From 7c50d9174106fce5e4a8a47457554261394d918f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 5 Jan 2021 20:21:46 +0100
Subject: [PATCH 001/120] brockman 1.4.5 -> 1.4.7

---
 krebs/5pkgs/haskell/brockman.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix
index 20af4b707..6e2cc301f 100644
--- a/krebs/5pkgs/haskell/brockman.nix
+++ b/krebs/5pkgs/haskell/brockman.nix
@@ -5,12 +5,12 @@
 }:
 mkDerivation rec {
   pname = "brockman";
-  version = "1.4.5";
+  version = "1.4.7";
   src = fetchFromGitHub {
     owner = "kmein";
     repo = "brockman";
     rev = version;
-    sha256 = "0fdvfj2fwwz8inj0h1q6msryj1xsxs1lfmgv5kynmxrqpdibb3fw";
+    sha256 = "0fkkjvskgaw8dw7vrdp57ry34jpl3bpq92rhnyr9s1nyq0vij328";
   };
   isLibrary = false;
   isExecutable = true;

From 1a066ef070aae21f831ab070fbc383b693a435f1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 7 Jan 2021 15:23:35 +0100
Subject: [PATCH 002/120] l go: import shortener via htgen

---
 lass/2configs/go.nix | 62 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix
index ecf89b298..b1c9ed81e 100644
--- a/lass/2configs/go.nix
+++ b/lass/2configs/go.nix
@@ -15,5 +15,67 @@
       ];
     };
   };
+  krebs.htgen.go = {
+    port = 3333;
+    script = ''. ${pkgs.writeDash "go" ''
+      find_item() {
+        if test ''${#1} -ge 7; then
+          set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \
+              -regex "$STATEDIR/items/$1[0-9A-Za-z]*$")"
+          if test -n "$1" && test $(echo "$1" | wc -l) = 1; then
+            echo "$1"
+            return 0
+          fi
+        fi
+        return 1
+      }
+
+      STATEDIR=$HOME
+      mkdir -p $STATEDIR/items
+
+      case "$Method $Request_URI" in
+        "GET /"*)
+          if item=$(find_item ''${Request_URI#/}); then
+            uri=$(cat "$item")
+            printf 'HTTP/1.1 302 Found\r\n'
+            printf 'Content-Type: text/plain\r\n'
+            printf 'Connection: closed\r\n'
+            printf 'Location: %s\r\n' "$uri"
+            printf '\r\n'
+            exit
+          fi
+        ;;
+        "POST /") #{ "uri": "http://nixos.org" }
+          uri=$(mktemp -t htgen.$$.content.XXXXXXXX)
+          trap "rm $uri >&2" EXIT
+
+          head -c $req_content_length \
+            | grep -Eo 'https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)' \
+            > $uri
+          sha256=$(sha256sum -b $uri | cut -d\  -f1)
+          base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 $sha256)
+          item=$STATEDIR/items/$base32
+          ref=http://$req_host/$base32
+
+          if ! test -e $item; then
+            mkdir -v -p $STATEDIR/items >&2
+            cp -v $uri $item >&2
+          fi
+
+          base32short=$(echo $base32 | cut -b-7)
+          if item=$(find_item $base32short); then
+            ref=$(echo "http://$req_host/$base32short")
+          fi
+
+          printf 'HTTP/1.1 200 OK\r\n'
+          printf 'Content-Type: text/plain; charset=UTF-8\r\n'
+          printf 'Connection: close\r\n'
+          printf '\r\n'
+          printf '%s\n' "$ref"
+          exit
+        ;;
+      esac
+    ''}'';
+  };
 }
 

From 7def09c525e85aaac87ea1dccbc914249af147b7 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 7 Jan 2021 15:48:13 +0100
Subject: [PATCH 003/120] l go: quote everything, cleanup

---
 lass/2configs/go.nix | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix
index b1c9ed81e..7ff27a619 100644
--- a/lass/2configs/go.nix
+++ b/lass/2configs/go.nix
@@ -31,11 +31,11 @@
       }
 
       STATEDIR=$HOME
-      mkdir -p $STATEDIR/items
+      mkdir -p "$STATEDIR/items"
 
       case "$Method $Request_URI" in
         "GET /"*)
-          if item=$(find_item ''${Request_URI#/}); then
+          if item=$(find_item "''${Request_URI#/}"); then
             uri=$(cat "$item")
             printf 'HTTP/1.1 302 Found\r\n'
             printf 'Content-Type: text/plain\r\n'
@@ -45,26 +45,27 @@
             exit
           fi
         ;;
-        "POST /") #{ "uri": "http://nixos.org" }
+        "POST /")
           uri=$(mktemp -t htgen.$$.content.XXXXXXXX)
-          trap "rm $uri >&2" EXIT
+          trap 'rm $uri >&2' EXIT
 
-          head -c $req_content_length \
+          head -c "$req_content_length" \
             | grep -Eo 'https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)' \
+            | head -1 \
             > $uri
-          sha256=$(sha256sum -b $uri | cut -d\  -f1)
-          base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 $sha256)
-          item=$STATEDIR/items/$base32
-          ref=http://$req_host/$base32
+          sha256=$(sha256sum -b "$uri" | cut -d\  -f1)
+          base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256")
+          item="$STATEDIR/items/$base32"
+          ref="http://$req_host/$base32"
 
-          if ! test -e $item; then
-            mkdir -v -p $STATEDIR/items >&2
-            cp -v $uri $item >&2
+          if ! test -e "$item"; then
+            mkdir -v -p "$STATEDIR/items" >&2
+            cp -v $uri "$item" >&2
           fi
 
-          base32short=$(echo $base32 | cut -b-7)
-          if item=$(find_item $base32short); then
-            ref=$(echo "http://$req_host/$base32short")
+          base32short=$(echo "$base32" | cut -b-7)
+          if item=$(find_item "$base32short"); then
+            ref="http://$req_host/$base32short"
           fi
 
           printf 'HTTP/1.1 200 OK\r\n'

From cbbc021a63e0421a3b34a160ed44c608d997e0c8 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 7 Jan 2021 20:38:55 +0100
Subject: [PATCH 004/120] nixpkgs: 3d2d8f2 -> 4a75ca4

---
 krebs/nixpkgs.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 44e373b81..bc68d3055 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
 {
   "url": "https://github.com/NixOS/nixpkgs",
-  "rev": "3d2d8f281a27d466fa54b469b5993f7dde198375",
-  "date": "2020-12-20T14:17:36+01:00",
-  "path": "/nix/store/mqn37480fj6x9xbq3igz4haw3m2lc7fm-nixpkgs",
-  "sha256": "1hfis53xyzy6hfdivlwkwdy7irbhk7c500a4lf7x43cfkijx5ks1",
+  "rev": "4a75ca4a4e7d14e7b0b0230b3ea57b5bd7c16218",
+  "date": "2021-01-05T18:31:06+01:00",
+  "path": "/nix/store/v9dxhashbmvs1rki01caqzxjd8cs5ggz-nixpkgs",
+  "sha256": "1jqhmwyslwcj6l4lmdiklb1byaz0gcl4q0mym3ahzmmr6l0j4dr1",
   "fetchSubmodules": false,
   "deepClone": false,
   "leaveDotGit": false

From 2bcfda5240c0f2be7209f8fe3d38949e3a1b83c1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 7 Jan 2021 20:39:35 +0100
Subject: [PATCH 005/120] nixpkgs-unstable: e9158ec -> d9dba88

---
 krebs/nixpkgs-unstable.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 4f07b0e88..0bdfe2a99 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
 {
   "url": "https://github.com/NixOS/nixpkgs",
-  "rev": "e9158eca70ae59e73fae23be5d13d3fa0cfc78b4",
-  "date": "2020-12-09T15:09:49+01:00",
-  "path": "/nix/store/cx4wf6pi1l2p01sz7png891m65kinfz3-nixpkgs",
-  "sha256": "0cnmvnvin9ixzl98fmlm3g17l6w95gifqfb3rfxs55c0wj2ddy53",
+  "rev": "d9dba88d08a9cdf483c3d45f0d7220cf97a4ce64",
+  "date": "2021-01-05T19:05:55+02:00",
+  "path": "/nix/store/93jkhg0qcd99fqc5x1ak0grwhsn77knh-nixpkgs",
+  "sha256": "1ww9w7pkrr2jfszln5ifsrn200phdzn7ppf0p872wg0yfgrdpk2c",
   "fetchSubmodules": false,
   "deepClone": false,
   "leaveDotGit": false

From 120eadb80a38e063ed9fc54af0e8b23974e9fe43 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 7 Jan 2021 21:00:04 +0100
Subject: [PATCH 006/120] lib.uri: add {native,posix-extended}-regex

---
 lib/default.nix |  1 +
 lib/uri.nix     | 77 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+)
 create mode 100644 lib/uri.nix

diff --git a/lib/default.nix b/lib/default.nix
index be9f60f3b..2efeec078 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -12,6 +12,7 @@ let
       encodeName = replaceChars ["/"] ["\\x2f"];
     };
     types = nixpkgs-lib.types // import ./types.nix { inherit lib; };
+    uri = import ./uri.nix { inherit lib; };
     xml = import ./xml.nix { inherit lib; };
 
     eq = x: y: x == y;
diff --git a/lib/uri.nix b/lib/uri.nix
new file mode 100644
index 000000000..72ad390b7
--- /dev/null
+++ b/lib/uri.nix
@@ -0,0 +1,77 @@
+{ lib }:
+with lib;
+with builtins;
+rec {
+  # Regular expression to match URIs per RFC3986
+  # From: # http://jmrware.com/articles/2009/uri_regexp/URI_regex.html#uri-40
+  native-regex = ''
+    # RFC-3986 URI component:  URI
+    [A-Za-z][A-Za-z0-9+\-.]* :                                      # scheme ":"
+    (?: //                                                          # hier-part
+      (?: (?:[A-Za-z0-9\-._~!$&'()*+,;=:]|%[0-9A-Fa-f]{2})* @)?
+      (?:
+        \[
+        (?:
+          (?:
+            (?:                                                    (?:[0-9A-Fa-f]{1,4}:){6}
+            |                                                   :: (?:[0-9A-Fa-f]{1,4}:){5}
+            | (?:                            [0-9A-Fa-f]{1,4})? :: (?:[0-9A-Fa-f]{1,4}:){4}
+            | (?: (?:[0-9A-Fa-f]{1,4}:){0,1} [0-9A-Fa-f]{1,4})? :: (?:[0-9A-Fa-f]{1,4}:){3}
+            | (?: (?:[0-9A-Fa-f]{1,4}:){0,2} [0-9A-Fa-f]{1,4})? :: (?:[0-9A-Fa-f]{1,4}:){2}
+            | (?: (?:[0-9A-Fa-f]{1,4}:){0,3} [0-9A-Fa-f]{1,4})? ::    [0-9A-Fa-f]{1,4}:
+            | (?: (?:[0-9A-Fa-f]{1,4}:){0,4} [0-9A-Fa-f]{1,4})? ::
+            ) (?:
+                [0-9A-Fa-f]{1,4} : [0-9A-Fa-f]{1,4}
+              | (?: (?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?) \.){3}
+                    (?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)
+              )
+          |   (?: (?:[0-9A-Fa-f]{1,4}:){0,5} [0-9A-Fa-f]{1,4})? ::    [0-9A-Fa-f]{1,4}
+          |   (?: (?:[0-9A-Fa-f]{1,4}:){0,6} [0-9A-Fa-f]{1,4})? ::
+          )
+        | [Vv][0-9A-Fa-f]+\.[A-Za-z0-9\-._~!$&'()*+,;=:]+
+        )
+        \]
+      | (?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}
+           (?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)
+      | (?:[A-Za-z0-9\-._~!$&'()*+,;=]|%[0-9A-Fa-f]{2})*
+      )
+      (?: : [0-9]* )?
+      (?:/ (?:[A-Za-z0-9\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})* )*
+    | /
+      (?:    (?:[A-Za-z0-9\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})+
+        (?:/ (?:[A-Za-z0-9\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})* )*
+      )?
+    |        (?:[A-Za-z0-9\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})+
+        (?:/ (?:[A-Za-z0-9\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})* )*
+    |
+    )
+    (?:\? (?:[A-Za-z0-9\-._~!$&'()*+,;=:@/?]|%[0-9A-Fa-f]{2})* )?   # [ "?" query ]
+    (?:\# (?:[A-Za-z0-9\-._~!$&'()*+,;=:@/?]|%[0-9A-Fa-f]{2})* )?   # [ "#" fragment ]
+  '';
+
+  posix-extended-regex =
+    let
+      removeComment = s:
+        elemAt (match "^((\\\\#|[^#])*)(#.*)?$" s) 0;
+
+      removeWhitespace =
+        replaceStrings [" "] [""];
+
+      moveDashToEndOfCharacterClass = s:
+        let
+          result = match "(.*)\\\\-([^]]+)(].*)" s;
+          s' = elemAt result 0 + elemAt result 1 + "-" + elemAt result 2;
+        in
+          if result != null then
+            moveDashToEndOfCharacterClass s'
+          else
+            s;
+    in
+      concatStrings
+        (foldl' (a: f: map f a) (splitString "\n" native-regex) [
+          removeComment
+          moveDashToEndOfCharacterClass
+          (replaceStrings ["(?:"] ["("])
+          removeWhitespace
+        ]);
+}

From 2aab7aea07d469f60fdfb662b75f707dc70c86a8 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 7 Jan 2021 21:09:12 +0100
Subject: [PATCH 007/120] urix: init

---
 krebs/5pkgs/simple/urix.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 krebs/5pkgs/simple/urix.nix

diff --git a/krebs/5pkgs/simple/urix.nix b/krebs/5pkgs/simple/urix.nix
new file mode 100644
index 000000000..c0db8c975
--- /dev/null
+++ b/krebs/5pkgs/simple/urix.nix
@@ -0,0 +1,15 @@
+let lib = import <stockholm/lib>; in
+{ pkgs }:
+
+# urix - URI eXtractor
+# Extract all the URIs from standard input and write them to standard output!
+# usage: urix < SOMEFILE
+
+pkgs.execBin "urix" {
+  filename = "${pkgs.gnugrep}/bin/grep";
+  argv = [
+    "urix"
+    "-Eo"
+    "\\b${lib.uri.posix-extended-regex}\\b"
+  ];
+}

From 341a751ea26b33ac6c8b7f661cb9d2bf8e6f21d3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 7 Jan 2021 23:14:47 +0100
Subject: [PATCH 008/120] brockman: 1.4.7 -> 1.5.4

---
 krebs/5pkgs/haskell/brockman.nix | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix
index 6e2cc301f..fbe914a58 100644
--- a/krebs/5pkgs/haskell/brockman.nix
+++ b/krebs/5pkgs/haskell/brockman.nix
@@ -1,23 +1,24 @@
-{ mkDerivation, aeson, async, base, bloomfilter, bytestring
-, conduit, containers, feed, hslogger, irc-conduit, microlens
-, network, optparse-applicative, stdenv, stm, text, wreq
+{ mkDerivation, aeson, aeson-pretty, base, bloomfilter, bytestring
+, conduit, containers, directory, feed, filepath, hslogger
+, http-client, irc-conduit, lens, network, optparse-applicative
+, random, safe, stdenv, text, wreq
 , fetchFromGitHub
 }:
 mkDerivation rec {
   pname = "brockman";
-  version = "1.4.7";
+  version = "1.5.4";
   src = fetchFromGitHub {
     owner = "kmein";
     repo = "brockman";
     rev = version;
-    sha256 = "0fkkjvskgaw8dw7vrdp57ry34jpl3bpq92rhnyr9s1nyq0vij328";
+    sha256 = "1p5bn22sfzgsdmdp14xnsdrbcqd7iy608nz0vgj6zhsabv1bsfdv";
   };
   isLibrary = false;
   isExecutable = true;
   executableHaskellDepends = [
-    aeson async base bloomfilter bytestring conduit containers feed
-    hslogger irc-conduit microlens network optparse-applicative stm
-    text wreq
+    aeson aeson-pretty base bloomfilter bytestring conduit containers
+    directory feed filepath hslogger http-client irc-conduit lens
+    network optparse-applicative random safe text wreq
   ];
   license = stdenv.lib.licenses.mit;
 }

From dbb2024585e67c3ceaf968255263a0662c174c19 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 7 Jan 2021 23:17:07 +0100
Subject: [PATCH 009/120] newsbot-js: remove package and module

---
 krebs/3modules/default.nix                    |   1 -
 krebs/3modules/newsbot-js.nix                 | 102 ---
 krebs/5pkgs/simple/newsbot-js/default.nix     |  58 --
 .../5pkgs/simple/newsbot-js/node-packages.nix | 777 ------------------
 krebs/5pkgs/simple/newsbot-js/pkgs.json       |   7 -
 krebs/5pkgs/simple/newsbot-js/update.sh       |   4 -
 6 files changed, 949 deletions(-)
 delete mode 100644 krebs/3modules/newsbot-js.nix
 delete mode 100644 krebs/5pkgs/simple/newsbot-js/default.nix
 delete mode 100644 krebs/5pkgs/simple/newsbot-js/node-packages.nix
 delete mode 100644 krebs/5pkgs/simple/newsbot-js/pkgs.json
 delete mode 100755 krebs/5pkgs/simple/newsbot-js/update.sh

