Merge remote-tracking branch 'ni/master'

2022-12-12 16:45:39 +01:00 · 2022-12-12 16:45:39 +01:00 · 1775e86752
commit 1775e86752
parent ea72339343 54ddded30d
119 changed files with 531 additions and 366 deletions
--- a/kartei/kmein/default.nix
+++ b/kartei/kmein/default.nix
@ -82,6 +82,8 @@ in
          "makanek.r"
          "makanek.kmein.r"
          "grafana.kmein.r"
          "alertmanager.kmein.r"
          "prometheus.kmein.r"
          "names.kmein.r"
          "graph.r"
          "rrm.r"
--- a/kartei/krebs/default.nix
+++ b/kartei/krebs/default.nix
@ -165,12 +165,20 @@ in {
    ponte = {
      cores = 1;
      owner = config.krebs.users.krebs;
      extraZones = {
        "krebsco.de" = /* bindzone */ ''
          krebsco.de. 60 IN A ${config.krebs.hosts.ponte.nets.internet.ip4.addr}
        '';
      };
      nets = rec {
        internet = {
-          ip4 = {
+          ip4 = rec {
            addr = "141.147.36.79";
-            prefix = "0.0.0.0/0";
+            prefix = "${addr}/32";
          };
          aliases = [
            "ponte.i"
          ];
        };
        retiolum = {
          via = internet;
--- a/kartei/tv/default.nix
+++ b/kartei/tv/default.nix
@ -198,6 +198,7 @@ in {
          aliases = [
            "ni.r"
            "cgit.ni.r"
            "krebs.ni.r"
            "search.ni.r"
          ];
          tinc.pubkey = ''
@ -319,7 +320,6 @@ in {
          aliases = [
            "xu.r"
            "cgit.xu.r"
            "krebs.xu.r"
          ];
          tinc.pubkey = ''
            -----BEGIN RSA PUBLIC KEY-----
@ -369,7 +369,7 @@ in {
    "http://cgit.krebsco.de" = {
      desc = "Git repositories";
    };
-    "http://krebs.xu.r" = {
+    "http://krebs.ni.r" = {
      desc = "krebs-pages mirror";
    };
  };
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@ -22,6 +22,7 @@
  krebs.build.host = config.krebs.hosts.hotdog;
  krebs.github-hosts-sync.enable = true;
  krebs.pages.enable = true;
  boot.isContainer = true;
  networking.useDHCP = false;
--- a/krebs/1systems/ponte/config.nix
+++ b/krebs/1systems/ponte/config.nix
@ -7,5 +7,31 @@
    <stockholm/krebs/2configs/matterbridge.nix>
  ];
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  networking.firewall.logRefusedConnections = false;
  networking.firewall.logRefusedUnicastsOnly = false;
  # Move Internet-facing SSH port to reduce logspam.
  networking.firewall.extraCommands = let
    host = config.krebs.build.host;
  in /* sh */ ''
    iptables -t nat -A OUTPUT -o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22
    iptables -t nat -A PREROUTING -p tcp --dport 11423 -j REDIRECT --to-ports 22
    iptables -t nat -A PREROUTING -d ${host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT
    iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 0
    ip6tables -t nat -A OUTPUT -o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22
    ip6tables -t nat -A PREROUTING -p tcp --dport 11423 -j REDIRECT --to-ports 22
    ip6tables -t nat -A PREROUTING -d ${host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT
    ip6tables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 0
  '';
  krebs.build.host = config.krebs.hosts.ponte;
  krebs.pages.enable = true;
  krebs.pages.nginx.addSSL = true;
  krebs.pages.nginx.enableACME = true;
  security.acme.acceptTerms = true;
  security.acme.certs.${config.krebs.pages.domain}.email = "spam@krebsco.de";
 }
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@ -34,6 +34,7 @@ let
      ./iptables.nix
      ./kapacitor.nix
      ./konsens.nix
      ./krebs-pages.nix
      ./monit.nix
      ./nixpkgs.nix
      ./on-failure.nix
@ -83,10 +84,6 @@ let
          @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400)
                                IN NS     ns19.ovh.net.
                                IN NS     dns19.ovh.net.
                                IN A      185.199.108.153
                                IN A      185.199.109.153
                                IN A      185.199.110.153
                                IN A      185.199.111.153
        '';
      };
    };
--- a/krebs/3modules/krebs-pages.nix
+++ b/krebs/3modules/krebs-pages.nix
@ -0,0 +1,44 @@
 { config, modulesPath, pkgs, ... }: let
  cfg = config.krebs.pages;
  lib = import ../../lib;
  extraTypes.nginx-vhost = lib.types.submodule (
    lib.recursiveUpdate
      (import (modulesPath + "/services/web-servers/nginx/vhost-options.nix")
              { inherit config lib; })
      {}
  );
 in {
  options.krebs.pages = {
    enable = lib.mkEnableOption "krebs-pages";
    domain = lib.mkOption {
      type = lib.types.hostname;
      default = "krebsco.de";
    };
    nginx = lib.mkOption {
      type = extraTypes.nginx-vhost;
      default = {};
      example = lib.literalExpression /* nix */ ''
        {
          # To enable encryption and let let's encrypt take care of certificate
          enableACME = true;
          forceSSL = true;
        }
      '';
      description = lib.mkDoc ''
        With this option, you can customize the nginx virtualHost settings.
