Merge remote-tracking branch 'uriel/master'

Zhosts/flap

@@ -1,4 +1,5 @@
 Subnet = 10.243.211.172
+Subnet = 10.243.211.172 53
 Subnet = 42:472a:3d01:bbe4:4425:567e:592b:065d
 
 -----BEGIN RSA PUBLIC KEY-----

Zhosts/gum

@@ -1,4 +1,5 @@
 Address= 195.154.108.70
+Address= 195.154.108.70 53
 Subnet = 10.243.0.211
 Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
 Aliases = paste

krebs/3modules/default.nix

@@ -272,6 +272,7 @@ let
             '';
           };
         };
+        secure = true;
       };
       mors = {
         cores = 2;
@@ -307,7 +308,7 @@ let
       };
       uriel = {
         pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
-        mail = "uriel@mors.retiolum";
+        mail = "lass@uriel.retiolum";
       };
     };
   };

krebs/3modules/urlwatch.nix

@@ -78,7 +78,7 @@ let
         HOME = cfg.dataDir;
         LC_ALL = "en_US.UTF-8";
         LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
-        SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+        SSL_CERT_FILE = "${pkgs.cacert}/etc/ca-bundle.crt";
       };
       serviceConfig = {
         User = user.name;
@@ -100,7 +100,6 @@ let
         ExecStart = pkgs.writeScript "urlwatch" ''
           #! /bin/sh
           set -euf
-
           from=${escapeShellArg cfg.from}
           mailto=${escapeShellArg cfg.mailto}
           urlsFile=${escapeShellArg urlsFile}

krebs/5pkgs/default.nix

@@ -16,6 +16,7 @@ rec {
   hashPassword = callPackage ./hashPassword.nix {};
   nq = callPackage ./nq.nix {};
   posix-array = callPackage ./posix-array.nix {};
+  youtube-tools = callPackage ./youtube-tools.nix {};
 
   execve = name: { filename, argv, envp }:
     writeC name {} ''

krebs/5pkgs/youtube-tools.nix

@@ -0,0 +1,21 @@
+{ stdenv, fetchgit, ... }:
+
+stdenv.mkDerivation {
+  name = "youtube-tools";
+
+  src = fetchgit {
+    url = https://github.com/Lassulus/the_playlist;
+    rev = "9218b163f2d8bc965b853ed9fc9e13d15a703456";
+    sha256 = "ae5db4be652d015a518e57e4ed2de34b9127e77d9272af3049832bb134e96e4d";
+  };
+
+  phases = [
+    "unpackPhase"
+    "installPhase"
+  ];
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp bin/* $out/bin/
+  '';
+}

lass/1systems/cloudkrebs.nix

@@ -28,10 +28,6 @@
     target = "root@cloudkrebs";
     host = config.krebs.hosts.cloudkrebs;
     deps = {
-      nixpkgs = {
-        url = https://github.com/Lassulus/nixpkgs;
-        rev = "1879a011925c561f0a7fd4043da0768bbff41d0b";
-      };
       secrets = {
         url = "/home/lass/secrets/${config.krebs.build.host.name}";
       };

lass/1systems/mors.nix

@@ -15,12 +15,13 @@
     ../2configs/wine.nix
     ../2configs/texlive.nix
     ../2configs/binary-caches.nix
-    ../2configs/ircd.nix
+    #../2configs/ircd.nix
     ../2configs/chromium-patched.nix
     ../2configs/new-repos.nix
     #../../2configs/tv/synaptics.nix
     ../2configs/retiolum.nix
     ../2configs/wordpress.nix
+    ../2configs/bitlbee.nix
   ];
 
   krebs.build = {
@@ -28,10 +29,6 @@
     target = "root@mors";
     host = config.krebs.hosts.mors;
     deps = {
-      nixpkgs = {
-        url = https://github.com/Lassulus/nixpkgs;
-        rev = "961fd7b7a0f88dde7dac2f7a4c05ee4e1a25381d";
-      };
       secrets = {
         url = "/home/lass/secrets/${config.krebs.build.host.name}";
       };
@@ -128,7 +125,7 @@
     #VM writeback timeout
     echo '1500' > '/proc/sys/vm/dirty_writeback_centisecs'
     #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp]
-    echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
+    #echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
     #Autosuspend for USB device Biometric Coprocessor
     echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
 

