diff options
Diffstat (limited to 'lass/2configs')
-rw-r--r-- | lass/2configs/baseX.nix | 2 | ||||
-rw-r--r-- | lass/2configs/exim-smarthost.nix | 2 | ||||
-rw-r--r-- | lass/2configs/nixpkgs.nix | 2 | ||||
-rw-r--r-- | lass/2configs/repo-sync.nix | 1 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 2 | ||||
-rw-r--r-- | lass/2configs/websites/lassulus.nix | 91 |
6 files changed, 98 insertions, 2 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 2649ecab9..4b05e3296 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -49,6 +49,8 @@ in { mpv-poll yt-next + + youtube-tools #window manager stuff #haskellPackages.xmobar #haskellPackages.yeganesh diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 00a3612fd..3ed8be77f 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -29,6 +29,8 @@ with config.krebs.lib; { from = "finanzamt@lassul.us"; to = lass.mail; } { from = "netzclub@lassul.us"; to = lass.mail; } { from = "nebenan@lassul.us"; to = lass.mail; } + { from = "feed@lassul.us"; to = lass.mail; } + { from = "art@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 6e9138b61..73c96e876 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "354fd3728952c229fee4f2924737c601d7ab4725"; + ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; }; } diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 027f31fe0..eae583a84 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -92,6 +92,7 @@ in { (sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger") (sync-remote "xintmap" "https://github.com/4z3/xintmap") (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper") + (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog") (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs") (sync-retiolum "go") (sync-retiolum "much") diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index e05f40d97..3a3e60d39 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -191,7 +191,7 @@ in { server_set_id = $auth1 ''; internet-aliases = [ - { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } + { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; } { from = "mail@jla-trading.com"; to = "jla-trading"; } { from = "testuser@lassul.us"; to = "testuser"; } ]; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix new file mode 100644 index 000000000..04c19fad0 --- /dev/null +++ b/lass/2configs/websites/lassulus.nix @@ -0,0 +1,91 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; }) + genid + ; + +in { + imports = [ + ../git.nix + ]; + + security.acme = { + certs."lassul.us" = { + email = "lass@lassul.us"; + webroot = "/var/lib/acme/challenges/lassul.us"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + "full.pem" + ]; + allowKeysForGroup = true; + group = "lasscert"; + }; + certs."cgit.lassul.us" = { + email = "lassulus@gmail.com"; + webroot = "/var/lib/acme/challenges/cgit.lassul.us"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + ]; + group = "nginx"; + allowKeysForGroup = true; + }; + }; + + users.groups.lasscert.members = [ + "dovecot2" + "ejabberd" + "exim" + "nginx" + ]; + + krebs.nginx.servers."lassul.us" = { + server-names = [ "lassul.us" ]; + locations = [ + (nameValuePair "/" '' + root /srv/http/lassul.us; + '') + (nameValuePair "/.well-known/acme-challenge" '' + root /var/lib/acme/challenges/lassul.us/; + '') + ]; + ssl = { + enable = true; + certificate = "/var/lib/acme/lassul.us/fullchain.pem"; + certificate_key = "/var/lib/acme/lassul.us/key.pem"; + }; + }; + + krebs.nginx.servers.cgit = { + server-names = [ + "cgit.lassul.us" + ]; + locations = [ + (nameValuePair "/.well-known/acme-challenge" '' + root /var/lib/acme/challenges/cgit.lassul.us/; + '') + ]; + ssl = { + enable = true; + certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; + certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem"; + }; + }; + + users.users.blog = { + uid = genid "blog"; + description = "lassul.us blog deployment"; + home = "/srv/http/lassul.us"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; +} + |