      '';
    };
    package = lib.mkOption {
      type = lib.types.package;
      default = pkgs.krebs-pages;
    };
  };
  config = lib.mkIf cfg.enable {
    services.nginx = {
      enable = lib.mkDefault true;
      virtualHosts.${cfg.domain} = lib.mkMerge [ cfg.nginx {
        root = lib.mkForce cfg.package;
      }];
    };
  };
 }
--- a/krebs/5pkgs/simple/krebs-pages/fixtures/index.html
+++ b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html
@ -24,19 +24,10 @@
  }
 </script>
 <body>
-  <p>
+  <p><a href='https://cgit.krebsco.de/krops/about/'>krops</a></p>
-    <a href="http://krebscode.github.io/minikrebs/linuxtag">
+  <p><a href='https://github.com/krebs/cholerab/blob/master/thesauron.adoc'>Thesauron</a></p>
-      Linuxtag Heckenkrebs Presentation
+  <p><a href='https://nixos.wiki/'>Project: The new NixOS wiki</a></p>
-    </a>
+  <p><a target="_blank" href="https://www.amazon.de/?&_encoding=UTF8&tag=krebscode06-21&linkCode=ur2&linkId=d4430b368b8aceeca92101cd4a4cdd1d&camp=1638&creative=6742">Go through this amazon affiliate link and generate krebsgold</a><img src="//ir-de.amazon-adsystem.com/e/ir?t=krebscode06-21&l=ur2&o=3" width="1" height="1" border="0" alt="" style="border:none !important; margin:0px !important;" /></p>
-  </p>
+  <p>  <a href="https://s.click.aliexpress.com/e/_A5luNt" target="_parent">Go through this aliexpress affiliate link and generate krebsgold</a></p>
-  <p>
+
    <a href="http://krebscode.github.io/writeups">
      CTF Writeups
    </a>
  </p>
  <p>
    <a href="thesauron.html">
      Thesauron
    </a>
  </p>
 </body>
--- a/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html
+++ b/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html
@ -1,133 +0,0 @@
 <p>Cholerab n.
 [de]
 - Kunstwort aus Kollaboration und Cholera. Beschreibt den Zustand, dass
 Zusammenarbeit niemals gut, einfach und ohne Schmerzen funktioniert.
 - Teamwork-Plattform für Krebscode.</p>
 <p>eigentlich adv.
 [de]
 - Hinweis darauf, dass der Inhalt eines Satzes eine Soll-Realität beschreibt,
 die nicht der Fall ist.
 Antonym: tatsaechlich</p>
 <p>ghost n.
 [de]
 - Host im Darknet welcher evtl. irgendwie noch da ist (als dd image auf anderen
 Festplatten) aber wohl nie wieder kommen wird.
 Siehe: Wiederbelebung</p>
 <p>KD;RP abbr. (pronounciation: kah-derp)
 [en]
 - Short for Krebs Darknet / Retiolum Prefix.</p>
 <p>krebs
 [de]
 - krebs ist ein soziales Experiment, eine Organisation, das zweit aelteste
 Softwareprojekt im Shack und viel verteilte infrastruktur.</p>
 <p>kremium
 [en]
 - coinage derived from the words premium and krebs
 see: broken
 usage: Reaktor ircbot has unfixed broken behavior since ever-&gt;&#8220;Kremium Software&#8221;</p>
 <p>KRI abbr. (pronounciation: [en] cry)
 [en]
 - Short for Krebs Request for Implementation.
 Derived from Scheme Requests for Implementation (SRFI).</p>
 <p>litterate programming n.
 [en]
 - any code that has not been proved mathematically.</p>
 <p>Nahziel n.
 [de]
 - Ziel mit höchst möglicher Priorität.</p>
 <p>Nahzielerfahrung n.
 [de]
 - das Erlebnis der (endgültigen) Nichterreichung eines Nahziels (obwohl
 nur noch wenig ((quasi-) infinitesimal viel) nötig gewesen wäre).</p>
 <p>parentheses of fear
 [en]
 - unnecessary parentheses, usually used when order of precedence is unknown.
 - Examples: 1 + (2 * 3)</p>
 <p>Protip n.
 [en]
 - (Probably vague) description how a task can be solved.
 - Antonym: Spoiler
 - Example:
 - To defeat the Cyberdaemon, shoot at it until it dies.
 - RTFM</p>
 <p>Punching Lemma n.
 [de]
 - Sozialer Druck zur Aufrechterhaltung der Ordnung in dem sozialen Geflaecht
 von Krebs</p>
 <p>ref, n.
 [en]
 - A reference like an URI, ISBN, name of a person, etc.</p>
 <p>reftrace, n.