lass/1systems/uriel.nix

@@ -28,10 +28,6 @@ with builtins;
     target = "root@uriel";
     host = config.krebs.hosts.uriel;
     deps = {
-      nixpkgs = {
-        url = https://github.com/Lassulus/nixpkgs;
-        rev = "961fcbabd7643171ea74bd550fee1ce5c13c2e90";
-      };
       secrets = {
         url = "/home/lass/secrets/${config.krebs.build.host.name}";
       };

lass/2configs/base.nix

@@ -39,12 +39,20 @@ with lib;
   krebs = {
     enable = true;
     search-domain = "retiolum";
+    exim-retiolum.enable = true;
+    build.deps.nixpkgs = {
+      url = https://github.com/Lassulus/nixpkgs;
+      rev = "58a82ff50b8605b88a8f66481d8c85bf8ab53be3";
+    };
   };
 
   nix.useChroot = true;
 
   users.mutableUsers = false;
 
+  #why is this on in the first place?
+  services.ntp.enable = false;
+
   boot.tmpOnTmpfs = true;
   # see tmpfiles.d(5)
   systemd.tmpfiles.rules = [
@@ -134,6 +142,7 @@ with lib;
         { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
         { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
         { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
+        { predicate = "-i retiolum"; target = "REJECT"; precedence = -10000; }
       ];
     };
   };

lass/2configs/bitlbee.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+
+let
+  lpkgs = import ../5pkgs { inherit pkgs; };
+in {
+
+  imports = [
+    ../3modules/bitlbee.nix
+  ];
+
+  config.lass.bitlbee = {
+    enable = true;
+    bitlbeePkg = lpkgs.bitlbee;
+  };
+}

lass/2configs/browsers.nix

@@ -1,67 +1,50 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 let
+  inherit (import ../4lib { inherit pkgs lib; }) simpleScript;
+
   mainUser = config.users.extraUsers.mainUser;
+  createBrowserUser = name: extraGroups: packages:
+    {
+      users.extraUsers = {
+        ${name} = {
+          inherit name;
+          inherit extraGroups;
+          home = "/home/${name}";
+          useDefaultShell = true;
+          createHome = true;
+        };
+      };
+      lass.per-user.${name}.packages = packages;
+      security.sudo.extraConfig = ''
+        ${mainUser.name} ALL=(${name}) NOPASSWD: ALL
+      '';
+      environment.systemPackages = [
+        (simpleScript name ''
+          sudo -u ${name} -i chromium $@
+        '')
+      ];
+    };
 
 in {
 
+  imports = [
+    ../3modules/per-user.nix
+  ] ++ [
+    ( createBrowserUser "ff" [ "audio" ] [ pkgs.firefox ] )
+    ( createBrowserUser "cr" [ "audio" ] [ pkgs.chromium ] )
+    ( createBrowserUser "fb" [ ] [ pkgs.chromium ] )
+    ( createBrowserUser "gm" [ ] [ pkgs.chromium ] )
+    ( createBrowserUser "flash" [ ] [ pkgs.flash ] )
+  ];
+
   nixpkgs.config.packageOverrides = pkgs : {
+    flash = pkgs.chromium.override {
+      pulseSupport = true;
+      enablePepperFlash = true;
+    };
     chromium = pkgs.chromium.override {
       pulseSupport = true;
     };
   };
-
-  environment.systemPackages = with pkgs; [
-    firefox
-  ];
-
-  users.extraUsers = {
-    firefox = {
-      name = "firefox";
-      description = "user for running firefox";
-      home = "/home/firefox";
-      useDefaultShell = true;
-      extraGroups = [ "audio" ];
-      createHome = true;
-    };
-    chromium = {
-      name = "chromium";
-      description = "user for running chromium";
-      home = "/home/chromium";
-      useDefaultShell = true;
-      extraGroups = [ "audio" ];
-      createHome = true;
-    };
-    facebook = {
-      name = "facebook";
-      description = "user for running facebook in chromium";
-      home = "/home/facebook";
-      useDefaultShell = true;
-      extraGroups = [ "audio" ];
-      createHome = true;
-    };
-    google = {
-      name = "google";
-      description = "user for running google+/gmail in chromium";
-      home = "/home/google";
-      useDefaultShell = true;
-      createHome = true;
-    };
-    flash = {
-      name = "flash";
-      description = "user for running flash stuff";
-      home = "/home/flash";
-      useDefaultShell = true;
-      extraGroups = [ "audio" ];
-      createHome = true;
-    };
-  };
-
-  security.sudo.extraConfig = ''
-    ${mainUser.name} ALL=(firefox) NOPASSWD: ALL
-    ${mainUser.name} ALL=(chromium) NOPASSWD: ALL
-    ${mainUser.name} ALL=(facebook) NOPASSWD: ALL
-    ${mainUser.name} ALL=(google) NOPASSWD: ALL
-    ${mainUser.name} ALL=(flash) NOPASSWD: ALL
-  '';
 }

