Merge remote-tracking branch 'prism/master'

krebs/2configs/default.nix

@@ -22,6 +22,7 @@ with import <stockholm/lib>;
 
   environment.systemPackages = with pkgs; [
     git
+    vim
     rxvt_unicode.terminfo
   ];
 

krebs/3modules/lass/default.nix

@@ -43,7 +43,7 @@ with import <stockholm/lib>;
       cores = 2;
       nets = rec {
         internet = {
-          ip4.addr = "104.233.79.118";
+          ip4.addr = "45.62.226.163";
           aliases = [
             "echelon.i"
           ];

krebs/3modules/tv/default.nix

@@ -113,14 +113,6 @@ with import <stockholm/lib>;
     };
     kaepsele = {
       nets = {
-        internet = {
-          ip4.addr = "92.222.10.169";
-          aliases = [
-            "kaepsele.i"
-            "kaepsele.internet"
-            # TODO "kaepsele.org"
-          ];
-        };
         retiolum = {
           ip4.addr = "10.243.166.2";
           ip6.addr = "42:b9d:6660:d07c:2bb7:4e91:1a01:2e7d";
@@ -129,17 +121,18 @@ with import <stockholm/lib>;
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
-            MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/
+            MIIBCgKCAQEA4+kDaKhCBNlpHqRCA2R6c4UEFk0OaiPwHvjmBBjpihTJVyffIEYm
-            Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo
+            QFZ5ZNkaVumSOAgKk9ygppO9WsNasl1ag+IRWik9oupdzEkNjgvOMBVJGhcwGZGF
-            rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y
+            6UEY5sdA1n0qg74og5BGSiXUBiaahVM0rAfCNk8gV3qrot5kWJMQLb9BKabJ56eb
-            y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu
+            JrgWepxuVaw3BoEhz6uusuvw5i1IF382L8R11hlvyefifXONFOAUjCrCr0bCb4uK
-            yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5
+            ZZcRUU35pbHLDXXTOrOarOO1tuVGu85VXo3S1sLaaouHYjhTVT8bxqbwcNhxBXYf
-            FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB
+            ONLv0f7G5XwecgUNbE6ZTfjV5PQKaww3lwIDAQAB
             -----END RSA PUBLIC KEY-----
           '';
         };
       };
-      ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wr36T0MmB8pnSO5/pw9/Dfe5+IMgVHOhm6EUa55jj";
     };
     mu = {
       cores = 2;

krebs/source.nix

@@ -14,6 +14,6 @@ in
     stockholm.file = toString <stockholm>;
     nixpkgs.git = {
       url = https://github.com/NixOS/nixpkgs;
-      ref = "0590ecbe9e6b9a076065be29370701da758c61f1"; # nixos-17.03 @ 2017-07-30
+      ref = "51a83266d164195698f04468d90d2c6238ed3491"; # nixos-17.03 @ 2017-07-30
     };
   }

lass/1systems/daedalus/config.nix

@@ -1,22 +1,74 @@
+with import <stockholm/lib>;
 { config, pkgs, ... }:
 
 {
   imports = [
     <stockholm/lass>
     <stockholm/lass/2configs/hw/x220.nix>
-    <stockholm/lass/2configs/boot/stock-x220.nix>
+    <stockholm/lass/2configs/boot/coreboot.nix>
 
-    <stockholm/lass/2configs/mouse.nix>
     <stockholm/lass/2configs/retiolum.nix>
-    <stockholm/lass/2configs/git.nix>
-    <stockholm/lass/2configs/exim-retiolum.nix>
-    <stockholm/lass/2configs/baseX.nix>
-    <stockholm/lass/2configs/browsers.nix>
-    <stockholm/lass/2configs/programs.nix>
-    <stockholm/lass/2configs/fetchWallpaper.nix>
     <stockholm/lass/2configs/backups.nix>
-    <stockholm/lass/2configs/games.nix>
+    {
+      # bubsy config
+      users.users.bubsy = {
+        uid = genid "bubsy";
+        home = "/home/bubsy";
+        group = "users";
+        createHome = true;
+        extraGroups = [
+          "audio"
+          "networkmanager"
         ];
+        useDefaultShell = true;
+      };
+      networking.networkmanager.enable = true;
+      networking.wireless.enable = mkForce false;
+      hardware.pulseaudio = {
+        enable = true;
+        systemWide = true;
+      };
+      environment.systemPackages = with pkgs; [
+        pavucontrol
+        firefox
+        hexchat
+        networkmanagerapplet
+      ];
+      services.xserver.enable = true;
+      services.xserver.displayManager.lightdm.enable = true;
+      services.xserver.desktopManager.plasma5.enable = true;
+    }
+    {
+      krebs.per-user.bitcoin.packages = [
+        pkgs.electrum
+      ];
+      users.extraUsers = {
+        bitcoin = {
+          name = "bitcoin";
+          description = "user for bitcoin stuff";
+          home = "/home/bitcoin";
+          useDefaultShell = true;
+          createHome = true;
+        };
+      };
+      security.sudo.extraConfig = ''
+        bubsy ALL=(bitcoin) NOPASSWD: ALL
+      '';
+    }
+  ];
+
+  time.timeZone = "Europe/Berlin";
+
+  hardware.trackpoint = {
+    enable = true;
+    sensitivity = 220;
+    speed = 0;
+    emulateWheel = true;
+  };
+
+  services.logind.extraConfig = ''
+    HandleLidSwitch=ignore
+  '';
 
   krebs.build.host = config.krebs.hosts.daedalus;
 
