From d72657a57be63ff6eeeaa0b84cd7761b2d38c8b4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:20:10 +0200
Subject: [PATCH] l blue.r: add weechat, backups & mail

---
 lass/1systems/blue/config.nix | 30 +++++++++++++++++++
 lass/2configs/blue.nix        | 55 +++++++++++++++++++++++++++++++++++
 2 files changed, 85 insertions(+)
 create mode 100644 lass/2configs/blue.nix

diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index b068c34b0..aef055cf0 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -5,7 +5,37 @@ with import <stockholm/lib>;
     <stockholm/lass>
     <stockholm/lass/2configs>
     <stockholm/lass/2configs/retiolum.nix>
+    <stockholm/lass/2configs/exim-retiolum.nix>
+
+    <stockholm/lass/2configs/blue.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.blue;
+
+  networking.nameservers = [ "1.1.1.1" ];
+
+  lass.restic = genAttrs [
+    "daedalus"
+    "icarus"
+    "littleT"
+    "prism"
+    "shodan"
+    "skynet"
+  ] (dest: {
+    dirs = [
+      "/home/"
+      "/var/lib"
+    ];
+    passwordFile = (toString <secrets>) + "/restic/${dest}";
+    repo = "sftp:backup@${dest}.r:/backups/blue";
+    extraArguments = [
+      "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
+    ];
+    timerConfig = {
+      OnCalendar = "00:05";
+      RandomizedDelaySec = "5h";
+    };
+  });
+  time.timeZone = "Europe/Berlin";
+  users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
 }
diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
new file mode 100644
index 000000000..c0417b865
--- /dev/null
+++ b/lass/2configs/blue.nix
@@ -0,0 +1,55 @@
+with (import <stockholm/lib>);
+{ config, lib, pkgs, ... }:
+
+{
+
+  imports = [
+    ./bitlbee.nix
+    ./mail.nix
+    ./pass.nix
+  ];
+
+  services.tor.enable = true;
+
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
+    { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";}
+  ];
+
+  systemd.services.chat = let
+    tmux = pkgs.writeDash "tmux" ''
+      exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
+        set-option -g prefix `
+        unbind-key C-b
+        bind ` send-prefix
+
+        set-option -g status off
+        set-option -g default-terminal screen-256color
+
+        #use session instead of windows
+        bind-key c new-session
+        bind-key p switch-client -p
+        bind-key n switch-client -n
+        bind-key C-s switch-client -l
+      ''} "$@"
+    '';
+  in {
+    description = "chat environment setup";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    restartIfChanged = false;
+
+    path = [
+      pkgs.rxvt_unicode.terminfo
+    ];
+
+    serviceConfig = {
+      User = "lass";
+      RemainAfterExit = true;
+      Type = "oneshot";
+      ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
+      ExecStop = "${tmux} kill-session -t IM";
+    };
+  };
+}