Merge remote-tracking branch 'origin/master'

.gitmodules

@@ -1,3 +1,6 @@
 [submodule "submodules/nix-writers"]
 	path = submodules/nix-writers
 	url = http://cgit.krebsco.de/nix-writers
+[submodule "submodules/krops"]
+	path = submodules/krops
+	url = https://cgit.krebsco.de/krops

ci.nix

@@ -16,6 +16,6 @@ let
   ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
 
   build = host: owner:
-  ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";});
+  ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build/${host}";});
 
 in mapAttrs (n: h: build n h.owner.name) ci-systems

jeschli/1systems/brauerei/config.nix

@@ -130,10 +130,12 @@
     # Don't install feh into systemPackages
     # refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
     desktopManager.session = lib.mkForce [];
+    displayManager.lightdm.enable = lib.mkForce false;
+    displayManager.job.execCmd = lib.mkForce "derp";
 
     enable = true;
-    display = 11;
-    tty = 11;
+    display = lib.mkForce 11;
+    tty = lib.mkForce 11;
 
     dpi = 144;
 

jeschli/krops.nix

@@ -29,6 +29,7 @@ in {
 
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
   test = { target }: pkgs.krops.writeTest "${name}-test" {
+    force = true;
     inherit target;
     source = source { test = true; };
   };

krebs/2configs/buildbot-stockholm.nix

@@ -22,6 +22,12 @@
         "http://cgit.ni.r/disko"
         "http://cgit.prism.r/disko"
       ];
+      krops.urls = [
+        "http://cgit.hotdog.r/krops"
+        "http://cgit.ni.r/krops"
+        "http://cgit.prism.r/krops"
+        "https://git.ingolf-wagner.de/krebs/krops.git"
+      ];
       nix_writers.urls = [
         "http://cgit.hotdog.r/nix-writers"
         "http://cgit.ni.r/nix-writers"

krebs/3modules/airdcpp.nix

@@ -1,10 +1,10 @@
 { config, lib, pkgs, ... }:
 with import <stockholm/lib>; #genid
 let
-  cfg = config.makefu.airdcpp;
+  cfg = config.krebs.airdcpp;
 
   out = {
-    options.makefu.airdcpp = api;
+    options.krebs.airdcpp = api;
     config = lib.mkIf cfg.enable imp;
   };
 
@@ -18,7 +18,7 @@ let
 
     user = mkOption {
       description = ''
-        user which will run udpt. if kept default a new user will be created
+        user which will run airdcpp. if kept default a new user will be created
       '';
       type = str;
       default = "airdcpp";
@@ -37,7 +37,54 @@ let
       type = str;
       default = "/var/lib/airdcpp";
     };
+    hubs = mkOption {
+        type = attrsOf (submodule ( { config, ... }: {
+          options = {
+            Nick = mkOption {
+              description = ''
+                Nick Name for hub
+              '';
+              type = str;
+              default = cfg.Nick;
+            };
+            Password = mkOption {
+              description = ''
+                Password to be used
+
+                WARNING: will be stored in plain text in /nix/store
+              '';
+              type = str;
+              default = "";
+              apply = lib.removeSuffix "\n";
+            };
+            Server = mkOption {
+              description = ''
+                URL to the hub (must be provided)
+              '';
+              type = str;
+            };
+            AutoConnect = mkOption {
+              description = ''
+                automatically connect to the hub
+              '';
+              type = bool;
+              default = false;
+            };
+          };
+        }));
+        description = "hubs which should be configured via Favorites.xml,
+        Options are only used if no initial Favorites.xml file is provided and none exists";
+        default = {};
+    };
+    initialFavoritesConfigFile = mkOption {
+      description = ''
+        path inital Favorites.xml configuration if none exists
+      '';
+      type = nullOr path;
+      default = null;
+    };
     dcpp = {
+      # entries in DCPlusPlus.xml
       Nick = mkOption {
         description = ''
           Nick Name for connection
@@ -70,6 +117,11 @@ let
         type = str;
         default = "100";
       };
+      DownloadDirectory = mkOption {
+        description = "Directory, where new files will be saved into";
+        type = str;
+        default = "${cfg.stateDir}/Download";
+      };
       shares = mkOption {
         default = {};
         type = attrsOf (submodule ( { config, ... }: {
@@ -117,6 +169,7 @@ let
             password = mkOption {
               description = "password of user";
               type = str;
+              apply = lib.removeSuffix "\n";
             };
             permissions = mkOption {
               description = "user permissions";
@@ -133,11 +186,6 @@ let
     genUsers = users: concatMapStringsSep "\n" (user: 
       ''<WebUser Username="${user.name}" Password="${user.password}" LastLogin="0" Permissions="${user.permissions}"/>'' )
       (mapAttrsToList (name: val: val // { inherit name; }) users);
-    genShares = shares: concatMapStringsSep "\n" (share:
-      ''<Directory Virtual="stockholm" Incoming="${
-          if share.incoming then "1" else "0"
-        }" LastRefreshTime="0">${share.path}</Directory>'' )
-      (mapAttrsToList (name: val: val // { inherit name; }) shares);
     webConfigFile = if (cfg.web.initialConfigFile == null) then builtins.trace "warning: airdcpp passwords are stored in plain text" pkgs.writeText "initial-config" ''
       <?xml version="1.0" encoding="utf-8" standalone="yes"?>
       <WebServer>
@@ -149,16 +197,34 @@ let
         </WebUsers>
       </WebServer>
       '' else cfg.web.initialConfigFile;
+    genHubs = hubs: concatMapStringsSep "\n" (hub:
+      ''<Hub Name="${hub.name}" Connect="${
+          if hub.AutoConnect then "1" else "0"
+        }" Description="" Password="${hub.Password}" Server="${hub.Server}" ChatUserSplit="0" UserListState="1" HubFrameOrder="" HubFrameWidths="" HubFrameVisible="" Group="" Bottom="0" Top="0" Right="0" Left="0" Nick="${hub.Nick}"/>'' )
+      (mapAttrsToList (name: val: val // { inherit name; }) hubs);
+    favoritesConfigFile = if (cfg.initialFavoritesConfigFile == null) then
+    builtins.trace "warning: airdcpp hub passwords are stored in plain text" pkgs.writeText "initial-config" ''
+        <?xml version="1.0" encoding="utf-8" standalone="yes"?>
+        <Favorites>
+          <Hubs>
+            ${genHubs cfg.hubs}
+          </Hubs>
+        </Favorites>
+      '' else cfg.initialFavoritesConfigFile;
+    genShares = shares: concatMapStringsSep "\n" (share:
+      ''<Directory Virtual="${share.name}" Incoming="${
+          if share.incoming then "1" else "0"
+        }" LastRefreshTime="0">${share.path}</Directory>'' )
+      (mapAttrsToList (name: val: val // { inherit name; }) shares);
     dcppConfigFile = if (cfg.dcpp.initialConfigFile == null) then pkgs.writeText "initial-config" ''
     <?xml version="1.0" encoding="utf-8" standalone="yes"?>
     <DCPlusPlus>
       <Settings>
         <Nick type="string">${cfg.dcpp.Nick}</Nick>
-        <ConfigVersion type="string">${cfg.package.version}</ConfigVersion>
         <InPort type="int">${toString cfg.dcpp.InPort}</InPort>
         <UDPPort type="int">${toString cfg.dcpp.UDPPort}</UDPPort>
         <TLSPort type="int">${toString cfg.dcpp.TLSPort}</TLSPort>
-        <ConfigBuildNumber type="int">0</ConfigBuildNumber>
+         <DownloadDirectory type="string">${cfg.dcpp.DownloadDirectory}</DownloadDirectory>
         <AutoDetectIncomingConnection type="int">0</AutoDetectIncomingConnection>
         <NoIpOverride type="int">1</NoIpOverride>
         <WizardRunNew type="int">0</WizardRunNew>
@@ -187,6 +253,8 @@ let
           test -e $d || install -m700 -o${cfg.user} ${webConfigFile} $d
           d=${cfg.stateDir}/DCPlusPlus.xml
           test -e $d || install -m700 -o${cfg.user} ${dcppConfigFile} $d
+          d=${cfg.stateDir}/Favorites.xml
+          test -e $d || install -m700 -o${cfg.user} ${favoritesConfigFile} $d
         '';
         PermissionsStartOnly = true;
         ExecStart = "${cfg.package}/bin/airdcppd -c=${cfg.stateDir} -p=${cfg.stateDir}/airdcpp.pid";

krebs/3modules/default.nix

@@ -6,6 +6,7 @@ let
 
   out = {
     imports = [
+      ./airdcpp.nix
       ./announce-activation.nix
       ./apt-cacher-ng.nix
       ./backup.nix

