Merge remote-tracking branch 'prism/master'

krebs/2configs/buildbot-all.nix

@@ -9,5 +9,6 @@ with import <stockholm/lib>;
   krebs.ci.enable = true;
   krebs.ci.treeStableTimer = 1;
   krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts);
+  krebs.ci.tests = [ "deploy" ];
 }
 

krebs/2configs/hw/x220.nix

@@ -23,7 +23,7 @@ with import <stockholm/lib>;
     pkgs.vaapiVdpau
   ];
 
-  security.rngd.enable = true;
+  security.rngd.enable = mkDefault true;
 
   services.xserver = {
     videoDriver = "intel";

krebs/3modules/ci.nix

@@ -24,6 +24,13 @@ in
         List of hosts that should be build
       '';
     };
+    tests = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = ''
+        List of tests that should be build
+      '';
+    };
   };
 
   config = mkIf cfg.enable {
@@ -56,14 +63,14 @@ in
       '';
       scheduler = {
         build-scheduler = ''
-          # build all hosts
           sched.append(
                 schedulers.SingleBranchScheduler(
                     change_filter=util.ChangeFilter(branch_re=".*"),
                     treeStableTimer=${toString cfg.treeStableTimer}*60,
                     name="build-all-branches",
                     builderNames=[
-                        "build-hosts"
+                        ${optionalString (cfg.hosts != []) ''"hosts",''}
+                        ${optionalString (cfg.tests != []) ''"tests",''}
                     ]
                 )
           )
@@ -73,7 +80,8 @@ in
               schedulers.ForceScheduler(
                     name="force",
                     builderNames=[
-                        "build-hosts"
+                        ${optionalString (cfg.hosts != []) ''"hosts",''}
+                        ${optionalString (cfg.tests != []) ''"tests",''}
                     ]
               )
           )
@@ -91,7 +99,7 @@ in
           factory.addStep(steps.ShellCommand(**kwargs))
       '';
       builder = {
-        build-hosts = ''
+        hosts = mkIf (cfg.hosts != []) ''
           f = util.BuildFactory()
           f.addStep(grab_repo)
 
@@ -120,12 +128,42 @@ in
 
           bu.append(
               util.BuilderConfig(
-                  name="build-hosts",
+                  name="hosts",
                   slavenames=slavenames,
                   factory=f
               )
           )
+        '';
+        tests = mkIf (cfg.tests != []) ''
+          f = util.BuildFactory()
+          f.addStep(grab_repo)
 
+          def run_test(test):
+              addShell(f,
+                  name="{}".format(test),
+                  env={
+                    "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
+                    "NIX_REMOTE": "daemon",
+                    "dummy_secrets": "true",
+                  },
+                  command=[
+                    "nix-build", "-I", "stockholm=.", "krebs/6tests",
+                    "-A", "{}".format(test)
+                  ],
+                  timeout=90001
+              )
+
+          ${concatMapStringsSep "\n" (test:
+             "run_test(\"${test}\")"
+          ) cfg.tests}
+
+          bu.append(
+              util.BuilderConfig(
+                  name="tests",
+                  slavenames=slavenames,
+                  factory=f
+              )
+          )
         '';
       };
       enable = true;

krebs/3modules/iptables.nix

@@ -61,6 +61,15 @@ let
           };
         };
       })));
+      default = {
+        filter.INPUT.policy = "ACCEPT";
+        filter.FORWARD.policy = "ACCEPT";
+        filter.OUTPUT.policy = "ACCEPT";
+        nat.PREROUTING.policy = "ACCEPT";
+        nat.INPUT.policy = "ACCEPT";
+        nat.OUTPUT.policy = "ACCEPT";
+        nat.POSTROUTING.policy = "ACCEPT";
+      };
     };
   };
 

krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh

@@ -2,5 +2,5 @@
 set -eu
 printf "Sie meinten wohl \""
 echo -n $@ | sed 's/Shack/shack/g'
-echo "\""
+echo "\" check out https://wiki.shackspace.de/project/logo_and_ci#name_ci"
 echo "${_from}--"

krebs/5pkgs/simple/bitlbee-discord/default.nix

@@ -0,0 +1,29 @@
+{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoreconfHook, pkgconfig, glib }:
+
+with stdenv.lib;
+stdenv.mkDerivation rec {
+  name = "bitlbee-discord-2017-12-27";
+
+  src = fetchFromGitHub {
+    rev = "6a03db169ad44fee55609ecd16e19f3c0f99a182";
+    owner = "sm00th";
+    repo = "bitlbee-discord";
+    sha256 = "1ci9a12c6zg8d6i9f95pq6dal79cp4klmmsyj8ag2gin90kl3x95";
+  };
+
+  nativeBuildInputs = [ autoreconfHook pkgconfig ];
+  buildInputs = [ bitlbee glib ];
+
+  preConfigure = ''
+    export BITLBEE_PLUGINDIR=$out/lib/bitlbee
+    ./autogen.sh
+  '';
+
+  meta = {
+    description = "Bitlbee plugin for Discord";
+
+    homepage = https://github.com/sm00th/bitlbee-discord;
+    license = licenses.gpl2Plus;
+    platforms = stdenv.lib.platforms.linux;
+  };
+}

krebs/5pkgs/simple/fortclientsslvpn/default.nix

@@ -12,8 +12,8 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     # archive.org mirror:
-    # https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz
+    url = https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz;
-    url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz;
+    # url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz;
     sha256 = "19clnf9rgrnwazlpah8zz5kvz6kc8lxawrgmksx25k5ywflmbcrr";
   };
   phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ];

krebs/5pkgs/writers.nix

@@ -283,27 +283,33 @@ with import <stockholm/lib>;
         ${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
       '');
 
