summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/backups.nix63
-rw-r--r--lass/2configs/base.nix13
-rw-r--r--lass/2configs/downloading.nix1
-rw-r--r--lass/2configs/fastpoke-pages.nix101
-rw-r--r--lass/2configs/games.nix2
-rw-r--r--lass/2configs/newsbot-js.nix1
-rw-r--r--lass/2configs/pass.nix1
-rw-r--r--lass/2configs/privoxy-retiolum.nix3
-rw-r--r--lass/2configs/websites/domsen.nix75
-rw-r--r--lass/2configs/websites/fritz.nix48
-rw-r--r--lass/2configs/websites/wohnprojekt-rhh.de.nix20
11 files changed, 176 insertions, 152 deletions
diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix
new file mode 100644
index 000000000..c3275aece
--- /dev/null
+++ b/lass/2configs/backups.nix
@@ -0,0 +1,63 @@
+{ config, lib, ... }:
+with config.krebs.lib;
+{
+
+ krebs.backup.plans = {
+ } // mapAttrs (_: recursiveUpdate {
+ snapshots = {
+ daily = { format = "%Y-%m-%d"; retain = 7; };
+ weekly = { format = "%YW%W"; retain = 4; };
+ monthly = { format = "%Y-%m"; retain = 12; };
+ yearly = { format = "%Y"; };
+ };
+ }) {
+ prism-chat-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; };
+ startAt = "03:00";
+ };
+ prism-chat-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
+ startAt = "03:00";
+ };
+ mors-home-uriel = {
+ method = "push";
+ src = { host = config.krebs.hosts.mors; path = "/home"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; };
+ startAt = "04:00";
+ };
+ uriel-home-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.uriel; path = "/home"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/uriel-home"; };
+ startAt = "04:00";
+ };
+ prism-http-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; };
+ startAt = "04:30";
+ };
+ prism-http-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
+ startAt = "04:30";
+ };
+ prism-sql-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; };
+ startAt = "05:00";
+ };
+ prism-sql-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
+ startAt = "05:00";
+ };
+ };
+}
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 8017d4270..ad5df26e8 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -7,10 +7,11 @@ with config.krebs.lib;
../2configs/zsh.nix
../2configs/mc.nix
../2configs/retiolum.nix
+ ./backups.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
- (import /root/secrets/hashedPasswords.nix);
+ (import <secrets/hashedPasswords.nix>);
}
{
users.extraUsers = {
@@ -55,7 +56,7 @@ with config.krebs.lib;
stockholm = "/home/lass/stockholm";
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
- rev = "40c586b7ce2c559374df435f46d673baf711c543";
+ rev = "e781a8257b4312f6b138c7d0511c77d8c06ed819";
dev = "/home/lass/src/nixpkgs";
};
} // optionalAttrs config.krebs.build.host.secure {
@@ -85,9 +86,12 @@ with config.krebs.lib;
MANPAGER=most
'';
+ nixpkgs.config.allowUnfree = true;
+
environment.systemPackages = with pkgs; [
#stockholm
git
+ gnumake
jq
parallel
proot
@@ -108,6 +112,11 @@ with config.krebs.lib;
#neat utils
krebspaste
+
+ #unpack stuff
+ p7zip
+ unzip
+ unrar
];
programs.bash = {
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 115cb8b61..ccd751413 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -20,6 +20,7 @@ in {
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
+ config.krebs.users.lass-uriel.pubkey
];
};
diff --git a/lass/2configs/fastpoke-pages.nix b/lass/2configs/fastpoke-pages.nix
deleted file mode 100644
index bf6ea8952..000000000
--- a/lass/2configs/fastpoke-pages.nix
+++ /dev/null
@@ -1,101 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-let
