From bfb5617f015d2810d04b07a4119ed9ef477ce66b Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 25 Sep 2018 19:02:09 +0200
Subject: [PATCH 01/48] tv gitrepos: add fswm

---
 tv/2configs/gitrepos.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 74fb5215a..8e4beca1e 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -39,6 +39,9 @@ let {
     disko = {
       cgit.desc = "declarative partitioning and formatting tool";
     };
+    fswm = {
+      cgit.desc = "simple full screen window manager";
+    };
     get = {};
     hstool = {
       cgit.desc = "Haskell Development Environment ^_^";

From 3216875c5b216ec9af1a8abbd634a47ba4c25638 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 25 Sep 2018 19:37:36 +0200
Subject: [PATCH 02/48] jeschli xmonad: pc_cellwidth 256 -> 100

---
 jeschli/5pkgs/simple/xmonad-jeschli/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
index 88856021c..4ebd98f09 100644
--- a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
+++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix
@@ -222,7 +222,7 @@ myKeys conf = Map.fromList $
 pagerConfig :: PagerConfig
 pagerConfig = def
     { pc_font           = myFont
-    , pc_cellwidth      = 256
+    , pc_cellwidth      = 100
     --, pc_cellheight     = 36 -- TODO automatically keep screen aspect
     --, pc_borderwidth    = 1
     --, pc_matchcolor     = "#f0b000"

From 4386b9a140a2a7dd9019037bfb2ac4b02ab3e658 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 25 Sep 2018 19:39:04 +0200
Subject: [PATCH 03/48] jeschli system: remove bln

---
 jeschli/1systems/bln/config.nix               | 173 ------------------
 jeschli/1systems/bln/dcso-vpn.nix             |  44 -----
 .../1systems/bln/hardware-configuration.nix   |  35 ----
 jeschli/1systems/bln/source.nix               |   4 -
 4 files changed, 256 deletions(-)
 delete mode 100644 jeschli/1systems/bln/config.nix
 delete mode 100644 jeschli/1systems/bln/dcso-vpn.nix
 delete mode 100644 jeschli/1systems/bln/hardware-configuration.nix
 delete mode 100644 jeschli/1systems/bln/source.nix

diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
deleted file mode 100644
index 6e3c3bec8..000000000
--- a/jeschli/1systems/bln/config.nix
+++ /dev/null
@@ -1,173 +0,0 @@
-{ config, lib, pkgs, ... }:
-# bln config file
-{
-  imports = [
-    ./hardware-configuration.nix
-    <stockholm/jeschli>
-    <stockholm/jeschli/2configs/virtualbox.nix>
-    <stockholm/jeschli/2configs/urxvt.nix>
-    <stockholm/jeschli/2configs/emacs.nix>
-    <stockholm/jeschli/2configs/xdg.nix>
-    <stockholm/jeschli/2configs/xserver>
-#    <stockholm/jeschli/1systems/bln/dcso-vpn.nix>
-    <stockholm/jeschli/2configs/officevpn.nix>
-  ];
-
-#  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.efi.efiSysMountPoint = "/boot";
-  boot.loader.grub = {
-    devices = [ "nodev" ];
-    efiSupport = true;
-    enable = true;
-    extraEntries = ''
-      menuentry "Debian" {
-        insmod ext2
-        insmod chain
-        chainloader /EFI/debian/grubx64.efi
-      }
-    '';
-    version = 2;
-  };
-
-  jeschliFontSize = 20;
-
-  environment.shellAliases = {
-    n = "nix-shell";
-    gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
-    gh = "cd /home/markus/go/src/github.com";
-    stocki = pkgs.writeDash "deploy" ''
-      cd ~/stockholm
-      LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy  --system="bln"'
-    '';
-  };
-  networking.hostName = lib.mkForce "BLN02NB0232";
-  networking.networkmanager.enable = true;
-
-  # Set your time zone.
-  time.timeZone = "Europe/Berlin";
-
-  # Setup Packages
-  nixpkgs.config.allowUnfree = true;
-  environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
-  environment.systemPackages = with pkgs; [
-    termite
-  # system helper
-    ag
-    copyq
-    dmenu
-    git
-    tig
-    i3lock
-    keepass
-    networkmanagerapplet
-    rsync
-    terminator
-    tmux
-    wget
-    rxvt_unicode
-  # editors
-    emacs
-  # databases
-    sqlite
-  # internet
-    thunderbird
-    chromium
-    google-chrome
-  # programming languages
-    elmPackages.elm
-    go
-    gcc
-    ghc
-    python35
-    python35Packages.pip
-  # go tools
-    golint
-    gotools
-  # dev tools
-    gnumake
-    jetbrains.pycharm-professional
-    jetbrains.webstorm
-    jetbrains.goland
-    jetbrains.datagrip
-    texlive.combined.scheme-full
-    pandoc
-    redis
-    vagrant
-  # document viewer
-    zathura
-
-    samba
-  ];
-
-
-  programs.bash.enableCompletion = true;
-  programs.vim.defaultEditor = true;
-
-  services.openssh.enable = true;
-
-  # Enable CUPS to print documents.
-  services.printing.enable = true;
-  services.printing.drivers = [ pkgs.postscript-lexmark ];
-
-  services.redis.enable = true;
-
-  services.xserver = {
-
-    desktopManager.session = lib.mkForce [];
-
-    enable = true;
-    display = 11;
-    tty = 11;
-
-    dpi = 200;
-
-    videoDrivers = [ "nvidia" ];
-    synaptics = {
-      enable = false;
-    };
-
-  };
-
-
-  users.extraUsers.jeschli = {
-    isNormalUser = true;
-    extraGroups = ["docker" "vboxusers" "audio"];
-    uid = 1000;
-  };
-
-  system.stateVersion = "17.09";
-  # Gogland Debugger workaround
-  #  nixpkgs.config.packageOverrides = super: {
-  #    idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: {
-  #      postFixup = ''
-  #	interp="$(cat $NIX_CC/nix-support/dynamic-linker)"
-  #	patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
-  #        chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
-  #     '';
-  #    });
-  #  };
-
-  virtualisation.docker.enable = true;
-
-  # DCSO Certificates
-  security.pki.certificateFiles = [
-    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
-    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
-    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
-
-    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
-    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
-    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
-    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
-  ];
-
-
-  hardware.bluetooth.enable = true;
-  krebs.build.host = config.krebs.hosts.bln;
-
-  networking.interfaces.enp0s31f6.ipv4.addresses = [
-    { address = "10.99.23.2"; prefixLength = 24; }
-  ];
-
-}
diff --git a/jeschli/1systems/bln/dcso-vpn.nix b/jeschli/1systems/bln/dcso-vpn.nix
deleted file mode 100644
index 0a5623bf0..000000000
--- a/jeschli/1systems/bln/dcso-vpn.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-with import <stockholm/lib>;
-{ ... }:
-
-{
-
-  users.extraUsers = {
-    dcsovpn = rec {
-      name = "dcsovpn";
-      uid = genid "dcsovpn";
-      description = "user for running dcso openvpn";
-      home = "/home/${name}";
-    };
-  };
-
-  users.extraGroups.dcsovpn.gid = genid "dcsovpn";
-
-  services.openvpn.servers = {
-    dcso = {
-      config = ''
-        client
-        dev tun
-        tun-mtu 1356
-        mssfix
-        proto udp
-        float
-        remote 217.111.55.41 1194
-        nobind
-        user dcsovpn
-        group dcsovpn
-        persist-key
-        persist-tun
-        ca ${toString <secrets/dcsovpn/ca.pem>}
-        cert ${toString <secrets/dcsovpn/cert.pem>}
-        key ${toString <secrets/dcsovpn/cert.key>}
-        verb 3
-        mute 20
-        auth-user-pass ${toString <secrets/dcsovpn/login.txt>}
-        route-method exe
-        route-delay 2
-      '';
-      updateResolvConf = true;
-    };
-  };
-}
diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix
deleted file mode 100644
index 35f0b3bca..000000000
--- a/jeschli/1systems/bln/hardware-configuration.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  imports =
-    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sr_mod" "rtsx_pci_sdmmc" ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/25534522-5748-4dcc-a5ca-80a3ac70f59d";
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/496c8889-96db-446d-9bac-60d4347faeac";
-      fsType = "ext4";
-    };
-
-  fileSystems."/home" =
-    { device = "/dev/disk/by-uuid/2785adf5-a99e-49d7-86d6-99f393f457ea";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/927E-01A0";
-      fsType = "vfat";
-    };
-
-  swapDevices = [ ];
-
-  nix.maxJobs = lib.mkDefault 8;
-  powerManagement.cpuFreqGovernor = "powersave";
-
-  hardware.pulseaudio.enable = true;
-}
diff --git a/jeschli/1systems/bln/source.nix b/jeschli/1systems/bln/source.nix
deleted file mode 100644
index 0864fd90c..000000000
--- a/jeschli/1systems/bln/source.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-import <stockholm/jeschli/source.nix> {
-  name = "bln";
-  secure = true;
-}

From b605a12d5b3c1ba3fa19ea06231b185d0b5e29a4 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 25 Sep 2018 19:45:44 +0200
Subject: [PATCH 04/48] jeschli brauerei: krops deploy

---
 jeschli/1systems/brauerei/config.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 4cd544a66..3d21b9e2e 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -37,6 +37,11 @@
       cd ~/stockholm
       exec nix-shell -I stockholm="$PWD" --run 'deploy  --system="brauerei"'
     '';
+    deploy = pkgs.writeDash "deploy" ''
+      set -eu
+      export SYSTEM="$1"
+      $(nix-build $HOME/stockholm/jeschli/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
+    '';
   };
 
   environment.systemPackages = with pkgs; [

From f922d5947acc3151619ec06962197a800d3138eb Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 25 Sep 2018 19:48:29 +0200
Subject: [PATCH 05/48] jeschli brauerei: dev user for jeschli and lass

---
 jeschli/1systems/brauerei/config.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 3d21b9e2e..0c01b7948 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -143,6 +143,14 @@
     isNormalUser = true;
     uid = 1001; # TODO genid
   };
+  users.users.dev = {
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      config.krebs.users.lass.pubkey
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
+    ];
+  };
+
 
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"

From ab41311a506ddacc908d97ef4e5ef89e2ca29a43 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 25 Sep 2018 20:42:19 +0200
Subject: [PATCH 06/48] nix-writers: 3.0.0 -> 3.1.0

---
 submodules/nix-writers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/submodules/nix-writers b/submodules/nix-writers
index c27a9416e..0660cc1a1 160000
--- a/submodules/nix-writers
+++ b/submodules/nix-writers
@@ -1 +1 @@
-Subproject commit c27a9416e8ee04d708b11b48f8cf1a055c0cc079
+Subproject commit 0660cc1a1169e799bda356c6fadb245a96345816

From 6cf8b42c0bf5b256db0bcd3c051c528052cfe5b2 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Tue, 25 Sep 2018 21:00:47 +0200
Subject: [PATCH 07/48] krebs: remove bln

---
 krebs/3modules/jeschli/default.nix | 37 ------------------------------
 1 file changed, 37 deletions(-)

diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix
index ab8fe097d..c0cb601bc 100644
--- a/krebs/3modules/jeschli/default.nix
+++ b/krebs/3modules/jeschli/default.nix
@@ -7,43 +7,6 @@ with import <stockholm/lib>;
     owner = config.krebs.users.jeschli;
     ci = true;
   }) {
-    bln = {
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.27.28";
-          ip6.addr = "42::28";
-          aliases = [
-            "bln.r"
-          ];
-          tinc.pubkey = ''
-            -----BEGIN RSA PUBLIC KEY-----
-            MIIECgKCBAEAwoN2f6iyQ1Wnk4rZVqhovny8VpwWvC9buE+NoedRaxmWmA5QIP02
-            BLwTWFKnbiKOQiYN+a4m/JKs0fFOjYCa2EKhqWWKwdEIN4wJTq8zrjzIaa2rdz+8
-            tamE+8rSYDE+RbJ6Gs3SUDfwcxJT6FXCi3JYoirdhAssLSwTf9d5IsfXvkKMabky
-            FpY9Im51utmIR8UmYL4Ti7dEaOxif+5Hgl1LuitC8e2IIZJhXJprK9tJk9J0LRWt
-            PUM31IG1+A2hNBzs5hferLmmwFvYF1sJ22NtFepxVyOLaLcLEFKWHyU+14qEMSgL
-            acsu0lgVZ4A1TY6vVBmawfVCzUzRfalNIty1x+qDA4MB1RQ4W7ivWCjd/+wirSyc
-            BLxCvriXRdUwPIRoHy0kNMmS83HGm2iv2IrHUrcH8lyJvMys216J2lCF2arRVnBn
-            lArObfR3mXgd/YoANmZ4cinLAjLCjCjXfOe39+pvTFph6WnDt4gOO+tQlnCk19Fa
-            NoiK1THcuZiFVE+4CAXVmstNqYKSMgw+Upw7/t6iUzur98iwKpcicomhJjGVVtbg
-            2iDf4lYVrUyb7iPns2T4EzAuHk7iESktEASU5creSbWYRu/4uyhuNlUoiCpVOEKg
-            H9jkrLlCpQGv/GmgdH9oj35Dsv5TINauCT2jjWV65wcKAlvyafy5UtLyF4HBRHaM
-            2xyxC9gxr8bmeOFyOnHVJQvpkeLxyaRp/VppjCTzr82TQvpZd5a+tISIbDGfqX1o
-            cEyPsowb3KHNtW9DqRBp+80fPGnQHsNjVXbJb37wjpnR/ePg/XyENbZF/OQEsjqt
-            bki8hZQXKJAFyx1bq/2A1q4ocx7JlJKynL4szG1unHbSPKNH2OOVvoezuP7e+lXU
-            gnzrSbe9lPIOp4Vu1HjWOi6tNWZFoZrSHVIK+VGxm+wm/HoS+Enj4Yq+vRvU3luv
-            UllR5KHHK2970RbFEUE0zaVMZjQn5KgJjFXfqfrCztp0wZ5CQo+tRFPq35llaIQ2
-            0WyT2IZlxt1Xr2IpOM0DpO4SJnivZT/wdZN7upzsUPf4a9suztpA3KcKAKqH0OM5
-            fv2/LXspc73vACAOZ9qDJnwp8bFrMOaQdAL1oPpOLB3yYTDA3E20IAQ6OKoSy1Nl
-            B4coqo1gBCcMrWwVFYAuc5J4itXJ0SSj67+WUnuDzPm88LI3g+AO0r1m6k6YdA58
-            SeNxYPMLYNLRg86rsjKjXu+QyvBsd04O/QvIxpTFCtdjbUXNS1H4++/inYZSwWPp
-            U0lN9erLJbwr4WqU/Mn6J+jKijXwmCSiF5if5baszMsOL/0u9yFt6OcaLyehE3sJ
-            eAo00n9phSna0lxtbtRnh/Gd4D7rFcX33wIDAQAB
-            -----END RSA PUBLIC KEY-----
-          '';
-        };
-      };
-    };
     brauerei = {
       nets = {
         retiolum = {

