From 7adf24631f14409208376f5554c31db73e4af0c8 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 19 Sep 2017 20:42:12 +0200
Subject: [PATCH 001/145] l nixpkgs: d151161 -> 670b4e2 (17.09)

---
 lass/source.nix | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/lass/source.nix b/lass/source.nix
index 01631bef1..5155a272c 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -9,13 +9,8 @@ in
     {
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
-        url = http://cgit.lassul.us/nixpkgs;
-        # nixos-17.03
-        # + copytoram:
-        #   87a4615 & 334ac4f
-        # + acme permissions for groups
-        #   fd7a8f1
-        ref = "d151161";
+        url = https://github.com/nixos/nixpkgs;
+        ref = "670b4e2";
       };
       secrets.file = getAttr builder {
         buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

From 7c1f36ca1bafb4b415a5c9423842d6bef0102813 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 26 Aug 2017 20:03:57 +0200
Subject: [PATCH 002/145] requests2 -> requsts

---
 krebs/2configs/shack/muell_caller.nix             | 2 +-
 krebs/2configs/shack/radioactive.nix              | 2 +-
 krebs/2configs/shack/worlddomination.nix          | 2 +-
 krebs/5pkgs/simple/Reaktor/default.nix            | 2 +-
 krebs/5pkgs/simple/bepasty-client-cli/default.nix | 2 +-
 krebs/5pkgs/simple/cac-panel/default.nix          | 2 +-
 krebs/5pkgs/simple/treq/default.nix               | 2 +-
 krebs/5pkgs/simple/urlwatch/default.nix           | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix
index 2d8d78e33..a39d0cc02 100644
--- a/krebs/2configs/shack/muell_caller.nix
+++ b/krebs/2configs/shack/muell_caller.nix
@@ -12,7 +12,7 @@ let
     buildInputs = [
       (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
         docopt
-        requests2
+        requests
         paramiko
         python
       ]))
diff --git a/krebs/2configs/shack/radioactive.nix b/krebs/2configs/shack/radioactive.nix
index 378b54056..566146d6e 100644
--- a/krebs/2configs/shack/radioactive.nix
+++ b/krebs/2configs/shack/radioactive.nix
@@ -12,7 +12,7 @@ let
     buildInputs = [
       (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
         docopt
-        requests2
+        requests
         python
       ]))
     ];
diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix
index d0f9f5fa6..828b6cd70 100644
--- a/krebs/2configs/shack/worlddomination.nix
+++ b/krebs/2configs/shack/worlddomination.nix
@@ -37,7 +37,7 @@ let
         docopt
         LinkHeader
         aiocoap
-        requests2
+        requests
         paramiko
         python
       ]))
diff --git a/krebs/5pkgs/simple/Reaktor/default.nix b/krebs/5pkgs/simple/Reaktor/default.nix
index fc3710820..6989bb02b 100644
--- a/krebs/5pkgs/simple/Reaktor/default.nix
+++ b/krebs/5pkgs/simple/Reaktor/default.nix
@@ -8,7 +8,7 @@ python3Packages.buildPythonPackage rec {
 
   propagatedBuildInputs = with pkgs;[
     python3Packages.docopt
-    python3Packages.requests2
+    python3Packages.requests
   ];
   src = fetchurl {
     url = "https://pypi.python.org/packages/source/R/Reaktor/Reaktor-${version}.tar.gz";
diff --git a/krebs/5pkgs/simple/bepasty-client-cli/default.nix b/krebs/5pkgs/simple/bepasty-client-cli/default.nix
index c58e637b3..7811ef5fc 100644
--- a/krebs/5pkgs/simple/bepasty-client-cli/default.nix
+++ b/krebs/5pkgs/simple/bepasty-client-cli/default.nix
@@ -5,7 +5,7 @@ with pythonPackages; buildPythonPackage rec {
   propagatedBuildInputs = [
     python_magic
     click
-    requests2
+    requests
   ];
 
   src = fetchFromGitHub {
diff --git a/krebs/5pkgs/simple/cac-panel/default.nix b/krebs/5pkgs/simple/cac-panel/default.nix
index fd4799535..57f58f4de 100644
--- a/krebs/5pkgs/simple/cac-panel/default.nix
+++ b/krebs/5pkgs/simple/cac-panel/default.nix
@@ -11,7 +11,7 @@ python3Packages.buildPythonPackage rec {
 
   propagatedBuildInputs = with python3Packages; [
     docopt
-    requests2
+    requests
     beautifulsoup4
   ];
 }
diff --git a/krebs/5pkgs/simple/treq/default.nix b/krebs/5pkgs/simple/treq/default.nix
index 20387b9cb..7cb826a51 100644
--- a/krebs/5pkgs/simple/treq/default.nix
+++ b/krebs/5pkgs/simple/treq/default.nix
@@ -11,7 +11,7 @@ pythonPackages.buildPythonPackage rec {
   propagatedBuildInputs = with pythonPackages; [
     twisted
     pyopenssl
-    requests2
+    requests
     service-identity
   ];
 }
diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix
index 509555669..adaefbc4d 100644
--- a/krebs/5pkgs/simple/urlwatch/default.nix
+++ b/krebs/5pkgs/simple/urlwatch/default.nix
@@ -13,7 +13,7 @@ python3Packages.buildPythonPackage rec {
     minidb
     pycodestyle
     pyyaml
-    requests2
+    requests
   ];
 
   meta = {

From 1fd1ff57c82e6684702406ca32bfdca1c5785565 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 13 Sep 2017 19:40:30 +0200
Subject: [PATCH 003/145] bepasty: pythonPackages.bepasty-server -> bepasty

---
 krebs/3modules/bepasty-server.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index 0ca13366b..dd29a4e17 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -3,7 +3,7 @@
 with import <stockholm/lib>;
 let
   gunicorn = pkgs.pythonPackages.gunicorn;
-  bepasty = pkgs.pythonPackages.bepasty-server;
+  bepasty = pkgs.bepasty;
   gevent = pkgs.pythonPackages.gevent;
   python = pkgs.pythonPackages.python;
   cfg = config.krebs.bepasty;

From c0a4063c2d183ecf1cf7a1dc4e1a35f1f1be0733 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 13 Sep 2017 21:13:53 +0200
Subject: [PATCH 004/145] l bepasty: forceSSL conflicts with enableSSL

---
 lass/2configs/bepasty.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix
index b2d40d4f3..43647892f 100644
--- a/lass/2configs/bepasty.nix
+++ b/lass/2configs/bepasty.nix
@@ -31,7 +31,6 @@ in {
     } //
     genAttrs ext-doms (ext-dom: {
       nginx = {
-        enableSSL = true;
         forceSSL = true;
         enableACME = true;
       };

From af52d7028adddabc8f21c3989ea600206fd64666 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 19 Sep 2017 20:59:27 +0200
Subject: [PATCH 005/145] nixpkgs 8ed299f -> 670b4e2 (17.09)

---
 krebs/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/source.nix b/krebs/source.nix
index 1aba3d7ff..e70ee2d8a 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -14,6 +14,6 @@ in
     stockholm.file = toString <stockholm>;
     nixpkgs.git = {
       url = https://github.com/NixOS/nixpkgs;
-      ref = "8ed299faacbf8813fc47b4fca34f32b835d6481e"; # nixos-17.03 @ 2017-09-09
+      ref = "670b4e29adc16e0a29aa5b4c126703dcca56aeb6"; # nixos-17.09 @ 2017-09-18
     };
   }

From d973c779eb71749af464edb1ed0216b0d5317eb2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 13 Sep 2017 21:45:42 +0200
Subject: [PATCH 006/145] gitlab-runner: configText -> configFile

---
 krebs/2configs/gitlab-runner-shackspace.nix | 27 ++++++++++-----------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/krebs/2configs/gitlab-runner-shackspace.nix b/krebs/2configs/gitlab-runner-shackspace.nix
index d9b4cd589..f4247b6da 100644
--- a/krebs/2configs/gitlab-runner-shackspace.nix
+++ b/krebs/2configs/gitlab-runner-shackspace.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 let
   url = "https://git.shackspace.de/";
   # generate token from CI-token via:
@@ -6,7 +6,7 @@ let
   ## cat /etc/gitlab-runner/config.toml
   token = import <secrets/shackspace-gitlab-ci-token.nix> ;
 in {
-  systemd.services.gitlab-runner.path = [ 
+  systemd.services.gitlab-runner.path = [
     "/run/wrappers" # /run/wrappers/bin/su
     "/" # /bin/sh
   ];
@@ -16,19 +16,18 @@ in {
     enable = true;
     # configFile, configOptions and gracefulTimeout not yet in stable
     # gracefulTimeout = "120min";
-    configText = ''
-    concurrent = 1
-    check_interval = 0
-
-    [[runners]]
-      name = "krebs-shell"
-      url = "${url}"
-      token = "${token}"
-      executor = "shell"
-      shell = "sh"
-      environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"]
-      [runners.cache]
+    configFile = pkgs.writeText "gitlab-runner.cfg" ''
+      concurrent = 1
+      check_interval = 0
 
+      [[runners]]
+        name = "krebs-shell"
+        url = "${url}"
+        token = "${token}"
+        executor = "shell"
+        shell = "sh"
+        environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"]
+        [runners.cache]
     '';
   };
 }

From c37c568baaa369b218b7e85a48e93725f2725371 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 21 Sep 2017 02:09:17 +0200
Subject: [PATCH 007/145] ma pkgs.beef: init (broken state)

---
 makefu/5pkgs/beef/Gemfile      |  97 +++++++
 makefu/5pkgs/beef/Gemfile.lock | 139 ++++++++++
 makefu/5pkgs/beef/default.nix  |  37 +++
 makefu/5pkgs/beef/gemset.nix   | 475 +++++++++++++++++++++++++++++++++
 makefu/5pkgs/beef/shell.nix    |  16 ++
 5 files changed, 764 insertions(+)
 create mode 100644 makefu/5pkgs/beef/Gemfile
 create mode 100644 makefu/5pkgs/beef/Gemfile.lock
 create mode 100644 makefu/5pkgs/beef/default.nix
 create mode 100644 makefu/5pkgs/beef/gemset.nix
 create mode 100644 makefu/5pkgs/beef/shell.nix

diff --git a/makefu/5pkgs/beef/Gemfile b/makefu/5pkgs/beef/Gemfile
new file mode 100644
index 000000000..1420feffd
--- /dev/null
+++ b/makefu/5pkgs/beef/Gemfile
@@ -0,0 +1,97 @@
+# BeEF's Gemfile
+
+#
+# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+gem 'eventmachine'
+gem 'thin'
+gem 'sinatra'
+gem 'rack', '~> 1.6.5'
+gem 'em-websocket' # WebSocket support
+gem 'uglifier'
+gem 'mime-types'
+gem 'execjs'
+gem 'ansi'
+gem 'term-ansicolor', :require => 'term/ansicolor'
+gem 'dm-core'
+gem 'json'
+gem 'data_objects'
+gem 'rubyzip', '>= 1.2.1'
+gem 'espeak-ruby', '>= 1.0.4' # Text-to-Voice
+gem 'nokogiri', '>= 1.7'
+
+gem 'therubyracer'
+
+# SQLite support
+group :sqlite do
+  gem 'dm-sqlite-adapter'
+end
+
+# PostgreSQL support
+group :postgres do
+  #gem dm-postgres-adapter
+end
+
+# MySQL support
+group :mysql do
+  #gem dm-mysql-adapter
+end
+
+# Geolocation support
+group :geoip do
+  gem 'geoip'
+end
+
+gem 'parseconfig'
+gem 'erubis'
+gem 'dm-migrations'
+
+# Metasploit Integration extension
+group :ext_msf do
+  gem 'msfrpc-client'
+end
+
+# Twitter Notifications extension
+group :ext_twitter do
+  #gem 'twitter', '>= 5.0.0'
+end
+
+# DNS extension
+group :ext_dns do
+  gem 'rubydns', '~> 0.7.3'
+end
+
+# network extension
+group :ext_network do
+  gem 'dm-serializer'
+end
+
+# QRcode extension
+group :ext_qrcode do
+  gem 'qr4r'
+end
+
+# For running unit tests
+group :test do
+if ENV['BEEF_TEST']
+  gem 'rake'
+  gem 'test-unit'
+  gem 'test-unit-full'
+  gem 'curb'
+  gem 'selenium'
+  gem 'selenium-webdriver'
+  gem 'rspec'
+  gem 'bundler-audit'
+  # nokogirl is needed by capybara which may require one of the below commands
+  # sudo apt-get install libxslt-dev libxml2-dev
+  # sudo port install libxml2 libxslt
+  gem 'capybara'
+  # RESTful API tests/generic command module tests
+  gem 'rest-client', '>= 2.0.1'
+end
+end
+
+source 'https://rubygems.org'
diff --git a/makefu/5pkgs/beef/Gemfile.lock b/makefu/5pkgs/beef/Gemfile.lock
new file mode 100644
index 000000000..d2e6ad45e
--- /dev/null
+++ b/makefu/5pkgs/beef/Gemfile.lock
@@ -0,0 +1,139 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    ansi (1.5.0)
+    chunky_png (1.3.8)
+    daemons (1.2.4)
+    data_objects (0.10.17)
+      addressable (~> 2.1)
+    dm-core (1.2.1)
+      addressable (~> 2.3)
+    dm-do-adapter (1.2.0)
+      data_objects (~> 0.10.6)
+      dm-core (~> 1.2.0)
+    dm-migrations (1.2.0)
+      dm-core (~> 1.2.0)
+    dm-serializer (1.2.2)
+      dm-core (~> 1.2.0)
+      fastercsv (~> 1.5)
+      json (~> 1.6)
+      json_pure (~> 1.6)
+      multi_json (~> 1.0)
+    dm-sqlite-adapter (1.2.0)
+      dm-do-adapter (~> 1.2.0)
+      do_sqlite3 (~> 0.10.6)
+    do_sqlite3 (0.10.17)
+      data_objects (= 0.10.17)
+    em-websocket (0.5.1)
+      eventmachine (>= 0.12.9)
+      http_parser.rb (~> 0.6.0)
+    erubis (2.7.0)
+    espeak-ruby (1.0.4)
+    eventmachine (1.0.9.1)
+    execjs (2.7.0)
+    fastercsv (1.5.5)
+    filesize (0.1.1)
+    geoip (1.6.3)
+    http_parser.rb (0.6.0)
+    jsobfu (0.4.2)
+      rkelly-remix
+    json (1.8.6)
+    json_pure (1.8.6)
+    libv8 (3.16.14.19)
+    metasm (1.0.3)
+    mime-types (3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2016.0521)
+    mini_portile2 (2.3.0)
+    mojo_magick (0.5.6)
+    msfrpc-client (1.1.1)
+      msgpack (~> 1)
+      rex (~> 2)
+    msgpack (1.1.0)
+    multi_json (1.12.2)
+    nokogiri (1.8.1)
+      mini_portile2 (~> 2.3.0)
+    parseconfig (1.0.8)
+    public_suffix (3.0.0)
+    qr4r (0.4.1)
+      mojo_magick
+      rqrcode
+    rack (1.6.8)
+    rack-protection (1.5.3)
+      rack
+    rainbow (2.2.2)
+      rake
+    rake (12.1.0)
+    rb-readline (0.5.5)
+    ref (2.0.0)
+    rex (2.0.11)
+      filesize
+      jsobfu (~> 0.4.1)
+      json
+      metasm (~> 1.0.2)
+      nokogiri
+      rb-readline
+      robots
+    rexec (1.6.3)
+      rainbow
+    rkelly-remix (0.0.7)
+    robots (0.10.1)
+    rqrcode (0.10.1)
+      chunky_png (~> 1.0)
+    rubydns (0.7.3)
+      eventmachine (~> 1.0.0)
+      rexec (~> 1.6.2)
+    rubyzip (1.2.1)
+    sinatra (1.4.8)
+      rack (~> 1.5)
+      rack-protection (~> 1.4)
+      tilt (>= 1.3, < 3)
+    term-ansicolor (1.6.0)
+      tins (~> 1.0)
+    therubyracer (0.12.3)
+      libv8 (~> 3.16.14.15)
+      ref
+    thin (1.7.2)
+      daemons (~> 1.0, >= 1.0.9)
+      eventmachine (~> 1.0, >= 1.0.4)
+      rack (>= 1, < 3)
+    tilt (2.0.8)
+    tins (1.15.0)
+    uglifier (3.2.0)
+      execjs (>= 0.3.0, < 3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  ansi
+  data_objects
+  dm-core
+  dm-migrations
+  dm-serializer
+  dm-sqlite-adapter
+  em-websocket
+  erubis
+  espeak-ruby (>= 1.0.4)
+  eventmachine
+  execjs
+  geoip
+  json
+  mime-types
+  msfrpc-client
+  nokogiri (>= 1.7)
+  parseconfig
+  qr4r
+  rack (~> 1.6.5)
+  rubydns (~> 0.7.3)
+  rubyzip (>= 1.2.1)
+  sinatra
+  term-ansicolor
+  therubyracer
+  thin
+  uglifier
+
+BUNDLED WITH
+   1.15.4
diff --git a/makefu/5pkgs/beef/default.nix b/makefu/5pkgs/beef/default.nix
new file mode 100644
index 000000000..82540cde9
--- /dev/null
+++ b/makefu/5pkgs/beef/default.nix
@@ -0,0 +1,37 @@
+{ stdenv, bundlerEnv, ruby, fetchFromGitHub }:
+# nix-shell --command "bundler install && bundix" in the clone, copy gemset.nix, Gemfile and Gemfile.lock
+let
+  gems = bundlerEnv {
+    name = "beef-env";
+    inherit ruby;
+    gemdir  = ./.;
+  };
+in stdenv.mkDerivation {
+  name = "beef-2017-09-21";
+  src = fetchFromGitHub {
+    owner = "beefproject";
+    repo = "beef";
+    rev = "69aa2a3";
+    sha256 = "1rky61i0wzpwcq3kqfa0m5hf6wyz8q8jgzs7dpfh04w9qh32ic4p";
+  };
+  buildInputs = [gems ruby];
+  installPhase = ''
+    mkdir -p $out/{bin,share/beef}
+
+    cp -r * $out/share/beef
+    # set the default db path, unfortunately setting to /tmp does not seem to work
+    # sed -i 's#db_file: .*#db_file: "/tmp/beef.db"#' $out/share/beef/config.yaml
+
+    bin=$out/bin/beef
+    cat > $bin <<EOF
+#!/bin/sh -e
+exec ${gems}/bin/bundle exec ${ruby}/bin/ruby $out/share/beef/beef "\$@"
+EOF
+    chmod +x $bin
+  '';
+
+  # crashes with segfault
+  # also, db cannot be set
+  meta.broken = true;
+
+}
diff --git a/makefu/5pkgs/beef/gemset.nix b/makefu/5pkgs/beef/gemset.nix
new file mode 100644
index 000000000..b6af75d00
--- /dev/null
+++ b/makefu/5pkgs/beef/gemset.nix
@@ -0,0 +1,475 @@
+{
+  addressable = {
+    dependencies = ["public_suffix"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0viqszpkggqi8hq87pqp0xykhvz60g99nwmkwsb0v45kc2liwxvk";
+      type = "gem";
+    };
+    version = "2.5.2";
+  };
+  ansi = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "14ims9zfal4gs2wpx2m5rd8zsrl2k794d359shkrsgg3fhr2a22l";
+      type = "gem";
+    };
+    version = "1.5.0";
+  };
+  chunky_png = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0j0dngz6s0j3s3zaf9vrimjz65s9k7ad1c3xmmldr1vmz8sbd843";
+      type = "gem";
+    };
+    version = "1.3.8";
+  };
+  daemons = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1bmb4qrd95b5gl3ym5j3q6mf090209f4vkczggn49n56w6s6zldz";
+      type = "gem";
+    };
+    version = "1.2.4";
+  };
+  data_objects = {
+    dependencies = ["addressable"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "19fw1ckqc5f1wc4r72qrymy2k6cmd8azbxpn61ksbsjqhzc2bgqd";
+      type = "gem";
+    };
+    version = "0.10.17";
+  };
+  dm-core = {
+    dependencies = ["addressable"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "09x67ka6f1lxh4iwrg87iama0haq0d0z35gavvnvzpx9kn9pfbnw";
+      type = "gem";
+    };
+    version = "1.2.1";
+  };
+  dm-do-adapter = {
+    dependencies = ["data_objects" "dm-core"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1v84lsmsq8kawl8k4qz2h87xqc1sr10c08wwasrxbcgrkvp7qk4q";
+      type = "gem";
+    };
+    version = "1.2.0";
+  };
+  dm-migrations = {
+    dependencies = ["dm-core"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "04hr8qgm4j1z5fg0cfpr8r6apvk5xykad0d0xqfg48rjv5rdwc0i";
+      type = "gem";
+    };
+    version = "1.2.0";
+  };
+  dm-serializer = {
+    dependencies = ["dm-core" "fastercsv" "json" "json_pure" "multi_json"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0mvpb2d4cniysw45d3c9xidjpdb3wmfl7x5lgvnsfm69wq24v5y4";
+      type = "gem";
+    };
+    version = "1.2.2";
+  };
+  dm-sqlite-adapter = {
+    dependencies = ["dm-do-adapter" "do_sqlite3"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0mq9xrw4jwb753sy8902rq9sfv62mzss2n3875g51i9acqy475hc";
+      type = "gem";
+    };
+    version = "1.2.0";
+  };
+  do_sqlite3 = {
+    dependencies = ["data_objects"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0gxz54qjgwg6a2mkqpai28m0i5swbyxpr4qmh9x1nwf20lysrgcf";
+      type = "gem";
+    };
+    version = "0.10.17";
+  };
+  em-websocket = {
+    dependencies = ["eventmachine" "http_parser.rb"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1bsw8vjz0z267j40nhbmrvfz7dvacq4p0pagvyp17jif6mj6v7n3";
+      type = "gem";
+    };
+    version = "0.5.1";
+  };
+  erubis = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1fj827xqjs91yqsydf0zmfyw9p4l2jz5yikg3mppz6d7fi8kyrb3";
+      type = "gem";
+    };
+    version = "2.7.0";
+  };
+  espeak-ruby = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0d658zr53jibyrs5qnic7bfl6h69k5987s8asncsbnxwbzzilj6y";
+      type = "gem";
+    };
+    version = "1.0.4";
+  };
+  eventmachine = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "17jr1caa3ggg696dd02g2zqzdjqj9x9q2nl7va82l36f7c5v6k4z";
+      type = "gem";
+    };
+    version = "1.0.9.1";
+  };
+  execjs = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1yz55sf2nd3l666ms6xr18sm2aggcvmb8qr3v53lr4rir32y1yp1";
+      type = "gem";
+    };
+    version = "2.7.0";
+  };
+  fastercsv = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1df3vfgw5wg0s405z0pj0rfcvnl9q6wak7ka8gn0xqg4cag1k66h";
+      type = "gem";
+    };
+    version = "1.5.5";
+  };
+  filesize = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "061qmg82mm9xnmnq3b7gbi24g28xk62w0b0nw86gybd07m1jn989";
+      type = "gem";
+    };
+    version = "0.1.1";
+  };
+  geoip = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "099hxng7h8i3pwibnassivj58iw1x7ygwq06qj6rx7j16iyz6rzx";
+      type = "gem";
+    };
+    version = "1.6.3";
+  };
+  "http_parser.rb" = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "15nidriy0v5yqfjsgsra51wmknxci2n2grliz78sf9pga3n0l7gi";
+      type = "gem";
+    };
+    version = "0.6.0";
+  };
+  jsobfu = {
+    dependencies = ["rkelly-remix"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1hchns89cfj0gggm2zbr7ghb630imxm2x2d21ffx2jlasn9xbkyk";
+      type = "gem";
+    };
+    version = "0.4.2";
+  };
+  json = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0qmj7fypgb9vag723w1a49qihxrcf5shzars106ynw2zk352gbv5";
+      type = "gem";
+    };
+    version = "1.8.6";
+  };
+  json_pure = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1vllrpm2hpsy5w1r7000mna2mhd7yfrmd8hi713lk0n9mv27bmam";
+      type = "gem";
+    };
+    version = "1.8.6";
+  };
+  libv8 = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0271i5sfma05gvhmrmxqb0jj667bl6m54yd49ay6yrdbh1g4wpl1";
+      type = "gem";
+    };
+    version = "3.16.14.19";
+  };
+  metasm = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0gss57q4lv6l0jkih77zffrpjjzgkdcsy7b9nvvawyzknis9w4s5";
+      type = "gem";
+    };
+    version = "1.0.3";
+  };
+  mime-types = {
+    dependencies = ["mime-types-data"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0087z9kbnlqhci7fxh9f6il63hj1k02icq2rs0c6cppmqchr753m";
+      type = "gem";
+    };
+    version = "3.1";
+  };
+  mime-types-data = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "04my3746hwa4yvbx1ranhfaqkgf6vavi1kyijjnw8w3dy37vqhkm";
+      type = "gem";
+    };
+    version = "3.2016.0521";
+  };
+  mini_portile2 = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "13d32jjadpjj6d2wdhkfpsmy68zjx90p49bgf8f7nkpz86r1fr11";
+      type = "gem";
+    };
+    version = "2.3.0";
+  };
+  mojo_magick = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1n4hzdyvaggzasxb55iqjd8sg6g84yc2dbaip0zzy7nwr5j5h8sm";
+      type = "gem";
+    };
+    version = "0.5.6";
+  };
+  msfrpc-client = {
+    dependencies = ["msgpack" "rex"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0q1x0xy857qm3sdxynp5p8kk7f6j25qjw1p28jh0y2qivc5ksik8";
+      type = "gem";
+    };
+    version = "1.1.1";
+  };
+  msgpack = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0ck7w17d6b4jbb8inh1q57bghi9cjkiaxql1d3glmj1yavbpmlh7";
+      type = "gem";
+    };
+    version = "1.1.0";
+  };
+  multi_json = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1raim9ddjh672m32psaa9niw67ywzjbxbdb8iijx3wv9k5b0pk2x";
+      type = "gem";
+    };
+    version = "1.12.2";
+  };
+  nokogiri = {
+    dependencies = ["mini_portile2"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "105xh2zkr8nsyfaj2izaisarpnkrrl9000y3nyflg9cbzrfxv021";
+      type = "gem";
+    };
+    version = "1.8.1";
+  };
+  parseconfig = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0br2g9k6zc4ygah52aa8cwvpnnkszia29bnvnr8bhpk3rdzi2vmq";
+      type = "gem";
+    };
+    version = "1.0.8";
+  };
+  public_suffix = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0snaj1gxfib4ja1mvy3dzmi7am73i0mkqr0zkz045qv6509dhj5f";
+      type = "gem";
+    };
+    version = "3.0.0";
+  };
+  qr4r = {
+    dependencies = ["mojo_magick" "rqrcode"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1ya71fxhmx2zfsmflmqh6xm9jwgjxamsj9d3h1kjp21w4vca0s30";
+      type = "gem";
+    };
+    version = "0.4.1";
+  };
+  rack = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "19m7aixb2ri7p1n0iqaqx8ldi97xdhvbxijbyrrcdcl6fv5prqza";
+      type = "gem";
+    };
+    version = "1.6.8";
+  };
+  rack-protection = {
+    dependencies = ["rack"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0cvb21zz7p9wy23wdav63z5qzfn4nialik22yqp6gihkgfqqrh5r";
+      type = "gem";
+    };
+    version = "1.5.3";
+  };
+  rainbow = {
+    dependencies = ["rake"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "08w2ghc5nv0kcq5b257h7dwjzjz1pqcavajfdx2xjyxqsvh2y34w";
+      type = "gem";
+    };
+    version = "2.2.2";
+  };
+  rake = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0mfqgpp3m69s5v1rd51lfh5qpjwyia5p4rg337pw8c8wzm6pgfsw";
+      type = "gem";
+    };
+    version = "12.1.0";
+  };
+  rb-readline = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "14w79a121czmvk1s953qfzww30mqjb2zc0k9qhi0ivxxk3hxg6wy";
+      type = "gem";
+    };
+    version = "0.5.5";
+  };
+  ref = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "04p4pq4sikly7pvn30dc7v5x2m7fqbfwijci4z1y6a1ilwxzrjii";
+      type = "gem";
+    };
+    version = "2.0.0";
+  };
+  rex = {
+    dependencies = ["filesize" "jsobfu" "json" "metasm" "nokogiri" "rb-readline" "robots"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0kxacxq4l1gcqbw1izg2qqvdhxl6b5779a2qa2jk24f6x96bpi68";
+      type = "gem";
+    };
+    version = "2.0.11";
+  };
+  rexec = {
+    dependencies = ["rainbow"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1ihc0a6gj4i3287fjm86cn2ax4hlznyk5aqxrhjxkf4y9kabc3in";
+      type = "gem";
+    };
+    version = "1.6.3";
+  };
+  rkelly-remix = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1g7hjl9nx7f953y7lncmfgp0xgxfxvgfm367q6da9niik6rp1y3j";
+      type = "gem";
+    };
+    version = "0.0.7";
+  };
+  robots = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "141gvihcr2c0dpzl3dqyh8kqc9121prfdql2iamaaw0mf9qs3njs";
+      type = "gem";
+    };
+    version = "0.10.1";
+  };
+  rqrcode = {
+    dependencies = ["chunky_png"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0h1pnnydgs032psakvg3l779w3ghbn08ajhhhw19hpmnfhrs8k0a";
+      type = "gem";
+    };
+    version = "0.10.1";
+  };
+  rubydns = {
+    dependencies = ["eventmachine" "rexec"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1mav6589kpqh37wlipkh1nww6ipbw4kzja2crz216v25wwjrbpx2";
+      type = "gem";
+    };
+    version = "0.7.3";
+  };
+  rubyzip = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "06js4gznzgh8ac2ldvmjcmg9v1vg9llm357yckkpylaj6z456zqz";
+      type = "gem";
+    };
+    version = "1.2.1";
+  };
+  sinatra = {
+    dependencies = ["rack" "rack-protection" "tilt"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0byxzl7rx3ki0xd7aiv1x8mbah7hzd8f81l65nq8857kmgzj1jqq";
+      type = "gem";
+    };
+    version = "1.4.8";
+  };
+  term-ansicolor = {
+    dependencies = ["tins"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1b1wq9ljh7v3qyxkk8vik2fqx2qzwh5lval5f92llmldkw7r7k7b";
+      type = "gem";
+    };
+    version = "1.6.0";
+  };
+  therubyracer = {
+    dependencies = ["libv8" "ref"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1g95bzs2axjglyjyj6xvsywqgr80bnzlkw7mddxx1fdrak5wni2q";
+      type = "gem";
+    };
+    version = "0.12.3";
+  };
+  thin = {
+    dependencies = ["daemons" "eventmachine" "rack"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0nagbf9pwy1vg09k6j4xqhbjjzrg5dwzvkn4ffvlj76fsn6vv61f";
+      type = "gem";
+    };
+    version = "1.7.2";
+  };
+  tilt = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0020mrgdf11q23hm1ddd6fv691l51vi10af00f137ilcdb2ycfra";
+      type = "gem";
+    };
+    version = "2.0.8";
+  };
+  tins = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "09whix5a7ics6787zrkwjmp16kqyh6560p9f317syks785805f7s";
+      type = "gem";
+    };
+    version = "1.15.0";
+  };
+  uglifier = {
+    dependencies = ["execjs"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0wmqvn4xncw6h3d5gp2a44170zwxfyj3iq4rsjp16zarvzbdmgnz";
+      type = "gem";
+    };
+    version = "3.2.0";
+  };
+}
\ No newline at end of file
diff --git a/makefu/5pkgs/beef/shell.nix b/makefu/5pkgs/beef/shell.nix
new file mode 100644
index 000000000..cd7a01214
--- /dev/null
+++ b/makefu/5pkgs/beef/shell.nix
@@ -0,0 +1,16 @@
+# Env to update Gemfile.lock / gemset.nix
+with import <nixpkgs> {};
+stdenv.mkDerivation {
+  name = "env";
+  buildInputs = [
+    ruby.devEnv
+    git
+    sqlite
+    libpcap
+    postgresql
+    libxml2
+    libxslt
+    pkgconfig
+    bundix
+  ];
+}

