summaryrefslogtreecommitdiffstats
path: root/lass/1systems/prism/config.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2018-11-30 23:19:32 +0100
committermakefu <github@syntax-fehler.de>2018-11-30 23:19:32 +0100
commitb8db7293383772b936b6937cc05b5588021ca693 (patch)
tree74cd0a8da1fd703080697bed04ffc1a8279a60ae /lass/1systems/prism/config.nix
parent861d4481f710d60d0d84aa8b1f8997f7fc18890d (diff)
parent7f5431a4999fea9626df300f707aa8c62de894e3 (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/1systems/prism/config.nix')
-rw-r--r--lass/1systems/prism/config.nix56
1 files changed, 55 insertions, 1 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index a9fbae695..24fa3fd7a 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -207,7 +207,6 @@ with import <stockholm/lib>;
RandomizedDelaySec = "2min";
};
}
- <stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/minecraft.nix>
{
services.taskserver = {
@@ -338,6 +337,61 @@ with import <stockholm/lib>;
];
}
+ {
+ systemd.services."container@yellow".reloadIfChanged = mkForce false;
+ containers.yellow = {
+ config = { ... }: {
+ environment.systemPackages = [ pkgs.git ];
+ services.openssh.enable = true;
+ users.users.root.openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ ];
+ };
+ autoStart = false;
+ enableTun = true;
+ privateNetwork = true;
+ hostAddress = "10.233.2.13";
+ localAddress = "10.233.2.14";
+ };
+
+ services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = ''
+ if ($scheme != "https") {
+ rewrite ^ https://$host$uri permanent;
+ }
+ auth_basic "Restricted Content";
+ auth_basic_user_file ${pkgs.writeText "transmission-user-pass" ''
+ krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
+ ''};
+ proxy_pass http://10.233.2.14:9091;
+ '';
+
+ users.groups.download = {};
+ users.users = {
+ download = {
+ createHome = true;
+ group = "download";
+ name = "download";
+ home = "/var/download";
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = with config.krebs.users; [
+ lass.pubkey
+ lass-shodan.pubkey
+ lass-icarus.pubkey
+ lass-daedalus.pubkey
+ lass-helios.pubkey
+ makefu.pubkey
+ wine-mors.pubkey
+ ];
+ };
+ };
+
+ system.activationScripts.downloadFolder = ''
+ mkdir -p /var/download
+ chmod 775 /var/download
+ ln -fs /var/lib/containers/yellow/var/download/finished /var/download/finished || :
+ chown download: /var/download/finished
+ '';
+ }
];
krebs.build.host = config.krebs.hosts.prism;