From 4f530d344dc98d1535aa87af640bc1fe049b52e4 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 28 Sep 2018 15:16:11 +0200
Subject: [PATCH 08/48] tv gitrepos nix-writers: add cgit desc

---
 tv/2configs/gitrepos.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 8e4beca1e..00873bd5a 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -64,7 +64,9 @@ let {
     netcup = {
       cgit.desc = "netcup command line interface";
     };
-    nix-writers = {};
+    nix-writers = {
+      cgit.desc = "collection of package builders";
+    };
     populate = {
       cgit.desc = "source code installer";
     };

From a93aaeecd65843b6daab9c4030862fe859c435f7 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 28 Sep 2018 15:18:43 +0200
Subject: [PATCH 09/48] tv gitrepos: move unused stuff to museums

---
 tv/2configs/gitrepos.nix | 35 +++++++++++++++++------------------
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 00873bd5a..e7104be3a 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -30,9 +30,6 @@ let {
 
   public-repos = mapAttrs make-public-repo ({
   } // mapAttrs (_: recursiveUpdate { cgit.section = "1. miscellaneous"; }) {
-    cac-api = {
-      cgit.desc = "CloudAtCost API command line interface";
-    };
     dic = {
       cgit.desc = "dict.leo.org command line interface";
     };
@@ -42,24 +39,12 @@ let {
     fswm = {
       cgit.desc = "simple full screen window manager";
     };
-    get = {};
-    hstool = {
-      cgit.desc = "Haskell Development Environment ^_^";
-    };
     htgen = {
       cgit.desc = "toy HTTP server";
     };
-    kirk = {
-      cgit.desc = "IRC tools";
-    };
     krops = {
       cgit.desc = "deployment tools";
     };
-    load-env = {};
-    loldns = {
-      cgit.desc = "toy DNS server";
-    };
-    make-snapshot = {};
     much = {};
     netcup = {
       cgit.desc = "netcup command line interface";
@@ -72,9 +57,6 @@ let {
     };
     q = {};
     regfish = {};
-    soundcloud = {
-      cgit.desc = "SoundCloud command line interface";
-    };
     stockholm = {
       cgit.desc = "NixOS configuration";
     };
@@ -91,15 +73,32 @@ let {
     xintmap = {};
     xmonad-stockholm = {};
   } // mapAttrs (_: recursiveUpdate { cgit.section = "4. museum"; }) {
+    cac-api = {
+      cgit.desc = "CloudAtCost API command line interface";
+    };
     cgserver = {};
     crude-mail-setup = {};
     dot-xmonad = {};
     hirc = {};
+    hstool = {
+      cgit.desc = "Haskell Development Environment ^_^";
+    };
+    kirk = {
+      cgit.desc = "IRC tools";
+    };
     make-snapshot = {};
     nixos-infest = {};
     painload = {};
     push = {};
     with-tmpdir = {};
+    get = {};
+    load-env = {};
+    loldns = {
+      cgit.desc = "toy DNS server";
+    };
+    soundcloud = {
+      cgit.desc = "SoundCloud command line interface";
+    };
   });
 
   restricted-repos = mapAttrs make-restricted-repo (

From b29452cfc3f9785098c530e52f71233876d3ca94 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 28 Sep 2018 16:18:47 +0200
Subject: [PATCH 10/48] krebs.git.cgit: support per-repo readmes

---
 krebs/3modules/git.nix | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 8a923efd2..f6b4e3c69 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -121,6 +121,10 @@ let
     cgit-settings = types.submodule {
       # A setting's value of `null` means cgit's default should be used.
       options = {
+        about-filter = mkOption {
+          type = types.nullOr types.package;
+          default = null;
+        };
         cache-root = mkOption {
           type = types.absolute-pathname;
           default = "/tmp/cgit";
@@ -166,6 +170,10 @@ let
             types.nullOr (types.enum ["week" "month" "quarter" "year"]);
           default = "year";
         };
+        readme = mkOption {
+          type = types.listOf types.str;
+          default = [];
+        };
         robots = mkOption {
           type = types.nullOr (types.listOf types.str);
           default = ["nofollow" "noindex"];
@@ -394,8 +402,14 @@ let
       kv-to-cgitrc = k: v: getAttr (typeOf v) {
         bool = kv-to-cgitrc k (if v then 1 else 0);
         null = []; # This will be removed by `flatten`.
-        list = "${k}=${concatStringsSep ", " v}";
+        list = {
+          readme = map (x: "readme=${x}") v;
+        }.${k} or "${k}=${concatStringsSep ", " v}";
         int = "${k}=${toString v}";
+        set =
+          if subtypes.cgit-settings.check v
+            then "${k}=${v}"
+            else error "kv-to-cgitrc: unhandled type: set";
         string = "${k}=${v}";
       };
     in

From cc7f4937697a60690a0f47668d6f8b6888722ec5 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 28 Sep 2018 16:20:48 +0200
Subject: [PATCH 11/48] tv gitrepos cgit: use README.md for about pages

---
 tv/2configs/gitrepos.nix | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index e7104be3a..a8cbe0f1c 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -9,8 +9,19 @@ let {
       enable = true;
       cgit = {
         settings = {
-          root-title = "repositories at ${config.krebs.build.host.name}";
+          about-filter = pkgs.exec "krebs.cgit.about-filter" rec {
+            filename = "${pkgs.pythonPackages.markdown2}/bin/markdown2";
+            argv = [
+              filename
+              "--extras=fenced-code-blocks"
+            ];
+            envp = {};
+          };
+          readme = [
+            ":README.md"
+          ];
           root-desc = "mostly krebs";
+          root-title = "repositories at ${config.krebs.build.host.name}";
         };
       };
       repos = repos;

From 0c70e8fb51ea44b9a113efcb654463b792a5789c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 29 Sep 2018 10:26:36 +0200
Subject: [PATCH 12/48] tv urlwatch: filter all api.github.com results

---
 tv/2configs/urlwatch.nix | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix
index aa71be777..77947dafa 100644
--- a/tv/2configs/urlwatch.nix
+++ b/tv/2configs/urlwatch.nix
@@ -1,6 +1,10 @@
-{ config, pkgs, ... }:
 with import <stockholm/lib>;
-{
+{ config, pkgs, ... }: let
+  json = url: {
+    inherit url;
+    filter = "system:${pkgs.jq}/bin/jq .";
+  };
+in {
   krebs.urlwatch = {
     enable = true;
     mailto = config.krebs.users.tv.mail;
@@ -13,18 +17,9 @@ with import <stockholm/lib>;
 
       http://www.exim.org/
 
-      # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix
-      {
-        url = https://api.github.com/repos/simple-evcorr/sec/tags;
-        filter = "system:${pkgs.jq}/bin/jq .";
-      }
-
       # ref src/nixpkgs/pkgs/tools/networking/urlwatch/default.nix
       https://thp.io/2008/urlwatch/
 
-      # 2014-12-20 ref src/nixpkgs/pkgs/tools/networking/tlsdate/default.nix
-      https://api.github.com/repos/ioerror/tlsdate/tags
-
       # 2015-02-18
       # ref ~/src/nixpkgs/pkgs/tools/text/qprint/default.nix
       http://www.fourmilab.ch/webtools/qprint/
@@ -50,7 +45,13 @@ with import <stockholm/lib>;
       #http://hackage.haskell.org/package/web-page
 
       # ref <stockholm/krebs/3modules>, services.openssh.knownHosts.github*
-      https://api.github.com/meta
+      (json https://api.github.com/meta)
+
+      # 2014-12-20 ref src/nixpkgs/pkgs/tools/networking/tlsdate/default.nix
+      (json https://api.github.com/repos/ioerror/tlsdate/tags)
+
+      # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix
+      (json https://api.github.com/repos/simple-evcorr/sec/tags)
 
       # <stockholm/tv/2configs/xserver/xserver.conf.nix>
       # is derived from `configFile` in:

From deac0b64c09882ee70240e1fa538d7d64e7e8181 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sat, 29 Sep 2018 23:19:02 +0200
Subject: [PATCH 13/48] buildbot-stockholm: test krops

---
 krebs/2configs/buildbot-stockholm.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix
index d10fb7203..5784f2cdc 100644
--- a/krebs/2configs/buildbot-stockholm.nix
+++ b/krebs/2configs/buildbot-stockholm.nix
@@ -22,6 +22,12 @@
         "http://cgit.ni.r/disko"
         "http://cgit.prism.r/disko"
       ];
+      krops.urls = [
+        "http://cgit.hotdog.r/krops"
+        "http://cgit.ni.r/krops"
+        "http://cgit.prism.r/krops"
+        "https://git.ingolf-wagner.de/krebs/krops.git"
+      ];
       nix_writers.urls = [
         "http://cgit.hotdog.r/nix-writers"
         "http://cgit.ni.r/nix-writers"

From ba5e2081cdb899e47efb04d9c0cac605685e1765 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 3 Oct 2018 10:14:20 +0200
Subject: [PATCH 14/48] tv mu: use br

---
 tv/1systems/mu/config.nix | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix
index f51366546..c26d4ab30 100644
--- a/tv/1systems/mu/config.nix
+++ b/tv/1systems/mu/config.nix
@@ -3,6 +3,7 @@ with import <stockholm/lib>;
 
   imports = [
     <stockholm/tv>
+    <stockholm/tv/2configs/br.nix>
     <stockholm/tv/2configs/exim-retiolum.nix>
     <stockholm/tv/2configs/retiolum.nix>
   ];
@@ -90,20 +91,6 @@ with import <stockholm/lib>;
     pkgs.xlibs.fontschumachermisc
   ];
 
-  # Enable CUPS to print documents.
-  services.printing = {
-    enable = true;
-    #drivers = [
-    #  #pkgs.foomatic_filters
-    #  #pkgs.gutenprint
-    #  #pkgs.cups_pdf_filter
-    #  #pkgs.ghostscript
-    #];
-    #cupsdConf = ''
-    #  LogLevel debug2
-    #'';
-  };
-
   services.xserver.enable = true;
   services.xserver.layout = "de";
   services.xserver.xkbOptions = "eurosign:e";

From 0a65f69db31e75851e810d461b4882b29653e087 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 3 Oct 2018 22:23:31 +0200
Subject: [PATCH 15/48] tv bash: use XMONAD_SPAWN_WORKSPACE when SHLVL=1

---
 tv/2configs/bash/default.nix | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/tv/2configs/bash/default.nix b/tv/2configs/bash/default.nix
index 546b2e7b7..b75ad8bfc 100644
--- a/tv/2configs/bash/default.nix
+++ b/tv/2configs/bash/default.nix
@@ -33,11 +33,13 @@ with import <stockholm/lib>;
         PS1="ssh-agent[$SSH_AGENT_PID] $PS1"
       fi
 
-      case ''${XMONAD_SPAWN_WORKSPACE-} in
-        stockholm)
-          cd ~/stockholm
-        ;;
-      esac
+      if test ''${SHLVL-1} = 1; then
+        case ''${XMONAD_SPAWN_WORKSPACE-} in
+          stockholm)
+            cd ~/stockholm
+          ;;
+        esac
+      fi
     '';
   };
 }

From 0a17a244962778ef1597ac5749fb66d886053dd8 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Thu, 4 Oct 2018 12:36:23 +0200
Subject: [PATCH 16/48] l mors.r: add adb-sync to pkgs

---
 lass/1systems/mors/config.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 69954a3e9..d3fb441a8 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -77,6 +77,7 @@ with import <stockholm/lib>;
       environment.systemPackages = [
         pkgs.ovh-zone
         pkgs.bank
+        pkgs.adb-sync
       ];
     }
     {

From 453fc4093a0cc3b18a71fcc6e2e0f3189aed0131 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 5 Oct 2018 14:04:27 +0200
Subject: [PATCH 17/48] j brauerei: +luis @ dev tmux

---
 jeschli/1systems/brauerei/config.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 0c01b7948..e419e35be 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -147,6 +147,7 @@
     isNormalUser = true;
     openssh.authorizedKeys.keys = [
       config.krebs.users.lass.pubkey
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
     ];
   };

From d2d9c3df5d7cea1c5b51a2b007c79d9e16c2ac56 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 5 Oct 2018 13:59:01 +0200
Subject: [PATCH 18/48] tv pkgs: init utsushi at 3.48.0