From d2c388ce3928764a78e4158162cb64ce3b5e43ce Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 21 Sep 2017 20:59:38 +0200
Subject: [PATCH 008/145] iana-etc module: init

---
 krebs/3modules/default.nix  |  1 +
 krebs/3modules/iana-etc.nix | 55 +++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 krebs/3modules/iana-etc.nix

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 42df3f053..48cf7971b 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -24,6 +24,7 @@ let
       ./go.nix
       ./hidden-ssh.nix
       ./htgen.nix
+      ./iana-etc.nix
       ./iptables.nix
       ./kapacitor.nix
       ./monit.nix
diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix
new file mode 100644
index 000000000..f6d47f27e
--- /dev/null
+++ b/krebs/3modules/iana-etc.nix
@@ -0,0 +1,55 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: {
+
+  options.krebs.iana-etc.services = mkOption {
+    default = {};
+    type = types.attrsOf (types.submodule ({ config, ... }: {
+      options = {
+        port = mkOption {
+          default = config._module.args.name;
+          type = types.addCheck types.str (test "[1-9][0-9]*");
+        };
+      } // genAttrs ["tcp" "udp"] (protocol: mkOption {
+        default = null;
+        type = types.nullOr (types.submodule {
+          options = {
+            name = mkOption {
+              type = types.str;
+            };
+          };
+        });
+      });
+    }));
+  };
+
+  config.environment.etc = mkIf (config.krebs.iana-etc.services != {})  {
+    services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} ''
+      exec < ${pkgs.iana_etc}/etc/services
+      exec > $out
+      awk -F '[ /]+' '
+        BEGIN {
+          port=0
+        }
+        ${concatMapStringsSep "\n" (entry: ''
+          $2 == ${entry.port} {
+            port=$2
+            next
+          }
+          port == ${entry.port} {
+            ${concatMapStringsSep "\n"
+              (proto: let
+                s = "${entry.${proto}.name} ${entry.port}/${proto}";
+              in
+                "print ${toJSON s}")
+              (filter (proto: entry.${proto} != null) ["tcp" "udp"])}
+            port=0
+          }
+        '') (attrValues config.krebs.iana-etc.services)}
+        {
+          print $0
+        }
+      '
+    '');
+  };
+
+}

From 43b891ef00b10a4aa574e77b58773b0f2e7d15b4 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 21 Sep 2017 21:06:38 +0200
Subject: [PATCH 009/145] tv modules: s/_://

---
 tv/3modules/default.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index 57ffbfab8..493cc8b72 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -1,5 +1,3 @@
-_:
-
 {
   imports = [
     ./charybdis

From 79df0635690a7e8457b3d4fa509be75b8f344146 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 21 Sep 2017 21:08:34 +0200
Subject: [PATCH 010/145] shell: inline utils.deploy

---
 shell.nix | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/shell.nix b/shell.nix
index 4b8abed58..c9b197a26 100644
--- a/shell.nix
+++ b/shell.nix
@@ -22,7 +22,12 @@ let
     . ${init.env}
     . ${init.proxy opts}
 
-    exec ${utils.deploy}
+    # Use system's nixos-rebuild, which is not self-contained
+    export PATH=/run/current-system/sw/bin
+    exec ${utils.with-whatsupnix} \
+    nixos-rebuild switch \
+        --show-trace \
+        -I "$target_path"
   '');
 
   cmds.install = pkgs.withGetopt {
@@ -205,16 +210,6 @@ let
         -I "$target_path" \
   '';
 
-  utils.deploy = pkgs.writeDash "utils.deploy" ''
-    set -efu
-    # Use system's nixos-rebuild, which is not self-contained
-    export PATH=/run/current-system/sw/bin
-    ${utils.with-whatsupnix} \
-    nixos-rebuild switch \
-        --show-trace \
-        -I "$target_path"
-  '';
-
   utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" ''
     set -efu
     if \test "$quiet" = true; then

From ea0b2cca51106bc7e92f36017bb3dc3ecdcc085e Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 22 Sep 2017 00:18:15 +0200
Subject: [PATCH 011/145] git-preview: init

---
 krebs/5pkgs/simple/git-preview.nix | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 krebs/5pkgs/simple/git-preview.nix

diff --git a/krebs/5pkgs/simple/git-preview.nix b/krebs/5pkgs/simple/git-preview.nix
new file mode 100644
index 000000000..d6c9579a7
--- /dev/null
+++ b/krebs/5pkgs/simple/git-preview.nix
@@ -0,0 +1,17 @@
+{ coreutils, git, writeDashBin }:
+
+writeDashBin "git-preview" ''
+  set -efu
+  head_commit=$(${git}/bin/git log -1 --format=%H)
+  merge_commit=$1; shift
+  merge_message='Merge for git-preview'
+  preview_dir=$(${coreutils}/bin/mktemp --tmpdir -d git-preview.XXXXXXXX)
+  preview_branch=$(${coreutils}/bin/basename "$preview_dir")
+  ${git}/bin/git worktree add -b "$preview_branch" "$preview_dir" >/dev/null
+  ${git}/bin/git -C "$preview_dir" checkout "$head_commit"
+  ${git}/bin/git -C "$preview_dir" merge -m "$merge_message" "$merge_commit"
+  ${git}/bin/git -C "$preview_dir" diff "$head_commit.." "$@" &
+  ${git}/bin/git branch -fd "$preview_branch"
+  ${coreutils}/bin/rm -fR "$preview_dir"
+  wait
+''

From aa8f67903971b2786608567e63f168826122d14e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 23 Sep 2017 15:23:15 +0200
Subject: [PATCH 012/145] ma urlwatch: add sqlalchemy_migrate

---
 makefu/2configs/urlwatch/default.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix
index 47b5d7fc3..1434f1bf0 100644
--- a/makefu/2configs/urlwatch/default.nix
+++ b/makefu/2configs/urlwatch/default.nix
@@ -24,8 +24,10 @@ in {
 
       # pypi
       https://pypi.python.org/simple/bepasty/
-      https://pypi.python.org/simple/xstatic/
       https://pypi.python.org/simple/devpi-client/
+      https://pypi.python.org/simple/oslo.config/
+      https://pypi.python.org/simple/sqlalchemy_migrate/
+      https://pypi.python.org/simple/xstatic/
       # weird shit
       http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
       http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/

From bbced2ea622d97aa14f8b9bf6a75748d7d51da53 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 25 Sep 2017 12:00:29 +0200
Subject: [PATCH 013/145] mv nixpkgs: 56da88a -> 3d04a55

---
 mv/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mv/source.nix b/mv/source.nix
index aa2b13fd8..5dea13e73 100644
--- a/mv/source.nix
+++ b/mv/source.nix
@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
       nixpkgs.git = {
         # nixos-17.03
-        ref = mkDefault "56da88a298a6f549701a10bb12072804a1ebfbd5";
+        ref = mkDefault "3d04a557b72aa0987d9bf079e1445280b6bfd907";
         url = https://github.com/NixOS/nixpkgs;
       };
       secrets.file = getAttr builder {

From 1514a6502dfeed739a4752652ca5437222110375 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 26 Sep 2017 00:22:53 +0200
Subject: [PATCH 014/145] puyak.r: enable fan control

---
 krebs/1systems/puyak/config.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 978bd18e0..cca8850fa 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -65,7 +65,12 @@
   '';
 
   environment.systemPackages = [ pkgs.zsh ];
-  boot.kernelModules = [ "kvm-intel" ];
+  boot = {
+    kernelModules = [ "kvm-intel" ];
+    extraModprobeConfig = ''
+      options thinkpad_acpi fan_control=1
+    '';
+  }
   users.users.joerg = {
     openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ];
     isNormalUser = true;

From f1d2f346a3c1bf9df0dda32a5b797169dcb88620 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 26 Sep 2017 00:24:30 +0200
Subject: [PATCH 015/145] puyak.r: fan speed to 11

---
 krebs/1systems/puyak/config.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index cca8850fa..444bf383c 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -71,6 +71,10 @@
       options thinkpad_acpi fan_control=1
     '';
   }
+
+  system.activationScripts."disengage fancontrol" = ''
+    echo level disengaged > /proc/acpi/ibm/fan
+  '';
   users.users.joerg = {
     openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ];
     isNormalUser = true;

From 18d0d7df819a82c97965cc6ab5756f0a7894f081 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 27 Sep 2017 00:03:50 +0200
Subject: [PATCH 016/145] ma pkgs.drozer: remove dots

---
 makefu/5pkgs/drozer/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makefu/5pkgs/drozer/default.nix b/makefu/5pkgs/drozer/default.nix
index f91d5b984..885777be4 100644
--- a/makefu/5pkgs/drozer/default.nix
+++ b/makefu/5pkgs/drozer/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, fetchFromGitHub, pythonPackages, jre7, jdk7, ... }:
+{ pkgs, lib, fetchFromGitHub, pythonPackages, jre7, jdk7 }:
 
 pythonPackages.buildPythonApplication rec {
   name = "drozer-${version}";

From ba907218ef263c3f0653ceac657796389709bc12 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 00:16:36 +0200
Subject: [PATCH 017/145] ma pkgs.esptool: 2.0 -> 2.1

---
 makefu/5pkgs/esptool/default.nix | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/makefu/5pkgs/esptool/default.nix b/makefu/5pkgs/esptool/default.nix
index 84bb232cd..4e0d29e19 100644
--- a/makefu/5pkgs/esptool/default.nix
+++ b/makefu/5pkgs/esptool/default.nix
@@ -13,20 +13,19 @@ let
       doCheck = false;
   };
 in
-buildPythonPackage rec {
-    name = "esptool-${version}";
-    version = "2.0beta2";
+  buildPythonPackage rec {
+    name = "${pname}-${version}";
+    pname = "esptool";
+    version = "2.1";
     propagatedBuildInputs = [
       pyserial
       flake8
       ecdsa
       pyaes
     ];
-    src = fetchFromGitHub {
-      owner = "themadinventor";
-      repo = "esptool";
-      rev = "v${version}";
-      sha256 = "0n96pyi1k4qlyfqk5k7xpgq8726wz74qvd3gqjg0bpsl3wr7l94i";
+    src = fetchPypi {
+      inherit pname version;
+      sha256 = "08g393fiqhanixzjbs54pqr6xk1a4dsfaddw7gdwfvp3kvwdn2fp";
     };
     doCheck = false;
-}
+  }

From f7b367e96d5ed1ee76b1f9d048a7915e3da4e653 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 10:04:56 +0200
Subject: [PATCH 018/145] ma udpt,esptool: now in upstream

---
 makefu/5pkgs/esptool/default.nix | 31 -------------------------------
 makefu/5pkgs/udpt/default.nix    | 29 -----------------------------
 2 files changed, 60 deletions(-)
 delete mode 100644 makefu/5pkgs/esptool/default.nix
 delete mode 100644 makefu/5pkgs/udpt/default.nix

diff --git a/makefu/5pkgs/esptool/default.nix b/makefu/5pkgs/esptool/default.nix
deleted file mode 100644
index 4e0d29e19..000000000
--- a/makefu/5pkgs/esptool/default.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ pkgs, fetchFromGitHub, ... }:
-with pkgs.python2Packages;
-let
-  pyaes = buildPythonPackage rec {
-      name = "pyaes-${version}";
-      version = "1.6.0";
-      src = fetchFromGitHub {
-        owner = "ricmoo";
-        repo = "pyaes";
-        rev = "v${version}";
-        sha256 = "04934a9zgwc8g3qhfrkcfv0bs557paigllnkrnfhp9m1azr3bfqb";
-      };
-      doCheck = false;
-  };
-in
-  buildPythonPackage rec {
-    name = "${pname}-${version}";
-    pname = "esptool";
-    version = "2.1";
-    propagatedBuildInputs = [
-      pyserial
-      flake8
-      ecdsa
-      pyaes
-    ];
-    src = fetchPypi {
-      inherit pname version;
-      sha256 = "08g393fiqhanixzjbs54pqr6xk1a4dsfaddw7gdwfvp3kvwdn2fp";
-    };
-    doCheck = false;
-  }
diff --git a/makefu/5pkgs/udpt/default.nix b/makefu/5pkgs/udpt/default.nix
deleted file mode 100644
index 99bcac18b..000000000
--- a/makefu/5pkgs/udpt/default.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ stdenv, boost, sqlite, fetchFromGitHub }:
-
-stdenv.mkDerivation rec {
-  proj = "udpt";
-  name = "udpt-${rev}";
-  rev = "0790558";
-
-  enableParallelBuilding = true;
-
-  src = fetchFromGitHub {
-    owner = "naim94a";
-    repo = "udpt";
-    inherit rev;
-    sha256 = "0rgkjwvnqwbnqy7pm3dk176d3plb5lypaf12533yr0yfzcp6gnzk";
-  };
-  buildInputs = [ boost sqlite ];
-  installPhase = ''
-    mkdir -p $out/bin $out/etc/
-    cp udpt $out/bin
-    cp udpt.conf $out/etc/
-  '';
-  meta = {
-    description = "udp tracker";
-    homepage = https://github.com/naim94a/udpt;
-    license = stdenv.lib.licenses.gpl3;
-    platforms = stdenv.lib.platforms.linux;
-    maintainers = with stdenv.lib.maintainers; [ makefu ];
-  };
-}

From 9d9e9bc3d8087974370e3d62bc05d2332b2efab2 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 14:59:56 +0200
Subject: [PATCH 019/145] ma urlwatch: add pyserial,semantic_version

---
 makefu/2configs/urlwatch/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix
index 1434f1bf0..2eecd6428 100644
--- a/makefu/2configs/urlwatch/default.nix
+++ b/makefu/2configs/urlwatch/default.nix
@@ -28,6 +28,8 @@ in {
       https://pypi.python.org/simple/oslo.config/
       https://pypi.python.org/simple/sqlalchemy_migrate/
       https://pypi.python.org/simple/xstatic/
+      https://pypi.python.org/simple/pyserial/
+      https://pypi.python.org/simple/semantic_version/
       # weird shit
       http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
       http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/

From 37951eed3dd7806f73c40c47ec9cd047ad76c15d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 29 Sep 2017 20:05:13 +0200
Subject: [PATCH 020/145] hw/x220: enable opengl

---
 krebs/2configs/hw/x220.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix
index c85bac0d4..44743b87d 100644
--- a/krebs/2configs/hw/x220.nix
+++ b/krebs/2configs/hw/x220.nix
@@ -8,6 +8,8 @@ with import <stockholm/lib>;
 
   hardware.cpu.intel.updateMicrocode = true;
 
+  hardware.opengl.enable = true;
+
   services.tlp.enable = true;
 
   boot = {

From 7db4c634fc266d25ac80f2545c6c77d5b4d28708 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 21:29:26 +0200
Subject: [PATCH 021/145] ma latte.r: init

---
 krebs/3modules/makefu/default.nix | 33 +++++++++++++++++++
 makefu/1systems/latte/config.nix  | 53 +++++++++++++++++++++++++++++++
 makefu/1systems/latte/source.nix  |  3 ++
 3 files changed, 89 insertions(+)
 create mode 100644 makefu/1systems/latte/config.nix
 create mode 100644 makefu/1systems/latte/source.nix

diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 6e0e876b8..a34c8cd97 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -78,6 +78,37 @@ with import <stockholm/lib>;
         };
       };
     };
+    latte = rec {
+      ci = true;
+      cores = 1;
+      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
+      nets = {
+        internet = {
+          ip4.addr = "185.215.224.160";
+          aliases = [
+            "latte.i"
+          ];
+        };
+        retiolum = {
+          ip4.addr = "10.243.80.249";
+          ip6.addr  = "42:ecb0:376:b37d:cf47:1ecf:f32b:a3b9";
+          aliases = [
+            "latte.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU
+            5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo
+            r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf
+            43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4
+            GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6
+            vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+    };
 
     pnp = {
       ci = true;
@@ -460,6 +491,8 @@ with import <stockholm/lib>;
           '';
         };
       };
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr";
     };
 
     gum = rec {
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
new file mode 100644
index 000000000..d532f216f
--- /dev/null
+++ b/makefu/1systems/latte/config.nix
@@ -0,0 +1,53 @@
+{ config, pkgs, ... }:
+let
+
+  # external-ip = config.krebs.build.host.nets.internet.ip4.addr;
+  # internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+  # default-gw = "185.215.224.1";
+  # prefixLength = 24;
+  # external-mac = "46:5b:fc:f4:44:c9";
+  # ext-if = "et0";
+in {
+
+  imports = [
+    <stockholm/makefu>
+    # configure your hw:
+    <stockholm/makefu/2configs/hw/CAC.nix>
+    <stockholm/makefu/2configs/tinc/retiolum.nix>
+    <stockholm/makefu/2configs/save-diskspace.nix>
+
+    # Security
+    <stockholm/makefu/2configs/sshd-totp.nix>
+    <stockholm/makefu/2configs/stats/client.nix>
+
+    # Tools
+    <stockholm/makefu/2configs/tools/core.nix>
+    <stockholm/makefu/2configs/vim.nix>
+    <stockholm/makefu/2configs/zsh-user.nix>
+    # Services
+    <stockholm/makefu/2configs/remote-build/slave.nix>
+
+  ];
+  krebs = {
+    enable = true;
+    build.host = config.krebs.hosts.latte;
+  };
+  boot.initrd.availableKernelModules = [ "ata_piix" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ];
+
+  boot.loader.grub.device = "/dev/vda";
+  boot.loader.grub.copyKernels = true;
+  fileSystems."/" = {
+    device = "/dev/vda1";
+    fsType = "ext4";
+  };
+  networking = {
+    firewall = {
+      allowPing = true;
+      logRefusedConnections = false;
+      allowedTCPPorts = [ ];
+      allowedUDPPorts = [ 655 ];
+    };
+    # network interface receives dhcp address
+    nameservers = [ "8.8.8.8" ];
+  };
+}
diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix
new file mode 100644
index 000000000..d997fb3f0
--- /dev/null
+++ b/makefu/1systems/latte/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/makefu/source.nix> {
+  name="latte";
+}

From d52d28d5d9e96d167490b45e7c96c668d86451c7 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 21:30:09 +0200
Subject: [PATCH 022/145] ma source: bump rev

---
 makefu/source.nix | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/makefu/source.nix b/makefu/source.nix
index fdd367cba..1a5d4a5d7 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -11,10 +11,13 @@ let
               then "buildbot"
               else "makefu";
   _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
-  ref = "c91346e"; # unstable @ 2017-09-04
-                   # + graceful requests2 (a772c3aa)
-                   # + mitmproxy fix      (eee2d174)
+  ref = "46cfb36"; # unstable @ 2017-09-04
+                   # + graceful requests2 (a772c3a)
+                   # + mitmproxy fix      (eee2d17)
                    # + tpm-tools fix      (5cb9987)
+                   # + dnscrypt-wrapper   (25703c3)
+                   # + lass wvstream fix  (76f4910,37cc2bc,0d48837)
+                   # + ruby stuff (2f0b17e4be9,55a952be5b5)
 
 in
   evalSource (toString _file) [

From 1e635e4d49ba73e83ce09e25f1f11343f1eb8fc9 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 21:30:28 +0200
Subject: [PATCH 023/145] ma remote-build: init config

---
 makefu/2configs/remote-build/master.nix | 14 ++++++++++++++
 makefu/2configs/remote-build/slave.nix  | 11 +++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 makefu/2configs/remote-build/master.nix
 create mode 100644 makefu/2configs/remote-build/slave.nix

diff --git a/makefu/2configs/remote-build/master.nix b/makefu/2configs/remote-build/master.nix
new file mode 100644
index 000000000..4ad2c5ed8
--- /dev/null
+++ b/makefu/2configs/remote-build/master.nix
@@ -0,0 +1,14 @@
+{ pkgs, ...}:
+let
+  sshKey = (toString <secrets>) + "/id_nixBuild";
+in {
+  nix.distributedBuilds = true;
+  # TODO: iterate over krebs.hosts
+  nix.buildMachines = map ( hostName:
+  {   inherit hostName sshKey;
+      sshUser = "nixBuild";
+      system = "x86_64-linux";
+      maxJobs = 1;
+  }) [ "omo.r"  "gum.r" "latte.r" ];
+  # puyak.r "wbob.r"
+}
diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix
new file mode 100644
index 000000000..b6e000a34
--- /dev/null
+++ b/makefu/2configs/remote-build/slave.nix
@@ -0,0 +1,11 @@
+{
+  nix.trustedUsers = [ "nixBuild" ];
+  users.users.nixBuild = {
+      name = "nixBuild";
+      useDefaultShell = true;
+      # TODO: put this somewhere else
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild"
+      ];
+    };
+}

From d0d8d1bb645e28803b43e4e902141d3a4a858ecf Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 21:30:55 +0200
Subject: [PATCH 024/145] ma modules.wvdial: remove (cherry-picked module from
 lass

---
 makefu/3modules/default.nix |  1 -
 makefu/3modules/wvdial.nix  | 70 -------------------------------------
 2 files changed, 71 deletions(-)
 delete mode 100644 makefu/3modules/wvdial.nix

diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index af0e81df5..00df56bee 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -15,7 +15,6 @@ _:
     ./torrent.nix
     ./udpt.nix
     ./umts.nix
-    ./wvdial.nix
   ];
 }
 
diff --git a/makefu/3modules/wvdial.nix b/makefu/3modules/wvdial.nix
deleted file mode 100644
index 982f4a7db..000000000
--- a/makefu/3modules/wvdial.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-{ config, lib, pkgs, ... }:
-# from 17.03/nixos/modules/programs/wvdial.nix
-
-with lib;
-
-let
-
-  configFile = ''
-    [Dialer Defaults]
-    PPPD PATH = ${pkgs.ppp}/sbin/pppd
-    ${config.environment.wvdial.dialerDefaults}
-  '';
-
-  cfg = config.environment.wvdial;
-
-in
-{
-  ###### interface
-
-  options = {
-
-    environment.wvdial = {
-
-      dialerDefaults = mkOption {
-        default = "";
-        type = types.str;
-        example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
-        description = ''
-          Contents of the "Dialer Defaults" section of
-          <filename>/etc/wvdial.conf</filename>.
-        '';
-      };
-
-      pppDefaults = mkOption {
-        default = ''
-          noipdefault
-          usepeerdns
-          defaultroute
-          persist
-          noauth
-        '';
-        type = types.str;
-        description = "Default ppp settings for wvdial.";
-      };
-
-    };
-
-  };
-
-  ###### implementation
-
-  config = mkIf (cfg.dialerDefaults != "") {
-
-    environment = {
-
-      etc =
-      [
-        { source = pkgs.writeText "wvdial.conf" configFile;
-          target = "wvdial.conf";
-        }
-        { source = pkgs.writeText "wvdial" cfg.pppDefaults;
-          target = "ppp/peers/wvdial";
-        }
-      ];
-
-    };
-
-  };
-
-}

From 4875a39aebc2e430bff85e0cb07d76f8d8f77763 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 21:32:01 +0200
Subject: [PATCH 025/145] ma vpn/openvpn-server: retab

---
 makefu/2configs/vpn/openvpn-server.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/makefu/2configs/vpn/openvpn-server.nix b/makefu/2configs/vpn/openvpn-server.nix
index 1e7edbf78..79754264f 100644
--- a/makefu/2configs/vpn/openvpn-server.nix
+++ b/makefu/2configs/vpn/openvpn-server.nix
@@ -1,13 +1,13 @@
 { config, pkgs, ... }:
 let
-	out-itf = config.makefu.server.primary-itf;
-	# generate via openvpn --genkey --secret static.key
-	client-key = (toString <secrets>) + "/openvpn-laptop.key";
+  out-itf = config.makefu.server.primary-itf;
+  # generate via openvpn --genkey --secret static.key
+  client-key = (toString <secrets>) + "/openvpn-laptop.key";
   # domain = "vpn.euer.krebsco.de";
   domain = "gum.krebsco.de";
   dev = "tun0";
   port = 1194;
-	tcp-port = 3306;
+  tcp-port = 3306;
 in {
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
   networking.nat = {

From c83e5ad0d5588e733b860daf3506ae44482020bc Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 21:33:50 +0200
Subject: [PATCH 026/145] ma vim: add remarks about vim-nix

---
 makefu/2configs/vim.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix
index 9f3a59717..43d362ed9 100644
--- a/makefu/2configs/vim.nix
+++ b/makefu/2configs/vim.nix
@@ -127,6 +127,7 @@ in {
         { names = [ "undotree"
           # "YouCompleteMe"
           "vim-better-whitespace" ]; }
+        # vim-nix handles indentation better but does not perform sanity
         { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
       ];
 

From 8962c8f1fc8c37d5f5f55bb2394f8f6e673a87f8 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 21:34:12 +0200
Subject: [PATCH 027/145] ma tools/steam: install steam for makefu, not all
 users

