Merge remote-tracking branch 'prism/master'

2016-06-23 17:04:07 +02:00 · 2016-06-23 17:04:07 +02:00 · 271a59b1d6
commit 271a59b1d6
parent d5e0dcccd0 a8dcedbb99
21 changed files with 681 additions and 237 deletions
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@ -108,36 +108,17 @@ with config.krebs.lib;
      ssh.privkey.path = <secrets/ssh.id_rsa>;
      ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
    };
-    fastpoke = {
+    domsen-nas = {
      nets = rec {
        internet = {
          ip4.addr = "193.22.164.36";
          aliases = [
-            "fastpoke.internet"
+            "domsen-nas.internet"
          ];
-        };
+          ip4.addr = "87.138.180.167";
-        retiolum = {
+          ssh.port = 2223;
          via = internet;
          ip4.addr = "10.243.253.152";
          ip6.addr = "42:422a:194f:ff3b:e196:2f82:5cf5:bc00";
          aliases = [
            "fastpoke.retiolum"
            "fastpoke.r"
            "cgit.fastpoke.retiolum"
          ];
          tinc.pubkey = ''
            -----BEGIN RSA PUBLIC KEY-----
            MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq
            DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O
            FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ
            ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB
            EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy
            rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB
            -----END RSA PUBLIC KEY-----
          '';
        };
      };
-      ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b";
+      ssh.pubkey = "ssh-dss AAAAB3NzaC1kc3MAAAEBAPH5Hcrc2QzIi7KQLf17N+aUuFfwb7uKxuojzmO3kyb3nMdn3s+rfTCJLWTJeHCeKb6yMpDF1XGXZwVN+omWV8CsA9tivOHYzZws3b0QB/JENjYmhHbNkKijm6EWXSyvsJ2RuFj0PC8+cv77ZFx7VTnrwZk6Excv7v51j+qo5BejLL1ZybISld/n3kQWE+GJqBYJ9zp/25XEl7macH02o58lRhfqygunDlKm4yiq34pfkA7FS4eHNzcXGvmtQlAHeDts1APbKq8OAoYoyCo0gjK9nbAwbfm0yqM51+eIo3H6xLWjSBdMI9guqndNJWps9PpKHa3bvM1xFB3vfoQZ6m8AAAAVAKf8ZCwMgP4ZpqwwNw4vIn1AuLnfAAABAQCVfUrpUWFvf/TXPucJde4CuAmtoMOrjpepAiXK7N9dwGyq/PbVxr4tnJ/RTyNGOFmBroc6/n0MnxR0qmkQPJNtM/Yz+kk+BCgwsyu2uenVOIX/eJFuQPQYiUdktTcgAyChMp99WF4yfKKgv1CDdMkpFi8xgBEN03s1sOKCRNwJ5rlpTNqh9LatuRyzWOIjNd7atkEYIQK92idJgqSmleo+UhJFfoOGjYlRbsnRVbvfqh7GVd7SSydhKhdb2eZjj2J8eMBwHNl1FLtqt02cnFW3FQDdXPbYYakN25z3F3sex/CPuBGJ0HRGq+y/Ynj/m99TPq9vLkzSUQPR4MmQ5feoAAABAG5L9ffMc/8T9dTeF7FEPlS54ka73M+pNY/5ehMykrrS9CVjFmvpeclnxkBpvjt3G5IlvkSsjUEE6kMk7mW9EV+USL0TTU/LavxXD8fLCSiIwResfLDRxjixjxVI1ouZeKNQ6B3tPOWOEIKR5nPlc7iy435nS77/NM3yBFH0KGdepr+3ZmdgWAjDLKjQhNyCz4Joc1IH1Vf5Ccvb6rsaJ91ajiq29iI2ZpLXXIQsS1ZYzO1Gr9xBTNgmzEmeLqFMcxDSJ+rLMF4VDjRdL2zz5BSmv/Ffj2nICMgv/gj3zzuk7zcMpnbvGyA3W8VWb6IjJDvww4rJ21Q2gHBC5XCohJs=";
    };
    cloudkrebs = {
      cores = 1;
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@ -26,11 +26,10 @@
    ../2configs/teamviewer.nix
    ../2configs/libvirt.nix
    ../2configs/fetchWallpaper.nix
-    ../2configs/cbase.nix
+    ../2configs/c-base.nix
    ../2configs/mail.nix
    ../2configs/krebs-pass.nix
    ../2configs/umts.nix
    #../2configs/buildbot-standalone.nix
    {
      #risk of rain port
      krebs.iptables.tables.filter.INPUT.rules = [
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@ -8,7 +8,13 @@ in {
    #./urxvt.nix
    ./xserver
    ./mpv.nix
    #./pulse.nix
    ./power-action.nix
  ];
  hardware.pulseaudio = {
    enable = true;
    systemWide = true;
  };
  users.extraUsers.mainUser.extraGroups = [ "audio" ];
@ -16,11 +22,6 @@ in {
  virtualisation.libvirtd.enable = true;
  hardware.pulseaudio = {
    enable = true;
    systemWide = true;
  };
  programs.ssh.startAgent = false;
  security.setuidPrograms = [ "slock" ];
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@ -1,6 +1,14 @@