krebs/3modules/git.nix

@@ -121,6 +121,10 @@ let
     cgit-settings = types.submodule {
       # A setting's value of `null` means cgit's default should be used.
       options = {
+        about-filter = mkOption {
+          type = types.nullOr types.package;
+          default = null;
+        };
         cache-root = mkOption {
           type = types.absolute-pathname;
           default = "/tmp/cgit";
@@ -166,6 +170,10 @@ let
             types.nullOr (types.enum ["week" "month" "quarter" "year"]);
           default = "year";
         };
+        readme = mkOption {
+          type = types.listOf types.str;
+          default = [];
+        };
         robots = mkOption {
           type = types.nullOr (types.listOf types.str);
           default = ["nofollow" "noindex"];
@@ -394,8 +402,14 @@ let
       kv-to-cgitrc = k: v: getAttr (typeOf v) {
         bool = kv-to-cgitrc k (if v then 1 else 0);
         null = []; # This will be removed by `flatten`.
-        list = "${k}=${concatStringsSep ", " v}";
+        list = {
+          readme = map (x: "readme=${x}") v;
+        }.${k} or "${k}=${concatStringsSep ", " v}";
         int = "${k}=${toString v}";
+        set =
+          if subtypes.cgit-settings.check v
+            then "${k}=${v}"
+            else error "kv-to-cgitrc: unhandled type: set";
         string = "${k}=${v}";
       };
     in

krebs/3modules/lass/default.nix

@@ -494,6 +494,44 @@ with import <stockholm/lib>;
         };
       };
     };
+    eve = {
+      monitoring = false;
+      ci = false;
+      external = true;
+      nets = rec {
+        internet = {
+          # eve.thalheim.io
+          ip4.addr = "188.68.39.17";
+          ip6.addr = "2a03:4000:13:31e::1";
+          aliases = [ "eve.i" ];
+        };
+        retiolum = rec {
+          via = internet;
+          addrs = [
+            ip4.addr
+            ip6.addr
+          ];
+          ip4.addr = "10.243.29.174";
+          ip6.addr = "42:4992:6a6d:a00::1";
+          aliases = [ "eve.r" ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH
+            XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82
+            08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk
+            6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI
+            +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3
+            dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW
+            pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP
+            c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi
+            YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI
+            61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13
+            Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ==
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+    };
     xerxes = {
       cores = 2;
       nets = rec {

krebs/3modules/makefu/default.nix

@@ -4,7 +4,9 @@ with import <stockholm/lib>;
 ## generate keys with:
 # tinc generate-keys
 # ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
-{
+let
+  pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
+in {
   hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
     cake = rec {
       cores = 4;
@@ -590,6 +592,8 @@ with import <stockholm/lib>;
             "cache.gum.r"
             "logs.makefu.r"
             "stats.makefu.r"
+            "backup.makefu.r"
+            "dcpp.nextgum.r"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -654,6 +658,7 @@ with import <stockholm/lib>;
             "wiki.gum.r"
             "blog.makefu.r"
             "blog.gum.r"
+            "dcpp.gum.r"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -1099,48 +1104,48 @@ with import <stockholm/lib>;
   users = rec {
     makefu = {
       mail = "makefu@x.r";
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x";
+      pubkey = pub-for "makefu.x";
       pgp.pubkeys.default = builtins.readFile ./pgp/default.asc;
       pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc;
     };
     makefu-omo = {
       inherit (makefu) mail pgp;
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch";
+      pubkey = pub-for "makefu.omo";
     };
     makefu-tsp = {
       inherit (makefu) mail pgp;
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp";
+      pubkey = pub-for "makefu.tsp";
     };
     makefu-vbob = {
       inherit (makefu) mail pgp;
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob";
+      pubkey = pub-for "makefu.vbob";
     };
     makefu-tempx = {
       inherit (makefu) mail pgp;
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum";
+      pubkey = pub-for "makefu.tempx";
     };
     makefu-android = {
       inherit (makefu) mail pgp;
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x";
+      pubkey = pub-for "makefu.android";
     };
     makefu-remote-builder = {
       inherit (makefu) mail pgp;
-      pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild";
+      pubkey = pub-for "makefu.remote-builder";
     };
     makefu-bob = {
       inherit (makefu) mail pgp;
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";
+      pubkey = pub-for "makefu.bob";
     };
     ciko = {
       mail = "wieczorek.stefan@googlemail.com";
     };
     ulrich = {
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de";
+      pubkey = pub-for "ulrich";
       mail = "shackspace.de@myvdr.de";
     };
     exco = {
       mail = "dickbutt@excogitation.de";
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de";
+      pubkey = pub-for "exco";
     };
   };
 }

krebs/3modules/makefu/ssh/exco.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de

krebs/3modules/makefu/ssh/makefu.android.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x

krebs/3modules/makefu/ssh/makefu.bob.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD

krebs/3modules/makefu/ssh/makefu.omo.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch

krebs/3modules/makefu/ssh/makefu.remote-builder.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild

krebs/3modules/makefu/ssh/makefu.tempx.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum

krebs/3modules/makefu/ssh/makefu.tsp.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp

krebs/3modules/makefu/ssh/makefu.vbob.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob

krebs/3modules/makefu/ssh/makefu.x.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x

krebs/3modules/makefu/ssh/ulrich.pub

@@ -0,0 +1 @@
+AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de

krebs/5pkgs/haskell/blessings.nix

@@ -1,11 +1,24 @@
-{ mkDerivation, base, fetchgit, stdenv }:
-mkDerivation rec {
+with import <stockholm/lib>;
+{ mkDerivation, base, fetchgit, stdenv }: let
+
+  cfg = {
+    "18.03" = {
+      version = "1.1.0";
+      sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
+    };
+    "18.09" = {
+      version = "1.2.0";
+      sha256 = "03hz43ixww0h4fwxqrlrlvmj3pxswhb50ijaapwjz8457il2r300";
+    };
+  }.${versions.majorMinor nixpkgsVersion};
+
+in mkDerivation {
   pname = "blessings";
-  version = "1.1.0";
+  version = cfg.version;
   src = fetchgit {
     url = http://cgit.ni.krebsco.de/blessings;
-    rev = "refs/tags/v${version}";
-    sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
+    rev = "refs/tags/v${cfg.version}";
+    sha256 = cfg.sha256;
   };
   libraryHaskellDepends = [ base ];
   doHaddock = false;

krebs/5pkgs/haskell/email-header.nix

@@ -1,14 +1,29 @@
+with import <stockholm/lib>;
 { mkDerivation, attoparsec, base, base64-bytestring, bytestring
 , case-insensitive, containers, exceptions, fetchgit, QuickCheck
 , stdenv, tasty, tasty-quickcheck, text, text-icu, time
-}:
-mkDerivation {
+}: let
+
+  cfg = {
+    "18.03" = {
+      version = "0.3.0";
+      rev = "7b179bd31192ead8afe7a0b6e34bcad4039deaa8";
+      sha256 = "12j2n3sbvzjnw99gga7kkdygm8n3qx2lh8q26ad6a53xm5whnz59";
+    };
+    "18.09" = {
+      version = "0.4.1-tv1";
+      rev = "refs/tags/v${cfg.version}";
+      sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
+    };
+  }.${versions.majorMinor nixpkgsVersion};
+
+in mkDerivation {
   pname = "email-header";
-  version = "0.3.0";
+  version = cfg.version;
   src = fetchgit {
     url = "https://github.com/4z3/email-header";
-    rev = "7b179bd31192ead8afe7a0b6e34bcad4039deaa8";
-    sha256 = "12j2n3sbvzjnw99gga7kkdygm8n3qx2lh8q26ad6a53xm5whnz59";
+    rev = cfg.rev;
+    sha256 = cfg.sha256;
   };
   buildDepends = [
     attoparsec base base64-bytestring bytestring case-insensitive

krebs/5pkgs/haskell/hyphenation.nix

@@ -1,17 +0,0 @@
-# Same as upstream but with doCheck = false because doctest has wrong version.
-{ mkDerivation, base, bytestring, containers, directory
-, filepath, unordered-containers, zlib, stdenv
-}:
-mkDerivation {
-  pname = "hyphenation";
-  version = "0.6";
-  sha256 = "2f673666c18f63581422f7c6389b78b0ff754406671296a3d680d417942512f7";
-  libraryHaskellDepends = [
-    base bytestring containers unordered-containers zlib
-  ];
-  homepage = "http://github.com/ekmett/hyphenation";
-  description = "Configurable Knuth-Liang hyphenation";
-  license = stdenv.lib.licenses.bsd3;
-  hydraPlatforms = stdenv.lib.platforms.none;
-  doCheck = false;
-}

krebs/5pkgs/simple/Reaktor/default.nix

@@ -2,7 +2,7 @@
 
 python3Packages.buildPythonPackage rec {
   name = "Reaktor-${version}";
-  version = "0.6.0";
+  version = "0.6.2";
 
   doCheck = false;
 