 [en]
 - A stacktrace-like representation of refs that lead to some (any kind of)
 conclusion. Usually generated by a human. The conclusion can be either on
 the top or on the bottom of the stack. If the order is ambiguous, then it
 should be communicated explicitly.
 - Example: (conclusion first)
 - http://en.wikipedia.org/wiki/Stack_trace
 - google &#8220;stacktrace&#8221; (first entry / 2014&#8211;12&#8211;05T12:13:58Z)
 - think about some example [this could be omitted, as it&#8217;s obvious&#8230;]</p>
 <p>Retiolum n.
 [en]
 - The official darknet of Krebs which utilizes the Retiolum Prefix to
 address individual nodes.</p>
 <p>Retiolum Prefix n.
 [en]
 - The universally accepted IPv6-prefix, 42::/16. Anyone can has a
 /128-subnet and, if require, anything larger.</p>
 <p>Retiolum Realtime Map n.
 [en]
 - The network map of the public visible part of Retiolum.</p>
 <p>RRM [abbr.][en]
 - Short for Retiolum Retiolum Map.</p>
 <p>Sanatorium n.
 [en]
 - The Krebs Control and Command Center.
 - An Retiolum-based IRC-channel where all Reaktor-enabled nodes gather
 and lurk for relevant input.</p>
 <p>Spoiler n.
 [en]
 - A subset of walkthrough, i.e. any individual steps may be omitted.
 - Antonym: Protip</p>
 <p>tatsaechlich, adv.
 [de]
 - Hinweis darauf, dass der Inhalt eines Satzes exakt der Realität entspricht.
 Antonym: eigentlich</p>
 <p>Verkrebsung n.
 [de]
 - Synonym fuer die Installation von Krebs (oder eine einzelnen Krebs
 Komponente) auf einem beliebigem System.</p>
 <p>Walkthrough n.
 [en]
 - Description of the individual steps to complete a task.
 - Examples:
 - program code
 - small-step semantics</p>
 <p>Wiederbelebung n.
 [de]
 - Ein ghost wird im Darknet wieder erreichbar
 Siehe: ghost</p>
--- a/krebs/5pkgs/simple/ukrepl.nix
+++ b/krebs/5pkgs/simple/ukrepl.nix
@ -0,0 +1,11 @@
 { lib, pkgs,stdenv }:
 let 
  src = pkgs.fetchFromGitHub {
    owner = "makefu";
    repo = "ukrepl";
    rev = "0baa5cc4d5c3c17af704b69a800dd1f520ded8e3";
    hash = "sha256:1lnhkf02f18fvf3l2fcszvs4x115lql17akabd5ph9ff9z33k8rv";
  };
 in
  pkgs.writers.writePython3Bin "ukrepl" {} (builtins.readFile (src + "/ukrepl"))
--- a/lib/default.nix
+++ b/lib/default.nix
@ -95,9 +95,12 @@ let
            path = dirPath + "/${relPath}";
          in
            nameValuePair (toPackageName name) (f path))
-          (filter
+          (attrNames
-            (name: name != "default.nix" && !hasPrefix "." name)
+            (filterAttrs isNixDirEntry (readDir dirPath))));
-            (attrNames (readDir dirPath))));
+
    isNixDirEntry = name: type:
      (type == "regular" && hasSuffix ".nix" name && name != "default.nix") ||
      (type == "directory" && !hasPrefix "." name);
    # https://tools.ietf.org/html/rfc5952
    normalize-ip6-addr =
@ -191,3 +194,4 @@ let
 in
 lib
 // { inherit lib; }
--- a/makefu/2configs/gui/look-up.nix
+++ b/makefu/2configs/gui/look-up.nix
@ -0,0 +1,13 @@
 {
  systemd.services.look-up = {
    startAt = "*:30";
    serviceConfig = {
      ExecStart= pkgs.writeDash "look-up" ''
        set -x
        eval "export '$(egrep -z DBUS_SESSION_BUS_ADDRESS /proc/$(${pkgs.procps}/bin/pgrep -u ${user} ${window-manager})/environ)'"
        ${pkgs.libnotify}/bin/notify-send -u critical -t 9999999 'look up once in a while'
      '';
      User = user;
    };
  };
 }
--- a/makefu/2configs/home/ham/automation/fenster_auf.nix
+++ b/makefu/2configs/home/ham/automation/fenster_auf.nix
@ -88,7 +88,7 @@ in {
      duschfenster_lang_offen.name = "Duschfenster lange offen";
      ist_sommer = {
        name = "Es ist Sommer";
-        initial = true; # TODO
+        initial = false; # TODO
      };
    };
--- a/makefu/2configs/home/ham/automation/shutdown_button.nix
+++ b/makefu/2configs/home/ham/automation/shutdown_button.nix
@ -47,6 +47,9 @@ in {
        { service = "media_player.media_stop";
          target.entity_id = all_media_player;
        }
        { service = "script.turn_on";
          target.entity_id = "script.alle_heizungen_aus";
        }
      ];
    }
  ];
--- a/makefu/2configs/home/ham/default.nix
+++ b/makefu/2configs/home/ham/default.nix
@ -18,6 +18,7 @@ in {
    # ./multi/flurlicht.nix
    ./multi/kurzzeitwecker.nix
    ./multi/the_playlist.nix
    ./multi/heizung.nix
    # ./multi/fliegen-couter.nix