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 2a74adac3..8c620a4e2 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -37,7 +37,6 @@ let
       ./kapacitor.nix
       ./konsens.nix
       ./monit.nix
-      ./newsbot-js.nix
       ./nixpkgs.nix
       ./on-failure.nix
       ./os-release.nix
diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix
deleted file mode 100644
index a3640caa5..000000000
--- a/krebs/3modules/newsbot-js.nix
+++ /dev/null
@@ -1,102 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
-
-  cfg = config.krebs.newsbot-js;
-
-  enable = cfg != {};
-
-  out = {
-    options.krebs.newsbot-js = api;
-    config = mkIf enable imp;
-  };
-
-  api = mkOption {
-    type = types.attrsOf (types.submodule ({ config, ... }: {
-      options = {
-        enable = mkEnableOption "Enable krebs newsbot" // { default = true; };
-
-        channel = mkOption {
-          type = types.str;
-          default = "#${config._module.args.name}";
-          description = "post the news in this channel";
-        };
-        feeds = mkOption {
-          type = types.path;
-          description = ''
-            file with feeds to post
-            format:
-            $nick|$feedURI
-          '';
-        };
-        ircServer = mkOption {
-          type = types.str;
-          default = "localhost";
-          description = "to which server the bot should connect";
-        };
-        masterNick = mkOption {
-          type = types.str;
-          default = config._module.args.name;
-          description = "nickname of the master bot";
-        };
-        package = mkOption {
-          type = types.package;
-          default = pkgs.newsbot-js;
-          description = "newsbot package to use";
-        };
-        urlShortenerHost = mkOption {
-          type = types.str;
-          default = "go.r";
-          description = "what server to use for url shortening, host";
-        };
-        urlShortenerPort = mkOption {
-          type = types.str;
-          default = "80";
-          description = "what server to use for url shortening, port";
-        };
-      };
-    }));
-    default = {};
-  };
-
-  imp = {
-    users.extraUsers.newsbot-js = {
-      name = "newsbot-js";
-      uid = genid "newsbot-js";
-      description = "newsbot-js user";
-      home = "/var/empty";
-    };
-
-    systemd.services = mapAttrs' (name: newsbot:
-      nameValuePair "newsbot-${name}" {
-        after = [ "network.target" ];
-        wantedBy = [ "multi-user.target" ];
-
-        path = with pkgs; [
-          newsbot-js
-        ];
-
-        environment = {
-          irc_server = newsbot.ircServer;
-          master_nick = newsbot.masterNick;
-          news_channel = newsbot.channel;
-          feeds_file = newsbot.feeds;
-          url_shortener_host = newsbot.urlShortenerHost;
-          url_shortener_port = newsbot.urlShortenerPort;
-        };
-
-        restartIfChanged = true;
-
-        serviceConfig = {
-          User = "newsbot-js";
-          Restart = "always";
-          ExecStart = "${newsbot.package}/bin/newsbot";
-          WatchdogSec = "86400";
-        };
-      }
-    ) cfg;
-  };
-
-in out
diff --git a/krebs/5pkgs/simple/newsbot-js/default.nix b/krebs/5pkgs/simple/newsbot-js/default.nix
deleted file mode 100644
index 0ac66f433..000000000
--- a/krebs/5pkgs/simple/newsbot-js/default.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs, pkgs, icu }:
-
-with lib;
-
-let
-  nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> {
-    inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile;
-    nodejs = nodejs;
-    libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
-  };
-
-  node_env = pkgs.buildEnv {
-    name = "go-node_env";
-    paths = attrValues (import ./node-packages.nix {
-      inherit (pkgs) fetchurl fetchgit;
-      inherit nodeEnv;
-      globalBuildInputs = [
-        icu.dev
-      ];
-    });
-  };
-
-
-in stdenv.mkDerivation {
-  name = "newsbot-js";
-
-  src = fetchgit {
-    url = "http://cgit.prism/newsbot-js/";
-    rev = "09e01639be4ea9691cf5b33f7d9057b68ac98079";
-    sha256 = "28ffbed66c2efcd194c47823c7d5d5533c80852fc0cf9d9d4ee609c71d50c142";
-  };
-
-  phases = [
-    "unpackPhase"
-    "installPhase"
-  ];
-
-  buildInputs = [
-    nodejs
-    makeWrapper
-  ];
-
-  installPhase = ''
-    mkdir -p $out/bin
-
-    cp newsbot.js $out/
-    cat > $out/newsbot << EOF
-      ${nodejs}/bin/node $out/newsbot.js
-    EOF
-    chmod +x $out/newsbot
-
-    wrapProgram $out/newsbot \
-      --prefix NODE_PATH : ${node_env}/lib/node_modules
-
-     ln -s $out/newsbot /$out/bin/newsbot
-  '';
-
-}
diff --git a/krebs/5pkgs/simple/newsbot-js/node-packages.nix b/krebs/5pkgs/simple/newsbot-js/node-packages.nix
deleted file mode 100644
index ea45b93f3..000000000
--- a/krebs/5pkgs/simple/newsbot-js/node-packages.nix
+++ /dev/null
@@ -1,777 +0,0 @@
-# This file has been generated by node2nix 1.7.0. Do not edit!
-
-{nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}:
-
-let
-  sources = {
-    "addressparser-1.0.1" = {
-      name = "addressparser";
-      packageName = "addressparser";
-      version = "1.0.1";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/addressparser/-/addressparser-1.0.1.tgz";
-        sha1 = "47afbe1a2a9262191db6838e4fd1d39b40821746";
-      };
-    };
-    "ajv-6.10.2" = {
-      name = "ajv";
-      packageName = "ajv";
-      version = "6.10.2";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/ajv/-/ajv-6.10.2.tgz";
-        sha512 = "TXtUUEYHuaTEbLZWIKUr5pmBuhDLy+8KYtPYdcV8qC+pOZL+NKqYwvWSRrVXHn+ZmRRAu8vJTAznH7Oag6RVRw==";
-      };
-    };
-    "array-indexofobject-0.0.1" = {
-      name = "array-indexofobject";
-      packageName = "array-indexofobject";
-      version = "0.0.1";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/array-indexofobject/-/array-indexofobject-0.0.1.tgz";
-        sha1 = "aaa128e62c9b3c358094568c219ff64fe489d42a";
-      };
-    };
-    "asn1-0.2.4" = {
-      name = "asn1";
-      packageName = "asn1";
-      version = "0.2.4";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz";
-        sha512 = "jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==";
-      };
-    };
-    "assert-plus-1.0.0" = {
-      name = "assert-plus";
-      packageName = "assert-plus";
-      version = "1.0.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz";
-        sha1 = "f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525";
-      };
-    };
-    "asynckit-0.4.0" = {
-      name = "asynckit";
-      packageName = "asynckit";
-      version = "0.4.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz";
-        sha1 = "c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79";
-      };
-    };
-    "aws-sign2-0.7.0" = {
-      name = "aws-sign2";
-      packageName = "aws-sign2";
-      version = "0.7.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz";
-        sha1 = "b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8";
-      };
-    };
-    "aws4-1.8.0" = {
-      name = "aws4";
-      packageName = "aws4";
-      version = "1.8.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/aws4/-/aws4-1.8.0.tgz";
-        sha512 = "ReZxvNHIOv88FlT7rxcXIIC0fPt4KZqZbOlivyWtXLt8ESx84zd3kMC6iK5jVeS2qt+g7ftS7ye4fi06X5rtRQ==";
-      };
-    };
-    "bcrypt-pbkdf-1.0.2" = {
-      name = "bcrypt-pbkdf";
-      packageName = "bcrypt-pbkdf";
-      version = "1.0.2";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz";
-        sha1 = "a4301d389b6a43f9b67ff3ca11a3f6637e360e9e";
-      };
-    };
-    "caseless-0.12.0" = {
-      name = "caseless";
-      packageName = "caseless";
-      version = "0.12.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz";
-        sha1 = "1b681c21ff84033c826543090689420d187151dc";
-      };
-    };
-    "combined-stream-1.0.8" = {
-      name = "combined-stream";
-      packageName = "combined-stream";
-      version = "1.0.8";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz";
-        sha512 = "FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==";
-      };
-    };
-    "core-util-is-1.0.2" = {
-      name = "core-util-is";
-      packageName = "core-util-is";
-      version = "1.0.2";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz";
-        sha1 = "b5fd54220aa2bc5ab57aab7140c940754503c1a7";
-      };
-    };
-    "dashdash-1.14.1" = {
-      name = "dashdash";
-      packageName = "dashdash";
-      version = "1.14.1";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz";
-        sha1 = "853cfa0f7cbe2fed5de20326b8dd581035f6e2f0";
-      };
-    };
-    "delayed-stream-1.0.0" = {
-      name = "delayed-stream";
-      packageName = "delayed-stream";
-      version = "1.0.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz";
-        sha1 = "df3ae199acadfb7d440aaae0b29e2272b24ec619";
-      };
-    };
-    "ecc-jsbn-0.1.2" = {
-      name = "ecc-jsbn";
-      packageName = "ecc-jsbn";
-      version = "0.1.2";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz";
-        sha1 = "3a83a904e54353287874c564b7549386849a98c9";
-      };
-    };
-    "extend-3.0.2" = {
-      name = "extend";
-      packageName = "extend";
-      version = "3.0.2";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz";
-        sha512 = "fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==";
-      };
-    };
-    "extsprintf-1.3.0" = {
-      name = "extsprintf";
-      packageName = "extsprintf";
-      version = "1.3.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz";
-        sha1 = "96918440e3041a7a414f8c52e3c574eb3c3e1e05";
-      };
-    };
-    "fast-deep-equal-2.0.1" = {
-      name = "fast-deep-equal";
-      packageName = "fast-deep-equal";
-      version = "2.0.1";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz";
-        sha1 = "7b05218ddf9667bf7f370bf7fdb2cb15fdd0aa49";
-      };
-    };
-    "fast-json-stable-stringify-2.0.0" = {
-      name = "fast-json-stable-stringify";
-      packageName = "fast-json-stable-stringify";
-      version = "2.0.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz";
-        sha1 = "d5142c0caee6b1189f87d3a76111064f86c8bbf2";
-      };
-    };
-    "forever-agent-0.6.1" = {
-      name = "forever-agent";
-      packageName = "forever-agent";
-      version = "0.6.1";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz";
-        sha1 = "fbc71f0c41adeb37f96c577ad1ed42d8fdacca91";
-      };
-    };
-    "form-data-2.3.3" = {
-      name = "form-data";
-      packageName = "form-data";
-      version = "2.3.3";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz";
-        sha512 = "1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==";
-      };
-    };
-    "getpass-0.1.7" = {
-      name = "getpass";
-      packageName = "getpass";
-      version = "0.1.7";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz";
-        sha1 = "5eff8e3e684d569ae4cb2b1282604e8ba62149fa";
-      };
-    };
-    "har-schema-2.0.0" = {
-      name = "har-schema";
-      packageName = "har-schema";
-      version = "2.0.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz";
-        sha1 = "a94c2224ebcac04782a0d9035521f24735b7ec92";
-      };
-    };
-    "har-validator-5.1.3" = {
-      name = "har-validator";
-      packageName = "har-validator";
-      version = "5.1.3";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/har-validator/-/har-validator-5.1.3.tgz";
-        sha512 = "sNvOCzEQNr/qrvJgc3UG/kD4QtlHycrzwS+6mfTrrSq97BvaYcPZZI1ZSqGSPR73Cxn4LKTD4PttRwfU7jWq5g==";
-      };
-    };
-    "http-signature-1.2.0" = {
-      name = "http-signature";
-      packageName = "http-signature";
-      version = "1.2.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz";
-        sha1 = "9aecd925114772f3d95b65a60abb8f7c18fbace1";
-      };
-    };
-    "iconv-2.2.3" = {
-      name = "iconv";
-      packageName = "iconv";
-      version = "2.2.3";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/iconv/-/iconv-2.2.3.tgz";
-        sha1 = "e084d60eeb7d73da7f0a9c096e4c8abe090bfaed";
-      };
-    };
-    "inherits-2.0.4" = {
-      name = "inherits";
-      packageName = "inherits";
-      version = "2.0.4";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz";
-        sha512 = "k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==";
-      };
-    };
-    "irc-colors-1.5.0" = {
-      name = "irc-colors";
-      packageName = "irc-colors";
-      version = "1.5.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/irc-colors/-/irc-colors-1.5.0.tgz";
-        sha512 = "HtszKchBQTcqw1DC09uD7i7vvMayHGM1OCo6AHt5pkgZEyo99ClhHTMJdf+Ezc9ovuNNxcH89QfyclGthjZJOw==";
-      };
-    };
-    "is-typedarray-1.0.0" = {
-      name = "is-typedarray";
-      packageName = "is-typedarray";
-      version = "1.0.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz";
-        sha1 = "e479c80858df0c1b11ddda6940f96011fcda4a9a";
-      };
-    };
-    "isarray-1.0.0" = {
-      name = "isarray";
-      packageName = "isarray";
-      version = "1.0.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz";
-        sha1 = "bb935d48582cba168c06834957a54a3e07124f11";
-      };
-    };
-    "isstream-0.1.2" = {
-      name = "isstream";
-      packageName = "isstream";
-      version = "0.1.2";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz";
-        sha1 = "47e63f7af55afa6f92e1500e690eb8b8529c099a";
-      };
-    };
-    "jsbn-0.1.1" = {
-      name = "jsbn";
-      packageName = "jsbn";
-      version = "0.1.1";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz";
-        sha1 = "a5e654c2e5a2deb5f201d96cefbca80c0ef2f513";
-      };
-    };
-    "json-schema-0.2.3" = {
-      name = "json-schema";
-      packageName = "json-schema";
-      version = "0.2.3";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz";
-        sha1 = "b480c892e59a2f05954ce727bd3f2a4e882f9e13";
-      };
-    };
-    "json-schema-traverse-0.4.1" = {
-      name = "json-schema-traverse";
-      packageName = "json-schema-traverse";
-      version = "0.4.1";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz";
-        sha512 = "xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==";
-      };
-    };
-    "json-stringify-safe-5.0.1" = {
-      name = "json-stringify-safe";
-      packageName = "json-stringify-safe";
-      version = "5.0.1";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz";
-        sha1 = "1296a2d58fd45f19a0f6ce01d65701e2c735b6eb";
-      };
-    };
-    "jsprim-1.4.1" = {
-      name = "jsprim";
-      packageName = "jsprim";
-      version = "1.4.1";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz";
-        sha1 = "313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2";
-      };
-    };
-    "lodash.assign-4.2.0" = {
-      name = "lodash.assign";
-      packageName = "lodash.assign";
-      version = "4.2.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/lodash.assign/-/lodash.assign-4.2.0.tgz";
-        sha1 = "0d99f3ccd7a6d261d19bdaeb9245005d285808e7";
-      };
-    };
-    "lodash.get-4.4.2" = {
-      name = "lodash.get";
-      packageName = "lodash.get";
-      version = "4.4.2";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz";
-        sha1 = "2d177f652fa31e939b4438d5341499dfa3825e99";
-      };
-    };
-    "lodash.has-4.5.2" = {
-      name = "lodash.has";
-      packageName = "lodash.has";
-      version = "4.5.2";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/lodash.has/-/lodash.has-4.5.2.tgz";
-        sha1 = "d19f4dc1095058cccbe2b0cdf4ee0fe4aa37c862";
-      };
-    };
-    "lodash.uniq-4.5.0" = {
-      name = "lodash.uniq";
-      packageName = "lodash.uniq";
-      version = "4.5.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz";
-        sha1 = "d0225373aeb652adc1bc82e4945339a842754773";
-      };
-    };
-    "mime-db-1.42.0" = {
-      name = "mime-db";
-      packageName = "mime-db";
-      version = "1.42.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/mime-db/-/mime-db-1.42.0.tgz";
-        sha512 = "UbfJCR4UAVRNgMpfImz05smAXK7+c+ZntjaA26ANtkXLlOe947Aag5zdIcKQULAiF9Cq4WxBi9jUs5zkA84bYQ==";
-      };
-    };
-    "mime-types-2.1.25" = {
-      name = "mime-types";
-      packageName = "mime-types";
-      version = "2.1.25";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.25.tgz";
-        sha512 = "5KhStqB5xpTAeGqKBAMgwaYMnQik7teQN4IAzC7npDv6kzeU6prfkR67bc87J1kWMPGkoaZSq1npmexMgkmEVg==";
-      };
-    };
-    "mri-1.1.4" = {
-      name = "mri";
-      packageName = "mri";
-      version = "1.1.4";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/mri/-/mri-1.1.4.tgz";
-        sha512 = "6y7IjGPm8AzlvoUrwAaw1tLnUBudaS3752vcd8JtrpGGQn+rXIe63LFVHm/YMwtqAuh+LJPCFdlLYPWM1nYn6w==";
-      };
-    };
-    "nan-2.14.0" = {
-      name = "nan";
-      packageName = "nan";
-      version = "2.14.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/nan/-/nan-2.14.0.tgz";
-        sha512 = "INOFj37C7k3AfaNTtX8RhsTw7qRy7eLET14cROi9+5HAVbbHuIWUHEauBv5qT4Av2tWasiTY1Jw6puUNqRJXQg==";
-      };
-    };
-    "node-icu-charset-detector-0.2.0" = {
-      name = "node-icu-charset-detector";
-      packageName = "node-icu-charset-detector";
-      version = "0.2.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/node-icu-charset-detector/-/node-icu-charset-detector-0.2.0.tgz";
-        sha1 = "c2320da374ddcb671fc54cb4a0e041e156ffd639";
-      };
-    };
-    "oauth-sign-0.9.0" = {
-      name = "oauth-sign";
-      packageName = "oauth-sign";
-      version = "0.9.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz";
-        sha512 = "fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==";
-      };
-    };
-    "performance-now-2.1.0" = {
-      name = "performance-now";
-      packageName = "performance-now";
-      version = "2.1.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz";
-        sha1 = "6309f4e0e5fa913ec1c69307ae364b4b377c9e7b";
-      };
-    };
-    "process-nextick-args-2.0.1" = {
-      name = "process-nextick-args";
-      packageName = "process-nextick-args";
-      version = "2.0.1";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz";
-        sha512 = "3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==";
-      };
-    };
-    "psl-1.4.0" = {
-      name = "psl";
-      packageName = "psl";
-      version = "1.4.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/psl/-/psl-1.4.0.tgz";
-        sha512 = "HZzqCGPecFLyoRj5HLfuDSKYTJkAfB5thKBIkRHtGjWwY7p1dAyveIbXIq4tO0KYfDF2tHqPUgY9SDnGm00uFw==";
-      };
-    };
-    "punycode-1.4.1" = {
-      name = "punycode";
-      packageName = "punycode";
-      version = "1.4.1";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz";
-        sha1 = "c0d5a63b2718800ad8e1eb0fa5269c84dd41845e";
-      };
-    };
-    "punycode-2.1.1" = {
-      name = "punycode";
-      packageName = "punycode";
-      version = "2.1.1";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz";
-        sha512 = "XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==";
-      };
-    };
-    "qs-6.5.2" = {
-      name = "qs";
-      packageName = "qs";
-      version = "6.5.2";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz";
-        sha512 = "N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==";
-      };
-    };
-    "readable-stream-2.3.6" = {
-      name = "readable-stream";
-      packageName = "readable-stream";
-      version = "2.3.6";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz";
-        sha512 = "tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==";
-      };
-    };
-    "safe-buffer-5.1.2" = {
-      name = "safe-buffer";
-      packageName = "safe-buffer";
-      version = "5.1.2";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz";
-        sha512 = "Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==";
-      };
-    };
-    "safe-buffer-5.2.0" = {
-      name = "safe-buffer";
-      packageName = "safe-buffer";
-      version = "5.2.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz";
-        sha512 = "fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg==";
-      };
-    };
-    "safer-buffer-2.1.2" = {
-      name = "safer-buffer";
-      packageName = "safer-buffer";
-      version = "2.1.2";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz";
-        sha512 = "YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==";
-      };
-    };
-    "sax-1.2.4" = {
-      name = "sax";
-      packageName = "sax";
-      version = "1.2.4";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz";
-        sha512 = "NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==";
-      };
-    };
-    "sshpk-1.16.1" = {
-      name = "sshpk";
-      packageName = "sshpk";
-      version = "1.16.1";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz";
-        sha512 = "HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==";
-      };
-    };
-    "string_decoder-1.1.1" = {
-      name = "string_decoder";
-      packageName = "string_decoder";
-      version = "1.1.1";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz";
-        sha512 = "n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==";
-      };
-    };
-    "tough-cookie-2.4.3" = {
-      name = "tough-cookie";
-      packageName = "tough-cookie";
-      version = "2.4.3";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.4.3.tgz";
-        sha512 = "Q5srk/4vDM54WJsJio3XNn6K2sCG+CQ8G5Wz6bZhRZoAe/+TxjWB/GlFAnYEbkYVlON9FMk/fE3h2RLpPXo4lQ==";
-      };
-    };
-    "tunnel-agent-0.6.0" = {
-      name = "tunnel-agent";
-      packageName = "tunnel-agent";
-      version = "0.6.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz";
-        sha1 = "27a5dea06b36b04a0a9966774b290868f0fc40fd";
-      };
-    };
-    "tweetnacl-0.14.5" = {
-      name = "tweetnacl";
-      packageName = "tweetnacl";
-      version = "0.14.5";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz";
-        sha1 = "5ae68177f192d4456269d108afa93ff8743f4f64";
-      };
-    };
-    "uri-js-4.2.2" = {
-      name = "uri-js";
-      packageName = "uri-js";
-      version = "4.2.2";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/uri-js/-/uri-js-4.2.2.tgz";
-        sha512 = "KY9Frmirql91X2Qgjry0Wd4Y+YTdrdZheS8TFwvkbLWf/G5KNJDCh6pKL5OZctEW4+0Baa5idK2ZQuELRwPznQ==";
-      };
-    };
-    "util-deprecate-1.0.2" = {
-      name = "util-deprecate";
-      packageName = "util-deprecate";
-      version = "1.0.2";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz";
-        sha1 = "450d4dc9fa70de732762fbd2d4a28981419a0ccf";
-      };
-    };
-    "uuid-3.3.3" = {
-      name = "uuid";
-      packageName = "uuid";
-      version = "3.3.3";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/uuid/-/uuid-3.3.3.tgz";
-        sha512 = "pW0No1RGHgzlpHJO1nsVrHKpOEIxkGg1xB+v0ZmdNH5OAeAwzAVrCnI2/6Mtx+Uys6iaylxa+D3g4j63IKKjSQ==";
-      };
-    };
-    "verror-1.10.0" = {
-      name = "verror";
-      packageName = "verror";
-      version = "1.10.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz";
-        sha1 = "3a105ca17053af55d6e270c1f8288682e18da400";
-      };
-    };
-  };
-in
-{
-  feedparser = nodeEnv.buildNodePackage {
-    name = "feedparser";
-    packageName = "feedparser";
-    version = "2.2.9";
-    src = fetchurl {
-      url = "https://registry.npmjs.org/feedparser/-/feedparser-2.2.9.tgz";
-      sha1 = "9138197dafdae05fcadde0036beeaf6066c2c5e9";
-    };
-    dependencies = [
-      sources."addressparser-1.0.1"
-      sources."array-indexofobject-0.0.1"
-      sources."core-util-is-1.0.2"
-      sources."inherits-2.0.4"
-      sources."isarray-1.0.0"
-      sources."lodash.assign-4.2.0"
-      sources."lodash.get-4.4.2"
-      sources."lodash.has-4.5.2"
-      sources."lodash.uniq-4.5.0"
-      sources."mri-1.1.4"
-      sources."process-nextick-args-2.0.1"
-      sources."readable-stream-2.3.6"
-      sources."safe-buffer-5.1.2"
-      sources."sax-1.2.4"
-      sources."string_decoder-1.1.1"
-      sources."util-deprecate-1.0.2"
-    ];
-    buildInputs = globalBuildInputs;
-    meta = {
-      description = "Robust RSS Atom and RDF feed parsing using sax js";
-      homepage = http://github.com/danmactough/node-feedparser;
-      license = "MIT";
-    };
-    production = true;
-    bypassCache = true;
-    reconstructLock = true;
-  };
-  form-data = nodeEnv.buildNodePackage {
-    name = "form-data";
-    packageName = "form-data";
-    version = "3.0.0";
-    src = fetchurl {
-      url = "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz";
-      sha512 = "CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==";
-    };
-    dependencies = [
-      sources."asynckit-0.4.0"
-      sources."combined-stream-1.0.8"
-      sources."delayed-stream-1.0.0"
-      sources."mime-db-1.42.0"
-      sources."mime-types-2.1.25"
-    ];
-    buildInputs = globalBuildInputs;
-    meta = {
-      description = "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.";
-      homepage = "https://github.com/form-data/form-data#readme";
-      license = "MIT";
-    };
-    production = true;
-    bypassCache = true;
-    reconstructLock = true;
-  };
-  irc = nodeEnv.buildNodePackage {
-    name = "irc";
-    packageName = "irc";
-    version = "0.5.2";
-    src = fetchurl {
-      url = "https://registry.npmjs.org/irc/-/irc-0.5.2.tgz";
-      sha1 = "3714f4768365a96d0b2f776bc91166beb2464bbc";
-    };
-    dependencies = [
-      sources."iconv-2.2.3"
-      sources."irc-colors-1.5.0"
-      sources."nan-2.14.0"
-      sources."node-icu-charset-detector-0.2.0"
-    ];
-    buildInputs = globalBuildInputs;
-    meta = {
-      description = "An IRC client library for node";
-      homepage = "https://github.com/martynsmith/node-irc#readme";
-      license = "GPL-3.0";
-    };
-    production = true;
-    bypassCache = true;
-    reconstructLock = true;
-  };
-  request = nodeEnv.buildNodePackage {
-    name = "request";
-    packageName = "request";
-    version = "2.88.0";
-    src = fetchurl {
-      url = "https://registry.npmjs.org/request/-/request-2.88.0.tgz";
-      sha512 = "NAqBSrijGLZdM0WZNsInLJpkJokL72XYjUpnB0iwsRgxh7dB6COrHnTBNwN0E+lHDAJzu7kLAkDeY08z2/A0hg==";
-    };
-    dependencies = [
-      sources."ajv-6.10.2"
-      sources."asn1-0.2.4"
-      sources."assert-plus-1.0.0"
-      sources."asynckit-0.4.0"
-      sources."aws-sign2-0.7.0"
-      sources."aws4-1.8.0"
-      sources."bcrypt-pbkdf-1.0.2"
-      sources."caseless-0.12.0"
-      sources."combined-stream-1.0.8"
-      sources."core-util-is-1.0.2"
-      sources."dashdash-1.14.1"
-      sources."delayed-stream-1.0.0"
-      sources."ecc-jsbn-0.1.2"
-      sources."extend-3.0.2"
-      sources."extsprintf-1.3.0"
-      sources."fast-deep-equal-2.0.1"
-      sources."fast-json-stable-stringify-2.0.0"
-      sources."forever-agent-0.6.1"
-      sources."form-data-2.3.3"
-      sources."getpass-0.1.7"
-      sources."har-schema-2.0.0"
-      sources."har-validator-5.1.3"
-      sources."http-signature-1.2.0"
-      sources."is-typedarray-1.0.0"
-      sources."isstream-0.1.2"
-      sources."jsbn-0.1.1"
-      sources."json-schema-0.2.3"
-      sources."json-schema-traverse-0.4.1"
-      sources."json-stringify-safe-5.0.1"
-      sources."jsprim-1.4.1"
-      sources."mime-db-1.42.0"
-      sources."mime-types-2.1.25"
-      sources."oauth-sign-0.9.0"
-      sources."performance-now-2.1.0"
-      sources."psl-1.4.0"
-      sources."punycode-2.1.1"
-      sources."qs-6.5.2"
-      sources."safe-buffer-5.2.0"
-      sources."safer-buffer-2.1.2"
-      sources."sshpk-1.16.1"
-      (sources."tough-cookie-2.4.3" // {
-        dependencies = [
-          sources."punycode-1.4.1"
-        ];
-      })
-      sources."tunnel-agent-0.6.0"
-      sources."tweetnacl-0.14.5"
-      sources."uri-js-4.2.2"
-      sources."uuid-3.3.3"
-      sources."verror-1.10.0"
-    ];
-    buildInputs = globalBuildInputs;
-    meta = {
-      description = "Simplified HTTP request client.";
-      homepage = "https://github.com/request/request#readme";
-      license = "Apache-2.0";
-    };
-    production = true;
-    bypassCache = true;
-    reconstructLock = true;
-  };
-  shell-quote = nodeEnv.buildNodePackage {
-    name = "shell-quote";
-    packageName = "shell-quote";
-    version = "1.7.2";
-    src = fetchurl {
-      url = "https://registry.npmjs.org/shell-quote/-/shell-quote-1.7.2.tgz";
-      sha512 = "mRz/m/JVscCrkMyPqHc/bczi3OQHkLTqXHEFu0zDhK/qfv3UcOA4SVmRCLmos4bhjr9ekVQubj/R7waKapmiQg==";
-    };
-    buildInputs = globalBuildInputs;
-    meta = {
-      description = "quote and parse shell commands";
-      homepage = https://github.com/substack/node-shell-quote;
-      license = "MIT";
-    };
-    production = true;
-    bypassCache = true;
-    reconstructLock = true;
-  };
-}
\ No newline at end of file
diff --git a/krebs/5pkgs/simple/newsbot-js/pkgs.json b/krebs/5pkgs/simple/newsbot-js/pkgs.json
deleted file mode 100644
index 95b60854d..000000000
--- a/krebs/5pkgs/simple/newsbot-js/pkgs.json
+++ /dev/null
@@ -1,7 +0,0 @@
-[
-  "feedparser",
-  "form-data",
-  "irc",
-  "request",
-  "shell-quote"
-]
diff --git a/krebs/5pkgs/simple/newsbot-js/update.sh b/krebs/5pkgs/simple/newsbot-js/update.sh
deleted file mode 100755
index ee7e43f1a..000000000
--- a/krebs/5pkgs/simple/newsbot-js/update.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#! /usr/bin/env nix-shell
-#! nix-shell -i bash -p nodePackages.node2nix
-node2nix -12 -i pkgs.json -c combine.nix
-rm node-env.nix combine.nix

From 90b0cb68db8bc5d0484e7f469ac21aff4a58a464 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 8 Jan 2021 00:36:43 +0100
Subject: [PATCH 010/120] ircd: add oper mode, raise limits

---
 krebs/2configs/ircd.nix | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 65972aacc..789fc2f2f 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -11,12 +11,12 @@
       hello
     '';
     config = ''
+      loadmodule "extensions/m_omode";
       serverinfo {
         name = "${config.krebs.build.host.name}.irc.r";
         sid = "1as";
         description = "miep!";
         network_name = "irc.r";
-        hub = yes;
 
         vhost = "0.0.0.0";
         vhost6 = "::";
@@ -26,7 +26,7 @@
         #ssl_dh_params = "etc/dh.pem";
         #ssld_count = 1;
 
-        default_max_clients = 10000;
+        default_max_clients = 100000;
         #nicklen = 30;
       };
 
@@ -43,19 +43,31 @@
         /* Listen on IPv6 (if you used host= above). */
         host = "::";
         port = 6667;
-        sslport = 9999;
+        sslport = 6697;
       };
 
       class "users" {
         ping_time = 2 minutes;
         number_per_ident = 10;
-        number_per_ip = 2048;
+        number_per_ip = 4096;
         number_per_ip_global = 4096;
         cidr_ipv4_bitlen = 24;
         cidr_ipv6_bitlen = 64;
         number_per_cidr = 65536;
-        max_number = 3000;
-        sendq = 1 megabyte;
+        max_number = 100000;
+        sendq = 10 megabyte;
+      };
+
+      privset "op" {
+        privs = oper:admin;
+      };
+
+      operator "aids" {
+        user = "*@*";
+        password = "balls";
+        flags = ~encrypted;
+        snomask = "+s";
+        privset = "op";
       };
 
       exempt {
@@ -93,12 +105,13 @@
         channel_target_change = yes;
         disable_local_channels = no;
       };
+
       general {
         #maybe we want ident someday?
-        default_floodcount = 1000;
+        default_floodcount = 10000;
         disable_auth = yes;
         throttle_duration = 1;
-        throttle_count = 1000;
+        throttle_count = 10000;
       };
     '';
   };

From edf923cc7bb315b3068094510c04b40619c42620 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 8 Jan 2021 00:37:52 +0100
Subject: [PATCH 011/120] brockman: add home as statedir

---
 krebs/3modules/brockman.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix
index 21cc14202..55e8255b4 100644
--- a/krebs/3modules/brockman.nix
+++ b/krebs/3modules/brockman.nix
@@ -9,7 +9,11 @@ in {
   };
 
   config = mkIf cfg.enable {
-    users.extraUsers.brockman.isNormalUser = false;
+    users.extraUsers.brockman = {
+      home = "/var/lib/brockman";
+      createHome = true;
+      isNormalUser = false;
+    };
 
     systemd.services.brockman = {
       description = "RSS to IRC broadcaster";

From f3f6778c035f11b361beefc23cbb4250a94be7fb Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 8 Jan 2021 00:38:34 +0100
Subject: [PATCH 012/120] go: implement with htgen

---
 krebs/3modules/go.nix | 96 +++++++++++++++++++++++++++----------------
 1 file changed, 61 insertions(+), 35 deletions(-)

diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix
index 218ac9221..4df73509c 100644
--- a/krebs/3modules/go.nix
+++ b/krebs/3modules/go.nix
@@ -13,52 +13,78 @@ let
   api = {
     enable = mkEnableOption "Enable go url shortener";
     port = mkOption {
-      type = types.str;
-      default = "1337";
+      type = types.int;
+      default = 1337;
       description = "on which port go should run on";
     };
-    redisKeyPrefix = mkOption {
-      type = types.str;
-      default = "go:";
-      description = "change the Redis key prefix which defaults to `go:`";
-    };
   };
 
   imp = {
-    services.redis = {
-      enable = mkDefault true;
-      bind = mkDefault "127.0.0.1";
-    };
+    krebs.htgen.go = {
+      port = cfg.port;
+      script = ''. ${pkgs.writeDash "go" ''
+        find_item() {
+          if test ''${#1} -ge 7; then
+            set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \
+                -regex "$STATEDIR/items/$1[0-9A-Za-z]*$")"
+            if test -n "$1" && test $(echo "$1" | wc -l) = 1; then
+              echo "$1"
+              return 0
+            fi
+          fi
+          return 1
+        }
 
-    users.extraUsers.go = rec {
-      name = "go";
-      uid = genid name;
-      description = "go url shortener user";
-      home = "/var/lib/go";
-      createHome = true;
-    };
+        STATEDIR=$HOME
+        mkdir -p "$STATEDIR/items"
 
-    systemd.services.go = {
-      description = "go url shortener";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
+        case "$Method $Request_URI" in
+          "GET /"*)
+            if item=$(find_item "''${Request_URI#/}"); then
+              uri=$(cat "$item")
+              printf 'HTTP/1.1 302 Found\r\n'
+              printf 'Content-Type: text/plain\r\n'
+              printf 'Connection: closed\r\n'
+              printf 'Location: %s\r\n' "$uri"
+              printf '\r\n'
+              exit
+            fi
+          ;;
+          "POST /")
+            uri=$(mktemp -t htgen.$$.content.XXXXXXXX)
+            trap 'rm $uri >&2' EXIT
 
-      path = with pkgs; [
-        go-shortener
-      ];
+            head -c "$req_content_length" \
+              | sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \
+              | xargs -0 echo -e \
+              | tee /tmp/tee.log \
+              | ${pkgs.urix}/bin/urix \
+              | head -1 \
+              > "$uri"
+            sha256=$(sha256sum -b "$uri" | cut -d\  -f1)
+            base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256")
+            item="$STATEDIR/items/$base32"
+            ref="http://$req_host/$base32"
 
-      environment = {
-        PORT = cfg.port;
-        REDIS_KEY_PREFIX = cfg.redisKeyPrefix;
-      };
+            if ! test -e "$item"; then
+              mkdir -v -p "$STATEDIR/items" >&2
+              cp -v "$uri" "$item" >&2
+            fi
 
-      restartIfChanged = true;
+            base32short=$(echo "$base32" | cut -b-7)
+            if item=$(find_item "$base32short"); then
+              ref="http://$req_host/$base32short"
+            fi
 
-      serviceConfig = {
-        User = "go";
-        Restart = "always";
-        ExecStart = "${pkgs.go-shortener}/bin/go";
-      };
+            printf 'HTTP/1.1 200 OK\r\n'
+            printf 'Content-Type: text/plain; charset=UTF-8\r\n'
+            printf 'Connection: close\r\n'
+            printf '\r\n'
+            printf '%s\n' "$ref"
+            exit
+          ;;
+        esac
+      ''}'';
     };
   };
 

From 3a7e4f7ae3b15e2ccd2ca50c52734c50f6257c6e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 8 Jan 2021 00:39:04 +0100
Subject: [PATCH 013/120] go-shortener: remove package

---
 krebs/2configs/go.nix                         |  3 -
 krebs/5pkgs/simple/go-shortener/default.nix   | 56 ------------
 .../simple/go-shortener/node-packages.nix     | 88 -------------------
 krebs/5pkgs/simple/go-shortener/pkgs.json     |  4 -
 krebs/5pkgs/simple/go-shortener/update.sh     |  4 -
 5 files changed, 155 deletions(-)
 delete mode 100644 krebs/5pkgs/simple/go-shortener/default.nix
 delete mode 100644 krebs/5pkgs/simple/go-shortener/node-packages.nix
 delete mode 100644 krebs/5pkgs/simple/go-shortener/pkgs.json
 delete mode 100755 krebs/5pkgs/simple/go-shortener/update.sh

diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix
index c39b08a8e..ce5db62d4 100644
--- a/krebs/2configs/go.nix
+++ b/krebs/2configs/go.nix
@@ -2,9 +2,6 @@
 
 with import <stockholm/lib>;
 {
-  environment.systemPackages = [
-    pkgs.go-shortener
-  ];
   krebs.go = {
     enable = true;
   };
diff --git a/krebs/5pkgs/simple/go-shortener/default.nix b/krebs/5pkgs/simple/go-shortener/default.nix
deleted file mode 100644
index 5e734553b..000000000
--- a/krebs/5pkgs/simple/go-shortener/default.nix
+++ /dev/null
@@ -1,56 +0,0 @@
-{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-12_x, pkgs }:
-
-with lib;
-
-let
-  nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> {
-    inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile;
-    nodejs = nodejs-12_x;
-    libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
-  };
-
-  node_env = pkgs.buildEnv {
-    name = "go-node_env";
-    paths = attrValues (import ./node-packages.nix {
-      inherit (pkgs) fetchurl fetchgit;
-      inherit nodeEnv;
-    });
-  };
-
-in stdenv.mkDerivation {
-  packageName = "go";
-  name = "go-shortener";
-  version = "0.0.0";
-
-  src = fetchgit {
-    url = "http://cgit.lassul.us/go/";
-    rev = "05d02740e0adbb36cc461323647f0c1e7f493156";
-    sha256 = "6015c9a93317375ae8099c7ab982df0aa93a59ec2b48972e253887bb6ca0004f";
-  };
-
-  phases = [
-    "unpackPhase"
-    "installPhase"
-  ];
-
-  buildInputs = [
-    nodejs-12_x
-    makeWrapper
-  ];
-
-  installPhase = ''
-    mkdir -p $out/bin
-
-    cp index.js $out/
-    cat > $out/go << EOF
-      ${nodejs-12_x}/bin/node $out/index.js
-    EOF
-    chmod +x $out/go
-
-    wrapProgram $out/go \
-      --prefix NODE_PATH : ${node_env}/lib/node_modules
-
-    ln -s $out/go /$out/bin/go
-  '';
-
-}
diff --git a/krebs/5pkgs/simple/go-shortener/node-packages.nix b/krebs/5pkgs/simple/go-shortener/node-packages.nix
deleted file mode 100644
index 613e31ba0..000000000
--- a/krebs/5pkgs/simple/go-shortener/node-packages.nix
+++ /dev/null
@@ -1,88 +0,0 @@
-# This file has been generated by node2nix 1.7.0. Do not edit!
-
-{nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}:
-
-let
-  sources = {
-    "denque-1.4.1" = {
-      name = "denque";
-      packageName = "denque";
-      version = "1.4.1";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/denque/-/denque-1.4.1.tgz";
-        sha512 = "OfzPuSZKGcgr96rf1oODnfjqBFmr1DVoc/TrItj3Ohe0Ah1C5WX5Baquw/9U9KovnQ88EqmJbD66rKYUQYN1tQ==";
-      };
-    };
-    "redis-commands-1.5.0" = {
-      name = "redis-commands";
-      packageName = "redis-commands";
-      version = "1.5.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/redis-commands/-/redis-commands-1.5.0.tgz";
-        sha512 = "6KxamqpZ468MeQC3bkWmCB1fp56XL64D4Kf0zJSwDZbVLLm7KFkoIcHrgRvQ+sk8dnhySs7+yBg94yIkAK7aJg==";
-      };
-    };
-    "redis-errors-1.2.0" = {
-      name = "redis-errors";
-      packageName = "redis-errors";
-      version = "1.2.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz";
-        sha1 = "eb62d2adb15e4eaf4610c04afe1529384250abad";
-      };
-    };
-    "redis-parser-3.0.0" = {
-      name = "redis-parser";
-      packageName = "redis-parser";
-      version = "3.0.0";
-      src = fetchurl {
-        url = "https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz";
-        sha1 = "b66d828cdcafe6b4b8a428a7def4c6bcac31c8b4";
-      };
-    };
-  };
-in
-{
-  formidable = nodeEnv.buildNodePackage {
-    name = "formidable";
-    packageName = "formidable";
-    version = "1.2.2";
-    src = fetchurl {
-      url = "https://registry.npmjs.org/formidable/-/formidable-1.2.2.tgz";
-      sha512 = "V8gLm+41I/8kguQ4/o1D3RIHRmhYFG4pnNyonvua+40rqcEmT4+V71yaZ3B457xbbgCsCfjSPi65u/W6vK1U5Q==";
-    };
-    buildInputs = globalBuildInputs;
-    meta = {
-      description = "A node.js module for parsing form data, especially file uploads.";
-      homepage = https://github.com/node-formidable/formidable;
-      license = "MIT";
-    };
-    production = true;
-    bypassCache = true;
-    reconstructLock = true;
-  };
-  redis = nodeEnv.buildNodePackage {
-    name = "redis";
-    packageName = "redis";
-    version = "3.0.2";
-    src = fetchurl {
-      url = "https://registry.npmjs.org/redis/-/redis-3.0.2.tgz";
-      sha512 = "PNhLCrjU6vKVuMOyFu7oSP296mwBkcE6lrAjruBYG5LgdSqtRBoVQIylrMyVZD/lkF24RSNNatzvYag6HRBHjQ==";
-    };
-    dependencies = [
-      sources."denque-1.4.1"
-      sources."redis-commands-1.5.0"
-      sources."redis-errors-1.2.0"
-      sources."redis-parser-3.0.0"
-    ];
-    buildInputs = globalBuildInputs;
-    meta = {
-      description = "A high performance Redis client.";
-      homepage = https://github.com/NodeRedis/node-redis;
-      license = "MIT";
-    };
-    production = true;
-    bypassCache = true;
-    reconstructLock = true;
-  };
-}
\ No newline at end of file
diff --git a/krebs/5pkgs/simple/go-shortener/pkgs.json b/krebs/5pkgs/simple/go-shortener/pkgs.json
deleted file mode 100644
index f53ce3745..000000000
--- a/krebs/5pkgs/simple/go-shortener/pkgs.json
+++ /dev/null
@@ -1,4 +0,0 @@
-[
-  "formidable",
-  "redis"
-]
diff --git a/krebs/5pkgs/simple/go-shortener/update.sh b/krebs/5pkgs/simple/go-shortener/update.sh
deleted file mode 100755
index 1a58d0367..000000000
--- a/krebs/5pkgs/simple/go-shortener/update.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/usr/bin/env nix-shell
-#! nix-shell -i bash -p nodePackages_10_x.node2nix
-node2nix -10 -i pkgs.json -c combine.nix
-rm node-env.nix combine.nix

