summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/cloudkrebs.nix4
-rw-r--r--lass/1systems/dishfire.nix27
-rw-r--r--lass/1systems/echelon.nix3
-rw-r--r--lass/1systems/helios.nix1
-rw-r--r--lass/1systems/mors.nix135
-rw-r--r--lass/1systems/prism.nix32
-rw-r--r--lass/1systems/uriel.nix6
-rw-r--r--lass/2configs/backups.nix111
-rw-r--r--lass/2configs/baseX.nix3
-rw-r--r--lass/2configs/buildbot-standalone.nix55
-rw-r--r--lass/2configs/default.nix (renamed from lass/2configs/base.nix)27
-rw-r--r--lass/2configs/downloading.nix1
-rw-r--r--lass/2configs/exim-retiolum.nix14
-rw-r--r--lass/2configs/exim-smarthost.nix53
-rw-r--r--lass/2configs/fastpoke-pages.nix101
-rw-r--r--lass/2configs/games.nix2
-rw-r--r--lass/2configs/krebs-pass.nix21
-rw-r--r--lass/2configs/mail.nix95
-rw-r--r--lass/2configs/newsbot-js.nix1
-rw-r--r--lass/2configs/pass.nix3
-rw-r--r--lass/2configs/websites/domsen.nix85
-rw-r--r--lass/2configs/websites/fritz.nix69
-rw-r--r--lass/2configs/websites/wohnprojekt-rhh.de.nix17
-rw-r--r--lass/2configs/xserver/default.nix12
-rw-r--r--lass/3modules/default.nix4
-rw-r--r--lass/3modules/mysql-backup.nix86
-rw-r--r--lass/4lib/default.nix225
-rw-r--r--lass/5pkgs/acronym/default.nix11
-rw-r--r--lass/5pkgs/default.nix2
-rw-r--r--lass/5pkgs/mk_sql_pair/default.nix19
-rw-r--r--lass/5pkgs/urban/default.nix21
-rw-r--r--lass/5pkgs/xmonad-lass/Main.hs144
-rw-r--r--lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs52
33 files changed, 972 insertions, 470 deletions
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index 6cfba567a..1bfb11502 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -8,9 +8,9 @@ in {
imports = [
../.
../2configs/os-templates/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
+ ../2configs/default.nix
+ ../2configs/exim-retiolum.nix
../2configs/retiolum.nix
- ../2configs/fastpoke-pages.nix
../2configs/git.nix
../2configs/realwallpaper.nix
{
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index c7d016cd3..b5e551952 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -4,9 +4,9 @@
imports = [
../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
- ../2configs/base.nix
+ ../2configs/default.nix
+ ../2configs/exim-retiolum.nix
../2configs/git.nix
- ../2configs/websites/fritz.nix
{
boot.loader.grub = {
device = "/dev/vda";
@@ -26,10 +26,19 @@
fsType = "ext4";
};
+ fileSystems."/srv/http" = {
+ device = "/dev/pool/srv_http";
+ fsType = "ext4";
+ };
+
fileSystems."/boot" = {
device = "/dev/vda1";
fsType = "ext4";
};
+ fileSystems."/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "ext4";
+ };
}
{
networking.dhcpcd.allowInterfaces = [
@@ -40,6 +49,20 @@
{
sound.enable = false;
}
+ {
+ environment.systemPackages = with pkgs; [
+ mk_sql_pair
+ ];
+ }
+ {
+ imports = [
+ ../2configs/websites/fritz.nix
+ ];
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.dishfire;
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index 80611ee80..97734a7bd 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -8,7 +8,8 @@ in {
imports = [
../.
../2configs/os-templates/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
+ ../2configs/default.nix
+ ../2configs/exim-retiolum.nix
../2configs/retiolum.nix
../2configs/realwallpaper-server.nix
../2configs/privoxy-retiolum.nix
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index cc98c2c5b..0c7c0d8e3 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -5,6 +5,7 @@ with builtins;
imports = [
../.
../2configs/baseX.nix
+ ../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/programs.nix
../2configs/git.nix
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 1f7a13c56..39225abf5 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -4,6 +4,7 @@
imports = [
../.