---
 tv/5pkgs/simple/utsushi.nix | 206 ++++++++++++++++++++++++++++++++++++
 1 file changed, 206 insertions(+)
 create mode 100644 tv/5pkgs/simple/utsushi.nix

diff --git a/tv/5pkgs/simple/utsushi.nix b/tv/5pkgs/simple/utsushi.nix
new file mode 100644
index 000000000..518c34ca0
--- /dev/null
+++ b/tv/5pkgs/simple/utsushi.nix
@@ -0,0 +1,206 @@
+{ boost, fetchurl, file, imagemagick, libudev, libusb, pkgconfig, stdenv
+, coreutils, dash, patchelf, writeScriptBin # for add-rpath
+
+, guiSupport ? false, gtkmm2 ? null
+, jpegSupport ? true
+, networkSupport ? false, dpkg ? null
+, ocrSupport ? false, tesseract ? null
+, saneSupport ? true, saneBackends ? null
+, tiffSupport ? true, libtiff ? null
+
+# Logging defaults copied from Utsushi source (lib/log.cpp)
+, logCategory ? "NOTHING"
+, logLevel ? "FATAL"
+}:
+
+# Logging possibilities copied from Utsushi source (utsushi/log.hpp)
+assert builtins.elem logCategory [
+  "NOTHING"
+  "SANE_BACKEND"
+  "ALL"
+];
+assert builtins.elem logLevel [
+  "FATAL" # famous last words
+  "ALERT" # outside intervention required
+  "ERROR" # something went wrong
+  "BRIEF" # short informational notes
+  "TRACE" # more chattery feedback
+  "DEBUG" # the gory details
+  "QUARK" # stack tracing feedback
+];
+
+let
+
+  # usage: add-rpath LIBPATH [SOFILE...]
+  # Adds LIBPATH to each SOFILE's RPATH
+  add-rpath = writeScriptBin "add-rpath" ''
+    #! ${dash}/bin/dash
+    set -efu
+    path=$1; shift
+    for file; do
+      file=$(${coreutils}/bin/readlink -f "$file")
+      old_rpath=$(${patchelf}/bin/patchelf --print-rpath "$file")
+      new_rpath=''${old_rpath+$old_rpath:}$path
+      ${patchelf}/bin/patchelf --set-rpath "$new_rpath" "$file"
+    done
+  '';
+
+  imagescan-plugin-networkscan = stdenv.mkDerivation rec {
+    name = "imagescan-plugin-networkscan-${meta.version}";
+
+    src =
+      if stdenv.system == "i686-linux" then
+        fetchurl {
+          url = "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-1.3.21.x86.deb.tar.gz";
+          sha256 = "16xv1pdfm2ryis815fawb7zqg6c4swww726g272ssx044r5dp80r";
+        }
+      else if stdenv.system == "x86_64-linux" then
+        fetchurl {
+          url = "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-1.3.21.x64.deb.tar.gz";
+          sha256 = "0zik35h2jwrvkwcmq55wc72imidwdnmn1bayhypzhjcz61rasjg2";
+        }
+      else throw "${name} is not supported on ${stdenv.system} (only i686-linux and x86_64 linux are supported)";
+
+    dontBuild = true;
+
+    installPhase = ''
+      # Wildcard * stand for either i386 or amd64
+      ${dpkg}/bin/dpkg -x \
+          plugins/imagescan-plugin-networkscan_${meta.version}-1epson4debian9_*.deb \
+          tmp
+
+      mv tmp/usr $out
+    '';
+
+    preFixup = ''
+      patchelf --set-interpreter \
+          ${stdenv.glibc}/lib/ld-linux${stdenv.lib.optionalString stdenv.is64bit "-x86-64"}.so.2 \
+          $out/lib/utsushi/networkscan
+
+      # libstdc++.so.6
+      patchelf --set-rpath ${stdenv.cc.cc.lib}/lib \
+          $out/lib/utsushi/networkscan
+    '';
+
+    meta = {
+      description = "Epson Image Scan v3 networkscan plugin";
+      longDescription = ''
+        This package provides the unfree networkscan plugin from the Epson
+        Image Scan v3 scanner driver bundle, which can be used by Utsushi.
+      '';
+      homepage = "http://support.epson.net/linux/en/imagescanv3.php?version=${meta.version}";
+      license = stdenv.lib.licenses.eapl;
+      maintainers = [ stdenv.lib.maintainers.tv ];
+      platforms = stdenv.lib.platforms.linux;
+      version = "1.1.0";
+    };
+  };
+
+in
+
+stdenv.mkDerivation rec {
+  name = "utsushi-${meta.version}";
+
+  src = fetchurl {
+    url = "http://support.epson.net/linux/src/scanner/imagescanv3/debian/imagescan_${meta.version}.orig.tar.gz";
+    sha256 = "12mzq3wc8gzdma84pjs5gb0gp8mga13wax5g7vjfrzq8pjyqrnmw";
+  };
+
+  preConfigure = ''
+    substituteInPlace configure \
+        --replace /usr/bin/file ${file}/bin/file
+
+    substituteInPlace lib/log.cpp \
+        --replace FATAL ${logLevel} \
+        --replace NOTHING ${logCategory}
+  '';
+
+  postInstall = ''
+    # Allow configuration to be done via /etc/utsushi.conf
+    ln -s /etc/utsushi.conf $out/etc/utsushi/utsushi.conf
+
+    ${stdenv.lib.optionalString saneSupport ''
+      # Make this package compatible with hardware.sane.extraBackends
+      mkdir $out/etc/sane.d
+      echo utsushi > $out/etc/sane.d/dll.conf
+      mkdir $out/lib/sane
+      ln -s $out/lib/utsushi/sane/libsane-utsushi.* $out/lib/sane
+    ''}
+
+    ${stdenv.lib.optionalString networkSupport ''
+      ln -s ${imagescan-plugin-networkscan}/lib/utsushi/networkscan \
+        $out/libexec/utsushi/
+    ''}
+  '';
+
+  # Fixup libraries which otherwise would end up broken like this:
+  #
+  #  $ ldd .../blah.so | grep libboost_system
+  #  libboost_system.so.X.Y.Z => not found
+  #  libboost_system.so.X.Y.Z => /nix/store/.../libboost_system.so.X.Y.Z (...)
+  #
+  preFixup = ''
+    add-rpath ${boost}/lib $out/lib/utsushi/libdrv-esci.so
+    ${stdenv.lib.optionalString saneSupport ''
+      add-rpath ${boost}/lib $out/lib/utsushi/sane/libsane-utsushi.so
+    ''}
+  '';
+
+  nativeBuildInputs = [
+    add-rpath
+    pkgconfig
+  ];
+
+  buildInputs = [
+    boost
+    imagemagick
+    libudev
+    libusb
+  ]
+  ++ stdenv.lib.optional guiSupport gtkmm2
+  ++ stdenv.lib.optional ocrSupport tesseract
+  ++ stdenv.lib.optional saneSupport saneBackends
+  ++ stdenv.lib.optional tiffSupport libtiff
+  ;
+
+  NIX_CFLAGS_COMPILE = [
+    "-Wno-error=unused-variable"
+  ];
+
+  configureFlags = [
+    "--with-boost=${boost}"
+    "--with-magick"
+    "--with-magick-pp"
+  ]
+  ++ stdenv.lib.optionals guiSupport [
+    "--with-gtkmm"
+  ]
+  ++ stdenv.lib.optionals jpegSupport [
+    "--with-jpeg"
+  ]
+  ++ stdenv.lib.optionals saneSupport [
+    "--with-sane"
+  ]
+  ++ stdenv.lib.optionals tiffSupport [
+    "--with-tiff"
+  ]
+  ;
+
+  meta = {
+    description = "Utsushi - Next Generation Image Acquisition";
+    longDescription = ''
+      This software provides applications to easily turn hard-copy
+      documents and imagery into formats that are more amenable to
+      computer processing.
+
+      Included are a native driver for a number of EPSON scanners
+      and a compatibility driver to interface with software built
+      around the SANE standard.
+    '';
+    homepage = http://download.ebz.epson.net/dsc/search/01/search/?OSC=LX;
+    license = stdenv.lib.licenses.gpl3;
+    maintainers = [ stdenv.lib.maintainers.tv ];
+    platforms = stdenv.lib.platforms.linux;
+    version = "3.48.0";
+  };
+}

From 9ea7ccd94f1ac2746fcff1739859d4bc27aa0c98 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 5 Oct 2018 22:13:26 +0200
Subject: [PATCH 19/48] tv xp-332: init

---
 tv/2configs/xp-332.nix | 45 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 tv/2configs/xp-332.nix

diff --git a/tv/2configs/xp-332.nix b/tv/2configs/xp-332.nix
new file mode 100644
index 000000000..627401dc6
--- /dev/null
+++ b/tv/2configs/xp-332.nix
@@ -0,0 +1,45 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: {
+
+  environment.etc."utsushi.conf".text = ''
+    [devices]
+    dev1.udi = esci:networkscan://EPSON79678C.fritz.box:1865
+    dev1.model = XP-332
+    dev1.vendor = EPSON
+  '';
+
+  hardware.sane = {
+    enable = true;
+    extraBackends = [
+      pkgs.utsushi
+    ];
+  };
+
+  krebs.nixpkgs.allowUnfreePredicate = pkg:
+    elem (parseDrvName pkg.name).name [ "imagescan-plugin-networkscan" ];
+
+  nixpkgs.overlays = singleton (self: super: {
+    utsushi = super.utsushi.override {
+      guiSupport = false;
+      jpegSupport = false;
+      networkSupport = true;
+      ocrSupport = false;
+      saneSupport = true;
+      tiffSupport = true;
+
+      logCategory = "ALL";
+      logLevel = "BRIEF";
+    };
+  });
+
+  services = {
+    printing = {
+      drivers = [
+        pkgs.epson-escpr
+      ];
+      enable = true;
+    };
+    saned.enable = true;
+  };
+
+}

From 9b714e774e863280801e868bb5c21631da02fd8c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 5 Oct 2018 22:14:36 +0200
Subject: [PATCH 20/48] tv querel: import xp-332

---
 tv/1systems/querel/config.nix | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix
index 5f981c64c..01d67b5f5 100644
--- a/tv/1systems/querel/config.nix
+++ b/tv/1systems/querel/config.nix
@@ -2,10 +2,9 @@ with import <stockholm/lib>;
 { config, pkgs, ... }: {
 
   imports = [
-    <stockholm/krebs>
-    <stockholm/tv/2configs>
-    <stockholm/tv/3modules>
+    <stockholm/tv>
     <stockholm/tv/2configs/retiolum.nix>
+    <stockholm/tv/2configs/xp-332.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.querel;
@@ -37,6 +36,7 @@ with import <stockholm/lib>;
     sxiv
     texlive.combined.scheme-full
     vim
+    xsane
     zathura
   ];
 
@@ -67,10 +67,6 @@ with import <stockholm/lib>;
 
   programs.ssh.startAgent = false;
 
-  services.printing = {
-    enable = true;
-  };
-
   services.xserver.enable = true;
   services.xserver.layout = "de";
   services.xserver.xkbOptions = "eurosign:e";

From 1ca261eb502780a77d3059f54128720a2ed58e6a Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sat, 6 Oct 2018 18:33:03 +0200
Subject: [PATCH 21/48] l prism.r: remove radio.lassul.us

---
 lass/1systems/prism/config.nix | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index f83721070..bf7de6fc5 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -291,16 +291,6 @@ with import <stockholm/lib>;
       ];
     }
     {
-      services.nginx = {
-        enable = true;
-        virtualHosts."radio.lassul.us" = {
-          forceSSL = true;
-          enableACME = true;
-          locations."/".extraConfig = ''
-            proxy_pass http://localhost:8000;
-          '';
-        };
-      };
     }
     {
       lass.nichtparasoup.enable = true;

From c2442a231dc76a5a9b4bad20631d2732220052c5 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sat, 6 Oct 2018 18:33:21 +0200
Subject: [PATCH 22/48] l: add ccc@lassul.us

---
 lass/2configs/exim-smarthost.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 846000a3a..6ef3c8595 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -89,6 +89,7 @@ with import <stockholm/lib>;
       { from = "cis@lassul.us"; to = lass.mail; }
       { from = "afra@lassul.us"; to = lass.mail; }
       { from = "ksp@lassul.us"; to = lass.mail; }
+      { from = "ccc@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }

From d25204e852f314d3044c37f4e3472d5d376e5c1c Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sat, 6 Oct 2018 18:33:36 +0200
Subject: [PATCH 23/48] l git: add nixos-generators

---
 lass/2configs/git.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 97def9df3..253c56e48 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -62,6 +62,10 @@ let
       cgit.desc = "high level writers for nix";
       cgit.section = "software";
     };
+    nixos-generators = {
+      cgit.desc = "custom image builders";
+      cgit.section = "software";
+    };
     nixpkgs = {
       cgit.desc = "nixpkgs fork";
       cgit.section = "configuration";

From d3660625e1aab1daa321ad7c13b39398e4aa3771 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sat, 6 Oct 2018 18:35:29 +0200
Subject: [PATCH 24/48] l radio: add mors to authorizedKeys

---
 lass/2configs/radio.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index fb7ae01b6..bf6855804 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -36,8 +36,9 @@ in {
       home = "/home/${name}";
       useDefaultShell = true;
       createHome = true;
-      openssh.authorizedKeys.keys = [
-        config.krebs.users.lass.pubkey
+      openssh.authorizedKeys.keys = with config.krebs.users; [
+        lass.pubkey
+        lass-mors.pubkey
       ];
     };
   };

From f9595d16f95800db745bb9e1175d339e216941c0 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sat, 6 Oct 2018 18:44:49 +0200
Subject: [PATCH 25/48] nixpkgs: d16a7ab -> 6a3f5bc (18.09)

---
 krebs/nixpkgs.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index a3612fa7a..c9854fabd 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
 {
   "url": "https://github.com/NixOS/nixpkgs-channels",
-  "rev": "d16a7abceb72aac85e0deb8c45fbcb7127baf628",
-  "date": "2018-09-20T18:31:51-05:00",
-  "sha256": "0byf6rlwwy70v2sdfmv7mnwd0kvxmlq0pi8ijghg0mcfhcqibgh7",
+  "rev": "6a3f5bcb061e1822f50e299f5616a0731636e4e7",
+  "date": "2018-10-05T18:33:19-04:00",
+  "sha256": "1ib96has10v5nr6bzf7v8kw7yzww8zanxgw2qi1ll1sbv6kj6zpd",
   "fetchSubmodules": true
 }

From 96c3bdb8f49d04daf9363b41f56b2121c75e7af7 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sat, 6 Oct 2018 19:15:05 +0200
Subject: [PATCH 26/48] l baseX: remove deprecated nix-repl

---
 lass/2configs/baseX.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 95aac2d18..e8a2539f3 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -71,7 +71,6 @@ in {
     lm_sensors
     ncdu
     nix-index
-    nix-repl
     nmap
     pavucontrol
     powertop