-    writePython2 = name: text:
+    writePython2 = deps:
-      assert (with types; either absolute-pathname filename).check name;
+    let
-      pkgs.writeOut (baseNameOf name) {
+      py = pkgs.python2.withPackages(ps: attrVals deps ps);
-        ${optionalString (types.absolute-pathname.check name) name} = {
+    in
-          check = pkgs.writeDash "python2check.sh" ''
+    pkgs.makeScriptWriter {
-            exec ${pkgs.python2}/bin/python -m py_compile "$1"
+      interpreter = "${py}/bin/python";
-          '';
+      check = pkgs.writeDash "python2check.sh" ''
-          inherit text;
+        exec ${pkgs.python2Packages.flake8}/bin/flake8 --show-source "$1"
-        };
+      '';
-      };
+    };
 
-    writePython3 = name: text:
+    writePython2Bin = d: name:
-      assert (with types; either absolute-pathname filename).check name;
+      pkgs.writePython2 d "/bin/${name}";
-      pkgs.writeOut (baseNameOf name) {
+
-        ${optionalString (types.absolute-pathname.check name) name} = {
+    writePython3 = deps:
-          check = pkgs.writeDash "python3check.sh" ''
+    let
-            exec ${pkgs.python3}/bin/python -m py_compile "$textPath"
+      py = pkgs.python3.withPackages(ps: attrVals deps ps);
-          '';
+    in
-          inherit text;
+    pkgs.makeScriptWriter {
-        };
+      interpreter = "${py}/bin/python";
-      };
+      check = pkgs.writeDash "python3check.sh" ''
+        exec ${pkgs.python3Packages.flake8}/bin/flake8 --show-source "$1"
+      '';
+    };
+
+    writePython3Bin = d: name:
+      pkgs.writePython3 d "/bin/${name}";
 
     writeSed = pkgs.makeScriptWriter {
       interpreter = "${pkgs.gnused}/bin/sed -f";

krebs/6tests/default.nix

@@ -0,0 +1,6 @@
+with import <stockholm/lib>;
+{ ... }:
+
+{
+  deploy = import ./deploy.nix;
+}

krebs/6tests/deploy.nix

@@ -1,7 +1,8 @@
 with import <stockholm/lib>;
-import <nixpkgs/nixos/tests/make-test.nix> ({ pkgs, ... }:
+import <nixpkgs/nixos/tests/make-test.nix> ({ ... }:
 
 let
+  pkgs = import <nixpkgs> { overlays = [(import ../5pkgs)]; };
   test-config = <stockholm/krebs/6tests/data/test-config.nix>;
   privKey = ''
     -----BEGIN OPENSSH PRIVATE KEY-----
@@ -41,15 +42,12 @@ let
     cd ${<stockholm>}
     export NIX_PATH=stockholm=${<stockholm>}:nixpkgs=${<nixpkgs>}:$NIX_PATH
     exec >&2
-    : ${minimalSystem}
     source=${pkgs.writeJSON "source.json" populate-source}
-    cat > /tmp/derp <<EOF
-      builtins.fromJSON (builtins.readFile "$source")
-    EOF
     LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source"
+    # TODO: make deploy work
     #LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \
     #    --force-populate \
-    #    --source=/tmp/derp \
+    #    --source=${./data/test-source.nix} \
     #    --system=server \
   '';
   minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> {
@@ -70,22 +68,20 @@ in {
         imports = [ test-config ];
         environment.variables = {
           NIX_PATH = mkForce "nixpkgs=${<nixpkgs>}";
-          #LOL = minimalSystem;
         };
         services.openssh.enable = true;
         users.extraUsers.root.openssh.authorizedKeys.keys = [
           pubKey
         ];
-        #virtualisation.writableStore = true;
         virtualisation.pathsInNixDB = [
           minimalSystem
-          pkgs.stockholm
         ];
+        environment.systemPackages = [ pkgs.git ];
       };
 
     client =
-      { config, pkgs, ... }: { };
+      { config, pkgs, ... }:
-
+      { };
   };
 
   testScript = ''

lass/1systems/helios/config.nix

@@ -120,8 +120,6 @@ with import <stockholm/lib>;
     ];
   };
 
-  programs.ssh.startAgent = lib.mkForce true;
-
   services.tlp.enable = true;
 
   services.xserver.videoDrivers = [ "nvidia" ];

lass/1systems/prism/config.nix

@@ -234,8 +234,7 @@ in {
     }
     <stockholm/lass/2configs/exim-smarthost.nix>
     <stockholm/lass/2configs/ts3.nix>
-    <stockholm/lass/2configs/bitlbee.nix>
+    <stockholm/lass/2configs/IM.nix>
-    <stockholm/lass/2configs/weechat.nix>
     <stockholm/lass/2configs/privoxy-retiolum.nix>
     <stockholm/lass/2configs/radio.nix>
     <stockholm/lass/2configs/repo-sync.nix>