---
 makefu/2configs/tools/steam.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makefu/2configs/tools/steam.nix b/makefu/2configs/tools/steam.nix
index dbe51270d..200ea4719 100644
--- a/makefu/2configs/tools/steam.nix
+++ b/makefu/2configs/tools/steam.nix
@@ -1,6 +1,6 @@
 {pkgs, ...}:
 {
-  environment.systemPackages = [ 
+  users.users.makefu.packages = [
     (pkgs.steam.override {
       newStdcpp = true;
     })

From ff5e7c0dcb7d102c9881212a3286faa7412e97d0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 21:34:38 +0200
Subject: [PATCH 028/145] ma stats/server: announce errors into #noise

---
 makefu/2configs/stats/server.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix
index 8f9935658..bb91b4478 100644
--- a/makefu/2configs/stats/server.nix
+++ b/makefu/2configs/stats/server.nix
@@ -2,6 +2,8 @@
 
 with import <stockholm/lib>;
 let
+  irc-server = "ni.r";
+  irc-nick = "m-alarm";
   collectd-port = 25826;
   influx-port = 8086;
   grafana-port = 3000; # TODO nginx forward
@@ -37,9 +39,9 @@ in {
       echoToIrc = pkgs.writeDash "echo_irc" ''
         set -euf
         data="$(${pkgs.jq}/bin/jq -r .message)"
-        export LOGNAME=malarm
+        export LOGNAME=${irc-nick}
         ${pkgs.irc-announce}/bin/irc-announce \
-          irc.freenode.org 6667 malarm \#krebs-bots "$data" >/dev/null
+          ${irc-server} 6667 ${irc-nick} \#noise "$data" >/dev/null
       '';
   in {
     enable = true;

From e1fb8de2d0facadc57f17e052fc7809b3993c28e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 21:35:17 +0200
Subject: [PATCH 029/145] ma gui: do not run pulseaudio system-wide

required for pacmd
---
 makefu/2configs/gui/base.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix
index 0247010b1..daa0282b8 100644
--- a/makefu/2configs/gui/base.nix
+++ b/makefu/2configs/gui/base.nix
@@ -58,7 +58,7 @@ in
 
   hardware.pulseaudio = {
      enable = true;
-     systemWide = true;
+     # systemWide = true;
   };
   services.xserver.displayManager.sessionCommands = let
     xdefaultsfile = pkgs.writeText "Xdefaults"  ''

From a4ffb72c5ccb7e81c9aa60125aeb71f16644ef47 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 21:35:35 +0200
Subject: [PATCH 030/145] ma git: init europastats

---
 makefu/2configs/git/cgit-retiolum.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 30c0b0b87..5604383e7 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -24,6 +24,7 @@ let
     cac-api = { };
     euer_blog = { };
     ampel = { };
+    europastats = { };
     init-stockholm = {
       cgit.desc = "Init stuff for stockholm";
     };

From 00bdcff9012b0369c1c2cb22e4cacbdf50d20b72 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 21:36:01 +0200
Subject: [PATCH 031/145] ma led-fader: wait for mosquitto

---
 makefu/2configs/deployment/led-fader.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix
index 678370c69..4c17a1d50 100644
--- a/makefu/2configs/deployment/led-fader.nix
+++ b/makefu/2configs/deployment/led-fader.nix
@@ -29,11 +29,11 @@ in {
     environment = {
       NIX_PATH = "/var/src";
     };
-    # after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ];
+    after = [ "network-online.target"  ] ++ (lib.optional config.services.mosquitto.enable "mosquitto.service");
     wantedBy = [ "multi-user.target"  ];
-    after = [ "network-online.target"  ];
     serviceConfig = {
       # User = "nobody"; # need a user with permissions to run nix-shell
+      ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2";
       ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json";
       PrivateTmp = true;
     };

From e2a8aab44294584d185b6501cede7857c0529d36 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 21:37:24 +0200
Subject: [PATCH 032/145] ma: enable remote-build on gum,omo - x is master

---
 makefu/1systems/gum/config.nix | 8 +++++++-
 makefu/1systems/omo/config.nix | 2 ++
 makefu/1systems/x/config.nix   | 1 +
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 2f288e708..e1357ff01 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -40,10 +40,11 @@ in {
       # services
       <stockholm/makefu/2configs/share/gum.nix>
       <stockholm/makefu/2configs/sabnzbd.nix>
-      # <stockholm/makefu/2configs/torrent.nix>
+      <stockholm/makefu/2configs/torrent.nix>
       <stockholm/makefu/2configs/iodined.nix>
       <stockholm/makefu/2configs/vpn/openvpn-server.nix>
       <stockholm/makefu/2configs/dnscrypt/server.nix>
+      <stockholm/makefu/2configs/remote-build/slave.nix>
 
       ## Web
       <stockholm/makefu/2configs/nginx/share-download.nix>
@@ -74,6 +75,9 @@ in {
       <stockholm/makefu/2configs/stats/client.nix>
       # <stockholm/makefu/2configs/logging/client.nix>
 
+      # Temporary:
+      <stockholm/makefu/2configs/temp/rst-issue.nix>
+
   ];
   makefu.dl-dir = "/var/download";
 
@@ -143,6 +147,8 @@ in {
           53589
           # temp vnc
           18001
+          # temp reverseshell
+          31337
         ];
         allowedUDPPorts = [
           # tinc
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 32cd3f900..a22ff10bd 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -65,6 +65,8 @@ in {
       # services
       <stockholm/makefu/2configs/syncthing.nix>
       <stockholm/makefu/2configs/mqtt.nix>
+      <stockholm/makefu/2configs/remote-build/slave.nix>
+
 
       # security
       <stockholm/makefu/2configs/sshd-totp.nix>
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 892eb1095..443f912d8 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -57,6 +57,7 @@ with import <stockholm/lib>;
       <stockholm/makefu/2configs/tor.nix>
       <stockholm/makefu/2configs/vpn/vpngate.nix>
       # <stockholm/makefu/2configs/buildbot-standalone.nix>
+      <stockholm/makefu/2configs/remote-build/master.nix>
 
       # Hardware
       <stockholm/makefu/2configs/hw/tp-x230.nix>

From aa273ee8802c7de6283e0bea2a7624bf099d251d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 21:38:08 +0200
Subject: [PATCH 033/145] ma wbob: enable extended logging

---
 makefu/1systems/wbob/config.nix | 106 +++++++++++++++++++++++++++++++-
 1 file changed, 104 insertions(+), 2 deletions(-)

diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index b776b49d6..3a53b70cb 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -25,7 +25,9 @@ in {
       # <stockholm/makefu/2configs/audio/realtime-audio.nix>
       # <stockholm/makefu/2configs/vncserver.nix>
       <stockholm/makefu/2configs/temp/rst-issue.nix>
-    ];
+      # Services
+      <stockholm/makefu/2configs/remote-build/slave.nix>
+  ];
 
   krebs = {
       enable = true;
@@ -33,10 +35,48 @@ in {
   };
 
   swapDevices = [ { device = "/var/swap"; } ];
+  services.collectd.extraConfig = lib.mkAfter ''
 
+    #LoadPlugin ping
+    # does not work because it requires privileges
+    #<Plugin "ping">
+    #  Host "google.de"
+    #  Host "heise.de"
+    #</Plugin>
+
+    LoadPlugin curl
+    <Plugin curl>
+      TotalTime true
+      NamelookupTime true
+      ConnectTime true
+
+      <Page "google">
+        MeasureResponseTime true
+        MeasureResponseCode true
+        URL "https://google.de"
+      </Page>
+
+      <Page "webde">
+        MeasureResponseTime true
+        MeasureResponseCode true
+        URL "http://web.de"
+      </Page>
+
+    </Plugin>
+    #LoadPlugin netlink
+    #<Plugin "netlink">
+    #  Interface "enp0s25"
+    #  Interface "wlp2s0"
+    #  IgnoreSelected false
+    #</Plugin>
+  '';
 
   networking.firewall.allowedUDPPorts = [ 655 ];
-  networking.firewall.allowedTCPPorts = [ 655 49152 ];
+  networking.firewall.allowedTCPPorts = [
+    655
+    8081 #smokeping
+    49152
+  ];
   networking.firewall.trustedInterfaces = [ "enp0s25" ];
   #services.tinc.networks.siem = {
   #  name = "display";
@@ -90,4 +130,66 @@ in {
       serverAddress = "x.r";
     };
   };
+  security.wrappers.fping = {
+    source = "${pkgs.fping}/bin/fping";
+    setuid = true;
+  };
+  services.smokeping = {
+    enable = true;
+    targetConfig = ''
+      probe = FPing
+      menu = Top
+      title = Network Latency Grapher
+      remark = Welcome to this SmokePing website.
+
+      + network
+      menu = Net latency
+      title = Network latency (ICMP pings)
+
+      ++ google
+      probe = FPing
+      host = google.de
+      ++ webde
+      probe = FPing
+      host = web.de
+
+      + services
+      menu = Service latency
+      title = Service latency (DNS, HTTP)
+
+      ++ HTTP
+      menu = HTTP latency
+      title = Service latency (HTTP)
+
+      +++ webdeping
+      probe = EchoPingHttp
+      host = web.de
+
+      +++ googwebping
+      probe = EchoPingHttp
+      host = google.de
+
+      #+++ webwww
+      #probe = Curl
+      #host = web.de
+
+      #+++ googwebwww
+      #probe = Curl
+      #host = google.de
+    '';
+    probeConfig = ''
+       + FPing
+       binary = /run/wrappers/bin/fping
+       + EchoPingHttp
+       pings = 5
+       url = /
+
+       #+ Curl
+       ## probe-specific variables
+       #binary = ${pkgs.curl}/bin/curl
+       #step = 60
+       ## a default for this target-specific variable
+       #urlformat = http://%host%/
+    '';
+  };
 }

From 6d083f03b76f6dfbe1810f8408301d0c916c3b34 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Sep 2017 21:38:35 +0200
Subject: [PATCH 034/145] ma pkgs.logstash-input-rss: init

---
 makefu/5pkgs/logstash-input-rss/default.nix | 31 +++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 makefu/5pkgs/logstash-input-rss/default.nix

diff --git a/makefu/5pkgs/logstash-input-rss/default.nix b/makefu/5pkgs/logstash-input-rss/default.nix
new file mode 100644
index 000000000..af66359ef
--- /dev/null
+++ b/makefu/5pkgs/logstash-input-rss/default.nix
@@ -0,0 +1,31 @@
+{ pkgs, stdenv, lib, fetchFromGitHub }:
+
+
+stdenv.mkDerivation rec {
+  name = "logstash-input-rss-${version}";
+  version = "3.0.3";
+
+  src = fetchFromGitHub {
+    owner = "logstash-plugins";
+    repo = "logstash-input-rss";
+    rev = "v${version}";
+    sha256 = "026902g256385dx3qkbknz10vsp9dm2ymjdx6s6rkh3krs67w09l";
+  };
+
+  dontBuild    = true;
+  dontPatchELF = true;
+  dontStrip    = true;
+  dontPatchShebangs = true;
+  installPhase = ''
+    mkdir -p $out/logstash
+    cp -r lib/* $out/
+  '';
+
+  meta = with lib; {
+    description = "logstash output plugin";
+    homepage    = https://github.com/logstash-plugins/logstash-input-rss;
+    license     = stdenv.lib.licenses.asl20;
+    platforms   = stdenv.lib.platforms.unix;
+    maintainers = with maintainers; [ makefu ];
+  };
+}

From deb717fda416de23b32f73180ae4a248990d2a85 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 30 Sep 2017 17:59:44 +0200
Subject: [PATCH 035/145] l: add archprism.r

---
 krebs/3modules/lass/default.nix    |  38 +++-
 lass/1systems/archprism/config.nix | 333 +++++++++++++++++++++++++++++
 lass/1systems/archprism/source.nix |   3 +
 3 files changed, 373 insertions(+), 1 deletion(-)
 create mode 100644 lass/1systems/archprism/config.nix
 create mode 100644 lass/1systems/archprism/source.nix

diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index ca3c8b45b..69cc36346 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -116,6 +116,38 @@ with import <stockholm/lib>;
       ssh.privkey.path = <secrets/ssh.id_rsa>;
       ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
     };
+    archprism = rec {
+      cores = 4;
+      nets = rec {
+        retiolum = {
+          via = internet;
+          ip4.addr = "10.243.0.104";
+          ip6.addr = "42::fa17";
+          aliases = [
+            "archprism.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
+            kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
+            JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
+            AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
+            jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
+            anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+        internet = {
+          ip4.addr = "213.239.205.240";
+          aliases = [
+            "archprism.i"
+          ];
+          ssh.port = 45621;
+        };
+      };
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
+    };
     domsen-nas = {
       ci = false;
       external = true;
@@ -487,10 +519,14 @@ with import <stockholm/lib>;
     fritz = {
       pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
     };
-    prism-repo-sync = {
+    archprism-repo-sync = {
       pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C";
       mail = "lass@prism.r";
     };
+    prism-repo-sync = {
+      pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe";
+      mail = "lass@prism.r";
+    };
     mors-repo-sync = {
       pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
       mail = "lass@mors.r";
diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix
new file mode 100644
index 000000000..56f72aced
--- /dev/null
+++ b/lass/1systems/archprism/config.nix
@@ -0,0 +1,333 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
+
+let
+  ip = config.krebs.build.host.nets.internet.ip4.addr;
+
+in {
+  imports = [
+    <stockholm/lass>
+    {
+      networking.interfaces.et0.ip4 = [
+        {
+          address = ip;
+          prefixLength = 24;
+        }
+      ];
+      networking.defaultGateway = "213.239.205.225";
+      networking.nameservers = [
+        "8.8.8.8"
+      ];
+      services.udev.extraRules = ''
+        SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
+      '';
+    }
+    <stockholm/lass/2configs/retiolum.nix>
+    <stockholm/lass/2configs/exim-smarthost.nix>
+    #<stockholm/lass/2configs/downloading.nix>
+    <stockholm/lass/2configs/ts3.nix>
+    <stockholm/lass/2configs/bitlbee.nix>
+    <stockholm/lass/2configs/weechat.nix>
+    <stockholm/lass/2configs/privoxy-retiolum.nix>
+    <stockholm/lass/2configs/radio.nix>
+    <stockholm/lass/2configs/repo-sync.nix>
+    <stockholm/lass/2configs/binary-cache/server.nix>
+    <stockholm/lass/2configs/iodined.nix>
+    <stockholm/lass/2configs/libvirt.nix>
+    <stockholm/lass/2configs/hfos.nix>
+    <stockholm/lass/2configs/monitoring/server.nix>
+    <stockholm/lass/2configs/monitoring/monit-alarms.nix>
+    <stockholm/lass/2configs/paste.nix>
+    <stockholm/lass/2configs/syncthing.nix>
+    <stockholm/lass/2configs/reaktor-coders.nix>
+    <stockholm/lass/2configs/ciko.nix>
+    <stockholm/lass/2configs/container-networking.nix>
+    <stockholm/lass/2configs/reaktor-krebs.nix>
+    #{
+    #  lass.pyload.enable = true;
+    #}
+    {
+      imports = [
+        <stockholm/lass/2configs/bepasty.nix>
+      ];
+      krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
+        if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
+          return 403;
+        }
+      '';
+    }
+    {
+      users.extraGroups = {
+        # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
+        #    Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
+        #    Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
+        #      Docs: man:tmpfiles.d(5)
+        #            man:systemd-tmpfiles(8)
+        #   Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
+        #  Main PID: 19272 (code=exited, status=1/FAILURE)
+        #
+        # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
+        # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
+        # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
+        # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
+        # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
+        # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
+        # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
+        # warning: error(s) occured while switching to the new configuration
+        lock.gid = 10001;
+      };
+    }
+    {
+      boot.loader.grub = {
+        devices = [
+          "/dev/sda"
+          "/dev/sdb"
+        ];
+        splashImage = null;
+      };
+
+      boot.initrd.availableKernelModules = [
+        "ata_piix"
+        "vmw_pvscsi"
+      ];
+
+      fileSystems."/" = {
+        device = "/dev/pool/nix";
+        fsType = "ext4";
+      };
+
+      fileSystems."/boot" = {
+        device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36";
+      };
+
+      fileSystems."/var/download" = {
+        device = "/dev/pool/download";
+      };
+
+      fileSystems."/srv/http" = {
+        device = "/dev/pool/http";
+      };
+
+      fileSystems."/srv/o.ubikmedia.de-data" = {
+        device = "/dev/pool/owncloud-ubik-data";
+      };
+
+      fileSystems."/bku" = {
+        device = "/dev/pool/bku";
+      };
+
+      fileSystems."/tmp" = {
+        device = "tmpfs";
+        fsType = "tmpfs";
+        options = ["nosuid" "nodev" "noatime"];
+      };
+
+    }
+    {
+      sound.enable = false;
+    }
+    {
+      nixpkgs.config.allowUnfree = true;
+    }
+    {
+      #stuff for juhulian
+      users.extraUsers.juhulian = {
+        name = "juhulian";
+        uid = 1339;
+        home = "/home/juhulian";
+        group = "users";
+        createHome = true;
+        useDefaultShell = true;
+        extraGroups = [
+        ];
+        openssh.authorizedKeys.keys = [
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
+        ];
+      };
+      krebs.iptables.tables.filter.INPUT.rules = [
+        { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
+      ];
+    }
+    {
+      environment.systemPackages = [
+        pkgs.perlPackages.Plack
+      ];
+      krebs.iptables.tables.filter.INPUT.rules = [
+        { predicate = "-p tcp --dport 8080"; target = "ACCEPT";}
+      ];
+    }
+    {
+      users.users.chat.openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH"
+      ];
+    }
+    {
+      time.timeZone = "Europe/Berlin";
+    }
+    {
+      imports = [
+        <stockholm/lass/2configs/websites/domsen.nix>
+        <stockholm/lass/2configs/websites/lassulus.nix>
+      ];
+      krebs.iptables.tables.filter.INPUT.rules = [
+         { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
+         { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
+      ];
+    }
+    {
+      services.tor = {
+        enable = true;
+      };
+    }
+    {
+      lass.ejabberd = {
+        enable = true;
+        hosts = [ "lassul.us" ];
+      };
+      krebs.iptables.tables.filter.INPUT.rules = [
+        { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
+        { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
+      ];
+    }
+    {
+      imports = [
+        <stockholm/lass/2configs/realwallpaper.nix>
+      ];
+      services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
+        alias /var/realwallpaper/realwallpaper.png;
+      '';
+    }
+    {
+      environment.systemPackages = with pkgs; [
+        mk_sql_pair
+      ];
+    }
+    {
+      users.users.tv = {
+        uid = genid "tv";
+        inherit (config.krebs.users.tv) home;
+        group = "users";
+        createHome = true;
+        useDefaultShell = true;
+        openssh.authorizedKeys.keys = [
+          config.krebs.users.tv.pubkey
+        ];
+      };
+      users.users.makefu = {
+        uid = genid "makefu";
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [
+          config.krebs.users.makefu.pubkey
+        ];
+      };
+      users.users.nin = {
+        uid = genid "nin";
+        inherit (config.krebs.users.nin) home;
+        group = "users";
+        createHome = true;
+        useDefaultShell = true;
+        openssh.authorizedKeys.keys = [
+          config.krebs.users.nin.pubkey
+        ];
+        extraGroups = [
+          "libvirtd"
+        ];
+      };
+    }
+    {
+      krebs.repo-sync.timerConfig = {
+        OnBootSec = "15min";
+        OnUnitInactiveSec = "90min";
+        RandomizedDelaySec = "30min";
+      };
+      krebs.repo-sync.repos.stockholm.timerConfig = {
+        OnBootSec = "5min";
+        OnUnitInactiveSec = "2min";
+        RandomizedDelaySec = "2min";
+      };
+    }
+    {
+      lass.usershadow = {
+        enable = true;
+      };
+    }
+    {
+      krebs.Reaktor.prism = {
+        nickname = "Reaktor|lass";
+        channels = [ "#retiolum" ];
+        extraEnviron = {
+          REAKTOR_HOST = "ni.r";
+        };
+        plugins = with pkgs.ReaktorPlugins; [
+          sed-plugin
+        ];
+      };
+    }
+    {
+      #stuff for dritter
+      users.extraUsers.dritter = {
+        name = "dritter";
+        uid = genid "dritter";
+        home = "/home/dritter";
+        group = "users";
+        createHome = true;
+        useDefaultShell = true;
+        extraGroups = [
+          "download"
+        ];
+        openssh.authorizedKeys.keys = [
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
+        ];
+      };
+    }
+    {
+      #hotdog
+      containers.hotdog = {
+        config = { ... }: {
+          services.openssh.enable = true;
+          users.users.root.openssh.authorizedKeys.keys = [
+            config.krebs.users.lass.pubkey
+          ];
+        };
+        enableTun = true;
+        privateNetwork = true;
+        hostAddress = "10.233.2.1";
+        localAddress = "10.233.2.2";
+      };
+    }
+    {
+      #kaepsele
+      containers.kaepsele = {
+        config = { ... }: {
+          services.openssh.enable = true;
+          users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
+            lass.pubkey
+            tv.pubkey
+          ];
+        };
+        enableTun = true;
+        privateNetwork = true;
+        hostAddress = "10.233.2.3";
+        localAddress = "10.233.2.4";
+      };
+    }
+    {
+      #onondaga
+      containers.onondaga = {
+        config = { ... }: {
+          services.openssh.enable = true;
+          users.users.root.openssh.authorizedKeys.keys = [
+            config.krebs.users.lass.pubkey
+            config.krebs.users.nin.pubkey
+          ];
+        };
+        enableTun = true;
+        privateNetwork = true;
+        hostAddress = "10.233.2.4";
+        localAddress = "10.233.2.5";
+      };
+    }
+  ];
+
+  krebs.build.host = config.krebs.hosts.archprism;
+}
diff --git a/lass/1systems/archprism/source.nix b/lass/1systems/archprism/source.nix
new file mode 100644
index 000000000..3e96c1d38
--- /dev/null
+++ b/lass/1systems/archprism/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/lass/source.nix> {
+  name = "archprism";
+}

From dda93e30e0ab3746841fa851361ddb55f7d24102 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 30 Sep 2017 18:03:58 +0200
Subject: [PATCH 036/145] l prism.r: cleanup & adapt to new HW

---
 krebs/3modules/lass/default.nix |  38 ++--
 lass/1systems/prism/config.nix  | 316 +++++++++++++-------------------
 lass/1systems/prism/source.nix  |   1 +
 3 files changed, 154 insertions(+), 201 deletions(-)

diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 69cc36346..364c02d1d 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -83,7 +83,7 @@ with import <stockholm/lib>;
       };
       nets = rec {
         internet = {
-          ip4.addr = "213.239.205.240";
+          ip4.addr = "46.4.114.247";
           aliases = [
             "prism.i"
             "paste.i"
@@ -103,18 +103,34 @@ with import <stockholm/lib>;
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
-            MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
-            kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
-            JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
-            AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
-            jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
-            anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
+            MIIECgKCBAEAtpI0+jz2deUiH18T/+JcRshQi7lq8zlRvaXpvyuxJlYCz+o5cLje
+            fxrKn67JbDb0cTAiDkI88alHBd8xeq2I6+CY90NT6PNVfsQBFx2v5YXafELXJWlo
+            rBvPFrR7nt1VzmG/hzkY8RwgC8hC6jRn7cvWWPCkvm2ZnNtYqAjiYMcUcWv6Vn9Z
+            ytPgkebDF9KpD8bL4vQu9iPZGNZpwncCw/Ix66oyTM6e24j/fTYgp7xn28wVUzUB
+            wWDH0uMQOxyBGFutEvAQ48XZ+QQxZv+2ZGqWJ+MeXreUPNP5wTxFCQOrkR1EXNio
+            /jgdHXtU5wVvqPwziukwwnfGJYUUHw7mjdo6ps5rch/aDxs0lahNc2TMbhr3rqgA
+            BkXVfwDTt8W/PB6Z0Y/djXOlUmQKO39OgZuhsYzqM4Uj17up7CDY77SiQYrV901C
+            9CR5oFsAvV+WIMFUBc7ZZGPotJ9nZ2yyLQh+fT3sXuqFpGlyaI2SAm2edZUXKWQ5
+            Q6AIyQRPkTNRCDuvXxIMdmOE++tBnyCI/Psn/Qet5gFcSsUMPhto8Yaka4SgJfyu
+            3iIojFUzskowLWt6dBOGm5brI/OaKz0gyw5K3Hb4T7Jz+EwoeJfhbdZYA6NIY+qH
+            TGGl+47ffT+8e+1hvcAnO+bN5Br8WPN3+VD4FQD5yTb6pCFdZuL3QEyoKc9eugDb
+            g/+rFOsI8bfVeH5zZrl6B6XJBLGeKEECf3zwE2JObO3IuwxATSkahx1jAEy+hFyZ
+            kPwooGj03tkgVGc2AxgdHbfmNUbSVkO+m+ouBojikSrnFNKRTS/wZ69RVg3tl4qg
+            7F4Vs/aMQ9bSWycvRBZQXITPQ1Y6mCEUj2mSKVHmgy/5rqwz2va/Yc1zhUptcINo
+            7ztGiEzFMPGagkTs/Ntuqh2VbC/MwTao0BKl+gyCNwrACnNW87X4og2gtG3ukduz
+            cnSupO84hdTrclthsSEH/rLUauBsuIch58S/F7KCz9hwK45+Btky7Kz4mf/pE451
+            k88QfDHw/cTSzlESPnEnthrRnhxn0fW7FRwJpieKm2AmyEEjSiiYt8mUdD3teKj0
+            dgYrcGQkCnhmKDawgcw46wstBG/sAKT8qnZPRmlzKpcCS186ffuobQvj42LSmuMu
+            ToANi5pw2yEfzwLxNG/3whozB9rqwbqV/YAR/mthMxD0IXpLDKXlV1IeD7MfpV8i
+            jx6SghnkX/s2F7UTOlwJYe/Gl1biLRB8EPnOZKadHR0BRWFd+Qz6pJDp0B13jT3/
+            AEPNGXLwVjmdhy2TVec3OGL/CukPEdiW1Urw5lfOc9dacTXjTNTXzod7Ub6s7ZOE
+            T7Y4dsVeW4OM7NmE/riqS3cG9obGWO7gIQIDAQAB
             -----END RSA PUBLIC KEY-----
           '';
         };
       };
-      ssh.privkey.path = <secrets/ssh.id_rsa>;
-      ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
     };
     archprism = rec {
       cores = 4;
@@ -145,8 +161,8 @@ with import <stockholm/lib>;
           ssh.port = 45621;
         };
       };
-      ssh.privkey.path = <secrets/ssh.id_ed25519>;
-      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
+      ssh.privkey.path = <secrets/ssh.id_rsa>;
+      ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
     };
     domsen-nas = {
       ci = false;
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 5983456b3..a4d67afc4 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -11,73 +11,20 @@ in {
       networking.interfaces.et0.ip4 = [
         {
           address = ip;
-          prefixLength = 24;
+          prefixLength = 27;
         }
       ];
-      networking.defaultGateway = "213.239.205.225";
+      networking.defaultGateway = "46.4.114.225";
       networking.nameservers = [
         "8.8.8.8"
       ];
       services.udev.extraRules = ''
-        SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
-      '';
-    }
-    <stockholm/lass/2configs/retiolum.nix>
-    <stockholm/lass/2configs/exim-smarthost.nix>
-    <stockholm/lass/2configs/downloading.nix>
-    <stockholm/lass/2configs/ts3.nix>
-    <stockholm/lass/2configs/bitlbee.nix>
-    <stockholm/lass/2configs/weechat.nix>
-    <stockholm/lass/2configs/privoxy-retiolum.nix>
-    <stockholm/lass/2configs/radio.nix>
-    <stockholm/lass/2configs/repo-sync.nix>
-    <stockholm/lass/2configs/binary-cache/server.nix>
-    <stockholm/lass/2configs/iodined.nix>
-    <stockholm/lass/2configs/libvirt.nix>
-    <stockholm/lass/2configs/hfos.nix>
-    <stockholm/lass/2configs/monitoring/server.nix>
-    <stockholm/lass/2configs/monitoring/monit-alarms.nix>
-    <stockholm/lass/2configs/paste.nix>
-    <stockholm/lass/2configs/syncthing.nix>
-    <stockholm/lass/2configs/reaktor-coders.nix>
-    <stockholm/lass/2configs/ciko.nix>
-    <stockholm/lass/2configs/container-networking.nix>
-    <stockholm/lass/2configs/reaktor-krebs.nix>
-    {
-      lass.pyload.enable = true;
-    }
-    {
-      imports = [
-        <stockholm/lass/2configs/bepasty.nix>
-      ];
-      krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
-        if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
-          return 403;
-        }
+        SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
       '';
     }
     {
-      users.extraGroups = {
-        # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
-        #    Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
-        #    Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
-        #      Docs: man:tmpfiles.d(5)
-        #            man:systemd-tmpfiles(8)
-        #   Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
-        #  Main PID: 19272 (code=exited, status=1/FAILURE)
-        #
-        # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
-        # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
-        # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
-        # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
-        # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
-        # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
-        # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
-        # warning: error(s) occured while switching to the new configuration
-        lock.gid = 10001;
-      };
-    }
-    {
+      imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+
       boot.loader.grub = {
         devices = [
           "/dev/sda"
@@ -89,126 +36,98 @@ in {
       boot.initrd.availableKernelModules = [
         "ata_piix"
         "vmw_pvscsi"
+        "ahci" "sd_mod"
       ];
 
