Merge remote-tracking branch 'lass/master'

krebs/2configs/mud.nix

@@ -5,7 +5,7 @@
     MUD_SERVER=''${MUD_SERVER:-127.0.0.1}
     MUD_PORT=''${MUD_PORT:-8080}
 
-    if $(${pkgs.netcat-openbsd}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then
+    if $(${pkgs.libressl.nc}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then
       ${nvim}/bin/nvim \
         +"let g:instant_username = \"$MUD_NICKNAME\"" \
         +":InstantJoinSession $MUD_SERVER $MUD_PORT" \

krebs/3modules/external/kmein.nix

@@ -116,6 +116,28 @@ in
         wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ=";
       };
     };
+    tahina = {
+      nets.retiolum = {
+        ip4.addr = "10.243.2.74";
+        aliases = [ "tahina.r" "tahina.kmein.r" ];
+        tinc.pubkey = ''
+          -----BEGIN RSA PUBLIC KEY-----
+          MIICCgKCAgEAtX6RpdFl9AqCF6Jy9ZhGY1bOUnEw5x3wm8gBK/aFb5592G3sGbWV
+          5Vv1msdLcoYQ5X4sgp3wizE5tbW7SiRVBwVB4mfYxe5KSiFJvTmXdp/VtKXs/hD8
+          VXNBjCdPeFOZ4Auh4AT+eibA/lW5veOnBkrsD/GkEcAkKb2MMEoxv4VqLDKuNzPv
+          EfE+mIb/J3vJmfpLG/+VGLrCuyShjPR2z0o5KMg8fI4ukcg6vwWwGE3Qd8JkSYMz
+          iy9oIGo/AJNyOUG0vQXL1JU/LFBXKty515UmXR2hO/Xi1w92DT8lxfLYRgoseT2u
+          i4aHmfl49LGkpQVIFejj6R0FrZBd5R2ElmQbmxSKS1PO9VheOOm02fgVXRpeoh6R
+          FdDkFWWmELW921UtEB2jSIMkf5xW8XmlJlGveaDnkld07aQlshnnOUfIs3r7H+T9
+          9g1QxiE7EFeoLrfIkgT81F+iL6RazSbf9DcTxvrKv+cZBrZKdcurcTtX0wFFD4wZ
+          0tzYPTcAnv/ytacf2/jv/Vm3xNFyjrBLM6ZtJtZ6NAJvD+OW4G/o2941KCu1Mqz/
+          VFAJW3djrqfASNCU1GqtHV0wdJMN8EszDNYdJ7pyw6+rG2PeYCVfE7wNe3b6zYqY
+          tUYhU1xkQQD4xgOMX3AdSI/JGjxMBBKlJXafwdDW8LMBWBPt+9Xq2vMCAwEAAQ==
+          -----END RSA PUBLIC KEY-----
+        '';
+        tinc.pubkey_ed25519 = "m8fnOzCx2KVsQx/616+AzVW5OTgAjBGDoT/PpKuyx+I";
+      };
+    };
     zaatar = {
       nets.retiolum = {
         ip4.addr = "10.243.2.34";
@@ -125,6 +147,7 @@ in
           "grocy.kmein.r"
           "moodle.kmein.r"
           "radio.kmein.r"
+          "home.kmein.r"
         ];
         tinc.pubkey = ''
           -----BEGIN RSA PUBLIC KEY-----

krebs/3modules/iptables.nix

@@ -125,8 +125,8 @@ let
         (interface: interfaceConfig: [
           (map (port: { predicate = "-i ${interface} -p tcp --dport ${toString port}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPorts)
           (map (port: { predicate = "-i ${interface} -p udp --dport ${toString port}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPorts)
-          (map (portRange: { predicate = "-i ${interface} -p tcp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPortRanges)
-          (map (portRange: { predicate = "-i ${interface} -p udp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPortRanges)
+          (map (portRange: { predicate = "-i ${interface} -p tcp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPortRanges)
+          (map (portRange: { predicate = "-i ${interface} -p udp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPortRanges)
         ])
         config.networking.firewall.interfaces
       );

krebs/3modules/tv/default.nix

@@ -1,11 +1,13 @@
-with import <stockholm/lib>;
+with import ../../../lib;
 { config, ... }: let
 
-  hostDefaults = hostName: host: foldl' recursiveUpdate {} [
+  evalHost = hostName: hostConfig: evalSubmodule types.host [
+    hostConfig
     {
+      name = hostName;
       owner = config.krebs.users.tv;
     }
-    (optionalAttrs (host.nets?retiolum) {
+    (optionalAttrs (hasAttrByPath ["nets" "retiolum"] hostConfig) {
       nets.retiolum = {
         ip6.addr =
           (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address;
@@ -23,14 +25,19 @@ with import <stockholm/lib>;
         wireguard.pubkey = readFile pubkey-path;
       };
     })
-    host
+    (host: mkIf (host.config.ssh.pubkey != null) {
+      ssh.privkey = mapAttrs (const mkDefault) {
+        path = config.krebs.secret.file "ssh.id_${host.config.ssh.privkey.type}";
+        type = head (toList (match "ssh-([^ ]+) .*" host.config.ssh.pubkey));
+      };
+    })
   ];
 
