Merge branch 'tv' into newmaster

Makefile

@@ -25,7 +25,7 @@ deploy:;@
 eval:
 	@
 ifeq ($(filter),json)
-	extraArgs=--json
+	extraArgs='--json --strict'
 	filter() { jq -r .; }
 else
 	filter() { cat; }
@@ -33,8 +33,6 @@ endif
 	NIX_PATH=stockholm=$$PWD:$$NIX_PATH \
 	nix-instantiate \
 		$${extraArgs-} \
-		$${json+--json} \
-		$${json+--strict} \
 		--eval \
 		-A "$$get" \
 		'<stockholm>' \

Zpubkeys/makefu_tsp.ssh.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp

krebs/3modules/default.nix

@@ -6,6 +6,7 @@ let
 
   out = {
     imports = [
+      ./exim-retiolum.nix
       ./github-hosts-sync.nix
       ./git.nix
       ./nginx.nix
@@ -55,7 +56,7 @@ let
                   --exclude .git \
                   --exclude .graveyard \
                   --exclude old \
-                  --rsync-path="mkdir -p \"$dst\" && rsync" \
+                  --rsync-path="mkdir -p \"$2\" && rsync" \
                   --usermap=\*:0 \
                   --groupmap=\*:0 \
                   --delete-excluded \
@@ -164,7 +165,7 @@ let
     { krebs = tv-imp; }
     {
       krebs.dns.providers = {
-        de.krebsco = "ovh";
+        de.krebsco = "zones";
         internet = "hosts";
         retiolum = "hosts";
       };
@@ -183,7 +184,42 @@ let
           ) host.nets
         ) cfg.hosts
       ));
-    }
+
+      # krebs.hosts.bob = rec {
+      #   addrs4 = "10.0.0.1";
+      #   extraZones = {
+      #     # extraZones
+      #     "krebsco.de" = ''
+      #     krebsco.de.       IN MX 10 mx1
+      #     mx1               IN A     ${addrs4}
+      #     '';
+      #     "dickbutt.de" = ''
+      #     dickbutt.de.       IN NS    ns
+      #     ns                IN A     ${addrs4}
+      #     ''
+      #   }
+      # }
+      # krebs.hosts.khan = rec {
+      #   addrs4 = "10.0.0.2";
+      #   extraZones = {
+      #      "krebsco.de" = ''
+      #      khan.krebsco.de     IN A   ${addrs4}
+      #   };
+      # }
+      #
+      #  =>
+      #  "zone/krebsco.de".text = ''
+      #    krebsco.de.         IN MX 10 mx1
+      #    mx1                 IN A     10.0.0.1
+      #    khan.krebsco.de     IN A     10.0.0.2
+      #  '';
+
+
+      environment.etc = mapAttrs'
+                        (name: value:
+                          nameValuePair (("zones/" + name)) ({ text=value;}))
+                        cfg.hosts.pigstarter.extraZones;
+      }
   ];
 
