From 79e5320e6b1da4d9d3569fe2b4f42c5d9db7c641 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 3 Dec 2018 09:47:35 +0100
Subject: l: use genid_uint31 where needed

---
 lass/1systems/prism/config.nix      | 12 ++++++------
 lass/2configs/radio.nix             |  3 +--
 lass/2configs/websites/lassulus.nix |  6 +++---
 lass/3modules/xjail.nix             |  2 +-
 4 files changed, 11 insertions(+), 12 deletions(-)

(limited to 'lass')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 0ca39447d..e2097e93a 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -25,7 +25,7 @@ with import <stockholm/lib>;
     { # TODO make new hfos.nix out of this vv
       boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
       users.users.riot = {
-        uid = genid "riot";
+        uid = genid_uint31 "riot";
         isNormalUser = true;
         extraGroups = [ "libvirtd" ];
         openssh.authorizedKeys.keys = [
@@ -44,21 +44,21 @@ with import <stockholm/lib>;
     }
     {
       users.users.tv = {
-        uid = genid "tv";
+        uid = genid_uint31 "tv";
         isNormalUser = true;
         openssh.authorizedKeys.keys = [
           config.krebs.users.tv.pubkey
         ];
       };
       users.users.makefu = {
-        uid = genid "makefu";
+        uid = genid_uint31 "makefu";
         isNormalUser = true;
         openssh.authorizedKeys.keys = [
           config.krebs.users.makefu.pubkey
         ];
       };
       users.extraUsers.dritter = {
-        uid = genid "dritter";
+        uid = genid_uint31 "dritter";
         isNormalUser = true;
         extraGroups = [
           "download"
@@ -75,7 +75,7 @@ with import <stockholm/lib>;
         ];
       };
       users.users.hellrazor = {
-        uid = genid "hellrazor";
+        uid = genid_uint31 "hellrazor";
         isNormalUser = true;
         extraGroups = [
           "download"
@@ -168,7 +168,7 @@ with import <stockholm/lib>;
     }
     {
       users.users.jeschli = {
-        uid = genid "jeschli";
+        uid = genid_uint31 "jeschli";
         isNormalUser = true;
         openssh.authorizedKeys.keys = with config.krebs.users; [
           jeschli.pubkey
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 85faded14..987632cd1 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -5,7 +5,6 @@ with import <stockholm/lib>;
 let
   name = "radio";
   mainUser = config.users.extraUsers.mainUser;
-  inherit (import <stockholm/lib>) genid;
 
   admin-password = import <secrets/icecast-admin-pw>;
   source-password = import <secrets/icecast-source-pw>;
@@ -31,7 +30,7 @@ in {
     "${name}" = rec {
       inherit name;
       group = name;
-      uid = genid name;
+      uid = genid_uint31 name;
       description = "radio manager";
       home = "/home/${name}";
       useDefaultShell = true;
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 6470d86f7..17af0d00d 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -3,7 +3,7 @@
 with lib;
 let
   inherit (import <stockholm/lib>)
-    genid
+    genid_uint31
   ;
 
 in {
@@ -22,7 +22,7 @@ in {
   krebs.tinc_graphs.enable = true;
 
   users.users.lass-stuff = {
-    uid = genid "lass-stuff";
+    uid = genid_uint31 "lass-stuff";
     description = "lassul.us blog cgi stuff";
     home = "/var/empty";
   };
@@ -124,7 +124,7 @@ in {
   };
 
   users.users.blog = {
-    uid = genid "blog";
+    uid = genid_uint31 "blog";
     description = "lassul.us blog deployment";
     home = "/srv/http/lassul.us";
     useDefaultShell = true;
diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix
index 974e11c6e..f6ce7ccc9 100644
--- a/lass/3modules/xjail.nix
+++ b/lass/3modules/xjail.nix
@@ -142,7 +142,7 @@ with import <stockholm/lib>;
 
     users.users = mapAttrs' (_: cfg:
       nameValuePair cfg.name {
-        uid = genid cfg.name;
+        uid = genid_uint31 cfg.name;
         home = "/home/${cfg.name}";
         useDefaultShell = true;
         createHome = true;
-- 
cgit v1.2.3


From 1f05294906e7735ead83cdf4ce9b0d6d195fa1c5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 3 Dec 2018 17:39:53 +0100
Subject: l archprism.r: cleanup

---
 lass/1systems/archprism/config.nix | 276 +------------------------------------
 1 file changed, 1 insertion(+), 275 deletions(-)

(limited to 'lass')

diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix
index bed8961b8..0a2ab1611 100644
--- a/lass/1systems/archprism/config.nix
+++ b/lass/1systems/archprism/config.nix
@@ -6,26 +6,10 @@ with import <stockholm/lib>;
     <stockholm/lass>
     <stockholm/lass/2configs/retiolum.nix>
     <stockholm/lass/2configs/libvirt.nix>
-    {
-      services.nginx.enable = true;
-      imports = [
-        <stockholm/lass/2configs/websites/domsen.nix>
-        <stockholm/lass/2configs/websites/lassulus.nix>
-      ];
-      # needed by domsen.nix ^^
-      lass.usershadow = {
-        enable = true;
-      };
-
-      krebs.iptables.tables.filter.INPUT.rules = [
-         { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
-         { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
-      ];
-    }
     { # TODO make new hfos.nix out of this vv
       boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
       users.users.riot = {
-        uid = genid "riot";
+        uid = genid_uint31 "riot";
         isNormalUser = true;
         extraGroups = [ "libvirtd" ];
         openssh.authorizedKeys.keys = [
@@ -42,153 +26,7 @@ with import <stockholm/lib>;
         { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; }
       ];
     }
-    {
-      users.users.tv = {
-        uid = genid "tv";
-        isNormalUser = true;
-        openssh.authorizedKeys.keys = [
-          config.krebs.users.tv.pubkey
-        ];
-      };
-      users.users.makefu = {
-        uid = genid "makefu";
-        isNormalUser = true;
-        openssh.authorizedKeys.keys = [
-          config.krebs.users.makefu.pubkey
-        ];
-      };
-      users.extraUsers.dritter = {
-        uid = genid "dritter";
-        isNormalUser = true;
-        extraGroups = [
-          "download"
-        ];
-        openssh.authorizedKeys.keys = [
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
-        ];
-      };
-      users.extraUsers.juhulian = {
-        uid = 1339;
-        isNormalUser = true;
-        openssh.authorizedKeys.keys = [
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
-        ];
-      };
-      users.users.hellrazor = {
-        uid = genid "hellrazor";
-        isNormalUser = true;
-        extraGroups = [
-          "download"
-        ];
-        openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
-      };
-    }
-    {
-      #hotdog
-      systemd.services."container@hotdog".reloadIfChanged = mkForce false;
-      containers.hotdog = {
-        config = { ... }: {
-          imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
-          environment.systemPackages = [ pkgs.git ];
-          services.openssh.enable = true;
-          users.users.root.openssh.authorizedKeys.keys = [
-            config.krebs.users.lass.pubkey
-          ];
-        };
-        autoStart = true;
-        enableTun = true;
-        privateNetwork = true;
-        hostAddress = "10.233.2.1";
-        localAddress = "10.233.2.2";
-      };
-    }
-    <stockholm/lass/2configs/exim-smarthost.nix>
-    <stockholm/lass/2configs/ts3.nix>
-    <stockholm/lass/2configs/privoxy-retiolum.nix>
-    <stockholm/lass/2configs/radio.nix>
-    <stockholm/lass/2configs/binary-cache/server.nix>
-    <stockholm/lass/2configs/iodined.nix>
-    <stockholm/lass/2configs/paste.nix>
-    <stockholm/lass/2configs/syncthing.nix>
-    <stockholm/lass/2configs/ciko.nix>
     <stockholm/lass/2configs/container-networking.nix>
-    <stockholm/lass/2configs/monitoring/prometheus-server.nix>
-    { # quasi bepasty.nix
-      imports = [
-        <stockholm/lass/2configs/bepasty.nix>
-      ];
-      krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
-        if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
-          return 403;
-        }
-      '';
-    }
-    {
-      services.tor = {
-        enable = true;
-      };
-    }
-    {
-      lass.ejabberd = {
-        enable = true;
-        hosts = [ "lassul.us" ];
-      };
-      krebs.iptables.tables.filter.INPUT.rules = [
-        { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
-        { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
-      ];
-    }
-    {
-      imports = [
-        <stockholm/lass/2configs/realwallpaper.nix>
-      ];
-      services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
-        alias /var/realwallpaper/realwallpaper.png;
-      '';
-    }
-    {
-      users.users.jeschli = {
-        uid = genid "jeschli";
-        isNormalUser = true;
-        openssh.authorizedKeys.keys = with config.krebs.users; [
-          jeschli.pubkey
-          jeschli-bln.pubkey
-          jeschli-bolide.pubkey
-          jeschli-brauerei.pubkey
-        ];
-      };
-      krebs.git.rules = [
-        {
-          user = with config.krebs.users; [
-            jeschli
-            jeschli-bln
-            jeschli-bolide
-            jeschli-brauerei
-          ];
-          repo = [ config.krebs.git.repos.xmonad-stockholm ];
-          perm = with git; push "refs/heads/jeschli*" [ fast-forward non-fast-forward create delete merge ];
-        }
-        {
-          user = with config.krebs.users; [
-            jeschli
-            jeschli-bln
-            jeschli-bolide
-            jeschli-brauerei
-          ];
-          repo = [ config.krebs.git.repos.stockholm ];
-          perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ];
-        }
-      ];
-    }
-    {
-      krebs.repo-sync.repos.stockholm.timerConfig = {
-        OnBootSec = "5min";
-        OnUnitInactiveSec = "2min";
-        RandomizedDelaySec = "2min";
-      };
-    }
-    <stockholm/lass/2configs/downloading.nix>
-    <stockholm/lass/2configs/minecraft.nix>
     {
       services.taskserver = {
         enable = true;
@@ -201,123 +39,11 @@ with import <stockholm/lib>;
         { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
       ];
     }
-    #<stockholm/lass/2configs/go.nix>
-    {
-      environment.systemPackages = [ pkgs.cryptsetup ];
-      systemd.services."container@red".reloadIfChanged = mkForce false;
-      containers.red = {
-        config = { ... }: {
-          environment.systemPackages = [ pkgs.git ];
-          services.openssh.enable = true;
-          users.users.root.openssh.authorizedKeys.keys = [
-            config.krebs.users.lass.pubkey
-          ];
-        };
-        autoStart = false;
-        enableTun = true;
-        privateNetwork = true;
-        hostAddress = "10.233.2.3";
-        localAddress = "10.233.2.4";
-      };
-      services.nginx.virtualHosts."rote-allez-fraktion.de" = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          extraConfig = ''
-            proxy_set_header Host rote-allez-fraktion.de;
-            proxy_pass http://10.233.2.4;
-          '';
-        };
-      };
-    }
-    #{
-    #  imports = [ <stockholm/lass/2configs/backup.nix> ];
-    #  lass.restic = genAttrs [
-    #    "daedalus"
-    #    "icarus"
-    #    "littleT"
-    #    "mors"
-    #    "shodan"
-    #    "skynet"
-    #  ] (dest: {
-    #    dirs = [
-    #      "/home/chat/.weechat"
-    #      "/bku/sql_dumps"
-    #    ];
-    #    passwordFile = (toString <secrets>) + "/restic/${dest}";
-    #    repo = "sftp:backup@${dest}.r:/backups/prism";
-    #    extraArguments = [
-    #      "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
-    #    ];
-    #    timerConfig = {
-    #      OnCalendar = "00:05";
-    #      RandomizedDelaySec = "5h";
-    #    };
-    #  });
-    #}
-    {
-      users.users.download.openssh.authorizedKeys.keys = [
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
-      ];
-    }
-    {
-    }
-    {
-      lass.nichtparasoup.enable = true;
-      services.nginx = {
-        enable = true;
-        virtualHosts."lol.lassul.us" = {
-          forceSSL = true;
-          enableACME = true;
-          locations."/".extraConfig = ''
-            proxy_pass http://localhost:5001;
-          '';
-        };
-      };
-    }
-    {
-      krebs.iptables.tables.filter.INPUT.rules = [
-         { predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
-      ];
-      krebs.iptables.tables.nat.PREROUTING.rules = [
-        { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
-      ];
-      krebs.iptables.tables.filter.FORWARD.rules = [
-        { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
-        { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
-      ];
-      krebs.iptables.tables.nat.POSTROUTING.rules = [
-        { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
-      ];
-      networking.wireguard.interfaces.wg0 = {
-        ips = [ "10.244.1.1/24" ];
-        listenPort = 51820;
-        privateKeyFile = (toString <secrets>) + "/wireguard.key";
-        allowedIPsAsRoutes = true;
-        peers = [
-          {
-            # lass-android
-            allowedIPs = [ "10.244.1.2/32" ];
-            publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
-          }
-        ];
-      };
-    }
     {
       krebs.iptables.tables.filter.INPUT.rules = [
         { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
       ];
     }
-    {
-      services.murmur.enable = true;
-      services.murmur.registerName = "lassul.us";
-      krebs.iptables.tables.filter.INPUT.rules = [
-        { predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
-      ];
-
-    }
   ];
 
   krebs.build.host = config.krebs.hosts.archprism;
-- 
cgit v1.2.3


From 205e74c138d809fa1bbb8cbbc983e3344217f3be Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 3 Dec 2018 17:40:52 +0100
Subject: l shodan.r: no need for git & wallpaper

