From c0f7f7bab5447ebf95f4873f7ff9679938ff6d27 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 7 May 2018 19:56:26 +0200
Subject: l baseX: add dconf

---
 lass/2configs/baseX.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index e2e44b6fc..809297655 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -74,6 +74,7 @@ in {
     gi
     git-preview
     gitAndTools.qgit
+    gnome3.dconf
     lm_sensors
     mpv-poll
     much
-- 
cgit v1.2.3


From e8c4f7c0e40a1612731ad9f68ef7f5bb1ec7ce1c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 7 May 2018 19:57:44 +0200
Subject: l websites utils: forceSSL

---
 lass/2configs/websites/util.nix | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index 61b5543ce..a11e8e692 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -16,11 +16,7 @@ rec {
     in {
       services.nginx.virtualHosts.${domain} = {
         enableACME = true;
-        onlySSL = true;
-        extraConfig = ''
-          listen 80;
-          listen [::]:80;
-        '';
+        forceSSL = true;
         serverAliases = domains;
         locations."/".extraConfig = ''
           root /srv/http/${domain};
@@ -87,12 +83,9 @@ rec {
     in {
       services.nginx.virtualHosts."${domain}" = {
         enableACME = true;
-        onlySSL = true;
+        forceSSL = true;
         serverAliases = domains;
         extraConfig = ''
-          listen 80;
-          listen [::]:80;
-
           # Add headers to serve security related headers
           add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
           add_header X-Content-Type-Options nosniff;
@@ -201,12 +194,9 @@ rec {
     in {
       services.nginx.virtualHosts."${domain}" = {
         enableACME = true;
-        onlySSL = true;
+        forceSSL = true;
         serverAliases = domains;
         extraConfig = ''
-          listen 80;
-          listen [::]:80;
-
           root /srv/http/${domain}/;
           index index.php;
           access_log /tmp/nginx_acc.log;
-- 
cgit v1.2.3


From 8b1d1b8d913004951e0c2fd46c6b7d2a3c27148a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 13 May 2018 19:35:28 +0200
Subject: l git: don't announce nixos-aws

---
 lass/2configs/git.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 43085ba5e..f9e326333 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -57,17 +57,17 @@ let
       cgit.desc = "Fork of nix-user-chroot my lethalman";
       cgit.section = "software";
     };
+    krops = {
+      cgit.desc = "krebs deployment";
+      cgit.section = "software";
+    };
+  } // mapAttrs make-public-repo-silent {
     nixos-aws = {
       collaborators = [ {
         name = "fabio";
         pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada";
       } ];
     };
-    krops = {
-      cgit.desc = "krebs deployment";
-      cgit.section = "software";
-    };
-  } // mapAttrs make-public-repo-silent {
   };
 
   restricted-repos = mapAttrs make-restricted-repo (
-- 
cgit v1.2.3


From 619131d246ead21ba001644be82686ce31138773 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 13 May 2018 22:27:15 +0200
Subject: l git: add icarus to admin users

---
 lass/2configs/git.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index f9e326333..712a15342 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -121,7 +121,7 @@ let
     with git // config.krebs.users;
     repo:
       singleton {
-        user = [ lass lass-shodan ];
+        user = [ lass lass-shodan lass-icarus ];
         repo = [ repo ];
         perm = push "refs/*" [ non-fast-forward create delete merge ];
       } ++
-- 
cgit v1.2.3


From 91b1eec4162bf16ce3c4ae698cebd7236b968f9f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:04:59 +0200
Subject: l: set 32bit dri in games.nix

---
 lass/2configs/games.nix | 1 +
 lass/2configs/steam.nix | 2 --
 2 files changed, 1 insertion(+), 2 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 3ee3a98a5..81f53bf69 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -80,6 +80,7 @@ in {
     };
   };
 
+  hardware.opengl.driSupport32Bit = true;
   hardware.pulseaudio.support32Bit = true;
 
   security.sudo.extraConfig = ''
diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix
index 225ddd308..e1b523e3a 100644
--- a/lass/2configs/steam.nix
+++ b/lass/2configs/steam.nix
@@ -10,8 +10,6 @@
   # source: https://nixos.org/wiki/Talk:Steam
   #
   ##TODO: make steam module
-  hardware.opengl.driSupport32Bit = true;
-
   nixpkgs.config.steam.java = true;
   environment.systemPackages = with pkgs; [
     steam
-- 
cgit v1.2.3


