From 6ee5c58282ee4bf71ca20ef996d863b427028604 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 2 Oct 2017 09:59:30 +0200
Subject: [PATCH 01/16] ma urlwatch: add iozone

---
 makefu/2configs/urlwatch/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix
index 2eecd6428..677950f43 100644
--- a/makefu/2configs/urlwatch/default.nix
+++ b/makefu/2configs/urlwatch/default.nix
@@ -35,6 +35,7 @@ in {
       http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
       https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
       https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack
+      http://www.iozone.org/src/current/
 
       {
         url = https://newellrubbermaid.secure.force.com/dymopkb/articles/en_US/FAQ/Dymo-Drivers-and-Downloads/?l=en_US&c=Segment:Dymo&fs=Search&pn=1 ;

From f8eeed31f27528b1aef90d60ce97c599288f4dd2 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 3 Oct 2017 15:42:42 +0200
Subject: [PATCH 02/16] ma cake.r: disable tmpfs

---
 makefu/1systems/cake/config.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix
index 826af24e7..444c99a22 100644
--- a/makefu/1systems/cake/config.nix
+++ b/makefu/1systems/cake/config.nix
@@ -1,7 +1,8 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 {
   imports = [
     <stockholm/makefu>
+    <stockholm/makefu/2configs/tools/core.nix>
 # configure your hw:
 # <stockholm/makefu/2configs/save-diskspace.nix>
   ];
@@ -18,6 +19,7 @@
   programs.info.enable = false;
   programs.man.enable = false;
   services.nixosManual.enable = false;
+  boot.tmpOnTmpfs = lib.mkForce false;
 
 # File systems configuration for using the installer's partition layout
   fileSystems = {

From 6513f6a8233e7b542015199388a149642e6a50eb Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 3 Oct 2017 15:42:59 +0200
Subject: [PATCH 03/16] ma cake.r/source: full deploy

---
 makefu/1systems/cake/source.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/makefu/1systems/cake/source.nix b/makefu/1systems/cake/source.nix
index 797417a1d..cd97a7c62 100644
--- a/makefu/1systems/cake/source.nix
+++ b/makefu/1systems/cake/source.nix
@@ -1,3 +1,4 @@
 import <stockholm/makefu/source.nix> {
   name="cake";
-}
\ No newline at end of file
+  full = true;
+}

From d5cd048bc3b9d541e93d7e2c4ac499b4c6fc759b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 3 Oct 2017 15:43:46 +0200
Subject: [PATCH 04/16] ma tools: use wireshark from options

---
 makefu/2configs/tools/sec-gui.nix | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/makefu/2configs/tools/sec-gui.nix b/makefu/2configs/tools/sec-gui.nix
index 2db3e4391..95f130ae8 100644
--- a/makefu/2configs/tools/sec-gui.nix
+++ b/makefu/2configs/tools/sec-gui.nix
@@ -1,8 +1,15 @@
 { pkgs, ... }:
 
 {
-  krebs.per-user.makefu.packages = with pkgs; [
-    tpmmanager
-    wireshark
-  ];
+  users.users.makefu = {
+    extraGroups = [ "wireshark" ];
+    packages = with pkgs; [
+      tpmmanager
+    ];
+  };
+
+  programs.wireshark = {
+    enable = true;
+    package = pkgs.wireshark;
+  };
 }

From 52f9105027a7c2d70145d7d2db69452e148b2158 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 3 Oct 2017 15:44:13 +0200
Subject: [PATCH 05/16] ma server-config: retab

---
 makefu/3modules/server-config.nix | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/makefu/3modules/server-config.nix b/makefu/3modules/server-config.nix
index 846642580..9cac59205 100644
--- a/makefu/3modules/server-config.nix
+++ b/makefu/3modules/server-config.nix
@@ -1,15 +1,14 @@
 {config, lib, pkgs, ... }:
 
