Merge remote-tracking branch 'prism/master'

.gitmodules

@@ -1,3 +1,6 @@
 [submodule "submodules/nix-writers"]
 	path = submodules/nix-writers
 	url = http://cgit.krebsco.de/nix-writers
+[submodule "submodules/krops"]
+	path = submodules/krops
+	url = https://cgit.krebsco.de/krops

ci.nix

@@ -16,6 +16,6 @@ let
   ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
 
   build = host: owner:
-  ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";});
+  ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build/${host}";});
 
 in mapAttrs (n: h: build n h.owner.name) ci-systems

jeschli/1systems/bln/config.nix

@@ -1,173 +0,0 @@
-{ config, lib, pkgs, ... }:
-# bln config file
-{
-  imports = [
-    ./hardware-configuration.nix
-    <stockholm/jeschli>
-    <stockholm/jeschli/2configs/virtualbox.nix>
-    <stockholm/jeschli/2configs/urxvt.nix>
-    <stockholm/jeschli/2configs/emacs.nix>
-    <stockholm/jeschli/2configs/xdg.nix>
-    <stockholm/jeschli/2configs/xserver>
-#    <stockholm/jeschli/1systems/bln/dcso-vpn.nix>
-    <stockholm/jeschli/2configs/officevpn.nix>
-  ];
-
-#  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.efi.efiSysMountPoint = "/boot";
-  boot.loader.grub = {
-    devices = [ "nodev" ];
-    efiSupport = true;
-    enable = true;
-    extraEntries = ''
-      menuentry "Debian" {
-        insmod ext2
-        insmod chain
-        chainloader /EFI/debian/grubx64.efi
-      }
-    '';
-    version = 2;
-  };
-
-  jeschliFontSize = 20;
-
-  environment.shellAliases = {
-    n = "nix-shell";
-    gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
-    gh = "cd /home/markus/go/src/github.com";
-    stocki = pkgs.writeDash "deploy" ''
-      cd ~/stockholm
-      LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy  --system="bln"'
-    '';
-  };
-  networking.hostName = lib.mkForce "BLN02NB0232";
-  networking.networkmanager.enable = true;
-
-  # Set your time zone.
-  time.timeZone = "Europe/Berlin";
-
-  # Setup Packages
-  nixpkgs.config.allowUnfree = true;
-  environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
-  environment.systemPackages = with pkgs; [
-    termite
-  # system helper
-    ag
-    copyq
-    dmenu
-    git
-    tig
-    i3lock
-    keepass
-    networkmanagerapplet
-    rsync
-    terminator
-    tmux
-    wget
-    rxvt_unicode
-  # editors
-    emacs
-  # databases
-    sqlite
-  # internet
-    thunderbird
-    chromium
-    google-chrome
-  # programming languages
-    elmPackages.elm
-    go
-    gcc
-    ghc
-    python35
-    python35Packages.pip
-  # go tools
-    golint
-    gotools
-  # dev tools
-    gnumake
-    jetbrains.pycharm-professional
-    jetbrains.webstorm
-    jetbrains.goland
-    jetbrains.datagrip
-    texlive.combined.scheme-full
-    pandoc
-    redis
-    vagrant
-  # document viewer
-    zathura
-
-    samba
-  ];
-
-
-  programs.bash.enableCompletion = true;
-  programs.vim.defaultEditor = true;
-
-  services.openssh.enable = true;
-
-  # Enable CUPS to print documents.
-  services.printing.enable = true;
-  services.printing.drivers = [ pkgs.postscript-lexmark ];
-
-  services.redis.enable = true;
-
-  services.xserver = {
-
-    desktopManager.session = lib.mkForce [];
-
-    enable = true;
-    display = 11;
-    tty = 11;
-
-    dpi = 200;
-
-    videoDrivers = [ "nvidia" ];
-    synaptics = {
-      enable = false;
-    };
-
-  };
-
-
-  users.extraUsers.jeschli = {
-    isNormalUser = true;
-    extraGroups = ["docker" "vboxusers" "audio"];
-    uid = 1000;
-  };
-
-  system.stateVersion = "17.09";
-  # Gogland Debugger workaround
-  #  nixpkgs.config.packageOverrides = super: {
-  #    idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: {
-  #      postFixup = ''
-  #	interp="$(cat $NIX_CC/nix-support/dynamic-linker)"
-  #	patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
-  #        chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
-  #     '';
-  #    });
-  #  };
-
-  virtualisation.docker.enable = true;
-
-  # DCSO Certificates
-  security.pki.certificateFiles = [
-    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
-    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
-    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
-
-    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
-    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
-    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
-    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
-  ];
-
-
-  hardware.bluetooth.enable = true;
-  krebs.build.host = config.krebs.hosts.bln;
-
-  networking.interfaces.enp0s31f6.ipv4.addresses = [
-    { address = "10.99.23.2"; prefixLength = 24; }
-  ];
-
-}

jeschli/1systems/bln/dcso-vpn.nix

@@ -1,44 +0,0 @@
-with import <stockholm/lib>;
-{ ... }:
-
-{
-
-  users.extraUsers = {
-    dcsovpn = rec {
-      name = "dcsovpn";
-      uid = genid "dcsovpn";
-      description = "user for running dcso openvpn";
-      home = "/home/${name}";
-    };
-  };
-
-  users.extraGroups.dcsovpn.gid = genid "dcsovpn";
-
-  services.openvpn.servers = {
-    dcso = {
-      config = ''
-        client
-        dev tun
-        tun-mtu 1356
-        mssfix
-        proto udp
-        float
-        remote 217.111.55.41 1194
-        nobind
-        user dcsovpn
-        group dcsovpn
-        persist-key
-        persist-tun
-        ca ${toString <secrets/dcsovpn/ca.pem>}
-        cert ${toString <secrets/dcsovpn/cert.pem>}
-        key ${toString <secrets/dcsovpn/cert.key>}
-        verb 3
-        mute 20
-        auth-user-pass ${toString <secrets/dcsovpn/login.txt>}
-        route-method exe
-        route-delay 2
-      '';
-      updateResolvConf = true;
-    };
-  };
-}

jeschli/1systems/bln/hardware-configuration.nix

@@ -1,35 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  imports =
-    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sr_mod" "rtsx_pci_sdmmc" ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/25534522-5748-4dcc-a5ca-80a3ac70f59d";
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/496c8889-96db-446d-9bac-60d4347faeac";
-      fsType = "ext4";
-    };
-
-  fileSystems."/home" =
-    { device = "/dev/disk/by-uuid/2785adf5-a99e-49d7-86d6-99f393f457ea";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/927E-01A0";
-      fsType = "vfat";
-    };
-
-  swapDevices = [ ];
-
-  nix.maxJobs = lib.mkDefault 8;
-  powerManagement.cpuFreqGovernor = "powersave";
-
-  hardware.pulseaudio.enable = true;
-}

jeschli/1systems/brauerei/config.nix

@@ -37,6 +37,11 @@
       cd ~/stockholm
       exec nix-shell -I stockholm="$PWD" --run 'deploy  --system="brauerei"'
     '';
+    deploy = pkgs.writeDash "deploy" ''
+      set -eu
+      export SYSTEM="$1"
+      $(nix-build $HOME/stockholm/jeschli/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
+    '';
   };
 
   environment.systemPackages = with pkgs; [
@@ -114,10 +119,12 @@
     # Don't install feh into systemPackages
     # refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
     desktopManager.session = lib.mkForce [];
+    displayManager.lightdm.enable = lib.mkForce false;
+    displayManager.job.execCmd = lib.mkForce "derp";
 
     enable = true;
-    display = 11;
+    display = lib.mkForce 11;
-    tty = 11;
+    tty = lib.mkForce 11;
 
     dpi = 144;
 
@@ -138,6 +145,15 @@
     isNormalUser = true;
     uid = 1001; # TODO genid
   };
+  users.users.dev = {
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      config.krebs.users.lass.pubkey
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
+    ];
+  };
+
 
