summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/daedalus/config.nix2
-rw-r--r--lass/1systems/mors/config.nix31
-rw-r--r--lass/1systems/mors/physical.nix2
-rw-r--r--lass/1systems/prism/config.nix15
-rw-r--r--lass/2configs/browsers.nix1
-rw-r--r--lass/2configs/codimd.nix28
-rw-r--r--lass/2configs/exim-smarthost.nix3
-rw-r--r--lass/2configs/network-manager.nix2
-rw-r--r--lass/2configs/radio.nix22
-rw-r--r--lass/2configs/retiolum.nix4
-rw-r--r--lass/2configs/syncthing.nix11
-rw-r--r--lass/2configs/websites/domsen.nix47
12 files changed, 146 insertions, 22 deletions
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index 6e3df12f0..df8868034 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -57,6 +57,8 @@ with import <stockholm/lib>;
{
krebs.per-user.bitcoin.packages = [
pkgs.electrum
+ pkgs.electron-cash
+ pkgs.altcoins.litecoin
];
users.extraUsers = {
bitcoin = {
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index f911b79d6..5076beeef 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -49,14 +49,31 @@ with import <stockholm/lib>;
];
}
{
- krebs.syncthing.folders."the_playlist" = {
- path = "/home/lass/tmp/the_playlist";
- peers = [ "mors" "phone" "prism" ];
+ krebs.syncthing = {
+ peers.schasch.addresses = [ "schasch.r:22000" ];
+ folders = {
+ the_playlist = {
+ path = "/home/lass/tmp/the_playlist";
+ peers = [ "mors" "phone" "prism" ];
+ };
+ free_music = {
+ id = "mu9mn-zgvsw";
+ path = "/home/lass/tmp/free_music";
+ peers = [ "mors" "schasch" ];
+ };
+ };
};
- krebs.permown."/home/lass/tmp/the_playlist" = {
- owner = "lass";
- group = "syncthing";
- umask = "0007";
+ krebs.permown = {
+ "/home/lass/tmp/free_music" = {
+ owner = "lass";
+ group = "syncthing";
+ umask = "0007";
+ };
+ "/home/lass/tmp/the_playlist" = {
+ owner = "lass";
+ group = "syncthing";
+ umask = "0007";
+ };
};
}
{
diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix
index 25425f146..6828d70de 100644
--- a/lass/1systems/mors/physical.nix
+++ b/lass/1systems/mors/physical.nix
@@ -22,7 +22,7 @@
};
services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:72:f4:88", NAME="wl0"
+ SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:c4:7a:f1", NAME="et0"
'';
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index d7b0b701a..eec8e34b8 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -195,6 +195,7 @@ with import <stockholm/lib>;
};
}
<stockholm/lass/2configs/minecraft.nix>
+ <stockholm/lass/2configs/codimd.nix>
{
services.taskserver = {
enable = true;
@@ -382,7 +383,7 @@ with import <stockholm/lib>;
'';
fileSystems."/export/download" = {
- device = "/var/lib/containers/yellow/var/download";
+ device = "/var/lib/containers/yellow/var/download/finished";
options = [ "bind" ];
};
services.nfs.server = {
@@ -395,6 +396,12 @@ with import <stockholm/lib>;
statdPort = 4000;
};
krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
@@ -456,4 +463,10 @@ with import <stockholm/lib>;
enable = true;
freeMemThreshold = 5;
};
+
+ # prism rsa hack
+ services.openssh.hostKeys = [{
+ path = toString <secrets> + "ssh.id_rsa";
+ type = "rsa";
+ }];
}
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index d214e224d..c0085995d 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -66,7 +66,6 @@ in {
extensions = [
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
"dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
- "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold
];
};
diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix
new file mode 100644
index 000000000..5f802148b
--- /dev/null
+++ b/lass/2configs/codimd.nix
@@ -0,0 +1,28 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+ services.nginx.virtualHosts.codimd = {
+ enableACME = true;
+ addSSL = true;
+ serverName = "codi.lassul.us";
+ locations."/".extraConfig = ''
+ client_max_body_size 4G;
+ proxy_set_header Host $host;
+ proxy_pass http://localhost:3091;
+ '';
+ };
+
+ services.codimd = {
+ enable = true;
+ configuration = {
+ db = {
+ dialect = "sqlite";
+ storage = "/var/lib/codimd/db.codimd.sqlite";
+ useCDN = false;
+ };
+ port = 3091;
+ };
+ };
+}
+
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 4216bd67a..d1e6b195b 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -103,6 +103,9 @@ with import <stockholm/lib>;
{ from = "lobsters@lassul.us"; to = lass.mail; }
{ from = "fysitech@lassul.us"; to = lass.mail; }
{ from = "threema@lassul.us"; to = lass.mail; }
+ { from = "ubisoft@lassul.us"; to = lass.mail; }
+ { from = "kottezeller@lassul.us"; to = lass.mail; }
+ { from = "pie@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix
index 5b890b591..ab27eb841 100644
--- a/lass/2configs/network-manager.nix
+++ b/lass/2configs/network-manager.nix
@@ -15,6 +15,8 @@
};
};
networking.networkmanager = {