lass/2configs/new-repos.nix

@@ -1,6 +1,7 @@
 { config, lib, pkgs, ... }:
 
 with import ../../tv/4lib { inherit lib pkgs; };
+
 let
 
   out = {
@@ -8,14 +9,14 @@ let
       enable = true;
       root-title = "public repositories at ${config.krebs.build.host.name}";
       root-desc = "keep calm and engage";
-      inherit repos rules;
+      repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
+      rules = rules;
     };
   };
 
-  repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) (
+  repos =
     public-repos //
-    optionalAttrs config.krebs.build.host.secure restricted-repos
-  );
+    optionalAttrs config.krebs.build.host.secure restricted-repos;
 
   rules = concatMap make-rules (attrValues repos);
 
@@ -50,8 +51,8 @@ let
     };
   };
 
-  make-restricted-repo = name: { desc ? null, ... }: {
-    inherit name desc;
+  make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: {
+    inherit name collaborators desc;
     public = false;
   };
 

lass/2configs/retiolum.nix

@@ -22,6 +22,8 @@
       "fastpoke"
       "cloudkrebs"
       "pigstarter"
+      "gum"
+      "flap"
     ];
   };
 }

lass/2configs/texlive.nix

@@ -2,6 +2,6 @@
 
 {
   environment.systemPackages = with pkgs; [
-    (pkgs.texLiveAggregationFun { paths = [ pkgs.texLive pkgs.texLiveFull ]; })
+    texLive
   ];
 }

lass/2configs/virtualbox.nix

@@ -4,7 +4,7 @@ let
   mainUser = config.users.extraUsers.mainUser;
 
 in {
-  services.virtualboxHost.enable = true;
+  virtualisation.virtualbox.host.enable = true;
 