+      boot.kernelModules = [ "kvm-intel" ];
+
       fileSystems."/" = {
-        device = "/dev/pool/nix";
+        device = "/dev/pool/nix_root";
         fsType = "ext4";
       };
 
-      fileSystems."/boot" = {
-        device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36";
-      };
-
-      fileSystems."/var/download" = {
-        device = "/dev/pool/download";
-      };
-
-      fileSystems."/srv/http" = {
-        device = "/dev/pool/http";
-      };
-
-      fileSystems."/srv/o.ubikmedia.de-data" = {
-        device = "/dev/pool/owncloud-ubik-data";
-      };
-
-      fileSystems."/bku" = {
-        device = "/dev/pool/bku";
-      };
-
       fileSystems."/tmp" = {
         device = "tmpfs";
         fsType = "tmpfs";
         options = ["nosuid" "nodev" "noatime"];
       };
 
-    }
-    {
-      sound.enable = false;
-    }
-    {
-      nixpkgs.config.allowUnfree = true;
-    }
-    {
-      #stuff for juhulian
-      users.extraUsers.juhulian = {
-        name = "juhulian";
-        uid = 1339;
-        home = "/home/juhulian";
-        group = "users";
-        createHome = true;
-        useDefaultShell = true;
-        extraGroups = [
-        ];
-        openssh.authorizedKeys.keys = [
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
-        ];
+      fileSystems."/var/download" = {
+        device = "/dev/pool/download";
+        fsType = "ext4";
       };
-      krebs.iptables.tables.filter.INPUT.rules = [
-        { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
+
+      fileSystems."/srv/http" = {
+        device = "/dev/pool/http";
+        fsType = "ext4";
+      };
+
+      fileSystems."/home" = {
+        device = "/dev/pool/home";
+        fsType = "ext4";
+      };
+
+      swapDevices = [
+        { label = "swap1"; }
+        { label = "swap2"; }
       ];
-    }
-    {
-      environment.systemPackages = [
-        pkgs.perlPackages.Plack
-      ];
-      krebs.iptables.tables.filter.INPUT.rules = [
-        { predicate = "-p tcp --dport 8080"; target = "ACCEPT";}
-      ];
-    }
-    {
-      users.users.chat.openssh.authorizedKeys.keys = [
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH"
-      ];
-    }
-    {
+
+      sound.enable = false;
+      nixpkgs.config.allowUnfree = true;
       time.timeZone = "Europe/Berlin";
     }
+    <stockholm/lass/2configs/retiolum.nix>
+    <stockholm/lass/2configs/libvirt.nix>
     {
+      services.nginx.enable = true;
       imports = [
         <stockholm/lass/2configs/websites/domsen.nix>
         <stockholm/lass/2configs/websites/lassulus.nix>
       ];
+      # needed by domsen.nix ^^
+      lass.usershadow = {
+        enable = true;
+      };
+
       krebs.iptables.tables.filter.INPUT.rules = [
          { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
          { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
       ];
     }
-    {
-      services.tor = {
-        enable = true;
+    { # TODO make new hfos.nix out of this vv
+      users.users.riot = {
+        uid = genid "riot";
+        isNormalUser = true;
+        extraGroups = [ "libvirtd" ];
+        openssh.authorizedKeys.keys = [
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
+        ];
       };
-    }
-    {
-      lass.ejabberd = {
-        enable = true;
-        hosts = [ "lassul.us" ];
+
+      # TODO write function for proxy_pass (ssl/nonssl)
+      services.nginx.virtualHosts."hackerfleet.de" = {
+        serverAliases = [
+          "*.hackerfleet.de"
+        ];
+        locations."/".extraConfig = ''
+          proxy_pass http://192.168.122.92:80;
+        '';
+      };
+      services.nginx.virtualHosts."hackerfleet.de-s" = {
+        serverName = "hackerfleet.de";
+        port = 443;
+        serverAliases = [
+          "*.hackerfleet.de"
+        ];
+        locations."/".extraConfig = ''
+          proxy_pass http://192.168.122.92:443;
+        '';
       };
-      krebs.iptables.tables.filter.INPUT.rules = [
-        { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
-        { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
-      ];
-    }
-    {
-      imports = [
-        <stockholm/lass/2configs/realwallpaper.nix>
-      ];
-      services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
-        alias /var/realwallpaper/realwallpaper.png;
-      '';
-    }
-    {
-      environment.systemPackages = with pkgs; [
-        mk_sql_pair
-      ];
     }
     {
       users.users.tv = {
         uid = genid "tv";
-        inherit (config.krebs.users.tv) home;
-        group = "users";
-        createHome = true;
-        useDefaultShell = true;
+        isNormalUser = true;
         openssh.authorizedKeys.keys = [
           config.krebs.users.tv.pubkey
         ];
@@ -222,56 +141,14 @@ in {
       };
       users.users.nin = {
         uid = genid "nin";
-        inherit (config.krebs.users.nin) home;
-        group = "users";
-        createHome = true;
-        useDefaultShell = true;
+        isNormalUser = true;
         openssh.authorizedKeys.keys = [
           config.krebs.users.nin.pubkey
         ];
-        extraGroups = [
-          "libvirtd"
-        ];
       };
-    }
-    {
-      krebs.repo-sync.timerConfig = {
-        OnBootSec = "15min";
-        OnUnitInactiveSec = "90min";
-        RandomizedDelaySec = "30min";
-      };
-      krebs.repo-sync.repos.stockholm.timerConfig = {
-        OnBootSec = "5min";
-        OnUnitInactiveSec = "2min";
-        RandomizedDelaySec = "2min";
-      };
-    }
-    {
-      lass.usershadow = {
-        enable = true;
-      };
-    }
-    {
-      krebs.Reaktor.prism = {
-        nickname = "Reaktor|lass";
-        channels = [ "#retiolum" ];
-        extraEnviron = {
-          REAKTOR_HOST = "ni.r";
-        };
-        plugins = with pkgs.ReaktorPlugins; [
-          sed-plugin
-        ];
-      };
-    }
-    {
-      #stuff for dritter
       users.extraUsers.dritter = {
-        name = "dritter";
         uid = genid "dritter";
-        home = "/home/dritter";
-        group = "users";
-        createHome = true;
-        useDefaultShell = true;
+        isNormalUser = true;
         extraGroups = [
           "download"
         ];
@@ -279,6 +156,13 @@ in {
           "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
         ];
       };
+      users.extraUsers.juhulian = {
+        uid = 1339;
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
+        ];
+      };
     }
     {
       #hotdog
@@ -327,7 +211,59 @@ in {
         localAddress = "10.233.2.5";
       };
     }
+    <stockholm/lass/2configs/exim-smarthost.nix>
+    <stockholm/lass/2configs/ts3.nix>
+    <stockholm/lass/2configs/bitlbee.nix>
+    <stockholm/lass/2configs/weechat.nix>
+    <stockholm/lass/2configs/privoxy-retiolum.nix>
+    <stockholm/lass/2configs/radio.nix>
+    <stockholm/lass/2configs/repo-sync.nix>
+    <stockholm/lass/2configs/binary-cache/server.nix>
+    <stockholm/lass/2configs/iodined.nix>
+    <stockholm/lass/2configs/monitoring/server.nix>
+    <stockholm/lass/2configs/monitoring/monit-alarms.nix>
+    <stockholm/lass/2configs/paste.nix>
+    <stockholm/lass/2configs/syncthing.nix>
+    #<stockholm/lass/2configs/reaktor-coders.nix>
+    #<stockholm/lass/2configs/reaktor-krebs.nix>
+    <stockholm/lass/2configs/ciko.nix>
+    <stockholm/lass/2configs/container-networking.nix>
+    { # quasi bepasty.nix
+      imports = [
+        <stockholm/lass/2configs/bepasty.nix>
+      ];
+      krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
+        if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
+          return 403;
+        }
+      '';
+    }
+    {
+      services.tor = {
+        enable = true;
+      };
+    }
+    {
+      lass.ejabberd = {
+        enable = true;
+        hosts = [ "lassul.us" ];
+      };
+      krebs.iptables.tables.filter.INPUT.rules = [
+        { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
+        { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
+      ];
+    }
+    {
+      imports = [
+        <stockholm/lass/2configs/realwallpaper.nix>
+      ];
+      services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
+        alias /var/realwallpaper/realwallpaper.png;
+      '';
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.prism;
+  # workaround because grub store paths are broken
+  boot.copyKernels = true;
 }
diff --git a/lass/1systems/prism/source.nix b/lass/1systems/prism/source.nix
index 557fbf509..3dbd6c52b 100644
--- a/lass/1systems/prism/source.nix
+++ b/lass/1systems/prism/source.nix
@@ -1,3 +1,4 @@
+with import <stockholm/lib>;
 import <stockholm/lass/source.nix> {
   name = "prism";
 }

From 8bd9894a2af5a0db91c0cb7943a34f60e2252c32 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 30 Sep 2017 18:06:21 +0200
Subject: [PATCH 037/145] add new prism.r binary-cache key

---
 krebs/2configs/binary-cache/prism.nix | 1 +
 lass/2configs/binary-cache/client.nix | 1 +
 2 files changed, 2 insertions(+)

diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix
index 4813eeb0f..46b386e14 100644
--- a/krebs/2configs/binary-cache/prism.nix
+++ b/krebs/2configs/binary-cache/prism.nix
@@ -7,6 +7,7 @@
     ];
     binaryCachePublicKeys = [
       "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+      "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI="
     ];
   };
 }
diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix
index 9dba5fbfb..b0e0a8b88 100644
--- a/lass/2configs/binary-cache/client.nix
+++ b/lass/2configs/binary-cache/client.nix
@@ -8,6 +8,7 @@
     ];
     binaryCachePublicKeys = [
       "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+      "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI="
       "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
     ];
   };

From 524456acdb76c17a2027ea92670513213c5e59fe Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 30 Sep 2017 19:09:46 +0200
Subject: [PATCH 038/145] l helios.r: enable redis

---
 lass/1systems/helios/config.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index 37bdc0290..271f1a7cf 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -11,7 +11,6 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/retiolum.nix>
     <stockholm/lass/2configs/otp-ssh.nix>
     <stockholm/lass/2configs/git.nix>
-    <stockholm/lass/2configs/fetchWallpaper.nix>
     { # automatic hardware detection
       boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
       boot.kernelModules = [ "kvm-intel" ];
@@ -47,6 +46,16 @@ with import <stockholm/lib>;
       fonts.fontconfig.dpi = 200;
       lass.myFont = "-schumacher-clean-*-*-*-*-25-*-*-*-*-*-iso10646-1";
     }
+    { #TAPIR, AGATIS, sentral, a3 - foo
+      services.redis.enable = true;
+    }
+    {
+      krebs.fetchWallpaper = {
+        enable = true;
+        url = "http://i.imgur.com/0ktqxSg.png";
+        maxTime = 9001;
+      };
+    }
   ];
   krebs.build.host = config.krebs.hosts.helios;
 

From 0a9137e5bbd7ac34dadd7806b9ab829a09cf8625 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 30 Sep 2017 19:10:12 +0200
Subject: [PATCH 039/145] l helios.r: add pkgs.ag

---
 lass/1systems/helios/config.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index 271f1a7cf..6ff3fbb86 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -75,6 +75,7 @@ with import <stockholm/lib>;
   hardware.enableRedistributableFirmware = true;
 
   environment.systemPackages = with pkgs; [
+    ag
     vim
     rxvt_unicode
     git

From cad6fa36cb5d50ba7debd642258f37d1ba7aa4b2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 30 Sep 2017 19:11:08 +0200
Subject: [PATCH 040/145] l exim-smarthost: add aplle & coinbase mail

---
 lass/2configs/exim-smarthost.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index c9d7a369a..0b56f6f47 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -43,6 +43,8 @@ with import <stockholm/lib>;
       { from = "radio@lassul.us"; to = lass.mail; }
       { from = "btce@lassul.us"; to = lass.mail; }
       { from = "raf@lassul.us"; to = lass.mail; }
+      { from = "apple@lassul.us"; to = lass.mail; }
+      { from = "coinbase@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }

From ea21ba775c11a5ff4b79c18445895cf95956220c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 30 Sep 2017 19:11:44 +0200
Subject: [PATCH 041/145] l git: add nix-user-chroot repo

---
 lass/2configs/git.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 3991acadc..920da98c7 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -53,6 +53,10 @@ let
       cgit.desc = "Good Music collection + tools";
       cgit.section  = "art";
     };
+    nix-user-chroot = {
+      cgit.desc = "Fork of nix-user-chroot my lethalman";
+      cgit.section = "software";
+    };
   } // mapAttrs make-public-repo-silent {
   };
 

From 0971a0709b976b0f86651d2635709569f15adc12 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 30 Sep 2017 19:12:12 +0200
Subject: [PATCH 042/145] l vim: use python3.5 flake8

---
 lass/2configs/vim.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index 7f36fcd90..6e2717117 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -5,7 +5,7 @@ let
   out = {
     environment.systemPackages = [
       (hiPrio vim)
-      pkgs.pythonPackages.flake8
+      pkgs.python35Packages.flake8
     ];
 
     environment.etc.vimrc.source = vimrc;

From 2cca99fadc19f81c52beb71d1d0ad8ea97380f97 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 30 Sep 2017 19:12:30 +0200
Subject: [PATCH 043/145] l vim: add vimPlugins.vim-go

---
 lass/2configs/vim.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index 6e2717117..71c3aaada 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -104,6 +104,7 @@ let
     pkgs.vimPlugins.Gundo
     pkgs.vimPlugins.Syntastic
     pkgs.vimPlugins.undotree
+    pkgs.vimPlugins.vim-go
     (pkgs.vimUtils.buildVimPlugin {
       name = "file-line-1.0";
       src = pkgs.fetchFromGitHub {

From ec1482b0bf98a551348d6f0de6d966d81dbd663e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 30 Sep 2017 19:36:54 +0200
Subject: [PATCH 044/145] l Reaktors: archprism.r -> prism.r

---
 lass/1systems/archprism/config.nix | 28 ++++++++++++++--------------
 lass/1systems/prism/config.nix     |  5 +++--
 lass/2configs/reaktor-retiolum.nix | 15 +++++++++++++++
 3 files changed, 32 insertions(+), 16 deletions(-)
 create mode 100644 lass/2configs/reaktor-retiolum.nix

diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix
index 56f72aced..69a0476fb 100644
--- a/lass/1systems/archprism/config.nix
+++ b/lass/1systems/archprism/config.nix
@@ -39,10 +39,10 @@ in {
     <stockholm/lass/2configs/monitoring/monit-alarms.nix>
     <stockholm/lass/2configs/paste.nix>
     <stockholm/lass/2configs/syncthing.nix>
-    <stockholm/lass/2configs/reaktor-coders.nix>
+    #<stockholm/lass/2configs/reaktor-coders.nix>
     <stockholm/lass/2configs/ciko.nix>
     <stockholm/lass/2configs/container-networking.nix>
-    <stockholm/lass/2configs/reaktor-krebs.nix>
+    #<stockholm/lass/2configs/reaktor-krebs.nix>
     #{
     #  lass.pyload.enable = true;
     #}
@@ -251,18 +251,18 @@ in {
         enable = true;
       };
     }
-    {
-      krebs.Reaktor.prism = {
-        nickname = "Reaktor|lass";
-        channels = [ "#retiolum" ];
-        extraEnviron = {
-          REAKTOR_HOST = "ni.r";
-        };
-        plugins = with pkgs.ReaktorPlugins; [
-          sed-plugin
-        ];
-      };
-    }
+    #{
+    #  krebs.Reaktor.prism = {
+    #    nickname = "Reaktor|lass";
+    #    channels = [ "#retiolum" ];
+    #    extraEnviron = {
+    #      REAKTOR_HOST = "ni.r";
+    #    };
+    #    plugins = with pkgs.ReaktorPlugins; [
+    #      sed-plugin
+    #    ];
+    #  };
+    #}
     {
       #stuff for dritter
       users.extraUsers.dritter = {
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index a4d67afc4..5b3091a39 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -224,8 +224,9 @@ in {
     <stockholm/lass/2configs/monitoring/monit-alarms.nix>
     <stockholm/lass/2configs/paste.nix>
     <stockholm/lass/2configs/syncthing.nix>
-    #<stockholm/lass/2configs/reaktor-coders.nix>
-    #<stockholm/lass/2configs/reaktor-krebs.nix>
+    <stockholm/lass/2configs/reaktor-coders.nix>
+    <stockholm/lass/2configs/reaktor-krebs.nix>
+    <stockholm/lass/2configs/reaktor-retiolum.nix>
     <stockholm/lass/2configs/ciko.nix>
     <stockholm/lass/2configs/container-networking.nix>
     { # quasi bepasty.nix
diff --git a/lass/2configs/reaktor-retiolum.nix b/lass/2configs/reaktor-retiolum.nix
new file mode 100644
index 000000000..b2a21f802
--- /dev/null
+++ b/lass/2configs/reaktor-retiolum.nix
@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+  krebs.Reaktor.retiolum = {
+    nickname = "Reaktor|lass";
+    channels = [ "#retiolum" ];
+    extraEnviron = {
+      REAKTOR_HOST = "ni.r";
+    };
+    plugins = with pkgs.ReaktorPlugins; [
+      sed-plugin
+    ];
+  };
+}

From c159128c2cb4eb247cdbbacbea2aed4961dbc28d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 30 Sep 2017 23:13:49 +0200
Subject: [PATCH 045/145] puyak.r: fix syntax

---
 krebs/1systems/puyak/config.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 444bf383c..ba578512e 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -70,7 +70,7 @@
     extraModprobeConfig = ''
       options thinkpad_acpi fan_control=1
     '';
-  }
+  };
 
   system.activationScripts."disengage fancontrol" = ''
     echo level disengaged > /proc/acpi/ibm/fan

From c404a21d1bd03595292ce28e48f13621a5fcc7fb Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Oct 2017 01:32:36 +0200
Subject: [PATCH 046/145] puyak.r: merge multiple boot configs

---
 krebs/1systems/puyak/config.nix | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index ba578512e..d2664ef84 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -27,6 +27,11 @@
     initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ];
     initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
     initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+
+    kernelModules = [ "kvm-intel" ];
+    extraModprobeConfig = ''
+      options thinkpad_acpi fan_control=1
+    '';
   };
 
   fileSystems = {
@@ -65,12 +70,6 @@
   '';
 
   environment.systemPackages = [ pkgs.zsh ];
-  boot = {
-    kernelModules = [ "kvm-intel" ];
-    extraModprobeConfig = ''
-      options thinkpad_acpi fan_control=1
-    '';
-  };
 
   system.activationScripts."disengage fancontrol" = ''
     echo level disengaged > /proc/acpi/ibm/fan

From a43efa33f60d36f22f3ea49084d5b7b3ec01828f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Oct 2017 13:01:55 +0200
Subject: [PATCH 047/145] htodog.r: add irc.r

---
 krebs/1systems/hotdog/config.nix | 1 +
 krebs/3modules/krebs/default.nix | 1 +
 2 files changed, 2 insertions(+)

diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 2ad22f49c..7f49f9485 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -12,6 +12,7 @@
     <stockholm/krebs/2configs/buildbot-all.nix>
     <stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
     <stockholm/krebs/2configs/binary-cache/nixos.nix>
+    <stockholm/krebs/2configs/ircd.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.hotdog;
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 2fe3e5115..1e626f0a0 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -74,6 +74,7 @@ in {
             "build.r"
             "build.hotdog.r"
             "cgit.hotdog.r"
+            "irc.r"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----

From e1842266b3787337cac76b6d7297fd3186978fd2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Oct 2017 13:35:30 +0200
Subject: [PATCH 048/145] l: #retiolum@ni.r -> #krebs@irc.r

---
 lass/2configs/git.nix                     | 8 ++++----
 lass/2configs/monitoring/monit-alarms.nix | 2 +-
 lass/2configs/monitoring/server.nix       | 2 +-
 lass/2configs/reaktor-retiolum.nix        | 4 ++--
 lass/2configs/repo-sync.nix               | 4 ++--
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 920da98c7..91318b530 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -77,8 +77,8 @@ let
       post-receive = pkgs.git-hooks.irc-announce {
         # TODO make nick = config.krebs.build.host.name the default
         nick = config.krebs.build.host.name;
-        channel = "#retiolum";
-        server = "ni.r";
+        channel = "#krebs";
+        server = "irc.r";
         verbose = config.krebs.build.host.name == "prism";
         # TODO define branches in some kind of option per repo
         branches = [ "master" "staging*" ];
@@ -98,8 +98,8 @@ let
       post-receive = pkgs.git-hooks.irc-announce {
         # TODO make nick = config.krebs.build.host.name the default
         nick = config.krebs.build.host.name;
-        channel = "#retiolum";
-        server = "ni.r";
+        channel = "#krebs";
+        server = "irc.r";
         verbose = true;
         # TODO define branches in some kind of option per repo
         branches = [ "master" "staging*" ];
diff --git a/lass/2configs/monitoring/monit-alarms.nix b/lass/2configs/monitoring/monit-alarms.nix
index 65b91a745..2cfc292e5 100644
--- a/lass/2configs/monitoring/monit-alarms.nix
+++ b/lass/2configs/monitoring/monit-alarms.nix
@@ -6,7 +6,7 @@ let
       set -euf
       export LOGNAME=prism-alarm
       ${pkgs.irc-announce}/bin/irc-announce \
-        ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
+        irc.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
     '';
 
 in {
diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix
index d1ff234ee..adaecde2c 100644
--- a/lass/2configs/monitoring/server.nix
+++ b/lass/2configs/monitoring/server.nix
@@ -29,7 +29,7 @@ with import <stockholm/lib>;
         data="$(${pkgs.jq}/bin/jq -r .message)"
         export LOGNAME=prism-alarm
         ${pkgs.irc-announce}/bin/irc-announce \
-          ni.r 6667 prism-alarm \#noise "$data" >/dev/null
+          irc.r 6667 prism-alarm \#noise "$data" >/dev/null
       '';
     in {
       enable = true;
diff --git a/lass/2configs/reaktor-retiolum.nix b/lass/2configs/reaktor-retiolum.nix
index b2a21f802..0ec825522 100644
--- a/lass/2configs/reaktor-retiolum.nix
+++ b/lass/2configs/reaktor-retiolum.nix
@@ -4,9 +4,9 @@ with import <stockholm/lib>;
 {
   krebs.Reaktor.retiolum = {
     nickname = "Reaktor|lass";
-    channels = [ "#retiolum" ];
+    channels = [ "#krebs" ];
     extraEnviron = {
-      REAKTOR_HOST = "ni.r";
+      REAKTOR_HOST = "irc.r";
     };
     plugins = with pkgs.ReaktorPlugins; [
       sed-plugin
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index f0c0ebfee..12a2c0fe8 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -15,8 +15,8 @@ let
         post-receive = pkgs.git-hooks.irc-announce {
           nick = config.networking.hostName;
           verbose = false;
-          channel = "#retiolum";
-          server = "ni.r";
+          channel = "#krebs";
+          server = "irc.r";
           branches = [ "newest" ];
         };
       });

From 7cdf5705d91e3710ae82bd9cc9843c70130698ce Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Oct 2017 13:41:41 +0200
Subject: [PATCH 049/145] #retiolum@ni.r -> #krebs@irc.r

---
 krebs/2configs/repo-sync.nix           | 4 ++--
 krebs/3modules/announce-activation.nix | 4 ++--
 krebs/3modules/ci.nix                  | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix
index b0b0b2f62..9b60dc552 100644
--- a/krebs/2configs/repo-sync.nix
+++ b/krebs/2configs/repo-sync.nix
@@ -15,8 +15,8 @@ let
         post-receive = pkgs.git-hooks.irc-announce {
           nick = config.networking.hostName;
           verbose = false;
-          channel = "#retiolum";
-          server = "ni.r";
+          channel = "#krebs";
+          server = "irc.r";
           branches = [ "master" ];
         };
       });
diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix
index 5a3a788c2..73704ae27 100644
--- a/krebs/3modules/announce-activation.nix
+++ b/krebs/3modules/announce-activation.nix
@@ -35,7 +35,7 @@ in {
     irc = {
       # TODO rename channel to target?
       channel = mkOption {
-        default = "#retiolum";
+        default = "#krebs";
         type = types.str; # TODO types.irc-channel
       };
       nick = mkOption {
@@ -47,7 +47,7 @@ in {
         type = types.int;
       };
       server = mkOption {
-        default = "ni.r";
+        default = "irc.r";
         type = types.hostname;
       };
     };
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index dab87792e..49d5bbc93 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -133,8 +133,8 @@ in
       irc = {
         enable = true;
         nick = "build|${hostname}";
-        server = "ni.r";
-        channels = [ "retiolum" "noise" ];
+        server = "irc.r";
+        channels = [ "krebs" "noise" ];
         allowForce = true;
       };
       extraConfig = ''

From 144b18a15c8713314dfce32f719c63dae5fc37bd Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 1 Oct 2017 13:43:00 +0200
Subject: [PATCH 050/145] tv gitrepos: ni.r/#retiolum -> irc.r/#krebs

---
 tv/2configs/gitrepos.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index b6480f356..bbb1d4128 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -100,10 +100,10 @@ let {
   );
 
   irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate {
-    channel = "#retiolum";
+    channel = "#krebs";
     # TODO make nick = config.krebs.build.host.name the default
     nick = config.krebs.build.host.name;
-    server = "ni.r";
+    server = "irc.r";
     verbose = true;
   } args);
 

From 5b536e2d311ae6beea7f7e73115c3a061d523a59 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 1 Oct 2017 14:01:19 +0200
Subject: [PATCH 051/145] ma irc: ni.r -> irc.r

---
 makefu/1systems/pnp/config.nix         | 3 ++-
 makefu/2configs/git/brain-retiolum.nix | 2 +-
 makefu/2configs/git/cgit-retiolum.nix  | 2 +-
 makefu/2configs/stats/server.nix       | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/makefu/1systems/pnp/config.nix b/makefu/1systems/pnp/config.nix
index 5fbaaabc7..47fa74c00 100644
--- a/makefu/1systems/pnp/config.nix
+++ b/makefu/1systems/pnp/config.nix
@@ -34,7 +34,8 @@
   krebs.Reaktor.debug = {
     debug = true;
     extraEnviron = {
-      REAKTOR_HOST = "ni.r";
+      # TODO: remove hard-coded server
+      REAKTOR_HOST = "irc.r";
     };
     plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ];
     channels = [ "#retiolum" ];
diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix
index 05754dc7f..b913f3056 100644
--- a/makefu/2configs/git/brain-retiolum.nix
+++ b/makefu/2configs/git/brain-retiolum.nix
@@ -21,7 +21,7 @@ let
         verbose = true;
         channel = "#retiolum";
         # TODO remove the hardcoded hostname
-        server = "ni.r";
+        server = "irc.r";
       };
     };
   };
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 5604383e7..5d46cabb3 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -59,7 +59,7 @@ let
         verbose = config.krebs.build.host.name == "gum";
         channel = "#retiolum";
         # TODO remove the hardcoded hostname
-        server = "ni.r";
+        server = "irc.r";
       };
     };
   };
diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix
index bb91b4478..7548c733e 100644
--- a/makefu/2configs/stats/server.nix
+++ b/makefu/2configs/stats/server.nix
@@ -2,7 +2,7 @@
 
 with import <stockholm/lib>;
 let
-  irc-server = "ni.r";
+  irc-server = "rc.r";
   irc-nick = "m-alarm";
   collectd-port = 25826;
   influx-port = 8086;

From 0fe3f562d7dc66dc4dcf39522fc17ccce6ee30b4 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 1 Oct 2017 14:01:48 +0200
Subject: [PATCH 052/145] ma cake.r: init

