From e3cce01913c6a22946cc01438079bc3410ded9b2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 14:58:46 +0200 Subject: l: add lassulus-blog config, repair ssl for cgit --- lass/1systems/prism.nix | 49 +------------------- lass/2configs/websites/lassulus.nix | 91 +++++++++++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+), 48 deletions(-) create mode 100644 lass/2configs/websites/lassulus.nix (limited to 'lass') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 51d106b5e..9fa210d08 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -24,26 +24,6 @@ in { ../2configs/repo-sync.nix ../2configs/binary-cache/server.nix ../2configs/iodined.nix - { - imports = [ - ../2configs/git.nix - ]; - krebs.nginx.servers.cgit = { - server-names = [ - "cgit.lassul.us" - ]; - locations = [ - (nameValuePair "/.well-known/acme-challenge" '' - root /var/lib/acme/challenges/cgit.lassul.us/; - '') - ]; - ssl = { - enable = true; - certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; - certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem"; - }; - }; - } { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories @@ -174,6 +154,7 @@ in { imports = [ ../2configs/websites/wohnprojekt-rhh.de.nix ../2configs/websites/domsen.nix + ../2configs/websites/lassulus.nix ]; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport http"; target = "ACCEPT"; } @@ -186,34 +167,6 @@ in { }; } { - security.acme = { - certs."lassul.us" = { - email = "lass@lassul.us"; - webroot = "/var/lib/acme/challenges/lassul.us"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - "full.pem" - ]; - allowKeysForGroup = true; - group = "lasscert"; - }; - }; - users.groups.lasscert.members = [ - "dovecot2" - "ejabberd" - "exim" - "nginx" - ]; - krebs.nginx.servers."lassul.us" = { - server-names = [ "lassul.us" ]; - locations = [ - (lib.nameValuePair "/.well-known/acme-challenge" '' - root /var/lib/acme/challenges/lassul.us/; - '') - ]; - }; lass.ejabberd = { enable = true; hosts = [ "lassul.us" ]; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix new file mode 100644 index 000000000..04c19fad0 --- /dev/null +++ b/lass/2configs/websites/lassulus.nix @@ -0,0 +1,91 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + inherit (import { config = {}; inherit lib; }) + genid + ; + +in { + imports = [ + ../git.nix + ]; + + security.acme = { + certs."lassul.us" = { + email = "lass@lassul.us"; + webroot = "/var/lib/acme/challenges/lassul.us"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + "full.pem" + ]; + allowKeysForGroup = true; + group = "lasscert"; + }; + certs."cgit.lassul.us" = { + email = "lassulus@gmail.com"; + webroot = "/var/lib/acme/challenges/cgit.lassul.us"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + ]; + group = "nginx"; + allowKeysForGroup = true; + }; + }; + + users.groups.lasscert.members = [ + "dovecot2" + "ejabberd" + "exim" + "nginx" + ]; + + krebs.nginx.servers."lassul.us" = { + server-names = [ "lassul.us" ]; + locations = [ + (nameValuePair "/" '' + root /srv/http/lassul.us; + '') + (nameValuePair "/.well-known/acme-challenge" '' + root /var/lib/acme/challenges/lassul.us/; + '') + ]; + ssl = { + enable = true; + certificate = "/var/lib/acme/lassul.us/fullchain.pem"; + certificate_key = "/var/lib/acme/lassul.us/key.pem"; + }; + }; + + krebs.nginx.servers.cgit = { + server-names = [ + "cgit.lassul.us" + ]; + locations = [ + (nameValuePair "/.well-known/acme-challenge" '' + root /var/lib/acme/challenges/cgit.lassul.us/; + '') + ]; + ssl = { + enable = true; + certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; + certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem"; + }; + }; + + users.users.blog = { + uid = genid "blog"; + description = "lassul.us blog deployment"; + home = "/srv/http/lassul.us"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; +} + -- cgit v1.2.3 From c47b5e3d8b2a9a7215a74b5b9f63b52ceb170c2f Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 14:59:12 +0200 Subject: l 2 baseX: add youtube-tools to pkgs --- lass/2configs/baseX.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 2649ecab9..4b05e3296 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -49,6 +49,8 @@ in { mpv-poll yt-next + + youtube-tools #window manager stuff #haskellPackages.xmobar #haskellPackages.yeganesh -- cgit v1.2.3 From 0bc0ccf58c4c1523a101c188eeab9f63a89cef4c Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 14:59:35 +0200 Subject: l 2 repo-sync: sync lassulus-blog from github --- lass/2configs/repo-sync.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 027f31fe0..eae583a84 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -92,6 +92,7 @@ in { (sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger") (sync-remote "xintmap" "https://github.com/4z3/xintmap") (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper") + (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog") (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs") (sync-retiolum "go") (sync-retiolum "much") -- cgit v1.2.3 From a4f71a9ed0d7db878d40c49589ae6803a1e74017 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 15:01:36 +0200 Subject: l 2 websites domsen: dma@apanowicz.de -> gmx --- lass/2configs/websites/domsen.