From 1b0161b595430812dee2a29396557a9cb289c4ea Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 11 Aug 2017 15:44:53 +0200
Subject: l nixpkgs: d9c85b3 -> 861b7e4

---
 lass/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/source.nix b/lass/source.nix
index 7d60730f1..cfd965989 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -19,6 +19,6 @@ in
       #   87a4615 & 334ac4f
       # + acme permissions for groups
       #   fd7a8f1
-      ref = "d9c85b3";
+      ref = "861b7e4";
     };
   }
-- 
cgit v1.2.3


From 68edc2d356adecd077330690dffccc73a9b3ffbf Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 11 Aug 2017 22:55:22 +0200
Subject: l skynet.r: fix host

---
 lass/1systems/skynet/config.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
index a48df02b9..b707f4388 100644
--- a/lass/1systems/skynet/config.nix
+++ b/lass/1systems/skynet/config.nix
@@ -42,7 +42,7 @@ with import <stockholm/lib>;
     }
   ];
 
-  krebs.build.host = config.krebs.hosts.daedalus;
+  krebs.build.host = config.krebs.hosts.skynet;
 
   #fileSystems = {
   #  "/bku" = {
-- 
cgit v1.2.3


From 3e6e26bad14accc1064c9c42f01fd29795994e91 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 12 Aug 2017 12:36:35 +0200
Subject: l nixpkgs: 861b7e4 -> ac13f30

---
 lass/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/source.nix b/lass/source.nix
index cfd965989..219e3d5fc 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -19,6 +19,6 @@ in
       #   87a4615 & 334ac4f
       # + acme permissions for groups
       #   fd7a8f1
-      ref = "861b7e4";
+      ref = "ac13f30";
     };
   }
-- 
cgit v1.2.3


From b675f02e46abcafd642a91f0a35826165ecec3e1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 13 Aug 2017 01:45:52 +0200
Subject: RIP cloudkrebs.r

---
 krebs/3modules/lass/default.nix     | 33 ---------------------------------
 lass/1systems/cloudkrebs/config.nix | 34 ----------------------------------
 lass/1systems/cloudkrebs/source.nix |  3 ---
 3 files changed, 70 deletions(-)
 delete mode 100644 lass/1systems/cloudkrebs/config.nix
 delete mode 100644 lass/1systems/cloudkrebs/source.nix

diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 4e50ef577..cae0d1f37 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -128,39 +128,6 @@ with import <stockholm/lib>;
       };
       managed = false;
     };
-    cloudkrebs = {
-      cores = 1;
-      nets = rec {
-        internet = {
-          ip4.addr = "104.167.113.104";
-          aliases = [
-            "cloudkrebs.i"
-          ];
-          ssh.port = 45621;
-        };
-        retiolum = {
-          via = internet;
-          ip4.addr = "10.243.206.102";
-          ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f762";
-          aliases = [
-            "cloudkrebs.r"
-            "cgit.cloudkrebs.r"
-          ];
-          tinc.pubkey = ''
-            -----BEGIN RSA PUBLIC KEY-----
-            MIIBCgKCAQEAttUygCu7G6lIA9y+9rfTpLKIy2UgNDglUVoKZYLs8JPjtAtQVbtA
-            OcWwwPc8ijLQvwJWa8e/shqSzSIrtOe+HJbRGdXLdBLtOuLKpz+ZFHcS+95RS5aF
-            QTehg+QY7pvhbrrwKX936tkMR568suTQG6C8qNC/5jWYO/wIxFMhnQ2iRRKQOq1v
-            3aGGPC16KeXKVioY9KoV98S3n1rZW1JK07CIsZU4qb5txtLlW6FplJ7UmhVku1WC
-            sgOOj9yi6Zk1t8R2Pwv9gxa3Hc270voj5U+I2hgLV/LjheE8yhQgYHEA4vXerPdO
-            TGSATlSmMtE2NYGrKsLM7pKn286aSpXinwIDAQAB
-            -----END RSA PUBLIC KEY-----
-          '';
-        };
-      };
-      ssh.privkey.path = <secrets/ssh.id_ed25519>;
-      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7oYx7Lbkc0wPYNp92LQF93DCtxsGzOkVD91FJQzVZl";
-    };
     uriel = {
       cores = 1;
       nets = {
diff --git a/lass/1systems/cloudkrebs/config.nix b/lass/1systems/cloudkrebs/config.nix
deleted file mode 100644
index aa9a1f1ab..000000000
--- a/lass/1systems/cloudkrebs/config.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway;
-  ip = config.krebs.build.host.nets.internet.ip4.addr;
-in {
-  imports = [
-    <stockholm/lass>
-    <stockholm/lass/2configs/retiolum.nix>
-    <stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix>
-    <stockholm/lass/2configs/exim-retiolum.nix>
-    <stockholm/lass/2configs/git.nix>
-    <stockholm/lass/2configs/realwallpaper.nix>
-    <stockholm/lass/2configs/privoxy-retiolum.nix>
-    {
-      networking.interfaces.enp2s1.ip4 = [
-        {
-          address = ip;
-          prefixLength = 24;
-        }
-      ];
-      networking.defaultGateway = getDefaultGateway ip;
-      networking.nameservers = [
-        "8.8.8.8"
-      ];
-
-    }
-    {
-      sound.enable = false;
-    }
-  ];
-
-  krebs.build.host = config.krebs.hosts.cloudkrebs;
-}
diff --git a/lass/1systems/cloudkrebs/source.nix b/lass/1systems/cloudkrebs/source.nix
deleted file mode 100644
index 99e71e755..000000000
--- a/lass/1systems/cloudkrebs/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/lass/source.nix> {
-  name = "cloudkrebs";
-}
-- 
cgit v1.2.3


From 708ae822b035c8b0ff7cd67fea6bee14079f0e40 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 13 Aug 2017 11:16:23 +0200
Subject: l newsbot-js: fix some feeds

---
 lass/2configs/newsbot-js.nix | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix
index 070795d14..9983fd567 100644
--- a/lass/2configs/newsbot-js.nix
+++ b/lass/2configs/newsbot-js.nix
@@ -28,8 +28,6 @@ let
     chan_b|https://boards.4chan.org/b/index.rss|#brainfuck
     chan_biz|https://boards.4chan.org/biz/index.rss|#news #brainfuck
     chan_int|https://boards.4chan.org/int/index.rss|#news #brainfuck
-    coinspotting|http://coinspotting.com/rss|#news #financial
-    cryptocoinsnews|http://www.cryptocoinsnews.com/feed/|#news #financial
     cryptogon|http://www.cryptogon.com/?feed=rss2|#news
     csm|http://rss.csmonitor.com/feeds/csm|#news
     csm_world|http://rss.csmonitor.com/feeds/world|#news
@@ -98,7 +96,6 @@ let
     presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#news #bullerei
     presseportal|http://www.presseportal.de/rss/presseportal.rss2|#news
     prisonplanet|http://prisonplanet.com/feed.rss|#news
-    proofmarket|https://proofmarket.org/feed_problem|#news
     rawstory|http://www.rawstory.com/rs/feed/|#news
     reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#news #brainfuck
     reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#news
@@ -114,7 +111,7 @@ let
     sciencemag|http://news.sciencemag.org/rss/current.xml|#news
     scmp|http://www.scmp.com/rss/91/feed|#news
     sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#news
-    shackspace|http://shackspace.de/?feed=rss2|#news
+    shackspace|http://blog.shackspace.de/?feed=rss2|#news
     shz_news|http://www.shz.de/nachrichten/newsticker/rss|#news
     sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#news
     sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#news
-- 
cgit v1.2.3


From 82e715bf20c1e830879f0767477a97884c3ea61e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 Aug 2017 22:28:45 +0200
Subject: l nixpkgs: ac13f30 -> 60dc02d