 in {
   dns.providers = {
     "viljetic.de" = "regfish";
   };
-  hosts = mapAttrs hostDefaults {
+  hosts = mapAttrs evalHost {
     alnus = {
       ci = true;
       cores = 2;
@@ -53,7 +60,6 @@ in {
           tinc.pubkey_ed25519 = "Td6pRkmSzSGVJll26rULdr6W4U87xsHZ/87NEaglW3K";
         };
       };
-      ssh.privkey.path = config.krebs.secret.file "ssh.id_rsa";
       ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
     };
     au = {
@@ -79,7 +85,6 @@ in {
         };
       };
       secure = true;
-      ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsqDuhGJpjpqNv4QmjoOhcODObrPyY3GHLvtVkgXV0g root@au";
     };
     bu = {
@@ -129,7 +134,6 @@ in {
         };
       };
       secure = true;
-      ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+Rrf9tvuusYlnSZwUiHS4O+AhrpVZ/6n7peSRKojTc root@hu";
     };
     mu = {
@@ -154,7 +158,6 @@ in {
           tinc.pubkey_ed25519 = "cEf/Kq/2Fo70yoIcVmhIp4it9eA7L3GdkgrVE9AWU6C";
         };
       };
-      ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu";
     };
     ni = {
@@ -234,7 +237,6 @@ in {
         };
       };
       secure = true;
-      ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic";
     };
     wu = {
@@ -261,7 +263,6 @@ in {
         };
       };
       secure = true;
-      ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
     };
     querel = {
@@ -290,7 +291,6 @@ in {
           '';
         };
       };
-      ssh.privkey.path = <secrets/ssh.id_ed25519>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFM2GdL9yOjSBmYBE07ClywNOADc/zxqXwZuWd7Mael root@querel.r";
     };
     xu = {
@@ -321,7 +321,6 @@ in {
         };
       };
       secure = true;
-      ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
     };
     zu = {
@@ -346,7 +345,6 @@ in {
         };
       };
       secure = true;
-      ssh.privkey.path = <secrets/ssh.id_rsa>;
       ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNjHxyUC7afNGSwfwBfQizmDnHTNLWDRHE8SY9W4oiw2lPhCFGTN8Jz84CKtnABbZhbNY1E8T58emF2h45WzDg/OGi8DPAk4VsXSkIhyvAto+nkTy2L4atjqfvXDvqxTDC9sui+t8p5OqOK+sghe4kiy+Vx1jhnjSnkQsx9Kocu24BYTkNqYxG7uwOz6t262XYNwMn13Y2K/yygDR3Uw3wTnEjpaYnObRxxJS3iTECDzgixiQ6ewXwYNggpzO/+EfW1BTz5vmuEVf4GbQ9iEc7IsVXHhR+N0boCscvSgae9KW9MBun0A2veRFXNkkfBEMfzelz+S63oeVfelkBq6N5aLsHYYGC4VQjimScelHYVwxR7O4fV+NttJaFF7H06FJeFzPt3NYZeoPKealD5y2Muh1UnewpmkMgza9hQ9EmI4/G1fMowqeMq0U6Hu0QMDUAagyalizN97AfsllY2cs0qLNg7+zHMPwc5RgLzs73oPUsF3umz0O42I5p5733vveUlWi5IZeI8CA1ZKdpwyMXXNhIOHs8u+yGsOLfSy3RgjVKp2GjN4lfnFd0LI+p7iEsEWDRkIAvGCOFepsebyVpBjGP+Kqs10bPGpk5dMcyn9iBJejoz9ka+H9+JAG04LnXwt6Rf1CRV3VRCRX1ayZEjRv9czV7U9ZpuFQcIlVRJQ== root@zu";
     };
     umz = {

krebs/5pkgs/haskell/hack.nix

@@ -3,11 +3,11 @@
 }:
 mkDerivation {
   pname = "hack";
-  version = "1.0.0";
+  version = "1.0.1";
   src = fetchgit {
     url = "https://cgit.krebsco.de/hack";
-    sha256 = "0hi6frpnxbg3h6s7gd48ri57jc226qycy4rnhmpzpq195xf8y3pf";
-    rev = "cb004b2e5f0fce6cea8d54e60558a1c1904dbe39";
+    sha256 = "0ry5ikn89ij512qvk1xhdhfz4s8a6b9yawgx6lxgnw5jkiyjd7ka";
+    rev = "f3ea150aca5cc86878fa10bc5b1f0918fc154e2a";
     fetchSubmodules = true;
   };
   isLibrary = true;

krebs/5pkgs/haskell/pager.nix

@@ -0,0 +1,23 @@
+{ mkDerivation, base, blessings, bytestring, containers
+, data-default, hack, lib, optparse-applicative, probability
+, scanner, speculate, split, terminal-size, text, unix, X11
+, fetchgit
+}:
+mkDerivation {
+  pname = "pager";
+  version = "1.0.0";
+  src = fetchgit {
+    url = "https://cgit.krebsco.de/pager";
+    sha256 = "1kqd27faxinkwpxancyk0xl6n7ljlc8iqhnnq85l76bk4qi9b45i";
+    rev = "f4cdf79bd4a75e9eafe68b9a908f4cc68682b7ef";
+    fetchSubmodules = true;
+  };
+  isLibrary = false;
+  isExecutable = true;
+  executableHaskellDepends = [
+    base blessings bytestring containers data-default hack
+    optparse-applicative probability scanner speculate split
+    terminal-size text unix X11
+  ];
+  license = lib.licenses.mit;
+}