   lass-imp = {
@@ -306,10 +342,106 @@ let
           };
         };
       };
+      tsp = {
+        cores = 2;
+        dc = "makefu"; #x200
+        nets = {
+          retiolum = {
+            addrs4 = ["10.243.0.212"];
+            addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0002"];
+            aliases = [
+              "tsp.retiolum"
+            ];
+            tinc.pubkey = ''
+              -----BEGIN RSA PUBLIC KEY-----
+              MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
+              HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
+              mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
+              n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
+              R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
+              Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
+              aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
+              ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
+              KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
+              XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
+              teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
+              -----END RSA PUBLIC KEY-----
+              '';
+          };
+        };
+      };
+      pornocauster = {
+        cores = 2;
+        dc = "makefu"; #x220
+        nets = {
+          retiolum = {
+            addrs4 = ["10.243.0.91"];
+            addrs6 = ["42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"];
+            aliases = [
+              "pornocauster.retiolum"
+            ];
+            tinc.pubkey = ''
+              -----BEGIN RSA PUBLIC KEY-----
+              MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
+              HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
+              mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
+              n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
+              R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
+              Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
+              aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
+              ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
+              KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
+              XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
+              teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
+              -----END RSA PUBLIC KEY-----
+              '';
+          };
+        };
+      };
+      pigstarter = rec {
+        cores = 1;
+        dc = "frontrange"; #vps
+
+        extraZones = {
+          "de.krebsco" = ''
+            pigstarter.krebsco.de       IN A ${elemAt nets.internet.addrs4 0}
+            krebsco.de.                 IN NS io
+            io                          IN A ${elemAt nets.internet.addrs4 0}
+            krebsco.de.                 IN MX 10 mx42
+            mx42                        IN A ${elemAt nets.internet.addrs4 0}
+            '';
+        };
+        nets = {
+          internet = {
+            addrs4 = ["192.40.56.122"];
+            addrs6 = ["2604:2880::841f:72c"];
+            aliases = [
+              "pigstarter.internet"
+            ];
+          };
+          retiolum = {
+            addrs4 = ["10.243.0.153"];
+            addrs6 = ["42:9143:b4c0:f981:6030:7aa2:8bc5:4110"];
+            aliases = [
+              "pigstarter.retiolum"
+            ];
+            tinc.pubkey = ''
+              -----BEGIN RSA PUBLIC KEY-----
+              MIIBCgKCAQEA/efJuJRLUIZROe3QE8WYTD/zyNGRh9I2/yw+5It9HSNVDMIOV1FZ
+              9PaspsC+YQSBUQRN8SJ95G4RM6TIn/+ei7LiUYsf1Ik+uEOpP5EPthXqvdJEeswv
+              3QFwbpBeOMNdvmGvQLeR1uJKVyf39iep1wWGOSO1sLtUA+skUuN38QKc1BPASzFG
+              4ATM6rd2Tkt8+9hCeoePJdLr3pXat9BBuQIxImgx7m5EP02SH1ndb2wttQeAi9cE
+              DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv
+              sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB
+              -----END RSA PUBLIC KEY-----
+              '';
+          };
+        };
+      };
     };
     users = addNames {
       makefu = {
-        mail = "root@euer.krebsco.de";
+        mail = "root@tsp.retiolum";
         pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub;
       };
     };
@@ -323,6 +455,13 @@ let
       cd = {
         cores = 2;
         dc = "tv"; #dc = "cac";
+        extraZones = {
+          "de.krebsco" = ''
+            mx23          IN A ${elemAt nets.internet.addrs4 0}
+            cd            IN A ${elemAt nets.internet.addrs4 0}
+            krebsco.de.   IN MX 5 mx23
+          '';
+        };
         nets = rec {
           internet = {
             addrs4 = ["162.219.7.216"];

krebs/3modules/exim-retiolum.nix

@@ -1,15 +1,27 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
-{
-  services.exim =
-    # This configuration makes only sense for retiolum-enabled hosts.
-    # TODO modular configuration
-    assert config.krebs.retiolum.enable;
-    let
-      # TODO get the hostname from config.krebs.retiolum.
-      retiolumHostname = "${config.networking.hostName}.retiolum";
-    in
-      { enable = true;
+with builtins;
+with lib;
+let
+  cfg = config.krebs.exim-retiolum;
+
+  out = {
+    options.krebs.exim-retiolum = api;
+    config =
+      mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "krebs.exim-retiolum";
+  };
+
+  imp = {
+    services.exim =
+      # This configuration makes only sense for retiolum-enabled hosts.
+      # TODO modular configuration
+      assert config.krebs.retiolum.enable;
+      {
+        enable = true;
         config = ''
           primary_hostname = ${retiolumHostname}
           domainlist local_domains    = @ : localhost
@@ -123,4 +135,9 @@
           begin authenticators
         '';
       };
-}
+  };
+
+  # TODO get the hostname from somewhere else.
+  retiolumHostname = "${config.networking.hostName}.retiolum";
+in
+out