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index e05f40d97..3a3e60d39 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -191,7 +191,7 @@ in { server_set_id = $auth1 ''; internet-aliases = [ - { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } + { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; } { from = "mail@jla-trading.com"; to = "jla-trading"; } { from = "testuser@lassul.us"; to = "testuser"; } ]; -- cgit v1.2.3 From d0d3cd8e54a78ea1bf16b2b9de5366d15aad7581 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 15:02:06 +0200 Subject: l 1 prism: remove obsolete key --- lass/1systems/prism.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 9fa210d08..8b4f1d7a2 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -144,7 +144,6 @@ in { users.users.chat.openssh.authorizedKeys.keys = [ "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHF9tijlMoEevRZCG1AggukxWggfxPHUwg6Ye113ODG6PZ2m98oSmnsjixDy4GfIJjy+8HBbkwS6iH+fsNk86QtAgFNMjBl+9YvEzNRBzcyCqdOkZFvvZvV2oYA7I15il4ln62PDPKjEIS3YPhZPSwc6GhrlsFTnIG56NF/93IhF7R/FA== JuiceSSH" config.krebs.users.lass-uriel.pubkey - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQ8DJhHAqmdrB2+qkV/OuKjR4QDXUww2TWItyDrs+/6F58WacMozgaZr2goA5JQJ5d19nC3LzYb4yLGguADsp987I6cAu5iXPT5PHKc0eRWDN+AGlpTgUtN1BvVrnJZaUJrR9WlHhFYlkOkzAsB15fKYciVWsyxBCVZ+3oiTEjs2L/sfbrgailWqHIUWDftUnJx8EFmSUVZ2GZWklMcgBo0FJD1i0x5u2dQGguNY+28DzQmKgUMS+xD/uUZvrFIWr9I6CBqhsuHJo8n85BT3B3QdG8ARLt5FKPr5L3My6UjlxOkKrDNLjJFjERFCsuIxnrO3tQhvKXQYlOyskHokocYSdcIq8svghJLA3kmRYIjHjZ4y1BNENsk79WyYNMAi5y+A0Evmu+g3ks/DiW3vI/Sw/D3Uc7ilbImpaoL5qUC4+WZM3J2b3Z1AU5D1QiojpKkB9Qt1bokCm8hrRCG9ZDKqAD6IqmI1ARRjfgA4zKwKUhmMqG4p55YGGVf9OeK0rXgX0Z2InyFXeBaU2aBcDfdKD/65w5MnC9CsJnjELdd4r9u2ugTPExzOo3WUlNuOTB1WoZ8CiY2OVGle/E/MzKUDfGuIFhUsFeX0YcLHPbo+mesISNUPaeadSuMuHE8W4FOeEq51toBo/gkxgjtqqWMOd9SxnDQTMBKq3L/w7nEQ== lass@mors" ]; } { -- cgit v1.2.3 From 77c741b8d7631f534ecb63df6da84abb740aa892 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 15:05:19 +0200 Subject: l 2 exim-smarthost: add feed@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 00a3612fd..d96db359b 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -29,6 +29,7 @@ with config.krebs.lib; { from = "finanzamt@lassul.us"; to = lass.mail; } { from = "netzclub@lassul.us"; to = lass.mail; } { from = "nebenan@lassul.us"; to = lass.mail; } + { from = "feed@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From fe8069802d9fbd61a93ea3959622c7d4c7edbaec Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 15:05:33 +0200 Subject: l 2 exim-smarthost: add art@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index d96db359b..3ed8be77f 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -30,6 +30,7 @@ with config.krebs.lib; { from = "netzclub@lassul.us"; to = lass.mail; } { from = "nebenan@lassul.us"; to = lass.mail; } { from = "feed@lassul.us"; to = lass.mail; } + { from = "art@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From 56350bc8ddae4bf4e475ff4817faa158c283be30 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 15:06:02 +0200 Subject: l 2 nixpkgs: 354fd37 -> b8ede35 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 6e9138b61..73c96e876 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "354fd3728952c229fee4f2924737c601d7ab4725"; + ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; }; } -- cgit v1.2.3 From a2605f25ee48daaf883c6823564686fa49bff0f3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 23:47:00 +0200 Subject: l 1 uriel: set defaultLocale to de_DE --- lass/1systems/uriel.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index aa5286ae0..acc7348e8 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -9,6 +9,7 @@ with config.krebs.lib; ../2configs/exim-retiolum.nix { # locke config + i18n.defaultLocale ="de_DE.UTF-8"; time.timeZone = "Europe/Berlin"; services.xserver.enable = true; users.users.locke = { -- cgit v1.2.3 From bbaee1993c9786bf01f15c34d0d8993842712477 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 23:47:27 +0200 Subject: l 1 uriel: add pavucontrol to pkgs --- lass/1systems/uriel.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index acc7348e8..1068da114 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -29,6 +29,7 @@ with config.krebs.lib; systemWide = true; }; environment.systemPackages = with pkgs; [ + pavucontrol firefox hexchat networkmanagerapplet -- cgit v1.2.3 From c7be88d76a359379d8d75126a746fd3772aa5036 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 23:47:48 +0200 Subject: l 1 uriel: gummiboot -> systemd-boot --- lass/1systems/uriel.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index 1068da114..e1417c83d 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -53,8 +53,8 @@ with config.krebs.lib; #loader.grub.version = 2; #loader.grub.device = "/dev/sda"; - loader.gummiboot.enable = true; - loader.gummiboot.timeout = 5; + loader.systemd-boot.enable = true; + loader.timeout = 5; initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; -- cgit v1.2.3 From 0f2a9778315c3126794c0f1ad63710d38e7a67f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 09:48:42 +0200 Subject: remove haskellPackges.megaparsec --- lass/2configs/buildbot-standalone.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 2fc3d3732..628fdf61f 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -172,7 +172,6 @@ in { "hashPassword", "haskellPackages.blessings", "haskellPackages.email-header", - "haskellPackages.megaparsec", "haskellPackages.scanner", "haskellPackages.xmonad-stockholm", "krebspaste", -- cgit v1.2.3