---
 krebs/3modules/makefu/default.nix | 25 +++++++++++++++++++++++++
 makefu/1systems/cake/config.nix   | 20 ++++++++++++++++++++
 makefu/1systems/cake/source.nix   |  3 +++
 3 files changed, 48 insertions(+)
 create mode 100644 makefu/1systems/cake/config.nix
 create mode 100644 makefu/1systems/cake/source.nix

diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index a34c8cd97..d80935683 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -4,6 +4,31 @@ with import <stockholm/lib>;
 
 {
   hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
+    cake = rec {
+      cores = 1;
+      ci = false;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.136.236";
+          ip6.addr  = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee1";
+          aliases = [
+            "cake.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu
+            jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+
+            MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq
+            6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7
+            36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP
+            MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB
+            -----END RSA PUBLIC KEY-----
+            '';
+        };
+      };
+      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake";
+    };
     drop = rec {
       ci = true;
       cores = 1;
diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix
new file mode 100644
index 000000000..0630d19ad
--- /dev/null
+++ b/makefu/1systems/cake/config.nix
@@ -0,0 +1,20 @@
+{ config, pkgs, ... }:
+{
+    imports = [
+        <stockholm/makefu>
+        # configure your hw:
+        # <stockholm/makefu/2configs/hw/CAC.nix>
+        # <stockholm/makefu/2configs/fs/CAC-CentOS-7-64bit.nix>
+        # <stockholm/makefu/2configs/save-diskspace.nix
+    ];
+    krebs = {
+        enable = true;
+        tinc.retiolum.enable = true;
+        build.host = config.krebs.hosts.cake;
+    };
+    # You want to change these :)
+    boot.loader.grub.device = "/dev/sda";
+    fileSystems."/" = {
+        device = "/dev/sda1";
+    };
+}
\ No newline at end of file
diff --git a/makefu/1systems/cake/source.nix b/makefu/1systems/cake/source.nix
new file mode 100644
index 000000000..797417a1d
--- /dev/null
+++ b/makefu/1systems/cake/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/makefu/source.nix> {
+  name="cake";
+}
\ No newline at end of file

From f0053f2dca7b5089aa7f22fb09d9cf2109b5835a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Oct 2017 14:21:34 +0200
Subject: [PATCH 053/145] l #krebs@irc.r -> #xxx@irc.r

---
 lass/2configs/git.nix              | 4 ++--
 lass/2configs/reaktor-retiolum.nix | 2 +-
 lass/2configs/repo-sync.nix        | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 91318b530..4a2199b39 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -77,7 +77,7 @@ let
       post-receive = pkgs.git-hooks.irc-announce {
         # TODO make nick = config.krebs.build.host.name the default
         nick = config.krebs.build.host.name;
-        channel = "#krebs";
+        channel = "#xxx";
         server = "irc.r";
         verbose = config.krebs.build.host.name == "prism";
         # TODO define branches in some kind of option per repo
@@ -98,7 +98,7 @@ let
       post-receive = pkgs.git-hooks.irc-announce {
         # TODO make nick = config.krebs.build.host.name the default
         nick = config.krebs.build.host.name;
-        channel = "#krebs";
+        channel = "#xxx";
         server = "irc.r";
         verbose = true;
         # TODO define branches in some kind of option per repo
diff --git a/lass/2configs/reaktor-retiolum.nix b/lass/2configs/reaktor-retiolum.nix
index 0ec825522..144b7d484 100644
--- a/lass/2configs/reaktor-retiolum.nix
+++ b/lass/2configs/reaktor-retiolum.nix
@@ -4,7 +4,7 @@ with import <stockholm/lib>;
 {
   krebs.Reaktor.retiolum = {
     nickname = "Reaktor|lass";
-    channels = [ "#krebs" ];
+    channels = [ "#xxx" ];
     extraEnviron = {
       REAKTOR_HOST = "irc.r";
     };
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index 12a2c0fe8..f3ef23e67 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -15,7 +15,7 @@ let
         post-receive = pkgs.git-hooks.irc-announce {
           nick = config.networking.hostName;
           verbose = false;
-          channel = "#krebs";
+          channel = "#xxx";
           server = "irc.r";
           branches = [ "newest" ];
         };

From cf62603b129ff4afad5fac4789ee98d1beddda3b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Oct 2017 14:26:12 +0200
Subject: [PATCH 054/145] #krebs@irc.r -> #xxx@irc.r

---
 krebs/2configs/repo-sync.nix           | 2 +-
 krebs/3modules/announce-activation.nix | 2 +-
 krebs/3modules/ci.nix                  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix
index 9b60dc552..84b7d9c0e 100644
--- a/krebs/2configs/repo-sync.nix
+++ b/krebs/2configs/repo-sync.nix
@@ -15,7 +15,7 @@ let
         post-receive = pkgs.git-hooks.irc-announce {
           nick = config.networking.hostName;
           verbose = false;
-          channel = "#krebs";
+          channel = "#xxx";
           server = "irc.r";
           branches = [ "master" ];
         };
diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix
index 73704ae27..8f8440eb7 100644
--- a/krebs/3modules/announce-activation.nix
+++ b/krebs/3modules/announce-activation.nix
@@ -35,7 +35,7 @@ in {
     irc = {
       # TODO rename channel to target?
       channel = mkOption {
-        default = "#krebs";
+        default = "#xxx";
         type = types.str; # TODO types.irc-channel
       };
       nick = mkOption {
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index 49d5bbc93..adbc1ebe1 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -134,7 +134,7 @@ in
         enable = true;
         nick = "build|${hostname}";
         server = "irc.r";
-        channels = [ "krebs" "noise" ];
+        channels = [ "xxx" "noise" ];
         allowForce = true;
       };
       extraConfig = ''

From b01385c974dd3f4a9cbf0e7e992e960cd9ebf295 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 1 Oct 2017 14:28:34 +0200
Subject: [PATCH 055/145] ma: #retiolum -> #xxx

---
 makefu/1systems/pnp/config.nix         | 2 +-
 makefu/2configs/git/brain-retiolum.nix | 2 +-
 makefu/2configs/git/cgit-retiolum.nix  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/makefu/1systems/pnp/config.nix b/makefu/1systems/pnp/config.nix
index 47fa74c00..6c9fc0606 100644
--- a/makefu/1systems/pnp/config.nix
+++ b/makefu/1systems/pnp/config.nix
@@ -38,7 +38,7 @@
       REAKTOR_HOST = "irc.r";
     };
     plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ];
-    channels = [ "#retiolum" ];
+    channels = [ "#xxx" ];
   };
 
   krebs.build.host = config.krebs.hosts.pnp;
diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix
index b913f3056..3be3fccef 100644
--- a/makefu/2configs/git/brain-retiolum.nix
+++ b/makefu/2configs/git/brain-retiolum.nix
@@ -19,7 +19,7 @@ let
       post-receive = pkgs.git-hooks.irc-announce {
         nick = config.networking.hostName;
         verbose = true;
-        channel = "#retiolum";
+        channel = "#xxx";
         # TODO remove the hardcoded hostname
         server = "irc.r";
       };
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 5d46cabb3..ed890fe40 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -57,7 +57,7 @@ let
       post-receive = pkgs.git-hooks.irc-announce {
         nick = config.networking.hostName;
         verbose = config.krebs.build.host.name == "gum";
-        channel = "#retiolum";
+        channel = "#xxx";
         # TODO remove the hardcoded hostname
         server = "irc.r";
       };

From 32a8fc0396769946242ef8c1a48fb64ae572e0db Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 1 Oct 2017 14:31:00 +0200
Subject: [PATCH 056/145] tv gitrepos: #krebs -> #xxx

---
 tv/2configs/gitrepos.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index bbb1d4128..2c4b4868e 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -100,7 +100,7 @@ let {
   );
 
   irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate {
-    channel = "#krebs";
+    channel = "#xxx";
     # TODO make nick = config.krebs.build.host.name the default
     nick = config.krebs.build.host.name;
     server = "irc.r";

From e62f376e6177f3efb0e0bcd3aad97a991c3b6d60 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 1 Oct 2017 14:42:20 +0200
Subject: [PATCH 057/145] ma tools: disable skype

---
 makefu/2configs/tools/core-gui.nix  | 1 -
 makefu/2configs/tools/extra-gui.nix | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix
index 0538647ae..2f80b08c9 100644
--- a/makefu/2configs/tools/core-gui.nix
+++ b/makefu/2configs/tools/core-gui.nix
@@ -13,7 +13,6 @@
     keepassx
     pcmanfm
     evince
-    skype
     mirage
     tightvnc
     gnome3.dconf
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index b2d616764..bcc068d82 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -6,7 +6,7 @@
     gimp
     inkscape
     libreoffice
-    skype
+    # skype
     synergy
     tdesktop
     virtmanager

From 83a7262b9c723767bf23efa194e8add3ee018406 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 1 Oct 2017 15:40:17 +0200
Subject: [PATCH 058/145] ma source: add patch for proot

---
 makefu/source.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/makefu/source.nix b/makefu/source.nix
index 1a5d4a5d7..a29d09008 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -11,13 +11,14 @@ let
               then "buildbot"
               else "makefu";
   _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
-  ref = "46cfb36"; # unstable @ 2017-09-04
+  ref = "59e7765"; # unstable @ 2017-09-04
                    # + graceful requests2 (a772c3a)
                    # + mitmproxy fix      (eee2d17)
                    # + tpm-tools fix      (5cb9987)
                    # + dnscrypt-wrapper   (25703c3)
                    # + lass wvstream fix  (76f4910,37cc2bc,0d48837)
                    # + ruby stuff (2f0b17e4be9,55a952be5b5)
+                   # + proot aarch64 fix (05d2603173d)
 
 in
   evalSource (toString _file) [

From f1908e0fa546bde76a95d3da20521d6170cd08f8 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Oct 2017 18:06:27 +0200
Subject: [PATCH 059/145] l nixpkgs: 670b4e2 -> 5ac8389

---
 lass/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/source.nix b/lass/source.nix
index 5155a272c..6a6fff9b5 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
         url = https://github.com/nixos/nixpkgs;
-        ref = "670b4e2";
+        ref = "5ac8389";
       };
       secrets.file = getAttr builder {
         buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

From 345aa5d1e693c4952e7734471c61ea7da36e8fbb Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Oct 2017 18:39:14 +0200
Subject: [PATCH 060/145] l users: add lass-android

---
 krebs/3modules/lass/default.nix     | 4 ++++
 krebs/3modules/lass/ssh/android.rsa | 1 +
 2 files changed, 5 insertions(+)
 create mode 100644 krebs/3modules/lass/ssh/android.rsa

diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 364c02d1d..4b553fac2 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -515,6 +515,10 @@ with import <stockholm/lib>;
       pubkey = builtins.readFile ./ssh/mors.rsa;
       pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp;
     };
+    lass-android = {
+      mail = "lassulus@gmail.com";
+      pubkey = builtins.readFile ./ssh/android.rsa;
+    };
     lass-helios = {
       mail = "lass@helios.r";
       pubkey = builtins.readFile ./ssh/helios.rsa;
diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa
new file mode 100644
index 000000000..b39f7ce1e
--- /dev/null
+++ b/krebs/3modules/lass/ssh/android.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH

From 543291b53368c6124c9095e7227cd5176cb3fe65 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Oct 2017 18:39:38 +0200
Subject: [PATCH 061/145] l authorized lass-android for weechat

---
 lass/1systems/archprism/config.nix | 5 -----
 lass/2configs/weechat.nix          | 9 +++++----
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix
index 69a0476fb..6411c423d 100644
--- a/lass/1systems/archprism/config.nix
+++ b/lass/1systems/archprism/config.nix
@@ -156,11 +156,6 @@ in {
         { predicate = "-p tcp --dport 8080"; target = "ACCEPT";}
       ];
     }
-    {
-      users.users.chat.openssh.authorizedKeys.keys = [
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH"
-      ];
-    }
     {
       time.timeZone = "Europe/Berlin";
     }
diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
index 1e5f2d177..4b6445619 100644
--- a/lass/2configs/weechat.nix
+++ b/lass/2configs/weechat.nix
@@ -13,10 +13,11 @@ in {
     uid = genid "chat";
     useDefaultShell = true;
     createHome = true;
-    openssh.authorizedKeys.keys = [
-      config.krebs.users.lass.pubkey
-      config.krebs.users.lass-shodan.pubkey
-      config.krebs.users.lass-icarus.pubkey
+    openssh.authorizedKeys.keys = with config.krebs.users; [
+      lass.pubkey
+      lass-shodan.pubkey
+      lass-icarus.pubkey
+      lass-android.pubkey
     ];
   };
 

From fbaf146bcacc0632a01dd81830d172a58a649434 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 1 Oct 2017 20:12:06 +0200
Subject: [PATCH 062/145] ma cake.r: update config

---
 makefu/1systems/cake/config.nix | 45 +++++++++++++++++++++------------
 1 file changed, 29 insertions(+), 16 deletions(-)

diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix
index 0630d19ad..826af24e7 100644
--- a/makefu/1systems/cake/config.nix
+++ b/makefu/1systems/cake/config.nix
@@ -1,20 +1,33 @@
 { config, pkgs, ... }:
 {
-    imports = [
-        <stockholm/makefu>
-        # configure your hw:
-        # <stockholm/makefu/2configs/hw/CAC.nix>
-        # <stockholm/makefu/2configs/fs/CAC-CentOS-7-64bit.nix>
-        # <stockholm/makefu/2configs/save-diskspace.nix
-    ];
-    krebs = {
-        enable = true;
-        tinc.retiolum.enable = true;
-        build.host = config.krebs.hosts.cake;
+  imports = [
+    <stockholm/makefu>
+# configure your hw:
+# <stockholm/makefu/2configs/save-diskspace.nix>
+  ];
+  krebs = {
+    enable = true;
+    tinc.retiolum.enable = true;
+    build.host = config.krebs.hosts.cake;
+  };
+  boot.loader.grub.enable = false;
+  boot.loader.generic-extlinux-compatible.enable = true;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" ];
+
+  programs.info.enable = false;
+  programs.man.enable = false;
+  services.nixosManual.enable = false;
+
+# File systems configuration for using the installer's partition layout
+  fileSystems = {
+    "/boot" = {
+      device = "/dev/disk/by-label/NIXOS_BOOT";
+      fsType = "vfat";
     };
-    # You want to change these :)
-    boot.loader.grub.device = "/dev/sda";
-    fileSystems."/" = {
-        device = "/dev/sda1";
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
     };
-}
\ No newline at end of file
+  };
+}

From a02a812fbf02460109425fb3bc4418681c7f832d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Oct 2017 22:55:18 +0200
Subject: [PATCH 063/145] l hosts: update android rsa key

---
 krebs/3modules/lass/ssh/android.rsa | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa
index b39f7ce1e..f5190f45c 100644
--- a/krebs/3modules/lass/ssh/android.rsa
+++ b/krebs/3modules/lass/ssh/android.rsa
@@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGgImN/9D4yJBjYlkAvT3X45kzt4n8hmgsqPcdcHWNC7fofWG4fZe8NNrTLdKsK+xYxTstj49l8Vb3YDvw4fAyyyhms/eFRlD2BRqAISwc39EIeTC4g3PXNeUtUGdczXKxsJf5iWf4kxUrUOuZ3FeKxeYXDMSqzzk1oKalhWNl4PmgRc5FzjeRJ2WziilwFq7ntLswoeTBW3c53fbcp3XuPza3M1/sN3NHJx9ZMpWVfJhZ/CXr+nqpc25ZIr5HZVZbgDTyJQimlTF5JCfU0NiiBIh7ep7x4o93tARmilit7+mWUkkxk6ba+zG6nr+s+zyd85AFAYRioOEczbC6mI44UZUB11KkEzOon5JWSA8pK+DPqsqhFkwWYMHLXZp8zemdp9kushRZ6nuI9MzBwacngro1vAvDL6jrS5MR7zf7rMAo6wexovWoEowvZz629mjC3OAt9iOm4VJdvEmq+rHLfjjznVEY6llF7DUu2QNEazaXhxZH9V9N1gyubIE97SQVqmwDrf8BGC0Hq+hC4OOweqfo4XP0etbqAfDozZbqcqyE1m9Bj8DpjrSXka1PuJf5fgEtoxPadd2qdiHMfIx9sM+4uu2nI5aFvWO3OlJmhF80QzNdFzZWjsyvJ24C1/a2FAyzoab1Sg9ljstQThseTtvlXcX8jfFn0U3RbgXgCgOWad3Oy9vA0OCdsHut0nzv3UO+T5+wv2+lvE3QSSKOlmVtdKMhCFb+Rg+FliKxyd820h9yR3wDYmkurVkAxaj8Kx5MaY/7aypOi8fRAV2FSDtCKkuMyPv4xEtdPi/4lj55pRBEO8lJkeb+WurCzZ7ZeaPdrW1YIQtToPpiz3dXeRhkts6jq8247xIplzHh9Iu18gOrnZ+ygn70g19x842vvcfLQNAghDPS93msJdSe+EtulMCwNTjUaF9LyzhW9ptLG9NmwgbT5kGsFiRw3BFdyfcQVWVzDhuP3hPPx+hjiZtFfpIKpxV9MjO1xQ830Ngk3JpSphMZTQ432yfvu9yEsUWmAa8ax1jxJ361AiIp0U2xioJmdVd3E2sxkpOUYqE89IR9X6hS3fH38Gc5IL5+BnhuZvRgXuA+nrqdU4pMB3TIoC5oXlOMRXpxaS91YiO4ERx2t6WkBRCoaDuRWnLpewV6lhjwi1+4Emlrs2q1R0K64emZTv7O1MKwWRHOlBJD3HLyCCS763OzYW4mEQcfBAQtbm6sTooJ+D/zbmYgbnZt0z/nP9R/n25pzlSPpZ49fCiRV7QN6D9mksISTz8qIiCzNBn1F7DUewXqkrdPopl4npeNVcOyyo7P1lFFGde+jq/7REdzD+vno1h9+17WZbyzQtlOyipQYzb6l4QuXq/zejJrELJAQdN4yRQq5NJzIh0HXaPnPC083T791moBflyqiwPEIWsSMfILqSqL1jVVNgvV4fHnMixgH2zK9f0EyE3fG9PnuRribPR2DlESqpHZTcBixgh660EPKh0gCLYoWKgU= lass-android@XperiaXCompact

From 6ee5c58282ee4bf71ca20ef996d863b427028604 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 2 Oct 2017 09:59:30 +0200
Subject: [PATCH 064/145] ma urlwatch: add iozone

---
 makefu/2configs/urlwatch/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix
index 2eecd6428..677950f43 100644
--- a/makefu/2configs/urlwatch/default.nix
+++ b/makefu/2configs/urlwatch/default.nix
@@ -35,6 +35,7 @@ in {
       http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
       https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
       https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack
+      http://www.iozone.org/src/current/
 
       {
         url = https://newellrubbermaid.secure.force.com/dymopkb/articles/en_US/FAQ/Dymo-Drivers-and-Downloads/?l=en_US&c=Segment:Dymo&fs=Search&pn=1 ;

From ea793ecf797f82dce0b70d0eb5b268f5326ba79b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Oct 2017 11:45:25 +0200
Subject: [PATCH 065/145] Revert "l nixpkgs: 670b4e2 -> 5ac8389"

This reverts commit f1908e0fa546bde76a95d3da20521d6170cd08f8.
---
 lass/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/source.nix b/lass/source.nix
index 6a6fff9b5..5155a272c 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
         url = https://github.com/nixos/nixpkgs;
-        ref = "5ac8389";
+        ref = "670b4e2";
       };
       secrets.file = getAttr builder {
         buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

From fdcaa8de73138d590a3702de2f3c3bd1cfacfc40 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Oct 2017 17:57:05 +0200
Subject: [PATCH 066/145] krebs.tinc: import types explicitly

---
 krebs/3modules/tinc.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index 8af15c13b..0fd0a35bc 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -1,6 +1,7 @@
 { config, pkgs, lib, ... }:
 with import <stockholm/lib>;
 let
+  inherit (import <stockholm/lib>) types;
   out = {
     options.krebs.tinc = api;
     config = imp;

From d3b17d180642d3a344495468c27355f6a7521d42 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Oct 2017 17:57:24 +0200
Subject: [PATCH 067/145] l nixpkgs: 670b4e2 -> b61d084

---
 lass/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/source.nix b/lass/source.nix
index 5155a272c..c6dc127cb 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
         url = https://github.com/nixos/nixpkgs;
-        ref = "670b4e2";
+        ref = "b61d084";
       };
       secrets.file = getAttr builder {
         buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

From 2ad003037417f90c04df833a2ad27fd5a52c754e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Oct 2017 18:38:28 +0200
Subject: [PATCH 068/145] l ejabberd: RIP

---
 lass/5pkgs/default.nix          |  3 ---
 lass/5pkgs/ejabberd/default.nix | 28 ----------------------------
 2 files changed, 31 deletions(-)
 delete mode 100644 lass/5pkgs/ejabberd/default.nix

diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 46633ba1a..d04833255 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -4,9 +4,6 @@
   nixpkgs.config.packageOverrides = rec {
     acronym = pkgs.callPackage ./acronym/default.nix {};
     dpass = pkgs.callPackage ./dpass {};
-    ejabberd = pkgs.callPackage ./ejabberd {
-      erlang = pkgs.erlangR16;
-    };
     firefoxPlugins = {
       noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {};
       ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
diff --git a/lass/5pkgs/ejabberd/default.nix b/lass/5pkgs/ejabberd/default.nix
deleted file mode 100644
index 3a77c5cd1..000000000
--- a/lass/5pkgs/ejabberd/default.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{stdenv, fetchurl, expat, erlang, zlib, openssl, pam, lib}:
-
-stdenv.mkDerivation rec {
-  version = "2.1.13";
-  name = "ejabberd-${version}";
-  src = fetchurl {
-    url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz";
-    sha256 = "0vf8mfrx7vr3c5h3nfp3qcgwf2kmzq20rjv1h9sk3nimwir1q3d8";
-  };
-  buildInputs = [ expat erlang zlib openssl pam ];
-  patchPhase = ''
-    sed -i \
-      -e "s|erl \\\|${erlang}/bin/erl \\\|" \
-      -e 's|EXEC_CMD=\"sh -c\"|EXEC_CMD=\"${stdenv.shell} -c\"|' \
-      src/ejabberdctl.template
-  '';
-  preConfigure = ''
-    cd src
-  '';
-  configureFlags = ["--enable-pam"];
-
-  meta = {
-    description = "Open-source XMPP application server written in Erlang";
-    license = stdenv.lib.licenses.gpl2;
-    homepage = http://www.ejabberd.im;
-    maintainers = [ lib.maintainers.sander ];
-  };
-}

From 5ab273b5364a35fed96473e4290147940425c6b3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Oct 2017 18:45:28 +0200
Subject: [PATCH 069/145] l wine: pkgs.wineFull -> pkgs.wine

---
 lass/2configs/wine.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix
index 2444d32d3..0d2b731ca 100644
--- a/lass/2configs/wine.nix
+++ b/lass/2configs/wine.nix
@@ -5,7 +5,7 @@ let
 
 in {
   krebs.per-user.wine.packages = with pkgs; [
-    wineFull
+    wine
     #(wineFull.override { wineBuild = "wine64"; })
   ];
   users.users= {

From 336f4315d9364407f209d5789423dfe8831e4caf Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Oct 2017 18:50:19 +0200
Subject: [PATCH 070/145] l prism.r: track nginx changes

---
 lass/1systems/prism/config.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 5b3091a39..8e44b113b 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -115,7 +115,12 @@ in {
       };
       services.nginx.virtualHosts."hackerfleet.de-s" = {
         serverName = "hackerfleet.de";
-        port = 443;
+        listen = [
+          {
+            addr = "0.0.0.0";
+            port = 443;
+          }
+        ];
         serverAliases = [
           "*.hackerfleet.de"
         ];

From 32d9ba480b4797baf4ccdc015685f9ea472f036f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 3 Oct 2017 11:11:40 +0200
Subject: [PATCH 071/145] l nixpkgs: b61d084 -> 07ca7b6

---
 lass/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/source.nix b/lass/source.nix
index c6dc127cb..296a20417 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
         url = https://github.com/nixos/nixpkgs;
-        ref = "b61d084";
+        ref = "07ca7b6";
       };
       secrets.file = getAttr builder {
         buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

From 958e86fadf2a2ca2901e7bd5fd8a0fcc16cbe103 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 3 Oct 2017 11:38:11 +0200
Subject: [PATCH 072/145] l copyq: fix startup

---
 lass/2configs/copyq.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix
index b255254f2..fa01a99c9 100644
--- a/lass/2configs/copyq.nix
+++ b/lass/2configs/copyq.nix
@@ -25,12 +25,15 @@ in {
     environment = {
       DISPLAY = ":0";
     };
+    path = with pkgs; [
+      qt5.full
+    ];
     serviceConfig = {
       SyslogIdentifier = "copyq";
       ExecStart = "${pkgs.copyq}/bin/copyq";
       ExecStartPost = copyqConfig;
       Restart = "always";
-      RestartSec = "2s";
+      RestartSec = "15s";
       StartLimitBurst = 0;
       User = "lass";
     };

From 613600914d6c7d8c9d5b1b7bfd1292b863ebd6e6 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 3 Oct 2017 11:44:33 +0200
Subject: [PATCH 073/145] nixpkgs: 670b4e2 -> 07ca7b6

---
 krebs/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/source.nix b/krebs/source.nix
index e70ee2d8a..09edc817b 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -14,6 +14,6 @@ in
     stockholm.file = toString <stockholm>;
     nixpkgs.git = {
       url = https://github.com/NixOS/nixpkgs;
-      ref = "670b4e29adc16e0a29aa5b4c126703dcca56aeb6"; # nixos-17.09 @ 2017-09-18
+      ref = "07ca7b64d2ff2fa7a79e4eab1aba70ff746fed8c"; # nixos-17.09 @ 2017-10-02
     };
   }

From c54d84b9efe01a7f4f8837b2308b7e2d61f1926f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 3 Oct 2017 13:43:13 +0200
Subject: [PATCH 074/145] l sqlBackup: set mysql.dataDir to /var/mysql

---
 lass/2configs/websites/sqlBackup.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix
index 7cb4b320e..2fffa6cc9 100644
--- a/lass/2configs/websites/sqlBackup.nix
+++ b/lass/2configs/websites/sqlBackup.nix
@@ -3,12 +3,13 @@
 {
   krebs.secret.files.mysql_rootPassword = {
     path = "${config.services.mysql.dataDir}/mysql_rootPassword";
-    owner.name = "root";
+    owner.name = "mysql";
     source-path = toString <secrets> + "/mysql_rootPassword";
   };
 
   services.mysql = {
     enable = true;
+    dataDir = "/var/mysql";
     package = pkgs.mariadb;
     rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
   };

From c37c047ee6c080f7d76f2e19269162615a9aacfb Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 3 Oct 2017 13:43:31 +0200
Subject: [PATCH 075/145] l weechat: open mosh port

---
 lass/2configs/weechat.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
index 4b6445619..d5496ac09 100644
--- a/lass/2configs/weechat.nix
+++ b/lass/2configs/weechat.nix
@@ -21,6 +21,11 @@ in {
     ];
   };
 
+  # mosh
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
+  ];
+
   #systemd.services.chat = {
   #  description = "chat environment setup";
   #  after = [ "network.target" ];

From f8eeed31f27528b1aef90d60ce97c599288f4dd2 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 3 Oct 2017 15:42:42 +0200
Subject: [PATCH 076/145] ma cake.r: disable tmpfs

---
 makefu/1systems/cake/config.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix
index 826af24e7..444c99a22 100644
--- a/makefu/1systems/cake/config.nix
+++ b/makefu/1systems/cake/config.nix
@@ -1,7 +1,8 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 {
   imports = [
     <stockholm/makefu>
+    <stockholm/makefu/2configs/tools/core.nix>
 # configure your hw:
 # <stockholm/makefu/2configs/save-diskspace.nix>
   ];
@@ -18,6 +19,7 @@
   programs.info.enable = false;
   programs.man.enable = false;
   services.nixosManual.enable = false;
+  boot.tmpOnTmpfs = lib.mkForce false;
 
 # File systems configuration for using the installer's partition layout
   fileSystems = {

From 6513f6a8233e7b542015199388a149642e6a50eb Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 3 Oct 2017 15:42:59 +0200
Subject: [PATCH 077/145] ma cake.r/source: full deploy