@@ -29,7 +81,7 @@
   };
 
   services.udev.extraRules = ''
-    SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0"
+    SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
-    SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0"
+    SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
   '';
 }

lass/1systems/iso.nix

@@ -37,6 +37,7 @@ with import <stockholm/lib>;
         };
       };
       boot.kernelParams = [ "copytoram" ];
+      networking.hostName = "lass-iso";
     }
     {
       krebs.enable = true;

lass/1systems/mors/config.nix

@@ -5,7 +5,7 @@ with import <stockholm/lib>;
   imports = [
     <stockholm/lass>
     <stockholm/lass/2configs/hw/x220.nix>
-    <stockholm/lass/2configs/boot/coreboot.nix>
+    <stockholm/lass/2configs/boot/stock-x220.nix>
 
     <stockholm/lass/2configs/mouse.nix>
     <stockholm/lass/2configs/retiolum.nix>
@@ -104,8 +104,8 @@ with import <stockholm/lib>;
   };
 
   services.udev.extraRules = ''
-    SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
+    SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0"
-    SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
+    SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0"
   '';
 
   #TODO activationScripts seem broken, fix them!
@@ -139,7 +139,6 @@ with import <stockholm/lib>;
     urban
     mk_sql_pair
     remmina
-    thunderbird
 
     iodine
 

lass/1systems/prism/config.nix

@@ -298,6 +298,22 @@ in {
         localAddress = "10.233.2.2";
       };
     }
+    {
+      #kaepsele
+      containers.kaepsele = {
+        config = { ... }: {
+          services.openssh.enable = true;
+          users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
+            lass.pubkey
+            tv.pubkey
+          ];
+        };
+        enableTun = true;
+        privateNetwork = true;
+        hostAddress = "10.233.2.3";
+        localAddress = "10.233.2.4";
+      };
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.prism;

lass/1systems/skynet/config.nix

@@ -44,6 +44,10 @@ with import <stockholm/lib>;
 
   krebs.build.host = config.krebs.hosts.skynet;
 
+  services.logind.extraConfig = ''
+    HandleLidSwitch=ignore
+  '';
+
   #fileSystems = {
   #  "/bku" = {
   #    device = "/dev/mapper/pool-bku";

lass/2configs/baseX.nix

@@ -48,6 +48,7 @@ in {
     acpi
     dic
     dmenu
+    gi
     gitAndTools.qgit
     lm_sensors
     haskellPackages.hledger

lass/2configs/exim-smarthost.nix

@@ -40,6 +40,7 @@ with import <stockholm/lib>;
       { from = "patreon@lassul.us"; to = lass.mail; }
       { from = "steam@lassul.us"; to = lass.mail; }
       { from = "securityfocus@lassul.us"; to = lass.mail; }
+      { from = "radio@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }

lass/2configs/git.nix

@@ -80,7 +80,7 @@ let
     public = true;
   };
 
-  make-restricted-repo = name: { collaborators ? [], announce ? false, ... }: {
+  make-restricted-repo = name: { collaborators ? [], announce ? false, hooks ? {}, ... }: {
     inherit collaborators name;
     public = false;
     hooks = optionalAttrs announce {
@@ -93,7 +93,7 @@ let
         # TODO define branches in some kind of option per repo
         branches = [ "master" "staging*" ];
       };
-    };
+    } // hooks;
   };
 
   make-rules =

lass/2configs/ircd.nix

@@ -13,7 +13,6 @@
         sid = "1as";
         description = "miep!";
         network_name = "irc.retiolum";
-        network_desc = "Retiolum IRC Network";
         hub = yes;
 
         vhost = "0.0.0.0";

lass/2configs/mail.nix

@@ -72,13 +72,13 @@ let
     ''} %r |"
 
     virtual-mailboxes \
+        "Unread"    "notmuch://?query=tag:unread"\
         "INBOX"     "notmuch://?query=tag:inbox \
                      and NOT tag:killed \
                      and NOT to:shackspace \
                      and NOT to:c-base \
                      and NOT from:security-alert@hpe.com \
                      and NOT to:nix-devel"\
-        "Unread"    "notmuch://?query=tag:unread"\
         "shack"     "notmuch://?query=to:shackspace"\
         "c-base"    "notmuch://?query=to:c-base"\
         "security"  "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\

lass/2configs/newsbot-js.nix

@@ -15,7 +15,6 @@ let
     bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#news #bundestag
     bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#news
     bitcoinpakistan|https://bitcoinspakistan.com/feed/|#news #financial
-    c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news
     cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news
     carta|http://feeds2.feedburner.com/carta-standard-rss|#news
     catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#news
@@ -27,7 +26,11 @@ let
     ccc|http://www.ccc.de/rss/updates.rdf|#news
     chan_b|https://boards.4chan.org/b/index.rss|#brainfuck
     chan_biz|https://boards.4chan.org/biz/index.rss|#news #brainfuck
+    chan_g|https://boards.4chan.org/g/index.rss|#news
     chan_int|https://boards.4chan.org/int/index.rss|#news #brainfuck
+    chan_sci|https://boards.4chan.org/sci/index.rss|#news
+    chan_x|https://boards.4chan.org/x/index.rss|#news
+    c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news
     cryptogon|http://www.cryptogon.com/?feed=rss2|#news
     csm|http://rss.csmonitor.com/feeds/csm|#news
     csm_world|http://rss.csmonitor.com/feeds/world|#news
@@ -61,6 +64,7 @@ let
     greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#news
     guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#news
     gulli|http://ticker.gulli.com/rss/|#news
+    hackernews|https://news.ycombinator.com/rss|#news
     handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news #financial
     heise|https://www.heise.de/newsticker/heise-atom.xml|#news
     hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial
@@ -100,7 +104,12 @@ let
     reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#news #brainfuck
     reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#news
     reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#news #financial
+    reddit_consp|http://reddit.com/r/conspiracy/.rss|#news
+    reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
+    reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
     reddit_prog|http://www.reddit.com/r/programming/new/.rss|#news
+    reddit_sci|http://www.reddit.com/r/science/.rss|#news
+    reddit_tech|http://www.reddit.com/r/technology/.rss|#news
     reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#news #tpp
     reddit_world|http://www.reddit.com/r/worldnews/.rss|#news
     r-ethereum|http://www.reddit.com/r/ethereum/.rss|#news
@@ -156,16 +165,6 @@ let
     wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#news
     xkcd|https://xkcd.com/rss.xml|#news
     zdnet|http://www.zdnet.com/news/rss.xml|#news
-
-    chan_g|https://boards.4chan.org/g/index.rss|#news
-    chan_x|https://boards.4chan.org/x/index.rss|#news
-    chan_sci|https://boards.4chan.org/sci/index.rss|#news
-    reddit_consp|http://reddit.com/r/conspiracy/.rss|#news
-    reddit_sci|http://www.reddit.com/r/science/.rss|#news
-    reddit_tech|http://www.reddit.com/r/technology/.rss|#news
-    reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
-    reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
-    hackernews|https://news.ycombinator.com/rss|#news
   '';
 in {
   environment.systemPackages = [

