From db6e1a0dfc91ea25c0eeebb5254156469f209265 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 2 Jan 2022 21:33:30 +0100
Subject: tv querel: set autoLogin like it's the future

For NixOS 21.11
---
 tv/1systems/querel/config.nix | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix
index 96d8d2b6a..41253cfb3 100644
--- a/tv/1systems/querel/config.nix
+++ b/tv/1systems/querel/config.nix
@@ -73,9 +73,8 @@ with import <stockholm/lib>;
 
   services.xserver.desktopManager.plasma5.enable = true;
 
-  services.xserver.displayManager.lightdm.autoLogin.enable = true;
-  services.xserver.displayManager.lightdm.autoLogin.user = "itak";
-  services.xserver.displayManager.lightdm.enable = true;
+  services.xserver.displayManager.autoLogin.enable = true;
+  services.xserver.displayManager.autoLogin.user = "itak";
 
   users.users.itak = {
     inherit (config.krebs.users.itak) home uid;
-- 
cgit v1.2.3


From 853e54ec8458d9fa1222fb72f9871427d45fd8eb Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 3 Jan 2022 14:56:44 +0100
Subject: htgen: use currect group names

---
 krebs/3modules/htgen.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix
index 4221703ec..375e26974 100644
--- a/krebs/3modules/htgen.nix
+++ b/krebs/3modules/htgen.nix
@@ -75,7 +75,12 @@ let
       }
     ) cfg;
 
-    users.groups = mapAttrs (_: _: {}) cfg;
+    users.groups = mapAttrs' (name: htgen:
+      nameValuePair htgen.user.name {
+        name = htgen.user.name;
+        gid = htgen.user.uid;
+      }
+    ) cfg;
 
   };
 in out
-- 
cgit v1.2.3


From d7edeeac5071ae96e60303a76ff32df2fca98db9 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 4 Jan 2022 00:55:22 +0100
Subject: lib.toC: admit int

---
 lib/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/default.nix b/lib/default.nix
index 574713e48..94a81439e 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -52,6 +52,7 @@ let
       type = typeOf x;
       reject = throw "cannot convert ${type}";
     in {
+      int = toJSON x; # close enough
       list = "{ ${concatStringsSep ", " (map toC x)} }";
       null = "NULL";
       set = if isDerivation x then toJSON x else reject;
-- 
cgit v1.2.3


From e82cbd6f35c85ce4aeb2e0f4572e6742c536d941 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 4 Jan 2022 20:30:02 +0100
Subject: exim: set User= but run as root

LoadCredential= will set the owner of $CREDENTIALS_DIRECTORY and the
credentials to User=.  As currently Exim is currently has to be run as
root in order to use the standard SMTP port and for local deliveries[1],
set User=exim, but run all processes as root.

[1]: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-security_considerations.html#SECID270
---
 krebs/3modules/exim.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix
index 972c7f437..0f0aa67f0 100644
--- a/krebs/3modules/exim.nix
+++ b/krebs/3modules/exim.nix
@@ -65,8 +65,9 @@ in {
         config.environment.etc."exim.conf".source
       ];
       serviceConfig = {
-        ExecStart = "${pkgs.exim}/bin/exim -bdf -q30m";
-        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+        ExecStart = "+${pkgs.exim}/bin/exim -bdf -q30m";
+        ExecReload = "+${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+        User = cfg.user.name;
       };
       wantedBy = [ "multi-user.target" ];
     };
-- 
cgit v1.2.3


From a5df5deb3b91b01fc0e8822fc4b5615b8e9ab524 Mon Sep 17 00:00:00 2001
From: Lennart <lennart@lnrt.de>
Date: Wed, 5 Jan 2022 21:23:53 +0100
Subject: add ed25519 pubkey to {catalonia,karakalpakstan}.r

---
 krebs/3modules/external/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 4c4e53f2f..fac91f632 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -662,6 +662,7 @@ in {
            vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ==
            -----END RSA PUBLIC KEY-----
          '';
+         tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL";
         };
       };
     };
@@ -686,6 +687,7 @@ in {
            /n/eHElmKWoMCXhkV/mee1Cl2Y74XKivM6ov3lLvIDRxdXl46PvBFVkCAwEAAQ==
            -----END RSA PUBLIC KEY-----
          '';
+         tinc.pubkey_ed25519 = "P9yurwK2l1npimgm3yk8WXigWLfEtJ6G1w/3kVCPG7F";
         };
       };
     };
-- 
cgit v1.2.3


From deda4c978956e39c3b6345e5ef5604b2bc020e00 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= <kmein@posteo.de>
Date: Wed, 5 Jan 2022 21:34:08 +0100
Subject: external: add kmein grocy, remove radio

---
 krebs/3modules/external/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index fac91f632..66914797d 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -320,7 +320,7 @@ in {
           aliases = [
             "zaatar.r"
             "zaatar.kmein.r"
-            "radio.kmein.r"
+            "grocy.kmein.r"
             "bvg.kmein.r"
             "moodle.kmein.r"
           ];
-- 
cgit v1.2.3