From 1653101ed3f4f51408b2d264e8e4e1525d3d3730 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 8 Jan 2021 09:21:43 +0100
Subject: [PATCH 014/120] l go: remove redundant htgen definition

---
 lass/2configs/go.nix | 63 --------------------------------------------
 1 file changed, 63 deletions(-)

diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix
index 7ff27a619..ecf89b298 100644
--- a/lass/2configs/go.nix
+++ b/lass/2configs/go.nix
@@ -15,68 +15,5 @@
       ];
     };
   };
-  krebs.htgen.go = {
-    port = 3333;
-    script = ''. ${pkgs.writeDash "go" ''
-      find_item() {
-        if test ''${#1} -ge 7; then
-          set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \
-              -regex "$STATEDIR/items/$1[0-9A-Za-z]*$")"
-          if test -n "$1" && test $(echo "$1" | wc -l) = 1; then
-            echo "$1"
-            return 0
-          fi
-        fi
-        return 1
-      }
-
-      STATEDIR=$HOME
-      mkdir -p "$STATEDIR/items"
-
-      case "$Method $Request_URI" in
-        "GET /"*)
-          if item=$(find_item "''${Request_URI#/}"); then
-            uri=$(cat "$item")
-            printf 'HTTP/1.1 302 Found\r\n'
-            printf 'Content-Type: text/plain\r\n'
-            printf 'Connection: closed\r\n'
-            printf 'Location: %s\r\n' "$uri"
-            printf '\r\n'
-            exit
-          fi
-        ;;
-        "POST /")
-          uri=$(mktemp -t htgen.$$.content.XXXXXXXX)
-          trap 'rm $uri >&2' EXIT
-
-          head -c "$req_content_length" \
-            | grep -Eo 'https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)' \
-            | head -1 \
-            > $uri
-          sha256=$(sha256sum -b "$uri" | cut -d\  -f1)
-          base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256")
-          item="$STATEDIR/items/$base32"
-          ref="http://$req_host/$base32"
-
-          if ! test -e "$item"; then
-            mkdir -v -p "$STATEDIR/items" >&2
-            cp -v $uri "$item" >&2
-          fi
-
-          base32short=$(echo "$base32" | cut -b-7)
-          if item=$(find_item "$base32short"); then
-            ref="http://$req_host/$base32short"
-          fi
-
-          printf 'HTTP/1.1 200 OK\r\n'
-          printf 'Content-Type: text/plain; charset=UTF-8\r\n'
-          printf 'Connection: close\r\n'
-          printf '\r\n'
-          printf '%s\n' "$ref"
-          exit
-        ;;
-      esac
-    ''}'';
-  };
 }
 

From 947f2a600bad22a3b26656698c69208f9cee7018 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 8 Jan 2021 12:20:29 +0100
Subject: [PATCH 015/120] news: add rss-bridge as rss.r

---
 krebs/2configs/news.nix          | 10 ++++++++++
 krebs/3modules/krebs/default.nix |  1 +
 2 files changed, 11 insertions(+)

diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 11c136f85..d61f52b29 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -1,6 +1,16 @@
 { pkgs, ... }:
 
 {
+  services.rss-bridge = {
+    enable = true;
+    whitelist = [ "*" ];
+  };
+  services.nginx.virtualHosts.rss-bridge = {
+    serverAliases = [
+      "rss.r"
+    ];
+  };
+
   krebs.brockman = {
     enable = true;
     config = {
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 5e3ddcb2d..3e3e1381f 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -131,6 +131,7 @@ in {
             "build.puyak.r"
             "cgit.puyak.r"
             "go.r"
+            "rss.r"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----

From c8af30b765309353ae1c1c5c78fe1df82c4dca31 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 8 Jan 2021 12:21:00 +0100
Subject: [PATCH 016/120] news: manage feeds via controller

---
 krebs/2configs/news.nix | 160 +---------------------------------------
 1 file changed, 4 insertions(+), 156 deletions(-)

diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index d61f52b29..78221c0d9 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -16,163 +16,11 @@
     config = {
       irc.host = "localhost";
       shortener = "http://go.r";
-      bots = {
-        aje = { feed ="http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989"; channels = [ "#snews" ]; };
-        allafrica = { feed ="http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf"; channels = [ "#snews" ]; };
-        antirez = { feed ="http://antirez.com/rss"; channels = [ "#snews" "#news" ]; };
-        archlinux = { feed ="http://www.archlinux.org/feeds/news/"; channels = [ "#snews" "#news" ]; };
-        ars = { feed ="http://feeds.arstechnica.com/arstechnica/index?format=xml"; channels = [ "#snews" ]; };
-        augustl = { feed ="http://augustl.com/atom.xml"; channels = [ "#snews" ]; };
-        bbc = { feed ="http://feeds.bbci.co.uk/news/rss.xml"; channels = [ "#snews" ]; };
-        bdt_aktuelle_themen = { feed ="http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss"; channels = [ "#snews" ]; };
-        bdt_drucksachen = { feed ="http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss"; channels = [ "#snews" ]; };
-        bdt_plenarproto = { feed ="http://www.bundestag.de/rss_feeds/plenarprotokolle.rss"; channels = [ "#snews" ]; };
-        bdt_pressemitteilungen = { feed ="http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss"; channels = [ "#snews" ]; };
-        bitcoinpakistan = { feed ="https://bitcoinspakistan.com/feed/"; channels = [ "#snews" ]; };
-        cancer = { feed ="http://feeds.feedburner.com/ncinewsreleases?format=xml"; channels = [ "#snews" ]; };
-        carta = { feed ="http://feeds2.feedburner.com/carta-standard-rss"; channels = [ "#snews" ]; };
-        catholic_news = { feed ="http://feeds.feedburner.com/catholicnewsagency/dailynews"; channels = [ "#snews" ]; };
-        cbc_busi = { feed ="http://rss.cbc.ca/lineup/business.xml"; channels = [ "#snews" ]; };
-        cbc_offbeat = { feed ="http://www.cbc.ca/cmlink/rss-offbeat"; channels = [ "#snews" ]; };
-        cbc_pol = { feed ="http://rss.cbc.ca/lineup/politics.xml"; channels = [ "#snews" ]; };
-        cbc_tech = { feed ="http://rss.cbc.ca/lineup/technology.xml"; channels = [ "#snews" ]; };
-        cbc_top = { feed ="http://rss.cbc.ca/lineup/topstories.xml"; channels = [ "#snews" ]; };
-        ccc = { feed ="http://www.ccc.de/rss/updates.rdf"; channels = [ "#snews" ]; };
-        chan_biz = { feed ="http://boards.4chan.org/biz/index.rss"; channels = [ "#snews" ]; };
-        chan_g = { feed ="http://boards.4chan.org/g/index.rss"; channels = [ "#snews" ]; };
-        chan_int = { feed ="http://boards.4chan.org/int/index.rss"; channels = [ "#snews" ]; };
-        chan_sci = { feed ="http://boards.4chan.org/sci/index.rss"; channels = [ "#snews" ]; };
-        chan_x = { feed ="http://boards.4chan.org/x/index.rss"; channels = [ "#snews" ]; };
-        c = { feed ="http://www.tempolimit-lichtgeschwindigkeit.de/news.xml"; channels = [ "#snews" ]; };
-        cryptogon = { feed ="http://www.cryptogon.com/?feed=rss2"; channels = [ "#snews" ]; };
-        csm = { feed ="http://rss.csmonitor.com/feeds/csm"; channels = [ "#snews" ]; };
-        csm_world = { feed ="http://rss.csmonitor.com/feeds/world"; channels = [ "#snews" ]; };
-        danisch = { feed ="http://www.danisch.de/blog/feed/"; channels = [ "#snews" ]; };
-        dod = { feed ="http://www.defense.gov/news/afps2.xml"; channels = [ "#snews" ]; };
-        dwn = { feed ="http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/"; channels = [ "#snews" ]; };
-        ecat = { feed ="http://ecat.com/feed"; channels = [ "#snews" ]; };
-        eia_press = { feed ="http://www.eia.gov/rss/press_rss.xml"; channels = [ "#snews" ]; };
-        eia_today = { feed ="http://www.eia.gov/rss/todayinenergy.xml"; channels = [ "#snews" ]; };
-        embargowatch = { feed ="https://embargowatch.wordpress.com/feed/"; channels = [ "#snews" ]; };
-        ethereum-comments = { feed ="http://blog.ethereum.org/comments/feed"; channels = [ "#snews" ]; };
-        ethereum = { feed ="http://blog.ethereum.org/feed"; channels = [ "#snews" "#news" ]; };
-        europa_ric = { feed ="http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml"; channels = [ "#snews" ]; };
-        eu_survei = { feed ="http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx"; channels = [ "#snews" ]; };
-        exploitdb = { feed ="http://www.exploit-db.com/rss.xml"; channels = [ "#snews" ]; };
-        fars = { feed ="http://www.farsnews.com/rss.php"; channels = [ "#snews #test" ]; };
-        faz_feui = { feed ="http://www.faz.net/rss/aktuell/feuilleton/"; channels = [ "#snews" ]; };
-        faz_politik = { feed ="http://www.faz.net/rss/aktuell/politik/"; channels = [ "#snews" ]; };
-        faz_wirtschaft = { feed ="http://www.faz.net/rss/aktuell/wirtschaft/"; channels = [ "#snews" ]; };
-        fbi = { feed ="https://www.fbi.gov/news/rss.xml"; channels = [ "#snews" ]; };
-        fedreserve = { feed ="http://www.federalreserve.gov/feeds/press_all.xml"; channels = [ "#snews" ]; };
-        fefe = { feed ="http://blog.fefe.de/rss.xml"; channels = [ "#snews" ]; };
-        forbes = { feed ="http://www.forbes.com/forbes/feed2/"; channels = [ "#snews" ]; };
-        forbes_realtime = { feed ="http://www.forbes.com/real-time/feed2/"; channels = [ "#snews" ]; };
-        fox = { feed ="http://feeds.foxnews.com/foxnews/latest"; channels = [ "#snews" ]; };
-        geheimorganisation = { feed ="http://geheimorganisation.org/feed/"; channels = [ "#snews" ]; };
-        GerForPol = { feed ="http://www.german-foreign-policy.com/de/news/rss-2.0"; channels = [ "#snews" ]; };
-        gmanet = { feed ="http://www.gmanetwork.com/news/rss/news"; channels = [ "#snews" ]; };
-        golem = { feed ="http://rss.golem.de/rss.php"; channels = [ "#snews" ]; };
-        google = { feed ="http://news.google.com/?output=rss"; channels = [ "#snews" ]; };
-        greenpeace = { feed ="http://feeds.feedburner.com/GreenpeaceNews"; channels = [ "#snews" ]; };
-        guardian_uk = { feed ="http://feeds.theguardian.com/theguardian/uk-news/rss"; channels = [ "#snews" ]; };
-        gulli = { feed ="http://ticker.gulli.com/rss/"; channels = [ "#snews" ]; };
-        hackernews = { feed ="https://news.ycombinator.com/rss"; channels = [ "#snews" ]; };
-        handelsblatt = { feed ="http://www.handelsblatt.com/contentexport/feed/schlagzeilen"; channels = [ "#snews" ]; };
-        heise = { feed ="https://www.heise.de/newsticker/heise-atom.xml"; channels = [ "#snews" ]; };
-        hindu_business = { feed ="http://www.thehindubusinessline.com/?service=rss"; channels = [ "#snews" ]; };
-        hindu = { feed ="http://www.thehindu.com/?service=rss"; channels = [ "#snews" ]; };
-        ign = { feed ="http://feeds.ign.com/ign/all"; channels = [ "#snews" ]; };
-        independent = { feed ="http://www.independent.com/rss/headlines/"; channels = [ "#snews" ]; };
-        indymedia = { feed ="https://de.indymedia.org/rss.xml"; channels = [ "#snews" ]; };
-        info_libera = { feed ="http://www.informationliberation.com/rss.xml"; channels = [ "#snews" ]; };
-        klagen-gegen-rundfuckbeitrag = { feed ="http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default"; channels = [ "#snews" ]; };
-        korea_herald = { feed ="http://www.koreaherald.com/rss_xml.php"; channels = [ "#snews" ]; };
-        linuxinsider = { feed ="http://www.linuxinsider.com/perl/syndication/rssfull.pl"; channels = [ "#snews" ]; };
-        lisp = { feed ="http://planet.lisp.org/rss20.xml"; channels = [ "#snews" ]; };
-        liveleak = { feed ="http://www.liveleak.com/rss"; channels = [ "#snews" ]; };
-        lolmythesis = { feed ="http://lolmythesis.com/rss"; channels = [ "#snews" ]; };
-        LtU = { feed ="http://lambda-the-ultimate.org/rss.xml"; channels = [ "#snews" "#news" ]; };
-        lukepalmer = { feed ="http://lukepalmer.wordpress.com/feed/"; channels = [ "#snews" ]; };
-        mit = { feed ="http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss"; channels = [ "#snews" ]; };
-        mongrel2_master = { feed ="https://github.com/zedshaw/mongrel2/commits/master.atom"; channels = [ "#snews" "#news" ]; };
-        nds = { feed ="http://www.nachdenkseiten.de/?feed=atom"; channels = [ "#snews" ]; };
-        netzpolitik = { feed ="https://netzpolitik.org/feed/"; channels = [ "#snews" ]; };
-        newsbtc = { feed ="http://newsbtc.com/feed/"; channels = [ "#snews" ]; };
-        nnewsg = { feed ="http://www.net-news-global.net/rss/rssfeed.xml"; channels = [ "#snews" ]; };
-        npr_busi = { feed ="http://www.npr.org/rss/rss.php?id=1006"; channels = [ "#snews" ]; };
-        npr_headlines = { feed ="http://www.npr.org/rss/rss.php?id=1001"; channels = [ "#snews" ]; };
-        npr_pol = { feed ="http://www.npr.org/rss/rss.php?id=1012"; channels = [ "#snews" ]; };
-        npr_world = { feed ="http://www.npr.org/rss/rss.php?id=1004"; channels = [ "#snews" ]; };
-        nsa = { feed ="https://www.nsa.gov/rss.xml"; channels = [ "#snews #bullerei" ]; };
-        nytimes = { feed ="http://rss.nytimes.com/services/xml/rss/nyt/World.xml"; channels = [ "#snews" ]; };
-        painload = { feed ="https://github.com/krebs/painload/commits/master.atom"; channels = [ "#snews" "#news" ]; };
-        phys = { feed ="http://phys.org/rss-feed/"; channels = [ "#snews" ]; };
-        piraten = { feed ="https://www.piratenpartei.de/feed/"; channels = [ "#snews" ]; };
-        polizei_berlin = { feed ="http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml"; channels = [ "#snews" ]; };
-        presse_polizei = { feed ="http://www.presseportal.de/rss/polizei.rss2"; channels = [ "#snews" ]; };
-        presseportal = { feed ="http://www.presseportal.de/rss/presseportal.rss2"; channels = [ "#snews" ]; };
-        prisonplanet = { feed ="http://prisonplanet.com/feed.rss"; channels = [ "#snews" ]; };
-        rawstory = { feed ="http://www.rawstory.com/rs/feed/"; channels = [ "#snews" ]; };
-        reddit_4chan = { feed ="http://www.reddit.com/r/4chan/new/.rss"; channels = [ "#snews" ]; };
-        reddit_anticonsum = { feed ="http://www.reddit.com/r/Anticonsumption/new/.rss"; channels = [ "#snews" ]; };
-        reddit_btc = { feed ="http://www.reddit.com/r/Bitcoin/new/.rss"; channels = [ "#snews" ]; };
-        reddit_consp = { feed ="http://reddit.com/r/conspiracy/.rss"; channels = [ "#snews" ]; };
-        reddit_haskell = { feed ="http://www.reddit.com/r/haskell/.rss"; channels = [ "#snews" "#news" ]; };
-        reddit_nix = { feed ="http://www.reddit.com/r/nixos/.rss"; channels = [ "#snews" "#news" ]; };
-        reddit_prog = { feed ="http://www.reddit.com/r/programming/new/.rss"; channels = [ "#snews" ]; };
-        reddit_sci = { feed ="http://www.reddit.com/r/science/.rss"; channels = [ "#snews" ]; };
-        reddit_tech = { feed ="http://www.reddit.com/r/technology/.rss"; channels = [ "#snews" ]; };
-        reddit_tpp = { feed ="http://www.reddit.com/r/twitchplayspokemon/.rss"; channels = [ "#snews" ]; };
-        reddit_world = { feed ="http://www.reddit.com/r/worldnews/.rss"; channels = [ "#snews" ]; };
-        r-ethereum = { feed ="http://www.reddit.com/r/ethereum/.rss"; channels = [ "#snews" ]; };
-        reuters = { feed ="http://feeds.reuters.com/Reuters/worldNews"; channels = [ "#snews" ]; };
-        reuters-odd = { feed ="http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml"; channels = [ "#snews" ]; };
-        rt = { feed ="http://rt.com/rss/news/"; channels = [ "#snews" ]; };
-        schallurauch = { feed ="http://feeds.feedburner.com/SchallUndRauch"; channels = [ "#snews" ]; };
-        sciencemag = { feed ="http://news.sciencemag.org/rss/current.xml"; channels = [ "#snews" ]; };
-        scmp = { feed ="http://www.scmp.com/rss/91/feed"; channels = [ "#snews" ]; };
-        sec-db = { feed ="http://feeds.security-database.com/SecurityDatabaseToolsWatch"; channels = [ "#snews" ]; };
-        shackspace = { feed ="http://shackspace.de/atom.xml"; channels = [ "#snews" "#news" ]; };
-        shz_news = { feed ="http://www.shz.de/nachrichten/newsticker/rss"; channels = [ "#snews" ]; };
-        sky_busi = { feed ="http://feeds.skynews.com/feeds/rss/business.xml"; channels = [ "#snews" ]; };
-        sky_pol = { feed ="http://feeds.skynews.com/feeds/rss/politics.xml"; channels = [ "#snews" ]; };
-        sky_strange = { feed ="http://feeds.skynews.com/feeds/rss/strange.xml"; channels = [ "#snews" ]; };
-        sky_tech = { feed ="http://feeds.skynews.com/feeds/rss/technology.xml"; channels = [ "#snews" ]; };
-        sky_world = { feed ="http://feeds.skynews.com/feeds/rss/world.xml"; channels = [ "#snews" ]; };
-        slashdot = { feed ="http://rss.slashdot.org/Slashdot/slashdot"; channels = [ "#snews" ]; };
-        slate = { feed ="http://feeds.slate.com/slate"; channels = [ "#snews" ]; };
-        spiegel_eil = { feed ="http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss"; channels = [ "#snews" ]; };
-        spiegel_top = { feed ="http://www.spiegel.de/schlagzeilen/tops/index.rss"; channels = [ "#snews" ]; };
-        standardmedia_ke = { feed ="http://www.standardmedia.co.ke/rss/headlines.php"; channels = [ "#snews" ]; };
-        stern = { feed ="http://www.stern.de/feed/standard/all/"; channels = [ "#snews" ]; };
-        stz = { feed ="http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed"; channels = [ "#snews" ]; };
-        sz_politik = { feed ="http://rss.sueddeutsche.de/rss/Politik"; channels = [ "#snews" ]; };
-        sz_wirtschaft = { feed ="http://rss.sueddeutsche.de/rss/Wirtschaft"; channels = [ "#snews" ]; };
-        sz_wissen = { feed ="http://rss.sueddeutsche.de/rss/Wissen"; channels = [ "#snews" ]; };
-        tagesschau = { feed ="http://www.tagesschau.de/newsticker.rdf"; channels = [ "#snews" ]; };
-        taz = { feed ="http://taz.de/Themen-des-Tages/!p15;rss/"; channels = [ "#snews" ]; };
-        telegraph = { feed ="http://www.telegraph.co.uk/rss.xml"; channels = [ "#snews" ]; };
-        telepolis = { feed ="http://www.heise.de/tp/rss/news-atom.xml"; channels = [ "#snews" ]; };
-        the_insider = { feed ="http://www.theinsider.org/rss/news/headlines-xml.asp"; channels = [ "#snews" ]; };
-        tigsource = { feed ="http://www.tigsource.com/feed/"; channels = [ "#snews" ]; };
-        tinc = { feed ="http://tinc-vpn.org/news/index.rss"; channels = [ "#snews" "#news" ]; };
-        torr_bits = { feed ="http://feeds.feedburner.com/TorrentfreakBits"; channels = [ "#snews" ]; };
-        torrentfreak = { feed ="http://feeds.feedburner.com/Torrentfreak"; channels = [ "#snews" ]; };
-        torr_news = { feed ="http://feed.torrentfreak.com/Torrentfreak/"; channels = [ "#snews" ]; };
-        travel_warnings = { feed ="http://feeds.travel.state.gov/ca/travelwarnings-alerts"; channels = [ "#snews" ]; };
-        un_afr = { feed ="http://www.un.org/apps/news/rss/rss_africa.asp"; channels = [ "#snews" ]; };
-        un_am = { feed ="http://www.un.org/apps/news/rss/rss_americas.asp"; channels = [ "#snews" ]; };
-        un_eu = { feed ="http://www.un.org/apps/news/rss/rss_europe.asp"; channels = [ "#snews" ]; };
-        un_me = { feed ="http://www.un.org/apps/news/rss/rss_mideast.asp"; channels = [ "#snews" ]; };
-        un_pac = { feed ="http://www.un.org/apps/news/rss/rss_asiapac.asp"; channels = [ "#snews" ]; };
-        un_top = { feed ="http://www.un.org/apps/news/rss/rss_top.asp"; channels = [ "#snews" ]; };
-        us_math_society = { feed ="http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1"; channels = [ "#snews" ]; };
-        vimperator = { feed ="https://sites.google.com/a/vimperator.org/www/blog/posts.xml"; channels = [ "#snews" "#news" ]; };
-        weechat = { feed ="http://dev.weechat.org/feed/atom"; channels = [ "#snews" "#news" ]; };
-        xkcd = { feed ="https://xkcd.com/rss.xml"; channels = [ "#snews" "#news" ]; };
-        zdnet = { feed ="http://www.zdnet.com/news/rss.xml"; channels = [ "#snews" ]; };
+      controller = {
+        nick = "brockman";
+        channels = [ "#all" ];
       };
+      bots = {};
     };
   };
 }

From fb96b21dcd148fdfd104a104605636d6ebcafb6f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 8 Jan 2021 17:47:38 +0100
Subject: [PATCH 017/120] brockman 1.5.4 -> 1.5.6

---
 krebs/5pkgs/haskell/brockman.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix
index fbe914a58..fb7e9e506 100644
--- a/krebs/5pkgs/haskell/brockman.nix
+++ b/krebs/5pkgs/haskell/brockman.nix
@@ -6,12 +6,12 @@
 }:
 mkDerivation rec {
   pname = "brockman";
-  version = "1.5.4";
+  version = "1.5.6";
   src = fetchFromGitHub {
     owner = "kmein";
     repo = "brockman";
     rev = version;
-    sha256 = "1p5bn22sfzgsdmdp14xnsdrbcqd7iy608nz0vgj6zhsabv1bsfdv";
+    sha256 = "18nsqdwxilvwnaqcfna47pa8hnxm79djq66bi5c801bc5vcqkclk";
   };
   isLibrary = false;
   isExecutable = true;

From d2e73d4b7d5b1a0a4683ddd7cf0cdab0d32df3f0 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 9 Jan 2021 13:04:29 +0100
Subject: [PATCH 018/120] brockman 1.5.6 -> 1.5.7

---
 krebs/5pkgs/haskell/brockman.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix
index fb7e9e506..aedb9ea86 100644
--- a/krebs/5pkgs/haskell/brockman.nix
+++ b/krebs/5pkgs/haskell/brockman.nix
@@ -6,12 +6,12 @@
 }:
 mkDerivation rec {
   pname = "brockman";
-  version = "1.5.6";
+  version = "1.5.7";
   src = fetchFromGitHub {
     owner = "kmein";
     repo = "brockman";
     rev = version;
-    sha256 = "18nsqdwxilvwnaqcfna47pa8hnxm79djq66bi5c801bc5vcqkclk";
+    sha256 = "0kfnv8yrshvaw9qgiy0nxpm0cdc59rsxhgr03jklgddkyijp2x1g";
   };
   isLibrary = false;
   isExecutable = true;

From 9b32e2570207907ea93537aa5745a46694d3c1d7 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 9 Jan 2021 16:18:08 +0100
Subject: [PATCH 019/120] brockman 1.5.7 -> 2.0.0

---
 krebs/2configs/news.nix          | 1 +
 krebs/5pkgs/haskell/brockman.nix | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 78221c0d9..446aaf459 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -15,6 +15,7 @@
     enable = true;
     config = {
       irc.host = "localhost";
+      channel = "#all";
       shortener = "http://go.r";
       controller = {
         nick = "brockman";
diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix
index aedb9ea86..41434b3c8 100644
--- a/krebs/5pkgs/haskell/brockman.nix
+++ b/krebs/5pkgs/haskell/brockman.nix
@@ -6,12 +6,12 @@
 }:
 mkDerivation rec {
   pname = "brockman";
-  version = "1.5.7";
+  version = "2.0.0";
   src = fetchFromGitHub {
     owner = "kmein";
     repo = "brockman";
     rev = version;
-    sha256 = "0kfnv8yrshvaw9qgiy0nxpm0cdc59rsxhgr03jklgddkyijp2x1g";
+    sha256 = "1c8x674s2y0gakgl2dal2a9q90iaklnk2rgm1vi93jamm4b7w3z7";
   };
   isLibrary = false;
   isExecutable = true;

From 615aa5c4ae115bb22ed5638aa45d53e0202feaf3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 9 Jan 2021 16:18:31 +0100
Subject: [PATCH 020/120] rss-bridge: init at 2020-11-10

---
 krebs/5pkgs/simple/rss-bridge/default.nix | 33 +++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 krebs/5pkgs/simple/rss-bridge/default.nix

diff --git a/krebs/5pkgs/simple/rss-bridge/default.nix b/krebs/5pkgs/simple/rss-bridge/default.nix
new file mode 100644
index 000000000..13ad9d69a
--- /dev/null
+++ b/krebs/5pkgs/simple/rss-bridge/default.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, fetchFromGitHub, stdenv, ... }:
+
+stdenv.mkDerivation rec {
+  pname = "rss-bridge";
+  version = "2020-11-10";
+
+  src = fetchFromGitHub {
+    owner = "RSS-Bridge";
+    repo = "rss-bridge";
+    rev = version;
+    sha256 = "00cp61lqvhi7b7j0rglsqg3l7cg8s9b8vq098bgvg5dygyi44hyv";
+  };
+
+  patchPhase = ''
+    substituteInPlace lib/rssbridge.php \
+      --replace "define('PATH_CACHE', PATH_ROOT . 'cache/');" "define('PATH_CACHE', getenv('RSSBRIDGE_DATA') . '/cache/');" \
+      --replace "define('FILE_CONFIG', PATH_ROOT . 'config.ini.php');" "define('FILE_CONFIG', getenv('RSSBRIDGE_DATA') . '/config.ini.php');" \
+      --replace "define('WHITELIST', PATH_ROOT . 'whitelist.txt');" "define('WHITELIST', getenv('RSSBRIDGE_DATA') . '/whitelist.txt');"
+  '';
+
+  installPhase = ''
+    mkdir $out/
+    cp -R ./* $out
+  '';
+
+  meta = with lib; {
+    description = "The RSS feed for websites missing it";
+    homepage = "https://github.com/RSS-Bridge/rss-bridge";
+    license = licenses.unlicense;
+    maintainers = with maintainers; [ dawidsowa ];
+    platforms = platforms.all;
+  };
+}

From bc1851ae9e69e5ac89bf2262d796afa84ba4f543 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 9 Jan 2021 17:58:01 +0100
Subject: [PATCH 021/120] brockman: 2.0.0 -> 2.0.1

---
 krebs/5pkgs/haskell/brockman.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix
index 41434b3c8..a5cb6ca69 100644
--- a/krebs/5pkgs/haskell/brockman.nix
+++ b/krebs/5pkgs/haskell/brockman.nix
@@ -6,12 +6,12 @@
 }:
 mkDerivation rec {
   pname = "brockman";
-  version = "2.0.0";
+  version = "2.0.1";
   src = fetchFromGitHub {
     owner = "kmein";
     repo = "brockman";
     rev = version;
-    sha256 = "1c8x674s2y0gakgl2dal2a9q90iaklnk2rgm1vi93jamm4b7w3z7";
+    sha256 = "162pdaxdnrbzy0avdy62id2h5x7477wipqa83ni777fjzx23vi6b";
   };
   isLibrary = false;
   isExecutable = true;

