From 1d37fba51e4f4fbb7fe7acccc11e2b2ac5dcc5b7 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 20 Apr 2018 23:33:09 +0200
Subject: l reaktor-coders: /j #panthermoderns

---
 lass/2configs/reaktor-coders.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
index 5fa1611ae..922cd79cb 100644
--- a/lass/2configs/reaktor-coders.nix
+++ b/lass/2configs/reaktor-coders.nix
@@ -4,7 +4,7 @@ with import <stockholm/lib>;
 {
   krebs.Reaktor.coders = {
     nickname = "Reaktor|lass";
-    channels = [ "#coders" "#germany" ];
+    channels = [ "#coders" "#germany" "#panthermoderns" ];
     extraEnviron = {
       REAKTOR_HOST = "irc.hackint.org";
     };
-- 
cgit v1.2.3


From 824c19e81a5696018973be2d692fcd9f07f8ef10 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 20 Apr 2018 23:33:26 +0200
Subject: l reaktor-coders: add google & blockchain command

---
 lass/2configs/reaktor-coders.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
index 922cd79cb..5a39f7115 100644
--- a/lass/2configs/reaktor-coders.nix
+++ b/lass/2configs/reaktor-coders.nix
@@ -87,6 +87,19 @@ with import <stockholm/lib>;
           exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1
         '';
       })
+      (buildSimpleReaktorPlugin "google" {
+        pattern = "^!g (?P<args>.*)$$";
+        script = pkgs.writeDash "google" ''
+          exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \
+            ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"'
+        '';
+      })
+      (buildSimpleReaktorPlugin "blockchain" {
+        pattern = ".*[Bb]lockchain.*$$";
+        script = pkgs.writeDash "blockchain" ''
+          exec echo 'DID SOMEBODY SAY BLOCKCHAIN? https://paste.krebsco.de/r99pMoQq/+inline'
+        '';
+      })
     ];
   };
 }
-- 
cgit v1.2.3


From 0521f960c8c93da7082722632309b533260781d5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 20 Apr 2018 23:34:14 +0200
Subject: l syncthing: remove deprecated inotify

---
 lass/2configs/syncthing.nix | 1 -
 1 file changed, 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index cef43d1e6..17debf822 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -3,7 +3,6 @@ with import <stockholm/lib>;
 {
   services.syncthing = {
     enable = true;
-    useInotify = true;
   };
   krebs.iptables.tables.filter.INPUT.rules = [
     { predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
-- 
cgit v1.2.3


From 0164e142e3ce793cb98b237ba2384b3d88a3550c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 20 Apr 2018 23:35:13 +0200
Subject: l websites: enableSSL -> onlySSL

---
 lass/2configs/websites/util.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index 62055d0fd..441b7af90 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -16,7 +16,7 @@ rec {
     in {
       services.nginx.virtualHosts.${domain} = {
         enableACME = true;
-        enableSSL = true;
+        onlySSL = true;
         extraConfig = ''
           listen 80;
           listen [::]:80;
@@ -34,7 +34,7 @@ rec {
     in {
       services.nginx.virtualHosts."${domain}" = {
         enableACME = true;
-        enableSSL = true;
+        onlySSL = true;
         serverAliases = domains;
         extraConfig = ''
           listen 80;
@@ -148,7 +148,7 @@ rec {
     in {
       services.nginx.virtualHosts."${domain}" = {
         enableACME = true;
-        enableSSL = true;
+        onlySSL = true;
         serverAliases = domains;
         extraConfig = ''
           listen 80;
-- 
cgit v1.2.3


From c99e8256b223761eb50cf5d6841ab64f989851c3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 21 Apr 2018 17:52:45 +0200
Subject: l monitoring: add example prometheus config

---
 lass/2configs/monitoring/node-exporter.nix     |  13 ++
 lass/2configs/monitoring/prometheus-server.nix | 179 +++++++++++++++++++++++++
 2 files changed, 192 insertions(+)
 create mode 100644 lass/2configs/monitoring/node-exporter.nix
 create mode 100644 lass/2configs/monitoring/prometheus-server.nix

(limited to 'lass/2configs')

diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix
new file mode 100644
index 000000000..8c27e90d4
--- /dev/null
+++ b/lass/2configs/monitoring/node-exporter.nix
@@ -0,0 +1,13 @@
+{ config, lib, pkgs, ... }:
+{
+  networking.firewall.allowedTCPPorts = [ 9100 ];
+
+  services.prometheus.exporters = {
+    node = {
+      enable = true;
+      enabledCollectors = [
+        "systemd"
+      ];
+    };
+  };
+}
diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix
new file mode 100644
index 000000000..d56d7e552
--- /dev/null
+++ b/lass/2configs/monitoring/prometheus-server.nix
@@ -0,0 +1,179 @@
+{ pkgs, lib, config, ... }:
+{
+  #networking = {
+  #  firewall.allowedTCPPorts = [
+  #    3000  # grafana
+  #    9090  # prometheus
+  #    9093  # alertmanager
+  #  ];
+  #  useDHCP = true;
+  #};
+
+  services = {
+    prometheus = {
+      enable = true;
+      extraFlags = [
+        "-storage.local.retention 8760h"
+        "-storage.local.series-file-shrink-ratio 0.3"
+        "-storage.local.memory-chunks 2097152"
+        "-storage.local.max-chunks-to-persist 1048576"
+        "-storage.local.index-cache-size.fingerprint-to-metric 2097152"
+        "-storage.local.index-cache-size.fingerprint-to-timerange 1048576"
+        "-storage.local.index-cache-size.label-name-to-label-values 2097152"
+        "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040"
+      ];
+      alertmanagerURL = [ "http://localhost:9093" ];
+      rules = [
+        ''
+          ALERT node_down
+          IF up == 0
+          FOR 5m
+          LABELS {
+            severity="page"
+          }
+          ANNOTATIONS {
+            summary = "{{$labels.alias}}: Node is down.",
+            description = "{{$labels.alias}} has been down for more than 5 minutes."
+          }
+          ALERT node_systemd_service_failed
+          IF node_systemd_unit_state{state="failed"} == 1
+          FOR 4m
+          LABELS {
+            severity="page"
+          }
+          ANNOTATIONS {
+            summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.",
+            description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."
+          }
+          ALERT node_filesystem_full_90percent
+          IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3
+          FOR 5m
+          LABELS {
+            severity="page"
+          }
+          ANNOTATIONS {
+            summary = "{{$labels.alias}}: Filesystem is running out of space soon.",
+            description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."
+          }
+          ALERT node_filesystem_full_in_4h
+          IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0
+          FOR 5m
+          LABELS {
+            severity="page"
+          }
+          ANNOTATIONS {
+            summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.",
+            description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"
+          }
+          ALERT node_filedescriptors_full_in_3h
+          IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum
+          FOR 20m
+          LABELS {
+            severity="page"
+          }
+          ANNOTATIONS {
+            summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.",
+            description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"
+          }
+          ALERT node_load1_90percent
+          IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9
+          FOR 1h
+          LABELS {
+            severity="page"
+          }
+          ANNOTATIONS {
+            summary = "{{$labels.alias}}: Running on high load.",
+            description = "{{$labels.alias}} is running with > 90% total load for at least 1h."
+          }
+          ALERT node_cpu_util_90percent
+          IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90
+          FOR 1h
+          LABELS {
+            severity="page"
+          }
+          ANNOTATIONS {
+            summary = "{{$labels.alias}}: High CPU utilization.",
+            description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."
+          }
+          ALERT node_ram_using_90percent
+          IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1
+          FOR 30m
+          LABELS {
+            severity="page"
+          }
+          ANNOTATIONS {
+            summary="{{$labels.alias}}: Using lots of RAM.",
+            description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.",
+          }
+          ALERT node_swap_using_80percent
+          IF node_memory_SwapTotal - (node_memory_SwapFree + node_memory_SwapCached) > node_memory_SwapTotal * 0.8
+          FOR 10m
+          LABELS {
+            severity="page"
+          }
+          ANNOTATIONS {
+            summary="{{$labels.alias}}: Running out of swap soon.",
+            description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."
+          }
+        ''
+      ];
+      scrapeConfigs = [
+        {
+          job_name = "node";
+          scrape_interval = "10s";
+          static_configs = [
+            {
+              targets = [
+                "localhost:9100"
+              ];
+              labels = {
+                alias = "prometheus.example.com";
+              };
+            }
+          ];
+        }
+      ];
+      alertmanager = {
+        enable = true;
+        listenAddress = "0.0.0.0";
+        configuration = {
+          "global" = {
+            "smtp_smarthost" = "smtp.example.com:587";
+            "smtp_from" = "alertmanager@example.com";
+          };
+          "route" = {
+            "group_by" = [ "alertname" "alias" ];
+            "group_wait" = "30s";
+            "group_interval" = "2m";
+            "repeat_interval" = "4h";
+            "receiver" = "team-admins";
+          };
+          "receivers" = [
+            {
+              "name" = "team-admins";
+              "email_configs" = [
+                {
+                  "to" = "devnull@example.com";
+                  "send_resolved" = true;
+                }
+              ];
+              "webhook_configs" = [
+                {
+                  "url" = "https://example.com/prometheus-alerts";
+                  "send_resolved" = true;
+                }
+              ];
+            }
+          ];
+        };
+      };
+    };
+    grafana = {
+      enable = true;
+      addr = "0.0.0.0";
+      domain = "grafana.example.com";
+      rootUrl = "https://grafana.example.com/";
+      security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
+    };
+  };
+}
-- 
cgit v1.2.3


From eca81992947815db2700a831aa1ec38a0e70216b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 27 Apr 2018 16:52:48 +0200
Subject: l: kill legacy backups

---
 lass/2configs/backups.nix | 173 ----------------------------------------------
 lass/2configs/default.nix |   1 -
 2 files changed, 174 deletions(-)
 delete mode 100644 lass/2configs/backups.nix

(limited to 'lass/2configs')

diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix
deleted file mode 100644
index c4fb85420..000000000
--- a/lass/2configs/backups.nix
+++ /dev/null
@@ -1,173 +0,0 @@
-{ config, lib, ... }:
-with import <stockholm/lib>;
-{
-
-  # TODO add timerConfig to krebs.backup and randomize startup
-  # TODO define plans more abstract
-  krebs.backup.plans = {
-  } // mapAttrs (_: recursiveUpdate {
-    snapshots = {
-      daily    = { format = "%Y-%m-%d"; retain =  7; };
-      weekly   = { format = "%YW%W";    retain =  4; };
-      monthly  = { format = "%Y-%m";    retain = 12; };
-      yearly   = { format = "%Y";                    };
-    };
-  }) {
-    dishfire-http-prism = {
-      method = "pull";
-      src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
-      dst = { host = config.krebs.hosts.prism;    path = "/bku/dishfire-http"; };
-      startAt = "03:00";
-    };
-    dishfire-http-icarus = {
-      method = "pull";
-      src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
-      dst = { host = config.krebs.hosts.icarus;   path = "/bku/dishfire-http"; };
-      startAt = "03:10";
-    };
-    dishfire-http-mors = {
-      method = "pull";
-      src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
-      dst = { host = config.krebs.hosts.mors;     path = "/bku/dishfire-http"; };
-      startAt = "03:05";
-    };
-    dishfire-http-shodan = {
-      method = "pull";
-      src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
-      dst = { host = config.krebs.hosts.shodan;   path = "/bku/dishfire-http"; };
-      startAt = "03:10";
-    };
-    dishfire-sql-prism = {
-      method = "pull";
-      src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
-      dst = { host = config.krebs.hosts.prism;    path = "/bku/dishfire-sql"; };
-      startAt = "03:15";
-    };
-    dishfire-sql-icarus = {
-      method = "pull";
-      src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
-      dst = { host = config.krebs.hosts.icarus;   path = "/bku/dishfire-sql"; };
-      startAt = "03:25";
-    };
-    dishfire-sql-mors = {
-      method = "pull";
-      src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
-      dst = { host = config.krebs.hosts.mors;     path = "/bku/dishfire-sql"; };
-      startAt = "03:20";
-    };
-    dishfire-sql-shodan = {
-      method = "pull";
-      src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
-      dst = { host = config.krebs.hosts.shodan;   path = "/bku/dishfire-sql"; };
-      startAt = "03:25";
-    };
-    prism-bitlbee-icarus = {
-      method = "pull";
-      src = { host = config.krebs.hosts.prism;  path = "/var/lib/bitlbee"; };
-      dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-bitlbee"; };
-      startAt = "03:25";
-    };
-    prism-bitlbee-mors = {
-      method = "pull";
-      src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
-      dst = { host = config.krebs.hosts.mors;  path = "/bku/prism-bitlbee"; };
-      startAt = "03:25";
-    };
-    prism-bitlbee-shodan = {
-      method = "pull";
-      src = { host = config.krebs.hosts.prism;  path = "/var/lib/bitlbee"; };
-      dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-bitlbee"; };
-      startAt = "03:25";
-    };
-    prism-chat-icarus = {
-      method = "pull";
-      src = { host = config.krebs.hosts.prism;  path = "/home/chat"; };
-      dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-chat"; };
-      startAt = "03:35";
-    };
-    prism-chat-mors = {
-      method = "pull";
-      src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
-      dst = { host = config.krebs.hosts.mors;  path = "/bku/prism-chat"; };
-      startAt = "03:30";
-    };
-    prism-chat-shodan = {
-      method = "pull";
-      src = { host = config.krebs.hosts.prism;  path = "/home/chat"; };
-      dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-chat"; };
-      startAt = "03:35";
-    };
-    prism-sql-icarus = {
-      method = "pull";
-      src = { host = config.krebs.hosts.prism;  path = "/bku/sql_dumps"; };
-      dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-sql_dumps"; };
-      startAt = "03:45";
-    };
-    prism-sql-mors = {
-      method = "pull";
-      src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
-      dst = { host = config.krebs.hosts.mors;  path = "/bku/prism-sql_dumps"; };
-      startAt = "03:40";
-    };
-    prism-sql-shodan = {
-      method = "pull";
-      src = { host = config.krebs.hosts.prism;  path = "/bku/sql_dumps"; };
-      dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-sql_dumps"; };
-      startAt = "03:45";
-    };
-    prism-http-icarus = {
-      method = "pull";
-      src = { host = config.krebs.hosts.prism;  path = "/srv/http"; };
-      dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-http"; };
-      startAt = "03:55";
-    };
-    prism-http-mors = {
-      method = "pull";
-      src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
-      dst = { host = config.krebs.hosts.mors;  path = "/bku/prism-http"; };
-      startAt = "03:50";
-    };
-    prism-http-shodan = {
-      method = "pull";
-      src = { host = config.krebs.hosts.prism;  path = "/srv/http"; };
-      dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-http"; };
-      startAt = "03:55";
-    };
-    icarus-home-mors = {
-      method = "pull";
-      src = { host = config.krebs.hosts.icarus; path = "/home"; };
-      dst = { host = config.krebs.hosts.mors;   path = "/bku/icarus-home"; };
-      startAt = "05:00";
-    };
-    icarus-home-shodan = {
-      method = "push";
-      src = { host = config.krebs.hosts.icarus; path = "/home"; };
-      dst = { host = config.krebs.hosts.shodan; path = "/bku/icarus-home"; };
-      startAt = "05:00";
-    };
-    mors-home-icarus = {
-      method = "push";
-      src = { host = config.krebs.hosts.mors;   path = "/home"; };
-      dst = { host = config.krebs.hosts.icarus; path = "/bku/mors-home"; };
-      startAt = "05:00";
-    };
-    mors-home-shodan = {
-      method = "push";
-      src = { host = config.krebs.hosts.mors;   path = "/home"; };
-      dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; };
-      startAt = "05:00";
-    };
-    shodan-home-icarus = {
-      method = "pull";
-      src = { host = config.krebs.hosts.shodan; path = "/home"; };
-      dst = { host = config.krebs.hosts.icarus; path = "/bku/shodan-home"; };
-      startAt = "04:00";
-    };
-    shodan-home-mors = {
-      method = "pull";
-      src = { host = config.krebs.hosts.shodan; path = "/home"; };
-      dst = { host = config.krebs.hosts.mors;   path = "/bku/shodan-home"; };
-      startAt = "04:00";
-    };
-  };
-}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 5a5f1b347..d56f89c2f 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -9,7 +9,6 @@ with import <stockholm/lib>;
     ./monitoring/client.nix
     ./zsh.nix
     ./htop.nix
-    ./backups.nix
     ./security-workarounds.nix
     {
       users.extraUsers =
-- 
cgit v1.2.3


From 72abe80227ec5de5c2f7a55f6e2fe3da46c14538 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 27 Apr 2018 16:55:43 +0200
Subject: l: config for backup target

---
 lass/2configs/backup.nix | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 lass/2configs/backup.nix

(limited to 'lass/2configs')

diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix
new file mode 100644
index 000000000..27adf6d2a
--- /dev/null
+++ b/lass/2configs/backup.nix
@@ -0,0 +1,20 @@
+{ config, lib, ... }:
+with import <stockholm/lib>;
+
+{
+  fileSystems = {
+    "/backups" = {
+      device = "/dev/pool/backup";
+      fsType = "ext4";
+    };
+  };
+  users.users.backup = {
+    useDefaultShell = true;
+    home = "/backups";
+    createHome = true;
+    openssh.authorizedKeys.keys = with config.krebs.hosts; [
+      mors.ssh.pubkey
+      prism.ssh.pubkey
+    ];
+  };
+}
-- 
cgit v1.2.3


From 2701bdd97f0f2ea8681b1d66670eb68ea0f11017 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 27 Apr 2018 19:34:36 +0200
Subject: l: use prometheus as monitoring

---
 lass/2configs/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index d56f89c2f..12a814605 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -6,7 +6,7 @@ with import <stockholm/lib>;
     ./gc.nix
     ./mc.nix
     ./vim.nix
-    ./monitoring/client.nix
+    ./monitoring/node-exporter.nix
     ./zsh.nix
     ./htop.nix
     ./security-workarounds.nix
-- 
cgit v1.2.3


From ba1a8d0b5a0296e6f8673bd87983bfd482085e2c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 27 Apr 2018 19:43:38 +0200
Subject: l: kill dns-stuff

---
 lass/2configs/baseX.nix     |  1 -
 lass/2configs/dns-stuff.nix | 16 ----------------
 2 files changed, 17 deletions(-)
 delete mode 100644 lass/2configs/dns-stuff.nix

(limited to 'lass/2configs')

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index ed179ded6..e2e44b6fc 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -9,7 +9,6 @@ in {
     ./power-action.nix
     ./copyq.nix
     ./livestream.nix
-    ./dns-stuff.nix
     ./urxvt.nix
     ./network-manager.nix
     {
diff --git a/lass/2configs/dns-stuff.nix b/lass/2configs/dns-stuff.nix
deleted file mode 100644
index cbcce8df9..000000000
--- a/lass/2configs/dns-stuff.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-{
-  services.dnscrypt-proxy = {
-    enable = true;
-    localAddress = "127.1.0.1";
-    customResolver = {
-      address = config.krebs.hosts.gum.nets.internet.ip4.addr;
-      port = 15251;
-      name = "2.dnscrypt-cert.euer.krebsco.de";
-      key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C";
-    };
-  };
-  services.resolved.enable = true;
-  services.resolved.fallbackDns = [ "127.1.0.1" ];
-}
-- 
cgit v1.2.3


From 102324c0d88a535f7518c97cb908da8d377a0bd8 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 08:44:04 +0200
Subject: l bitcoin: remove ethereum

