From e5b8e2e4a4e15f587586d308b159d657bf0ede9c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 29 Jul 2015 15:14:52 +0200
Subject: [PATCH 1/6] init: repunit

---
 makefu/1systems/repunit | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 makefu/1systems/repunit

diff --git a/makefu/1systems/repunit b/makefu/1systems/repunit
new file mode 100644
index 000000000..e69de29bb

From 5b25d459ecbd5cb4f7b6338f6f6f530357fdb01d Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Wed, 29 Jul 2015 15:31:34 +0200
Subject: [PATCH 2/6] tv 2 base: define shellAliases with mkForce

---
 tv/2configs/base.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tv/2configs/base.nix b/tv/2configs/base.nix
index 997d4c235..89a66115a 100644
--- a/tv/2configs/base.nix
+++ b/tv/2configs/base.nix
@@ -90,7 +90,7 @@ in
         rxvt_unicode.terminfo
       ];
 
-      environment.shellAliases = {
+      environment.shellAliases = mkForce {
         # alias cal='cal -m3'
         gp = "${pkgs.pari}/bin/gp -q";
         df = "df -h";

From aaf834ca87a4fa736c6adf63079be0b50d7f187c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 29 Jul 2015 15:34:56 +0200
Subject: [PATCH 3/6] fix naming for repunit

---
 makefu/1systems/{repunit => repunit.nix} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename makefu/1systems/{repunit => repunit.nix} (100%)

diff --git a/makefu/1systems/repunit b/makefu/1systems/repunit.nix
similarity index 100%
rename from makefu/1systems/repunit
rename to makefu/1systems/repunit.nix

From b14e55d25aa3c42685b8bab3bd9b52e53c22426f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 29 Jul 2015 15:38:47 +0200
Subject: [PATCH 4/6] pnp: allow ping for faster irc connect

---
 makefu/1systems/pnp.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index 4c4ce716f..536e08187 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -40,6 +40,7 @@
 
 # networking.firewall is enabled by default
   networking.firewall.allowedTCPPorts = [ 80 ];
+  networking.firewall.allowPing = true;
 
   fileSystems."/" =
   { device = "/dev/disk/by-label/nixos";

From d516f329dae8e3d282ab699227667995ce1b2bee Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 29 Jul 2015 15:41:38 +0200
Subject: [PATCH 5/6] prepare repunit

---
 makefu/1systems/repunit.nix | 63 +++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)

diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix
index e69de29bb..7596a3d54 100644
--- a/makefu/1systems/repunit.nix
+++ b/makefu/1systems/repunit.nix
@@ -0,0 +1,63 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+      ../2configs/base.nix
+      ../2configs/cgit-retiolum.nix
+    ];
+  krebs.build.host = config.krebs.hosts.repunit;
+  krebs.build.user = config.krebs.users.makefu;
+  krebs.build.target = "root@repunit";
+
+  krebs.build.deps = {
+    nixpkgs = {
+      url = https://github.com/NixOS/nixpkgs;
+      rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
+    };
+    secrets = {
+      url = "/home/makefu/secrets/${config.krebs.build.host.name}";
+    };
+    stockholm = {
+      url = toString ../..;
+    };
+  };
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/vda";
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+  hardware.enableAllFirmware = true;
+  hardware.cpu.amd.updateMicrocode = true;
+
+# networking.firewall is enabled by default
+  networking.firewall.allowedTCPPorts = [ 80 ];
+  networking.firewall.allowPing = true;
+
+  fileSystems."/" =
+  { device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+  krebs.retiolum = {
+    enable = true;
+    hosts = ../../Zhosts;
+    connectTo = [
+      "gum"
+      "pigstarter"
+      "fastpoke"
+    ];
+  };
+
+# $ nix-env -qaP | grep wget
+    environment.systemPackages = with pkgs; [
+      jq
+    ];
+}

From 65d79890493600b09dc01209a378c070f2f0a028 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 29 Jul 2015 15:50:37 +0200
Subject: [PATCH 6/6] add firewall reject instead of drop

---
 makefu/1systems/pnp.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index 536e08187..549658983 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -40,6 +40,7 @@
 
 # networking.firewall is enabled by default
   networking.firewall.allowedTCPPorts = [ 80 ];
+  networking.firewall.rejectPackets = true;
   networking.firewall.allowPing = true;
 
   fileSystems."/" =