From 271ac5a06545500ba84749b23e099aa6c697b666 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 9 Jan 2021 21:37:07 +0100
Subject: [PATCH 022/120] nixpkgs: 4a75ca4 -> 0cfd08f

---
 krebs/nixpkgs.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index bc68d3055..9c450582c 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
 {
   "url": "https://github.com/NixOS/nixpkgs",
-  "rev": "4a75ca4a4e7d14e7b0b0230b3ea57b5bd7c16218",
-  "date": "2021-01-05T18:31:06+01:00",
-  "path": "/nix/store/v9dxhashbmvs1rki01caqzxjd8cs5ggz-nixpkgs",
-  "sha256": "1jqhmwyslwcj6l4lmdiklb1byaz0gcl4q0mym3ahzmmr6l0j4dr1",
+  "rev": "0cfd08f4881bbfdaa57e68835b923d4290588d98",
+  "date": "2021-01-08T17:43:56+01:00",
+  "path": "/nix/store/c3rhsa326ylk4hm146nmfrfmxcpqflyb-nixpkgs",
+  "sha256": "1srd9p37jmrsxgvrxvlibmscphz5p42244285yc5piacvrz1rdcc",
   "fetchSubmodules": false,
   "deepClone": false,
   "leaveDotGit": false

From 3f7c0ae9603272998d86077a35aa416f29b62a41 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 9 Jan 2021 21:37:32 +0100
Subject: [PATCH 023/120] nixpkgs-unstable: d9dba88 -> f211631

---
 krebs/nixpkgs-unstable.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 0bdfe2a99..e478709b8 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
 {
   "url": "https://github.com/NixOS/nixpkgs",
-  "rev": "d9dba88d08a9cdf483c3d45f0d7220cf97a4ce64",
-  "date": "2021-01-05T19:05:55+02:00",
-  "path": "/nix/store/93jkhg0qcd99fqc5x1ak0grwhsn77knh-nixpkgs",
-  "sha256": "1ww9w7pkrr2jfszln5ifsrn200phdzn7ppf0p872wg0yfgrdpk2c",
+  "rev": "f211631c1cb3e94828c7650b5d12c1e5a89e0e16",
+  "date": "2021-01-07T19:50:35+02:00",
+  "path": "/nix/store/2zymxp9iq6xvxy5wjc411iws2kk3c8z4-nixpkgs",
+  "sha256": "0r085j42991qcbzx4l0hnwlsxw016y4b7r821s4qxvqnvwr9lxar",
   "fetchSubmodules": false,
   "deepClone": false,
   "leaveDotGit": false

From f118a273b5c82d4cc18ee03b50502911b0d06fa8 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 10 Jan 2021 21:46:06 +0100
Subject: [PATCH 024/120] brockman: 2.0.1 -> 2.1.0

---
 krebs/5pkgs/haskell/brockman.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix
index a5cb6ca69..d8b065ebe 100644
--- a/krebs/5pkgs/haskell/brockman.nix
+++ b/krebs/5pkgs/haskell/brockman.nix
@@ -6,12 +6,12 @@
 }:
 mkDerivation rec {
   pname = "brockman";
-  version = "2.0.1";
+  version = "2.1.0";
   src = fetchFromGitHub {
     owner = "kmein";
     repo = "brockman";
     rev = version;
-    sha256 = "162pdaxdnrbzy0avdy62id2h5x7477wipqa83ni777fjzx23vi6b";
+    sha256 = "1wcv2rmmmnnz6gi3g9l2brqc46wm87byzyrixcnlnx3pj5g4d3zb";
   };
   isLibrary = false;
   isExecutable = true;

From b906bf0b02b727c583bead47d745d7ece96ea804 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 12 Jan 2021 09:40:55 +0100
Subject: [PATCH 025/120] brockman: 2.1.0 -> 2.2.0

---
 krebs/5pkgs/haskell/brockman.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix
index d8b065ebe..76c8d0546 100644
--- a/krebs/5pkgs/haskell/brockman.nix
+++ b/krebs/5pkgs/haskell/brockman.nix
@@ -6,12 +6,12 @@
 }:
 mkDerivation rec {
   pname = "brockman";
-  version = "2.1.0";
+  version = "2.2.0";
   src = fetchFromGitHub {
     owner = "kmein";
     repo = "brockman";
     rev = version;
-    sha256 = "1wcv2rmmmnnz6gi3g9l2brqc46wm87byzyrixcnlnx3pj5g4d3zb";
+    sha256 = "003crqcqlgai7vwvhvfa7lr5ain8xzs7dm63ksm85mq58cwpsspx";
   };
   isLibrary = false;
   isExecutable = true;

From 98becc8ff6a3eab2fd407475f7848df08acdd7fc Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 12 Jan 2021 22:21:32 +0100
Subject: [PATCH 026/120] news: serve state at http://brockman.r

---
 krebs/2configs/news.nix          | 20 ++++++++++++++++----
 krebs/3modules/krebs/default.nix |  1 +
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 446aaf459..f40997f82 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -5,12 +5,24 @@
     enable = true;
     whitelist = [ "*" ];
   };
-  services.nginx.virtualHosts.rss-bridge = {
-    serverAliases = [
-      "rss.r"
-    ];
+  services.nginx.virtualHosts = {
+    rss-bridge = {
+      serverAliases = [
+        "rss.r"
+      ];
+    };
+    "brockman.r" = {
+      locations."/".extraConfig = ''
+        root /var/lib/brockman;
+        index brockman.json;
+      '';
+    };
   };
+  systemd.tmpfiles.rules = [
+    "d /var/lib/brockman 1750 brockman nginx -"
+  ];
 
+  systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG";
   krebs.brockman = {
     enable = true;
     config = {
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 3e3e1381f..d0648418f 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -128,6 +128,7 @@ in {
           ip4.addr = "10.243.77.2";
           aliases = [
             "puyak.r"
+            "brockman.r"
             "build.puyak.r"
             "cgit.puyak.r"
             "go.r"

From 238d9cd5006572b6f923ace5acbdcd7179239b15 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 12 Jan 2021 22:38:52 +0100
Subject: [PATCH 027/120] brockman: 2.2.0 -> 3.0.0

---
 krebs/5pkgs/haskell/brockman.nix | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix
index 76c8d0546..c6d01edc7 100644
--- a/krebs/5pkgs/haskell/brockman.nix
+++ b/krebs/5pkgs/haskell/brockman.nix
@@ -1,24 +1,24 @@
 { mkDerivation, aeson, aeson-pretty, base, bloomfilter, bytestring
 , conduit, containers, directory, feed, filepath, hslogger
-, http-client, irc-conduit, lens, network, optparse-applicative
-, random, safe, stdenv, text, wreq
+, html-entity, http-client, irc-conduit, lens, network
+, optparse-applicative, random, safe, stdenv, text, wreq
 , fetchFromGitHub
 }:
 mkDerivation rec {
   pname = "brockman";
-  version = "2.2.0";
+  version = "3.0.0";
   src = fetchFromGitHub {
     owner = "kmein";
     repo = "brockman";
     rev = version;
-    sha256 = "003crqcqlgai7vwvhvfa7lr5ain8xzs7dm63ksm85mq58cwpsspx";
+    sha256 = "08yla9q2mjd7znpasfwsdqzc3dp2vcvg53x9p4vlx4g7jr3dw3yp";
   };
   isLibrary = false;
   isExecutable = true;
   executableHaskellDepends = [
     aeson aeson-pretty base bloomfilter bytestring conduit containers
-    directory feed filepath hslogger http-client irc-conduit lens
-    network optparse-applicative random safe text wreq
+    directory feed filepath hslogger html-entity http-client
+    irc-conduit lens network optparse-applicative random safe text wreq
   ];
   license = stdenv.lib.licenses.mit;
 }

From e7116bc68ea2e15d67f3ece21ff3bccafc5b58b4 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 13 Jan 2021 04:54:29 +0100
Subject: [PATCH 028/120] tv pinentry-urxvt: init

---
 tv/5pkgs/simple/pinentry-urxvt/default.nix | 56 ++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 tv/5pkgs/simple/pinentry-urxvt/default.nix

diff --git a/tv/5pkgs/simple/pinentry-urxvt/default.nix b/tv/5pkgs/simple/pinentry-urxvt/default.nix
new file mode 100644
index 000000000..65b76c077
--- /dev/null
+++ b/tv/5pkgs/simple/pinentry-urxvt/default.nix
@@ -0,0 +1,56 @@
+{ pkgs, ... }@args:
+
+let
+  lib = import <stockholm/lib>;
+
+  # config cannot be declared in the input attribute set because that would
+  # cause callPackage to inject the wrong config.  Instead, get it from ...
+  # via args.
+  config = args.config or {};
+
+  cfg = eval.config;
+
+  eval = lib.evalModules {
+    modules = lib.singleton {
+      _file = toString ./default.nix;
+      imports = lib.singleton config;
+      options = {
+        appName = lib.mkOption {
+          default = "pinentry-urxvt";
+          type = lib.types.str;
+        };
+        display = lib.mkOption {
+          default = ":0";
+          type = lib.types.str;
+        };
+      };
+    };
+  };
+
+
+in
+
+  pkgs.write "pinentry-urxvt" {
+    "/bin/pinentry".link = pkgs.writeDash "pinentry-urxvt-wrapper" ''
+      set -efu
+      exec 3<&0 4>&1 5>&2
+      export DISPLAY=${lib.shell.escape cfg.display}
+      exec ${pkgs.rxvt_unicode}/bin/urxvt \
+        -name ${lib.shell.escape cfg.appName} \
+        -e ${pkgs.writeDash "pinentry-urxvt-tty" ''
+          set -efu
+          exec 2>&5
+          TTY=$(${pkgs.coreutils}/bin/tty)
+          while read -r line <&3; do
+            case $line in
+              'OPTION ttyname='*)
+                echo "OPTION ttyname=$TTY"
+                ;;
+              *)
+                echo "$line"
+            esac
+          done | ${pkgs.pinentry.tty}/bin/pinentry-tty "$@" >&4
+        ''} \
+        "$@"
+    '';
+  }

From d59ef4a45c644e8882acf408991f3fcb3f759ebd Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 13 Jan 2021 04:56:43 +0100
Subject: [PATCH 029/120] tv xmonad: center float all pinentry windows

---
 tv/5pkgs/haskell/xmonad-tv/src/main.hs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs
index b8ddd27e8..50b03d81c 100644
--- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs
+++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs
@@ -8,6 +8,7 @@ import System.Exit (exitFailure)
 
 import Control.Exception
 import Control.Monad.Extra (whenJustM)
+import qualified Data.List
 import Graphics.X11.ExtraTypes.XF86
 import Text.Read (readEither)
 import XMonad
@@ -59,6 +60,11 @@ main = getArgs >>= \case
     args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure
 
 
+queryPrefix :: Query String -> String -> Query Bool
+queryPrefix query prefix =
+    fmap (Data.List.isPrefixOf prefix) query
+
+
 mainNoArgs :: IO ()
 mainNoArgs = do
     workspaces0 <- getWorkspaces0
@@ -82,7 +88,7 @@ mainNoArgs = do
             , manageHook =
                 composeAll
                   [ appName =? "fzmenu-urxvt" --> doCenterFloat
-                  , appName =? "pinentry" --> doCenterFloat
+                  , appName `queryPrefix` "pinentry" --> doCenterFloat
                   , title =? "Upload to Imgur" -->
                       doRectFloat (W.RationalRect 0 0 (1 % 8) (1 % 8))
                   , placeHook (smart (1,0))

From 0260651324ae28b58b9d565f03d9f9c81a50219f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 14 Jan 2021 16:41:47 +0100
Subject: [PATCH 030/120] tv mu: fsck.repair=yes

---
 tv/1systems/mu/config.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix
index d5169281d..c80a9ba1d 100644
--- a/tv/1systems/mu/config.nix
+++ b/tv/1systems/mu/config.nix
@@ -17,6 +17,7 @@ with import <stockholm/lib>;
   boot.initrd.luks.devices.muca.device = "/dev/sda2";
   boot.initrd.availableKernelModules = [ "ahci" ];
   boot.kernelModules = [ "fbcon" "kvm-intel" ];
+  boot.kernelParams = [ "fsck.repair=yes" ];
   boot.extraModulePackages = [ ];
 
   fileSystems = {

From 4319cfd283f58b482af261c22f8293384fb2d663 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 14 Jan 2021 16:42:22 +0100
Subject: [PATCH 031/120] tv mu: lightdm -> autoLogin

---
 tv/1systems/mu/config.nix | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix
index c80a9ba1d..8fd6ee45b 100644
--- a/tv/1systems/mu/config.nix
+++ b/tv/1systems/mu/config.nix
@@ -110,9 +110,8 @@ with import <stockholm/lib>;
 
   services.xserver.desktopManager.plasma5.enable = true;
 
-  services.xserver.displayManager.lightdm.autoLogin.enable = true;
-  services.xserver.displayManager.lightdm.autoLogin.user = "vv";
-  services.xserver.displayManager.lightdm.enable = true;
+  services.xserver.displayManager.autoLogin.enable = true;
+  services.xserver.displayManager.autoLogin.user = "vv";
 
   users.users.vv = {
     inherit (config.krebs.users.vv) home uid;

From 5f8532b51d6132157197dffde04a0a3d34982901 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 14 Jan 2021 23:36:19 +0100
Subject: [PATCH 032/120] TabFS: 1fc4845 -> a6045e0

---
 krebs/5pkgs/simple/TabFS/default.nix |  6 +-----
 krebs/5pkgs/simple/TabFS/src.json    | 10 ++++++++++
 2 files changed, 11 insertions(+), 5 deletions(-)
 create mode 100644 krebs/5pkgs/simple/TabFS/src.json

diff --git a/krebs/5pkgs/simple/TabFS/default.nix b/krebs/5pkgs/simple/TabFS/default.nix
index 23fdf519d..69de919eb 100644
--- a/krebs/5pkgs/simple/TabFS/default.nix
+++ b/krebs/5pkgs/simple/TabFS/default.nix
@@ -3,11 +3,7 @@
 stdenv.mkDerivation rec {
   name = "TabFS";
 
-  src = pkgs.fetchgit {
-    url = https://cgit.krebsco.de/TabFS;
-    rev = "1fc4845283a0e6aa46a8d8978f356d5ccdcedd13";
-    sha256 = "0bsm5fhxrr6zwbnm9p10h9pwm85llr02g2ch97a62r62dhjjrc8h";
-  };
+  src = pkgs.fetchgit (lib.importJSON ./src.json);
 
   phases = [
     "unpackPhase"
diff --git a/krebs/5pkgs/simple/TabFS/src.json b/krebs/5pkgs/simple/TabFS/src.json
new file mode 100644
index 000000000..24e36aef3
--- /dev/null
+++ b/krebs/5pkgs/simple/TabFS/src.json
@@ -0,0 +1,10 @@
+{
+  "url": "https://cgit.krebsco.de/TabFS",
+  "rev": "a6045e0e29b85e3e66c468f3561009ded1db6ec5",
+  "date": "2021-01-14T23:56:09+01:00",
+  "path": "/nix/store/mbcywm1yq5vr7awxqb533faz34minfax-TabFS",
+  "sha256": "1z0kj95zh0jl8laa0whra1jys8pws3199sy29vmlv2nxrkz13blv",
+  "fetchSubmodules": false,
+  "deepClone": false,
+  "leaveDotGit": false
+}

From a68e8e39f6c844f921176875ab79e69b4c66871a Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 15 Jan 2021 23:30:37 +0100
Subject: [PATCH 033/120] tv slock service: conflicts picom service

When picom is running, slock will show the screenshot of the locked
screen after DPMS changes state to `on'.

https://bbs.archlinux.org/viewtopic.php?id=256547 seems related, but the
suggested fix (adding `no-fading-openclose = true;` to picom's config)
didn't help.

With this commit, the picom service gets "suspended" while the slock
service is running.
---
 tv/3modules/slock.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tv/3modules/slock.nix b/tv/3modules/slock.nix
index 53f7f1f62..926adc8e0 100644
--- a/tv/3modules/slock.nix
+++ b/tv/3modules/slock.nix
@@ -28,6 +28,9 @@ in {
       });
     '';
     systemd.services."slock-${cfg.user.name}@" = {
+      conflicts = [
+        "picom@%i.target"
+      ];
       environment = {
         DISPLAY = ":%I";
         LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" {
@@ -61,6 +64,8 @@ in {
       restartIfChanged = false;
       serviceConfig = {
         ExecStart = "${pkgs.slock}/bin/slock";
+        ExecStopPost =
+          "+${pkgs.systemd}/bin/systemctl start xsession@%i.target";
         OOMScoreAdjust = -1000;
         Restart = "on-failure";
         RestartSec = "100ms";

From 5e15227baf547216a833733bd5515b9c462d7b2b Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 16 Jan 2021 14:23:28 +0100
Subject: [PATCH 034/120] krops: 1.23.0 -> 1.24.1

---
 submodules/krops | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/submodules/krops b/submodules/krops
index 5ea125514..c2fa48550 160000
--- a/submodules/krops
+++ b/submodules/krops
@@ -1 +1 @@
-Subproject commit 5ea125514e48c630120fbb6a44e9ae0c7932a123
+Subproject commit c2fa48550f2bb46009b9cecdb9ac838dc402ce19

From 2a32b7731496615e43a06ec1049f6716c49a1999 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 16 Jan 2021 22:33:58 +0100
Subject: [PATCH 035/120] l: move mail aliases to secrets

---
 lass/2configs/exim-smarthost.nix            | 114 +-------------------
 lass/2configs/tests/dummy-secrets/mails.nix |   1 +
 2 files changed, 3 insertions(+), 112 deletions(-)
 create mode 100644 lass/2configs/tests/dummy-secrets/mails.nix

diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 797864b15..b677fe455 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -1,120 +1,10 @@
 { config, lib, pkgs, ... }: with import <stockholm/lib>; let
 
   to = concatStringsSep "," [
-    "lass@blue.r"
+    "lass@green.r"
   ];
 
-  mails = [
-    "postmaster@lassul.us"
-    "lass@lassul.us"
-    "lassulus@lassul.us"
-    "test@lassul.us"
-    "outlook@lassul.us"
-    "steuer@aidsballs.de"
-    "lass@aidsballs.de"
-    "wordpress@ubikmedia.de"
-    "finanzamt@lassul.us"
-    "netzclub@lassul.us"
-    "nebenan@lassul.us"
-    "feed@lassul.us"
-    "art@lassul.us"
-    "irgendwas@lassul.us"
-    "polo@lassul.us"
-    "shack@lassul.us"
-    "nix@lassul.us"
-    "c-base@lassul.us"
-    "paypal@lassul.us"
-    "patreon@lassul.us"
-    "steam@lassul.us"
-    "securityfocus@lassul.us"
-    "radio@lassul.us"
-    "btce@lassul.us"
-    "raf@lassul.us"
-    "apple@lassul.us"
-    "coinbase@lassul.us"
-    "tomtop@lassul.us"
-    "aliexpress@lassul.us"
-    "business@lassul.us"
-    "payeer@lassul.us"
-    "github@lassul.us"
-    "bitwala@lassul.us"
-    "bitstamp@lassul.us"
-    "bitcoin.de@lassul.us"
-    "ableton@lassul.us"
-    "dhl@lassul.us"
-    "sipgate@lassul.us"
-    "coinexchange@lassul.us"
-    "verwaltung@lassul.us"
-    "gearbest@lassul.us"
-    "binance@lassul.us"
-    "bitfinex@lassul.us"
-    "alternate@lassul.us"
-    "redacted@lassul.us"
-    "mytaxi@lassul.us"
-    "pizza@lassul.us"
-    "robinhood@lassul.us"
-    "drivenow@lassul.us"
-    "aws@lassul.us"
-    "reddit@lassul.us"
-    "banggood@lassul.us"
-    "immoscout@lassul.us"
-    "gmail@lassul.us"
-    "amazon@lassul.us"
-    "humblebundle@lassul.us"
-    "meetup@lassul.us"
-    "gebfrei@lassul.us"
-    "github@lassul.us"
-    "ovh@lassul.us"
-    "hetzner@lassul.us"
-    "allygator@lassul.us"
-    "immoscout@lassul.us"
-    "elitedangerous@lassul.us"
-    "boardgamegeek@lassul.us"
-    "qwertee@lassul.us"
-    "zazzle@lassul.us"
-    "hackbeach@lassul.us"
-    "transferwise@lassul.us"
-    "cis@lassul.us"
-    "afra@lassul.us"
-    "ksp@lassul.us"
-    "ccc@lassul.us"
-    "neocron@lassul.us"
-    "osmocom@lassul.us"
-    "lesswrong@lassul.us"
-    "nordvpn@lassul.us"
-    "csv-direct@lassul.us"
-    "nintendo@lassul.us"
-    "overleaf@lassul.us"
-    "box@lassul.us"
-    "paloalto@lassul.us"
-    "subtitles@lassul.us"
-    "lobsters@lassul.us"
-    "fysitech@lassul.us"
-    "threema@lassul.us"
-    "ubisoft@lassul.us"
-    "kottezeller@lassul.us"
-    "pie@lassul.us"
-    "vebit@lassul.us"
-    "vcvrack@lassul.us"
-    "epic@lassul.us"
-    "microsoft@lassul.us"
-    "stickers@lassul.us"
-    "nextbike@lassul.us"
-    "mytello@lassul.us"
-    "camp@lassul.us"
-    "urlwatch@lassul.us"
-    "lidl@lassul.us"
-    "geizhals@lassul.us"
-    "auschein@lassul.us"
-    "tleech@lassul.us"
-    "durstexpress@lassul.us"
-    "acme@lassul.us"
-    "antstore@lassul.us"
-    "openweather@lassul.us"
-    "lobsters@lassul.us"
-    "rewe@lassul.us"
-    "spotify@lassul.us"
-  ];
+  mails = import <secrets/mails.nix>;
 
 in {
   environment.systemPackages = [ pkgs.review-mail-queue ];
diff --git a/lass/2configs/tests/dummy-secrets/mails.nix b/lass/2configs/tests/dummy-secrets/mails.nix
new file mode 100644
index 000000000..fe51488c7
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/mails.nix
@@ -0,0 +1 @@
+[]

From bac67993aab5acc7ad33d23e3e8e9a59ce83dc3d Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 17 Jan 2021 15:09:04 +0100
Subject: [PATCH 036/120] scanner: use version and license from cabal file

---
 krebs/5pkgs/haskell/scanner.nix | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/krebs/5pkgs/haskell/scanner.nix b/krebs/5pkgs/haskell/scanner.nix
index 071fd757f..28f89b069 100644
--- a/krebs/5pkgs/haskell/scanner.nix
+++ b/krebs/5pkgs/haskell/scanner.nix
@@ -1,12 +1,13 @@
 { mkDerivation, base, fetchgit, stdenv }:
 mkDerivation {
   pname = "scanner";
-  version = "1.0.0";
+  version = "1.0.1";
   src = fetchgit {
-    url = http://cgit.ni.krebsco.de/scanner;
-    rev = "7f091a3bc152ad3974a1873b460fa1759bf8dcad";
+    url = "http://cgit.ni.krebsco.de/scanner";
     sha256 = "1lgl158axczsm4fx53fyq1d4116v91jsx4dbz66ka4k1ljqrmhgn";
+    rev = "7f091a3bc152ad3974a1873b460fa1759bf8dcad";
+    fetchSubmodules = true;
   };
   libraryHaskellDepends = [ base ];
-  license = stdenv.lib.licenses.wtfpl;
+  license = stdenv.lib.licenses.mit;
 }

From 7b7ebd8708885633c926c21a4b71d5d4ce8931cf Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 18 Jan 2021 10:53:59 +0100
Subject: [PATCH 037/120] git-preview: remove redundant copy

---
 krebs/5pkgs/simple/git-preview.nix | 17 -----------------
 1 file changed, 17 deletions(-)
 delete mode 100644 krebs/5pkgs/simple/git-preview.nix

diff --git a/krebs/5pkgs/simple/git-preview.nix b/krebs/5pkgs/simple/git-preview.nix
deleted file mode 100644
index d6c9579a7..000000000
--- a/krebs/5pkgs/simple/git-preview.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ coreutils, git, writeDashBin }:
-
-writeDashBin "git-preview" ''
-  set -efu
-  head_commit=$(${git}/bin/git log -1 --format=%H)
-  merge_commit=$1; shift
-  merge_message='Merge for git-preview'
-  preview_dir=$(${coreutils}/bin/mktemp --tmpdir -d git-preview.XXXXXXXX)
-  preview_branch=$(${coreutils}/bin/basename "$preview_dir")
-  ${git}/bin/git worktree add -b "$preview_branch" "$preview_dir" >/dev/null
-  ${git}/bin/git -C "$preview_dir" checkout "$head_commit"
-  ${git}/bin/git -C "$preview_dir" merge -m "$merge_message" "$merge_commit"
-  ${git}/bin/git -C "$preview_dir" diff "$head_commit.." "$@" &
-  ${git}/bin/git branch -fd "$preview_branch"
-  ${coreutils}/bin/rm -fR "$preview_dir"
-  wait
-''

From dba3ca21f28dbb213d6dc44cfc301a958f87a623 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 18 Jan 2021 21:00:08 +0100
Subject: [PATCH 038/120] update krebsco.de A records

---
 krebs/3modules/default.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 8c620a4e2..0b3d2c791 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -90,8 +90,10 @@ let
           @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400)
                                 IN NS     ns19.ovh.net.
                                 IN NS     dns19.ovh.net.
-                                IN A      192.30.252.154
-                                IN A      192.30.252.153
+                                IN A      185.199.108.153
+                                IN A      185.199.109.153
+                                IN A      185.199.110.153
+                                IN A      185.199.111.153
         '';
         };
     };

From 8d6a964c86d7a556cce6180a77a4828d4a93fe90 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 20 Jan 2021 19:55:52 +0100
Subject: [PATCH 039/120] brockman: 3.0.0 -> 3.2.0

---
 krebs/5pkgs/haskell/brockman.nix | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix
index c6d01edc7..798adeee7 100644
--- a/krebs/5pkgs/haskell/brockman.nix
+++ b/krebs/5pkgs/haskell/brockman.nix
@@ -1,24 +1,26 @@
 { mkDerivation, aeson, aeson-pretty, base, bloomfilter, bytestring
 , conduit, containers, directory, feed, filepath, hslogger
 , html-entity, http-client, irc-conduit, lens, network
-, optparse-applicative, random, safe, stdenv, text, wreq
+, optparse-applicative, random, safe, stdenv, text, time, timerep
+, wreq
 , fetchFromGitHub
 }:
 mkDerivation rec {
   pname = "brockman";
-  version = "3.0.0";
+  version = "3.2.0";
   src = fetchFromGitHub {
     owner = "kmein";
     repo = "brockman";
     rev = version;
-    sha256 = "08yla9q2mjd7znpasfwsdqzc3dp2vcvg53x9p4vlx4g7jr3dw3yp";
+    sha256 = "0vvps5czl6qcpfyrm2a6vj00hdh941wj4zb2bd9jlgf9mfikqm77";
   };
   isLibrary = false;
   isExecutable = true;
   executableHaskellDepends = [
     aeson aeson-pretty base bloomfilter bytestring conduit containers
     directory feed filepath hslogger html-entity http-client
-    irc-conduit lens network optparse-applicative random safe text wreq
+    irc-conduit lens network optparse-applicative random safe text time
+    timerep wreq
   ];
   license = stdenv.lib.licenses.mit;
 }

From f4846c2f93df980944ef583e8e593639f8ce3964 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 21 Jan 2021 17:58:27 +0100
Subject: [PATCH 040/120] news: add brockman-helper reaktor2 bot

---
 krebs/2configs/news.nix | 53 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 51 insertions(+), 2 deletions(-)

diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index f40997f82..04a843922 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 
 {
   services.rss-bridge = {
@@ -22,7 +22,6 @@
     "d /var/lib/brockman 1750 brockman nginx -"
   ];
 
-  systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG";
   krebs.brockman = {
     enable = true;
     config = {
@@ -36,4 +35,54 @@
       bots = {};
     };
   };
+
+  krebs.reaktor2.news = {
+    hostname = "localhost";
+    port = "6667";
+    nick = "brockman-helper";
+    plugins = [
+      {
+        plugin = "register";
+        config = {
+          channels = [
+            "#all"
+            "#aluhut"
+            "#news"
+          ];
+        };
+      }
+      {
+        plugin = "system";
+        config = {
+          hooks.PRIVMSG = [
+            {
+              activate = "match";
+              pattern = "^(?:.*\\s)?\\s*brockman-helper:\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$";
+              command = 1;
+              arguments = [2];
+              commands = {
+                add-telegram.filename = pkgs.writeDash "add-telegram" ''
+                  if [ "$#" -ne 1 ]; then
+                    echo 'usage: brockman-helper: add-telegram $telegramname'
+                    echo "$#"
+                    exit 1
+                  fi
+                  echo "brockman: add t_$1 http://rss.r/?action=display&bridge=Telegram&username=$1&format=Mrss"
+                '';
+                search.filename = pkgs.writeDash "search" ''
+                  if [ "$#" -ne 1 ]; then
+                    echo 'usage: brockman-helper: search $searchterm'
+                    echo "$#"
+                    exit 1
+                  fi
+                  ${pkgs.curl}/bin/curl -Ss "https://feedsearch.dev/api/v1/search?url=$1&info=true&favicon=false" | \
+                    ${pkgs.jq}/bin/jq '.[].url'
+                '';
+              };
+            }
+          ];
+        };
+      }
+    ];
+  };
 }

From 5c669397dac74d4c63281a7c785465569e93643e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 14:11:16 +0100
Subject: [PATCH 041/120] brockman: 3.2.0 -> 3.2.3