krebs/5pkgs/haskell/xmonad-stockholm.nix

@@ -1,15 +1,18 @@
-{ mkDerivation, base, containers, fetchgit, filepath, lib, unix, X11, X11-xft , X11-xshape, xmonad, xmonad-contrib
+{ mkDerivation, base, containers, directory, fetchgit, filepath
+, lib, unix, X11, X11-xft, X11-xshape, xmonad, xmonad-contrib
 }:
-mkDerivation rec {
+mkDerivation {
   pname = "xmonad-stockholm";
-  version = "1.3.0";
+  version = "1.3.1";
   src = fetchgit {
-    url = http://cgit.ni.krebsco.de/xmonad-stockholm;
-    rev = "refs/tags/v1.3.0";
-    sha256 = "1np5126wn67y0a1r60rnkq828s0w9zjnvai4b8zy3yc02xlkrjm9";
+    url = "https://cgit.krebsco.de/xmonad-stockholm";
+    sha256 = "1m4kkppy143jvjzhy5aawh8q6sglpnqhiajxbdcr42j02ibf3vvq";
+    rev = "89bae8aad73db8fe9e11da7d515f0b236e7fea51";
+    fetchSubmodules = true;
   };
   libraryHaskellDepends = [
-    base containers filepath unix X11 X11-xft X11-xshape xmonad xmonad-contrib
+    base containers directory filepath unix X11 X11-xft X11-xshape
+    xmonad xmonad-contrib
   ];
   license = lib.licenses.mit;
 }

krebs/5pkgs/simple/git-hooks/default.nix

@@ -96,7 +96,12 @@ with stockholm.lib;
       #$host $GIT_SSH_REPO $ref $link
       add_message $(pink push) $link $(gray "($receive_mode)")
 
-      ${optionalString verbose /* sh */ ''
+      ${optionalString (verbose == true || typeOf verbose == "set") /* sh */ ''
+        ${optionalString (verbose.exclude or [] != []) /* sh */ ''
+          case $ref in (${concatStringsSep "|" verbose.exclude})
+            continue
+          esac
+        ''}
         add_message "$(
           git log \
               --format="$(orange %h) %s $(gray '(%ar)')" \

krebs/5pkgs/simple/pager.nix

@@ -0,0 +1,36 @@
+{ pkgs }:
+
+pkgs.writeDashBin "pager" ''
+  # usage: pager {view,shift,shiftview}
+  #
+  # Environment variables
+  #
+  #   PAGER_NAME (default: Pager)
+  #     The environment variables specifies the application name under which
+  #     resources are to be obtained.  PAGER_NAME should not contain “.” or “*”
+  #     characters.
+  #
+  set -efu
+
+  pidfile=$XDG_RUNTIME_DIR/pager.lock
+  name=''${PAGER_NAME-Pager}
+
+  if test -e "$pidfile" &&
+     ${pkgs.procps}/bin/pgrep --pidfile="$pidfile" >/dev/null
+  then
+    ${pkgs.procps}/bin/pkill --pidfile="$pidfile"
+    ${pkgs.coreutils}/bin/rm "$pidfile"
+    exit
+  fi
+
+  echo $$ > "$pidfile"
+
+  exec ${pkgs.xterm}/bin/xterm \
+      -name "$name" \
+      -ti vt340 \
+      -xrm 'Pager*geometry: 32x10' \
+      -xrm 'Pager*internalBorder: 2' \
+      -xrm 'Pager*background: #050505' \
+      -xrm 'Pager*foreground: #d0d7d0' \
+      -e ${pkgs.haskellPackages.pager}/bin/pager "$@"
+''

krebs/5pkgs/simple/qrscan.nix

@@ -1,27 +1,7 @@
-{ coreutils, gnused, writeDashBin, zbar }:
+{ pkgs }:
 
-writeDashBin "qrscan" ''
+pkgs.writeDashBin "qrscan" ''
   set -efu
 
-  tmpdir=$(${coreutils}/bin/mktemp --tmpdir -d qrscan.XXXXXXXX)
-  codefile=$tmpdir/code
-
-  cleanup() {
-    ${coreutils}/bin/rm "$codefile"
-    ${coreutils}/bin/rmdir "$tmpdir"
-  }
-
-  ${coreutils}/bin/mkfifo "$codefile"
-
-  ${zbar}/bin/zbarcam > "$codefile" &
-  zbarcampid=$!
-
-  exec < "$codefile"
-  while read -r code; do
-    code=$(printf %s "$code" | ${gnused}/bin/sed -n 's/^QR-Code://p')
-    if test -n "$code"; then
-      ${coreutils}/bin/kill "$zbarcampid"
-      echo "$code"
-    fi
-  done
+  ${pkgs.zbar}/bin/zbarcam -1 | ${pkgs.gnused}/bin/sed -n 's/^QR-Code://p'
 ''

krebs/5pkgs/simple/untilport/default.nix

@@ -13,6 +13,6 @@ pkgs.writeDashBin "untilport" ''
   if [ $# -ne 2 ]; then
     usage
   else
-    until ${pkgs.netcat-openbsd}/bin/nc -z "$@"; do sleep 1; done
+    until ${pkgs.libressl.nc}/bin/nc -z "$@"; do sleep 1; done
   fi
 ''

