From e68d02b14c1275ab3245eb129f9f36789ee96a3b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 1 Apr 2016 14:28:16 +0200
Subject: [PATCH 01/13] ma 2 fs: use list of strings for options

---
 2configs/fs/sda-crypto-root-home.nix | 2 +-
 2configs/fs/sda-crypto-root.nix      | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/2configs/fs/sda-crypto-root-home.nix b/2configs/fs/sda-crypto-root-home.nix
index 5214cf8..1ef0d69 100644
--- a/2configs/fs/sda-crypto-root-home.nix
+++ b/2configs/fs/sda-crypto-root-home.nix
@@ -19,7 +19,7 @@ with config.krebs.lib;
     "/home" = {
       device = "/dev/mapper/main-home";
       fsType = "ext4";
-      options="defaults,discard";
+      options = [ "defaults" "discard" ];
     };
   };
 }
diff --git a/2configs/fs/sda-crypto-root.nix b/2configs/fs/sda-crypto-root.nix
index e9d7b75..b82c0e4 100644
--- a/2configs/fs/sda-crypto-root.nix
+++ b/2configs/fs/sda-crypto-root.nix
@@ -18,12 +18,12 @@ with config.krebs.lib;
     "/" = {
       device = "/dev/mapper/luksroot";
       fsType = "ext4";
-      options="defaults,discard";
+      options = [ "defaults" "discard" ];
     };
     "/boot" = {
       device = "/dev/disk/by-label/nixboot";
       fsType = "ext4";
-      options="defaults,discard";
+      options = [ "defaults" "discard" ];
     };
   };
 }

From 8428c4457af9885c91472b31fefeb32aa4f2a8ab Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:39:28 +0200
Subject: [PATCH 02/13] ma 2 omo: share emu

---
 2configs/omo-share.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/2configs/omo-share.nix b/2configs/omo-share.nix
index a9640b3..3a4dd45 100644
--- a/2configs/omo-share.nix
+++ b/2configs/omo-share.nix
@@ -48,6 +48,13 @@ in {
         browseable = "yes";
         "guest ok" = "yes";
       };
+
+      emu = {
+        path = "/media/crypt1/emu";
+        "read only" = "yes";
+        browseable = "yes";
+        "guest ok" = "yes";
+      };
       usenet = {
         path = "/media/crypt0/usenet/dst";
         "read only" = "yes";

From 9a87a0c603c4a762bea78358b984d87f4d195faa Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:39:53 +0200
Subject: [PATCH 03/13] ma 5 mycube: use new version

---
 5pkgs/mycube-flask/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/5pkgs/mycube-flask/default.nix b/5pkgs/mycube-flask/default.nix
index 5bf85a6..1b1672f 100644
--- a/5pkgs/mycube-flask/default.nix
+++ b/5pkgs/mycube-flask/default.nix
@@ -10,8 +10,8 @@ with pkgs.pythonPackages;buildPythonPackage rec {
   src = fetchFromGitHub {
     owner = "makefu";
     repo = "mycube-flask";
-    rev = "5f5260a";
-    sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh";
+    rev = "48dc6857";
+    sha256 = "1ax1vz6m5982l1mmp9vmywn9nw9p9h4m3ss74zazyspxq1wjim0v";
   };
   meta = {
     homepage = https://github.com/makefu/mycube-flask;

From fc359fc27b404b0b21b458dcca6e8f3ba2d51ddf Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:42:13 +0200
Subject: [PATCH 04/13] ma 1 darth: add virtualization

---
 1systems/darth.nix | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/1systems/darth.nix b/1systems/darth.nix
index ad3ac4f..2f2358d 100644
--- a/1systems/darth.nix
+++ b/1systems/darth.nix
@@ -10,15 +10,27 @@ let
   allDisks = [ rootDisk auxDisk ];
 in {
   imports = [
-        ../.
-        ../2configs/fs/single-partition-ext4.nix
-        ../2configs/zsh-user.nix
-        ../2configs/smart-monitor.nix
+      ../.
+      ../2configs/fs/single-partition-ext4.nix
+      ../2configs/zsh-user.nix
+      ../2configs/smart-monitor.nix
+      ../2configs/exim-retiolum.nix
+      ../2configs/virtualization.nix
   ];
 
+  networking.firewall.allowedUDPPorts = [ 80 655 67 ];
+  networking.firewall.allowedTCPPorts = [ 80 655 ];
+  networking.firewall.checkReversePath = false;
+  #networking.firewall.enable = false;
   # virtualisation.nova.enableSingleNode = true;
   krebs.retiolum.enable = true;
 
