summaryrefslogtreecommitdiffstats
path: root/lass/1systems/prism
diff options
context:
space:
mode:
authorjeschli <jeschli@gmail.com>2019-06-25 22:43:02 +0200
committerjeschli <jeschli@gmail.com>2019-06-25 22:43:02 +0200
commit1cfc265bbfa14b7d9fc6479bcd9cf541e7cdd5eb (patch)
tree18b95faba964f8072d23afcadcadda4f3eb276af /lass/1systems/prism
parent8079877eee34d0a658e8419adfa8987e648388a8 (diff)
parent1d23dceb5d2c536790a00fcde30743b958f1018f (diff)
Merge branch 'master' of prism.r:stockholm
Diffstat (limited to 'lass/1systems/prism')
-rw-r--r--lass/1systems/prism/config.nix15
1 files changed, 14 insertions, 1 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index d7b0b701a..eec8e34b8 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -195,6 +195,7 @@ with import <stockholm/lib>;
};
}
<stockholm/lass/2configs/minecraft.nix>
+ <stockholm/lass/2configs/codimd.nix>
{
services.taskserver = {
enable = true;
@@ -382,7 +383,7 @@ with import <stockholm/lib>;
'';
fileSystems."/export/download" = {
- device = "/var/lib/containers/yellow/var/download";
+ device = "/var/lib/containers/yellow/var/download/finished";
options = [ "bind" ];
};
services.nfs.server = {
@@ -395,6 +396,12 @@ with import <stockholm/lib>;
statdPort = 4000;
};
krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; }
+ { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
@@ -456,4 +463,10 @@ with import <stockholm/lib>;
enable = true;
freeMemThreshold = 5;
};
+
+ # prism rsa hack
+ services.openssh.hostKeys = [{
+ path = toString <secrets> + "ssh.id_rsa";
+ type = "rsa";
+ }];
}