From 0435b6511f87c2f74b4d7b45e28c5eef32116228 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Nov 2018 21:39:29 +0100 Subject: [PATCH 01/37] l: add osmocom@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 733115a74..bf43ee7d1 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -91,6 +91,7 @@ with import ; { from = "ksp@lassul.us"; to = lass.mail; } { from = "ccc@lassul.us"; to = lass.mail; } { from = "neocron@lassul.us"; to = lass.mail; } + { from = "osmocom@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 9f9661f452abdad266da9e4f32ac988779115fce Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Nov 2018 21:36:18 +0100 Subject: [PATCH 02/37] ma nixpkgs: bf46294 -> 9728b2e --- makefu/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json index 73798f44d..ae35f9e76 100644 --- a/makefu/nixpkgs.json +++ b/makefu/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/makefu/nixpkgs", - "rev": "bf46294e4cf20649182f76fc9200a48436f5874a", - "date": "2018-09-18T02:20:45+02:00", - "sha256": "13900gack7pgf5a7c11x30rzb3s0kjpbm2z2g8fw4720cr9lkd94", + "rev": "9728b2e83406c76efc734ebb1923f23b8e687819", + "date": "2018-11-19T20:36:35+01:00", + "sha256": "0nk75ldppjr6x04hgghgg9vanr1cw4k5xhg699d38g2rpxviz5bp", "fetchSubmodules": false } From 88b043fc68c0d03acce738d2ff0f34a6bdab3abd Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:12:09 +0100 Subject: [PATCH 03/37] l archprism.r: disable reaktor --- lass/1systems/archprism/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index 6706914b5..bed8961b8 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -110,7 +110,6 @@ with import ; - From ebc9dd353a0b69c1958a8fa2c3ad6df7b242e354 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:12:28 +0100 Subject: [PATCH 04/37] l mors.r: also blue-host --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 6d65b58c2..cac13be2b 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -33,6 +33,7 @@ with import ; + { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain From 0328c75a12bd29c93f1a9e1c62c51e1be39701ba Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:13:05 +0100 Subject: [PATCH 05/37] l skynet.r: revive --- lass/1systems/skynet/config.nix | 28 ++++++++++------------------ lass/1systems/skynet/physical.nix | 21 +++++++++++++++++++-- 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index b6c08f797..08aa18b76 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -5,42 +5,34 @@ with import ; - # { - # discordius config services.xserver.enable = true; + services.xserver.desktopManager.xfce.enable = true; + users.users.discordius = { - uid = genid "discordius"; - home = "/home/discordius"; - group = "users"; - createHome = true; + uid = genid "diskordius"; + isNormalUser = true; extraGroups = [ "audio" "networkmanager" ]; - useDefaultShell = true; }; - networking.networkmanager.enable = true; - networking.wireless.enable = mkForce false; + environment.systemPackages = with pkgs; [ + google-chrome + ]; hardware.pulseaudio = { enable = true; systemWide = true; }; - environment.systemPackages = with pkgs; [ - pavucontrol - firefox - hexchat - networkmanagerapplet - ]; - services.xserver.desktopManager.gnome3 = { - enable = true; - }; } ]; krebs.build.host = config.krebs.hosts.skynet; + networking.wireless.enable = false; + networking.networkmanager.enable = true; + services.logind.extraConfig = '' HandleLidSwitch=ignore ''; diff --git a/lass/1systems/skynet/physical.nix b/lass/1systems/skynet/physical.nix index 358e1f511..e3451293f 100644 --- a/lass/1systems/skynet/physical.nix +++ b/lass/1systems/skynet/physical.nix @@ -1,10 +1,27 @@ { imports = [ ./config.nix - - + ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.device = "nodev"; + + networking.hostId = "06442b9a"; + + fileSystems."/" = + { device = "rpool/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/0876-B308"; + fsType = "vfat"; + }; + services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0" From 5e3955c79a0e33a379795be787f5a3496191d35b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:13:48 +0100 Subject: [PATCH 06/37] l blue-host: add start/stop scripts --- lass/2configs/blue-host.