@@ -14,7 +14,7 @@ python3Packages.buildPythonPackage rec {
     owner = "krebs";
     repo = "Reaktor";
     rev = version;
-    sha256 = "0nsnv1rixmlg5wkb74b4f5bycb42b9rp4b14hijh558hbsa1b9am";
+    sha256 = "0h8pj0x9b5fnxddwrc0f63rxd3275v5phmjc0fv4kiwlzvbcxj6m";
   };
   meta = {
     homepage = http://krebsco.de/;

krebs/5pkgs/simple/airdcpp-webclient/default.nix

@@ -1,4 +1,4 @@
-{ stdenv, fetchurl
+{ stdenv, fetchurl, makeWrapper, which
 }:
 stdenv.mkDerivation rec {
   name = "airdcpp-webclient-${version}";
@@ -13,8 +13,9 @@ stdenv.mkDerivation rec {
   installPhase = ''
     mkdir -p $out/{share,bin}
     cp -r *  $out/share
-    ln -s $out/share/airdcppd $out/bin/
+    makeWrapper $out/share/airdcppd $out/bin/airdcppd --prefix PATH ${which}/bin
   '';
+  nativeBuildInputs = [ makeWrapper ];
 
   meta = with stdenv.lib; {
     # to start it: airdcpp -p=<pid-file> -c=<config-store-path (must be writeable)> --configure

krebs/5pkgs/simple/buildbot-classic/default.nix

@@ -17,7 +17,7 @@ python2Packages.buildPythonApplication rec {
   propagatedBuildInputs = [
     python2Packages.jinja2
     python2Packages.twisted
-    python2Packages.dateutil_1_5
+    python2Packages.dateutil
     python2Packages.sqlalchemy_migrate
     python2Packages.pysqlite
     pkgs.coreutils

krebs/5pkgs/simple/repo-sync/default.nix

@@ -3,7 +3,6 @@
 with python3Packages; buildPythonPackage rec {
   name = "repo-sync-${version}";
   version = "0.2.7";
-  disabled = isPy26 || isPy27;
   propagatedBuildInputs = [
     docopt
     GitPython

krebs/krops.nix

@@ -1,9 +1,6 @@
 { name }: rec {
 
-  krops = builtins.fetchGit {
-    url = https://cgit.krebsco.de/krops/;
-    rev = "c46166d407c7d246112f13346621a3fbdb25889e";
-  };
+  krops = ../submodules/krops;
 
   lib = import "${krops}/lib";
 
@@ -57,6 +54,7 @@
 
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
   test = { target }: pkgs.krops.writeTest "${name}-test" {
+    force = true;
     inherit target;
     source = source { test = true; };
   };

krebs/nixpkgs.json

@@ -1,7 +1,7 @@
 {
   "url": "https://github.com/NixOS/nixpkgs-channels",
-  "rev": "d16a7abceb72aac85e0deb8c45fbcb7127baf628",
-  "date": "2018-09-20T18:31:51-05:00",
-  "sha256": "0byf6rlwwy70v2sdfmv7mnwd0kvxmlq0pi8ijghg0mcfhcqibgh7",
-  "fetchSubmodules": true
+  "rev": "81f5c2698a87c65b4970c69d472960c574ea0db4",
+  "date": "2018-10-17T20:48:45-04:00",
+  "sha256": "0p4x9532d3qlbykyyq8zk62k8py9mxd1s7zgbv54zmv597rs5y35",
+  "fetchSubmodules": false
 }

krebs/update-channel.sh

@@ -3,7 +3,7 @@ dir=$(dirname $0)
 oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
 nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
   --url https://github.com/NixOS/nixpkgs-channels \
-  --rev refs/heads/nixos-18.03' \
+  --rev refs/heads/nixos-18.09' \
 > $dir/nixpkgs.json
 newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
 git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"

lass/1systems/mors/config.nix

@@ -77,6 +77,7 @@ with import <stockholm/lib>;
       environment.systemPackages = [
         pkgs.ovh-zone
         pkgs.bank
+        pkgs.adb-sync
       ];
     }
     {
@@ -143,7 +144,6 @@ with import <stockholm/lib>;
     OnCalendar = "00:37";
   };
 
-  nix.package = pkgs.nixUnstable;
   programs.adb.enable = true;
   users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
   virtualisation.docker.enable = true;

lass/1systems/prism/config.nix

@@ -291,16 +291,6 @@ with import <stockholm/lib>;
       ];
     }
     {
-      services.nginx = {
-        enable = true;
-        virtualHosts."radio.lassul.us" = {
-          forceSSL = true;
-          enableACME = true;
-          locations."/".extraConfig = ''
-            proxy_pass http://localhost:8000;
-          '';
-        };
-      };
     }
     {
       lass.nichtparasoup.enable = true;

lass/1systems/prism/physical.nix

@@ -3,27 +3,39 @@
   imports = [
     ./config.nix
     {
-      networking.interfaces.et0.ipv4.addresses = [
-        {
-          address = config.krebs.build.host.nets.internet.ip4.addr;
+      boot.kernelParams = [ "net.ifnames=0" ];
+      networking = {
+        defaultGateway = "46.4.114.225";
+        # Use google's public DNS server
+        nameservers = [ "8.8.8.8" ];
+        interfaces.eth0 = {
+          ipAddress = "46.4.114.247";
           prefixLength = 27;
-        }
-        {
-          address = "46.4.114.243";
-          prefixLength = 27;
-        }
-      ];
-      networking.defaultGateway = "46.4.114.225";
-      networking.nameservers = [
-        "8.8.8.8"
-      ];
-      services.udev.extraRules = ''
-        SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
-      '';
+        };
+      };
+      # TODO use this network config
+      #networking.interfaces.et0.ipv4.addresses = [
+      #  {
+      #    address = config.krebs.build.host.nets.internet.ip4.addr;
+      #    prefixLength = 27;
+      #  }
+      #  {
+      #    address = "46.4.114.243";
+      #    prefixLength = 27;
+      #  }
+      #];
+      #networking.defaultGateway = "46.4.114.225";
+      #networking.nameservers = [
+      #  "8.8.8.8"
+      #];
+      #services.udev.extraRules = ''
+      #  SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
+      #'';
     }
     {
       imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
 
+      networking.hostId = "fb4173ea";
       boot.loader.grub = {
         devices = [
           "/dev/sda"
@@ -40,45 +52,25 @@
 
       boot.kernelModules = [ "kvm-intel" ];
 
-      fileSystems."/" = {
-        device = "/dev/pool/nix_root";
-        fsType = "ext4";
-      };
-
-      fileSystems."/tmp" = {
-        device = "tmpfs";
-        fsType = "tmpfs";
-        options = ["nosuid" "nodev" "noatime"];
-      };
-
-      fileSystems."/var/download" = {
-        device = "/dev/pool/download";
-        fsType = "ext4";
-      };
-
-      fileSystems."/srv/http" = {
-        device = "/dev/pool/http";
-        fsType = "ext4";
-      };
-
-      fileSystems."/home" = {
-        device = "/dev/pool/home";
-        fsType = "ext4";
-      };
-
-      fileSystems."/bku" = {
-        device = "/dev/pool/bku";
-        fsType = "ext4";
-      };
-
-      swapDevices = [
-        { label = "swap1"; }
-        { label = "swap2"; }
-      ];
-
       sound.enable = false;
       nixpkgs.config.allowUnfree = true;
       time.timeZone = "Europe/Berlin";
+
+      fileSystems."/" = {
+        device = "rpool/root/nixos";
+        fsType = "zfs";
+      };
+
+      fileSystems."/home" = {
+        device = "rpool/home";
+        fsType = "zfs";
+      };
+
+      fileSystems."/boot" = {
+        device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d";
+        fsType = "ext4";
+      };
+
     }
   ];
 

lass/2configs/baseX.nix

@@ -71,7 +71,6 @@ in {
     lm_sensors
     ncdu
     nix-index
-    nix-repl
     nmap
     pavucontrol
     powertop

lass/2configs/exim-smarthost.nix

@@ -89,6 +89,7 @@ with import <stockholm/lib>;
       { from = "cis@lassul.us"; to = lass.mail; }
       { from = "afra@lassul.us"; to = lass.mail; }
       { from = "ksp@lassul.us"; to = lass.mail; }
+      { from = "ccc@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }

lass/2configs/games.nix

@@ -57,7 +57,6 @@ let
 
 in {
   environment.systemPackages = with pkgs; [
-    (dwarf-fortress.override { theme = dwarf-fortress-packages.phoebus-theme; })
     doom1
     doom2
     vdoom1

lass/2configs/git.nix

@@ -50,18 +50,38 @@ let
       cgit.desc = "take a description of your disk layout and produce a format script";
       cgit.section = "software";
     };
+    go = {
+      cgit.desc = "url shortener";
+      cgit.section = "software";
+    };
     krebspage = {
       cgit.desc = "homepage of krebs";
       cgit.section = "configuration";
     };
+    krops = {
+      cgit.desc = "krebs deployment";
+      cgit.section = "software";
+    };
     news = {
       cgit.desc = "take a rss feed and a timeout and print it to stdout";
       cgit.section = "software";
     };
+    newsbot-js = {
+      cgit.desc = "print rss feeds to irc channels";
+      cgit.section = "software";
+    };
+    nix-user-chroot = {
+      cgit.desc = "Fork of nix-user-chroot by lethalman";
+      cgit.section = "software";
+    };
     nix-writers = {
       cgit.desc = "high level writers for nix";
       cgit.section = "software";
     };
+    nixos-generators = {
+      cgit.desc = "custom image builders";
+      cgit.section = "software";
+    };
     nixpkgs = {
       cgit.desc = "nixpkgs fork";
       cgit.section = "configuration";
@@ -81,14 +101,6 @@ let
       cgit.desc = "Good Music collection + tools";
       cgit.section  = "art";
     };
-    nix-user-chroot = {
-      cgit.desc = "Fork of nix-user-chroot by lethalman";
-      cgit.section = "software";
-    };
-    krops = {
-      cgit.desc = "krebs deployment";
-      cgit.section = "software";
-    };
     xmonad-stockholm = {
       cgit.desc = "krebs xmonad modules";
       cgit.section = "configuration";