---
 lass/1systems/shodan/config.nix | 2 --
 1 file changed, 2 deletions(-)

(limited to 'lass')

diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index 87a733d62..39c0791fc 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -8,11 +8,9 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/mouse.nix>
     <stockholm/lass/2configs/retiolum.nix>
     <stockholm/lass/2configs/baseX.nix>
-    <stockholm/lass/2configs/git.nix>
     <stockholm/lass/2configs/exim-retiolum.nix>
     <stockholm/lass/2configs/browsers.nix>
     <stockholm/lass/2configs/programs.nix>
-    <stockholm/lass/2configs/fetchWallpaper.nix>
     <stockholm/lass/2configs/wine.nix>
     <stockholm/lass/2configs/bitcoin.nix>
     <stockholm/lass/2configs/backup.nix>
-- 
cgit v1.2.3


From e4750d38e76db94a0b255fa143408b8cbe38b61b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 5 Dec 2018 09:02:31 +0100
Subject: l yellow.r: use fancyindex

---
 lass/1systems/yellow/config.nix | 35 +++++++++++++++++++++++++++++++----
 1 file changed, 31 insertions(+), 4 deletions(-)

(limited to 'lass')

diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 48d405111..ff7b23687 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -34,10 +34,37 @@ with import <stockholm/lib>;
 
   services.nginx = {
     enable = true;
-    virtualHosts."yellow.r".locations."/dl".extraConfig = ''
-      autoindex on;
-      alias /var/download/finished;
-    '';
+    package = pkgs.nginx.override {
+      modules = with pkgs.nginxModules; [
+        fancyindex
+      ];
+    };
+    virtualHosts."dl" = {
+      default = true;
+      locations."/Nginx-Fancyindex-Theme-dark" = {
+        extraConfig = ''
+          alias ${pkgs.fetchFromGitHub {
+            owner = "Naereen";
+            repo = "Nginx-Fancyindex-Theme";
+            rev = "e84f7d6a32085c2b6238f85f5fdebe9ceb710fc4";
+            sha256 = "0wzl4ws2w8f0749vxfd1c8c21p3jw463wishgfcmaljbh4dwplg6";
+          }}/Nginx-Fancyindex-Theme-dark;
+          autoindex on;
+        '';
+      };
+      locations."/" = {
+        root = "/var/download/finished";
+        extraConfig = ''
+          fancyindex on;
+          fancyindex_header "/Nginx-Fancyindex-Theme-dark/header.html";
+          fancyindex_footer "/Nginx-Fancyindex-Theme-dark/footer.html";
+          dav_methods PUT DELETE MKCOL COPY MOVE;
+
+          create_full_put_path on;
+          dav_access all:r;
+        '';
+      };
+    };
   };
 
   krebs.iptables = {
-- 
cgit v1.2.3


From d04c6be43d5c63f98a0c89aad512f19f1ffa6329 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 6 Dec 2018 14:20:04 +0100
Subject: l prism.r: add dnsmasq for wireguard

---
 lass/1systems/prism/config.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'lass')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index e2097e93a..83cc96771 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -323,6 +323,15 @@ with import <stockholm/lib>;
           }
         ];
       };
+      services.dnsmasq = {
+        enable = true;
+        resolveLocalQueries = false;
+
+        extraConfig= ''
+          except-interface=lo
+          interface=wg0
+        '';
+      };
     }
     {
       krebs.iptables.tables.filter.INPUT.rules = [
-- 
cgit v1.2.3


From 9e632ce4905fe46d285ad36f0e5b8a90f5d53dfd Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 16:54:00 +0100
Subject: l: add wirelum.nix

---
 lass/2configs/default.nix |  1 +
 lass/2configs/wirelum.nix | 44 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 lass/2configs/wirelum.nix

(limited to 'lass')

diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index a43113177..dea32d4d4 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -10,6 +10,7 @@ with import <stockholm/lib>;
     ./zsh.nix
     ./htop.nix
     ./security-workarounds.nix
+    ./wirelum.nix
     {
       users.extraUsers =
         mapAttrs (_: h: { hashedPassword = h; })
diff --git a/lass/2configs/wirelum.nix b/lass/2configs/wirelum.nix
new file mode 100644
index 000000000..cd8a20c6b
--- /dev/null
+++ b/lass/2configs/wirelum.nix
@@ -0,0 +1,44 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+
+  self = config.krebs.build.host.nets.wirelum;
+  isRouter = !isNull self.via;
+
+in mkIf (hasAttr "wirelum" config.krebs.build.host.nets) {
+  #hack for modprobe inside containers
+  systemd.services."wireguard-wirelum".path = mkIf config.boot.isContainer (mkBefore [
+    (pkgs.writeDashBin "modprobe" ":")
+  ]);
+
+  boot.kernel.sysctl = mkIf isRouter {
+    "net.ipv6.conf.all.forwarding" = 1;
+  };
+  krebs.iptables.tables.filter.INPUT.rules = [
+     { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; }
+  ];
+  krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [
+    { precedence = 1000; predicate = "-i wirelum -o wirelum"; target = "ACCEPT"; }
+  ];
+
+  networking.wireguard.interfaces.wirelum = {
+    ips =
+      (optional (!isNull self.ip4) self.ip4.addr) ++
+      (optional (!isNull self.ip6) self.ip6.addr);
+    listenPort = 51820;
+    privateKeyFile = (toString <secrets>) + "/wirelum.key";
+    allowedIPsAsRoutes = true;
+    peers = mapAttrsToList
+      (_: host: {
+        allowedIPs = if isRouter then
+          (optional (!isNull host.nets.wirelum.ip4) host.nets.wirelum.ip4.addr) ++
+          (optional (!isNull host.nets.wirelum.ip6) host.nets.wirelum.ip6.addr)
+        else
+          host.nets.wirelum.wireguard.subnets
+        ;
+        endpoint = mkIf (!isNull host.nets.wirelum.via) (host.nets.wirelum.via.ip4.addr + ":${toString host.nets.wirelum.wireguard.port}");
+        persistentKeepalive = mkIf (!isNull host.nets.wirelum.via) 61;
+        publicKey = host.nets.wirelum.wireguard.pubkey;
+      })
+      (filterAttrs (_: h: hasAttr "wirelum" h.nets) config.krebs.hosts);
+  };
+}
-- 
cgit v1.2.3