lass/2configs/IM.nix

@@ -0,0 +1,57 @@
+with (import <stockholm/lib>);
+{ config, lib, pkgs, ... }:
+
+let
+  tmux = pkgs.writeDash "tmux" ''
+    exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
+      set-option -g prefix `
+      unbind-key C-b
+      bind ` send-prefix
+
+      set-option -g status off
+      set-option -g default-terminal screen-256color
+
+      #use session instead of windows
+      bind-key c new-session
+      bind-key p switch-client -p
+      bind-key n switch-client -n
+      bind-key C-s switch-client -l
+    ''} "$@"
+  '';
+in {
+
+  users.extraUsers.chat = {
+    home = "/home/chat";
+    uid = genid "chat";
+    useDefaultShell = true;
+    createHome = true;
+    openssh.authorizedKeys.keys = with config.krebs.users; [
+      lass.pubkey
+      lass-shodan.pubkey
+      lass-icarus.pubkey
+      lass-android.pubkey
+    ];
+  };
+
+  # mosh
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
+    { predicate = "-p tcp --dport 9999"; target = "ACCEPT";}
+  ];
+
+  systemd.services.chat = {
+    description = "chat environment setup";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    restartIfChanged = false;
+
+    serviceConfig = {
+      User = "chat";
+      RemainAfterExit = true;
+      Type = "oneshot";
+      ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
+      ExecStop = "${tmux} kill-session -t IM";
+    };
+  };
+}

lass/2configs/baseX.nix

@@ -53,7 +53,7 @@ in {
 
   time.timeZone = "Europe/Berlin";
 
-  programs.ssh.startAgent = false;
+  programs.ssh.startAgent = true;
   services.openssh.forwardX11 = true;
 
   services.printing = {

lass/2configs/bitlbee.nix

@@ -1,12 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  services.bitlbee = {
-    enable = true;
-    portNumber = 6666;
-    plugins = [
-      pkgs.bitlbee-facebook
-      pkgs.bitlbee-steam
-    ];
-  };
-}

lass/2configs/default.nix

@@ -1,5 +1,5 @@
-{ config, pkgs, ... }:
 with import <stockholm/lib>;
+{ config, pkgs, ... }:
 {
   imports = [
     ../2configs/binary-cache/client.nix
@@ -78,7 +78,7 @@ with import <stockholm/lib>;
 
   users.mutableUsers = false;
 
-  services.timesyncd.enable = true;
+  services.timesyncd.enable = mkForce true;
 
   #why is this on in the first place?
   services.nscd.enable = false;

lass/2configs/exim-smarthost.nix

@@ -49,6 +49,11 @@ with import <stockholm/lib>;
       { from = "aliexpress@lassul.us"; to = lass.mail; }
       { from = "business@lassul.us"; to = lass.mail; }
       { from = "payeer@lassul.us"; to = lass.mail; }
+      { from = "github@lassul.us"; to = lass.mail; }
+      { from = "bitwala@lassul.us"; to = lass.mail; }
+      { from = "bitstamp@lassul.us"; to = lass.mail; }
+      { from = "bitcoin.de@lassul.us"; to = lass.mail; }
+      { from = "ableton@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }

lass/2configs/reaktor-coders.nix

@@ -21,6 +21,7 @@ with import <stockholm/lib>;
         -XFlexibleInstances -XMultiParamTypeClasses \
         -XOverloadedStrings -XFunctionalDependencies \'';
     in [
+      sed-plugin
       url-title
       (buildSimpleReaktorPlugin "lambdabot-pl" {
         pattern = "^@pl (?P<args>.*)$$";
@@ -64,8 +65,7 @@ with import <stockholm/lib>;
       })
       (buildSimpleReaktorPlugin "random-unicorn-porn" {
         pattern = "^!rup$$";
-        script = pkgs.writePython2 "rup" ''
+        script = pkgs.writePython2 [] "rup" ''
-          #!${pkgs.python2}/bin/python
           t1 = """
                               _.
                            ;=',_ ()

lass/2configs/vim.nix

@@ -103,7 +103,6 @@ let
     cnoreabbrev Ack Ack!
 
     " copy/paste from/to xclipboard
-    noremap x "_x
     set clipboard=unnamedplus
   '';
 

lass/2configs/weechat.nix

@@ -1,47 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  inherit (import <stockholm/lib>) genid;
-in {
-  krebs.per-user.chat.packages = with pkgs; [
-    mosh
-    weechat
-  ];
-
-  users.extraUsers.chat = {
-    home = "/home/chat";
-    uid = genid "chat";
-    useDefaultShell = true;
-    createHome = true;
-    openssh.authorizedKeys.keys = with config.krebs.users; [
-      lass.pubkey
-      lass-shodan.pubkey
-      lass-icarus.pubkey
-      lass-android.pubkey
-    ];
-  };
-
-  # mosh
-  krebs.iptables.tables.filter.INPUT.rules = [
-    { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
-  ];
-
-  #systemd.services.chat = {
-  #  description = "chat environment setup";
-  #  after = [ "network.target" ];
-  #  wantedBy = [ "multi-user.target" ];
-
-  #  path = with pkgs; [
-  #    weechat
-  #    tmux
-  #  ];
-
-  #  restartIfChanged = true;
-
-  #  serviceConfig = {
-  #    User = "chat";
-  #    Restart = "always";
-  #    ExecStart = "${pkgs.tmux}/bin/tmux new -s IM weechat";
-  #  };
-  #};
-}

lass/3modules/news.nix

@@ -38,7 +38,7 @@ let
     };
     ircServer = mkOption {
       type = types.str;
-      default = "echelon.r";
+      default = "localhost";
       description = "to which server the bot should connect";
     };
   };

lass/5pkgs/xmonad-lass.nix

@@ -66,7 +66,7 @@ main' = do
             { terminal           = myTerm
             , modMask            = mod4Mask
             , layoutHook         = smartBorders $ myLayoutHook
-            , manageHook         = placeHook (smart (1,0)) <+> floatNextHook
+            , manageHook         = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks
             , startupHook =
                 whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
                           (\path -> forkFile path [] Nothing)
@@ -80,6 +80,14 @@ myLayoutHook = defLayout
   where
     defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
 