---
 makefu/1systems/cake/source.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/makefu/1systems/cake/source.nix b/makefu/1systems/cake/source.nix
index 797417a1d..cd97a7c62 100644
--- a/makefu/1systems/cake/source.nix
+++ b/makefu/1systems/cake/source.nix
@@ -1,3 +1,4 @@
 import <stockholm/makefu/source.nix> {
   name="cake";
-}
\ No newline at end of file
+  full = true;
+}

From d5cd048bc3b9d541e93d7e2c4ac499b4c6fc759b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 3 Oct 2017 15:43:46 +0200
Subject: [PATCH 078/145] ma tools: use wireshark from options

---
 makefu/2configs/tools/sec-gui.nix | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/makefu/2configs/tools/sec-gui.nix b/makefu/2configs/tools/sec-gui.nix
index 2db3e4391..95f130ae8 100644
--- a/makefu/2configs/tools/sec-gui.nix
+++ b/makefu/2configs/tools/sec-gui.nix
@@ -1,8 +1,15 @@
 { pkgs, ... }:
 
 {
-  krebs.per-user.makefu.packages = with pkgs; [
-    tpmmanager
-    wireshark
-  ];
+  users.users.makefu = {
+    extraGroups = [ "wireshark" ];
+    packages = with pkgs; [
+      tpmmanager
+    ];
+  };
+
+  programs.wireshark = {
+    enable = true;
+    package = pkgs.wireshark;
+  };
 }

From 52f9105027a7c2d70145d7d2db69452e148b2158 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 3 Oct 2017 15:44:13 +0200
Subject: [PATCH 079/145] ma server-config: retab

---
 makefu/3modules/server-config.nix | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/makefu/3modules/server-config.nix b/makefu/3modules/server-config.nix
index 846642580..9cac59205 100644
--- a/makefu/3modules/server-config.nix
+++ b/makefu/3modules/server-config.nix
@@ -1,15 +1,14 @@
 {config, lib, pkgs, ... }:
 
-with import <stockholm/lib>;
-{
+with lib;{
   options.makefu.server.primary-itf = lib.mkOption {
-		type = types.str;
-		description = "Primary interface of the server";
-	};
+    type = types.str;
+    description = "Primary interface of the server";
+  };
   options.makefu.gui.user = lib.mkOption {
-		type = types.str;
-		description = "GUI user";
+    type = types.str;
+    description = "GUI user";
     default = config.krebs.build.user.name;
-	};
+  };
 }
 

From 902a65304d1e07ce5a7192a0403d6fa1bed1f135 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 3 Oct 2017 18:40:44 +0200
Subject: [PATCH 080/145] tinc module: workaround nixpkgs's lib.types.types

Introduced by nixpkgs 152c63c9ff82276e225ac4a4fa71c791d33e443d
---
 krebs/3modules/tinc.nix | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index 0fd0a35bc..b032f3148 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -1,7 +1,6 @@
-{ config, pkgs, lib, ... }:
 with import <stockholm/lib>;
+{ config, pkgs, ... }:
 let
-  inherit (import <stockholm/lib>) types;
   out = {
     options.krebs.tinc = api;
     config = imp;
@@ -12,7 +11,7 @@ let
     description = ''
       define a tinc network
     '';
-    type = with types; attrsOf (submodule (tinc: {
+    type = types.attrsOf (types.submodule (tinc: {
       options = let
         netname = tinc.config._module.args.name;
       in {
@@ -117,7 +116,7 @@ let
             phases = [ "installPhase" ];
             installPhase = ''
               mkdir $out
-              ${concatStrings (lib.mapAttrsToList (_: host: ''
+              ${concatStrings (mapAttrsToList (_: host: ''
                 echo ${shell.escape host.nets."${tinc.config.netname}".tinc.config} \
                   > $out/${shell.escape host.name}
               '') tinc.config.hosts)}

From d2df693f21815319524c26450c44b650d7404494 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 3 Oct 2017 18:49:51 +0200
Subject: [PATCH 081/145] tv nixpkgs: 17.03 -> 17.09

---
 tv/source.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tv/source.nix b/tv/source.nix
index 18733ee5c..f3bda2715 100644
--- a/tv/source.nix
+++ b/tv/source.nix
@@ -9,8 +9,8 @@ in
     {
       nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix";
       nixpkgs.git = {
-        # nixos-17.03
-        ref = mkDefault "94941cb0455bfc50b1bf63186cfad7136d629f78";
+        # nixos-17.09
+        ref = mkDefault "d0f0657ca06cc8cb239cb94f430b53bcdf755887";
         url = https://github.com/NixOS/nixpkgs;
       };
       secrets.file = getAttr builder {

From 748d28fd7a410402737a7fb45dbfdbce3c19c1e9 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 3 Oct 2017 19:01:57 +0200
Subject: [PATCH 082/145] tv mfcl2700dn*: RIP

nixpkgs-17.09 fixup
---
 tv/2configs/br.nix                            |  1 -
 .../simple/mfcl2700dncupswrapper/default.nix  | 45 -------------------
 tv/5pkgs/simple/mfcl2700dnlpr/default.nix     | 44 ------------------
 3 files changed, 90 deletions(-)
 delete mode 100644 tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix
 delete mode 100644 tv/5pkgs/simple/mfcl2700dnlpr/default.nix

diff --git a/tv/2configs/br.nix b/tv/2configs/br.nix
index c7eb20e90..d660ebc35 100644
--- a/tv/2configs/br.nix
+++ b/tv/2configs/br.nix
@@ -45,5 +45,4 @@ with import <stockholm/lib>;
     ];
   };
 
-  systemd.services.cups.serviceConfig.PrivateTmp = true;
 }
diff --git a/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix b/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix
deleted file mode 100644
index 1ef018b33..000000000
--- a/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ coreutils, dpkg, fetchurl, gnugrep, gnused, makeWrapper, mfcl2700dnlpr,
-perl, stdenv }:
-
-stdenv.mkDerivation rec {
-  name = "mfcl2700dncupswrapper-${meta.version}";
-
-  src = fetchurl {
-    url = "http://download.brother.com/welcome/dlf102086/${name}.i386.deb";
-    sha256 = "07w48mah0xbv4h8vsh1qd5cd4b463bx8y6gc5x9pfgsxsy6h6da1";
-  };
-
-  nativeBuildInputs = [ dpkg makeWrapper ];
-
-  phases = [ "installPhase" ];
-
-  installPhase = ''
-    dpkg-deb -x $src $out
-
-    basedir=${mfcl2700dnlpr}/opt/brother/Printers/MFCL2700DN
-    dir=$out/opt/brother/Printers/MFCL2700DN
-
-    substituteInPlace $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN \
-      --replace /usr/bin/perl ${perl}/bin/perl \
-      --replace "basedir =~" "basedir = \"$basedir\"; #" \
-      --replace "PRINTER =~" "PRINTER = \"MFCL2700DN\"; #"
-
-    wrapProgram $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN \
-      --prefix PATH : ${stdenv.lib.makeBinPath [ coreutils gnugrep gnused ]}
-
-    mkdir -p $out/lib/cups/filter
-    mkdir -p $out/share/cups/model
-
-    ln $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN $out/lib/cups/filter
-    ln $dir/cupswrapper/brother-MFCL2700DN-cups-en.ppd $out/share/cups/model
-  '';
-
-  meta = {
-    description = "Brother MFC-L2700DN CUPS wrapper driver";
-    homepage = "http://www.brother.com/";
-    license = stdenv.lib.licenses.gpl2Plus;
-    maintainers = [ stdenv.lib.maintainers.tv ];
-    platforms = stdenv.lib.platforms.linux;
-    version = "3.2.0-1";
-  };
-}
diff --git a/tv/5pkgs/simple/mfcl2700dnlpr/default.nix b/tv/5pkgs/simple/mfcl2700dnlpr/default.nix
deleted file mode 100644
index fc11b53e9..000000000
--- a/tv/5pkgs/simple/mfcl2700dnlpr/default.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ coreutils, dpkg, fetchurl, ghostscript, gnugrep, gnused, pkgsi686Linux, makeWrapper, perl, stdenv, which }:
-
-stdenv.mkDerivation rec {
-  name = "mfcl2700dnlpr-${meta.version}";
-
-  src = fetchurl {
-    url = "http://download.brother.com/welcome/dlf102085/${name}.i386.deb";
-    sha256 = "170qdzxlqikzvv2wphvfb37m19mn13az4aj88md87ka3rl5knk4m";
-  };
-
-  nativeBuildInputs = [ dpkg makeWrapper ];
-
-  phases = [ "installPhase" ];
-
-  installPhase = ''
-    dpkg-deb -x $src $out
-
-    dir=$out/opt/brother/Printers/MFCL2700DN
-
-    substituteInPlace $dir/lpd/filter_MFCL2700DN \
-      --replace /usr/bin/perl ${perl}/bin/perl \
-      --replace "BR_PRT_PATH =~" "BR_PRT_PATH = \"$dir\"; #" \
-      --replace "PRINTER =~" "PRINTER = \"MFCL2700DN\"; #"
-
-    wrapProgram $dir/lpd/filter_MFCL2700DN \
-      --prefix PATH : ${stdenv.lib.makeBinPath [
-        coreutils ghostscript gnugrep gnused which
-      ]}
-
-    interpreter=${pkgsi686Linux.stdenv.cc.libc.out}/lib/ld-linux.so.2
-    patchelf --set-interpreter "$interpreter" $dir/inf/braddprinter
-    patchelf --set-interpreter "$interpreter" $dir/lpd/brprintconflsr3
-    patchelf --set-interpreter "$interpreter" $dir/lpd/rawtobr3
-  '';
-
-  meta = {
-    description = "Brother MFC-L2700DN LPR driver";
-    homepage = "http://www.brother.com/";
-    license = stdenv.lib.licenses.unfree;
-    maintainers = [ stdenv.lib.maintainers.tv ];
-    platforms = stdenv.lib.platforms.linux;
-    version = "3.2.0-1";
-  };
-}

From 2e8cebc497817dc8c9b40448d472d946f2ed10ed Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 3 Oct 2017 19:03:17 +0200
Subject: [PATCH 083/145] tv gnupg: gnupg21 -> gnupg22

nixpkgs-17.09 fixup
---
 tv/5pkgs/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix
index 1796609a9..261871e62 100644
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@@ -32,7 +32,7 @@ foldl' mergeAttrs {}
     exec ${self.firefoxWrapper}/bin/firefox "$@"
   '';
 
-  gnupg = self.gnupg21;
+  gnupg = self.gnupg22;
 
   # https://github.com/NixOS/nixpkgs/issues/16113
   wvdial = let

From aa5bccf9e3f49b7e0aaef541a54e5ff58f89fcf7 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 3 Oct 2017 20:55:47 +0200
Subject: [PATCH 084/145] tv brscan4: init at 0.4.4-4

Refs https://github.com/NixOS/nixpkgs/pull/30065
---
 tv/5pkgs/default.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix
index 261871e62..9dc7ae7b1 100644
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@@ -13,6 +13,14 @@ foldl' mergeAttrs {}
 //
 
 {
+  brscan4 = overrideDerivation super.brscan4 (original: rec {
+    name = "brscan4-0.4.4-4";
+    src = super.fetchurl {
+      url = "http://download.brother.com/welcome/dlf006645/${name}.amd64.deb";
+      sha256 = "0xy5px96y1saq9l80vwvfn6anr2q42qlxdhm6ci2a0diwib5q9fd";
+    };
+  });
+
   # TODO use XDG_RUNTIME_DIR?
   cr = self.writeDashBin "cr" ''
     set -efu

From a41a30d709ae7bacb7d89c21dd11afa610648972 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 3 Oct 2017 21:36:53 +0200
Subject: [PATCH 085/145] tv alnus nixpkgs: 17.03 -> 17.09

---
 tv/1systems/alnus/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tv/1systems/alnus/source.nix b/tv/1systems/alnus/source.nix
index c3ed4dcfb..9fd2f668c 100644
--- a/tv/1systems/alnus/source.nix
+++ b/tv/1systems/alnus/source.nix
@@ -1,4 +1,4 @@
 import <stockholm/tv/source.nix> {
   name = "alnus";
-  override.nixpkgs.git.ref = "9b948ea439ddbaa26740ce35543e7e35d2aa6d18";
+  override.nixpkgs.git.ref = "d0f0657ca06cc8cb239cb94f430b53bcdf755887";
 }

From b7b7ee5d5227402bea5c6a802f11dcfefe5c234a Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 3 Oct 2017 21:37:13 +0200
Subject: [PATCH 086/145] mv stro nixpkgs: 17.03 -> 17.09

---
 mv/source.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mv/source.nix b/mv/source.nix
index 5dea13e73..2fa53a13e 100644
--- a/mv/source.nix
+++ b/mv/source.nix
@@ -9,8 +9,8 @@ in
     {
       nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
       nixpkgs.git = {
-        # nixos-17.03
-        ref = mkDefault "3d04a557b72aa0987d9bf079e1445280b6bfd907";
+        # nixos-17.09
+        ref = mkDefault "d0f0657ca06cc8cb239cb94f430b53bcdf755887";
         url = https://github.com/NixOS/nixpkgs;
       };
       secrets.file = getAttr builder {

From 5e51d98c4be96d992b8def3983e2a2c07cf11499 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 3 Oct 2017 21:40:21 +0200
Subject: [PATCH 087/145] ircd: raise default_floodcount to 1000

---
 krebs/2configs/ircd.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 116337733..38f58952e 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -92,6 +92,7 @@
       };
       general {
         #maybe we want ident someday?
+        default_floodcount = 1000;
         disable_auth = yes;
         throttle_duration = 1;
         throttle_count = 1000;

From 6179ec63628b21905393c7deb15d6e9b272756a4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 3 Oct 2017 21:40:47 +0200
Subject: [PATCH 088/145] buildbot slave service: clean workingDir on change

---
 krebs/3modules/buildbot/slave.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index 544f9c4e0..0af553c5d 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -160,6 +160,8 @@ let
         # TODO: maybe also prepare buildbot.tac?
         ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
           set -efux
+          #remove garbage from old versions
+          rm -r ${workdir}
           mkdir -p ${workdir}/info
           cp ${buildbot-slave-init} ${workdir}/buildbot.tac
           echo ${contact} > ${workdir}/info/admin

From 213356531dd1ba8c807ae90fc85a92ebbc301be0 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 3 Oct 2017 21:53:52 +0200
Subject: [PATCH 089/145] tv mu systemPackages: build KDE locale manually

Because nixpkgs d7e9248debe66225bae1788c347bfe6c62e38a6e

nixpkgs-17.09 fixup
---
 tv/1systems/mu/config.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix
index f3e7b515b..501200c1f 100644
--- a/tv/1systems/mu/config.nix
+++ b/tv/1systems/mu/config.nix
@@ -52,11 +52,13 @@ with import <stockholm/lib>;
   networking.networkmanager.enable = true;
 
   environment.systemPackages = with pkgs; [
+    (pkgs.kdeApplications.callPackage
+      (import <nixpkgs/pkgs/applications/kde/kde-locale-5.nix> "de" {})
+      {})
     chromium
     firefoxWrapper
     gimp
     iptables
-    kdeApplications.l10n.de.qt5
     libreoffice
     pidginotr
     pidgin-with-plugins

From 3be76df6c9ea70c56eee66935476bd4738912171 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 3 Oct 2017 23:51:11 +0200
Subject: [PATCH 090/145] l websites lass: use addSSL

---
 lass/2configs/websites/lassulus.nix | 32 +++--------------------------
 1 file changed, 3 insertions(+), 29 deletions(-)

diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 17c39a5f4..77790e8b8 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -73,17 +73,6 @@ in {
       allowKeysForGroup = true;
       group = "lasscert";
     };
-    certs."cgit.lassul.us" = {
-      email = "lassulus@gmail.com";
-      webroot = "/var/lib/acme/acme-challenges";
-      plugins = [
-        "account_key.json"
-        "key.pem"
-        "fullchain.pem"
-      ];
-      group = "nginx";
-      allowKeysForGroup = true;
-    };
   };
 
   krebs.tinc_graphs.enable = true;
@@ -119,6 +108,7 @@ in {
   ];
 
   services.nginx.virtualHosts."lassul.us" = {
+    addSSL = true;
     enableACME = true;
     serverAliases = [ "lassul.us" ];
     locations."/".extraConfig = ''
@@ -158,30 +148,14 @@ in {
     in ''
       alias ${initscript};
     '';
-
-    enableSSL = true;
-    extraConfig = ''
-      listen 80;
-      listen [::]:80;
-    '';
-    sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem";
-    sslCertificateKey = "/var/lib/acme/lassul.us/key.pem";
   };
 
   services.nginx.virtualHosts.cgit = {
+    addSSL = true;
+    enableACME = true;
     serverAliases = [
       "cgit.lassul.us"
     ];
-    locations."/.well-known/acme-challenge".extraConfig = ''
-      root /var/lib/acme/acme-challenges;
-    '';
-    enableSSL = true;
-    extraConfig = ''
-      listen 80;
-      listen [::]:80;
-    '';
-    sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
-    sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
   };
 
   users.users.blog = {

From 632195921e4c69f3ba4d50a49f0192de16cf576c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 3 Oct 2017 23:53:09 +0200
Subject: [PATCH 091/145] l ejabberd: copy tv's stuff

---
 lass/3modules/ejabberd/config.nix  | 218 +++++++++++++++++------------
 lass/3modules/ejabberd/default.nix |  41 +++++-
 2 files changed, 161 insertions(+), 98 deletions(-)

diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix
index b1fca08d3..68bcfa340 100644
--- a/lass/3modules/ejabberd/config.nix
+++ b/lass/3modules/ejabberd/config.nix
@@ -1,93 +1,129 @@
-{ config, ... }: with import <stockholm/lib>; let
-  cfg = config.lass.ejabberd;
+with import <stockholm/lib>;
+{ config, ... }: let
 
-  # XXX this is a placeholder that happens to work the default strings.
-  toErlang = builtins.toJSON;
-in toFile "ejabberd.conf" ''
-  {loglevel, 3}.
-  {hosts, ${toErlang cfg.hosts}}.
-  {listen,
-   [
-    {5222, ejabberd_c2s, [
-        starttls,
-        {certfile, ${toErlang cfg.certfile.path}},
-        {access, c2s},
-        {shaper, c2s_shaper},
-        {max_stanza_size, 65536}
-             ]},
-    {5269, ejabberd_s2s_in, [
-           {shaper, s2s_shaper},
-           {max_stanza_size, 131072}
-          ]},
-    {5280, ejabberd_http, [
-         captcha,
-         http_bind,
-         http_poll,
-         web_admin
-        ]}
-   ]}.
-  {s2s_use_starttls, required}.
-  {s2s_certfile, ${toErlang cfg.s2s_certfile.path}}.
-  {auth_method, internal}.
-  {shaper, normal, {maxrate, 1000}}.
-  {shaper, fast, {maxrate, 50000}}.
-  {max_fsm_queue, 1000}.
-  {acl, local, {user_regexp, ""}}.
-  {access, max_user_sessions, [{10, all}]}.
-  {access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
-  {access, local, [{allow, local}]}.
-  {access, c2s, [{deny, blocked},
-           {allow, all}]}.
-  {access, c2s_shaper, [{none, admin},
-            {normal, all}]}.
-  {access, s2s_shaper, [{fast, all}]}.
-  {access, announce, [{allow, admin}]}.
-  {access, configure, [{allow, admin}]}.
-  {access, muc_admin, [{allow, admin}]}.
-  {access, muc_create, [{allow, local}]}.
-  {access, muc, [{allow, all}]}.
-  {access, pubsub_createnode, [{allow, local}]}.
-  {access, register, [{allow, local}]}.
-  {language, "en"}.
-  {modules,
-   [
-    {mod_adhoc,    []},
-    {mod_announce, [{access, announce}]},
-    {mod_blocking,[]},
-    {mod_caps,     []},
-    {mod_configure,[]},
-    {mod_disco,    []},
-    {mod_irc,      []},
-    {mod_http_bind, []},
-    {mod_last,     []},
-    {mod_muc,      [
-        {access, muc},
-        {access_create, muc_create},
-        {access_persistent, muc_create},
-        {access_admin, muc_admin}
-       ]},
-    {mod_offline,  [{access_max_user_messages, max_user_offline_messages}]},
-    {mod_ping,     []},
-    {mod_privacy,  []},
-    {mod_private,  []},
-    {mod_pubsub,   [
-        {access_createnode, pubsub_createnode},
-        {ignore_pep_from_offline, true},
-        {last_item_cache, false},
-        {plugins, ["flat", "hometree", "pep"]}
-       ]},
-    {mod_register, [
-        {welcome_message, {"Welcome!",
-               "Hi.\nWelcome to this XMPP server."}},
-        {ip_access, [{allow, "127.0.0.0/8"},
-               {allow, "0.0.0.0/0"}]},
-        {access, register}
-       ]},
-    {mod_roster,   []},
-    {mod_shared_roster,[]},
-    {mod_stats,    []},
-    {mod_time,     []},
-    {mod_vcard,    []},
-    {mod_version,  []}
-   ]}.
+  # See https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example
+
+  ciphers = concatStringsSep ":" [
+    "ECDHE-ECDSA-AES256-GCM-SHA384"
+    "ECDHE-RSA-AES256-GCM-SHA384"
+    "ECDHE-ECDSA-CHACHA20-POLY1305"
+    "ECDHE-RSA-CHACHA20-POLY1305"
+    "ECDHE-ECDSA-AES128-GCM-SHA256"
+    "ECDHE-RSA-AES128-GCM-SHA256"
+    "ECDHE-ECDSA-AES256-SHA384"
+    "ECDHE-RSA-AES256-SHA384"
+    "ECDHE-ECDSA-AES128-SHA256"
+    "ECDHE-RSA-AES128-SHA256"
+  ];
+
+  protocol_options = [
+    "no_sslv2"
+    "no_sslv3"
+    "no_tlsv1"
+    "no_tlsv1_10"
+  ];
+
+in /* yaml */ ''
+
+  access_rules:
+    announce:
+      - allow: admin
+    local:
+      - allow: local
+    configure:
+      - allow: admin
+    register:
+      - allow
+    s2s:
+      - allow
+    trusted_network:
+      - allow: loopback
+
+  acl:
+    local:
+      user_regexp: ""
+    loopback:
+      ip:
+        - "127.0.0.0/8"
+        - "::1/128"
+        - "::FFFF:127.0.0.1/128"
+
+  hosts: ${toJSON config.hosts}
+
+  language: "en"
+
+  listen:
+    -
+      port: 5222
+      ip: "::"
+      module: ejabberd_c2s
+      shaper: c2s_shaper
+      certfile: ${toJSON config.certfile.path}
+      ciphers: ${toJSON ciphers}
+      dhfile: ${toJSON config.dhfile.path}
+      protocol_options: ${toJSON protocol_options}
+      starttls: true
+      starttls_required: true
+      tls: false
+      tls_compression: false
+      max_stanza_size: 65536
+    -
+      port: 5269
+      ip: "::"
+      module: ejabberd_s2s_in
+      shaper: s2s_shaper
+      max_stanza_size: 131072
+
+  loglevel: 4
+
+  modules:
+    mod_adhoc: {}
+    mod_admin_extra: {}
+    mod_announce:
+      access: announce
+    mod_caps: {}
+    mod_carboncopy: {}
+    mod_client_state: {}
+    mod_configure: {}
+    mod_disco: {}
+    mod_echo: {}
+    mod_irc: {}
+    mod_bosh: {}
+    mod_last: {}
+    mod_offline:
+      access_max_user_messages: max_user_offline_messages
+    mod_ping: {}
+    mod_privacy: {}
+    mod_private: {}
+    mod_register:
+      access_from: deny
+      access: register
+      ip_access: trusted_network
+      registration_watchers: ${toJSON config.registration_watchers}
+    mod_roster: {}
+    mod_shared_roster: {}
+    mod_stats: {}
+    mod_time: {}
+    mod_vcard:
+      search: false
+    mod_version: {}
+    mod_http_api: {}
+
+  s2s_access: s2s
+  s2s_certfile: ${toJSON config.s2s_certfile.path}
+  s2s_ciphers: ${toJSON ciphers}
+  s2s_dhfile: ${toJSON config.dhfile.path}
+  s2s_protocol_options: ${toJSON protocol_options}
+  s2s_tls_compression: false
+  s2s_use_starttls: required
+
+  shaper_rules:
+    max_user_offline_messages:
+      - 5000: admin
+      - 100
+    max_user_sessions: 10
+    c2s_shaper:
+      - none: admin
+      - normal
+    s2s_shaper: fast
 ''
diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix
index e2fba5ff5..4838a9093 100644
--- a/lass/3modules/ejabberd/default.nix
+++ b/lass/3modules/ejabberd/default.nix
@@ -1,5 +1,16 @@
 { config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
   cfg = config.lass.ejabberd;
+
+  gen-dhparam = pkgs.writeDash "gen-dhparam" ''
+    set -efu
+    path=$1
+    bits=2048
+    # TODO regenerate dhfile after some time?
+    if ! test -e "$path"; then
+      ${pkgs.openssl}/bin/openssl dhparam "$bits" > "$path"
+    fi
+  '';
+
 in {
   options.lass.ejabberd = {
     enable = mkEnableOption "lass.ejabberd";
@@ -11,20 +22,36 @@ in {
         source-path = "/var/lib/acme/lassul.us/full.pem";
       };
     };
+    dhfile = mkOption {
+      type = types.secret-file;
+      default = {
+        path = "${cfg.user.home}/dhparams.pem";
+        owner = cfg.user;
+        source-path = "/dev/null";
+      };
+    };
     hosts = mkOption {
       type = with types; listOf str;
     };
     pkgs.ejabberdctl = mkOption {
       type = types.package;
       default = pkgs.writeDashBin "ejabberdctl" ''
-        set -efu
-        export SPOOLDIR=${shell.escape cfg.user.home}
-        export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
         exec ${pkgs.ejabberd}/bin/ejabberdctl \
+            --config ${toFile "ejabberd.yaml" (import ./config.nix {
+              inherit pkgs;
+              config = cfg;
+            })} \
             --logs ${shell.escape cfg.user.home} \
+            --spool ${shell.escape cfg.user.home} \
             "$@"
       '';
     };
+    registration_watchers = mkOption {
+      type = types.listOf types.str;
+      default = [
+        config.krebs.users.tv.mail
+      ];
+    };
     s2s_certfile = mkOption {
       type = types.secret-file;
       default = cfg.certfile;
@@ -50,12 +77,12 @@ in {
       requires = [ "secret.service" ];
       after = [ "network.target" "secret.service" ];
       serviceConfig = {
-        Type = "oneshot";
-        RemainAfterExit = "yes";
-        PermissionsStartOnly = "true";
+        ExecStartPre = "${gen-dhparam} ${cfg.dhfile.path}";
+        ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl foreground";
+        PermissionsStartOnly = true;
         SyslogIdentifier = "ejabberd";
         User = cfg.user.name;
-        ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start";
+        TimeoutStartSec = 60;
       };
     };
 

From 387bf34e82a5cb5cf82288cf3c58fff5b1bb4ce5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 3 Oct 2017 23:53:43 +0200
Subject: [PATCH 092/145] l pass: gnupg1 -> gnupg

---
 lass/2configs/pass.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix
index 5bd2f2f7f..43eb0db9b 100644
--- a/lass/2configs/pass.nix
+++ b/lass/2configs/pass.nix
@@ -3,7 +3,7 @@
 {
   krebs.per-user.lass.packages = with pkgs; [
     pass
-    gnupg1
+    gnupg
   ];
 
 }

From 7e5bfd450fc4acd456639965894b76f75dc95b35 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 3 Oct 2017 23:57:33 +0200
Subject: [PATCH 093/145] tv ejabberd: symlinkJoin ejabberd wrapper