krebs/4lib/types.nix

@@ -20,6 +20,13 @@ types // rec {
         type = attrsOf net;
         apply = x: assert hasAttr "retiolum" x; x;
       };
+
+      extraZones = mkOption {
+        default = {};
+        # TODO: string is either MX, NS, A or AAAA
+        type = with types; attrsOf string;
+      };
+
       secure = mkOption {
         type = bool;
         default = false;

krebs/5pkgs/cac.nix

@@ -0,0 +1,38 @@
+{ stdenv, fetchgit, coreutils, curl, gnused, jq, ncurses, sshpass, ... }:
+
+stdenv.mkDerivation {
+  name = "cac";
+
+  src = fetchgit {
+    url = http://cgit.cd.retiolum/cac;
+    rev = "f4589158572ab35969b9bccf801ea07e115705e1";
+    sha256 = "9d761cd1d7ff68507392cbfd6c3f6000ddff9cc540293da2b3c4ee902321fb27";
+  };
+
+  phases = [
+    "unpackPhase"
+    "installPhase"
+  ];
+
+  installPhase =
+    let
+      path = stdenv.lib.makeSearchPath "bin" [
+        coreutils
+        curl
+        gnused
+        jq
+        ncurses
+        sshpass
+      ];
+    in
+    ''
+      mkdir -p $out/bin
+
+      sed \
+        's,^\(  true) \)\(cac "$@";;\)$,\1 PATH=${path}${PATH+:$PATH} \2,' \
+        < ./cac \
+        > $out/bin/cac
+
+      chmod +x $out/bin/cac
+    '';
+}

krebs/5pkgs/default.nix

@@ -6,6 +6,7 @@ in
 
 pkgs //
 {
+  cac = callPackage ./cac.nix {};
   dic = callPackage ./dic.nix {};
   genid = callPackage ./genid.nix {};
   github-hosts-sync = callPackage ./github-hosts-sync.nix {};

makefu/1systems/pnp.nix

@@ -10,6 +10,9 @@
       <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
       ../2configs/base.nix
       ../2configs/cgit-retiolum.nix
+      ../2configs/graphite-standalone.nix
+      ../2configs/vm-single-partition.nix
+      ../2configs/tinc-basic-retiolum.nix
     ];
   krebs.build.host = config.krebs.hosts.pnp;
   krebs.build.user = config.krebs.users.makefu;
@@ -20,45 +23,14 @@
       url = https://github.com/NixOS/nixpkgs;
       rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
     };
-    secrets = {
-      url = "/home/makefu/secrets/${config.krebs.build.host.name}";
-    };
-    stockholm = {
-      url = toString ../..;
-    };
   };
 
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  boot.loader.grub.device = "/dev/vda";
+  networking.firewall.allowedTCPPorts = [
+  # nginx runs on 80
+  # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp
+    80
+    8080 2003
+  ];
+  networking.firewall.allowedUDPPorts = [ 2003 ];
 
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-  hardware.enableAllFirmware = true;
-  hardware.cpu.amd.updateMicrocode = true;
-
-# networking.firewall is enabled by default
-  networking.firewall.allowedTCPPorts = [ 80 ];
-  networking.firewall.rejectPackets = true;
-  networking.firewall.allowPing = true;
-
-  fileSystems."/" =
-  { device = "/dev/disk/by-label/nixos";
-    fsType = "ext4";
-  };
-  krebs.retiolum = {
-    enable = true;
-    hosts = ../../Zhosts;
-    connectTo = [
-      "gum"
-      "pigstarter"
-      "fastpoke"
-    ];
-  };
-
-# $ nix-env -qaP | grep wget
-    environment.systemPackages = with pkgs; [
-      jq
-    ];
 }