From 5d321689af3fd207a72ea73280add7689dc8d8c5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 16:55:00 +0100
Subject: l prism.r: dedup with wirelum.nix

---
 lass/1systems/prism/config.nix | 26 +++++++-------------------
 1 file changed, 7 insertions(+), 19 deletions(-)

(limited to 'lass')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 83cc96771..ec3976519 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -297,37 +297,25 @@ with import <stockholm/lib>;
       };
     }
     {
-      krebs.iptables.tables.filter.INPUT.rules = [
-         { predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
-      ];
-      krebs.iptables.tables.nat.PREROUTING.rules = [
-        { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+      imports = [
+        <stockholm/lass/2configs/wirelum.nix>
       ];
+      #krebs.iptables.tables.nat.PREROUTING.rules = [
+      #  { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+      #];
       krebs.iptables.tables.filter.FORWARD.rules = [
-        { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+        { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24 -d 10.243.0.0/16"; target = "ACCEPT"; }
         { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
       ];
       krebs.iptables.tables.nat.POSTROUTING.rules = [
         { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
       ];
-      networking.wireguard.interfaces.wg0 = {
-        ips = [ "10.244.1.1/24" ];
-        listenPort = 51820;
-        privateKeyFile = (toString <secrets>) + "/wireguard.key";
-        allowedIPsAsRoutes = true;
-        peers = [
-          {
-            # lass-android
-            allowedIPs = [ "10.244.1.2/32" ];
-            publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
-          }
-        ];
-      };
       services.dnsmasq = {
         enable = true;
         resolveLocalQueries = false;
 
         extraConfig= ''
+          listen-address=10.244.1.1
           except-interface=lo
           interface=wg0
         '';
-- 
cgit v1.2.3


From 1a3980bf2eeeb925305312f68e2b8033fc8af78d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:03:44 +0100
Subject: l yellow.r: fix transmission stuff

---
 lass/1systems/yellow/config.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'lass')

diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index ff7b23687..58fa564a1 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -19,7 +19,11 @@ with import <stockholm/lib>;
   users.groups.download.members = [ "transmission" ];
   users.users.transmission.group = mkForce "download";
 
-  systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ];
+  systemd.services.transmission.bindsTo = [ "openvpn-nordvpn.service" ];
+  systemd.services.transmission.after = [ "openvpn-nordvpn.service" ];
+  systemd.services.transmission.postStart = ''
+    chmod 775 /var/download/finished
+  '';
   services.transmission = {
     enable = true;
     settings = {
@@ -52,6 +56,9 @@ with import <stockholm/lib>;
           autoindex on;
         '';
       };
+      locations."/dl".extraConfig = ''
+        return 301 /;
+      '';
       locations."/" = {
         root = "/var/download/finished";
         extraConfig = ''
-- 
cgit v1.2.3


From 848ababbe1d050b12ca98da2ca713e7de7eca286 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:04:02 +0100
Subject: l: add more mails

---
 lass/2configs/exim-smarthost.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass')

diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 1ee45bb41..1acfe5056 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -94,6 +94,7 @@ with import <stockholm/lib>;
       { from = "osmocom@lassul.us"; to = lass.mail; }
       { from = "lesswrong@lassul.us"; to = lass.mail; }
       { from = "nordvpn@lassul.us"; to = lass.mail; }
+      { from = "csv-direct@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }
-- 
cgit v1.2.3


From 72e9832f73ba27aafe0fe819d8dc160235222897 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:04:13 +0100
Subject: l games: add dolhinEmu to pkgs

---
 lass/2configs/games.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass')

diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 49602898e..62e3f6d52 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -57,6 +57,7 @@ let
 
 in {
   environment.systemPackages = with pkgs; [
+    dolphinEmu
     doom1
     doom2
     vdoom1
-- 
cgit v1.2.3


From dfa8e29fd82219849676244b3e90574cfaf7fe2c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:07:53 +0100
Subject: l: rebind capslock, enable libinput

---
 lass/2configs/baseX.nix | 4 ++--
 lass/2configs/mouse.nix | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

(limited to 'lass')

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index d781f8c71..53d90ed7d 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -97,9 +97,9 @@ in {
     enable = true;
     layout = "us";
     display = mkForce 0;
-    xkbModel = "evdev";
     xkbVariant = "altgr-intl";
-    xkbOptions = "caps:backspace";
+    xkbOptions = "caps:escape";
+    libinput.enable = true;
     displayManager.lightdm.enable = true;
     windowManager.default = "xmonad";
     windowManager.session = [{
diff --git a/lass/2configs/mouse.nix b/lass/2configs/mouse.nix
index 098809d62..f5f9319ed 100644
--- a/lass/2configs/mouse.nix
+++ b/lass/2configs/mouse.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ lib, ... }:
 {
   hardware.trackpoint = {
     enable = true;
@@ -7,6 +7,7 @@
     emulateWheel = true;
   };
 
+  services.xserver.libinput.enable = lib.mkForce false;
   services.xserver.synaptics = {
     enable = true;
     horizEdgeScroll = false;
-- 
cgit v1.2.3


From 30772247c0e629d443fb62bc566f3651be1157c1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:12:34 +0100
Subject: l: add morpheus.r

---
 lass/1systems/morpheus/config.nix   | 33 +++++++++++++++++++++++++++++++++
 lass/1systems/morpheus/physical.nix | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 65 insertions(+)
 create mode 100644 lass/1systems/morpheus/config.nix
 create mode 100644 lass/1systems/morpheus/physical.nix