 { lib, config, pkgs, ... }:
-{
+
-  krebs.buildbot.master = let
+with config.krebs.lib;
 let
  sshWrapper = pkgs.writeDash "ssh-wrapper" ''
    ${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@"
  '';
 in {
  config.krebs.buildbot.master = let
    stockholm-mirror-url = http://cgit.prism/stockholm ;
  in {
    slaves = {
@ -44,11 +52,15 @@
      grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
      # TODO: get nixpkgs/stockholm paths from krebs
-      env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true"}
+      env = {
        "LOGNAME": "lass",
        "NIX_REMOTE": "daemon",
        "dummy_secrets": "true",
      }
      # prepare nix-shell
      # the dependencies which are used by the test script
-      deps = [ "gnumake", "jq", "nix", "rsync" ]
+      deps = [ "gnumake", "jq", "nix", "rsync", "proot" ]
      # TODO: --pure , prepare ENV in nix-shell command:
      #                   SSL_CERT_FILE,LOGNAME,NIX_REMOTE
      nixshell = ["nix-shell",
@ -68,12 +80,12 @@
        for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
          addShell(f,name="build-{}".format(i),env=env,
                  command=nixshell + \
-                      ["nix-build \
+                      ["make \
-                            --show-trace --no-out-link \
+                            test \
-                            -I nixos-config=./lass/1systems/{}.nix \
+                            ssh=${sshWrapper} \
-                            -I secrets=./lass/2configs/tests/dummy-secrets \
+                            target=build@localhost:${config.users.users.build.home}/testbuild \
-                            -I stockholm=. \
+                            method=build \
-                            -A config.system.build.toplevel".format(i)])
+                            system={}".format(i)])
        bu.append(util.BuilderConfig(name="build-all",
              slavenames=slavenames,
@ -115,7 +127,7 @@
    };
  };
-  krebs.buildbot.slave = {
+  config.krebs.buildbot.slave = {
    enable = true;
    masterhost = "localhost";
    username = "testslave";
@ -125,7 +137,7 @@
      NIX_PATH="nixpkgs=/var/src/nixpkgs";
    };
  };
-  krebs.iptables = {
+  config.krebs.iptables = {
    tables = {
      filter.INPUT.rules = [
        { predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
@ -133,4 +145,29 @@
      ];
    };
  };
  #ssh workaround for make test
  options.lass.build-ssh-privkey = mkOption {
    type = types.secret-file;
    default = {
      path = "${config.users.users.buildbotSlave.home}/ssh.privkey";
      owner = { inherit (config.users.users.buildbotSlave ) name uid;};
      source-path = toString <secrets> + "/build.ssh.key";
    };
  };
  config.krebs.secret.files = {
    build-ssh-privkey = config.lass.build-ssh-privkey;
  };
  config.users.users = {
    build = {
      name = "build";
      uid = genid "build";
      home = "/home/build";
      useDefaultShell = true;
      createHome = true;
      openssh.authorizedKeys.keys = [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP lass@mors"
      ];
    };
  };
 }
--- a/lass/2configs/c-base.nix
+++ b/lass/2configs/c-base.nix
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@ -59,12 +59,13 @@ with config.krebs.lib;
      user = config.krebs.users.lass;
      source = mapAttrs (_: mkDefault) ({
        nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix";
-        secrets =
+        secrets = if getEnv "dummy_secrets" == "true"
        if getEnv "dummy_secrets" == "true"
          then toString <stockholm/lass/2configs/tests/dummy-secrets>
          else "/home/lass/secrets/${config.krebs.build.host.name}";
        #secrets-common = "/home/lass/secrets/common";
-        stockholm = "/home/lass/stockholm";