   users.extraUsers = {
     virtual = {

lass/3modules/bitlbee.nix

@@ -0,0 +1,153 @@
+{ config, lib, pkgs, ... }:
+
+
+let
+
+  inherit (lib)
+    mkIf
+    mkOption
+    types
+    singleton
+  ;
+
+  authModeCheck = v:
+    v == "Open" ||
+    v == "Closed" ||
+    v == "Registered"
+  ;
+
+  bitlbeeConfig = pkgs.writeText "bitlbee.conf" ''
+    [settings]
+    RunMode = Daemon
+    User = bitlbee
+    ConfigDir = ${cfg.configDir}
+    DaemonInterface = ${cfg.interface}
+    DaemonPort = ${toString cfg.portNumber}
+    AuthMode = ${cfg.authMode}
+    ${lib.optionalString (cfg.hostName != "") "HostName = ${cfg.hostName}"}
+    ${lib.optionalString (cfg.protocols != "") "Protocols = ${cfg.protocols}"}
+    ${cfg.extraSettings}
+
+    [defaults]
+    ${cfg.extraDefaults}
+  '';
+
+  cfg = config.lass.bitlbee;
+
+  out = {
+    options.lass.bitlbee = api;
+    config = mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkOption {
+      default = false;
+      description = ''
+        Whether to run the BitlBee IRC to other chat network gateway.
+        Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat
+        networks via an IRC client.
+      '';
+    };
+
+    interface = mkOption {
+      default = "127.0.0.1";
+      description = ''
+        The interface the BitlBee deamon will be listening to.  If `127.0.0.1',
+        only clients on the local host can connect to it; if `0.0.0.0', clients
+        can access it from any network interface.
+      '';
+    };
+
+    portNumber = mkOption {
+      default = 6667;
+      description = ''
+        Number of the port BitlBee will be listening to.
+      '';
+    };
+
+    authMode = mkOption {
+      default = "Open";
+      type = types.addCheck types.str authModeCheck;
+      description = ''
+        The following authentication modes are available:
+          Open -- Accept connections from anyone, use NickServ for user authentication.
+          Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all.
+          Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself.
+      '';
+    };
+
+    hostName = mkOption {
+      default = "";
+      type = types.str;
+      description = ''
+        Normally, BitlBee gets a hostname using getsockname(). If you have a nicer
+        alias for your BitlBee daemon, you can set it here and BitlBee will identify
+        itself with that name instead.
+      '';
+    };
+
+    configDir = mkOption {
+      default = "/var/lib/bitlbee";
+      type = types.path;
+      description = ''
+        Specify an alternative directory to store all the per-user configuration
+        files.
+      '';
+    };
+
+    protocols = mkOption {
+      default = "";
+      type = types.str;
+      description = ''
+        This option allows to remove the support of protocol, even if compiled
+        in. If nothing is given, there are no restrictions.
+      '';
+    };
+
+    extraSettings = mkOption {
+      default = "";
+      description = ''
+        Will be inserted in the Settings section of the config file.
+      '';
+    };
+
+    extraDefaults = mkOption {
+      default = "";
+      description = ''
+        Will be inserted in the Default section of the config file.
+      '';
+    };
+
+    bitlbeePkg = mkOption {
+      default = pkgs.bitlbee;
+      description = ''
+        the bitlbee pkg to use.
+      '';
+    };
+  };
+
+  imp = {
+    users.extraUsers = singleton {
+      name = "bitlbee";
+      uid = config.ids.uids.bitlbee;
+      description = "BitlBee user";
+      home = "/var/lib/bitlbee";
+      createHome = true;
+    };
+
+    users.extraGroups = singleton {
+      name = "bitlbee";
+      gid = config.ids.gids.bitlbee;
+    };
+
+    systemd.services.bitlbee = {
+      description = "BitlBee IRC to other chat networks gateway";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig.User = "bitlbee";
+      serviceConfig.ExecStart = "${cfg.bitlbeePkg}/sbin/bitlbee -F -n -c ${bitlbeeConfig}";
+    };
+  };
+
+in
+out

lass/3modules/per-user.nix

@@ -0,0 +1,54 @@
+{ config, lib, pkgs, ... }:
+
+with builtins;
+with lib;
+let
+  cfg = config.lass.per-user;
+
+  out = {
+    options.lass.per-user = api;
+    config = imp;
+  };
+
+  api = mkOption {
+    type = with types; attrsOf (submodule {
+      options = {
+        packages = mkOption {
+          type = listOf path;
+          default = [];
+        };
+      };
+    });
+    default = {};
+  };
+
+  imp = {
+    #
+    # TODO only shellInit and use well-known paths
+    #
+    environment.shellInit = ''
+      if test -e ${user-profiles}/"$LOGNAME"; then
+        . ${user-profiles}/"$LOGNAME"
+      fi
+    '';
+    environment.interactiveShellInit = ''
+      if test -e ${user-profiles}/"$LOGNAME"; then
+        . ${user-profiles}/"$LOGNAME"
+      fi
+    '';
+    environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
+  };
+
+  user-profiles = pkgs.runCommand "user-profiles" {} ''
+    mkdir $out
+    ${concatStrings (mapAttrsToList (logname: { packages, ... }: ''
+      cat > $out/${logname} <<\EOF
+      ${optionalString (length packages > 0) (
+        let path = makeSearchPath "bin" packages; in
+        ''export PATH="$PATH":${escapeShellArg path}''
+      )}
+      EOF
+    '') cfg)}
+  '';
+
+in out