---
 lass/2configs/bitcoin.nix | 10 ----------
 1 file changed, 10 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix
index a405addfc..9f6fd3bf0 100644
--- a/lass/2configs/bitcoin.nix
+++ b/lass/2configs/bitcoin.nix
@@ -10,9 +10,6 @@ in {
   krebs.per-user.bitcoin.packages = [
     pkgs.electrum
   ];
-  krebs.per-user.ethereum.packages = [
-    pkgs.go-ethereum
-  ];
   users.extraUsers = {
     bch = {
       name = "bch";
@@ -28,13 +25,6 @@ in {
       useDefaultShell = true;
       createHome = true;
     };
-    ethereum = {
-      name = "ethereum";
-      description = "user for ethereum stuff";
-      home = "/home/ethereum";
-      useDefaultShell = true;
-      createHome = true;
-    };
   };
   security.sudo.extraConfig = ''
     ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL
-- 
cgit v1.2.3


From 004b6a895ad7ee9f7bb8864f99f98c356d93a6f2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 09:10:40 +0200
Subject: l: add dev to docker group

---
 lass/2configs/dcso-dev.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix
index ae1c7bc8d..b985b67b3 100644
--- a/lass/2configs/dcso-dev.nix
+++ b/lass/2configs/dcso-dev.nix
@@ -9,6 +9,7 @@ in {
     dev = {
       name = "dev";
       uid = genid "dev";
+      extraGroups = [ "docker" ];
       description = "user for collaborative development";
       home = "/home/dev";
       useDefaultShell = true;
-- 
cgit v1.2.3


From dabd9f0f02b44b048b6355184fa64612201db72d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 09:41:43 +0200
Subject: l monitoring: open ports

---
 lass/2configs/monitoring/node-exporter.nix     | 6 ++++--
 lass/2configs/monitoring/prometheus-server.nix | 6 ++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix
index 8c27e90d4..561e3a25c 100644
--- a/lass/2configs/monitoring/node-exporter.nix
+++ b/lass/2configs/monitoring/node-exporter.nix
@@ -1,7 +1,9 @@
 { config, lib, pkgs, ... }:
 {
-  networking.firewall.allowedTCPPorts = [ 9100 ];
-
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; }
+    { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; }
+  ];
   services.prometheus.exporters = {
     node = {
       enable = true;
diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix
index d56d7e552..c5c97412d 100644
--- a/lass/2configs/monitoring/prometheus-server.nix
+++ b/lass/2configs/monitoring/prometheus-server.nix
@@ -9,6 +9,12 @@
   #  useDHCP = true;
   #};
 
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; }
+    { predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; }
+    { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; }
+  ];
+
   services = {
     prometheus = {
       enable = true;
-- 
cgit v1.2.3


From a0862fa505ba8fb1d94c8bdac69a2077ba89bcdc Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 09:43:17 +0200
Subject: l monitoring: monitor more hosts

---
 lass/2configs/monitoring/prometheus-server.nix | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix
index c5c97412d..92bb0519f 100644
--- a/lass/2configs/monitoring/prometheus-server.nix
+++ b/lass/2configs/monitoring/prometheus-server.nix
@@ -130,11 +130,10 @@
           static_configs = [
             {
               targets = [
-                "localhost:9100"
-              ];
-              labels = {
-                alias = "prometheus.example.com";
-              };
+              ] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts));
+              #labels = {
+              #  alias = "prometheus.example.com";
+              #};
             }
           ];
         }
-- 
cgit v1.2.3


From da44ae1115af80bb71f38de20b7421d08e435ea7 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 09:43:51 +0200
Subject: l monitoring: print alarms to irc

---
 lass/2configs/monitoring/prometheus-server.nix | 33 ++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix
index 92bb0519f..1f9419e1a 100644
--- a/lass/2configs/monitoring/prometheus-server.nix
+++ b/lass/2configs/monitoring/prometheus-server.nix
@@ -181,4 +181,37 @@
       security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
     };
   };
+  services.logstash = {
+    enable = true;
+    inputConfig = ''
+      http {
+        port => 14813
+        host => "127.0.0.1"
+      }
+    '';
+    filterConfig = ''
+      if ([alerts]) {
+        ruby {
+          code => '
+            lines = []
+            event["alerts"].each {|p|
+              lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}"
+            }
+            event["output"] = lines.join("\n")
+          '
+        }
+      }
+    '';
+    outputConfig = ''
+      file { path => "/tmp/logs.json" codec => "json_lines" }
+      irc {
+        channels => [ "#noise" ]
+        host => "irc.r"
+        nick => "alarm"
+        codec => "json_lines"
+        format => "%{output}"
+      }
+    '';
+    #plugins = [ ];
+  };
 }
-- 
cgit v1.2.3


From 1d1861fe7c3c2906a0deff9ae9598fa7ffe08c0d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 11:29:46 +0200
Subject: l notmuch: disable tests

---
 lass/2configs/mail.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 81db59617..2bb51b50a 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -206,8 +206,11 @@ in {
     msmtp
     mutt
     pkgs.much
-    pkgs.notmuch
     tag-new-mails
     tag-old-mails
   ];
+
+  nixpkgs.config.packageOverrides = opkgs: {
+    notmuch = (opkgs.notmuch.overrideAttrs (o: { doCheck = false; }));
+  };
 }
-- 
cgit v1.2.3


From 4190562d1233e40b3364c1bd812f2702a0748e49 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 16:12:10 +0200
Subject: l monitoring: delete legacy config

---
 lass/2configs/monitoring/client.nix       | 26 ---------
 lass/2configs/monitoring/monit-alarms.nix | 44 ----------------
 lass/2configs/monitoring/server.nix       | 87 -------------------------------
 3 files changed, 157 deletions(-)
 delete mode 100644 lass/2configs/monitoring/client.nix
 delete mode 100644 lass/2configs/monitoring/monit-alarms.nix
 delete mode 100644 lass/2configs/monitoring/server.nix