lass/2configs/mail.nix

@@ -210,6 +210,7 @@ in {
   environment.systemPackages = [
     msmtp
     mutt
+    pkgs.notmuch
     pkgs.much
     tag-new-mails
     tag-old-mails

lass/2configs/radio.nix

@@ -36,8 +36,9 @@ in {
       home = "/home/${name}";
       useDefaultShell = true;
       createHome = true;
-      openssh.authorizedKeys.keys = [
-        config.krebs.users.lass.pubkey
+      openssh.authorizedKeys.keys = with config.krebs.users; [
+        lass.pubkey
+        lass-mors.pubkey
       ];
     };
   };

lass/2configs/reaktor-coders.nix

@@ -63,24 +63,6 @@ with import <stockholm/lib>;
             -e "@kind $1"
         '';
       })
-      (buildSimpleReaktorPlugin "random-unicorn-porn" {
-        pattern = "^!rup$$";
-        script = pkgs.writePython2 "rup" {} ''
-          t1 = """
-                              _.
-                           ;=',_ ()
-                 8===D~~  S" .--`||
-                         sS  \__ ||
-                      __.' ( \-->||
-                   _=/    _./-\/ ||
-          8===D~~ ((\( /-'   -'l ||
-                   ) |/ \\      (_))
-                      \\  \\
-                       '~ '~
-          """
-          print(t1)
-        '';
-      })
       (buildSimpleReaktorPlugin "ping" {
         pattern = "^!ping (?P<args>.*)$$";
         script = pkgs.writeDash "ping" ''

lass/2configs/urxvt.nix

@@ -5,7 +5,7 @@ with import <stockholm/lib>;
   services.urxvtd.enable = true;
 
   krebs.xresources.resources.urxvt = ''
-    URxvt*SaveLines: 1000000
+    URxvt.saveLines:            100000
     URxvt*scrollBar:            false
     URxvt*urgentOnBell:         true
     URxvt.perl-ext-common:      default,clipboard,url-select,keyboard-select

lass/2configs/vim.nix

@@ -2,20 +2,13 @@
 
 with import <stockholm/lib>;
 let
-  unstable_nixpkgs = import (pkgs.fetchFromGitHub {
-    owner = "NixOS";
-    repo = "nixpkgs";
-    rev = "a8c71037e041725d40fbf2f3047347b6833b1703";
-    sha256 = "1z4cchcw7qgjhy0x6mnz7iqvpswc2nfjpdynxc54zpm66khfrjqw";
-  }) {};
   out = {
     environment.systemPackages = [
       (hiPrio vim)
-      pkgs.python35Packages.flake8
       (pkgs.writeDashBin "govet" ''
         go vet "$@"
       '')
-      (hiPrio (unstable_nixpkgs.python3.withPackages (ps: [
+      (hiPrio (pkgs.python3.withPackages (ps: [
         ps.python-language-server
         ps.pyls-isort
       ])))
@@ -70,6 +63,8 @@ let
     au Syntax * syn match Garbage containedin=ALL /\s\+$/
             \ | syn match TabStop containedin=ALL /\t\+/
             \ | syn keyword Todo containedin=ALL TODO
+            \ | syn match NBSP '\%xa0'
+            \ | syn match NarrowNBSP '\%u202F'
 
     au BufRead,BufNewFile *.hs so ${hs.vim}
 
@@ -135,7 +130,7 @@ let
     pkgs.vimPlugins.undotree
     pkgs.vimPlugins.vim-go
     pkgs.vimPlugins.fzf-vim
-    unstable_nixpkgs.vimPlugins.LanguageClient-neovim
+    pkgs.vimPlugins.LanguageClient-neovim
     (pkgs.vimUtils.buildVimPlugin {
       name = "file-line-1.0";
       src = pkgs.fetchFromGitHub {
@@ -172,6 +167,8 @@ let
 
         hi Garbage      ctermbg=088
         hi TabStop      ctermbg=016
+        hi NBSP         ctermbg=094
+        hi NarrowNBSP   ctermbg=097
         hi Todo         ctermfg=174 ctermbg=NONE
 
         hi NixCode      ctermfg=148

lass/2configs/websites/domsen.nix

@@ -66,6 +66,12 @@ in {
     ])
   ];
 
+  services.mysql.ensureDatabases = [ "ubikmedia_de" "o_ubikmedia_de" ];
+  services.mysql.ensureUsers = [
+    { ensurePermissions = { "ubikmedia_de.*" = "ALL"; }; name = "nginx"; }
+    { ensurePermissions = { "o_ubikmedia_de.*" = "ALL"; }; name = "nginx"; }
+  ];
+
   services.nginx.virtualHosts."ubikmedia.de".locations."/piwika".extraConfig = ''
     try_files $uri $uri/ /index.php?$args;
   '';

lass/2configs/websites/lassulus.nix

@@ -145,8 +145,9 @@ in {
     home = "/srv/http/lassul.us";
     useDefaultShell = true;
     createHome = true;
-    openssh.authorizedKeys.keys = [
-      config.krebs.users.lass.pubkey
+    openssh.authorizedKeys.keys = with config.krebs.users; [
+      lass.pubkey
+      lass-mors.pubkey
     ];
   };
 }

lass/3modules/xjail.nix

@@ -120,10 +120,13 @@ with import <stockholm/lib>;
           ${pkgs.coreutils}/bin/kill $WM_PID
           ${pkgs.coreutils}/bin/kill $XEPHYR_PID
         '';
+        # TODO fix xephyr which doesn't honor resizes anymore
         sudo_ = pkgs.writeDash "${cfg.name}-sudo" (if cfg.vglrun then ''
           /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@"
         '' else ''
-          /var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@"
+          #/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@"
+          /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@"
+
         '');
         vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" ''
           DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@"
@@ -163,7 +166,7 @@ with import <stockholm/lib>;
 
     lass.xjail-bins = mapAttrs' (name: cfg:
       nameValuePair name (pkgs.writeScriptBin cfg.name ''
-        ${scripts.${name}.existing} "$@"
+        ${scripts.${name}.sudo} "$@"
       '')
     ) config.lass.xjail;
   };

lass/5pkgs/custom/xmonad-lass/default.nix

@@ -31,6 +31,7 @@ import XMonad.Actions.CycleWS (toggleWS)
 import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
 import XMonad.Actions.DynamicWorkspaces (withWorkspace)
 import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
+import XMonad.Actions.Minimize (minimizeWindow, maximizeWindow, withLastMinimized)
 import XMonad.Hooks.EwmhDesktops (ewmh)
 import XMonad.Hooks.FloatNext (floatNext)
 import XMonad.Hooks.FloatNext (floatNextHook)
@@ -39,7 +40,7 @@ import XMonad.Hooks.Place (placeHook, smart)
 import XMonad.Hooks.UrgencyHook (focusUrgent)
 import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
 import XMonad.Layout.FixedColumn (FixedColumn(..))
-import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin))
+import XMonad.Layout.Minimize (minimize)
 import XMonad.Layout.NoBorders (smartBorders)
 import XMonad.Layout.SimplestFloat (simplestFloat)
 import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig)
@@ -135,7 +136,7 @@ myKeyMap =
     , ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
 
     , ("M4-m", withFocused minimizeWindow)
-    , ("M4-S-m", sendMessage RestoreNextMinimizedWin)
+    , ("M4-S-m", withLastMinimized maximizeWindow)
 
     , ("M4-q", windowPromptGoto infixAutoXPConfig)
     , ("M4-C-q", windowPromptBringCopy infixAutoXPConfig)

lass/krops.nix

@@ -22,13 +22,14 @@
 
 in {
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
-  deploy = pkgs.krops.writeDeploy "${name}-deploy" {
+  deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
     source = source { test = false; };
-    target = "root@${name}/var/src";
+    inherit target;
   };
 
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
   test = { target }: pkgs.krops.writeTest "${name}-test" {
+    force = true;
     inherit target;
     source = source { test = true; };
   };

makefu/1systems/nextgum/config.nix

@@ -25,11 +25,12 @@ in {
 
       <stockholm/makefu/2configs/git/cgit-retiolum.nix>
       <stockholm/makefu/2configs/backup.nix>
-      <stockholm/makefu/2configs/exim-retiolum.nix>
+      # <stockholm/makefu/2configs/exim-retiolum.nix>
       <stockholm/makefu/2configs/tinc/retiolum.nix>
 
       # services
       <stockholm/makefu/2configs/sabnzbd.nix>
+      <stockholm/makefu/2configs/mail/mail.euer.nix>
 
       # sharing
       <stockholm/makefu/2configs/share/gum.nix>
@@ -73,6 +74,7 @@ in {
       #<stockholm/makefu/2configs/nginx/update.connector.one.nix>
       #<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
       <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
+      <stockholm/makefu/2configs/nginx/iso.euer.nix>
       <stockholm/makefu/2configs/deployment/events-publisher>
 
       #<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
@@ -94,6 +96,7 @@ in {
 
 
       <stockholm/makefu/2configs/stats/client.nix>
+      <stockholm/makefu/2configs/dcpp/airdcpp.nix>
       # <stockholm/makefu/2configs/logging/client.nix>
 
