summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/ciko.nix8
-rw-r--r--lass/2configs/default.nix4
-rw-r--r--lass/2configs/exim-smarthost.nix204
-rw-r--r--lass/2configs/gg23.nix1
-rw-r--r--lass/2configs/mail.nix4
-rw-r--r--lass/2configs/mc.nix3
-rw-r--r--lass/2configs/paste.nix4
-rw-r--r--lass/2configs/steam.nix1
-rw-r--r--lass/2configs/urxvt.nix31
-rw-r--r--lass/2configs/websites/domsen.nix3
-rw-r--r--lass/2configs/websites/lassulus.nix8
-rw-r--r--lass/2configs/xdg-open.nix1
-rw-r--r--lass/2configs/yubikey.nix19
13 files changed, 154 insertions, 137 deletions
diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix
index 6818db460..3d87fb620 100644
--- a/lass/2configs/ciko.nix
+++ b/lass/2configs/ciko.nix
@@ -11,14 +11,6 @@ with import <stockholm/lib>;
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr"
];
};
- krebs.exim-smarthost = {
- internet-aliases = [
- { from = "*@slash16.net"; to = "ciko"; }
- ];
- sender_domains = [
- "slash16.net"
- ];
- };
system.activationScripts.user-shadow = ''
${pkgs.coreutils}/bin/chmod +x /home/ciko
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index dcae2f3eb..b0d7ff23b 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -96,9 +96,6 @@ with import <stockholm/lib>;
git
gnumake
jq
- parallel
- proot
- populate
#style
most
@@ -118,6 +115,7 @@ with import <stockholm/lib>;
#neat utils
file
+ hashPassword
kpaste
krebspaste
mosh
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index a82672998..565608633 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -1,8 +1,110 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, ... }: with import <stockholm/lib>; let
-with import <stockholm/lib>;
+ to = concatStringsSep "," [
+ "lass@blue.r"
+ "lass@xerxes.r"
+ "lass@mors.r"
+ ];
+
+ mails = [
+ "postmaster@lassul.us"
+ "lass@lassul.us"
+ "lassulus@lassul.us"
+ "test@lassul.us"
+ "outlook@lassul.us"
+ "steuer@aidsballs.de"
+ "lass@aidsballs.de"
+ "wordpress@ubikmedia.de"
+ "finanzamt@lassul.us"
+ "netzclub@lassul.us"
+ "nebenan@lassul.us"
+ "feed@lassul.us"
+ "art@lassul.us"
+ "irgendwas@lassul.us"
+ "polo@lassul.us"
+ "shack@lassul.us"
+ "nix@lassul.us"
+ "c-base@lassul.us"
+ "paypal@lassul.us"
+ "patreon@lassul.us"
+ "steam@lassul.us"
+ "securityfocus@lassul.us"
+ "radio@lassul.us"
+ "btce@lassul.us"
+ "raf@lassul.us"
+ "apple@lassul.us"
+ "coinbase@lassul.us"
+ "tomtop@lassul.us"
+ "aliexpress@lassul.us"
+ "business@lassul.us"
+ "payeer@lassul.us"
+ "github@lassul.us"
+ "bitwala@lassul.us"
+ "bitstamp@lassul.us"
+ "bitcoin.de@lassul.us"
+ "ableton@lassul.us"
+ "dhl@lassul.us"
+ "sipgate@lassul.us"
+ "coinexchange@lassul.us"
+ "verwaltung@lassul.us"
+ "gearbest@lassul.us"
+ "binance@lassul.us"
+ "bitfinex@lassul.us"
+ "alternate@lassul.us"
+ "redacted@lassul.us"
+ "mytaxi@lassul.us"
+ "pizza@lassul.us"
+ "robinhood@lassul.us"
+ "drivenow@lassul.us"
+ "aws@lassul.us"
+ "reddit@lassul.us"
+ "banggood@lassul.us"
+ "immoscout@lassul.us"
+ "gmail@lassul.us"
+ "amazon@lassul.us"
+ "humblebundle@lassul.us"
+ "meetup@lassul.us"
+ "gebfrei@lassul.us"
+ "github@lassul.us"
+ "ovh@lassul.us"
+ "hetzner@lassul.us"
+ "allygator@lassul.us"
+ "immoscout@lassul.us"
+ "elitedangerous@lassul.us"
+ "boardgamegeek@lassul.us"