lass/4lib/default.nix

@@ -0,0 +1,20 @@
+{ lib, pkgs, ... }:
+
+let
+  krebs = import ../../krebs/4lib { inherit lib; };
+in
+
+with krebs;
+
+krebs // rec {
+
+  simpleScript = name: content:
+    pkgs.stdenv.mkDerivation {
+      inherit name;
+      phases = [ "installPhase" ];
+      installPhase = ''
+        mkdir -p $out/bin
+        ln -s ${pkgs.writeScript name content} $out/bin/${name}
+      '';
+    };
+}

lass/5pkgs/bitlbee-dev.nix

@@ -0,0 +1,20 @@
+{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python }:
+
+stdenv.mkDerivation rec {
+  name = "bitlbee-3.4.1";
+
+  src = fetchurl {
+    url = "mirror://bitlbee/src/${name}.tar.gz";
+    sha256 = "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh";
+  };
+
+  buildInputs = [ gnutls glib pkgconfig libotr python ];
+
+  buildPhase = "";
+
+  installPhase = ''
+    make install-dev
+  '';
+
+}
+

lass/5pkgs/bitlbee-steam.nix

@@ -0,0 +1,31 @@
+{ stdenv, fetchgit, autoconf, automake, bitlbee-dev, glib, libgcrypt, libtool, pkgconfig }:
+
+stdenv.mkDerivation rec {
+  name = "bitlbee-steam-1.3.1";
+
+  src = fetchgit {
+    url = "https://github.com/jgeboski/bitlbee-steam";
+    rev = "439d777c7e8d06712ffc15c3e51d61799f4c0d0c";
+    sha256 = "493924da1083a3b23073c595a9e1989a7ae09a196524ad66ca99c4d8ccc20d2a";
+  };
+
+  buildInputs = [
+    autoconf
+    automake
+    bitlbee-dev
+    glib
+    libgcrypt
+    libtool
+    pkgconfig
+  ];
+
+  configurePhase = ''
+    ./autogen.sh
+  '';
+
+  installPhase = ''
+    mkdir -p $out
+    cp steam/.libs/steam.la $out/
+    cp steam/.libs/steam.so $out/
+  '';
+}

lass/5pkgs/bitlbee.nix

@@ -0,0 +1,71 @@
+{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python
+  , bitlbee-facebook ? null
+  , bitlbee-steam ? null
+}:
+
+with stdenv.lib;
+stdenv.mkDerivation rec {
+  name = "bitlbee-3.4.1";
+
+  src = fetchurl {
+    url = "mirror://bitlbee/src/${name}.tar.gz";
+    sha256 = "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh";
+  };
+
+
+  buildInputs = [ gnutls glib pkgconfig libotr python ]
+    ++ optional doCheck check;
+
+  configureFlags = [
+    "--gcov=1"
+    "--otr=1"
+    "--ssl=gnutls"
+  ];
+
+  postBuild = ''
+    ${if (bitlbee-steam != null) then
+      ''
+        mkdir -p $out/lib/bitlbee/
+        find ${bitlbee-steam}
+        cp ${bitlbee-steam}/* $out/lib/bitlbee/
+      ''
+    else
+      ""
+    }
+  '';
+    #${concatMapStringsSep "\n" ([] ++
+    #  (if (bitlbee-facebook != null) then
+    #    "cp ${bitlbee-faceook}/* $out/"
+    #  else
+    #    ""
+    #  ) ++
+    #  (if (bitlbee-steam != null) then
+    #    "cp ${bitlbee-steam}/* $out/"
+    #  else
+    #    ""
+    #  )
+    #)}
+
+  doCheck = true;
+
+  meta = {
+    description = "IRC instant messaging gateway";
+
+    longDescription = ''
+      BitlBee brings IM (instant messaging) to IRC clients.  It's a
+      great solution for people who have an IRC client running all the
+      time and don't want to run an additional MSN/AIM/whatever
+      client.
+
+      BitlBee currently supports the following IM networks/protocols:
+      XMPP/Jabber (including Google Talk), MSN Messenger, Yahoo!
+      Messenger, AIM and ICQ.
+    '';
+
+    homepage = http://www.bitlbee.org/;
+    license = licenses.gpl2Plus;
+
+    maintainers = with maintainers; [ wkennington pSub ];
+    platforms = platforms.gnu;  # arbitrary choice
+  };
+}