krebs/nixpkgs-unstable.json

@@ -1,9 +1,9 @@
 {
   "url": "https://github.com/NixOS/nixpkgs",
-  "rev": "7f9b6e2babf232412682c09e57ed666d8f84ac2d",
-  "date": "2022-02-21T09:47:16+01:00",
-  "path": "/nix/store/4vd9z4b2s4jfn96ypdfavizy6908l71h-nixpkgs",
-  "sha256": "03nb8sbzgc3c0qdr1jbsn852zi3qp74z4qcy7vrabvvly8rbixp2",
+  "rev": "ff9efb0724de5ae0f9db9df2debefced7eb1571d",
+  "date": "2022-04-12T21:26:28-03:00",
+  "path": "/nix/store/85qw9pp6zxy2dcgshm2xkhhhccrnp8hy-nixpkgs",
+  "sha256": "188h461pilsiym2dqzl17vx1g9pb816cwdi0az9mbw207w721avz",
   "fetchLFS": false,
   "fetchSubmodules": false,
   "deepClone": false,

krebs/nixpkgs.json

@@ -1,9 +1,9 @@
 {
   "url": "https://github.com/NixOS/nixpkgs",
-  "rev": "47cd6702934434dd02bc53a67dbce3e5493e33a2",
-  "date": "2022-03-04T16:09:08+01:00",
-  "path": "/nix/store/xbb640k873m7nmchdrnijl0f9n540ys6-nixpkgs",
-  "sha256": "1rvp9gx7n0gppc86bcysaybw79zl3y8yninsgz6rawdjprzvg7y6",
+  "rev": "2f06b87f64bc06229e05045853e0876666e1b023",
+  "date": "2022-04-14T11:00:29-03:00",
+  "path": "/nix/store/bxspkr9qcbkzgrx16axi2qqbny9hcbvz-nixpkgs",
+  "sha256": "1d7zg96xw4qsqh7c89pgha9wkq3rbi9as3k3d88jlxy2z0ns0cy2",
   "fetchLFS": false,
   "fetchSubmodules": false,
   "deepClone": false,

lass/2configs/alacritty.nix

@@ -0,0 +1,99 @@
+{ config, lib, pkgs, ... }: let
+
+  alacritty-cfg = extrVals: builtins.toJSON ({
+    font = {
+      normal = {
+        family = "Inconsolata";
+        style = "Regular";
+      };
+      bold = {
+        family = "Inconsolata";
+        style = "Bold";
+      };
+      italic = {
+        family = "Inconsolata";
+        style = "Italic";
+      };
+      bold_italic = {
+        family = "Inconsolata";
+        style = "Bold Italic";
+      };
+      size = 8;
+    };
+    live_config_reload = true;
+    window.dimensions = {
+      columns = 80;
+      lines = 20;
+    };
+    # window.opacity = 0;
+    hints.enabled = [
+      {
+        regex = ''(mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\u0000-\u001F\u007F-\u009F<>"\s{-}\^⟨⟩`]+'';
+        command = "/run/current-system/sw/bin/xdg-open";
+        post_processing = true;
+        mouse.enabled = true;
+        binding = {
+          key = "U";
+          mods = "Alt";
+        };
+      }
+    ];
+  } // extrVals);
+
+  alacritty = pkgs.symlinkJoin {
+    name = "alacritty";
+    paths = [
+      (pkgs.writeDashBin "alacritty" ''
+        ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yaml "$@"
+      '')
+      pkgs.alacritty
+    ];
+  };
+
+in {
+  environment.etc = {
+    "themes/light/alacritty.yaml".text = alacritty-cfg {
+      colors = {
+        # Default colors
+        primary = {
+          # hard contrast: background = '#f9f5d7'
+          # background = "#fbf1c7";
+          background = "#f9f5d7";
+          # soft contrast: background = '#f2e5bc'
+          foreground = "#3c3836";
+        };
+
+        # Normal colors
+        normal = {
+          black = "#fbf1c7";
+          red =     "#cc241d";
+          green =   "#98971a";
+          yellow =  "#d79921";
+          blue =    "#458588";
+          magenta = "#b16286";
+          cyan =    "#689d6a";
+          white =   "#7c6f64";
+        };
+
+        # Bright colors
+        bright = {
+          black =   "#928374";
+          red =     "#9d0006";
+          green =   "#79740e";
+          yellow =  "#b57614";
+          blue =    "#076678";
+          magenta = "#8f3f71";
+          cyan =    "#427b58";
+          white =   "#3c3836";
+        };
+      };
+    };
+    "themes/dark/alacritty.yaml".text = alacritty-cfg {
+      colors.primary = {
+        background = "#000000";
+        foreground = "#ffffff";
+      };
+    };
+  };
+  environment.systemPackages = [ alacritty ];
+}

lass/2configs/baseX.nix

@@ -4,6 +4,7 @@ let
   user = config.krebs.build.user;
 in {
   imports = [
+    ./alacritty.nix
     ./mpv.nix
     ./power-action.nix
     ./copyq.nix
@@ -13,6 +14,7 @@ in {
     ./pipewire.nix
     ./tmux.nix
     ./xmonad.nix
+    ./themes.nix
     {
       krebs.per-user.lass.packages = [
         pkgs.sshuttle
@@ -55,7 +57,7 @@ in {
   environment.systemPackages = with pkgs; [
     acpi
     acpilight
-    ag
+    ripgrep
     cabal2nix
     dic
     dmenu
@@ -96,12 +98,17 @@ in {
     '')
   ];
 