---
 krebs/5pkgs/haskell/brockman.nix | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix
index 798adeee7..5f1166a25 100644
--- a/krebs/5pkgs/haskell/brockman.nix
+++ b/krebs/5pkgs/haskell/brockman.nix
@@ -1,26 +1,26 @@
 { mkDerivation, aeson, aeson-pretty, base, bloomfilter, bytestring
-, conduit, containers, directory, feed, filepath, hslogger
-, html-entity, http-client, irc-conduit, lens, network
+, case-insensitive, conduit, containers, directory, feed, filepath
+, hslogger, html-entity, http-client, irc-conduit, lens, network
 , optparse-applicative, random, safe, stdenv, text, time, timerep
 , wreq
 , fetchFromGitHub
 }:
 mkDerivation rec {
   pname = "brockman";
-  version = "3.2.0";
+  version = "3.2.3";
   src = fetchFromGitHub {
     owner = "kmein";
     repo = "brockman";
     rev = version;
-    sha256 = "0vvps5czl6qcpfyrm2a6vj00hdh941wj4zb2bd9jlgf9mfikqm77";
+    sha256 = "1qbjbf0l1ikfzmvky4cnvv7nlcwi2in4afliifh618j0a4f7j427";
   };
   isLibrary = false;
   isExecutable = true;
   executableHaskellDepends = [
-    aeson aeson-pretty base bloomfilter bytestring conduit containers
-    directory feed filepath hslogger html-entity http-client
-    irc-conduit lens network optparse-applicative random safe text time
-    timerep wreq
+    aeson aeson-pretty base bloomfilter bytestring case-insensitive
+    conduit containers directory feed filepath hslogger html-entity
+    http-client irc-conduit lens network optparse-applicative random
+    safe text time timerep wreq
   ];
   license = stdenv.lib.licenses.mit;
 }

From 034185780670fc7466cce8a839b59abd849e3f89 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 14:11:48 +0100
Subject: [PATCH 042/120] realwallpaper: add wallpaper with markers but without
 krebs

---
 krebs/5pkgs/simple/realwallpaper/default.nix | 46 +++++++++++++++-----
 1 file changed, 34 insertions(+), 12 deletions(-)

diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix
index 56a7dfb98..e55454a08 100644
--- a/krebs/5pkgs/simple/realwallpaper/default.nix
+++ b/krebs/5pkgs/simple/realwallpaper/default.nix
@@ -192,18 +192,15 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
     fi
 
     # create marker file from json
-    if [ -s marker.json ]; then
-      jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude) image=krebs.png"' marker.json > marker_file
-      echo 'position=sun image=sun.png' >> marker_file
-      echo 'position=moon image=moon.png' >> marker_file
-      echo 'position=mercury image=mercury.png' >> marker_file
-      echo 'position=venus image=venus.png' >> marker_file
-      echo 'position=mars image=mars.png' >> marker_file
-      echo 'position=jupiter image=jupiter.png' >> marker_file
-      echo 'position=saturn image=saturn.png' >> marker_file
-      echo 'position=uranus image=uranus.png' >> marker_file
-      echo 'position=neptune image=neptune.png' >> marker_file
-    fi
+    echo 'position=sun image=sun.png' > marker_file
+    echo 'position=moon image=moon.png' >> marker_file
+    echo 'position=mercury image=mercury.png' >> marker_file
+    echo 'position=venus image=venus.png' >> marker_file
+    echo 'position=mars image=mars.png' >> marker_file
+    echo 'position=jupiter image=jupiter.png' >> marker_file
+    echo 'position=saturn image=saturn.png' >> marker_file
+    echo 'position=uranus image=uranus.png' >> marker_file
+    echo 'position=neptune image=neptune.png' >> marker_file
 
     # generate moon
     xplanet -body moon --num_times 1 -origin earth \
@@ -227,6 +224,24 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
         shade=15
       ''}
 
+    xplanet --num_times 1 --geometry $xplanet_out_size \
+      --output xplanet-marker-output.png --projection merc \
+      -config ${pkgs.writeText "xplanet-marker.config" ''
+        [earth]
+        "Earth"
+        map=daymap-final.png
+        night_map=nightmap-final.png
+        cloud_map=clouds.png
+        cloud_threshold=1
+        cloud_gamma=10
+        marker_file=marker_file
+        shade=15
+      ''}
+
+    if [ -s marker.json ]; then
+      jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude) image=krebs.png"' marker.json >> marker_file
+    fi
+
     xplanet --num_times 1 --geometry $xplanet_out_size \
       --output xplanet-krebs-output.png --projection merc \
       -config ${pkgs.writeText "xplanet-krebs.config" ''
@@ -248,6 +263,13 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
         mv realwallpaper-tmp.png realwallpaper.png
     fi
 
+    # trim xplanet output
+    if needs_rebuild realwallpaper-marker.png xplanet-marker-output.png; then
+      convert xplanet-marker-output.png -crop $out_geometry \
+        realwallpaper-marker-tmp.png
+        mv realwallpaper-marker-tmp.png realwallpaper-marker.png
+    fi
+
     if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then
       convert xplanet-krebs-output.png -crop $out_geometry \
         realwallpaper-krebs-tmp.png

From 4484a3e5fc3181ae5ec8cc5056a23947756ff558 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 17:33:17 +0100
Subject: [PATCH 043/120] l: add lass-green user

---
 krebs/3modules/lass/default.nix       |  5 ++++
 krebs/3modules/lass/pgp/green.pgp     | 40 +++++++++++++++++++++++++++
 krebs/3modules/lass/ssh/green.ed25519 |  1 +
 3 files changed, 46 insertions(+)
 create mode 100644 krebs/3modules/lass/pgp/green.pgp
 create mode 100644 krebs/3modules/lass/ssh/green.ed25519

diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index a4586bed4..6d31bffdb 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -699,6 +699,11 @@ in {
       pubkey = builtins.readFile ./ssh/blue.rsa;
       pgp.pubkeys.default = builtins.readFile ./pgp/blue.pgp;
     };
+    lass-green = {
+      mail = "lass@green.r";
+      pubkey = builtins.readFile ./ssh/green.ed25519;
+      pgp.pubkeys.default = builtins.readFile ./pgp/green.pgp;
+    };
     lass-mors = {
       mail = "lass@mors.r";
       pubkey = builtins.readFile ./ssh/mors.rsa;
diff --git a/krebs/3modules/lass/pgp/green.pgp b/krebs/3modules/lass/pgp/green.pgp
new file mode 100644
index 000000000..96b2b38e4
--- /dev/null
+++ b/krebs/3modules/lass/pgp/green.pgp
@@ -0,0 +1,40 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBGAMS3EBDACzbsaP9nhJ8GrAk5JLlz+ruDbEGuvJXvh+spVq9i9TCCGAraPo
+z8Tmgsw6SJhJMW/170OZJ+GMMEDRpRbvh8tLZ0jsTIwINasRjC68tF9dgjjPZdNN
+cVOpFw4Wf4ueMmoEG/9Xyehm+YEJFTj5wul2uJtfj5NJB43daDn4e3ieGExd+zE0
+FTP4yAmxVMbN4BiyZPX7CxeTzJS0g4aVnMq9RqtYbxd1Uv++LmPh1ZkEyNNKItfC
+nRFeZzjhnmD7LvwsixE2ENnbiL9Ho7Mc4C7kRKSJ+LvXH6ChJJtDy9ApVA+u90i5
+Rd7y9rdzFY+NCHusWg0/U/t2FoLc/hRa0eLE1KFtzWzH35TMl8R/7NrPztTwT/fH
+xt3qSiwMUvH9X9TGvh5N0WwqgtEe6mpZvpq+4gyOiyA+EwE73rnxG2DzmM6CFHyo
+Qm/OOfjuFH+l0PkAqti+f41SqlEOiOAAFzgz7gaTdJ8gXs8piOGxk4U5EK/p1OTW
+4e6DrxqcxmHgoAUAEQEAAbQMbGFzc0BncmVlbi5yiQHUBBMBCAA+FiEE6Ed5jGI3
+gop09K1NMwheLc2Sjz0FAmAMS3ECGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwEC
+HgECF4AACgkQMwheLc2Sjz0otwv+I8Sw0ENqy6SsrZSGDtmhAouCeTIUseRQ66tp
+UFnxDVPYhhdM2ubTtIqOfx20Xdy/7N/POyYMJ5VR+IaFcB9wUlrhdjwUlCtoUipx
+EycZloccMPGySxAxR3Kcy/SFzUKWwQ10/mfSQg/4+vYayZNuSvEpviMEZn0prpmw
+jwFJcHOu0NL+7eYULMdit1BDaZfBaAu/otKn18878+0hVimyjW27564uXtJYnbf1
+hUVGvPLaSo74XBFra+kujcA3zIjWiPn6dRA5dzLrRRkb30Unl1+0a9QwY3wd3vCV
+UHWSgDNaV+o7yPTuxoMsfrxHPAc3JlaKM6ka/EdK04tbgMH/N7FHXqDqCEIBWML4
+1/+HxkP2UW59zLefQwvBqWcF6bA7kgHGhIDkg1yg7ygP0t2mH6ktuEAYYr24BFx7
+b8nK/jhK+rp3LomLTLQ6e/6mikfoDr636sB1/Bc+pTdWsJnuQTzaWBDloVEr/2hz
+/K5+wH2kgSKaWYUtaR6wiMbVKq3HuQGNBGAMS3EBDAC1xQNCJD3hlnihHBv7jxfH
+CI5HdnUEh1eP8mUKjSE+Z0xGEMq8Z9sbTHQxtDdmC4ZOq1Kkt2LmtQQQAIH+Qnu6
+RYFOAPRmegouIxg4S3eTPZhZRo1ZqCphqbL2mQ9ifNrG3VVvQGXNvjo3Cuwj0uzx
+EDtOilKEtHZhG0cfehGV+nO1n/g50EQMC7JkFWnryxVL8i4l3KstOdj+LcIT6c27
+EE2fzOUekeltBHGRFSM1Yzmn2lxruuK4I8zoiqak2St1788ay//F9tiZPfhWRb6+
+DF+JgRLCXatqTJppPpkui1irw6jN5ZabjyS7GBtH+5wpnvuMEMr484OXEg17VnCd
+Tx/RTLyjfffDtTkC4M7oiAr5SUbkJjVkEuwjxp1N19epD8gzrBQC2W7XKM3z+mtG
+ZLJtiW5hM+QylMv7VWxbQ21ObJmUqBQUZLPlpl3dlGU/ILw3U4urBibD9oPT2QAX
+J6Db/STyl6w0bzRbMJmaEM4P0FcdEKTuw7tOpl5zBUkAEQEAAYkBtgQYAQgAIBYh
+BOhHeYxiN4KKdPStTTMIXi3Nko89BQJgDEtxAhsMAAoJEDMIXi3Nko89yc8MAJKg
+M5lbA/PJYlIju/qWKWt7yZbsIGuDfmuKfYftjXDOqskEqDyYgr31Txd43bWM6Ec7
+gb5JVmtzvLull0/KRwMcKAFNTXIYcb3jKpanwWRgHQlt/D6zlQula73WxwNUlZWl
+Q8FCWjGa2hC8oKlTbtzm5osdcK+YhlpTpK5y4Mrg0f9Rcd297ygFQSDInpGq7ILY
+sFat3HU7w9oPp9Q5RS8/EmrvAx1kFj9mZRs4L9inJJnHFpb1R6snojcKPwEyIWBi
++PFZ6ns296FjW9C+Ci7C+aaAzVDM7NAwU0/EhWeDKKHITU3Zaz4gnShesKBiVxhI
+JQNFCjWlnc+o3RqbAhDQhlwFrCZWUxQi1qWy4U88IYqR9hxV0eNtGSRmwnGCT9RV
+Nxb6CjtmHpgUmzyvwBpBJya8bLYu5tCKnUodtFiq/poxEfI5WrP6pu5l648AwuPa
+ioovprweDWs38Q8wd/SuoaUtIoj378UDXq8acFvHHnOS/bBBfAE9tutY1ycJdg==
+=Fg3f
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/krebs/3modules/lass/ssh/green.ed25519 b/krebs/3modules/lass/ssh/green.ed25519
new file mode 100644
index 000000000..1aa7b1801
--- /dev/null
+++ b/krebs/3modules/lass/ssh/green.ed25519
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOJfTJ37hWYTYLWY6egshmvigPfRF0Sa4N11gmphMLm lass@green

From 4dfe7ef01ecc7a7db7cb37ac227fa842fee250fc Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 17:34:08 +0100
Subject: [PATCH 044/120] l: add jitsi.lassul.us to record

---
 krebs/3modules/lass/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 6d31bffdb..f9e4c6fe3 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -44,6 +44,7 @@ in {
           matrix              60 IN A      ${config.krebs.hosts.prism.nets.internet.ip4.addr}
           paste               60 IN A      ${config.krebs.hosts.prism.nets.internet.ip4.addr}
           radio               60 IN A      ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+          jitsi               60 IN A      ${config.krebs.hosts.prism.nets.internet.ip4.addr}
           streaming           60 IN A      ${config.krebs.hosts.prism.nets.internet.ip4.addr}
         '';
       };

From e95b720d97c0723f9ae7d72ae76788e2d8130d30 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 17:34:29 +0100
Subject: [PATCH 045/120] l: grant green access everywhere

---
 lass/2configs/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 1cf421fed..f3534d94d 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -22,6 +22,7 @@ with import <stockholm/lib>;
           openssh.authorizedKeys.keys = [
             config.krebs.users.lass-mors.pubkey
             config.krebs.users.lass-blue.pubkey
+            config.krebs.users.lass-green.pubkey
             config.krebs.users.lass-yubikey.pubkey
           ];
         };
@@ -40,6 +41,7 @@ with import <stockholm/lib>;
           openssh.authorizedKeys.keys = [
             config.krebs.users.lass-mors.pubkey
             config.krebs.users.lass-blue.pubkey
+            config.krebs.users.lass-green.pubkey
             config.krebs.users.lass-yubikey.pubkey
           ];
         };

From 859a6d1e732bfc40e65f5ed7b33d4014d77740a8 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 17:34:59 +0100
Subject: [PATCH 046/120] l bindfs: add clearTarget option

---
 lass/3modules/bindfs.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lass/3modules/bindfs.nix b/lass/3modules/bindfs.nix
index 5c8df8dc5..c489ef163 100644
--- a/lass/3modules/bindfs.nix
+++ b/lass/3modules/bindfs.nix
@@ -28,6 +28,13 @@ in {
           type = types.listOf types.str;
           default = [];
         };
+        clearTarget = mkOption {
+          description = ''
+            whether to clear the target folder before mounting
+          '';
+          type = types.bool;
+          default = false;
+        };
       };
     }));
     default = {};
@@ -41,6 +48,9 @@ in {
       path = [ pkgs.coreutils ];
       serviceConfig = {
         ExecStartPre = pkgs.writeDash "bindfs-init-${name}" ''
+          ${optionalString mount.clearTarget ''
+            rm -rf '${mount.target}'
+          ''}
           mkdir -p '${mount.source}'
           mkdir -p '${mount.target}'
         '';

From 1fb7abde922545b3b1ea3887bd5a3f2a57bbb0be Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 17:35:53 +0100
Subject: [PATCH 047/120] l sync-containers: fix ecryptfs startup bug

---
 lass/3modules/sync-containers.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lass/3modules/sync-containers.nix b/lass/3modules/sync-containers.nix
index ca81458a9..25ba2589b 100644
--- a/lass/3modules/sync-containers.nix
+++ b/lass/3modules/sync-containers.nix
@@ -10,6 +10,8 @@ with import <stockholm/lib>;
     plain = ''
     '';
     ecryptfs = ''
+      # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails
+      echo 4 | ${pkgs.ecryptfs}/bin/ecryptfs-manager
       if ! mount | grep -q '${cfg.dataLocation}/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then
         if [ -e ${cfg.dataLocation}/${cname}/ecryptfs/.cfg.json ]; then
           ${pkgs.ecrypt}/bin/ecrypt mount ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state

From 7a654da5dec445482ef40c4b9642f92e19693f2c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 17:36:12 +0100
Subject: [PATCH 048/120] l sync-containers: shutdown container if already up

---
 lass/3modules/sync-containers.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lass/3modules/sync-containers.nix b/lass/3modules/sync-containers.nix
index 25ba2589b..ebf440c4e 100644
--- a/lass/3modules/sync-containers.nix
+++ b/lass/3modules/sync-containers.nix
@@ -155,6 +155,8 @@ in {
 
         if [ -h /var/lib/containers/${ctr.name}/var/src/nixos-config ] && (! ping -c1 -q -w5 ${ctr.name}.r); then
           ${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- nixos-rebuild -I /var/src switch
+        else
+          ${(stop ctr.name).${ctr.format}}
         fi
       '')
       (pkgs.writeDashBin "stop-${ctr.name}" ''

From dd90d71a7f0dface27455e2138d712d0a8fa61ce Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 17:37:52 +0100
Subject: [PATCH 049/120] l styx.r: add syncthing.id

---
 krebs/3modules/lass/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index f9e4c6fe3..c5cf5cb15 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -686,6 +686,7 @@ in {
       };
       ssh.privkey.path = <secrets/ssh.id_ed25519>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU ";
+      syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN";
     };
   };
   users = rec {

From 2185fb0bfa56b365e33d0baf0274499076c1166b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 18:08:37 +0100
Subject: [PATCH 050/120] l blue.r: remove weechat

---
 lass/1systems/blue/config.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index f6dc23d20..c4286cca3 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -9,8 +9,8 @@ with import <stockholm/lib>;
 
     <stockholm/lass/2configs/blue.nix>
     <stockholm/lass/2configs/syncthing.nix>
+    <stockholm/lass/2configs/sync/sync.nix>
     <stockholm/lass/2configs/sync/decsync.nix>
-    <stockholm/lass/2configs/sync/weechat.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.blue;

From 0b5b4b8eab751d0d1d32573c6f69d08a82b4af1e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 18:09:13 +0100
Subject: [PATCH 051/120] l green.r: setup with sync-containers

---
 lass/1systems/green/config.nix | 71 +++++++++++++++++++++++++++++++++-
 1 file changed, 69 insertions(+), 2 deletions(-)

diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
index 0b4b50ee4..d7683ff5f 100644
--- a/lass/1systems/green/config.nix
+++ b/lass/1systems/green/config.nix
@@ -9,13 +9,80 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/mail.nix>
 
     <stockholm/lass/2configs/syncthing.nix>
+    <stockholm/lass/2configs/sync/sync.nix>
     <stockholm/lass/2configs/sync/decsync.nix>
     <stockholm/lass/2configs/sync/weechat.nix>
+
+    <stockholm/lass/2configs/bitlbee.nix>
+    <stockholm/lass/2configs/IM.nix>
+    <stockholm/lass/2configs/muchsync.nix>
+    <stockholm/lass/2configs/pass.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.green;
 
-  #networking.nameservers = [ "1.1.1.1" ];
+  users.users.mainUser.openssh.authorizedKeys.keys = [
+    config.krebs.users.lass-android.pubkey
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel
+  ];
 
-  #time.timeZone = "Europe/Berlin";
+  lass.bindfs = {
+    "/home/lass/.weechat" = {
+      source = "/var/state/lass_weechat";
+      options = [
+        "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}"
+        "--create-for-user=${toString config.users.users.syncthing.uid}"
+      ];
+    };
+    "/home/lass/Maildir" = {
+      source = "/var/state/lass_mail";
+      options = [
+        "-M ${toString config.users.users.mainUser.uid}"
+      ];
+    };
+    "/home/lass/sync" = {
+      source = "/var/state/lass_sync";
+      options = [
+        "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}"
+        "--create-for-user=${toString config.users.users.syncthing.uid}"
+      ];
+    };
+    "/var/lib/bitlbee" = {
+      source = "/var/state/bitlbee";
+      options = [
+        "-M ${toString config.users.users.bitlbee.uid}"
+      ];
+      clearTarget = true;
+    };
+    "/home/lass/.ssh" = {
+      source = "/var/state/lass_ssh";
+      options = [
+        "-M ${toString config.users.users.mainUser.uid}"
+      ];
+      clearTarget = true;
+    };
+    "/home/lass/.gnupg" = {
+      source = "/var/state/lass_gnupg";
+      options = [
+        "-M ${toString config.users.users.mainUser.uid}"
+      ];
+      clearTarget = true;
+    };
+  };
+
+  systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" ''
+    sleep 1
+    mkdir -p /home/lass/notmuch
+    chown lass: /home/lass/notmuch
+    ln -sfTr /home/lass/notmuch /home/lass/Maildir/.notmuch
+
+    mkdir -p /home/lass/notmuch/muchsync
+    chown lass: /home/lass/notmuch/muchsync
+    mkdir -p /home/lass/Maildir/.muchsync
+    ln -sfTr /home/lass/Maildir/.muchsync /home/lass/notmuch/muchsync/tmp
+  '';
+
+  krebs.iptables.tables.nat.PREROUTING.rules = [
+    { predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; }
+  ];
 }

From 9e4d47c5b46a92436d8e71c17a61ab729d4c4133 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 18:20:52 +0100
Subject: [PATCH 052/120] l: don't always sync basedir

---
 lass/2configs/sync/sync.nix | 13 +++++++++++++
 lass/2configs/syncthing.nix | 13 +------------
 2 files changed, 14 insertions(+), 12 deletions(-)
 create mode 100644 lass/2configs/sync/sync.nix

diff --git a/lass/2configs/sync/sync.nix b/lass/2configs/sync/sync.nix
new file mode 100644
index 000000000..bee1d03ac
--- /dev/null
+++ b/lass/2configs/sync/sync.nix
@@ -0,0 +1,13 @@
+{
+  services.syncthing.declarative.folders."/home/lass/sync" = {
+    devices = [ "mors" "icarus" "xerxes" "shodan" "green" "blue" ];
+  };
+  krebs.permown."/home/lass/sync" = {
+    file-mode = "u+rw,g+rw";
+    owner = "lass";
+    group = "syncthing";
+    umask = "0002";
+    keepGoing = true;
+  };
+}
+
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index 7758b860d..d31ce7800 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -1,6 +1,5 @@
 { config, pkgs, ... }: with import <stockholm/lib>; let
   all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
-  own_peers = filterAttrs (n: v: v.owner.name == "lass") all_peers;
   mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
 in {
   services.syncthing = {
@@ -11,10 +10,6 @@ in {
       key = toString <secrets/syncthing.key>;
       cert = toString <secrets/syncthing.cert>;
       devices = mk_peers all_peers;
-      folders."/home/lass/sync" = {
-        devices = attrNames (filterAttrs (n: v: n != "phone") own_peers);
-        # ignorePerms = false;
-      };
     };
   };
   krebs.iptables.tables.filter.INPUT.rules = [
@@ -26,11 +21,5 @@ in {
     ${pkgs.coreutils}/bin/chmod a+x /home/lass
   '';
 
-  krebs.permown."/home/lass/sync" = {
-    file-mode = "u+rw,g+rw";
-    owner = "lass";
-    group = "syncthing";
-    umask = "0002";
-    keepGoing = true;
-  };
+  boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
 }

From df53de085f35b9da52e31ca2db6c1f6d97062127 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 18:32:56 +0100
Subject: [PATCH 053/120] l: add missing IM.nix

---
 lass/2configs/IM.nix | 45 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 lass/2configs/IM.nix

diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
new file mode 100644
index 000000000..b79af3b49
--- /dev/null
+++ b/lass/2configs/IM.nix
@@ -0,0 +1,45 @@
+with (import <stockholm/lib>);
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./bitlbee.nix
+  ];
+
+  systemd.services.chat = let
+    tmux = pkgs.writeDash "tmux" ''
+      exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
+        set-option -g prefix `
+        unbind-key C-b
+        bind ` send-prefix
+
+        set-option -g status off
+        set-option -g default-terminal screen-256color
+
+        #use session instead of windows
+        bind-key c new-session
+        bind-key p switch-client -p
+        bind-key n switch-client -n
+        bind-key C-s switch-client -l
+      ''} "$@"
+    '';
+  in {
+    description = "chat environment setup";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    restartIfChanged = false;
+
+    path = [
+      pkgs.rxvt_unicode.terminfo
+    ];
+
+    serviceConfig = {
+      User = "lass";
+      RemainAfterExit = true;
+      Type = "oneshot";
+      ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
+      ExecStop = "${tmux} kill-session -t IM";
+    };
+  };
+}

From fbec363f091221f476c4a133630b16bf88ceb26c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 18:33:31 +0100
Subject: [PATCH 054/120] l domsen: remove inotify limits

---
 lass/2configs/websites/domsen.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index f3beb9eb9..c43c8c902 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -285,7 +285,6 @@ in {
     ];
   };
 
-  boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576";
   services.syncthing.declarative.folders = {
     domsen-backups = {
       path = "/backups/domsen";

From d618f52cda36f62b3744aa84422b4c9f28bdc61d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 18:43:55 +0100
Subject: [PATCH 055/120] l: add missing muchsync.nix

---
 lass/2configs/muchsync.nix | 40 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 lass/2configs/muchsync.nix

diff --git a/lass/2configs/muchsync.nix b/lass/2configs/muchsync.nix
new file mode 100644
index 000000000..b09bf579b
--- /dev/null
+++ b/lass/2configs/muchsync.nix
@@ -0,0 +1,40 @@
+with (import <stockholm/lib>);
+{ config, pkgs, ... }:
+
+{
+  systemd.services.muchsync = let
+    hosts = [
+      "mors.r"
+      "green.r"
+      "blue.r"
+    ];
+  in {
+    description = "sync mails";
+    environment = {
+      NOTMUCH_CONFIG = config.environment.variables.NOTMUCH_CONFIG;
+    };
+    after = [ "network.target" ];
+
+    restartIfChanged = false;
+
+    path = [
+      pkgs.notmuch
+      pkgs.openssh
+    ];
+
+    startAt = "*:*"; # run every minute
+    serviceConfig = {
+      User = "lass";
+      Type = "oneshot";
+      ExecStart = pkgs.writeDash "sync-mails" ''
+        set -euf
+
+        /run/current-system/sw/bin/nm-tag-init 2>/dev/null
+        ${concatMapStringsSep "\n" (host: ''
+          echo syncing ${host}:
+          ${pkgs.muchsync}/bin/muchsync -s 'ssh -CTaxq -o ConnectTimeout=4' --nonew lass@${host} || :
+        '') hosts}
+      '';
+    };
+  };
+}

From 5b178eb4dfea1db9c578d9d389331fe5ffaaa082 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 18:54:08 +0100
Subject: [PATCH 056/120] l mail: export NOTMUCH_CONFIG

---
 lass/2configs/mail.nix | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 98affdd83..4c4f888c9 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -21,6 +21,26 @@ let
     account default: prism
   '';
 
+  notmuch-config = pkgs.writeText "notmuch-config" ''
+    [database]
+    path=/home/lass/Maildir
+
+    [user]
+    name=lassulus
+    primary_email=lassulus@lassul.us
+    other_email=lass@mors.r;${concatStringsSep ";" (flatten (attrValues mailboxes))}
+
+    [new]
+    tags=unread;inbox;
+    ignore=
+
+    [search]
+    exclude_tags=deleted;spam;
+
+    [maildir]
+    synchronize_flags=true
+  '';
+
   msmtp = pkgs.writeBashBin "msmtp" ''
     ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \
       ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} "$@"
@@ -232,6 +252,7 @@ let
   };
 
 in {
+  environment.variables.NOTMUCH_CONFIG = toString notmuch-config;
   environment.systemPackages = [
     msmtp
     mutt

From 3c539a34f83862b577ea4c8291788c7ba253ee1f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 18:54:36 +0100
Subject: [PATCH 057/120] l mail: fix sidebar format

---
 lass/2configs/mail.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 4c4f888c9..4682865c6 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -227,7 +227,7 @@ let
     set sidebar_short_path
     set sidebar_folder_indent
     set sidebar_visible = yes
-    set sidebar_format = '%B%?F? [%F]?%* %?N?%N/? %?S?%S?'
+    set sidebar_format = '%D%?F? [%F]?%* %?N?%N/? %?S?%S?'
     set sidebar_width   = 20
     color sidebar_new yellow red
 

From ea59935e5f57dfc03db3367f187ffaffafcc67a2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 19:06:07 +0100
Subject: [PATCH 058/120] l radio: simplify listeners counting

---
 lass/2configs/radio.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 8c95b535d..6a020692a 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -200,7 +200,7 @@ in {
         ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null
         ${pkgs.mpc_cli}/bin/mpc current -f %file%
       done | while read track; do
-        listeners=$(${pkgs.iproute}/bin/ss -Hno state established '( sport = :8000 )' | wc -l)
+        listeners=$(${pkgs.iproute}/bin/ss -Hno state established 'sport = :8000' | wc -l)
         echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE"
         echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
         ${write_to_irc} "playing: $track listeners: $listeners"

From 348d5e476f0689f40c14b566c078c26ef6222676 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 19:06:20 +0100
Subject: [PATCH 059/120] l radio: import htgen script

---
 lass/2configs/radio.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 6a020692a..707cc8459 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -275,7 +275,7 @@ in {
     user = {
       name = "radio";
     };
-    script = ''
+    script = ''. ${pkgs.writeDash "radio" ''
       case "$Method $Request_URI" in
         "GET /current")
           printf 'HTTP/1.1 200 OK\r\n'
@@ -303,7 +303,7 @@ in {
           exit
         ;;
       esac
-    '';
+    ''}'';
   };
 
   services.nginx = {

From 0718e51e35c0ffb639f3f208e94d08521ec8df82 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 19:06:59 +0100
Subject: [PATCH 060/120] l tv: remove legacy interface