       ## Temporary:

makefu/1systems/nextgum/hardware-config.nix

@@ -41,11 +41,12 @@ in {
   boot.loader.grub.enable = true;
   boot.loader.grub.version = 2;
   boot.loader.grub.devices = [ main-disk ];
+  boot.initrd.kernelModules = [  "dm-raid" ];
   boot.initrd.availableKernelModules = [
     "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
     "xhci_pci" "ehci_pci" "ahci" "sd_mod"
   ];
-  boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ];
+  boot.kernelModules = [ "kvm-intel"  ];
   hardware.enableRedistributableFirmware = true;
   fileSystems."/" = {
     device = "/dev/mapper/nixos-root";
@@ -59,6 +60,10 @@ in {
     device = "/dev/mapper/nixos-download";
     fsType = "ext4";
   };
+  fileSystems."/var/lib/borgbackup" = {
+    device = "/dev/mapper/nixos-backup";
+    fsType = "ext4";
+  };
   fileSystems."/boot" = {
     device = "/dev/sda2";
     fsType = "vfat";
@@ -79,8 +84,12 @@ in {
   #vgcreate nixos /dev/sda3 /dev/sdb1
   #lvcreate -L 120G -m 1 -n root nixos
   #lvcreate -L 50G -m 1 -n lib nixos
-  #lvcreate -L 50G -n download nixos
+  #lvcreate -L 100G -n download nixos
+  #lvcreate -L 100G -n backup nixos
   #mkfs.ext4 /dev/mapper/nixos-root
+  #mkfs.ext4 /dev/mapper/nixos-lib
+  #mkfs.ext4 /dev/mapper/nixos-download
+  #mkfs.ext4 /dev/mapper/nixos-borgbackup
   #mount /dev/mapper/nixos-root /mnt
   #mkdir /mnt/boot
   #mount /dev/sda2 /mnt/boot

makefu/2configs/dcpp/airdcpp.nix

@@ -0,0 +1,48 @@
+{ config, ... }:
+{
+  krebs.airdcpp = {
+    enable = true;
+    extraGroups = [ "download" ];
+    web.port = 5600;
+    web.users.makefu.password = builtins.readFile <secrets/airdcpp-makefu.pw>; # watch out for newline!
+    hubs."krebshub" =
+    { Nick = "makefu-${config.krebs.build.host.name}";
+      Password = builtins.readFile <secrets/krebshub.pw>;
+      Server = "adcs://hub.nsupdate.info:411";
+      AutoConnect = true;
+    };
+    dcpp = {
+      shares = {
+        # Incoming must be writeable!
+        incoming = { path = config.makefu.dl-dir + "/finished/dcpp"; incoming = true; };
+        audiobooks.path = config.makefu.dl-dir + "/finished/audiobooks";
+      };
+      Nick = "makefu";
+      DownloadSpeed = "1000";
+      UploadSpeed = "1000";
+    };
+  };
+  networking.firewall.allowedTCPPorts =
+  [ config.krebs.airdcpp.dcpp.InPort
+    config.krebs.airdcpp.dcpp.TLSPort
+  ];
+  networking.firewall.allowedUDPPorts = [ config.krebs.airdcpp.dcpp.UDPPort ];
+
+  services.nginx.virtualHosts."dcpp.${config.krebs.build.host.name}.r".locations."/" =
+  { proxyPass = "http://localhost:${toString config.krebs.airdcpp.web.port}/";
+
+    extraConfig = ''
+      proxy_set_header   Host $host;
+      proxy_set_header   X-Real-IP          $remote_addr;
+      proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+      gzip_types      text/plain application/javascript;
+
+      # Proxy websockets
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+
+    '';
+  };
+
+}

makefu/2configs/default.nix

@@ -10,14 +10,27 @@ with import <stockholm/lib>;
     }
     ./editor/vim.nix
     ./binary-cache/nixos.nix
+    ./minimal.nix
   ];
 
+  # users are super important
+  users.users = {
+    root = {
+        openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
+    };
+    makefu = {
+      uid = 9001;
+      group = "users";
+      home = "/home/makefu";
+      createHome = true;
+      useDefaultShell = true;
+      extraGroups = [ "wheel" ];
+        openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
+    };
+  };
+
   boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
 
-  programs.command-not-found.enable = false;
-
-  nix.package = pkgs.nixUnstable;
-
   nixpkgs.config.allowUnfreePredicate =  (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
   krebs = {
     enable = true;
@@ -27,90 +40,23 @@ with import <stockholm/lib>;
     build.user = config.krebs.users.makefu;
   };
 
-  users.extraUsers = {
-    root = {
-        openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
-    };
-    makefu = {
-      uid = 9001;
-      group = "users";
-      home = "/home/makefu";
-      createHome = true;
-      useDefaultShell = true;
-      extraGroups = [
-        "wheel"
-      ];
-        openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
-    };
-  };
 
-  networking.hostName = config.krebs.build.host.name;
-  nix.maxJobs = 2;
-  nix.buildCores = config.krebs.build.host.cores;
 
-  time.timeZone = "Europe/Berlin";
-
-  programs.ssh = {
-    startAgent = false;
-  };
-  services.openssh.enable = true;
-  nix.useSandbox = true;
-
-  users.mutableUsers = false;
 
   boot.tmpOnTmpfs = true;
-
-  networking.firewall.rejectPackets = true;
-  networking.firewall.allowPing = true;
-
   systemd.tmpfiles.rules = [
     "d /tmp 1777 root root - -"
   ];
-  nix.nixPath = [ "/var/src" ];
-  environment.variables = let
-    ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
-  in {
-    NIX_PATH = mkForce "/var/src";
-    EDITOR = mkForce "vim";
-    CURL_CA_BUNDLE = ca-bundle;
-    GIT_SSL_CAINFO = ca-bundle;
-    SSL_CERT_FILE  = ca-bundle;
-  };
 
   environment.systemPackages = with pkgs; [
       jq
       git
-      get
       gnumake
       rxvt_unicode.terminfo
       htop
   ];
 
-  programs.bash = {
-    enableCompletion = true;
-    interactiveShellInit = ''
-      HISTCONTROL='erasedups:ignorespace'
-      HISTSIZE=900001
-      HISTFILESIZE=$HISTSIZE
-
-      PYTHONSTARTUP="~/.pythonrc";
-
-      shopt -s checkhash
-      shopt -s histappend histreedit histverify
-      shopt -s no_empty_cmd_completion
-      '';
-
-    promptInit = ''
-      case $UID in
-         0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;;
-      9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;;
-         *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;;
-      esac
-      if test -n "$SSH_CLIENT"; then
-        PS1='\[\033[35m\]\h'" $PS1"
-      fi
-      '';
-  };
+  programs.bash.enableCompletion = true;
 
   environment.shellAliases = {
     # TODO: see .aliases
@@ -126,12 +72,6 @@ with import <stockholm/lib>;
     tinc = pkgs.tinc_pre;
   };
 
-   networking.timeServers = [
-    "pool.ntp.org"
-    "time.windows.com"
-    "time.apple.com"
-    "time.nist.gov"
-  ];
 
   nix.extraOptions = ''
     auto-optimise-store = true
@@ -145,26 +85,5 @@ with import <stockholm/lib>;
     SystemMaxUse=1G
     RuntimeMaxUse=128M
     '';
-  # Enable IPv6 Privacy Extensions
-  boot.kernel.sysctl = {
-    "net.ipv6.conf.all.use_tempaddr" = 2;
-    "net.ipv6.conf.default.use_tempaddr" = 2;
-  };
 
-  i18n = {
-    consoleKeyMap = "us";
-    defaultLocale = "en_US.UTF-8";
-  };
-  # suppress chrome autit event messages
-  security.audit = {
-      rules = [
-        "-a task,never"
-      ];
-    };
-  system.activationScripts.state =  optionalString (config.state != []) ''
-    cat << EOF
-    This machine is burdened with state:
-    ${concatMapStringsSep "\n" (d: "* ${d}") config.state}
-    EOF
-  '';
 }

