Merge remote-tracking branch 'prism/master'

krebs/1systems/hotdog/config.nix

@@ -13,7 +13,6 @@
     <stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
     <stockholm/krebs/2configs/binary-cache/nixos.nix>
     <stockholm/krebs/2configs/ircd.nix>
-    <stockholm/krebs/2configs/reaktor-krebs.nix>
     <stockholm/krebs/2configs/reaktor-retiolum.nix>
   ];
 

krebs/1systems/wolf/config.nix

@@ -26,9 +26,13 @@ in
     <stockholm/krebs/2configs/shack/share.nix>
     {
       systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate
-      #systemd.services.telegraf.environment = {
+      systemd.services.telegraf.environment = {
-      #  "MIBDIRS" : ""; # extra mibs like ADSL
+        MIBDIRS = pkgs.fetchgit {
-      #};
+          url = "http://git.shackspace.de/makefu/modem-mibs.git";
+          sha256 =
+          "1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k";
+        }; # extra mibs like ADSL
+      };
       services.telegraf = {
         enable = true;
         extraConfig = {

krebs/3modules/lass/default.nix

@@ -132,38 +132,6 @@ with import <stockholm/lib>;
       ssh.privkey.path = <secrets/ssh.id_ed25519>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
     };
-    archprism = rec {
-      cores = 4;
-      nets = rec {
-        retiolum = {
-          via = internet;
-          ip4.addr = "10.243.0.104";
-          ip6.addr = "42::fa17";
-          aliases = [
-            "archprism.r"
-          ];
-          tinc.pubkey = ''
-            -----BEGIN RSA PUBLIC KEY-----
-            MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
-            kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
-            JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
-            AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
-            jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
-            anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
-            -----END RSA PUBLIC KEY-----
-          '';
-        };
-        internet = {
-          ip4.addr = "213.239.205.240";
-          aliases = [
-            "archprism.i"
-          ];
-          ssh.port = 45621;
-        };
-      };
-      ssh.privkey.path = <secrets/ssh.id_rsa>;
-      ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
-    };
     domsen-nas = {
       ci = false;
       external = true;
@@ -374,6 +342,47 @@ with import <stockholm/lib>;
       ssh.privkey.path = <secrets/ssh.id_ed25519>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqpx9jJnn4QMGO8BOrGOLRN1rgpIkR14sQb8S+otWEL";
     };
+    littleT = {
+      cores = 2;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.133.77";
+          ip6.addr = "42:0:0:0:0:0:717:7137";
+          aliases = [
+            "littleT.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF
+            /m2ZWpKDZyKx17GXQwm8n0NgyvcemvoCVGqSHIsbxvLB6aBF6ZLkeKyx1mZioEDY
+            1MWR+yr42dFn+6uVTxJhLPmOxgX0D3pWe31UycoAMSWf4eAhmFIEFUvQCAW43arO
+            ni1TFSsaHOCxOaLVd/r7tSO0aT72WbOat84zWccwBZXvpqt/V6/o1MGB28JwZ92G
+            sBMjsCsoiciSg9aAzMCdjOYdM+RSwHEHI9xMineJgZFAbQqwTvK9axyvleJvgaWR
+            M9906r/17tlqJ/hZ0IwA6X+OT4w/JNGruy/5phxHvZmDgvXmYD9hf2a6JmjOMPp/
+            Zn6zYCDYgSYugwJ7GI39GG7f+3Xpmre87O6g6WSaMWCfdOaAeYnj+glP5+YvTLpT
+            +cdN9HweV27wShRozJAqTGZbD0Nfs+EXd0J/q6kP43lwv6wyZdmXCShPF2NzBlEY
+            xdtWKhRYKC1cs0Z2nK+XGEyznNzp1f8NC5qvTguj4kDMhoOd6WXwk460HF49Tf/c
+            aGQTGzgEVMAI7phTJubEmxdBooedvPFamS5wpHTmOt9dZ3qbpCgThaMblVvUu/lm
+            7pkPgc60Y2RAk/Rvyy5A8AaxBXPRBNwVkM5TY/5TW+S1zY09600ZCC2GE27qGT9v
+            k4GHabO42n3wTHk+APodzKDBbEazhOp5Oclg4nNKqgg+IrmheB91oEqBXlfyDj8B
+            idVoUvbH9WPwBqdh7hoqzrHDur5wCFBphrkjEe98o5iFFFi2C8W04H7iqe+nFqvJ
+            y/vzKk5kbfpjov71EEje+hNUCLTWF7sjgT4Z2z8LuqjpIq+d2i5dASfTqj4VBs6D
+            SeiHyyAfCHG/03I9E5eizCCd98Tr30yhu3IKsdFFXsVwxHVFenq2Y1ca7uypCk+i
+            mDC5q5WQFEK/8SSO25i1teWBawfNVVVI/A1b676VJyafS9ebJs8TmXYRbE6rcBzH
+            PssdHNwbtEwhbGdQhgQ2pqQg1SIZM3zvjcpgzL9QP29tulubJ05keaw/4p/Yg/mB
+            ivF8EAIefXYYVxYkRQsHox7UQpSCzjOtj7gvc0KdJxshSLuryM0LxP+gk+x6JPX5
+            Ht8x+oE7iL0cqBsIenc/e0XdTZ+4zrBY5hWbGH8a8VJqEYs54WRJhzQf1jzNaCbS
+            8328MpRF5lXujv61aveg0i4pvczznlSV7wXmmwNAdhvSUTh34tCpRqabpCJdlRBt
+            NvVuij6guPKt4XV1TxXNsPCfib1vYjvwX8gUE4UhL69VmM8OBaC3XdroMfNvz9YW
+            5ObxDGIEiP53Jp8hiWId0AI/XF5Ct3Gh2wIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+      secure = true;
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
+    };
     iso = {
       ci = false;
       cores = 1;
@@ -555,10 +564,6 @@ with import <stockholm/lib>;
     fritz = {
       pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
     };
-    archprism-repo-sync = {
-      pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C";
-      mail = "lass@prism.r";
-    };
     prism-repo-sync = {
       pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe";
       mail = "lass@prism.r";