-  fonts.fonts = with pkgs; [
-    hack-font
-    hasklig
-    symbola
-    xlibs.fontschumachermisc
-  ];
+  fonts = {
+    fontDir.enable = true;
+    enableGhostscriptFonts = true;
+
+    fonts = with pkgs; [
+      hack-font
+      xorg.fontschumachermisc
+      terminus_font_ttf
+      inconsolata
+    ];
+  };
 
   services.udev.extraRules = ''
     SUBSYSTEM=="backlight", ACTION=="add", \

lass/2configs/fysiirc.nix

@@ -54,14 +54,20 @@ in {
       name = "reaktor2-fysiweb-github";
     };
     script = ''. ${pkgs.writeDash "github-irc" ''
-      set -efu
+      set -xefu
       case "$Method $Request_URI" in
         "POST /")
-          payload=$(head -c "$req_content_length" \
-            | sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \
-            | xargs -0 echo -e \
-          )
-          echo "$payload" | ${format-github-message}/bin/format-github-message
+          payload=$(head -c "$req_content_length")
+          echo "$payload" >&2
+          payload2=$payload
+          payload2=$(echo "$payload" | tr '\n' ' ' | tr -d '\r')
+          if [ "$payload" != "$payload2" ]; then
+            echo "payload has been mangled" >&2
+          else
+            echo "payload not mangled" >&2
+          fi
+          echo "$payload2" > /tmp/last_fysi_payload
+          echo "$payload2" | ${format-github-message}/bin/format-github-message
           printf 'HTTP/1.1 200 OK\r\n'
           printf 'Connection: close\r\n'
           printf '\r\n'

lass/2configs/hass/default.nix

@@ -19,6 +19,7 @@ let
 
 in {
   imports = [
+    ./pyscript
     ./zigbee.nix
     ./rooms/bett.nix
     ./rooms/essen.nix

lass/2configs/hass/pyscript/.gitignore

@@ -0,0 +1 @@
+hass_token

lass/2configs/hass/pyscript/default.nix

@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+{
+  systemd.tmpfiles.rules = [
+    "L+ /var/lib/hass/custom_components/pyscript - - - - ${pkgs.fetchzip {
+      url = "https://github.com/custom-components/pyscript/releases/download/1.3.2/hass-custom-pyscript.zip";
+      sha256 = "0cqdjj46s5xp4mqxb0ic790jm1xp3z0zr2n9f7bsfl5zpvdshl8z";
+      stripRoot = false;
+    }}"
+  ];
+
+  services.home-assistant = {
+    package = (pkgs.home-assistant.overrideAttrs (old: {
+      doInstallCheck = false;
+    })).override {
+      extraPackages = pp: [ pp.croniter ];
+    };
+    config.pyscript = {
+      allow_all_imports = true;
+      hass_is_global = true;
+    };
+  };
+
+  networking.firewall.interfaces.retiolum.allowedTCPPortRanges = [
+    { from = 50321; to = 50341; } # for ipython interactive debugging
+  ];
+}

lass/2configs/hass/pyscript/shell.nix

@@ -0,0 +1,51 @@
+{ pkgs ? import <nixpkgs> {} }: let
+
+  hass_host = "styx.r";
+  hass_token = builtins.readFile ./hass_token;
+
+  mach-nix = import (builtins.fetchGit {
+    url = "https://github.com/DavHau/mach-nix/";
+    ref = "refs/tags/3.4.0";
+  }) {
+    pkgs = pkgs;
+  };
+  pyenv = mach-nix.mkPython {
+    requirements = ''
+      hass_pyscript_kernel
+    '';
+  };
+  jupyter = import (builtins.fetchGit {
+    url = https://github.com/tweag/jupyterWith;
+    ref = "master";
+  }) {};
+
+  pyscriptKernel = {
+    spec = pkgs.runCommand "pyscript" {} ''
+      mkdir -p $out/kernels/pyscript
+      cp ${kernel_json} $out/kernels/pyscript/kernel.json
+      cp ${pyscript_conf} $out/kernels/pyscript/pyscript.conf
+    '';
+    runtimePackages = [ pyenv ];
+  };
+
+  kernel_json = pkgs.writeText "kernel.json" (builtins.toJSON {
+    argv = [
+      "${pyenv}/bin/python3" "-m" "hass_pyscript_kernel"
+      "-f" "{connection_file}"
+    ];
+    display_name = "hass_pyscript";
+    language = "python";
+  });
+
+  pyscript_conf = pkgs.writeText "pyscript.conf" ''
+    [homeassistant]
+    hass_host = ${hass_host}
+    hass_url = http://''${hass_host}:8123
+    hass_token = ${hass_token}
+  '';
+
+  jupyterEnvironment = jupyter.jupyterlabWith {
+    kernels = [ pyscriptKernel ];
+  };
+
+in jupyterEnvironment.env

lass/2configs/network-manager.nix

@@ -11,6 +11,7 @@
       "vboxnet*"
     ];
   };
+  systemd.services.NetworkManager-wait-online.enable = false;
   users.users.mainUser = {
     extraGroups = [ "networkmanager" ];
     packages = with pkgs; [

lass/2configs/pipewire.nix

@@ -10,7 +10,7 @@
 
   environment.systemPackages = with pkgs; [
     alsaUtils
-    pulseaudioLight
+    pulseaudio
     ponymix
   ];
 