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 83c235f3e..a40685775 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -20,4 +20,23 @@ with import ; hostAddress = "10.233.2.9"; localAddress = "10.233.2.10"; }; + environment.systemPackages = [ + (pkgs.writeDashBin "start-blue" '' + set -ef + if ping -c1 blue.r; then + echo 'blue is already running. bailing out' + exit 23 + fi + if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then + ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue + fi + nixos-container start blue + nixos-container run blue -- nixos-rebuild -I /var/src switch + '') + (pkgs.writeDashBin "stop-blue" '' + set -ef + nixos-container stop blue + fusermount -u /var/lib/containers/blue + '') + ]; } From 021d4960dbb1401245bd2a509b4529eae74c49a1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:14:08 +0100 Subject: [PATCH 07/37] l blue-host: add rxvt_unicode.terminfo --- lass/2configs/blue-host.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index a40685775..f9da05073 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -8,7 +8,10 @@ with import ; systemd.services."container@blue".reloadIfChanged = mkForce false; containers.blue = { config = { ... }: { - environment.systemPackages = [ pkgs.git ]; + environment.systemPackages = [ + pkgs.git + pkgs.rxvt_unicode.terminfo + ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey From 0646503bfbad54a61315da7d77679722d90e79d8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:14:21 +0100 Subject: [PATCH 08/37] l blue-host: don't autostart --- lass/2configs/blue-host.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index f9da05073..2302c70ec 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -17,7 +17,7 @@ with import ; config.krebs.users.lass.pubkey ]; }; - autoStart = true; + autoStart = false; enableTun = true; privateNetwork = true; hostAddress = "10.233.2.9"; From 46e00f3c28fe983516f29192939b98b884311885 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:14:54 +0100 Subject: [PATCH 09/37] l prometheus: enable anonymous grafana login --- lass/2configs/monitoring/prometheus-server.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix index aef671636..b7083c776 100644 --- a/lass/2configs/monitoring/prometheus-server.nix +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -177,7 +177,8 @@ addr = "0.0.0.0"; domain = "grafana.example.com"; rootUrl = "https://grafana.example.com/"; - security = import ; # { AdminUser = ""; adminPassword = ""} + auth.anonymous.enable = true; + auth.anonymous.org_role = "Admin"; }; }; services.logstash = { From 64e435e25e830b4be12062c1538db643c17822df Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:15:56 +0100 Subject: [PATCH 10/37] l domsen: add xanf user --- lass/2configs/websites/domsen.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 828cab95f..4935268a4 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -139,6 +139,13 @@ in { ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; + users.users.xanf = { + uid = genid_uint31 "xanf"; + home = "/home/xanf"; + useDefaultShell = true; + createHome = true; + }; + users.users.domsen = { uid = genid_uint31 "domsen"; description = "maintenance acc for domsen"; From 33b07da6390deb0541066c2c7847f07f9394f4c1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:16:22 +0100 Subject: [PATCH 11/37] l krops: add populate --- lass/krops.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lass/krops.nix b/lass/krops.nix index a898164c3..758c2a7d4 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -21,12 +21,20 @@ ]; in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" { source = source { test = false; }; inherit target; }; + # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate) + populate = { target, force ? false }: pkgs.populate { + inherit force; + source = source { test = false; }; + target = lib.mkTarget target; + }; + # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "${name}-test" { force = true; From 81c18a4f44c44dbff4e100316aca28f8db17e14e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:32:04 +0100 Subject: [PATCH 12/37] l mail: add more vboxes --- lass/2configs/mail.