Merge remote-tracking branch 'prism/master'

2022-12-06 01:33:28 +01:00 · 2022-12-06 01:33:28 +01:00 · 2f17a36ab5
commit 2f17a36ab5
parent 426d6e2e5c 645c3564f7
7 changed files with 102 additions and 6 deletions
--- a/kartei/kmein/default.nix
+++ b/kartei/kmein/default.nix
@ -138,6 +138,28 @@ in
        wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ=";
      };
    };
    tabula = {
      nets.retiolum = {
        ip4.addr = "10.243.2.78";
        aliases = [ "tabula.r" "tabula.kmein.r" ];
        tinc.pubkey = ''
          -----BEGIN RSA PUBLIC KEY-----
          MIICCgKCAgEA4cdFDoKRA9t+r686w6gH1u4UjEQJBmhsf3tkPEkv7nyVr4ahcZQk
          rQwlhNRJwv0wekwO0qG19VoAmBkVMzYu5JWn9WeYfIEUtP3ndPa7tqWQ4qIkYh8q
          4KQ03Y3CZav5ClK9rLO7gj+dsP+BhVdqhte4pJANs4CyglYkyu6p0P4+R2P0tfcq
          LTl8RB+SXuafqzhoQD+yhhA1HR8O1o9gHJjKiEVrSLwSFfD8WWH55yeWzIYAbuv8
          8a5VzhS5zvDYUFTP1WUPTeGlKsJdslSZqsrZmBDpkh1iEpRzQUnwQNMJ/uGXIldE
          3FKKoL9LKlvr1Iz9IcuxO4QLk+DoC8+Jc7yQrwIiQQCwAfwdyY6KcRDAqna1WZRd
          MFRvPd6y1BmLVJMG43VpWm5POE9Gw5nj5IzSNAFshoNljf246y2+wf8EtULqtrJD
          DMckquiYRnzQPco9PgjLfH/6SnlB/oXhvT4+rB4KceSoFKOLWq1pFogDGDy0xyB0
          ufkPsXiYE2KRnkozDJWlKSqrkM3GSR2lTM5cAmLh8VzxkI6LeJu8/6qxFa6J6tn4
          +kH8yjbcLqjmuUykfOZ2eL4GniaFexDvZcGgLD1I5f1ylEmSuU6boyx83WkCH7NH
          1cmaBDQsy4x0gMUYlLDVDW7X2PECoq5mQ61FHBNkdNOujOM/JPnYf4UCAwEAAQ==
          -----END RSA PUBLIC KEY-----
        '';
        tinc.pubkey_ed25519 = "eZsnMScJdH5k/W3Y5fILnz5Kc01R+dRzjjE/cnu96VF";
      };
    };
    tahina = {
      nets.retiolum = {
        ip4.addr = "10.243.2.74";
--- a/kartei/lass/default.nix
+++ b/kartei/lass/default.nix
@ -59,11 +59,12 @@ in {
      cores = 4;
      extraZones = {
        "krebsco.de" = ''
-          cache     IN A ${nets.internet.ip4.addr}
+          cache     60 IN A ${nets.internet.ip4.addr}
-          p         IN A ${nets.internet.ip4.addr}
+          p         60 IN A ${nets.internet.ip4.addr}
-          c         IN A ${nets.internet.ip4.addr}
+          c         60 IN A ${nets.internet.ip4.addr}
-          paste     IN A ${nets.internet.ip4.addr}
+          paste     60 IN A ${nets.internet.ip4.addr}
-          prism     IN A ${nets.internet.ip4.addr}
+          prism     60 IN A ${nets.internet.ip4.addr}
          social    60 IN A ${nets.internet.ip4.addr}
        '';
        "lassul.us" = ''
          $TTL 3600
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@ -14,6 +14,7 @@
    <stockholm/krebs/2configs/mud.nix>
    <stockholm/krebs/2configs/cal.nix>
    <stockholm/krebs/2configs/mastodon.nix>
    ## shackie irc bot
    <stockholm/krebs/2configs/shack/reaktor.nix>
--- a/krebs/2configs/mastodon-proxy.nix
+++ b/krebs/2configs/mastodon-proxy.nix
@ -0,0 +1,24 @@
 { config, lib, pkgs, ... }:
 {
  services.nginx = {
    enable = true;
    virtualHosts."social.krebsco.de" = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        # TODO use this in 22.11
        # recommendedProxySettings = true;
        proxyPass = "http://hotdog.r";
        proxyWebsockets = true;
        extraConfig = ''
          proxy_set_header        Host $host;
          proxy_set_header        X-Real-IP $remote_addr;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header        X-Forwarded-Proto $scheme;
          proxy_set_header        X-Forwarded-Host $host;
          proxy_set_header        X-Forwarded-Server $host;
        '';
      };
    };
  };
 }
--- a/krebs/2configs/mastodon.nix
+++ b/krebs/2configs/mastodon.nix
@ -0,0 +1,40 @@
 { config, lib, pkgs, ... }:
 {
  services.postgresql = {
    enable = true;
    dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
    package = pkgs.postgresql_11;
  };
  systemd.tmpfiles.rules = [
    "d /var/state/postgresql 0700 postgres postgres -"
  ];
  services.mastodon = {
    enable = true;
    localDomain = "social.krebsco.de";
    configureNginx = true;
    trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr;
    smtp.createLocally = false;
    smtp.fromAddress = "mastodon@social.krebsco.de";
  };
  services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
    forceSSL = lib.mkForce false;
    enableACME = lib.mkForce false;
    locations."@proxy".extraConfig = ''
      proxy_redirect off;
      proxy_pass_header Server;
      proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
    '';
  };
  networking.firewall.allowedTCPPorts = [
    80
  ];
  environment.systemPackages = [
    (pkgs.writers.writeDashBin "tootctl" ''
      sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@"
    '')
  ];
 }
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@ -111,6 +111,7 @@ with import <stockholm/lib>;
    <stockholm/lass/2configs/jitsi.nix>
    <stockholm/lass/2configs/fysiirc.nix>
    <stockholm/lass/2configs/bgt-bot>
    <stockholm/krebs/2configs/mastodon-proxy.nix>
    {
      services.tor = {
        enable = true;
--- a/lass/2configs/xmonad.nix
+++ b/lass/2configs/xmonad.nix
@ -151,7 +151,14 @@ myKeyMap =
    , ("M4-S-q", return ())
-    , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
+    , ("M4-d", floatNext True >> spawn "${pkgs.writers.writeDash "clipmenu" ''
      PATH=${lib.makeBinPath [
        pkgs.coreutils
        pkgs.gawk
        pkgs.dmenu
      ]}
      ${pkgs.clipmenu}/bin/clipmenu
    ''}")
    , ("M4-<F2>", windows copyToAll)