---
 tv/3modules/ejabberd/default.nix | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix
index d7b8deb7e..36992883b 100644
--- a/tv/3modules/ejabberd/default.nix
+++ b/tv/3modules/ejabberd/default.nix
@@ -34,18 +34,24 @@ in {
     hosts = mkOption {
       type = with types; listOf str;
     };
-    pkgs.ejabberdctl = mkOption {
+    pkgs.ejabberd = mkOption {
       type = types.package;
-      default = pkgs.writeDashBin "ejabberdctl" ''
-        exec ${pkgs.ejabberd}/bin/ejabberdctl \
-            --config ${toFile "ejabberd.yaml" (import ./config.nix {
-              inherit pkgs;
-              config = cfg;
-            })} \
-            --logs ${shell.escape cfg.user.home} \
-            --spool ${shell.escape cfg.user.home} \
-            "$@"
-      '';
+      default = pkgs.symlinkJoin {
+        name = "ejabberd-wrapper";
+        paths = [
+          (pkgs.writeDashBin "ejabberdctl" ''
+            exec ${pkgs.ejabberd}/bin/ejabberdctl \
+                --config ${toFile "ejabberd.yaml" (import ./config.nix {
+                  inherit pkgs;
+                  config = cfg;
+                })} \
+                --logs ${shell.escape cfg.user.home} \
+                --spool ${shell.escape cfg.user.home} \
+                "$@"
+          '')
+          pkgs.ejabberd
+        ];
+      };
     };
     registration_watchers = mkOption {
       type = types.listOf types.str;
@@ -66,7 +72,7 @@ in {
     };
   };
   config = lib.mkIf cfg.enable {
-    environment.systemPackages = [ cfg.pkgs.ejabberdctl ];
+    environment.systemPackages = [ cfg.pkgs.ejabberd ];
 
     krebs.secret.files = {
       ejabberd-certfile = cfg.certfile;
@@ -79,7 +85,7 @@ in {
       after = [ "network.target" "secret.service" ];
       serviceConfig = {
         ExecStartPre = "${gen-dhparam} ${cfg.dhfile.path}";
-        ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl foreground";
+        ExecStart = "${cfg.pkgs.ejabberd}/bin/ejabberdctl foreground";
         PermissionsStartOnly = true;
         SyslogIdentifier = "ejabberd";
         User = cfg.user.name;

From 0b7a41523149538b441bf385a36e7ed6d74f9207 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 3 Oct 2017 23:58:25 +0200
Subject: [PATCH 094/145] tv ejabberd: sudo -u ejabberd ejabberdctl

---
 tv/3modules/ejabberd/default.nix | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix
index 36992883b..e99b94ff9 100644
--- a/tv/3modules/ejabberd/default.nix
+++ b/tv/3modules/ejabberd/default.nix
@@ -72,7 +72,21 @@ in {
     };
   };
   config = lib.mkIf cfg.enable {
-    environment.systemPackages = [ cfg.pkgs.ejabberd ];
+    environment.systemPackages = [
+      (pkgs.symlinkJoin {
+        name = "ejabberd-sudo-wrapper";
+        paths = [
+          (pkgs.writeDashBin "ejabberdctl" ''
+            set -efu
+            cd ${shell.escape cfg.user.home}
+            exec /run/wrappers/bin/sudo \
+                -u ${shell.escape cfg.user.name} \
+                ${cfg.pkgs.ejabberd}/bin/ejabberdctl "$@"
+          '')
+          cfg.pkgs.ejabberd
+        ];
+      })
+    ];
 
     krebs.secret.files = {
       ejabberd-certfile = cfg.certfile;

From d8bd2c99195ec50f377d1f11ae572128218fe2c3 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 4 Oct 2017 20:24:24 +0200
Subject: [PATCH 095/145] tv urlwatch nixos: 17.03 -> 17.09

---
 tv/2configs/urlwatch.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix
index 5779240ba..515f8996f 100644
--- a/tv/2configs/urlwatch.nix
+++ b/tv/2configs/urlwatch.nix
@@ -31,7 +31,7 @@ with import <stockholm/lib>;
 
       ## other
 
-      https://nixos.org/channels/nixos-17.03/git-revision
+      https://nixos.org/channels/nixos-17.09/git-revision
       https://nixos.org/channels/nixos-unstable/git-revision
 
       ## 2014-10-17

From 9cd1869b8a8a2a54d13e93539b0d0b3743e20adf Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 5 Oct 2017 04:37:19 +0200
Subject: [PATCH 096/145] l nixpkgs: 07ca7b6 -> 1987983

---
 lass/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/source.nix b/lass/source.nix
index 296a20417..e0af7d83c 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
         url = https://github.com/nixos/nixpkgs;
-        ref = "07ca7b6";
+        ref = "1987983";
       };
       secrets.file = getAttr builder {
         buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

From edb062dd11a17286aac72fefa72239f6b740bb78 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 5 Oct 2017 04:38:08 +0200
Subject: [PATCH 097/145] l hosts: add internet address for inspector & eddit

---
 krebs/3modules/lass/default.nix | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 4b553fac2..534eac716 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -432,8 +432,13 @@ with import <stockholm/lib>;
     eddie = {
       ci = false;
       external = true;
-      nets = {
+      nets = rec {
+        internet = {
+          ip4.addr = "129.215.90.4";
+          aliases = [ "eddie.i" ];
+        };
         retiolum = {
+          via = internet;
           ip4.addr = "10.243.29.170";
           ip6.addr = "42:4992:6a6d:700::1";
           aliases = [ "eddie.r" ];
@@ -485,8 +490,13 @@ with import <stockholm/lib>;
     inspector = {
       ci = false;
       external = true;
-      nets = {
+      nets = rec {
+        internet = {
+          ip4.addr = "141.76.44.154";
+          aliases = [ "inspector.i" ];
+        };
         retiolum = {
+          via = internet;
           ip4.addr = "10.243.29.172";
           ip6.addr = "42:4992:6a6d:800::1";
           aliases = [ "inspector.r" ];

From 579b2cbecf8cec8786864bb2bdf6ffaf6bcf65b4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 5 Oct 2017 05:01:00 +0200
Subject: [PATCH 098/145] l websites: remove deprecated attributes

---
 lass/2configs/websites/lassulus.nix | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 77790e8b8..6e185a4d6 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -110,7 +110,6 @@ in {
   services.nginx.virtualHosts."lassul.us" = {
     addSSL = true;
     enableACME = true;
-    serverAliases = [ "lassul.us" ];
     locations."/".extraConfig = ''
       root /srv/http/lassul.us;
     '';
@@ -151,11 +150,9 @@ in {
   };
 
   services.nginx.virtualHosts.cgit = {
+    serverName = "cgit.lassul.us";
     addSSL = true;
     enableACME = true;
-    serverAliases = [
-      "cgit.lassul.us"
-    ];
   };
 
   users.users.blog = {

From fcc9e7e942de7212f2b568255c1597ae487ef939 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 5 Oct 2017 05:02:06 +0200
Subject: [PATCH 099/145] l pkgs.xmonad: add more default workspaces

---
 lass/5pkgs/xmonad-lass.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix
index 0a2945c21..16719d540 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/xmonad-lass.nix
@@ -70,7 +70,7 @@ mainNoArgs = do
             , normalBorderColor  = "#1c1c1c"
             , focusedBorderColor = "#f000b0"
             , handleEventHook = handleShutdownEvent
-            , workspaces        = [ "dashboard" ]
+            , workspaces        = [ "dashboard", "sys", "wp" ]
             } `additionalKeysP` myKeyMap
 
 myLayoutHook = defLayout

From 9624545b97fc480d9ed5d262ea02eb8895b64b80 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 5 Oct 2017 05:02:37 +0200
Subject: [PATCH 100/145] l pkgs.xmonad: use greedyView

---
 lass/5pkgs/xmonad-lass.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix
index 16719d540..fe294e909 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/xmonad-lass.nix
@@ -119,7 +119,7 @@ myKeyMap =
     , ("M4-f", floatNext True)
     , ("M4-b", sendMessage ToggleStruts)
 
-    , ("M4-v", withWorkspace autoXPConfig (windows . W.view))
+    , ("M4-v", withWorkspace autoXPConfig (windows . W.greedyView))
     , ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift))
     , ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
 

From ed3153dd9865799782df2014f4178271955c0e38 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 5 Oct 2017 05:03:10 +0200
Subject: [PATCH 101/145] l pkgs.xmonad: move keys around

---
 lass/5pkgs/xmonad-lass.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix
index fe294e909..c0893a40c 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/xmonad-lass.nix
@@ -131,12 +131,12 @@ myKeyMap =
 
     , ("M4-S-q", return ())
 
-    , ("M4-w", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
+    , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
 
-    , ("M4-<F1>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1")
-    , ("M4-<F2>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10")
-    , ("M4-<F3>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
-    , ("M4-<F4>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
+    , ("M4-<F5>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1")
+    , ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10")
+    , ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
+    , ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
     ]
 
 forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()

From a5430f2b87fce6d42d13a63ed9547ec85e51adaf Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 5 Oct 2017 05:04:01 +0200
Subject: [PATCH 102/145] l helios.r: use nvidia drivers

---
 lass/1systems/helios/config.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index 6ff3fbb86..b50f3d9b8 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -94,4 +94,6 @@ with import <stockholm/lib>;
   programs.ssh.startAgent = lib.mkForce true;
 
   services.tlp.enable = true;
+
+  services.xserver.videoDrivers = [ "nvidia" ];
 }

From 612926846d729751d2a4b130290f6bfa62d372ab Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 5 Oct 2017 05:04:31 +0200
Subject: [PATCH 103/145] l helios.r: add certificateFiles

---
 lass/1systems/helios/config.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index b50f3d9b8..dd576e0fb 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -96,4 +96,15 @@ with import <stockholm/lib>;
   services.tlp.enable = true;
 
   services.xserver.videoDrivers = [ "nvidia" ];
+
+  security.pki.certificateFiles = [
+   (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
+   (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
+   (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
+
+   (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
+   (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
+   (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
+   (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
+  ];
 }

From be4bfed6eddb2e957301a6734725a99d181d3753 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 5 Oct 2017 05:05:00 +0200
Subject: [PATCH 104/145] l pass: activate gnupg-agent

---
 lass/2configs/pass.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix
index 43eb0db9b..1c253a6c5 100644
--- a/lass/2configs/pass.nix
+++ b/lass/2configs/pass.nix
@@ -6,4 +6,5 @@
     gnupg
   ];
 
+  programs.gnupg.agent.enable = true;
 }

From 4e6827b8cd1e1edce7a27a6d6b2afda6ce6b7bc9 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 5 Oct 2017 05:28:32 +0200
Subject: [PATCH 105/145] l gc: deactivate on helios

---
 lass/2configs/gc.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix
index 00f318e51..ad015180a 100644
--- a/lass/2configs/gc.nix
+++ b/lass/2configs/gc.nix
@@ -3,6 +3,6 @@
 with import <stockholm/lib>;
 {
   nix.gc = {
-    automatic = ! elem config.krebs.build.host.name [ "prism" "mors" ];
+    automatic = ! elem config.krebs.build.host.name [ "prism" "mors" "helios" ];
   };
 }

From ba663f044508ec596b6f9ab22a43e39677bcf3c2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 5 Oct 2017 15:50:45 +0200
Subject: [PATCH 106/145] l helios.r: add dcsovpn

---
 lass/1systems/helios/config.nix |  1 +
 lass/2configs/dcso-vpn.nix      | 44 +++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 lass/2configs/dcso-vpn.nix

diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index dd576e0fb..a94bbd3e9 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -11,6 +11,7 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/retiolum.nix>
     <stockholm/lass/2configs/otp-ssh.nix>
     <stockholm/lass/2configs/git.nix>
+    <stockholm/lass/2configs/dcso-vpn.nix>
     { # automatic hardware detection
       boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
       boot.kernelModules = [ "kvm-intel" ];
diff --git a/lass/2configs/dcso-vpn.nix b/lass/2configs/dcso-vpn.nix
new file mode 100644
index 000000000..0a5623bf0
--- /dev/null
+++ b/lass/2configs/dcso-vpn.nix
@@ -0,0 +1,44 @@
+with import <stockholm/lib>;
+{ ... }:
+
+{
+
+  users.extraUsers = {
+    dcsovpn = rec {
+      name = "dcsovpn";
+      uid = genid "dcsovpn";
+      description = "user for running dcso openvpn";
+      home = "/home/${name}";
+    };
+  };
+
+  users.extraGroups.dcsovpn.gid = genid "dcsovpn";
+
+  services.openvpn.servers = {
+    dcso = {
+      config = ''
+        client
+        dev tun
+        tun-mtu 1356
+        mssfix
+        proto udp
+        float
+        remote 217.111.55.41 1194
+        nobind
+        user dcsovpn
+        group dcsovpn
+        persist-key
+        persist-tun
+        ca ${toString <secrets/dcsovpn/ca.pem>}
+        cert ${toString <secrets/dcsovpn/cert.pem>}
+        key ${toString <secrets/dcsovpn/cert.key>}
+        verb 3
+        mute 20
+        auth-user-pass ${toString <secrets/dcsovpn/login.txt>}
+        route-method exe
+        route-delay 2
+      '';
+      updateResolvConf = true;
+    };
+  };
+}

From 54d20b612f126ae64c807aa2b68f18836e824d69 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 5 Oct 2017 16:08:55 +0200
Subject: [PATCH 107/145] l dummy-secrets: add dcsovpn

---
 lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem    | 0
 lass/2configs/tests/dummy-secrets/dcsovpn/cert.key  | 0
 lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem  | 0
 lass/2configs/tests/dummy-secrets/dcsovpn/login.txt | 0
 4 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem
 create mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/cert.key
 create mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem
 create mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/login.txt

diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem
new file mode 100644
index 000000000..e69de29bb
diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key
new file mode 100644
index 000000000..e69de29bb
diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem
new file mode 100644
index 000000000..e69de29bb
diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt b/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt
new file mode 100644
index 000000000..e69de29bb

From a8db051451d2827d7c7ad38f005284013e63c039 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 5 Oct 2017 16:17:12 +0200
Subject: [PATCH 108/145] l pkgs.xmonad: pointer follows focus

---
 lass/5pkgs/xmonad-lass.nix | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix
index c0893a40c..b86ce358e 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/xmonad-lass.nix
@@ -31,6 +31,7 @@ import XMonad.Actions.CycleWS (toggleWS)
 import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
 import XMonad.Actions.DynamicWorkspaces (withWorkspace)
 import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
+import XMonad.Actions.UpdatePointer (updatePointer)
 import XMonad.Hooks.FloatNext (floatNext)
 import XMonad.Hooks.FloatNext (floatNextHook)
 import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
@@ -63,14 +64,15 @@ mainNoArgs = do
     xmonad'
         $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
         $ def
-            { terminal          = urxvtcPath
-            , modMask           = mod4Mask
-            , layoutHook = smartBorders $ myLayoutHook
-            , manageHook        = placeHook (smart (1,0)) <+> floatNextHook
+            { terminal           = urxvtcPath
+            , modMask            = mod4Mask
+            , layoutHook         = smartBorders $ myLayoutHook
+            , logHook            = updatePointer (0.25, 0.25) (0.25, 0.25)
+            , manageHook         = placeHook (smart (1,0)) <+> floatNextHook
             , normalBorderColor  = "#1c1c1c"
             , focusedBorderColor = "#f000b0"
-            , handleEventHook = handleShutdownEvent
-            , workspaces        = [ "dashboard", "sys", "wp" ]
+            , handleEventHook    = handleShutdownEvent
+            , workspaces         = [ "dashboard", "sys", "wp" ]
             } `additionalKeysP` myKeyMap
 
 myLayoutHook = defLayout

From c9c5fa7c872778f81868e4f30f9abcac9cd2f74d Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 5 Oct 2017 20:00:03 +0200
Subject: [PATCH 109/145] tv mu systemPackages: drop custom KDE locales

Apparently each application ships their own locales now.
See discussion at https://github.com/NixOS/nixpkgs/commit/d7e9248debe66225

nixpkgs-17.09 fixup
---
 tv/1systems/mu/config.nix | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix
index 501200c1f..10d7b2197 100644
--- a/tv/1systems/mu/config.nix
+++ b/tv/1systems/mu/config.nix
@@ -52,9 +52,6 @@ with import <stockholm/lib>;
   networking.networkmanager.enable = true;
 
   environment.systemPackages = with pkgs; [
-    (pkgs.kdeApplications.callPackage
-      (import <nixpkgs/pkgs/applications/kde/kde-locale-5.nix> "de" {})
-      {})
     chromium
     firefoxWrapper
     gimp

From edeb11956553242749a35c9459b45c7bb079881e Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 5 Oct 2017 23:11:27 +0200
Subject: [PATCH 110/145] tv: add deploy alias

---
 tv/2configs/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 9ad0253a3..f418b9ff0 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -80,6 +80,12 @@ with import <stockholm/lib>;
         dmesg = "dmesg -L --reltime";
         view = "vim -R";
 
+        deploy = pkgs.writeDash "deploy" ''
+          set -eu
+          cd ~/stockholm
+          export SYSTEM="$1"
+          exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
+        '';
         reload = "systemctl reload";
         restart = "systemctl restart";
         start = "systemctl start";

From 9d0e857dad5efb4778ebc4a773ad4b313000145c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 7 Oct 2017 11:29:04 +0200
Subject: [PATCH 111/145] ma x.r: disabel remode building again

---
 makefu/1systems/cake/config.nix | 3 +++
 makefu/1systems/x/config.nix    | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix
index 444c99a22..35eac3ab4 100644
--- a/makefu/1systems/cake/config.nix
+++ b/makefu/1systems/cake/config.nix
@@ -21,6 +21,9 @@
   services.nixosManual.enable = false;
   boot.tmpOnTmpfs = lib.mkForce false;
 
+  hardware.enableRedistributableFirmware = true;
+  networking.wireless.enable = true;
+
 # File systems configuration for using the installer's partition layout
   fileSystems = {
     "/boot" = {
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 443f912d8..f7db75564 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -57,7 +57,7 @@ with import <stockholm/lib>;
       <stockholm/makefu/2configs/tor.nix>
       <stockholm/makefu/2configs/vpn/vpngate.nix>
       # <stockholm/makefu/2configs/buildbot-standalone.nix>
-      <stockholm/makefu/2configs/remote-build/master.nix>
+      # <stockholm/makefu/2configs/remote-build/master.nix>
 
       # Hardware
       <stockholm/makefu/2configs/hw/tp-x230.nix>

From 9062524b1f9119973e1a96a5692a33b466389674 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 7 Oct 2017 11:29:43 +0200
Subject: [PATCH 112/145] ma source: bump to latest unstable

---
 makefu/source.nix | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/makefu/source.nix b/makefu/source.nix
index a29d09008..204ca9943 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -11,14 +11,9 @@ let
               then "buildbot"
               else "makefu";
   _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
-  ref = "59e7765"; # unstable @ 2017-09-04
-                   # + graceful requests2 (a772c3a)
-                   # + mitmproxy fix      (eee2d17)
-                   # + tpm-tools fix      (5cb9987)
-                   # + dnscrypt-wrapper   (25703c3)
-                   # + lass wvstream fix  (76f4910,37cc2bc,0d48837)
+  ref = "e8df69d"; # unstable @ 2017-10-07
+                   # + revert wvdial (76f4910)
                    # + ruby stuff (2f0b17e4be9,55a952be5b5)
-                   # + proot aarch64 fix (05d2603173d)
 
 in
   evalSource (toString _file) [

From ff4ed7790249fdd3d9878292ea27a37a1df019f9 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 7 Oct 2017 11:30:35 +0200
Subject: [PATCH 113/145] ma devpi: use devpi-client from upstream

---
 makefu/5pkgs/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 96975e54f..e99aa696b 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -24,7 +24,7 @@ in {
     alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";};
     alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";};
     qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { };
-    inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client;
+    inherit (callPackage ./devpi {}) devpi-web devpi-server;
     nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {};
     inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: {
       patches = [ ./custom/inkscape/dxf_fix.patch ];

From 4d196ceaeac2f33487c9aa442994ded3305b7b75 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 7 Oct 2017 11:41:06 +0200
Subject: [PATCH 114/145] ma pkgs.drozer: fix build

---
 makefu/5pkgs/drozer/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makefu/5pkgs/drozer/default.nix b/makefu/5pkgs/drozer/default.nix
index 885777be4..3df67d07e 100644
--- a/makefu/5pkgs/drozer/default.nix
+++ b/makefu/5pkgs/drozer/default.nix
@@ -5,7 +5,7 @@ pythonPackages.buildPythonApplication rec {
   version = "2.4.3";
   buildInputs = [ jdk7 ];
   propagatedBuildInputs = with pythonPackages; [
-    protobuf3_2
+    protobuf
     pyopenssl
     pyyaml
   ] ++ [

From 1124548642eeda9225cd223b2c4de12e0240d02f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 7 Oct 2017 11:56:36 +0200
Subject: [PATCH 115/145] move Reaktors to hotdog.r

---
 krebs/1systems/hotdog/config.nix              | 2 ++
 {lass => krebs}/2configs/reaktor-krebs.nix    | 0
 {lass => krebs}/2configs/reaktor-retiolum.nix | 0
 lass/1systems/prism/config.nix                | 2 --
 4 files changed, 2 insertions(+), 2 deletions(-)
 rename {lass => krebs}/2configs/reaktor-krebs.nix (100%)
 rename {lass => krebs}/2configs/reaktor-retiolum.nix (100%)

diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 7f49f9485..4fdb53ae7 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -13,6 +13,8 @@
     <stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
     <stockholm/krebs/2configs/binary-cache/nixos.nix>
     <stockholm/krebs/2configs/ircd.nix>
+    <stockholm/krebs/2configs/reaktor-krebs.nix>
+    <stockholm/krebs/2configs/reaktor-retiolum.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.hotdog;
diff --git a/lass/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix
similarity index 100%
rename from lass/2configs/reaktor-krebs.nix
rename to krebs/2configs/reaktor-krebs.nix
diff --git a/lass/2configs/reaktor-retiolum.nix b/krebs/2configs/reaktor-retiolum.nix
similarity index 100%
rename from lass/2configs/reaktor-retiolum.nix
rename to krebs/2configs/reaktor-retiolum.nix
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 8e44b113b..eadda5270 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -230,8 +230,6 @@ in {
     <stockholm/lass/2configs/paste.nix>
     <stockholm/lass/2configs/syncthing.nix>
     <stockholm/lass/2configs/reaktor-coders.nix>
-    <stockholm/lass/2configs/reaktor-krebs.nix>
-    <stockholm/lass/2configs/reaktor-retiolum.nix>
     <stockholm/lass/2configs/ciko.nix>
     <stockholm/lass/2configs/container-networking.nix>
     { # quasi bepasty.nix

From c439cab61d4d8a54e82ee39087a584a4683d8e86 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Oct 2017 12:29:29 +0200
Subject: [PATCH 116/145] ma tools/steam: remove override

---
 makefu/2configs/tools/steam.nix | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/makefu/2configs/tools/steam.nix b/makefu/2configs/tools/steam.nix
index 200ea4719..048c1d1a3 100644
--- a/makefu/2configs/tools/steam.nix
+++ b/makefu/2configs/tools/steam.nix
@@ -1,9 +1,7 @@
 {pkgs, ...}:
 {
   users.users.makefu.packages = [
-    (pkgs.steam.override {
-      newStdcpp = true;
-    })
+    pkgs.steam
   ];
   hardware.opengl.driSupport32Bit = true;
   hardware.pulseaudio.support32Bit = true;

From 0fc520d416555c77c817bdbfc04d1b0b59567cbd Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Oct 2017 17:36:33 +0200
Subject: [PATCH 117/145] ma pkgs.inkscape: update patch

---
 makefu/5pkgs/custom/inkscape/dxf_fix.patch | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/makefu/5pkgs/custom/inkscape/dxf_fix.patch b/makefu/5pkgs/custom/inkscape/dxf_fix.patch
index 5ea0a073e..b7b491d4e 100644
--- a/makefu/5pkgs/custom/inkscape/dxf_fix.patch
+++ b/makefu/5pkgs/custom/inkscape/dxf_fix.patch
@@ -1,13 +1,12 @@
---- ./share/extensions/dxf_outlines.py	2017-02-14 00:46:57.000000000 +0100
-+++ ./share/extensions/dxf_outlines.py.new	2017-05-10 04:15:03.000000000 +0200
-@@ -340,7 +340,7 @@
-         scale = eval(self.options.units)
+--- ./share/extensions/dxf_outlines.py	2017-10-08 17:28:45.553368917 +0200
++++ ./share/extensions/dxf_outlines.py.new	2017-10-08 17:29:20.172554152 +0200
+@@ -341,7 +341,7 @@
          if not scale:
              scale = 25.4/96     # if no scale is specified, assume inch as baseunit
+         scale /= self.unittouu('1px')
 -        h = self.unittouu(self.document.getroot().xpath('@height', namespaces=inkex.NSS)[0])
-+        h = self.unittouu(self.getDocumentHeight())
++        h = self.unittouu(self.documentHeight())
          self.groupmat = [[[scale, 0.0, 0.0], [0.0, -scale, h*scale]]]
          doc = self.document.getroot()
          self.process_group(doc)
 
-

From af8b7001a66fe016f8ab995601d8fec076c80650 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Oct 2017 19:59:28 +0200
Subject: [PATCH 118/145] ma europastats: request2 -> requests

---
 makefu/2configs/stats/telegraf/europastats.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makefu/2configs/stats/telegraf/europastats.nix b/makefu/2configs/stats/telegraf/europastats.nix
index 9249280c5..2ab62766a 100644
--- a/makefu/2configs/stats/telegraf/europastats.nix
+++ b/makefu/2configs/stats/telegraf/europastats.nix
@@ -4,7 +4,7 @@ let
     rev = "be31da7";
     name = "europastats-${rev}";
     propagatedBuildInputs = [
-      requests2
+      requests
       docopt
     ];
     src = pkgs.fetchgit {

From fe10f694af00f3e0f4569759ed47e590182e26e7 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Oct 2017 20:05:32 +0200
Subject: [PATCH 119/145] ma source: add patch for mitmproxy

---
 makefu/source.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/makefu/source.nix b/makefu/source.nix
index 204ca9943..013426195 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -11,9 +11,10 @@ let
               then "buildbot"
               else "makefu";
   _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
-  ref = "e8df69d"; # unstable @ 2017-10-07
+  ref = "727a3a3"; # unstable @ 2017-10-07
                    # + revert wvdial (76f4910)
                    # + ruby stuff (2f0b17e4be9,55a952be5b5)
+                   # + mitmproxy fix (360a5efd,ef52c95b)
 
 in
   evalSource (toString _file) [

From e230eaa0a22d1f23e3f53a62d113d2889be32598 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Oct 2017 22:20:46 +0200
Subject: [PATCH 120/145] makefu: add makefu-android identity

---
 krebs/3modules/makefu/default.nix     | 4 ++++
 makefu/2configs/git/cgit-retiolum.nix | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index d80935683..0e6e5e7e1 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -1031,6 +1031,10 @@ with import <stockholm/lib>;
       inherit (makefu) mail pgp;
       pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum";
     };
+    makefu-android = {
+      inherit (makefu) mail pgp;
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x";
+    };
     makefu-bob = {
       inherit (makefu) mail pgp;
       pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index ed890fe40..da246f66a 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -68,7 +68,7 @@ let
 
   # TODO: get the list of all krebsministers
   krebsminister = with config.krebs.users; [ lass tv ];
-  all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob makefu-tempx ];
+  all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob makefu-tempx makefu-android ];
   all-exco = with config.krebs.users; [ exco ];
 
   priv-rules = repo: set-owners repo all-makefu;

From f7f1d7a4462a801f23c3483fb1c3d2a4130a5240 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Oct 2017 22:21:16 +0200
Subject: [PATCH 121/145] ma cake.r: add firmware for wifi

---
 makefu/1systems/cake/config.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix
index 35eac3ab4..e8438e50d 100644
--- a/makefu/1systems/cake/config.nix
+++ b/makefu/1systems/cake/config.nix
@@ -22,6 +22,20 @@
   boot.tmpOnTmpfs = lib.mkForce false;
 
   hardware.enableRedistributableFirmware = true;
+  hardware.firmware = [
+    (pkgs.stdenv.mkDerivation {
+     name = "broadcom-rpi3-rest";
+     src = pkgs.fetchurl {
+     url = "https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/54bab3d/brcm80211/brcm/brcmfmac43430-sdio.txt";
+     sha256 = "19bmdd7w0xzybfassn7x4rb30l70vynnw3c80nlapna2k57xwbw7";
+     };
+     phases = [ "installPhase" ];
+     installPhase = ''
+     mkdir -p $out/lib/firmware/brcm
+     cp $src $out/lib/firmware/brcm/brcmfmac43430-sdio.txt
+     '';
+     })
+  ];
   networking.wireless.enable = true;
 
 # File systems configuration for using the installer's partition layout

From 903a1182b5c27cf0c07d267f136a0f2e5be3d89b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Oct 2017 23:14:14 +0200
Subject: [PATCH 122/145] gum.r: disable privkey setting via krebs

manually configure the secrets instead
---
 krebs/3modules/makefu/default.nix           | 3 ++-
 makefu/1systems/gum/config.nix              | 4 +++-
 makefu/6tests/data/secrets/ssh_host_rsa_key | 0
 3 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 makefu/6tests/data/secrets/ssh_host_rsa_key

diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 0e6e5e7e1..401cba97a 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -580,7 +580,8 @@ with import <stockholm/lib>;
           '';
         };
       };
-      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+      # configured manually
+      # ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
     };
     shoney = rec {
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index e1357ff01..e769b1e22 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -81,7 +81,9 @@ in {
   ];
   makefu.dl-dir = "/var/download";
 