    ./device_tracker/openwrt.nix
@ -192,5 +193,10 @@ in {
    configDir = hassdir;
  };
  krebs.secret.files."hass-secrets" = {
    source-path = toString <secrets> + "/hass/secrets.yaml";
    path = "/var/lib/hass/secrets.yaml";
    owner.name = "hass";
  };
  state = [ "/var/lib/hass/known_devices.yaml" ];
 }
--- a/makefu/2configs/home/ham/multi/heizung.nix
+++ b/makefu/2configs/home/ham/multi/heizung.nix
@ -0,0 +1,11 @@
 {
  services.home-assistant.config =
    {
      # 18 Grad
      script.alle_heizungen_aus.sequence = [{
        service = "climate.set_temperature";
        target.entity_id = [ "climate.wohnzimmer_heizung" ];
        data.temperature = "18.0";
      }];
    };
 }
--- a/makefu/2configs/home/ham/sensor/dwd.nix
+++ b/makefu/2configs/home/ham/sensor/dwd.nix
@ -4,5 +4,7 @@
      { platform = "dwd_weather_warnings";
        region_name = "Stadt Stuttgart";
      }
      { platform = "nina";
      }
  ];
 }
--- a/makefu/2configs/home/ham/sensor/outside.nix
+++ b/makefu/2configs/home/ham/sensor/outside.nix
@ -4,8 +4,7 @@
  services.home-assistant.config.sensor =
  [
    { platform = "darksky";
-      api_key = lib.removeSuffix "\n"
+      api_key = "!secret darksky";
        (builtins.readFile <secrets/hass/darksky.apikey>);
      language = "de";
      monitored_conditions = [
        "summary" "icon"
@ -21,5 +20,11 @@
      units =  "si" ;
      scan_interval = "00:30:00";
    }
    {
      platform = "open_meteo";
    }
    {
      platform = "met";
    }
  ];
 }
--- a/makefu/2configs/main-laptop.nix
+++ b/makefu/2configs/main-laptop.nix
@ -12,6 +12,7 @@ let
 in {
  imports = [
    ./gui/base.nix
    ./gui/look-up.nix
    ./fetchWallpaper.nix
    ./zsh-user.nix
    ./tools/core.nix
@ -72,15 +73,4 @@ in {
  location.latitude = 48.7;
  location.longitude = 9.1;
  systemd.services.look-up = {
    startAt = "*:30";
    serviceConfig = {
      ExecStart= pkgs.writeDash "look-up" ''
        set -x
        eval "export '$(egrep -z DBUS_SESSION_BUS_ADDRESS /proc/$(${pkgs.procps}/bin/pgrep -u ${user} ${window-manager})/environ)'"
        ${pkgs.libnotify}/bin/notify-send -u critical -t 9999999 'look up once in a while'
      '';
      User = user;
    };
  };
 }
--- a/makefu/5pkgs/airsensor-py/default.nix
+++ b/makefu/5pkgs/airsensor-py/default.nix
@ -2,7 +2,7 @@
 with pkgs.python3Packages;
 buildPythonApplication rec {
    name = "airsensor-py-${version}";
-    version = "2017-12-05";
+    version = "1.0.0";
    propagatedBuildInputs = [
      pyusb
      click
@ -11,7 +11,7 @@ buildPythonApplication rec {
    src = fetchFromGitHub {
      owner = "makefu";
      repo = "airsensor-py";
-      rev = "7ac5f185dc848fca1b556e4c0396dd73f6a93995";
+      rev = "1.0.0";
-      sha256 = "0387b025y8kb0zml7916p70hmzc3y18kqh46b9xv5qayljxymq2w";
+      sha256 = "1jpvvl965bg3ymvr58c433jyy0smczn65fnqsskxn7basznii5g8";
    };
 }
--- a/submodules/nix-writers
+++ b/submodules/nix-writers
@ -1 +1 @@
-Subproject commit f65c77bdcc58be2081a0ffbda849289c5191b5e8
+Subproject commit 0c8de150426476b5287cf2787bbd85263691a802
--- a/tv/1systems/alnus/config.nix
+++ b/tv/1systems/alnus/config.nix
@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: {
  imports = [
    <stockholm/tv>
    <stockholm/tv/2configs/hw/x220.nix>
--- a/tv/1systems/alnus/lib
+++ b/tv/1systems/alnus/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/1systems/au/lib
+++ b/tv/1systems/au/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/1systems/bu/config.nix
+++ b/tv/1systems/bu/config.nix
@ -1,7 +1,5 @@
-{ config, pkgs, ... }: let
+with import ./lib;
-  lib = import ../../../lib;
+{ config, pkgs, ... }: {
 in {
  imports = [
    ./disks.nix
    <stockholm/tv>
--- a/tv/1systems/bu/lib
+++ b/tv/1systems/bu/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/1systems/lib
+++ b/tv/1systems/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/1systems/mu/config.nix
+++ b/tv/1systems/mu/config.nix
@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: {
  imports = [
    <stockholm/tv>
    <stockholm/tv/2configs/br.nix>
--- a/tv/1systems/mu/lib
+++ b/tv/1systems/mu/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/1systems/nomic/config.nix
+++ b/tv/1systems/nomic/config.nix
@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: {
  krebs.build.host = config.krebs.hosts.nomic;