+ "qwertee@lassul.us"
+ "zazzle@lassul.us"
+ "hackbeach@lassul.us"
+ "transferwise@lassul.us"
+ "cis@lassul.us"
+ "afra@lassul.us"
+ "ksp@lassul.us"
+ "ccc@lassul.us"
+ "neocron@lassul.us"
+ "osmocom@lassul.us"
+ "lesswrong@lassul.us"
+ "nordvpn@lassul.us"
+ "csv-direct@lassul.us"
+ "nintendo@lassul.us"
+ "overleaf@lassul.us"
+ "box@lassul.us"
+ "paloalto@lassul.us"
+ "subtitles@lassul.us"
+ "lobsters@lassul.us"
+ "fysitech@lassul.us"
+ "threema@lassul.us"
+ "ubisoft@lassul.us"
+ "kottezeller@lassul.us"
+ "pie@lassul.us"
+ "vebit@lassul.us"
+ "vcvrack@lassul.us"
+ "epic@lassul.us"
+ "microsoft@lassul.us"
+ "stickers@lassul.us"
+ "nextbike@lassul.us"
+ ];
-{
+in {
krebs.exim-smarthost = {
enable = true;
dkim = [
@@ -17,101 +119,7 @@ with import <stockholm/lib>;
config.krebs.hosts.blue
config.krebs.hosts.xerxes
];
- internet-aliases = with config.krebs.users; [
- { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
- { from = "lass@lassul.us"; to = lass.mail; }
- { from = "lassulus@lassul.us"; to = lass.mail; }
- { from = "test@lassul.us"; to = lass.mail; }
- { from = "outlook@lassul.us"; to = lass.mail; }
- { from = "steuer@aidsballs.de"; to = lass.mail; }
- { from = "lass@aidsballs.de"; to = lass.mail; }
- { from = "wordpress@ubikmedia.de"; to = lass.mail; }
- { from = "finanzamt@lassul.us"; to = lass.mail; }
- { from = "netzclub@lassul.us"; to = lass.mail; }
- { from = "nebenan@lassul.us"; to = lass.mail; }
- { from = "feed@lassul.us"; to = lass.mail; }
- { from = "art@lassul.us"; to = lass.mail; }
- { from = "irgendwas@lassul.us"; to = lass.mail; }
- { from = "polo@lassul.us"; to = lass.mail; }
- { from = "shack@lassul.us"; to = lass.mail; }
- { from = "nix@lassul.us"; to = lass.mail; }
- { from = "c-base@lassul.us"; to = lass.mail; }
- { from = "paypal@lassul.us"; to = lass.mail; }
- { from = "patreon@lassul.us"; to = lass.mail; }
- { from = "steam@lassul.us"; to = lass.mail; }
- { from = "securityfocus@lassul.us"; to = lass.mail; }
- { from = "radio@lassul.us"; to = lass.mail; }
- { from = "btce@lassul.us"; to = lass.mail; }
- { from = "raf@lassul.us"; to = lass.mail; }
- { from = "apple@lassul.us"; to = lass.mail; }
- { from = "coinbase@lassul.us"; to = lass.mail; }
- { from = "tomtop@lassul.us"; to = lass.mail; }
- { from = "aliexpress@lassul.us"; to = lass.mail; }
- { from = "business@lassul.us"; to = lass.mail; }
- { from = "payeer@lassul.us"; to = lass.mail; }
- { from = "github@lassul.us"; to = lass.mail; }
- { from = "bitwala@lassul.us"; to = lass.mail; }
- { from = "bitstamp@lassul.us"; to = lass.mail; }
- { from = "bitcoin.de@lassul.us"; to = lass.mail; }
- { from = "ableton@lassul.us"; to = lass.mail; }
- { from = "dhl@lassul.us"; to = lass.mail; }
- { from = "sipgate@lassul.us"; to = lass.mail; }
- { from = "coinexchange@lassul.us"; to = lass.mail; }
- { from = "verwaltung@lassul.us"; to = lass.mail; }
- { from = "gearbest@lassul.us"; to = lass.mail; }
- { from = "binance@lassul.us"; to = lass.mail; }
- { from = "bitfinex@lassul.us"; to = lass.mail; }
- { from = "alternate@lassul.us"; to = lass.mail; }
- { from = "redacted@lassul.us"; to = lass.mail; }
- { from = "mytaxi@lassul.us"; to = lass.mail; }
- { from = "pizza@lassul.us"; to = lass.mail; }