@@ -22,4 +22,15 @@
     pulse.enable = true;
     jack.enable = true;
   };
+
+  systemd.services.wireplumber = {
+    environment = {
+      HOME = "/var/lib/wireplumber";
+      DISPLAY = ":0";
+    };
+    path = [
+      pkgs.dbus
+    ];
+    serviceConfig.StateDirectory = "wireplumber";
+  };
 }

lass/2configs/print.nix

@@ -3,7 +3,7 @@
   services.printing = {
     enable = true;
     drivers = [
-      pkgs.foomatic_filters
+      pkgs.foomatic-filters
       pkgs.gutenprint
     ];
   };

lass/2configs/themes.nix

@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }: let
+
+    switch-theme = pkgs.writers.writeDashBin "switch-theme" ''
+      set -efux
+      if [ "$1" = toggle ]; then
+        if [ "$(${pkgs.coreutils}/bin/cat /var/theme/current_theme)" = dark ]; then
+          ${placeholder "out"}/bin/switch-theme light
+        else
+          ${placeholder "out"}/bin/switch-theme dark
+        fi
+      elif test -e "/etc/themes/$1"; then
+        ${pkgs.rsync}/bin/rsync --chown=lass:users -a --delete "/etc/themes/$1/" /var/theme/config/
+        echo "$1" > /var/theme/current_theme
+        ${pkgs.coreutils}/bin/chown lass:users /var/theme/current_theme
+        ${pkgs.procps}/bin/pkill -HUP xsettingsd
+      else
+        echo "theme $1 not found"
+      fi
+    '';
+
+in {
+  systemd.services.xsettingsd = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "display-manager.service" ];
+    environment.DISPLAY = ":0";
+    serviceConfig = {
+      ExecStart = "${pkgs.xsettingsd}/bin/xsettingsd -c /var/theme/config/xsettings.conf";
+      User = "lass";
+    };
+  };
+  systemd.tmpfiles.rules = [
+    "d /var/theme/ 755 lass users"
+  ];
+  environment.systemPackages = [
+    switch-theme
+  ];
+  environment.etc = {
+    "themes/light/xsettings.conf".text = ''
+      Net/ThemeName "Adwaita" 
+    '';
+    "themes/dark/xsettings.conf".text = ''
+      Net/ThemeName "Adwaita-dark" 
+    '';
+  };
+  system.activationScripts.theme.text = ''
+    if test -e /var/theme/current_theme; then
+      ${switch-theme}/bin/switch-theme "$(cat /var/theme/current_theme)" ||
+      ${switch-theme}/bin/switch-theme dark
+    else
+      ${switch-theme}/bin/switch-theme dark
+    fi
+  '';
+}

lass/2configs/xmonad.nix

@@ -5,7 +5,7 @@
     enable = true;
     extraPackages = hs: [
       hs.extra
-      hs.xmonad-stockholm
+      hs.xmonad-contrib
     ];
     config = /* haskell */ ''
 {-# LANGUAGE LambdaCase #-}
@@ -53,9 +53,6 @@ import XMonad.Util.NamedWindows (getName)
 import XMonad.Util.Run (safeSpawn)
 import XMonad.Util.Ungrab (unGrab)
 
-import XMonad.Stockholm.Shutdown (newShutdownEventHandler, shutdown)
-import XMonad.Stockholm.Pager (defaultWindowColors, pager, MatchMethod(MatchPrefix), PagerConfig(..))
-
 data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
 
 instance UrgencyHook LibNotifyUrgencyHook where
@@ -74,15 +71,8 @@ myFont :: String
 myFont = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"
 
 main :: IO ()
-main = getArgs >>= \case
-    [] -> main'
-    ["--shutdown"] -> shutdown
-    args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure
-
-main' :: IO ()
-main' = do
-    handleShutdownEvent <- newShutdownEventHandler
-    launch $ ewmh
+main = do
+    xmonad $ ewmh
         $ withUrgencyHook LibNotifyUrgencyHook
         $ def
             { terminal           = myTerm
@@ -94,7 +84,6 @@ main' = do
                           (\path -> forkFile path [] Nothing)
             , normalBorderColor  = "#1c1c1c"
             , focusedBorderColor = "#ff0000"
-            , handleEventHook    = handleShutdownEvent
             , workspaces         = [ "dashboard", "sys", "wp" ]
             } `additionalKeysP` myKeyMap
 
@@ -104,6 +93,8 @@ myLayoutHook = defLayout
 
 floatHooks = composeAll
    [ className =? "Pinentry" --> doCenterFloat
+   , className =? "Pager" --> doCenterFloat
+   , title =? "pager" --> doCenterFloat
    , title =? "fzfmenu" --> doCenterFloat
    , title =? "glxgears" --> doCenterFloat
    , resource =? "Dialog" --> doFloat
@@ -123,9 +114,9 @@ myKeyMap =
 
     , ("M4-S-q", restart "xmonad" True)
 
-    , ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")
-    , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
-    , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%")
+    , ("<XF86AudioMute>", spawn "${pkgs.pulseaudio.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")
+    , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudio.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
+    , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudio.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%")
     , ("<XF86MonBrightnessDown>", spawn "${pkgs.acpilight}/bin/xbacklight -time 0 -dec 1")
     , ("<XF86MonBrightnessUp>",   spawn "${pkgs.acpilight}/bin/xbacklight -time 0 -inc 1")
     , ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill")
@@ -148,8 +139,9 @@ myKeyMap =
     , ("M4-f", floatNext True)
     , ("M4-b", spawn "/run/current-system/sw/bin/klem")
 