+  boot.kernelModules = [ "coretemp" "f71882fg" ];
+
+  hardware.enableAllFirmware = true;
+  nixpkgs.config.allowUnfree = true;
+  networking.wireless.enable = true;
+
   # TODO smartd omo darth gum all-in-one
   services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
   zramSwap.enable = true;

From 5d67be2bee833527c6f719ac90a4e9b08b29f7d2 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:42:46 +0200
Subject: [PATCH 05/13] ma 2 tp-x220: start charging at 95

my thinkpad never fills 100%
---
 2configs/hw/tp-x2x0.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/2configs/hw/tp-x2x0.nix b/2configs/hw/tp-x2x0.nix
index d5ce34b..7f9dc67 100644
--- a/2configs/hw/tp-x2x0.nix
+++ b/2configs/hw/tp-x2x0.nix
@@ -23,6 +23,7 @@ with config.krebs.lib;
   services.tlp.enable = true;
   services.tlp.extraConfig = ''
     START_CHARGE_THRESH_BAT0=80
+    STOP_CHARGE_THRESH_BAT0=95
 
     CPU_SCALING_GOVERNOR_ON_AC=performance
     CPU_SCALING_GOVERNOR_ON_BAT=ondemand

From 29f26bfa371aaf485c58ad7b5c98f8312de45a28 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:43:02 +0200
Subject: [PATCH 06/13] ma 2 base-gui: save more lines

---
 2configs/base-gui.nix | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/2configs/base-gui.nix b/2configs/base-gui.nix
index 341a2ab..b807957 100644
--- a/2configs/base-gui.nix
+++ b/2configs/base-gui.nix
@@ -10,16 +10,6 @@
 #
 # if this is not enough, check out main-laptop.nix
 
-## TODO: .Xdefaults:
-# URxvt*termName:         rxvt
-# URxvt.scrollBar : false
-# URxvt*scrollBar_right:  false
-# URxvt*borderLess:       false
-# URxvt.foreground: white
-# URxvt.background: black
-# URxvt.urgentOnBell: true
-# URxvt.visualBell: false
-# URxvt.font : xft:Terminus
 
 with config.krebs.lib;
 let
@@ -83,7 +73,9 @@ in
       XTerm*FaceName  : Terminus:pixelsize=14
 
       URxvt*termName:         rxvt
-      URxvt.scrollBar : False
+      URxvt*saveLines:            10000
+      URxvt*loginShell:           false
+      URxvt.scrollBar : false
       URxvt*scrollBar_right:  false
       URxvt*borderLess:       false
       URxvt.foreground: white

From da9ec1feb083abb09ea6dfec0fee961d9d8967b1 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:43:31 +0200
Subject: [PATCH 07/13] ma 1 vbob: remove obsolete source

---
 1systems/vbob.nix | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/1systems/vbob.nix b/1systems/vbob.nix
index 748b08e..5e2382f 100644
--- a/1systems/vbob.nix
+++ b/1systems/vbob.nix
@@ -15,11 +15,6 @@
     ];
   nixpkgs.config.allowUnfree = true;
 
-  krebs.build.source.upstream-nixpkgs = {
-    url = https://github.com/makefu/nixpkgs;
-    # HTTP Everywhere + libredir
-    rev = "8239ac6";
-  };
   fileSystems."/nix" = {
     device ="/dev/disk/by-label/nixstore";
     fsType = "ext4";

From e74c8ac53c208b000aaeae2374a1193ac3578d3a Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:44:11 +0200
Subject: [PATCH 08/13] ma 2 nginx/public_html: publish home

---
 2configs/nginx/public_html.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 2configs/nginx/public_html.nix

diff --git a/2configs/nginx/public_html.nix b/2configs/nginx/public_html.nix
new file mode 100644
index 0000000..9df8351
--- /dev/null
+++ b/2configs/nginx/public_html.nix
@@ -0,0 +1,15 @@
+{ config, lib, ... }:
+
+with config.krebs.lib;
+
+{
+  krebs.nginx = {
+    enable = true;
+    servers.default.locations = [
+      (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
+        alias /home/$1/public_html$2;
+        autoindex on;
+      '')
+    ];
+  };
+}

From 5de7070cfebc10d95276e7b25e9ff65465c7d79e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:52:16 +0200
Subject: [PATCH 09/13] ma 1 omo: cleanup