+floatHooks = composeAll . concat $
+    [ [ title =? t --> doFloat | t <- myTitleFloats]
+    , [ className =? c --> doFloat | c <- myClassFloats ] ]
+  where
+      myTitleFloats = [] -- for the KDE "open link" popup from konsole
+      myClassFloats = ["Pinentry"] -- for gpg passphrase entry
+
+
 myKeyMap :: [([Char], X ())]
 myKeyMap =
     [ ("M4-<F11>", spawn "${config.lass.screenlock.command}")

lass/source.nix

@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
         url = https://github.com/nixos/nixpkgs;
-        ref = "53e6d67";
+        ref = "3aec59c";
       };
       secrets = getAttr builder {
         buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;

makefu/1systems/fileleech/config.nix

@@ -6,18 +6,18 @@ let
   rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
   rootPartition = rootDisk + "-part3";
 
-	dataDisks =  let
+  dataDisks =  let
-		idpart = dev: byid  dev + "-part1";
+    idpart = dev: byid  dev + "-part1";
-	in [
+  in [
-		{ name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";}
+    { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";}
-	  {	name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";}
+    { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";}
-	  {	name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";}
+    { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";}
-	  {	name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";}
+    { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";}
-	  {	name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";}
+    { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";}
-	  {	name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";}
+    { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";}
-	  {	name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";}
+    { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";}
-	  {	name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity
+    { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity
-	];
+  ];
 
   disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks;
 in {
@@ -25,13 +25,13 @@ in {
       <stockholm/makefu>
       <stockholm/makefu/2configs/tinc/retiolum.nix>
       <stockholm/makefu/2configs/disable_v6.nix>
-      # <stockholm/makefu/2configs/torrent.nix>
+      <stockholm/makefu/2configs/torrent.nix>
       <stockholm/makefu/2configs/fs/sda-crypto-root.nix>
 
       #<stockholm/makefu/2configs/elchos/irc-token.nix>
-      <stockholm/makefu/2configs/elchos/log.nix>
+      # <stockholm/makefu/2configs/elchos/log.nix>
-      <stockholm/makefu/2configs/elchos/search.nix>
+      # <stockholm/makefu/2configs/elchos/search.nix>
-      <stockholm/makefu/2configs/elchos/stats.nix>
+      # <stockholm/makefu/2configs/elchos/stats.nix>
 
     ];
   systemd.services.grafana.serviceConfig.LimitNOFILE=10032;
@@ -42,8 +42,8 @@ in {
       enable = true;
       build.host = config.krebs.hosts.fileleech;
   };
-	# git clone https://github.com/makefu/docker-pyload
+  # git clone https://github.com/makefu/docker-pyload
-	# docker build .
+  # docker build .
   # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P docker-pyload
 
   virtualisation.docker.enable = true; # for pyload
@@ -60,7 +60,7 @@ in {
   ];
   services.nginx.virtualHosts._download = {
     default = true;
-    root = "/media/cryptX";
+    root = config.makefu.dl-dir;
     extraConfig = ''
       autoindex on;
     '';
@@ -80,10 +80,11 @@ in {
   services.sabnzbd.enable = true;
   systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
 
+  # TODO use users.motd and pam.services.sshd.showMotd
   services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" ''
     Services:
-      ssh://download@fileleech - ssh via filebitch.shack
+      ssh://download@fileleech - ssh via filebitch
-      ftp://download@fileleech - access to /media/cryptX
+      ftp://download@fileleech - access to ${config.makefu.dl-dir}
       http://fileleech:8112 - rutorrent
       http://fileleech:8113 - pyload
       https://fileleech:9090 - sabnzb
@@ -104,13 +105,13 @@ in {
     cryptMount = name:
       { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
   in  cryptMount "crypt0"
-		// cryptMount "crypt1"
+    // cryptMount "crypt1"
-		// cryptMount "crypt2"
+    // cryptMount "crypt2"
-		// cryptMount "crypt3"
+    // cryptMount "crypt3"
-		// cryptMount "crypt4"
+    // cryptMount "crypt4"
-		// cryptMount "crypt5"
+    // cryptMount "crypt5"
-		// cryptMount "crypt6"
+    // cryptMount "crypt6"
-		// cryptMount "crypt7"
+    // cryptMount "crypt7"
 