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"

jeschli/2configs/emacs.nix

@@ -67,7 +67,6 @@ let
   emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [
     epkgs.melpaPackages.evil
     epkgs.melpaStablePackages.magit
-    epkgs.melpaPackages.mmm-mode
     epkgs.melpaPackages.nix-mode
     epkgs.melpaPackages.go-mode
     epkgs.melpaPackages.google-this

jeschli/5pkgs/simple/xmonad-jeschli/default.nix

@@ -222,7 +222,7 @@ myKeys conf = Map.fromList $
 pagerConfig :: PagerConfig
 pagerConfig = def
     { pc_font           = myFont
-    , pc_cellwidth      = 256
+    , pc_cellwidth      = 100
     --, pc_cellheight     = 36 -- TODO automatically keep screen aspect
     --, pc_borderwidth    = 1
     --, pc_matchcolor     = "#f0b000"

jeschli/krops.nix

@@ -29,6 +29,7 @@ in {
 
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
   test = { target }: pkgs.krops.writeTest "${name}-test" {
+    force = true;
     inherit target;
     source = source { test = true; };
   };

krebs/2configs/buildbot-stockholm.nix

@@ -22,6 +22,12 @@
         "http://cgit.ni.r/disko"
         "http://cgit.prism.r/disko"
       ];
+      krops.urls = [
+        "http://cgit.hotdog.r/krops"
+        "http://cgit.ni.r/krops"
+        "http://cgit.prism.r/krops"
+        "https://git.ingolf-wagner.de/krebs/krops.git"
+      ];
       nix_writers.urls = [
         "http://cgit.hotdog.r/nix-writers"
         "http://cgit.ni.r/nix-writers"

krebs/3modules/airdcpp.nix

@@ -0,0 +1,278 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>; #genid
+let
+  cfg = config.krebs.airdcpp;
+
+  out = {
+    options.krebs.airdcpp = api;
+    config = lib.mkIf cfg.enable imp;
+  };
+
+  api = with types;{
+    enable = mkEnableOption "airdcpp";
+
+    package = mkOption {
+      type = package;
+      default = pkgs.airdcpp-webclient;
+    };
+
+    user = mkOption {
+      description = ''
+        user which will run airdcpp. if kept default a new user will be created
+      '';
+      type = str;
+      default = "airdcpp";
+    };
+    extraGroups = mkOption {
+      description = ''extra groups for the user (only for default user)'';
+      type = listOf str;
+      default = [];
+      example = [ "nginx" ];
+    };
+
+    stateDir = mkOption {
+      description = ''
+        directory for storing state (pid,config)
+      '';
+      type = str;
+      default = "/var/lib/airdcpp";
+    };
+    hubs = mkOption {
+        type = attrsOf (submodule ( { config, ... }: {
+          options = {
+            Nick = mkOption {
+              description = ''
+                Nick Name for hub
+              '';
+              type = str;
+              default = cfg.Nick;
+            };
+            Password = mkOption {
+              description = ''
+                Password to be used
+
+                WARNING: will be stored in plain text in /nix/store
+              '';
+              type = str;
+              default = "";
+              apply = lib.removeSuffix "\n";
+            };
+            Server = mkOption {
+              description = ''
+                URL to the hub (must be provided)
+              '';
+              type = str;
+            };
+            AutoConnect = mkOption {
+              description = ''
+                automatically connect to the hub
+              '';
+              type = bool;
+              default = false;
+            };
+          };
+        }));
+        description = "hubs which should be configured via Favorites.xml,
+        Options are only used if no initial Favorites.xml file is provided and none exists";
+        default = {};
+    };
+    initialFavoritesConfigFile = mkOption {
+      description = ''
+        path inital Favorites.xml configuration if none exists
+      '';
+      type = nullOr path;
+      default = null;
+    };
+    dcpp = {
+      # entries in DCPlusPlus.xml
+      Nick = mkOption {
+        description = ''
+          Nick Name for connection
+        '';
+        type = str;
+        default = "kevin";
+      };
+      InPort = mkOption {
+        description = "Input Port";
+        type = int;
+        default = 16849;
+      };
+      UDPPort = mkOption {
+        description = "UDP open Port";
+        type = int;
+        default = 16849;
+      };
+      TLSPort = mkOption {
+        description = "TLS open Port";
+        type = int;
+        default = 16869;
+      };
+      DownloadSpeed = mkOption {
+        description = "Total Download Speed in Mbps/s";
+        type = str;
+        default = "100";
+      };
+      UploadSpeed = mkOption {
+        description = "Total Upload Speed in Mbp/s";
+        type = str;
+        default = "100";
+      };
+      DownloadDirectory = mkOption {
+        description = "Directory, where new files will be saved into";
+        type = str;
+        default = "${cfg.stateDir}/Download";
+      };
+      shares = mkOption {
+        default = {};
+        type = attrsOf (submodule ( { config, ... }: {
+          options = {
+            path = mkOption {
+              description = "path to the share";
+              type = str;
+            };
+            incoming = mkOption {
+              description = "incoming";
+              type = bool;
+              default = false;
+            };
+          };
+        }));
+      };
+      initialConfigFile = mkOption {
+        description = ''
+          path inital DCPlusPlus.xml configuration if none exists
+        '';
+        type = nullOr path;
+        default = null;
+      };
+    };
+    web = {
+      port = mkOption {
+        description = ''web-ui port
+
+        NOTE: once the initial config had been written to the state directory it will not be replaced
+        '';
+        type = int;
+        default = 5600;
+      };
+      initialConfigFile = mkOption {
+        description = ''
+          path inital WebServer.xml configuration if none exists
+        '';
+        type = nullOr path;
+        default = null;
+      };
+      # TODO: tlsPort
+      users = mkOption {
+        type = attrsOf (submodule ( { config, ... }: {
+          options = {
+            password = mkOption {
+              description = "password of user";
+              type = str;
+              apply = lib.removeSuffix "\n";
+            };
+            permissions = mkOption {
+              description = "user permissions";
+              type = str;
+              default = "admin";
+            };
+          };
+        }));
+      };
+    };
+  };
+
+  imp = let
+    genUsers = users: concatMapStringsSep "\n" (user: 
+      ''<WebUser Username="${user.name}" Password="${user.password}" LastLogin="0" Permissions="${user.permissions}"/>'' )
+      (mapAttrsToList (name: val: val // { inherit name; }) users);
+    webConfigFile = if (cfg.web.initialConfigFile == null) then builtins.trace "warning: airdcpp passwords are stored in plain text" pkgs.writeText "initial-config" ''
+      <?xml version="1.0" encoding="utf-8" standalone="yes"?>
+      <WebServer>
+        <Config>
+          <Server Port="${toString cfg.web.port}"/>
+          <TLSServer Port="0" Certificate="" CertificateKey=""/>
+        </Config>
+        <WebUsers>${genUsers cfg.web.users}
+        </WebUsers>
+      </WebServer>
+      '' else cfg.web.initialConfigFile;
+    genHubs = hubs: concatMapStringsSep "\n" (hub:
+      ''<Hub Name="${hub.name}" Connect="${
+          if hub.AutoConnect then "1" else "0"
+        }" Description="" Password="${hub.Password}" Server="${hub.Server}" ChatUserSplit="0" UserListState="1" HubFrameOrder="" HubFrameWidths="" HubFrameVisible="" Group="" Bottom="0" Top="0" Right="0" Left="0" Nick="${hub.Nick}"/>'' )
+      (mapAttrsToList (name: val: val // { inherit name; }) hubs);
+    favoritesConfigFile = if (cfg.initialFavoritesConfigFile == null) then
+    builtins.trace "warning: airdcpp hub passwords are stored in plain text" pkgs.writeText "initial-config" ''
+        <?xml version="1.0" encoding="utf-8" standalone="yes"?>
+        <Favorites>
+          <Hubs>
+            ${genHubs cfg.hubs}
+          </Hubs>
+        </Favorites>
+      '' else cfg.initialFavoritesConfigFile;
+    genShares = shares: concatMapStringsSep "\n" (share:
+      ''<Directory Virtual="${share.name}" Incoming="${
+          if share.incoming then "1" else "0"
+        }" LastRefreshTime="0">${share.path}</Directory>'' )
+      (mapAttrsToList (name: val: val // { inherit name; }) shares);
+    dcppConfigFile = if (cfg.dcpp.initialConfigFile == null) then pkgs.writeText "initial-config" ''
+    <?xml version="1.0" encoding="utf-8" standalone="yes"?>
+    <DCPlusPlus>
+      <Settings>
+        <Nick type="string">${cfg.dcpp.Nick}</Nick>
+        <InPort type="int">${toString cfg.dcpp.InPort}</InPort>
+        <UDPPort type="int">${toString cfg.dcpp.UDPPort}</UDPPort>
+        <TLSPort type="int">${toString cfg.dcpp.TLSPort}</TLSPort>
+         <DownloadDirectory type="string">${cfg.dcpp.DownloadDirectory}</DownloadDirectory>
+        <AutoDetectIncomingConnection type="int">0</AutoDetectIncomingConnection>
+        <NoIpOverride type="int">1</NoIpOverride>
+        <WizardRunNew type="int">0</WizardRunNew>
+        <IPUpdate type="int">0</IPUpdate>
+        <AlwaysCCPM type="int">1</AlwaysCCPM>
+        <DownloadSpeed type="string">${cfg.dcpp.DownloadSpeed}</DownloadSpeed>
+        <UploadSpeed type="string">${cfg.dcpp.UploadSpeed}</UploadSpeed>
+      </Settings>
+      <Share Token="0" Name="Default">
+        ${genShares cfg.dcpp.shares}
+        <NoShare/>
+      </Share>
+      <ChatFilterItems/>
+    </DCPlusPlus>
+    '' else cfg.dcpp.initialConfigFile;
+  in {
+    systemd.services.airdcpp = {
+      description = "airdcpp webui";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      restartIfChanged = true;
+      serviceConfig = {
+        Type = "simple";
+        ExecStartPre = pkgs.writeDash "prepare-env" ''
+          d=${cfg.stateDir}/WebServer.xml
+          test -e $d || install -m700 -o${cfg.user} ${webConfigFile} $d
+          d=${cfg.stateDir}/DCPlusPlus.xml
+          test -e $d || install -m700 -o${cfg.user} ${dcppConfigFile} $d
+          d=${cfg.stateDir}/Favorites.xml
+          test -e $d || install -m700 -o${cfg.user} ${favoritesConfigFile} $d
+        '';
+        PermissionsStartOnly = true;
+        ExecStart = "${cfg.package}/bin/airdcppd -c=${cfg.stateDir} -p=${cfg.stateDir}/airdcpp.pid";
+        PrivateTmp = true;
+        WorkingDirectory = cfg.stateDir;
+        User = "${cfg.user}";
+      };
+    };
+    users = lib.mkIf (cfg.user == "airdcpp") {
+      users.airdcpp = {
+        uid = genid "airdcpp";
+        home = cfg.stateDir;
+        createHome = true;
+        inherit (cfg) extraGroups;
+      };
+      groups.airdcpp.gid = genid "airdcpp";
+    };
+  };
+in
+out
+