- { from = "robinhood@lassul.us"; to = lass.mail; }
- { from = "drivenow@lassul.us"; to = lass.mail; }
- { from = "aws@lassul.us"; to = lass.mail; }
- { from = "reddit@lassul.us"; to = lass.mail; }
- { from = "banggood@lassul.us"; to = lass.mail; }
- { from = "immoscout@lassul.us"; to = lass.mail; }
- { from = "gmail@lassul.us"; to = lass.mail; }
- { from = "amazon@lassul.us"; to = lass.mail; }
- { from = "humblebundle@lassul.us"; to = lass.mail; }
- { from = "meetup@lassul.us"; to = lass.mail; }
- { from = "gebfrei@lassul.us"; to = lass.mail; }
- { from = "github@lassul.us"; to = lass.mail; }
- { from = "ovh@lassul.us"; to = lass.mail; }
- { from = "hetzner@lassul.us"; to = lass.mail; }
- { from = "allygator@lassul.us"; to = lass.mail; }
- { from = "immoscout@lassul.us"; to = lass.mail; }
- { from = "elitedangerous@lassul.us"; to = lass.mail; }
- { from = "boardgamegeek@lassul.us"; to = lass.mail; }
- { from = "qwertee@lassul.us"; to = lass.mail; }
- { from = "zazzle@lassul.us"; to = lass.mail; }
- { from = "hackbeach@lassul.us"; to = lass.mail; }
- { from = "transferwise@lassul.us"; to = lass.mail; }
- { from = "cis@lassul.us"; to = lass.mail; }
- { from = "afra@lassul.us"; to = lass.mail; }
- { from = "ksp@lassul.us"; to = lass.mail; }
- { from = "ccc@lassul.us"; to = lass.mail; }
- { from = "neocron@lassul.us"; to = lass.mail; }
- { from = "osmocom@lassul.us"; to = lass.mail; }
- { from = "lesswrong@lassul.us"; to = lass.mail; }
- { from = "nordvpn@lassul.us"; to = lass.mail; }
- { from = "csv-direct@lassul.us"; to = lass.mail; }
- { from = "nintendo@lassul.us"; to = lass.mail; }
- { from = "overleaf@lassul.us"; to = lass.mail; }
- { from = "box@lassul.us"; to = lass.mail; }
- { from = "paloalto@lassul.us"; to = lass.mail; }
- { from = "subtitles@lassul.us"; to = lass.mail; }
- { from = "lobsters@lassul.us"; to = lass.mail; }
- { from = "fysitech@lassul.us"; to = lass.mail; }
- { from = "threema@lassul.us"; to = lass.mail; }
- { from = "ubisoft@lassul.us"; to = lass.mail; }
- { from = "kottezeller@lassul.us"; to = lass.mail; }
- { from = "pie@lassul.us"; to = lass.mail; }
- { from = "vebit@lassul.us"; to = lass.mail; }
- { from = "vcvrack@lassul.us"; to = lass.mail; }
- { from = "epic@lassul.us"; to = lass.mail; }
- { from = "microsoft@lassul.us"; to = lass.mail; }
- ];
+ internet-aliases = map (from: { inherit from to; }) mails;
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
{ from = "postmaster"; to = "root"; }
diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix
index 2ec7b94d3..b23494b28 100644
--- a/lass/2configs/gg23.nix
+++ b/lass/2configs/gg23.nix
@@ -75,7 +75,6 @@ with import <stockholm/lib>;
in {
enable = true;
package = pkgs.home-assistant.override {
- python3 = pkgs.python36;
#extraComponents = [
# (pkgs.fetchgit {
# url = "https://github.com/marcschumacher/dwd_pollen";
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 6de111ba8..174c1ab5e 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -14,7 +14,7 @@ let
port 465
tls on
tls_starttls off
- tls_fingerprint 8C:10:A6:AB:1F:82:C4:8F:B1:B4:22:D5:8B:8B:49:9B:59:0B:22:A4
+ tls_fingerprint 9C:82:3B:0F:31:CE:1B:8E:96:00:CC:C9:FF:E7:BE:66:95:92:4F:22:DD:D6:2E:0E:1D:90:76:BE:8E:9E:8E:16
