From 417cb0a8736780568f9fa67ff32b7d47040ba5e3 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 14 Jan 2016 15:45:41 +0100
Subject: [PATCH 1/8] tv pulse: lol tmpfiles

No combination of systemd options could be identified to automatically restart
systemd-tmpfiles-setup.service whenever pulse.service gets started, so
deploying systemd.services.pulse to a running system will leave pulse.service
in a failed state.
---
 tv/2configs/pulse.nix | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix
index 3db3532d5..c12c3c531 100644
--- a/tv/2configs/pulse.nix
+++ b/tv/2configs/pulse.nix
@@ -35,11 +35,6 @@ let
 in
 
 {
-  systemd.tmpfiles.rules = [
-    "d ${runDir} 0750 pulse pulse - -"
-    "d ${runDir}/home 0700 pulse pulse - -"
-  ];
-
   system.activationScripts.pulseaudio-hack = ''
     ln -fns ${clientConf} /etc/pulse/client.conf
   '';
@@ -65,6 +60,12 @@ in
     };
     serviceConfig = {
       ExecStart = "${pkg}/bin/pulseaudio";
+      ExecStartPre = pkgs.writeScript "pulse-start" ''
+        #! /bin/sh
+        install -o pulse -g pulse -m 0750 -d ${runDir}
+        install -o pulse -g pulse -m 0700 -d ${runDir}/home
+      '';
+      PermissionsStartOnly = "true";
       User = "pulse";
     };
   };

From 7c97b64549913863498c4dca214cd9a890a0d00c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 14 Jan 2016 15:48:16 +0100
Subject: [PATCH 2/8] tv pulse: explain pulseaudio-hack

---
 tv/2configs/pulse.nix | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix
index c12c3c531..55ee8d8e4 100644
--- a/tv/2configs/pulse.nix
+++ b/tv/2configs/pulse.nix
@@ -1,5 +1,6 @@
 { config, lib, pkgs, ... }:
 
+with lib;
 let
   pkg = pkgs.pulseaudioLight;
   runDir = "/run/pulse";
@@ -35,14 +36,13 @@ let
 in
 
 {
-  system.activationScripts.pulseaudio-hack = ''
-    ln -fns ${clientConf} /etc/pulse/client.conf
-  '';
-
   environment = {
     etc = {
       "asound.conf".source = alsaConf;
-      #"pulse/client.conf" = lib.mkForce { source = clientConf; };
+      # XXX mkForce is not strong enough (and neither is mkOverride) to create
+      # /etc/pulse/client.conf, see pulseaudio-hack below for a solution.
+      #"pulse/client.conf" = mkForce { source = clientConf; };
+      #"pulse/client.conf".source = mkForce clientConf;
       "pulse/default.pa".source = configFile;
     };
     systemPackages = [ pkg ];
@@ -51,12 +51,15 @@ in
   # Allow PulseAudio to get realtime priority using rtkit.
   security.rtkit.enable = true;
 
+  system.activationScripts.pulseaudio-hack = ''
+    ln -fns ${clientConf} /etc/pulse/client.conf
+  '';
+
   systemd.services.pulse = {
     wantedBy = [ "sound.target" ];
     before = [ "sound.target" ];
     environment = {
       PULSE_RUNTIME_PATH = "${runDir}/home";
-      #DISPLAY = ":${toString config.services.xserver.display}";
     };
     serviceConfig = {
       ExecStart = "${pkg}/bin/pulseaudio";

From f648c930fe2da2760b86c4bcf35b9e05803b8534 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 14 Jan 2016 15:51:41 +0100
Subject: [PATCH 3/8] tv: install pavucontrol only when xserver is enabled

---
 tv/2configs/pulse.nix           | 6 +++++-
 tv/2configs/xserver/default.nix | 1 -
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix
index 55ee8d8e4..e1894ca64 100644
--- a/tv/2configs/pulse.nix
+++ b/tv/2configs/pulse.nix
@@ -45,7 +45,11 @@ in
       #"pulse/client.conf".source = mkForce clientConf;
       "pulse/default.pa".source = configFile;
     };
-    systemPackages = [ pkg ];
+    systemPackages = [
+      pkg
+    ] ++ optionals config.services.xserver.enable [
+      pkgs.pavucontrol
+    ];
   };
 
   # Allow PulseAudio to get realtime priority using rtkit.
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index facde4e76..5cd17aa1d 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -37,7 +37,6 @@ let
       pkgs.ff
       pkgs.gitAndTools.qgit
       pkgs.mpv
-      pkgs.pavucontrol
       pkgs.slock
       pkgs.sxiv
       pkgs.xsel

From 06906064662b4e8163bef70b5b02f1001bedba17 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 14 Jan 2016 15:53:33 +0100
Subject: [PATCH 4/8] nomic: use pulse and xserver

---
 tv/1systems/nomic.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index 0c6c935a3..7bc7b70d2 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -11,6 +11,8 @@ with lib;
     ../2configs/hw/AO753.nix
     #../2configs/consul-server.nix
     ../2configs/git.nix
+    ../2configs/pulse.nix
+    ../2configs/xserver
     {
       tv.iptables = {
         enable = true;

From df017132338d1c22adbc414a301e879035e5ba4f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 14 Jan 2016 15:54:44 +0100
Subject: [PATCH 5/8] tv nixpkgs: c44a593 -> b7ff030

---
 tv/2configs/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index c300633bb..17e260b56 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -11,7 +11,7 @@ with lib;
     source = {
       git.nixpkgs = {
         url = mkDefault https://github.com/NixOS/nixpkgs;
-        rev = mkDefault "c44a593aa43bba6a0708f6f36065a514a5110613";
+        rev = mkDefault "b7ff0301d6f26bd8419e888fd0e129f3dc8bd328";
         target-path = mkDefault "/var/src/nixpkgs";
       };
       dir.secrets = {

From 3a0a230ef56990233850f8781db1c66886b9e7d9 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 14 Jan 2016 16:03:37 +0100
Subject: [PATCH 6/8] type user: kill pubkeys, no one's missing you

---
 krebs/4lib/types.nix | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index 81ce659bd..c596d0f9d 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -164,10 +164,6 @@ types // rec {
       pubkey = mkOption {
         type = str;
       };
-      pubkeys = mkOption {
-        type = attrsOf str;
-        default = {};
-      };
     };
   };
 

From 780ddec4ab268fbfd43ea9bf511ed4b3b0d35783 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 14 Jan 2016 16:31:48 +0100
Subject: [PATCH 7/8] tv ssh_config: UseRoaming=no

---
 tv/2configs/default.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 17e260b56..d3a1778f0 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -142,7 +142,12 @@ with lib;
         '';
       };
 
-      programs.ssh.startAgent = false;
+      programs.ssh = {
+        extraConfig = ''
+          UseRoaming no
+        '';
+        startAgent = false;
+      };
     }
 
     {

From 3718289010117943a7ee79ef87c07d4a867215d8 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 14 Jan 2016 17:11:08 +0100
Subject: [PATCH 8/8] tv vim hs syn region String start: bump

---
 tv/2configs/vim.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 0537fa7d8..bab949270 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -89,7 +89,7 @@ let
             \ | hi Normal ctermfg=White
 
     au BufRead,BufNewFile *.hs so ${pkgs.writeText "hs.vim" ''
-      syn region String start=+\[[^|]*|+ end=+|]+
+      syn region String start=+\[[[:alnum:]]*|+ end=+|]+
     ''}
 
     au BufRead,BufNewFile *.nix so ${pkgs.writeText "nix.vim" ''