From 65dc542a2ae9ba565eb3848a9cbdb5da11a1563d Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Oct 2018 21:46:42 +0200
Subject: [PATCH 27/48] blessings: 1.1.0 -> 1.2.0

---
 krebs/5pkgs/haskell/blessings.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix
index f852b4a44..8c52c5636 100644
--- a/krebs/5pkgs/haskell/blessings.nix
+++ b/krebs/5pkgs/haskell/blessings.nix
@@ -1,11 +1,11 @@
 { mkDerivation, base, fetchgit, stdenv }:
 mkDerivation rec {
   pname = "blessings";
-  version = "1.1.0";
+  version = "1.2.0";
   src = fetchgit {
     url = http://cgit.ni.krebsco.de/blessings;
     rev = "refs/tags/v${version}";
-    sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
+    sha256 = "03hz43ixww0h4fwxqrlrlvmj3pxswhb50ijaapwjz8457il2r300";
   };
   libraryHaskellDepends = [ base ];
   doHaddock = false;

From a0cc393b03b39d9412b2e4b783ff4f0475537f7c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Oct 2018 21:58:13 +0200
Subject: [PATCH 28/48] email-header: 0.3.0 -> 0.4.1-tv1

---
 krebs/5pkgs/haskell/email-header.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/krebs/5pkgs/haskell/email-header.nix b/krebs/5pkgs/haskell/email-header.nix
index b54240809..ba5a0e63e 100644
--- a/krebs/5pkgs/haskell/email-header.nix
+++ b/krebs/5pkgs/haskell/email-header.nix
@@ -2,13 +2,13 @@
 , case-insensitive, containers, exceptions, fetchgit, QuickCheck
 , stdenv, tasty, tasty-quickcheck, text, text-icu, time
 }:
-mkDerivation {
+mkDerivation rec {
   pname = "email-header";
-  version = "0.3.0";
+  version = "0.4.1-tv1";
   src = fetchgit {
     url = "https://github.com/4z3/email-header";
-    rev = "7b179bd31192ead8afe7a0b6e34bcad4039deaa8";
-    sha256 = "12j2n3sbvzjnw99gga7kkdygm8n3qx2lh8q26ad6a53xm5whnz59";
+    rev = "refs/tags/v${version}";
+    sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
   };
   buildDepends = [
     attoparsec base base64-bytestring bytestring case-insensitive

From 2fdb6069470d30ab708b1897fbda78b1b8ac7605 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Oct 2018 22:06:38 +0200
Subject: [PATCH 29/48] hyphenation: RIP; nixpkgs is good enough

---
 krebs/5pkgs/haskell/hyphenation.nix | 17 -----------------
 1 file changed, 17 deletions(-)
 delete mode 100644 krebs/5pkgs/haskell/hyphenation.nix

diff --git a/krebs/5pkgs/haskell/hyphenation.nix b/krebs/5pkgs/haskell/hyphenation.nix
deleted file mode 100644
index 6e5fe9455..000000000
--- a/krebs/5pkgs/haskell/hyphenation.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-# Same as upstream but with doCheck = false because doctest has wrong version.
-{ mkDerivation, base, bytestring, containers, directory
-, filepath, unordered-containers, zlib, stdenv
-}:
-mkDerivation {
-  pname = "hyphenation";
-  version = "0.6";
-  sha256 = "2f673666c18f63581422f7c6389b78b0ff754406671296a3d680d417942512f7";
-  libraryHaskellDepends = [
-    base bytestring containers unordered-containers zlib
-  ];
-  homepage = "http://github.com/ekmett/hyphenation";
-  description = "Configurable Knuth-Liang hyphenation";
-  license = stdenv.lib.licenses.bsd3;
-  hydraPlatforms = stdenv.lib.platforms.none;
-  doCheck = false;
-}

From 0cb43393303d2b6bbab19d4d5c45ce371a9ef621 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Oct 2018 09:54:55 +0200
Subject: [PATCH 30/48] tv xserver: cleanup services

---
 tv/2configs/xserver/default.nix | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index 6ef8a8768..96c59c6ac 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -55,7 +55,7 @@ in {
   systemd.services.display-manager.enable = false;
 
   systemd.services.xmonad = {
-    wantedBy = [ "multi-user.target" ];
+    wantedBy = [ "graphical.target" ];
     requires = [ "xserver.service" ];
     environment = {
       DISPLAY = ":${toString config.services.xserver.display}";
@@ -101,21 +101,20 @@ in {
 
   systemd.services.xserver = {
     after = [
-      "systemd-udev-settle.service"
-      "local-fs.target"
       "acpid.service"
+      "local-fs.target"
+      "systemd-udev-settle.service"
     ];
-    reloadIfChanged = true;
+    wants = [
+      "systemd-udev-settle.service"
+    ];
+    restartIfChanged = false;
     environment = {
-      XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
-      XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
-      LD_LIBRARY_PATH = concatStringsSep ":" (
-        [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
+      LD_LIBRARY_PATH = concatStringsSep ":" ([ "/run/opengl-driver/lib" ]
         ++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
     };
     serviceConfig = {
       SyslogIdentifier = "xserver";
-      ExecReload = "${pkgs.coreutils}/bin/echo NOP";
       ExecStart = toString [
         "${pkgs.xorg.xorgserver}/bin/X"
         ":${toString config.services.xserver.display}"
@@ -123,17 +122,16 @@ in {
         "-config ${import ./xserver.conf.nix args}"
         "-logfile /dev/null -logverbose 0 -verbose 3"
         "-nolisten tcp"
-        "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
+        "-xkbdir ${config.services.xserver.xkbDir}"
       ];
     };
   };
 
   systemd.services.urxvtd = {
-    wantedBy = [ "multi-user.target" ];
-    reloadIfChanged = true;
+    wantedBy = [ "graphical.target" ];
+    restartIfChanged = false;
     serviceConfig = {
       SyslogIdentifier = "urxvtd";
-      ExecReload = "${pkgs.coreutils}/bin/echo NOP";
       ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
       Restart = "always";
       RestartSec = "2s";

From 85ebdc2437f848fad1d96189ea3095aa34eefc38 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Oct 2018 10:17:21 +0200
Subject: [PATCH 31/48] tv xu: import xp-332

---
 tv/1systems/xu/config.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix
index 14926fe3b..24179cc3d 100644
--- a/tv/1systems/xu/config.nix
+++ b/tv/1systems/xu/config.nix
@@ -18,6 +18,7 @@ with import <stockholm/lib>;
     <stockholm/tv/2configs/retiolum.nix>
     <stockholm/tv/2configs/binary-cache>
     <stockholm/tv/2configs/br.nix>
+    <stockholm/tv/2configs/xp-332.nix>
     <stockholm/tv/2configs/xserver>
     {
       environment.systemPackages = with pkgs; [
@@ -147,8 +148,6 @@ with import <stockholm/lib>;
     gptfdisk
   ];
 
-  services.printing.enable = true;
-
   #services.bitlbee.enable = true;
   #services.tor.client.enable = true;
   #services.tor.enable = true;

From e4c90d8cbea4c929a83358700e563978270724c0 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Oct 2018 10:18:07 +0200
Subject: [PATCH 32/48] tv backups: nomic-pull-querel-home @22:00

---
 tv/2configs/backup.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix
index 14d381568..f8de72d00 100644
--- a/tv/2configs/backup.nix
+++ b/tv/2configs/backup.nix
@@ -26,7 +26,7 @@ with import <stockholm/lib>;
       method = "pull";
       src = { host = config.krebs.hosts.querel; path = "/home"; };
       dst = { host = config.krebs.hosts.nomic; path = "/fs/ponyhof/bku/querel-home"; };
-      startAt = "00:00";
+      startAt = "22:00";
     };
     wu-home-xu = {
       method = "push";

From 5641a6ad03baccf299be6574193a37dd16e17137 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Oct 2018 23:48:20 +0200
Subject: [PATCH 33/48] tv: add 18.09 compatibility

---
 krebs/5pkgs/haskell/blessings.nix             | 23 +++++++++++++----
 krebs/5pkgs/haskell/email-header.nix          | 25 +++++++++++++++----
 tv/1systems/xu/config.nix                     |  1 -
 tv/2configs/xserver/default.nix               |  3 +++
 tv/3modules/charybdis/default.nix             |  2 +-
 .../5pkgs/compat/18.03}/pass-otp/default.nix  |  0
 .../5pkgs/compat/18.03}/pass/default.nix      |  0
 .../compat/18.03}/pass/no-darwin-getopt.patch |  0
 .../5pkgs/compat/18.03}/pass/rofi-pass.nix    |  0
 .../set-correct-program-name-for-sleep.patch  |  0
 tv/5pkgs/compat/default.nix                   |  1 +
 tv/5pkgs/default.nix                          | 12 +++++++++
 tv/5pkgs/simple/utsushi.nix                   |  1 +
 13 files changed, 56 insertions(+), 12 deletions(-)
 rename {krebs/5pkgs/simple => tv/5pkgs/compat/18.03}/pass-otp/default.nix (100%)
 rename {krebs/5pkgs/simple => tv/5pkgs/compat/18.03}/pass/default.nix (100%)
 rename {krebs/5pkgs/simple => tv/5pkgs/compat/18.03}/pass/no-darwin-getopt.patch (100%)
 rename {krebs/5pkgs/simple => tv/5pkgs/compat/18.03}/pass/rofi-pass.nix (100%)
 rename {krebs/5pkgs/simple => tv/5pkgs/compat/18.03}/pass/set-correct-program-name-for-sleep.patch (100%)
 create mode 100644 tv/5pkgs/compat/default.nix

diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix
index 8c52c5636..59c5b7984 100644
--- a/krebs/5pkgs/haskell/blessings.nix
+++ b/krebs/5pkgs/haskell/blessings.nix
@@ -1,11 +1,24 @@
-{ mkDerivation, base, fetchgit, stdenv }:
-mkDerivation rec {
+with import <stockholm/lib>;
+{ mkDerivation, base, fetchgit, stdenv }: let
+
+  cfg = {
+    "18.03" = {
+      version = "1.1.0";
+      sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
+    };
+    "18.09" = {
+      version = "1.2.0";
+      sha256 = "03hz43ixww0h4fwxqrlrlvmj3pxswhb50ijaapwjz8457il2r300";
+    };
+  }.${versions.majorMinor nixpkgsVersion};
+
+in mkDerivation {
   pname = "blessings";
-  version = "1.2.0";
+  version = cfg.version;
   src = fetchgit {
     url = http://cgit.ni.krebsco.de/blessings;
-    rev = "refs/tags/v${version}";
-    sha256 = "03hz43ixww0h4fwxqrlrlvmj3pxswhb50ijaapwjz8457il2r300";
+    rev = "refs/tags/v${cfg.version}";
+    sha256 = cfg.sha256;
   };
   libraryHaskellDepends = [ base ];
   doHaddock = false;
diff --git a/krebs/5pkgs/haskell/email-header.nix b/krebs/5pkgs/haskell/email-header.nix
index ba5a0e63e..4049168c1 100644
--- a/krebs/5pkgs/haskell/email-header.nix
+++ b/krebs/5pkgs/haskell/email-header.nix
@@ -1,14 +1,29 @@
+with import <stockholm/lib>;
 { mkDerivation, attoparsec, base, base64-bytestring, bytestring
 , case-insensitive, containers, exceptions, fetchgit, QuickCheck
 , stdenv, tasty, tasty-quickcheck, text, text-icu, time
-}:
-mkDerivation rec {
+}: let
+
+  cfg = {
+    "18.03" = {
+      version = "0.3.0";
+      rev = "7b179bd31192ead8afe7a0b6e34bcad4039deaa8";
+      sha256 = "12j2n3sbvzjnw99gga7kkdygm8n3qx2lh8q26ad6a53xm5whnz59";
+    };
+    "18.09" = {
+      version = "0.4.1-tv1";
+      rev = "refs/tags/v${cfg.version}";
+      sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
+    };
+  }.${versions.majorMinor nixpkgsVersion};
+
+in mkDerivation {
   pname = "email-header";
-  version = "0.4.1-tv1";
+  version = cfg.version;
   src = fetchgit {
     url = "https://github.com/4z3/email-header";
-    rev = "refs/tags/v${version}";
-    sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
+    rev = cfg.rev;
+    sha256 = cfg.sha256;
   };
   buildDepends = [
     attoparsec base base64-bytestring bytestring case-insensitive
diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix
index 24179cc3d..5421cab92 100644
--- a/tv/1systems/xu/config.nix
+++ b/tv/1systems/xu/config.nix
@@ -41,7 +41,6 @@ with import <stockholm/lib>;
         mkpasswd
         netcat
         netcup
-        nix-repl
         nmap
         p7zip
         pass
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index 96c59c6ac..892b7e3b8 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -41,6 +41,9 @@ in {
     # refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
     desktopManager.session = mkForce [];
 