(limited to 'lass/2configs')

diff --git a/lass/2configs/monitoring/client.nix b/lass/2configs/monitoring/client.nix
deleted file mode 100644
index b8c245215..000000000
--- a/lass/2configs/monitoring/client.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{pkgs, config, ...}:
-with import <stockholm/lib>;
-{
-  services.telegraf = {
-    enable = true;
-
-    extraConfig = {
-      agent.interval = "1s";
-      outputs = {
-        influxdb = {
-          urls = ["http://prism:8086"];
-          database = "telegraf_db";
-          user_agent = "telegraf";
-        };
-      };
-      inputs = {
-        cpu = {
-          percpu = false;
-          totalcpu = true;
-        };
-        mem = {};
-        net = {};
-      };
-    };
-  };
-}
diff --git a/lass/2configs/monitoring/monit-alarms.nix b/lass/2configs/monitoring/monit-alarms.nix
deleted file mode 100644
index 2cfc292e5..000000000
--- a/lass/2configs/monitoring/monit-alarms.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{pkgs, config, ...}:
-with import <stockholm/lib>;
-let
-  echoToIrc = msg:
-    pkgs.writeDash "echo_irc" ''
-      set -euf
-      export LOGNAME=prism-alarm
-      ${pkgs.irc-announce}/bin/irc-announce \
-        irc.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
-    '';
-
-in {
-  krebs.monit = {
-    enable = true;
-    http.enable = true;
-    alarms = {
-      nirwanabluete = {
-        test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'";
-        alarm = echoToIrc "test nirwanabluete failed";
-      };
-      ubik = {
-        test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'";
-        alarm = echoToIrc "test ubik failed";
-      };
-      cac-panel = {
-        test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'";
-        alarm = echoToIrc "test cac-panel failed";
-      };
-      radio = {
-        test = pkgs.writeBash "check_stream" ''
-          ${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \
-          | ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \
-          | ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}"
-        '';
-        alarm = echoToIrc "test radio failed";
-      };
-    };
-  };
-
-  krebs.iptables.tables.filter.INPUT.rules = [
-    { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
-  ];
-}
-
diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix
deleted file mode 100644
index adaecde2c..000000000
--- a/lass/2configs/monitoring/server.nix
+++ /dev/null
@@ -1,87 +0,0 @@
-{pkgs, config, ...}:
-with import <stockholm/lib>;
-{
-  services.influxdb.enable = true;
-
-  services.influxdb.extraConfig = {
-    meta.hostname = config.krebs.build.host.name;
-    # meta.logging-enabled = true;
-    http.bind-address = ":8086";
-    admin.bind-address = ":8083";
-    http.log-enabled = false;
-    monitoring = {
-      enabled = false;
-      # write-interval = "24h";
-    };
-    collectd = [{
-      enabled = true;
-      typesdb = "${pkgs.collectd}/share/collectd/types.db";
-      database = "collectd_db";
-      port = 25826;
-    }];
-  };
-
-  krebs.kapacitor =
-    let
-      db = "telegraf_db";
-      echoToIrc = pkgs.writeDash "echo_irc" ''
-        set -euf
-        data="$(${pkgs.jq}/bin/jq -r .message)"
-        export LOGNAME=prism-alarm
-        ${pkgs.irc-announce}/bin/irc-announce \
-          irc.r 6667 prism-alarm \#noise "$data" >/dev/null
-      '';
-    in {
-      enable = true;
-      alarms = {
-        cpu = {
-          database = db;
-          text = ''
-            var data = batch
-              |query(${"'''"}
-                SELECT mean("usage_user") AS mean
-                FROM "${db}"."default"."cpu"
-              ${"'''"})
-              .period(10m)
-              .every(1m)
-              .groupBy('host')
-              data |alert()
-                .crit(lambda: "mean" > 90)
-                .exec('${echoToIrc}')
-              data |deadman(1.0,5m)
-                .stateChangesOnly()
-                .exec('${echoToIrc}')
-          '';
-        };
-        ram = {
-          database = db;
-          text = ''
-            var data = batch
-              |query(${"'''"}
-                SELECT mean("used_percent") AS mean
-                FROM "${db}"."default"."mem"
-              ${"'''"})
-              .period(10m)
-              .every(1m)
-              .groupBy('host')
-              data |alert()
-                .crit(lambda: "mean" > 90)
-                .exec('${echoToIrc}')
-          '';
-        };
-      };
-  };
-
-  services.grafana = {
-    enable = true;
-    addr = "0.0.0.0";
-    auth.anonymous.enable = true;
-    security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
-  };
-
-  krebs.iptables.tables.filter.INPUT.rules = [
-    { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
-    { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
-    { predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
-  ];
-}
-- 
cgit v1.2.3


From 92c123397188ae6cf115197862e8d79015995356 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 17:26:43 +0200
Subject: l prism.r: run go-shortener

---
 lass/2configs/go.nix | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 lass/2configs/go.nix

(limited to 'lass/2configs')

diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix
new file mode 100644
index 000000000..ecf89b298
--- /dev/null
+++ b/lass/2configs/go.nix
@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+{
+  krebs.go = {
+    enable = true;
+  };
+  services.nginx = {
+    enable = true;
+    virtualHosts.go = {
+      locations."/".extraConfig = ''
+        proxy_set_header Host go.lassul.us;
+        proxy_pass http://localhost:1337;
+      '';
+      serverAliases = [
+        "go.lassul.us"
+      ];
+    };
+  };
+}
+
-- 
cgit v1.2.3


From b96f9d898a77bb5a735ad35d1bc1eeeea1833cae Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 23:14:34 +0200
Subject: l websites: move servephpBB to util

---
 lass/2configs/websites/lassulus.nix | 55 -------------------------------------
 lass/2configs/websites/util.nix     | 53 +++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+), 55 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 25ca1f455..b9811221c 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -6,61 +6,6 @@ let
     genid
   ;
 
-  servephpBB = domains:
-    let
-      domain = head domains;
-
-    in {
-      services.nginx.virtualHosts."${domain}" = {
-        enableACME = true;
-        forceSSL = true;
-        serverAliases = domains;
-        extraConfig = ''
-          index index.php;
-          root /srv/http/${domain}/;
-          access_log /tmp/nginx_acc.log;
-          error_log /tmp/nginx_err.log;
-          error_page 404 /404.html;
-          error_page 500 502 503 504 /50x.html;
-          client_max_body_size 100m;
-        '';
-        locations."/".extraConfig = ''
-          try_files $uri $uri/ /index.php?$args;
-        '';
-        locations."~ \.php(?:$|/)".extraConfig =  ''
-          fastcgi_split_path_info ^(.+\.php)(/.+)$;
-          include ${pkgs.nginx}/conf/fastcgi_params;
-          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-          fastcgi_param PATH_INFO $fastcgi_path_info;
-          fastcgi_param HTTPS on;
-          fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
-          fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
-          fastcgi_intercept_errors on;
-        '';
-        #Directives to send expires headers and turn off 404 error logging.
-        locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
-          access_log off;
-          log_not_found off;
-          expires max;
-        '';
-      };
-      services.phpfpm.poolConfigs."${domain}" = ''
-        listen = /srv/http/${domain}/phpfpm.pool
-        user = nginx
-        group = nginx
-        pm = dynamic
-        pm.max_children = 25
-        pm.start_servers = 5
-        pm.min_spare_servers = 3
-        pm.max_spare_servers = 20
-        listen.owner = nginx
-        listen.group = nginx
-        php_admin_value[error_log] = 'stderr'
-        php_admin_flag[log_errors] = on
-        catch_workers_output = yes
-      '';
-    };
-
 in {
   imports = [
     ./default.nix
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index 441b7af90..61b5543ce 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -28,6 +28,59 @@ rec {
       };
     };
 