(limited to 'lass')

diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix
new file mode 100644
index 000000000..0d82ba611
--- /dev/null
+++ b/lass/1systems/morpheus/config.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+  imports = [
+    <stockholm/lass>
+
+    <stockholm/lass/2configs/retiolum.nix>
+    <stockholm/lass/2configs/power-action.nix>
+    <stockholm/lass/2configs/baseX.nix>
+    <stockholm/lass/2configs/games.nix>
+    <stockholm/lass/2configs/steam.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.morpheus;
+
+  networking.wireless.enable = false;
+  networking.networkmanager.enable = true;
+
+  services.logind.extraConfig = ''
+    HandleLidSwitch=ignore
+  '';
+
+  nixpkgs.config.packageOverrides = super: {
+    steam = super.steam.override {
+      withPrimus = true;
+      extraPkgs = p: with p; [
+        glxinfo
+        nettools
+        bumblebee
+      ];
+    };
+  };
+}
diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix
new file mode 100644
index 000000000..0f08acb2d
--- /dev/null
+++ b/lass/1systems/morpheus/physical.nix
@@ -0,0 +1,32 @@
+{ lib, ... }:
+{
+  imports = [
+    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ./config.nix
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostId = "60ce7e88";
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelParams = [ "acpi_osi=!" ''acpi_osi="Windows 2009"'' ];
+
+  hardware.bumblebee.enable = true;
+  hardware.bumblebee.group = "video";
+
+  fileSystems."/" =
+    { device = "rpool/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/DF3B-4528";
+      fsType = "vfat";
+    };
+
+  nix.maxJobs = lib.mkDefault 8;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
-- 
cgit v1.2.3


From dc64ec0307253b497afc4a99a5e6aca1f1a23be9 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:26:41 +0100
Subject: l gen-secrets: add wirelum keys

---
 lass/5pkgs/l-gen-secrets/default.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'lass')

diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix
index b6cb2ec7e..5997dca09 100644
--- a/lass/5pkgs/l-gen-secrets/default.nix
+++ b/lass/5pkgs/l-gen-secrets/default.nix
@@ -8,6 +8,8 @@ pkgs.writeDashBin "l-gen-secrets" ''
   ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
   ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
   ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
+  ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wirelum.key
+  ${pkgs.coreutils}/bin/cat $TMPDIR/wirelum.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wirelum.pub
   cat <<EOF > $TMPDIR/hashedPasswords.nix
   {
     root = "$HASHED_PASSWORD";
@@ -35,6 +37,15 @@ pkgs.writeDashBin "l-gen-secrets" ''
   $(cat $TMPDIR/retiolum.rsa_key.pub)
           ${"''"};
         };
+        wirelum = {
+          ip6.addr = (wip6 "changeme").address;
+          aliases = [
+            "$HOSTNAME.w"
+          ];
+          wireguard.pubkey = ${"''"}
+  $(cat $TMPDIR/wirelum.pub)
+          ${"''"};
+        };
       };
       ssh.privkey.path = <secrets/ssh.id_ed25519>;
       ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
-- 
cgit v1.2.3


From 4d44efa2fceda1308dbe8207e8fd0f122cd64e19 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 12 Dec 2018 15:35:15 +0100
Subject: l: import network-manager only in mors

---
 lass/1systems/mors/config.nix | 1 +
 lass/2configs/baseX.nix       | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass')

diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 207c7c640..46cdbbb66 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -34,6 +34,7 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/backup.nix>
     <stockholm/lass/2configs/print.nix>
     <stockholm/lass/2configs/blue-host.nix>
+    <stockholm/lass/2configs/network-manager.nix>
     {
       krebs.iptables.tables.filter.INPUT.rules = [
         #risk of rain
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 53d90ed7d..859a2a1b9 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -9,7 +9,6 @@ in {
     ./power-action.nix
     ./copyq.nix
     ./urxvt.nix
-    ./network-manager.nix
     {
       hardware.pulseaudio = {
         enable = true;
-- 
cgit v1.2.3


From 4e04b2ac99885f2d953487b506d37c5519794754 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 15 Dec 2018 23:02:22 +0100
Subject: l: rip xerxes

---
 lass/1systems/xerxes/config.nix   | 16 ----------------
 lass/1systems/xerxes/physical.nix | 29 -----------------------------
 2 files changed, 45 deletions(-)
 delete mode 100644 lass/1systems/xerxes/config.nix
 delete mode 100644 lass/1systems/xerxes/physical.nix

(limited to 'lass')

diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix
deleted file mode 100644
index 1bd6cf2c5..000000000
--- a/lass/1systems/xerxes/config.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    <stockholm/lass>
-
-    <stockholm/lass/2configs/retiolum.nix>
-    <stockholm/lass/2configs/exim-retiolum.nix>
-    <stockholm/lass/2configs/baseX.nix>
-    <stockholm/lass/2configs/browsers.nix>
-    <stockholm/lass/2configs/programs.nix>
-    <stockholm/lass/2configs/fetchWallpaper.nix>
-  ];
-
-  krebs.build.host = config.krebs.hosts.xerxes;
-}
diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix
deleted file mode 100644
index 17caccfe6..000000000
--- a/lass/1systems/xerxes/physical.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  imports = [
-    ./config.nix
-    <stockholm/lass/2configs/hw/gpd-pocket.nix>
-    <stockholm/lass/2configs/boot/stock-x220.nix>
-  ];
-  services.udev.extraRules = ''
-    SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0"
-  '';
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437";
-    fsType = "btrfs";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/16C8-D053";
-    fsType = "vfat";
-  };
-
-  fileSystems."/home" = {
-    device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358";
-    fsType = "btrfs";
-  };
-
-  boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ];
-
-  networking.wireless.enable = true;
-}
-- 
cgit v1.2.3


From 1e47567cedb089b8045201eea20bce162cadcfef Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 09:33:03 +0100
Subject: l littleT: rebirth

---
 lass/1systems/littleT/config.nix   | 46 ++------------------------------------
 lass/1systems/littleT/physical.nix | 22 ++++++++++++++++--
 2 files changed, 22 insertions(+), 46 deletions(-)

(limited to 'lass')

diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix
index 44617d3e7..2f28cc0d6 100644
--- a/lass/1systems/littleT/config.nix
+++ b/lass/1systems/littleT/config.nix
@@ -6,52 +6,10 @@ with import <stockholm/lib>;
     <stockholm/lass>
 