krebs/3modules/buildbot/master.nix

@@ -82,6 +82,7 @@ let
       irc = words.IRC("${cfg.irc.server}", "${cfg.irc.nick}",
                       channels=${builtins.toJSON cfg.irc.channels},
                       notify_events={
+                        'started': 1,
                         'success': 1,
                         'failure': 1,
                         'exception': 1,

krebs/3modules/buildbot/slave.nix

@@ -160,8 +160,6 @@ let
         # TODO: maybe also prepare buildbot.tac?
         ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
           set -efux
-          #remove garbage from old versions
-          rm -rf ${workdir}
           mkdir -p ${workdir}/info
           cp ${buildbot-slave-init} ${workdir}/buildbot.tac
           echo ${contact} > ${workdir}/info/admin

krebs/3modules/default.nix

@@ -6,6 +6,7 @@ let
 
   out = {
     imports = [
+      ./airdcpp.nix
       ./announce-activation.nix
       ./apt-cacher-ng.nix
       ./backup.nix

krebs/3modules/jeschli/default.nix

@@ -7,43 +7,6 @@ with import <stockholm/lib>;
     owner = config.krebs.users.jeschli;
     ci = true;
   }) {
-    bln = {
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.27.28";
-          ip6.addr = "42::28";
-          aliases = [
-            "bln.r"
-          ];
-          tinc.pubkey = ''
-            -----BEGIN RSA PUBLIC KEY-----
-            MIIECgKCBAEAwoN2f6iyQ1Wnk4rZVqhovny8VpwWvC9buE+NoedRaxmWmA5QIP02
-            BLwTWFKnbiKOQiYN+a4m/JKs0fFOjYCa2EKhqWWKwdEIN4wJTq8zrjzIaa2rdz+8
-            tamE+8rSYDE+RbJ6Gs3SUDfwcxJT6FXCi3JYoirdhAssLSwTf9d5IsfXvkKMabky
-            FpY9Im51utmIR8UmYL4Ti7dEaOxif+5Hgl1LuitC8e2IIZJhXJprK9tJk9J0LRWt
-            PUM31IG1+A2hNBzs5hferLmmwFvYF1sJ22NtFepxVyOLaLcLEFKWHyU+14qEMSgL
-            acsu0lgVZ4A1TY6vVBmawfVCzUzRfalNIty1x+qDA4MB1RQ4W7ivWCjd/+wirSyc
-            BLxCvriXRdUwPIRoHy0kNMmS83HGm2iv2IrHUrcH8lyJvMys216J2lCF2arRVnBn
-            lArObfR3mXgd/YoANmZ4cinLAjLCjCjXfOe39+pvTFph6WnDt4gOO+tQlnCk19Fa
-            NoiK1THcuZiFVE+4CAXVmstNqYKSMgw+Upw7/t6iUzur98iwKpcicomhJjGVVtbg
-            2iDf4lYVrUyb7iPns2T4EzAuHk7iESktEASU5creSbWYRu/4uyhuNlUoiCpVOEKg
-            H9jkrLlCpQGv/GmgdH9oj35Dsv5TINauCT2jjWV65wcKAlvyafy5UtLyF4HBRHaM
-            2xyxC9gxr8bmeOFyOnHVJQvpkeLxyaRp/VppjCTzr82TQvpZd5a+tISIbDGfqX1o
-            cEyPsowb3KHNtW9DqRBp+80fPGnQHsNjVXbJb37wjpnR/ePg/XyENbZF/OQEsjqt
-            bki8hZQXKJAFyx1bq/2A1q4ocx7JlJKynL4szG1unHbSPKNH2OOVvoezuP7e+lXU
-            gnzrSbe9lPIOp4Vu1HjWOi6tNWZFoZrSHVIK+VGxm+wm/HoS+Enj4Yq+vRvU3luv
-            UllR5KHHK2970RbFEUE0zaVMZjQn5KgJjFXfqfrCztp0wZ5CQo+tRFPq35llaIQ2
-            0WyT2IZlxt1Xr2IpOM0DpO4SJnivZT/wdZN7upzsUPf4a9suztpA3KcKAKqH0OM5
-            fv2/LXspc73vACAOZ9qDJnwp8bFrMOaQdAL1oPpOLB3yYTDA3E20IAQ6OKoSy1Nl
-            B4coqo1gBCcMrWwVFYAuc5J4itXJ0SSj67+WUnuDzPm88LI3g+AO0r1m6k6YdA58
-            SeNxYPMLYNLRg86rsjKjXu+QyvBsd04O/QvIxpTFCtdjbUXNS1H4++/inYZSwWPp
-            U0lN9erLJbwr4WqU/Mn6J+jKijXwmCSiF5if5baszMsOL/0u9yFt6OcaLyehE3sJ
-            eAo00n9phSna0lxtbtRnh/Gd4D7rFcX33wIDAQAB
-            -----END RSA PUBLIC KEY-----
-          '';
-        };
-      };
-    };
     brauerei = {
       nets = {
         retiolum = {

krebs/3modules/lass/default.nix

@@ -494,6 +494,44 @@ with import <stockholm/lib>;
         };
       };
     };
+    eve = {
+      monitoring = false;
+      ci = false;
+      external = true;
+      nets = rec {
+        internet = {
+          # eve.thalheim.io
+          ip4.addr = "188.68.39.17";
+          ip6.addr = "2a03:4000:13:31e::1";
+          aliases = [ "eve.i" ];
+        };
+        retiolum = rec {
+          via = internet;
+          addrs = [
+            ip4.addr
+            ip6.addr
+          ];
+          ip4.addr = "10.243.29.174";
+          ip6.addr = "42:4992:6a6d:a00::1";
+          aliases = [ "eve.r" ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH
+            XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82
+            08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk
+            6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI
+            +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3
+            dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW
+            pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP
+            c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi
+            YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI
+            61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13
+            Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ==
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+    };
     xerxes = {
       cores = 2;
       nets = rec {

krebs/3modules/makefu/default.nix

@@ -4,7 +4,9 @@ with import <stockholm/lib>;
 ## generate keys with:
 # tinc generate-keys
 # ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
-{
+let
+  pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
+in {
   hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
     cake = rec {
       cores = 4;
@@ -590,6 +592,8 @@ with import <stockholm/lib>;
             "cache.gum.r"
             "logs.makefu.r"
             "stats.makefu.r"
+            "backup.makefu.r"
+            "dcpp.nextgum.r"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -654,6 +658,7 @@ with import <stockholm/lib>;
             "wiki.gum.r"
             "blog.makefu.r"
             "blog.gum.r"
+            "dcpp.gum.r"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -1099,48 +1104,48 @@ with import <stockholm/lib>;
   users = rec {
     makefu = {
       mail = "makefu@x.r";
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x";
+      pubkey = pub-for "makefu.x";
       pgp.pubkeys.default = builtins.readFile ./pgp/default.asc;
       pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc;
     };
     makefu-omo = {
       inherit (makefu) mail pgp;
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch";
+      pubkey = pub-for "makefu.omo";
     };
     makefu-tsp = {
       inherit (makefu) mail pgp;
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp";
+      pubkey = pub-for "makefu.tsp";
     };
     makefu-vbob = {
       inherit (makefu) mail pgp;
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob";
+      pubkey = pub-for "makefu.vbob";
     };
     makefu-tempx = {
       inherit (makefu) mail pgp;
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum";
+      pubkey = pub-for "makefu.tempx";
     };
     makefu-android = {
       inherit (makefu) mail pgp;
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x";
+      pubkey = pub-for "makefu.android";
     };
     makefu-remote-builder = {
       inherit (makefu) mail pgp;
-      pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild";
+      pubkey = pub-for "makefu.remote-builder";
     };
     makefu-bob = {
       inherit (makefu) mail pgp;
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";
+      pubkey = pub-for "makefu.bob";
     };
     ciko = {
       mail = "wieczorek.stefan@googlemail.com";
     };
     ulrich = {
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de";
+      pubkey = pub-for "ulrich";
       mail = "shackspace.de@myvdr.de";
     };
     exco = {
       mail = "dickbutt@excogitation.de";
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de";
+      pubkey = pub-for "exco";
     };
   };
 }

krebs/3modules/makefu/ssh/exco.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de

krebs/3modules/makefu/ssh/makefu.android.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x

krebs/3modules/makefu/ssh/makefu.bob.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD

krebs/3modules/makefu/ssh/makefu.omo.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch

krebs/3modules/makefu/ssh/makefu.remote-builder.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild

krebs/3modules/makefu/ssh/makefu.tempx.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum

krebs/3modules/makefu/ssh/makefu.tsp.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp

krebs/3modules/makefu/ssh/makefu.vbob.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob

krebs/3modules/makefu/ssh/makefu.x.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x

krebs/3modules/makefu/ssh/ulrich.pub

@@ -0,0 +1 @@
+AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de

krebs/5pkgs/simple/Reaktor/default.nix

@@ -2,7 +2,7 @@
 
 python3Packages.buildPythonPackage rec {
   name = "Reaktor-${version}";
-  version = "0.6.0";
+  version = "0.6.2";
 
   doCheck = false;
 
