From 441ae45dc78e188493ad1bb5e9e075a5e4fbe86a Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:04:11 +0200 Subject: l daedalus.r: add altcoins pkgs --- lass/1systems/daedalus/config.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass') diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 6e3df12f0..df8868034 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -57,6 +57,8 @@ with import ; { krebs.per-user.bitcoin.packages = [ pkgs.electrum + pkgs.electron-cash + pkgs.altcoins.litecoin ]; users.extraUsers = { bitcoin = { -- cgit v1.2.3 From 34791532ac850fd575f5b23cc25296409a19eed2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:05:02 +0200 Subject: l mors.r: add free_music sync --- lass/1systems/mors/config.nix | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) (limited to 'lass') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index f911b79d6..5076beeef 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -49,14 +49,31 @@ with import ; ]; } { - krebs.syncthing.folders."the_playlist" = { - path = "/home/lass/tmp/the_playlist"; - peers = [ "mors" "phone" "prism" ]; + krebs.syncthing = { + peers.schasch.addresses = [ "schasch.r:22000" ]; + folders = { + the_playlist = { + path = "/home/lass/tmp/the_playlist"; + peers = [ "mors" "phone" "prism" ]; + }; + free_music = { + id = "mu9mn-zgvsw"; + path = "/home/lass/tmp/free_music"; + peers = [ "mors" "schasch" ]; + }; + }; }; - krebs.permown."/home/lass/tmp/the_playlist" = { - owner = "lass"; - group = "syncthing"; - umask = "0007"; + krebs.permown = { + "/home/lass/tmp/free_music" = { + owner = "lass"; + group = "syncthing"; + umask = "0007"; + }; + "/home/lass/tmp/the_playlist" = { + owner = "lass"; + group = "syncthing"; + umask = "0007"; + }; }; } { -- cgit v1.2.3 From e0af72f1f3531576caee2608cf407b8bb4c05ea2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:19:37 +0200 Subject: l mors.r: switch wifi card --- lass/1systems/mors/physical.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix index 25425f146..6828d70de 100644 --- a/lass/1systems/mors/physical.nix +++ b/lass/1systems/mors/physical.nix @@ -22,7 +22,7 @@ }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:72:f4:88", NAME="wl0" + SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.1/*/net/*", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:c4:7a:f1", NAME="et0" ''; -- cgit v1.2.3 From 86e5815ba3b05acbd49aa910dbabdfbb21de0e23 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:20:45 +0200 Subject: l prism.r: enable codimd --- lass/1systems/prism/config.nix | 1 + lass/2configs/codimd.nix | 28 ++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 lass/2configs/codimd.nix (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d7b0b701a..57a12be22 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -195,6 +195,7 @@ with import ; }; } + { services.taskserver = { enable = true; diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix new file mode 100644 index 000000000..5f802148b --- /dev/null +++ b/lass/2configs/codimd.nix @@ -0,0 +1,28 @@ +{ config, pkgs, ... }: +with import ; + +{ + services.nginx.virtualHosts.codimd = { + enableACME = true; + addSSL = true; + serverName = "codi.lassul.us"; + locations."/".extraConfig = '' + client_max_body_size 4G; + proxy_set_header Host $host; + proxy_pass http://localhost:3091; + ''; + }; + + services.codimd = { + enable = true; + configuration = { + db = { + dialect = "sqlite"; + storage = "/var/lib/codimd/db.codimd.sqlite"; + useCDN = false; + }; + port = 3091; + }; + }; +} + -- cgit v1.2.3 From 418e9f566511af814a4b3bf4c653cca036796a73 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:24:31 +0200 Subject: l prism.r: export download/finished directly --- lass/1systems/prism/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 57a12be22..e33d1ca9f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -383,7 +383,7 @@ with import ; ''; fileSystems."/export/download" = { - device = "/var/lib/containers/yellow/var/download"; + device = "/var/lib/containers/yellow/var/download/finished"; options = [ "bind" ]; }; services.nfs.server = { -- cgit v1.2.3 From 65907391192875d0051f92950516a70919272c26 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:25:20 +0200 Subject: l prism.r: allow nfs mount from retiolum --- lass/1systems/prism/config.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e33d1ca9f..dbbcbc5d1 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -396,6 +396,12 @@ with import ; statdPort = 4000; }; krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; } { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; } { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; } -- cgit v1.2.3 From 4d48a1e10942f2885f9728d736f7c87b58780982 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:32:59 +0200 Subject: l prism.r: add rsa hostKey --- lass/1systems/prism/config.