+    displayManager.lightdm.enable = mkForce false;
+    displayManager.job.execCmd = mkForce "derp";
+
     enable = true;
     display = 11;
     tty = 11;
diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix
index e252f2e1d..62a7037e3 100644
--- a/tv/3modules/charybdis/default.nix
+++ b/tv/3modules/charybdis/default.nix
@@ -64,7 +64,7 @@ in {
         ExecStartPre =
           "${pkgs.coreutils}/bin/ln -s /etc/charybdis-ircd.motd /tmp/ircd.motd";
         ExecStart = toString [
-          "${pkgs.charybdis}/bin/charybdis-ircd"
+          "${pkgs.charybdis}/bin/charybdis"
             "-configfile ${import ./config.nix args}"
             "-foreground"
             "-logfile /dev/stderr"
diff --git a/krebs/5pkgs/simple/pass-otp/default.nix b/tv/5pkgs/compat/18.03/pass-otp/default.nix
similarity index 100%
rename from krebs/5pkgs/simple/pass-otp/default.nix
rename to tv/5pkgs/compat/18.03/pass-otp/default.nix
diff --git a/krebs/5pkgs/simple/pass/default.nix b/tv/5pkgs/compat/18.03/pass/default.nix
similarity index 100%
rename from krebs/5pkgs/simple/pass/default.nix
rename to tv/5pkgs/compat/18.03/pass/default.nix
diff --git a/krebs/5pkgs/simple/pass/no-darwin-getopt.patch b/tv/5pkgs/compat/18.03/pass/no-darwin-getopt.patch
similarity index 100%
rename from krebs/5pkgs/simple/pass/no-darwin-getopt.patch
rename to tv/5pkgs/compat/18.03/pass/no-darwin-getopt.patch
diff --git a/krebs/5pkgs/simple/pass/rofi-pass.nix b/tv/5pkgs/compat/18.03/pass/rofi-pass.nix
similarity index 100%
rename from krebs/5pkgs/simple/pass/rofi-pass.nix
rename to tv/5pkgs/compat/18.03/pass/rofi-pass.nix
diff --git a/krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch b/tv/5pkgs/compat/18.03/pass/set-correct-program-name-for-sleep.patch
similarity index 100%
rename from krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch
rename to tv/5pkgs/compat/18.03/pass/set-correct-program-name-for-sleep.patch
diff --git a/tv/5pkgs/compat/default.nix b/tv/5pkgs/compat/default.nix
new file mode 100644
index 000000000..0d1e61b3b
--- /dev/null
+++ b/tv/5pkgs/compat/default.nix
@@ -0,0 +1 @@
+self: super: {}
diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix
index 82474ade5..c5c800b55 100644
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@@ -33,4 +33,16 @@ foldl' mergeAttrs {}
   '';
 
   gnupg = self.gnupg22;
+
+  pass = {
+    "18.03" =
+      self.callPackage ./compat/18.03/pass {
+        pass-otp = self.callPackage ./compat/18.03/pass-otp {};
+      };
+    "18.09" =
+      super.pass.withExtensions (ext: [
+        ext.pass-otp
+      ]);
+  }.${versions.majorMinor nixpkgsVersion};
+
 }
diff --git a/tv/5pkgs/simple/utsushi.nix b/tv/5pkgs/simple/utsushi.nix
index 518c34ca0..e61dd188f 100644
--- a/tv/5pkgs/simple/utsushi.nix
+++ b/tv/5pkgs/simple/utsushi.nix
@@ -164,6 +164,7 @@ stdenv.mkDerivation rec {
   ;
 
   NIX_CFLAGS_COMPILE = [
+    "-Wno-error=deprecated-declarations"
     "-Wno-error=unused-variable"
   ];
 

From 43f5473ddc6dc1a26e1dd26085113e357274987a Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sat, 6 Oct 2018 21:49:36 +0200
Subject: [PATCH 34/48] l vim: remove unstable_nixpkgs hack

---
 lass/2configs/vim.nix | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index 823d9a8ca..f757e5044 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -2,12 +2,6 @@
 
 with import <stockholm/lib>;
 let
-  unstable_nixpkgs = import (pkgs.fetchFromGitHub {
-    owner = "NixOS";
-    repo = "nixpkgs";
-    rev = "a8c71037e041725d40fbf2f3047347b6833b1703";
-    sha256 = "1z4cchcw7qgjhy0x6mnz7iqvpswc2nfjpdynxc54zpm66khfrjqw";
-  }) {};
   out = {
     environment.systemPackages = [
       (hiPrio vim)
@@ -15,7 +9,7 @@ let
       (pkgs.writeDashBin "govet" ''
         go vet "$@"
       '')
-      (hiPrio (unstable_nixpkgs.python3.withPackages (ps: [
+      (hiPrio (pkgs.python3.withPackages (ps: [
         ps.python-language-server
         ps.pyls-isort
       ])))
@@ -135,7 +129,7 @@ let
     pkgs.vimPlugins.undotree
     pkgs.vimPlugins.vim-go
     pkgs.vimPlugins.fzf-vim
-    unstable_nixpkgs.vimPlugins.LanguageClient-neovim
+    pkgs.vimPlugins.LanguageClient-neovim
     (pkgs.vimUtils.buildVimPlugin {
       name = "file-line-1.0";
       src = pkgs.fetchFromGitHub {

From 0e0df32d9a84b5c79dab7e3ba47cb7bbe8a9ab0b Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sat, 6 Oct 2018 21:57:04 +0200
Subject: [PATCH 35/48] l games: remove (broken) dwarf fortress

---
 lass/2configs/games.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 81f53bf69..17c3cf3be 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -57,7 +57,6 @@ let
 
 in {
   environment.systemPackages = with pkgs; [
-    (dwarf-fortress.override { theme = dwarf-fortress-packages.phoebus-theme; })
     doom1
     doom2
     vdoom1

From 921473db45c83c192d3b72a7e326715b9652abbf Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sat, 6 Oct 2018 22:10:26 +0200
Subject: [PATCH 36/48] l mors.r: use stable nix

---
 lass/1systems/mors/config.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index d3fb441a8..6d65b58c2 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -144,7 +144,6 @@ with import <stockholm/lib>;
     OnCalendar = "00:37";
   };
 
-  nix.package = pkgs.nixUnstable;
   programs.adb.enable = true;
   users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
   virtualisation.docker.enable = true;

From 5962e2378a70c7a4f4bcee2131064b0f80f8ade3 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sat, 6 Oct 2018 22:32:40 +0200
Subject: [PATCH 37/48] l vim: remove flake8

---
 lass/2configs/vim.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index f757e5044..855c30b3e 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -5,7 +5,6 @@ let
   out = {
     environment.systemPackages = [
       (hiPrio vim)
-      pkgs.python35Packages.flake8
       (pkgs.writeDashBin "govet" ''
         go vet "$@"
       '')

From c61802ec9b8d979ea6d59f5299f3197f25186528 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sat, 6 Oct 2018 23:59:50 +0200
Subject: [PATCH 38/48] l xmonad: fix minimize with xmonad-contrib 0.15

---
 lass/5pkgs/custom/xmonad-lass/default.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix
index 3bff9d450..087d54eca 100644
--- a/lass/5pkgs/custom/xmonad-lass/default.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@@ -31,6 +31,7 @@ import XMonad.Actions.CycleWS (toggleWS)
 import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
 import XMonad.Actions.DynamicWorkspaces (withWorkspace)
 import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
+import XMonad.Actions.Minimize (minimizeWindow, maximizeWindow, withLastMinimized)
 import XMonad.Hooks.EwmhDesktops (ewmh)
 import XMonad.Hooks.FloatNext (floatNext)
 import XMonad.Hooks.FloatNext (floatNextHook)
@@ -39,7 +40,7 @@ import XMonad.Hooks.Place (placeHook, smart)
 import XMonad.Hooks.UrgencyHook (focusUrgent)
 import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
 import XMonad.Layout.FixedColumn (FixedColumn(..))
-import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
+import XMonad.Layout.Minimize (minimize)
 import XMonad.Layout.NoBorders (smartBorders)
 import XMonad.Layout.SimplestFloat (simplestFloat)
 import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
@@ -135,7 +136,7 @@ myKeyMap =
     , ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
 
     , ("M4-m", withFocused minimizeWindow)
-    , ("M4-S-m", sendMessage RestoreNextMinimizedWin)
+    , ("M4-S-m", withLastMinimized maximizeWindow)
 
     , ("M4-q", windowPromptGoto infixAutoXPConfig)
     , ("M4-C-q", windowPromptBringCopy infixAutoXPConfig)

From 4c2a785d220bc9069546ac3fbe0cdc08262534c9 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sun, 7 Oct 2018 00:06:50 +0200
Subject: [PATCH 39/48] buildbot: use dateutil

---
 krebs/5pkgs/simple/buildbot-classic/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix
index 665b36ab4..c127d2987 100644
--- a/krebs/5pkgs/simple/buildbot-classic/default.nix
+++ b/krebs/5pkgs/simple/buildbot-classic/default.nix
@@ -17,7 +17,7 @@ python2Packages.buildPythonApplication rec {
   propagatedBuildInputs = [
     python2Packages.jinja2
     python2Packages.twisted
-    python2Packages.dateutil_1_5
+    python2Packages.dateutil
     python2Packages.sqlalchemy_migrate
     python2Packages.pysqlite
     pkgs.coreutils

From 10597a47723ae3161ddd0cc1fda1bd4ed136ded8 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sun, 7 Oct 2018 00:39:21 +0200
Subject: [PATCH 40/48] j brauerei.r: force lightdm off

---
 jeschli/1systems/brauerei/config.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 0c01b7948..3ec2b5c27 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -119,6 +119,8 @@
     # Don't install feh into systemPackages
     # refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
     desktopManager.session = lib.mkForce [];
+    displayManager.lightdm.enable = lib.mkForce false;
+    displayManager.job.execCmd = lib.mkForce "derp";
 
     enable = true;
     display = 11;

From ea82a695cf7895bd607cec4b5b80f3f90e736ce1 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sun, 7 Oct 2018 00:22:41 +0200
Subject: [PATCH 41/48] l reaktor-coders: RIP rup

---
 lass/2configs/reaktor-coders.nix | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
index 44d8984d7..7cdcdf20c 100644
--- a/lass/2configs/reaktor-coders.nix
+++ b/lass/2configs/reaktor-coders.nix
@@ -63,24 +63,6 @@ with import <stockholm/lib>;
             -e "@kind $1"
         '';
       })
-      (buildSimpleReaktorPlugin "random-unicorn-porn" {
-        pattern = "^!rup$$";
-        script = pkgs.writePython2 "rup" {} ''
-          t1 = """
-                              _.
-                           ;=',_ ()
-                 8===D~~  S" .--`||
-                         sS  \__ ||
-                      __.' ( \-->||
-                   _=/    _./-\/ ||
-          8===D~~ ((\( /-'   -'l ||
-                   ) |/ \\      (_))
-                      \\  \\
-                       '~ '~
-          """
-          print(t1)
-        '';
-      })
       (buildSimpleReaktorPlugin "ping" {
         pattern = "^!ping (?P<args>.*)$$";
         script = pkgs.writeDash "ping" ''

From 999f9112ed1d045955384d7cc0b939aa1968aba4 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sun, 7 Oct 2018 12:09:32 +0200
Subject: [PATCH 42/48] repo-sync: remove deprecated isPy

---
 krebs/5pkgs/simple/repo-sync/default.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/krebs/5pkgs/simple/repo-sync/default.nix b/krebs/5pkgs/simple/repo-sync/default.nix
index 8393cd79f..66f220ba6 100644
--- a/krebs/5pkgs/simple/repo-sync/default.nix
+++ b/krebs/5pkgs/simple/repo-sync/default.nix
@@ -3,7 +3,6 @@
 with python3Packages; buildPythonPackage rec {
   name = "repo-sync-${version}";
   version = "0.2.7";
-  disabled = isPy26 || isPy27;
   propagatedBuildInputs = [
     docopt
     GitPython

From d6ee59430d800fe2cb14ab71143c3fba7bbf9089 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sun, 7 Oct 2018 15:09:15 +0200
Subject: [PATCH 43/48] add charybdis module until it's fixed in 18.09

---
 krebs/2configs/ircd.nix      |   2 +-
 krebs/3modules/charybdis.nix | 110 +++++++++++++++++++++++++++++++++++
 krebs/3modules/default.nix   |   1 +
 3 files changed, 112 insertions(+), 1 deletion(-)
 create mode 100644 krebs/3modules/charybdis.nix

diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 962dbf49c..65972aacc 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -5,7 +5,7 @@
     6667 6669
   ];
 
-  services.charybdis = {
+  krebs.charybdis = {
     enable = true;
     motd = ''
       hello
diff --git a/krebs/3modules/charybdis.nix b/krebs/3modules/charybdis.nix
new file mode 100644
index 000000000..f4a7c1313
--- /dev/null
+++ b/krebs/3modules/charybdis.nix
@@ -0,0 +1,110 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkEnableOption mkIf mkOption singleton types;
+  inherit (pkgs) coreutils charybdis;
+  cfg = config.krebs.charybdis;
+
+  configFile = pkgs.writeText "charybdis.conf" ''
+    ${cfg.config}
+  '';
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    krebs.charybdis = {
+
+      enable = mkEnableOption "Charybdis IRC daemon";
+
+      config = mkOption {
+        type = types.string;
+        description = ''
+          Charybdis IRC daemon configuration file.
+        '';
+      };
+
+      statedir = mkOption {
+        type = types.string;
+        default = "/var/lib/charybdis";
+        description = ''
+          Location of the state directory of charybdis.
+        '';
+      };
+
+      user = mkOption {
+        type = types.string;
+        default = "ircd";
+        description = ''
+          Charybdis IRC daemon user.
+        '';
+      };
+
+      group = mkOption {
+        type = types.string;
+        default = "ircd";
+        description = ''
+          Charybdis IRC daemon group.
+        '';
+      };
+
+      motd = mkOption {
+        type = types.nullOr types.lines;
+        default = null;
+        description = ''
+          Charybdis MOTD text.
+
+          Charybdis will read its MOTD from /etc/charybdis/ircd.motd .
+          If set, the value of this option will be written to this path.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable (lib.mkMerge [
+    {
+      users.users = singleton {
+        name = cfg.user;
+        description = "Charybdis IRC daemon user";
+        uid = config.ids.uids.ircd;
+        group = cfg.group;
+      };
+
+      users.groups = singleton {
+        name = cfg.group;
+        gid = config.ids.gids.ircd;
+      };
+
+      systemd.services.charybdis = {
+        description = "Charybdis IRC daemon";
+        wantedBy = [ "multi-user.target" ];
+        environment = {
+          BANDB_DBPATH = "${cfg.statedir}/ban.db";
+        };
+        serviceConfig = {
+          ExecStart   = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}";
+          Group = cfg.group;
+          User = cfg.user;
+          PermissionsStartOnly = true; # preStart needs to run with root permissions
+        };
+        preStart = ''
+          ${coreutils}/bin/mkdir -p ${cfg.statedir}
+          ${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.statedir}
+        '';
+      };
+
+    }
+    
+    (mkIf (cfg.motd != null) {
+      environment.etc."charybdis/ircd.motd".text = cfg.motd;
+    })
+  ]);
+}
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 6307649e3..dd682bf4d 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -14,6 +14,7 @@ let
       ./buildbot/master.nix
       ./buildbot/slave.nix
       ./build.nix
+      ./charybdis.nix
       ./ci.nix
       ./current.nix
       ./exim.nix