@@ -14,7 +14,7 @@ python3Packages.buildPythonPackage rec {
     owner = "krebs";
     repo = "Reaktor";
     rev = version;
-    sha256 = "0nsnv1rixmlg5wkb74b4f5bycb42b9rp4b14hijh558hbsa1b9am";
+    sha256 = "0h8pj0x9b5fnxddwrc0f63rxd3275v5phmjc0fv4kiwlzvbcxj6m";
   };
   meta = {
     homepage = http://krebsco.de/;

krebs/5pkgs/simple/Reaktor/plugins.nix

@@ -120,7 +120,7 @@ rec {
   url-title = (buildSimpleReaktorPlugin "url-title" {
     pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$";
     path = with pkgs; [ curl perl ];
-    script = pkgs.writePython3 "url-title" { deps = [ "beautifulsoup4" "lxml" ]; } ''
+    script = pkgs.writePython3 "url-title" { deps = with pkgs.python3Packages; [ beautifulsoup4 lxml ]; } ''
       import cgi
       import sys
       import urllib.request

krebs/5pkgs/simple/airdcpp-webclient/default.nix

@@ -0,0 +1,28 @@
+{ stdenv, fetchurl, makeWrapper, which
+}:
+stdenv.mkDerivation rec {
+  name = "airdcpp-webclient-${version}";
+  version = "2.3.0";
+  
+  src = fetchurl {
+    url = http://web-builds.airdcpp.net/stable/airdcpp_2.3.0_webui-2.3.0_64-bit_portable.tar.gz;
+    sha256 = "0yvcl0nc70fghc7vfsgvbpryi5q97arld8adql4way4qa0mdnyv1";
+  };
+
+  phases = [ "unpackPhase" "installPhase" ];
+  installPhase = ''
+    mkdir -p $out/{share,bin}
+    cp -r *  $out/share
+    makeWrapper $out/share/airdcppd $out/bin/airdcppd --prefix PATH ${which}/bin
+  '';
+  nativeBuildInputs = [ makeWrapper ];
+
+  meta = with stdenv.lib; {
+    # to start it: airdcpp -p=<pid-file> -c=<config-store-path (must be writeable)> --configure
+    description = "dcpp client (statically precompiled)";
+    homepage = http://fixme;
+    license = licenses.gpl3;
+    maintainers = with maintainers; [ makefu ];
+    platforms = with platforms; linux;
+  };
+}

krebs/5pkgs/simple/buildbot-classic/default.nix

@@ -2,7 +2,7 @@
 
 python2Packages.buildPythonApplication rec {
   name = "buildbot-classic-${version}";
-  version = "0.8.17";
+  version = "0.8.18";
   namePrefix = "";
   patches = [];
 
@@ -10,14 +10,14 @@ python2Packages.buildPythonApplication rec {
     owner = "krebs";
     repo = "buildbot-classic";
     rev = version;
-    sha256 = "0yn0n37rs2bhz9q0simnvyzz5sfrpqhbdm6pdj6qk7sab4y6xbq8";
+    sha256 = "0b4y3n9zd2gdy8xwk1vpvs4n9fbg72vi8mx4ydgijwngcmdqkjmq";
   };
   postUnpack = "sourceRoot=\${sourceRoot}/master";
 
   propagatedBuildInputs = [
     python2Packages.jinja2
     python2Packages.twisted
-    python2Packages.dateutil_1_5
+    python2Packages.dateutil
     python2Packages.sqlalchemy_migrate
     python2Packages.pysqlite
     pkgs.coreutils

krebs/5pkgs/simple/repo-sync/default.nix

@@ -3,7 +3,6 @@
 with python3Packages; buildPythonPackage rec {
   name = "repo-sync-${version}";
   version = "0.2.7";
-  disabled = isPy26 || isPy27;
   propagatedBuildInputs = [
     docopt
     GitPython

krebs/krops.nix

@@ -1,9 +1,6 @@
 { name }: rec {
 
-  krops = builtins.fetchGit {
+  krops = ../submodules/krops;
-    url = https://cgit.krebsco.de/krops/;
-    rev = "c46166d407c7d246112f13346621a3fbdb25889e";
-  };
 
   lib = import "${krops}/lib";
 
@@ -57,6 +54,7 @@
 
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
   test = { target }: pkgs.krops.writeTest "${name}-test" {
+    force = true;
     inherit target;
     source = source { test = true; };
   };

krebs/nixpkgs.json

@@ -1,7 +1,7 @@
 {
   "url": "https://github.com/NixOS/nixpkgs-channels",
-  "rev": "a37638d46706610d12c9747614fd1b8f8d35ad48",
+  "rev": "81f5c2698a87c65b4970c69d472960c574ea0db4",
-  "date": "2018-08-30T21:03:26+02:00",
+  "date": "2018-10-17T20:48:45-04:00",
-  "sha256": "0rsdkk4z7pkqr2mw0pq7i6fkqs7gbi5kral3c8smm9bw104sn8v7",
+  "sha256": "0p4x9532d3qlbykyyq8zk62k8py9mxd1s7zgbv54zmv597rs5y35",
-  "fetchSubmodules": true
+  "fetchSubmodules": false
 }

krebs/update-channel.sh

@@ -3,7 +3,7 @@ dir=$(dirname $0)
 oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
 nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
   --url https://github.com/NixOS/nixpkgs-channels \
-  --rev refs/heads/nixos-18.03' \
+  --rev refs/heads/nixos-18.09' \
 > $dir/nixpkgs.json
 newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
 git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"

lass/1systems/mors/config.nix

@@ -77,6 +77,7 @@ with import <stockholm/lib>;
       environment.systemPackages = [
         pkgs.ovh-zone
         pkgs.bank
+        pkgs.adb-sync
       ];
     }
     {
@@ -143,7 +144,6 @@ with import <stockholm/lib>;
     OnCalendar = "00:37";
   };
 
-  nix.package = pkgs.nixUnstable;
   programs.adb.enable = true;
   users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
   virtualisation.docker.enable = true;

lass/1systems/prism/config.nix

@@ -291,16 +291,6 @@ with import <stockholm/lib>;
       ];
     }
     {
-      services.nginx = {
-        enable = true;
-        virtualHosts."radio.lassul.us" = {
-          forceSSL = true;
-          enableACME = true;
-          locations."/".extraConfig = ''
-            proxy_pass http://localhost:8000;
-          '';
-        };
-      };
     }
     {
       lass.nichtparasoup.enable = true;

lass/1systems/prism/physical.nix

@@ -3,27 +3,39 @@
   imports = [
     ./config.nix
     {
-      networking.interfaces.et0.ipv4.addresses = [
+      boot.kernelParams = [ "net.ifnames=0" ];
-        {
+      networking = {
-          address = config.krebs.build.host.nets.internet.ip4.addr;
+        defaultGateway = "46.4.114.225";
+        # Use google's public DNS server
+        nameservers = [ "8.8.8.8" ];
+        interfaces.eth0 = {
+          ipAddress = "46.4.114.247";
           prefixLength = 27;
-        }
+        };
-        {
+      };
-          address = "46.4.114.243";
+      # TODO use this network config
-          prefixLength = 27;
+      #networking.interfaces.et0.ipv4.addresses = [
-        }
+      #  {
-      ];
+      #    address = config.krebs.build.host.nets.internet.ip4.addr;
-      networking.defaultGateway = "46.4.114.225";
+      #    prefixLength = 27;
-      networking.nameservers = [
+      #  }
-        "8.8.8.8"
+      #  {
-      ];
+      #    address = "46.4.114.243";
-      services.udev.extraRules = ''
+      #    prefixLength = 27;
-        SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
+      #  }
-      '';
+      #];
+      #networking.defaultGateway = "46.4.114.225";
+      #networking.nameservers = [
+      #  "8.8.8.8"
+      #];
+      #services.udev.extraRules = ''
+      #  SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
+      #'';
     }
     {
       imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
 
+      networking.hostId = "fb4173ea";
       boot.loader.grub = {
         devices = [
           "/dev/sda"
@@ -40,45 +52,25 @@
 
       boot.kernelModules = [ "kvm-intel" ];
 
