summaryrefslogtreecommitdiffstats
path: root/lass/1systems/ubik
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2023-09-09 19:42:08 +0200
committermakefu <github@syntax-fehler.de>2023-09-09 19:42:08 +0200
commit29d72c898d674d2c18fc0f4a76b5e623de0c3dfe (patch)
treefc4b0695c986a1cda6f1fbbbcbe716e203c54fa3 /lass/1systems/ubik
parente157ffa72856e4378aa23b096b2efff233f3cb3d (diff)
parent083229d0211096daec08673f743ccc45b1d8a0ac (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/1systems/ubik')
-rw-r--r--lass/1systems/ubik/config.nix276
-rw-r--r--lass/1systems/ubik/physical.nix7
2 files changed, 0 insertions, 283 deletions
diff --git a/lass/1systems/ubik/config.nix b/lass/1systems/ubik/config.nix
deleted file mode 100644
index 3afbf6bd1..000000000
--- a/lass/1systems/ubik/config.nix
+++ /dev/null
@@ -1,276 +0,0 @@
-with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.ubik;
-
- krebs.sync-containers3.inContainer = {
- enable = true;
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBFGMjH0+Dco6DVFZbByENMci8CFTLXCL7j53yctPnM";
- };
-
- security.acme = {
- acceptTerms = true;
- defaults.email = "acme@lassul.us";
- };
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-
- # nextcloud
- services.nginx.virtualHosts."c.apanowicz.de" = {
- enableACME = true;
- forceSSL = true;
- };
- services.nextcloud = {
- enable = true;
- enableBrokenCiphersForSSE = false;
- hostName = "c.apanowicz.de";
- package = pkgs.nextcloud25;
- config.adminpassFile = "/run/nextcloud.pw";
- https = true;
- maxUploadSize = "9001M";
- };
- systemd.services.nextcloud-setup.serviceConfig.ExecStartPre = [
- "+${pkgs.writeDash "copy-pw" ''
- ${pkgs.rsync}/bin/rsync \
- --chown nextcloud:nextcloud \
- --chmod 0700 \
- /var/src/secrets/nextcloud.pw /run/nextcloud.pw
- ''}"
- ];
-
- # mail
- lass.usershadow.enable = true;
- services.nginx.virtualHosts."mail.ubikmedia.eu" = {
- enableACME = true;
- forceSSL = true;
- };
- services.roundcube = {
- enable = true;
- hostName = "mail.ubikmedia.eu";
- extraConfig = ''
- $config['smtp_debug'] = true;
- $config['smtp_host'] = "localhost:25";
- '';
- };
- services.dovecot2 = {
- enable = true;
- showPAMFailure = true;
- mailLocation = "maildir:~/Mail";
- sslServerCert = "/var/lib/acme/mail.ubikmedia.eu/fullchain.pem";
- sslServerKey = "/var/lib/acme/mail.ubikmedia.eu/key.pem";
- };
- krebs.exim-smarthost = {
- ssl_cert = "/var/lib/acme/mail.ubikmedia.eu/fullchain.pem";
- ssl_key = "/var/lib/acme/mail.ubikmedia.eu/key.pem";
- authenticators.PLAIN = ''
- driver = plaintext
- public_name = PLAIN
- server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
- '';
- authenticators.LOGIN = ''
- driver = plaintext
- public_name = LOGIN
- server_prompts = "Username:: : Password::"
- server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
- # server_condition = ''${run{/run/current-system/sw/bin/debug_exim ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
- '';
- internet-aliases = [
- { from = "dma@ubikmedia.de"; to = "domsen"; }
- { from = "dma@ubikmedia.eu"; to = "domsen"; }
- { from = "hallo@apanowicz.de"; to = "domsen"; }
- { from = "bruno@apanowicz.de"; to = "bruno"; }
- { from = "mail@jla-trading.com"; to = "jla-trading"; }
- { from = "jms@ubikmedia.eu"; to = "jms"; }
- { from = "ms@ubikmedia.eu"; to = "ms"; }
- { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
- { from = "kontakt@alewis.de"; to ="klabusterbeere"; }
- { from = "hallo@jarugadesign.de"; to ="kasia"; }
- { from = "noreply@beeshmooth.ch"; to ="besmooth@gmx.ch"; }
-
- { from = "testuser@ubikmedia.eu"; to = "testuser"; }
- ];
- sender_domains = [
- "jla-trading.com"