-    , ("M4-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.greedyView) )
-    , ("M4-S-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
+    , ("M4-v", spawn "${pkgs.pager}/bin/pager view")
+    -- , ("M4-S-v", spawn "${pkgs.pager}/bin/pager shift")
+    , ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift))
     , ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
 
     , ("M4-m", withFocused minimizeWindow)
@@ -166,7 +158,7 @@ myKeyMap =
 
     , ("M4-<F4>", spawn "${pkgs.nm-dmenu}/bin/nm-dmenu")
     , ("M4-<Insert>", spawn "${pkgs.writeDash "paste" ''
-      ${pkgs.coreutils}/bin/sleep 0.1
+      ${pkgs.coreutils}/bin/sleep 0.4
       ${pkgs.xclip}/bin/xclip -o | ${pkgs.xdotool}/bin/xdotool type -f -
     ''}")
 
@@ -182,6 +174,7 @@ myKeyMap =
     , ("M4-<F12>", spawn "${pkgs.systemd}/bin/systemctl suspend -i")
 
     , ("M4-u", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
+    , ("M4-y", spawn "/run/current-system/sw/bin/switch-theme toggle")
 
     , ("M4-s", spawn "${pkgs.knav}/bin/knav")
     , ("M4-i", spawn "/run/current-system/sw/bin/screenshot")
@@ -210,21 +203,6 @@ infixAutoXPConfig = autoXPConfig
     { searchPredicate = isInfixOf
     }
 
-pagerConfig :: PagerConfig
-pagerConfig = def
-    { pc_font           = myFont
-    , pc_cellwidth      = 64
-    , pc_matchmethod    = MatchPrefix
-    , pc_windowColors   = windowColors
-    }
-    where
-    windowColors _ _ _ True _ = ("#ef4242","#ff2323")
-    windowColors wsf m c u wf = do
-        let y = defaultWindowColors wsf m c u wf
-        if m == False && wf == True
-            then ("#402020", snd y)
-            else y
-
 gridConfig :: GSConfig WorkspaceId
 gridConfig = def
     { gs_cellwidth = 100
@@ -234,9 +212,6 @@ gridConfig = def
     , gs_font = myFont
     }
 
-allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
-allWorkspaceNames ws =
-    return $ map W.tag (W.hidden ws ++ (map W.workspace $ W.visible ws)) ++ [W.tag $ W.workspace $ W.current ws]
     '';
   };
 }

lass/3modules/nichtparasoup.nix

@@ -24,7 +24,120 @@ with import <stockholm/lib>;
         [Sites]
         SoupIO: everyone
         Pr0gramm: new,top
-        Reddit: gifs,reactiongifs,ANormalDayInRussia,perfectloops,reallifedoodles,bizarrebuildings,cablefail,cableporn,educationalgifs,EngineeringPorn,holdmybeer,itsaunixsystem,loadingicon,michaelbaygifs,nononoyesno,oddlysatisfying,ofcoursethatsathing,OSHA,PeopleFuckingDying,PerfectTiming,PixelArt,RetroFuturism,robotsbeingjerks,scriptedasiangifs,shittyrobots,startrekstabilized,ThingsCutInHalfPorn,totallynotrobots,Unexpected
+        Reddit: ${lib.concatStringsSep "," [
+          "2healthbars"
+          "abandonedporn"
+          "animalsbeingderps"
+          "ANormalDayInRussia"
+          "assholedesign"
+          "AwesomeOffBrands"
+          "bizarrebuildings"
+          "bonehurtingjuice"
+          "boottoobig"
+          "bossfight"
+          "bravofotogeschichten"
+          "breathinginformation"
+          "buddhistmemes"
+          "cablefail"
+          "cableporn"
+          "catastrophicfailure"
+          "chairsunderwater"
+          "clevercomebacks"
+          "confusingperspective"
+          "conni"
+          "crappydesign"
+          "cursedcomments"
+          "desirepath"
+          "doenerverbrechen"
+          "dontdeadopeninside"
+          "educationalgifs"
+          "EngineeringPorn"
+          "eyebleach"
+          "forbiddensnacks"
+          "funnyanimals"
+          "gifs"
+          "Gittertiere"
+          "goodboomerhumor"
+          "grssk"
+          "halthoch"
+          "hmm"
+          "hmmm"
+          "holdmybeer"
+          "holup"
+          "iamatotalpieceofshit"
+          "ichbin40undlustig"
+          "idiotsincars"
+          "illegallysmolcats"
+          "infokriegerkutschen"
+          "instagramreality"
+          "instant_regret"
+          "itrunsdoom"
+          "itsaunixsystem"
+          "kamikazebywords"
+          "keming"
+          "kidsarefuckingstupid"
+          "kitchenconfidential"
+          "laughingbuddha"
+          "LiminalSpace"
+          "loadingicon"
+          "MachinePorn"
+          "mallninjashit"
+          "michaelbaygifs"
+          "mildlyinfuriating"
+          "miscatculations"
+          "natureisfuckinglit"
+          "nononoyesno"
+          "notinteresting"
+          "notliketheothergirls"
+          "oddlysatisfying"
+          "ofcoursethatsathing"
+          "okbuddylinux"
+          "OSHA"
+          "PeopleFuckingDying"
+          "Perfectfit"
+          "perfectloops"
+          "PerfectTiming"
+          "picsofunusualbirds"
+          "PixelArt"
+          "pizzacrimes"
+          "prequelmemes"
+          "Prisonwallet"
+          "reactiongifs"
+          "RealFakeDoors"
+          "reallifedoodles"
+          "RetroFuturism"
+          "robotsbeingjerks"
+          "SchizophreniaRides"
+          "scriptedasiangifs"
+          "shitposting"
+          "shittyfoodporn"
+          "shittyrobots"
+          "softwaregore"
+          "specializedtools"
+          "spicypillows"
+          "StallmanWasRight"
+          "startledcats"
+          "startrekstabilized"
+          "stupidfood"
+          "techsupportgore"
+          "thathappened"
+          "ThingsCutInHalfPorn"
+          "totallynotrobots"
+          "trippinthroughtime"
+          "Unexpected"
+          "urbanexploration"
+          "wasletztepreis"
+          "wellthatsucks"
+          "wertekinder"
+          "wewantplates"
+          "whatcouldgowrong"
+          "whatsthisbug"
+          "whatsthisplant"
+          "whatswrongwithyourdog"
+          "whenthe"
+          "yesyesyesyesno"
+          "youseeingthisshit"
+        ]}
         NineGag: geeky,wtf,hot,trending
         Instagram: nature,wtf
         Fourchan: sci