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 46939c97e..d9589ce86 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -31,6 +31,7 @@ let ''; mailboxes = { + afra = [ "to:afra@afra-berlin.de" ]; c-base = [ "to:c-base.org" ]; coins = [ "to:btce@lassul.us" @@ -49,8 +50,10 @@ let eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; + india = [ "to:hillhackers@lists.hillhacks.in" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; + meetup = [ "to:meetup@lassul.us" ]; nix = [ "to:nix-devel@googlegroups.com" "to:nix@lassul.us" ]; patreon = [ "to:patreon@lassul.us" ]; paypal = [ "to:paypal@lassul.us" ]; From 9807d6823b31f36eb6b255cf7a01431e7e44a74e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 23:02:17 +0100 Subject: [PATCH 13/37] l blue-host: sync state, start only when safe --- lass/2configs/blue-host.nix | 74 +++++++++++++++++++++++++++++++++---- 1 file changed, 66 insertions(+), 8 deletions(-) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 2302c70ec..be9f68c08 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -1,11 +1,28 @@ { config, lib, pkgs, ... }: with import ; +let + all_hosts = [ + "icarus" + "shodan" + "daedalus" + "skynet" + "prism" + ]; + remote_hosts = filter (h: h != config.networking.hostName) all_hosts; -{ +in { imports = [ + { #hack for already defined + systemd.services."container@blue".reloadIfChanged = mkForce false; + systemd.services."container@blue".preStart = '' + ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' + ''; + systemd.services."container@blue".preStop = '' + /run/wrappers/bin/fusermount -u /var/lib/containers/blue + ''; + } ]; - systemd.services."container@blue".reloadIfChanged = mkForce false; containers.blue = { config = { ... }: { environment.systemPackages = [ @@ -23,10 +40,56 @@ with import ; hostAddress = "10.233.2.9"; localAddress = "10.233.2.10"; }; + + + systemd.services = builtins.listToAttrs (map (host: + let + in nameValuePair "sync-blue-${host}" { + bindsTo = [ "container@blue.service" ]; + wantedBy = [ "container@blue.service" ]; + # ssh needed for rsync + path = [ pkgs.openssh ]; + serviceConfig = { + Restart = "always"; + RestartSec = 10; + ExecStart = pkgs.writeDash "sync-blue-${host}" '' + set -efu + #make sure blue is running + /run/wrappers/bin/ping -c1 blue.r > /dev/null + + #make sure the container is unlocked + ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' + + #make sure our target is reachable + ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null + + #start sync + ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" '' + settings { + nodaemon = true, + inotifyMode = "CloseWrite or Modify", + } + sync { + default.rsyncssh, + source = "/var/lib/containers/.blue", + host = "${host}.r", + targetdir = "/var/lib/containers/.blue", + ssh = { + binary = "${pkgs.openssh}/bin/ssh"; + identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa", + }, + } + ''} + ''; + }; + unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; + } + ) remote_hosts); + environment.systemPackages = [ (pkgs.writeDashBin "start-blue" '' set -ef - if ping -c1 blue.r; then + if ping -c1 blue.r >/dev/null; then echo 'blue is already running. bailing out' exit 23 fi @@ -36,10 +99,5 @@ with import ; nixos-container start blue nixos-container run blue -- nixos-rebuild -I /var/src switch '') - (pkgs.writeDashBin "stop-blue" '' - set -ef - nixos-container stop blue - fusermount -u /var/lib/containers/blue - '') ]; } From 79eaf3f97852765ce17283c50bddd8ec752cff87 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 23:02:33 +0100 Subject: [PATCH 14/37] l skynet.r: add blue-host --- lass/1systems/skynet/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 08aa18b76..14aca598e 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -6,6 +6,7 @@ with import ; + { services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; From 24a82d39f57be38898519edea6baaf6c04741ecb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 23:02:48 +0100 Subject: [PATCH 15/37] l mail: add hackbeach to india vbox --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index d9589ce86..b5bbea750 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -50,7 +50,7 @@ let eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; - india = [ "to:hillhackers@lists.hillhacks.in" ]; + india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; meetup = [ "to:meetup@lassul.us" ]; From b073ee1fd4a879a29166422269733604a6454fc3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Nov 2018 00:03:49 +0100 Subject: [PATCH 16/37] puyak.r: add cache.nsupdate.info --- krebs/1systems/puyak/config.nix | 1 + krebs/2configs/cache.nsupdate.info.nix | 33 +++++ krebs/3modules/cachecache.nix | 171 +++++++++++++++++++++++++ krebs/3modules/default.nix | 1 + 4 files changed, 206 insertions(+) create mode 100644 krebs/2configs/cache.nsupdate.info.nix create mode 100644 krebs/3modules/cachecache.nix diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 67257eacd..2cc97a24f 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -10,6 +10,7 @@ + diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix new file mode 100644 index 000000000..056667d8c --- /dev/null +++ b/krebs/2configs/cache.nsupdate.info.nix @@ -0,0 +1,33 @@ +{lib, ... }: +with lib; +let + domain = "cache.nsupdate.info"; +in { + # This only works for a single domain for nsupdate.info as multiple usernames + # and passwords are required for multiple domains + services.ddclient = { + enable = true; + server = "ipv4.nsupdate.info"; + username = domain; + password = import ((toString ) + "/nsupdate-cache.nix"); + domains = [ domain ]; + use= "if, if=et0"; + # use = "web, web=http://ipv4.nsupdate.info/myip"; + + }; + krebs.cachecache = { + enable = true; + enableSSL = false; # disable letsencrypt for testing + cacheDir = "/var/cache/nix-cache-cache"; + maxSize = "10g"; + + # assumes that the domain is reachable from the internet + virtualHost = domain; + }; + + boot.kernelModules = [ "tcp_bbr" ]; + + boot.kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr"; + boot.kernel.sysctl."net.core.default_qdisc" = "fq"; + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} diff --git a/krebs/3modules/cachecache.nix b/krebs/3modules/cachecache.nix new file mode 100644 index 000000000..c02c7c80c --- /dev/null +++ b/krebs/3modules/cachecache.nix @@ -0,0 +1,171 @@ +{ config, lib, ... }: + + +# fork of https://gist.github.com/rycee/f495fc6cc4130f155e8b670609a1e57b +# related: https://github.com/nh2/nix-binary-cache-proxy + +with lib; + +let + + cfg = config.krebs.cachecache; + + nginxCfg = config.services.nginx; + + cacheFallbackConfig = { + proxyPass = "$upstream_endpoint"; + extraConfig = '' + # Default is HTTP/1, keepalive is only enabled in HTTP/1.1. + proxy_http_version 1.1; + + # Remove the Connection header if the client sends it, it could + # be "close" to close a keepalive connection + proxy_set_header Connection ""; + + # Needed for CloudFront. + proxy_ssl_server_name on; + + proxy_set_header Host $proxy_host; + proxy_cache nix_cache_cache; + proxy_cache_valid 200 302 60m; + proxy_cache_valid 404 1m; + + expires max; + add_header Cache-Control $nix_cache_cache_header always; + ''; + }; + +in + +{ + options = { + krebs.cachecache = { + enable = mkEnableOption "Nix binary cache cache"; + + virtualHost = mkOption { + type = types.str; + default = "nix-cache"; + description = '' + Name of the nginx virtualhost to use and setup. If null, do + not setup any virtualhost. + ''; + }; + enableSSL = mkOption { + type = types.bool; + default = true; + description = '' + enable SSL via letsencrypt. Requires working dns resolution and open + internet tls port. + ''; + }; + + # webRoot = mkOption { + # type = types.str; + # default = "/"; + # description = '' + # Directory on virtual host that serves the cache. Must end in + # /. + # ''; + # }; + + resolver = mkOption { + type = types.str; + description = "Address of DNS resolver."; + default = "8.8.8.8 ipv6=off"; + example = "127.0.0.1 ipv6=off"; + }; + + cacheDir = mkOption { + type = types.str; + default = "/var/cache/nix-cache-cache"; + description = '' + Where nginx should store cached data. + ''; + }; + + maxSize = mkOption { + type = types.str; + default = "50g"; + description = "Maximum cache size."; + }; + }; + }; + + config = { + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + + systemd.services.nginx.preStart = '' + mkdir -p ${cfg.cacheDir} /srv/www/nix-cache-cache + chmod 700 ${cfg.cacheDir} /srv/www/nix-cache-cache + chown ${nginxCfg.user}:${nginxCfg.group} \ + ${cfg.cacheDir} /srv/www/nix-cache-cache + ''; + + services.nginx = { + enable = true; + + appendHttpConfig = '' + proxy_cache_path ${cfg.cacheDir} + levels=1:2 + keys_zone=nix_cache_cache:100m + max_size=${cfg.maxSize} + inactive=365d + use_temp_path=off; + + # Cache only success status codes; in particular we don't want + # to cache 404s. See https://serverfault.com/a/690258/128321. + map $status $nix_cache_cache_header { + 200 "public"; + 302 "public"; + default "no-cache"; + } + ''; + + virtualHosts.