summaryrefslogtreecommitdiffstats
path: root/lass/1systems/prism
diff options
context:
space:
mode:
Diffstat (limited to 'lass/1systems/prism')
-rw-r--r--lass/1systems/prism/config.nix68
-rw-r--r--lass/1systems/prism/physical.nix5
2 files changed, 66 insertions, 7 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index a9fbae695..e2097e93a 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -25,7 +25,7 @@ with import <stockholm/lib>;
{ # TODO make new hfos.nix out of this vv
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = {
- uid = genid "riot";
+ uid = genid_uint31 "riot";
isNormalUser = true;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
@@ -44,21 +44,21 @@ with import <stockholm/lib>;
}
{
users.users.tv = {
- uid = genid "tv";
+ uid = genid_uint31 "tv";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
];
};
users.users.makefu = {
- uid = genid "makefu";
+ uid = genid_uint31 "makefu";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.makefu.pubkey
];
};
users.extraUsers.dritter = {
- uid = genid "dritter";
+ uid = genid_uint31 "dritter";
isNormalUser = true;
extraGroups = [
"download"
@@ -75,7 +75,7 @@ with import <stockholm/lib>;
];
};
users.users.hellrazor = {
- uid = genid "hellrazor";
+ uid = genid_uint31 "hellrazor";
isNormalUser = true;
extraGroups = [
"download"
@@ -168,7 +168,7 @@ with import <stockholm/lib>;
}
{
users.users.jeschli = {
- uid = genid "jeschli";
+ uid = genid_uint31 "jeschli";
isNormalUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
jeschli.pubkey
@@ -207,7 +207,6 @@ with import <stockholm/lib>;
RandomizedDelaySec = "2min";
};
}
- <stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/minecraft.nix>
{
services.taskserver = {
@@ -338,6 +337,61 @@ with import <stockholm/lib>;
];
}
+ {
+ systemd.services."container@yellow".reloadIfChanged = mkForce false;
+ containers.yellow = {
+ config = { ... }: {
+ environment.systemPackages = [ pkgs.git ];
+ services.openssh.enable = true;
+ users.users.root.openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ ];
+ };
+ autoStart = false;
+ enableTun = true;
+ privateNetwork = true;
+ hostAddress = "10.233.2.13";
+ localAddress = "10.233.2.14";
+ };
+
+ services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = ''
+ if ($scheme != "https") {
+ rewrite ^ https://$host$uri permanent;
+ }
+ auth_basic "Restricted Content";
+ auth_basic_user_file ${pkgs.writeText "transmission-user-pass" ''
+ krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
+ ''};
+ proxy_pass http://10.233.2.14:9091;
+ '';
+
+ users.groups.download = {};
+ users.users = {
+ download = {
+ createHome = true;
+ group = "download";
+ name = "download";
+ home = "/var/download";
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = with config.krebs.users; [
+ lass.pubkey
+ lass-shodan.pubkey
+ lass-icarus.pubkey
+ lass-daedalus.pubkey
+ lass-helios.pubkey
+ makefu.pubkey
+ wine-mors.pubkey
+ ];
+ };
+ };
+
+ system.activationScripts.downloadFolder = ''
+ mkdir -p /var/download
+ chmod 775 /var/download
+ ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
+ chown download: /var/download/finished
+ '';
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 4388c13fa..116bdb92f 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -25,6 +25,11 @@
fsType = "zfs";
};
+ fileSystems."/var/download" = {
+ device = "tank/download";
+ fsType = "zfs";
+ };
+
fileSystems."/var/lib/containers" = {
device = "tank/containers";
fsType = "zfs";
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 07:53:43 +0000