lass/5pkgs/xmonad-lass.nix

@@ -98,6 +98,7 @@ myKeyMap =
     [ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f")
     , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png")
     , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
+    , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
     , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
     , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%")
     , ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%")

makefu/1systems/darth/config.nix

@@ -3,44 +3,62 @@
 with import <stockholm/lib>;
 let
   byid = dev: "/dev/disk/by-id/" + dev;
-  rootDisk = byid "ata-ADATA_SSD_S599_64GB_10460000000000000039";
+  rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN";
-  auxDisk = byid "ata-HGST_HTS721010A9E630_JR10006PH3A02F";
+  bootPart = rootDisk + "-part1";
-  dataPartition = auxDisk + "-part1";
+  rootPart = rootDisk + "-part2";
 
   allDisks = [ rootDisk ]; # auxDisk
 in {
   imports = [
       <stockholm/makefu>
-      <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
+      <stockholm/makefu/2configs/fs/sda-crypto-root.nix>
+      <stockholm/makefu/2configs/sshd-totp.nix>
       <stockholm/makefu/2configs/zsh-user.nix>
       <stockholm/makefu/2configs/smart-monitor.nix>
       <stockholm/makefu/2configs/exim-retiolum.nix>
-      <stockholm/makefu/2configs/virtualisation/libvirt.nix>
+      # <stockholm/makefu/2configs/virtualisation/libvirt.nix>
 
       <stockholm/makefu/2configs/tinc/retiolum.nix>
-      <stockholm/makefu/2configs/share/temp-share-samba.nix>
+      <stockholm/makefu/2configs/tools/core.nix>
-  ];
+      <stockholm/makefu/2configs/stats/client.nix>
-  services.samba.shares = {
+      <stockholm/makefu/2configs/nsupdate-data.nix>
-      isos = {
+
-        path = "/data/isos/";
+      # SIEM
-        "read only" = "yes";
+      #<stockholm/makefu/2configs/tinc/siem.nix>
-        browseable = "yes";
+      # {services.tinc.networks.siem = {
-        "guest ok" = "yes";
+      #     name = "sdarth";
-      };
+      #     extraConfig = "ConnectTo = sjump";
-  };
+      #   };
-  services.tinc.networks.siem = {
+      # }
-    name = "sdarth";
+
-    extraConfig = "ConnectTo = sjump";
+      # {
-  };
+      #   makefu.forward-journal = {
+      #     enable = true;
+      #     src = "10.8.10.2";
+      #     dst = "10.8.10.6";
+      #   };
+      # }
+
+      ## Sharing
+      # <stockholm/makefu/2configs/share/temp-share-samba.nix>
+      #{
+      #  services.samba.shares = {
+      #      isos = {
+      #        path = "/data/isos/";
+      #        "read only" = "yes";
+      #        browseable = "yes";
+      #        "guest ok" = "yes";
+      #      };
+      #  };
+      #}
+      <stockholm/makefu/2configs/share/anon-ftp.nix>
+  ];
+
 
-  makefu.forward-journal = {
-    enable = true;
-    src = "10.8.10.2";
-    dst = "10.8.10.6";
-  };
 
   #networking.firewall.enable = false;
-
+  makefu.server.primary-itf = "enp0s25";
+  krebs.hidden-ssh.enable = true;
   boot.kernelModules = [ "coretemp" "f71882fg" ];
   hardware.enableAllFirmware = true;
   nixpkgs.config.allowUnfree = true;
@@ -49,31 +67,28 @@ in {
     firewall = {
       allowPing = true;
       logRefusedConnections = false;
-      trustedInterfaces = [ "eno1" ];
+      # trustedInterfaces = [ "eno1" ];
       allowedUDPPorts = [ 80 655 1655 67 ];
       allowedTCPPorts = [ 80 655 1655 ];
     };
     # fallback connection to the internal virtual network
-    interfaces.virbr3.ip4 =  [{
+    # interfaces.virbr3.ip4 =  [{
-      address = "10.8.8.2";
+    #   address = "10.8.8.2";
-      prefixLength = 24;
+    #   prefixLength = 24;
-    }];
+    # }];
   };
 