../2configs/baseX.nix
+ ../2configs/exim-retiolum.nix
../2configs/programs.nix
../2configs/bitcoin.nix
../2configs/browsers.nix
@@ -26,6 +27,8 @@
../2configs/libvirt.nix
../2configs/fetchWallpaper.nix
../2configs/cbase.nix
+ ../2configs/mail.nix
+ ../2configs/krebs-pass.nix
#../2configs/buildbot-standalone.nix
{
#risk of rain port
@@ -33,124 +36,28 @@
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
];
}
- {
- #static-nginx-test
- imports = [
- ../3modules/static_nginx.nix
- ];
- lass.staticPage."testserver.de" = {
- #sslEnable = true;
- #certificate = "${toString <secrets>}/testserver.de/server.cert";
- #certificate_key = "${toString <secrets>}/testserver.de/server.pem";
- ssl = {
- enable = true;
- certificate = "${toString <secrets>}/testserver.de/server.cert";
- certificate_key = "${toString <secrets>}/testserver.de/server.pem";
- };
- };
- networking.extraHosts = ''
- 10.243.0.2 testserver.de
- '';
- }
#{
- # #wordpress-test
- # #imports = singleton (sitesGenerators.createWordpress "testserver.de");
- # imports = [
- # ../3modules/wordpress_nginx.nix
- # ];
- # lass.wordpress."testserver.de" = {
- # multiSite = {
- # "1" = "testserver.de";
- # "2" = "bla.testserver.de";
- # };
- # };
-
# services.mysql = {
# enable = true;
# package = pkgs.mariadb;
# rootPassword = "<secrets>/mysql_rootPassword";
# };
- # networking.extraHosts = ''
- # 10.243.0.2 testserver.de
- # '';
- # krebs.iptables.tables.filter.INPUT.rules = [
- # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
- # ];
#}
#{
- # #owncloud-test
- # #imports = singleton (sitesGenerators.createWordpress "testserver.de");
- # imports = [
- # ../3modules/owncloud_nginx.nix
- # ];
- # lass.owncloud."owncloud-test.de" = {
+ # services.elasticsearch = {
+ # enable = true;
+ # plugins = [
+ # # pkgs.elasticsearchPlugins.elasticsearch_kopf
+ # ];
+ # };
+ #}
+ #{
+ # services.postgresql = {
+ # enable = true;
+ # package = pkgs.postgresql;
# };
-
- # #services.mysql = {
- # # enable = true;
- # # package = pkgs.mariadb;
- # # rootPassword = "<secrets>/mysql_rootPassword";
- # #};
- # networking.extraHosts = ''
- # 10.243.0.2 owncloud-test.de
- # '';
- # krebs.iptables.tables.filter.INPUT.rules = [
- # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
- # ];
#}
{
- containers.pythonenv = {
- config = {
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
-
- environment = {
- systemPackages = with pkgs; [
- git
- libxml2
- libxslt
- libzip
- python27Full
- python27Packages.buildout
- stdenv
- zlib
- ];
-
- pathsToLink = [ "/include" ];
-
- shellInit = ''
- # help pip to find libz.so when building lxml
- export LIBRARY_PATH=/var/run/current-system/sw/lib
- # ditto for header files, e.g. sqlite
- export C_INCLUDE_PATH=/var/run/current-system/sw/include
- '';
- };
-
- };
- };
- }
- {
- services.mysql = {
- enable = true;
- package = pkgs.mariadb;
- rootPassword = "<secrets>/mysql_rootPassword";
- };
- }
- {
- services.elasticsearch = {
- enable = true;
- plugins = [
- # pkgs.elasticsearchPlugins.elasticsearch_kopf
- ];
- };
- }
- {
- services.postgresql = {
- enable = true;
- package = pkgs.postgresql;
- };
}
];
@@ -158,15 +65,6 @@
networking.wireless.enable = true;
- networking.extraHosts = ''
- 213.239.205.240 wohnprojekt-rhh.de
- 213.239.205.240 karlaskop.de
- 213.239.205.240 makeup.apanowicz.de
- 213.239.205.240 pixelpocket.de
- 213.239.205.240 reich-gebaeudereinigung.de
- 213.239.205.240 o.ubikmedia.de
- '';
-
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
@@ -206,7 +104,7 @@
fsType = "ext4";
};
- "/mnt/backups" = {
+ "/bku" = {
device = "/dev/big/backups";
fsType = "ext4";
};
@@ -293,6 +191,9 @@
get
teamspeak_client
hashPassword
+ urban
+ mk_sql_pair
+ skype
];
#TODO: fix this shit
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 20c919b9b..4c0b4e690 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -5,12 +5,24 @@ let
in {
imports = [
../.