- createStaticPage = domain:
- {
- krebs.nginx.servers."${domain}" = {
- server-names = [
- "${domain}"
- "www.${domain}"
- ];
- locations = [
- (nameValuePair "/" ''
- root /var/lib/http/${domain};
- '')
- ];
- };
- #networking.extraHosts = ''
- # 10.243.206.102 ${domain}
- #'';
- users.extraUsers = {
- ${domain} = {
- name = domain;
- home = "/var/lib/http/${domain}";
- createHome = true;
- };
- };
- };
-
-in {
- imports = map createStaticPage [
- "habsys.de"
- "pixelpocket.de"
- "karlaskop.de"
- "ubikmedia.de"
- "apanowicz.de"
- ];
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
- ];
- };
- };
-
-
- krebs.nginx = {
- enable = true;
- servers = {
- #"habsys.de" = {
- # server-names = [
- # "habsys.de"
- # "www.habsys.de"
- # ];
- # locations = [
- # (nameValuePair "/" ''
- # root /var/lib/http/habsys.de;
- # '')
- # ];
- #};
-
- #"karlaskop.de" = {
- # server-names = [
- # "karlaskop.de"
- # "www.karlaskop.de"
- # ];
- # locations = [
- # (nameValuePair "/" ''
- # root /var/lib/http/karlaskop.de;
- # '')
- # ];
- #};
-
- #"pixelpocket.de" = {
- # server-names = [
- # "pixelpocket.de"
- # "www.karlaskop.de"
- # ];
- # locations = [
- # (nameValuePair "/" ''
- # root /var/lib/http/karlaskop.de;
- # '')
- # ];
- #};
-
- };
- };
-
- #services.postgresql = {
- # enable = true;
- #};
-
- #config.services.vsftpd = {
- # enable = true;
- # userlistEnable = true;
- # userlistFile = pkgs.writeFile "vsftpd-userlist" ''
- # '';
- #};
-}
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 6043a8759..0eec97922 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -13,7 +13,7 @@ in {
name = "games";
description = "user playing games";
home = "/home/games";
- extraGroups = [ "audio" "video" "input" ];
+ extraGroups = [ "audio" "video" "input" "loot" ];
createHome = true;
useDefaultShell = true;
};
diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix
index d7c68bd7d..636b44395 100644
--- a/lass/2configs/newsbot-js.nix
+++ b/lass/2configs/newsbot-js.nix
@@ -154,7 +154,6 @@ let
telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news
the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news
tigsource|http://www.tigsource.com/feed/|#news
- times|http://www.thetimes.co.uk/tto/news/rss|#news
tinc|http://tinc-vpn.org/news/index.rss|#news
topix_b|http://www.topix.com/rss/wire/de/berlin|#news
torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news
diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix
index 33eca0a17..610887621 100644
--- a/lass/2configs/pass.nix
+++ b/lass/2configs/pass.nix
@@ -6,5 +6,4 @@
gnupg1
];
- services.xserver.startGnuPGAgent = true;
}
diff --git a/lass/2configs/privoxy-retiolum.nix b/lass/2configs/privoxy-retiolum.nix
index 3a3641ad8..9059bbac8 100644
--- a/lass/2configs/privoxy-retiolum.nix
+++ b/lass/2configs/privoxy-retiolum.nix
@@ -1,8 +1,7 @@
{ config, lib, ... }:
let
- r_ip = (head config.krebs.build.host.nets.retiolum.addrs4);
- inherit (lib) head;
+ r_ip = config.krebs.build.host.nets.retiolum.ip4.addr;
in {
imports = [
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 109c216c0..1b62bd977 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -1,24 +1,36 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
-{
+let
+ inherit (config.krebs.lib) genid;
+ inherit (import ../../4lib { inherit lib pkgs; })
+ manageCert
+ manageCerts
+ activateACME
+ ssl
+ servePage
+ serveOwncloud
+ serveWordpress;
+
+in {
imports = [
- ../../3modules/static_nginx.nix