+        stockholm = if getEnv "dummy_secrets" == "true"
          then "/var/lib/buildbot/slave/build-all/build"
          else "/home/lass/stockholm";
      } // optionalAttrs config.krebs.build.host.secure {
        #secrets-master = "/home/lass/secrets/master";
      });
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@ -29,6 +29,7 @@ with config.krebs.lib;
      { from = "finanzamt@lassul.us"; to = lass.mail; }
      { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
      { from = "netzclub@lassul.us"; to = lass.mail; }
      { from = "nebenan@lassul.us"; to = lass.mail; }
    ];
    system-aliases = [
      { from = "mailer-daemon"; to = "postmaster"; }
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@ -10,8 +10,9 @@ let
    account default: prism
  '';
-  msmtp = pkgs.writeDashBin "msmtp" ''
+  msmtp = pkgs.writeBashBin "msmtp" ''
-    exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
+    ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \
      ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@
  '';
  muttrc = pkgs.writeText "muttrc" ''
@ -42,7 +43,7 @@ let
    set nm_record = yes
    set nm_record_tags = "-inbox me archive"
    set virtual_spoolfile=yes                    # enable virtual folders
-    set sendmail="msmtp"                         # enables parsing of outgoing mail
+    set sendmail="${msmtp}/bin/msmtp"                         # enables parsing of outgoing mail
    set use_from=yes
    set envelope_from=yes
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@ -3,6 +3,6 @@
 {
  krebs.build.source.nixpkgs = {
      url = https://github.com/lassulus/nixpkgs;
-      rev = "f215f9e91e07473e61c9302aaa312c7350e98f0e";
+      rev = "7d932301fe1d98a1ef1872a7124e8809279def74";
    };
 }
--- a/lass/2configs/power-action.nix
+++ b/lass/2configs/power-action.nix
@ -0,0 +1,41 @@
 { config, pkgs, ... }:
 let
  suspend = pkgs.writeDash "suspend" ''
    ${pkgs.systemd}/bin/systemctl suspend
  '';
  speak = text:
    pkgs.writeDash "speak" ''
      ${pkgs.espeak}/bin/espeak -v +whisper -s 110 "${text}"
    '';
 in {
  lass.power-action = {
    enable = true;
    plans.low-battery = {
      upperLimit = 30;
      lowerLimit = 25;
      charging = false;
      action = pkgs.writeDash "warn-low-battery" ''
        ${speak "power level low"}
      '';
    };
    plans.suspend = {
      upperLimit = 10;
      lowerLimit = 0;
      charging = false;
      action = pkgs.writeDash "suspend-wrapper" ''
        /var/setuid-wrappers/sudo ${suspend}
      '';
    };
  };
  users.users.power-action.extraGroups = [
    "audio"
  ];
  security.sudo.extraConfig = ''
    ${config.lass.power-action.user.name} ALL= (root) NOPASSWD: ${suspend}
  '';
 }
--- a/lass/2configs/pulse.nix
+++ b/lass/2configs/pulse.nix
@ -0,0 +1,96 @@
 { config, lib, pkgs, ... }:
 with config.krebs.lib;
 let
  pkg = pkgs.pulseaudioLight;
  runDir = "/run/pulse";
  alsaConf = pkgs.writeText "asound.conf" ''
    ctl_type.pulse {
      libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_ctl_pulse.so;
    }
    pcm_type.pulse {
      libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_pcm_pulse.so;
    }
    ctl.!default {
      type pulse
    }
    pcm.!default {
      type pulse
    }
  '';
  clientConf = pkgs.writeText "client.conf" ''
    autospawn=no
    default-server = unix:${runDir}/socket
  '';
  daemonConf = pkgs.writeText "daemon.conf" ''
    exit-idle-time=0
    flat-volumes = no
    default-fragments = 4
    default-fragment-size-msec = 25
  '';
  configFile = pkgs.writeText "default.pa" ''
    .include ${pkg}/etc/pulse/default.pa
    load-module ${toString [
      "module-native-protocol-unix"
      "auth-anonymous=1"
      "socket=${runDir}/socket"
    ]}
  '';
 in
 {
  environment = {
    etc = {
      "asound.conf".source = alsaConf;