  imports = [
--- a/tv/1systems/nomic/lib
+++ b/tv/1systems/nomic/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/1systems/querel/config.nix
+++ b/tv/1systems/querel/config.nix
@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: {
  imports = [
    <stockholm/tv>
    <stockholm/tv/2configs/retiolum.nix>
--- a/tv/1systems/querel/lib
+++ b/tv/1systems/querel/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/1systems/wu/config.nix
+++ b/tv/1systems/wu/config.nix
@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ../lib;
 { config, pkgs, ... }: {
  krebs.build.host = config.krebs.hosts.wu;
  imports = [
--- a/tv/1systems/wu/lib
+++ b/tv/1systems/wu/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/1systems/xu/config.nix
+++ b/tv/1systems/xu/config.nix
@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: {
  krebs.build.host = config.krebs.hosts.xu;
  imports = [
--- a/tv/1systems/xu/lib
+++ b/tv/1systems/xu/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/1systems/zu/config.nix
+++ b/tv/1systems/zu/config.nix
@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: {
  krebs.build.host = config.krebs.hosts.zu;
  imports = [
--- a/tv/2configs/backup.nix
+++ b/tv/2configs/backup.nix
@ -1,6 +1,5 @@
-{ config, lib, ... }:
+with import ./lib;
-with import <stockholm/lib>;
+{ config, pkgs, ... }: {
 {
  krebs.backup.plans = {
  } // mapAttrs (_: recursiveUpdate {
    snapshots = {
--- a/tv/2configs/bash/default.nix
+++ b/tv/2configs/bash/default.nix
@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
+with import ./lib;
-
+{ config, pkgs, ... }: {
 with import <stockholm/lib>;
 {
  programs.bash = {
    interactiveShellInit = /* sh */ ''
      HISTCONTROL='erasedups:ignorespace'
@ -17,8 +14,20 @@ with import <stockholm/lib>;
      case $UID in
        ${shell.escape (toString config.krebs.users.tv.uid)})
-          if test ''${SHLVL-1} = 1; then
+          if test ''${SHLVL-1} = 1 && test -n "''${DISPLAY-}"; then
-            case ''${XMONAD_SPAWN_WORKSPACE-} in
+            _CURRENT_DESKTOP_NAME=''${_CURRENT_DESKTOP_NAME-$(
              ${pkgs.xorg.xprop}/bin/xprop -notype -root \
                  32i _NET_CURRENT_DESKTOP \
                  8s _NET_DESKTOP_NAMES \
                |
              ${pkgs.gnused}/bin/sed -r 's/.* = //;s/"//g;s/, /\a/g' |
              {
                read -r _NET_CURRENT_DESKTOP
                IFS=$'\a' read -ra _NET_DESKTOP_NAMES
                echo "''${_NET_DESKTOP_NAMES[$_NET_CURRENT_DESKTOP]}"
              }
            )}
            case $_CURRENT_DESKTOP_NAME in
              stockholm)
                cd ~/stockholm
              ;;
--- a/tv/2configs/bash/lib
+++ b/tv/2configs/bash/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/2configs/binary-cache/default.nix
+++ b/tv/2configs/binary-cache/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }: with import <stockholm/lib>;
+{ config, lib, pkgs, ... }: with import ./lib;
 {
  environment.etc."binary-cache.pubkey".text =
    config.krebs.build.host.binary-cache.pubkey;
--- a/tv/2configs/binary-cache/lib
+++ b/tv/2configs/binary-cache/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/2configs/br.nix
+++ b/tv/2configs/br.nix
@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: {
  imports = [
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: {
  boot.tmpOnTmpfs = true;
  krebs.enable = true;
@ -38,7 +37,7 @@ with import <stockholm/lib>;
    {
      i18n.defaultLocale = mkDefault "C.UTF-8";
      security.sudo.extraConfig = ''
-        Defaults env_keep+="SSH_CLIENT XMONAD_SPAWN_WORKSPACE"
+        Defaults env_keep+="SSH_CLIENT _CURRENT_DESKTOP_NAME"
        Defaults mailto="${config.krebs.users.tv.mail}"
        Defaults !lecture
      '';
--- a/tv/2configs/exim-retiolum.nix
+++ b/tv/2configs/exim-retiolum.nix
@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
+with import ./lib;
-
+{ config, pkgs, ... }: {
 with import <stockholm/lib>;
 {
  environment.systemPackages = [
    pkgs.eximlog
  ];
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
+with import ./lib;
-
+{ config, pkgs, ... }: {
 with import <stockholm/lib>;
 {
  environment.systemPackages = [
    pkgs.eximlog
  ];
--- a/tv/2configs/gitconfig.nix
+++ b/tv/2configs/gitconfig.nix
@ -1,8 +1,5 @@