+  servephpBB = domains:
+    let
+      domain = head domains;
+
+    in {
+      services.nginx.virtualHosts."${domain}" = {
+        serverAliases = domains;
+        extraConfig = ''
+          index index.php;
+          root /srv/http/${domain}/;
+          access_log /tmp/nginx_acc.log;
+          error_log /tmp/nginx_err.log;
+          error_page 404 /404.html;
+          error_page 500 502 503 504 /50x.html;
+          client_max_body_size 100m;
+        '';
+        locations."/".extraConfig = ''
+          try_files $uri $uri/ /index.php?$args;
+        '';
+        locations."~ \.php(?:$|/)".extraConfig =  ''
+          fastcgi_split_path_info ^(.+\.php)(/.+)$;
+          include ${pkgs.nginx}/conf/fastcgi_params;
+          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+          fastcgi_param PATH_INFO $fastcgi_path_info;
+          fastcgi_param HTTPS on;
+          fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
+          fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
+          fastcgi_intercept_errors on;
+        '';
+        #Directives to send expires headers and turn off 404 error logging.
+        locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
+          access_log off;
+          log_not_found off;
+          expires max;
+        '';
+      };
+      services.phpfpm.poolConfigs."${domain}" = ''
+        listen = /srv/http/${domain}/phpfpm.pool
+        user = nginx
+        group = nginx
+        pm = dynamic
+        pm.max_children = 25
+        pm.start_servers = 5
+        pm.min_spare_servers = 3
+        pm.max_spare_servers = 20
+        listen.owner = nginx
+        listen.group = nginx
+        php_admin_value[error_log] = 'stderr'
+        php_admin_flag[log_errors] = on
+        catch_workers_output = yes
+      '';
+    };
+
   serveOwncloud = domains:
     let
       domain = head domains;
-- 
cgit v1.2.3


From 1820b1753011eb42bb9be30011e6fbd11993b201 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 23:18:05 +0200
Subject: l: add red.r

---
 lass/2configs/websites/lassulus.nix | 1 -
 1 file changed, 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index b9811221c..53f1eea5c 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -10,7 +10,6 @@ in {
   imports = [
     ./default.nix
     ../git.nix
-    (servephpBB [ "rote-allez-fraktion.de" ])
   ];
 
   security.acme = {
-- 
cgit v1.2.3


From 74b52f1c3e1db674adab2a397def13dda495a66f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 23:20:53 +0200
Subject: l: add immoscout@lassul.us

---
 lass/2configs/exim-smarthost.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 4455d2761..e05ed2427 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -79,6 +79,7 @@ with import <stockholm/lib>;
       { from = "ovh@lassul.us"; to = lass.mail; }
       { from = "hetzner@lassul.us"; to = lass.mail; }
       { from = "allygator@lassul.us"; to = lass.mail; }
+      { from = "immoscout@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }
-- 
cgit v1.2.3


From 7240963fb9a0a98696cae7d9a0d9ba248eb51676 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 23:27:25 +0200
Subject: l git: add collaborators to public repos

---
 lass/2configs/git.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 1fe87c666..2e3c6290f 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -70,8 +70,8 @@ let
     import <secrets/repos.nix> { inherit config lib pkgs; }
   );
 
-  make-public-repo = name: { cgit ? {}, ... }: {
-    inherit cgit name;
+  make-public-repo = name: { cgit ? {}, collaborators ? [], ... }: {
+    inherit cgit collaborators name;
     public = true;
     hooks = {
       post-receive = pkgs.git-hooks.irc-announce {
-- 
cgit v1.2.3


From 867db7d464f101f0be77199b7178b5f110d79bf7 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 23:27:51 +0200
Subject: l git: add nixos-aws

---
 lass/2configs/git.nix | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 2e3c6290f..d18524cf5 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -57,6 +57,12 @@ let
       cgit.desc = "Fork of nix-user-chroot my lethalman";
       cgit.section = "software";
     };
+    nixos-aws = {
+      collaborators = [ {
+        name = "fabio";
+        pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada";
+      } ];
+    };
   } // mapAttrs make-public-repo-silent {
   };
 
-- 
cgit v1.2.3


From a7595f3ab19b8e94696fdca18c0b78cc605281b3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 1 May 2018 15:49:56 +0200
Subject: l gc: don't gc on containers

---
 lass/2configs/gc.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix
index ad015180a..c5073e384 100644
--- a/lass/2configs/gc.nix
+++ b/lass/2configs/gc.nix
@@ -3,6 +3,6 @@
 with import <stockholm/lib>;
 {
   nix.gc = {
-    automatic = ! elem config.krebs.build.host.name [ "prism" "mors" "helios" ];
+    automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer);
   };
 }
-- 
cgit v1.2.3


From 0f98216757cfeb3cfe318181fee0fc5c7b7f1c04 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 1 May 2018 16:04:21 +0200
Subject: l zsh: use recent LS_COLORS

---
 lass/2configs/zsh.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
index aa3e6731d..76cac9f56 100644
--- a/lass/2configs/zsh.nix
+++ b/lass/2configs/zsh.nix
@@ -54,8 +54,8 @@
       eval $(dircolors -b ${pkgs.fetchFromGitHub {
         owner = "trapd00r";
         repo = "LS_COLORS";
-        rev = "master";
-        sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
+        rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
+        sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
       }}/LS_COLORS)
       alias ls='ls --color'
       zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
-- 
cgit v1.2.3


From 37fa7bff9339799984554b8ccbacf1f07281d6ce Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 1 May 2018 16:04:48 +0200
Subject: l git: add krops repo

---
 lass/2configs/git.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index d18524cf5..43085ba5e 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -63,6 +63,10 @@ let
         pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada";
       } ];
     };
+    krops = {
+      cgit.desc = "krebs deployment";
+      cgit.section = "software";
+    };
   } // mapAttrs make-public-repo-silent {
   };
 
-- 
cgit v1.2.3


From ecc09522d9073386c91fc61838ca418489ab648f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 3 May 2018 12:13:14 +0200
Subject: l cabal.r: use as AP

---
 lass/2configs/AP.nix | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)
 create mode 100644 lass/2configs/AP.nix