      # XXX mkForce is not strong enough (and neither is mkOverride) to create
      # /etc/pulse/client.conf, see pulseaudio-hack below for a solution.
      #"pulse/client.conf" = mkForce { source = clientConf; };
      #"pulse/client.conf".source = mkForce clientConf;
      "pulse/default.pa".source = configFile;
      "pulse/daemon.pa".source = daemonConf;
    };
    systemPackages = [
      pkg
    ] ++ optionals config.services.xserver.enable [
      pkgs.pavucontrol
    ];
  };
  # Allow PulseAudio to get realtime priority using rtkit.
  security.rtkit.enable = true;
  system.activationScripts.pulseaudio-hack = ''
    ln -fns ${clientConf} /etc/pulse/client.conf
  '';
  systemd.services.pulse = {
    wantedBy = [ "sound.target" ];
    before = [ "sound.target" ];
    environment = {
      PULSE_RUNTIME_PATH = "${runDir}/home";
    };
    serviceConfig = {
      ExecStart = "${pkg}/bin/pulseaudio";
      ExecStartPre = pkgs.writeDash "pulse-start" ''
        install -o pulse -g audio -m 0750 -d ${runDir}
        install -o pulse -g audio -m 0700 -d ${runDir}/home
      '';
      PermissionsStartOnly = "true";
      User = "pulse";
    };
  };
  users = {
    groups.pulse.gid = config.users.users.pulse.uid;
    users.pulse = {
      uid = genid "pulse";
      group = "pulse";
      extraGroups = [ "audio" ];
      home = "${runDir}/home";
    };
  };
 }
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@ -54,10 +54,6 @@ in {
    mpc_cli
  ];
  security.sudo.extraConfig = ''
    ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
  '';
  services.mpd = {
    enable = true;
    group = "radio";
@ -66,7 +62,7 @@ in {
      audio_output {
          type        "shout"
          encoding    "ogg"
-          name        "my cool stream"
+          name        "the_playlist"
          host        "localhost"
          port        "8000"
          mount       "/radio.ogg"
@ -83,7 +79,7 @@ in {
      # Optional Parameters
          user        "source"
      #   description "here is my long description"
-      #   genre       "jazz"
+         genre       "good music"
      } # end of audio_output
    '';
@ -138,7 +134,7 @@ in {
    restartIfChanged = true;
    serviceConfig = {
-      ExecStart = "${autoAdd} 100";
+      ExecStart = "${autoAdd} 150";
    };
  };
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@ -1,158 +1,351 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 with config.krebs.lib;
 let
-  customPlugins = {
+  out = {
-    mustang2 = pkgs.vimUtils.buildVimPlugin {
+    environment.systemPackages = [
-      name = "Mustang2";
+      vim
-      src = pkgs.fetchFromGitHub {
+    ];
-        owner = "croaker";
+
-        repo = "mustang-vim";
+    environment.etc.vimrc.source = vimrc;
-        rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5";
+
-        sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67";
+    environment.variables.EDITOR = mkForce "vim";
-      };
+    environment.variables.VIMINIT = ":so /etc/vimrc";
    };
    unimpaired = pkgs.vimUtils.buildVimPlugin {
      name = "unimpaired-vim";
      src = pkgs.fetchFromGitHub {
        owner = "tpope";
        repo = "vim-unimpaired";
        rev = "11dc568dbfd7a56866a4354c737515769f08e9fe";
        sha256 = "1an941j5ckas8l3vkfhchdzjwcray16229rhv3a1d4pbxifwshi8";
      };
    };
    brogrammer = pkgs.vimUtils.buildVimPlugin {
      name = "brogrammer";
      src = pkgs.fetchFromGitHub {
        owner = "marciomazza";
        repo = "vim-brogrammer-theme";
        rev = "3e412d8e8909d8d89eb5a4cbe955b5bc0833a3c3";
        sha256 = "0am1qk8ls74z5ipgf9viacayq08y9i9vd7sxxiivwgsjh2ancbv6";
      };
    };
    file-line = pkgs.vimUtils.buildVimPlugin {
      name = "file-line";
      src = pkgs.fetchFromGitHub {
        owner = "bogado";
        repo = "file-line";
        rev = "f9ffa1879ad84ce4a386110446f395bc1795b72a";
        sha256 = "173n47w9zd01rcyrrmm194v79xq7d1ggzr19n1lsxrqfgr2c1rvk";
      };
    };
  };
-in {
+  extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
-
+    pkgs.vimPlugins.Gundo
-  environment.systemPackages = [
+    pkgs.vimPlugins.Syntastic
-    (pkgs.vim_configurable.customize {
+    pkgs.vimPlugins.undotree
-      name = "vim";
+    (pkgs.vimUtils.buildVimPlugin {
-
+      name = "file-line-1.0";
-    vimrcConfig.customRC = ''
+      src = pkgs.fetchgit {
-      set nocompatible
+        url = git://github.com/bogado/file-line;
-      set t_Co=16