-      fileSystems."/" = {
-        device = "/dev/pool/nix_root";
-        fsType = "ext4";
-      };
-
-      fileSystems."/tmp" = {
-        device = "tmpfs";
-        fsType = "tmpfs";
-        options = ["nosuid" "nodev" "noatime"];
-      };
-
-      fileSystems."/var/download" = {
-        device = "/dev/pool/download";
-        fsType = "ext4";
-      };
-
-      fileSystems."/srv/http" = {
-        device = "/dev/pool/http";
-        fsType = "ext4";
-      };
-
-      fileSystems."/home" = {
-        device = "/dev/pool/home";
-        fsType = "ext4";
-      };
-
-      fileSystems."/bku" = {
-        device = "/dev/pool/bku";
-        fsType = "ext4";
-      };
-
-      swapDevices = [
-        { label = "swap1"; }
-        { label = "swap2"; }
-      ];
-
       sound.enable = false;
       nixpkgs.config.allowUnfree = true;
       time.timeZone = "Europe/Berlin";
+
+      fileSystems."/" = {
+        device = "rpool/root/nixos";
+        fsType = "zfs";
+      };
+
+      fileSystems."/home" = {
+        device = "rpool/home";
+        fsType = "zfs";
+      };
+
+      fileSystems."/boot" = {
+        device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d";
+        fsType = "ext4";
+      };
+
     }
   ];
 

lass/2configs/baseX.nix

@@ -71,7 +71,6 @@ in {
     lm_sensors
     ncdu
     nix-index
-    nix-repl
     nmap
     pavucontrol
     powertop

lass/2configs/exim-smarthost.nix

@@ -89,6 +89,7 @@ with import <stockholm/lib>;
       { from = "cis@lassul.us"; to = lass.mail; }
       { from = "afra@lassul.us"; to = lass.mail; }
       { from = "ksp@lassul.us"; to = lass.mail; }
+      { from = "ccc@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }

lass/2configs/games.nix

@@ -57,7 +57,6 @@ let
 
 in {
   environment.systemPackages = with pkgs; [
-    (dwarf-fortress.override { theme = dwarf-fortress-packages.phoebus-theme; })
     doom1
     doom2
     vdoom1

lass/2configs/git.nix

@@ -50,18 +50,38 @@ let
       cgit.desc = "take a description of your disk layout and produce a format script";
       cgit.section = "software";
     };
+    go = {
+      cgit.desc = "url shortener";
+      cgit.section = "software";
+    };
     krebspage = {
       cgit.desc = "homepage of krebs";
       cgit.section = "configuration";
     };
+    krops = {
+      cgit.desc = "krebs deployment";
+      cgit.section = "software";
+    };
     news = {
       cgit.desc = "take a rss feed and a timeout and print it to stdout";
       cgit.section = "software";
     };
+    newsbot-js = {
+      cgit.desc = "print rss feeds to irc channels";
+      cgit.section = "software";
+    };
+    nix-user-chroot = {
+      cgit.desc = "Fork of nix-user-chroot by lethalman";
+      cgit.section = "software";
+    };
     nix-writers = {
       cgit.desc = "high level writers for nix";
       cgit.section = "software";
     };
+    nixos-generators = {
+      cgit.desc = "custom image builders";
+      cgit.section = "software";
+    };
     nixpkgs = {
       cgit.desc = "nixpkgs fork";
       cgit.section = "configuration";
@@ -81,14 +101,6 @@ let
       cgit.desc = "Good Music collection + tools";
       cgit.section  = "art";
     };
-    nix-user-chroot = {
-      cgit.desc = "Fork of nix-user-chroot by lethalman";
-      cgit.section = "software";
-    };
-    krops = {
-      cgit.desc = "krebs deployment";
-      cgit.section = "software";
-    };
     xmonad-stockholm = {
       cgit.desc = "krebs xmonad modules";
       cgit.section = "configuration";

lass/2configs/mail.nix

@@ -210,6 +210,7 @@ in {
   environment.systemPackages = [
     msmtp
     mutt
+    pkgs.notmuch
     pkgs.much
     tag-new-mails
     tag-old-mails

lass/2configs/radio.nix

@@ -36,8 +36,9 @@ in {
       home = "/home/${name}";
       useDefaultShell = true;
       createHome = true;
-      openssh.authorizedKeys.keys = [
+      openssh.authorizedKeys.keys = with config.krebs.users; [
-        config.krebs.users.lass.pubkey
+        lass.pubkey
+        lass-mors.pubkey
       ];
     };
   };
@@ -131,6 +132,30 @@ in {
     };
   };
 
+  systemd.services.radio-recent = let
+    recentlyPlayed = pkgs.writeDash "recentlyPlayed" ''
+      LIMIT=1000 #how many tracks to keep in the history
+      HISTORY_FILE=/tmp/played
+      while :; do
+        ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null
+        ${pkgs.mpc_cli}/bin/mpc current -f %file%
+      done | while read track; do
+        echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE"
+        echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
+      done
+    '';
+  in {
+    description = "radio recently played";
+    after = [ "mpd.service" "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    restartIfChanged = true;
+
+    serviceConfig = {
+      ExecStart = recentlyPlayed;
+    };
+  };
+
   krebs.Reaktor.playlist = {
     nickname = "the_playlist|r";
     channels = [
@@ -157,27 +182,40 @@ in {
       })
     ];
   };
-  services.nginx.virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let
+  services.nginx = {
-    html = pkgs.writeText "index.html" ''
+    enable = true;
-      <!DOCTYPE html>
+    virtualHosts."radio.lassul.us" = {
-      <html lang="en">
+      forceSSL = true;
-        <head>
+      enableACME = true;
-          <meta charset="utf-8">
+      locations."/".extraConfig = ''
-          <title>lassulus playlist</title>
+        proxy_pass http://localhost:8000;
-        </head>
+      '';
-        <body>
+      locations."/recent".extraConfig = ''
-          <div style="display:inline-block;margin:0px;padding:0px;overflow:hidden">
+        alias /tmp/played;
-            <iframe src="https://kiwiirc.com/client/irc.freenode.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
+      '';
-          </div>
+    };
-          <div style="position:absolute;bottom:1px;display:inline-block;background-color:red;">
+    virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let
-            <audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio>
+      html = pkgs.writeText "index.html" ''
-          </div>
+        <!DOCTYPE html>
-          <!-- page content -->
+        <html lang="en">
-        </body>
+          <head>
-      </html>
+            <meta charset="utf-8">
+            <title>lassulus playlist</title>
+          </head>
+          <body>
+            <div style="display:inline-block;margin:0px;padding:0px;overflow:hidden">
+              <iframe src="https://kiwiirc.com/client/irc.freenode.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
+            </div>
+            <div style="position:absolute;bottom:1px;display:inline-block;background-color:red;">
+              <audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio>
+            </div>
+            <!-- page content -->
+          </body>
+        </html>
+      '';
+    in ''
+      default_type "text/html";
+      alias ${html};
     '';
-  in ''
+  };
-    default_type "text/html";
-    alias ${html};
-  '';
 }

lass/2configs/reaktor-coders.nix

@@ -63,24 +63,6 @@ with import <stockholm/lib>;
             -e "@kind $1"
         '';
       })
-      (buildSimpleReaktorPlugin "random-unicorn-porn" {
-        pattern = "^!rup$$";
-        script = pkgs.writePython2 "rup" {} ''
-          t1 = """
-                              _.
-                           ;=',_ ()
-                 8===D~~  S" .--`||
-                         sS  \__ ||
-                      __.' ( \-->||
-                   _=/    _./-\/ ||
-          8===D~~ ((\( /-'   -'l ||
-                   ) |/ \\      (_))
-                      \\  \\
-                       '~ '~
-          """
-          print(t1)
-        '';
-      })
       (buildSimpleReaktorPlugin "ping" {
         pattern = "^!ping (?P<args>.*)$$";
         script = pkgs.writeDash "ping" ''

lass/2configs/urxvt.nix

@@ -5,7 +5,7 @@ with import <stockholm/lib>;
   services.urxvtd.enable = true;
 
   krebs.xresources.resources.urxvt = ''
-    URxvt*SaveLines: 1000000
+    URxvt.saveLines:            100000
     URxvt*scrollBar:            false
     URxvt*urgentOnBell:         true
     URxvt.perl-ext-common:      default,clipboard,url-select,keyboard-select

lass/2configs/vim.nix

@@ -2,20 +2,13 @@
 
 with import <stockholm/lib>;
 let
-  unstable_nixpkgs = import (pkgs.fetchFromGitHub {
-    owner = "NixOS";
-    repo = "nixpkgs";
-    rev = "a8c71037e041725d40fbf2f3047347b6833b1703";
-    sha256 = "1z4cchcw7qgjhy0x6mnz7iqvpswc2nfjpdynxc54zpm66khfrjqw";
-  }) {};
   out = {
     environment.systemPackages = [
       (hiPrio vim)
-      pkgs.python35Packages.flake8
       (pkgs.writeDashBin "govet" ''
         go vet "$@"
       '')
-      (hiPrio (unstable_nixpkgs.python3.withPackages (ps: [
+      (hiPrio (pkgs.python3.withPackages (ps: [
         ps.python-language-server
         ps.pyls-isort
       ])))
@@ -70,6 +63,8 @@ let
     au Syntax * syn match Garbage containedin=ALL /\s\+$/
             \ | syn match TabStop containedin=ALL /\t\+/
             \ | syn keyword Todo containedin=ALL TODO
+            \ | syn match NBSP '\%xa0'
+            \ | syn match NarrowNBSP '\%u202F'
 