---
 lass/2configs/tv.nix | 88 +-------------------------------------------
 1 file changed, 1 insertion(+), 87 deletions(-)

diff --git a/lass/2configs/tv.nix b/lass/2configs/tv.nix
index 0ca1b340f..d49ed6125 100644
--- a/lass/2configs/tv.nix
+++ b/lass/2configs/tv.nix
@@ -8,6 +8,7 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
     worker_connections  128;
   }
   error_log stderr info;
+
   http {
     client_body_temp_path /var/lib/rtmp/nginx_cache_client_body;
     proxy_temp_path /var/lib/rtmp/nginx_cache_proxy;
@@ -25,92 +26,6 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
       location /stat {
         rtmp_stat all;
       }
-
-      location /hls {
-        # Serve HLS fragments
-        types {
-          application/vnd.apple.mpegurl m3u8;
-          video/mp2t ts;
-        }
-        root /var/lib/rtmp/tmp;
-        add_header Cache-Control no-cache;
-
-        # CORS setup
-        add_header 'Access-Control-Allow-Origin' '*' always;
-        add_header 'Access-Control-Expose-Headers' 'Content-Length';
-
-        # Allow CORS preflight requests
-        if ($request_method = 'OPTIONS') {
-          add_header 'Access-Control-Allow-Origin' '*';
-          add_header 'Access-Control-Max-Age' 1728000;
-          add_header 'Content-Type' 'text/plain charset=UTF-8';
-          add_header 'Content-Length' 0;
-          return 204;
-        }
-      }
-
-      location /dash {
-        # Serve DASH fragments
-        types {
-          application/dash+xml mpd;
-          video/mp4 mp4;
-        }
-        root /tmp;
-        add_header Cache-Control no-cache;
-
-        # CORS setup
-        add_header 'Access-Control-Allow-Origin' '*' always;
-        add_header 'Access-Control-Expose-Headers' 'Content-Length';
-
-        # Allow CORS preflight requests
-        if ($request_method = 'OPTIONS') {
-          add_header 'Access-Control-Allow-Origin' '*';
-          add_header 'Access-Control-Max-Age' 1728000;
-          add_header 'Content-Type' 'text/plain charset=UTF-8';
-          add_header 'Content-Length' 0;
-          return 204;
-        }
-      }
-
-      location "/dash.all.min.js" {
-        default_type "text/javascript";
-        alias ${pkgs.fetchurl {
-          url = "http://cdn.dashjs.org/v3.2.0/dash.all.min.js";
-          sha256 = "16f0b40gdqsnwqi01s5sz9f1q86dwzscgc3m701jd1sczygi481c";
-        }};
-      }
-
-      location /player {
-        default_type "text/html";
-        alias ${pkgs.writeText "player.html" ''
-          <!DOCTYPE html>
-          <html lang="en">
-            <head>
-              <meta charset="utf-8">
-              <title>lassulus livestream</title>
-            </head>
-            <body>
-              <div>
-                <video id="player" controls></video>
-                </video>
-              </div>
-              <script src="/dash.all.min.js"></script>
-              <script>
-                (function(){
-                  var url = "http://lassul.us:8080/dash/nixos.mpd";
-                  var player = dashjs.MediaPlayer().create();
-                  player.initialize(document.querySelector("#player"), url, true);
-                })();
-              </script>
-            </body>
-          </html>
-        ''};
-      }
-
-      location /records {
-        autoindex on;
-        root /var/lib/rtmp;
-      }
     }
   }
 
@@ -275,6 +190,5 @@ in {
 
   krebs.iptables.tables.filter.INPUT.rules = [
     { predicate = "-p tcp --dport 1935"; target = "ACCEPT"; }
-    { predicate = "-p tcp --dport 8080"; target = "ACCEPT"; }
   ];
 }

From 33dbc0c0aeb82707b0d7cebe9183a640842db435 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 19:07:39 +0100
Subject: [PATCH 061/120] l git: add reaktor2 & workadventure-nix

---
 lass/2configs/git.nix | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index edec2dcb4..e6aeca5d1 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -97,6 +97,10 @@ let
     populate = {
       cgit.section = "software";
     };
+    reaktor2 = {
+      cgit.desc = "irc bot";
+      cgit.section = "software";
+    };
     stockholm = {
       cgit.desc = "take all the computers hostage, they'll love you!";
       cgit.section = "configuration";
@@ -109,6 +113,10 @@ let
       cgit.desc = "Good Music collection + tools";
       cgit.section  = "art";
     };
+    workadventure-nix = {
+      cgit.desc = "Nix packaging for workadventure";
+      cgit.section = "deployment";
+    };
     xmonad-stockholm = {
       cgit.desc = "krebs xmonad modules";
       cgit.section = "configuration";
@@ -142,9 +150,6 @@ let
           nick = config.krebs.build.host.name;
           channel = "#xxx";
           # TODO define refs in some kind of option per repo
-          refs = [
-            "refs/heads/master"
-          ];
           server = "irc.r";
           verbose = config.krebs.build.host.name == "prism";
         }}

From b40754586d80b1063cba3e9e0bf0b41bd1d63932 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 19:36:09 +0100
Subject: [PATCH 062/120] l icarus.r: fix thinkfan values

---
 lass/1systems/icarus/physical.nix | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix
index bd74c29f3..837872bf5 100644
--- a/lass/1systems/icarus/physical.nix
+++ b/lass/1systems/icarus/physical.nix
@@ -51,12 +51,10 @@
     (1,     48,     60)
     (2,     50,     61)
     (3,     52,     63)
-    (6,     60,     65)
-    (7,     80,     85)
-    (127,   90,     32767)
+    (6,     60,     85)
+    (7,     80,     90)
+    (127,   89,     32767)
   '';
 
   services.logind.lidSwitch = "ignore";
-  services.logind.lidSwitchDocked = "ignore";
-
 }

From c5a63e4985cb81169ecf32483d9ceaa921b6f116 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 19:36:46 +0100
Subject: [PATCH 063/120] l codimd: codimd is now called hedgedoc

---
 lass/2configs/codimd.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix
index e55090de9..d29a65210 100644
--- a/lass/2configs/codimd.nix
+++ b/lass/2configs/codimd.nix
@@ -12,8 +12,9 @@ with import <stockholm/lib>;
     '';
   };
 
-  services.codimd = {
+  services.hedgedoc = {
     enable = true;
+    configuration.allowOrigin = [ "*" ];
     configuration = {
       db = {
         dialect = "sqlite";

From e0229e76309fef6825ff4126a7f9c9e334fb9aba Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 20:22:17 +0100
Subject: [PATCH 064/120] l realwallpaper: add video

---
 lass/2configs/realwallpaper.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix
index e0cb37f67..c3054d3af 100644
--- a/lass/2configs/realwallpaper.nix
+++ b/lass/2configs/realwallpaper.nix
@@ -28,6 +28,9 @@ in {
     locations."/realwallpaper-krebs.png".extraConfig = ''
       root /var/realwallpaper/;
     '';
+    locations."/realwallpaper-video.mp4".extraConfig = ''
+      root /var/realwallpaper/archive;
+    '';
   };
 
   krebs.iptables = {

From 78e687f288dc22d22d1cb88319f941caa0316623 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 20:23:56 +0100
Subject: [PATCH 065/120] l littleT.r: add as green-host

---
 lass/1systems/littleT/config.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix
index eee23ee60..adf8aeeb1 100644
--- a/lass/1systems/littleT/config.nix
+++ b/lass/1systems/littleT/config.nix
@@ -7,6 +7,7 @@ with import <stockholm/lib>;
 
     <stockholm/lass/2configs/retiolum.nix>
     <stockholm/lass/2configs/blue-host.nix>
+    <stockholm/lass/2configs/green-host.nix>
     <stockholm/lass/2configs/syncthing.nix>
   ];
 

From e0708ab3ba6b9bb5dd826ea225d61745687a2f28 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 20:24:10 +0100
Subject: [PATCH 066/120] l morpheus.r: add green-host

---
 lass/1systems/morpheus/config.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix
index 79fbe4c97..79d4f528d 100644
--- a/lass/1systems/morpheus/config.nix
+++ b/lass/1systems/morpheus/config.nix
@@ -4,6 +4,9 @@ with import <stockholm/lib>;
   imports = [
     <stockholm/lass>
     <stockholm/lass/2configs/retiolum.nix>
+
+    <stockholm/lass/2configs/syncthing.nix>
+    <stockholm/lass/2configs/green-host.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.morpheus;

From 34470a6e92439ffeb4cf9112343e9745d97b709c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 20:34:21 +0100
Subject: [PATCH 067/120] l: remove deprecated backup user

---
 lass/1systems/daedalus/config.nix |  1 -
 lass/1systems/mors/config.nix     |  1 -
 lass/1systems/shodan/config.nix   |  1 -
 lass/2configs/backup.nix          | 14 --------------
 lass/2configs/default.nix         |  1 -
 5 files changed, 18 deletions(-)
 delete mode 100644 lass/2configs/backup.nix

diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index bd559944a..d84502b3f 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -6,7 +6,6 @@ with import <stockholm/lib>;
     <stockholm/lass>
 
     <stockholm/lass/2configs/retiolum.nix>
-    <stockholm/lass/2configs/backup.nix>
     <stockholm/lass/2configs/nfs-dl.nix>
     {
       # bubsy config
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index b03d95c49..21abb9c3f 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -33,7 +33,6 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/starcraft.nix>
     <stockholm/lass/2configs/dunst.nix>
     <stockholm/lass/2configs/rtl-sdr.nix>
-    <stockholm/lass/2configs/backup.nix>
     <stockholm/lass/2configs/print.nix>
     <stockholm/lass/2configs/blue-host.nix>
     <stockholm/lass/2configs/network-manager.nix>
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index 9e01396bc..b34afe5e6 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -13,7 +13,6 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/programs.nix>
     <stockholm/lass/2configs/wine.nix>
     <stockholm/lass/2configs/bitcoin.nix>
-    <stockholm/lass/2configs/backup.nix>
     <stockholm/lass/2configs/blue-host.nix>
     <stockholm/lass/2configs/nfs-dl.nix>
     <stockholm/lass/2configs/gg23.nix>
diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix
deleted file mode 100644
index f5c241785..000000000
--- a/lass/2configs/backup.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, lib, ... }:
-with import <stockholm/lib>;
-
-{
-  users.users.backup = {
-    useDefaultShell = true;
-    home = "/backups";
-    createHome = true;
-    group = "syncthing";
-    openssh.authorizedKeys.keys = with config.krebs.hosts; [
-      blue.ssh.pubkey
-    ];
-  };
-}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index f3534d94d..7b6f01148 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -3,7 +3,6 @@ with import <stockholm/lib>;
 {
   imports = [
     ./binary-cache/client.nix
-    ./backup.nix
     ./gc.nix
     ./mc.nix
     ./vim.nix

From 1562ee7ca9e271d4e2ddf3a5c2521b6243344fce Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 20:42:51 +0100
Subject: [PATCH 068/120] l: split ppp.nix by modem

---
 lass/2configs/ppp/umts-stick.nix              | 33 +++++++++++++++++++
 lass/2configs/{ppp.nix => ppp/x220-modem.nix} |  4 +--
 2 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 lass/2configs/ppp/umts-stick.nix
 rename lass/2configs/{ppp.nix => ppp/x220-modem.nix} (84%)

diff --git a/lass/2configs/ppp/umts-stick.nix b/lass/2configs/ppp/umts-stick.nix
new file mode 100644
index 000000000..64551a2b3
--- /dev/null
+++ b/lass/2configs/ppp/umts-stick.nix
@@ -0,0 +1,33 @@
+{ pkgs, ... }: {
+
+  # usage: pppd call stick
+
+  environment.etc."ppp/peers/stick".text = ''
+    /dev/ttyUSB0
+    460800
+    crtscts
+    defaultroute
+    holdoff 10
+    lock
+    maxfail 0
+    noauth
+    nodetach
+    noipdefault
+    passive
+    persist
+    usepeerdns
+    connect "${pkgs.ppp}/bin/chat -f ${pkgs.writeText "default.chat" ''
+      ABORT "BUSY"
+      ABORT "NO CARRIER"
+      REPORT CONNECT
+      "" "ATDT*99#"
+      CONNECT
+    ''}"
+  '';
+
+  environment.systemPackages = [
+    pkgs.ppp
+  ];
+
+}
+
diff --git a/lass/2configs/ppp.nix b/lass/2configs/ppp/x220-modem.nix
similarity index 84%
rename from lass/2configs/ppp.nix
rename to lass/2configs/ppp/x220-modem.nix
index 9cc7568a5..d6facb724 100644
--- a/lass/2configs/ppp.nix
+++ b/lass/2configs/ppp/x220-modem.nix
@@ -1,8 +1,8 @@
 { pkgs, ... }: {
 
-  # usage: pppd call default
+  # usage: pppd call x220
 
-  environment.etc."ppp/peers/default".text = ''
+  environment.etc."ppp/peers/x220".text = ''
     /dev/ttyACM2
     921600
     crtscts

From 4ce8f6e13046574e287b599f4d0e87a74f04c13a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 20:43:56 +0100
Subject: [PATCH 069/120] l mors.r: remove old imports, add new ones

---
 lass/1systems/mors/config.nix | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 21abb9c3f..907242500 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -18,27 +18,27 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/steam.nix>
     <stockholm/lass/2configs/wine.nix>
     <stockholm/lass/2configs/git.nix>
-    <stockholm/lass/2configs/virtualbox.nix>
     <stockholm/lass/2configs/fetchWallpaper.nix>
     <stockholm/lass/2configs/mail.nix>
     <stockholm/krebs/2configs/ircd.nix>
     <stockholm/lass/2configs/logf.nix>
     <stockholm/lass/2configs/syncthing.nix>
-    <stockholm/lass/2configs/otp-ssh.nix>
-    <stockholm/lass/2configs/c-base.nix>
+    <stockholm/lass/2configs/sync/sync.nix>
     <stockholm/lass/2configs/sync/decsync.nix>
     <stockholm/lass/2configs/sync/weechat.nix>
+    #<stockholm/lass/2configs/c-base.nix>
     <stockholm/lass/2configs/br.nix>
     <stockholm/lass/2configs/ableton.nix>
-    <stockholm/lass/2configs/starcraft.nix>
     <stockholm/lass/2configs/dunst.nix>
     <stockholm/lass/2configs/rtl-sdr.nix>
     <stockholm/lass/2configs/print.nix>
-    <stockholm/lass/2configs/blue-host.nix>
     <stockholm/lass/2configs/network-manager.nix>
     <stockholm/lass/2configs/nfs-dl.nix>
-    #<stockholm/lass/2configs/hardening.nix>
-    <stockholm/lass/2configs/ppp.nix>
+    <stockholm/lass/2configs/green-host.nix>
+    <stockholm/lass/2configs/ppp/x220-modem.nix>
+    <stockholm/lass/2configs/ppp/umts-stick.nix>
+    # <stockholm/lass/2configs/remote-builder/morpheus.nix>
+    # <stockholm/lass/2configs/remote-builder/prism.nix>
     {
       krebs.iptables.tables.filter.INPUT.rules = [
         #risk of rain

From 3ce3820553ddaf709d4a6aab50556ac619f5ba2f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 20:44:52 +0100
Subject: [PATCH 070/120] l: init ecrypt

---
 lass/5pkgs/ecrypt/default.nix | 108 ++++++++++++++++++++++++++++++++++
 1 file changed, 108 insertions(+)
 create mode 100644 lass/5pkgs/ecrypt/default.nix

diff --git a/lass/5pkgs/ecrypt/default.nix b/lass/5pkgs/ecrypt/default.nix
new file mode 100644
index 000000000..9bb35a8dc
--- /dev/null
+++ b/lass/5pkgs/ecrypt/default.nix
@@ -0,0 +1,108 @@
+{ pkgs, lib }:
+
+#usage: ecrypt mount /var/crypted /var/unencrypted
+pkgs.writers.writeDashBin "ecrypt" ''
+  set -euf
+  set -x
+
+  PATH=${lib.makeBinPath (with pkgs; [
+    coreutils
+    ecryptfs
+    gnused
+    gnugrep
+    jq
+    mount
+    keyutils
+    umount
+  ])}
+
+  # turn echo back on if killed
+  trap 'stty echo' INT
+
+  case "$1" in
+    init)
+      shift
+      mkdir -p "$1" "$2"
+
+      # abort if src or dest are not empty
+      if [ -e "$1"/.cfg.json ]; then
+        echo 'source dir is already configured, aborting'
+        exit 1
+      elif ls -1qA "$2" | grep -q .; then
+        echo 'destination dir is not empty, aborting'
+        exit 1
+      else
+        stty -echo
+        printf "passphrase: "
+        read  passphrase
+        stty echo
+        sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/')
+        mount -t ecryptfs \
+          -o ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \
+          "$1" "$2"
+
+        # add sig to json state file
+        jq -n --arg sig "$sig" '{ "sig": $sig }' > "$1"/.cfg.json
+      fi
+      ;;
+
+    mount)
+      shift
+      if ! [ -e "$1"/.cfg.json ]; then
+        echo '.cfg.json missing in src'
+        exit 1
+      fi
+      old_sig=$(cat "$1"/.cfg.json | jq -r .sig)
+
+      # check if key is already in keyring, otherwise add it
+      
+      if keyctl list @u | grep -q "$old_sig"; then
+        echo 'pw already saved'
+      else
+        stty -echo
+        printf "passphrase: "
+        read  passphrase
+        stty echo
+        new_sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/')
+
+        # check if passphrase matches sig
+        if [ "$old_sig" != "$new_sig" ]; then
+          echo 'passphrase does not match sig, bailing out'
+          new_keyid=$(keyctl list @u | grep "$new_sig" | sed 's/\([0-9]*\).*/\1/')
+          keyctl revoke "$new_keyid"
+          keyctl unlink "$new_keyid"
+          exit 1
+        fi
+      fi
+
+      sig=$old_sig
+      keyid=$(keyctl list @u | grep "$sig" | sed 's/\([0-9]*\).*/\1/')
+      if (ls -1qA "$2" | grep -q .); then
+        echo 'destination is not empty, bailing out'
+        exit 1
+      else
+        mount -i -t ecryptfs \
+          -o ecryptfs_passthrough=no,verbose=no,ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \
+          "$1" "$2"
+      fi
+      ;;
+
+    unmount)
+      shift
+
+      sig=$(cat "$1"/.cfg.json | jq -r .sig)
+      keyid=$(keyctl list @u | grep "$sig" | sed 's/\s*\([0-9]*\).*/\1/')
+
+      umount "$2" || :
+      keyctl revoke "$keyid"
+      keyctl unlink "$keyid"
+      ;;
+
+    *)
+      echo 'usage:
+        ecrypt init /tmp/src/ /tmp/dst/
+        ecrypt mount /tmp/src/ /tmp/dst/
+        ecrypt unmount /tmp/src/ /tmp/dst/
+      '
+  esac
+''

From b2fdc7e18512582c1d520df7d8e86108ed88ba92 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 20:52:47 +0100
Subject: [PATCH 071/120] l browsers: remove cvim

---
 lass/2configs/browsers.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index eafab400c..00a5d2db0 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -7,7 +7,6 @@
     enable = true;
     extensions = [
       "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
-      "ihlenndgcmojhcghmfjfneahoeklbjjh" #cVim
     ];
   };
 }

From 7fc98767397a8f0ae7aa2bb1e764bb441b244bd7 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 20:58:05 +0100
Subject: [PATCH 072/120] l prism.r: use as green-host

---
 lass/1systems/prism/config.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index f63c6a05a..54ba0089f 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -118,6 +118,7 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/iodined.nix>
     <stockholm/lass/2configs/paste.nix>
     <stockholm/lass/2configs/syncthing.nix>
+    <stockholm/lass/2configs/green-host.nix>
     <stockholm/lass/2configs/reaktor-coders.nix>
     <stockholm/lass/2configs/ciko.nix>
     <stockholm/lass/2configs/container-networking.nix>

From 8adbc446bfe2e577d4140d63e0f5bd1f8adf2c31 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 20:59:54 +0100
Subject: [PATCH 073/120] l: remove ejabberd

---
 lass/1systems/prism/config.nix     |  10 ---
 lass/3modules/default.nix          |   1 -
 lass/3modules/ejabberd/config.nix  | 128 -----------------------------
 lass/3modules/ejabberd/default.nix | 103 -----------------------
 4 files changed, 242 deletions(-)
 delete mode 100644 lass/3modules/ejabberd/config.nix
 delete mode 100644 lass/3modules/ejabberd/default.nix

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 54ba0089f..81159573d 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -138,16 +138,6 @@ with import <stockholm/lib>;
         enable = true;
       };
     }
-    {
-      lass.ejabberd = {
-        enable = true;
-        hosts = [ "lassul.us" ];
-      };
-      krebs.iptables.tables.filter.INPUT.rules = [
-        { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
-        { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
-      ];
-    }
     {
       imports = [
         <stockholm/lass/2configs/realwallpaper.nix>
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 8bee08caa..3587e0f88 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -3,7 +3,6 @@ _:
   imports = [
     ./bindfs.nix
     ./dnsmasq.nix
-    ./ejabberd
     ./folderPerms.nix
     ./hosts.nix
     ./klem.nix
diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix
deleted file mode 100644
index 4630f25c1..000000000
--- a/lass/3modules/ejabberd/config.nix
+++ /dev/null
@@ -1,128 +0,0 @@
-with import <stockholm/lib>;
-{ config, ... }: let
-
-  # See https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example
-
-  ciphers = concatStringsSep ":" [
-    "ECDHE-ECDSA-AES256-GCM-SHA384"
-    "ECDHE-RSA-AES256-GCM-SHA384"
-    "ECDHE-ECDSA-CHACHA20-POLY1305"
-    "ECDHE-RSA-CHACHA20-POLY1305"
-    "ECDHE-ECDSA-AES128-GCM-SHA256"
-    "ECDHE-RSA-AES128-GCM-SHA256"
-    "ECDHE-ECDSA-AES256-SHA384"
-    "ECDHE-RSA-AES256-SHA384"
-    "ECDHE-ECDSA-AES128-SHA256"
-    "ECDHE-RSA-AES128-SHA256"
-  ];
-
-  protocol_options = [
-    "no_sslv2"
-    "no_sslv3"
-    "no_tlsv1"
-    "no_tlsv1_10"
-  ];
-
-in /* yaml */ ''
-
-  access_rules:
-    announce:
-      - allow: admin
-    local:
-      - allow: local
-    configure:
-      - allow: admin
-    register:
-      - allow
-    s2s:
-      - allow
-    trusted_network:
-      - allow: loopback
-
-  acl:
-    local:
-      user_regexp: ""
-    loopback:
-      ip:
-        - "127.0.0.0/8"
-        - "::1/128"
-        - "::FFFF:127.0.0.1/128"
-
-  hosts: ${toJSON config.hosts}
-
-  language: "en"
-
-  listen:
-    -
-      port: 5222
-      ip: "::"
-      module: ejabberd_c2s
-      shaper: c2s_shaper
-      certfile: ${toJSON config.certfile.path}
-      ciphers: ${toJSON ciphers}
-      dhfile: ${toJSON config.dhfile.path}
-      protocol_options: ${toJSON protocol_options}
-      starttls: true
-      starttls_required: true
-      tls: false
-      tls_compression: false
-      max_stanza_size: 65536
-    -
-      port: 5269
-      ip: "::"
-      module: ejabberd_s2s_in
-      shaper: s2s_shaper
-      max_stanza_size: 131072
-
-  loglevel: 4
-
-  modules:
-    mod_adhoc: {}
-    mod_admin_extra: {}
-    mod_announce:
-      access: announce
-    mod_caps: {}
-    mod_carboncopy: {}
-    mod_client_state: {}
-    mod_configure: {}
-    mod_disco: {}
-    mod_echo: {}
-    mod_bosh: {}
-    mod_last: {}
-    mod_offline:
-      access_max_user_messages: max_user_offline_messages
-    mod_ping: {}
-    mod_privacy: {}
-    mod_private: {}
-    mod_register:
-      access_from: allow
-      access: register
-      # ip_access: trusted_network
-      registration_watchers: ${toJSON config.registration_watchers}
-    mod_roster: {}
-    mod_shared_roster: {}
-    mod_stats: {}
-    mod_time: {}
-    mod_vcard:
-      search: false
-    mod_version: {}
-    mod_http_api: {}
-
-  s2s_access: s2s
-  s2s_certfile: ${toJSON config.s2s_certfile.path}
-  s2s_ciphers: ${toJSON ciphers}
-  s2s_dhfile: ${toJSON config.dhfile.path}
-  s2s_protocol_options: ${toJSON protocol_options}
-  s2s_tls_compression: false
-  s2s_use_starttls: required
-
-  shaper_rules:
-    max_user_offline_messages:
-      - 5000: admin
-      - 100
-    max_user_sessions: 10
-    c2s_shaper:
-      - none: admin
-      - normal
-    s2s_shaper: fast
-''
diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix
deleted file mode 100644
index 20a38d572..000000000
--- a/lass/3modules/ejabberd/default.nix
+++ /dev/null
@@ -1,103 +0,0 @@
-{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
-  cfg = config.lass.ejabberd;
-
-  gen-dhparam = pkgs.writeDash "gen-dhparam" ''
-    set -efu
-    path=$1
-    bits=2048
-    # TODO regenerate dhfile after some time?
-    if ! test -e "$path"; then
-      ${pkgs.openssl}/bin/openssl dhparam "$bits" > "$path"
-    fi
-  '';
-
-in {
-  options.lass.ejabberd = {
-    enable = mkEnableOption "lass.ejabberd";
-    certfile = mkOption {
-      type = types.secret-file;
-      default = {
-        name = "ejabberd-certfile";
-        path = "${cfg.user.home}/ejabberd.pem";
-        owner = cfg.user;
-        source-path = "/var/lib/acme/lassul.us/full.pem";
-      };
-    };
-    dhfile = mkOption {
-      type = types.secret-file;
-      default = {
-        name = "ejabberd-dhfile";
-        path = "${cfg.user.home}/dhparams.pem";
-        owner = cfg.user;
-        source-path = "/dev/null";
-      };
-    };
-    hosts = mkOption {
-      type = with types; listOf str;
-    };
-    pkgs.ejabberdctl = mkOption {
-      type = types.package;
-      default = pkgs.writeDashBin "ejabberdctl" ''
-        exec ${pkgs.ejabberd}/bin/ejabberdctl \
-            --config ${toFile "ejabberd.yaml" (import ./config.nix {
-              inherit pkgs;
-              config = cfg;
-            })} \
-            --logs ${shell.escape cfg.user.home} \
-            --spool ${shell.escape cfg.user.home} \
-            "$@"
-      '';
-    };
-    registration_watchers = mkOption {
-      type = types.listOf types.str;
-      default = [
-        config.krebs.users.tv.mail
-      ];
-    };
-    s2s_certfile = mkOption {
-      type = types.secret-file;
-      default = cfg.certfile;
-    };
-    user = mkOption {
-      type = types.user;
-      default = {
-        name = "ejabberd";
-        home = "/var/ejabberd";
-      };
-    };
-  };
-  config = lib.mkIf cfg.enable {
-    environment.systemPackages = [ cfg.pkgs.ejabberdctl ];
-
-    krebs.secret.files = {
-      ejabberd-certfile = cfg.certfile;
-      ejabberd-s2s_certfile = cfg.s2s_certfile;
-    };
-
-    systemd.services.ejabberd = {
-      wantedBy = [ "multi-user.target" ];
-      after = [
-        config.krebs.secret.files.ejabberd-certfile.service
-        config.krebs.secret.files.ejabberd-s2s_certfile.service
-        "network.target"
-      ];
-      partOf = [
-        config.krebs.secret.files.ejabberd-certfile.service
-        config.krebs.secret.files.ejabberd-s2s_certfile.service
-      ];
-      serviceConfig = {
-        ExecStartPre = "${gen-dhparam} ${cfg.dhfile.path}";
-        ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl foreground";
-        PermissionsStartOnly = true;
-        SyslogIdentifier = "ejabberd";
-        User = cfg.user.name;
-        TimeoutStartSec = 60;
-      };
-    };
-
-    users.users.${cfg.user.name} = {
-      inherit (cfg.user) home name uid;
-      createHome = true;
-    };
-  };
-}

From c9aac57896de2b3be96ca136d4fdbcfe1eaf5266 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 21:00:51 +0100
Subject: [PATCH 074/120] l prism.r: serve maker wallpaper publicly

---
 lass/1systems/prism/config.nix | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 81159573d..da26e6b21 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -142,9 +142,14 @@ with import <stockholm/lib>;
       imports = [
         <stockholm/lass/2configs/realwallpaper.nix>
       ];
-      services.nginx.virtualHosts."lassul.us".locations."= /wallpaper.png".extraConfig = ''
-        alias /var/realwallpaper/realwallpaper.png;
-      '';
+      services.nginx.virtualHosts."lassul.us".locations = {
+        "= /wallpaper-marker.png".extraConfig = ''
+          alias /var/realwallpaper/realwallpaper-marker.png;
+        '';
+        "= /wallpaper.png".extraConfig = ''
+          alias /var/realwallpaper/realwallpaper.png;
+        '';
+      };
     }
     {
       users.users.jeschli = {

From 7e77033bfde0de1236a16b072a92236166facf3a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 21:01:11 +0100
Subject: [PATCH 075/120] l prism.r: set murmur autobanTime

---
 lass/1systems/prism/config.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index da26e6b21..1b6b07569 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -278,8 +278,9 @@ with import <stockholm/lib>;
       services.murmur = {
         enable = true;
         bandwidth = 10000000;
+        registerName = "lassul.us";
+        autobanTime = 30;
       };
-      services.murmur.registerName = "lassul.us";
       krebs.iptables.tables.filter.INPUT.rules = [
         { predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
         { predicate = "-p udp --dport 64738"; target = "ACCEPT";}

From 7258d96e4e41fc03cfbefebb1aa2d52c20fd62ea Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 21:01:38 +0100
Subject: [PATCH 076/120] l prism.r: add mic92 & qubasa to authorized
 downloaders

