From 42002f8f3ddb6cbb321b6909d8ebd9d0c412eb30 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 5 Nov 2018 16:22:39 +0100
Subject: ma nextgum.r becomes gum.r

---
 1systems/gum/config.nix | 145 ++++++++++++++++++++++++++++++------------------
 1 file changed, 90 insertions(+), 55 deletions(-)

(limited to '1systems/gum/config.nix')

diff --git a/1systems/gum/config.nix b/1systems/gum/config.nix
index af2e6f6b0..118b5b9d4 100644
--- a/1systems/gum/config.nix
+++ b/1systems/gum/config.nix
@@ -8,16 +8,22 @@ in {
   imports = [
       <stockholm/makefu>
       ./hardware-config.nix
+      ./transfer-config.nix
+      {
+        users.users.lass = {
+          uid = 9002;
+          isNormalUser = true;
+          createHome = true;
+          useDefaultShell = true;
+          openssh.authorizedKeys.keys = with config.krebs.users; [
+            lass.pubkey
+            makefu.pubkey
+          ];
+        };
+      }
       <stockholm/makefu/2configs/headless.nix>
       # <stockholm/makefu/2configs/smart-monitor.nix>
 
-      <stockholm/makefu/2configs/git/cgit-retiolum.nix>
-      <stockholm/makefu/2configs/backup/state.nix>
-      # <stockholm/makefu/2configs/mattermost-docker.nix>
-      # <stockholm/makefu/2configs/disable_v6.nix>
-      <stockholm/makefu/2configs/exim-retiolum.nix>
-      <stockholm/makefu/2configs/tinc/retiolum.nix>
-
       # Security
       <stockholm/makefu/2configs/sshd-totp.nix>
 
@@ -26,69 +32,90 @@ in {
       <stockholm/makefu/2configs/tools/dev.nix>
       <stockholm/makefu/2configs/tools/sec.nix>
       <stockholm/makefu/2configs/zsh-user.nix>
+      <stockholm/makefu/2configs/mosh.nix>
+      # <stockholm/makefu/2configs/gui/xpra.nix>
+
+      # networking
+      <stockholm/makefu/2configs/vpn/openvpn-server.nix>
+      # <stockholm/makefu/2configs/vpn/vpnws/server.nix>
+      #<stockholm/makefu/2configs/dnscrypt/server.nix>
+      <stockholm/makefu/2configs/iodined.nix>
+      # <stockholm/makefu/2configs/backup.nix>
+      <stockholm/makefu/2configs/tinc/retiolum.nix>
+
+      # ci
+      # <stockholm/makefu/2configs/exim-retiolum.nix>
+      <stockholm/makefu/2configs/git/cgit-retiolum.nix>
+      <stockholm/makefu/2configs/shack/gitlab-runner>
+      <stockholm/makefu/2configs/remote-build/slave.nix>
+      <stockholm/makefu/2configs/taskd.nix>
 
       # services
+      <stockholm/makefu/2configs/sabnzbd.nix>
+      <stockholm/makefu/2configs/mail/mail.euer.nix>
+
+      # sharing
       <stockholm/makefu/2configs/share/gum.nix>
-      # <stockholm/makefu/2configs/sabnzbd.nix>
       <stockholm/makefu/2configs/torrent.nix>
-      <stockholm/makefu/2configs/mosh.nix>
-      # <stockholm/makefu/2configs/retroshare.nix>
+      #<stockholm/makefu/2configs/retroshare.nix>
+      ## <stockholm/makefu/2configs/ipfs.nix>
+      #<stockholm/makefu/2configs/syncthing.nix>
+      { # ncdc
+        environment.systemPackages = [ pkgs.ncdc ];
+        networking.firewall = {
+          allowedUDPPorts = [ 51411 ];
+          allowedTCPPorts = [ 51411 ];
+        };
+      }
+      # <stockholm/makefu/2configs/opentracker.nix>
 
-      # network
+      ## network
       <stockholm/makefu/2configs/vpn/openvpn-server.nix>
       # <stockholm/makefu/2configs/vpn/vpnws/server.nix>
       <stockholm/makefu/2configs/dnscrypt/server.nix>
+      <stockholm/makefu/2configs/binary-cache/server.nix>
+      <stockholm/makefu/2configs/backup/server.nix>
       <stockholm/makefu/2configs/iodined.nix>
+      <stockholm/makefu/2configs/bitlbee.nix>
+      <stockholm/makefu/2configs/wireguard/server.nix>
 