-{ config, pkgs, ... }:
+with import ./lib;
-
+{ config, pkgs, ... }: {
 with import <stockholm/lib>;
 {
  environment.etc.gitconfig.text = ''
    [alias]
      patch = !${pkgs.git}/bin/git --no-pager diff --no-color
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
+with import ./lib;
-
+{ config, pkgs, ... }: let {
 with import <stockholm/lib>;
 let {
  body = {
--- a/tv/2configs/htop.nix
+++ b/tv/2configs/htop.nix
@ -1,8 +1,5 @@
-{ pkgs, ... }:
+with import ./lib;
-
+{ pkgs, ... }: {
 with import <stockholm/lib>;
 {
  nixpkgs.config.packageOverrides = super: {
    htop = pkgs.symlinkJoin {
      name = "htop";
--- a/tv/2configs/hw/AO753.nix
+++ b/tv/2configs/hw/AO753.nix
@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
+with import ./lib;
-
+{ config, pkgs, ... }: {
 with import <stockholm/lib>;
 {
  imports = [
    ../smartd.nix
--- a/tv/2configs/hw/lib
+++ b/tv/2configs/hw/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/2configs/hw/w110er.nix
+++ b/tv/2configs/hw/w110er.nix
@ -1,6 +1,5 @@
-{ pkgs, ... }: let
+with import ./lib;
-  lib = import <stockholm/lib>;
+{ pkgs, ... }: {
 in {
  imports = [
    ../smartd.nix
    {
--- a/tv/2configs/hw/x220.nix
+++ b/tv/2configs/hw/x220.nix
@ -1,7 +1,5 @@
-{ config, pkgs, ... }: let
+with import ./lib;
-  lib = import <stockholm/lib>;
+{ config, pkgs, ... }: {
 in
 {
  imports = [
    ../smartd.nix
    {
--- a/tv/2configs/imgur.nix
+++ b/tv/2configs/imgur.nix
@ -1,6 +1,5 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: {
  services.nginx.virtualHosts."ni.r" = {
    locations."/image" = {
      extraConfig = /* nginx */ ''
--- a/tv/2configs/lib
+++ b/tv/2configs/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/2configs/nginx/default.nix
+++ b/tv/2configs/nginx/default.nix
@ -1,8 +1,5 @@
-{ config, lib, ... }:
+with import ./lib;
-
+{ config, ... }: {
 with import <stockholm/lib>;
 {
  services.nginx = {
    enableReload = true;
--- a/tv/2configs/nginx/krebs-pages.nix
+++ b/tv/2configs/nginx/krebs-pages.nix
@ -1,13 +0,0 @@
 { config, pkgs, ... }:
 {
  services.nginx = {
    virtualHosts.krebs-pages = {
      serverAliases = [
        "krebs.${config.krebs.build.host.name}.r"
      ];
      extraConfig = ''
        root ${pkgs.krebs-pages};
      '';
    };
  };
 }
--- a/tv/2configs/nginx/lib
+++ b/tv/2configs/nginx/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/2configs/nginx/public_html.nix
+++ b/tv/2configs/nginx/public_html.nix
@ -1,8 +1,5 @@
-{ config, lib, ... }:
+with import ./lib;
-
+{ config, ... }: {
 with import <stockholm/lib>;
 {
  services.nginx = {
    enable = true;
    virtualHosts.default = {
--- a/tv/2configs/pki/default.nix
+++ b/tv/2configs/pki/default.nix
@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: let
  certFile = config.environment.etc."ssl/certs/ca-certificates.crt".source;
--- a/tv/2configs/pki/lib
+++ b/tv/2configs/pki/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/2configs/ppp.nix
+++ b/tv/2configs/ppp.nix
@ -1,5 +1,5 @@
 with import ./lib;
 { config, pkgs, ... }: let
  lib = import <stockholm/lib>;
  cfg = {
    pin = "@${toString <secrets/o2.pin>}";
    ttys.ppp = "/dev/ttyACM0";
--- a/tv/2configs/pulse.nix
+++ b/tv/2configs/pulse.nix
@ -1,7 +1,5 @@
-{ config, lib, pkgs, ... }:
+with import ./lib;
-
+{ config, pkgs, ... }: let
 with import <stockholm/lib>;
 let
  pkg = pkgs.pulseaudio;
  runDir = "/run/pulse";
--- a/tv/2configs/repo-sync/lib
+++ b/tv/2configs/repo-sync/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/2configs/repo-sync/wiki.nix
+++ b/tv/2configs/repo-sync/wiki.nix
@ -1,6 +1,5 @@
-{ config, pkgs, ... }: let
+with import ./lib;
-  lib = import <stockholm/lib>;
+{ config, pkgs, ... }: {
 in {
  krebs.repo-sync.enable = true;
  krebs.repo-sync.repos.wiki.branches.hotdog = {
    origin.url = "http://cgit.hotdog.r/wiki";
--- a/tv/2configs/retiolum.nix
+++ b/tv/2configs/retiolum.nix
@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
+with import ./lib;
-
+{ config, pkgs, ... }: {
 with import <stockholm/lib>;
 {
  krebs.tinc.retiolum = {
    enable = true;
    connectTo = filter (ne config.krebs.build.host.name) [
--- a/tv/2configs/ssh.nix
+++ b/tv/2configs/ssh.nix
@ -1,8 +1,5 @@
-{ config, pkgs, ... }:
+with import ./lib;
-
+{ config, pkgs, ... }: {
 with import <stockholm/lib>;