(limited to 'lass/2configs')

diff --git a/lass/2configs/AP.nix b/lass/2configs/AP.nix
new file mode 100644
index 000000000..5ce7cfff8
--- /dev/null
+++ b/lass/2configs/AP.nix
@@ -0,0 +1,77 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+let
+  wifi = "wlp0s29u1u2";
+in {
+  boot.extraModulePackages = [
+    pkgs.linuxPackages.rtl8814au
+  ];
+  networking.networkmanager.unmanaged = [ wifi ];
+
+  systemd.services.hostapd = {
+    description = "hostapd wireless AP";
+    path = [ pkgs.hostapd ];
+    wantedBy = [ "network.target" ];
+
+    after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ];
+
+    serviceConfig = {
+      ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" ''
+        interface=${wifi}
+        hw_mode=a
+        channel=36
+        ieee80211d=1
+        country_code=DE
+        ieee80211n=1
+        ieee80211ac=1
+        wmm_enabled=1
+
+        # 5ghz
+        ssid=krebsing
+        auth_algs=1
+        wpa=2
+        wpa_key_mgmt=WPA-PSK
+        rsn_pairwise=CCMP
+        wpa_passphrase=aidsballz
+      ''}";
+      Restart = "always";
+    };
+  };
+
+  networking.interfaces.${wifi}.ipv4.addresses = [
+    { address = "10.99.0.1"; prefixLength = 24; }
+  ];
+  services.dhcpd4 = {
+    enable = true;
+    interfaces = [ wifi ];
+    extraConfig = ''
+      option subnet-mask 255.255.255.0;
+      option routers 10.99.0.1;
+      option domain-name-servers 1.1.1.1, 8.8.8.8;
+      subnet 10.99.0.0 netmask 255.255.255.0 {
+        range 10.99.0.100 10.99.0.200;
+      }
+    '';
+  };
+
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+  krebs.iptables.tables.filter.FORWARD.rules = [
+    { v6 = false; predicate = "-d 10.99.0.0/24 -o ${wifi} -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
+    { v6 = false; predicate = "-s 10.99.0.0/24 -i ${wifi}"; target = "ACCEPT"; }
+    { v6 = false; predicate = "-i ${wifi} -o ${wifi}"; target = "ACCEPT"; }
+    { v6 = false; predicate = "-o ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
+    { v6 = false; predicate = "-i ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
+  ];
+  krebs.iptables.tables.nat.PREROUTING.rules = [
+    { v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; precedence = 1000; }
+  ];
+  krebs.iptables.tables.nat.POSTROUTING.rules = [
+    #TODO find out what this is about?
+    { v6 = false; predicate = "-s 10.99.0.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
+    { v6 = false; predicate = "-s 10.99.0.0/24 -d 255.255.255.255"; target = "RETURN"; }
+
+    { v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24"; target = "MASQUERADE"; }
+    { v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
+    { v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
+  ];
+}
-- 
cgit v1.2.3


From 28d6704a0d617ca7d379b836ab9fdd4d6a0be868 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 3 May 2018 18:04:38 +0200
Subject: l monitoring: use correct logstash url

---
 lass/2configs/monitoring/prometheus-server.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix
index 1f9419e1a..e16d421a0 100644
--- a/lass/2configs/monitoring/prometheus-server.nix
+++ b/lass/2configs/monitoring/prometheus-server.nix
@@ -164,7 +164,7 @@
               ];
               "webhook_configs" = [
                 {
-                  "url" = "https://example.com/prometheus-alerts";
+                  "url" = "http://127.0.0.1:14813/prometheus-alerts";
                   "send_resolved" = true;
                 }
               ];
-- 
cgit v1.2.3


From 66b55d0a27327b5f0f6adf675a779f8d09e9c703 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 3 May 2018 18:33:11 +0200
Subject: l repo-sync: RIP web-routes-wai-custom

---
 lass/2configs/repo-sync.nix | 1 -
 1 file changed, 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index ad44c67e1..1cf22552c 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -135,7 +135,6 @@ in {
     (sync-retiolum "populate")
     (sync-retiolum "stockholm")
     (sync-retiolum "wai-middleware-time")
-    (sync-retiolum "web-routes-wai-custom")
     (sync-retiolum "xmonad-stockholm")
   ];
 }
-- 
cgit v1.2.3


From c0f7f7bab5447ebf95f4873f7ff9679938ff6d27 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 7 May 2018 19:56:26 +0200
Subject: l baseX: add dconf

---
 lass/2configs/baseX.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index e2e44b6fc..809297655 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -74,6 +74,7 @@ in {
     gi
     git-preview
     gitAndTools.qgit
+    gnome3.dconf
     lm_sensors
     mpv-poll
     much
-- 
cgit v1.2.3


From e8c4f7c0e40a1612731ad9f68ef7f5bb1ec7ce1c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 7 May 2018 19:57:44 +0200
Subject: l websites utils: forceSSL

---
 lass/2configs/websites/util.nix | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index 61b5543ce..a11e8e692 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -16,11 +16,7 @@ rec {
     in {
       services.nginx.virtualHosts.${domain} = {
         enableACME = true;
-        onlySSL = true;
-        extraConfig = ''
-          listen 80;
-          listen [::]:80;
-        '';
+        forceSSL = true;
         serverAliases = domains;
         locations."/".extraConfig = ''
           root /srv/http/${domain};
@@ -87,12 +83,9 @@ rec {
     in {
       services.nginx.virtualHosts."${domain}" = {
         enableACME = true;
-        onlySSL = true;
+        forceSSL = true;
         serverAliases = domains;
         extraConfig = ''
-          listen 80;
-          listen [::]:80;
-
           # Add headers to serve security related headers
           add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
           add_header X-Content-Type-Options nosniff;
@@ -201,12 +194,9 @@ rec {
     in {
       services.nginx.virtualHosts."${domain}" = {
         enableACME = true;
-        onlySSL = true;
+        forceSSL = true;
         serverAliases = domains;
         extraConfig = ''
-          listen 80;
-          listen [::]:80;
-
           root /srv/http/${domain}/;
           index index.php;
           access_log /tmp/nginx_acc.log;
-- 
cgit v1.2.3


From 8b1d1b8d913004951e0c2fd46c6b7d2a3c27148a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 13 May 2018 19:35:28 +0200
Subject: l git: don't announce nixos-aws

---
 lass/2configs/git.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 43085ba5e..f9e326333 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -57,17 +57,17 @@ let
       cgit.desc = "Fork of nix-user-chroot my lethalman";
       cgit.section = "software";
     };
+    krops = {
+      cgit.desc = "krebs deployment";
+      cgit.section = "software";
+    };
+  } // mapAttrs make-public-repo-silent {
     nixos-aws = {
       collaborators = [ {
         name = "fabio";
         pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada";
       } ];
     };
-    krops = {
-      cgit.desc = "krebs deployment";
-      cgit.section = "software";
-    };
-  } // mapAttrs make-public-repo-silent {
   };
 
   restricted-repos = mapAttrs make-restricted-repo (
-- 
cgit v1.2.3


From 619131d246ead21ba001644be82686ce31138773 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 13 May 2018 22:27:15 +0200
Subject: l git: add icarus to admin users