makefu/2configs/minimal.nix

@@ -0,0 +1,88 @@
+{ lib, pkgs, config, ... }:
+# minimal subset of sane configuration for stockholm
+{
+  # nobody needs this
+  programs.command-not-found.enable = false;
+
+  # the only true timezone (even after the the removal of DST)
+  time.timeZone = "Europe/Berlin";
+
+  networking.hostName = config.krebs.build.host.name;
+  nix.buildCores = config.krebs.build.host.cores;
+
+  # we use gpg if necessary (or nothing at all)
+  programs.ssh.startAgent = false;
+
+  # all boxes look the same
+  nix.useSandbox = true;
+  # we configure users via nix
+  users.mutableUsers = false;
+
+  # sane firewalling
+  networking.firewall.rejectPackets = true;
+  networking.firewall.allowPing = true;
+
+  # openssh all the way down
+  services.openssh.enable = true;
+
+  # we use stockholm via populate
+  nix.nixPath = [ "/var/src" ];
+
+  environment.variables = let
+    ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+  in {
+    NIX_PATH = lib.mkForce "/var/src";
+    EDITOR = lib.mkForce "vim";
+    CURL_CA_BUNDLE = ca-bundle;
+    GIT_SSL_CAINFO = ca-bundle;
+    SSL_CERT_FILE  = ca-bundle;
+  };
+
+  programs.bash = {
+    interactiveShellInit = ''
+      HISTCONTROL='erasedups:ignorespace'
+      HISTSIZE=900001
+      HISTFILESIZE=$HISTSIZE
+
+      shopt -s checkhash
+      shopt -s histappend histreedit histverify
+      shopt -s no_empty_cmd_completion
+      '';
+
+    promptInit = ''
+      case $UID in
+         0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;;
+      9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;;
+         *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;;
+      esac
+      if test -n "$SSH_CLIENT"; then
+        PS1='\[\033[35m\]\h'" $PS1"
+      fi
+      '';
+  };
+
+  # trust the cool guys
+  networking.timeServers = [
+    "pool.ntp.org"
+    "time.nist.gov"
+  ];
+
+  # the only locale you will ever need
+  i18n = {
+    consoleKeyMap = "us";
+    defaultLocale = "en_US.UTF-8";
+  };
+
+  # suppress chrome autit event messages
+  security.audit = {
+    rules = [
+      "-a task,never"
+    ];
+  };
+
+  # Enable IPv6 Privacy Extensions
+  boot.kernel.sysctl = {
+    "net.ipv6.conf.all.use_tempaddr" = 2;
+    "net.ipv6.conf.default.use_tempaddr" = 2;
+  };
+}

makefu/3modules/default.nix

@@ -2,17 +2,17 @@ _:
 
 {
   imports = [
-    ./state.nix
-    ./populate.nix
     ./awesome-extra.nix
     ./deluge.nix
     ./forward-journal.nix
     ./opentracker.nix
     ./ps3netsrv.nix
     ./logging-config.nix
+    ./populate.nix
     ./sane-extra.nix
     ./server-config.nix
     ./snapraid.nix
+    ./state.nix
     ./torrent.nix
     ./udpt.nix
   ];

makefu/3modules/state.nix

@@ -6,4 +6,11 @@
     description = "state which is currently scattered on the machine";
     default = [];
   };
+
+  config.system.activationScripts.state =  lib.optionalString (config.state != []) ''
+    cat << EOF
+    This machine is burdened with state:
+    ${lib.concatMapStringsSep "\n" (d: "* ${d}") config.state}
+    EOF
+  '';
 }

makefu/5pkgs/4nxci/default.nix

@@ -0,0 +1,52 @@
+{ stdenv, lib, fetchFromGitHub, mbedtls, python2 }:
+let
+  
+  mymbedtls = lib.overrideDerivation mbedtls (old: rec {
+    name = "mbedtls-${version}";
+    version = "2.13.0";
+    src = fetchFromGitHub {
+      owner = "ARMmbed";
+      repo = "mbedtls";
+      rev = name;
+      sha256 = "1257kp7yxkwwbx5v14kmrmgk1f9zagiddg5alm4wbj0pmgbrm14j";
+    };
+    buildInputs = old.buildInputs ++ [ python2 ];
+    postConfigure = ''
+      perl scripts/config.pl set MBEDTLS_CMAC_C
+    '';
+    doCheck = false;
+
+  });
+in stdenv.mkDerivation rec {
+  name = "4nxci-${version}";
+  version = "1.30";
+
+  src = fetchFromGitHub {
+    owner = "The-4n";
+    repo = "4NXCI";
+    rev = "v${version}";
+    sha256 = "0nrd19z88iahxcdx468lzgxlvkl65smwx8f9s19431cszyhvpxyh";
+  };
+
+  buildPhase = ''
+    cp config.mk.template config.mk
+    sed -i 's#\(INCLUDE =\).*#\1${mymbedtls}/include#' Makefile
+    sed -i 's#\(LIBDIR =\).*#\1${mymbedtls}/lib#' Makefile
+    make 4nxci
+  '';
+
+  installPhase = ''
+    install -m755 -D 4nxci $out/bin/4nxci
+  '';
+
+  #preInstall = ''
+  #  mkdir -p $out/bin
+  #'';
+
+  buildInputs = [ mymbedtls ];
+
+  meta = {
+    description = "convert xci to nsp";
+    license = lib.licenses.isc;
+  };
+}

makefu/krops.nix

@@ -1,8 +1,5 @@
 { config ? config, name, target ? name }: let
-  krops = builtins.fetchGit {
-    url = https://cgit.krebsco.de/krops/;
-    rev = "4e466eaf05861b47365c5ef46a31a188b70f3615";
-  };
+  krops = ../submodules/krops;
   nixpkgs-src = lib.importJSON ./nixpkgs.json;
 
   lib = import "${krops}/lib";
@@ -86,6 +83,7 @@ in {
 
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
   test = { target ? target }: pkgs.krops.writeTest "${name}-test" {
+    force = true;
     inherit target;
     source = source { test = true; };
   };

nin/2configs/games.nix

@@ -57,7 +57,6 @@ let
 
 in {
   environment.systemPackages = with pkgs; [
-    dwarf_fortress
     doom1
     doom2
     vdoom1

nin/krops.nix

@@ -29,6 +29,7 @@ in {
 
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
   test = { target }: pkgs.krops.writeTest "${name}-test" {
+    force = true;
     inherit target;
     source = source { test = true; };
   };

submodules/krops

@@ -0,0 +1 @@
+Subproject commit e2b29654251367545700154ffbac806705dd04c0

tv/1systems/mu/config.nix

@@ -3,6 +3,7 @@ with import <stockholm/lib>;
 
   imports = [
     <stockholm/tv>
+    <stockholm/tv/2configs/br.nix>
     <stockholm/tv/2configs/exim-retiolum.nix>
     <stockholm/tv/2configs/retiolum.nix>
   ];
@@ -90,20 +91,6 @@ with import <stockholm/lib>;
     pkgs.xlibs.fontschumachermisc
   ];
 
-  # Enable CUPS to print documents.
-  services.printing = {
-    enable = true;
-    #drivers = [
-    #  #pkgs.foomatic_filters
-    #  #pkgs.gutenprint
-    #  #pkgs.cups_pdf_filter
-    #  #pkgs.ghostscript
-    #];
-    #cupsdConf = ''
-    #  LogLevel debug2
-    #'';
-  };
-
   services.xserver.enable = true;
   services.xserver.layout = "de";
   services.xserver.xkbOptions = "eurosign:e";

tv/1systems/querel/config.nix

@@ -2,10 +2,9 @@ with import <stockholm/lib>;
 { config, pkgs, ... }: {
 
   imports = [
-    <stockholm/krebs>
-    <stockholm/tv/2configs>
-    <stockholm/tv/3modules>
+    <stockholm/tv>
     <stockholm/tv/2configs/retiolum.nix>
+    <stockholm/tv/2configs/xp-332.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.querel;
@@ -37,6 +36,7 @@ with import <stockholm/lib>;
     sxiv
     texlive.combined.scheme-full
     vim
+    xsane
     zathura
   ];
 
@@ -67,10 +67,6 @@ with import <stockholm/lib>;
 
   programs.ssh.startAgent = false;
 
-  services.printing = {
-    enable = true;
-  };
-
   services.xserver.enable = true;
   services.xserver.layout = "de";
   services.xserver.xkbOptions = "eurosign:e";

tv/1systems/xu/config.nix

@@ -18,6 +18,7 @@ with import <stockholm/lib>;
     <stockholm/tv/2configs/retiolum.nix>
     <stockholm/tv/2configs/binary-cache>
     <stockholm/tv/2configs/br.nix>
+    <stockholm/tv/2configs/xp-332.nix>
     <stockholm/tv/2configs/xserver>
     {
       environment.systemPackages = with pkgs; [
@@ -40,7 +41,6 @@ with import <stockholm/lib>;
         mkpasswd
         netcat
         netcup
-        nix-repl
         nmap
         p7zip
         pass
@@ -147,8 +147,6 @@ with import <stockholm/lib>;
     gptfdisk
   ];
 
-  services.printing.enable = true;
-
   #services.bitlbee.enable = true;
   #services.tor.client.enable = true;
   #services.tor.enable = true;

tv/2configs/backup.nix

@@ -26,7 +26,7 @@ with import <stockholm/lib>;
       method = "pull";
       src = { host = config.krebs.hosts.querel; path = "/home"; };
       dst = { host = config.krebs.hosts.nomic; path = "/fs/ponyhof/bku/querel-home"; };
-      startAt = "00:00";
+      startAt = "22:00";
     };
     wu-home-xu = {
       method = "push";

tv/2configs/bash/default.nix

@@ -33,11 +33,13 @@ with import <stockholm/lib>;
         PS1="ssh-agent[$SSH_AGENT_PID] $PS1"
       fi
 