From ac7e2f7ebcb29fa5fa65e08be1c6cf41f98d60a9 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Oct 2018 16:37:06 +0200
Subject: [PATCH 44/48] tv: systemPackages += git-crypt

---
 tv/2configs/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 2ccab3d09..d9ddc90d0 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -143,6 +143,7 @@ with import <stockholm/lib>;
       environment.systemPackages = [
         pkgs.get
         pkgs.git
+        pkgs.git-crypt
         pkgs.git-preview
         pkgs.hashPassword
         pkgs.htop

From a19708a441ff7c7bb46131b83e9294890fe079b4 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Sun, 7 Oct 2018 16:42:45 +0200
Subject: [PATCH 45/48] j emacs: remove melpaPackages.mmm-mode

---
 jeschli/2configs/emacs.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix
index 3bd2dbfc4..5fc887477 100644
--- a/jeschli/2configs/emacs.nix
+++ b/jeschli/2configs/emacs.nix
@@ -67,7 +67,6 @@ let
   emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [
     epkgs.melpaPackages.evil
     epkgs.melpaStablePackages.magit
-    epkgs.melpaPackages.mmm-mode
     epkgs.melpaPackages.nix-mode
     epkgs.melpaPackages.go-mode
     epkgs.melpaPackages.google-this

From d92a2971d7c749a5ffa241e679f2e32008adf8c0 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sun, 7 Oct 2018 16:49:08 +0200
Subject: [PATCH 46/48] krops: init submodule

---
 .gitmodules      | 3 +++
 submodules/krops | 1 +
 2 files changed, 4 insertions(+)
 create mode 160000 submodules/krops

diff --git a/.gitmodules b/.gitmodules
index c96fec739..f35a9250d 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,6 @@
 [submodule "submodules/nix-writers"]
 	path = submodules/nix-writers
 	url = http://cgit.krebsco.de/nix-writers
+[submodule "submodules/krops"]
+	path = submodules/krops
+	url = https://cgit.krebsco.de/krops
diff --git a/submodules/krops b/submodules/krops
new file mode 160000
index 000000000..e2b296542
--- /dev/null
+++ b/submodules/krops
@@ -0,0 +1 @@
+Subproject commit e2b29654251367545700154ffbac806705dd04c0

From 4c73914d128e8d5b36a0644834db7cbd09be7434 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sun, 7 Oct 2018 17:08:01 +0200
Subject: [PATCH 47/48] krops: import from submodules

---
 krebs/krops.nix  | 5 +----
 makefu/krops.nix | 5 +----
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/krebs/krops.nix b/krebs/krops.nix
index 864cc8066..89354c1ea 100644
--- a/krebs/krops.nix
+++ b/krebs/krops.nix
@@ -1,9 +1,6 @@
 { name }: rec {
 
-  krops = builtins.fetchGit {
-    url = https://cgit.krebsco.de/krops/;
-    rev = "c46166d407c7d246112f13346621a3fbdb25889e";
-  };
+  krops = ../submodules/krops;
 
   lib = import "${krops}/lib";
 
diff --git a/makefu/krops.nix b/makefu/krops.nix
index ddb4afece..4f55915af 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -1,8 +1,5 @@
 { config ? config, name, target ? name }: let
-  krops = builtins.fetchGit {
-    url = https://cgit.krebsco.de/krops/;
-    rev = "4e466eaf05861b47365c5ef46a31a188b70f3615";
-  };
+  krops = ../submodules/krops;
   nixpkgs-src = lib.importJSON ./nixpkgs.json;
 
   lib = import "${krops}/lib";

From 6b08d5aa46adc80d8a1ab4ed1d3e320c61a19f01 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Sun, 7 Oct 2018 20:57:53 +0200
Subject: [PATCH 48/48] remove nin

---
 krebs/3modules/default.nix                  |   1 -
 krebs/3modules/nin/default.nix              | 111 ------
 lass/1systems/prism/config.nix              |   8 -
 nin/0tests/dummysecrets/hashedPasswords.nix |   1 -
 nin/0tests/dummysecrets/ssh.id_ed25519      |   0
 nin/1systems/axon/config.nix                | 132 --------
 nin/1systems/hiawatha/config.nix            | 126 -------
 nin/1systems/onondaga/config.nix            |  23 --
 nin/2configs/ableton.nix                    |  20 --
 nin/2configs/copyq.nix                      |  38 ---
 nin/2configs/default.nix                    | 173 ----------
 nin/2configs/games.nix                      |  70 ----
 nin/2configs/git.nix                        |  60 ----
 nin/2configs/im.nix                         |  19 --
 nin/2configs/retiolum.nix                   |  28 --
 nin/2configs/skype.nix                      |  27 --
 nin/2configs/termite.nix                    |  22 --
 nin/2configs/vim.nix                        | 355 --------------------
 nin/2configs/weechat.nix                    |  21 --
 nin/default.nix                             |   7 -
 nin/krops.nix                               |  35 --
 21 files changed, 1277 deletions(-)
 delete mode 100644 krebs/3modules/nin/default.nix
 delete mode 100644 nin/0tests/dummysecrets/hashedPasswords.nix
 delete mode 100644 nin/0tests/dummysecrets/ssh.id_ed25519
 delete mode 100644 nin/1systems/axon/config.nix
 delete mode 100644 nin/1systems/hiawatha/config.nix
 delete mode 100644 nin/1systems/onondaga/config.nix
 delete mode 100644 nin/2configs/ableton.nix
 delete mode 100644 nin/2configs/copyq.nix
 delete mode 100644 nin/2configs/default.nix
 delete mode 100644 nin/2configs/games.nix
 delete mode 100644 nin/2configs/git.nix
 delete mode 100644 nin/2configs/im.nix
 delete mode 100644 nin/2configs/retiolum.nix
 delete mode 100644 nin/2configs/skype.nix
 delete mode 100644 nin/2configs/termite.nix
 delete mode 100644 nin/2configs/vim.nix
 delete mode 100644 nin/2configs/weechat.nix
 delete mode 100644 nin/default.nix
 delete mode 100644 nin/krops.nix

