summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/baseX.nix8
-rw-r--r--lass/2configs/default.nix6
-rw-r--r--lass/2configs/hfos.nix4
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--lass/2configs/retiolum.nix4
-rw-r--r--lass/2configs/vim.nix1
-rw-r--r--lass/2configs/websites/domsen.nix42
-rw-r--r--lass/2configs/websites/fritz.nix9
-rw-r--r--lass/2configs/xserver/default.nix35
9 files changed, 66 insertions, 45 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 1e796015a..a67c25145 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -13,6 +13,14 @@ in {
systemWide = true;
};
}
+ {
+ krebs.per-user.lass.packages = [
+ pkgs.sshuttle
+ ];
+ security.sudo.extraConfig = ''
+ lass ALL= (root) NOPASSWD:SETENV: ${pkgs.sshuttle}/bin/.sshuttle-wrapped
+ '';
+ }
];
users.extraUsers.mainUser.extraGroups = [ "audio" "video" ];
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 6fea97728..1cb68a985 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -56,6 +56,12 @@ with import <stockholm/lib>;
SSL_CERT_FILE = ca-bundle;
};
})
+ {
+ #for sshuttle
+ environment.systemPackages = [
+ pkgs.pythonPackages.python
+ ];
+ }
];
networking.hostName = config.krebs.build.host.name;
diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix
index f6f09e226..7d4d544aa 100644
--- a/lass/2configs/hfos.nix
+++ b/lass/2configs/hfos.nix
@@ -7,7 +7,7 @@ with import <stockholm/lib>;
isNormalUser = true;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5NnADMRySix1kcxQwseHfem/SCDmkbvwc+ZZu7HFz4zss1k4Fh1knsukMY83zlno8p/8bBPWyixLTxuZHNy26af8GP95bvV3brnpRmrijkE4dOlpd+wvPcIyTKNunJvMzNDP/ry9g2GczEZKGWvQZudq/nI54HaCaRWM2kzEMEg8Rr9SGlZEKo8B+8HGVsz1a8USOnm8dqYP9dmfLdpy/s+7yWJSPh8wokvWeOOrahirOhO99ZfXm2gcdHqSKvbD2+4EYEm5w8iFrbYBT2wZ3u9ZOiooL/JuEBBdnDrcqZqeaTw0vOdKPvkUP8/rzRjvIwSkynMSD8fixpdGRNeIB riot@lagrange"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
config.krebs.users.lass.pubkey
];
};
@@ -21,12 +21,14 @@ with import <stockholm/lib>;
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 22"; target = "DNAT --to-destination 192.168.122.208:22"; }
+ { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 25"; target = "DNAT --to-destination 192.168.122.208:25"; }
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 80"; target = "DNAT --to-destination 192.168.122.208:1080"; }
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
];
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
];
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 6885ef59d..a33e69bf8 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/lassulus/nixpkgs;
- ref = "819c1ab486a9c81d6a6b76c759aedece2df39037";
+ ref = "d98b556864f2b3a634e39ed1ae29f47c0e3fae35";
};
}
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index eba40532d..7a7bf95be 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -16,9 +16,9 @@
enable = true;
connectTo = [
"prism"
- "pigstarter"
"gum"
- "flap"
+ "ni"
+ "dishfire"
];
};
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index bfaae24c8..f79e6b807 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -5,6 +5,7 @@ let
out = {
environment.systemPackages = [
vim
+ pkgs.pythonPackages.flake8
];
environment.etc.vimrc.source = vimrc;
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 2bbfe7333..5ed73a22c 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -7,7 +7,6 @@ let
genid_signed
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
- ssl
servePage
serveOwncloud
serveWordpress;
@@ -25,47 +24,16 @@ let
in {
imports = [
./sqlBackup.nix
- (ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
- (ssl [ "karlaskop.de" "www.karlaskop.de" ])
(servePage [ "karlaskop.de" "www.karlaskop.de" ])
- (ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
(servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