- ../2configs/base.nix
+ ../2configs/default.nix
+ ../2configs/exim-smarthost.nix
../2configs/downloading.nix
../2configs/git.nix
../2configs/ts3.nix
../2configs/bitlbee.nix
../2configs/weechat.nix
+ ../2configs/privoxy-retiolum.nix
+ {
+ #we need to use old sqlite for buildbot
+ imports = [
+ ../2configs/buildbot-standalone.nix
+ ];
+ krebs.build.source.nixpkgs = lib.mkForce {
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "0d05f172b27e94d9eea3257f42d7e03371e63acc";
+ };
+ }
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
@@ -77,6 +89,18 @@ in {
device = "/dev/pool/download";
};
+ fileSystems."/srv/http" = {
+ device = "/dev/pool/http";
+ };
+
+ fileSystems."/srv/o.ubikmedia.de-data" = {
+ device = "/dev/pool/owncloud-ubik-data";
+ };
+
+ fileSystems."/bku" = {
+ device = "/dev/pool/bku";
+ };
+
}
{
sound.enable = false;
@@ -117,7 +141,7 @@ in {
}
{
users.users.chat.openssh.authorizedKeys.keys = [
- "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH"
+ "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBQjn/3n283RZkBs2CFqbpukyQ3zkLIjewRpKttPa5d4PUiT7/vOlutWH5EP4BxXQSoeZStx8D2alGjxfK+nfDvRJGGofpm23cN4j4i24Fcam1y1H7wqRXO1qbz5AB3qPg== JuiceSSH"
config.krebs.users.lass-uriel.pubkey
];
}
@@ -130,13 +154,13 @@ in {
../2configs/websites/domsen.nix
];
krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
];
}
{
services.tor = {
enable = true;
- client.enable = true;
};
}
];
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 4e4eca21f..92996c181 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -5,6 +5,7 @@ with builtins;
imports = [
../.
../2configs/baseX.nix
+ ../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/games.nix
../2configs/pass.nix
@@ -47,6 +48,11 @@ with builtins;
fsType = "ext4";
};
+ "/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "ext4";
+ };
+
"/boot" = {
device = "/dev/sda1";
};
diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix
new file mode 100644
index 000000000..81dd14ebd
--- /dev/null
+++ b/lass/2configs/backups.nix
@@ -0,0 +1,111 @@
+{ config, lib, ... }:
+with config.krebs.lib;
+{
+
+ krebs.backup.plans = {
+ } // mapAttrs (_: recursiveUpdate {
+ snapshots = {
+ daily = { format = "%Y-%m-%d"; retain = 7; };
+ weekly = { format = "%YW%W"; retain = 4; };
+ monthly = { format = "%Y-%m"; retain = 12; };
+ yearly = { format = "%Y"; };
+ };
+ }) {
+ dishfire-http-prism = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; };
+ startAt = "03:00";
+ };
+ dishfire-http-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; };
+ startAt = "03:05";
+ };
+ dishfire-http-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-http"; };
+ startAt = "03:10";
+ };
+ dishfire-sql-prism = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; };
+ startAt = "03:15";
+ };
+ dishfire-sql-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; };
+ startAt = "03:20";
+ };
+ dishfire-sql-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-sql"; };
+ startAt = "03:25";
+ };
+ prism-bitlbee-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; };
+ startAt = "03:25";
+ };
+ prism-bitlbee-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-bitlbee"; };
+ startAt = "03:25";
+ };
+ prism-chat-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
+ startAt = "03:30";
+ };
+ prism-chat-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; };
+ startAt = "03:35";
+ };
+ prism-sql-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
+ startAt = "03:40";
+ };
+ prism-sql-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; };
+ startAt = "03:45";
+ };
+ prism-http-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
+ startAt = "03:50";
+ };
+ prism-http-uriel = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; };
+ startAt = "03:55";
+ };
+ uriel-home-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.uriel; path = "/home"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/uriel-home"; };
+ startAt = "04:00";
+ };
+ mors-home-uriel = {
+ method = "push";
+ src = { host = config.krebs.hosts.mors; path = "/home"; };
+ dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; };
+ startAt = "05:00";
+ };
+ };
+}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 6c52240af..79fc4744f 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -4,7 +4,7 @@ let
mainUser = config.users.extraUsers.mainUser;
in {
imports = [
- ./base.nix
+ ./default.nix
#./urxvt.nix
./xserver
];
@@ -39,6 +39,7 @@ in {
push
slock
sxiv
+ xclip
xorg.xbacklight
xsel
zathura
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 8c71553fe..604d0728d 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -1,15 +1,16 @@
{ lib, config, pkgs, ... }:
{
- #networking.firewall.allowedTCPPorts = [ 8010 9989 ];
- krebs.buildbot.master = {
+ krebs.buildbot.master = let
+ stockholm-mirror-url = http://cgit.prism/stockholm ;
+ in {
slaves = {
testslave = "lasspass";