krebs/3modules/makefu/default.nix

@@ -5,7 +5,7 @@ with import <stockholm/lib>;
 {
   hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
     cake = rec {
-      cores = 1;
+      cores = 4;
       ci = false;
       nets = {
         retiolum = {
@@ -545,8 +545,8 @@ with import <stockholm/lib>;
       };
       nets = rec {
         internet = {
-          ip4.addr = "188.68.40.19";
+          ip4.addr = "185.194.143.140";
-          ip6.addr = "2a03:4000:17:2df::1";
+          ip6.addr = "2a03:4000:1c:43f::1";
           aliases = [
             "gum.i"
           ];

krebs/3modules/rtorrent.nix

@@ -38,12 +38,12 @@ let
     ${optionalString (cfg.enableXMLRPC ) ''
       # prepare socket and set permissions. rtorrent user is part of group nginx
       # TODO: configure a shared torrent group
-      execute_nothrow = rm,${cfg.xmlrpc-socket}
+      execute.nothrow = rm,${cfg.xmlrpc-socket}
       scgi_local = ${cfg.xmlrpc-socket}
       schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"ug+w,o=\",${cfg.xmlrpc-socket}"
     ''}
 
-    system.file_allocate.set = ${if cfg.preAllocate then "yes" else "no"}
+    system.file.allocate.set = ${if cfg.preAllocate then "yes" else "no"}
 
     # Prepare systemd logging
     log.open_file = "rtorrent-systemd", ${systemd-logfile}

krebs/5pkgs/simple/internetarchive/default.nix

@@ -0,0 +1,38 @@
+{ pkgs, fetchFromGitHub, ... }:
+with pkgs.python3Packages;
+buildPythonPackage rec {
+  pname = "internetarchive";
+  version = "1.7.3";
+  name = "${pname}-${version}";
+  propagatedBuildInputs = [
+    requests
+      jsonpatch
+      docopt
+      clint
+      six
+      schema
+      backports_csv
+  ];
+
+# check only works when cloned from git repo
+  doCheck = false;
+  checkInputs = [
+    pytest
+      responses
+  ];
+
+  prePatch = ''
+    sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py
+    '';
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g";
+  };
+
+  meta = with stdenv.lib; {
+    description = "python library and cli for uploading files to internet archive";
+    license = licenses.agpl3;
+  };
+
+}

krebs/5pkgs/simple/slog/default.nix

@@ -0,0 +1,26 @@
+{ pkgs, stdenv, fetchFromGitHub }:
+
+## use with:
+# . $(command -v slog.sh)
+stdenv.mkDerivation rec {
+  name = "slog-${version}";
+  version = "2017-10-27";
+
+  src = fetchFromGitHub {
+    owner = "makefu";
+    repo = "slog";
+    rev = "50367c3";
+    sha256 = "16wlh8xz430101lrxmgl2wangbbhvyj4pg8k5aibnh76sgj6x77r";
+  };
+
+  installPhase = ''
+    mkdir -p $out/bin
+    install -m755 slog.sh $out/bin
+  '';
+
+  meta = with stdenv.lib; {
+    description = "POSIX shell logging";
+    license = licenses.mit;
+  };
+
+}

krebs/source.nix

@@ -14,6 +14,6 @@ in
     stockholm.file = toString <stockholm>;
     nixpkgs.git = {
       url = https://github.com/NixOS/nixpkgs;
-      ref = "07ca7b64d2ff2fa7a79e4eab1aba70ff746fed8c"; # nixos-17.09 @ 2017-10-02
+      ref = "0c5a587eeba5302ff87e494baefd2f14f4e19bee"; # nixos-17.09 @ 2017-11-10
     };
   }

lass/1systems/archprism/config.nix

@@ -1,328 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-let
-  ip = config.krebs.build.host.nets.internet.ip4.addr;
-
-in {
-  imports = [
-    <stockholm/lass>
-    {
-      networking.interfaces.et0.ip4 = [
-        {
-          address = ip;
-          prefixLength = 24;
-        }
-      ];
-      networking.defaultGateway = "213.239.205.225";
-      networking.nameservers = [
-        "8.8.8.8"
-      ];
-      services.udev.extraRules = ''
-        SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
-      '';
-    }
-    <stockholm/lass/2configs/retiolum.nix>
-    <stockholm/lass/2configs/exim-smarthost.nix>
-    #<stockholm/lass/2configs/downloading.nix>
-    <stockholm/lass/2configs/ts3.nix>
-    <stockholm/lass/2configs/bitlbee.nix>
-    <stockholm/lass/2configs/weechat.nix>
-    <stockholm/lass/2configs/privoxy-retiolum.nix>
-    <stockholm/lass/2configs/radio.nix>
-    <stockholm/lass/2configs/repo-sync.nix>
-    <stockholm/lass/2configs/binary-cache/server.nix>
-    <stockholm/lass/2configs/iodined.nix>
-    <stockholm/lass/2configs/libvirt.nix>
-    <stockholm/lass/2configs/hfos.nix>
-    <stockholm/lass/2configs/monitoring/server.nix>
-    <stockholm/lass/2configs/monitoring/monit-alarms.nix>
-    <stockholm/lass/2configs/paste.nix>
-    <stockholm/lass/2configs/syncthing.nix>
-    #<stockholm/lass/2configs/reaktor-coders.nix>
-    <stockholm/lass/2configs/ciko.nix>
-    <stockholm/lass/2configs/container-networking.nix>
-    #<stockholm/lass/2configs/reaktor-krebs.nix>
-    #{
-    #  lass.pyload.enable = true;
-    #}
-    {
-      imports = [
-        <stockholm/lass/2configs/bepasty.nix>
-      ];
-      krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
-        if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
-          return 403;
-        }
-      '';
-    }
-    {
-      users.extraGroups = {
-        # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
-        #    Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
-        #    Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
-        #      Docs: man:tmpfiles.d(5)
-        #            man:systemd-tmpfiles(8)
-        #   Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
-        #  Main PID: 19272 (code=exited, status=1/FAILURE)
-        #
-        # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
-        # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
-        # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
-        # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
-        # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
-        # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
-        # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
-        # warning: error(s) occured while switching to the new configuration
-        lock.gid = 10001;
-      };
-    }
-    {
-      boot.loader.grub = {
-        devices = [
-          "/dev/sda"
-          "/dev/sdb"
-        ];
-        splashImage = null;
-      };
-
-      boot.initrd.availableKernelModules = [
-        "ata_piix"
-        "vmw_pvscsi"
-      ];
-
-      fileSystems."/" = {
-        device = "/dev/pool/nix";
-        fsType = "ext4";
-      };
-
-      fileSystems."/boot" = {
-        device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36";
-      };
-
-      fileSystems."/var/download" = {
-        device = "/dev/pool/download";
-      };
-
-      fileSystems."/srv/http" = {
-        device = "/dev/pool/http";
-      };
-
-      fileSystems."/srv/o.ubikmedia.de-data" = {
-        device = "/dev/pool/owncloud-ubik-data";
-      };
-
-      fileSystems."/bku" = {
-        device = "/dev/pool/bku";
-      };
-
-      fileSystems."/tmp" = {
-        device = "tmpfs";
-        fsType = "tmpfs";
-        options = ["nosuid" "nodev" "noatime"];
-      };
-
-    }
-    {
-      sound.enable = false;
-    }
-    {
-      nixpkgs.config.allowUnfree = true;
-    }
-    {
-      #stuff for juhulian
-      users.extraUsers.juhulian = {
-        name = "juhulian";
-        uid = 1339;
-        home = "/home/juhulian";
-        group = "users";
-        createHome = true;
-        useDefaultShell = true;
-        extraGroups = [
-        ];
-        openssh.authorizedKeys.keys = [
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
-        ];
-      };
-      krebs.iptables.tables.filter.INPUT.rules = [
-        { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
-      ];
-    }
-    {
-      environment.systemPackages = [
-        pkgs.perlPackages.Plack
-      ];
-      krebs.iptables.tables.filter.INPUT.rules = [
-        { predicate = "-p tcp --dport 8080"; target = "ACCEPT";}
-      ];
-    }
-    {
-      time.timeZone = "Europe/Berlin";
-    }
-    {
-      imports = [
-        <stockholm/lass/2configs/websites/domsen.nix>
-        <stockholm/lass/2configs/websites/lassulus.nix>
-      ];
-      krebs.iptables.tables.filter.INPUT.rules = [
-         { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
-         { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
-      ];
-    }
-    {
-      services.tor = {
-        enable = true;
-      };
-    }
-    {
-      lass.ejabberd = {
-        enable = true;
-        hosts = [ "lassul.us" ];
-      };
-      krebs.iptables.tables.filter.INPUT.rules = [
-        { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
-        { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
-      ];
-    }
-    {
-      imports = [
-        <stockholm/lass/2configs/realwallpaper.nix>
-      ];
-      services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
-        alias /var/realwallpaper/realwallpaper.png;
-      '';
-    }
-    {
-      environment.systemPackages = with pkgs; [
-        mk_sql_pair
-      ];
-    }
-    {
-      users.users.tv = {
-        uid = genid "tv";
-        inherit (config.krebs.users.tv) home;
-        group = "users";
-        createHome = true;
-        useDefaultShell = true;
-        openssh.authorizedKeys.keys = [
-          config.krebs.users.tv.pubkey
-        ];
-      };
-      users.users.makefu = {
-        uid = genid "makefu";
-        isNormalUser = true;
-        openssh.authorizedKeys.keys = [
-          config.krebs.users.makefu.pubkey
-        ];
-      };
-      users.users.nin = {
-        uid = genid "nin";
-        inherit (config.krebs.users.nin) home;
-        group = "users";
-        createHome = true;
-        useDefaultShell = true;
-        openssh.authorizedKeys.keys = [
-          config.krebs.users.nin.pubkey
-        ];
-        extraGroups = [
-          "libvirtd"
-        ];
-      };
-    }
-    {
-      krebs.repo-sync.timerConfig = {
-        OnBootSec = "15min";
-        OnUnitInactiveSec = "90min";
-        RandomizedDelaySec = "30min";
-      };
-      krebs.repo-sync.repos.stockholm.timerConfig = {
-        OnBootSec = "5min";
-        OnUnitInactiveSec = "2min";
-        RandomizedDelaySec = "2min";
-      };
-    }
-    {
-      lass.usershadow = {
-        enable = true;
-      };
-    }
-    #{
-    #  krebs.Reaktor.prism = {
-    #    nickname = "Reaktor|lass";
-    #    channels = [ "#retiolum" ];
-    #    extraEnviron = {
-    #      REAKTOR_HOST = "ni.r";
-    #    };
-    #    plugins = with pkgs.ReaktorPlugins; [
-    #      sed-plugin
-    #    ];
-    #  };
-    #}
-    {
-      #stuff for dritter
-      users.extraUsers.dritter = {
-        name = "dritter";
-        uid = genid "dritter";
-        home = "/home/dritter";
-        group = "users";
-        createHome = true;
-        useDefaultShell = true;
-        extraGroups = [
-          "download"
-        ];
-        openssh.authorizedKeys.keys = [
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
-        ];
-      };
-    }
-    {
-      #hotdog
-      containers.hotdog = {
-        config = { ... }: {
-          services.openssh.enable = true;
-          users.users.root.openssh.authorizedKeys.keys = [
-            config.krebs.users.lass.pubkey
-          ];
-        };
-        enableTun = true;
-        privateNetwork = true;
-        hostAddress = "10.233.2.1";
-        localAddress = "10.233.2.2";
-      };
-    }
-    {
-      #kaepsele
-      containers.kaepsele = {
-        config = { ... }: {
-          services.openssh.enable = true;
-          users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
-            lass.pubkey
-            tv.pubkey
-          ];
-        };
-        enableTun = true;
-        privateNetwork = true;
-        hostAddress = "10.233.2.3";
-        localAddress = "10.233.2.4";
-      };
-    }
-    {
-      #onondaga
-      containers.onondaga = {
-        config = { ... }: {
-          services.openssh.enable = true;
-          users.users.root.openssh.authorizedKeys.keys = [
-            config.krebs.users.lass.pubkey
-            config.krebs.users.nin.pubkey
-          ];
-        };
-        enableTun = true;
-        privateNetwork = true;
-        hostAddress = "10.233.2.4";
-        localAddress = "10.233.2.5";
-      };
-    }
-  ];
-
-  krebs.build.host = config.krebs.hosts.archprism;
-}

lass/1systems/daedalus/config.nix

@@ -37,6 +37,9 @@ with import <stockholm/lib>;
         networkmanagerapplet
         libreoffice
         audacity
+        zathura
+        skype
+        wine
       ];
       services.xserver.enable = true;
       services.xserver.displayManager.lightdm.enable = true;
@@ -52,8 +55,10 @@ with import <stockholm/lib>;
           name = "bitcoin";
           description = "user for bitcoin stuff";
           home = "/home/bitcoin";
+          isNormalUser = true;
           useDefaultShell = true;
           createHome = true;
+          extraGroups = [ "audio" ];
         };
       };
       security.sudo.extraConfig = ''

lass/1systems/helios/config.nix

@@ -10,8 +10,10 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/pass.nix>
     <stockholm/lass/2configs/retiolum.nix>
     <stockholm/lass/2configs/otp-ssh.nix>
-    <stockholm/lass/2configs/git.nix>
+    # TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined
+    #<stockholm/lass/2configs/git.nix>
     <stockholm/lass/2configs/dcso-vpn.nix>
+    <stockholm/lass/2configs/virtualbox.nix>
     { # automatic hardware detection
       boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
       boot.kernelModules = [ "kvm-intel" ];
@@ -68,6 +70,16 @@ with import <stockholm/lib>;
       repo = [ config.krebs.git.repos.stockholm ];
       perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ];
     }
+    {
+      lass.umts = {
+        enable = true;
+        modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09";
+        initstrings = ''
+          Init1 = AT+CFUN=1
+          Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
+        '';
+      };
+    }
   ];
 
   # Use the systemd-boot EFI boot loader.
@@ -100,11 +112,18 @@ with import <stockholm/lib>;
 
   services.xserver.videoDrivers = [ "nvidia" ];
   services.xserver.xrandrHeads = [
-    { output = "DP-0.8"; }
-    { output = "DP-4"; monitorConfig = ''Option "Rotate" "right"''; }
     { output = "DP-2"; primary = true; }
+    { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
+    { output = "DP-0"; }
   ];
 
+  services.xserver.displayManager.sessionCommands = ''
+    ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
+    ${pkgs.systemd}/bin/systemctl start xresources.service
+  '';
+
+  networking.hostName = lib.mkForce "BLN02NB0162";
+
   security.pki.certificateFiles = [
    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
@@ -117,4 +136,10 @@ with import <stockholm/lib>;
   ];
 
   lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
+
+  programs.adb.enable = true;
+  users.users.mainUser.extraGroups = [ "adbusers" ];
+
+  services.printing.drivers = [ pkgs.postscript-lexmark ];
+
 }

lass/1systems/littleT/config.nix

@@ -0,0 +1,84 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    <stockholm/lass>
+    <stockholm/lass/2configs/hw/x220.nix>
+    <stockholm/lass/2configs/boot/stock-x220.nix>
+
+    <stockholm/lass/2configs/retiolum.nix>
+    <stockholm/lass/2configs/backups.nix>
+    <stockholm/lass/2configs/steam.nix>
+    {
+      users.users.blacky = {
+        uid = genid "blacky";
+        home = "/home/blacky";
+        group = "users";
+        createHome = true;
+        extraGroups = [
+          "audio"
+          "networkmanager"
+          "video"
+        ];
+        useDefaultShell = true;
+      };
+      networking.networkmanager.enable = true;
+      networking.wireless.enable = mkForce false;
+      hardware.pulseaudio = {
+        enable = true;
+        systemWide = true;
+      };
+      environment.systemPackages = with pkgs; [
+        pavucontrol
+        chromium
+        hexchat
+        networkmanagerapplet
+        vlc
+      ];
+      services.xserver.enable = true;
+      services.xserver.displayManager.lightdm.enable = true;
+      services.xserver.desktopManager.plasma5.enable = true;
+      services.xserver.layout = "de";
+      users.mutableUsers = mkForce true;
+      services.xserver.synaptics.enable = true;
+    }
+    {
+      #remote control
+      environment.systemPackages = with pkgs; [
+        x11vnc
+      ];
+      krebs.iptables.tables.filter.INPUT.rules = [
+        { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }
+      ];
+    }
+  ];
+
+  time.timeZone = "Europe/Berlin";
+
+  hardware.trackpoint = {
+    enable = true;
+    sensitivity = 220;
+    speed = 0;
+    emulateWheel = true;
+  };
+
+  services.logind.extraConfig = ''
+    HandleLidSwitch=ignore
+  '';
+
+  krebs.build.host = config.krebs.hosts.littleT;
+
+  #fileSystems = {
+  #  "/bku" = {
+  #    device = "/dev/mapper/pool-bku";
+  #    fsType = "btrfs";
+  #    options = ["defaults" "noatime" "ssd" "compress=lzo"];
+  #  };
+  #};
+
+  #services.udev.extraRules = ''
+  #  SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
+  #  SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
+  #'';
+}

lass/1systems/littleT/source.nix

@@ -1,3 +1,4 @@
 import <stockholm/lass/source.nix> {
-  name = "archprism";
+  name = "littleT";
+  secure = true;
 }

lass/1systems/mors/config.nix

@@ -29,7 +29,7 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/syncthing.nix>
     <stockholm/lass/2configs/otp-ssh.nix>
     <stockholm/lass/2configs/c-base.nix>
-    <stockholm/tv/2configs/br.nix>
+    <stockholm/lass/2configs/br.nix>
     {
       #risk of rain port
       krebs.iptables.tables.filter.INPUT.rules = [
@@ -135,6 +135,8 @@ with import <stockholm/lib>;
 
     macchanger
     dpass
+
+    dnsutils
   ];
 
   #TODO: fix this shit
@@ -192,4 +194,8 @@ with import <stockholm/lib>;
       exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate'
     '';
   };
+
+  #nix.package = pkgs.nixUnstable;
+  programs.adb.enable = true;
+  users.users.mainUser.extraGroups = [ "adbusers" ];
 }

lass/1systems/prism/config.nix

@@ -67,6 +67,11 @@ in {
         fsType = "ext4";
       };
 
+      fileSystems."/bku" = {
+        device = "/dev/pool/bku";
+        fsType = "ext4";
+      };
+
       swapDevices = [
         { label = "swap1"; }
         { label = "swap2"; }
@@ -220,8 +225,8 @@ in {
         };
         enableTun = true;
         privateNetwork = true;
-        hostAddress = "10.233.2.4";
+        hostAddress = "10.233.2.5";
-        localAddress = "10.233.2.5";
+        localAddress = "10.233.2.6";
       };
     }
     <stockholm/lass/2configs/exim-smarthost.nix>
@@ -280,6 +285,7 @@ in {
         { predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
       ];
     }
+    <stockholm/krebs/2configs/reaktor-krebs.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.prism;

lass/2configs/audit.nix

@@ -1,9 +0,0 @@
-{ ... }:
-
-{
-  security.audit = {
-    rules = [
-      "-a task,never"
-    ];
-  };
-}

lass/2configs/baseX.nix

@@ -74,21 +74,20 @@ in {
     pavucontrol
     powertop
     push
+    rxvt_unicode
+    screengrab
     slock
     sxiv
+    termite
     xclip
     xorg.xbacklight
     xorg.xhost
     xsel
+    youtube-tools
+    yt-next
     zathura
 
-    mpv-poll
+    cabal2nix
-    yt-next
-
-    youtube-tools
-
-    rxvt_unicode
-    termite
   ];
 
   fonts.fonts = with pkgs; [

lass/2configs/default.nix

@@ -2,7 +2,6 @@
 with import <stockholm/lib>;
 {
   imports = [
-    ../2configs/audit.nix
     ../2configs/binary-cache/client.nix
     ../2configs/gc.nix
     ../2configs/mc.nix

lass/2configs/exim-smarthost.nix

@@ -46,6 +46,8 @@ with import <stockholm/lib>;
       { from = "apple@lassul.us"; to = lass.mail; }
       { from = "coinbase@lassul.us"; to = lass.mail; }
       { from = "tomtop@lassul.us"; to = lass.mail; }
+      { from = "aliexpress@lassul.us"; to = lass.mail; }
+      { from = "business@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }

lass/2configs/mail.nix

@@ -76,6 +76,7 @@ let
         "INBOX"     "notmuch://?query=tag:inbox \
                      and NOT to:nix-devel\
                      and NOT to:shackspace\
+                     and NOT to:security\
                      and NOT to:c-base" \
         "shack"     "notmuch://?query=to:shackspace"\
         "c-base"    "notmuch://?query=to:c-base"\

lass/2configs/vim.nix

@@ -98,8 +98,13 @@ let
     noremap <esc>[c <nop> | noremap! <esc>[c <nop>
     noremap <esc>[d <nop> | noremap! <esc>[d <nop>
 
+    " search with ack
     let g:ackprg = 'ag --vimgrep'
     cnoreabbrev Ack Ack!
+
+    " copy/paste from/to xclipboard
+    noremap x "_x
+    set clipboard=unnamedplus
   '';
 
   extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [

lass/2configs/websites/lassulus.nix

@@ -147,12 +147,29 @@ in {
     in ''
       alias ${initscript};
     '';
+    locations."/pub".extraConfig = ''
+      alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
+    '';
   };
 
+  security.acme.certs."cgit.lassul.us" = {
+    email = "lassulus@gmail.com";
+    webroot = "/var/lib/acme/acme-challenges";
+    plugins = [
+      "account_key.json"
+      "key.pem"
+      "fullchain.pem"
+    ];
+    group = "nginx";
+    allowKeysForGroup = true;
+  };
+
+
   services.nginx.virtualHosts.cgit = {
     serverName = "cgit.lassul.us";
     addSSL = true;
-    enableACME = true;
+    sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
+    sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
   };
 
   users.users.blog = {

lass/5pkgs/default.nix

@@ -20,5 +20,7 @@
     xml2json = pkgs.callPackage ./xml2json/default.nix {};
     xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; };
     yt-next = pkgs.callPackage ./yt-next/default.nix {};
+
+    screengrab = pkgs.writeDashBin "screengrab" "${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -s 1024x768 -i :0.0 -c:v huffyuv $1";
   };
 }

lass/5pkgs/xmonad-lass.nix

@@ -25,7 +25,6 @@ import Data.List (isInfixOf)
 import System.Environment (getArgs, withArgs)
 import System.IO (hPutStrLn, stderr)
 import System.Posix.Process (executeFile)
-import Text.Read (readEither)
 import XMonad.Actions.CopyWindow (copy, kill1)
 import XMonad.Actions.CycleWS (toggleWS)
 import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)

lass/source.nix

@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
         url = https://github.com/nixos/nixpkgs;
-        ref = "6a0a00d";
+        ref = "7f6f0c4";
       };
       secrets.file = getAttr builder {
         buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

makefu/1systems/darth/config.nix

@@ -2,6 +2,8 @@
 
 with import <stockholm/lib>;
 let
+  # all the good stuff resides in /data
+
   byid = dev: "/dev/disk/by-id/" + dev;
   rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN";
   bootPart = rootDisk + "-part1";
@@ -21,44 +23,23 @@ in {
       <stockholm/makefu/2configs/tinc/retiolum.nix>
       <stockholm/makefu/2configs/tools/core.nix>
       <stockholm/makefu/2configs/stats/client.nix>
-      <stockholm/makefu/2configs/nsupdate-data.nix>
+      # <stockholm/makefu/2configs/nsupdate-data.nix>
 
-      # SIEM
-      #<stockholm/makefu/2configs/tinc/siem.nix>
-      # {services.tinc.networks.siem = {
-      #     name = "sdarth";
-      #     extraConfig = "ConnectTo = sjump";
-      #   };
-      # }
-
-      # {
-      #   makefu.forward-journal = {
-      #     enable = true;
-      #     src = "10.8.10.2";
-      #     dst = "10.8.10.6";
-      #   };
-      # }
-
-      ## Sharing
-      # <stockholm/makefu/2configs/share/temp-share-samba.nix>
-      #{
-      #  services.samba.shares = {
-      #      isos = {
-      #        path = "/data/isos/";
-      #        "read only" = "yes";
-      #        browseable = "yes";
-      #        "guest ok" = "yes";
-      #      };
-      #  };
-      #}
       <stockholm/makefu/2configs/share/anon-ftp.nix>
+
+      # lan party
+      <stockholm/makefu/2configs/lanparty/lancache.nix>
+      <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
+      <stockholm/makefu/2configs/lanparty/samba.nix>
+      <stockholm/makefu/2configs/lanparty/mumble-server.nix>
+      <stockholm/makefu/2configs/virtualisation/libvirt.nix>
   ];
 
 
 
   #networking.firewall.enable = false;
   makefu.server.primary-itf = "enp0s25";
-  krebs.hidden-ssh.enable = true;
+  # krebs.hidden-ssh.enable = true;
   boot.kernelModules = [ "coretemp" "f71882fg" ];
   hardware.enableAllFirmware = true;
   nixpkgs.config.allowUnfree = true;

makefu/1systems/gum/config.nix

@@ -2,16 +2,22 @@
 
 with import <stockholm/lib>;
 let
-  external-mac = "3a:66:48:8e:82:b2";
+  # hw-specific
+  external-mac = "2a:c5:6e:d2:fc:7f";
+  main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
+  external-gw = "185.194.140.1";
+  # single partition, label "nixos"
+  # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
+
+
+  # static
   external-ip = config.krebs.build.host.nets.internet.ip4.addr;
   external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
-  external-gw = "188.68.40.1";
   external-gw6 = "fe80::1";
   external-netmask = 22;
   external-netmask6 = 64;
-  ext-if = "et0"; # gets renamed on the fly
   internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
-  main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
+  ext-if = "et0"; # gets renamed on the fly
 in {
   imports = [
       <stockholm/makefu>
@@ -19,6 +25,7 @@ in {
       <stockholm/makefu/2configs/headless.nix>
       <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
       # <stockholm/makefu/2configs/smart-monitor.nix>
+
       <stockholm/makefu/2configs/git/cgit-retiolum.nix>
       <stockholm/makefu/2configs/backup.nix>
       # <stockholm/makefu/2configs/mattermost-docker.nix>
@@ -76,7 +83,7 @@ in {
       # <stockholm/makefu/2configs/logging/client.nix>
 
       # Temporary:
-      <stockholm/makefu/2configs/temp/rst-issue.nix>
+      # <stockholm/makefu/2configs/temp/rst-issue.nix>
 
   ];
   makefu.dl-dir = "/var/download";

makefu/1systems/latte/config.nix

@@ -18,7 +18,7 @@ in {
 
     # Security
     <stockholm/makefu/2configs/sshd-totp.nix>
-    <stockholm/makefu/2configs/stats/client.nix>
+    # <stockholm/makefu/2configs/stats/client.nix>
 
     # Tools
     <stockholm/makefu/2configs/tools/core.nix>

makefu/1systems/omo/config.nix

@@ -82,7 +82,7 @@ in {
       # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
 
       # Temporary:
-      <stockholm/makefu/2configs/temp/rst-issue.nix>
+      # <stockholm/makefu/2configs/temp/rst-issue.nix>
     ];
   makefu.full-populate = true;
   makefu.server.primary-itf = primaryInterface;

makefu/1systems/tsp/config.nix

@@ -1,20 +1,20 @@
 #
 #
 #
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
 {
   imports =
     [ # Include the results of the hardware scan.
       <stockholm/makefu>
-      <stockholm/makefu/2configs/gui/base.nix>
+      <stockholm/makefu/2configs/main-laptop.nix>
+      <stockholm/makefu/2configs/tools/all.nix>
       <stockholm/makefu/2configs/fs/sda-crypto-root.nix>
       # hardware specifics are in here
       # imports tp-x2x0.nix
-      <stockholm/makefu/2configs/hw/tp-x200.nix>
+      # <stockholm/makefu/2configs/hw/tp-x200.nix>
 
-      <stockholm/makefu/2configs/disable_v6.nix>
+      # <stockholm/makefu/2configs/rad1o.nix>
-      <stockholm/makefu/2configs/rad1o.nix>
 
       <stockholm/makefu/2configs/zsh-user.nix>
       <stockholm/makefu/2configs/exim-retiolum.nix>
@@ -22,9 +22,41 @@
     ];
   # not working in vm
   krebs.build.host = config.krebs.hosts.tsp;
+  boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
+  boot.loader.grub.copyKernels = true;
 
   networking.firewall.allowedTCPPorts = [
     25
   ];
 
+  # acer aspire
+  networking.wireless.enable = lib.mkDefault true;
+
+  hardware.enableAllFirmware = true;
+  nixpkgs.config.allowUnfree = true;
+
+  hardware.cpu.intel.updateMicrocode = true;
+
+  zramSwap.enable = true;
+  zramSwap.numDevices = 2;
+
+  services.tlp.enable = true;
+  services.tlp.extraConfig = ''
+    # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
+    START_CHARGE_THRESH_BAT0=67
+    STOP_CHARGE_THRESH_BAT0=100
+
+
+    CPU_SCALING_GOVERNOR_ON_AC=performance
+    CPU_SCALING_GOVERNOR_ON_BAT=ondemand
+    CPU_MIN_PERF_ON_AC=0
+    CPU_MAX_PERF_ON_AC=100
+    CPU_MIN_PERF_ON_BAT=0
+    CPU_MAX_PERF_ON_BAT=30
+  '';
+
+  powerManagement.resumeCommands = ''
+    ${pkgs.rfkill}/bin/rfkill unblock all
+  '';
+
 }

makefu/1systems/wbob/config.nix

@@ -24,9 +24,12 @@ in {
       # <stockholm/makefu/2configs/audio/jack-on-pulse.nix>
       # <stockholm/makefu/2configs/audio/realtime-audio.nix>
       # <stockholm/makefu/2configs/vncserver.nix>
-      <stockholm/makefu/2configs/temp/rst-issue.nix>
+
       # Services
       <stockholm/makefu/2configs/remote-build/slave.nix>
+
+      # temporary
+      # <stockholm/makefu/2configs/temp/rst-issue.nix>
   ];
 
   krebs = {

makefu/1systems/x/config.nix

@@ -23,8 +23,6 @@ with import <stockholm/lib>;
       # <stockholm/makefu/2configs/deployment/wiki-irc-bot>
 
       # <stockholm/makefu/2configs/torrent.nix>
-      # <stockholm/makefu/2configs/lanparty/lancache.nix>
-      # <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
       # <stockholm/makefu/2configs/deployment/dirctator.nix>
       # <stockholm/makefu/2configs/vncserver.nix>
       # <stockholm/makefu/2configs/deployment/led-fader>
@@ -64,7 +62,7 @@ with import <stockholm/lib>;
       <stockholm/makefu/2configs/hw/rtl8812au.nix>
       <stockholm/makefu/2configs/hw/exfat-nofuse.nix>
       <stockholm/makefu/2configs/hw/wwan.nix>
-      <stockholm/makefu/2configs/hw/stk1160.nix>
+      # <stockholm/makefu/2configs/hw/stk1160.nix>
       # <stockholm/makefu/2configs/rad1o.nix>
 
       # Filesystem
@@ -75,6 +73,11 @@ with import <stockholm/lib>;
       {
         programs.adb.enable = true;
       }
+      # temporary
+      # <stockholm/makefu/2configs/lanparty/lancache.nix>
+      # <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
+      # <stockholm/makefu/2configs/lanparty/samba.nix>
+      # <stockholm/makefu/2configs/lanparty/mumble-server.nix>
 
     ];
 
@@ -84,7 +87,6 @@ with import <stockholm/lib>;
 
   nixpkgs.config.allowUnfree = true;
 
-  environment.systemPackages = [ pkgs.passwdqc-utils ];
 
 
   # configure pulseAudio to provide a HDMI sink as well
@@ -102,4 +104,7 @@ with import <stockholm/lib>;
   '';
   # hard dependency because otherwise the device will not be unlocked
   boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
+
+  nix.package = pkgs.nixUnstable;
+  environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
 }

makefu/2configs/backup.nix

@@ -31,6 +31,19 @@ in {
   krebs.backup.plans = {
     # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
     gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
+    gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )//
+      {
+        dst.path = "/media/cryptX/backup/gum/var-download";
+        dst.host = defaultBackupServer;
+        startAt = "19:00";
+      };
+    gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )//
+      {
+        dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de";
+        dst.host = defaultBackupServer;
+
+        startAt = "05:00";
+      };
     # wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/";
   };
   environment.systemPackages = [

makefu/2configs/hw/stk1160.nix

@@ -1,15 +0,0 @@
-{ pkgs, ... }:
-{
-  # TODO: un-pin linuxPackages somehow
-  boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages;
-  nixpkgs.config.packageOverrides = pkgs: {
-    linux_4_9 = pkgs.linux_4_9.override {
-        extraConfig = ''
-          MEDIA_ANALOG_TV_SUPPORT y
-          VIDEO_STK1160_COMMON m
-          VIDEO_STK1160_AC97 y
-          VIDEO_STK1160 m
-        '';
-    };
-  };
-}

makefu/2configs/lanparty/lancache-dns.nix

@@ -1,6 +1,19 @@
 { pkgs, lib, config, ... }:
 with import <stockholm/lib>;
 let
+  upstream-server = "8.8.8.8";
+  # make sure the router pins the ip address to the deployed host
+  # and set it as dns server ( dhcp option 6,192.168.10.10 )
+  local_ip = "192.168.10.10";
+
+  extra-config = pkgs.writeText "local.conf" ''
+    server:
+    local-data: "piratebox. A ${local_ip}"
+    local-data: "store. A ${local_ip}"
+    local-data: "share. A ${local_ip}"
+  '';
+
+
   # see https://github.com/zeropingheroes/lancache for full docs
   lancache-dns = pkgs.stdenv.mkDerivation rec {
     name = "lancache-dns-2017-06-28";
@@ -11,8 +24,9 @@ let
       rev = "420aa62";
       sha256 = "0ik7by7ripdv2avyy5kk9jp1i7rz9ksc8xmg7n9iik365q9pv94m";
     };
+
     phases = [ "unpackPhase" "installPhase" ];
-    # here we can chance to edit `includes/proxy-cache-paths.conf`
+    # here we have the chance to edit `includes/proxy-cache-paths.conf`
     installPhase = ''
       mkdir -p $out
       cp -r * $out/
@@ -20,7 +34,6 @@ let
   };
   stateDir = "/var/lib/unbound";
   user = "unbound";
-  upstream-server = "8.8.8.8";
 in {
   services.unbound = {
     enable = true;
@@ -29,6 +42,7 @@ in {
     forwardAddresses = [ upstream-server ];
     extraConfig = ''
       include: "${stateDir}/lancache/*.conf"
+      include: "${extra-config}"
     '';
   };
   services.dnscrypt-proxy.enable = lib.mkForce false;
@@ -42,7 +56,8 @@ in {
       path = [ pkgs.gawk pkgs.iproute pkgs.gnused ];
       script = ''
         set -xeu
-        current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}')
+        # current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}')
+        current_ip=${local_ip}
         old_ip=10.1.1.250
         mkdir -p ${stateDir}
         rm -rvf ${stateDir}/lancache

makefu/2configs/lanparty/lancache.nix

@@ -17,15 +17,21 @@ let
     installPhase = ''
       mkdir -p $out
       cp -r * $out/
+      rm $out/caches-enabled/*
       sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \
              -e '1 idaemon off;' \
+             -e 's#/var/lancache#${cfg.statedir}#g' \
               $out/nginx.conf
+      sed -i -e 's#/var/lancache#${cfg.statedir}#g' \
+              $out/*/*.conf
+      ln -s $out/caches-available/* $out/caches-enabled/
     '';
   };
   cfg = {
+    statedir = "/data/cache";
+
     group = "nginx-lancache";
     user = "nginx-lancache";
-    statedir = "/var/lancache";
     package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{
       configureFlags = old.configureFlags ++ [
         "--with-http_slice_module"
@@ -43,6 +49,7 @@ in {
 
     preStart = ''
       mkdir -p ${cfg.statedir} && cd ${cfg.statedir}
+      chmod 700 ${cfg.statedir}
       PATH_CACHE=$PATH_BASE/cache
       PATH_LOGS=$PATH_BASE/logs
 

makefu/2configs/lanparty/mumble-server.nix

@@ -0,0 +1,12 @@
+{ config, ... }:
+{
+  networking.firewall.allowedTCPPorts = [ 64738 ];
+  networking.firewall.allowedUDPPorts = [ 64738 ];
+  services.murmur = {
+    enable = true;
+    welcometext = "Welcome to the LANest Party mumble server";
+    bonjour = true;
+    hostName = "0.0.0.0";
+    sendVersion = true;
+  };
+}

makefu/2configs/lanparty/samba.nix

@@ -10,9 +10,16 @@
   };
   services.samba = {
     enable = true;
+    enableNmbd = true;
     shares = {
-      share-home = {
+      lanparty = {
         path = "/data/lanparty/";
+        "read only" = "yes";
+        browseable = "yes";
+        "guest ok" = "yes";
+      };
+      share = {
+        path = "/data/incoming";
         "read only" = "no";
         browseable = "yes";
         "guest ok" = "yes";

makefu/2configs/tools/core.nix

@@ -5,38 +5,44 @@
 #
 # essentially `nix-env -q` of the main user
 {
-  krebs.per-user.makefu.packages = with pkgs; [
+  environment.systemPackages = with pkgs; [
     at_spi2_core
     acpi
     bc
     rsync
     exif
     file
+    lsof
+    which
+    binutils
+
     # fs
-    ntfs3g
+    cifs-utils
     dosfstools
+    ntfs3g
+    smartmontools
+
+    # io
     pv
     sshpass
     usbutils
     p7zip
     hdparm
-    inetutils
+
-    ncftp
-    mutt
-    tcpdump
-    sysstat
-    which
-    weechat
-    wol
-    tmux
-    iftop
-    mkpasswd
-    # storage
-    smartmontools
-    cifs-utils
     # net
     wget
     curl
+    inetutils
+    ncftp
+    tcpdump
+    sysstat
+    wol
+    iftop
+
+    mkpasswd
+    mutt
+    weechat
+    tmux
 
     # stockholm
     git

makefu/2configs/tools/dev.nix

@@ -2,7 +2,8 @@
 
 {
   users.users.makefu.packages = with pkgs;[
-    python35Packages.virtualenv
+    python3Packages.virtualenv
+    python3Packages.pyserial
     # embedded
     gi
     flashrom

makefu/2configs/tools/games.nix

@@ -6,5 +6,6 @@
   ];
   users.users.makefu.packages = with pkgs; [
     games-user-env
+    wine
   ];
 }

makefu/2configs/tools/sec.nix

@@ -13,6 +13,6 @@
     thc-hydra
     borgbackup
     ledger
-    u3_tool
+    u3-tool
   ];
 }

makefu/5pkgs/default.nix

@@ -31,7 +31,10 @@ in {
     });
     pwqgen-ger = callPackage <stockholm/krebs/5pkgs/simple/passwdqc-utils> {
       wordset-file = super.pkgs.fetchurl {
-        url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ;
+        urls = [
+          https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c
+          https://archive.org/download/nixos-stockholm-tarballs/pviar5j1gxiqcf3l34b4n2pil06xc8zf-wordset_4k.c
+        ];
         sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";
       };
     };

makefu/5pkgs/u3_tool/default.nix

@@ -1,22 +0,0 @@
-{ stdenv, fetchurl }:
-
-stdenv.mkDerivation rec {
-  proj = "u3-tool";
-  name = "${proj}-${version}";
-  version = "0.3";
-
-  enableParallelBuilding = true;
-
-  src = fetchurl {
-    url = "mirror://sourceforge/${proj}/${name}.tar.gz";
-    sha256 = "1p9c9kibd1pdbdfa0nd0i3n7bvzi3xg0chm38jg3xfl8gsn0390f";
-  };
-
-  meta = {
-    description = "Tool for controlling the special features of a 'U3 smart drive' USB Flash disk.";
-    homepage = https://sourceforge.net/projects/u3-tool/ ;
-    license = stdenv.lib.licenses.gpl2;
-    platforms = stdenv.lib.platforms.linux;
-    maintainers = with stdenv.lib.maintainers; [ makefu ];
-  };
-}

makefu/source.nix

@@ -11,9 +11,8 @@ let
               then "buildbot"
               else "makefu";
   _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
-  ref = "809cf38"; # unstable @ 2017-10-07
+  ref = "6778819"; # unstable @ 2017-11-14
-                   # + ruby stuff (2f0b17e4be9,55a952be5b5)
+                   # + do_sqlite3 ruby: 55a952be5b5
-                   # + mitmproxy fix (360a5efd,ef52c95b)
 
 in
   evalSource (toString _file) [