makefu/1systems/tsp.nix

@@ -0,0 +1,37 @@
+#
+#
+#
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ../2configs/base.nix
+      ../2configs/base-gui.nix
+      ../2configs/tinc-basic-retiolum.nix
+      ../2configs/sda-crypto-root.nix
+      # hardware specifics are in here
+      ../2configs/tp-x200.nix
+    ];
+  # not working in vm
+  krebs.build.host = config.krebs.hosts.tsp;
+  krebs.build.user = config.krebs.users.makefu;
+  krebs.build.target = "root@tsp";
+
+  krebs.exim-retiolum.enable = true;
+  networking.firewall.allowedTCPPorts = [
+  # nginx runs on 80
+  # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp
+    25
+  ];
+
+  krebs.build.deps = {
+    nixpkgs = {
+      #url = https://github.com/NixOS/nixpkgs;
+      # rev=$(curl https://nixos.org/channels/nixos-unstable/git-revision -L)
+      url = https://github.com/makefu/nixpkgs;
+      rev = "8b8b65da24f13f9317504e8bcba476f9161613fe";
+    };
+  };
+
+}

makefu/2configs/base-gui.nix

@@ -0,0 +1,57 @@
+{ config, lib, pkgs, ... }:
+##
+# of course this name is a lie - it prepares a GUI environment close to my
+# current configuration.
+#
+# autologin with mainUser into awesome
+##
+#
+with lib;
+let
+  mainUser = config.krebs.build.user.name;
+in
+{
+  imports = [ ];
+  services.xserver = {
+    enable = true;
+    layout = "us";
+    xkbVariant = "altgr-intl";
+    xkbOptions = "ctrl:nocaps";
+
+    windowManager = {
+      awesome.enable = true;
+      awesome.luaModules = [ pkgs.luaPackages.vicious ];
+      default = "awesome";
+    };
+
+    displayManager.auto.enable = true;
+    displayManager.auto.user = mainUser;
+    desktopManager.xterm.enable = false;
+  };
+
+## FONTS
+# TODO: somewhere else?
+
+  i18n.consoleFont = "Lat2-Terminus16";
+
+  fonts = {
+    enableCoreFonts = true;
+    enableFontDir = true;
+    enableGhostscriptFonts = false;
+    fonts = [ pkgs.terminus_font ];
+  };
+
+  environment.systemPackages = with pkgs;[
+    xlockmore
+    rxvt_unicode-with-plugins
+    vlc
+    firefox
+    chromium
+  ];
+  # TODO: use mainUser
+  users.extraUsers.makefu.extraGroups = [ "audio" ];
+  hardware.pulseaudio = {
+    enable = true;
+  #  systemWide = true;
+  };
+}

makefu/2configs/base.nix

@@ -2,11 +2,18 @@
 
 with lib;
 {
-  imports = [ ];
+  imports = [
+    {
+      users.extraUsers =
+        mapAttrs (_: h: { hashedPassword = h; })
+                 (import /root/src/secrets/hashedPasswords.nix);
+    }
+    ./vim.nix
+  ];
   krebs.enable = true;
   krebs.search-domain = "retiolum";
 
-  networking.hostName = config.krebs.build.host.name;
+
   users.extraUsers = {
     root = {
         openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
@@ -24,12 +31,29 @@ with lib;
     };
   };
 
+  networking.hostName = config.krebs.build.host.name;
+  nix.maxJobs = config.krebs.build.host.cores + 1;
+  #nix.maxJobs = 1;
+
+  krebs.build.deps = {
+    secrets = {
+      url = "/home/makefu/secrets/${config.krebs.build.host.name}";
+    };
+    stockholm = {
+      url = toString ../..;
+    };
+  };
+
   services.openssh.enable = true;
   nix.useChroot = true;
 
-  users.mutableUsers = true;
+  users.mutableUsers = false;
 
   boot.tmpOnTmpfs = true;
+
+  networking.firewall.rejectPackets = true;
+  networking.firewall.allowPing = true;
+
   systemd.tmpfiles.rules = [
     "d /tmp 1777 root root - -"
   ];

makefu/2configs/cgit-retiolum.nix

@@ -52,11 +52,7 @@ let
 
   # TODO: get the list of all krebsministers
   krebsminister = with config.krebs.users; [ lass tv uriel ];
-
-  #all-makefu =  with config.krebs.users; [ makefu ];
-
-
-  all-makefu = with config.krebs.users; [ makefu makefu-omo ];
+  all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
 
   priv-rules = repo: set-owners repo all-makefu;
 