+        rev = "refs/tags/1.0";
-      syntax on
+        sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
-      " TODO autoload colorscheme file
+      };
      set background=dark
      colorscheme brogrammer
      filetype off
      filetype plugin indent on
      imap <F1> <nop>
      set mouse=a
      set ruler
      set showmatch
      set backspace=2
      set visualbell
      set encoding=utf8
      set showcmd
      set wildmenu
      set title
      set titleold=
      set titlestring=%t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
      set autoindent
      set ttyfast
      set pastetoggle=<INS>
      " Force Saving Files that Require Root Permission
      command! W silent w !sudo tee "%" >/dev/null
      nnoremap <C-c> :q<Return>
      vnoremap < <gv
      vnoremap > >gv
      nmap <esc>q :buffer
      "Tabwidth
      set ts=2 sts=2 sw=2 et
      " create Backup/tmp/undo dirs
      function! InitBackupDir()
        let l:parent = $HOME . '/.vim/'
        let l:backup = l:parent . 'backups/'
        let l:tmpdir = l:parent . 'tmp/'
        let l:undodi = l:parent . 'undo/'
        if !isdirectory(l:parent)
          call mkdir(l:parent)
        endif
        if !isdirectory(l:backup)
          call mkdir(l:backup)
        endif
        if !isdirectory(l:tmpdir)
          call mkdir(l:tmpdir)
        endif
        if !isdirectory(l:undodi)
          call mkdir(l:undodi)
        endif
      endfunction
      call InitBackupDir()
      " Backups & Files
      set backup
      set backupdir=~/.vim/backups
      set directory=~/.vim/tmp//
      set viminfo='20,<1000,s100,h,n~/.vim/tmp/info
      set undodir=$HOME/.vim/undo
      set undofile
      " highlight whitespaces
      highlight ExtraWhitespace ctermbg=red guibg=red
      match ExtraWhitespace /\s\+$/
      autocmd BufWinEnter * match ExtraWhitespace /\s\+$/
      autocmd InsertEnter * match ExtraWhitespace /\s\+\%#\@<!$/
      autocmd InsertLeave * match ExtraWhitespace /\s\+$/
      autocmd BufWinLeave * call clearmatches()
      "ft specific stuff
      autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et
      autocmd BufRead *.hs set ts=4 sts=4 sw=4 et
      "esc timeout
      set timeoutlen=1000 ttimeoutlen=0
      "foldfunctions
      inoremap <F9> <C-O>za
      nnoremap <F9> za
      onoremap <F9> <C-C>za
      vnoremap <F9> zf
    '';
      vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
      vimrcConfig.vam.pluginDictionaries = [
        { names = [
          "brogrammer"
          "file-line"
          "Gundo"
        ]; }
        { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
      ];
    })
    ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
      name = "hack";
    in {
      name = "vim-color-${name}-1.0.2";
      destination = "/colors/${name}.vim";
      text = /* vim */ ''
        set background=dark
        hi clear
        if exists("syntax_on")
          syntax clear
        endif
        let colors_name = ${toJSON name}
        hi Normal       ctermbg=235
        hi Comment      ctermfg=242
        hi Constant     ctermfg=062
        hi Identifier   ctermfg=068
        hi Function     ctermfg=041
        hi Statement    ctermfg=167
        hi PreProc      ctermfg=167
        hi Type         ctermfg=041
        hi Delimiter    ctermfg=251
        hi Special      ctermfg=062
        hi Garbage      ctermbg=088
        hi TabStop      ctermbg=016
        hi Todo         ctermfg=174 ctermbg=NONE
        hi NixCode      ctermfg=148
        hi NixData      ctermfg=149
        hi NixQuote     ctermfg=150
        hi diffNewFile  ctermfg=207
        hi diffFile     ctermfg=207
        hi diffLine     ctermfg=207
        hi diffSubname  ctermfg=207
        hi diffAdded    ctermfg=010
        hi diffRemoved  ctermfg=009
      '';
    })))
    ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
      name = "vim";
    in {
      name = "vim-syntax-${name}-1.0.0";
      destination = "/syntax/${name}.vim";
      text = /* vim */ ''
        ${concatMapStringsSep "\n" (s: /* vim */ ''
          syn keyword vimColor${s} ${s}
            \ containedin=ALLBUT,vimComment,vimLineComment
          hi vimColor${s} ctermfg=${s}
        '') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
      '';
    })))
    ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
      name = "showsyntax";
    in {
      name = "vim-plugin-${name}-1.0.0";
      destination = "/plugin/${name}.vim";
