5 files changed, 68 insertions, 3 deletions

diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index 89949bcbf..37bdc0290 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -11,6 +11,7 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/retiolum.nix>
     <stockholm/lass/2configs/otp-ssh.nix>
     <stockholm/lass/2configs/git.nix>
+    <stockholm/lass/2configs/fetchWallpaper.nix>
     { # automatic hardware detection
       boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
       boot.kernelModules = [ "kvm-intel" ];
@@ -31,7 +32,6 @@ with import <stockholm/lib>;
         };
 
       nix.maxJobs = lib.mkDefault 8;
-      powerManagement.cpuFreqGovernor = "powersave";
     }
     { # crypto stuff
       boot.initrd.luks = {
@@ -45,7 +45,7 @@ with import <stockholm/lib>;
     {
       services.xserver.dpi = 200;
       fonts.fontconfig.dpi = 200;
-      lass.myFont = "-schumacher-clean-*-*-*-*-26-*-*-*-*-*-iso10646-1";
+      lass.myFont = "-schumacher-clean-*-*-*-*-25-*-*-*-*-*-iso10646-1";
     }
   ];
   krebs.build.host = config.krebs.hosts.helios;
@@ -83,4 +83,5 @@ with import <stockholm/lib>;
 
   programs.ssh.startAgent = lib.mkForce true;
 
+  services.tlp.enable = true;
 }
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 4d2f8b0f8..8b90cce77 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -38,7 +38,7 @@ with import <stockholm/lib>;
     {
       lass.umts = {
         enable = true;
-        modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_C12AD95CB7B78F90-if09";
+        modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09";
         initstrings = ''
           Init1 = AT+CFUN=1
           Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
@@ -133,6 +133,7 @@ with import <stockholm/lib>;
     iodine
 
     macchanger
+    dpass
   ];
 
   #TODO: fix this shit
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index a70d58828..c9d7a369a 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -42,6 +42,7 @@ with import <stockholm/lib>;
       { from = "securityfocus@lassul.us"; to = lass.mail; }
       { from = "radio@lassul.us"; to = lass.mail; }
       { from = "btce@lassul.us"; to = lass.mail; }
+      { from = "raf@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index d37dd5301..17c39a5f4 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -6,10 +6,66 @@ let
     genid
   ;
 
+  servephpBB = domains:
+    let
+      domain = head domains;
+
+    in {
+      services.nginx.virtualHosts."${domain}" = {
+        enableACME = true;
+        forceSSL = true;
+        serverAliases = domains;
+        extraConfig = ''
+          index index.php;
+          root /srv/http/${domain}/;
+          access_log /tmp/nginx_acc.log;
+          error_log /tmp/nginx_err.log;
+          error_page 404 /404.html;
+          error_page 500 502 503 504 /50x.html;
+          client_max_body_size 100m;
+        '';
+        locations."/".extraConfig = ''
+          try_files $uri $uri/ /index.php?$args;
+        '';
+        locations."~ \.php(?:$|/)".extraConfig =  ''
+          fastcgi_split_path_info ^(.+\.php)(/.+)$;
+          include ${pkgs.nginx}/conf/fastcgi_params;
+          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+          fastcgi_param PATH_INFO $fastcgi_path_info;
+          fastcgi_param HTTPS on;
+          fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
+          fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
+          fastcgi_intercept_errors on;
+        '';
+        #Directives to send expires headers and turn off 404 error logging.
+        locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
+          access_log off;
+          log_not_found off;
+          expires max;
+        '';
+      };
+      services.phpfpm.poolConfigs."${domain}" = ''
+        listen = /srv/http/${domain}/phpfpm.pool
+        user = nginx
+        group = nginx
+        pm = dynamic
+        pm.max_children = 25
+        pm.start_servers = 5
+        pm.min_spare_servers = 3
+        pm.max_spare_servers = 20
+        listen.owner = nginx
+        listen.group = nginx
+        php_admin_value[error_log] = 'stderr'
+        php_admin_flag[log_errors] = on
+        catch_workers_output = yes
+      '';
+    };
+
 in {
   imports = [
     ./default.nix
     ../git.nix
+    (servephpBB [ "rote-allez-fraktion.de" ])
   ];
 
   security.acme = {
diff --git a/lass/3modules/umts.nix b/lass/3modules/umts.nix
index c93c65ad2..207278440 100644
--- a/lass/3modules/umts.nix
+++ b/lass/3modules/umts.nix
@@ -61,6 +61,7 @@ let
   '';
 
   wvdial-defaults = ''
+    [Dialer Defaults]
     Modem = ${cfg.modem}
     ${cfg.initstrings}
     Modem Type = Analog Modem
@@ -70,6 +71,7 @@ let
     Password = ${cfg.password}
     Stupid Mode = 1
     Idle Seconds = 0
+    PPPD Path = ${pkgs.ppp}/bin/pppd
   '';
 
   imp = {
@@ -77,6 +79,10 @@ let
       umts = "sudo ${umts-bin}/bin/umts";
     };
 
+    environment.systemPackages = [
+      pkgs.ppp
+    ];
+
     security.sudo.extraConfig = ''
       lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts
     '';