   # TODO smartd omo darth gum all-in-one
   services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
-  zramSwap.enable = true;
-
-  #fileSystems."/data" = {
-  #  device = dataPartition;
-  #  fsType = "ext4";
-  #};
 
   boot.loader.grub.device = rootDisk;
-
+  boot.initrd.luks.devices = [
-  users.users.root.openssh.authorizedKeys.keys = [
+    { name = "luksroot";
-    config.krebs.users.makefu-omo.pubkey
+      device = rootPart;
-    config.krebs.users.makefu-vbob.pubkey
+      allowDiscards = true;
+      keyFileSize = 4096;
+      keyFile = "/dev/sdb";
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.darth;

makefu/1systems/gum/config.nix

@@ -9,6 +9,7 @@ let
   external-gw6 = "fe80::1";
   external-netmask = 22;
   external-netmask6 = 64;
+  ext-if = "et0"; # gets renamed on the fly
   internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
   main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
 in {
@@ -41,6 +42,7 @@ in {
       <stockholm/makefu/2configs/sabnzbd.nix>
       <stockholm/makefu/2configs/torrent.nix>
       <stockholm/makefu/2configs/iodined.nix>
+      <stockholm/makefu/2configs/vpn/openvpn-server.nix>
 
       ## Web
       <stockholm/makefu/2configs/nginx/share-download.nix>
@@ -94,7 +96,7 @@ in {
     ];
   };
 
-
+  makefu.server.primary-itf = ext-if;
 
   # access
   users.users = {
@@ -120,7 +122,7 @@ in {
 
   # Network
   services.udev.extraRules = ''
-    SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="et0"
+    SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
   '';
   boot.kernelParams = [ ];
   networking = {
@@ -152,14 +154,16 @@ in {
           21032
         ];
     };
-    interfaces.et0.ip4 = [{
+    interfaces."${ext-if}" = {
+      ip4 = [{
         address = external-ip;
         prefixLength = external-netmask;
       }];
-    interfaces.et0.ip6 = [{
+      ip6 = [{
         address = external-ip6;
         prefixLength = external-netmask6;
       }];
+    };
     defaultGateway6 = external-gw6;
     defaultGateway = external-gw;
     nameservers = [ "8.8.8.8" ];

makefu/1systems/x/config.nix

@@ -42,6 +42,14 @@ with import <stockholm/lib>;
       <stockholm/makefu/2configs/virtualisation/libvirt.nix>
       <stockholm/makefu/2configs/virtualisation/docker.nix>
       <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
+      {
+        networking.firewall.allowedTCPPorts = [ 8080 ];
+        networking.nat = {
+          enable = true;
+          externalInterface = "wlp3s0";
+          internalInterfaces = [ "vboxnet0" ];
+        };
+      }
 
       # Services
       <stockholm/makefu/2configs/git/brain-retiolum.nix>
@@ -81,6 +89,7 @@ with import <stockholm/lib>;
   networking.firewall.enable = true;
   networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
   networking.firewall.allowedUDPPorts = [ 665 26061 ];
+  networking.firewall.trustedInterfaces = [ "vboxnet0" ];
 
   krebs.build.host = config.krebs.hosts.x;
 

makefu/2configs/audio/jack-on-pulse.nix

@@ -45,7 +45,7 @@ in
         Restart = "always";
         RestartSec = "5";
       };
-      # after = [ "display-manager.service" "sound.target" ];
+      after = [ "display-manager.service" "sound.target" ];
       wantedBy = [ "default.target" ];
     };
   };

makefu/2configs/backup.nix

@@ -31,6 +31,7 @@ in {
   krebs.backup.plans = {
     # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
     gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
+    # wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/";
   };
   environment.systemPackages = [
     pkgs.borgbackup

makefu/2configs/deployment/gitlab.nix

@@ -0,0 +1,39 @@
+{ lib, config, ... }:
+let
+  web-port = 19453;
+  hostn = "gitlab.makefu.r";
+  internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+in {
+
+  services.gitlab = {
+    enable = true;
+    https = false;
+    port = web-port;
+    secrets = import <secrets/gitlab/secrets.nix>;
+    databasePassword = import <secrets/gitlab/dbpw.nix>;
+    initialRootEmail = "makefu@x.r";
+    initialRootPassword = import <secrets/gitlab/rootpw.nix>;
+    host = hostn;
+    smtp = {
+      enable = true;
+      domain = "r";
+      enableStartTLSAuto = false;
+      port = 25;
+    };
+  };
+
+  services.nginx = {
+    enable = lib.mkDefault true;
+    virtualHosts."${hostn}".locations."/" = {
+        proxyPass  = "http://localhost:${toString web-port}/";
+        extraConfig = ''
+          if ( $server_addr != "${internal-ip}" ) {
+            return 403;
+          }
+          proxy_set_header   Host             $host;
+          proxy_set_header   X-Real-IP        $remote_addr;
+          proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
+      '';
+    };
+  };
+}

makefu/2configs/elchos/search.nix

@@ -23,10 +23,21 @@ let
     pid=${ddclientPIDFile}
     ${concatStringsSep "\n" (mapAttrsToList (user: pass: ''
 
+      protocol=dyndns2
       use=if, if=${primary-itf}
-      protocol=dyndns2, server=ipv4.nsupdate.info, login=${user}, password='${pass}' ${user}
+      ssl=yes
-      #usev6=if, if=${primary-itf}
+      server=ipv4.nsupdate.info
-      #protocol=dyndns2, server=ipv6.nsupdate.info, login=${user}, password='${pass}' ${user}
+      login=${user}
+      password='${pass}'
+      ${user}
+
+      protocol=dyndns2
+      usev5=if, if=${primary-itf}
+      ssl=yes
+      server=ipv6.nsupdate.info
+      login=${user}
+      password='${pass}'
+      ${user}
     '') dict)}
   '';
 

makefu/2configs/fs/sda-crypto-root.nix

@@ -4,6 +4,12 @@
 # sda1: boot ext4 (label nixboot) - must be unlocked on boot if required:
   # boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
 # sda2: cryptoluks -> ext4
+
+# fdisk /dev/sda
+  # boot 500M
+  # rest rest
+# cryptsetup luksFormat /dev/sda2
+#
 with import <stockholm/lib>;
 {
   boot = {