auth on
user lassulus
passwordeval pass show c-base/pass
@@ -217,7 +217,7 @@ let
name = "mutt";
paths = [
(pkgs.writeDashBin "mutt" ''
- exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} $@
+ exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} "$@"
'')
pkgs.neomutt
];
diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix
index eb457b7d3..f5de04616 100644
--- a/lass/2configs/mc.nix
+++ b/lass/2configs/mc.nix
@@ -228,6 +228,9 @@ let
shell/i/.divx
Include=video
+ shell/i/.rmvb
+ Include=video
+
shell/i/.mkv
Include=video
diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix
index 3c3d8e636..23cab8e6e 100644
--- a/lass/2configs/paste.nix
+++ b/lass/2configs/paste.nix
@@ -10,7 +10,9 @@ with import <stockholm/lib>;
proxy_pass http://localhost:9081;
'';
};
- services.nginx.virtualHosts.paste-readonly = {
+ services.nginx.virtualHosts."p.krebsco.de" = {
+ enableACME = true;
+ addSSL = true;
serverAliases = [ "p.krebsco.de" ];
locations."/".extraConfig = ''
if ($request_method != GET) {
diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix
index 701e5047e..eae31aec4 100644
--- a/lass/2configs/steam.nix
+++ b/lass/2configs/steam.nix
@@ -11,6 +11,7 @@
#
##TODO: make steam module
nixpkgs.config.steam.java = true;
+ hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
users.users.games.packages = [ pkgs.steam ];
diff --git a/lass/2configs/urxvt.nix b/lass/2configs/urxvt.nix
index 82f3fb2e6..7dd59e0c3 100644
--- a/lass/2configs/urxvt.nix
+++ b/lass/2configs/urxvt.nix
@@ -5,19 +5,18 @@ with import <stockholm/lib>;
services.urxvtd.enable = true;
krebs.xresources.resources.urxvt = ''
- URxvt.saveLines: 100000
- URxvt*scrollBar: false
- URxvt*urgentOnBell: true
- URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
+ URxvt.saveLines: 10000
+ URxvt.scrollBar: false
+ URxvt.urgentOnBell: true
+ URxvt.perl-ext: default,matcher
- ${optionalString (hasAttr "browser" config.lass)
- "URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select"
- }
+ URxvt.url-launcher: /run/current-system/sw/bin/browser-select
+ URxvt.matcher.pattern.1: \\bwww\\.[\\w-]+\\.[\\w./?&@#-]*[\\w/-]
- URxvt.url-select.underline: true
- URxvt.keysym.M-u: perl:url-select:select_next
- URxvt.keysym.M-Escape: perl:keyboard-select:activate
- URxvt.keysym.M-s: perl:keyboard-select:search
+ URxvt.keysym.M-Escape: perl:keyboard-select:activate
+ URxvt.keysym.M-s: perl:keyboard-select:search
+ URxvt.keysym.M-u: matcher:select
+ URxvt.keysym.M-i: matcher:list
URxvt.keysym.M-F1: command:\033]710;${config.lass.fonts.regular}\007\033]711;${config.lass.fonts.bold}\007
URxvt.keysym.M-F2: command:\033]710;xft:Monospace:size=12\007\033]711;xft:Monospace:size=15:bold\007
@@ -25,14 +24,14 @@ with import <stockholm/lib>;
URxvt.keysym.M-F4: command:\033]710;xft:Monospace:size=25\007\033]711;xft:Monospace:size=25:bold\007
URxvt.keysym.M-F5: command:\033]710;xft:Monospace:size=30\007\033]711;xft:Monospace:size=30:bold\007
- URxvt.intensityStyles: false
+ URxvt.intensityStyles: false
- URxvt*background: #000000
- URxvt*foreground: #ffffff
+ URxvt*background: #000000
+ URxvt*foreground: #ffffff
!change unreadable blue
- URxvt*color4: #268bd2
+ URxvt*color4: #268bd2