     # this entry sometimes creates issues
     // { "/media/cryptX" = {
@@ -121,10 +122,10 @@ in {
         }
 
     ;
+  makefu.dl-dir = "/media/cryptX";
   users.users.download = {
     useDefaultShell = true;
     #  name = "download";
-    home = "/media/cryptX/";
     #  createHome = true;
     openssh.authorizedKeys.keys = [
       config.krebs.users.makefu.pubkey
@@ -132,7 +133,7 @@ in {
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13"
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local"
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de"
-			"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius"
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClaVl9Fwp4wdGLeTZdfy5MpJf+hM6fpL1k6UmtYXWgVYU7tgmStdlpLlbyMQspoFRtT7/76n4kPwCmM0c82xNXaJJMuWa98pwMp+bAwSSdOGAP/vjfzL/TUAX+Xtrw6ehF7r1O+zqw/E/bWt6UezKj08wDLWjByzdDQwslJV6lrGek4mmYRdgmHHeZ1oG89ePEZJZOM6jcZqv0AfIj0NID3ir9Z0kz9uSSXb1279Qt4953mfjs5xwhtc1B7vrxJ3qtTZUsBoAkUkLeulUEIjkfn60wvDGu/66GP5ZClXyk2gck/ZNmtFYrQoqx9EtF1KK02cC17A0nfRySQy5BnfWn root@filebitch"
     ];
   };
@@ -142,15 +143,19 @@ in {
     parity = toMapper 7;
   };
   networking.nameservers = [ "8.8.8.8" ];
-  #networking.interfaces.enp6s0f0.ip4 = [{
+  # SPF
-  #    address = "151.217.173.20";
+  networking.defaultGateway = "151.217.176.1";
-  #    prefixLength = 22;
+  networking.interfaces.enp6s0f0.ip4 = [{
-  #}];
+      address = "151.217.178.63";
-  #networking.defaultGateway = "151.217.172.1";
+      prefixLength = 22;
+  }];
+
+  # Gigabit
   networking.interfaces.enp8s0f1.ip4 = [{
       address = "192.168.126.1";
       prefixLength = 24;
   }];
+
   #interfaces.enp6s0f1.ip4 = [{
   #  address = external-ip;
   #  prefixLength = 22;

makefu/1systems/gum/config.nix

@@ -48,9 +48,15 @@ in {
       <stockholm/makefu/2configs/share/gum.nix>
       # <stockholm/makefu/2configs/sabnzbd.nix>
       <stockholm/makefu/2configs/torrent.nix>
-      <stockholm/makefu/2configs/iodined.nix>
+      <stockholm/makefu/2configs/mosh.nix>
+
+      # network
       <stockholm/makefu/2configs/vpn/openvpn-server.nix>
+      <stockholm/makefu/2configs/vpn/vpnws/server.nix>
       <stockholm/makefu/2configs/dnscrypt/server.nix>
+      <stockholm/makefu/2configs/iodined.nix>
+
+      # buildbot
       <stockholm/makefu/2configs/remote-build/slave.nix>
 
       ## Web
@@ -103,15 +109,16 @@ in {
       #}
       { # wireguard server
         networking.firewall.allowedUDPPorts = [ 51820 ];
-        #networking.wireguard.interfaces.wg0 = {
+        networking.wireguard.interfaces.wg0 = {
-        #  ips = [ "10.244.0.1/24" ];
+          ips = [ "10.244.0.1/24" ];
-        #  privateKeyFile = (toString <secrets>) + "/wireguard.key";
+          privateKeyFile = (toString <secrets>) + "/wireguard.key";
-        #  allowedIPsAsRoutes = true;
+          allowedIPsAsRoutes = true;
-        #  peers = [{
+          peers = [{
-        #    allowedIPs = [ "0.0.0.0/0" "::/0" ];
+            # allowedIPs = [ "0.0.0.0/0" "::/0" ];
-        #    publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
+            allowedIPs = [ "10.244.0.2/32" ];
-        #  }];
+            publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
-        #};
+          }];
+        };
       }
 
   ];

makefu/1systems/omo/config.nix

@@ -47,6 +47,7 @@ in {
       <stockholm/makefu/2configs/exim-retiolum.nix>
       <stockholm/makefu/2configs/smart-monitor.nix>
       <stockholm/makefu/2configs/mail-client.nix>
+      <stockholm/makefu/2configs/mosh.nix>
       # <stockholm/makefu/2configs/disable_v6.nix>
       #<stockholm/makefu/2configs/graphite-standalone.nix>
       #<stockholm/makefu/2configs/share-user-sftp.nix>

makefu/1systems/vbob/config.nix

@@ -3,37 +3,57 @@
   krebs.build.host = config.krebs.hosts.vbob;
   makefu.awesome.modkey = "Mod1";
   imports =
-    [ # Include the results of the hardware scan.
+    [
       <stockholm/makefu>
-      (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
+      {
-      (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
+        imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
+        boot.loader.grub.device = "/dev/vda";
+      }
+      # {
+      #   imports = [
+      #     <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
+      #   ];
+      #   virtualbox.baseImageSize = 35 * 1024;
+      #   fileSystems."/media/share" = {
+      #     fsType = "vboxsf";
+      #     device = "share";
+      #     options = [ "rw" "uid=9001" "gid=9001" ];
+      #   };
+      # }
+
+      # {
+      #   imports = [
+      #     <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
+      #   ];
+      #   fileSystems."/nix" = {
+      #     device ="/dev/disk/by-label/nixstore";
+      #     fsType = "ext4";
+      #   };
+      # }
+
+
       # base gui
-      <stockholm/makefu/2configs/main-laptop.nix>
+      # <stockholm/makefu/2configs/main-laptop.nix>
+      # <stockholm/makefu/2configs/tools/core-gui.nix>
+
+      <stockholm/makefu/2configs/zsh-user.nix>
 