makefu/2configs/git/gitlab-runner-shackspace.nix

@@ -0,0 +1,32 @@
+{ config, ... }:
+let
+  url = "https://git.shackspace.de/";
+  # generate token from CI-token via:
+  ## gitlab-runner register
+  token = import <secrets/shackspace-gitlab-ci-token.nix> ;
+in {
+  virtualisation.docker.enable = true;
+  services.gitlab-runner = {
+    enable = true;
+    gracefulTimeout = "120min";
+    # configFile = "/var/src/secrets/runner.toml";
+    configOptions = {
+      concurrent = 2;
+      runners = [{
+        name = "nix-krebs-1.11";
+        inherit token url;
+        executor = "docker";
+        builds_dir = "";
+        docker = {
+          host = "";
+          image = "nixos/nix:1.11";
+          privileged = false;
+          disable_cache = false;
+          volumes = ["/cache"];
+          shm_size = 0;
+        };
+        cache = {};
+      }];
+    };
+  };
+}

makefu/2configs/hw/tp-x230.nix

@@ -33,8 +33,8 @@ with import <stockholm/lib>;
       Option "Backlight"     "intel_backlight"
     '';
   };
-  # no entropy source working
+
-  # security.rngd.enable = true;
+  security.rngd.enable = true;
 
   services.xserver.displayManager.sessionCommands =''
     xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1

makefu/2configs/lanparty/samba.nix

@@ -0,0 +1,31 @@
+{config, ... }:{
+  networking.firewall.allowedUDPPorts = [ 137 138 ];
+  networking.firewall.allowedTCPPorts = [ 139 445 ];
+  users.users.smbguest = {
+    name = "smbguest";
+    uid = config.ids.uids.smbguest;
+    description = "smb guest user";
+    home = "/data/lanparty";
+    createHome = true;
+  };
+  services.samba = {
+    enable = true;
+    shares = {
+      share-home = {
+        path = "/data/lanparty/";
+        "read only" = "no";
+        browseable = "yes";
+        "guest ok" = "yes";
+      };
+    };
+    extraConfig = ''
+      guest account = smbguest
+      map to guest = bad user
+      # disable printing
+      load printers = no
+      printing = bsd
+      printcap name = /dev/null
+      disable spoolss = yes
+    '';
+  };
+}

makefu/2configs/nsupdate-data.nix

@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }:
+
+# search also generates ddclient entries for all other logs
+
+with import <stockholm/lib>;
+let
+  #primary-itf = "eth0";
+  #primary-itf = "wlp2s0";
+  primary-itf = config.makefu.server.primary-itf;
+  ddclientUser = "ddclient";
+  sec = toString <secrets>;
+  nsupdate = import "${sec}/nsupdate-data.nix";
+  stateDir = "/var/spool/ddclient";
+  cfg = "${stateDir}/cfg";
+  ddclientPIDFile = "${stateDir}/ddclient.pid";
+
+  # TODO: correct cert generation requires a `real` internet ip address
+
+  gen-cfg = dict: ''
+    ssl=yes
+    cache=${stateDir}/ddclient.cache
+    pid=${ddclientPIDFile}
+    ${concatStringsSep "\n" (mapAttrsToList (user: pass: ''
+
+      use=if, if=${primary-itf} protocol=dyndns2, server=ipv4.nsupdate.info, login=${user}, password='${pass}' ${user}
+      usev6=if, if=${primary-itf} protocol=dyndns2, server=ipv6.nsupdate.info, login=${user}, password='${pass}' ${user}
+    '') dict)}
+  '';
+
+in {
+  users.extraUsers = singleton {
+    name = ddclientUser;
+    uid = genid "ddclient";
+    description = "ddclient daemon user";
+    home = stateDir;
+    createHome = true;
+  };
+
+  systemd.services = {
+    ddclient-nsupdate-elchos = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "ip-up.target" ];
+      serviceConfig = {
+        Type = "forking";
+        User = ddclientUser;
+        PIDFile = ddclientPIDFile;
+        ExecStartPre = pkgs.writeDash "init-nsupdate" ''
+          cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg}
+          chmod 700 ${cfg}
+        '';
+        ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}";
+      };
+    };
+  };
+}

makefu/2configs/share/anon-ftp.nix

@@ -1,6 +1,6 @@
 { config, lib, ... }:
 let
-  ftpdir = "/home/ftp";
+  ftpdir = "/data";
 in {
   networking.firewall = {
     allowedTCPPorts = [ 20 21 ];

makefu/2configs/share/gum.nix

@@ -1,6 +1,6 @@
 { config, lib, pkgs, ... }:
 
-with config.krebs.lib;
+with import <stockholm/lib>;
 let
   hostname = config.krebs.build.host.name;
 in {
@@ -11,7 +11,7 @@ in {
   #   home = "/var/empty";
   # };
 
-  users.users.download = { };
+  users.users.download.uid = genid "download";
   services.samba = {
     enable = true;
     shares = {

makefu/2configs/tools/android-pentest.nix

@@ -10,5 +10,8 @@
     apktool
     jd-gui
     android-studio
+    jdk
+    jre
+    openssl
   ];
 }

makefu/2configs/tools/dev.nix

@@ -1,9 +1,10 @@
 { pkgs, ... }:
 
 {
-  krebs.per-user.makefu.packages = with pkgs;[
+  users.users.makefu.packages = with pkgs;[
     python35Packages.virtualenv
     # embedded
+    gi
     flashrom
     mosquitto
     libcoap

makefu/2configs/tools/extra-gui.nix

@@ -13,5 +13,6 @@
     # Dev
     saleae-logic
     arduino-user-env
+    gitAndTools.gitFull
   ];
 }

makefu/2configs/urlwatch/default.nix

@@ -1,6 +1,11 @@
 { config, lib, ... }:
 