@@ -69,6 +65,10 @@ in {
         name = "makefu-omo" ;
         pubkey= with builtins; readFile ../../Zpubkeys/makefu_omo.ssh.pub;
     };
+    krebs.users.makefu-tsp = {
+        name = "makefu-tsp" ;
+        pubkey= with builtins; readFile ../../Zpubkeys/makefu_tsp.ssh.pub;
+    };
   }];
   krebs.git = {
     enable = true;

makefu/2configs/graphite-standalone.nix

@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+# graphite-web on port 8080
+# carbon cache on port 2003 (tcp/udp)
+with lib;
+{
+  imports = [ ];
+
+  services.graphite = {
+    web = {
+      enable = true;
+      host = "0.0.0.0";
+    };
+    carbon = {
+      enableCache = true;
+      # save disk usage by restricting to 1 bulk update per second
+      config = ''
+        [cache]
+        MAX_CACHE_SIZE = inf
+        MAX_UPDATES_PER_SECOND = 1
+        MAX_CREATES_PER_MINUTE = 50
+        '';
+      storageSchemas = ''
+        [carbon]
+        pattern = ^carbon\.
+        retentions = 60:90d
+
+        [default]
+        pattern = .*
+        retentions = 60s:30d,300s:1y
+        '';
+    };
+  };
+}

makefu/2configs/sda-crypto-root.nix

@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+# sda:  bootloader grub2
+# sda1: boot ext4 (label nixboot)
+# sda2: cryptoluks -> ext4
+with lib;
+{
+  boot = {
+    loader.grub.enable =true;
+    loader.grub.version =2;
+    loader.grub.device = "/dev/sda";
+
+    initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}];
+    initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
+    initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+  };
+  fileSystems = {
+    "/" = {
+      device = "/dev/mapper/luksroot";
+      fsType = "ext4";
+    };
+    "/boot" = {
+      device = "/dev/disk/by-label/nixboot";
+      fsType = "ext4";
+    };
+  };
+}

makefu/2configs/tinc-basic-retiolum.nix

@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+  krebs.retiolum = {
+    enable = true;
+    hosts = ../../Zhosts;
+    connectTo = [
+      "gum"
+      "pigstarter"
+      "fastpoke"
+    ];
+  };
+}

makefu/2configs/tp-x200.nix

@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+  #services.xserver = {
+  #  videoDriver = "intel";
+  #};
+
+  boot = {
+    kernelModules = [ "tp_smapi" "msr" ];
+    extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
+
+  };
+
+  networking.wireless.enable = true;
+
+  hardware.enableAllFirmware = true;
+  nixpkgs.config.allowUnfree = true;
+
+  hardware.trackpoint.enable = true;
+  hardware.trackpoint.sensitivity = 255;
+  hardware.trackpoint.speed = 255;
+  services.xserver.displayManager.sessionCommands = ''
+    xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 1
+    xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 2
+    xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 200
+  '';
+}

