2019-04-07 17:35:34 +00:00
|
|
|
with import <stockholm/lib>;
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
|
|
imports = [
|
|
|
|
<stockholm/lass>
|
|
|
|
<stockholm/lass/2configs>
|
|
|
|
<stockholm/lass/2configs/retiolum.nix>
|
|
|
|
<stockholm/lass/2configs/exim-retiolum.nix>
|
|
|
|
<stockholm/lass/2configs/mail.nix>
|
|
|
|
|
|
|
|
<stockholm/lass/2configs/syncthing.nix>
|
2021-01-23 17:09:13 +00:00
|
|
|
<stockholm/lass/2configs/sync/sync.nix>
|
2019-04-17 18:00:06 +00:00
|
|
|
<stockholm/lass/2configs/sync/decsync.nix>
|
2021-01-23 17:09:13 +00:00
|
|
|
|
2022-11-15 13:18:11 +00:00
|
|
|
<stockholm/lass/2configs/weechat.nix>
|
2021-01-23 17:09:13 +00:00
|
|
|
<stockholm/lass/2configs/bitlbee.nix>
|
2022-11-15 13:18:11 +00:00
|
|
|
|
2021-01-23 17:09:13 +00:00
|
|
|
<stockholm/lass/2configs/pass.nix>
|
2021-10-25 17:52:54 +00:00
|
|
|
|
|
|
|
<stockholm/lass/2configs/git-brain.nix>
|
2022-11-15 13:18:11 +00:00
|
|
|
<stockholm/lass/2configs/et-server.nix>
|
|
|
|
<stockholm/lass/2configs/consul.nix>
|
2022-11-21 22:51:05 +00:00
|
|
|
|
|
|
|
<stockholm/lass/2configs/atuin-server.nix>
|
2019-04-07 17:35:34 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
krebs.build.host = config.krebs.hosts.green;
|
|
|
|
|
2023-01-30 19:53:24 +00:00
|
|
|
krebs.sync-containers3.inContainer = {
|
2022-11-15 13:18:11 +00:00
|
|
|
enable = true;
|
|
|
|
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlUMf943qEQG64ob81p6dgoHq4jUjq7tSvmSdEOEU2y";
|
2021-01-23 17:09:13 +00:00
|
|
|
};
|
2019-04-07 17:35:34 +00:00
|
|
|
|
2022-11-15 13:18:11 +00:00
|
|
|
systemd.tmpfiles.rules = [
|
2022-11-21 22:51:05 +00:00
|
|
|
"d /home/lass/.local/share 0700 lass users -"
|
|
|
|
"d /home/lass/.local 0700 lass users -"
|
2023-02-06 11:51:57 +00:00
|
|
|
"d /home/lass/.config 0700 lass users -"
|
2022-11-21 22:51:05 +00:00
|
|
|
|
2022-11-15 13:18:11 +00:00
|
|
|
"d /var/state/lass_mail 0700 lass users -"
|
|
|
|
"L+ /home/lass/Maildir - - - - ../../var/state/lass_mail"
|
2021-01-23 17:09:13 +00:00
|
|
|
|
2022-11-15 13:18:11 +00:00
|
|
|
"d /var/state/lass_ssh 0700 lass users -"
|
|
|
|
"L+ /home/lass/.ssh - - - - ../../var/state/lass_ssh"
|
|
|
|
"d /var/state/lass_gpg 0700 lass users -"
|
|
|
|
"L+ /home/lass/.gnupg - - - - ../../var/state/lass_gpg"
|
|
|
|
"d /var/state/lass_sync 0700 lass users -"
|
|
|
|
"L+ /home/lass/sync - - - - ../../var/state/lass_sync"
|
|
|
|
|
|
|
|
"d /var/state/git 0700 git nogroup -"
|
|
|
|
"L+ /var/lib/git - - - - ../../var/state/git"
|
|
|
|
];
|
|
|
|
|
|
|
|
users.users.mainUser.openssh.authorizedKeys.keys = [
|
|
|
|
config.krebs.users.lass-android.pubkey
|
|
|
|
config.krebs.users.lass-tablet.pubkey
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKgpZwye6yavIs3gUIYvSi70spDa0apL2yHR0ASW74z8" # weechat ssh tunnel
|
|
|
|
];
|
2021-01-23 17:09:13 +00:00
|
|
|
|
|
|
|
krebs.iptables.tables.nat.PREROUTING.rules = [
|
2022-12-30 20:34:05 +00:00
|
|
|
{ predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; }
|
2021-01-23 17:09:13 +00:00
|
|
|
];
|
2021-12-25 19:07:25 +00:00
|
|
|
|
|
|
|
# workaround for ssh access from yubikey via android
|
|
|
|
services.openssh.extraConfig = ''
|
|
|
|
HostKeyAlgorithms +ssh-rsa
|
|
|
|
PubkeyAcceptedAlgorithms +ssh-rsa
|
|
|
|
'';
|
2022-11-15 13:18:11 +00:00
|
|
|
|
|
|
|
services.dovecot2 = {
|
|
|
|
enable = true;
|
|
|
|
mailLocation = "maildir:~/Maildir";
|
|
|
|
};
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 143 ];
|
2019-04-07 17:35:34 +00:00
|
|
|
}
|