+ ethernet.macAddress = "random";
+ wifi.macAddress = "random";
enable = true;
unmanaged = [
"docker*"
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 88899c554..b4efd42fc 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -97,12 +97,17 @@ in {
services.icecast = {
enable = true;
- hostname = "config.krebs.build.host.name";
+ hostname = "radio.lassul.us";
admin.password = admin-password;
extraConf = ''
- <authentication>
- <source-password>${source-password}</source-password>
- </authentication>
+ <mount>
+ <mount-name>/radio.mp3</mount-name>
+ <password>${source-password}</password>
+ </mount>
+ <mount>
+ <mount-name>/radio.ogg</mount-name>
+ <password>${source-password}</password>
+ </mount>
'';
};
@@ -194,8 +199,8 @@ in {
workdir = config.krebs.reaktor2.the_playlist.stateDir;
hooks.PRIVMSG = [
{
- activate = "match";
- pattern = ''!([^ ]+)(?:\s*(.*))?'';
+ #activate = "match";
+ pattern = "^\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$";
command = 1;
arguments = [2];
commands = {
@@ -218,6 +223,11 @@ in {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Server $host;
+ proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:8000;
'';
locations."/recent".extraConfig = ''
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index fb76c5735..9932f8172 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -20,8 +20,10 @@
"prism"
"gum"
"ni"
- "dishfire"
];
+ extraConfig = ''
+ LocalDiscovery = yes
+ '';
};
nixpkgs.config.packageOverrides = pkgs: {
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index 48f2625c1..d4df17b9a 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -1,5 +1,7 @@
{ config, pkgs, ... }: with import <stockholm/lib>; let
- peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
+ all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
+ own_peers = filterAttrs (n: v: v.owner.name == "lass") all_peers;
+ mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
in {
services.syncthing = {
enable = true;
@@ -14,8 +16,8 @@ in {
enable = true;
cert = toString <secrets/syncthing.cert>;
key = toString <secrets/syncthing.key>;
- peers = peers;
- folders."/home/lass/sync".peers = attrNames peers;
+ peers = mk_peers all_peers;
+ folders."/home/lass/sync".peers = attrNames (filterAttrs (n: v: n != "phone") own_peers);
};
system.activationScripts.syncthing-home = ''
@@ -23,8 +25,9 @@ in {
'';
krebs.permown."/home/lass/sync" = {
+ file-mode = "u+rw,g+rw";
owner = "lass";
group = "syncthing";
- umask = "0007";
+ umask = "0002";
};
}
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 2131c7c62..9980e0501 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -26,6 +26,7 @@ in {
./default.nix
./sqlBackup.nix
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
+ (servePage [ "jarugadesign.de" "www.jarugadesign.de" ])
(servePage [
"freemonkey.art"
"www.freemonkey.art"
@@ -93,6 +94,7 @@ in {
hostName = "o.xanf.org";
config = {
adminpassFile = toString <secrets> + "/nextcloud_pw";
+ overwriteProtocol = "https";
};
https = true;
nginx.enable = true;
@@ -141,6 +143,7 @@ in {
{ from = "akayguen@freemonkey.art"; to ="akayguen"; }
{ from = "bui@freemonkey.art"; to ="bui"; }
{ from = "kontakt@alewis.de"; to ="klabusterbeere"; }
+ { from = "hallo@jarugadesign.de"; to ="kasia"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
{ from = "testuser@ubikmedia.eu"; to = "testuser"; }
@@ -150,6 +153,7 @@ in {
"ubikmedia.eu"
"ubikmedia.de"
"alewis.de"
+ "jarugadesign.de"
];
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
ssl_key = "/var/lib/acme/lassul.us/key.pem";
@@ -234,7 +238,18 @@ in {
createHome = true;
};
- krebs.on-failure.plans.restic-backups-domsen = {};
+ users.users.kasia = {
+ uid = genid_uint31 "kasia";
+ home = "/home/kasia";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
+ krebs.on-failure.plans.restic-backups-domsen = {
+ journalctl = {
+ lines = 1000;
+ };
+ };
services.restic.backups.domsen = {
initialize = true;
extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
@@ -247,11 +262,41 @@ in {
"/home/ms/Mail"
"/home/klabusterbeere/Mail"
"/home/jms/Mail"
+ "/home/kasia/Mail"
"/home/bruno/Mail"
"/home/akayguen/Mail"
"/backups/sql_dumps"
];
};
+ boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576";
+ krebs.permown = {
+ "/srv/http/ubikmedia.de" = {
+ owner = "domsen";
+ group = "nginx";
+ umask = "0007";
+ };
+ "/srv/http/o.ubikmedia.de" = {
+ owner = "domsen";
+ group = "nginx";
+ umask = "0007";
+ };
+ "/srv/http/freemonkey.art" = {
+ owner = "domsen";
+ group = "nginx";
+ umask = "0002";
+ };
+ "/srv/http/jarugadesign.de" = {
+ owner = "domsen";
+ group = "nginx";
+ umask = "0002";
+ };
+ "/srv/http/reich-gebaeudereinigung.de" = {
+ owner = "domsen";
+ group = "nginx";
+ umask = "0002";
+ };
+ };
+
}