makefu/2configs/vim.nix

@@ -0,0 +1,119 @@
+{ config, pkgs, ... }:
+
+let
+  customPlugins.vim-better-whitespace = pkgs.vimUtils.buildVimPlugin {
+    name = "vim-better-whitespace";
+    src = pkgs.fetchFromGitHub {
+      owner = "ntpeters";
+      repo = "vim-better-whitespace";
+      rev = "984c8da518799a6bfb8214e1acdcfd10f5f1eed7";
+      sha256 = "10l01a8xaivz6n01x6hzfx7gd0igd0wcf9ril0sllqzbq7yx2bbk";
+    };
+  };
+
+in {
+
+  environment.systemPackages = [
+    pkgs.python27Full # required for youcompleteme
+    (pkgs.vim_configurable.customize {
+      name = "vim";
+
+    vimrcConfig.customRC = ''
+      set nocompatible
+      syntax on
+
+      filetype off
+      filetype plugin indent on
+
+      colorscheme darkblue
+      set background=dark
+
+      set number
+      set relativenumber
+      set mouse=a
+      set ignorecase
+      set incsearch
+      set wildignore=*.o,*.obj,*.bak,*.exe,*.os
+      set textwidth=79
+      set shiftwidth=2
+      set expandtab
+      set softtabstop=2
+      set shiftround
+      set smarttab
+      set tabstop=2
+      set et
+      set autoindent
+      set backspace=indent,eol,start
+
+
+      inoremap <F1> <ESC>
+      nnoremap <F1> <ESC>
+      vnoremap <F1> <ESC>
+
+      nnoremap <F5> :UndotreeToggle<CR>
+      set undodir  =~/.vim/undo
+      set undofile
+      "maximum number of changes that can be undone
+      set undolevels=1000000
+      "maximum number lines to save for undo on a buffer reload
+      set undoreload=10000000
+
+      nnoremap <F2> :set invpaste paste?<CR>
+      set pastetoggle=<F2>
+      set showmode
+
+      set showmatch
+      set matchtime=3
+      set hlsearch
+
+      autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red
+
+
+      " save on focus lost
+      au FocusLost * :wa
+
+      autocmd BufRead *.json set filetype=json
+      au  BufNewFile,BufRead *.mustache set syntax=mustache
+
+      cnoremap SudoWrite w !sudo tee > /dev/null %
+
+      " create Backup/tmp/undo dirs
+      set backupdir=~/.vim/backup
+      set directory=~/.vim/tmp
+
+      function! InitBackupDir()
+        let l:parent = $HOME    . '/.vim/'
+        let l:backup = l:parent . 'backup/'
+        let l:tmpdir = l:parent . 'tmp/'
+        let l:undodir= l:parent . 'undo/'
+
+
+        if !isdirectory(l:parent)
+          call mkdir(l:parent)
+        endif
+        if !isdirectory(l:backup)
+          call mkdir(l:backup)
+        endif
+        if !isdirectory(l:tmpdir)
+          call mkdir(l:tmpdir)
+        endif
+        if !isdirectory(l:undodir)
+          call mkdir(l:undodir)
+        endif
+      endfunction
+      call InitBackupDir()
+
+
+    '';
+
+      vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
+      vimrcConfig.vam.pluginDictionaries = [
+        { names = [ "undotree"
+          "YouCompleteMe"
+          "vim-better-whitespace" ]; }
+        { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
+      ];
+
+    })
+  ];
+}

makefu/2configs/vm-single-partition.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+# vda1 ext4 (label nixos) -> only root partition
+with lib;
+{
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/vda";
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+
+  hardware.enableAllFirmware = true;
+  nixpkgs.config.allowUnfree = true;
+  hardware.cpu.amd.updateMicrocode = true;
+
+
+}

tv/1systems/nomic.nix

@@ -25,7 +25,6 @@ with lib;
     ../2configs/AO753.nix
     ../2configs/base.nix
     ../2configs/consul-server.nix
-    ../2configs/exim-retiolum.nix
     ../2configs/git.nix
     {
       tv.iptables = {
@@ -38,6 +37,9 @@ with lib;
         ];
       };
     }
+    {
+      krebs.exim-retiolum = true;
+    }
     {
       krebs.nginx = {
         enable = true;

tv/1systems/wu.nix

@@ -29,7 +29,6 @@ in
     ../2configs/w110er.nix
     ../2configs/base.nix
     ../2configs/consul-client.nix
-    ../2configs/exim-retiolum.nix
     ../2configs/git.nix
     ../2configs/mail-client.nix
     ../2configs/xserver.nix
@@ -91,6 +90,7 @@ in
         sxiv
         texLive
         tmux
+        tvpkgs.cac
         tvpkgs.dic
         zathura
 
@@ -164,6 +164,9 @@ in
         ];
       };
     }
+    {
+      krebs.exim-retiolum = true;
+    }
     {
       krebs.nginx = {
         enable = true;

tv/2configs/git.nix

@@ -20,6 +20,9 @@ let
   rules = concatMap make-rules (attrValues repos);
 
   public-repos = mapAttrs make-public-repo {
+    cac = {
+      desc = "CloudAtCost command line interface";
+    };
     cgserver = {};
     crude-mail-setup = {};
     dot-xmonad = {};