-      # buildbot
-      <stockholm/makefu/2configs/remote-build/slave.nix>
-      <stockholm/makefu/2configs/shack/gitlab-runner>
-
-      ## Web
+      # Removed until move: no extra mails
+      <stockholm/makefu/2configs/urlwatch>
+      # Removed until move: avoid letsencrypt ban
+      ### Web
       #<stockholm/makefu/2configs/nginx/share-download.nix>
       #<stockholm/makefu/2configs/nginx/euer.test.nix>
-      #<stockholm/makefu/2configs/nginx/euer.mon.nix>
-      #<stockholm/makefu/2configs/nginx/euer.wiki.nix>
-      #<stockholm/makefu/2configs/nginx/euer.blog.nix>
+      <stockholm/makefu/2configs/nginx/euer.mon.nix>
+      <stockholm/makefu/2configs/nginx/euer.wiki.nix>
+      <stockholm/makefu/2configs/nginx/euer.blog.nix>
       ## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
       #<stockholm/makefu/2configs/nginx/public_html.nix>
       #<stockholm/makefu/2configs/nginx/update.connector.one.nix>
-      #<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
-
-      # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
-      # <stockholm/makefu/2configs/deployment/graphs.nix>
-      # <stockholm/makefu/2configs/deployment/owncloud.nix>
-      # <stockholm/makefu/2configs/deployment/boot-euer.nix>
-      # <stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
-
-      # <stockholm/makefu/2configs/ipfs.nix>
-      # <stockholm/makefu/2configs/syncthing.nix>
+      <stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
+      <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
+      <stockholm/makefu/2configs/nginx/iso.euer.nix>
+      <stockholm/makefu/2configs/shack/events-publisher>
 
-      # <stockholm/makefu/2configs/opentracker.nix>
-      <stockholm/makefu/2configs/dcpp/hub.nix>
-      <stockholm/makefu/2configs/dcpp/airdcpp.nix>
+      <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
+      <stockholm/makefu/2configs/deployment/graphs.nix>
+      <stockholm/makefu/2configs/deployment/owncloud.nix>
+      <stockholm/makefu/2configs/deployment/boot-euer.nix>
+      <stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
 
       <stockholm/makefu/2configs/stats/client.nix>
       # <stockholm/makefu/2configs/logging/client.nix>
 
-      # Temporary:
+      # sharing
+      <stockholm/makefu/2configs/dcpp/airdcpp.nix>
+      <stockholm/makefu/2configs/dcpp/hub.nix>
+
+      ## Temporary:
       # <stockholm/makefu/2configs/temp/rst-issue.nix>
       <stockholm/makefu/2configs/virtualisation/docker.nix>
+      <stockholm/makefu/2configs/virtualisation/libvirt.nix>
 
-      #{
-      #  services.dockerRegistry.enable = true;
-      #  networking.firewall.allowedTCPPorts = [ 8443 ];
-
-      #  services.nginx.virtualHosts."euer.krebsco.de" = {
-      #    forceSSL = true;
-      #    enableACME = true;
-      #    extraConfig = ''
-      #      client_max_body_size 1000M;
-      #    '';
-      #    locations."/".proxyPass = "http://localhost:5000";
-      #  };
-      #}
-
+      # krebs infrastructure services
+      <stockholm/makefu/2configs/stats/server.nix>
   ];
   makefu.dl-dir = "/var/download";
 
@@ -106,9 +133,7 @@ in {
       ListenAddress = ${external-ip} 21031
     '';
     connectTo = [
-      "muhbaasu" "tahoe" "flap" "wry"
-      "ni"
-      "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
+      "prism" "ni" "enklave" "dishfire" "echelon" "hotdog"
     ];
   };
 
@@ -119,12 +144,21 @@ in {
     makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
   };
 
+  # Chat
+  environment.systemPackages = with pkgs;[
+    weechat
+    bepasty-client-cli
+    tmux
+  ];
+
+  # Hardware
+
   # Network
   networking = {
     firewall = {
-      allowPing = true;
-      logRefusedConnections = false;
-      allowedTCPPorts = [
+        allowPing = true;
+        logRefusedConnections = false;
+        allowedTCPPorts = [
           # smtp
           25
           # http
@@ -152,9 +186,10 @@ in {
           # tinc-shack
           21032
         ];
-      };
-      nameservers = [ "8.8.8.8" ];
     };
+    nameservers = [ "8.8.8.8" ];
+  };
   users.users.makefu.extraGroups = [ "download" "nginx" ];
   boot.tmpOnTmpfs = true;
+  state = [ "/home/makefu/.weechat" ];
 }
-- 
cgit v1.2.3