From 9e95c2b2d12cf18fcda266cc3b69d685d288b77f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:05:49 +0200
Subject: l baseX: add thesauron

---
 lass/2configs/baseX.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 809297655..a387f2c5d 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -69,11 +69,12 @@ in {
   environment.systemPackages = with pkgs; [
     acpi
     bank
+    cabal2nix
     dic
     dmenu
     gi
-    git-preview
     gitAndTools.qgit
+    git-preview
     gnome3.dconf
     lm_sensors
     mpv-poll
@@ -87,19 +88,18 @@ in {
     rxvt_unicode_with-plugins
     slock
     sxiv
-    timewarrior
     taskwarrior
     termite
+    thesauron
+    timewarrior
     xclip
+    xephyrify
     xorg.xbacklight
     xorg.xhost
     xsel
     youtube-tools
     yt-next
     zathura
-
-    cabal2nix
-    xephyrify
   ];
 
   fonts.fonts = with pkgs; [
-- 
cgit v1.2.3


From aecf06a8bfa5e5d444bff6d5c4430250a2684d34 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:06:50 +0200
Subject: l websites domsen: remove old, add new

---
 lass/2configs/websites/domsen.nix | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 7a72499c9..c75cc81fc 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -26,12 +26,7 @@ in {
     ./default.nix
     ./sqlBackup.nix
     (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
-    (servePage [
-      "habsys.de"
-      "habsys.eu"
-      "www.habsys.de"
-      "www.habsys.eu"
-    ])
+    (servePage [ "freemonkey.art" ])
     (serveOwncloud [ "o.ubikmedia.de" ])
     (serveWordpress [
       "ubikmedia.de"
-- 
cgit v1.2.3


From cb41b35641eba3c0e88c87604072405ecc8fc5f7 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:09:50 +0200
Subject: l websites domsen: add akayguen

---
 lass/2configs/websites/domsen.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index c75cc81fc..4e8361a17 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -115,6 +115,7 @@ in {
       { from = "jms@ubikmedia.eu"; to = "jms"; }
       { from = "ms@ubikmedia.eu"; to = "ms"; }
       { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
+      { from = "akayguen@freemonkey.art"; to ="akayguen"; }
 
       { from = "testuser@lassul.us"; to = "testuser"; }
       { from = "testuser@ubikmedia.eu"; to = "testuser"; }
@@ -172,5 +173,12 @@ in {
     createHome = true;
   };
 
+  users.users.akayguen = {
+    uid = genid_signed "akayguen";
+    home = "/home/akayguen";
+    useDefaultShell = true;
+    createHome = true;
+  };
+
 }
 
-- 
cgit v1.2.3


From 3fc6ff613ff9a1c5e439d6061a2580271dcfc368 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:15:54 +0200
Subject: l mails: add elitedangerous@lassul.us

---
 lass/2configs/exim-smarthost.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index e05ed2427..fe79ce82b 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -80,6 +80,7 @@ with import <stockholm/lib>;
       { from = "hetzner@lassul.us"; to = lass.mail; }
       { from = "allygator@lassul.us"; to = lass.mail; }
       { from = "immoscout@lassul.us"; to = lass.mail; }
+      { from = "elitedangerous@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }
-- 
cgit v1.2.3


From efb7452a0c5f0d4109ae188dc6abda46a20e394c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:20:08 +0200
Subject: l websites util: make ssl optional again

---
 lass/2configs/websites/util.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index a11e8e692..816449c14 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -16,7 +16,7 @@ rec {
     in {
       services.nginx.virtualHosts.${domain} = {
         enableACME = true;
-        forceSSL = true;
+        addSSL = true;
         serverAliases = domains;
         locations."/".extraConfig = ''
           root /srv/http/${domain};
@@ -83,7 +83,7 @@ rec {
     in {
       services.nginx.virtualHosts."${domain}" = {
         enableACME = true;
-        forceSSL = true;
+        addSSL = true;
         serverAliases = domains;
         extraConfig = ''
           # Add headers to serve security related headers
@@ -194,7 +194,7 @@ rec {
     in {
       services.nginx.virtualHosts."${domain}" = {
         enableACME = true;
-        forceSSL = true;
+        addSSL = true;
         serverAliases = domains;
         extraConfig = ''
           root /srv/http/${domain}/;
-- 
cgit v1.2.3