lass/5pkgs/default.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+
+let
+  inherit (pkgs) callPackage;
+  kpkgs = import ../../krebs/5pkgs { inherit pkgs; };
+in
+
+kpkgs //
+rec {
+  bitlbee-dev = callPackage ./bitlbee-dev.nix {};
+  bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; };
+  bitlbee = callPackage ./bitlbee.nix { inherit bitlbee-steam; };
+}

makefu/1systems/pnp.nix

@@ -10,9 +10,12 @@
       <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
       ../2configs/base.nix
       ../2configs/cgit-retiolum.nix
-      ../2configs/graphite-standalone.nix
+      # ../2configs/graphite-standalone.nix
       ../2configs/vm-single-partition.nix
       ../2configs/tinc-basic-retiolum.nix
+
+      ../2configs/exim-retiolum.nix
+      ../2configs/urlwatch.nix
     ];
   krebs.build.host = config.krebs.hosts.pnp;
   krebs.build.user = config.krebs.users.makefu;
@@ -27,10 +30,14 @@
 
   networking.firewall.allowedTCPPorts = [
   # nginx runs on 80
+  80
   # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp
-    80
-    8080 2003
+  # 8080 2003
+
+  # smtp
+  25
   ];
-  networking.firewall.allowedUDPPorts = [ 2003 ];
+
+  # networking.firewall.allowedUDPPorts = [ 2003 ];
 
 }

makefu/1systems/pornocauster.nix

@@ -0,0 +1,46 @@
+#
+#
+#
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ../2configs/base.nix
+      ../2configs/main-laptop.nix #< base-gui
+
+      # Krebs
+      ../2configs/tinc-basic-retiolum.nix
+      #../2configs/disable_v6.nix
+
+      #../2configs/sda-crypto-root.nix
+      ../2configs/sda-crypto-root-home.nix
+
+      ../2configs/zsh-user.nix
+
+      # applications
+      ../2configs/exim-retiolum.nix
+      ../2configs/virtualization.nix
+      ../2configs/wwan.nix
+
+      # hardware specifics are in here
+      ../2configs/tp-x220.nix
+    ];
+
+  krebs.build.host = config.krebs.hosts.pornocauster;
+  krebs.build.user = config.krebs.users.makefu;
+  krebs.build.target = "root@pornocauster";
+
+  networking.firewall.allowedTCPPorts = [
+    25
+  ];
+
+  krebs.build.deps = {
+    nixpkgs = {
+      #url = https://github.com/NixOS/nixpkgs;
+      # rev=$(curl https://nixos.org/channels/nixos-unstable/git-revision -L)
+      url = https://github.com/makefu/nixpkgs;
+      rev = "f5fe787f778b872c6b2221598501c9310cb83915";
+    };
+  };
+}

makefu/1systems/tsp.nix

@@ -11,17 +11,20 @@
       ../2configs/tinc-basic-retiolum.nix
       ../2configs/sda-crypto-root.nix
       # hardware specifics are in here
-      ../2configs/tp-x200.nix
+      ../2configs/tp-x200.nix #< imports tp-x2x0.nix
 
       ../2configs/disable_v6.nix
       ../2configs/rad1o.nix
+
+      ../2configs/zsh-user.nix
+      ../2configs/exim-retiolum.nix
     ];
   # not working in vm
   krebs.build.host = config.krebs.hosts.tsp;
   krebs.build.user = config.krebs.users.makefu;
   krebs.build.target = "root@tsp";
 