 {
  # Override NixOS's "Allow DSA keys for now."
  environment.etc."ssh/ssh_config".text = mkForce ''
    AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
--- a/tv/2configs/sshd.nix
+++ b/tv/2configs/sshd.nix
@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, ... }: let
  cfg.host = config.krebs.build.host;
 in {
--- a/tv/2configs/urlwatch.nix
+++ b/tv/2configs/urlwatch.nix
@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: let
  exec = filename: args: url: {
    inherit url;
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@ -1,7 +1,5 @@
-{ config, lib, pkgs, ... }:
+with import ./lib;
-
+{ config, pkgs, ... }: let {
 with import <stockholm/lib>;
 let {
  body = {
    environment.systemPackages = [
      vim-wrapper
@ -79,6 +77,7 @@ let {
    set showmatch
    set timeoutlen=0
    set ttimeoutlen=0
    set ttymouse=sgr
    set undodir=${dirs.undodir}
    set undofile
    set undolevels=1000000
--- a/tv/2configs/xdg.nix
+++ b/tv/2configs/xdg.nix
@ -1,8 +1,5 @@
-{ config, lib, pkgs, ... }:
+with import ./lib;
-
+{ config, pkgs, ... }: {
 with import <stockholm/lib>;
 {
  environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME";
  systemd.tmpfiles.rules = let
--- a/tv/2configs/xp-332.nix
+++ b/tv/2configs/xp-332.nix
@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: {
  environment.etc."utsushi.conf".text = ''
--- a/tv/2configs/xserver/Xmodmap.nix
+++ b/tv/2configs/xserver/Xmodmap.nix
@ -1,6 +1,6 @@
 { config, pkgs, ... }:
-with import <stockholm/lib>;
+with import ./lib;
 pkgs.writeText "Xmodmap" ''
  !keycode 66 = Caps_Lock
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@ -1,6 +1,5 @@
-{ config, pkgs, ... }@args:
+with import ./lib;
-with import <stockholm/lib>;
+{ config, pkgs, ... }@args: let
 let
  cfg = {
    cacheDir = cfg.dataDir;
    configDir = "/var/empty";
--- a/tv/2configs/xserver/lib
+++ b/tv/2configs/xserver/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/2configs/xserver/sxiv.nix
+++ b/tv/2configs/xserver/sxiv.nix
@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: let
  cfg.user = config.krebs.build.user;
 in {
--- a/tv/2configs/xserver/urxvt.nix
+++ b/tv/2configs/xserver/urxvt.nix
@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: let
  cfg.user = config.krebs.build.user;
 in {
--- a/tv/2configs/xserver/xserver.conf.nix
+++ b/tv/2configs/xserver/xserver.conf.nix
@ -1,6 +1,5 @@
-{ config, lib, pkgs, ... }:
+with import ./lib;
-
+{ config, pkgs, ... }:
 with import <stockholm/lib>;
 let
  cfg = config.services.xserver;
--- a/tv/3modules/Xresources.nix
+++ b/tv/3modules/Xresources.nix
@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: let
  cfg = {
    enable = config.services.xserver.enable && config.tv.Xresources != {};
--- a/tv/3modules/charybdis/config.nix
+++ b/tv/3modules/charybdis/config.nix
@ -1,4 +1,4 @@
-{ config, ... }: with import <stockholm/lib>; let
+{ config, ... }: with import ./lib; let
  cfg = config.tv.charybdis;
 in toFile "charybdis.conf" ''
  /* doc/example.conf - brief example configuration file
--- a/tv/3modules/charybdis/default.nix
+++ b/tv/3modules/charybdis/default.nix
@ -1,4 +1,5 @@
-{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
+with import ./lib;
 { config, pkgs, ... }@args: let
  cfg = config.tv.charybdis;
 in {
  options.tv.charybdis = {
--- a/tv/3modules/charybdis/lib
+++ b/tv/3modules/charybdis/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/3modules/dnsmasq.nix
+++ b/tv/3modules/dnsmasq.nix
@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, ... }: let
  cfg = config.tv.dnsmasq;
 in {
--- a/tv/3modules/ejabberd/default.nix
+++ b/tv/3modules/ejabberd/default.nix
@ -1,5 +1,5 @@
-{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
+with import ./lib;
-
+{ config, pkgs, ... }: let
  cfg = config.tv.ejabberd;
  gen-dhparam = pkgs.writeDash "gen-dhparam" ''
--- a/tv/3modules/ejabberd/lib