lass/5pkgs/l-gen-secrets/default.nix

@@ -8,8 +8,8 @@ pkgs.writeDashBin "l-gen-secrets" ''
   ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
   ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
   ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
-  ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wiregrill.key
-  ${pkgs.coreutils}/bin/cat $TMPDIR/wiregrill.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wiregrill.pub
+  ${pkgs.wireguard-tools}/bin/wg genkey > $TMPDIR/wiregrill.key
+  ${pkgs.coreutils}/bin/cat $TMPDIR/wiregrill.key | ${pkgs.wireguard-tools}/bin/wg pubkey > $TMPDIR/wiregrill.pub
   cat <<EOF > $TMPDIR/hashedPasswords.nix
   {
     root = "$HASHED_PASSWORD";

lib/default.nix

@@ -2,8 +2,23 @@ let
   nixpkgs-lib = import <nixpkgs/lib>;
   lib = with lib; nixpkgs-lib // builtins // {
 
+    evalModulesConfig = modules: let
+      eval = evalModules {
+        inherit modules;
+      };
+    in filterAttrsRecursive (name: _: !hasPrefix "_" name) eval.config;
+
     evalSource = import ./eval-source.nix;
 
+    evalSubmodule = submodule: modules: let
+      prefix = ["evalSubmodule"];
+    in evalModulesConfig [
+      {
+        options = removeAttrs (submodule.getSubOptions prefix) ["_module"];
+        imports = modules;
+      }
+    ];
+
     git = import ./git.nix { inherit lib; };
     haskell = import ./haskell.nix { inherit lib; };
     krebs = import ./krebs lib;

lib/haskell.nix

@@ -9,19 +9,14 @@ rec {
   # "${pkgs.bar}/bin/foo" for each {-pkg:bar-}"foo".
   # If a package doesn't exist, a warning gets printed.
   substitutePkgs = name: { callsite ? null, pkgs, path }:
-    pkgs.writeText name (substitutePkgs' {
-      inherit pkgs;
+    let
       sourceDescription =
         if callsite != null then
           "${name} in ${toString callsite}"
         else
           "${name} from ${toString path}";
-      text = readFile path;
-    });
 
-  substitutePkgs' = { pkgs, sourceDescription, text }:
-    let
-      f = s:
+      f = dependencies: s:
         let
           parse = match "(.*)([{]-pkg(:([^}]+))?-[}]\"([^\"]+)\")(.*)" s;
           prefix = elemAt parse 0;
@@ -35,7 +30,7 @@ rec {
               "${pkg}/bin/${exename}"
             else
               trace (toString [
-                "lib.haskell.replacePkg:"
+                "lib.haskell.substitutePkgs:"
                 "warning:"
                 "while deriving ${sourceDescription}:"
                 "no substitute found for ${elemAt parse 1}"
@@ -43,9 +38,12 @@ rec {
               exename;
         in
         if parse == null then
-          s
+          (pkgs.writeText name s).overrideAttrs (old: {
+            dependencies = old.dependencies or [] ++ dependencies;
+          })
+
         else
-          f (prefix + toJSON substitute + suffix);
+          f (dependencies ++ [pkg]) (prefix + toJSON substitute + suffix);
     in
-    f text;
+    f [] (readFile path);
 }

tv/2configs/gitrepos.nix

@@ -188,7 +188,11 @@ let {
     # TODO make nick = config.krebs.build.host.name the default
     nick = config.krebs.build.host.name;
     server = "irc.r";
-    verbose = true;
+    verbose = {
+      exclude = [
+        "refs/heads/head"
+      ];
+    };
   } args);
 
   make-public-repo = name: { cgit ? {}, ... }: {

tv/5pkgs/vim/file-line.nix

@@ -3,7 +3,7 @@
 pkgs.vimUtils.buildVimPlugin {
   name = "file-line-1.0";
   src = pkgs.fetchgit {
-    url = git://github.com/bogado/file-line;
+    url = https://github.com/bogado/file-line;
     rev = "refs/tags/1.0";
     sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
   };