      text = /* vim */ ''
        if exists('g:loaded_showsyntax')
          finish
        endif
        let g:loaded_showsyntax = 0
        fu! ShowSyntax()
          let id = synID(line("."), col("."), 1)
          let name = synIDattr(id, "name")
          let transName = synIDattr(synIDtrans(id),"name")
          if name != transName
            let name .= " (" . transName . ")"
          endif
          echo "Syntax: " . name
        endfu
        command! -n=0 -bar ShowSyntax :call ShowSyntax()
      '';
    })))
  ];
-}
+
  dirs = {
    backupdir = "$HOME/.cache/vim/backup";
    swapdir   = "$HOME/.cache/vim/swap";
    undodir   = "$HOME/.cache/vim/undo";
  };
  files = {
    viminfo   = "$HOME/.cache/vim/info";
  };
  mkdirs = let
    dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
               in assert out != ""; out;
    alldirs = attrValues dirs ++ map dirOf (attrValues files);
  in unique (sort lessThan alldirs);
  vim = pkgs.writeDashBin "vim" ''
    set -efu
    (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
    exec ${pkgs.neovim}/bin/nvim "$@"
  '';
  vimrc = pkgs.writeText "vimrc" ''
    set nocompatible
    set autoindent
    set backspace=indent,eol,start
    set backup
    set backupdir=${dirs.backupdir}/
    set directory=${dirs.swapdir}//
    set hlsearch
    set incsearch
    set mouse=a
    set noruler
    set pastetoggle=<INS>
    set runtimepath=${extra-runtimepath},$VIMRUNTIME
    set shortmess+=I
    set showcmd
    set showmatch
    set ttimeoutlen=0
    set undodir=${dirs.undodir}
    set undofile
    set undolevels=1000000
    set undoreload=1000000
    set viminfo='20,<1000,s100,h,n${files.viminfo}
    set visualbell
    set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
    set wildmenu
    set wildmode=longest,full
    set et ts=2 sts=2 sw=2
    filetype plugin indent on
    set t_Co=256
    colorscheme hack
    syntax on
    au Syntax * syn match Garbage containedin=ALL /\s\+$/
            \ | syn match TabStop containedin=ALL /\t\+/
            \ | syn keyword Todo containedin=ALL TODO
    au BufRead,BufNewFile *.hs so ${hs.vim}
    au BufRead,BufNewFile *.nix so ${nix.vim}
    au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
    "Syntastic config
    let g:syntastic_python_checkers=['flake8']
    nmap <esc>q :buffer
    nmap <M-q> :buffer
    cnoremap <C-A> <Home>
    noremap  <C-c> :q<cr>
    vnoremap < <gv
    vnoremap > >gv
    nnoremap <esc>[5^  :tabp<cr>
    nnoremap <esc>[6^  :tabn<cr>
    nnoremap <esc>[5@  :tabm -1<cr>
    nnoremap <esc>[6@  :tabm +1<cr>
    nnoremap <f1> :tabp<cr>
    nnoremap <f2> :tabn<cr>
    inoremap <f1> <esc>:tabp<cr>
    inoremap <f2> <esc>:tabn<cr>
    " <C-{Up,Down,Right,Left>
    noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
    noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
    noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
    noremap <esc>Od <nop> | noremap! <esc>Od <nop>
    " <[C]S-{Up,Down,Right,Left>
    noremap <esc>[a <nop> | noremap! <esc>[a <nop>
    noremap <esc>[b <nop> | noremap! <esc>[b <nop>
    noremap <esc>[c <nop> | noremap! <esc>[c <nop>
    noremap <esc>[d <nop> | noremap! <esc>[d <nop>
    vnoremap u <nop>
  '';
  hs.vim = pkgs.writeText "hs.vim" ''
    syn region String start=+\[[[:alnum:]]*|+ end=+|]+
    hi link ConId Identifier
    hi link VarId Identifier
    hi link hsDelimiter Delimiter
  '';
  nix.vim = pkgs.writeText "nix.vim" ''
    setf nix
    " Ref <nix/src/libexpr/lexer.l>
    syn match NixID    /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
    syn match NixINT   /\<[0-9]\+\>/
    syn match NixPATH  /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
    syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
    syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
    syn match NixURI   /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
    syn region NixSTRING
      \ matchgroup=NixSTRING
      \ start='"'
      \ skip='\\"'
      \ end='"'
    syn region NixIND_STRING
      \ matchgroup=NixIND_STRING
      \ start="'''"
      \ skip="'''\('\|[$]\|\\[nrt]\)"
      \ end="'''"
    syn match NixOther /[():/;=.,?\[\]]/
    syn match NixCommentMatch /\(^\|\s\)#.*/
    syn region NixCommentRegion start="/\*" end="\*/"
    hi link NixCode Statement
    hi link NixData Constant
    hi link NixComment Comment
    hi link NixCommentMatch NixComment
    hi link NixCommentRegion NixComment