-with import <stockholm/lib>;
-{
+with lib;{
   options.makefu.server.primary-itf = lib.mkOption {
-		type = types.str;
-		description = "Primary interface of the server";
-	};
+    type = types.str;
+    description = "Primary interface of the server";
+  };
   options.makefu.gui.user = lib.mkOption {
-		type = types.str;
-		description = "GUI user";
+    type = types.str;
+    description = "GUI user";
     default = config.krebs.build.user.name;
-	};
+  };
 }
 

From 9d0e857dad5efb4778ebc4a773ad4b313000145c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 7 Oct 2017 11:29:04 +0200
Subject: [PATCH 06/16] ma x.r: disabel remode building again

---
 makefu/1systems/cake/config.nix | 3 +++
 makefu/1systems/x/config.nix    | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix
index 444c99a22..35eac3ab4 100644
--- a/makefu/1systems/cake/config.nix
+++ b/makefu/1systems/cake/config.nix
@@ -21,6 +21,9 @@
   services.nixosManual.enable = false;
   boot.tmpOnTmpfs = lib.mkForce false;
 
+  hardware.enableRedistributableFirmware = true;
+  networking.wireless.enable = true;
+
 # File systems configuration for using the installer's partition layout
   fileSystems = {
     "/boot" = {
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 443f912d8..f7db75564 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -57,7 +57,7 @@ with import <stockholm/lib>;
       <stockholm/makefu/2configs/tor.nix>
       <stockholm/makefu/2configs/vpn/vpngate.nix>
       # <stockholm/makefu/2configs/buildbot-standalone.nix>
-      <stockholm/makefu/2configs/remote-build/master.nix>
+      # <stockholm/makefu/2configs/remote-build/master.nix>
 
       # Hardware
       <stockholm/makefu/2configs/hw/tp-x230.nix>

From 9062524b1f9119973e1a96a5692a33b466389674 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 7 Oct 2017 11:29:43 +0200
Subject: [PATCH 07/16] ma source: bump to latest unstable

---
 makefu/source.nix | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/makefu/source.nix b/makefu/source.nix
index a29d09008..204ca9943 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -11,14 +11,9 @@ let
               then "buildbot"
               else "makefu";
   _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
-  ref = "59e7765"; # unstable @ 2017-09-04
-                   # + graceful requests2 (a772c3a)
-                   # + mitmproxy fix      (eee2d17)
-                   # + tpm-tools fix      (5cb9987)
-                   # + dnscrypt-wrapper   (25703c3)
-                   # + lass wvstream fix  (76f4910,37cc2bc,0d48837)
+  ref = "e8df69d"; # unstable @ 2017-10-07
+                   # + revert wvdial (76f4910)
                    # + ruby stuff (2f0b17e4be9,55a952be5b5)
-                   # + proot aarch64 fix (05d2603173d)
 
 in
   evalSource (toString _file) [

From ff4ed7790249fdd3d9878292ea27a37a1df019f9 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 7 Oct 2017 11:30:35 +0200
Subject: [PATCH 08/16] ma devpi: use devpi-client from upstream

---
 makefu/5pkgs/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 96975e54f..e99aa696b 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -24,7 +24,7 @@ in {
     alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";};
     alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";};
     qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { };
-    inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client;
+    inherit (callPackage ./devpi {}) devpi-web devpi-server;
     nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {};
     inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: {
       patches = [ ./custom/inkscape/dxf_fix.patch ];

From 4d196ceaeac2f33487c9aa442994ded3305b7b75 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 7 Oct 2017 11:41:06 +0200
Subject: [PATCH 09/16] ma pkgs.drozer: fix build

---
 makefu/5pkgs/drozer/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makefu/5pkgs/drozer/default.nix b/makefu/5pkgs/drozer/default.nix
index 885777be4..3df67d07e 100644
--- a/makefu/5pkgs/drozer/default.nix
+++ b/makefu/5pkgs/drozer/default.nix
@@ -5,7 +5,7 @@ pythonPackages.buildPythonApplication rec {
   version = "2.4.3";
   buildInputs = [ jdk7 ];
   propagatedBuildInputs = with pythonPackages; [
-    protobuf3_2
+    protobuf
     pyopenssl
     pyyaml
   ] ++ [

