summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2021-02-19 16:03:20 +0100
committermakefu <github@syntax-fehler.de>2021-02-19 16:03:20 +0100
commitd239a236b03fd4bbcf936bed027d9c0ef76b726f (patch)
tree5d6653d0ad1a0b22bff4ef16ec254807f1e178b1 /krebs
parentcacc5ca5231c85856a0974d7d6fe9cc8f5444aba (diff)
parent8b7477926d0b7c1ac3d92d07e6934f9e593ea9ff (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'krebs')
-rw-r--r--krebs/2configs/ircd.nix18
-rw-r--r--krebs/2configs/shack/glados/default.nix9
-rw-r--r--krebs/3modules/lass/default.nix52
3 files changed, 63 insertions, 16 deletions
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 789fc2f2f..0de07a027 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -5,6 +5,8 @@
6667 6669
];
+ systemd.services.charybdis.serviceConfig.LimitNOFILE = 16384;
+
krebs.charybdis = {
enable = true;
motd = ''
@@ -15,7 +17,7 @@
serverinfo {
name = "${config.krebs.build.host.name}.irc.r";
sid = "1as";
- description = "miep!";
+ description = "irc!";
network_name = "irc.r";
vhost = "0.0.0.0";
@@ -26,7 +28,7 @@
#ssl_dh_params = "etc/dh.pem";
#ssld_count = 1;
- default_max_clients = 100000;
+ default_max_clients = 2048;
#nicklen = 30;
};
@@ -38,12 +40,12 @@
*/
host = "0.0.0.0";
port = 6667;
- sslport = 6697;
+ #sslport = 6697;
/* Listen on IPv6 (if you used host= above). */
host = "::";
port = 6667;
- sslport = 6697;
+ #sslport = 6697;
};
class "users" {
@@ -53,9 +55,9 @@
number_per_ip_global = 4096;
cidr_ipv4_bitlen = 24;
cidr_ipv6_bitlen = 64;
- number_per_cidr = 65536;
- max_number = 100000;
- sendq = 10 megabyte;
+ number_per_cidr = 65535;
+ max_number = 65535;
+ sendq = 1000 megabyte;
};
privset "op" {
@@ -91,7 +93,7 @@
use_knock = yes;
knock_delay = 5 minutes;
knock_delay_channel = 1 minute;
- max_chans_per_user = 15;
+ max_chans_per_user = 150;
max_bans = 100;
max_bans_large = 500;
default_split_user_count = 0;
diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix
index d546564c5..53d6e6f4a 100644
--- a/krebs/2configs/shack/glados/default.nix
+++ b/krebs/2configs/shack/glados/default.nix
@@ -1,5 +1,11 @@
{ config, pkgs, lib, ... }:
let
+ unstable = import (pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = (lib.importJSON ../../../nixpkgs-unstable.json).rev;
+ sha256 = (lib.importJSON ../../../nixpkgs-unstable.json).sha256;
+ }) {};
in {
services.nginx.virtualHosts."hass.shack" = {
serverAliases = [ "glados.shack" ];
@@ -40,6 +46,9 @@ in {
{
enable = true;
autoExtraComponents = true;
+ package = unstable.home-assistant.overrideAttrs (old: {
+ doInstallCheck = false;
+ });
config = {
homeassistant = {
name = "Glados";
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index c5cf5cb15..6978c0b4e 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -125,7 +125,6 @@ in {
ip6.addr = r6 "1e1";
aliases = [
"uriel.r"
- "cgit.uriel.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -151,7 +150,6 @@ in {
ip6.addr = r6 "dea7";
aliases = [
"mors.r"
- "cgit.mors.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -185,7 +183,6 @@ in {
ip6.addr = r6 "50da";
aliases = [
"shodan.r"
- "cgit.shodan.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -220,7 +217,6 @@ in {
ip6.addr = r6 "1205";
aliases = [
"icarus.r"
- "cgit.icarus.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -254,7 +250,6 @@ in {
ip6.addr = r6 "daed";
aliases = [
"daedalus.r"
- "cgit.daedalus.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -286,7 +281,6 @@ in {
ip6.addr = r6 "5ce7";
aliases = [
"skynet.r"
- "cgit.skynet.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -688,11 +682,53 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU ";
syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN";
};
+
+ coaxmetal = {
+ cores = 16;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.17";
+ ip6.addr = r6 "17";
+ aliases = [
+ "coaxmetal.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA
+ xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK
+ gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU
+ WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek
+ ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32
+ G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F
+ G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO
+ IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX
+ K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE
+ 7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly
+ bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo
+ l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ wiregrill = {
+ ip6.addr = w6 "17";
+ aliases = [
+ "coaxmetal.w"
+ ];
+ wireguard.pubkey = ''
+ lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38=
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET ";
+ syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ";
+ };
+
};
users = rec {
- lass = lass-blue;
+ lass = lass-yubikey;
lass-yubikey = {
- mail = lass.mail;
+ mail = "lass@lassul.us";
pubkey = builtins.readFile ./ssh/yubikey.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp;
};