       # security
       <stockholm/makefu/2configs/sshd-totp.nix>
 
       # Tools
       <stockholm/makefu/2configs/tools/core.nix>
-      <stockholm/makefu/2configs/tools/core-gui.nix>
       <stockholm/makefu/2configs/tools/dev.nix>
-      <stockholm/makefu/2configs/tools/extra-gui.nix>
+      # <stockholm/makefu/2configs/tools/extra-gui.nix>
-      <stockholm/makefu/2configs/tools/sec.nix>
+      # <stockholm/makefu/2configs/tools/sec.nix>
 
       # environment
       <stockholm/makefu/2configs/tinc/retiolum.nix>
 
-      <stockholm/makefu/2configs/audio/jack-on-pulse.nix>
-      <stockholm/makefu/2configs/audio/realtime-audio.nix>
-
     ];
   networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
 
   nixpkgs.config.allowUnfree = true;
-  fileSystems."/nix" = {
-    device ="/dev/disk/by-label/nixstore";
-    fsType = "ext4";
-  };
 
   # allow vbob to deploy self
   users.extraUsers = {
@@ -45,9 +65,13 @@
   environment.shellAliases = {
     forti  = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
   };
-  # TODO: for forticleintsslpn
+
-  #       ln -s /r/current-system/sw/bin/pppd /usr/sbin/pppd
+  system.activationScripts.prepare-fortclientvpnssl = ''
-  #       ln -s /r/current-system/sw/bin/tail /usr/bin/tail
+    # TODO: for forticlientsslpn
+    mkdir -p /usr/{s,}bin
+    ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
+    ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
+  '';
   environment.systemPackages = with pkgs;[
     fortclientsslvpn ppp xclip
     get
@@ -55,7 +79,6 @@
   #  docker
     #devpi-web
     #devpi-client
-    debmirror
     ansible
   ];
   # virtualisation.docker.enable = true;
@@ -67,10 +90,5 @@
     8010
   ];
 
-  fileSystems."/media/share" = {
-    fsType = "vboxsf";
-    device = "share";
-    options = [ "rw" "uid=9001" "gid=9001" ];
-  };
 
 }

makefu/1systems/vbob/source.nix

@@ -1,4 +1,4 @@
 import <stockholm/makefu/source.nix> {
   name="vbob";
-  musnix = true;
+  # musnix = true;
 }

makefu/1systems/wbob/config.nix

@@ -32,10 +32,13 @@ in {
       <stockholm/makefu/2configs/remote-build/slave.nix>
       <stockholm/makefu/2configs/share/wbob.nix>
 
+      # Sensors
       <stockholm/makefu/2configs/stats/telegraf>
       <stockholm/makefu/2configs/deployment/led-fader.nix>
       <stockholm/makefu/2configs/stats/external/aralast.nix>
       <stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
+      # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
+
       <stockholm/makefu/2configs/deployment/bureautomation>
       (let
           collectd-port = 25826;

makefu/1systems/x/config.nix

@@ -60,7 +60,6 @@ with import <stockholm/lib>;
       # Hardware
       <stockholm/makefu/2configs/hw/tp-x230.nix>
       <stockholm/makefu/2configs/hw/rtl8812au.nix>
-      <stockholm/makefu/2configs/hw/exfat-nofuse.nix>
       <stockholm/makefu/2configs/hw/wwan.nix>
       # <stockholm/makefu/2configs/hw/stk1160.nix>
       # <stockholm/makefu/2configs/rad1o.nix>

makefu/1systems/x/source.nix

@@ -1,5 +1,7 @@
 import <stockholm/makefu/source.nix> {
   name="x";
   full = true;
+  python = true;
+  hw = true;
   # torrent = true;
 }

makefu/2configs/hw/exfat-nofuse.nix

@@ -1,4 +0,0 @@
-{ config, ... }:
-{
-  boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
-}

makefu/2configs/hw/tp-x230.nix

@@ -3,38 +3,14 @@
 with import <stockholm/lib>;
 {
 
-  imports = [ ./tp-x2x0.nix ];
+  imports = [ ./tp-x2x0.nix  <nixos-hardware/lenovo/thinkpad/x230> ];
-  boot = {
-    # tp-smapi is not supported bt x230 anymore
-    kernelModules = [
-      "kvm-intel"
-      "thinkpad_ec"
-      "acpi_call"
-   #   "thinkpad_acpi"
-   #   "tpm-rng"
-    ];
-    extraModulePackages = [
-      config.boot.kernelPackages.acpi_call
-    ];
-    # support backlight adjustment
-    kernelParams = [ "acpi_osi=Linux" "acpi_backlight=vendor" ];
-  };
 
   # configured media keys inside awesomerc
   # sound.mediaKeys.enable = true;
   hardware.bluetooth.enable = true;
 
-  services.acpid.enable = true;
+  # possible i915 powersave options:
-  hardware.opengl.extraPackages =  [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
+  #  options i915 enable_rc6=1 enable_fbc=1 semaphores=1
-  services.xserver = {
-    videoDriver = "intel";
-    deviceSection = ''
-      Option "AccelMethod" "sna"
-      Option "Backlight"     "intel_backlight"
-    '';
-  };
-
-  security.rngd.enable = true;
 
   services.xserver.displayManager.sessionCommands =''
     xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1

makefu/2configs/hw/tp-x2x0.nix

@@ -5,6 +5,11 @@ with import <stockholm/lib>;
   imports = [
     ./tpm.nix
   ];
+
+  boot.kernelModules = [
+    "kvm-intel"
+  ];
+
   networking.wireless.enable = lib.mkDefault true;
 
   hardware.enableAllFirmware = true;
@@ -17,6 +22,8 @@ with import <stockholm/lib>;
 
