diff options
Diffstat (limited to 'lass')
-rw-r--r-- | lass/1systems/prism/config.nix | 57 | ||||
-rw-r--r-- | lass/1systems/yellow/config.nix | 2 | ||||
-rw-r--r-- | lass/2configs/paste.nix | 42 |
3 files changed, 100 insertions, 1 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 89a386139..421afab2a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -305,6 +305,12 @@ with import <stockholm/lib>; localAddress = "10.233.2.14"; }; + services.nginx.virtualHosts."flix.r" = { + locations."/".extraConfig = '' + proxy_pass http://10.233.2.14:80/; + proxy_set_header Accept-Encoding ""; + ''; + }; services.nginx.virtualHosts."lassul.us" = { locations."^~ /flix/".extraConfig = '' if ($scheme != "https") { @@ -379,7 +385,58 @@ with import <stockholm/lib>; mountdPort = 4002; statdPort = 4000; }; + + services.samba = { + enable = true; + enableNmbd = false; + extraConfig = '' + workgroup = WORKGROUP + netbios name = PRISM + server string = ${config.networking.hostName} + # only allow retiolum addresses + hosts allow = 42::/16 10.243.0.0/16 + + # Use sendfile() for performance gain + use sendfile = true + + # No NetBIOS is needed + disable netbios = true + + # Only mangle non-valid NTFS names, don't care about DOS support + mangled names = illegal + + # Performance optimizations + socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 + + # Disable all printing + load printers = false + disable spoolss = true + printcap name = /dev/null + + map to guest = Bad User + max log size = 50 + dns proxy = no + security = user + + [global] + syslog only = yes + ''; + shares.public = { + comment = "Warez"; + path = "/export"; + public = "yes"; + "only guest" = "yes"; + "create mask" = "0644"; + "directory mask" = "2777"; + writable = "no"; + printable = "no"; + }; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + # smbd + { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 178a5adf1..dc3b4b566 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -164,7 +164,7 @@ with import <stockholm/lib>; client dev tun proto udp - remote 91.207.172.77 1194 + remote 196.240.57.43 1194 resolv-retry infinite remote-random nobind diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index 0cf62ec0b..68a55c71c 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -2,6 +2,18 @@ with import <stockholm/lib>; { + services.nginx.virtualHosts.cyberlocker = { + serverAliases = [ "c.r" ]; + locations."/".extraConfig = '' + client_max_body_size 4G; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port}; + ''; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + ''; + }; services.nginx.virtualHosts.paste = { serverAliases = [ "p.r" ]; locations."/".extraConfig = '' @@ -19,6 +31,26 @@ with import <stockholm/lib>; proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port}; proxy_pass_header Server; ''; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + ''; + }; + services.nginx.virtualHosts."c.krebsco.de" = { + enableACME = true; + addSSL = true; + serverAliases = [ "c.krebsco.de" ]; + locations."/".extraConfig = '' + if ($request_method != GET) { + return 403; + } + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port}; + ''; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + ''; }; services.nginx.virtualHosts."p.krebsco.de" = { enableACME = true; @@ -39,6 +71,10 @@ with import <stockholm/lib>; proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port}; proxy_pass_header Server; ''; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + ''; }; krebs.htgen.paste = { @@ -58,6 +94,12 @@ with import <stockholm/lib>; (. ${pkgs.htgen-imgur}/bin/htgen-imgur) ''; }; + krebs.htgen.cyberlocker = { + port = 7772; + script = /* sh */ '' + (. ${pkgs.htgen-cyberlocker}/bin/htgen-cyberlocker) + ''; + }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";} ]; |