From c439cab61d4d8a54e82ee39087a584a4683d8e86 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Oct 2017 12:29:29 +0200
Subject: [PATCH 10/16] ma tools/steam: remove override

---
 makefu/2configs/tools/steam.nix | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/makefu/2configs/tools/steam.nix b/makefu/2configs/tools/steam.nix
index 200ea4719..048c1d1a3 100644
--- a/makefu/2configs/tools/steam.nix
+++ b/makefu/2configs/tools/steam.nix
@@ -1,9 +1,7 @@
 {pkgs, ...}:
 {
   users.users.makefu.packages = [
-    (pkgs.steam.override {
-      newStdcpp = true;
-    })
+    pkgs.steam
   ];
   hardware.opengl.driSupport32Bit = true;
   hardware.pulseaudio.support32Bit = true;

From 0fc520d416555c77c817bdbfc04d1b0b59567cbd Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Oct 2017 17:36:33 +0200
Subject: [PATCH 11/16] ma pkgs.inkscape: update patch

---
 makefu/5pkgs/custom/inkscape/dxf_fix.patch | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/makefu/5pkgs/custom/inkscape/dxf_fix.patch b/makefu/5pkgs/custom/inkscape/dxf_fix.patch
index 5ea0a073e..b7b491d4e 100644
--- a/makefu/5pkgs/custom/inkscape/dxf_fix.patch
+++ b/makefu/5pkgs/custom/inkscape/dxf_fix.patch
@@ -1,13 +1,12 @@
---- ./share/extensions/dxf_outlines.py	2017-02-14 00:46:57.000000000 +0100
-+++ ./share/extensions/dxf_outlines.py.new	2017-05-10 04:15:03.000000000 +0200
-@@ -340,7 +340,7 @@
-         scale = eval(self.options.units)
+--- ./share/extensions/dxf_outlines.py	2017-10-08 17:28:45.553368917 +0200
++++ ./share/extensions/dxf_outlines.py.new	2017-10-08 17:29:20.172554152 +0200
+@@ -341,7 +341,7 @@
          if not scale:
              scale = 25.4/96     # if no scale is specified, assume inch as baseunit
+         scale /= self.unittouu('1px')
 -        h = self.unittouu(self.document.getroot().xpath('@height', namespaces=inkex.NSS)[0])
-+        h = self.unittouu(self.getDocumentHeight())
++        h = self.unittouu(self.documentHeight())
          self.groupmat = [[[scale, 0.0, 0.0], [0.0, -scale, h*scale]]]
          doc = self.document.getroot()
          self.process_group(doc)
 
-

From af8b7001a66fe016f8ab995601d8fec076c80650 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Oct 2017 19:59:28 +0200
Subject: [PATCH 12/16] ma europastats: request2 -> requests

---
 makefu/2configs/stats/telegraf/europastats.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makefu/2configs/stats/telegraf/europastats.nix b/makefu/2configs/stats/telegraf/europastats.nix
index 9249280c5..2ab62766a 100644
--- a/makefu/2configs/stats/telegraf/europastats.nix
+++ b/makefu/2configs/stats/telegraf/europastats.nix
@@ -4,7 +4,7 @@ let
     rev = "be31da7";
     name = "europastats-${rev}";
     propagatedBuildInputs = [
-      requests2
+      requests
       docopt
     ];
     src = pkgs.fetchgit {

From fe10f694af00f3e0f4569759ed47e590182e26e7 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Oct 2017 20:05:32 +0200
Subject: [PATCH 13/16] ma source: add patch for mitmproxy