From 2e7bcebfd07080db071f07c3ad8e42e136857c31 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 17:32:00 +0200
Subject: l container-networking: set ipv4.ip_forward

---
 lass/2configs/container-networking.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/container-networking.nix b/lass/2configs/container-networking.nix
index 3dae3420d..98b56bd41 100644
--- a/lass/2configs/container-networking.nix
+++ b/lass/2configs/container-networking.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ lib, ... }:
 
 {
   #krebs.iptables.tables.filter.INPUT.rules = [
@@ -24,4 +24,5 @@
     { v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
     { v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
   ];
+  boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault 1;
 }
-- 
cgit v1.2.3


From 2ed1a763c8db130262394649a0cc0ca3eb6cf8f2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 20:19:57 +0200
Subject: l: don't redirect ssh port from inner networks

---
 lass/2configs/container-networking.nix | 12 +++---------
 lass/2configs/libvirt.nix              |  3 +++
 2 files changed, 6 insertions(+), 9 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/container-networking.nix b/lass/2configs/container-networking.nix
index 98b56bd41..f04e4342d 100644
--- a/lass/2configs/container-networking.nix
+++ b/lass/2configs/container-networking.nix
@@ -1,12 +1,6 @@
 { lib, ... }:
 
 {
-  #krebs.iptables.tables.filter.INPUT.rules = [
-  #  { v6 = false; predicate = "-i ve-+ -p udp -m udp --dport 53"; target = "ACCEPT"; }
-  #  { v6 = false; predicate = "-i ve-+ -p tcp -m tcp --dport 53"; target = "ACCEPT"; }
-  #  { v6 = false; predicate = "-i ve-+ -p udp -m udp --dport 67"; target = "ACCEPT"; }
-  #  { v6 = false; predicate = "-i ve-+ -p tcp -m tcp --dport 67"; target = "ACCEPT"; }
-  #];
   krebs.iptables.tables.filter.FORWARD.rules = [
     { v6 = false; predicate = "-d 10.233.2.0/24 -o ve-+ -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
     { v6 = false; predicate = "-s 10.233.2.0/24 -i ve-+"; target = "ACCEPT"; }
@@ -14,9 +8,9 @@
     { v6 = false; predicate = "-o ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
     { v6 = false; predicate = "-i ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
   ];
-  #krebs.iptables.tables.filter.OUTPUT.rules = [
-  #  { v6 = false; predicate = "-o ve-+ -p udp -m udp --dport 68"; target = "ACCEPT"; }
-  #];
+  krebs.iptables.tables.nat.PREROUTING.rules = [
+    { v6 = false; predicate = "-s 10.233.2.0/24"; target = "ACCEPT"; precedence = 1000; }
+  ];
   krebs.iptables.tables.nat.POSTROUTING.rules = [
     { v6 = false; predicate = "-s 10.233.2.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
     { v6 = false; predicate = "-s 10.233.2.0/24 -d 255.255.255.255"; target = "RETURN"; }
diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix
index a71638323..78d5ae0e9 100644
--- a/lass/2configs/libvirt.nix
+++ b/lass/2configs/libvirt.nix
@@ -20,6 +20,9 @@
   krebs.iptables.tables.filter.OUTPUT.rules = [
     { v6 = false; predicate = "-o virbr0 -p udp -m udp --dport 68"; target = "ACCEPT"; }
   ];
+  krebs.iptables.tables.nat.PREROUTING.rules = [
+    { v6 = false; predicate = "-s 192.168.122.0/24"; target = "ACCEPT"; precedence = 1000; }
+  ];
   krebs.iptables.tables.nat.POSTROUTING.rules = [
     { v6 = false; predicate = "-s 192.168.122.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
     { v6 = false; predicate = "-s 192.168.122.0/24 -d 255.255.255.255"; target = "RETURN"; }
-- 
cgit v1.2.3