---
 1systems/omo.nix | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/1systems/omo.nix b/1systems/omo.nix
index f0f1d30..fbd06a9 100644
--- a/1systems/omo.nix
+++ b/1systems/omo.nix
@@ -44,16 +44,21 @@ in {
       ../2configs/smart-monitor.nix
       ../2configs/mail-client.nix
       ../2configs/share-user-sftp.nix
+      ../2configs/graphite-standalone.nix
       ../2configs/omo-share.nix
     ];
+
   krebs.retiolum.enable = true;
   networking.firewall.trustedInterfaces = [ "enp3s0" ];
   # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
   # tcp:80          - nginx for sharing files
   # tcp:655 udp:655 - tinc
-  # tcp:8080        - sabnzbd
+  # tcp:8111        - graphite
+  # tcp:9090        - sabnzbd
+  # tcp:9200        - elasticsearch
+  # tcp:5601        - kibana
   networking.firewall.allowedUDPPorts = [ 655 ];
-  networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
+  networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ];
 
   # services.openssh.allowSFTP = false;
 

From 79d5f96d7c24df86b0b44c5d9bf67e00977e9e2a Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:52:50 +0200
Subject: [PATCH 10/13] ma 2 mail: use mutt, not mutt-kz

---
 2configs/mail-client.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/2configs/mail-client.nix b/2configs/mail-client.nix
index 793daa6..eeade94 100644
--- a/2configs/mail-client.nix
+++ b/2configs/mail-client.nix
@@ -7,7 +7,7 @@ with config.krebs.lib;
     gnupg
     imapfilter
     msmtp
-    mutt-kz
+    mutt
     notmuch
     offlineimap
     openssl

From f0308c72db86971fff815ad6bc64aac21482804c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 3 Apr 2016 21:55:01 +0200
Subject: [PATCH 11/13] ma 4 default: prepare backups

---
 4lib/default.nix | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 4lib/default.nix

diff --git a/4lib/default.nix b/4lib/default.nix
new file mode 100644
index 0000000..5e9ab20
--- /dev/null
+++ b/4lib/default.nix
@@ -0,0 +1,30 @@
+{ config, lib, ... }:
+
+with lib;
+let
+  addDefaultTime = bku-entry: recursiveUpdate {
+    snapshots = {
+      daily    = { format = "%Y-%m-%d"; retain =  7; };
+      weekly   = { format = "%YW%W";    retain =  4; };
+      monthly  = { format = "%Y-%m";    retain = 12; };
+      yearly   = { format = "%Y";                    };
+    };
+    startAt = "5:23";
+  } bku-entry;
+
+  backup-host = config.krebs.hosts.omo;
+  backup-path = "/media/backup";
+in {
+  bku = {
+    inherit addDefaultTime;
+    simplePath = addDefaultTime (path: {
+      method = "pull";
+      src = { host = config.krebs.build.host; inherit path; };
+      dst = {
+        host = backup-host;
+        path = backup-path ++ config.krebs.build.host.name
+                           ++ builtins.replaceStrings ["/"] ["-"] path;
+      };
+    });
+  };
+}

From 99690dffdbdbc3516bd9a2944656e3bb7befbda8 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 8 Apr 2016 16:08:29 +0200
Subject: [PATCH 12/13] ma 5 taskserver: init

will be removed when #14506 is in upstream
---
 5pkgs/default.nix            |  1 +
 5pkgs/taskserver/default.nix | 43 ++++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 5pkgs/taskserver/default.nix

diff --git a/5pkgs/default.nix b/5pkgs/default.nix
index 8caab43..c64ee03 100644
--- a/5pkgs/default.nix
+++ b/5pkgs/default.nix
@@ -12,5 +12,6 @@ in
     nodemcu-uploader = callPackage ./nodemcu-uploader {};
     mycube-flask = callPackage ./mycube-flask {};
     tw-upload-plugin = callPackage ./tw-upload-plugin {};
+    taskserver = callPackage ./taskserver {};
   };
 }
diff --git a/5pkgs/taskserver/default.nix b/5pkgs/taskserver/default.nix
new file mode 100644
index 0000000..a1502b4
--- /dev/null
+++ b/5pkgs/taskserver/default.nix
@@ -0,0 +1,43 @@
+{ stdenv, fetchurl, cmake, libuuid, gnutls, makeWrapper }:
+
+stdenv.mkDerivation rec {
+  name = "taskserver-${version}";
+  version = "1.1.0";
+
+  enableParallelBuilding = true;
+
+  src = fetchurl {
+    url = "http://www.taskwarrior.org/download/taskd-${version}.tar.gz";
+    sha256 = "1d110q9vw8g5syzihxymik7hd27z1592wkpz55kya6lphzk8i13v";
+  };
+
+  patchPhase = ''
+    pkipath=$out/share/taskd/pki
+    mkdir -p $pkipath
+    cp -r pki/* $pkipath
+    echo "patching paths in pki/generate"
+    sed -i "s#^\.#$pkipath#" $pkipath/generate
+    for f in $pkipath/generate* ;do
+      i=$(basename $f)
+      echo patching $i
+      sed -i \
+          -e 's/which/type -p/g' \
+          -e 's#^\. ./vars#if test -e ./vars;then . ./vars; else echo "cannot find ./vars - copy the template from '$pkipath'/vars into the working directory";exit 1; fi#' $f
+
+      echo wrapping $i
+      makeWrapper  $pkipath/$i $out/bin/taskd-pki-$i \
+        --prefix PATH : ${gnutls}/bin/
+    done
+  '';
+
+  buildInputs = [ makeWrapper ];
+  nativeBuildInputs = [ cmake libuuid gnutls ];
+
+  meta = {
+    description = "Server for synchronising Taskwarrior clients";
+    homepage = http://taskwarrior.org;
+    license = stdenv.lib.licenses.mit;
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = with stdenv.lib.maintainers; [ matthiasbeyer makefu ];
+  };
+}