-
+  services.openssh.hostKeys = [
+    { bits = 4096; path = <secrets/ssh_host_rsa_key>; type = "rsa"; }
+    { path = <secrets/ssh_host_ed25519_key>; type = "ed25519"; } ];
   ###### stable
   services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
   krebs.build.host = config.krebs.hosts.gum;
diff --git a/makefu/6tests/data/secrets/ssh_host_rsa_key b/makefu/6tests/data/secrets/ssh_host_rsa_key
new file mode 100644
index 000000000..e69de29bb

From 4cccda61fbfcbea3b59ca5d0be5d52a3571e0fdd Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 9 Oct 2017 11:05:02 +0200
Subject: [PATCH 123/145] l daedalus.r: add steam & games

---
 lass/1systems/daedalus/config.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index e1bce5da8..9760272ac 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -9,6 +9,8 @@ with import <stockholm/lib>;
 
     <stockholm/lass/2configs/retiolum.nix>
     <stockholm/lass/2configs/backups.nix>
+    <stockholm/lass/2configs/games.nix>
+    <stockholm/lass/2configs/steam.nix>
     {
       # bubsy config
       users.users.bubsy = {

From d3b00fa8e7d0727a6a68590a41afec060c930745 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 9 Oct 2017 11:05:26 +0200
Subject: [PATCH 124/145] l daedalus.r: add pkgs.audacity

---
 lass/1systems/daedalus/config.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index 9760272ac..7b90ebb63 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -36,6 +36,7 @@ with import <stockholm/lib>;
         hexchat
         networkmanagerapplet
         libreoffice
+        audacity
       ];
       services.xserver.enable = true;
       services.xserver.displayManager.lightdm.enable = true;

From 31d6903c8cc4bacbb0ee6408eb8305544fa42117 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 9 Oct 2017 12:03:57 +0200
Subject: [PATCH 125/145] l helios.r: add multihead config

---
 lass/1systems/helios/config.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index a94bbd3e9..d9ecd7ae9 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -97,6 +97,11 @@ with import <stockholm/lib>;
   services.tlp.enable = true;
 
   services.xserver.videoDrivers = [ "nvidia" ];
+  services.xserver.xrandrHeads = [
+    { output = "DP-0.8"; }
+    { output = "DP-4"; monitorConfig = ''Option "Rotate" "right"''; }
+    { output = "DP-2"; primary = true; }
+  ];
 
   security.pki.certificateFiles = [
    (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })

From a3f45e80aeffe7223631793dcb48f9cabfe7215a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 9 Oct 2017 13:02:14 +0200
Subject: [PATCH 126/145] l: use hack fonts everywhere

---
 lass/1systems/helios/config.nix |  4 +++-
 lass/2configs/baseX.nix         | 23 ++++++++++++++++++-----
 lass/2configs/xresources.nix    |  6 ++++--
 lass/5pkgs/xmonad-lass.nix      |  2 +-
 4 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index d9ecd7ae9..6db6f8fd1 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -45,7 +45,9 @@ with import <stockholm/lib>;
     {
       services.xserver.dpi = 200;
       fonts.fontconfig.dpi = 200;
-      lass.myFont = "-schumacher-clean-*-*-*-*-25-*-*-*-*-*-iso10646-1";
+      lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola";
+      lass.fonts.bold =    "xft:Hack-Bold:pixelsize=22,xft:Symbola";
+      lass.fonts.italic =  "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol";
     }
     { #TAPIR, AGATIS, sentral, a3 - foo
       services.redis.enable = true;
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index f6390ce4d..9d4ad8c6a 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -28,9 +28,19 @@ in {
       '';
     }
     { #font magic
-      options.lass.myFont = mkOption {
-        type = types.str;
-        default = "-schumacher-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
+      options.lass.fonts = {
+        regular = mkOption {
+          type = types.str;
+          default = "xft:Hack-Regular:pixelsize=11,xft:Symbola";
+        };
+        bold = mkOption {
+          type = types.str;
+          default = "xft:Hack-Bold:pixelsize=11,xft:Symbola";
+        };
+        italic = mkOption {
+          type = types.str;
+          default = "xft:Hack-RegularOblique:pixelsize=11,xft:Symbol";
+        };
       };
     }
   ];
@@ -82,8 +92,11 @@ in {
     termite
   ];
 
-  fonts.fonts = [
-    pkgs.xlibs.fontschumachermisc
+  fonts.fonts = with pkgs; [
+    hack-font
+    hasklig
+    symbola
+    xlibs.fontschumachermisc
   ];
 
   services.xserver = {
diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix
index adbcd353d..a3c54f3a1 100644
--- a/lass/2configs/xresources.nix
+++ b/lass/2configs/xresources.nix
@@ -8,8 +8,10 @@ let
     URxvt*scrollBar: false
     URxvt*urgentOnBell: true
     URxvt*SaveLines: 4096
-    URxvt*font: ${config.lass.myFont}
-    URxvt*boldFont: ${config.lass.myFont}
+
+    URxvt.font:       ${config.lass.fonts.regular}
+    URxvt.boldFont:   ${config.lass.fonts.bold}
+    URxvt.italicFont: ${config.lass.fonts.italic}
 
     ! ref https://github.com/muennich/urxvt-perls
     URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix
index b86ce358e..5d0cf0cab 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/xmonad-lass.nix
@@ -52,7 +52,7 @@ urxvtcPath :: FilePath
 urxvtcPath = "${pkgs.rxvt_unicode}/bin/urxvtc"
 
 myFont :: String
-myFont = "${config.lass.myFont}"
+myFont = "${config.lass.fonts.regular}"
 
 main :: IO ()
 main = getArgs >>= \case

From 1b6956cb0d5ba3c28cb770a38e667ae10739f2b9 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 9 Oct 2017 13:19:27 +0200
Subject: [PATCH 127/145] l mors.r: add deploy/predeploy helpers

---
 lass/1systems/mors/config.nix | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 8b90cce77..610bfef8e 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -157,4 +157,38 @@ with import <stockholm/lib>;
   krebs.repo-sync.timerConfig = {
     OnCalendar = "00:37";
   };
+
+  environment.shellAliases = {
+    deploy = pkgs.writeDash "deploy" ''
+      set -eu
+      export PATH=${makeBinPath [
+        pkgs.bash
+        pkgs.coreutils
+        pkgs.nix
+        (pkgs.writeDashBin "is-git-crypt-locked" ''
+          magic=$(dd status=none if="$1" skip=1 bs=1 count=8)
+          test "$magic" = GITCRYPT
+        '')
+      ]}
+      cd ~/stockholm
+      export SYSTEM="$1"
+      if is-git-crypt-locked ~/secrets/ready; then
+        echo 'secrets are crypted' >&2
+        exit 23
+      else
+        exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
+      fi
+    '';
+    predeploy = pkgs.writeDash "predeploy" ''
+      set -eu
+      export PATH=${makeBinPath [
+        pkgs.bash
+        pkgs.coreutils
+        pkgs.nix
+      ]}
+      cd ~/stockholm
+      export SYSTEM="$1"
+      exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate'
+    '';
+  };
 }

From 15f8ae3a5377036f3ace30f099f4287c74121ce9 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 9 Oct 2017 13:21:59 +0200
Subject: [PATCH 128/145] l prism.r: start minecraft server

---
 lass/1systems/prism/config.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index eadda5270..30d5c8dab 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -265,6 +265,13 @@ in {
         alias /var/realwallpaper/realwallpaper.png;
       '';
     }
+    {
+      services.minecraft-server.enable = true;
+      krebs.iptables.tables.filter.INPUT.rules = [
+        { predicate = "-p tcp --dport 25565"; target = "ACCEPT"; }
+        { predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
+      ];
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.prism;

From acb02ae901ec6d94ff0133d7c92286bc285b62d3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 9 Oct 2017 13:22:42 +0200
Subject: [PATCH 129/145] l: add pkgs.file

---
 lass/2configs/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index e96f4dc7e..f745dc4a1 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -119,6 +119,7 @@ with import <stockholm/lib>;
     aria2
 
   #neat utils
+    file
     kpaste
     krebspaste
     mosh

From f34e78cab5f4a10a8e8e2a5c8ef99a1e643c23cf Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 9 Oct 2017 13:23:11 +0200
Subject: [PATCH 130/145] l dns-stuff: add gum as resolver

---
 lass/2configs/dns-stuff.nix | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lass/2configs/dns-stuff.nix b/lass/2configs/dns-stuff.nix
index 0c96e6e91..e305145f5 100644
--- a/lass/2configs/dns-stuff.nix
+++ b/lass/2configs/dns-stuff.nix
@@ -4,7 +4,12 @@ with import <stockholm/lib>;
   services.dnscrypt-proxy = {
     enable = true;
     localAddress = "127.1.0.1";
-    resolverName = "cs-de";
+    customResolver = {
+      address = config.krebs.hosts.gum.nets.internet.ip4.addr;
+      port = 15251;
+      name = "2.dnscrypt-cert.euer.krebsco.de";
+      key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C";
+    };
   };
   services.dnsmasq = {
     enable = true;
@@ -17,8 +22,6 @@ with import <stockholm/lib>;
       all-servers
       dnssec
       trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
-      address=/blog/127.0.0.1
-      address=/blog/::1
       rebind-domain-ok=/onion/
       server=/.onion/127.0.0.1#9053
       port=53

From 80788b158f5b13ad7b638cc8252d5a7b905092df Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 9 Oct 2017 13:23:49 +0200
Subject: [PATCH 131/145] l mail: show inbox less strictly

---
 lass/2configs/mail.nix | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 7a9881186..91127f737 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -74,12 +74,9 @@ let
     virtual-mailboxes \
         "Unread"    "notmuch://?query=tag:unread"\
         "INBOX"     "notmuch://?query=tag:inbox \
-                     and NOT tag:killed \
-                     and NOT to:shackspace \
-                     and NOT to:c-base \
-                     and NOT from:security-alert@hpe.com \
                      and NOT to:nix-devel\
-                     and NOT to:radio"\
+                     and NOT to:shackspace\
+                     and NOT to:c-base" \
         "shack"     "notmuch://?query=to:shackspace"\
         "c-base"    "notmuch://?query=to:c-base"\
         "security"  "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\

From 95d1e35049e786415116e262062f3dba6ea736c0 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 9 Oct 2017 13:24:54 +0200
Subject: [PATCH 132/145] l vim: add ack-vim

---
 lass/2configs/vim.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index 71c3aaada..698344b09 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -97,10 +97,13 @@ let
     noremap <esc>[b <nop> | noremap! <esc>[b <nop>
     noremap <esc>[c <nop> | noremap! <esc>[c <nop>
     noremap <esc>[d <nop> | noremap! <esc>[d <nop>
-    vnoremap u <nop>
+
+    let g:ackprg = 'ag --vimgrep'
+    cnoreabbrev Ack Ack!
   '';
 
   extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
+    pkgs.vimPlugins.ack-vim
     pkgs.vimPlugins.Gundo
     pkgs.vimPlugins.Syntastic
     pkgs.vimPlugins.undotree

From 71e25af663f7b620a2adffa4ac5e0eeaef548a81 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 9 Oct 2017 13:25:28 +0200
Subject: [PATCH 133/145] l pkgs.xmonad: urxvtcPath -> myTerm

---
 lass/5pkgs/xmonad-lass.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix
index 5d0cf0cab..997b60b8f 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/xmonad-lass.nix
@@ -48,8 +48,8 @@ import XMonad.Layout.SimpleFloat (simpleFloat)
 
 import XMonad.Stockholm.Shutdown
 
-urxvtcPath :: FilePath
-urxvtcPath = "${pkgs.rxvt_unicode}/bin/urxvtc"
+myTerm :: FilePath
+myTerm = "${pkgs.rxvt_unicode}/bin/urxvtc"
 
 myFont :: String
 myFont = "${config.lass.fonts.regular}"
@@ -64,7 +64,7 @@ mainNoArgs = do
     xmonad'
         $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
         $ def
-            { terminal           = urxvtcPath
+            { terminal           = myTerm
             , modMask            = mod4Mask
             , layoutHook         = smartBorders $ myLayoutHook
             , logHook            = updatePointer (0.25, 0.25) (0.25, 0.25)
@@ -115,8 +115,8 @@ myKeyMap =
     , ("M4-S-<Backspace>", removeEmptyWorkspace)
     , ("M4-S-c", kill1)
     , ("M4-<Esc>", toggleWS)
-    , ("M4-S-<Enter>", spawn urxvtcPath)
-    , ("M4-x", floatNext True >> spawn urxvtcPath)
+    , ("M4-S-<Enter>", spawn myTerm)
+    , ("M4-x", floatNext True >> spawn myTerm)
     , ("M4-c", floatNext True >> spawn "${pkgs.termite}/bin/termite")
     , ("M4-f", floatNext True)
     , ("M4-b", sendMessage ToggleStruts)

From be37b4e5b3009e4b22876f39110213c191eb49ab Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 9 Oct 2017 13:54:56 +0200
Subject: [PATCH 134/145] ma tools/dev: add cdrtools

---
 makefu/2configs/tools/dev.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index 6681484fd..d3d50c433 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -16,5 +16,6 @@
     whatsupnix
     brain
     gen-oath-safe
+    cdrtools
   ];
 }

From 0652354ee674005a9e0f5477c1741fbaaa69999e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 10 Oct 2017 00:04:14 +0200
Subject: [PATCH 135/145] ma latte.r: add torrent

---
 makefu/1systems/latte/config.nix | 1 +
 makefu/1systems/latte/source.nix | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
index d532f216f..3b06660c6 100644
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@@ -26,6 +26,7 @@ in {
     <stockholm/makefu/2configs/zsh-user.nix>
     # Services
     <stockholm/makefu/2configs/remote-build/slave.nix>
+    <stockholm/makefu/2configs/torrent.nix>
 
   ];
   krebs = {
diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix
index d997fb3f0..d9600909a 100644
--- a/makefu/1systems/latte/source.nix
+++ b/makefu/1systems/latte/source.nix
@@ -1,3 +1,4 @@
 import <stockholm/makefu/source.nix> {
-  name="latte";
+  name = "latte";
+  torrent = true;
 }

From 42ec8d15a33dae63638d60eb3bb45d3ec40d12a3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 10 Oct 2017 21:56:12 +0200
Subject: [PATCH 136/145] zandroum: RIP

---
 krebs/5pkgs/simple/zandronum-bin/default.nix | 83 --------------------
 1 file changed, 83 deletions(-)
 delete mode 100644 krebs/5pkgs/simple/zandronum-bin/default.nix

diff --git a/krebs/5pkgs/simple/zandronum-bin/default.nix b/krebs/5pkgs/simple/zandronum-bin/default.nix
deleted file mode 100644
index e97f46add..000000000
--- a/krebs/5pkgs/simple/zandronum-bin/default.nix
+++ /dev/null
@@ -1,83 +0,0 @@
-{ stdenv
-, atk
-, bzip2
-, cairo
-, fetchurl
-, fluidsynth
-, fontconfig
-, freetype
-, gdk_pixbuf
-, glib
-, gtk2
-, libjpeg_turbo
-, mesa_glu
-, mesa_noglu
-, openssl
-, pango
-, SDL
-, zlib
-, makeWrapper
-}:
-
-stdenv.mkDerivation rec {
-  name = "zandronum-3.0";
-
-  src = fetchurl {
-    url = "http://zandronum.com/downloads/testing/3.0/ZandroDev3.0-170205-2117linux-x86_64.tar.bz2";
-    sha256 = "17vrzk0m5b17sp3sqcg57r7812ma97lp3qxn9hmd39fwl1z40fz3";
-  };
-
-  libPath = stdenv.lib.makeLibraryPath [
-    atk
-    bzip2
-    cairo
-    fluidsynth
-    fontconfig
-    freetype
-    gdk_pixbuf
-    glib
-    gtk2
-    libjpeg_turbo
-    mesa_glu
-    mesa_noglu
-    openssl
-    pango
-    SDL
-    stdenv.cc.cc
-    zlib
-  ];
-
-  nativeBuildInputs = [ makeWrapper ];
-
-  phases = [ "unpackPhase" "installPhase" ];
-
-  sourceRoot = ".";
-
-  installPhase = ''
-    mkdir -p $out/bin
-    mkdir -p $out/share/zandronum
-    cp *.so *.pk3 zandronum zandronum-server $out/share/zandronum
-
-    patchelf \
-      --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
-      --set-rpath $libPath:$out/share/zandronum \
-      $out/share/zandronum/zandronum
-    patchelf \
-      --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
-      --set-rpath $libPath \
-      $out/share/zandronum/zandronum-server
-
-    # If we don't set absolute argv0, zandronum.wad file is not found.
-    makeWrapper $out/share/zandronum/zandronum $out/bin/zandronum
-    makeWrapper $out/share/zandronum/zandronum-server $out/bin/zandronum-server
-  '';
-
-  meta = {
-    homepage = http://zandronum.com/;
-    description = "Multiplayer oriented port, based off Skulltag, for Doom and Doom II by id Software. Binary version for online play";
-    maintainers = [ stdenv.lib.maintainers.lassulus ];
-    # Binary version has different version string than source code version.
-    license = stdenv.lib.licenses.unfreeRedistributable;
-    platforms = [ "x86_64-linux" ];
-  };
-}

From e41288cdc288ed4c2e54b0e9da629a1b888f6016 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 10 Oct 2017 22:11:12 +0200
Subject: [PATCH 137/145] ma wvdial: re-add

---
 makefu/3modules/wvdial.nix | 71 ++++++++++++++++++++++++++++++++++++++
 makefu/source.nix          |  3 +-
 2 files changed, 72 insertions(+), 2 deletions(-)
 create mode 100644 makefu/3modules/wvdial.nix

diff --git a/makefu/3modules/wvdial.nix b/makefu/3modules/wvdial.nix
new file mode 100644
index 000000000..1ed929ed4
--- /dev/null
+++ b/makefu/3modules/wvdial.nix
@@ -0,0 +1,71 @@
+# Global configuration for wvdial.
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  configFile = ''
+    [Dialer Defaults]
+    PPPD PATH = ${pkgs.ppp}/sbin/pppd
+    ${config.environment.wvdial.dialerDefaults}
+  '';
+
+  cfg = config.environment.wvdial;
+
+in
+{
+  ###### interface
+
+  options = {
+
+    environment.wvdial = {
+
+      dialerDefaults = mkOption {
+        default = "";
+        type = types.str;
+        example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
+        description = ''
+          Contents of the "Dialer Defaults" section of
+          <filename>/etc/wvdial.conf</filename>.
+        '';
+      };
+
+      pppDefaults = mkOption {
+        default = ''
+          noipdefault
+          usepeerdns
+          defaultroute
+          persist
+          noauth
+        '';
+        type = types.str;
+        description = "Default ppp settings for wvdial.";
+      };
+
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf (cfg.dialerDefaults != "") {
+
+    environment = {
+
+      etc =
+      [
+        { source = pkgs.writeText "wvdial.conf" configFile;
+          target = "wvdial.conf";
+        }
+        { source = pkgs.writeText "wvdial" cfg.pppDefaults;
+          target = "ppp/peers/wvdial";
+        }
+      ];
+
+    };
+
+  };
+
+}
diff --git a/makefu/source.nix b/makefu/source.nix
index 013426195..8c880a8e2 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -11,8 +11,7 @@ let
               then "buildbot"
               else "makefu";
   _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
-  ref = "727a3a3"; # unstable @ 2017-10-07
-                   # + revert wvdial (76f4910)
+  ref = "809cf38"; # unstable @ 2017-10-07
                    # + ruby stuff (2f0b17e4be9,55a952be5b5)
                    # + mitmproxy fix (360a5efd,ef52c95b)
 

From b9731d4851ec4f49235c0ea9e460bd96d2ff29a9 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 10 Oct 2017 22:11:32 +0200
Subject: [PATCH 138/145] ma cake.r: add tv

---
 makefu/1systems/cake/config.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix
index e8438e50d..c287c28df 100644
--- a/makefu/1systems/cake/config.nix
+++ b/makefu/1systems/cake/config.nix
@@ -6,6 +6,9 @@
 # configure your hw:
 # <stockholm/makefu/2configs/save-diskspace.nix>
   ];
+  users.extraUsers.root.openssh.authorizedKeys.keys = [
+    config.krebs.users.tv.pubkey
+  ];
   krebs = {
     enable = true;
     tinc.retiolum.enable = true;

From cb8a0ef2b4ebb37c76ae101f44a5b97879219a08 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 10 Oct 2017 22:21:08 +0200
Subject: [PATCH 139/145] Revert "zandroum: RIP"

This reverts commit 42ec8d15a33dae63638d60eb3bb45d3ec40d12a3.
---
 krebs/5pkgs/simple/zandronum-bin/default.nix | 83 ++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 krebs/5pkgs/simple/zandronum-bin/default.nix

diff --git a/krebs/5pkgs/simple/zandronum-bin/default.nix b/krebs/5pkgs/simple/zandronum-bin/default.nix
new file mode 100644
index 000000000..e97f46add
--- /dev/null
+++ b/krebs/5pkgs/simple/zandronum-bin/default.nix
@@ -0,0 +1,83 @@
+{ stdenv
+, atk
+, bzip2
+, cairo
+, fetchurl
+, fluidsynth
+, fontconfig
+, freetype
+, gdk_pixbuf
+, glib
+, gtk2
+, libjpeg_turbo
+, mesa_glu
+, mesa_noglu
+, openssl
+, pango
+, SDL
+, zlib
+, makeWrapper
+}:
+
+stdenv.mkDerivation rec {
+  name = "zandronum-3.0";
+
+  src = fetchurl {
+    url = "http://zandronum.com/downloads/testing/3.0/ZandroDev3.0-170205-2117linux-x86_64.tar.bz2";
+    sha256 = "17vrzk0m5b17sp3sqcg57r7812ma97lp3qxn9hmd39fwl1z40fz3";
+  };
+
+  libPath = stdenv.lib.makeLibraryPath [
+    atk
+    bzip2
+    cairo
+    fluidsynth
+    fontconfig
+    freetype
+    gdk_pixbuf
+    glib
+    gtk2
+    libjpeg_turbo
+    mesa_glu
+    mesa_noglu
+    openssl
+    pango
+    SDL
+    stdenv.cc.cc
+    zlib
+  ];
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  phases = [ "unpackPhase" "installPhase" ];
+
+  sourceRoot = ".";
+
+  installPhase = ''
+    mkdir -p $out/bin
+    mkdir -p $out/share/zandronum
+    cp *.so *.pk3 zandronum zandronum-server $out/share/zandronum
+
+    patchelf \
+      --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
+      --set-rpath $libPath:$out/share/zandronum \
+      $out/share/zandronum/zandronum
+    patchelf \
+      --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
+      --set-rpath $libPath \
+      $out/share/zandronum/zandronum-server
+
+    # If we don't set absolute argv0, zandronum.wad file is not found.
+    makeWrapper $out/share/zandronum/zandronum $out/bin/zandronum
+    makeWrapper $out/share/zandronum/zandronum-server $out/bin/zandronum-server
+  '';
+
+  meta = {
+    homepage = http://zandronum.com/;
+    description = "Multiplayer oriented port, based off Skulltag, for Doom and Doom II by id Software. Binary version for online play";
+    maintainers = [ stdenv.lib.maintainers.lassulus ];
+    # Binary version has different version string than source code version.
+    license = stdenv.lib.licenses.unfreeRedistributable;
+    platforms = [ "x86_64-linux" ];
+  };
+}

From 3093042812a1dace74229869bbca1df82826a1a6 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 11 Oct 2017 17:18:30 +0200
Subject: [PATCH 140/145] ma binary-cache/lass: add new cache key

---
 makefu/2configs/binary-cache/lass.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/makefu/2configs/binary-cache/lass.nix b/makefu/2configs/binary-cache/lass.nix
index 4813eeb0f..46b386e14 100644
--- a/makefu/2configs/binary-cache/lass.nix
+++ b/makefu/2configs/binary-cache/lass.nix
@@ -7,6 +7,7 @@
     ];
     binaryCachePublicKeys = [
       "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+      "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI="
     ];
   };
 }

From 2b3ac19c26abae889bd1d63700462f418285a510 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 11 Oct 2017 17:18:45 +0200
Subject: [PATCH 141/145] ma modules.wvdial: re-init

---
 makefu/3modules/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index 00df56bee..af0e81df5 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -15,6 +15,7 @@ _:
     ./torrent.nix
     ./udpt.nix
     ./umts.nix
+    ./wvdial.nix
   ];
 }
 

From bdaa1fc9bfd1381400d11d07e44991bbf4cd8eb1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 11 Oct 2017 16:45:58 +0200
Subject: [PATCH 142/145] l eddie.r: route to edinburgh

---
 krebs/3modules/lass/default.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 534eac716..3e03e71cb 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -437,8 +437,14 @@ with import <stockholm/lib>;
           ip4.addr = "129.215.90.4";
           aliases = [ "eddie.i" ];
         };
-        retiolum = {
+        retiolum = rec {
           via = internet;
+          addrs = [
+            # edinburgh university
+            "129.215.0.0/16"
+            ip4.addr
+            ip6.addr
+          ];
           ip4.addr = "10.243.29.170";
           ip6.addr = "42:4992:6a6d:700::1";
           aliases = [ "eddie.r" ];

From 8bf55508522f44ab7ac276da6beff51f325e6e5a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 11 Oct 2017 18:12:31 +0200
Subject: [PATCH 143/145] types: add cidr and use as net.address

---
 lib/types.nix | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/lib/types.nix b/lib/types.nix
index 70570a6b3..08dc0974e 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -92,7 +92,7 @@ rec {
         default = null;
       };
       addrs = mkOption {
-        type = listOf addr;
+        type = listOf cidr;
         default =
           optional (config.ip4 != null) config.ip4.addr ++
           optional (config.ip6 != null) config.ip6.addr;
@@ -109,7 +109,7 @@ rec {
               type = addr4;
             };
             prefix = mkOption ({
-              type = str; # TODO routing prefix (CIDR)
+              type = cidr4;
             } // optionalAttrs (config.name == "retiolum") {
               default = "10.243.0.0/16";
             });
@@ -125,7 +125,7 @@ rec {
               apply = lib.normalize-ip6-addr;
             };
             prefix = mkOption ({
-              type = str; # TODO routing prefix (CIDR)
+              type = cidr6;
             } // optionalAttrs (config.name == "retiolum") {
               default = "42::/16";
             });
@@ -364,6 +364,26 @@ rec {
     merge = mergeOneOption;
   };
 
+  cidr = either cidr4 cidr6;
+  cidr4 = mkOptionType {
+    name = "CIDRv4 address";
+    check = let
+      CIDRv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in
+        concatMapStringsSep "." (const d) (range 1 4) + "(/([1-2]?[0-9]|3[0-2]))?";
+    in
+      test CIDRv4address;
+    merge = mergeOneOption;
+  };
+  cidr6 = mkOptionType {
+    name = "CIDRv6 address";
+    check = let
+      # TODO check IPv6 address harder
+      CIDRv6address = "[0-9a-f.:]+(/([0-9][0-9]?|1[0-2][0-8]))?";
+    in
+      test CIDRv6address;
+    merge = mergeOneOption;
+  };
+
   binary-cache-pubkey = str;
 
   pgp-pubkey = str;

From 75d9115b4b978185e7b164c2a95b7c6b5ec8012a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 13 Oct 2017 10:19:52 +0200
Subject: [PATCH 144/145] l nixpkgs: 1987983 -> 2231575

---
 lass/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/source.nix b/lass/source.nix
index e0af7d83c..fc24b7e87 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
         url = https://github.com/nixos/nixpkgs;
-        ref = "1987983";
+        ref = "2231575";
       };
       secrets.file = getAttr builder {
         buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

From 4667bb8e4111abde822ae57993a29929c5cc9aad Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 16 Oct 2017 17:24:48 +0200
Subject: [PATCH 145/145] l nixpkgs: 2231575 -> 68ef4b1

---
 lass/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/source.nix b/lass/source.nix
index fc24b7e87..bd0395bcd 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
         url = https://github.com/nixos/nixpkgs;
-        ref = "2231575";
+        ref = "68ef4b1";
       };
       secrets.file = getAttr builder {
         buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;