From 82704cb35cd74f58c3246f39f89d3e13267b716b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 23:07:27 +0200
Subject: l AP: use network bridge

---
 lass/2configs/AP.nix | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/AP.nix b/lass/2configs/AP.nix
index 5ce7cfff8..dfffbfdf9 100644
--- a/lass/2configs/AP.nix
+++ b/lass/2configs/AP.nix
@@ -6,7 +6,7 @@ in {
   boot.extraModulePackages = [
     pkgs.linuxPackages.rtl8814au
   ];
-  networking.networkmanager.unmanaged = [ wifi ];
+  networking.networkmanager.unmanaged = [ wifi "et0" ];
 
   systemd.services.hostapd = {
     description = "hostapd wireless AP";
@@ -38,12 +38,17 @@ in {
     };
   };
 
-  networking.interfaces.${wifi}.ipv4.addresses = [
+  networking.bridges.br0.interfaces = [
+    wifi
+    "et0"
+  ];
+
+  networking.interfaces.br0.ipv4.addresses = [
     { address = "10.99.0.1"; prefixLength = 24; }
   ];
   services.dhcpd4 = {
     enable = true;
-    interfaces = [ wifi ];
+    interfaces = [ "br0" ];
     extraConfig = ''
       option subnet-mask 255.255.255.0;
       option routers 10.99.0.1;
@@ -56,11 +61,12 @@ in {
 
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
   krebs.iptables.tables.filter.FORWARD.rules = [
-    { v6 = false; predicate = "-d 10.99.0.0/24 -o ${wifi} -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
-    { v6 = false; predicate = "-s 10.99.0.0/24 -i ${wifi}"; target = "ACCEPT"; }
-    { v6 = false; predicate = "-i ${wifi} -o ${wifi}"; target = "ACCEPT"; }
-    { v6 = false; predicate = "-o ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
-    { v6 = false; predicate = "-i ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
+    { v6 = false; predicate = "-d 10.99.0.0/24 -o br0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
+    { v6 = false; predicate = "-s 10.99.0.0/24 -i br0"; target = "ACCEPT"; }
+    { v6 = false; predicate = "-i br0 -o br0"; target = "ACCEPT"; }
+    { v6 = false; predicate = "-i br0 -o br0"; target = "ACCEPT"; }
+    { v6 = false; predicate = "-o br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
+    { v6 = false; predicate = "-i br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
   ];
   krebs.iptables.tables.nat.PREROUTING.rules = [
     { v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; precedence = 1000; }
-- 
cgit v1.2.3


From 72a094546e6a934fa57950ebc0d5f0bdaa21bd49 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 23:08:00 +0200
Subject: l: add blue to authorizedKeys

---
 lass/2configs/default.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 12a814605..ed97b4897 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -19,7 +19,8 @@ with import <stockholm/lib>;
       users.extraUsers = {
         root = {
           openssh.authorizedKeys.keys = [
-            config.krebs.users.lass.pubkey
+            config.krebs.users.lass-mors.pubkey
+            config.krebs.users.lass-blue.pubkey
             config.krebs.users.lass-shodan.pubkey
             config.krebs.users.lass-icarus.pubkey
             config.krebs.users.lass-xerxes.pubkey
@@ -38,7 +39,8 @@ with import <stockholm/lib>;
             "wheel"
           ];
           openssh.authorizedKeys.keys = [
-            config.krebs.users.lass.pubkey
+            config.krebs.users.lass-mors.pubkey
+            config.krebs.users.lass-blue.pubkey
             config.krebs.users.lass-shodan.pubkey
             config.krebs.users.lass-icarus.pubkey
           ];
-- 
cgit v1.2.3


From e1fec918a64a6c0aff0b758b4ea8a5e228623012 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:04:05 +0200
Subject: l cabal.r: provice host for blue.r

---
 lass/2configs/blue-host.nix | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 lass/2configs/blue-host.nix