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index dd682bf4d..8f2e22acf 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -112,7 +112,6 @@ let
     { krebs = import ./krebs  { inherit config; }; }
     { krebs = import ./lass   { inherit config; }; }
     { krebs = import ./makefu { inherit config; }; }
-    { krebs = import ./nin    { inherit config; }; }
     { krebs = import ./tv     { inherit config; }; }
     {
       krebs.dns.providers = {
diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
deleted file mode 100644
index 1531a2c89..000000000
--- a/krebs/3modules/nin/default.nix
+++ /dev/null
@@ -1,111 +0,0 @@
-{ config, ... }:
-
-with import <stockholm/lib>;
-
-{
-  hosts = mapAttrs (_: recursiveUpdate {
-    owner = config.krebs.users.nin;
-    ci = true;
-  }) {
-    hiawatha = {
-      cores = 2;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.132.96";
-          ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
-          aliases = [
-            "hiawatha.r"
-          ];
-          tinc.pubkey = ''
-            -----BEGIN RSA PUBLIC KEY-----
-            MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o
-            Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB
-            iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E
-            UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr
-            lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ
-            yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB
-            -----END RSA PUBLIC KEY-----
-          '';
-        };
-      };
-      ssh.privkey.path = <secrets/ssh.id_ed25519>;
-      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
-    };
-     axon= {
-      cores = 2;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.134.66";
-          ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
-          aliases = [
-            "axon.r"
-          ];
-          tinc.pubkey = ''
-          -----BEGIN RSA PUBLIC KEY-----
-          MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
-          glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
-          KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
-          L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
-          VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
-          PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
-          X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
-          m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
-          OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
-          LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
-          /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
-          MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
-          7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
-          ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
-          1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
-          29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
-          4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
-          FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
-          buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
-          hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
-          yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
-          ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
-          -----END RSA PUBLIC KEY-----
-          '';
-        };
-      };
-      ssh.privkey.path = <secrets/ssh.id_ed25519>;
-      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
-    };
-    onondaga = {
-      cores = 1;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.132.55";
-          ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357";
-          aliases = [
-            "onondaga.r"
-            "cgit.onondaga.r"
-          ];
-          tinc.pubkey = ''
-            -----BEGIN RSA PUBLIC KEY-----
-            MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR
-            OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu
-            htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH
-            xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO
-            kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn
-            hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB
-            -----END RSA PUBLIC KEY-----
-          '';
-        };
-      };
-      ssh.privkey.path = <secrets/ssh.id_ed25519>;
-      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO";
-    };
-
-  };
-  users = {
-    nin = {
-      mail = "nin@axon.r";
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
-    };
-    nin_h = {
-      mail = "nin@hiawatha.r";
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
-    };
-  };
-}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index bf7de6fc5..808f35b24 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -57,13 +57,6 @@ with import <stockholm/lib>;
           config.krebs.users.makefu.pubkey
         ];
       };
-      users.users.nin = {
-        uid = genid "nin";
-        isNormalUser = true;
-        openssh.authorizedKeys.keys = [
-          config.krebs.users.nin.pubkey
-        ];
-      };
       users.extraUsers.dritter = {
         uid = genid "dritter";
         isNormalUser = true;
@@ -119,7 +112,6 @@ with import <stockholm/lib>;
           services.openssh.enable = true;
           users.users.root.openssh.authorizedKeys.keys = [
             config.krebs.users.lass.pubkey
-            config.krebs.users.nin.pubkey
           ];
         };
         autoStart = true;
diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix
deleted file mode 100644
index 0967ef424..000000000
--- a/nin/0tests/dummysecrets/hashedPasswords.nix
+++ /dev/null
@@ -1 +0,0 @@
-{}
diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519
deleted file mode 100644
index e69de29bb..000000000
diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix
deleted file mode 100644
index 5e81afdbd..000000000
--- a/nin/1systems/axon/config.nix
+++ /dev/null
@@ -1,132 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
-  imports = [
-    <stockholm/nin>
-    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
-    #../2configs/copyq.nix
-    <stockholm/nin/2configs/ableton.nix>
-    <stockholm/nin/2configs/games.nix>
-    <stockholm/nin/2configs/git.nix>
-    <stockholm/nin/2configs/retiolum.nix>
-    <stockholm/nin/2configs/termite.nix>
-  ];
-
-  krebs.build.host = config.krebs.hosts.axon;
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/pool/root";
-      fsType = "ext4";
-    };
-
-  fileSystems."/tmp" =
-    { device = "tmpfs";
-      fsType = "tmpfs";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/sda1";
-      fsType = "ext2";
-    };
-
-  boot.initrd.luks.devices.crypted.device = "/dev/sda2";
-  boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
-
-  swapDevices = [ ];
-
-  nix.maxJobs = lib.mkDefault 4;
-  # Use the GRUB 2 boot loader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  # Define on which hard drive you want to install Grub.
-  boot.loader.grub.device = "/dev/sda";
-
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-
-  # Enable CUPS to print documents.
-  # services.printing.enable = true;
-
-  # nin config
-  time.timeZone = "Europe/Berlin";
-  services.xserver = {
-    enable = true;
-
-    displayManager.lightdm.enable = true;
-  };
-
-  networking.networkmanager.enable = true;
-  #networking.wireless.enable = true;
-
-  hardware.pulseaudio = {
-    enable = true;
-    systemWide = true;
-  };
-
-  hardware.bluetooth.enable = true;
-
-  hardware.opengl.driSupport32Bit = true;
-
-  #nixpkgs.config.steam.java = true;
-
-  environment.systemPackages = with pkgs; [
-    atom
-    chromium
-    firefox
-    git
-    htop
-    keepassx
-    lmms
-    networkmanagerapplet
-    openvpn
-    python
-    ruby
-    steam
-    taskwarrior
-    thunderbird
-    vim
-    virtmanager
-  ];
-
-  nixpkgs.config = {
-
-    allowUnfree = true;
-
-  };
-
-  #services.logind.extraConfig = "HandleLidSwitch=ignore";
-
-  services.xserver.synaptics = {
-    enable = true;
-  };
-
-  services.xserver.displayManager.sessionCommands = ''
-    ${pkgs.xorg.xhost}/bin/xhost + local:
-  '';
-
-  services.xserver.desktopManager.xfce = let
-    xbindConfig = pkgs.writeText "xbindkeysrc" ''
-      "${pkgs.pass}/bin/passmenu --type"
-        Control + p
-  '';
-  in {
-  enable = true;
-      extraSessionCommands = ''
-      ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
-    '';
-  };
-
- # The NixOS release to be compatible with for stateful data such as databases.
-  system.stateVersion = "17.03";
-
-}
diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix
deleted file mode 100644
index a09eed958..000000000
--- a/nin/1systems/hiawatha/config.nix
+++ /dev/null
@@ -1,126 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
-  imports = [
-    <stockholm/nin>
-    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
-    #../2configs/copyq.nix
-    <stockholm/nin/2configs/games.nix>
-    <stockholm/nin/2configs/git.nix>
-    <stockholm/nin/2configs/retiolum.nix>
-    <stockholm/nin/2configs/termite.nix>
-  ];
-
-  krebs.build.host = config.krebs.hosts.hiawatha;
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/b83f8830-84f3-4282-b10e-015c4b76bd9e";
-      fsType = "ext4";
-    };
-
-  fileSystems."/tmp" =
-    { device = "tmpfs";
-      fsType = "tmpfs";
-    };
-
-  fileSystems."/home" =
-    { device = "/dev/fam/home";
-    };
-
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/2f319b08-2560-401d-b53c-2abd28f1a010";
-      fsType = "ext2";
-    };
-
-  boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
-  boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
-
-  swapDevices = [ ];
-
-  nix.maxJobs = lib.mkDefault 4;
-  # Use the GRUB 2 boot loader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  # Define on which hard drive you want to install Grub.
-  boot.loader.grub.device = "/dev/sda";
-
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-
-  # Enable CUPS to print documents.
-  # services.printing.enable = true;
-
-  fileSystems."/home/nin/.local/share/Steam" = {
-    device = "/dev/fam/steam";
-  };
-
-  # nin config
-  time.timeZone = "Europe/Berlin";
-  services.xserver.enable = true;
-
-  networking.networkmanager.enable = true;
-  #networking.wireless.enable = true;
-
-  hardware.pulseaudio = {
-    enable = true;
-    systemWide = true;
-  };
-
-  hardware.bluetooth.enable = true;
-
-  hardware.opengl.driSupport32Bit = true;
-
-  #nixpkgs.config.steam.java = true;
-
-  environment.systemPackages = with pkgs; [
-    firefox
-    git
-    lmms
-    networkmanagerapplet
-    python
-    steam
-    thunderbird
-    vim
-    virtmanager
-  ];
-
-  nixpkgs.config = {
-
-    allowUnfree = true;
-
-  };
-
-  #services.logind.extraConfig = "HandleLidSwitch=ignore";
-
-  services.xserver.synaptics = {
-    enable = true;
-  };
-
-
-  services.xserver.desktopManager.xfce = let
-    xbindConfig = pkgs.writeText "xbindkeysrc" ''
-      "${pkgs.pass}/bin/passmenu --type"
-        Control + p
-  '';
-  in {
-    enable = true;
-      extraSessionCommands = ''
-      ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
-    '';
-  };
-
- # The NixOS release to be compatible with for stateful data such as databases.
-  system.stateVersion = "17.03";
-
-}
diff --git a/nin/1systems/onondaga/config.nix b/nin/1systems/onondaga/config.nix
deleted file mode 100644
index 3cd0773ae..000000000
--- a/nin/1systems/onondaga/config.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, lib, pkgs, ... }:
-
-{
-  imports = [
-    <stockholm/nin>
-    <stockholm/nin/2configs/retiolum.nix>
-    <stockholm/nin/2configs/weechat.nix>
-    <stockholm/nin/2configs/git.nix>
-  ];
-
-  krebs.build.host = config.krebs.hosts.onondaga;
-
-  boot.isContainer = true;
-  networking.useDHCP = false;
-
-  time.timeZone = "Europe/Amsterdam";
-
-  services.openssh.enable = true;
-}
diff --git a/nin/2configs/ableton.nix b/nin/2configs/ableton.nix
deleted file mode 100644
index 343a9089d..000000000
--- a/nin/2configs/ableton.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ config, pkgs, ... }: let
-  mainUser = config.users.extraUsers.nin;
-in {
-  users.users= {
-    ableton = {
-      isNormalUser = true;
-      extraGroups = [
-        "audio"
-        "video"
-      ];
-      packages = [
-        pkgs.wine
-        pkgs.winetricks
-      ];
-    };
-  };
-  security.sudo.extraConfig = ''
-    ${mainUser.name} ALL=(ableton) NOPASSWD: ALL
-  '';
-}
diff --git a/nin/2configs/copyq.nix b/nin/2configs/copyq.nix
deleted file mode 100644
index 0616c4025..000000000
--- a/nin/2configs/copyq.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-let
-  copyqConfig = pkgs.writeDash "copyq-config" ''
-    ${pkgs.copyq}/bin/copyq config check_clipboard true
-    ${pkgs.copyq}/bin/copyq config check_selection true
-    ${pkgs.copyq}/bin/copyq config copy_clipboard true
-    ${pkgs.copyq}/bin/copyq config copy_selection true
-
-    ${pkgs.copyq}/bin/copyq config activate_closes true
-    ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
-    ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
-    ${pkgs.copyq}/bin/copyq config disable_tray true
-    ${pkgs.copyq}/bin/copyq config hide_tabs true
-    ${pkgs.copyq}/bin/copyq config hide_toolbar true
-    ${pkgs.copyq}/bin/copyq config item_popup_interval true
-    ${pkgs.copyq}/bin/copyq config maxitems 1000
-    ${pkgs.copyq}/bin/copyq config move true
-    ${pkgs.copyq}/bin/copyq config text_wrap true
-  '';
-in {
-  systemd.user.services.copyq = {
-    after = [ "graphical.target" ];
-    wants = [ "graphical.target" ];
-    wantedBy = [ "default.target" ];
-    environment = {
-      DISPLAY = ":0";
-    };
-    serviceConfig = {
-      SyslogIdentifier = "copyq";
-      ExecStart = "${pkgs.copyq}/bin/copyq";
-      ExecStartPost = copyqConfig;
-      Restart = "always";
-      RestartSec = "2s";
-      StartLimitBurst = 0;
-    };
-  };
-}
diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix
deleted file mode 100644
index 62f499a2d..000000000
--- a/nin/2configs/default.nix
+++ /dev/null
@@ -1,173 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-{
-  imports = [
-    ../2configs/vim.nix
-    <stockholm/krebs/2configs/binary-cache/nixos.nix>
-    <stockholm/krebs/2configs/binary-cache/prism.nix>
-    {
-      users.extraUsers =
-        mapAttrs (_: h: { hashedPassword = h; })
-                 (import <secrets/hashedPasswords.nix>);
-    }
-    {
-      users.users = {
-        root = {
-          openssh.authorizedKeys.keys = [
-            config.krebs.users.nin.pubkey
-            config.krebs.users.nin_h.pubkey
-          ];
-        };
-        nin = {
-          name = "nin";
-          uid = 1337;
-          home = "/home/nin";
-          group = "users";
-          createHome = true;
-          useDefaultShell = true;
-          extraGroups = [
-            "audio"
-            "fuse"
-          ];
-          openssh.authorizedKeys.keys = [
-            config.krebs.users.nin.pubkey
-            config.krebs.users.nin_h.pubkey
-          ];
-        };
-      };
-    }
-    {
-      environment.variables = {
-        NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
-      };
-    }
-    (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in {
-      environment.variables = {
-        CURL_CA_BUNDLE = ca-bundle;
-        GIT_SSL_CAINFO = ca-bundle;
-        SSL_CERT_FILE = ca-bundle;
-      };
-    })
-  ];
-
-  networking.hostName = config.krebs.build.host.name;
-  nix.maxJobs = config.krebs.build.host.cores;
-
-  krebs = {
-    enable = true;
-    search-domain = "r";
-    build = {
-      user = config.krebs.users.nin;
-    };
-  };
-
-  nix.useSandbox = true;
-
-  users.mutableUsers = false;
-
-  services.timesyncd.enable = true;
-
-  #why is this on in the first place?
-  services.nscd.enable = false;
-
-  boot.tmpOnTmpfs = true;
-  # see tmpfiles.d(5)
-  systemd.tmpfiles.rules = [
-    "d /tmp 1777 root root - -"
-  ];
-
-  # multiple-definition-problem when defining environment.variables.EDITOR
-  environment.extraInit = ''
-    EDITOR=vim
-  '';
-
-  nixpkgs.config.allowUnfree = true;
-
-  environment.shellAliases = {
-    gs = "git status";
-  };
-
-  environment.systemPackages = with pkgs; [
-  #stockholm
-    git
-    gnumake
-    jq
-    proot
-    pavucontrol
-    populate
-    p7zip
-    termite
-    unzip
-    unrar
-    hashPassword
-  ];
-
-  programs.bash = {
-    enableCompletion = true;
-    interactiveShellInit = ''
-      HISTCONTROL='erasedups:ignorespace'
-      HISTSIZE=65536
-      HISTFILESIZE=$HISTSIZE
-
-      shopt -s checkhash
-      shopt -s histappend histreedit histverify
-      shopt -s no_empty_cmd_completion
-      complete -d cd
-    '';
-    promptInit = ''
-      if test $UID = 0; then
-        PS1='\[\033[1;31m\]$PWD\[\033[0m\] '
-      elif test $UID = 1337; then
-        PS1='\[\033[1;32m\]$PWD\[\033[0m\] '
-      else
-        PS1='\[\033[1;33m\]\u@$PWD\[\033[0m\] '
-      fi
-      if test -n "$SSH_CLIENT"; then
-        PS1='\[\033[35m\]\h'" $PS1"
-      fi
-    '';
-  };
-
-  services.openssh = {
-    enable = true;
-    hostKeys = [
-      # XXX bits here make no science
-      { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
-    ];
-  };
-
-  services.journald.extraConfig = ''
-    SystemMaxUse=1G
-    RuntimeMaxUse=128M
-  '';
-
-  krebs.iptables = {
-    enable = true;
-    tables = {
-      nat.PREROUTING.rules = [
-        { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
-        { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
-      ];
-      nat.OUTPUT.rules = [
-        { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
-      ];
-      filter.INPUT.policy = "DROP";
-      filter.FORWARD.policy = "DROP";
-      filter.INPUT.rules = [
-        { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
-        { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
-        { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false;  precedence = 10000; }
-        { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
