l blue.r: add weechat, backups & mail

2018-05-20 10:20:10 +02:00 · 2018-05-20 10:20:10 +02:00 · d72657a57b
parent c7a49e7ac9
commit d72657a57b
2 changed files with 85 additions and 0 deletions
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@ -5,7 +5,37 @@ with import <stockholm/lib>;
    <stockholm/lass>
    <stockholm/lass/2configs>
    <stockholm/lass/2configs/retiolum.nix>
+    <stockholm/lass/2configs/exim-retiolum.nix>
+
+    <stockholm/lass/2configs/blue.nix>
  ];

  krebs.build.host = config.krebs.hosts.blue;
+
+  networking.nameservers = [ "1.1.1.1" ];
+
+  lass.restic = genAttrs [
+    "daedalus"
+    "icarus"
+    "littleT"
+    "prism"
+    "shodan"
+    "skynet"
+  ] (dest: {
+    dirs = [
+      "/home/"
+      "/var/lib"
+    ];
+    passwordFile = (toString <secrets>) + "/restic/${dest}";
+    repo = "sftp:backup@${dest}.r:/backups/blue";
+    extraArguments = [
+      "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
+    ];
+    timerConfig = {
+      OnCalendar = "00:05";
+      RandomizedDelaySec = "5h";
+    };
+  });
+  time.timeZone = "Europe/Berlin";
+  users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
 }
--- a/lass/2configs/blue.nix
+++ b/lass/2configs/blue.nix
@ -0,0 +1,55 @@
+with (import <stockholm/lib>);
+{ config, lib, pkgs, ... }:
+
+{
+
+  imports = [
+    ./bitlbee.nix
+    ./mail.nix
+    ./pass.nix
+  ];
+
+  services.tor.enable = true;
+
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
+    { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";}
+  ];
+
+  systemd.services.chat = let
+    tmux = pkgs.writeDash "tmux" ''
+      exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
+        set-option -g prefix `
+        unbind-key C-b
+        bind ` send-prefix
+
+        set-option -g status off
+        set-option -g default-terminal screen-256color
+
+        #use session instead of windows
+        bind-key c new-session
+        bind-key p switch-client -p
+        bind-key n switch-client -n
+        bind-key C-s switch-client -l
+      ''} "$@"
+    '';
+  in {
+    description = "chat environment setup";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    restartIfChanged = false;
+
+    path = [
+      pkgs.rxvt_unicode.terminfo
+    ];
+
+    serviceConfig = {
+      User = "lass";
+      RemainAfterExit = true;
+      Type = "oneshot";
+      ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
+      ExecStop = "${tmux} kill-session -t IM";
+    };
+  };
+}