-      case ''${XMONAD_SPAWN_WORKSPACE-} in
-        stockholm)
-          cd ~/stockholm
-        ;;
-      esac
+      if test ''${SHLVL-1} = 1; then
+        case ''${XMONAD_SPAWN_WORKSPACE-} in
+          stockholm)
+            cd ~/stockholm
+          ;;
+        esac
+      fi
     '';
   };
 }

tv/2configs/default.nix

@@ -143,6 +143,7 @@ with import <stockholm/lib>;
       environment.systemPackages = [
         pkgs.get
         pkgs.git
+        pkgs.git-crypt
         pkgs.git-preview
         pkgs.hashPassword
         pkgs.htop

tv/2configs/gitrepos.nix

@@ -9,8 +9,19 @@ let {
       enable = true;
       cgit = {
         settings = {
-          root-title = "repositories at ${config.krebs.build.host.name}";
+          about-filter = pkgs.exec "krebs.cgit.about-filter" rec {
+            filename = "${pkgs.pythonPackages.markdown2}/bin/markdown2";
+            argv = [
+              filename
+              "--extras=fenced-code-blocks"
+            ];
+            envp = {};
+          };
+          readme = [
+            ":README.md"
+          ];
           root-desc = "mostly krebs";
+          root-title = "repositories at ${config.krebs.build.host.name}";
         };
       };
       repos = repos;
@@ -30,46 +41,33 @@ let {
 
   public-repos = mapAttrs make-public-repo ({
   } // mapAttrs (_: recursiveUpdate { cgit.section = "1. miscellaneous"; }) {
-    cac-api = {
-      cgit.desc = "CloudAtCost API command line interface";
-    };
     dic = {
       cgit.desc = "dict.leo.org command line interface";
     };
     disko = {
       cgit.desc = "declarative partitioning and formatting tool";
     };
-    get = {};
-    hstool = {
-      cgit.desc = "Haskell Development Environment ^_^";
+    fswm = {
+      cgit.desc = "simple full screen window manager";
     };
     htgen = {
       cgit.desc = "toy HTTP server";
     };
-    kirk = {
-      cgit.desc = "IRC tools";
-    };
     krops = {
       cgit.desc = "deployment tools";
     };
-    load-env = {};
-    loldns = {
-      cgit.desc = "toy DNS server";
-    };
-    make-snapshot = {};
     much = {};
     netcup = {
       cgit.desc = "netcup command line interface";
     };
-    nix-writers = {};
+    nix-writers = {
+      cgit.desc = "collection of package builders";
+    };
     populate = {
       cgit.desc = "source code installer";
     };
     q = {};
     regfish = {};
-    soundcloud = {
-      cgit.desc = "SoundCloud command line interface";
-    };
     stockholm = {
       cgit.desc = "NixOS configuration";
     };
@@ -86,15 +84,32 @@ let {
     xintmap = {};
     xmonad-stockholm = {};
   } // mapAttrs (_: recursiveUpdate { cgit.section = "4. museum"; }) {
+    cac-api = {
+      cgit.desc = "CloudAtCost API command line interface";
+    };
     cgserver = {};
     crude-mail-setup = {};
     dot-xmonad = {};
     hirc = {};
+    hstool = {
+      cgit.desc = "Haskell Development Environment ^_^";
+    };
+    kirk = {
+      cgit.desc = "IRC tools";
+    };
     make-snapshot = {};
     nixos-infest = {};
     painload = {};
     push = {};
     with-tmpdir = {};
+    get = {};
+    load-env = {};
+    loldns = {
+      cgit.desc = "toy DNS server";
+    };
+    soundcloud = {
+      cgit.desc = "SoundCloud command line interface";
+    };
   });
 
   restricted-repos = mapAttrs make-restricted-repo (
@@ -138,7 +153,7 @@ let {
     public = false;
     hooks = hooks // {
       post-receive = /* sh */ ''
-        (${hooks.post-receive or ""})
+        (${hooks.post-receive or ":"})
         ${cgit-clear-cache}/bin/cgit-clear-cache
       '';
     };

tv/2configs/urlwatch.nix

@@ -1,6 +1,10 @@
-{ config, pkgs, ... }:
 with import <stockholm/lib>;
-{
+{ config, pkgs, ... }: let
+  json = url: {
+    inherit url;
+    filter = "system:${pkgs.jq}/bin/jq .";
+  };
+in {
   krebs.urlwatch = {
     enable = true;
     mailto = config.krebs.users.tv.mail;
@@ -13,18 +17,9 @@ with import <stockholm/lib>;
 
       http://www.exim.org/
 
-      # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix
-      {
-        url = https://api.github.com/repos/simple-evcorr/sec/tags;
-        filter = "system:${pkgs.jq}/bin/jq .";
-      }
-
       # ref src/nixpkgs/pkgs/tools/networking/urlwatch/default.nix
       https://thp.io/2008/urlwatch/
 
-      # 2014-12-20 ref src/nixpkgs/pkgs/tools/networking/tlsdate/default.nix
-      https://api.github.com/repos/ioerror/tlsdate/tags
-
       # 2015-02-18
       # ref ~/src/nixpkgs/pkgs/tools/text/qprint/default.nix
       http://www.fourmilab.ch/webtools/qprint/
@@ -50,7 +45,13 @@ with import <stockholm/lib>;
       #http://hackage.haskell.org/package/web-page
 
       # ref <stockholm/krebs/3modules>, services.openssh.knownHosts.github*
-      https://api.github.com/meta
+      (json https://api.github.com/meta)
+
+      # 2014-12-20 ref src/nixpkgs/pkgs/tools/networking/tlsdate/default.nix
+      (json https://api.github.com/repos/ioerror/tlsdate/tags)
+
+      # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix
+      (json https://api.github.com/repos/simple-evcorr/sec/tags)
 
       # <stockholm/tv/2configs/xserver/xserver.conf.nix>
       # is derived from `configFile` in:

tv/2configs/vim.nix

@@ -15,6 +15,7 @@ let {
 
   extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
     pkgs.vimPlugins.undotree
+    pkgs.vimPlugins.vim-elixir
     (pkgs.vimUtils.buildVimPlugin {
       name = "vim-syntax-jq";
       src = pkgs.fetchgit {

tv/2configs/xp-332.nix

@@ -0,0 +1,45 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: {
+
+  environment.etc."utsushi.conf".text = ''
+    [devices]
+    dev1.udi = esci:networkscan://EPSON79678C.fritz.box:1865
+    dev1.model = XP-332
+    dev1.vendor = EPSON
+  '';
+
+  hardware.sane = {
+    enable = true;
+    extraBackends = [
+      pkgs.utsushi
+    ];
+  };
+
+  krebs.nixpkgs.allowUnfreePredicate = pkg:
+    elem (parseDrvName pkg.name).name [ "imagescan-plugin-networkscan" ];
+
+  nixpkgs.overlays = singleton (self: super: {
+    utsushi = super.utsushi.override {
+      guiSupport = false;
+      jpegSupport = false;
+      networkSupport = true;
+      ocrSupport = false;
+      saneSupport = true;
+      tiffSupport = true;
+
+      logCategory = "ALL";
+      logLevel = "BRIEF";
+    };
+  });
+
+  services = {
+    printing = {
+      drivers = [
+        pkgs.epson-escpr
+      ];
+      enable = true;
+    };
+    saned.enable = true;
+  };
+
+}

tv/2configs/xserver/default.nix

@@ -41,9 +41,12 @@ in {
     # refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
     desktopManager.session = mkForce [];
 
+    displayManager.lightdm.enable = mkForce false;
+    displayManager.job.execCmd = mkForce "derp";
+
     enable = true;
-    display = 11;
-    tty = 11;
+    display = mkForce 11;
+    tty = mkForce 11;
 
     synaptics = {
       enable = true;
@@ -55,7 +58,7 @@ in {
   systemd.services.display-manager.enable = false;
 
   systemd.services.xmonad = {
-    wantedBy = [ "multi-user.target" ];
+    wantedBy = [ "graphical.target" ];
     requires = [ "xserver.service" ];
     environment = {
       DISPLAY = ":${toString config.services.xserver.display}";
@@ -101,21 +104,20 @@ in {
 
   systemd.services.xserver = {
     after = [
-      "systemd-udev-settle.service"
-      "local-fs.target"
       "acpid.service"
+      "local-fs.target"
+      "systemd-udev-settle.service"
     ];
-    reloadIfChanged = true;
+    wants = [
+      "systemd-udev-settle.service"
+    ];
+    restartIfChanged = false;
     environment = {
-      XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
-      XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
-      LD_LIBRARY_PATH = concatStringsSep ":" (
-        [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
+      LD_LIBRARY_PATH = concatStringsSep ":" ([ "/run/opengl-driver/lib" ]
         ++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
     };
     serviceConfig = {
       SyslogIdentifier = "xserver";
-      ExecReload = "${pkgs.coreutils}/bin/echo NOP";
       ExecStart = toString [
         "${pkgs.xorg.xorgserver}/bin/X"
         ":${toString config.services.xserver.display}"
@@ -123,17 +125,16 @@ in {
         "-config ${import ./xserver.conf.nix args}"
         "-logfile /dev/null -logverbose 0 -verbose 3"
         "-nolisten tcp"
-        "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb"
+        "-xkbdir ${config.services.xserver.xkbDir}"
       ];
     };
   };
 
   systemd.services.urxvtd = {
-    wantedBy = [ "multi-user.target" ];
-    reloadIfChanged = true;
+    wantedBy = [ "graphical.target" ];
+    restartIfChanged = false;
     serviceConfig = {
       SyslogIdentifier = "urxvtd";
-      ExecReload = "${pkgs.coreutils}/bin/echo NOP";
       ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
       Restart = "always";
       RestartSec = "2s";