-        { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
-        { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
-        { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
-        { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
-      ];
-    };
-  };
-
-  networking.dhcpcd.extraConfig = ''
-    noipv4ll
-  '';
-}
diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix
deleted file mode 100644
index 15e17238d..000000000
--- a/nin/2configs/games.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  mainUser = config.users.extraUsers.mainUser;
-  vdoom = pkgs.writeDash "vdoom" ''
-    ${pkgs.zandronum}/bin/zandronum \
-      -fov 120 \
-      "$@"
-  '';
-  doom = pkgs.writeDash "doom" ''
-    DOOM_DIR=''${DOOM_DIR:-~/doom/}
-    ${vdoom} \
-      -file $DOOM_DIR/lib/brutalv20.pk3 \
-      "$@"
-  '';
-  doom1 = pkgs.writeDashBin "doom1" ''
-    DOOM_DIR=''${DOOM_DIR:-~/doom/}
-    ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
-  '';
-  doom2 = pkgs.writeDashBin "doom2" ''
-    DOOM_DIR=''${DOOM_DIR:-~/doom/}
-    ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
-  '';
-  vdoom1 = pkgs.writeDashBin "vdoom1" ''
-    DOOM_DIR=''${DOOM_DIR:-~/doom/}
-    ${vdoom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
-  '';
-  vdoom2 = pkgs.writeDashBin "vdoom2" ''
-    DOOM_DIR=''${DOOM_DIR:-~/doom/}
-    ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
-  '';
-
-  doomservercfg = pkgs.writeText "doomserver.cfg" ''
-    skill 7
-    #survival true
-    #sv_maxlives 4
-    #sv_norespawn true
-    #sv_weapondrop true
-    no_jump true
-    #sv_noweaponspawn true
-    sv_sharekeys true
-    sv_survivalcountdowntime 1
-    sv_noteamselect true
-    sv_updatemaster false
-    #sv_coop_loseinventory true
-    #cl_startasspectator false
-    #lms_spectatorview false
-  '';
-
-  vdoomserver = pkgs.writeDashBin "vdoomserver" ''
-    DOOM_DIR=''${DOOM_DIR:-~/doom/}
-
-    ${pkgs.zandronum}/bin/zandronum-server \
-    +exec ${doomservercfg} \
-    "$@"
-  '';
-
-in {
-  environment.systemPackages = with pkgs; [
-    dwarf_fortress
-    doom1
-    doom2
-    vdoom1
-    vdoom2
-    vdoomserver
-  ];
-
-  hardware.pulseaudio.support32Bit = true;
-
-}
diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix
deleted file mode 100644
index aed4a9f48..000000000
--- a/nin/2configs/git.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
-
-  out = {
-    services.nginx.enable = true;
-    krebs.git = {
-      enable = true;
-      cgit = {
-        settings = {
-          root-title = "public repositories at ${config.krebs.build.host.name}";
-          root-desc = "keep calm and engage";
-        };
-      };
-      repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
-      rules = rules;
-    };
-
-    krebs.iptables.tables.filter.INPUT.rules = [
-      { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
-    ];
-  };
-
-  repos = public-repos;
-
-  rules = concatMap make-rules (attrValues repos);
-
-  public-repos = mapAttrs make-public-repo {
-    stockholm = {
-      cgit.desc = "take all the computers hostage, they'll love you!";
-    };
-  };
-
-  make-public-repo = name: { cgit ? {}, ... }: {
-    inherit cgit name;
-    public = true;
-  };
-
-  make-rules =
-    with git // config.krebs.users;
-    repo:
-      singleton {
-        user = [ nin nin_h ];
-        repo = [ repo ];
-        perm = push "refs/*" [ non-fast-forward create delete merge ];
-      } ++
-      optional repo.public {
-        user = attrValues config.krebs.users;
-        repo = [ repo ];
-        perm = fetch;
-      } ++
-      optional (length (repo.collaborators or []) > 0) {
-        user = repo.collaborators;
-        repo = [ repo ];
-        perm = fetch;
-      };
-
-in out
diff --git a/nin/2configs/im.nix b/nin/2configs/im.nix
deleted file mode 100644
index b078dbd53..000000000
--- a/nin/2configs/im.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-{
-  environment.systemPackages = with pkgs; [
-    (pkgs.writeDashBin "im" ''
-      export PATH=${makeSearchPath "bin" (with pkgs; [
-        tmux
-        gnugrep
-        weechat
-      ])}
-      ssh chat@onondaga
-      if tmux list-sessions -F\#S | grep -q '^im''$'; then
-        exec tmux attach -t im
-      else
-        exec tmux new -s im weechat
-      fi
-    '')
-  ];
-}
diff --git a/nin/2configs/retiolum.nix b/nin/2configs/retiolum.nix
deleted file mode 100644
index 821e3cc00..000000000
--- a/nin/2configs/retiolum.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ ... }:
-
-{
-
-  krebs.iptables = {
-    tables = {
-      filter.INPUT.rules = [
-        { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; }
-        { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
-        { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
-      ];
-    };
-  };
-
-  krebs.tinc.retiolum = {
-    enable = true;
-    connectTo = [
-      "prism"
-      "pigstarter"
-      "gum"
-      "flap"
-    ];
-  };
-
-  nixpkgs.config.packageOverrides = pkgs: {
-    tinc = pkgs.tinc_pre;
-  };
-}
diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix
deleted file mode 100644
index 621dfae82..000000000
--- a/nin/2configs/skype.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  mainUser = config.users.extraUsers.nin;
-  inherit (import <stockholm/lib>) genid;
-
-in {
-  users.extraUsers = {
-    skype = {
-      name = "skype";
-      uid = genid "skype";
-      description = "user for running skype";
-      home = "/home/skype";
-      useDefaultShell = true;
-      extraGroups = [ "audio" "video" ];
-      createHome = true;
-    };
-  };
-
-  krebs.per-user.skype.packages = [
-    pkgs.skype
-  ];
-
-  security.sudo.extraConfig = ''
-    ${mainUser.name} ALL=(skype) NOPASSWD: ALL
-  '';
-}
diff --git a/nin/2configs/termite.nix b/nin/2configs/termite.nix
deleted file mode 100644
index 942446b01..000000000
--- a/nin/2configs/termite.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  environment.systemPackages = [
-    pkgs.termite
-  ];
-
-  krebs.per-user.nin.packages = let
-    termitecfg = pkgs.writeTextFile {
-      name = "termite-config";
-      destination = "/etc/xdg/termite/config";
-      text = ''
-        [colors]
-        foreground = #d0d7d0
-        background = #000000
-      '';
-    };
-  in [
-    termitecfg
-  ];
-
-}
diff --git a/nin/2configs/vim.nix b/nin/2configs/vim.nix
deleted file mode 100644
index 7b5d37611..000000000
--- a/nin/2configs/vim.nix
+++ /dev/null
@@ -1,355 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
-  out = {
-    environment.systemPackages = [
-      vim
-      pkgs.pythonPackages.flake8
-    ];
-
-    environment.etc.vimrc.source = vimrc;
-
-    environment.variables.EDITOR = mkForce "vim";
-    environment.variables.VIMINIT = ":so /etc/vimrc";
-  };
-
-  vimrc = pkgs.writeText "vimrc" ''
-    set nocompatible
-
-    set autoindent
-    set backspace=indent,eol,start
-    set backup
-    set backupdir=${dirs.backupdir}/
-    set directory=${dirs.swapdir}//
-    set hlsearch
-    set incsearch
-    set laststatus=2
-    set mouse=a
-    set noruler
-    set pastetoggle=<INS>
-    set runtimepath=${extra-runtimepath},$VIMRUNTIME
-    set shortmess+=I
-    set showcmd
-    set showmatch
-    set ttimeoutlen=0
-    set undodir=${dirs.undodir}
-    set undofile
-    set undolevels=1000000
-    set undoreload=1000000
-    set viminfo='20,<1000,s100,h,n${files.viminfo}
-    set visualbell
-    set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
-    set wildmenu
-    set wildmode=longest,full
-
-    set et ts=2 sts=2 sw=2
-
-    filetype plugin indent on
-
-    set t_Co=256
-    colorscheme hack
-    syntax on
-
-    au Syntax * syn match Garbage containedin=ALL /\s\+$/
-            \ | syn match TabStop containedin=ALL /\t\+/
-            \ | syn keyword Todo containedin=ALL TODO
-
-    au BufRead,BufNewFile *.hs so ${hs.vim}
-
-    au BufRead,BufNewFile *.nix so ${nix.vim}
-
-    au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
-
-    "Syntastic config
-    let g:syntastic_python_checkers=['flake8']
-
-    nmap <esc>q :buffer 
-    nmap <M-q> :buffer 
-
-    cnoremap <C-A> <Home>
-
-    noremap  <C-c> :q<cr>
-    vnoremap < <gv
-    vnoremap > >gv
-
-    nnoremap <esc>[5^  :tabp<cr>
-    nnoremap <esc>[6^  :tabn<cr>
-    nnoremap <esc>[5@  :tabm -1<cr>
-    nnoremap <esc>[6@  :tabm +1<cr>
-
-    nnoremap <f1> :tabp<cr>
-    nnoremap <f2> :tabn<cr>
-    inoremap <f1> <esc>:tabp<cr>
-    inoremap <f2> <esc>:tabn<cr>
-
-    " <C-{Up,Down,Right,Left>
-    noremap <esc>Oa <nop> | noremap! <esc>Oa <nop>
-    noremap <esc>Ob <nop> | noremap! <esc>Ob <nop>
-    noremap <esc>Oc <nop> | noremap! <esc>Oc <nop>
-    noremap <esc>Od <nop> | noremap! <esc>Od <nop>
-    " <[C]S-{Up,Down,Right,Left>
-    noremap <esc>[a <nop> | noremap! <esc>[a <nop>
-    noremap <esc>[b <nop> | noremap! <esc>[b <nop>
-    noremap <esc>[c <nop> | noremap! <esc>[c <nop>
-    noremap <esc>[d <nop> | noremap! <esc>[d <nop>
-    vnoremap u <nop>
-  '';
-
-  extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
-    pkgs.vimPlugins.Syntastic
-    pkgs.vimPlugins.undotree
-    pkgs.vimPlugins.airline
-    (pkgs.vimUtils.buildVimPlugin {
-      name = "file-line-1.0";
-      src = pkgs.fetchgit {
-        url = git://github.com/bogado/file-line;
-        rev = "refs/tags/1.0";
-        sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
-      };
-    })
-    ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
-      name = "hack";
-    in {
-      name = "vim-color-${name}-1.0.2";
-      destination = "/colors/${name}.vim";
-      text = /* vim */ ''
-        set background=dark
-        hi clear
-        if exists("syntax_on")
-          syntax clear
-        endif
-
-        let colors_name = ${toJSON name}
-
-        hi Normal       ctermbg=235
-        hi Comment      ctermfg=242
-        hi Constant     ctermfg=062
-        hi Identifier   ctermfg=068
-        hi Function     ctermfg=041
-        hi Statement    ctermfg=167
-        hi PreProc      ctermfg=167
-        hi Type         ctermfg=041
-        hi Delimiter    ctermfg=251
-        hi Special      ctermfg=062
-
-        hi Garbage      ctermbg=088
-        hi TabStop      ctermbg=016
-        hi Todo         ctermfg=174 ctermbg=NONE
-
-        hi NixCode      ctermfg=148
-        hi NixData      ctermfg=149
-        hi NixQuote     ctermfg=150
-
-        hi diffNewFile  ctermfg=207
-        hi diffFile     ctermfg=207
-        hi diffLine     ctermfg=207
-        hi diffSubname  ctermfg=207
-        hi diffAdded    ctermfg=010
-        hi diffRemoved  ctermfg=009
-      '';
-    })))
-    ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
-      name = "vim";
-    in {
-      name = "vim-syntax-${name}-1.0.0";
-      destination = "/syntax/${name}.vim";
-      text = /* vim */ ''
-        ${concatMapStringsSep "\n" (s: /* vim */ ''
-          syn keyword vimColor${s} ${s}
-            \ containedin=ALLBUT,vimComment,vimLineComment
-          hi vimColor${s} ctermfg=${s}
-        '') (map (i: lpad 3 "0" (toString i)) (range 0 255))}
-      '';
-    })))
-    ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
-      name = "showsyntax";
-    in {
-      name = "vim-plugin-${name}-1.0.0";
-      destination = "/plugin/${name}.vim";
-      text = /* vim */ ''
-        if exists('g:loaded_showsyntax')
-          finish
-        endif
-        let g:loaded_showsyntax = 0
-
-        fu! ShowSyntax()
-          let id = synID(line("."), col("."), 1)
-          let name = synIDattr(id, "name")
-          let transName = synIDattr(synIDtrans(id),"name")
-          if name != transName
-            let name .= " (" . transName . ")"
-          endif
-          echo "Syntax: " . name
-        endfu
-
-        command! -n=0 -bar ShowSyntax :call ShowSyntax()
-      '';
-    })))
-  ];
-
-  dirs = {
-    backupdir = "$HOME/.cache/vim/backup";
-    swapdir   = "$HOME/.cache/vim/swap";
-    undodir   = "$HOME/.cache/vim/undo";
-  };
-  files = {
-    viminfo   = "$HOME/.cache/vim/info";
-  };
-
-  mkdirs = let
-    dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s));
-               in assert out != ""; out;
-    alldirs = attrValues dirs ++ map dirOf (attrValues files);
-  in unique (sort lessThan alldirs);
-
-  vim = pkgs.writeDashBin "vim" ''
-    set -efu
-    (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
-    exec ${pkgs.vim}/bin/vim "$@"
-  '';
-
-
-  hs.vim = pkgs.writeText "hs.vim" ''
-    syn region String start=+\[[[:alnum:]]*|+ end=+|]+
-
-    hi link ConId Identifier
-    hi link VarId Identifier
-    hi link hsDelimiter Delimiter
-  '';
-
-  nix.vim = pkgs.writeText "nix.vim" ''
-    setf nix
-
-    " Ref <nix/src/libexpr/lexer.l>
-    syn match NixID    /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
-    syn match NixINT   /\<[0-9]\+\>/
-    syn match NixPATH  /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
-    syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
-    syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
-    syn match NixURI   /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
-    syn region NixSTRING
-      \ matchgroup=NixSTRING
-      \ start='"'
-      \ skip='\\"'
-      \ end='"'
-    syn region NixIND_STRING
-      \ matchgroup=NixIND_STRING
-      \ start="'''"
-      \ skip="'''\('\|[$]\|\\[nrt]\)"
-      \ end="'''"
-
-    syn match NixOther /[():/;=.,?\[\]]/
-
-    syn match NixCommentMatch /\(^\|\s\)#.*/
-    syn region NixCommentRegion start="/\*" end="\*/"
-
-    hi link NixCode Statement
-    hi link NixData Constant
-    hi link NixComment Comment
-
-    hi link NixCommentMatch NixComment
-    hi link NixCommentRegion NixComment
-    hi link NixID NixCode
-    hi link NixINT NixData
-    hi link NixPATH NixData
-    hi link NixHPATH NixData
-    hi link NixSPATH NixData
-    hi link NixURI NixData
-    hi link NixSTRING NixData
-    hi link NixIND_STRING NixData
-
-    hi link NixEnter NixCode
-    hi link NixOther NixCode
-    hi link NixQuote NixData
-
-    syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
-    syn cluster nix_ind_strings contains=NixIND_STRING
-    syn cluster nix_strings contains=NixSTRING
-
-    ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
-      startAlts = filter isString [
-        ''/\* ${lang} \*/''
-        extraStart
-      ];
-      sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
-    in /* vim */ ''
-      syn include @nix_${lang}_syntax syntax/${lang}.vim
-      unlet b:current_syntax
-
-      syn match nix_${lang}_sigil
-        \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
-        \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
-        \ transparent
-
-      syn region nix_${lang}_region_STRING
-        \ matchgroup=NixSTRING
-        \ start='"'
-        \ skip='\\"'
-        \ end='"'
-        \ contained
-        \ contains=@nix_${lang}_syntax
-        \ transparent
-
-      syn region nix_${lang}_region_IND_STRING
-        \ matchgroup=NixIND_STRING
-        \ start="'''"
-        \ skip="'''\('\|[$]\|\\[nrt]\)"
-        \ end="'''"
-        \ contained
-        \ contains=@nix_${lang}_syntax
-        \ transparent
-
-      syn cluster nix_ind_strings
-        \ add=nix_${lang}_region_IND_STRING
-
-      syn cluster nix_strings
-        \ add=nix_${lang}_region_STRING
-
-      syn cluster nix_has_dollar_curly
-        \ add=@nix_${lang}_syntax
-    '') {
-      c = {};
-      cabal = {};
-      haskell = {};
-      sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
-      vim.extraStart =
-        ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
-    })}
-
-    " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
-    syn clear shVarAssign
-
-    syn region nixINSIDE_DOLLAR_CURLY
-      \ matchgroup=NixEnter
-      \ start="[$]{"
-      \ end="}"
-      \ contains=TOP
-      \ containedin=@nix_has_dollar_curly
-      \ transparent
-
-    syn region nix_inside_curly
-      \ matchgroup=NixEnter
-      \ start="{"
-      \ end="}"
-      \ contains=TOP
-      \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
-      \ transparent
-
-    syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
-      \ containedin=@nix_ind_strings
-      \ contained
-
-    syn match NixQuote /\\./he=s+1
-      \ containedin=@nix_strings
-      \ contained
-
-    syn sync fromstart
-
-    let b:current_syntax = "nix"
-
-    set isk=@,48-57,_,192-255,-,'
-    set bg=dark
-  '';
-in
-out
diff --git a/nin/2configs/weechat.nix b/nin/2configs/weechat.nix
deleted file mode 100644
index 6c0fb313e..000000000
--- a/nin/2configs/weechat.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  inherit (import <stockholm/lib>) genid;
-in {
-  krebs.per-user.chat.packages = with pkgs; [
-    mosh
-    weechat
-    tmux
-  ];
-
-  users.extraUsers.chat = {
-    home = "/home/chat";
-    uid = genid "chat";
-    useDefaultShell = true;
-    createHome = true;
-    openssh.authorizedKeys.keys = [
-      config.krebs.users.nin.pubkey
-    ];
-  };
-}
diff --git a/nin/default.nix b/nin/default.nix
deleted file mode 100644
index c31d6d949..000000000
--- a/nin/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-_:
-{
-  imports = [
-    ../krebs
-    ./2configs
-  ];
-}
diff --git a/nin/krops.nix b/nin/krops.nix
deleted file mode 100644
index d0074840a..000000000
--- a/nin/krops.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ name }: let
-  inherit (import ../krebs/krops.nix { inherit name; })
-    krebs-source
-    lib
-    pkgs
-  ;
-
-  source = { test }: lib.evalSource [
-    krebs-source
-    {
-      nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix";
-      secrets = if test then {
-        file = toString ./0tests/dummysecrets;
-      } else {
-        pass = {
-          dir = "${lib.getEnv "HOME"}/.password-store";
-          name = "hosts/${name}";
-        };
-      };
-    }
-  ];
-
-in {
-  # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
-  deploy = pkgs.krops.writeDeploy "${name}-deploy" {
-    source = source { test = false; };
-    target = "root@${name}/var/src";
-  };
-
-  # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
-  test = { target }: pkgs.krops.writeTest "${name}-test" {
-    inherit target;
-    source = source { test = true; };
-  };
-}