-{
+let
+  grss = name: { #github rss feed
+    url = "https://github.com/${name}/releases.atom";
+    filter = "grepi:(<updated|<media.thumbnail)";
+  };
+in {
   krebs.urlwatch = {
     enable = true;
     mailto = config.krebs.users.makefu.mail;
@@ -10,14 +15,7 @@
       ## nixpkgs maintenance
       # github 
       ## No rate limit
-      https://github.com/amadvance/snapraid/releases.atom
+
-      https://github.com/radare/radare2/releases.atom
-      https://github.com/ovh/python-ovh/releases.atom
-      https://github.com/embray/d2to1/releases.atom
-      https://github.com/Mic92/vicious/releases.atom
-      https://github.com/embray/d2to1/releases.atom
-      https://github.com/dorimanx/exfat-nofuse/releases.atom
-      https://github.com/rapid7/metasploit-framework/releases.atom
       ## rate limited
       # https://api.github.com/repos/dorimanx/exfat-nofuse/commits
       # https://api.github.com/repos/mcepl/gen-oath-safe/commits
@@ -39,6 +37,15 @@
         filter = "grep:Software/Linux/dymo-cups-drivers";
       }
       # TODO: dymo cups
+    ] ++ map grss [
+      "amadvance/snapraid"
+      "radare/radare2"
+      "ovh/python-ovh"
+      "embray/d2to1"
+      "Mic92/vicious"
+      "embray/d2to1"
+      "dorimanx/exfat-nofuse"
+      "rapid7/metasploit-framework"
     ];
   };
 }

makefu/2configs/vim.nix

@@ -21,6 +21,9 @@ in {
     vimrcConfig.customRC = ''
       set nocompatible
       syntax on
+      set list
+      set listchars=tab:▸
+      "set list listchars=tab:>-,trail:.,extends:>
 
       filetype off
       filetype plugin indent on

makefu/2configs/virtualisation/docker.nix

@@ -1,4 +1,8 @@
-{...}:
+{ pkgs, ... }:
 {
   virtualisation.docker.enable = true;
+  environment.systemPackages = with pkgs;[
+    docker
+    docker_compose
+  ];
 }

makefu/5pkgs/cmpforopenssl/default.nix

@@ -0,0 +1,82 @@
+{ stdenv, fetchurl, buildPackages, perl, fetchgit
+, hostPlatform
+}:
+
+with stdenv.lib;
+
+let
+
+  common = args@{ rev, sha256, patches ? [] }: stdenv.mkDerivation rec {
+    name = "cmpforopenssl-${rev}";
+
+    src = fetchgit {
+      url = "https://git.code.sf.net/p/cmpforopenssl/git";
+      inherit sha256 rev;
+      fetchSubmodules = false;
+      deepClone = false;
+    };
+
+    patches =
+      (args.patches or [])
+      ++ [ ./nix-ssl-cert-file.patch ];
+
+    outputs = [ "bin" "dev" "out" "man" ];
+    setOutputFlags = false;
+    separateDebugInfo = stdenv.isLinux;
+
+    nativeBuildInputs = [ perl ];
+
+    configureScript = "./config";
+
+    configureFlags = [
+      "shared"
+      "--libdir=lib"
+      "--openssldir=etc/ssl"
+    ] ;
+
+    makeFlags = [ "MANDIR=$(man)/share/man" ];
+
+    # Parallel building is broken in OpenSSL.
+    enableParallelBuilding = false;
+
+    postInstall = ''
+      # If we're building dynamic libraries, then don't install static
+      # libraries.
+      if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
+          rm "$out/lib/"*.a
+      fi
+
+      mkdir -p $bin
+      mv $out/bin $bin/
+
+      mkdir $dev
+      mv $out/include $dev/
+
+      # remove dependency on Perl at runtime
+      rm -r $out/etc/ssl/misc
+
+      rmdir $out/etc/ssl/{certs,private}
+    '';
+
+    postFixup = ''
+      # Check to make sure the main output doesn't depend on perl
+      if grep -r '${buildPackages.perl}' $out; then
+        echo "Found an erroneous dependency on perl ^^^" >&2
+        exit 1
+      fi
+    '';
+
+
+    meta = {
+      homepage = https://sourceforge.net/p/cmpforopenssl ;
+      description = "A cryptographic library that implements the SSL and TLS protocols";
+      platforms = stdenv.lib.platforms.all;
+      maintainers = [ stdenv.lib.maintainers.makefu ];
+      priority = 0; # resolves collision with ‘man-pages’
+    };
+  };
+
+in common {
+    rev = "462b3";
+    sha256 = "1h2k1c4lg27gmsyd72zrlr303jw765x8sscxblq2jwb44jag85na";
+  }

makefu/5pkgs/cmpforopenssl/nix-ssl-cert-file.patch

@@ -0,0 +1,14 @@
+diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c
+--- openssl-1.0.2j-orig/crypto/x509/by_file.c	2016-09-26 11:49:07.000000000 +0200
++++ openssl-1.0.2j/crypto/x509/by_file.c	2016-10-13 16:54:31.400288302 +0200
+@@ -97,7 +97,9 @@
+     switch (cmd) {
+     case X509_L_FILE_LOAD:
+         if (argl == X509_FILETYPE_DEFAULT) {
+-            file = (char *)getenv(X509_get_default_cert_file_env());
++            file = (char *)getenv("NIX_SSL_CERT_FILE");
++            if (!file)
++                file = (char *)getenv(X509_get_default_cert_file_env());
+             if (file)
+                 ok = (X509_load_cert_crl_file(ctx, file,
+                                               X509_FILETYPE_PEM) != 0);