${cfg.virtualHost} = { + addSSL = cfg.enableSSL; + enableACME = cfg.enableSSL; + extraConfig = '' + # Using a variable for the upstream endpoint to ensure that it is + # resolved at runtime as opposed to once when the config file is loaded + # and then cached forever (we don't want that): + # see https://tenzer.dk/nginx-with-dynamic-upstreams/ + # This fixes errors like + # + # nginx: [emerg] host not found in upstream "upstream.example.com" + # + # when the upstream host is not reachable for a short time when + # nginx is started. + resolver ${cfg.resolver} valid=10s; + set $upstream_endpoint https://cache.nixos.org; + ''; + + locations."/" = + { + root = "/srv/www/nix-cache-cache"; + extraConfig = '' + expires max; + add_header Cache-Control $nix_cache_cache_header always; + + # Ask the upstream server if a file isn't available + # locally. + error_page 404 = @fallback; + + # Don't bother logging the above 404. + log_not_found off; + ''; + }; + + locations."@fallback" = cacheFallbackConfig; + + # We always want to copy cache.nixos.org's nix-cache-info + # file, and ignore our own, because `nix-push` by default + # generates one without `Priority` field, and thus that file + # by default has priority 50 (compared to cache.nixos.org's + # `Priority: 40`), which will make download clients prefer + # `cache.nixos.org` over our binary cache. + locations."= /nix-cache-info" = cacheFallbackConfig; + }; + }; + }; +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index ca67ce65c..24cbd9cc9 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -14,6 +14,7 @@ let ./buildbot/master.nix ./buildbot/slave.nix ./build.nix + ./cachecache.nix ./charybdis.nix ./ci.nix ./current.nix From c4484dee1a7fb1bfc3952cf4211a22fa0d6002ca Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Nov 2018 00:06:05 +0100 Subject: [PATCH 17/37] puyak.r: disable cache again --- krebs/1systems/puyak/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 2cc97a24f..67257eacd 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -10,7 +10,6 @@ - From 105a0b6515b2e193b883ee8fb00d8454b8049588 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 21 Nov 2018 04:10:07 +0100 Subject: [PATCH 18/37] cachecache: enable only if enabled --- krebs/3modules/cachecache.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/cachecache.nix b/krebs/3modules/cachecache.nix index c02c7c80c..989320480 100644 --- a/krebs/3modules/cachecache.nix +++ b/krebs/3modules/cachecache.nix @@ -91,7 +91,7 @@ in }; }; - config = { + config = mkIf cfg.enable { networking.firewall.allowedTCPPorts = [ 80 443 ]; From 5491f83171e5fb1c5cb62d8a763d19e584e23a20 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 21 Nov 2018 04:58:55 +0100 Subject: [PATCH 19/37] l krops: add support for per host source.nix --- lass/krops.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lass/krops.nix b/lass/krops.nix index 758c2a7d4..c2669c8f2 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -5,6 +5,12 @@ pkgs ; + host-source = if lib.pathExists (./. + "/1systems/${name}/source.nix") then + import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs; } + else + {} + ; + source = { test }: lib.evalSource [ krebs-source { @@ -18,6 +24,7 @@ }; }; } + host-source ]; in { From 72467a2e5904f3e66efc65cb92f05dd0bf34c0e2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 21 Nov 2018 04:59:45 +0100 Subject: [PATCH 20/37] l blue: add source.nix (to fetch tarball) --- lass/1systems/blue/source.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 lass/1systems/blue/source.nix diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix new file mode 100644 index 000000000..8f748ab8f --- /dev/null +++ b/lass/1systems/blue/source.nix @@ -0,0 +1,11 @@ +{ lib, pkgs, ... }: +{ + nixpkgs = lib.mkForce { + file = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; + sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; + }); + }; +} From c15c3d82bb9055f3af5033c89cfbbbbba975e4a4 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Nov 2018 08:24:35 +0100 Subject: [PATCH 21/37] ma omo.r,wbob.r: allow insecure home-assistant --- makefu/1systems/omo/config.nix | 11 ++++++++++- makefu/1systems/wbob/config.nix | 7 ++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 9eb8cbf49..260f96081 