     au BufRead,BufNewFile *.hs so ${hs.vim}
 
@@ -135,7 +130,7 @@ let
     pkgs.vimPlugins.undotree
     pkgs.vimPlugins.vim-go
     pkgs.vimPlugins.fzf-vim
-    unstable_nixpkgs.vimPlugins.LanguageClient-neovim
+    pkgs.vimPlugins.LanguageClient-neovim
     (pkgs.vimUtils.buildVimPlugin {
       name = "file-line-1.0";
       src = pkgs.fetchFromGitHub {
@@ -172,6 +167,8 @@ let
 
         hi Garbage      ctermbg=088
         hi TabStop      ctermbg=016
+        hi NBSP         ctermbg=094
+        hi NarrowNBSP   ctermbg=097
         hi Todo         ctermfg=174 ctermbg=NONE
 
         hi NixCode      ctermfg=148

lass/2configs/websites/domsen.nix

@@ -66,6 +66,12 @@ in {
     ])
   ];
 
+  services.mysql.ensureDatabases = [ "ubikmedia_de" "o_ubikmedia_de" ];
+  services.mysql.ensureUsers = [
+    { ensurePermissions = { "ubikmedia_de.*" = "ALL"; }; name = "nginx"; }
+    { ensurePermissions = { "o_ubikmedia_de.*" = "ALL"; }; name = "nginx"; }
+  ];
+
   services.nginx.virtualHosts."ubikmedia.de".locations."/piwika".extraConfig = ''
     try_files $uri $uri/ /index.php?$args;
   '';

lass/2configs/websites/lassulus.nix

@@ -145,8 +145,9 @@ in {
     home = "/srv/http/lassul.us";
     useDefaultShell = true;
     createHome = true;
-    openssh.authorizedKeys.keys = [
+    openssh.authorizedKeys.keys = with config.krebs.users; [
-      config.krebs.users.lass.pubkey
+      lass.pubkey
+      lass-mors.pubkey
     ];
   };
 }

lass/3modules/xjail.nix

@@ -120,10 +120,13 @@ with import <stockholm/lib>;
           ${pkgs.coreutils}/bin/kill $WM_PID
           ${pkgs.coreutils}/bin/kill $XEPHYR_PID
         '';
+        # TODO fix xephyr which doesn't honor resizes anymore
         sudo_ = pkgs.writeDash "${cfg.name}-sudo" (if cfg.vglrun then ''
           /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@"
         '' else ''
-          /var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@"
+          #/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@"
+          /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@"
+
         '');
         vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" ''
           DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@"
@@ -163,7 +166,7 @@ with import <stockholm/lib>;
 
     lass.xjail-bins = mapAttrs' (name: cfg:
       nameValuePair name (pkgs.writeScriptBin cfg.name ''
-        ${scripts.${name}.existing} "$@"
+        ${scripts.${name}.sudo} "$@"
       '')
     ) config.lass.xjail;
   };

lass/5pkgs/custom/xmonad-lass/default.nix

@@ -31,6 +31,7 @@ import XMonad.Actions.CycleWS (toggleWS)
 import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
 import XMonad.Actions.DynamicWorkspaces (withWorkspace)
 import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
+import XMonad.Actions.Minimize (minimizeWindow, maximizeWindow, withLastMinimized)
 import XMonad.Hooks.EwmhDesktops (ewmh)
 import XMonad.Hooks.FloatNext (floatNext)
 import XMonad.Hooks.FloatNext (floatNextHook)
@@ -39,7 +40,7 @@ import XMonad.Hooks.Place (placeHook, smart)
 import XMonad.Hooks.UrgencyHook (focusUrgent)
 import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
 import XMonad.Layout.FixedColumn (FixedColumn(..))
-import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
+import XMonad.Layout.Minimize (minimize)
 import XMonad.Layout.NoBorders (smartBorders)
 import XMonad.Layout.SimplestFloat (simplestFloat)
 import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
@@ -135,7 +136,7 @@ myKeyMap =
     , ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
 
     , ("M4-m", withFocused minimizeWindow)
-    , ("M4-S-m", sendMessage RestoreNextMinimizedWin)
+    , ("M4-S-m", withLastMinimized maximizeWindow)
 
     , ("M4-q", windowPromptGoto infixAutoXPConfig)
     , ("M4-C-q", windowPromptBringCopy infixAutoXPConfig)

lass/krops.nix

@@ -22,13 +22,14 @@
 
 in {
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
-  deploy = pkgs.krops.writeDeploy "${name}-deploy" {
+  deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
     source = source { test = false; };
-    target = "root@${name}/var/src";
+    inherit target;
   };
 
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
   test = { target }: pkgs.krops.writeTest "${name}-test" {
+    force = true;
     inherit target;
     source = source { test = true; };
   };

makefu/1systems/nextgum/config.nix

@@ -25,11 +25,12 @@ in {
 
       <stockholm/makefu/2configs/git/cgit-retiolum.nix>
       <stockholm/makefu/2configs/backup.nix>
-      <stockholm/makefu/2configs/exim-retiolum.nix>
+      # <stockholm/makefu/2configs/exim-retiolum.nix>
       <stockholm/makefu/2configs/tinc/retiolum.nix>
 
       # services
       <stockholm/makefu/2configs/sabnzbd.nix>
+      <stockholm/makefu/2configs/mail/mail.euer.nix>
 
       # sharing
       <stockholm/makefu/2configs/share/gum.nix>
@@ -73,6 +74,7 @@ in {
       #<stockholm/makefu/2configs/nginx/update.connector.one.nix>
       #<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
       <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
+      <stockholm/makefu/2configs/nginx/iso.euer.nix>
       <stockholm/makefu/2configs/deployment/events-publisher>
 
       #<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
@@ -94,6 +96,7 @@ in {
 
 
       <stockholm/makefu/2configs/stats/client.nix>
+      <stockholm/makefu/2configs/dcpp/airdcpp.nix>
       # <stockholm/makefu/2configs/logging/client.nix>
 
       ## Temporary:

makefu/1systems/nextgum/hardware-config.nix

@@ -41,11 +41,12 @@ in {
   boot.loader.grub.enable = true;
   boot.loader.grub.version = 2;
   boot.loader.grub.devices = [ main-disk ];
+  boot.initrd.kernelModules = [  "dm-raid" ];
   boot.initrd.availableKernelModules = [
     "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
     "xhci_pci" "ehci_pci" "ahci" "sd_mod"
   ];
-  boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ];
+  boot.kernelModules = [ "kvm-intel"  ];
   hardware.enableRedistributableFirmware = true;
   fileSystems."/" = {
     device = "/dev/mapper/nixos-root";
@@ -59,6 +60,10 @@ in {
     device = "/dev/mapper/nixos-download";
     fsType = "ext4";
   };
+  fileSystems."/var/lib/borgbackup" = {
+    device = "/dev/mapper/nixos-backup";
+    fsType = "ext4";
+  };
   fileSystems."/boot" = {
     device = "/dev/sda2";
     fsType = "vfat";
@@ -79,8 +84,12 @@ in {
   #vgcreate nixos /dev/sda3 /dev/sdb1
   #lvcreate -L 120G -m 1 -n root nixos
   #lvcreate -L 50G -m 1 -n lib nixos
-  #lvcreate -L 50G -n download nixos
+  #lvcreate -L 100G -n download nixos
+  #lvcreate -L 100G -n backup nixos
   #mkfs.ext4 /dev/mapper/nixos-root
+  #mkfs.ext4 /dev/mapper/nixos-lib
+  #mkfs.ext4 /dev/mapper/nixos-download
+  #mkfs.ext4 /dev/mapper/nixos-borgbackup
   #mount /dev/mapper/nixos-root /mnt
   #mkdir /mnt/boot
   #mount /dev/sda2 /mnt/boot

makefu/1systems/x/config.nix

@@ -7,6 +7,10 @@
     [ # base
       <stockholm/makefu>
       <stockholm/makefu/2configs/nur.nix>
+      <stockholm/makefu/2configs/home-manager>
+      <stockholm/makefu/2configs/home-manager/desktop.nix>
+      <stockholm/makefu/2configs/home-manager/cli.nix>
+      <stockholm/makefu/2configs/home-manager/mail.nix>
       <stockholm/makefu/2configs/main-laptop.nix>
       <stockholm/makefu/2configs/extra-fonts.nix>
       <stockholm/makefu/2configs/tools/all.nix>

makefu/1systems/x/source.nix

@@ -6,5 +6,6 @@
   unstable = true;
   mic92 = true;
   clever_kexec = true;
+  home-manager = true;
   # torrent = true;
 }