---
 lass/1systems/prism/config.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 1b6b07569..958c20351 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -351,6 +351,8 @@ with import <stockholm/lib>;
             palo.pubkey
             "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
             "AAAAB3NzaC1yc2EAAAADAQABAAABgQC4ECL9NSCWqs4KVe+FF+2BPtl5Bv5aQPHqnXllCyiESZykwRKLx6/AbF5SbUAUMVZtp9oDSdp28m3BvVeWJ/q7hAbIxUtfd/jp+JBRZ8Kj6K5GzUO7Bhgl/o0A7xEjAeOKHiYuLjdPMcFUyl6Ah4ey/mcQYf6AdU0+hYUDeUlKe/YxxYD6202W0GJq2xGdIqs/TbopT9iaX+sv0wdXDVfFY72nFqOUwJW3u6O2viKKRugrz/eo50Eo3ts7pYz/FpDXExrUvV9Vu/bQ34pa8nKgF3/AKQHgmzljNQSVZKyAV8OY0UFonjBMXCBg2tXtwfnlzdx2SyuQVv55x+0AuRKsi85G2xLpXu1A3921pseBTW6Q6kbYK9eqxAay2c/kNbwNqFnO+nCvQ6Ier/hvGddOtItMu96IuU2E7mPN6WgvM8/3fjJRFWnZxFxqu/k7iH+yYT8qwRgdiSqZc76qvkYEuabdk2itstTRY0A3SpI3hFMZDw/7bxgMZtqpfyoRk5s= philip@shiki11:15 <Profpatsch> AAAAB3NzaC1yc2EAAAADAQABAAABgQC4ECL9NSCWqs4KVe+FF+2BPtl5Bv5aQPHqnXllCyiESZykwRKLx6/AbF5SbUAUMVZtp9oDSdp28m3BvVeWJ/q7hAbIxUtfd/jp+JBRZ8Kj6K5GzUO7Bhgl/o0A7xEjAeOKHiYuLjdPMcFUyl6Ah4ey/mcQYf6AdU0+hYUDeUlKe/YxxYD6202W0GJq2xGdIqs/TbopT9iaX+sv0wdXDVfFY72nFqOUwJW3u6O2viKKRugrz/eo50Eo3ts7pYz/FpDXExrUvV9Vu/bQ34pa8nKgF3/AKQHgmzljNQSVZKyAV8OY0UFonjBMXCBg2tXtwfnlzdx2SyuQVv55x+0AuRKsi85G2xLpXu1A3921pseBTW6Q6kbYK9eqxAay2c/kNbwNqFnO+nCvQ6Ier/hvGddOtItMu96IuU2E7mPN6WgvM8/3fjJRFWnZxFxqu/k7iH+yYT8qwRgdiSqZc76qvkYEuabdk2itstTRY0A3SpI3hFMZDw/7bxgMZtqpfyoRk5s= philip@shiki"
+            mic92.pubkey
+            qubasa.pubkey
           ];
         };
       };

From 2b83ce10c504be19b54d22032e9471d72f9dbfcf Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 21:03:21 +0100
Subject: [PATCH 077/120] l prism.r: remove deprecated samba stuff

---
 lass/1systems/prism/config.nix | 36 ----------------------------------
 1 file changed, 36 deletions(-)

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 958c20351..6f61ea57e 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -411,42 +411,6 @@ with import <stockholm/lib>;
         ];
       };
     }
-    { #macos mounting of yellow
-      krebs.iptables.tables.filter.INPUT.rules = [
-        { predicate = "-i wiregrill -p tcp --dport 139"; target = "ACCEPT"; }
-        { predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; }
-        { predicate = "-i wiregrill -p udp --dport 137"; target = "ACCEPT"; }
-        { predicate = "-i wiregrill -p udp --dport 138"; target = "ACCEPT"; }
-      ];
-      users.users.smbguest = {
-        name = "smbguest";
-        uid = config.ids.uids.smbguest;
-        description = "smb guest user";
-        home = "/home/share";
-        createHome = true;
-      };
-      services.samba = {
-        enable = true;
-        enableNmbd = true;
-        shares = {
-          download = {
-            path = "/var/download/finished";
-            "read only" = "yes";
-            browseable = "yes";
-            "guest ok" = "yes";
-          };
-        };
-        extraConfig = ''
-          guest account = smbguest
-          map to guest = bad user
-          # disable printing
-          load printers = no
-          printing = bsd
-          printcap name = /dev/null
-          disable spoolss = yes
-        '';
-      };
-    }
   ];
 
   krebs.build.host = config.krebs.hosts.prism;

From da975dabdd29fa795b07a6c6a9a3155f3505c4c5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 21:03:47 +0100
Subject: [PATCH 078/120] l skynet.r: use as green-host

---
 lass/1systems/skynet/config.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
index 507ccd14d..4da4dffb8 100644
--- a/lass/1systems/skynet/config.nix
+++ b/lass/1systems/skynet/config.nix
@@ -6,6 +6,7 @@ with import <stockholm/lib>;
 
     <stockholm/lass/2configs/retiolum.nix>
     <stockholm/lass/2configs/blue-host.nix>
+    <stockholm/lass/2configs/green-host.nix>
     <stockholm/lass/2configs/power-action.nix>
     <stockholm/lass/2configs/syncthing.nix>
     {

From 1a79d3865e250904507c18d9376ef708e9a6bda8 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 21:07:04 +0100
Subject: [PATCH 079/120] l styx.r: set interface names

---
 lass/1systems/styx/physical.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lass/1systems/styx/physical.nix b/lass/1systems/styx/physical.nix
index a3899f87d..ae0cdf489 100644
--- a/lass/1systems/styx/physical.nix
+++ b/lass/1systems/styx/physical.nix
@@ -31,4 +31,9 @@
 
   nix.maxJobs = lib.mkDefault 4;
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+
+  services.udev.extraRules = ''
+    SUBSYSTEM=="net", ATTR{address}=="3c:7c:3f:7e:e2:39", NAME="et0"
+    SUBSYSTEM=="net", ATTR{address}=="00:e0:4c:78:91:50", NAME="int0"
+  '';
 }

From 2970004fb29472d7fcb8b2eef3a71a91c028d0e6 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 21:08:56 +0100
Subject: [PATCH 080/120] l yellow.r: use new transmission options

---
 lass/1systems/yellow/config.nix | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index d400697d7..16762e9a1 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -9,30 +9,21 @@ with import <stockholm/lib>;
 
   krebs.build.host = config.krebs.hosts.yellow;
 
-  system.activationScripts.downloadFolder = ''
-    mkdir -p /var/download
-    chown transmission:download /var/download
-    chown transmission:download /var/download/finished
-    chmod 775 /var/download
-  '';
-
-  users.users.download = { uid = genid "download"; };
   users.groups.download.members = [ "transmission" ];
-  users.users.transmission.group = mkForce "download";
 
   systemd.services.transmission.bindsTo = [ "openvpn-nordvpn.service" ];
   systemd.services.transmission.after = [ "openvpn-nordvpn.service" ];
-  systemd.services.transmission.postStart = ''
-    chmod 775 /var/download/finished
-  '';
   services.transmission = {
     enable = true;
+    group = "download";
+    downloadDirPermissions = "775";
     settings = {
       download-dir = "/var/download/finished";
       incomplete-dir = "/var/download/incoming";
       incomplete-dir-enable = true;
+      rpc-bind-address = "0.0.0.0";
       message-level = 1;
-      umask = "002";
+      umask = 18;
       rpc-whitelist-enabled = false;
       rpc-host-whitelist-enabled = false;
     };

From 0344e09941f404a7a3b09a62ffe5d3708ac7a96e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 21:09:11 +0100
Subject: [PATCH 081/120] l yellow.r: use another nordvpn server

---
 lass/1systems/yellow/config.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 16762e9a1..1afad003c 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -163,7 +163,7 @@ with import <stockholm/lib>;
     client
     dev tun
     proto udp
-    remote 185.230.127.27 1194
+    remote 91.207.172.77 1194
     resolv-retry infinite
     remote-random
     nobind
@@ -186,6 +186,7 @@ with import <stockholm/lib>;
     fast-io
     cipher AES-256-CBC
     auth SHA512
+
     <ca>
     -----BEGIN CERTIFICATE-----
     MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ

From ed7bd5a9ce5b2893925c3a35faffc6d369d6c4bc Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 21:09:41 +0100
Subject: [PATCH 082/120] l xerxes.r: sync basic dir

---
 lass/1systems/xerxes/config.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix
index 8c4362865..22c80b4da 100644
--- a/lass/1systems/xerxes/config.nix
+++ b/lass/1systems/xerxes/config.nix
@@ -11,6 +11,7 @@
     <stockholm/lass/2configs/programs.nix>
     <stockholm/lass/2configs/network-manager.nix>
     <stockholm/lass/2configs/syncthing.nix>
+    <stockholm/lass/2configs/sync/sync.nix>
     <stockholm/lass/2configs/games.nix>
     <stockholm/lass/2configs/steam.nix>
     <stockholm/lass/2configs/wine.nix>

From 9b884ed48306b2f881521e61e5bfea26c545d168 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 21:24:51 +0100
Subject: [PATCH 083/120] l green-host: share with morpheus & styx

---
 lass/2configs/green-host.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
index 1f17c78c8..5f44f5065 100644
--- a/lass/2configs/green-host.nix
+++ b/lass/2configs/green-host.nix
@@ -10,7 +10,9 @@
       "shodan"
       "skynet"
       "mors"
+      "morpheus"
       "littleT"
+      "styx"
     ];
     hostIp = "10.233.2.15";
     localIp = "10.233.2.16";

From fc01155ea520bf3f6ceaafef3a32393331a9319a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 21:25:12 +0100
Subject: [PATCH 084/120] l green-host: backup with borg

---
 lass/2configs/green-host.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
index 5f44f5065..a5328943c 100644
--- a/lass/2configs/green-host.nix
+++ b/lass/2configs/green-host.nix
@@ -18,4 +18,12 @@
     localIp = "10.233.2.16";
     format = "ecryptfs";
   };
+
+  services.borgbackup.jobs.sync-green = {
+    encryption.mode = "none";
+    paths = "/var/lib/sync-containers/green/ecryptfs";
+    repo = "/var/lib/sync-containers/green/backup";
+    compression = "auto,lzma";
+    startAt = "daily";
+  };
 }

From 1238cd66f7982cfa2e4d069be83eff37ee42afc8 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 21:27:10 +0100
Subject: [PATCH 085/120] news: remove unneded \

---
 krebs/2configs/news.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 04a843922..a492b0782 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -75,7 +75,7 @@
                     echo "$#"
                     exit 1
                   fi
-                  ${pkgs.curl}/bin/curl -Ss "https://feedsearch.dev/api/v1/search?url=$1&info=true&favicon=false" | \
+                  ${pkgs.curl}/bin/curl -Ss "https://feedsearch.dev/api/v1/search?url=$1&info=true&favicon=false" |
                     ${pkgs.jq}/bin/jq '.[].url'
                 '';
               };

From cfe7d62e062a438b080e6a39744dd11dcd2cde01 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 22:25:38 +0100
Subject: [PATCH 086/120] l binary-cache server: use different port

---
 lass/2configs/binary-cache/server.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
index 9b91035a8..101dd045f 100644
--- a/lass/2configs/binary-cache/server.nix
+++ b/lass/2configs/binary-cache/server.nix
@@ -6,6 +6,7 @@
   services.nix-serve = {
     enable = true;
     secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+    port = 5005;
   };
 
   systemd.services.nix-serve = {

From 9a5e3cb731a9d4740067e43c787bdedfc3e70ebf Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 22:27:46 +0100
Subject: [PATCH 087/120] l: init tdlibpurple at 0.7.6

---
 lass/5pkgs/tdlib-purple/default.nix | 33 +++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 lass/5pkgs/tdlib-purple/default.nix

diff --git a/lass/5pkgs/tdlib-purple/default.nix b/lass/5pkgs/tdlib-purple/default.nix
new file mode 100644
index 000000000..445839a4b
--- /dev/null
+++ b/lass/5pkgs/tdlib-purple/default.nix
@@ -0,0 +1,33 @@
+{ stdenv, fetchFromGitHub, cmake, tdlib, pidgin, libwebp, libtgvoip } :
+
+stdenv.mkDerivation rec {
+  pname = "tdlib-purple";
+  version = "0.7.6";
+
+  src = fetchFromGitHub {
+    owner = "ars3niy";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "1inamfzbrz0sy4y431jgwjfg6lz14a7c71khrg02481raxchhzzf";
+  };
+
+  cmakeFlags = [
+    "-Dtgvoip_INCLUDE_DIRS=${libtgvoip.dev}/include/tgvoip"
+  ];
+
+  nativeBuildInputs = [ cmake ];
+  buildInputs = [ pidgin tdlib libwebp libtgvoip ];
+
+  installPhase = ''
+    mkdir -p $out/lib/purple-2/
+    cp *.so $out/lib/purple-2/
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = "https://github.com/ars3niy/tdlib-purple";
+    description = "New libpurple plugin for Telegram";
+    license = licenses.gpl2;
+    maintainers = [ maintainers.lassulus ];
+    platforms = platforms.linux;
+  };
+}

From bd1e7a86143e259f25c1ede213725d90727a0c4e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Jan 2021 22:29:43 +0100
Subject: [PATCH 088/120] l bitlbee: use tdlib as telegram provider

---
 lass/2configs/bitlbee.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix
index 1220fa0cd..d8f1ae888 100644
--- a/lass/2configs/bitlbee.nix
+++ b/lass/2configs/bitlbee.nix
@@ -10,6 +10,10 @@ with (import <stockholm/lib>);
       pkgs.bitlbee-steam
       pkgs.bitlbee-discord
     ];
-    libpurple_plugins = [ pkgs.telegram-purple ];
+    libpurple_plugins = [
+      # pkgs.telegram-purple
+      pkgs.tdlib-purple
+      # pkgs.purple-gowhatsapp
+    ];
   };
 }

From c334eb47eb5f5be64a3d1d969365bc7dcebbcf39 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 09:43:53 +0100
Subject: [PATCH 089/120] l hass: open zigbee2mqtt frontend

---
 lass/2configs/hass/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix
index 78379ba1c..44f6e25f9 100644
--- a/lass/2configs/hass/default.nix
+++ b/lass/2configs/hass/default.nix
@@ -13,7 +13,9 @@ with import ./lib.nix { inherit lib; };
     { predicate = "-i int0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto
     { predicate = "-i docker0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto
     { predicate = "-i int0 -p tcp --dport 8123"; target = "ACCEPT"; } # hass
+    { predicate = "-i int0 -p tcp --dport 1337"; target = "ACCEPT"; } # hass
     { predicate = "-i retiolum -p tcp --dport 8123"; target = "ACCEPT"; } # hass
+    { predicate = "-i retiolum -p tcp --dport 1337"; target = "ACCEPT"; } # hass frontend
     { predicate = "-i wiregrill -p tcp --dport 8123"; target = "ACCEPT"; } # hass
   ];
 

From a6ace6ef5e4613d2d59c20cb7e2811ea3c5e9c10 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 09:46:43 +0100
Subject: [PATCH 090/120] l hass: enable shopping list, disable hue

---
 lass/2configs/hass/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix
index 44f6e25f9..3cd6e0ebf 100644
--- a/lass/2configs/hass/default.nix
+++ b/lass/2configs/hass/default.nix
@@ -49,6 +49,7 @@ with import ./lib.nix { inherit lib; };
     };
     config = {};
     sun.elevation = 66;
+    shopping_list = {};
     discovery = {};
     frontend = {};
     mqtt = {
@@ -83,7 +84,6 @@ with import ./lib.nix { inherit lib; };
       (tasmota_s20 "Stereo Anlage" "stereo")
     ];
     mobile_app = {};
-    hue = {};
     weather = [
       {
         platform = "openweathermap";

From fed3663923bf8064215dd0f2f8eac4ee82d63179 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 09:47:24 +0100
Subject: [PATCH 091/120] l hass: use better naming

---
 lass/2configs/hass/lib.nix         | 25 +++++++++----------------
 lass/2configs/hass/rooms/bett.nix  |  2 +-
 lass/2configs/hass/rooms/essen.nix |  4 ++--
 lass/2configs/hass/rooms/nass.nix  |  4 ++--
 4 files changed, 14 insertions(+), 21 deletions(-)

diff --git a/lass/2configs/hass/lib.nix b/lass/2configs/hass/lib.nix
index 9281a19ec..1f9f9945d 100644
--- a/lass/2configs/hass/lib.nix
+++ b/lass/2configs/hass/lib.nix
@@ -23,7 +23,7 @@ rec {
   };
 
   friendly_names =
-    lib.mapAttrs' (n: v: lib.nameValuePair "light.${v}_light" { friendly_name = "l.${n}"; }) lights //
+    lib.mapAttrs' (n: v: lib.nameValuePair "light.${v}" { friendly_name = "l.${n}"; }) lights //
     lib.mapAttrs' (n: v: lib.nameValuePair "binary_sensor.${v}_update_available" { friendly_name = "s.${n}_up"; }) switches.dimmer //
     lib.mapAttrs' (n: v: lib.nameValuePair "binary_sensor.${v}_update_available" { friendly_name = "i.${n}_up"; }) sensors.movement //
     lib.mapAttrs' (n: v: lib.nameValuePair "binary_sensor.${v}_update_available" { friendly_name = "l.${n}_up"; }) lights //
@@ -41,11 +41,11 @@ rec {
     lib.mapAttrs' (n: v: lib.nameValuePair "sensor.${v}_illuminance" { friendly_name = "i.${n}_lux"; }) sensors.movement //
     {};
 
-  detect_movement = sensor: light: delay:
+  detect_movement = name: sensor: light: delay:
   let
-    id = "${sensor}_${light}";
+    id = name;
     sensor_ = "binary_sensor.${sensor}_occupancy";
-    light_ = "light.${light}_light";
+    light_ = "light.${light}";
   in {
     input_boolean."${id}" = {
     };
@@ -71,7 +71,6 @@ rec {
       # }
       {
         alias = "movement reset timer ${id}";
-        hide_entity = true;
         trigger = {
           platform = "state";
           entity_id = sensor_;
@@ -87,7 +86,6 @@ rec {
       }
       {
         alias = "movement on ${id}";
-        # hide_entity = true;
         trigger = {
           platform = "state";
           entity_id = "binary_sensor.${sensor}_occupancy";
@@ -124,7 +122,6 @@ rec {
       }
       {
         alias = "movement off ${id}";
-        hide_entity = true;
         trigger = {
           platform = "state";
           entity_id = sensor_;
@@ -144,7 +141,6 @@ rec {
       }
       {
         alias = "movement override ${id}";
-        hide_entity = true;
         trigger = {
           platform = "state";
           entity_id = light_;
@@ -164,7 +160,6 @@ rec {
       }
       {
         alias = "movement expired ${id}";
-        hide_entity = true;
         trigger = {
           platform = "event";
           event_type = "timer.finished";
@@ -186,11 +181,10 @@ rec {
     ];
   };
 
-  lightswitch = switch: light: {
+  lightswitch = name: switch: light: {
     automation = [
       {
-        alias = "lightswitch ${switch} turn on light ${light}";
-        hide_entity = "true";
+        alias = "lightswitch ${name} turn on";
         trigger = {
           platform = "mqtt";
           topic = "zigbee/${switch}";
@@ -225,15 +219,14 @@ rec {
           {
             service = "light.turn_on";
             data_template = {
-              entity_id = "light.${light}_light";
+              entity_id = "light.${light}";
               brightness = "{{ trigger.payload_json.brightness }}";
             };
           }
         ];
       }
       {
-        alias = "lightswitch ${switch} turn off light ${light}";
-        hide_entity = "true";
+        alias = "lightswitch ${name} turn off";
         trigger = {
           platform = "mqtt";
           topic = "zigbee/${switch}";
@@ -254,7 +247,7 @@ rec {
         action = {
           service = "light.turn_off";
           data_template = {
-            entity_id = "light.${light}_light";
+            entity_id = "light.${light}";
           };
         };
       }
diff --git a/lass/2configs/hass/rooms/bett.nix b/lass/2configs/hass/rooms/bett.nix
index 48a1f72d7..026c5722c 100644
--- a/lass/2configs/hass/rooms/bett.nix
+++ b/lass/2configs/hass/rooms/bett.nix
@@ -3,7 +3,7 @@ with import ../lib.nix { inherit lib; };
 
 {
   services.home-assistant.config = lib.mkMerge [
-    (lightswitch switches.dimmer.bett lights.bett)
+    (lightswitch "bett" switches.dimmer.bett lights.bett)
   ];
 
   # lass.hass.love = {
diff --git a/lass/2configs/hass/rooms/essen.nix b/lass/2configs/hass/rooms/essen.nix
index eeb3d30d2..293935f65 100644
--- a/lass/2configs/hass/rooms/essen.nix
+++ b/lass/2configs/hass/rooms/essen.nix
@@ -3,7 +3,7 @@ with import ../lib.nix { inherit lib; };
 
 {
   services.home-assistant.config = lib.mkMerge [
-    (detect_movement sensors.movement.essen lights.essen 10)
-    (lightswitch switches.dimmer.essen lights.essen)
+    (detect_movement "essen" sensors.movement.essen lights.essen 70)
+    (lightswitch "essen" switches.dimmer.essen lights.essen)
   ];
 }
diff --git a/lass/2configs/hass/rooms/nass.nix b/lass/2configs/hass/rooms/nass.nix
index 7e6298738..b23ba86cd 100644
--- a/lass/2configs/hass/rooms/nass.nix
+++ b/lass/2configs/hass/rooms/nass.nix
@@ -3,8 +3,8 @@ with import ../lib.nix { inherit lib; };
 
 {
   services.home-assistant.config = lib.mkMerge [
-    (detect_movement sensors.movement.nass lights.nass 100)
-    (lightswitch switches.dimmer.nass lights.nass)
+    (detect_movement "nass" sensors.movement.nass lights.nass 100)
+    (lightswitch "nass" switches.dimmer.nass lights.nass)
   ];
 }
 

From ffb9654b1b8b4981999cdce6180f1413aae4bd28 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 09:47:52 +0100
Subject: [PATCH 092/120] l exim-retiolum: add root alias

---
 lass/2configs/exim-retiolum.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lass/2configs/exim-retiolum.nix b/lass/2configs/exim-retiolum.nix
index 1ee8d843e..589e17551 100644
--- a/lass/2configs/exim-retiolum.nix
+++ b/lass/2configs/exim-retiolum.nix
@@ -3,7 +3,12 @@
 with import <stockholm/lib>;
 
 {
-  krebs.exim-retiolum.enable = true;
+  krebs.exim-retiolum = {
+    enable = true;
+    system-aliases = [
+      { from = "root"; to = "lass"; }
+    ];
+  };
   krebs.iptables.tables.filter.INPUT.rules = [
     { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
   ];

From 811fe371a5b78c463a16aeef63deafda8ac1ef76 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 09:48:21 +0100
Subject: [PATCH 093/120] l nfs-dl: tune mount settings

---
 lass/2configs/nfs-dl.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/2configs/nfs-dl.nix b/lass/2configs/nfs-dl.nix
index 91b026455..eeab732ba 100644
--- a/lass/2configs/nfs-dl.nix
+++ b/lass/2configs/nfs-dl.nix
@@ -13,9 +13,9 @@
       "x-systemd.device-timeout=1"
       "x-systemd.idle-timeout=1min"
       "x-systemd.requires=retiolum.service"
-      "x-systemd.requires=wpa_supplicant.service"
       "user"
       "_netdev"
+      "soft"
     ];
   };
 }

From 1fb17be4d16a0dff55b7f384047c8ed2c660164a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 09:49:20 +0100
Subject: [PATCH 094/120] l: l-gen-secrets: use new ip syntax

---
 lass/5pkgs/l-gen-secrets/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix
index 85b050644..6cf28c3c2 100644
--- a/lass/5pkgs/l-gen-secrets/default.nix
+++ b/lass/5pkgs/l-gen-secrets/default.nix
@@ -29,7 +29,7 @@ pkgs.writeDashBin "l-gen-secrets" ''
       nets = {
         retiolum = {
           ip4.addr = "10.243.0.changeme";
-          ip6.addr = "42:0:0:0:0:0:0:changeme";
+          ip6.addr = r6 "changeme";
           aliases = [
             "$HOSTNAME.r"
           ];
@@ -38,7 +38,7 @@ pkgs.writeDashBin "l-gen-secrets" ''
           ${"''"};
         };
         wiregrill = {
-          ip6.addr = (wip6 "changeme").address;
+          ip6.addr = w6 "changeme";
           aliases = [
             "$HOSTNAME.w"
           ];

From 5433345ad4c042313d30709b413d12dbbda3ed99 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 10:23:23 +0100
Subject: [PATCH 095/120] l: move ecryptfs-hack to wrapper

---
 lass/3modules/sync-containers.nix | 2 --
 lass/5pkgs/ecrypt/default.nix     | 5 ++++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/lass/3modules/sync-containers.nix b/lass/3modules/sync-containers.nix
index ebf440c4e..4dd0fd722 100644
--- a/lass/3modules/sync-containers.nix
+++ b/lass/3modules/sync-containers.nix
@@ -10,8 +10,6 @@ with import <stockholm/lib>;
     plain = ''
     '';
     ecryptfs = ''
-      # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails
-      echo 4 | ${pkgs.ecryptfs}/bin/ecryptfs-manager
       if ! mount | grep -q '${cfg.dataLocation}/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then
         if [ -e ${cfg.dataLocation}/${cname}/ecryptfs/.cfg.json ]; then
           ${pkgs.ecrypt}/bin/ecrypt mount ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state
diff --git a/lass/5pkgs/ecrypt/default.nix b/lass/5pkgs/ecrypt/default.nix
index 9bb35a8dc..f83f8cfe7 100644
--- a/lass/5pkgs/ecrypt/default.nix
+++ b/lass/5pkgs/ecrypt/default.nix
@@ -3,7 +3,6 @@
 #usage: ecrypt mount /var/crypted /var/unencrypted
 pkgs.writers.writeDashBin "ecrypt" ''
   set -euf
-  set -x
 
   PATH=${lib.makeBinPath (with pkgs; [
     coreutils
@@ -32,6 +31,8 @@ pkgs.writers.writeDashBin "ecrypt" ''
         echo 'destination dir is not empty, aborting'
         exit 1
       else
+        # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails
+        echo 4 | ecryptfs-manager
         stty -echo
         printf "passphrase: "
         read  passphrase
@@ -59,6 +60,8 @@ pkgs.writers.writeDashBin "ecrypt" ''
       if keyctl list @u | grep -q "$old_sig"; then
         echo 'pw already saved'
       else
+        # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails
+        echo 4 | ecryptfs-manager
         stty -echo
         printf "passphrase: "
         read  passphrase

From 293fa449e1d69d2d070f6990e414c76409c4913d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 10:30:47 +0100
Subject: [PATCH 096/120] ecrypt: l -> krebs

---
 {lass/5pkgs => krebs/5pkgs/simple}/ecrypt/default.nix | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename {lass/5pkgs => krebs/5pkgs/simple}/ecrypt/default.nix (100%)

diff --git a/lass/5pkgs/ecrypt/default.nix b/krebs/5pkgs/simple/ecrypt/default.nix
similarity index 100%
rename from lass/5pkgs/ecrypt/default.nix
rename to krebs/5pkgs/simple/ecrypt/default.nix

From ea0b43654e20ee3cbe85c154a35d5363baaaca97 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 10:41:47 +0100
Subject: [PATCH 097/120] sync-containers: lass -> krebs

---
 krebs/3modules/default.nix                   | 1 +
 {lass => krebs}/3modules/sync-containers.nix | 4 ++--
 lass/2configs/green-host.nix                 | 2 +-
 lass/3modules/default.nix                    | 1 -
 4 files changed, 4 insertions(+), 4 deletions(-)
 rename {lass => krebs}/3modules/sync-containers.nix (98%)

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 0b3d2c791..285db40f9 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -51,6 +51,7 @@ let
       ./secret.nix
       ./setuid.nix
       ./shadow.nix
+      ./sync-containers.nix
       ./tinc.nix
       ./tinc_graphs.nix
       ./urlwatch.nix
diff --git a/lass/3modules/sync-containers.nix b/krebs/3modules/sync-containers.nix
similarity index 98%
rename from lass/3modules/sync-containers.nix
rename to krebs/3modules/sync-containers.nix
index 4dd0fd722..81316fb0d 100644
--- a/lass/3modules/sync-containers.nix
+++ b/krebs/3modules/sync-containers.nix
@@ -1,6 +1,6 @@
 with import <stockholm/lib>;
 { config, pkgs, ... }: let
-  cfg = config.lass.sync-containers;
+  cfg = config.krebs.sync-containers;
   paths = cname: {
     plain = "/var/lib/containers/${cname}/var/state";
     ecryptfs = "${cfg.dataLocation}/${cname}/ecryptfs";
@@ -37,7 +37,7 @@ with import <stockholm/lib>;
     '';
   };
 in {
-  options.lass.sync-containers = {
+  options.krebs.sync-containers = {
     dataLocation = mkOption {
       description = ''
         location where the encrypted sync-container lie around
diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
index a5328943c..355daba9c 100644
--- a/lass/2configs/green-host.nix
+++ b/lass/2configs/green-host.nix
@@ -4,7 +4,7 @@
     <stockholm/lass/2configs/container-networking.nix>
     <stockholm/lass/2configs/syncthing.nix>
   ];
-  lass.sync-containers.containers.green = {
+  krebs.sync-containers.containers.green = {
     peers = [
       "icarus"
       "shodan"
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 3587e0f88..9f8ae98e5 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -12,7 +12,6 @@ _:
     ./pyload.nix
     ./restic.nix
     ./screenlock.nix
-    ./sync-containers.nix
     ./usershadow.nix
     ./xjail.nix
     ./autowifi.nix

From cefb50f5f1509c06f92453e09fb63ad71a746fe0 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 11:26:39 +0100
Subject: [PATCH 098/120] bindfs: l -> krebs

