" # enables parsing of outgoing mail + set use_from=yes + set envelope_from=yes + + set index_format="%4C %Z %?GI?%GI& ? %[%d/%b] %-16.15F %?M?(%3M)& ? %s %> %?g?%g?" + + virtual-mailboxes \ + "INBOX" "notmuch://?query=tag:inbox and NOT tag:killed"\ + "Unread" "notmuch://?query=tag:unread"\ + "TODO" "notmuch://?query=tag:TODO"\ + "Starred" "notmuch://?query=tag:*"\ + "Archive" "notmuch://?query=tag:archive"\ + "Sent" "notmuch://?query=tag:sent"\ + "Junk" "notmuch://?query=tag:junk" + + tag-transforms "junk" "k" \ + "unread" "u" \ + "replied" "↻" \ + "TODO" "T" \ + + # notmuch bindings + macro index \\\\ "<vfolder-from-query>" # looks up a hand made query + macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived + macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred + macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred + + + #killed + bind index d noop + bind pager d noop + + bind pager S noop + macro index S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail + macro pager S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail + + bind index t noop + bind pager t noop + macro index t "<modify-labels>+TODO\n" # tag as Archived + + + # sidebar + set sidebar_width = 20 + set sidebar_visible = yes # set to "no" to disable sidebar view at startup + color sidebar_new yellow default + # sidebar bindings + bind index <left> sidebar-prev # got to previous folder in sidebar + bind index <right> sidebar-next # got to next folder in sidebar + bind index <space> sidebar-open # open selected folder from sidebar + # sidebar toggle + macro index ,@) "<enter-command> set sidebar_visible=no; macro index ~ ,@( 'Toggle sidebar'<Enter>" + macro index ,@( "<enter-command> set sidebar_visible=yes; macro index ~ ,@) 'Toggle sidebar'<Enter>" + macro index ~ ,@( 'Toggle sidebar' # toggle the sidebar + ''; + + mutt = pkgs.writeDashBin "mutt" '' + exec ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@ + ''; + +in { + environment.systemPackages = [ + msmtp + mutt + pkgs.much + pkgs.notmuch + ]; +} diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index d7c68bd7d..636b44395 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -154,7 +154,6 @@ let telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news tigsource|http://www.tigsource.com/feed/|#news - times|http://www.thetimes.co.uk/tto/news/rss|#news tinc|http://tinc-vpn.org/news/index.rss|#news topix_b|http://www.topix.com/rss/wire/de/berlin|#news torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 33eca0a17..610887621 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -6,5 +6,4 @@ gnupg1 ]; - services.xserver.startGnuPGAgent = true; } diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 109c216c0..a6fdad645 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -1,24 +1,36 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: -{ +let + inherit (config.krebs.lib) genid; + inherit (import ../../4lib { inherit lib pkgs; }) + manageCert + manageCerts + activateACME + ssl + servePage + serveOwncloud + serveWordpress; + +in { imports = [ - ../../3modules/static_nginx.nix - ../../3modules/owncloud_nginx.nix - ../../3modules/wordpress_nginx.nix - ]; + ( ssl [ "reich-gebaeudereinigung.de" ]) + ( servePage [ "reich-gebaeudereinigung.de" ]) - lass.staticPage = { - "karlaskop.de" = {}; - "makeup.apanowicz.de" = {}; - "pixelpocket.de" = {}; - "reich-gebaeudereinigung.de" = {}; - }; + ( manageCerts [ "karlaskop.de" ]) + ( servePage [ "karlaskop.de" ]) - lass.owncloud = { - "o.ubikmedia.de" = { - instanceid = "oc8n8ddbftgh"; - }; - }; + ( ssl [ "makeup.apanowicz.de" ]) + ( servePage [ "makeup.apanowicz.de" ]) + + ( manageCerts [ "pixelpocket.de" ]) + ( servePage [ "pixelpocket.de" ]) + + ( ssl [ "o.ubikmedia.de" ]) + ( serveOwncloud [ "o.ubikmedia.de" ]) + + ( ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] ) + ( serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] ) + ]; services.mysql = { enable = true; @@ -26,10 +38,41 @@ rootPassword = toString (<secrets/mysql_rootPassword>); }; - #lass.wordpress = { - # "ubikmedia.de" = { - # }; - #}; + lass.mysqlBackup = { + enable = true; + config.domsen = { + password = toString (<secrets/mysql_rootPassword>); + databases = [ + "ubikmedia_de" + "o_ubikmedia_de" + ]; + }; + }; + services.mysqlBackup = { + enable = true; + databases = [ + "ubikmedia_de" + "o_ubikmedia_de" + ]; + location = "/bku/sql_dumps"; + }; + + users.users.domsen = { + uid = genid "domsen"; + description = "maintenance acc for domsen"; + home = "/home/domsen"; + useDefaultShell = true; + extraGroups = [ "nginx" ]; + createHome = true; + }; + services.phpfpm.phpIni = pkgs.runCommand "php.ini" { + options = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + ''; + } '' + cat ${pkgs.php}/etc/php-recommended.ini > $out + echo "$options" >> $out + ''; } diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 073f3de14..b02c2e878 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -1,22 +1,57 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: -{ +let + inherit (import ../../4lib { inherit lib pkgs; }) + manageCerts + activateACME + ssl + servePage + serveWordpress; +in { imports = [ - ../../3modules/static_nginx.nix - ../../3modules/owncloud_nginx.nix - ../../3modules/wordpress_nginx.nix + #( manageCerts [ "biostase.de" ]) + #( servePage [ "biostase.de" ]) + + #( manageCerts [ "gs-maubach.de" ]) + #( servePage [ "gs-maubach.de" ]) + + #( manageCerts [ "spielwaren-kern.de" ]) + #( servePage [ "spielwaren-kern.de" ]) + + #( manageCerts [ "societyofsimtech.de" ]) + #( servePage [ "societyofsimtech.de" ]) + + #( manageCerts [ "ttf-kleinaspach.de" ]) + #( servePage [ "ttf-kleinaspach.de" ]) + + #( manageCerts [ "edsn.de" ]) + #( servePage [ "edsn.de" ]) + + #( manageCerts [ "eab.berkeley.edu" ]) + #( servePage [ "eab.berkeley.edu" ]) + + ( manageCerts [ "eastuttgart.de" ]) + ( serveWordpress [ "eastuttgart.de" ]) + + ( manageCerts [ "habsys.de" "habsys.eu" ]) + ( servePage [ "habsys.de" "habsys.eu" ]) ]; - lass.staticPage = { - "biostase.de" = {}; - "gs-maubach.de" = {}; - "spielwaren-kern.de" = {}; - "societyofsimtech.de" = {}; - "ttf-kleinaspach.de" = {}; - "edsn.de" = {}; - "eab.berkeley.edu" = {}; - "habsys.de" = {}; + services.mysql = { + enable = true; + package = pkgs.mariadb; + rootPassword = toString (<secrets/mysql_rootPassword>); + }; + + lass.mysqlBackup = { + enable = true; + config.fritz = { + password = toString (<secrets/mysql_rootPassword>); + databases = [ + "eastuttgart_de" + ]; + }; }; #lass.owncloud = { @@ -24,10 +59,4 @@ # instanceid = "oc8n8ddbftgh"; # }; #}; - - #services.mysql = { - # enable = true; - # package = pkgs.mariadb; - # rootPassword = toString (<secrets/mysql_rootPassword>); - #}; } diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix index ac784d4c7..858054531 100644 --- a/lass/2configs/websites/wohnprojekt-rhh.de.nix +++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix @@ -1,14 +1,17 @@ -{ config, ... }: +{ config, pkgs, lib, ... }: -{ +let + inherit (config.krebs.lib) genid; + inherit (import ../../4lib { inherit lib pkgs; }) + ssl + servePage; + +in { imports = [ - ../../3modules/static_nginx.nix + ( ssl [ "wohnprojekt-rhh.de" ]) + ( servePage [ "wohnprojekt-rhh.de" ]) ]; - lass.staticPage = { - "wohnprojekt-rhh.de" = {}; - }; - users.users.laura = { home = "/srv/http/wohnprojekt-rhh.de"; createHome = true; |