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -63,9 +63,17 @@ in { } # - + # TODO: + # + + { + # Risikoübernahme + nixpkgs.config.permittedInsecurePackages = [ + "homeassistant-0.77.2" + ]; + } { makefu.ps3netsrv = { @@ -97,6 +105,7 @@ in { ]; makefu.full-populate = true; + nixpkgs.config.allowUnfree = true; krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) { downloadDir = lib.mkForce "/media/cryptX/torrent"; extraConfig = '' diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 24a3dddc6..f2311fb55 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -45,7 +45,12 @@ in { # { environment.systemPackages = [ pkgs.vlc ]; } - + { + # Risikoübernahme + nixpkgs.config.permittedInsecurePackages = [ + "homeassistant-0.77.2" + ]; + } From a6f4d27da624cce5f9001b371a03b34ba4a68b8e Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 22 Nov 2018 09:38:33 +0100 Subject: [PATCH 22/37] ma: gum.r also resolves to torrent.gum.r --- krebs/3modules/makefu/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index bea0f1c0e..881f082c6 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -624,6 +624,7 @@ in { "blog.makefu.r" "blog.gum.r" "dcpp.gum.r" + "torrent.gum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- From 91e4f7fd9202086c137920e712ed810afafca6e7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 25 Nov 2018 18:20:40 +0100 Subject: [PATCH 23/37] nixpkgs: bf7930d -> 5d4a1a3 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index e013645ea..61fd085be 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "bf7930d582bcf7953c3b87e649858f3f1873eb9c", - "date": "2018-11-04T19:36:25+01:00", - "sha256": "0nvn6g0pxp0glqjg985qxs7ash0cmcdc80h8jxxk6z4pnr3f2n1m", + "rev": "5d4a1a3897e2d674522bcb3aa0026c9e32d8fd7c", + "date": "2018-11-24T00:40:22-05:00", + "sha256": "19kryzx9a6x68mpyxks3dajraf92hkbnw1zf952k73s2k4qw9jlq", "fetchSubmodules": false } From 4fedcb814791363ce89f8ba0a31291fc2a1ca138 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 25 Nov 2018 23:45:27 +0100 Subject: [PATCH 24/37] ma gum.r: fix pubkey which accidentally got overwritten ... --- krebs/3modules/makefu/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 881f082c6..188fbc461 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -628,12 +628,12 @@ in { ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8 - aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO - npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh - 6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF - 3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN - VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB + MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY + BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 + i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 + 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS + u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa + OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB -----END RSA PUBLIC KEY----- ''; }; From 35d426523b7c3feb3e845ba90f423c256581437d Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Nov 2018 23:05:45 +0100 Subject: [PATCH 25/37] ma download.binaergewitter: nightly sync --- .../nginx/download.binaergewitter.de.nix | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 makefu/2configs/nginx/download.binaergewitter.de.nix diff --git a/makefu/2configs/nginx/download.binaergewitter.de.nix b/makefu/2configs/nginx/download.binaergewitter.de.nix new file mode 100644 index 000000000..6b5687e72 --- /dev/null +++ b/makefu/2configs/nginx/download.binaergewitter.de.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +let + ident = (toString ) + "/mirrorsync.gum.id_ed25519"; +in { + systemd.services.mirrorsync = { + startAt = "08:00:00"; + path = with pkgs; [ rsync openssh ]; + script = ''rsync -av -e "ssh -i ${ident}" mirrorsync@159.69.132.234:/var/www/html/ /var/www/binaergewitter''; + }; + services.nginx = { + enable = lib.mkDefault true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + virtualHosts."download.binaergewitter.de" = { + serverAliases = [ "dl2.binaergewitter.de" ]; + root = "/var/www/binaergewitter"; + extraConfig = '' + access_log /var/spool/nginx/logs/binaergewitter.access.log combined; + error_log /var/spool/nginx/logs/binaergewitter.error.log error; + autoindex on; + ''; + }; + }; +} From c35bc044dba5260bea5574a86897c6c45b4e525a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 00:55:59 +0100 Subject: [PATCH 26/37] ci: abort if an error occurs in get_steps --- krebs/3modules/ci.