makefu/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of gum:stockholm into fix-cert

Browse source
This commit is contained in:
makefu 2016-01-29 14:22:48 +01:00
parent c23b898e24 7d16f784d3
commit 10712e8483
2 changed files with 39 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
1systems/omo.nix
View file

@ -31,10 +31,45 @@ in {
../2configs/nginx/omo-share.nix
../3modules
];
networking.firewall.trustedInterfaces = [ "enp3s0" ];
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
# tcp:80 - nginx for sharing files
# tcp:655 udp:655 - tinc
# tcp:8080 - sabnzbd
networking.firewall.allowedUDPPorts = [ 655 ];
networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
# services.openssh.allowSFTP = false;
krebs.build.host = config.krebs.hosts.omo;
krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
# samba share /media/crypt1/share
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
description = "smb guest user";
home = "/var/empty";
};
services.samba = {
enable = true;
shares = {
winshare = {
path = "/media/crypt1/share";
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";
};
};
extraConfig = ''
guest account = smbguest
map to guest = bad user
# disable printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
'';
};
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
@ -67,6 +102,7 @@ in {
${pkgs.hdparm}/sbin/hdparm -y ${disk}
'') allDisks);
# crypto unlocking
boot = {
initrd.luks = {
devices = let
@ -97,15 +133,11 @@ in {
extraModulePackages = [ ];
};
networking.firewall.allowedUDPPorts = [ 655 ];
# 8080: sabnzbd
networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
zramSwap.enable = true;
zramSwap.numDevices = 2;
krebs.build.host = config.krebs.hosts.omo;
}

1
2configs/urlwatch.nix
View file

@ -29,6 +29,7 @@
https://pypi.python.org/simple/bepasty/
https://pypi.python.org/simple/xstatic/
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
];
};
}