     <stockholm/lass/2configs/retiolum.nix>
-    <stockholm/lass/2configs/backup.nix>
-    <stockholm/lass/2configs/steam.nix>
-    {
-      users.users.blacky = {
-        uid = genid "blacky";
-        home = "/home/blacky";
-        group = "users";
-        createHome = true;
-        extraGroups = [
-          "audio"
-          "networkmanager"
-          "video"
-        ];
-        useDefaultShell = true;
-      };
-      networking.networkmanager.enable = true;
-      networking.wireless.enable = mkForce false;
-      hardware.pulseaudio = {
-        enable = true;
-        systemWide = true;
-      };
-      environment.systemPackages = with pkgs; [
-        pavucontrol
-        chromium
-        hexchat
-        networkmanagerapplet
-        vlc
-      ];
-      services.xserver.enable = true;
-      services.xserver.displayManager.lightdm.enable = true;
-      services.xserver.desktopManager.plasma5.enable = true;
-      services.xserver.layout = "de";
-      users.mutableUsers = mkForce true;
-      services.xserver.synaptics.enable = true;
-    }
-    {
-      #remote control
-      environment.systemPackages = with pkgs; [
-        x11vnc
-      ];
-      krebs.iptables.tables.filter.INPUT.rules = [
-        { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }
-      ];
-    }
   ];
 
+  networking.networkmanager.enable = true;
+  networking.wireless.enable = mkForce false;
   time.timeZone = "Europe/Berlin";
 
   hardware.trackpoint = {
diff --git a/lass/1systems/littleT/physical.nix b/lass/1systems/littleT/physical.nix
index 9776211ae..550f058a8 100644
--- a/lass/1systems/littleT/physical.nix
+++ b/lass/1systems/littleT/physical.nix
@@ -1,7 +1,25 @@
 {
   imports = [
     ./config.nix
-    <stockholm/lass/2configs/hw/x220.nix>
-    <stockholm/lass/2configs/boot/stock-x220.nix>
+    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
   ];
+  fileSystems."/" =
+    { device = "rpool/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/5B2E-3734";
+      fsType = "vfat";
+    };
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.efiSupport = true;
+  boot.loader.grub.efiInstallAsRemovable = true;
+  boot.loader.grub.device = "nodev";
+  networking.hostId = "584248c6";
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.kernelModules = [ "kvm-intel" ];
+
 }
-- 
cgit v1.2.3


From 1f1a0e0c6bd70897e451cfd9cdf1a175a6edd38a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 09:34:16 +0100
Subject: l prism: firewall for wirelum

---
 lass/1systems/prism/config.nix | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'lass')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index ec3976519..962a77cc2 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -300,14 +300,16 @@ with import <stockholm/lib>;
       imports = [
         <stockholm/lass/2configs/wirelum.nix>
       ];
-      #krebs.iptables.tables.nat.PREROUTING.rules = [
-      #  { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
-      #];
+      krebs.iptables.tables.nat.PREROUTING.rules = [
+        { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+        { v4 = false; precedence = 1000; predicate = "-s 42:1::/32"; target = "ACCEPT"; }
+      ];
       krebs.iptables.tables.filter.FORWARD.rules = [
-        { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24 -d 10.243.0.0/16"; target = "ACCEPT"; }
-        { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
+        { precedence = 1000; predicate = "-i wirelum -o retiolum"; target = "ACCEPT"; }
+        { precedence = 1000; predicate = "-i retiolum -o wirelum"; target = "ACCEPT"; }
       ];
       krebs.iptables.tables.nat.POSTROUTING.rules = [
+        { v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; }
         { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
       ];
       services.dnsmasq = {
@@ -315,7 +317,7 @@ with import <stockholm/lib>;
         resolveLocalQueries = false;
 
         extraConfig= ''
-          listen-address=10.244.1.1
+          listen-address=42:1:ce16::1
           except-interface=lo
           interface=wg0
         '';
-- 
cgit v1.2.3


From e1cbd678dfddb2033b5d56eb8bbd32763a6976b4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 09:34:40 +0100
Subject: l blue: allow connections from wirelum

---
 lass/2configs/blue.nix | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lass')

diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
index 4d4a92eb9..6dc2b1213 100644
--- a/lass/2configs/blue.nix
+++ b/lass/2configs/blue.nix
@@ -22,7 +22,9 @@ with (import <stockholm/lib>);
 
   krebs.iptables.tables.filter.INPUT.rules = [
     { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
+    { predicate = "-i wirelum -p udp --dport 60000:61000"; target = "ACCEPT";}
     { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";}
+    { predicate = "-i wirelum -p tcp --dport 9999"; target = "ACCEPT";}
   ];
 
   systemd.services.chat = let
-- 
cgit v1.2.3


From 19380cfd7096b203415995a40d0a53d606282e66 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 09:36:39 +0100
Subject: l browsers: use stable firefox

---
 lass/2configs/browsers.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass')

diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 425e0ee13..eaffdf623 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -45,7 +45,7 @@ let
 
   createFirefoxUser = name: groups: precedence:
     createUser (pkgs.writeDash name ''
-      ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@"
+      ${pkgs.firefox}/bin/firefox "$@"
     '') name groups precedence 80;
 
   createQuteUser = name: groups: precedence:
-- 
cgit v1.2.3


From 42f9ff16452d7273dd8d1814758a2ae275751e7b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 09:37:37 +0100
Subject: l git: set announce to true

---
 lass/2configs/git.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass')

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 62173e33f..7650f4294 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -154,7 +154,7 @@ let
     public = true;
   };
 
-  make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? false, hooks ? {}, ... }: {
+  make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? true, hooks ? {}, ... }: {
     inherit admins collaborators name;
     public = false;
     hooks = {
-- 
cgit v1.2.3


From 1d22bcb90fb4ca9459172eb5ba5c2aa44c73b07c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 09:38:40 +0100
Subject: l xmonad: use launch

---
 lass/5pkgs/custom/xmonad-lass/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass')

diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix
index f86a4a69b..79e6416e1 100644
--- a/lass/5pkgs/custom/xmonad-lass/default.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@@ -78,7 +78,7 @@ main = getArgs >>= \case
 main' :: IO ()
 main' = do
     handleShutdownEvent <- newShutdownEventHandler
-    xmonad $ ewmh
+    launch $ ewmh
         $ withUrgencyHook LibNotifyUrgencyHook
         $ def
             { terminal           = myTerm
-- 
cgit v1.2.3


From ea50add2ba55f0779d8e79c3d11cdba4b2bb9fcf Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 14:38:05 +0100
Subject: l browsers: use ff more often