   # enable synaptics so we can easily disable the touchpad
   #   enable the touchpad with `synclient TouchpadOff=0`
+
+  services.xserver.libinput.enable = false;
   services.xserver.synaptics = {
     enable = true;
     additionalOptions = ''Option "TouchpadOff" "1"'';

makefu/2configs/mosh.nix

@@ -0,0 +1,3 @@
+{
+  programs.mosh.enable = true;
+}

makefu/2configs/remote-build/master.nix

@@ -8,7 +8,7 @@ in {
   {   inherit hostName sshKey;
       sshUser = "nixBuild";
       system = "x86_64-linux";
-      maxJobs = 1;
+      maxJobs = 8;
-  }) [ "omo.r"  "gum.r" "latte.r" ];
+  }) [ "hotdog.r" ];
-  # puyak.r "wbob.r"
+  # puyak.r "wbob.r" "omo.r"  "gum.r" "latte.r"
 }

makefu/2configs/stats/telegraf/airsensor.nix

@@ -1,11 +1,36 @@
 { pkgs, ...}:
-
+let
-{
+  genTopic = name: topic: tags: {
+      servers = [ "tcp://localhost:1883" ];
+      qos = 0;
+      connection_timeout = "30s";
+      topics = [ topic ];
+      tags = tags;
+      persistent_session = false;
+      name_override = name;
+      data_format = "value";
+      data_type = "float";
+    };
+  bamStat = stat:   # Temperature or Humidity
+            host:   # easy{1-4}
+            sensor: # dht11, dht22, ds18
+            (genTopic stat
+                      "/bam/${host}/${sensor}/${stat}"
+                      {"host" = host;
+                       "scope" = "bam";
+                       "sensor" = sensor;
+                      } );
+  dht22 = host: [(bamStat "Temperature" host "dht22")
+                 (bamStat "Humidity" host "dht22")];
+  dht11 = host: [(bamStat "Temperature" host "dht11")
+                 (bamStat "Humidity" host "dht11")];
+  ds18 = host:  [(bamStat "Temperature" host "ds18")];
+in {
   services.udev.extraRules = ''
     SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input"
   '';
   users.users.telegraf.extraGroups = [ "input" ];
-  services.telegraf.extraConfig.inputs.exec = [
+  services.telegraf.extraConfig.inputs.exec =  [
     {
       commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"];
       timeout = "10s";
@@ -16,4 +41,9 @@
       tags.unit="VOC";
     }
   ];
+  services.telegraf.extraConfig.inputs.mqtt_consumer =
+       (dht22 "easy1")
+    ++ (dht22 "easy2")
+    ++ (dht11 "easy3")
+    ++ (ds18  "easy3");
 }

makefu/2configs/stats/telegraf/bamstats.nix

@@ -0,0 +1,35 @@
+{ pkgs, ...}:
+
+let
+  genTopic = name: topic: tags: {
+      servers = [ "tcp://localhost:1883" ];
+      qos = 0;
+      connection_timeout = "30s";
+      topics = [ topic ];
+      tags = tags;
+      persistent_session = false;
+      name_override = name;
+      data_format = "value";
+      data_type = "float";
+    };
+  bamStat = stat:   # Temperature or Humidity
+            host:   # easy{1-4}
+            sensor: # dht11, dht22, ds18
+            (genTopic stat
+                      "/bam/${host}/${sensor}/${stat}"
+                      {"host" = host;
+                       "scope" = "bam";
+                       "sensor" = sensor;
+                      } );
+  dht22 = host: [(bamStat "Temperature" host "dht22")
+                 (bamStat "Humidity" host "dht22")];
+  dht11 = host: [(bamStat "Temperature" host "dht11")
+                 (bamStat "Humidity" host "dht11")];
+  ds18 = host:  [(bamStat "Temperature" host "ds18")];
+in {
+  services.telegraf.extraConfig.inputs.mqtt_consumer =
+       (dht22 "easy1")
+    ++ (dht22 "easy2")
+    ++ (dht11 "easy3")
+    ++ (ds18  "easy3");
+}

makefu/2configs/tools/all.nix

@@ -7,6 +7,7 @@
     ./extra-gui.nix
     ./games.nix
     ./media.nix
+    ./mobility.nix
     ./scanner-tools.nix
     ./sec.nix
     ./sec-gui.nix

makefu/2configs/tools/dev.nix

@@ -2,8 +2,9 @@
 
 {
   users.users.makefu.packages = with pkgs;[
-    python3Packages.virtualenv
+    python3
     python3Packages.pyserial
+    python3Packages.virtualenv
     # embedded
     gi
     flashrom
@@ -20,5 +21,7 @@
     gen-oath-safe
     cdrtools
     stockholm
+    # git-related
+    tig
   ];
 }

makefu/2configs/tools/mobility.nix

@@ -0,0 +1,9 @@
+{ config, pkgs, ... }:
+{
+  users.users.makefu.packages = with pkgs;[
+    go-mtpfs
+    mosh
+  ];
+
+  boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
+}