-  krebs.exim-retiolum.enable = true;
+
   networking.firewall.allowedTCPPorts = [
     25
   ];
@@ -31,8 +34,8 @@
       #url = https://github.com/NixOS/nixpkgs;
       # rev=$(curl https://nixos.org/channels/nixos-unstable/git-revision -L)
       url = https://github.com/makefu/nixpkgs;
-      rev = "8b8b65da24f13f9317504e8bcba476f9161613fe";
+      #rev = "8b8b65da24f13f9317504e8bcba476f9161613fe";
+      rev = "f5fe787f778b872c6b2221598501c9310cb83915";
     };
   };
-
 }

makefu/2configs/base-gui.nix

@@ -1,11 +1,15 @@
 { config, lib, pkgs, ... }:
 ##
-# of course this name is a lie - it prepares a GUI environment close to my
-# current configuration.
+# of course this name is a lie
+# - it prepares a GUI environment close to my
+# current configuration,specifically:
 #
-# autologin with mainUser into awesome
-##
+# * autologin with mainUser into awesome
+# * audio
+# * terminus font
 #
+# if this is not enough, check out main-laptop.nix
+
 with lib;
 let
   mainUser = config.krebs.build.user.name;
@@ -28,14 +32,6 @@ in
     displayManager.auto.user = mainUser;
     desktopManager.xterm.enable = false;
   };
-  services.redshift = {
-    enable = true;
-    latitude = "48.7";
-    longitude = "9.1";
-  };
-
-## FONTS
-# TODO: somewhere else?
 
   i18n.consoleFont = "Lat2-Terminus16";
 
@@ -49,14 +45,12 @@ in
   environment.systemPackages = with pkgs;[
     xlockmore
     rxvt_unicode-with-plugins
-    vlc
     firefox
-    chromium
   ];
-  # TODO: use mainUser
-  users.extraUsers.makefu.extraGroups = [ "audio" ];
+  users.extraUsers.${mainUser}.extraGroups = [ "audio" ];
+
   hardware.pulseaudio = {
-    enable = true;
-  #  systemWide = true;
+     enable = true;
+   #  systemWide = true;
   };
 }

makefu/2configs/cgit-retiolum.nix

@@ -8,7 +8,7 @@ let
 
   krebs-repos = mapAttrs make-krebs-repo {
     stockholm = {
-      desc = "take all the computers hostage, they'll love you!";
+      desc = "Make all the systems into 1systems!";
     };
   };
 

makefu/2configs/exim-retiolum.nix

@@ -0,0 +1,11 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+  krebs.exim-retiolum.enable = true;
+  environment.systemPackages = with pkgs; [
+    msmtp
+    mutt-kz
+  ];
+
+}

makefu/2configs/main-laptop.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+# stuff for the main laptop
+# this is pretty much nice-to-have and does
+# not fit into base-gui
+
+with lib;
+{
+  imports = [ ./base-gui.nix ];
+  environment.systemPackages = with pkgs;[
+    vlc
+    firefox
+    chromium
+    keepassx
+  ];
+
+  services.redshift = {
+    enable = true;
+    latitude = "48.7";
+    longitude = "9.1";
+  };
+
+}

makefu/2configs/sda-crypto-root-home.nix

@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+
+# ssd #
+# sda:  bootloader grub2
+# sda1: boot ext4 (label nixboot)
+# sda2: cryptoluks -> lvm:
+#       /     (main-root)
+#       /home (main-home)
+
+with lib;
+{
+  boot = {
+    loader.grub.enable =true;
+    loader.grub.version =2;
+    loader.grub.device = "/dev/sda";
+
+    initrd.luks.devices = [ { name = "main"; device = "/dev/sda2"; allowDiscards=true; }];
+    initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
+    initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+  };
+  fileSystems = {
+    "/" = {
+      device = "/dev/mapper/main-root";
+      fsType = "ext4";
+      options="defaults,discard";
+    };
+    # TODO: just import sda-crypto-root, add this device
+    "/home" = {
+      device = "/dev/mapper/main-home";
+      fsType = "ext4";
+      options="defaults,discard";
+    };
+    "/boot" = {
+      device = "/dev/disk/by-label/nixboot";
+      fsType = "ext4";
+      options="defaults,discard";
+    };
+  };
+}

makefu/2configs/tp-x200.nix

@@ -2,36 +2,20 @@
 
 with lib;
 {
-  #services.xserver = {
-  #  videoDriver = "intel";
-  #};
+
+  imports = [ ./tp-x2x0.nix ];
 
   boot = {
     kernelModules = [ "tp_smapi" "msr" ];
     extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
 
