7 files changed, 42 insertions, 8 deletions

diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
index 220e41d0a..86158c468 100644
--- a/lass/2configs/binary-cache/server.nix
+++ b/lass/2configs/binary-cache/server.nix
@@ -20,7 +20,14 @@
   services.nginx = {
     enable = true;
     virtualHosts.nix-serve = {
-      serverAliases = [ "cache.prism.r" "cache.krebsco.de" "cache.lassul.us" ];
+      serverAliases = [ "cache.prism.r" ];
+      locations."/".extraConfig = ''
+        proxy_pass http://localhost:${toString config.services.nix-serve.port};
+      '';
+    };
+    virtualHosts."cache.krebsco.de" = {
+      serverAliases = [ "cache.lassul.us" ];
+      enableACME = true;
       locations."/".extraConfig = ''
         proxy_pass http://localhost:${toString config.services.nix-serve.port};
       '';
diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
index be9f68c08..fba996743 100644
--- a/lass/2configs/blue-host.nix
+++ b/lass/2configs/blue-host.nix
@@ -23,6 +23,12 @@ in {
       '';
     }
   ];
+
+  system.activationScripts.containerPermissions = ''
+    mkdir -p /var/lib/containers
+    chmod 711 /var/lib/containers
+  '';
+
   containers.blue = {
     config = { ... }: {
       environment.systemPackages = [
@@ -74,6 +80,10 @@ in {
             source = "/var/lib/containers/.blue",
             host = "${host}.r",
             targetdir = "/var/lib/containers/.blue",
+            rsync = {
+              owner = true,
+              group = true,
+            };
             ssh = {
               binary = "${pkgs.openssh}/bin/ssh";
               identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa",
@@ -89,14 +99,15 @@ in {
   environment.systemPackages = [
     (pkgs.writeDashBin "start-blue" ''
       set -ef
-      if ping -c1 blue.r >/dev/null; then
-        echo 'blue is already running. bailing out'
-        exit 23
-      fi
       if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then
         ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue
       fi
       nixos-container start blue
+      nixos-container run blue -- nixos-rebuild -I /var/src dry-build
+      if ping -c1 blue.r >/dev/null; then
+        echo 'blue is already running. bailing out'
+        exit 23
+      fi
       nixos-container run blue -- nixos-rebuild -I /var/src switch
     '')
   ];
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index bf43ee7d1..9bb70d1c2 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -92,6 +92,7 @@ with import <stockholm/lib>;
       { from = "ccc@lassul.us"; to = lass.mail; }
       { from = "neocron@lassul.us"; to = lass.mail; }
       { from = "osmocom@lassul.us"; to = lass.mail; }
+      { from = "lesswrong@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index e756c3424..065ee9c42 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -7,7 +7,6 @@ in {
     enable = true;
     unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
     url = "prism/realwallpaper-krebs.png";
-    maxTime = 10;
   };
 }
 
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index b5bbea750..9ea91ae19 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -47,6 +47,7 @@ let
     ];
     dezentrale = [ "to:dezentrale.space" ];
     dhl = [ "to:dhl@lassul.us" ];
+    dn42 = [ "to:dn42@lists.nox.tf" ];
     eloop = [ "to:eloop.org" ];
     github = [ "to:github@lassul.us" ];
     gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index bf6855804..85faded14 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -62,8 +62,23 @@ in {
     extraConfig = ''
       audio_output {
         type        "shout"
+        encoding    "lame"
+        name        "the_playlist_mp3"
+        host        "localhost"
+        port        "8000"
+        mount       "/radio.mp3"
+        password    "${source-password}"
+        bitrate     "128"
+
+        format      "44100:16:2"
+
+        user        "source"
+        genre       "good music"
+      }
+      audio_output {
+        type        "shout"
         encoding    "ogg"
-        name        "the_playlist"
+        name        "the_playlist_ogg"
         host        "localhost"
         port        "8000"
         mount       "/radio.ogg"
diff --git a/lass/krops.nix b/lass/krops.nix
index c2669c8f2..d64454ea5 100644
--- a/lass/krops.nix
+++ b/lass/krops.nix
@@ -12,7 +12,7 @@
   ;
 
   source = { test }: lib.evalSource [
-    krebs-source
+    (krebs-source { test = test; })
     {
       nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
       secrets = if test then {