From c3319b88bdf17d956ff4d80d3f2747fc6c47c176 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Jul 2016 23:49:03 +0200 Subject: l 2 websites fritz: add golbarrendiebstahl --- lass/2configs/websites/fritz.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'lass') diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 39f0cce06..48d96b1bf 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -7,6 +7,7 @@ let head ; inherit (import {inherit lib pkgs;}) + manageCerts ssl servePage serveWordpress @@ -48,6 +49,9 @@ in { (ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ]) (servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ]) + + (manageCerts [ "goldbarrendiebstahl.radical-dreamers.de" ]) + (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ]) ]; lass.mysqlBackup.config.all.databases = [ @@ -74,6 +78,16 @@ in { config.krebs.users.fritz.pubkey ]; + users.users.goldbarrendiebstahl = { + home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de"; + uid = genid "goldbarrendiebstahl"; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.fritz.pubkey + ]; + }; + services.phpfpm.phpIni = pkgs.runCommand "php.ini" { options = '' extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so -- cgit v1.2.3 From 169e5e6c4e9dfc14b5929262531141d6d3337767 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 14 Jul 2016 18:33:56 +0200 Subject: l 2 nixpkgs: 446d4c1 -> 11a7899 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 0f940a369..bfbd187f4 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs = { url = https://github.com/lassulus/nixpkgs; - rev = "446d4c1fc10f53cf97abea1996d067ad93de2ded"; + rev = "11a7899222929b6eb0951f7a1c0182f65b3b4637"; }; } -- cgit v1.2.3 From 38a50ffaeb10812eaa9530d8df0381f2d13e360c Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 14 Jul 2016 21:18:02 +0200 Subject: l 2 buildbot: add vbob wbob & shoney --- lass/2configs/buildbot-standalone.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 04bdcf9d8..12e378667 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -90,7 +90,7 @@ in { method=build \ system={}".format(i)]) - for i in [ "pornocauster", "wry" ]: + for i in [ "pornocauster", "wry", "vbob", "wbob", "shoney" ]: addShell(f,name="build-{}".format(i),env=env_makefu, command=nixshell + \ ["make \ -- cgit v1.2.3 From ef71793d2507bbee8a5c85842fb90a1f5d00ab3b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Jul 2016 00:01:17 +0200 Subject: l 1 prism: inherit home from krebs.users.tv --- lass/1systems/prism.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 77d72a5ac..1bc8d5744 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -226,7 +226,7 @@ in { { users.users.tv = { uid = genid "tv"; - home = "/home/tv"; + inherit (config.krebs.users.tv) home; group = "users"; createHome = true; useDefaultShell = true; -- cgit v1.2.3 From 6ba6f28a5361a62ecb495bb10a7bfb820760dbdb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Jul 2016 00:02:34 +0200 Subject: l 2: add audit.nix --- lass/2configs/audit.nix | 9 +++++++++ lass/2configs/default.nix | 11 ++++++----- 2 files changed, 15 insertions(+), 5 deletions(-) create mode 100644 lass/2configs/audit.nix (limited to 'lass') diff --git a/lass/2configs/audit.nix b/lass/2configs/audit.nix new file mode 100644 index 000000000..644741a5b --- /dev/null +++ b/lass/2configs/audit.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + security.audit = { + rules = [ + "-a task,never" + ]; + }; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 81abff3ed..622ef1185 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -3,13 +3,14 @@ with config.krebs.lib; { imports = [ - ../2configs/vim.nix - ../2configs/zsh.nix - ../2configs/mc.nix - ../2configs/retiolum.nix - ../2configs/nixpkgs.nix + ../2configs/audit.nix ../2configs/binary-cache/client.nix ../2configs/gc.nix + ../2configs/mc.nix + ../2configs/nixpkgs.nix + ../2configs/retiolum.nix + ../2configs/vim.nix + ../2configs/zsh.nix ./backups.nix { users.extraUsers = -- cgit v1.2.3 From 12223227b9bb87bd963913d829f0e80b5785b5d4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Jul 2016 20:25:42 +0200 Subject: l 2 nixpkgs: adapt to new populate --- lass/2configs/nixpkgs.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index bfbd187f4..931aabf08 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -1,8 +1,8 @@ { ... }: { - krebs.build.source.nixpkgs = { + krebs.build.source.nixpkgs.git = { url = https://github.com/lassulus/nixpkgs; - rev = "11a7899222929b6eb0951f7a1c0182f65b3b4637"; + ref = "11a7899222929b6eb0951f7a1c0182f65b3b4637"; }; } -- cgit v1.2.3 From 53d0ca2ddff537495ca96fb134663431a7b4cee3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Jul 2016 21:05:05 +0200 Subject: l 2 buildbot: fix target string --- lass/2configs/buildbot-standalone.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 46a4157ee..ea6e38dda 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -86,7 +86,7 @@ in { ["make \ test \ ssh=${sshWrapper} \ - target=build@localhost:${config.users.users.build.home}/testbuild \ + target=build@localhost${config.users.users.build.home}/testbuild \ method=build \ system={}".format(i)]) @@ -96,7 +96,7 @@ in { ["make \ test \ ssh=${sshWrapper} \ - target=build@localhost:${config.users.users.build.home}/testbuild \ + target=build@localhost${config.users.users.build.home}/testbuild \ method=build \ system={}".format(i)]) -- cgit v1.2.3 From 461637c92851b2f57a5814ff4b2988bcf9a184a5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Jul 2016 21:05:24 +0200 Subject: l 2 buildbot: set NIX_PATH to /var/src --- lass/2configs/buildbot-standalone.