makefu/2configs/torrent.nix

@@ -8,13 +8,13 @@ let
   peer-port = 51412;
   web-port = 8112;
   daemon-port = 58846;
-  dl-dir = config.makefu.dl-dir;
+  torrent-dir = config.makefu.dl-dir;
 in {
 
   users.users = {
     download = {
       name = "download";
-      home = dl-dir;
+      home = torrent-dir;
       uid = mkDefault (genid "download");
       createHome = true;
       useDefaultShell = true;
@@ -26,9 +26,9 @@ in {
   # todo: race condition, do this after download user has been created
   system.activationScripts."download-dir-chmod" = ''
     for i in finished watch torrents; do
-      mkdir -p "${dl-dir}/$i"
+      mkdir -p "${torrent-dir}/$i"
-      chown download:download "${dl-dir}/$i"
+      chown download:download "${torrent-dir}/$i"
-      chmod 770 "${dl-dir}/$i"
+      chmod 770 "${torrent-dir}/$i"
     done
   '';
 
@@ -54,9 +54,8 @@ in {
     rutorrent.enable = true;
     enableXMLRPC = true;
     listenPort = peer-port;
-    downloadDir = dl-dir + "/finished";
+    workDir = torrent-dir;
     # dump old torrents into watch folder to have them re-added
-    watchDir = dl-dir +"/watch";
   };
 
   networking.firewall.extraCommands = ''

makefu/2configs/vpn/vpnws/client.nix

@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+{
+  users.users.makefu.packages = with pkgs; [ iproute vpn-ws ];
+  # vpn-ws-client  vpnws wss://localhost/vpn --no-verify --exec "ip link set vpnws up;ip addr add 10.244.1.2/24 dev vpnws"
+  networking.interfaces.vpnws = {
+    virtual = true;
+    virtualType = "tap";
+  };
+}

makefu/2configs/vpn/vpnws/server.nix

@@ -0,0 +1,42 @@
+{pkgs, options, ... }:
+let
+  pkg = pkgs.vpn-ws;
+  uid = "nginx";
+  gid = "nginx";
+  ip = "${pkgs.iproute}/bin/ip";
+  socket = "/run/vpn.sock";
+  htpasswd = (toString <secrets>) + "/vpn-ws-auth";
+  nginx-prepared-secrets = "/var/spool/nginx/vpn-ws-auth";
+in {
+  systemd.services.vpn-ws-auth-prepare = {
+    wantedBy = [ "multi-user.target" ];
+    before = [ "nginx.service" ];
+    script = "install -m700 -o${uid} -g${gid} ${htpasswd} ${nginx-prepared-secrets}";
+  };
+  services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = {
+    extraConfig = ''
+      auth_basic "please stand by...";
+      auth_basic_user_file ${nginx-prepared-secrets};
+      uwsgi_pass   unix:${socket};
+      include      ${pkgs.nginx}/conf/uwsgi_params;
+    '';
+  };
+
+  networking.interfaces.vpnws = {
+    virtual = true;
+    virtualType = "tap";
+  };
+  systemd.services.vpnws = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    serviceConfig = {
+      Restart = "always";
+      PrivateTmp = true;
+      ExecStartPre = pkgs.writeDash "vpnws-pre" ''
+        ${ip} link set vpnws up
+        ${ip} addr add 10.244.1.1/24 dev vpnws || :
+      '';
+      ExecStart = "${pkg}/bin/vpn-ws --uid ${uid} --gid ${gid} --tuntap vpnws ${socket}";
+    };
+  };
+}

makefu/5pkgs/vpn-ws/default.nix

@@ -0,0 +1,30 @@
+{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, openssl }:
+stdenv.mkDerivation rec {
+  pname = "vpn-ws";
+  version = "9d0e866";
+  name = "${pname}-${version}";
+
+  src = fetchFromGitHub {
+    owner = "unbit";
+    repo = "vpn-ws";
+    rev = version;
+    sha256 = "0k7338xxvg1k988zz3nb681nsqmfiik9bnkk7jmxjz7j0wfwq8nj";
+  };
+
+  patchPhase = ''
+    sed -i 's/-Werror//' Makefile
+  '';
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp vpn-ws vpn-ws-client $out/bin
+  '';
+
+  buildInputs = [ openssl.dev ];
+
+  meta = {
+    homepage = https://github.com/unbit/vpn-ws;
+    description = "A VPN system over websockets";
+    license = lib.licenses.mit;
+  };
+}

makefu/source.nix

@@ -4,7 +4,9 @@ host@{ name,
   secure ? false,
   full ? false,
   torrent ? false,
-  musnix ? false
+  hw ? false,
+  musnix ? false,
+  python ? false
 }:
 let
   builder = if getEnv "dummy_secrets" == "true"
@@ -45,6 +47,20 @@ in
         ref = "d8b989f";
       };
     })
+
+    (mkIf ( hw ) {
+      nixos-hardware.git = {
+        url = https://github.com/nixos/nixos-hardware.git;
+        ref = "8a05dc9";
+      };
+    })
+
+    (mkIf ( python ) {
+      python.git = {
+        url = https://github.com/garbas/nixpkgs-python;
+        ref = "cac319b";
+      };
+    })
     (mkIf ( torrent ) {
       torrent-secrets.file = getAttr builder {
         buildbot = toString <stockholm/makefu/6tests/data/secrets>;