---
 lass/2configs/browsers.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lass')

diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index eaffdf623..d214e224d 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -89,8 +89,8 @@ in {
         }));
       };
     }
-    ( createQuteUser "qb" [ "audio" ] 20 )
-    ( createFirefoxUser "ff" [ "audio" ] 10 )
+    ( createFirefoxUser "ff" [ "audio" ] 11 )
+    ( createQuteUser "qb" [ "audio" ] 10 )
     ( createChromiumUser "cr" [ "audio" "video" ] 9 )
     ( createChromiumUser "gm" [ "video" "audio" ] 8 )
     ( createChromiumUser "wk" [ "audio" ] 0 )
-- 
cgit v1.2.3


From 9e464d988859395466543d62f94b71229791628d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 14:38:24 +0100
Subject: l mail: don't autosign with gpg

---
 lass/2configs/mail.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass')

diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 36e797a96..21b9d7b49 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -82,7 +82,7 @@ let
     source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc
     set pgp_use_gpg_agent = yes
     set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D
-    set crypt_autosign = yes
+    set crypt_autosign = no
     set crypt_replyencrypt = yes
     set crypt_verify_sig = yes
     set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f"
-- 
cgit v1.2.3


From 24330950fe2bd31056e3ae1d58c1965c8a736f1f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 16:11:02 +0100
Subject: wirelum -> wiregrill

---
 lass/1systems/prism/config.nix       |  6 ++---
 lass/2configs/blue.nix               |  4 ++--
 lass/2configs/default.nix            |  2 +-
 lass/2configs/wiregrill.nix          | 44 ++++++++++++++++++++++++++++++++++++
 lass/2configs/wirelum.nix            | 44 ------------------------------------
 lass/5pkgs/l-gen-secrets/default.nix |  8 +++----
 6 files changed, 54 insertions(+), 54 deletions(-)
 create mode 100644 lass/2configs/wiregrill.nix
 delete mode 100644 lass/2configs/wirelum.nix

(limited to 'lass')

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 962a77cc2..6c454b4ac 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -298,15 +298,15 @@ with import <stockholm/lib>;
     }
     {
       imports = [
-        <stockholm/lass/2configs/wirelum.nix>
+        <stockholm/lass/2configs/wiregrill.nix>
       ];
       krebs.iptables.tables.nat.PREROUTING.rules = [
         { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
         { v4 = false; precedence = 1000; predicate = "-s 42:1::/32"; target = "ACCEPT"; }
       ];
       krebs.iptables.tables.filter.FORWARD.rules = [
-        { precedence = 1000; predicate = "-i wirelum -o retiolum"; target = "ACCEPT"; }
-        { precedence = 1000; predicate = "-i retiolum -o wirelum"; target = "ACCEPT"; }
+        { precedence = 1000; predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; }
+        { precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
       ];
       krebs.iptables.tables.nat.POSTROUTING.rules = [
         { v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; }
diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
index 6dc2b1213..cdd77e847 100644
--- a/lass/2configs/blue.nix
+++ b/lass/2configs/blue.nix
@@ -22,9 +22,9 @@ with (import <stockholm/lib>);
 
   krebs.iptables.tables.filter.INPUT.rules = [
     { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
-    { predicate = "-i wirelum -p udp --dport 60000:61000"; target = "ACCEPT";}
+    { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";}
     { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";}
-    { predicate = "-i wirelum -p tcp --dport 9999"; target = "ACCEPT";}
+    { predicate = "-i wiregrill -p tcp --dport 9999"; target = "ACCEPT";}
   ];
 
   systemd.services.chat = let
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index dea32d4d4..62a42baf9 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -10,7 +10,7 @@ with import <stockholm/lib>;
     ./zsh.nix
     ./htop.nix
     ./security-workarounds.nix
-    ./wirelum.nix
+    ./wiregrill.nix
     {
       users.extraUsers =
         mapAttrs (_: h: { hashedPassword = h; })
diff --git a/lass/2configs/wiregrill.nix b/lass/2configs/wiregrill.nix
new file mode 100644
index 000000000..b2ee35df3
--- /dev/null
+++ b/lass/2configs/wiregrill.nix
@@ -0,0 +1,44 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+
+  self = config.krebs.build.host.nets.wiregrill;
+  isRouter = !isNull self.via;
+
+in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
+  #hack for modprobe inside containers
+  systemd.services."wireguard-wiregrill".path = mkIf config.boot.isContainer (mkBefore [
+    (pkgs.writeDashBin "modprobe" ":")
+  ]);
+
+  boot.kernel.sysctl = mkIf isRouter {
+    "net.ipv6.conf.all.forwarding" = 1;
+  };
+  krebs.iptables.tables.filter.INPUT.rules = [
+     { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; }
+  ];
+  krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [
+    { precedence = 1000; predicate = "-i wiregrill -o wiregrill"; target = "ACCEPT"; }
+  ];
+
+  networking.wireguard.interfaces.wiregrill = {
+    ips =
+      (optional (!isNull self.ip4) self.ip4.addr) ++
+      (optional (!isNull self.ip6) self.ip6.addr);
+    listenPort = 51820;
+    privateKeyFile = (toString <secrets>) + "/wiregrill.key";
+    allowedIPsAsRoutes = true;
+    peers = mapAttrsToList
+      (_: host: {
+        allowedIPs = if isRouter then
+          (optional (!isNull host.nets.wiregrill.ip4) host.nets.wiregrill.ip4.addr) ++
+          (optional (!isNull host.nets.wiregrill.ip6) host.nets.wiregrill.ip6.addr)
+        else
+          host.nets.wiregrill.wireguard.subnets
+        ;
+        endpoint = mkIf (!isNull host.nets.wiregrill.via) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}");
+        persistentKeepalive = mkIf (!isNull host.nets.wiregrill.via) 61;
+        publicKey = host.nets.wiregrill.wireguard.pubkey;
+      })
+      (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts);
+  };
+}
diff --git a/lass/2configs/wirelum.nix b/lass/2configs/wirelum.nix
deleted file mode 100644
index cd8a20c6b..000000000
--- a/lass/2configs/wirelum.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }: let
-
-  self = config.krebs.build.host.nets.wirelum;
-  isRouter = !isNull self.via;
-
-in mkIf (hasAttr "wirelum" config.krebs.build.host.nets) {
-  #hack for modprobe inside containers
-  systemd.services."wireguard-wirelum".path = mkIf config.boot.isContainer (mkBefore [
-    (pkgs.writeDashBin "modprobe" ":")
-  ]);
-
-  boot.kernel.sysctl = mkIf isRouter {
-    "net.ipv6.conf.all.forwarding" = 1;
-  };
-  krebs.iptables.tables.filter.INPUT.rules = [
-     { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; }
-  ];
-  krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [
-    { precedence = 1000; predicate = "-i wirelum -o wirelum"; target = "ACCEPT"; }
-  ];
-
-  networking.wireguard.interfaces.wirelum = {
-    ips =
-      (optional (!isNull self.ip4) self.ip4.addr) ++
-      (optional (!isNull self.ip6) self.ip6.addr);
-    listenPort = 51820;
-    privateKeyFile = (toString <secrets>) + "/wirelum.key";
-    allowedIPsAsRoutes = true;
-    peers = mapAttrsToList
-      (_: host: {
-        allowedIPs = if isRouter then
-          (optional (!isNull host.nets.wirelum.ip4) host.nets.wirelum.ip4.addr) ++
-          (optional (!isNull host.nets.wirelum.ip6) host.nets.wirelum.ip6.addr)
-        else
-          host.nets.wirelum.wireguard.subnets
-        ;
-        endpoint = mkIf (!isNull host.nets.wirelum.via) (host.nets.wirelum.via.ip4.addr + ":${toString host.nets.wirelum.wireguard.port}");
-        persistentKeepalive = mkIf (!isNull host.nets.wirelum.via) 61;
-        publicKey = host.nets.wirelum.wireguard.pubkey;
-      })
-      (filterAttrs (_: h: hasAttr "wirelum" h.nets) config.krebs.hosts);
-  };
-}
diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix
index 5997dca09..85b050644 100644
--- a/lass/5pkgs/l-gen-secrets/default.nix
+++ b/lass/5pkgs/l-gen-secrets/default.nix
@@ -8,8 +8,8 @@ pkgs.writeDashBin "l-gen-secrets" ''
   ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
   ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
   ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
-  ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wirelum.key
-  ${pkgs.coreutils}/bin/cat $TMPDIR/wirelum.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wirelum.pub
+  ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wiregrill.key
+  ${pkgs.coreutils}/bin/cat $TMPDIR/wiregrill.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wiregrill.pub
   cat <<EOF > $TMPDIR/hashedPasswords.nix
   {
     root = "$HASHED_PASSWORD";
@@ -37,13 +37,13 @@ pkgs.writeDashBin "l-gen-secrets" ''
   $(cat $TMPDIR/retiolum.rsa_key.pub)
           ${"''"};
         };
-        wirelum = {
+        wiregrill = {
           ip6.addr = (wip6 "changeme").address;
           aliases = [
             "$HOSTNAME.w"
           ];
           wireguard.pubkey = ${"''"}
-  $(cat $TMPDIR/wirelum.pub)
+  $(cat $TMPDIR/wiregrill.pub)
           ${"''"};
         };
       };
-- 
cgit v1.2.3