---
 makefu/source.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/makefu/source.nix b/makefu/source.nix
index 204ca9943..013426195 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -11,9 +11,10 @@ let
               then "buildbot"
               else "makefu";
   _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
-  ref = "e8df69d"; # unstable @ 2017-10-07
+  ref = "727a3a3"; # unstable @ 2017-10-07
                    # + revert wvdial (76f4910)
                    # + ruby stuff (2f0b17e4be9,55a952be5b5)
+                   # + mitmproxy fix (360a5efd,ef52c95b)
 
 in
   evalSource (toString _file) [

From e230eaa0a22d1f23e3f53a62d113d2889be32598 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Oct 2017 22:20:46 +0200
Subject: [PATCH 14/16] makefu: add makefu-android identity

---
 krebs/3modules/makefu/default.nix     | 4 ++++
 makefu/2configs/git/cgit-retiolum.nix | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index d80935683..0e6e5e7e1 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -1031,6 +1031,10 @@ with import <stockholm/lib>;
       inherit (makefu) mail pgp;
       pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum";
     };
+    makefu-android = {
+      inherit (makefu) mail pgp;
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x";
+    };
     makefu-bob = {
       inherit (makefu) mail pgp;
       pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index ed890fe40..da246f66a 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -68,7 +68,7 @@ let
 
   # TODO: get the list of all krebsministers
   krebsminister = with config.krebs.users; [ lass tv ];
-  all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob makefu-tempx ];
+  all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob makefu-tempx makefu-android ];
   all-exco = with config.krebs.users; [ exco ];
 
   priv-rules = repo: set-owners repo all-makefu;

From f7f1d7a4462a801f23c3483fb1c3d2a4130a5240 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Oct 2017 22:21:16 +0200
Subject: [PATCH 15/16] ma cake.r: add firmware for wifi

---
 makefu/1systems/cake/config.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix
index 35eac3ab4..e8438e50d 100644
--- a/makefu/1systems/cake/config.nix
+++ b/makefu/1systems/cake/config.nix
@@ -22,6 +22,20 @@
   boot.tmpOnTmpfs = lib.mkForce false;
 
   hardware.enableRedistributableFirmware = true;
+  hardware.firmware = [
+    (pkgs.stdenv.mkDerivation {
+     name = "broadcom-rpi3-rest";
+     src = pkgs.fetchurl {
+     url = "https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/54bab3d/brcm80211/brcm/brcmfmac43430-sdio.txt";
+     sha256 = "19bmdd7w0xzybfassn7x4rb30l70vynnw3c80nlapna2k57xwbw7";
+     };
+     phases = [ "installPhase" ];
+     installPhase = ''
+     mkdir -p $out/lib/firmware/brcm
+     cp $src $out/lib/firmware/brcm/brcmfmac43430-sdio.txt
+     '';
+     })
+  ];
   networking.wireless.enable = true;
 
 # File systems configuration for using the installer's partition layout

From 903a1182b5c27cf0c07d267f136a0f2e5be3d89b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Oct 2017 23:14:14 +0200
Subject: [PATCH 16/16] gum.r: disable privkey setting via krebs

manually configure the secrets instead
---
 krebs/3modules/makefu/default.nix           | 3 ++-
 makefu/1systems/gum/config.nix              | 4 +++-
 makefu/6tests/data/secrets/ssh_host_rsa_key | 0
 3 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 makefu/6tests/data/secrets/ssh_host_rsa_key

diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 0e6e5e7e1..401cba97a 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -580,7 +580,8 @@ with import <stockholm/lib>;
           '';
         };
       };
-      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+      # configured manually
+      # ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
     };
     shoney = rec {
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index e1357ff01..e769b1e22 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -81,7 +81,9 @@ in {
   ];
   makefu.dl-dir = "/var/download";
 
-
+  services.openssh.hostKeys = [
+    { bits = 4096; path = <secrets/ssh_host_rsa_key>; type = "rsa"; }
+    { path = <secrets/ssh_host_ed25519_key>; type = "ed25519"; } ];
   ###### stable
   services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
   krebs.build.host = config.krebs.hosts.gum;
diff --git a/makefu/6tests/data/secrets/ssh_host_rsa_key b/makefu/6tests/data/secrets/ssh_host_rsa_key
new file mode 100644
index 000000000..e69de29bb