From c0a4063c2d183ecf1cf7a1dc4e1a35f1f1be0733 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Sep 2017 21:13:53 +0200 Subject: l bepasty: forceSSL conflicts with enableSSL --- lass/2configs/bepasty.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix index b2d40d4f3..43647892f 100644 --- a/lass/2configs/bepasty.nix +++ b/lass/2configs/bepasty.nix @@ -31,7 +31,6 @@ in { } // genAttrs ext-doms (ext-dom: { nginx = { - enableSSL = true; forceSSL = true; enableACME = true; }; -- cgit v1.2.3 From 5ab273b5364a35fed96473e4290147940425c6b3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Oct 2017 18:45:28 +0200 Subject: l wine: pkgs.wineFull -> pkgs.wine --- lass/2configs/wine.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 2444d32d3..0d2b731ca 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -5,7 +5,7 @@ let in { krebs.per-user.wine.packages = with pkgs; [ - wineFull + wine #(wineFull.override { wineBuild = "wine64"; }) ]; users.users= { -- cgit v1.2.3 From 958e86fadf2a2ca2901e7bd5fd8a0fcc16cbe103 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Oct 2017 11:38:11 +0200 Subject: l copyq: fix startup --- lass/2configs/copyq.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index b255254f2..fa01a99c9 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -25,12 +25,15 @@ in { environment = { DISPLAY = ":0"; }; + path = with pkgs; [ + qt5.full + ]; serviceConfig = { SyslogIdentifier = "copyq"; ExecStart = "${pkgs.copyq}/bin/copyq"; ExecStartPost = copyqConfig; Restart = "always"; - RestartSec = "2s"; + RestartSec = "15s"; StartLimitBurst = 0; User = "lass"; }; -- cgit v1.2.3 From c54d84b9efe01a7f4f8837b2308b7e2d61f1926f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Oct 2017 13:43:13 +0200 Subject: l sqlBackup: set mysql.dataDir to /var/mysql --- lass/2configs/websites/sqlBackup.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix index 7cb4b320e..2fffa6cc9 100644 --- a/lass/2configs/websites/sqlBackup.nix +++ b/lass/2configs/websites/sqlBackup.nix @@ -3,12 +3,13 @@ { krebs.secret.files.mysql_rootPassword = { path = "${config.services.mysql.dataDir}/mysql_rootPassword"; - owner.name = "root"; + owner.name = "mysql"; source-path = toString + "/mysql_rootPassword"; }; services.mysql = { enable = true; + dataDir = "/var/mysql"; package = pkgs.mariadb; rootPassword = config.krebs.secret.files.mysql_rootPassword.path; }; -- cgit v1.2.3 From c37c047ee6c080f7d76f2e19269162615a9aacfb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Oct 2017 13:43:31 +0200 Subject: l weechat: open mosh port --- lass/2configs/weechat.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index 4b6445619..d5496ac09 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -21,6 +21,11 @@ in { ]; }; + # mosh + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + ]; + #systemd.services.chat = { # description = "chat environment setup"; # after = [ "network.target" ]; -- cgit v1.2.3 From 3be76df6c9ea70c56eee66935476bd4738912171 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Oct 2017 23:51:11 +0200 Subject: l websites lass: use addSSL --- lass/2configs/websites/lassulus.nix | 32 +++----------------------------- 1 file changed, 3 insertions(+), 29 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 17c39a5f4..77790e8b8 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -73,17 +73,6 @@ in { allowKeysForGroup = true; group = "lasscert"; }; - certs."cgit.lassul.us" = { - email = "lassulus@gmail.com"; - webroot = "/var/lib/acme/acme-challenges"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - ]; - group = "nginx"; - allowKeysForGroup = true; - }; }; krebs.tinc_graphs.enable = true; @@ -119,6 +108,7 @@ in { ]; services.nginx.virtualHosts."lassul.us" = { + addSSL = true; enableACME = true; serverAliases = [ "lassul.us" ]; locations."/".extraConfig = '' @@ -158,30 +148,14 @@ in { in '' alias ${initscript}; ''; - - enableSSL = true; - extraConfig = '' - listen 80; - listen [::]:80; - ''; - sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/lassul.us/key.pem"; }; services.nginx.virtualHosts.cgit = { + addSSL = true; + enableACME = true; serverAliases = [ "cgit.lassul.us" ]; - locations."/.well-known/acme-challenge".extraConfig = '' - root /var/lib/acme/acme-challenges; - ''; - enableSSL = true; - extraConfig = '' - listen 80; - listen [::]:80; - ''; - sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; }; users.users.blog = { -- cgit v1.2.3 From 387bf34e82a5cb5cf82288cf3c58fff5b1bb4ce5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Oct 2017 23:53:43 +0200 Subject: l pass: gnupg1 -> gnupg --- lass/2configs/pass.