From bb22dc7475a01b262f4102c9a7b9df96c1ed5708 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 16:31:57 +0100
Subject: l littleT: make into blue-host

---
 lass/1systems/littleT/config.nix | 1 +
 lass/2configs/blue-host.nix      | 1 +
 2 files changed, 2 insertions(+)

(limited to 'lass')

diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix
index 2f28cc0d6..7fe143c3c 100644
--- a/lass/1systems/littleT/config.nix
+++ b/lass/1systems/littleT/config.nix
@@ -6,6 +6,7 @@ with import <stockholm/lib>;
     <stockholm/lass>
 
     <stockholm/lass/2configs/retiolum.nix>
+    <stockholm/lass/2configs/blue-host.nix>
   ];
 
   networking.networkmanager.enable = true;
diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
index 9cf294afd..718a92e9c 100644
--- a/lass/2configs/blue-host.nix
+++ b/lass/2configs/blue-host.nix
@@ -7,6 +7,7 @@ let
     "daedalus"
     "skynet"
     "prism"
+    "littleT"
   ];
   remote_hosts = filter (h: h != config.networking.hostName) all_hosts;
 
-- 
cgit v1.2.3


From c8943a2c89d2bcefc910f3c2bc588bcf6c1673f2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 16:33:37 +0100
Subject: l skynet.r don't fetch wallpaper

---
 lass/1systems/skynet/config.nix | 1 -
 1 file changed, 1 deletion(-)

(limited to 'lass')

diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
index 13a8b3e41..4b806af7b 100644
--- a/lass/1systems/skynet/config.nix
+++ b/lass/1systems/skynet/config.nix
@@ -5,7 +5,6 @@ with import <stockholm/lib>;
     <stockholm/lass>
 
     <stockholm/lass/2configs/retiolum.nix>
-    <stockholm/lass/2configs/fetchWallpaper.nix>
     <stockholm/lass/2configs/blue-host.nix>
     <stockholm/lass/2configs/power-action.nix>
     {
-- 
cgit v1.2.3


From e9907ee8a8433904026bf1c54edd7f79ab0c49a3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 16:34:45 +0100
Subject: l baseX: add fzfmenu to pkgs

---
 lass/2configs/baseX.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass')

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 859a2a1b9..1b6a1d593 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -64,6 +64,7 @@ in {
     dic
     dmenu
     font-size
+    fzfmenu
     gitAndTools.qgit
     git-preview
     gnome3.dconf
-- 
cgit v1.2.3


From 8705b4dbc8e8cf0c4e09c114daad3f96026520ab Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 16:36:13 +0100
Subject: l domsen: add klabusterbeere

---
 lass/2configs/websites/domsen.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'lass')

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 4935268a4..ce7df4bfb 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -126,6 +126,7 @@ in {
       { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
       { from = "akayguen@freemonkey.art"; to ="akayguen"; }
       { from = "bui@freemonkey.art"; to ="bui"; }
+      { from = "kontakt@alewis.de"; to ="klabusterbeere"; }
 
       { from = "testuser@lassul.us"; to = "testuser"; }
       { from = "testuser@ubikmedia.eu"; to = "testuser"; }
@@ -204,5 +205,12 @@ in {
     createHome = true;
   };
 
+  users.users.klabusterbeere = {
+    uid = genid_uint31 "klabusterbeere";
+    home = "/home/klabusterbeere";
+    useDefaultShell = true;
+    createHome = true;
+  };
+
 }
 
-- 
cgit v1.2.3

[cgit] Unable to lock slot /tmp/cgit/27100000.lock: No such file or directory (2)