(limited to 'lass/2configs')

diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
new file mode 100644
index 000000000..657234bc1
--- /dev/null
+++ b/lass/2configs/blue-host.nix
@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+  imports = [
+    <stockholm/lass/2configs/container-networking.nix>
+  ];
+  containers.blue = {
+    config = { ... }: {
+      environment.systemPackages = [ pkgs.git ];
+      services.openssh.enable = true;
+      users.users.root.openssh.authorizedKeys.keys = [
+        config.krebs.users.lass.pubkey
+      ];
+    };
+    autoStart = true;
+    enableTun = true;
+    privateNetwork = true;
+    hostAddress = "10.233.2.9";
+    localAddress = "10.233.2.10";
+  };
+}
-- 
cgit v1.2.3


From d72657a57be63ff6eeeaa0b84cd7761b2d38c8b4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:20:10 +0200
Subject: l blue.r: add weechat, backups & mail

---
 lass/2configs/blue.nix | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 lass/2configs/blue.nix

(limited to 'lass/2configs')

diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
new file mode 100644
index 000000000..c0417b865
--- /dev/null
+++ b/lass/2configs/blue.nix
@@ -0,0 +1,55 @@
+with (import <stockholm/lib>);
+{ config, lib, pkgs, ... }:
+
+{
+
+  imports = [
+    ./bitlbee.nix
+    ./mail.nix
+    ./pass.nix
+  ];
+
+  services.tor.enable = true;
+
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
+    { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";}
+  ];
+
+  systemd.services.chat = let
+    tmux = pkgs.writeDash "tmux" ''
+      exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
+        set-option -g prefix `
+        unbind-key C-b
+        bind ` send-prefix
+
+        set-option -g status off
+        set-option -g default-terminal screen-256color
+
+        #use session instead of windows
+        bind-key c new-session
+        bind-key p switch-client -p
+        bind-key n switch-client -n
+        bind-key C-s switch-client -l
+      ''} "$@"
+    '';
+  in {
+    description = "chat environment setup";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    restartIfChanged = false;
+
+    path = [
+      pkgs.rxvt_unicode.terminfo
+    ];
+
+    serviceConfig = {
+      User = "lass";
+      RemainAfterExit = true;
+      Type = "oneshot";
+      ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
+      ExecStop = "${tmux} kill-session -t IM";
+    };
+  };
+}
-- 
cgit v1.2.3


From c7d373f814fb18c0ced8da1a4c364b3aadd9d450 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:28:49 +0200
Subject: l exim: allow sending from blue.r

---
 lass/2configs/exim-smarthost.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index fe79ce82b..5248f4d63 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -14,7 +14,7 @@ with import <stockholm/lib>;
     ];
     relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
       config.krebs.hosts.mors
-      config.krebs.hosts.uriel
+      config.krebs.hosts.blue
     ];
     internet-aliases = with config.krebs.users; [
       { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
-- 
cgit v1.2.3


From cd145bb426bef35aecaf5e2f86be300241606c1b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:32:07 +0200
Subject: l backup: add blue to authorizedKeys

---
 lass/2configs/backup.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix
index 27adf6d2a..d23cf9a43 100644
--- a/lass/2configs/backup.nix
+++ b/lass/2configs/backup.nix
@@ -15,6 +15,7 @@ with import <stockholm/lib>;
     openssh.authorizedKeys.keys = with config.krebs.hosts; [
       mors.ssh.pubkey
       prism.ssh.pubkey
+      blue.ssh.pubkey
     ];
   };
 }
-- 
cgit v1.2.3


From 141fa0117c0aaa994a7b0776976631044afc193b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:32:47 +0200
Subject: l exim: add new mail addresses

---
 lass/2configs/exim-smarthost.nix | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 5248f4d63..371f20885 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -81,6 +81,8 @@ with import <stockholm/lib>;
       { from = "allygator@lassul.us"; to = lass.mail; }
       { from = "immoscout@lassul.us"; to = lass.mail; }
       { from = "elitedangerous@lassul.us"; to = lass.mail; }
+      { from = "boardgamegeek@lassul.us"; to = lass.mail; }
+      { from = "qwertee@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }
-- 
cgit v1.2.3


From de7ee966dfb6923e9b9ebab55eb4f6f17a88ed43 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:33:42 +0200
Subject: l monitoring: don't send resolved status

