summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/prism/config.nix57
-rw-r--r--lass/1systems/yellow/config.nix2
-rw-r--r--lass/2configs/paste.nix42
3 files changed, 100 insertions, 1 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 89a386139..421afab2a 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -305,6 +305,12 @@ with import <stockholm/lib>;
localAddress = "10.233.2.14";
};
+ services.nginx.virtualHosts."flix.r" = {
+ locations."/".extraConfig = ''
+ proxy_pass http://10.233.2.14:80/;
+ proxy_set_header Accept-Encoding "";
+ '';
+ };
services.nginx.virtualHosts."lassul.us" = {
locations."^~ /flix/".extraConfig = ''
if ($scheme != "https") {
@@ -379,7 +385,58 @@ with import <stockholm/lib>;
mountdPort = 4002;
statdPort = 4000;
};
+
+ services.samba = {
+ enable = true;
+ enableNmbd = false;
+ extraConfig = ''
+ workgroup = WORKGROUP
+ netbios name = PRISM
+ server string = ${config.networking.hostName}
+ # only allow retiolum addresses
+ hosts allow = 42::/16 10.243.0.0/16
+
+ # Use sendfile() for performance gain
+ use sendfile = true
+
+ # No NetBIOS is needed
+ disable netbios = true
+
+ # Only mangle non-valid NTFS names, don't care about DOS support
+ mangled names = illegal
+
+ # Performance optimizations
+ socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
+
+ # Disable all printing
+ load printers = false
+ disable spoolss = true
+ printcap name = /dev/null
+
+ map to guest = Bad User
+ max log size = 50
+ dns proxy = no
+ security = user
+
+ [global]
+ syslog only = yes
+ '';
+ shares.public = {
+ comment = "Warez";
+ path = "/export";
+ public = "yes";
+ "only guest" = "yes";
+ "create mask" = "0644";
+ "directory mask" = "2777";
+ writable = "no";
+ printable = "no";
+ };
+ };
+
krebs.iptables.tables.filter.INPUT.rules = [
+ # smbd
+ { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; }
+
{ predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 178a5adf1..dc3b4b566 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -164,7 +164,7 @@ with import <stockholm/lib>;
client
dev tun
proto udp
- remote 91.207.172.77 1194
+ remote 196.240.57.43 1194
resolv-retry infinite
remote-random
nobind
diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix
index 0cf62ec0b..68a55c71c 100644
--- a/lass/2configs/paste.nix
+++ b/lass/2configs/paste.nix
@@ -2,6 +2,18 @@
with import <stockholm/lib>;
{
+ services.nginx.virtualHosts.cyberlocker = {
+ serverAliases = [ "c.r" ];
+ locations."/".extraConfig = ''
+ client_max_body_size 4G;
+ proxy_set_header Host $host;
+ proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port};
+ '';
+ extraConfig = ''
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+ '';
+ };
services.nginx.virtualHosts.paste = {
serverAliases = [ "p.r" ];
locations."/".extraConfig = ''
@@ -19,6 +31,26 @@ with import <stockholm/lib>;
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
proxy_pass_header Server;
'';
+ extraConfig = ''
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+ '';
+ };
+ services.nginx.virtualHosts."c.krebsco.de" = {
+ enableACME = true;
+ addSSL = true;
+ serverAliases = [ "c.krebsco.de" ];
+ locations."/".extraConfig = ''
+ if ($request_method != GET) {
+ return 403;
+ }
+ proxy_set_header Host $host;
+ proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port};
+ '';
+ extraConfig = ''
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+ '';
};
services.nginx.virtualHosts."p.krebsco.de" = {
enableACME = true;
@@ -39,6 +71,10 @@ with import <stockholm/lib>;
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
proxy_pass_header Server;
'';
+ extraConfig = ''
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+ '';
};
krebs.htgen.paste = {
@@ -58,6 +94,12 @@ with import <stockholm/lib>;
(. ${pkgs.htgen-imgur}/bin/htgen-imgur)
'';
};
+ krebs.htgen.cyberlocker = {
+ port = 7772;
+ script = /* sh */ ''
+ (. ${pkgs.htgen-cyberlocker}/bin/htgen-cyberlocker)
+ '';
+ };
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";}
];