    hi link NixID NixCode
    hi link NixINT NixData
    hi link NixPATH NixData
    hi link NixHPATH NixData
    hi link NixSPATH NixData
    hi link NixURI NixData
    hi link NixSTRING NixData
    hi link NixIND_STRING NixData
    hi link NixEnter NixCode
    hi link NixOther NixCode
    hi link NixQuote NixData
    syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
    syn cluster nix_ind_strings contains=NixIND_STRING
    syn cluster nix_strings contains=NixSTRING
    ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
      startAlts = filter isString [
        ''/\* ${lang} \*/''
        extraStart
      ];
      sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
    in /* vim */ ''
      syn include @nix_${lang}_syntax syntax/${lang}.vim
      unlet b:current_syntax
      syn match nix_${lang}_sigil
        \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
        \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
        \ transparent
      syn region nix_${lang}_region_STRING
        \ matchgroup=NixSTRING
        \ start='"'
        \ skip='\\"'
        \ end='"'
        \ contained
        \ contains=@nix_${lang}_syntax
        \ transparent
      syn region nix_${lang}_region_IND_STRING
        \ matchgroup=NixIND_STRING
        \ start="'''"
        \ skip="'''\('\|[$]\|\\[nrt]\)"
        \ end="'''"
        \ contained
        \ contains=@nix_${lang}_syntax
        \ transparent
      syn cluster nix_ind_strings
        \ add=nix_${lang}_region_IND_STRING
      syn cluster nix_strings
        \ add=nix_${lang}_region_STRING
      syn cluster nix_has_dollar_curly
        \ add=@nix_${lang}_syntax
    '') {
      c = {};
      cabal = {};
      haskell = {};
      sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
      vim.extraStart =
        ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
    })}
    " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
    syn clear shVarAssign
    syn region nixINSIDE_DOLLAR_CURLY
      \ matchgroup=NixEnter
      \ start="[$]{"
      \ end="}"
      \ contains=TOP
      \ containedin=@nix_has_dollar_curly
      \ transparent
    syn region nix_inside_curly
      \ matchgroup=NixEnter
      \ start="{"
      \ end="}"
      \ contains=TOP
      \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
      \ transparent
    syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
      \ containedin=@nix_ind_strings
      \ contained
    syn match NixQuote /\\./he=s+1
      \ containedin=@nix_strings
      \ contained
    syn sync fromstart
    let b:current_syntax = "nix"
    set isk=@,48-57,_,192-255,-,'
  '';
 in
 out
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@ -1,10 +1,10 @@
 { config, pkgs, lib, ... }:
 with lib;
 let
  inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
    genid
    head
    nameValuePair
  ;
  inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
    ssl
@ -58,6 +58,18 @@ in {
    "ttf_kleinaspach_de"
  ];
  #password protect some dirs
  krebs.nginx.servers."biostase.de".locations = [
    (nameValuePair "/old_biostase.de" ''
      auth_basic "Administrator Login";
      auth_basic_user_file /srv/http/biostase.de/old_biostase.de/.htpasswd;
    '')
    (nameValuePair "/mysqldumper" ''
      auth_basic "Administrator Login";
      auth_basic_user_file /srv/http/biostase.de/mysqldumper/.htpasswd;
    '')
  ];
  users.users.root.openssh.authorizedKeys.keys = [
    config.krebs.users.fritz.pubkey
  ];
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@ -4,6 +4,7 @@ _:
    ./ejabberd
    ./folderPerms.nix
    ./mysql-backup.nix
    ./power-action.nix
    ./urxvtd.nix
    ./wordpress_nginx.nix
    ./xresources.nix
--- a/lass/3modules/power-action.nix
+++ b/lass/3modules/power-action.nix
@ -0,0 +1,93 @@
 { config, lib, pkgs, ... }:
 with config.krebs.lib;
 let
  cfg = config.lass.power-action;
  out = {
    options.lass.power-action = api;
    config = lib.mkIf cfg.enable imp;
  };
  api = {
    enable = mkEnableOption "power-action";
    user = mkOption {
      type = types.user;
      default = {
        name = "power-action";
      };
    };
    startAt = mkOption {
      type = types.str;
      default = "*:0/1";
    };
    plans = mkOption {
      type = with types; attrsOf (submodule {
        options = {
          charging = mkOption {
            type = nullOr bool;
            default = null;
            description = ''
              check for charging status.