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index dbbcbc5d1..eec8e34b8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -463,4 +463,10 @@ with import ; enable = true; freeMemThreshold = 5; }; + + # prism rsa hack + services.openssh.hostKeys = [{ + path = toString + "ssh.id_rsa"; + type = "rsa"; + }]; } -- cgit v1.2.3 From 14b4c59c5bcc9c6414ecd147436f234f5aa3f133 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:34:59 +0200 Subject: l browsers: remove broken krebsgold :( --- lass/2configs/browsers.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index d214e224d..c0085995d 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -66,7 +66,6 @@ in { extensions = [ "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium - "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold ]; }; -- cgit v1.2.3 From 74d0821e3a1207952cf639ac24009e7533aeff17 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:35:43 +0200 Subject: l: add more mail addresses --- lass/2configs/exim-smarthost.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 4216bd67a..d1e6b195b 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -103,6 +103,9 @@ with import ; { from = "lobsters@lassul.us"; to = lass.mail; } { from = "fysitech@lassul.us"; to = lass.mail; } { from = "threema@lassul.us"; to = lass.mail; } + { from = "ubisoft@lassul.us"; to = lass.mail; } + { from = "kottezeller@lassul.us"; to = lass.mail; } + { from = "pie@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From a5160c8d4f17fd9baf66aabcc8c5535e4f471a3e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:37:05 +0200 Subject: l radio: add correct hostname headers --- lass/2configs/radio.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 88899c554..7960db564 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -97,7 +97,7 @@ in { services.icecast = { enable = true; - hostname = "config.krebs.build.host.name"; + hostname = "radio.lassul.us"; admin.password = admin-password; extraConf = '' @@ -218,6 +218,11 @@ in { forceSSL = true; enableACME = true; locations."/".extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Real-IP $remote_addr; proxy_pass http://localhost:8000; ''; locations."/recent".extraConfig = '' -- cgit v1.2.3 From ab0d80fde8a990c3522ac13e4ddd91c23e349391 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:37:33 +0200 Subject: l network-manager: randomize mac addresses --- lass/2configs/network-manager.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass') diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix index 5b890b591..ab27eb841 100644 --- a/lass/2configs/network-manager.nix +++ b/lass/2configs/network-manager.nix @@ -15,6 +15,8 @@ }; }; networking.networkmanager = { + ethernet.macAddress = "random"; + wifi.macAddress = "random"; enable = true; unmanaged = [ "docker*" -- cgit v1.2.3 From 4c7f444c70c48b0230019d4b2e7f17519a4f3d1a Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:38:23 +0200 Subject: l radio: secure radio mounts with password --- lass/2configs/radio.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'lass') diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 7960db564..49d093a6d 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -100,9 +100,14 @@ in { hostname = "radio.lassul.us"; admin.password = admin-password; extraConf = '' - - ${source-password} - + + /radio.mp3 + ${source-password} + + + /radio.ogg + ${source-password} + ''; }; -- cgit v1.2.3 From 78a3cfb6fff1488437d22834709ffd04b287b819 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:39:56 +0200 Subject: l radio: fix Reaktor pattern --- lass/2configs/radio.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 49d093a6d..b4efd42fc 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -199,8 +199,8 @@ in { workdir = config.krebs.reaktor2.the_playlist.stateDir; hooks.PRIVMSG = [ { - activate = "match"; - pattern = ''!([^ ]+)(?:\s*(.*))?''; + #activate = "match"; + pattern = "^\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$"; command = 1; arguments = [2]; commands = { -- cgit v1.2.3 From a122fec9e559e8050f03e6cd0c348490636bc9dd Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:40:24 +0200 Subject: l retiolum: remove dishfire as supernode --- lass/2configs/retiolum.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index fb76c5735..5a87d52af 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -20,7 +20,6 @@ "prism" "gum" "ni" - "dishfire" ]; }; -- cgit v1.2.3 From 65c2a882482a8c9ceeebff68dc38be83ab44ee12 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:40:44 +0200 Subject: l retiolum: enable localDiscovery --- lass/2configs/retiolum.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass') diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 5a87d52af..9932f8172 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -21,6 +21,9 @@ "gum" "ni" ]; + extraConfig = '' + LocalDiscovery = yes + ''; }; nixpkgs.config.packageOverrides = pkgs: { -- cgit v1.2.3 From b216553984b5b3fadb297bdf2f8f019daa1c957b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:47:34 +0200 Subject: l syncthing: don't share sync with phone --- lass/2configs/syncthing.