- ../../3modules/owncloud_nginx.nix
- ../../3modules/wordpress_nginx.nix
- ];
+ ( ssl "reich-gebaeudereinigung.de" )
+ ( servePage "reich-gebaeudereinigung.de" )
- lass.staticPage = {
- "karlaskop.de" = {};
- "makeup.apanowicz.de" = {};
- "pixelpocket.de" = {};
- "reich-gebaeudereinigung.de" = {};
- };
+ ( manageCert "karlaskop.de" )
+ ( servePage "karlaskop.de" )
- lass.owncloud = {
- "o.ubikmedia.de" = {
- instanceid = "oc8n8ddbftgh";
- };
- };
+ ( manageCert "makeup.apanowicz.de" )
+ ( servePage "makeup.apanowicz.de" )
+
+ ( manageCert "pixelpocket.de" )
+ ( servePage "pixelpocket.de" )
+
+ ( ssl "o.ubikmedia.de" )
+ ( serveOwncloud "o.ubikmedia.de" )
+
+ ( manageCerts [ "ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
+ ( serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
+ ];
services.mysql = {
enable = true;
@@ -26,10 +38,31 @@
rootPassword = toString (<secrets/mysql_rootPassword>);
};
- #lass.wordpress = {
- # "ubikmedia.de" = {
- # };
- #};
+ services.mysqlBackup = {
+ enable = true;
+ databases = [
+ "ubikmedia_de"
+ "o_ubikmedia_de"
+ ];
+ location = "/bku/sql_dumps";
+ };
+
+ users.users.domsen = {
+ uid = genid "domsen";
+ description = "maintenance acc for domsen";
+ home = "/home/domsen";
+ useDefaultShell = true;
+ extraGroups = [ "nginx" ];
+ createHome = true;
+ };
+ services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
+ options = ''
+ extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ '';
+ } ''
+ cat ${pkgs.php}/etc/php-recommended.ini > $out
+ echo "$options" >> $out
+ '';
}
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 073f3de14..16a240d7c 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -1,23 +1,39 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
-{
+let
+ inherit (import ../../4lib { inherit lib pkgs; })
+ manageCert
+ activateACME
+ ssl
+ servePage
+ serveOwncloud;
+in {
imports = [
- ../../3modules/static_nginx.nix
- ../../3modules/owncloud_nginx.nix
- ../../3modules/wordpress_nginx.nix
- ];
+ ( manageCert "biostase.de" )
+ ( servePage "biostase.de" )
+
+ ( manageCert "gs-maubach.de" )
+ ( servePage "gs-maubach.de" )
+
+ ( manageCert "spielwaren-kern.de" )
+ ( servePage "spielwaren-kern.de" )
+
+ ( manageCert "societyofsimtech.de" )
+ ( servePage "societyofsimtech.de" )
- lass.staticPage = {
- "biostase.de" = {};
- "gs-maubach.de" = {};
- "spielwaren-kern.de" = {};
- "societyofsimtech.de" = {};
- "ttf-kleinaspach.de" = {};
- "edsn.de" = {};
- "eab.berkeley.edu" = {};
- "habsys.de" = {};
- };
+ ( manageCert "ttf-kleinaspach.de" )
+ ( servePage "ttf-kleinaspach.de" )
+
+ ( manageCert "edsn.de" )
+ ( servePage "edsn.de" )
+
+ ( manageCert "eab.berkeley.edu" )
+ ( servePage "eab.berkeley.edu" )
+
+ ( manageCert "habsys.de" )
+ ( servePage "habsys.de" )
+ ];
#lass.owncloud = {
# "o.ubikmedia.de" = {
diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix
index ac784d4c7..4e3eb071a 100644
--- a/lass/2configs/websites/wohnprojekt-rhh.de.nix
+++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix
@@ -1,14 +1,20 @@
-{ config, ... }:
+{ config, pkgs, lib, ... }:
-{
+let
+ inherit (config.krebs.lib) genid;
+ inherit (import ../../4lib { inherit lib pkgs; })
+ manageCert
+ activateACME
+ ssl
+ servePage
+ serveOwncloud;
+
+in {
imports = [
- ../../3modules/static_nginx.nix
+ ( ssl "wohnprojekt-rhh.de" )
+ ( servePage "wohnprojekt-rhh.de" )
];
- lass.staticPage = {
- "wohnprojekt-rhh.de" = {};
- };
-
users.users.laura = {
home = "/srv/http/wohnprojekt-rhh.de";
createHome = true;