   };
+  services.thinkfan.enable = true;
 
-  #networking.wireless.enable = true;
-
-  hardware.enableAllFirmware = true;
-  nixpkgs.config.allowUnfree = true;
-
-  zramSwap.enable = true;
-  zramSwap.numDevices = 2;
-
-  hardware.trackpoint.enable = true;
-  hardware.trackpoint.sensitivity = 255;
-  hardware.trackpoint.speed = 255;
+  # only works on tp-x200 , not x220
   services.xserver.displayManager.sessionCommands = ''
     xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 1
     xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 2
     xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 200
   '';
-
-  services.thinkfan.enable = true;
-  services.tlp.enable = true;
-  services.tlp.extraConfig = ''
-  START_CHARGE_THRESH_BAT0=80
-  '';
 }

makefu/2configs/tp-x220.nix

@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+
+  imports = [ ./tp-x2x0.nix ];
+
+  boot.kernelModules = [ "kvm-intel" ];
+
+  services.xserver.vaapiDrivers = [pkgs.vaapiIntel pkgs.vaapiVdpau ];
+
+  services.xserver.displayManager.sessionCommands =''
+  xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1
+  xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2
+  xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200
+  xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5
+  '';
+
+}

makefu/2configs/tp-x2x0.nix

@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+  # TODO: put this somewhere else
+  networking.wireless.enable = true;
+
+  hardware.enableAllFirmware = true;
+  nixpkgs.config.allowUnfree = true;
+
+  zramSwap.enable = true;
+  zramSwap.numDevices = 2;
+
+  hardware.trackpoint.enable = true;
+  hardware.trackpoint.sensitivity = 220;
+  hardware.trackpoint.speed = 220;
+
+  services.tlp.enable = true;
+  services.tlp.extraConfig = ''
+  START_CHARGE_THRESH_BAT0=80
+  '';
+}

makefu/2configs/urlwatch.nix

@@ -0,0 +1,17 @@
+{ config, ... }:
+
+{
+  krebs.urlwatch = {
+    enable = true;
+    mailto = config.krebs.users.makefu.mail;
+    onCalendar = "*-*-* 05:00:00";
+    urls = [
+      ## nixpkgs maintenance
+      https://api.github.com/repos/ovh/python-ovh/tags
+      https://api.github.com/repos/embray/d2to1/tags
+      http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release
+
+    ];
+  };
+}
+

makefu/2configs/virtualization.nix

@@ -0,0 +1,8 @@
+{ config, lib, pkgs, ... }:
+
+let
+  mainUser = config.krebs.build.user;
+in {
+  virtualisation.libvirtd.enable = true;
+  users.extraUsers.${mainUser.name}.extraGroups = [ "libvirtd" ];
+}

makefu/2configs/wwan.nix

@@ -0,0 +1,29 @@
+{ config, lib, pkgs, ... }:
+
+#usage: $ wvdial
+
+let
+  mainUser = config.krebs.build.user;
+in {
+  environment.systemPackages = with pkgs;[
+    wvdial
+  ];
+
+  # configure for NETZCLUB
+  environment.wvdial.dialerDefaults = ''
+    Phone = *99***1#
+    Dial Command = ATDT
+    Modem = /dev/ttyACM0
+    Baud = 460800
+    Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
+    Init2 = ATZ
+    Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
+    ISDN = 0
+    Modem Type = Analog Modem
+    Username = netzclub
+    Password = netzclub
+    Stupid Mode = 1
+    Idle Seconds = 0'';
+
+  users.extraUsers.${mainUser.name}.extraGroups = [ "dialout" ];
+}

makefu/2configs/zsh-user.nix

@@ -0,0 +1,10 @@
+{ config, lib, pkgs, ... }:
+##
+with lib;
+let
+  mainUser = config.krebs.build.user.name;
+in
+{
+  programs.zsh.enable = true;
+  users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh";
+}