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 4cfe598d6..62efce44b 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -26,6 +26,7 @@ let hostname = config.networking.hostName; getJobs = pkgs.writeDash "get_jobs" '' + set -efu nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null nix-instantiate --quiet -Q --eval --strict --json ./ci.nix ''; From 09ee7ca4d832bfdc836c9463513891f1e97db10b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 00:58:07 +0100 Subject: [PATCH 27/37] ci: add gcroot for build-scripts --- krebs/3modules/ci.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 62efce44b..d8d0e7f3d 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -28,7 +28,13 @@ let getJobs = pkgs.writeDash "get_jobs" '' set -efu nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null - nix-instantiate --quiet -Q --eval --strict --json ./ci.nix + js="$(nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" + echo "$js" | jq -r 'to_entries[] | [.key, .value] | @tsv' \ + | while read -r host builder; do + gcroot=${shell.escape profileRoot}/$host-builder + ${pkgs.nix}/bin/nix-env -p "$gcroot" --set "$builder" + done + echo "$js" ''; profileRoot = "/nix/var/nix/profiles/ci"; From 593b2baf031dac70bff4d0484f87b28d674ccbed Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 00:58:57 +0100 Subject: [PATCH 28/37] fetchWallpaper: remove broken maxTime --- krebs/3modules/fetchWallpaper.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index f67188122..5a5065565 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -38,11 +38,6 @@ let ''; default = {}; }; - maxTime = mkOption { - type = types.int; - default = 0; - description = "Time to wait before download is aborted"; - }; }; fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" '' @@ -51,8 +46,8 @@ let mkdir -p ${cfg.stateDir} chmod o+rx ${cfg.stateDir} cd ${cfg.stateDir} - (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || : - feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper + (curl -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || : + feh --no-fehbg --bg-scale wallpaper ''; imp = { From 9f9a53723bd79b029d398c0542a686bd8ed56151 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 00:59:40 +0100 Subject: [PATCH 29/37] l blue-host: fix permissions --- lass/2configs/blue-host.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index be9f68c08..e80ce326a 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -23,6 +23,12 @@ in { ''; } ]; + + system.activationScripts.containerPermissions = '' + mkdir -p /var/lib/containers + chmod 711 /var/lib/containers + ''; + containers.blue = { config = { ... }: { environment.systemPackages = [ From 304059b1da4ac256d1487e83a7280d0db6615c2d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:00:14 +0100 Subject: [PATCH 30/37] l blue-host: sync also owner and group --- lass/2configs/blue-host.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index e80ce326a..6d46cb8c1 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -80,6 +80,10 @@ in { source = "/var/lib/containers/.blue", host = "${host}.r", targetdir = "/var/lib/containers/.blue", + rsync = { + owner = true, + group = true, + }; ssh = { binary = "${pkgs.openssh}/bin/ssh"; identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa", From a1c261d61b243549bb2525da57bf3fada805f7f5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:00:59 +0100 Subject: [PATCH 31/37] l blue-host: dry-build blue first --- lass/2configs/blue-host.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 6d46cb8c1..fba996743 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -99,14 +99,15 @@ in { environment.systemPackages = [ (pkgs.writeDashBin "start-blue" '' set -ef - if ping -c1 blue.r >/dev/null; then - echo 'blue is already running. bailing out' - exit 23 - fi if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue fi nixos-container start blue + nixos-container run blue -- nixos-rebuild -I /var/src dry-build + if ping -c1 blue.r >/dev/null; then + echo 'blue is already running. bailing out' + exit 23 + fi nixos-container run blue -- nixos-rebuild -I /var/src switch '') ]; From f19b35b7ab0a272724d39b8cfd65181e220c727a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:01:16 +0100 Subject: [PATCH 32/37] l fetchWallpaper: remove maxTime --- lass/2configs/fetchWallpaper.