summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/prism.nix2
-rw-r--r--lass/2configs/audit.nix9
-rw-r--r--lass/2configs/buildbot-standalone.nix8
-rw-r--r--lass/2configs/default.nix11
-rw-r--r--lass/2configs/nixpkgs.nix4
-rw-r--r--lass/2configs/websites/fritz.nix14
6 files changed, 36 insertions, 12 deletions
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 77d72a5ac..1bc8d5744 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -226,7 +226,7 @@ in {
{
users.users.tv = {
uid = genid "tv";
- home = "/home/tv";
+ inherit (config.krebs.users.tv) home;
group = "users";
createHome = true;
useDefaultShell = true;
diff --git a/lass/2configs/audit.nix b/lass/2configs/audit.nix
new file mode 100644
index 000000000..644741a5b
--- /dev/null
+++ b/lass/2configs/audit.nix
@@ -0,0 +1,9 @@
+{ ... }:
+
+{
+ security.audit = {
+ rules = [
+ "-a task,never"
+ ];
+ };
+}
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 4c63d857c..5afb23687 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -86,17 +86,17 @@ in {
["make \
test \
ssh=${sshWrapper} \
- target=build@localhost:${config.users.users.build.home}/testbuild \
+ target=build@localhost${config.users.users.build.home}/testbuild \
method=build \
system={}".format(i)])
- for i in [ "pornocauster", "wry" ]:
+ for i in [ "pornocauster", "wry", "vbob", "wbob", "shoney" ]:
addShell(f,name="build-{}".format(i),env=env_makefu,
command=nixshell + \
["make \
test \
ssh=${sshWrapper} \
- target=build@localhost:${config.users.users.build.home}/testbuild \
+ target=build@localhost${config.users.users.build.home}/testbuild \
method=build \
system={}".format(i)])
@@ -147,7 +147,7 @@ in {
password = "lasspass";
packages = with pkgs; [ gnumake jq nix populate ];
extraEnviron = {
- NIX_PATH="nixpkgs=/var/src/nixpkgs";
+ NIX_PATH="/var/src";
};
};
config.krebs.iptables = {
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 81abff3ed..622ef1185 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -3,13 +3,14 @@
with config.krebs.lib;
{
imports = [
- ../2configs/vim.nix
- ../2configs/zsh.nix
- ../2configs/mc.nix
- ../2configs/retiolum.nix
- ../2configs/nixpkgs.nix
+ ../2configs/audit.nix
../2configs/binary-cache/client.nix
../2configs/gc.nix
+ ../2configs/mc.nix
+ ../2configs/nixpkgs.nix
+ ../2configs/retiolum.nix
+ ../2configs/vim.nix
+ ../2configs/zsh.nix
./backups.nix
{
users.extraUsers =
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 0f940a369..931aabf08 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -1,8 +1,8 @@
{ ... }:
{
- krebs.build.source.nixpkgs = {
+ krebs.build.source.nixpkgs.git = {
url = https://github.com/lassulus/nixpkgs;
- rev = "446d4c1fc10f53cf97abea1996d067ad93de2ded";
+ ref = "11a7899222929b6eb0951f7a1c0182f65b3b4637";
};
}
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 39f0cce06..48d96b1bf 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -7,6 +7,7 @@ let
head
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
+ manageCerts
ssl
servePage
serveWordpress
@@ -48,6 +49,9 @@ in {
(ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
(servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
+
+ (manageCerts [ "goldbarrendiebstahl.radical-dreamers.de" ])
+ (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
];
lass.mysqlBackup.config.all.databases = [
@@ -74,6 +78,16 @@ in {
config.krebs.users.fritz.pubkey
];
+ users.users.goldbarrendiebstahl = {
+ home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de";
+ uid = genid "goldbarrendiebstahl";
+ createHome = true;
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.fritz.pubkey
+ ];
+ };
+
services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
options = ''
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so