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index ea6e38dda..5afb23687 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -147,7 +147,7 @@ in { password = "lasspass"; packages = with pkgs; [ gnumake jq nix populate ]; extraEnviron = { - NIX_PATH="nixpkgs=/var/src/nixpkgs"; + NIX_PATH="/var/src"; }; }; config.krebs.iptables = { -- cgit v1.2.3 From 0c40af375f26788bd098b7594ae5425fedd68fb4 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 20 Jul 2016 17:20:47 +0200 Subject: / : s/krebs\.retiolum/krebs.tinc.retiolum/g --- lass/2configs/retiolum.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 89e0f217a..eba40532d 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -12,7 +12,7 @@ }; }; - krebs.retiolum = { + krebs.tinc.retiolum = { enable = true; connectTo = [ "prism" -- cgit v1.2.3 From 6bb208cb691565e74b4e0350cf90e0f8b21fd8e9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 21 Jul 2016 19:40:38 +0200 Subject: l 2 nixpkgs: 11a7899 -> c6ca9c8 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 931aabf08..b758bc24a 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/lassulus/nixpkgs; - ref = "11a7899222929b6eb0951f7a1c0182f65b3b4637"; + ref = "c6ca9c8c8b7eb8f8e68868e36fb90e162adf080f"; }; } -- cgit v1.2.3 From d9c6fe8d3a1ea436f0f144559cd0f52c080bc9ea Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 21 Jul 2016 19:47:42 +0200 Subject: l 2: move domes mail stuff to 2/websites --- lass/2configs/exim-smarthost.nix | 1 - lass/2configs/websites/domsen.nix | 43 +++++++++++++++++++++++++++++++-------- 2 files changed, 35 insertions(+), 9 deletions(-) (limited to 'lass') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 1ba99c8cb..00a3612fd 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -27,7 +27,6 @@ with config.krebs.lib; { from = "lass@aidsballs.de"; to = lass.mail; } { from = "wordpress@ubikmedia.de"; to = lass.mail; } { from = "finanzamt@lassul.us"; to = lass.mail; } - { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } { from = "netzclub@lassul.us"; to = lass.mail; } { from = "nebenan@lassul.us"; to = lass.mail; } ]; diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 07df2e8de..becd1a872 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -110,14 +110,6 @@ in { }; }; - users.users.domsen = { - uid = genid "domsen"; - description = "maintenance acc for domsen"; - home = "/home/domsen"; - useDefaultShell = true; - extraGroups = [ "nginx" ]; - createHome = true; - }; #services.phpfpm.phpOptions = '' # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so @@ -133,5 +125,40 @@ in { cat ${pkgs.php}/etc/php-recommended.ini > $out echo "$options" >> $out ''; + + # MAIL STUFF + # TODO: make into its own module + services.dovecot2 = { + enable = true; + mailLocation = "maildir:~/Mail"; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport pop3"; target = "ACCEPT"; } + { predicate = "-p tcp --dport imap"; target = "ACCEPT"; } + ]; + krebs.exim-smarthost = { + internet-aliases = [ + { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } + { from = "mail@jla-trading.com"; to = "jla-trading"; } + ]; + system-aliases = [ + ]; + }; + + users.users.domsen = { + uid = genid "domsen"; + description = "maintenance acc for domsen"; + home = "/home/domsen"; + useDefaultShell = true; + extraGroups = [ "nginx" ]; + createHome = true; + }; + + users.users.jla-trading = { + uid = genid "jla-trading"; + home = "/home/jla-trading"; + useDefaultShell = true; + createHome = true; + }; } -- cgit v1.2.3 From 617814725be64d5a7ce00c8a86a600644c963c67 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 21 Jul 2016 21:26:16 +0200 Subject: l 2 downloading: remove folderPermissions --- lass/2configs/downloading.nix | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'lass') diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index cf9b631c8..597d20721 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -5,9 +5,6 @@ with config.krebs.lib; let rpc-password = import ; in { - imports = [ - ../3modules/folderPerms.nix - ]; users.extraUsers = { download = { @@ -64,15 +61,4 @@ in { { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } ]; }; - - lass.folderPerms = { - enable = true; - permissions = [ - { - path = "/var/download"; - permission = "775"; - owner = "transmission:download"; - } - ]; - }; } -- cgit v1.2.3 From 0bd78c3b0de0fa79322e9031f45dcc62abd094d1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 21 Jul 2016 21:28:21 +0200 Subject: l 2 git: (re)move some repo-sync repos --- lass/2configs/repo-sync.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 45a4e2afd..027f31fe0 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -91,12 +91,11 @@ in { (sync-remote "repo-sync" "https://github.com/makefu/repo-sync") (sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger") (sync-remote "xintmap" "https://github.com/4z3/xintmap") + (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper") (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs") (sync-retiolum "go") (sync-retiolum "much") (sync-retiolum "newsbot-js") - (sync-retiolum "painload") - (sync-retiolum "realwallpaper") (sync-retiolum "stockholm") (sync-retiolum "wai-middleware-time") (sync-retiolum "web-routes-wai-custom") -- cgit v1.2.3