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 5bd2f2f7f..43eb0db9b 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -3,7 +3,7 @@ { krebs.per-user.lass.packages = with pkgs; [ pass - gnupg1 + gnupg ]; } -- cgit v1.2.3 From 579b2cbecf8cec8786864bb2bdf6ffaf6bcf65b4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 05:01:00 +0200 Subject: l websites: remove deprecated attributes --- lass/2configs/websites/lassulus.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 77790e8b8..6e185a4d6 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -110,7 +110,6 @@ in { services.nginx.virtualHosts."lassul.us" = { addSSL = true; enableACME = true; - serverAliases = [ "lassul.us" ]; locations."/".extraConfig = '' root /srv/http/lassul.us; ''; @@ -151,11 +150,9 @@ in { }; services.nginx.virtualHosts.cgit = { + serverName = "cgit.lassul.us"; addSSL = true; enableACME = true; - serverAliases = [ - "cgit.lassul.us" - ]; }; users.users.blog = { -- cgit v1.2.3 From be4bfed6eddb2e957301a6734725a99d181d3753 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 05:05:00 +0200 Subject: l pass: activate gnupg-agent --- lass/2configs/pass.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 43eb0db9b..1c253a6c5 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -6,4 +6,5 @@ gnupg ]; + programs.gnupg.agent.enable = true; } -- cgit v1.2.3 From 4e6827b8cd1e1edce7a27a6d6b2afda6ce6b7bc9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 05:28:32 +0200 Subject: l gc: deactivate on helios --- lass/2configs/gc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index 00f318e51..ad015180a 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -3,6 +3,6 @@ with import ; { nix.gc = { - automatic = ! elem config.krebs.build.host.name [ "prism" "mors" ]; + automatic = ! elem config.krebs.build.host.name [ "prism" "mors" "helios" ]; }; } -- cgit v1.2.3 From ba663f044508ec596b6f9ab22a43e39677bcf3c2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 15:50:45 +0200 Subject: l helios.r: add dcsovpn --- lass/2configs/dcso-vpn.nix | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 lass/2configs/dcso-vpn.nix (limited to 'lass/2configs') diff --git a/lass/2configs/dcso-vpn.nix b/lass/2configs/dcso-vpn.nix new file mode 100644 index 000000000..0a5623bf0 --- /dev/null +++ b/lass/2configs/dcso-vpn.nix @@ -0,0 +1,44 @@ +with import ; +{ ... }: + +{ + + users.extraUsers = { + dcsovpn = rec { + name = "dcsovpn"; + uid = genid "dcsovpn"; + description = "user for running dcso openvpn"; + home = "/home/${name}"; + }; + }; + + users.extraGroups.dcsovpn.gid = genid "dcsovpn"; + + services.openvpn.servers = { + dcso = { + config = '' + client + dev tun + tun-mtu 1356 + mssfix + proto udp + float + remote 217.111.55.41 1194 + nobind + user dcsovpn + group dcsovpn + persist-key + persist-tun + ca ${toString } + cert ${toString } + key ${toString } + verb 3 + mute 20 + auth-user-pass ${toString } + route-method exe + route-delay 2 + ''; + updateResolvConf = true; + }; + }; +} -- cgit v1.2.3 From 54d20b612f126ae64c807aa2b68f18836e824d69 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Oct 2017 16:08:55 +0200 Subject: l dummy-secrets: add dcsovpn --- lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem | 0 lass/2configs/tests/dummy-secrets/dcsovpn/cert.key | 0 lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem | 0 lass/2configs/tests/dummy-secrets/dcsovpn/login.txt | 0 4 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem create mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/cert.key create mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem create mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/login.txt (limited to 'lass/2configs') diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem new file mode 100644 index 000000000..e69de29bb diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key new file mode 100644 index 000000000..e69de29bb diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem new file mode 100644 index 000000000..e69de29bb diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt b/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt new file mode 100644 index 000000000..e69de29bb -- cgit v1.2.3