makefu/2configs/dcpp/airdcpp.nix

@@ -0,0 +1,48 @@
+{ config, ... }:
+{
+  krebs.airdcpp = {
+    enable = true;
+    extraGroups = [ "download" ];
+    web.port = 5600;
+    web.users.makefu.password = builtins.readFile <secrets/airdcpp-makefu.pw>; # watch out for newline!
+    hubs."krebshub" =
+    { Nick = "makefu-${config.krebs.build.host.name}";
+      Password = builtins.readFile <secrets/krebshub.pw>;
+      Server = "adcs://hub.nsupdate.info:411";
+      AutoConnect = true;
+    };
+    dcpp = {
+      shares = {
+        # Incoming must be writeable!
+        incoming = { path = config.makefu.dl-dir + "/finished/dcpp"; incoming = true; };
+        audiobooks.path = config.makefu.dl-dir + "/finished/audiobooks";
+      };
+      Nick = "makefu";
+      DownloadSpeed = "1000";
+      UploadSpeed = "1000";
+    };
+  };
+  networking.firewall.allowedTCPPorts =
+  [ config.krebs.airdcpp.dcpp.InPort
+    config.krebs.airdcpp.dcpp.TLSPort
+  ];
+  networking.firewall.allowedUDPPorts = [ config.krebs.airdcpp.dcpp.UDPPort ];
+
+  services.nginx.virtualHosts."dcpp.${config.krebs.build.host.name}.r".locations."/" =
+  { proxyPass = "http://localhost:${toString config.krebs.airdcpp.web.port}/";
+
+    extraConfig = ''
+      proxy_set_header   Host $host;
+      proxy_set_header   X-Real-IP          $remote_addr;
+      proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+      gzip_types      text/plain application/javascript;
+
+      # Proxy websockets
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+
+    '';
+  };
+
+}

makefu/2configs/default.nix

@@ -10,14 +10,27 @@ with import <stockholm/lib>;
     }
     ./editor/vim.nix
     ./binary-cache/nixos.nix
+    ./minimal.nix
   ];
 
+  # users are super important
+  users.users = {
+    root = {
+        openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
+    };
+    makefu = {
+      uid = 9001;
+      group = "users";
+      home = "/home/makefu";
+      createHome = true;
+      useDefaultShell = true;
+      extraGroups = [ "wheel" ];
+        openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
+    };
+  };
+
   boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
 
-  programs.command-not-found.enable = false;
-
-  nix.package = pkgs.nixUnstable;
-
   nixpkgs.config.allowUnfreePredicate =  (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
   krebs = {
     enable = true;
@@ -27,90 +40,23 @@ with import <stockholm/lib>;
     build.user = config.krebs.users.makefu;
   };
 
-  users.extraUsers = {
-    root = {
-        openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
-    };
-    makefu = {
-      uid = 9001;
-      group = "users";
-      home = "/home/makefu";
-      createHome = true;
-      useDefaultShell = true;
-      extraGroups = [
-        "wheel"
-      ];
-        openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
-    };
-  };
 
-  networking.hostName = config.krebs.build.host.name;
-  nix.maxJobs = 2;
-  nix.buildCores = config.krebs.build.host.cores;
 
-  time.timeZone = "Europe/Berlin";
-
-  programs.ssh = {
-    startAgent = false;
-  };
-  services.openssh.enable = true;
-  nix.useSandbox = true;
-
-  users.mutableUsers = false;
 
   boot.tmpOnTmpfs = true;
-
-  networking.firewall.rejectPackets = true;
-  networking.firewall.allowPing = true;
-
   systemd.tmpfiles.rules = [
     "d /tmp 1777 root root - -"
   ];
-  nix.nixPath = [ "/var/src" ];
-  environment.variables = let
-    ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
-  in {
-    NIX_PATH = mkForce "/var/src";
-    EDITOR = mkForce "vim";
-    CURL_CA_BUNDLE = ca-bundle;
-    GIT_SSL_CAINFO = ca-bundle;
-    SSL_CERT_FILE  = ca-bundle;
-  };
 
   environment.systemPackages = with pkgs; [
       jq
       git
-      get
       gnumake
       rxvt_unicode.terminfo
       htop
   ];
 
-  programs.bash = {
+  programs.bash.enableCompletion = true;
-    enableCompletion = true;
-    interactiveShellInit = ''
-      HISTCONTROL='erasedups:ignorespace'
-      HISTSIZE=900001
-      HISTFILESIZE=$HISTSIZE
-
-      PYTHONSTARTUP="~/.pythonrc";
-
-      shopt -s checkhash
-      shopt -s histappend histreedit histverify
-      shopt -s no_empty_cmd_completion
-      '';
-
-    promptInit = ''
-      case $UID in
-         0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;;
-      9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;;
-         *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;;
-      esac
-      if test -n "$SSH_CLIENT"; then
-        PS1='\[\033[35m\]\h'" $PS1"
-      fi
-      '';
-  };
 
   environment.shellAliases = {
     # TODO: see .aliases
@@ -126,12 +72,6 @@ with import <stockholm/lib>;
     tinc = pkgs.tinc_pre;
   };
 
-   networking.timeServers = [
-    "pool.ntp.org"
-    "time.windows.com"
-    "time.apple.com"
-    "time.nist.gov"
-  ];
 
   nix.extraOptions = ''
     auto-optimise-store = true
@@ -145,26 +85,5 @@ with import <stockholm/lib>;
     SystemMaxUse=1G
     RuntimeMaxUse=128M
     '';
-  # Enable IPv6 Privacy Extensions
-  boot.kernel.sysctl = {
-    "net.ipv6.conf.all.use_tempaddr" = 2;
-    "net.ipv6.conf.default.use_tempaddr" = 2;
-  };
 
-  i18n = {
-    consoleKeyMap = "us";
-    defaultLocale = "en_US.UTF-8";
-  };
-  # suppress chrome autit event messages
-  security.audit = {
-      rules = [
-        "-a task,never"
-      ];
-    };
-  system.activationScripts.state =  optionalString (config.state != []) ''
-    cat << EOF
-    This machine is burdened with state:
-    ${concatMapStringsSep "\n" (d: "* ${d}") config.state}
-    EOF
-  '';
 }

makefu/2configs/home-manager/cli.nix

@@ -0,0 +1,12 @@
+{
+  home-manager.users.makefu = {
+    services.gpg-agent = {
+      defaultCacheTtl = 900;
+      maxCacheTtl = 7200;
+      defaultCacheTtlSsh = 3600;
+      maxCacheTtlSsh = 86400;
+      enableSshSupport = true;
+    };
+    programs.fzf.enable = true; # alt-c
+  };
+}

makefu/2configs/home-manager/default.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+    <home-manager/nixos>
+  ];
+  home-manager.users.makefu = {
+  };
+}

makefu/2configs/home-manager/desktop.nix

@@ -0,0 +1,31 @@
+{pkgs, ... }: {
+  home-manager.users.makefu = {
+    programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
+    services.network-manager-applet.enable = true;
+    services.blueman-applet.enable = true;
+    services.pasystray.enable = true;
+
+  systemd.user.services.network-manager-applet.Service.Environment = ''
+        XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
+      '';
+  systemd.user.services.clipit = {
+    Unit = {
+      Description = "clipboard manager";
+      After = [ "graphical-session-pre.target" ];
+      PartOf = [ "graphical-session.target" ];
+    };
+
+    Install = {
+      WantedBy = [ "graphical-session.target" ];
+    };
+
+    Service = {
+      Environment = ''
+        XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
+      '';
+      ExecStart = "${pkgs.clipit}/bin/clipit";
+      Restart = "on-abort";
+    };
+  };
+  };
+}

makefu/2configs/home-manager/mail.nix

@@ -0,0 +1,46 @@
+{
+  home-manager.users.makefu = {
+    accounts.email.accounts.syntaxfehler = {
+      address = "felix.richter@syntax-fehler.de";
+      userName = "Felix.Richter@syntax-fehler.de";
+      imap = {
+        host = "syntax-fehler.de";
+        tls = {
+          enable = true;
+        };
+      };
+      smtp = {
+        host = "syntax-fehler.de";
+        tls = {
+          enable = true;
+        };
+      };
+      msmtp.enable = true;
+      notmuch.enable = true;
+      offlineimap = {
+        enable = true;
+        postSyncHookCommand = "notmuch new";
+        extraConfig.remote = {
+          holdconnectionopen = true;
+          idlefolders = "['INBOX']";
+        };
+      };
+      primary = true;
+      realName = "Felix Richter";
+      passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg";
+    };
+    programs.offlineimap.enable = true;
+    programs.offlineimap.extraConfig = {
+      mbnames = {
+        filename = "~/.mutt/muttrc.mailboxes";
+        header = "'mailboxes '";
+        peritem = "'+%(accountname)s/%(foldername)s'";
+        sep = "' '";
+        footer = "'\\n'";
+      };
+      general = {
+        ui = "TTY.TTYUI";
+      };
+    };
+  };
+}