- (ssl [ "pixelpocket.de" ])
(servePage [ "pixelpocket.de" ])
- (ssl [ "o.ubikmedia.de" ])
(serveOwncloud [ "o.ubikmedia.de" ])
- (ssl [
- "ubikmedia.de"
- "aldona.ubikmedia.de"
- "apanowicz.de"
- "nirwanabluete.de"
- "aldonasiech.com"
- "360gradvideo.tv"
- "ubikmedia.eu"
- "facts.cloud"
- "youthtube.xyz"
- "illucloud.eu"
- "illucloud.de"
- "illucloud.com"
- "www.ubikmedia.de"
- "www.aldona.ubikmedia.de"
- "www.apanowicz.de"
- "www.nirwanabluete.de"
- "www.aldonasiech.com"
- "www.360gradvideo.tv"
- "www.ubikmedia.eu"
- "www.facts.cloud"
- "www.youthtube.xyz"
- "www.illucloud.eu"
- "www.illucloud.de"
- "www.illucloud.com"
- ])
(serveWordpress [
"ubikmedia.de"
"apanowicz.de"
@@ -88,6 +56,16 @@ in {
"www.illucloud.eu"
"www.illucloud.de"
"www.illucloud.com"
+ "www.ubikmedia.de"
+ "aldona2.ubikmedia.de"
+ "apanowicz.ubikmedia.de"
+ "cinevita.ubikmedia.de"
+ "factscloud.ubikmedia.de"
+ "illucloud.ubikmedia.de"
+ "joemisch.ubikmedia.de"
+ "karlaskop.ubikmedia.de"
+ "nb.ubikmedia.de"
+ "youthtube.ubikmedia.de"
])
];
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 00e987116..9bf7e4a9c 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -7,7 +7,6 @@ let
head
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
- ssl
servePage
serveWordpress
;
@@ -29,28 +28,20 @@ in {
imports = [
./sqlBackup.nix
- (ssl [ "radical-dreamers.de" "www.radical-dreamers.de" ])
(serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])
- (ssl [ "gs-maubach.de" "www.gs-maubach.de" ])
(serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ])
- (ssl [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
(serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
- (ssl [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
(servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
- (ssl [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
(serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
- (ssl [ "eastuttgart.de" "www.eastuttgart.de" ])
(serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
- (ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
(servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
- (ssl [ "goldbarrendiebstahl.radical-dreamers.de" ])
(serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
];
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index 53c8f9444..cba4db766 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -2,6 +2,24 @@
with import <stockholm/lib>;
let
user = config.krebs.build.user;
+
+ copyqConfig = pkgs.writeDash "copyq-config" ''
+ ${pkgs.copyq}/bin/copyq config check_clipboard true
+ ${pkgs.copyq}/bin/copyq config check_selection true
+ ${pkgs.copyq}/bin/copyq config copy_clipboard true
+ ${pkgs.copyq}/bin/copyq config copy_selection true
+
+ ${pkgs.copyq}/bin/copyq config activate_closes true
+ ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
+ ${pkgs.copyq}/bin/copyq config clipboard_tab &clipboard
+ ${pkgs.copyq}/bin/copyq config disable_tray true
+ ${pkgs.copyq}/bin/copyq config hide_tabs true
+ ${pkgs.copyq}/bin/copyq config hide_toolbar true
+ ${pkgs.copyq}/bin/copyq config item_popup_interval true
+ ${pkgs.copyq}/bin/copyq config maxitems 1000
+ ${pkgs.copyq}/bin/copyq config move true
+ ${pkgs.copyq}/bin/copyq config text_wrap true
+ '';
in {
environment.systemPackages = [
@@ -109,4 +127,21 @@ in {
User = user.name;
};
};
+
+ systemd.services.copyq = {
+ wantedBy = [ "multi-user.target" ];
+ requires = [ "xserver.service" ];
+ environment = {
+ DISPLAY = ":${toString config.services.xserver.display}";
+ };
+ serviceConfig = {
+ SyslogIdentifier = "copyq";
+ ExecStart = "${pkgs.copyq}/bin/copyq";
+ ExecStartPost = copyqConfig;
+ Restart = "always";
+ RestartSec = "2s";
+ StartLimitBurst = 0;
+ User = user.name;
+ };
+ };
}