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index e756c3424..065ee9c42 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -7,7 +7,6 @@ in { enable = true; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; url = "prism/realwallpaper-krebs.png"; - maxTime = 10; }; } From 8a6fd4d0044259574fec1b16d3ea441aee5eedda Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:01:56 +0100 Subject: [PATCH 33/37] l radio: add mp3 stream --- lass/2configs/radio.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index bf6855804..85faded14 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -60,10 +60,25 @@ in { group = "radio"; musicDirectory = "/home/radio/the_playlist/music"; extraConfig = '' + audio_output { + type "shout" + encoding "lame" + name "the_playlist_mp3" + host "localhost" + port "8000" + mount "/radio.mp3" + password "${source-password}" + bitrate "128" + + format "44100:16:2" + + user "source" + genre "good music" + } audio_output { type "shout" encoding "ogg" - name "the_playlist" + name "the_playlist_ogg" host "localhost" port "8000" mount "/radio.ogg" From 0b6c07ad7203634af4131ed3fb6f64c1c7fc45ff Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:11:35 +0100 Subject: [PATCH 34/37] buildbot: don't fuckup permissions --- krebs/3modules/buildbot/master.nix | 2 +- krebs/3modules/buildbot/slave.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 209dbe980..8995753ac 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -362,7 +362,7 @@ let # normally we should write buildbot.tac by our own # ${pkgs.buildbot-classic}/bin/buildbot upgrade-master ${workdir} - chmod 700 -R ${workdir} + chmod 700 ${workdir} chown buildbotMaster:buildbotMaster -R ${workdir} ''; ExecStart = "${pkgs.buildbot-classic}/bin/buildbot start --nodaemon ${workdir}"; diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index 544f9c4e0..c15169fba 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -166,7 +166,7 @@ let echo ${description} > ${workdir}/info/host chown buildbotSlave:buildbotSlave -R ${workdir} - chmod 700 -R ${workdir} + chmod 700 ${workdir} ''; ExecStart = "${pkgs.buildbot-classic-slave}/bin/buildslave start ${workdir}"; ExecStop = "${pkgs.buildbot-classic-slave}/bin/buildslave stop ${workdir}"; From d1020af2b3aac2d823240627980f846e6dc9797c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 04:01:13 +0100 Subject: [PATCH 35/37] l: add ssl for cache.{krebsco.de,lassul.us} --- lass/2configs/binary-cache/server.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index 220e41d0a..86158c468 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -20,7 +20,14 @@ services.nginx = { enable = true; virtualHosts.nix-serve = { - serverAliases = [ "cache.prism.r" "cache.krebsco.de" "cache.lassul.us" ]; + serverAliases = [ "cache.prism.r" ]; + locations."/".extraConfig = '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + ''; + }; + virtualHosts."cache.krebsco.de" = { + serverAliases = [ "cache.lassul.us" ]; + enableACME = true; locations."/".extraConfig = '' proxy_pass http://localhost:${toString config.services.nix-serve.port}; ''; From 42405d18cffbf9ef42ea5e29f0c3ae9ab607471a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 04:01:58 +0100 Subject: [PATCH 36/37] l: add lesswrong@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index bf43ee7d1..9bb70d1c2 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -92,6 +92,7 @@ with import ; { from = "ccc@lassul.us"; to = lass.mail; } { from = "neocron@lassul.us"; to = lass.mail; } { from = "osmocom@lassul.us"; to = lass.mail; } + { from = "lesswrong@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From eef1d7877defd7c310dc20f62bf96c7b8f408044 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 04:02:22 +0100 Subject: [PATCH 37/37] l mails: add dn42 vbox --- lass/2configs/mail.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index b5bbea750..9ea91ae19 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -47,6 +47,7 @@ let ]; dezentrale = [ "to:dezentrale.space" ]; dhl = [ "to:dhl@lassul.us" ]; + dn42 = [ "to:dn42@lists.nox.tf" ]; eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];