tv/3modules/charybdis/default.nix

@@ -64,7 +64,7 @@ in {
         ExecStartPre =
           "${pkgs.coreutils}/bin/ln -s /etc/charybdis-ircd.motd /tmp/ircd.motd";
         ExecStart = toString [
-          "${pkgs.charybdis}/bin/charybdis-ircd"
+          "${pkgs.charybdis}/bin/charybdis"
             "-configfile ${import ./config.nix args}"
             "-foreground"
             "-logfile /dev/stderr"

tv/5pkgs/compat/default.nix

@@ -0,0 +1 @@
+self: super: {}

tv/5pkgs/default.nix

@@ -33,4 +33,16 @@ foldl' mergeAttrs {}
   '';
 
   gnupg = self.gnupg22;
+
+  pass = {
+    "18.03" =
+      self.callPackage ./compat/18.03/pass {
+        pass-otp = self.callPackage ./compat/18.03/pass-otp {};
+      };
+    "18.09" =
+      super.pass.withExtensions (ext: [
+        ext.pass-otp
+      ]);
+  }.${versions.majorMinor nixpkgsVersion};
+
 }

tv/5pkgs/simple/utsushi.nix

@@ -0,0 +1,207 @@
+{ boost, fetchurl, file, imagemagick, libudev, libusb, pkgconfig, stdenv
+, coreutils, dash, patchelf, writeScriptBin # for add-rpath
+
+, guiSupport ? false, gtkmm2 ? null
+, jpegSupport ? true
+, networkSupport ? false, dpkg ? null
+, ocrSupport ? false, tesseract ? null
+, saneSupport ? true, saneBackends ? null
+, tiffSupport ? true, libtiff ? null
+
+# Logging defaults copied from Utsushi source (lib/log.cpp)
+, logCategory ? "NOTHING"
+, logLevel ? "FATAL"
+}:
+
+# Logging possibilities copied from Utsushi source (utsushi/log.hpp)
+assert builtins.elem logCategory [
+  "NOTHING"
+  "SANE_BACKEND"
+  "ALL"
+];
+assert builtins.elem logLevel [
+  "FATAL" # famous last words
+  "ALERT" # outside intervention required
+  "ERROR" # something went wrong
+  "BRIEF" # short informational notes
+  "TRACE" # more chattery feedback
+  "DEBUG" # the gory details
+  "QUARK" # stack tracing feedback
+];
+
+let
+
+  # usage: add-rpath LIBPATH [SOFILE...]
+  # Adds LIBPATH to each SOFILE's RPATH
+  add-rpath = writeScriptBin "add-rpath" ''
+    #! ${dash}/bin/dash
+    set -efu
+    path=$1; shift
+    for file; do
+      file=$(${coreutils}/bin/readlink -f "$file")
+      old_rpath=$(${patchelf}/bin/patchelf --print-rpath "$file")
+      new_rpath=''${old_rpath+$old_rpath:}$path
+      ${patchelf}/bin/patchelf --set-rpath "$new_rpath" "$file"
+    done
+  '';
+
+  imagescan-plugin-networkscan = stdenv.mkDerivation rec {
+    name = "imagescan-plugin-networkscan-${meta.version}";
+
+    src =
+      if stdenv.system == "i686-linux" then
+        fetchurl {
+          url = "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-1.3.21.x86.deb.tar.gz";
+          sha256 = "16xv1pdfm2ryis815fawb7zqg6c4swww726g272ssx044r5dp80r";
+        }
+      else if stdenv.system == "x86_64-linux" then
+        fetchurl {
+          url = "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-1.3.21.x64.deb.tar.gz";
+          sha256 = "0zik35h2jwrvkwcmq55wc72imidwdnmn1bayhypzhjcz61rasjg2";
+        }
+      else throw "${name} is not supported on ${stdenv.system} (only i686-linux and x86_64 linux are supported)";
+
+    dontBuild = true;
+
+    installPhase = ''
+      # Wildcard * stand for either i386 or amd64
+      ${dpkg}/bin/dpkg -x \
+          plugins/imagescan-plugin-networkscan_${meta.version}-1epson4debian9_*.deb \
+          tmp
+
+      mv tmp/usr $out
+    '';
+
+    preFixup = ''
+      patchelf --set-interpreter \
+          ${stdenv.glibc}/lib/ld-linux${stdenv.lib.optionalString stdenv.is64bit "-x86-64"}.so.2 \
+          $out/lib/utsushi/networkscan
+
+      # libstdc++.so.6
+      patchelf --set-rpath ${stdenv.cc.cc.lib}/lib \
+          $out/lib/utsushi/networkscan
+    '';
+
+    meta = {
+      description = "Epson Image Scan v3 networkscan plugin";
+      longDescription = ''
+        This package provides the unfree networkscan plugin from the Epson
+        Image Scan v3 scanner driver bundle, which can be used by Utsushi.
+      '';
+      homepage = "http://support.epson.net/linux/en/imagescanv3.php?version=${meta.version}";
+      license = stdenv.lib.licenses.eapl;
+      maintainers = [ stdenv.lib.maintainers.tv ];
+      platforms = stdenv.lib.platforms.linux;
+      version = "1.1.0";
+    };
+  };
+
+in
+
+stdenv.mkDerivation rec {
+  name = "utsushi-${meta.version}";
+
+  src = fetchurl {
+    url = "http://support.epson.net/linux/src/scanner/imagescanv3/debian/imagescan_${meta.version}.orig.tar.gz";
+    sha256 = "12mzq3wc8gzdma84pjs5gb0gp8mga13wax5g7vjfrzq8pjyqrnmw";
+  };
+
+  preConfigure = ''
+    substituteInPlace configure \
+        --replace /usr/bin/file ${file}/bin/file
+
+    substituteInPlace lib/log.cpp \
+        --replace FATAL ${logLevel} \
+        --replace NOTHING ${logCategory}
+  '';
+
+  postInstall = ''
+    # Allow configuration to be done via /etc/utsushi.conf
+    ln -s /etc/utsushi.conf $out/etc/utsushi/utsushi.conf
+
+    ${stdenv.lib.optionalString saneSupport ''
+      # Make this package compatible with hardware.sane.extraBackends
+      mkdir $out/etc/sane.d
+      echo utsushi > $out/etc/sane.d/dll.conf
+      mkdir $out/lib/sane
+      ln -s $out/lib/utsushi/sane/libsane-utsushi.* $out/lib/sane
+    ''}
+
+    ${stdenv.lib.optionalString networkSupport ''
+      ln -s ${imagescan-plugin-networkscan}/lib/utsushi/networkscan \
+        $out/libexec/utsushi/
+    ''}
+  '';
+
+  # Fixup libraries which otherwise would end up broken like this:
+  #
+  #  $ ldd .../blah.so | grep libboost_system
+  #  libboost_system.so.X.Y.Z => not found
+  #  libboost_system.so.X.Y.Z => /nix/store/.../libboost_system.so.X.Y.Z (...)
+  #
+  preFixup = ''
+    add-rpath ${boost}/lib $out/lib/utsushi/libdrv-esci.so
+    ${stdenv.lib.optionalString saneSupport ''
+      add-rpath ${boost}/lib $out/lib/utsushi/sane/libsane-utsushi.so
+    ''}
+  '';
+
+  nativeBuildInputs = [
+    add-rpath
+    pkgconfig
+  ];
+
+  buildInputs = [
+    boost
+    imagemagick
+    libudev
+    libusb
+  ]
+  ++ stdenv.lib.optional guiSupport gtkmm2
+  ++ stdenv.lib.optional ocrSupport tesseract
+  ++ stdenv.lib.optional saneSupport saneBackends
+  ++ stdenv.lib.optional tiffSupport libtiff
+  ;
+
+  NIX_CFLAGS_COMPILE = [
+    "-Wno-error=deprecated-declarations"
+    "-Wno-error=unused-variable"
+  ];
+
+  configureFlags = [
+    "--with-boost=${boost}"
+    "--with-magick"
+    "--with-magick-pp"
+  ]
+  ++ stdenv.lib.optionals guiSupport [
+    "--with-gtkmm"
+  ]
+  ++ stdenv.lib.optionals jpegSupport [
+    "--with-jpeg"
+  ]
+  ++ stdenv.lib.optionals saneSupport [
+    "--with-sane"
+  ]
+  ++ stdenv.lib.optionals tiffSupport [
+    "--with-tiff"
+  ]
+  ;
+
+  meta = {
+    description = "Utsushi - Next Generation Image Acquisition";
+    longDescription = ''
+      This software provides applications to easily turn hard-copy
+      documents and imagery into formats that are more amenable to
+      computer processing.
+
+      Included are a native driver for a number of EPSON scanners
+      and a compatibility driver to interface with software built
+      around the SANE standard.
+    '';
+    homepage = http://download.ebz.epson.net/dsc/search/01/search/?OSC=LX;
+    license = stdenv.lib.licenses.gpl3;
+    maintainers = [ stdenv.lib.maintainers.tv ];
+    platforms = stdenv.lib.platforms.linux;
+    version = "3.48.0";
+  };
+}

tv/krops.nix

@@ -16,6 +16,7 @@
 
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
   test = { target }: pkgs.krops.writeTest "tv-krops-${name}-ci" {
+    force = true;
     inherit source target;
   };