---
 lass/2configs/monitoring/prometheus-server.nix | 1 -
 1 file changed, 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix
index e16d421a0..aef671636 100644
--- a/lass/2configs/monitoring/prometheus-server.nix
+++ b/lass/2configs/monitoring/prometheus-server.nix
@@ -159,7 +159,6 @@
               "email_configs" = [
                 {
                   "to" = "devnull@example.com";
-                  "send_resolved" = true;
                 }
               ];
               "webhook_configs" = [
-- 
cgit v1.2.3


From 3277fac9b6941ece359efed2884c440d2e03837c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:42:46 +0200
Subject: l git: add blue & mors to allowed users

---
 lass/2configs/git.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 712a15342..e41ff606f 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -121,7 +121,7 @@ let
     with git // config.krebs.users;
     repo:
       singleton {
-        user = [ lass lass-shodan lass-icarus ];
+        user = [ lass-mors lass-shodan lass-icarus lass-blue ];
         repo = [ repo ];
         perm = push "refs/*" [ non-fast-forward create delete merge ];
       } ++
-- 
cgit v1.2.3


From 4829b6b9d7ce2b19e84473ecb254e68219b1d0b6 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 21 May 2018 08:25:53 +0200
Subject: l: add bitlbee.nix

---
 lass/2configs/bitlbee.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 lass/2configs/bitlbee.nix

(limited to 'lass/2configs')

diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix
new file mode 100644
index 000000000..1220fa0cd
--- /dev/null
+++ b/lass/2configs/bitlbee.nix
@@ -0,0 +1,15 @@
+with (import <stockholm/lib>);
+{ config, lib, pkgs, ... }:
+
+{
+  services.bitlbee = {
+    enable = true;
+    portNumber = 6666;
+    plugins = [
+      pkgs.bitlbee-facebook
+      pkgs.bitlbee-steam
+      pkgs.bitlbee-discord
+    ];
+    libpurple_plugins = [ pkgs.telegram-purple ];
+  };
+}
-- 
cgit v1.2.3


From 9173c08145836c1ee34674a15a488c7099f203af Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 21 May 2018 08:26:20 +0200
Subject: l: remove IM.nix

---
 lass/2configs/IM.nix | 73 ----------------------------------------------------
 1 file changed, 73 deletions(-)
 delete mode 100644 lass/2configs/IM.nix

(limited to 'lass/2configs')

diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
deleted file mode 100644
index 7d3dfd428..000000000
--- a/lass/2configs/IM.nix
+++ /dev/null
@@ -1,73 +0,0 @@
-with (import <stockholm/lib>);
-{ config, lib, pkgs, ... }:
-
-let
-  tmux = pkgs.writeDash "tmux" ''
-    exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
-      set-option -g prefix `
-      unbind-key C-b
-      bind ` send-prefix
-
-      set-option -g status off
-      set-option -g default-terminal screen-256color
-
-      #use session instead of windows
-      bind-key c new-session
-      bind-key p switch-client -p
-      bind-key n switch-client -n
-      bind-key C-s switch-client -l
-    ''} "$@"
-  '';
-in {
-
-  services.bitlbee = {
-    enable = true;
-    portNumber = 6666;
-    plugins = [
-      pkgs.bitlbee-facebook
-      pkgs.bitlbee-steam
-      pkgs.bitlbee-discord
-    ];
-    libpurple_plugins = [ pkgs.telegram-purple ];
-  };
-
-  users.extraUsers.chat = {
-    home = "/home/chat";
-    uid = genid "chat";
-    useDefaultShell = true;
-    createHome = true;
-    openssh.authorizedKeys.keys = with config.krebs.users; [
-      lass.pubkey
-      lass-shodan.pubkey
-      lass-icarus.pubkey
-      lass-android.pubkey
-      lass-helios.pubkey
-    ];
-  };
-
-  # mosh
-  krebs.iptables.tables.filter.INPUT.rules = [
-    { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
-    { predicate = "-p tcp --dport 9999"; target = "ACCEPT";}
-  ];
-
-  systemd.services.chat = {
-    description = "chat environment setup";
-    after = [ "network.target" ];
-    wantedBy = [ "multi-user.target" ];
-
-    restartIfChanged = false;
-
-    path = [
-      pkgs.rxvt_unicode.terminfo
-    ];
-
-    serviceConfig = {
-      User = "chat";
-      RemainAfterExit = true;
-      Type = "oneshot";
-      ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
-      ExecStop = "${tmux} kill-session -t IM";
-    };
-  };
-}
-- 
cgit v1.2.3


