stockholm/lass/1systems/archprism/config.nix

55 lines
1.9 KiB
Nix
Raw Normal View History

2018-11-04 17:26:04 +00:00
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/libvirt.nix>
{ # TODO make new hfos.nix out of this vv
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = {
2018-12-03 16:39:53 +00:00
uid = genid_uint31 "riot";
2018-11-04 17:26:04 +00:00
isNormalUser = true;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
];
};
# TODO write function for proxy_pass (ssl/nonssl)
krebs.iptables.tables.filter.FORWARD.rules = [
2018-11-10 17:49:05 +00:00
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.179"; target = "ACCEPT"; }
2018-11-04 17:26:04 +00:00
];
krebs.iptables.tables.nat.PREROUTING.rules = [
2018-11-10 17:49:05 +00:00
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; }
2018-11-04 17:26:04 +00:00
];
}
<stockholm/lass/2configs/container-networking.nix>
{
services.taskserver = {
enable = true;
fqdn = "lassul.us";
listenHost = "::";
listenPort = 53589;
organisations.lass.users = [ "lass" "android" ];
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
];
}
{
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
];
}
];
krebs.build.host = config.krebs.hosts.archprism;
services.earlyoom = {
enable = true;
freeMemThreshold = 5;
};
}