};
change_source.stockholm = ''
- stockholm_repo = 'http://cgit.mors/stockholm'
+ stockholm_repo = '${stockholm-mirror-url}'
cs.append(changes.GitPoller(
stockholm_repo,
- workdir='stockholm-poller', branch='master',
+ workdir='stockholm-poller', branches=True,
project='stockholm',
pollinterval=120))
'';
@@ -20,10 +21,12 @@
builderNames=["fast-tests"]))
'';
fast-tests-scheduler = ''
- # test the master real quick
+ # test everything real quick
sched.append(schedulers.SingleBranchScheduler(
- change_filter=util.ChangeFilter(branch="master"),
- name="fast-master-test",
+ ## all branches
+ change_filter=util.ChangeFilter(branch_re=".*"),
+ # treeStableTimer=10,
+ name="fast-all-branches",
builderNames=["fast-tests"]))
'';
};
@@ -38,7 +41,10 @@
deps = [ "gnumake", "jq","nix","rsync" ]
# TODO: --pure , prepare ENV in nix-shell command:
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
- nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
+ nixshell = ["nix-shell",
+ "-I", "stockholm=.",
+ "-I", "nixpkgs=/var/src/nixpkgs",
+ "-p" ] + deps + [ "--run" ]
# prepare addShell function
def addShell(factory,**kwargs):
@@ -48,13 +54,26 @@
fast-tests = ''
f = util.BuildFactory()
f.addStep(grab_repo)
- addShell(f,name="mors-eval",env=env,
- command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"])
+ for i in [ "prism", "mors", "echelon" ]:
+ addShell(f,name="populate-{}".format(i),env=env,
+ command=nixshell + \
+ ["{}( make system={} eval.config.krebs.build.populate \
+ | jq -er .)".format("!" if "failing" in i else "",i)])
+
+ addShell(f,name="build-test-minimal",env=env,
+ command=nixshell + \
+ ["nix-instantiate \
+ --show-trace --eval --strict --json \
+ -I nixos-config=./shared/1systems/test-minimal-deploy.nix \
+ -I secrets=. \
+ -A config.system.build.toplevel"]
+ )
bu.append(util.BuilderConfig(name="fast-tests",
slavenames=slavenames,
factory=f))
- '';
+
+ '';
};
enable = true;
web.enable = true;
@@ -72,7 +91,17 @@
masterhost = "localhost";
username = "testslave";
password = "lasspass";
- packages = with pkgs;[ git nix ];
- extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
+ packages = with pkgs;[ git nix gnumake jq rsync ];
+ extraEnviron = {
+ NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix";
+ };
+ };
+ krebs.iptables = {
+ tables = {
+ filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 9989"; target = "ACCEPT"; }
+ ];
+ };
};
}
diff --git a/lass/2configs/base.nix b/lass/2configs/default.nix
index 8017d4270..2f6ffa18e 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/default.nix
@@ -7,10 +7,11 @@ with config.krebs.lib;
../2configs/zsh.nix
../2configs/mc.nix
../2configs/retiolum.nix
+ ./backups.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
- (import /root/secrets/hashedPasswords.nix);
+ (import <secrets/hashedPasswords.nix>);
}
{
users.extraUsers = {
@@ -18,7 +19,6 @@ with config.krebs.lib;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-uriel.pubkey
- config.krebs.users.lass-helios.pubkey
];
};
mainUser = {
@@ -45,7 +45,6 @@ with config.krebs.lib;
krebs = {
enable = true;
search-domain = "retiolum";
- exim-retiolum.enable = true;
build = {
user = config.krebs.users.lass;
source = mapAttrs (_: mkDefault) ({
@@ -55,7 +54,7 @@ with config.krebs.lib;
stockholm = "/home/lass/stockholm";
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
- rev = "40c586b7ce2c559374df435f46d673baf711c543";
+ rev = "e781a8257b4312f6b138c7d0511c77d8c06ed819";
dev = "/home/lass/src/nixpkgs";
};
} // optionalAttrs config.krebs.build.host.secure {
@@ -85,9 +84,12 @@ with config.krebs.lib;
MANPAGER=most
'';
+ nixpkgs.config.allowUnfree = true;
+
environment.systemPackages = with pkgs; [
#stockholm
git
+ gnumake
jq
parallel
proot
@@ -102,12 +104,18 @@ with config.krebs.lib;
#network
iptables
+ iftop
#stuff for dl
aria2
#neat utils
krebspaste
+
+ #unpack stuff
+ p7zip
+ unzip
+ unrar
];
programs.bash = {
@@ -145,10 +153,6 @@ with config.krebs.lib;
'';
};
- security.setuidPrograms = [
- "sendmail"
- ];
-
services.openssh = {
enable = true;
hostKeys = [
@@ -165,6 +169,13 @@ with config.krebs.lib;
krebs.iptables = {
enable = true;
tables = {
+ nat.PREROUTING.rules = [
+ { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
+ { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
+ ];
+ nat.OUTPUT.rules = [
+ { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
+ ];
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 115cb8b61..ccd751413 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -20,6 +20,7 @@ in {
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
+ config.krebs.users.lass-uriel.pubkey
];
};
diff --git a/lass/2configs/exim-retiolum.nix b/lass/2configs/exim-retiolum.nix
new file mode 100644
index 000000000..ea2f553b8
--- /dev/null
+++ b/lass/2configs/exim-retiolum.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }: