Merge branch 'master' of prism.r:stockholm

krebs/3modules/external/default.nix

@@ -8,132 +8,34 @@ with import <stockholm/lib>;
   } // optionalAttrs (host.nets?retiolum) {
     nets.retiolum.ip6.addr =
       (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+  } // optionalAttrs (host.nets?wiregrill) {
+    nets.wiregrill.ip6.addr =
+      (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
   });
+  ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
+  tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
 
 in {
   hosts = mapAttrs hostDefaults {
-    sokrateslaptop = {
+    dpdkm = {
-      owner = config.krebs.users.sokratess;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.142.104";
-          aliases = [
-            "sokrateslaptop.r"
-          ];
-          tinc.pubkey = ''
-            -----BEGIN RSA PUBLIC KEY-----
-            MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
-            t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
-            rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
-            egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
-            aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
-            VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
-            -----END RSA PUBLIC KEY-----
-          '';
-        };
-      };
-    };
-    kruck = {
-      owner = config.krebs.users.palo;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.29.201";
-          aliases = [
-            "kruck.r"
-          ];
-          tinc.pubkey = ''
-            -----BEGIN RSA PUBLIC KEY-----
-            MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
-            QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
-            EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
-            uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
-            /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
-            9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
-            qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
-            gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
-            jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
-            fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
-            TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
-            -----END RSA PUBLIC KEY-----
-          '';
-        };
-      };
-    };
-    scardanelli = {
-      owner = config.krebs.users.kmein;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.2.2";
-          aliases = [
-            "scardanelli.r"
-          ];
-          tinc.pubkey = ''
-            -----BEGIN PUBLIC KEY-----
-            MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/
-            MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge
-            UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi
-            kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0
-            gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx
-            we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY
-            QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm
-            SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL
-            2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f
-            m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q
-            FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5
-            lM61fOMcVW1KREdWypiDtu8CAwEAAQ==
-            -----END PUBLIC KEY-----
-          '';
-        };
-      };
-    };
-    homeros = {
-      owner = config.krebs.users.kmein;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.2.1";
-          aliases = [
-            "homeros.r"
-          ];
-          tinc.pubkey = ''
-            -----BEGIN PUBLIC KEY-----
-            MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd
-            ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc
-            6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v
-            RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd
-            vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3
-            +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc
-            QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm
-            fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh
-            VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7
-            k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX
-            gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N
-            mJ/hywVtvLxNkNimyztoKKMCAwEAAQ==
-            -----END PUBLIC KEY-----
-          '';
-        };
-      };
-    };
-    turingmachine = {
       owner = config.krebs.users.Mic92;
-      nets = {
+      nets = rec {
         retiolum = {
-          ip4.addr = "10.243.29.168";
+          ip4.addr = "10.243.29.173";
-          aliases = [
+          aliases = [ "dpdkm.r" ];
-            "turingmachine.r"
-          ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
-            MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C
+            MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
-            t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9
+            NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
-            6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8
+            qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
-            ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g
+            X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
-            nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06
+            f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
-            5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT
+            bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
-            1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1
+            Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
-            gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl
+            B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
-            DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL
+            tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
-            W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
+            dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
-            OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
+            mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
             -----END RSA PUBLIC KEY-----
           '';
         };
@@ -177,83 +79,6 @@ in {
         };
       };
     };
-    rock = {
-      owner = config.krebs.users.Mic92;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.29.171";
-          aliases = [ "rock.r" ];
-          tinc.pubkey = ''
-            -----BEGIN RSA PUBLIC KEY-----
-            MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
-            DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
-            HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
-            mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
-            Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
-            Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
-            91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
-            fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
-            3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
-            ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
-            cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
-            -----END RSA PUBLIC KEY-----
-          '';
-        };
-      };
-    };
-    inspector = {
-      owner = config.krebs.users.Mic92;
-      nets = rec {
-        internet = {
-          ip4.addr = "141.76.44.154";
-          aliases = [ "inspector.i" ];
-        };
-        retiolum = {
-          via = internet;
-          ip4.addr = "10.243.29.172";
-          aliases = [ "inspector.r" ];
-          tinc.pubkey = ''
-            -----BEGIN RSA PUBLIC KEY-----
-            MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
-            EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
-            7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
-            m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
-            WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
-            eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
-            OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
-            ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
-            B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
-            q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
-            7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
-            -----END RSA PUBLIC KEY-----
-          '';
-        };
-      };
-    };
-    dpdkm = {
-      owner = config.krebs.users.Mic92;
-      nets = rec {
-        retiolum = {
-          ip4.addr = "10.243.29.173";
-          aliases = [ "dpdkm.r" ];
-          tinc.pubkey = ''
-            -----BEGIN RSA PUBLIC KEY-----
-            MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
-            NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
-            qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
-            X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
-            f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
-            bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
-            Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
-            B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
-            tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
-            dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
-            mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
-            -----END RSA PUBLIC KEY-----
-          '';
-        };
-      };
-    };
     eve = {
       owner = config.krebs.users.Mic92;
       nets = rec {
@@ -289,18 +114,281 @@ in {
         };
       };
     };
+    homeros = {
+      owner = config.krebs.users.kmein;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.2.1";
+          aliases = [
+            "homeros.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN PUBLIC KEY-----
+            MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd
+            ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc
+            6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v
+            RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd
+            vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3
+            +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc
+            QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm
+            fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh
+            VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7
+            k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX
+            gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N
+            mJ/hywVtvLxNkNimyztoKKMCAwEAAQ==
+            -----END PUBLIC KEY-----
+          '';
+        };
+      };
+    };
+    justraute = {
+      owner = config.krebs.users.raute; # laptop
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.183.231";
+          aliases = [
+            "justraute.r"
+          ];
+          tinc.pubkey = tinc-for "justraute";
+        };
+      };
+    };
+    kruck = {
+      owner = config.krebs.users.palo;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.29.201";
+          aliases = [
+            "kruck.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
+            QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
+            EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
+            uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
+            /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
+            9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
+            qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
+            gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
+            jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
+            fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
+            TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+    };
+    qubasa = {
+      owner = config.krebs.users.qubasa;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.29.175";
+          aliases = [ "qubasa.r" ];
+          tinc.pubkey = ''
+              -----BEGIN PUBLIC KEY-----
+              MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ioASTOx6Vndp316u89Z
+              f+9WgfyVGw9deP2pQjoHnsPjBqRrsDCQGFO/U1ILQn0AWskQpHWHRir7Q6cI90jm
+              8MqqGVymVFbeYbrOLHLjp+2fle9iU9DfST4O76TQwF/3elLf3tpGFS8EB+qF3Ig7
+              aVOf5TuHPWWj6VtGTuWW9I8MsPnNykyRstlWXEztIs2zQrc0cO1IGd1QVarDGqTs
+              KR4Zm7PvF7U193NzPLaH6jcdjF37FETLrNxAu88M+YnvXBp4oRHeJmvBloazpH0v
+              aSb3+vNRlViMSlf9ImpAHlFRyvYYDAWlIY0nyeNUJna1ImGloSStLtBAhFAwc65j
+              kmrXeK3TVAoGZQOvSbjFmI/nBgfHEOnz/9aRVHGUNoQ/nAM6UhALFEZV6sdjX6W4
+              3p670DEO5fiI3fqqErkscbv8zSEjfmxV4YGMXVMw8Ub87fGwQEF17uDLeqD0k9AB
+              7umwrWP53YffauAqinma0I6RcLRVRfJ2vhyBH1mKwAAW55WU6DpBTydy46kxy/Oz
+              k9Cnxw7oMydUAAdnf5Axgs+dcx43lnXvGsoHi4lZycYhqtPe2YI152HAbGfmrixV
+              Slzh8aiinBkLYW2VzJNTRmHvB3njjeua4/guXwe00G7MIs3UDMIieJNcVxb+E07v
+              vF2rqhqU9b+1MQRhIPsBf4cCAwEAAQ==
+              -----END PUBLIC KEY-----
+          '';
+        };
+      };
+    };
+    rock = {
+      owner = config.krebs.users.Mic92;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.29.171";
+          aliases = [ "rock.r" ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
+            DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
+            HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
+            mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
+            Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
+            Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
+            91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
+            fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
+            3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
+            ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
+            cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+    };
+    scardanelli = {
+      owner = config.krebs.users.kmein;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.2.2";
+          aliases = [
+            "scardanelli.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN PUBLIC KEY-----
+            MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/
+            MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge
+            UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi
+            kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0
+            gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx
+            we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY
+            QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm
+            SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL
+            2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f
+            m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q
+            FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5
+            lM61fOMcVW1KREdWypiDtu8CAwEAAQ==
+            -----END PUBLIC KEY-----
+          '';
+        };
+      };
+    };
+    sokrateslaptop = {
+      owner = config.krebs.users.sokratess;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.142.104";
+          aliases = [
+            "sokrateslaptop.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
+            t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
+            rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
+            egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
+            aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
+            VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+    };
+    tpsw = {
+      cores = 2;
+      owner = config.krebs.users.ciko; # main laptop
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.183.236";
+          aliases = [
+            "tpsw.r"
+          ];
+          tinc.pubkey = tinc-for "tpsw";
+        };
+      };
+    };
+    turingmachine = {
+      owner = config.krebs.users.Mic92;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.29.168";
+          aliases = [
+            "turingmachine.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C
+            t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9
+            6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8
+            ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g
+            nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06
+            5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT
+            1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1
+            gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl
+            DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL
+            W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
+            OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+    };
+    inspector = {
+      owner = config.krebs.users.Mic92;
+      nets = rec {
+        internet = {
+          ip4.addr = "141.76.44.154";
+          aliases = [ "inspector.i" ];
+        };
+        retiolum = {
+          via = internet;
+          ip4.addr = "10.243.29.172";
+          aliases = [ "inspector.r" ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
+            EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
+            7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
+            m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
+            WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
+            eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
+            OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
+            ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
+            B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
+            q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
+            7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+    };
+    miaoski = {
+      owner = config.krebs.users.miaoski;
+      nets = {
+        wiregrill = {
+          aliases = [ "miaoski.w" ];
+          wireguard = {
+            pubkey = "8haz9JX5nAMORzNy89VdHC1Z9XA94ogaZsY3d2Rfkl4=";
+          };
+        };
+      };
+    };
   };
   users = {
-    Mic92 = {
+    ciko = {
-      pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
+      mail = "wieczorek.stefan@googlemail.com";
-      mail = "joerg@higgsboson.tk";
+    };
+    exco = {
+      mail = "dickbutt@excogitation.de";
+      pubkey = ssh-for "exco";
     };
     kmein = {
+      mail = "kieran.meinhardt@gmail.com";
+      pubkey = ssh-for "kmein";
+    };
+    Mic92 = {
+      mail = "joerg@higgsboson.tk";
+      pubkey = ssh-for "Mic92";
     };
     palo = {
     };
+    qubasa = {
+      mail = "luis.nixos@gmail.com";
+    };
+    raute = {
+      mail = "macxylo@gmail.com";
+      pubkey = ssh-for "raute";
+    };
     sokratess = {
     };
+    ulrich = {
+      mail = "shackspace.de@myvdr.de";
+      pubkey = ssh-for "ulrich";
+    };
+    miaoski = {
+    };
   };
 }
 

krebs/3modules/external/ssh/Mic92.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE

krebs/3modules/external/ssh/kmein.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC19H0FhSNWcfBRPKzbTVSMJikIWZl0CoM8zCm+/3fdMgoaLRpeZWe/AfDK6b4qOjk/sez/J0JUFCGr+JbMwjsduoazsuQowu9L9DLP9Q5UkJje4BD7MHznaeu9/XfVng/MvyaEWArA/VUJeKQesHe76tR511/+n3+bdzlIh8Zw/3wfFxmg1OTNA99/vLkXrQzHDTuV/yj1pxykL4xFtN0OIssW1IKncJeKtkO/OHGT55ypz52Daj6bNKqvxiTuzeEhv5M+5ppyIPcRf1uj/7IaPKttCgZAntEqBTIR9MbyXFeAZVayzaFnLl2okeam5XreeZbj+Y1h2ZjxiIuWoab3MLndSekVfLtfa63gtcWIf8CIvZO2wJoH8v73y0U78JsfWVaTM09ZCfFlHHA/bWqZ6laAjW+mWLO/c77DcYkB3IBzaMVNfc6mfTcGFIC+biWeYpKgA0zC6rByUPbmbIoMueP9zqJwqUaM90Nwd6559inBB107/BK3Ktb3b+37mMCstetIPB9e4EFpGMjhmnL/G81jS53ACWLXJYzt7mKU/fEsiW93MtaB+Le46OEC18y/4G8F7p/nnH7i0kO74ukxbnc4PlpiM7iWT6ra2Cyy+nzEgdXCNXywIxr05TbCQDwX6/NY8k7Hokgdfyz+1Pq3sX0yCcWRPaoB26YF12KYFQ== kieran.meinhardt@gmail.com

krebs/3modules/external/ssh/raute.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH385gr3BAKJ92k1FaOLx2wFMgDFTmupOcww5g/bEAsO raute@wolf

krebs/3modules/external/tinc/justraute.pub

@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0FJ2Wh7y8lgXOLXR2VQh
+BsERf4uoWQ2UZexxv5bo6H9aYmyc+pA7q9ScP+ljKIXHLG3RbskIDFJLfs2HHS2u
+rCD3Pv71Ihx8fgmP7VdJktvFV8uBbDk2YF28Kd198ggEPL9ki1+LKzauTv0CCBcK
+O78VgN8v+l42v+oQSFk30FBYCpvld39dv74etb4/T4zmn7H3RNH+gPU1T0dge4yu
+xdlCk4TmNXWcw3cDvcCDDJFblH100IWRZ8enH4wHC5LvSKcYCqiiILsKAPuS8/J0
+cUePfRln1ZJDvR8AlO8ejRU7PC7550JbyqRbu0oAro2fLz7BOAJi6v8SbPU4GUaT
+uFDwJsIqcRnnC8a7N4DouDyUUnTWdTtuDtl0R/I9SYY/u4MhgmFI8bribhwDMmdC
+V7UM+023cC/mM9TqCPP0xdy3oiTXRyWk9aNEWep4box/VXmNsJ0hjeIi/W06eXBZ
+0j5T3wKnuxSzktyhq8Jt4zJEuarBfwGBcxNf+3CHuKjfN7SAxmQZCRwS/2cPcNDS
+HkApVsqTdOuLaXnoCJQyxvMQt70OCXmOs/bk0ZAcqNRJ+gYot1duplB+15+ro07j
+3sLbwUMsfpC40CnHd3s1w74/5l1DAc9Mo4I5xX0QH7PCgVzJ9wEctonaItWzT/q4
+vElG9ULoGQb0prlJC35i738CAwEAAQ==
+-----END PUBLIC KEY-----

krebs/3modules/external/tinc/tpsw.pub

@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
+Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
+WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
+OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
+0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
+pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
+-----END RSA PUBLIC KEY-----

krebs/3modules/lass/default.nix

@@ -91,14 +91,16 @@ in {
         };
         wiregrill = {
           via = internet;
-          ip4.addr = "10.244.1.1";
           ip6.addr = w6 "1";
           aliases = [
             "prism.w"
           ];
           wireguard = {
             pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk=";
-            subnets = [ "10.244.1.0/24" "42:1::/32" ];
+            subnets = [
+              (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
+              (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR
+            ];
           };
         };
       };
@@ -274,7 +276,7 @@ in {
       nets = rec {
         retiolum = {
           ip4.addr = "10.243.133.115";
-          ip6.addr = r6 "dead";
+          ip6.addr = r6 "daed";
           aliases = [
             "daedalus.r"
             "cgit.daedalus.r"
@@ -290,8 +292,14 @@ in {
             -----END RSA PUBLIC KEY-----
           '';
         };
+        wiregrill = {
+          ip6.addr = w6 "daed";
+          aliases = [
+            "daedalus.w"
+          ];
+          wireguard.pubkey = "ZVTTWbJfe8Oq6E6QW1qgXU91FnkuKDGJO3MF3I3gDFI=";
+        };
       };
-      secure = true;
       ssh.privkey.path = <secrets/ssh.id_ed25519>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g";
     };
@@ -470,7 +478,6 @@ in {
     phone = {
       nets = {
         wiregrill = {
-          ip4.addr = "10.244.1.2";
           ip6.addr = w6 "a";
           aliases = [
             "phone.w"

krebs/3modules/makefu/default.nix

@@ -992,57 +992,6 @@ in {
         };
       };
     };
-  } // { # hosts only maintained in stockholm, not owned by me
-    muhbaasu = rec {
-      owner = config.krebs.users.root;
-      cores = 1;
-      nets = {
-        internet = {
-          ip4.addr = "217.160.206.154";
-          aliases = [
-            "muhbaasu.i"
-          ];
-        };
-        retiolum = {
-          ip4.addr = "10.243.139.184";
-          aliases = [
-            "muhbaasu.r"
-          ];
-          tinc.pubkey = ''
-            -----BEGIN RSA PUBLIC KEY-----
-            MIIBCgKCAQEA0f4C4xKXpnyV1ig03O2Kef8ag+/5WGkW90uxEBb/h5NY9barex+Z
-            KqVbkPdHhwoCIINuCVcOnJXzeo0FZtSEq3zVhscVm0PVdNfjct8a9KMsK0iUmuul
-            5WD9Glh5/1wkEmbRfVxDErhssz1b8YmFOAGQn+ujO/Znn3BLv36uKQvpqU2y5bzb
-            +rVnq3eE1bCSeuj41bgEve8+vxpforjLO6gbE91mwp3Ol6nkkp6CjpG+aFTuLCAj
-            YR0MIl2gGwskOGSI38QxlLouOlIGwus5f+KfC94ZP0pMwu5pT45UOUkVnlBXuZ9E
-            igNHG2Vtm76nB3yYHndOvuDTOufatX61dQIDAQAB
-            -----END RSA PUBLIC KEY-----
-          '';
-        };
-      };
-    };
-    tpsw = {
-      cores = 2;
-      owner = config.krebs.users.ciko; # main laptop
-        nets = {
-          retiolum = {
-            ip4.addr = "10.243.183.236";
-            aliases = [
-              "tpsw.r"
-            ];
-            tinc.pubkey = ''
-              -----BEGIN RSA PUBLIC KEY-----
-              MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
-              Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
-              WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
-              OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
-              0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
-              pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
-              -----END RSA PUBLIC KEY-----
-            '';
-          };
-        };
-    };
   };
   users = rec {
     makefu = {
@@ -1079,16 +1028,5 @@ in {
       inherit (makefu) mail pgp;
       pubkey = pub-for "makefu.bob";
     };
-    ciko = {
-      mail = "wieczorek.stefan@googlemail.com";
-    };
-    ulrich = {
-      pubkey = pub-for "ulrich";
-      mail = "shackspace.de@myvdr.de";
-    };
-    exco = {
-      mail = "dickbutt@excogitation.de";
-      pubkey = pub-for "exco";
-    };
   };
 }

krebs/3modules/tv/default.nix

@@ -1,12 +1,30 @@
 with import <stockholm/lib>;
 { config, ... }: let
 
-  hostDefaults = hostName: host: flip recursiveUpdate host ({
+  hostDefaults = hostName: host: foldl' recursiveUpdate {} [
-    owner = config.krebs.users.tv;
+    {
-  } // optionalAttrs (host.nets?retiolum) {
+      owner = config.krebs.users.tv;
-    nets.retiolum.ip6.addr =
+    }
-      (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address;
+    (optionalAttrs (host.nets?retiolum) {
-  });
+      nets.retiolum = {
+        ip6.addr =
+          (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address;
+      };
+    })
+    (let
+      pubkey-path = ./wiregrill + "/${hostName}.pub";
+    in optionalAttrs (pathExists pubkey-path) {
+      nets.wiregrill = {
+        aliases = [
+          "${hostName}.w"
+        ];
+        ip6.addr =
+          (krebs.genipv6 "wiregrill" "tv" { inherit hostName; }).address;
+        wireguard.pubkey = readFile pubkey-path;
+      };
+    })
+    host
+  ];
 
 in {
   dns.providers = {
@@ -103,6 +121,9 @@ in {
             -----END RSA PUBLIC KEY-----
           '';
         };
+        wiregrill.wireguard.subnets = [
+          (krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR
+        ];
       };
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGDdcKwFm6udU0/x6XGGb87k9py0VlrxF54HeYu9Izb";
     };

krebs/3modules/tv/wiregrill/alnus.pub

@@ -0,0 +1 @@
+w7+6kMf1P3Ka0kXXY4CCbr80TrWPYpe/zd13yuvz9SE=

krebs/3modules/tv/wiregrill/mu.pub

@@ -0,0 +1 @@
+4bboT+cZM1BYvNho9oKbO0MFnPFTvmASR+1IdV4/fwQ=

krebs/3modules/tv/wiregrill/ni.pub

@@ -0,0 +1 @@
+KiIiwkuin+E4FXqFajJjnoGKkHW3H3FzIx5EQrF1+lw=

krebs/3modules/tv/wiregrill/nomic.pub

@@ -0,0 +1 @@
+UgvgarDtuSvbciNx5SU2NDbctb9/OTQ9Kr8H/O3931A=

krebs/3modules/tv/wiregrill/querel.pub

@@ -0,0 +1 @@
+sxaqrsqcDgdM3+QH6mxzqDs3SLWgm7J8AytpIbRZ2n0=

krebs/3modules/tv/wiregrill/wu.pub

@@ -0,0 +1 @@
+68bL6l3/sjbirva80tm0Dw6/PJu1S95nJC58gWCh42E=

krebs/3modules/tv/wiregrill/xu.pub

@@ -0,0 +1 @@
+XU76RFN0jG/YjffAPg3e3VuHF/iKMvVoRhHmixvLL1s=

krebs/3modules/tv/wiregrill/zu.pub

@@ -0,0 +1 @@
+WrILdnsketejrJuYM/sLEh89GdSVbddv8BG/D3sW7kw=

krebs/nixpkgs.json

@@ -1,7 +1,7 @@
 {
   "url": "https://github.com/NixOS/nixpkgs-channels",
-  "rev": "5d4a1a3897e2d674522bcb3aa0026c9e32d8fd7c",
+  "rev": "b9fa31cea0e119ecf1867af4944ddc2f7633aacd",
-  "date": "2018-11-24T00:40:22-05:00",
+  "date": "2018-12-22T15:37:52+00:00",
-  "sha256": "19kryzx9a6x68mpyxks3dajraf92hkbnw1zf952k73s2k4qw9jlq",
+  "sha256": "1iqdra7nvcwbydjirjsk71rpzk4ljc0gzqy33fcp8l18y8iwh47k",
   "fetchSubmodules": false
 }

lass/1systems/daedalus/config.nix

@@ -6,9 +6,8 @@ with import <stockholm/lib>;
     <stockholm/lass>
 
     <stockholm/lass/2configs/retiolum.nix>
-    <stockholm/lass/2configs/games.nix>
-    <stockholm/lass/2configs/steam.nix>
     <stockholm/lass/2configs/backup.nix>
+    <stockholm/lass/2configs/nfs-dl.nix>
     {
       # bubsy config
       users.users.bubsy = {
@@ -72,6 +71,7 @@ with import <stockholm/lib>;
       #remote control
       environment.systemPackages = with pkgs; [
         x11vnc
+        torbrowser
       ];
       krebs.iptables.tables.filter.INPUT.rules = [
         { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }

lass/1systems/mors/config.nix

@@ -147,6 +147,7 @@ with import <stockholm/lib>;
     OnCalendar = "00:37";
   };
 
+  nixpkgs.config.android_sdk.accept_license = true;
   programs.adb.enable = true;
   users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
   virtualisation.docker.enable = true;

lass/1systems/prism/config.nix

@@ -82,6 +82,13 @@ with import <stockholm/lib>;
         ];
         openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
       };
+      users.users.kmein = {
+        uid = genid_uint31 "kmein";
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [
+          config.krebs.users.kmein.pubkey
+        ];
+      };
     }
     {
       #hotdog
@@ -309,7 +316,7 @@ with import <stockholm/lib>;
         { precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
       ];
       krebs.iptables.tables.nat.POSTROUTING.rules = [
-        { v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; }
+        { v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; }
         { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
       ];
       services.dnsmasq = {
@@ -390,6 +397,28 @@ with import <stockholm/lib>;
         ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
         chown download: /var/download/finished
       '';
+
+      fileSystems."/export/download" = {
+        device = "/var/lib/containers/yellow/var/download";
+        options = [ "bind" ];
+      };
+      services.nfs.server = {
+        enable = true;
+        exports = ''
+          /export 42::/16(insecure,ro,crossmnt)
+        '';
+        lockdPort = 4001;
+        mountdPort = 4002;
+        statdPort = 4000;
+      };
+      krebs.iptables.tables.filter.INPUT.rules = [
+         { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
+         { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
+         { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
+         { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
+         { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
+         { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
+      ];
     }
   ];
 

lass/2configs/baseX.nix

@@ -9,6 +9,7 @@ in {
     ./power-action.nix
     ./copyq.nix
     ./urxvt.nix
+    ./nfs-dl.nix
     {
       hardware.pulseaudio = {
         enable = true;

lass/2configs/exim-smarthost.nix

@@ -95,6 +95,7 @@ with import <stockholm/lib>;
       { from = "lesswrong@lassul.us"; to = lass.mail; }
       { from = "nordvpn@lassul.us"; to = lass.mail; }
       { from = "csv-direct@lassul.us"; to = lass.mail; }
+      { from = "nintendo@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }

lass/2configs/nfs-dl.nix

@@ -0,0 +1,7 @@
+{
+  fileSystems."/mnt/prism" = {
+    device = "prism.w:/export";
+    fsType = "nfs";
+  };
+}
+

lass/2configs/websites/domsen.nix

@@ -135,6 +135,7 @@ in {
       "jla-trading.com"
       "ubikmedia.eu"
       "ubikmedia.de"
+      "alewis.de"
     ];
     ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
     ssl_key = "/var/lib/acme/lassul.us/key.pem";

lass/2configs/websites/lassulus.nix

@@ -63,6 +63,9 @@ in {
     locations."= /retiolum.hosts".extraConfig = ''
       alias ${pkgs.retiolum-hosts};
     '';
+    locations."= /wireguard-key".extraConfig = ''
+      alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey};
+    '';
     locations."/tinc".extraConfig = ''
       alias ${config.krebs.tinc_graphs.workingDir}/external;
     '';

lass/2configs/websites/sqlBackup.nix

@@ -20,9 +20,7 @@
 
   lass.mysqlBackup = {
     enable = true;
-    config.all = {
+    config.all = {};
-      password = toString (<secrets/mysql_rootPassword>);
-    };
   };
 }
 

lass/2configs/wiregrill.nix

@@ -37,7 +37,7 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
         ;
         endpoint = mkIf (!isNull host.nets.wiregrill.via) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}");
         persistentKeepalive = mkIf (!isNull host.nets.wiregrill.via) 61;
-        publicKey = host.nets.wiregrill.wireguard.pubkey;
+        publicKey = (replaceStrings ["\n"] [""] host.nets.wiregrill.wireguard.pubkey);
       })
       (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts);
   };

lass/3modules/mysql-backup.nix

@@ -41,7 +41,7 @@ let
           };
           location = mkOption {
             type = str;
-            default = "/bku/sql_dumps";
+            default = "/backups/sql_dumps";
           };
         };
       }));
@@ -51,11 +51,9 @@ let
 
   imp = {
 
-    #systemd.timers =
+    services.mysql.ensureUsers = [
-    #  mapAttrs (_: plan: {
+      { ensurePermissions = { "*.*" = "ALL"; }; name = "root"; }
-    #  wantedBy = [ "timers.target" ];
+    ];
-    #  timerConfig = plan.timerConfig;
-    #}) cfg.config;
 
     systemd.services =
       mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" {
@@ -75,8 +73,10 @@ let
 
 
   start = plan: let
-    backupScript = plan: db:
+    backupScript = plan: db: ''
-      "mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz";
+      mkdir -p ${plan.location}
+      mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz
+    '';
 
   in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" ''
     ${concatMapStringsSep "\n" (backupScript plan) plan.databases}

lass/5pkgs/custom/xmonad-lass/default.nix

@@ -11,10 +11,7 @@ pkgs.writeHaskellPackage "xmonad-lass" {
       "xmonad-stockholm"
     ];
     text = /* haskell */ ''
-{-# LANGUAGE DeriveDataTypeable #-} -- for XS
-{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
 {-# LANGUAGE LambdaCase #-}
-{-# LANGUAGE ScopedTypeVariables #-}
 
 
 module Main where
@@ -28,7 +25,7 @@ import System.Environment (getArgs, lookupEnv)
 import System.Exit (exitFailure)
 import System.IO (hPutStrLn, stderr)
 import System.Posix.Process (executeFile)
-import XMonad.Actions.CopyWindow (copy, kill1)
+import XMonad.Actions.CopyWindow (copy, copyToAll, kill1)
 import XMonad.Actions.CycleWS (toggleWS)
 import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
 import XMonad.Actions.DynamicWorkspaces (withWorkspace)
@@ -149,6 +146,8 @@ myKeyMap =
 
     , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
 
+    , ("M4-<F2>", windows copyToAll)
+
     , ("M4-<F4>", spawn "${pkgs.writeDash "nm-dmenu" ''
       export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
       exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"

makefu/1systems/gum/config.nix

@@ -21,6 +21,7 @@ in {
           ];
         };
       }
+      <stockholm/makefu/2configs/support-nixos.nix>
       # <stockholm/makefu/2configs/stats/client.nix>
       <stockholm/makefu/2configs/stats/netdata-server.nix>
 
@@ -131,6 +132,7 @@ in {
       <stockholm/makefu/2configs/deployment/boot-euer.nix>
       <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
       <stockholm/makefu/2configs/bgt/hidden_service.nix>
+      <stockholm/makefu/2configs/bgt/backup.nix>
 
       # <stockholm/makefu/2configs/logging/client.nix>
 

makefu/1systems/omo/config.nix

@@ -11,6 +11,7 @@ in {
       ./hw/omo.nix
       #./hw/tsp.nix
       <stockholm/makefu>
+      <stockholm/makefu/2configs/support-nixos.nix>
       <stockholm/makefu/2configs/zsh-user.nix>
       <stockholm/makefu/2configs/backup/state.nix>
       <stockholm/makefu/2configs/exim-retiolum.nix>

makefu/2configs/bgt/backup.nix

@@ -0,0 +1,20 @@
+{
+  # Manual steps:
+  # 1. ssh-copy-id root ssh-key to the remotes you want to back up
+  # 2. run `rsnapshot hourly` manually as root to check if everything works
+  services.rsnapshot = {
+    enable = true;
+    cronIntervals = {
+      daily = "50 21 * * *";
+      hourly = "0 */4 * * *";
+    };
+    extraConfig = ''
+retain	hourly	5
+retain	daily	365
+snapshot_root	/var/backup
+backup	root@binaergewitter.jit.computer:/opt/isso	jit
+backup	root@binaergewitter.jit.computer:/etc/systemd/system/isso.service	jit
+backup	root@binaergewitter.jit.computer:/etc/nginx/conf.d/isso.conf	jit
+    '';
+  };
+}

makefu/2configs/hw/ssd.nix

@@ -0,0 +1,4 @@
+{
+  # ssd trimming
+  services.fstrim.enable = true;
+}

makefu/2configs/hw/tp-x2x0.nix

@@ -4,6 +4,7 @@ with import <stockholm/lib>;
 {
   imports = [
     ./tpm.nix
+    ./ssd.nix
   ];
 
   boot.kernelModules = [
@@ -50,6 +51,7 @@ with import <stockholm/lib>;
     CPU_MAX_PERF_ON_BAT=30
   '';
 
+
   powerManagement.resumeCommands = ''
     ${pkgs.rfkill}/bin/rfkill unblock all
   '';

makefu/2configs/support-nixos.nix

@@ -0,0 +1 @@
+{ makefu.distrobump.enable = true; }

makefu/3modules/bump-distrowatch.nix

@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.makefu.distrobump;
+
+  imp = {
+    systemd.services.distrobump = {
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.curl ];
+      restartIfChanged = false;
+      startAt = "daily";
+      serviceConfig = {
+        PrivateTmp = true;
+        Type = "oneshot";
+        ExecStart = pkgs.writeDash "bump-distrowatch" ''
+          set -euf
+          UA='Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0'
+          curl -Lvc /tmp/cookie.jar -A "$UA" 'https://distrowatch.com/' >/dev/null
+          sleep $(shuf -i 3-15 -n1).$(shuf -i 0-9 -n1)
+          curl -Lvc /tmp/cookie.jar -A "$UA" -e 'https://distrowatch.com/' 'https://distrowatch.com/nixos?frphr' >/dev/null
+        '';
+        RandomizedDelaySec = 28800;
+      };
+    };
+  };
+in
+{
+    options.makefu.distrobump.enable = lib.mkEnableOption "distrobump";
+    config = lib.mkIf cfg.enable imp;
+}

makefu/3modules/default.nix

@@ -3,6 +3,7 @@ _:
 {
   imports = [
     ./awesome-extra.nix
+    ./bump-distrowatch.nix
     ./deluge.nix
     ./forward-journal.nix
     ./netdata.nix

makefu/5pkgs/ns-atmosphere-programmer/default.nix

@@ -10,15 +10,16 @@ stdenv.mkDerivation rec {
   version = "0.1";
 
   src = fetchzip {
-    url = "http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-linux-v01.zip";
+    url = "https://archive.org/download/ns-atmosphere-programmer/ns-atmosphere-programmer-ubuntu-64bit-v01.zip";
-    sha256 = "0g2fxbirgi0lm0mi69cmknqj7626fxjkwn98bqx5pcalxplww8k0";
+    # original source: http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-ubuntu-64bit-v01.zip
+    sha256 = "1cnyydsmrcpfwpdiry7qybh179499wpbvlzq5rk442hq9ak416ri";
   };
 
   buildInputs = with xlibs; [ libX11 libXxf86vm libSM gnome3.gtk libpng12 ];
   nativeBuildInputs = [ autoPatchelfHook makeWrapper ];
 
   installPhase = ''
-    install -D -m755 NS-Atmosphere-Programmer-Linux-v0.1/NS-Atmosphere $out/bin/NS-Atmosphere
+    install -D -m755 NS-Atmosphere $out/bin/NS-Atmosphere
     wrapProgram $out/bin/NS-Atmosphere --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
 --suffix XDG_DATA_DIRS : '${gnome3.defaultIconTheme}/share'
   '';
@@ -26,7 +27,7 @@ stdenv.mkDerivation rec {
   dontStrip = true;
 
   meta = with stdenv.lib; {
-    description = "Payload programmer for ns-atmosphere injector";
+    description = "Payload programmer for ns-atmosphere injector for nintendo switch";
     homepage = http://www.ns-atmosphere.com;
     maintainers = [ maintainers.makefu ];
     platforms = platforms.linux;

makefu/5pkgs/xdcc-dl/default.nix

@@ -0,0 +1,195 @@
+# generated using pypi2nix tool (version: 1.8.0)
+# See more at: https://github.com/garbas/pypi2nix
+#
+# COMMAND:
+#   pypi2nix -V 3.6 -r ./lol
+#
+
+{ pkgs ? import <nixpkgs> {}
+}:
+
+let
+
+  inherit (pkgs) makeWrapper;
+  inherit (pkgs.stdenv.lib) fix' extends inNixShell;
+
+  pythonPackages =
+  import "${toString pkgs.path}/pkgs/top-level/python-packages.nix" {
+    inherit pkgs;
+    inherit (pkgs) stdenv;
+    python = pkgs.python36;
+  };
+
+  commonBuildInputs = [];
+  commonDoCheck = false;
+
+  withPackages = pkgs':
+    let
+      pkgs = builtins.removeAttrs pkgs' ["__unfix__"];
+      interpreter = pythonPackages.buildPythonPackage {
+        name = "python36-interpreter";
+        buildInputs = [ makeWrapper ] ++ (builtins.attrValues pkgs);
+        buildCommand = ''
+          mkdir -p $out/bin
+          ln -s ${pythonPackages.python.interpreter}               $out/bin/${pythonPackages.python.executable}
+          for dep in ${builtins.concatStringsSep " "               (builtins.attrValues pkgs)}; do
+            if [ -d "$dep/bin" ]; then
+              for prog in "$dep/bin/"*; do
+                if [ -f $prog ]; then
+                  ln -s $prog $out/bin/`basename $prog`
+                fi
+              done
+            fi
+          done
+          for prog in "$out/bin/"*; do
+            wrapProgram "$prog" --prefix PYTHONPATH : "$PYTHONPATH"
+          done
+          pushd $out/bin
+          ln -s ${pythonPackages.python.executable} python
+          popd
+        '';
+        passthru.interpreter = pythonPackages.python;
+      };
+    in {
+      __old = pythonPackages;
+      inherit interpreter;
+      mkDerivation = pythonPackages.buildPythonPackage;
+      packages = pkgs;
+      overrideDerivation = drv: f:
+        pythonPackages.buildPythonPackage (drv.drvAttrs // f drv.drvAttrs);
+      withPackages = pkgs'':
+        withPackages (pkgs // pkgs'');
+    };
+
+  python = withPackages {};
+
+  generated = self: {
+    inherit (pythonPackages) requests irc beautifulsoup4 six pyqt5;
+    "PyExecJS" = python.mkDerivation {
+      name = "PyExecJS-1.5.0";
+      src = pkgs.fetchurl { url = "https://pypi.python.org/packages/1c/a0/359e179605bbf3f6c6ed96c44e056eebed39732b67427f30d56e259934f2/PyExecJS-1.5.0.tar.gz"; sha256 = "99315766f8155eea195a3f4179b35cd8dc64b2360c081ae29d92c603c26aeaaa"; };
+      doCheck = commonDoCheck;
+      buildInputs = commonBuildInputs;
+      propagatedBuildInputs = [
+      self."six"
+    ];
+      meta = with pkgs.stdenv.lib; {
+        homepage = "";
+        license = licenses.mit;
+        description = "Run JavaScript code from Python";
+      };
+    };
+
+
+
+
+    "bs4" = python.mkDerivation {
+      name = "bs4-0.0.1";
+      src = pkgs.fetchurl { url = "https://pypi.python.org/packages/10/ed/7e8b97591f6f456174139ec089c769f89a94a1a4025fe967691de971f314/bs4-0.0.1.tar.gz"; sha256 = "36ecea1fd7cc5c0c6e4a1ff075df26d50da647b75376626cc186e2212886dd3a"; };
+      doCheck = commonDoCheck;
+      buildInputs = commonBuildInputs;
+      propagatedBuildInputs = [
+      self."beautifulsoup4"
+    ];
+      meta = with pkgs.stdenv.lib; {
+        homepage = "";
+        license = licenses.mit;
+        description = "Screen-scraping library";
+      };
+    };
+
+
+
+    "certifi" = python.mkDerivation {
+      name = "certifi-2017.11.5";
+      src = pkgs.fetchurl { url = "https://pypi.python.org/packages/23/3f/8be01c50ed24a4bd6b8da799839066ce0288f66f5e11f0367323467f0cbc/certifi-2017.11.5.tar.gz"; sha256 = "5ec74291ca1136b40f0379e1128ff80e866597e4e2c1e755739a913bbc3613c0"; };
+      doCheck = commonDoCheck;
+      buildInputs = commonBuildInputs;
+      propagatedBuildInputs = [ ];
+      meta = with pkgs.stdenv.lib; {
+        homepage = "";
+        license = "MPL-2.0";
+        description = "Python package for providing Mozilla's CA Bundle.";
+      };
+    };
+
+
+
+    "cfscrape" = python.mkDerivation {
+      name = "cfscrape-1.9.1";
+      src = pkgs.fetchurl { url = "https://pypi.python.org/packages/cf/9a/50d3844d67fe5507217fd47c9e382e769ab5f7d967b41c25ba3712c441c3/cfscrape-1.9.1.tar.gz"; sha256 = "9cee3708c643904eaa010a64dd1715890457bb77010d87405fc1bfeb892508d7"; };
+      doCheck = commonDoCheck;
+      buildInputs = commonBuildInputs;
+      propagatedBuildInputs = [
+      self."PyExecJS"
+      self."requests"
+    ];
+      meta = with pkgs.stdenv.lib; {
+        homepage = "";
+        license = "";
+        description = "A simple Python module to bypass Cloudflare's anti-bot page. See https://github.com/Anorov/cloudflare-scrape for more information.";
+      };
+    };
+
+
+
+    "typing" = python.mkDerivation {
+      name = "typing-3.6.2";
+      src = pkgs.fetchurl { url = "https://pypi.python.org/packages/ca/38/16ba8d542e609997fdcd0214628421c971f8c395084085354b11ff4ac9c3/typing-3.6.2.tar.gz"; sha256 = "d514bd84b284dd3e844f0305ac07511f097e325171f6cc4a20878d11ad771849"; };
+      doCheck = commonDoCheck;
+      buildInputs = commonBuildInputs;
+      propagatedBuildInputs = [ ];
+      meta = with pkgs.stdenv.lib; {
+        homepage = "";
+        license = licenses.psfl;
+        description = "Type Hints for Python";
+      };
+    };
+
+
+
+
+    "urwid" = python.mkDerivation {
+      name = "urwid-1.3.1";
+      src = pkgs.fetchurl { url = "https://pypi.python.org/packages/85/5d/9317d75b7488c335b86bd9559ca03a2a023ed3413d0e8bfe18bea76f24be/urwid-1.3.1.tar.gz"; sha256 = "cfcec03e36de25a1073e2e35c2c7b0cc6969b85745715c3a025a31d9786896a1"; };
+      doCheck = commonDoCheck;
+      buildInputs = commonBuildInputs;
+      propagatedBuildInputs = [ ];
+      meta = with pkgs.stdenv.lib; {
+        homepage = "";
+        license = licenses.lgpl2;
+        description = "A full-featured console (xterm et al.) user interface library";
+      };
+    };
+
+
+
+    "xdcc-dl" = python.mkDerivation {
+      name = "xdcc-dl-2.1.0";
+      src = pkgs.fetchurl { url = "https://pypi.python.org/packages/52/5a/1f1c8e77c212074d508701f208440bdfac4c6366de3f74fc9772a09369ef/xdcc_dl-2.1.0.tar.gz"; sha256 = "7071fca28de83ab0944b086a6dac0af053225b5663d9cf28a8dac868d81b2fc6"; };
+      doCheck = commonDoCheck;
+      buildInputs = commonBuildInputs;
+      propagatedBuildInputs = [
+      self."bs4"
+      self."cfscrape"
+      self."irc"
+      self."requests"
+      self."typing"
+      self."urwid"
+    ];
+      meta = with pkgs.stdenv.lib; {
+        homepage = "";
+        license = licenses.gpl3;
+        description = "An XDCC File Downloader based on the irclib framework";
+      };
+    };
+
+  };
+
+in python.withPackages
+   (fix' (pkgs.lib.fold
+            extends
+            generated
+            []
+         )
+   )

tv/1systems/alnus/config.nix

@@ -8,10 +8,6 @@ with import <stockholm/lib>;
     <stockholm/tv/2configs/retiolum.nix>
   ];
 
-  # TODO remove non-hardware stuff from ../2configs/hw/x220.nix
-  # networking.wireless.enable collides with networkmanager
-  networking.wireless.enable = mkForce false;
-
   boot = {
     initrd = {
       availableKernelModules = [ "ahci" ];

tv/1systems/mu/config.nix

@@ -5,6 +5,7 @@ with import <stockholm/lib>;
     <stockholm/tv>
     <stockholm/tv/2configs/br.nix>
     <stockholm/tv/2configs/exim-retiolum.nix>
+    <stockholm/tv/2configs/hw/x220.nix>
     <stockholm/tv/2configs/retiolum.nix>
   ];
 
@@ -13,10 +14,7 @@ with import <stockholm/lib>;
 
   tv.x0vncserver.enable = true;
 
-  # hardware configuration
+  boot.initrd.luks.devices.muca.device = "/dev/sda2";
-  boot.initrd.luks.devices.muca = {
-    device = "/dev/disk/by-uuid/7b24a931-40b6-44a6-ba22-c805cf164e91";
-  };
   boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ];
   boot.initrd.availableKernelModules = [ "ahci" ];
   boot.kernelModules = [ "fbcon" "kvm-intel" ];
@@ -34,7 +32,7 @@ with import <stockholm/lib>;
       options = [ "defaults" "discard" ];
     };
     "/boot" = {
-      device = "/dev/disk/by-uuid/CEB1-9743";
+      device = "/dev/sda1";
       fsType = "vfat";
     };
   };

tv/1systems/nomic/config.nix

@@ -64,4 +64,6 @@ with import <stockholm/lib>;
     gnupg
     tmux
   ];
+
+  networking.wireless.enable = true;
 }

tv/1systems/wu/config.nix

@@ -41,6 +41,8 @@ with import <stockholm/lib>;
     };
   };
 
+  networking.wireless.enable = true;
+
   services.printing.enable = true;
 
   services.udev.extraRules = ''

tv/1systems/xu/config.nix

@@ -147,6 +147,8 @@ with import <stockholm/lib>;
     gptfdisk
   ];
 
+  networking.wireless.enable = true;
+
   #services.bitlbee.enable = true;
   #services.tor.client.enable = true;
   #services.tor.enable = true;

tv/1systems/zu/config.nix

@@ -44,6 +44,8 @@ with import <stockholm/lib>;
     };
   };
 
+  networking.wireless.enable = true;
+
   services.printing.enable = true;
 
   #services.bitlbee.enable = true;

tv/2configs/hw/AO753.nix

@@ -25,8 +25,6 @@ with import <stockholm/lib>;
     config.boot.kernelPackages.broadcom_sta
   ];
 
-  networking.wireless.enable = true;
-
   nix = {
     buildCores = 2;
     maxJobs = 2;

tv/2configs/hw/x220.nix

@@ -26,8 +26,6 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  networking.wireless.enable = true;
-
   # Required for Centrino.
   hardware.enableRedistributableFirmware = true;