7 files changed, 22 insertions, 139 deletions

diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index 6cfba567a..636d6a855 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -10,7 +10,6 @@ in {
     ../2configs/os-templates/CAC-CentOS-7-64bit.nix
     ../2configs/base.nix
     ../2configs/retiolum.nix
-    ../2configs/fastpoke-pages.nix
     ../2configs/git.nix
     ../2configs/realwallpaper.nix
     {
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 1f7a13c56..9b5c92ff3 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -99,39 +99,6 @@
     #  ];
     #}
     {
-      containers.pythonenv = {
-        config = {
-          services.openssh.enable = true;
-          users.users.root.openssh.authorizedKeys.keys = [
-            config.krebs.users.lass.pubkey
-          ];
-
-          environment = {
-            systemPackages = with pkgs; [
-              git
-              libxml2
-              libxslt
-              libzip
-              python27Full
-              python27Packages.buildout
-              stdenv
-              zlib
-            ];
-
-            pathsToLink = [ "/include" ];
-
-            shellInit = ''
-              # help pip to find libz.so when building lxml
-              export LIBRARY_PATH=/var/run/current-system/sw/lib
-              # ditto for header files, e.g. sqlite
-              export C_INCLUDE_PATH=/var/run/current-system/sw/include
-            '';
-          };
-
-        };
-      };
-    }
-    {
       services.mysql = {
         enable = true;
         package = pkgs.mariadb;
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 20c919b9b..80dd8c4e9 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -77,6 +77,10 @@ in {
         device = "/dev/pool/download";
       };
 
+      fileSystems."/srv/http/o.ubikmedia.de" = {
+        device = "/dev/pool/owncloud-ubik";
+      };
+
     }
     {
       sound.enable = false;
@@ -117,7 +121,7 @@ in {
     }
     {
       users.users.chat.openssh.authorizedKeys.keys = [
-        "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH"
+        "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBQjn/3n283RZkBs2CFqbpukyQ3zkLIjewRpKttPa5d4PUiT7/vOlutWH5EP4BxXQSoeZStx8D2alGjxfK+nfDvRJGGofpm23cN4j4i24Fcam1y1H7wqRXO1qbz5AB3qPg== JuiceSSH"
         config.krebs.users.lass-uriel.pubkey
       ];
     }
@@ -130,7 +134,8 @@ in {
         ../2configs/websites/domsen.nix
       ];
       krebs.iptables.tables.filter.INPUT.rules = [
-         { predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
+         { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
+         { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
       ];
     }
     {
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 8017d4270..30ab90997 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -10,7 +10,7 @@ with config.krebs.lib;
     {
       users.extraUsers =
         mapAttrs (_: h: { hashedPassword = h; })
-                 (import /root/secrets/hashedPasswords.nix);
+                 (import <secrets/hashedPasswords.nix>);
     }
     {
       users.extraUsers = {
@@ -88,6 +88,7 @@ with config.krebs.lib;
   environment.systemPackages = with pkgs; [
   #stockholm
     git
+    gnumake
     jq
     parallel
     proot
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 115cb8b61..ccd751413 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -20,6 +20,7 @@ in {
       ];
       openssh.authorizedKeys.keys = [
         config.krebs.users.lass.pubkey
+        config.krebs.users.lass-uriel.pubkey
       ];
     };
 
diff --git a/lass/2configs/fastpoke-pages.nix b/lass/2configs/fastpoke-pages.nix
deleted file mode 100644
index bf6ea8952..000000000
--- a/lass/2configs/fastpoke-pages.nix
+++ /dev/null
@@ -1,101 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-let
-  createStaticPage = domain:
-    {
-      krebs.nginx.servers."${domain}" = {
-        server-names = [
-          "${domain}"
-          "www.${domain}"
-        ];
-        locations = [
-          (nameValuePair "/" ''
-            root /var/lib/http/${domain};
-          '')
-        ];
-      };
-      #networking.extraHosts = ''
-      #  10.243.206.102 ${domain}
-      #'';
-      users.extraUsers = {
-        ${domain} = {
-          name = domain;
-          home = "/var/lib/http/${domain}";
-          createHome = true;
-        };
-      };
-    };
-
-in {
-  imports = map createStaticPage [
-    "habsys.de"
-    "pixelpocket.de"
-    "karlaskop.de"
-    "ubikmedia.de"
-    "apanowicz.de"
-  ];
-
-  krebs.iptables = {
-    tables = {
-      filter.INPUT.rules = [
-        { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
-      ];
-    };
-  };
-
-
-  krebs.nginx = {
-    enable = true;
-    servers = {
-      #"habsys.de" = {
-      #  server-names = [
-      #    "habsys.de"
-      #    "www.habsys.de"
-      #  ];
-      #  locations = [
-      #    (nameValuePair "/" ''
-      #      root /var/lib/http/habsys.de;
-      #    '')
-      #  ];
-      #};
-
-      #"karlaskop.de" = {
-      #  server-names = [
-      #    "karlaskop.de"
-      #    "www.karlaskop.de"
-      #  ];
-      #  locations = [
-      #    (nameValuePair "/" ''
-      #      root /var/lib/http/karlaskop.de;
-      #    '')
-      #  ];
-      #};
-
-      #"pixelpocket.de" = {
-      #  server-names = [
-      #    "pixelpocket.de"
-      #    "www.karlaskop.de"
-      #  ];
-      #  locations = [
-      #    (nameValuePair "/" ''
-      #      root /var/lib/http/karlaskop.de;
-      #    '')
-      #  ];
-      #};
-
-    };
-  };
-
-  #services.postgresql = {
-  #  enable = true;
-  #};
-
-  #config.services.vsftpd = {
-  #  enable = true;
-  #  userlistEnable = true;
-  #  userlistFile = pkgs.writeFile "vsftpd-userlist" ''
-  #  '';
-  #};
-}
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 109c216c0..895146d25 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -1,6 +1,8 @@
 { config, pkgs, ... }:
 
-{
+let
+  inherit (config.krebs.lib) genid;
+in {
   imports = [
     ../../3modules/static_nginx.nix
     ../../3modules/owncloud_nginx.nix
@@ -26,6 +28,15 @@
     rootPassword = toString (<secrets/mysql_rootPassword>);
   };
 
+  users.users.domsen = {
+    uid = genid "domsen";
+    description = "maintenance acc for domsen";
+    home = "/home/domsen";
+    useDefaultShell = true;
+    extraGroups = [ "nginx" ];
+    createHome = true;
+  };
+
   #lass.wordpress = {
   #  "ubikmedia.de" = {
   #  };