              null = don't care
              true = only if system is charging
              false = only if system is discharging
            '';
          };
          upperLimit = mkOption {
            type = int;
          };
          lowerLimit = mkOption {
            type = int;
          };
          action = mkOption {
            type = path;
          };
        };
      });
    };
  };
  imp = {
    systemd.services.power-action = {
      serviceConfig = rec {
        ExecStart = startScript;
        User = cfg.user.name;
      };
      startAt = cfg.startAt;
    };
    users.users.${cfg.user.name} = {
      inherit (cfg.user) name uid;
    };
  };
  startScript = pkgs.writeDash "power-action" ''
    set -euf
    power="$(${powerlvl})"
    state="$(${state})"
    ${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)}
  '';
  charging_check = plan:
    if (plan.charging == null) then "" else
      if plan.charging
        then ''&& [ "$state" = "true" ]''
        else ''&& ! [ "$state" = "true" ]''
    ;
  writeRule = _: plan:
    "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi";
  powerlvl = pkgs.writeDash "powerlvl" ''
    cat /sys/class/power_supply/BAT0/capacity
  '';
  state = pkgs.writeDash "state" ''
    if [ "$(cat /sys/class/power_supply/BAT0/status)" = "Charging" ]
      then echo "true"
      else echo "false"
    fi
  '';
 in out
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@ -13,9 +13,7 @@
    rs = pkgs.callPackage ./rs/default.nix {};
    untilport = pkgs.callPackage ./untilport/default.nix {};
    urban = pkgs.callPackage ./urban/default.nix {};
-    xmonad-lass =
+    xmonad-lass = import ./xmonad-lass.nix { inherit pkgs; };
      let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
      pkgs.haskellPackages.callPackage src {};
    yt-next = pkgs.callPackage ./yt-next/default.nix {};
  };
 }
--- a/lass/5pkgs/xmonad-lass/Main.hs
+++ b/lass/5pkgs/xmonad-lass/Main.hs
@ -1,3 +1,15 @@
 { pkgs, ... }:
 pkgs.writeHaskell "xmonad-lass" {
  executables.xmonad = {
    extra-depends = [
      "containers"
      "unix"
      "X11"
      "xmonad"
      "xmonad-contrib"
      "xmonad-stockholm"
    ];
    text = ''
 {-# LANGUAGE DeriveDataTypeable #-} -- for XS
 {-# LANGUAGE FlexibleContexts #-} -- for xmonad'
 {-# LANGUAGE LambdaCase #-}
@ -147,3 +159,8 @@ gridConfig = def
    , gs_navigate = navNSearch
    , gs_font = myFont
    }
    '';
  };
 }
--- a/lass/5pkgs/xmonad-lass/.gitignore
+++ b/lass/5pkgs/xmonad-lass/.gitignore
@ -1 +0,0 @@
 /shell.nix
--- a/lass/5pkgs/xmonad-lass/Makefile
+++ b/lass/5pkgs/xmonad-lass/Makefile
@ -1,6 +0,0 @@
 .PHONY: ghci
 ghci: shell.nix
 	nix-shell --command 'exec ghci -Wall'
 shell.nix: xmonad.cabal
 	cabal2nix --shell . > $@
--- a/lass/5pkgs/xmonad-lass/xmonad.cabal
+++ b/lass/5pkgs/xmonad-lass/xmonad.cabal
@ -1,17 +0,0 @@
 Author: lass
 Build-Type: Simple
 Cabal-Version: >= 1.2
 License: MIT
 Name: xmonad-lass
 Version: 0
 Executable xmonad
  Build-Depends:
    base,
    containers,
    unix,
    xmonad,
    xmonad-contrib,
    xmonad-stockholm
  GHC-Options: -Wall -O3 -threaded -rtsopts
  Main-Is: Main.hs