- "ubikmedia.eu"
- "ubikmedia.de"
- "apanowicz.de"
- "alewis.de"
- "jarugadesign.de"
- "beesmooth.ch"
- "event-extra.de"
- ];
- dkim = [
- { domain = "ubikmedia.eu"; }
- { domain = "apanowicz.de"; }
- { domain = "beesmooth.ch"; }
- ];
- };
-
- # users
- users.users.UBIK-SFTP = {
- uid = pkgs.stockholm.lib.genid_uint31 "UBIK-SFTP";
- home = "/home/UBIK-SFTP";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.xanf = {
- uid = pkgs.stockholm.lib.genid_uint31 "xanf";
- group = "xanf";
- home = "/home/xanf";
- useDefaultShell = true;
- createHome = false; # creathome forces permissions
- isNormalUser = true;
- };
-
- users.users.domsen = {
- uid = pkgs.stockholm.lib.genid_uint31 "domsen";
- description = "maintenance acc for domsen";
- home = "/home/domsen";
- useDefaultShell = true;
- extraGroups = [ "syncthing" "download" "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.bruno = {
- uid = pkgs.stockholm.lib.genid_uint31 "bruno";
- home = "/home/bruno";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.jla-trading = {
- uid = pkgs.stockholm.lib.genid_uint31 "jla-trading";
- home = "/home/jla-trading";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.jms = {
- uid = pkgs.stockholm.lib.genid_uint31 "jms";
- home = "/home/jms";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.ms = {
- uid = pkgs.stockholm.lib.genid_uint31 "ms";
- home = "/home/ms";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.testuser = {
- uid = pkgs.stockholm.lib.genid_uint31 "testuser";
- home = "/home/testuser";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.bui = {
- uid = pkgs.stockholm.lib.genid_uint31 "bui";
- home = "/home/bui";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.klabusterbeere = {
- uid = pkgs.stockholm.lib.genid_uint31 "klabusterbeere";
- home = "/home/klabusterbeere";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.kasia = {
- uid = pkgs.stockholm.lib.genid_uint31 "kasia";
- home = "/home/kasia";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.XANF_TEAM = {
- uid = pkgs.stockholm.lib.genid_uint31 "XANF_TEAM";
- group = "xanf";
- home = "/home/XANF_TEAM";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.dif = {
- uid = pkgs.stockholm.lib.genid_uint31 "dif";
- home = "/home/dif";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.lavafilms = {
- uid = pkgs.stockholm.lib.genid_uint31 "lavafilms";
- home = "/home/lavafilms";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.movematchers = {
- uid = pkgs.stockholm.lib.genid_uint31 "movematchers";
- home = "/home/movematchers";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.blackphoton = {
- uid = pkgs.stockholm.lib.genid_uint31 "blackphoton";
- home = "/home/blackphoton";
- useDefaultShell = true;
- extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.line = {
- uid = pkgs.stockholm.lib.genid_uint31 "line";
- home = "/home/line";
- useDefaultShell = true;
- # extraGroups = [ "xanf" ];
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.avada = {
- uid = pkgs.stockholm.lib.genid_uint31 "avada";
- home = "/home/avada";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
- users.users.familienrat = {
- uid = pkgs.stockholm.lib.genid_uint31 "familienrat";
- home = "/home/familienrat";
- useDefaultShell = true;
- createHome = true;
- isNormalUser = true;
- };
-
-}
diff --git a/lass/1systems/ubik/physical.nix b/lass/1systems/ubik/physical.nix
deleted file mode 100644
index 8577daf34..000000000
--- a/lass/1systems/ubik/physical.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- imports = [
- ./config.nix
- ];
- boot.isContainer = true;
- networking.useDHCP = true;
-}