makefu/5pkgs/custom/default.nix

@@ -0,0 +1,3 @@
+{}:
+{
+}

makefu/5pkgs/custom/inkscape/dxf_fix.patch

@@ -0,0 +1,13 @@
+--- ./share/extensions/dxf_outlines.py	2017-02-14 00:46:57.000000000 +0100
++++ ./share/extensions/dxf_outlines.py.new	2017-05-10 04:15:03.000000000 +0200
+@@ -340,7 +340,7 @@
+         scale = eval(self.options.units)
+         if not scale:
+             scale = 25.4/96     # if no scale is specified, assume inch as baseunit
+-        h = self.unittouu(self.document.getroot().xpath('@height', namespaces=inkex.NSS)[0])
++        h = self.unittouu(self.getDocumentHeight())
+         self.groupmat = [[[scale, 0.0, 0.0], [0.0, -scale, h*scale]]]
+         doc = self.document.getroot()
+         self.process_group(doc)
+
+

makefu/5pkgs/custom/qcma/default.nix

@@ -1,5 +1,5 @@
 { lib, stdenv, fetchFromGitHub, fetchgit, libusb, libtool, autoconf, pkgconfig, git,
-gettext, automake, libxml2 , qmakeHook, makeQtWrapper,
+gettext, automake, libxml2 , qmake,
 qtbase, qttools, qtmultimedia, libnotify, ffmpeg, gdk_pixbuf }:
 let
   libvitamtp = stdenv.mkDerivation rec {
@@ -52,13 +52,14 @@ in stdenv.mkDerivation rec {
   enableParallelBuilding = true;
 
   buildInputs = [ gdk_pixbuf ffmpeg libnotify libvitamtp git qtmultimedia qtbase ];
-  nativeBuildInputs = [ qmakeHook qttools pkgconfig makeQtWrapper ];
+  nativeBuildInputs = [ qmake qttools pkgconfig ];
 
   meta = {
     description = "Content Manager Assistant for the PS Vita";
     homepage = https://github.com/codestation/qcma;
     license = stdenv.lib.licenses.gpl2;
     platforms = stdenv.lib.platforms.linux;
+    broken = true;
     maintainers = with stdenv.lib.maintainers; [ makefu ];
   };
 }

makefu/5pkgs/default.nix

@@ -20,13 +20,17 @@ self: super: let
               (filterAttrs (_: eq "directory") (readDir path));
 
 in {
-    alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
+    alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";};
-    alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
+    alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";};
-    alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
+    alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";};
+    qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { };
     inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client;
-    nodemcu-uploader = callPackage ./nodemcu-uploader {};
+    nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {};
+    inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: {
+      patches = [ ./custom/inkscape/dxf_fix.patch ];
+    });
     pwqgen-ger = callPackage <stockholm/krebs/5pkgs/simple/passwdqc-utils> {
-      wordset-file = pkgs.fetchurl {
+      wordset-file = super.pkgs.fetchurl {
         url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ;
         sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";
       };

makefu/5pkgs/dionaea/default.nix

@@ -0,0 +1,50 @@
+{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub,
+  libpcap, libdnet, libevent, readline, autoconf, automake, libtool, zlib, pcre,
+  libev,
+  ... }:
+let
+  liblcfg = stdenv.mkDerivation rec {
+    name = "liblcfg-${version}";
+    version = "750bc90";
+    src = fetchFromGitHub {
+      owner = "ThomasAdam";
+      repo = "liblcfg";
+      rev = version;
+      sha256 = "1k3r47p81paw5802jklx9xqbjrxr26pahipxn9nq3177qhxxibkr";
+    };
+    buildInputs = with pkgs;[ autoconf automake ];
+    preConfigure = ''autoreconf -fi'';
+    sourceRoot = "${name}-src/code";
+  };
+in stdenv.mkDerivation rec {
+  name = "liblcfg-${version}";
+
+  #version = "1.5c"; #original, does not compile due to libc errors
+  #src = fetchurl {
+  #  url = "http://www.honeyd.org/uploads/honeyd-${version}.tar.gz";
+  #  sha256 = "0vcih16fk5pir5ssfil8x79nvi62faw0xvk8s5klnysv111db1ii";
+  #};
+
+  #version = "64d087c"; # honeyd-1.6.7
+  #  sha256 = "0zhnn13r24y1q494xcfx64vyp84zqk8qmsl41fq2674230bn0p31";
+
+  version  = "6756787f94c4f1ac53d1e5545d052774a0446c04";
+  src = fetchFromGitHub {
+    owner = "rep";
+    repo = "dionaea";
+    rev = version;
+    sha256 = "04zjr9b7x0rqwzgb9gfxq6pclb817gz4qaghdl8xa79bqf9vv2p7";
+  };
+
+  buildInputs = with pkgs;[ libtool automake autoconf ];
+  configureFlags = [
+    "--with-liblcfg=${liblcfg}"
+    "--with-libpcap=${libpcap}"
+  ];
+
+  meta = {
+    homepage = http://www.honeyd.org/;
+    description = "virtual Honeypots";
+    license = lib.licenses.gpl2;
+  };
+}

makefu/5pkgs/farpd/default.nix

@@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
     zlib
     coreutils
     python
-    pythonPackages.sqlite3
+    pythonPackages.pysqlite
   ];
   patches = [
     ( fetchurl {

makefu/5pkgs/libopencm3/default.nix

@@ -0,0 +1,30 @@
+{ lib, stdenv, fetchFromGitHub, gcc-arm-embedded, python }:
+stdenv.mkDerivation rec {
+  name = "libopencm-${version}";
+  version = "2017-04-01";
+
+  src = fetchFromGitHub {
+    owner = "libopencm3";
+    repo = "libopencm3";
+    rev = "383fafc862c0d47f30965f00409d03a328049278";
+    sha256 = "0ar67icxl39cf7yb5glx3zd5413vcs7zp1jq0gzv1napvmrv3jv9";
+  };
+
+  buildInputs = [ gcc-arm-embedded python ];
+  buildPhase = ''
+    sed -i 's#/usr/bin/env python#${python}/bin/python#' ./scripts/irq2nvic_h
+    make
+  '';
+  installPhase = ''
+    mkdir -p $out
+    cp -r lib $out/
+  '';
+
+  meta = {
+    description = "Open Source ARM cortex m microcontroller library";
+    homepage = https://github.com/libopencm3/libopencm3;
+    license = stdenv.lib.licenses.gpl2;
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = with stdenv.lib.maintainers; [ makefu ];
+  };
+}