From 7b51fac2c52f2d61e024f54be621b0e5b5066dfb Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Fri, 8 Jun 2018 04:59:55 +0200
Subject: l blue: add ag & nmap to pkgs

---
 lass/2configs/blue.nix | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
index c0417b865..363705edc 100644
--- a/lass/2configs/blue.nix
+++ b/lass/2configs/blue.nix
@@ -9,6 +9,11 @@ with (import <stockholm/lib>);
     ./pass.nix
   ];
 
+  environment.systemPackages = with pkgs; [
+    ag
+    nmap
+  ];
+
   services.tor.enable = true;
 
   krebs.iptables.tables.filter.INPUT.rules = [
-- 
cgit v1.2.3


From 263f150c1bde465a5bd66c40c1ff0fe02e47ed3d Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Fri, 8 Jun 2018 05:01:33 +0200
Subject: l git: fix typo

---
 lass/2configs/git.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index e41ff606f..72cfd5e75 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -54,7 +54,7 @@ let
       cgit.section  = "art";
     };
     nix-user-chroot = {
-      cgit.desc = "Fork of nix-user-chroot my lethalman";
+      cgit.desc = "Fork of nix-user-chroot by lethalman";
       cgit.section = "software";
     };
     krops = {
-- 
cgit v1.2.3


From d6e1ca7e2884787018dd19bec994d093ebc846ec Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Fri, 8 Jun 2018 05:02:27 +0200
Subject: l websites domsen: serve www.freemonkey.art

---
 lass/2configs/websites/domsen.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 4e8361a17..e4f50e2d1 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -26,7 +26,10 @@ in {
     ./default.nix
     ./sqlBackup.nix
     (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
-    (servePage [ "freemonkey.art" ])
+    (servePage [
+      "freemonkey.art"
+      "www.freemonkey.art"
+    ])
     (serveOwncloud [ "o.ubikmedia.de" ])
     (serveWordpress [
       "ubikmedia.de"
-- 
cgit v1.2.3


From 0a070688e839556039a634cd354235449e5f24d3 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Fri, 8 Jun 2018 05:04:53 +0200
Subject: l baseX: add ag to pkgs

---
 lass/2configs/baseX.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index a387f2c5d..afdefaa45 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -68,6 +68,7 @@ in {
 
   environment.systemPackages = with pkgs; [
     acpi
+    ag
     bank
     cabal2nix
     dic
-- 
cgit v1.2.3


From 5b2c6b9c29494b53ff80c61b7b4fff0ee5d040e6 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Fri, 8 Jun 2018 05:05:26 +0200
Subject: l: remove xerxes from authorizedKeys

---
 lass/2configs/default.nix | 1 -
 1 file changed, 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index ed97b4897..a43113177 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -23,7 +23,6 @@ with import <stockholm/lib>;
             config.krebs.users.lass-blue.pubkey
             config.krebs.users.lass-shodan.pubkey
             config.krebs.users.lass-icarus.pubkey
-            config.krebs.users.lass-xerxes.pubkey
           ];
         };
         mainUser = {
-- 
cgit v1.2.3


From c01b6860809fb455c060e143c596590f61fc62c5 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Tue, 12 Jun 2018 18:43:12 +0200
Subject: github krebscode -> krebs

---
 lass/2configs/repo-sync.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index 1cf22552c..615f5a728 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -126,8 +126,8 @@ in {
     (sync-remote "xintmap" "https://github.com/4z3/xintmap")
     (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper")
     (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog")
-    (sync-remote "painload" "https://github.com/krebscode/painload")
-    (sync-remote "Reaktor" "https://github.com/krebscode/Reaktor")
+    (sync-remote "painload" "https://github.com/krebs/painload")
+    (sync-remote "Reaktor" "https://github.com/krebs/Reaktor")
     (sync-remote "nixos-wiki" "https://github.com/Mic92/nixos-wiki.wiki.git")
     (sync-retiolum "go")
     (sync-retiolum "much")
-- 
cgit v1.2.3