+++ b/tv/3modules/ejabberd/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/3modules/focus.nix
+++ b/tv/3modules/focus.nix
@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
 {
  options.tv.focus.enable = mkEnableOption "tv.focus";
 }
--- a/tv/3modules/hosts.nix
+++ b/tv/3modules/hosts.nix
@ -1,8 +1,5 @@
-{ config, ... }:
+with import ./lib;
-
+{ config, ... }: {
 with import <stockholm/lib>;
 {
  options.tv.hosts = mkOption {
    type = types.attrsOf types.host;
    default =
--- a/tv/3modules/hw.nix
+++ b/tv/3modules/hw.nix
@ -1,5 +1,5 @@
 with import ./lib;
 let
  lib = import <stockholm/lib>;
  local.types.screen = lib.types.submodule {
    options.width = lib.mkOption {
      type = lib.types.uint;
--- a/tv/3modules/im.nix
+++ b/tv/3modules/im.nix
@ -1,6 +1,6 @@
 with import ./lib;
 { config, pkgs, ... }: let
  im = config.tv.im;
  lib = import <stockholm/lib>;
 in {
  options = {
    tv.im.client.enable = lib.mkEnableOption "tv.im.client" // {
--- a/tv/3modules/iptables.nix
+++ b/tv/3modules/iptables.nix
@ -1,7 +1,5 @@
-{ config, lib, pkgs, ... }:
+with import ./lib;
-
+{ config, pkgs, ... }: let {
 with import <stockholm/lib>;
 let {
  cfg = config.tv.iptables;
  body = {
--- a/tv/3modules/lib
+++ b/tv/3modules/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/3modules/org.freedesktop.machine1.host-shell.nix
+++ b/tv/3modules/org.freedesktop.machine1.host-shell.nix
@ -1,4 +1,5 @@
-{ config, ... }: let lib = import ../../lib; in {
+with import ./lib;
 { config, ... }: {
  options.org.freedesktop.machine1.host-shell.access = lib.mkOption {
    default = {};
    type =
--- a/tv/3modules/slock.nix
+++ b/tv/3modules/slock.nix
@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: let
  cfg = config.tv.slock;
 in {
--- a/tv/3modules/x0vncserver.nix
+++ b/tv/3modules/x0vncserver.nix
@ -1,8 +1,6 @@
-with import <stockholm/lib>;
+with import ./lib;
 { config, pkgs, ... }: let
  cfg = config.tv.x0vncserver;
 in {
  options.tv.x0vncserver = {
    display = mkOption {
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@ -1,4 +1,4 @@
-with import ../../lib;
+with import ./lib;
 let
  pushBack = x: xs:
    if elem x xs then
@ -14,7 +14,6 @@ fix
  (foldl' (flip extends) (_: super)
    (map
      (name: import (./. + "/${name}"))
-      (filter
+      (pushBack "override"
-        (name: name != "default.nix" && !hasPrefix "." name)
+        (attrNames
-        (pushBack "override"
+          (filterAttrs isNixDirEntry (readDir ./.))))))
          (attrNames (readDir ./.))))))
--- a/tv/5pkgs/haskell/default.nix
+++ b/tv/5pkgs/haskell/default.nix
@ -1,4 +1,4 @@
-with import <stockholm/lib>;
+with import ./lib;
 let
  overrides = self: super:
    mapNixDir (path: self.callPackage path {}) [
--- a/tv/5pkgs/haskell/lib
+++ b/tv/5pkgs/haskell/lib
@ -0,0 +1 @@
 ../lib
--- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs
+++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs
@ -118,13 +118,6 @@ spawnRootTerm =
        Nothing
 spawnTermAt :: String -> X ()
 spawnTermAt ws = do
    env <- io getEnvironment
    let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env
    forkFile {-pkg:rxvt_unicode-}"urxvtc" [] (Just env')
 myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ())
 myKeys conf = Map.fromList $
    [ ((_4  , xK_Escape ), forkFile {-pkg-}"slock" [] Nothing)
@ -133,7 +126,7 @@ myKeys conf = Map.fromList $
    , ((_4  , xK_o      ), forkFile {-pkg:fzmenu-}"otpmenu" [] Nothing)
    , ((_4  , xK_p      ), forkFile {-pkg:fzmenu-}"passmenu" [] Nothing)
-    , ((_4  , xK_x      ), chooseAction spawnTermAt)
+    , ((_4  , xK_x      ), forkFile {-pkg:rxvt_unicode-}"urxvtc" [] Nothing)
    , ((_4C , xK_x      ), spawnRootTerm)
    , ((_C  , xK_Menu   ), toggleWS)
--- a/tv/5pkgs/lib
+++ b/tv/5pkgs/lib
@ -0,0 +1 @@
 ../lib
--- a/Show More
+++ b/Show More
		`@ -1 +1 @@`
			`Subproject commit f65c77bdcc58be2081a0ffbda849289c5191b5e8`				`Subproject commit 0c8de150426476b5287cf2787bbd85263691a802`