makefu/5pkgs/logstash-output-exec/default.nix

@@ -0,0 +1,32 @@
+{ pkgs, stdenv, lib, fetchFromGitHub }:
+
+
+# TODO: requires ftw ruby package
+stdenv.mkDerivation rec {
+  name = "logstash-input-github-${version}";
+  version = "3.1.0";
+
+	src = fetchFromGitHub {
+		owner = "logstash-plugins";
+    repo = "logstash-output-exec";
+    rev = "v${version}";
+    sha256 = "0ix5w9l6hrbjaymkh7fzymjvpkiias3hs0l77zdpcwdaa6cz53nf";
+	};
+
+  dontBuild    = true;
+  dontPatchELF = true;
+  dontStrip    = true;
+  dontPatchShebangs = true;
+  installPhase = ''
+    mkdir -p $out/logstash
+    cp -r lib/* $out
+  '';
+
+  meta = with lib; {
+    description = "logstash output plugin";
+    homepage    = https://github.com/logstash-plugins/logstash-output-exec;
+    license     = stdenv.lib.licenses.asl20;
+    platforms   = stdenv.lib.platforms.unix;
+    maintainers = with maintainers; [ makefu ];
+  };
+}

makefu/5pkgs/mcomix/default.nix

@@ -0,0 +1,20 @@
+{ pkgs, lib ,python2Packages, fetchurl, gtk3}:
+python2Packages.buildPythonPackage rec {
+  name = "mcomix-${version}";
+  version = "1.2.1";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/mcomix/${name}.tar.bz2";
+    sha256 = "0fzsf9pklhfs1rzwzj64c0v30b74nk94p93h371rpg45qnfiahvy";
+  };
+
+  propagatedBuildInputs = with python2Packages;
+    [ python2Packages.pygtk gtk3 python2Packages.pillow ];
+
+  meta = {
+    homepage = https://github.com/pyload/pyload;
+    description = "Free and Open Source download manager written in Python";
+    license = lib.licenses.gpl3;
+    maintainers = with lib.maintainers; [ makefu ];
+  };
+}

makefu/5pkgs/minibar/default.nix

@@ -0,0 +1,12 @@
+{ lib, pkgs, fetchFromGitHub, ... }:
+
+with pkgs.python3Packages;buildPythonPackage rec {
+  name = "minibar-${version}";
+  version = "0.5.0";
+  src = fetchFromGitHub {
+    owner = "canassa";
+    repo = "minibar";
+    rev = "c8ecd61";
+    sha256 = "1k718zrjd11rw93nmz2wxvhvsai6lwqfblnwjpmkpnslcdan7641";
+  };
+}

makefu/5pkgs/nltk/default.nix

@@ -0,0 +1,17 @@
+{ lib, pkgs, fetchFromGitHub, ... }:
+
+with pkgs.pythonPackages;buildPythonPackage rec {
+  name = "nltk-${version}";
+  version = "3.2.1";
+  src = pkgs.fetchurl{
+    #url = "mirror://pypi/n/${name}.tar.gz";
+    url = "https://pypi.python.org/packages/58/85/8fa6f8c488507aab7d6234ce754bbbe61bfeb8382489785e2d764bf8f52a/${name}.tar.gz";
+    sha256 = "0skxbhnymwlspjkzga0f7x1hg3y50fwpfghs8g8k7fh6f4nknlym";
+
+  };
+  meta = {
+    homepage = http://nltk.org;
+    description = "Natural languages Toolkit";
+    license = lib.licenses.asl20;
+  };
+}

makefu/5pkgs/novnc/default.nix

@@ -13,7 +13,6 @@ stdenv.mkDerivation rec {
   };
   p = stdenv.lib.makeBinPath [ pkgs.nettools pkgs.python27Packages.websockify
                                pkgs.coreutils pkgs.which pkgs.procps ];
-  # TODO: propagatedBuildInputs does not seem to work with shell scripts
   patchPhase = ''
     sed -i '1aset -efu\nexport PATH=${p}\n' utils/launch.sh
   '';

makefu/5pkgs/programs-db/default.nix

@@ -0,0 +1,12 @@
+{ stdenv }:
+
+stdenv.mkDerivation rec {
+  name = "programs-db";
+  src = builtins.fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz ;
+
+  phases = [ "unpackPhase" "installPhase" ];
+  installPhase = ''
+    cp programs.sqlite $out
+  '';
+
+}

makefu/6tests/data/secrets/nsupdate-data.nix

@@ -0,0 +1 @@
+{ "lol" = "wut"; }

makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix

@@ -0,0 +1 @@
+"lol"

makefu/source.nix

@@ -11,7 +11,10 @@ let
               then "buildbot"
               else "makefu";
   _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
-  ref = "1e47827"; # unstable @ 2017-07-31 + graceful requests2 (a772c3aa) + libpurple bitlbee ( ce6fe1a, 65e38b7 )
+  ref = "9d4bd6b"; # unstable @ 2017-07-31
+                   # + graceful requests2 (a772c3aa)
+                   # + libpurple bitlbee ( ce6fe1a, 65e38b7 )
+                   # + buildbot-runner ( f3cecc5 )
 
 in
   evalSource (toString _file) [