- URxvt*color0: #232342
+ URxvt*color0: #232342
'';
}
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index b9673de70..80ed12edc 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -25,6 +25,7 @@ in {
imports = [
./default.nix
./sqlBackup.nix
+ (servePage [ "aldonasiech.com" "www.aldonasiech.com" ])
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [
"freemonkey.art"
@@ -35,7 +36,6 @@ in {
"ubikmedia.de"
"apanowicz.de"
"nirwanabluete.de"
- "aldonasiech.com"
"ubikmedia.eu"
"youthtube.xyz"
"joemisch.com"
@@ -44,7 +44,6 @@ in {
"www.apanowicz.de"
"www.nirwanabluete.de"
- "www.aldonasiech.com"
"www.ubikmedia.eu"
"www.youthtube.xyz"
"www.ubikmedia.de"
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index f04f312d0..901fecfb2 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -47,7 +47,8 @@ in {
alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey};
'';
locations."/tinc/".extraConfig = ''
- alias ${config.krebs.tinc_graphs.workingDir}/external;
+ index index.html;
+ alias ${config.krebs.tinc_graphs.workingDir}/external/;
'';
locations."= /krebspage".extraConfig = ''
default_type "text/html";
@@ -60,10 +61,10 @@ in {
in ''
alias ${initscript};
'';
- locations."= /pub".extraConfig = ''
+ locations."= /blue.pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
'';
- locations."= /pub1".extraConfig = ''
+ locations."= /mors.pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey};
'';
};
@@ -93,6 +94,7 @@ in {
users.users.blog = {
uid = genid_uint31 "blog";
+ group = "nginx";
description = "lassul.us blog deployment";
home = "/srv/http/lassul.us";
useDefaultShell = true;
diff --git a/lass/2configs/xdg-open.nix b/lass/2configs/xdg-open.nix
index 824c36dc7..88ea7ba59 100644
--- a/lass/2configs/xdg-open.nix
+++ b/lass/2configs/xdg-open.nix
@@ -62,5 +62,6 @@ in {
security.sudo.extraConfig = ''
cr ALL=(lass) NOPASSWD: ${xdg-open} *
+ ff ALL=(lass) NOPASSWD: ${xdg-open} *
'';
}
diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix
index e6482c58c..9ab6b6ccb 100644
--- a/lass/2configs/yubikey.nix
+++ b/lass/2configs/yubikey.nix
@@ -2,16 +2,29 @@
{
environment.systemPackages = with pkgs; [
yubikey-personalization
+ yubikey-manager
];
services.udev.packages = with pkgs; [ yubikey-personalization ];
services.pcscd.enable = true;
+ systemd.user.sockets.gpg-agent-ssh.wantedBy = [ "sockets.target" ];
+
+ ##restart pcscd if yubikey is plugged in
+ #services.udev.extraRules = ''
+ # ACTION=="add", ATTRS{idVendor}=="04d9", ATTRS{idProduct}=="2013", RUN+="${pkgs.writeDash "restart_pcscd" ''
+ # ${pkgs.systemd}/bin/systemctl restart pcscd.service
+ # ''}"
+ #'';
environment.shellInit = ''
- if [ "$UID" -eq 1337 ]; then
+ if [ "$UID" -eq 1337 ] && [ -z "$SSH_CONNECTION" ]; then
export GPG_TTY="$(tty)"
- gpg-connect-agent /bye
+ gpg-connect-agent --quiet updatestartuptty /bye > /dev/null
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
+ if [ -z "$SSH_AUTH_SOCK" ]; then
+ export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
+ fi
+
fi
'';
@@ -19,7 +32,7 @@
ssh.startAgent = false;
gnupg.agent = {
enable = true;
- enableSSHSupport = true;
+ # enableSSHSupport = true;
};
};
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-05 20:55:47 +0000