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'lass') diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 48f2625c1..25712f4f3 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -1,5 +1,7 @@ { config, pkgs, ... }: with import ; let - peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); + all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts; + own_peers = filterAttrs (n: v: v.owner.name == "lass") all_peers; + mk_peers = mapAttrs (n: v: { id = v.syncthing.id; }); in { services.syncthing = { enable = true; @@ -14,8 +16,8 @@ in { enable = true; cert = toString ; key = toString ; - peers = peers; - folders."/home/lass/sync".peers = attrNames peers; + peers = mk_peers all_peers; + folders."/home/lass/sync".peers = attrNames (filterAttrs (n: v: n != "phone") own_peers); }; system.activationScripts.syncthing-home = '' -- cgit v1.2.3 From dda92fcf0bc438186d6880b6bd6650f799d249b5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:47:58 +0200 Subject: l syncthing: fix permissions of sync --- lass/2configs/syncthing.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 25712f4f3..d4df17b9a 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -25,8 +25,9 @@ in { ''; krebs.permown."/home/lass/sync" = { + file-mode = "u+rw,g+rw"; owner = "lass"; group = "syncthing"; - umask = "0007"; + umask = "0002"; }; } -- cgit v1.2.3 From 0c9a0c690e6ec575f7e72af3a8a91096c60c21e3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:48:42 +0200 Subject: l domsen: add jarugadesign user, mail & page --- lass/2configs/websites/domsen.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 2131c7c62..865186481 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,6 +26,7 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) + (servePage [ "jarugadesign.de" "www.jarugadesign.de" ]) (servePage [ "freemonkey.art" "www.freemonkey.art" @@ -141,6 +142,7 @@ in { { from = "akayguen@freemonkey.art"; to ="akayguen"; } { from = "bui@freemonkey.art"; to ="bui"; } { from = "kontakt@alewis.de"; to ="klabusterbeere"; } + { from = "hallo@jarugadesign.de"; to ="kasia"; } { from = "testuser@lassul.us"; to = "testuser"; } { from = "testuser@ubikmedia.eu"; to = "testuser"; } @@ -150,6 +152,7 @@ in { "ubikmedia.eu" "ubikmedia.de" "alewis.de" + "jarugadesign.de" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; @@ -235,6 +238,12 @@ in { }; krebs.on-failure.plans.restic-backups-domsen = {}; + users.users.kasia = { + uid = genid_uint31 "kasia"; + home = "/home/kasia"; + useDefaultShell = true; + createHome = true; + }; services.restic.backups.domsen = { initialize = true; extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString + "/ssh.id_ed25519"} -s sftp'" ]; -- cgit v1.2.3 From d68e0e2e2d9f2aa07e5daf950971f4f6ff1634b7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:49:10 +0200 Subject: l domsen: set nextcloud overwriteProtocol --- lass/2configs/websites/domsen.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 865186481..912d56925 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -94,6 +94,7 @@ in { hostName = "o.xanf.org"; config = { adminpassFile = toString + "/nextcloud_pw"; + overwriteProtocol = "https"; }; https = true; nginx.enable = true; -- cgit v1.2.3 From f8164a8e32b646464376afa951232085c9f1322b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:49:29 +0200 Subject: l domsen: increase journalctl lines in backup errors --- lass/2configs/websites/domsen.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 912d56925..c99bd7b15 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -238,13 +238,18 @@ in { createHome = true; }; - krebs.on-failure.plans.restic-backups-domsen = {}; users.users.kasia = { uid = genid_uint31 "kasia"; home = "/home/kasia"; useDefaultShell = true; createHome = true; }; + + krebs.on-failure.plans.restic-backups-domsen = { + journalctl = { + lines = 1000; + }; + }; services.restic.backups.domsen = { initialize = true; extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString + "/ssh.id_ed25519"} -s sftp'" ]; -- cgit v1.2.3 From 70a58ef2e310521029de794caba6c8351ac99e86 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:49:45 +0200 Subject: l domsen: use permown for permissions --- lass/2configs/websites/domsen.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index c99bd7b15..9980e0501 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -262,11 +262,41 @@ in { "/home/ms/Mail" "/home/klabusterbeere/Mail" "/home/jms/Mail" + "/home/kasia/Mail" "/home/bruno/Mail" "/home/akayguen/Mail" "/backups/sql_dumps" ]; }; + boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576"; + krebs.permown = { + "/srv/http/ubikmedia.de" = { + owner = "domsen"; + group = "nginx"; + umask = "0007"; + }; + "/srv/http/o.ubikmedia.de" = { + owner = "domsen"; + group = "nginx"; + umask = "0007"; + }; + "/srv/http/freemonkey.art" = { + owner = "domsen"; + group = "nginx"; + umask = "0002"; + }; + "/srv/http/jarugadesign.de" = { + owner = "domsen"; + group = "nginx"; + umask = "0002"; + }; + "/srv/http/reich-gebaeudereinigung.de" = { + owner = "domsen"; + group = "nginx"; + umask = "0002"; + }; + }; + } -- cgit v1.2.3