---
 {lass => krebs}/3modules/bindfs.nix | 4 ++--
 krebs/3modules/default.nix          | 1 +
 lass/1systems/green/config.nix      | 2 +-
 lass/3modules/default.nix           | 1 -
 4 files changed, 4 insertions(+), 4 deletions(-)
 rename {lass => krebs}/3modules/bindfs.nix (96%)

diff --git a/lass/3modules/bindfs.nix b/krebs/3modules/bindfs.nix
similarity index 96%
rename from lass/3modules/bindfs.nix
rename to krebs/3modules/bindfs.nix
index c489ef163..7e3730e86 100644
--- a/lass/3modules/bindfs.nix
+++ b/krebs/3modules/bindfs.nix
@@ -1,9 +1,9 @@
 with import <stockholm/lib>;
 { config, pkgs, ... }:
 let
-  cfg = config.lass.bindfs;
+  cfg = config.krebs.bindfs;
 in {
-  options.lass.bindfs = mkOption {
+  options.krebs.bindfs = mkOption {
     type = types.attrsOf (types.submodule ({ config, ... }: {
       options = {
         target = mkOption {
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 285db40f9..e7d04ead8 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -11,6 +11,7 @@ let
       ./apt-cacher-ng.nix
       ./backup.nix
       ./bepasty-server.nix
+      ./bindfs.nix
       ./brockman.nix
       ./buildbot/master.nix
       ./buildbot/slave.nix
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
index d7683ff5f..fbd2d223f 100644
--- a/lass/1systems/green/config.nix
+++ b/lass/1systems/green/config.nix
@@ -26,7 +26,7 @@ with import <stockholm/lib>;
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel
   ];
 
-  lass.bindfs = {
+  krebs.bindfs = {
     "/home/lass/.weechat" = {
       source = "/var/state/lass_weechat";
       options = [
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 9f8ae98e5..1ce88b238 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -1,7 +1,6 @@
 _:
 {
   imports = [
-    ./bindfs.nix
     ./dnsmasq.nix
     ./folderPerms.nix
     ./hosts.nix

From 8e5eb283f4f06a87ab228ad2a0d3a9a6e3ffd737 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 14:47:50 +0100
Subject: [PATCH 099/120] l syncthing: just configure used peers

---
 lass/2configs/syncthing.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index d31ce7800..50f282640 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -1,6 +1,9 @@
 { config, pkgs, ... }: with import <stockholm/lib>; let
-  all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
   mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
+
+  all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
+  used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.declarative.folders));
+  used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers;
 in {
   services.syncthing = {
     enable = true;
@@ -9,7 +12,7 @@ in {
     declarative = {
       key = toString <secrets/syncthing.key>;
       cert = toString <secrets/syncthing.cert>;
-      devices = mk_peers all_peers;
+      devices = mk_peers used_peers;
     };
   };
   krebs.iptables.tables.filter.INPUT.rules = [

From 550b502628a6e9567fb210c5dba38e9468481efb Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 15:06:54 +0100
Subject: [PATCH 100/120] syncthing: split into l and krebs

---
 krebs/2configs/syncthing.nix | 15 +++++++++++++++
 lass/2configs/syncthing.nix  | 13 +++----------
 2 files changed, 18 insertions(+), 10 deletions(-)
 create mode 100644 krebs/2configs/syncthing.nix

diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix
new file mode 100644
index 000000000..31e33ad5e
--- /dev/null
+++ b/krebs/2configs/syncthing.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, ... }: with import <stockholm/lib>; let
+  mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
+
+  all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
+  used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.declarative.folders));
+  used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers;
+in {
+  services.syncthing = {
+    enable = true;
+    configDir = "/var/lib/syncthing";
+    declarative = {
+      devices = mk_peers used_peers;
+    };
+  };
+}
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index 50f282640..e288df68a 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -1,18 +1,11 @@
-{ config, pkgs, ... }: with import <stockholm/lib>; let
-  mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
-
-  all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
-  used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.declarative.folders));
-  used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers;
-in {
+{ config, pkgs, ... }: with import <stockholm/lib>;
+{
+  imports = [ <stockholm/krebs/2configs/syncthing.nix> ];
   services.syncthing = {
-    enable = true;
     group = "syncthing";
-    configDir = "/var/lib/syncthing";
     declarative = {
       key = toString <secrets/syncthing.key>;
       cert = toString <secrets/syncthing.cert>;
-      devices = mk_peers used_peers;
     };
   };
   krebs.iptables.tables.filter.INPUT.rules = [

From f4206a60810014cb23ca6eb882398a4739b7b780 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 15:54:05 +0100
Subject: [PATCH 101/120] sync-containers: add noop to plain container scripts

---
 krebs/3modules/sync-containers.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/krebs/3modules/sync-containers.nix b/krebs/3modules/sync-containers.nix
index 81316fb0d..7c7db4c3d 100644
--- a/krebs/3modules/sync-containers.nix
+++ b/krebs/3modules/sync-containers.nix
@@ -8,6 +8,7 @@ with import <stockholm/lib>;
   };
   start = cname: {
     plain = ''
+      :
     '';
     ecryptfs = ''
       if ! mount | grep -q '${cfg.dataLocation}/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then
@@ -28,6 +29,7 @@ with import <stockholm/lib>;
   };
   stop = cname: {
     plain = ''
+      :
     '';
     ecryptfs = ''
       ${pkgs.ecrypt}/bin/ecrypt unmount ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state

From 5d24d8e8c2e1493020ff79193bb8480ed882bb03 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 15:58:14 +0100
Subject: [PATCH 102/120] krops: clone nixpkgs shallow

---
 krebs/krops.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/krebs/krops.nix b/krebs/krops.nix
index 608e46df1..5e5a3d5e7 100644
--- a/krebs/krops.nix
+++ b/krebs/krops.nix
@@ -28,6 +28,7 @@
       git = {
         ref = (lib.importJSON ./nixpkgs.json).rev;
         url = https://github.com/NixOS/nixpkgs;
+        shallow = true;
       };
     };
     stockholm.file = toString ../.;

From 1bbeb1e45c155c4d9822d40db1b39995e861c292 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 15:58:25 +0100
Subject: [PATCH 103/120] krops: add populate command

---
 krebs/krops.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/krebs/krops.nix b/krebs/krops.nix
index 5e5a3d5e7..aeb2413a4 100644
--- a/krebs/krops.nix
+++ b/krebs/krops.nix
@@ -68,6 +68,13 @@
     target = "root@${target}/var/src";
   };
 
+  # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate)
+  populate = { target, force ? false }: pkgs.populate {
+    inherit force;
+    source = source { test = false; };
+    target = lib.mkTarget target;
+  };
+
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
   test = { target }: pkgs.krops.writeTest "${name}-test" {
     force = true;

From f6e8e690bb8a95dfcf9302996f93baa5fa94f1ba Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 16:06:25 +0100
Subject: [PATCH 104/120] l puyak.r: remove news services

---
 krebs/1systems/hotdog/config.nix | 4 ----
 krebs/1systems/puyak/config.nix  | 8 --------
 2 files changed, 12 deletions(-)

diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index c0fa38284..a100e414d 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -1,7 +1,3 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
 { config, lib, pkgs, ... }:
 
 {
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 19cf22280..1e0687ba7 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -19,14 +19,6 @@
     <stockholm/krebs/2configs/binary-cache/nixos.nix>
     <stockholm/krebs/2configs/binary-cache/prism.nix>
 
-    ### Krebs ###
-    <stockholm/krebs/2configs/go.nix>
-
-    #### NEWS ####
-    <stockholm/krebs/2configs/ircd.nix>
-    <stockholm/krebs/2configs/news.nix>
-
-
     ### shackspace ###
     # handle the worlddomination map via coap
     <stockholm/krebs/2configs/shack/worlddomination.nix>

From ec9c2defae862a2ba57c7d94b5697c93d5910536 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 16:29:40 +0100
Subject: [PATCH 105/120] brockman: use genid for uid

---
 krebs/3modules/brockman.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix
index 55e8255b4..32aa3489b 100644
--- a/krebs/3modules/brockman.nix
+++ b/krebs/3modules/brockman.nix
@@ -1,5 +1,5 @@
-{ pkgs, lib, config, ... }:
-with lib;
+{ pkgs, config, ... }:
+with import <stockholm/lib>;
 let
   cfg = config.krebs.brockman;
 in {
@@ -13,6 +13,7 @@ in {
       home = "/var/lib/brockman";
       createHome = true;
       isNormalUser = false;
+      uid = genid_uint31 "brockman";
     };
 
     systemd.services.brockman = {

From ce8b0541ea9ef7c07ee8c71b9c0a8307ed821d76 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 16:32:30 +0100
Subject: [PATCH 106/120] init news.r

---
 krebs/1systems/news/config.nix   | 36 ++++++++++++++++++++++++++++++++
 krebs/2configs/news-host.nix     | 12 +++++++++++
 krebs/3modules/krebs/default.nix | 34 ++++++++++++++++++++++++++++--
 3 files changed, 80 insertions(+), 2 deletions(-)
 create mode 100644 krebs/1systems/news/config.nix
 create mode 100644 krebs/2configs/news-host.nix

diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix
new file mode 100644
index 000000000..e4059e579
--- /dev/null
+++ b/krebs/1systems/news/config.nix
@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    <stockholm/krebs>
+    <stockholm/krebs/2configs>
+
+    <stockholm/krebs/2configs/ircd.nix>
+    <stockholm/krebs/2configs/go.nix>
+
+    #### NEWS ####
+    <stockholm/krebs/2configs/ircd.nix>
+    <stockholm/krebs/2configs/news.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.news;
+
+  boot.isContainer = true;
+  networking.useDHCP = false;
+  krebs.bindfs = {
+    "/var/lib/htgen-go" = {
+      source = "/var/state/htgen-go";
+      options = [
+        "-M ${toString config.users.users.htgen-go.uid}"
+      ];
+      clearTarget = true;
+    };
+    "/var/lib/brockman" = {
+      source = "/var/state/brockman";
+      options = [
+        "-M ${toString config.users.users.brockman.uid}"
+      ];
+      clearTarget = true;
+    };
+  };
+}
diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix
new file mode 100644
index 000000000..82360a670
--- /dev/null
+++ b/krebs/2configs/news-host.nix
@@ -0,0 +1,12 @@
+{
+  krebs.sync-containers.containers.news = {
+    peers = [
+      "shodan"
+      "mors"
+      "styx"
+    ];
+    hostIp = "10.233.2.101";
+    localIp = "10.233.2.102";
+    format = "plain";
+  };
+}
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index d0648418f..434ac1dfd 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -92,6 +92,38 @@ in {
       ssh.privkey.path = <secrets/ssh.id_ed25519>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp";
     };
+    news = {
+      cores = 1;
+      owner = config.krebs.users.krebs;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.0.5";
+          aliases = [
+            "news.r"
+            "go.r"
+            "rss.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN PUBLIC KEY-----
+            MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9PY6t6P1ytgo8qYL2QDc
+            cgPezX8yGmA0nuTyCUPtXbWyWee9HnzYqekzJYvBHwgBDvZ8UhLZTCXD15agDfaf
+            cbzd4uM5bCDgqI8sezzD95tqj7mzvIEurIShDXYSWC6YRat1h1Opp86JngBJRvHZ
+            Gb6NAyfnr4v2eyMrmH9/j+sECxjCAaC5QLpJWyoDPilFU8dXBarmiZNYYlXQt1pn
+            yxZSF5pElmrdiZ6vlKlnEHwFtExm1gv63ZjAlusrXM+bKMvdVKRnhahq76A5VXjc
+            kbOhQi+wYGaVK4jB2a1UilmKYh1wKLE7HULoHDRrqEe4jemNZg+JOBPTU+jM/JzM
+            XdPy0KAMxHOUZCe8IX0LgF1snVaMF05Qkoe3QKr0YJ3KTD7UdsJpa1Br216Z/w2f
+            koz+cRn/Z/8TO8SIRKvy5TfXeH+ra6rp/CvwryNlNL4FB+25LFDkJtLIZGqAsz3G
+            vRXUiGN4l1FR4TbX7XaK2rvIlA/+4isJ02bBdnZhe7kmuuBeECyPaR1+Ui6pElXe
+            ZamnxTAmj86Q8pDx6Wn2cg8YAJlVV3UCfhda34DZokJmmmKucGupg/6Xt0Bhm9d5
+            exNrTIDG3lXTxmg2mfiZJeg/fsnalvtN0j/VB+NmmKzie+ZohMK4nUfslq8o5CO9
+            j7ZLmZzm062GzX0RenxNkwUCAwEAAQ==
+            -----END PUBLIC KEY-----
+          '';
+        };
+      };
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl5cDF9QheXyMlNYIX17ILbgd94K50fZy7w0fDLvZlo ";
+    };
     onebutton = {
       cores = 1;
       nets = {
@@ -131,8 +163,6 @@ in {
             "brockman.r"
             "build.puyak.r"
             "cgit.puyak.r"
-            "go.r"
-            "rss.r"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----

From 5fe4e57a620abd3bed8e1ad4e7158439e4e075e1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 16:45:12 +0100
Subject: [PATCH 107/120] news.r: enable ci

---
 krebs/3modules/krebs/default.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 434ac1dfd..4a1b56084 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -93,8 +93,7 @@ in {
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp";
     };
     news = {
-      cores = 1;
-      owner = config.krebs.users.krebs;
+      ci = true;
       nets = {
         retiolum = {
           ip4.addr = "10.243.0.5";

From cf63e2c3ad3b0a780b7a595c9e34de3559808834 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 16:58:22 +0100
Subject: [PATCH 108/120] sync-containers: allow syncthing to enter
 /var/lib/containers

---
 krebs/3modules/sync-containers.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/krebs/3modules/sync-containers.nix b/krebs/3modules/sync-containers.nix
index 7c7db4c3d..d31022d3a 100644
--- a/krebs/3modules/sync-containers.nix
+++ b/krebs/3modules/sync-containers.nix
@@ -92,6 +92,10 @@ in {
 
   config = mkIf (cfg.containers != {}) {
     programs.fuse.userAllowOther = true;
+    # allow syncthing to enter /var/lib/containers
+    system.activationScripts.syncthing-home = ''
+      ${pkgs.coreutils}/bin/chmod a+x /var/lib/containers
+    '';
 
     services.syncthing.declarative.folders = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({
       devices = ctr.peers;

From 2c8ba1536325e7488b0c29868dcc2dd34a1b0263 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 17:00:29 +0100
Subject: [PATCH 109/120] l mors.r: add as news-host

---
 lass/1systems/mors/config.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 907242500..95b688590 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -35,6 +35,7 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/network-manager.nix>
     <stockholm/lass/2configs/nfs-dl.nix>
     <stockholm/lass/2configs/green-host.nix>
+    <stockholm/krebs/2configs/news-host.nix>
     <stockholm/lass/2configs/ppp/x220-modem.nix>
     <stockholm/lass/2configs/ppp/umts-stick.nix>
     # <stockholm/lass/2configs/remote-builder/morpheus.nix>

From a47c709c4a5227ad064bea3fbe89e8a5398c2c75 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 17:01:52 +0100
Subject: [PATCH 110/120] l shodan.r: add as host for news & green

---
 lass/1systems/shodan/config.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index b34afe5e6..a7e934573 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -14,6 +14,8 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/wine.nix>
     <stockholm/lass/2configs/bitcoin.nix>
     <stockholm/lass/2configs/blue-host.nix>
+    <stockholm/lass/2configs/green-host.nix>
+    <stockholm/krebs/2configs/news-host.nix>
     <stockholm/lass/2configs/nfs-dl.nix>
     <stockholm/lass/2configs/gg23.nix>
     <stockholm/lass/2configs/hass>

From f141ac6092861d1490ce0d0d86bcc75df104f742 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 17:02:20 +0100
Subject: [PATCH 111/120] l shodan.r: remove legacy gg23, add base syncthing

---
 lass/1systems/shodan/config.nix | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index a7e934573..7695e637b 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -17,16 +17,14 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/green-host.nix>
     <stockholm/krebs/2configs/news-host.nix>
     <stockholm/lass/2configs/nfs-dl.nix>
-    <stockholm/lass/2configs/gg23.nix>
-    <stockholm/lass/2configs/hass>
-    <stockholm/lass/2configs/br.nix>
     <stockholm/lass/2configs/fetchWallpaper.nix>
     <stockholm/lass/2configs/home-media.nix>
+    <stockholm/lass/2configs/syncthing.nix>
+    <stockholm/lass/2configs/sync/sync.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.shodan;
 
   services.logind.lidSwitch = "ignore";
   services.logind.lidSwitchDocked = "ignore";
-
 }

From feed3c9d7b81dafe6a6eb45a2339fb22262076fb Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 17:03:00 +0100
Subject: [PATCH 112/120] l styx.r: add gg23, container hosts, umts

---
 lass/1systems/styx/config.nix | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/lass/1systems/styx/config.nix b/lass/1systems/styx/config.nix
index 4c3ae1411..016d1480f 100644
--- a/lass/1systems/styx/config.nix
+++ b/lass/1systems/styx/config.nix
@@ -12,14 +12,17 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/browsers.nix>
     <stockholm/lass/2configs/programs.nix>
     <stockholm/lass/2configs/nfs-dl.nix>
-    # <stockholm/lass/2configs/gg23.nix>
-    # <stockholm/lass/2configs/hass>
+    <stockholm/lass/2configs/gg23.nix>
+    <stockholm/lass/2configs/hass>
+    <stockholm/lass/2configs/green-host.nix>
+    <stockholm/krebs/2configs/news-host.nix>
     # <stockholm/lass/2configs/br.nix>
     <stockholm/lass/2configs/fetchWallpaper.nix>
     <stockholm/lass/2configs/home-media.nix>
-    # <stockholm/lass/2configs/syncthing.nix>
-    # <stockholm/lass/2configs/sync/sync.nix>
+    <stockholm/lass/2configs/syncthing.nix>
+    <stockholm/lass/2configs/sync/sync.nix>
     # <stockholm/lass/2configs/idc.nix>
+    <stockholm/lass/2configs/ppp/umts-stick.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.styx;
@@ -27,6 +30,8 @@ with import <stockholm/lib>;
   krebs.iptables.tables.filter.INPUT.rules = [
     { predicate = "-p tcp --dport ${toString config.services.smokeping.port}"; target = "ACCEPT"; }
   ];
+  krebs.power-action.enable = mkForce false;
+
   services.smokeping = {
     enable = true;
     targetConfig = ''

From 6dfbe96823f7e649e7277d64efea2fdd40e3e76f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 17:03:34 +0100
Subject: [PATCH 113/120] l sync weechat: don't share with blue

---
 lass/2configs/sync/weechat.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/2configs/sync/weechat.nix b/lass/2configs/sync/weechat.nix
index ccbfc75a1..7970f3081 100644
--- a/lass/2configs/sync/weechat.nix
+++ b/lass/2configs/sync/weechat.nix
@@ -1,5 +1,5 @@
 {
-  services.syncthing.declarative.folders."/home/lass/.weechat".devices = [ "blue" "green" "mors" ];
+  services.syncthing.declarative.folders."/home/lass/.weechat".devices = [ "green" "mors" ];
   krebs.permown."/home/lass/.weechat" = {
     owner = "lass";
     group = "syncthing";

From c7b7e4b22f4569a666b532a65701a726b3d39706 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 18:36:57 +0100
Subject: [PATCH 114/120] nixpkgs: 0cfd08f -> a058d00

---
 krebs/nixpkgs.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 9c450582c..97afb10f8 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
 {
   "url": "https://github.com/NixOS/nixpkgs",
-  "rev": "0cfd08f4881bbfdaa57e68835b923d4290588d98",
-  "date": "2021-01-08T17:43:56+01:00",
-  "path": "/nix/store/c3rhsa326ylk4hm146nmfrfmxcpqflyb-nixpkgs",
-  "sha256": "1srd9p37jmrsxgvrxvlibmscphz5p42244285yc5piacvrz1rdcc",
+  "rev": "a058d005b3cbb370bf171ebce01839dd6ff52222",
+  "date": "2021-01-23T17:41:51-05:00",
+  "path": "/nix/store/6ps307ghgrp10q3mwgw4lq143pmz0h25-nixpkgs",
+  "sha256": "154mpqw0ya31hzgz9hggg1rb26yx8d00rsj9l90ndsdldrssgvbb",
   "fetchSubmodules": false,
   "deepClone": false,
   "leaveDotGit": false

From b4e00e705f0b2d9a3e3899928e579dc87f769da7 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 18:37:21 +0100
Subject: [PATCH 115/120] nixpkgs-unstable: f211631 -> f217c0e

---
 krebs/nixpkgs-unstable.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index e478709b8..321fafac6 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
 {
   "url": "https://github.com/NixOS/nixpkgs",
-  "rev": "f211631c1cb3e94828c7650b5d12c1e5a89e0e16",
-  "date": "2021-01-07T19:50:35+02:00",
-  "path": "/nix/store/2zymxp9iq6xvxy5wjc411iws2kk3c8z4-nixpkgs",
-  "sha256": "0r085j42991qcbzx4l0hnwlsxw016y4b7r821s4qxvqnvwr9lxar",
+  "rev": "f217c0ea7c148ddc0103347051555c7c252dcafb",
+  "date": "2021-01-21T09:50:34+01:00",
+  "path": "/nix/store/8srlzkkvbvlg4g585g9iyzd3ryiilm8a-nixpkgs",
+  "sha256": "0cyksxg2lnzxd0pss09rmmk2c2axz0lf9wvgvfng59nwf8dpq2kf",
   "fetchSubmodules": false,
   "deepClone": false,
   "leaveDotGit": false

From 71206dc6a2852dd69664e85aa6dcb49676ec1f6e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Jan 2021 19:54:40 +0100
Subject: [PATCH 116/120] l archprism.r: RIP

---
 lass/1systems/archprism/config.nix   | 54 -------------------
 lass/1systems/archprism/physical.nix | 77 ----------------------------
 2 files changed, 131 deletions(-)
 delete mode 100644 lass/1systems/archprism/config.nix
 delete mode 100644 lass/1systems/archprism/physical.nix

diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix
deleted file mode 100644
index 0a2ab1611..000000000
--- a/lass/1systems/archprism/config.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-{
-  imports = [
-    <stockholm/lass>
-    <stockholm/lass/2configs/retiolum.nix>
-    <stockholm/lass/2configs/libvirt.nix>
-    { # TODO make new hfos.nix out of this vv
-      boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
-      users.users.riot = {
-        uid = genid_uint31 "riot";
-        isNormalUser = true;
-        extraGroups = [ "libvirtd" ];
-        openssh.authorizedKeys.keys = [
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
-        ];
-      };
-
-      # TODO write function for proxy_pass (ssl/nonssl)
-
-      krebs.iptables.tables.filter.FORWARD.rules = [
-        { v6 = false; precedence = 1000; predicate = "-d 192.168.122.179"; target = "ACCEPT"; }
-      ];
-      krebs.iptables.tables.nat.PREROUTING.rules = [
-        { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; }
-      ];
-    }
-    <stockholm/lass/2configs/container-networking.nix>
-    {
-      services.taskserver = {
-        enable = true;
-        fqdn = "lassul.us";
-        listenHost = "::";
-        listenPort = 53589;
-        organisations.lass.users = [ "lass" "android" ];
-      };
-      krebs.iptables.tables.filter.INPUT.rules = [
-        { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
-      ];
-    }
-    {
-      krebs.iptables.tables.filter.INPUT.rules = [
-        { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
-      ];
-    }
-  ];
-
-  krebs.build.host = config.krebs.hosts.archprism;
-  services.earlyoom = {
-    enable = true;
-    freeMemThreshold = 5;
-  };
-}
diff --git a/lass/1systems/archprism/physical.nix b/lass/1systems/archprism/physical.nix
deleted file mode 100644
index 36de7dc17..000000000
--- a/lass/1systems/archprism/physical.nix
+++ /dev/null
@@ -1,77 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
-  imports = [
-    ./config.nix
-    {
-      boot.kernelParams = [ "net.ifnames=0" ];
-      networking = {
-        defaultGateway = "46.4.114.225";
-        # Use google's public DNS server
-        nameservers = [ "8.8.8.8" ];
-        interfaces.eth0 = {
-          ipAddress = "46.4.114.247";
-          prefixLength = 27;
-        };
-      };
-      # TODO use this network config
-      networking.interfaces.eth0.ipv4.addresses = [
-        {
-          address = config.krebs.build.host.nets.internet.ip4.addr;
-          prefixLength = 27;
-        }
-        {
-          address = "46.4.114.243";
-          prefixLength = 27;
-        }
-      ];
-      #networking.defaultGateway = "46.4.114.225";
-      #networking.nameservers = [
-      #  "8.8.8.8"
-      #];
-      #services.udev.extraRules = ''
-      #  SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
-      #'';
-    }
-    {
-      imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
-
-      networking.hostId = "fb4173ea";
-      boot.loader.grub = {
-        devices = [
-          "/dev/sda"
-          "/dev/sdb"
-        ];
-        splashImage = null;
-      };
-
-      boot.initrd.availableKernelModules = [
-        "ata_piix"
-        "vmw_pvscsi"
-        "ahci" "sd_mod"
-      ];
-
-      boot.kernelModules = [ "kvm-intel" ];
-
-      sound.enable = false;
-      nixpkgs.config.allowUnfree = true;
-      time.timeZone = "Europe/Berlin";
-
-      fileSystems."/" = {
-        device = "rpool/root/nixos";
-        fsType = "zfs";
-      };
-
-      fileSystems."/home" = {
-        device = "rpool/home";
-        fsType = "zfs";
-      };
-
-      fileSystems."/boot" = {
-        device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d";
-        fsType = "ext4";
-      };
-
-    }
-  ];
-
-}

From d53f554e82ffc29c3636b06bc7e99bedc22275ee Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 25 Jan 2021 18:26:20 +0100
Subject: [PATCH 117/120] brockman.r: move alias to news.r

---
 krebs/3modules/krebs/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 4a1b56084..8c164cfe3 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -99,6 +99,7 @@ in {
           ip4.addr = "10.243.0.5";
           aliases = [
             "news.r"
+            "brockman.r"
             "go.r"
             "rss.r"
           ];
@@ -159,7 +160,6 @@ in {
           ip4.addr = "10.243.77.2";
           aliases = [
             "puyak.r"
-            "brockman.r"
             "build.puyak.r"
             "cgit.puyak.r"
           ];

From a8ecbcb2ca69af55de57264e56b19e3ae868c3d9 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 25 Jan 2021 18:48:05 +0100
Subject: [PATCH 118/120] news.r: use bindfs correctly, allow nginx in brockman
 dir

---
 krebs/1systems/news/config.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix
index e4059e579..5c4b37aef 100644
--- a/krebs/1systems/news/config.nix
+++ b/krebs/1systems/news/config.nix
@@ -21,14 +21,14 @@
     "/var/lib/htgen-go" = {
       source = "/var/state/htgen-go";
       options = [
-        "-M ${toString config.users.users.htgen-go.uid}"
+        "-m ${toString config.users.users.htgen-go.uid}"
       ];
       clearTarget = true;
     };
     "/var/lib/brockman" = {
       source = "/var/state/brockman";
       options = [
-        "-M ${toString config.users.users.brockman.uid}"
+        "-m ${toString config.users.users.brockman.uid}:${toString config.users.users.nginx.uid}"
       ];
       clearTarget = true;
     };

From 39a3ee04294ea280851596742ca2b8c1706b834f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 25 Jan 2021 18:48:29 +0100
Subject: [PATCH 119/120] news: serve state also under news.r

---
 krebs/2configs/news.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index a492b0782..5513d1dd4 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -12,6 +12,9 @@
       ];
     };
     "brockman.r" = {
+      serverAliases = [
+        "news.r"
+      ];
       locations."/".extraConfig = ''
         root /var/lib/brockman;
         index brockman.json;

From a2ca5f2e214be259fdb0f9ea92b79d74e6216a51 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 26 Jan 2021 12:03:24 +0100
Subject: [PATCH 120/120] news: add reaktor with helper commands

---
 krebs/2configs/news.nix | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 5513d1dd4..3bf991433 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -60,25 +60,46 @@
           hooks.PRIVMSG = [
             {
               activate = "match";
-              pattern = "^(?:.*\\s)?\\s*brockman-helper:\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$";
+              pattern = "^brockman-helper:\\s*(\\S*)(?:\\s+(.*\\S))?\\s*$";
               command = 1;
               arguments = [2];
               commands = {
-                add-telegram.filename = pkgs.writeDash "add-telegram" ''
+                add-reddit.filename = pkgs.writeDash "add-reddit" ''
+                  set -euf
                   if [ "$#" -ne 1 ]; then
-                    echo 'usage: brockman-helper: add-telegram $telegramname'
-                    echo "$#"
+                    echo 'usage: brockman-helper: add-reddit $reddit_channel'
                     exit 1
                   fi
-                  echo "brockman: add t_$1 http://rss.r/?action=display&bridge=Telegram&username=$1&format=Mrss"
+                  reddit_channel=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
+                  echo "brockman: add r_$reddit_channel http://rss.r/?action=display&bridge=Telegram&username=$reddit_channel&format=Mrss"
+                '';
+                add-telegram.filename = pkgs.writeDash "add-telegram" ''
+                  set -euf
+                  if [ "$#" -ne 1 ]; then
+                    echo 'usage: brockman-helper: add-telegram $telegram_user'
+                    exit 1
+                  fi
+                  telegram_user=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
+                  echo "brockman: add t_$telegram_user http://rss.r/?action=display&bridge=Telegram&username=$telegram_user&format=Mrss"
+                '';
+                add-youtube.filename = pkgs.writeDash "add-youtube" ''
+                  set -euf
+                  if [ "$#" -ne 1 ]; then
+                    echo 'usage: brockman-helper: add-youtube $nick $channelid'
+                    exit 1
+                  fi
+                  youtube_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
+                  youtube_id=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][1]')
+                  echo "brockman: add yt_$youtube_nick http://rss.r/?action=display&bridge=Youtube&context=By+channel+id&c=$youtube_id&duration_min=&duration_max=&format=Mrss"
                 '';
                 search.filename = pkgs.writeDash "search" ''
+                  set -euf
                   if [ "$#" -ne 1 ]; then
                     echo 'usage: brockman-helper: search $searchterm'
-                    echo "$#"
                     exit 1
                   fi
-                  ${pkgs.curl}/bin/curl -Ss "https://feedsearch.dev/api/v1/search?url=$1&info=true&favicon=false" |
+                  searchterm=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
+                  ${pkgs.curl}/bin/curl -Ss "https://feedsearch.dev/api/v1/search?url=$searchterm&info=true&favicon=false" |
                     ${pkgs.jq}/bin/jq '.[].url'
                 '';
               };