makefu/2configs/minimal.nix

@@ -0,0 +1,88 @@
+{ lib, pkgs, config, ... }:
+# minimal subset of sane configuration for stockholm
+{
+  # nobody needs this
+  programs.command-not-found.enable = false;
+
+  # the only true timezone (even after the the removal of DST)
+  time.timeZone = "Europe/Berlin";
+
+  networking.hostName = config.krebs.build.host.name;
+  nix.buildCores = config.krebs.build.host.cores;
+
+  # we use gpg if necessary (or nothing at all)
+  programs.ssh.startAgent = false;
+
+  # all boxes look the same
+  nix.useSandbox = true;
+  # we configure users via nix
+  users.mutableUsers = false;
+
+  # sane firewalling
+  networking.firewall.rejectPackets = true;
+  networking.firewall.allowPing = true;
+
+  # openssh all the way down
+  services.openssh.enable = true;
+
+  # we use stockholm via populate
+  nix.nixPath = [ "/var/src" ];
+
+  environment.variables = let
+    ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+  in {
+    NIX_PATH = lib.mkForce "/var/src";
+    EDITOR = lib.mkForce "vim";
+    CURL_CA_BUNDLE = ca-bundle;
+    GIT_SSL_CAINFO = ca-bundle;
+    SSL_CERT_FILE  = ca-bundle;
+  };
+
+  programs.bash = {
+    interactiveShellInit = ''
+      HISTCONTROL='erasedups:ignorespace'
+      HISTSIZE=900001
+      HISTFILESIZE=$HISTSIZE
+
+      shopt -s checkhash
+      shopt -s histappend histreedit histverify
+      shopt -s no_empty_cmd_completion
+      '';
+
+    promptInit = ''
+      case $UID in
+         0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;;
+      9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;;
+         *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;;
+      esac
+      if test -n "$SSH_CLIENT"; then
+        PS1='\[\033[35m\]\h'" $PS1"
+      fi
+      '';
+  };
+
+  # trust the cool guys
+  networking.timeServers = [
+    "pool.ntp.org"
+    "time.nist.gov"
+  ];
+
+  # the only locale you will ever need
+  i18n = {
+    consoleKeyMap = "us";
+    defaultLocale = "en_US.UTF-8";
+  };
+
+  # suppress chrome autit event messages
+  security.audit = {
+    rules = [
+      "-a task,never"
+    ];
+  };
+
+  # Enable IPv6 Privacy Extensions
+  boot.kernel.sysctl = {
+    "net.ipv6.conf.all.use_tempaddr" = 2;
+    "net.ipv6.conf.default.use_tempaddr" = 2;
+  };
+}

makefu/3modules/default.nix

@@ -2,17 +2,17 @@ _:
 
 {
   imports = [
-    ./state.nix
-    ./populate.nix
     ./awesome-extra.nix
     ./deluge.nix
     ./forward-journal.nix
     ./opentracker.nix
     ./ps3netsrv.nix
     ./logging-config.nix
+    ./populate.nix
     ./sane-extra.nix
     ./server-config.nix
     ./snapraid.nix
+    ./state.nix
     ./torrent.nix
     ./udpt.nix
   ];

makefu/3modules/state.nix

@@ -6,4 +6,11 @@
     description = "state which is currently scattered on the machine";
     default = [];
   };
+
+  config.system.activationScripts.state =  lib.optionalString (config.state != []) ''
+    cat << EOF
+    This machine is burdened with state:
+    ${lib.concatMapStringsSep "\n" (d: "* ${d}") config.state}
+    EOF
+  '';
 }

makefu/5pkgs/4nxci/default.nix

@@ -0,0 +1,52 @@
+{ stdenv, lib, fetchFromGitHub, mbedtls, python2 }:
+let
+  
+  mymbedtls = lib.overrideDerivation mbedtls (old: rec {
+    name = "mbedtls-${version}";
+    version = "2.13.0";
+    src = fetchFromGitHub {
+      owner = "ARMmbed";
+      repo = "mbedtls";
+      rev = name;
+      sha256 = "1257kp7yxkwwbx5v14kmrmgk1f9zagiddg5alm4wbj0pmgbrm14j";
+    };
+    buildInputs = old.buildInputs ++ [ python2 ];
+    postConfigure = ''
+      perl scripts/config.pl set MBEDTLS_CMAC_C
+    '';
+    doCheck = false;
+
+  });
+in stdenv.mkDerivation rec {
+  name = "4nxci-${version}";
+  version = "1.30";
+
+  src = fetchFromGitHub {
+    owner = "The-4n";
+    repo = "4NXCI";
+    rev = "v${version}";
+    sha256 = "0nrd19z88iahxcdx468lzgxlvkl65smwx8f9s19431cszyhvpxyh";
+  };
+
+  buildPhase = ''
+    cp config.mk.template config.mk
+    sed -i 's#\(INCLUDE =\).*#\1${mymbedtls}/include#' Makefile
+    sed -i 's#\(LIBDIR =\).*#\1${mymbedtls}/lib#' Makefile
+    make 4nxci
+  '';
+
+  installPhase = ''
+    install -m755 -D 4nxci $out/bin/4nxci
+  '';
+
+  #preInstall = ''
+  #  mkdir -p $out/bin
+  #'';
+
+  buildInputs = [ mymbedtls ];
+
+  meta = {
+    description = "convert xci to nsp";
+    license = lib.licenses.isc;
+  };
+}

makefu/5pkgs/pavumeter/default.nix

@@ -0,0 +1,30 @@
+{ lib, stdenv,  fetchurl, libusb, libtool, autoconf, pkgconfig, git,
+gettext, automake, libxml2 
+, autoreconfHook
+, lynx
+, gtkmm2
+, libpulseaudio
+, gnome2
+, libsigcxx
+}:
+stdenv.mkDerivation rec {
+  pname = "pavumeter";
+  name = "${pname}-${version}";
+  version = "0.9.3";
+
+  src = fetchurl {
+    url = "http://0pointer.de/lennart/projects/${pname}/${name}.tar.gz";
+    sha256 = "0yq67w8j8l1xsv8pp37bylax22npd6msbavr6pb25yvyq825i3gx";
+  };
+
+  buildInputs = [ gtkmm2 libpulseaudio gnome2.gnome_icon_theme ];
+  nativeBuildInputs = [ pkgconfig autoreconfHook lynx ];
+
+  meta = {
+    description = "PulseAudio volumene meter";
+    homepage = http://0pointer.de/lennart/projects/pavumeter;
+    license = stdenv.lib.licenses.gpl2;
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = with stdenv.lib.maintainers; [ makefu ];
+  };
+}

makefu/krops.nix

@@ -1,8 +1,5 @@
 { config ? config, name, target ? name }: let
-  krops = builtins.fetchGit {
+  krops = ../submodules/krops;
-    url = https://cgit.krebsco.de/krops/;
-    rev = "4e466eaf05861b47365c5ef46a31a188b70f3615";
-  };
   nixpkgs-src = lib.importJSON ./nixpkgs.json;
 
   lib = import "${krops}/lib";
@@ -20,12 +17,11 @@
     nms = false;
     arm6 = false;
     clever_kexec = false;
+    home-manager = false;
   } // import (./. + "/1systems/${name}/source.nix");
   source = { test }: lib.evalSource [
     {
-      # nixos-18.03 @ 2018-08-06
+      # nixos-18.09 @ 2018-09-18
-      # + do_sqlite3 ruby:   55a952be5b5
-      # + exfat-nofuse bump: ee6a5296a35
       # + uhub/sqlite: 5dd7610401747
       nixpkgs = if test || host-src.full then {
         git.ref = nixpkgs-src.rev;
@@ -70,6 +66,12 @@
         ref = "30fdd53";
       };
     })
+    (lib.mkIf ( host-src.home-manager ) {
+      home-manager.git = {
+        url = https://github.com/rycee/home-manager;
+        ref = "6eea2a4";
+      };
+    })
   ];
 
 in {
@@ -81,6 +83,7 @@ in {
 
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
   test = { target ? target }: pkgs.krops.writeTest "${name}-test" {
+    force = true;
     inherit target;
     source = source { test = true; };
   };

nin/2configs/games.nix

@@ -57,7 +57,6 @@ let
 
 in {
   environment.systemPackages = with pkgs; [
-    dwarf_fortress
     doom1
     doom2
     vdoom1

nin/krops.nix

@@ -29,6 +29,7 @@ in {
 
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
   test = { target }: pkgs.krops.writeTest "${name}-test" {
+    force = true;
     inherit target;
     source = source { test = true; };
   };

submodules/krops

@@ -0,0 +1 @@
+Subproject commit e2b29654251367545700154ffbac806705dd04c0

tv/2configs/xserver/default.nix

@@ -45,8 +45,8 @@ in {
     displayManager.job.execCmd = mkForce "derp";
 
     enable = true;
-    display = 11;
+    display = mkForce 11;
-    tty = 11;
+    tty = mkForce 11;
 
     synaptics = {
       enable = true;

tv/krops.nix

@@ -16,6 +16,7 @@
 
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
   test = { target }: pkgs.krops.writeTest "tv-krops-${name}-ci" {
+    force = true;
     inherit source target;
   };