---
 lass/2configs/git.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index f9e326333..712a15342 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -121,7 +121,7 @@ let
     with git // config.krebs.users;
     repo:
       singleton {
-        user = [ lass lass-shodan ];
+        user = [ lass lass-shodan lass-icarus ];
         repo = [ repo ];
         perm = push "refs/*" [ non-fast-forward create delete merge ];
       } ++
-- 
cgit v1.2.3


From 91b1eec4162bf16ce3c4ae698cebd7236b968f9f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:04:59 +0200
Subject: l: set 32bit dri in games.nix

---
 lass/2configs/games.nix | 1 +
 lass/2configs/steam.nix | 2 --
 2 files changed, 1 insertion(+), 2 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 3ee3a98a5..81f53bf69 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -80,6 +80,7 @@ in {
     };
   };
 
+  hardware.opengl.driSupport32Bit = true;
   hardware.pulseaudio.support32Bit = true;
 
   security.sudo.extraConfig = ''
diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix
index 225ddd308..e1b523e3a 100644
--- a/lass/2configs/steam.nix
+++ b/lass/2configs/steam.nix
@@ -10,8 +10,6 @@
   # source: https://nixos.org/wiki/Talk:Steam
   #
   ##TODO: make steam module
-  hardware.opengl.driSupport32Bit = true;
-
   nixpkgs.config.steam.java = true;
   environment.systemPackages = with pkgs; [
     steam
-- 
cgit v1.2.3


From 9e95c2b2d12cf18fcda266cc3b69d685d288b77f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:05:49 +0200
Subject: l baseX: add thesauron

---
 lass/2configs/baseX.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 809297655..a387f2c5d 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -69,11 +69,12 @@ in {
   environment.systemPackages = with pkgs; [
     acpi
     bank
+    cabal2nix
     dic
     dmenu
     gi
-    git-preview
     gitAndTools.qgit
+    git-preview
     gnome3.dconf
     lm_sensors
     mpv-poll
@@ -87,19 +88,18 @@ in {
     rxvt_unicode_with-plugins
     slock
     sxiv
-    timewarrior
     taskwarrior
     termite
+    thesauron
+    timewarrior
     xclip
+    xephyrify
     xorg.xbacklight
     xorg.xhost
     xsel
     youtube-tools
     yt-next
     zathura
-
-    cabal2nix
-    xephyrify
   ];
 
   fonts.fonts = with pkgs; [
-- 
cgit v1.2.3


From aecf06a8bfa5e5d444bff6d5c4430250a2684d34 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:06:50 +0200
Subject: l websites domsen: remove old, add new

---
 lass/2configs/websites/domsen.nix | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 7a72499c9..c75cc81fc 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -26,12 +26,7 @@ in {
     ./default.nix
     ./sqlBackup.nix
     (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
-    (servePage [
-      "habsys.de"
-      "habsys.eu"
-      "www.habsys.de"
-      "www.habsys.eu"
-    ])
+    (servePage [ "freemonkey.art" ])
     (serveOwncloud [ "o.ubikmedia.de" ])
     (serveWordpress [
       "ubikmedia.de"
-- 
cgit v1.2.3


From cb41b35641eba3c0e88c87604072405ecc8fc5f7 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:09:50 +0200
Subject: l websites domsen: add akayguen

---
 lass/2configs/websites/domsen.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index c75cc81fc..4e8361a17 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -115,6 +115,7 @@ in {
       { from = "jms@ubikmedia.eu"; to = "jms"; }
       { from = "ms@ubikmedia.eu"; to = "ms"; }
       { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
+      { from = "akayguen@freemonkey.art"; to ="akayguen"; }
 
       { from = "testuser@lassul.us"; to = "testuser"; }
       { from = "testuser@ubikmedia.eu"; to = "testuser"; }
@@ -172,5 +173,12 @@ in {
     createHome = true;
   };
 
+  users.users.akayguen = {
+    uid = genid_signed "akayguen";
+    home = "/home/akayguen";
+    useDefaultShell = true;
+    createHome = true;
+  };
+
 }
 
-- 
cgit v1.2.3


From 3fc6ff613ff9a1c5e439d6061a2580271dcfc368 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:15:54 +0200
Subject: l mails: add elitedangerous@lassul.us

---
 lass/2configs/exim-smarthost.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index e05ed2427..fe79ce82b 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -80,6 +80,7 @@ with import <stockholm/lib>;
       { from = "hetzner@lassul.us"; to = lass.mail; }
       { from = "allygator@lassul.us"; to = lass.mail; }
       { from = "immoscout@lassul.us"; to = lass.mail; }
+      { from = "elitedangerous@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }
-- 
cgit v1.2.3


From efb7452a0c5f0d4109ae188dc6abda46a20e394c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:20:08 +0200
Subject: l websites util: make ssl optional again

---
 lass/2configs/websites/util.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index a11e8e692..816449c14 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -16,7 +16,7 @@ rec {
     in {
       services.nginx.virtualHosts.${domain} = {
         enableACME = true;
-        forceSSL = true;
+        addSSL = true;
         serverAliases = domains;
         locations."/".extraConfig = ''
           root /srv/http/${domain};
@@ -83,7 +83,7 @@ rec {
     in {
       services.nginx.virtualHosts."${domain}" = {
         enableACME = true;
-        forceSSL = true;
+        addSSL = true;
         serverAliases = domains;
         extraConfig = ''
           # Add headers to serve security related headers
@@ -194,7 +194,7 @@ rec {
     in {
       services.nginx.virtualHosts."${domain}" = {
         enableACME = true;
-        forceSSL = true;
+        addSSL = true;
         serverAliases = domains;
         extraConfig = ''
           root /srv/http/${domain}/;
-- 
cgit v1.2.3


From 2e7bcebfd07080db071f07c3ad8e42e136857c31 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 17:32:00 +0200
Subject: l container-networking: set ipv4.ip_forward

---
 lass/2configs/container-networking.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/container-networking.nix b/lass/2configs/container-networking.nix
index 3dae3420d..98b56bd41 100644
--- a/lass/2configs/container-networking.nix
+++ b/lass/2configs/container-networking.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ lib, ... }:
 
 {
   #krebs.iptables.tables.filter.INPUT.rules = [
@@ -24,4 +24,5 @@
     { v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
     { v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
   ];
+  boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault 1;
 }
-- 
cgit v1.2.3


From 2ed1a763c8db130262394649a0cc0ca3eb6cf8f2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 20:19:57 +02