From 5a052128e8e3eab391f00b29445335485062bbd7 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 10 Apr 2016 23:24:15 +0200
Subject: [PATCH 13/13] makefu: init taskserver, keep an eye on
 https://github.com/NixOS/nixpkgs/pull/14476

---
 1systems/gum.nix        |  4 +++
 3modules/default.nix    |  1 +
 3modules/taskserver.nix | 60 +++++++++++++++++++++++++++++++++++++++++
 5pkgs/default.nix       |  2 +-
 4 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100644 3modules/taskserver.nix

diff --git a/1systems/gum.nix b/1systems/gum.nix
index 7104216..96a5f48 100644
--- a/1systems/gum.nix
+++ b/1systems/gum.nix
@@ -41,6 +41,8 @@ in {
     ];
   };
 
+  makefu.taskserver.enable = true;
+
   krebs.nginx.servers.cgit = {
     server-names = [ "cgit.euer.krebsco.de" ];
     listen = [ "${external-ip}:80" "${internal-ip}:80" ];
@@ -86,6 +88,8 @@ in {
           21032
           # tinc-retiolum
           21031
+          # taskserver
+          53589
         ];
         allowedUDPPorts = [
           # tinc
diff --git a/3modules/default.nix b/3modules/default.nix
index f007a84..0a10b15 100644
--- a/3modules/default.nix
+++ b/3modules/default.nix
@@ -4,6 +4,7 @@ _:
   imports = [
     ./snapraid.nix
     ./umts.nix
+    ./taskserver.nix
   ];
 }
 
diff --git a/3modules/taskserver.nix b/3modules/taskserver.nix
new file mode 100644
index 0000000..41247ff
--- /dev/null
+++ b/3modules/taskserver.nix
@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+  cfg = config.makefu.taskserver;
+
+  out = {
+    options.makefu.taskserver = api;
+    config = lib.mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "taskserver";
+
+    workingDir = mkOption {
+      type = types.str;
+      default = "/var/lib/taskserver";
+    };
+
+    package = mkOption {
+      type = types.package;
+      default = pkgs.taskserver;
+    };
+
+
+  };
+
+  imp = {
+    environment.systemPackages = [ cfg.package ];
+    systemd.services.taskserver = {
+      description = "taskd server";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      restartIfChanged = true;
+      unitConfig = {
+        Documentation = "http://taskwarrior.org/docs/#taskd" ;
+        # https://taskwarrior.org/docs/taskserver/configure.html
+        ConditionPathExists = "${cfg.workingDir}/config";
+      };
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}";
+        WorkingDirectory = cfg.workingDir;
+        PrivateTmp = true;
+        InaccessibleDirectories = "/home /boot /opt /mnt /media";
+        User = "taskd";
+      };
+    };
+
+    users.users.taskd = {
+      uid = genid "taskd";
+      home = cfg.workingDir;
+      createHome = true;
+    };
+    users.groups.taskd.gid = genid "taskd";
+  };
+
+in
+out
+
diff --git a/5pkgs/default.nix b/5pkgs/default.nix
index c64ee03..fff9272 100644
--- a/5pkgs/default.nix
+++ b/5pkgs/default.nix
@@ -9,8 +9,8 @@ in
     alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
     alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
     awesomecfg = callPackage ./awesomecfg {};
-    nodemcu-uploader = callPackage ./nodemcu-uploader {};
     mycube-flask = callPackage ./mycube-flask {};
+    nodemcu-uploader = callPackage ./nodemcu-uploader {};
     tw-upload-plugin = callPackage ./tw-upload-plugin {};
     taskserver = callPackage ./taskserver {};
   };