From ef87e5e38876c3122f7b4ac95af8f57008eee777 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:04:10 +0100
Subject: news: don't sync shortened links

---
 krebs/1systems/news/config.nix | 7 -------
 1 file changed, 7 deletions(-)

(limited to 'krebs/1systems')

diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix
index 5c4b37aef..79946dad7 100644
--- a/krebs/1systems/news/config.nix
+++ b/krebs/1systems/news/config.nix
@@ -18,13 +18,6 @@
   boot.isContainer = true;
   networking.useDHCP = false;
   krebs.bindfs = {
-    "/var/lib/htgen-go" = {
-      source = "/var/state/htgen-go";
-      options = [
-        "-m ${toString config.users.users.htgen-go.uid}"
-      ];
-      clearTarget = true;
-    };
     "/var/lib/brockman" = {
       source = "/var/state/brockman";
       options = [
-- 
cgit v1.2.3


From 2ae7cb819e60e13f3184b153fcfba32c3f6bd69f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:11:51 +0100
Subject: puyak.r: add news.r as container

---
 krebs/1systems/puyak/config.nix | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'krebs/1systems')

diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 1e0687ba7..2f122f6ff 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -19,6 +19,12 @@
     <stockholm/krebs/2configs/binary-cache/nixos.nix>
     <stockholm/krebs/2configs/binary-cache/prism.nix>
 
+    ## news host
+
+    <stockholm/krebs/2configs/container-networking.nix>
+    <stockholm/krebs/2configs/syncthing.nix>
+    <stockholm/krebs/2configs/news-host.nix>
+
     ### shackspace ###
     # handle the worlddomination map via coap
     <stockholm/krebs/2configs/shack/worlddomination.nix>
-- 
cgit v1.2.3


From f5a04ffc57a27113b26d20b8600169ba048e8cb0 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:12:08 +0100
Subject: puyak.r: enable firewall

---
 krebs/1systems/puyak/net.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'krebs/1systems')

diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix
index 8dab11e16..c535e51aa 100644
--- a/krebs/1systems/puyak/net.nix
+++ b/krebs/1systems/puyak/net.nix
@@ -8,7 +8,7 @@ in {
     SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="${ext-if}"
   '';
   networking = {
-    firewall.enable = false;
+    firewall.enable = true;
     firewall.allowedTCPPorts = [ 8088 8086 8083 5901 ];
     interfaces."${ext-if}".ipv4.addresses = [
       {
-- 
cgit v1.2.3


From c1bda245e733f191ce98fda5810954f7a784efb6 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:42:24 +0100
Subject: puyak.r: open 80 & 443

---
 krebs/1systems/puyak/net.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'krebs/1systems')

diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix
index c535e51aa..a46a24952 100644
--- a/krebs/1systems/puyak/net.nix
+++ b/krebs/1systems/puyak/net.nix
@@ -9,7 +9,7 @@ in {
   '';
   networking = {
     firewall.enable = true;
-    firewall.allowedTCPPorts = [ 8088 8086 8083 5901 ];
+    firewall.allowedTCPPorts = [ 80 443 8088 8086 8083 5901 ];
     interfaces."${ext-if}".ipv4.addresses = [
       {
         address = shack-ip;
-- 
cgit v1.2.3