---
 lass/source.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lass/source.nix b/lass/source.nix
index 219e3d5fc..8430ecb16 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -13,12 +13,12 @@ in
     };
     stockholm.file = toString <stockholm>;
     nixpkgs.git = {
-      url = https://cgit.lassul.us/nixpkgs;
+      url = http://cgit.lassul.us/nixpkgs;
       # nixos-17.03
       # + copytoram:
       #   87a4615 & 334ac4f
       # + acme permissions for groups
       #   fd7a8f1
-      ref = "ac13f30";
+      ref = "60dc02d";
     };
   }
-- 
cgit v1.2.3


From 2a03084240be70f186abe731d4e22ba1a0464154 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 Aug 2017 23:32:27 +0200
Subject: l newsbot-js: sort feeds

---
 lass/2configs/newsbot-js.nix | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix
index 9983fd567..5e028a3fb 100644
--- a/lass/2configs/newsbot-js.nix
+++ b/lass/2configs/newsbot-js.nix
@@ -15,7 +15,6 @@ let
     bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#news #bundestag
     bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#news
     bitcoinpakistan|https://bitcoinspakistan.com/feed/|#news #financial
-    c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news
     cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news
     carta|http://feeds2.feedburner.com/carta-standard-rss|#news
     catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#news
@@ -27,7 +26,11 @@ let
     ccc|http://www.ccc.de/rss/updates.rdf|#news
     chan_b|https://boards.4chan.org/b/index.rss|#brainfuck
     chan_biz|https://boards.4chan.org/biz/index.rss|#news #brainfuck
+    chan_g|https://boards.4chan.org/g/index.rss|#news
     chan_int|https://boards.4chan.org/int/index.rss|#news #brainfuck
+    chan_sci|https://boards.4chan.org/sci/index.rss|#news
+    chan_x|https://boards.4chan.org/x/index.rss|#news
+    c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news
     cryptogon|http://www.cryptogon.com/?feed=rss2|#news
     csm|http://rss.csmonitor.com/feeds/csm|#news
     csm_world|http://rss.csmonitor.com/feeds/world|#news
@@ -61,6 +64,7 @@ let
     greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#news
     guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#news
     gulli|http://ticker.gulli.com/rss/|#news
+    hackernews|https://news.ycombinator.com/rss|#news
     handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news #financial
     heise|https://www.heise.de/newsticker/heise-atom.xml|#news
     hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial
@@ -100,7 +104,12 @@ let
     reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#news #brainfuck
     reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#news
     reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#news #financial
+    reddit_consp|http://reddit.com/r/conspiracy/.rss|#news
+    reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
+    reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
     reddit_prog|http://www.reddit.com/r/programming/new/.rss|#news
+    reddit_sci|http://www.reddit.com/r/science/.rss|#news
+    reddit_tech|http://www.reddit.com/r/technology/.rss|#news
     reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#news #tpp
     reddit_world|http://www.reddit.com/r/worldnews/.rss|#news
     r-ethereum|http://www.reddit.com/r/ethereum/.rss|#news
@@ -156,16 +165,6 @@ let
     wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#news
     xkcd|https://xkcd.com/rss.xml|#news
     zdnet|http://www.zdnet.com/news/rss.xml|#news
-
-    chan_g|https://boards.4chan.org/g/index.rss|#news
-    chan_x|https://boards.4chan.org/x/index.rss|#news
-    chan_sci|https://boards.4chan.org/sci/index.rss|#news
-    reddit_consp|http://reddit.com/r/conspiracy/.rss|#news
-    reddit_sci|http://www.reddit.com/r/science/.rss|#news
-    reddit_tech|http://www.reddit.com/r/technology/.rss|#news
-    reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
-    reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
-    hackernews|https://news.ycombinator.com/rss|#news
   '';
 in {
   environment.systemPackages = [
-- 
cgit v1.2.3


From 22b94883629dd81d87c61695a3d54edd62458af2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 Aug 2017 23:34:53 +0200
Subject: l mors.r: remove thunderbird

---
 lass/1systems/mors/config.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 2cb6a7519..5bc52d633 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -139,7 +139,6 @@ with import <stockholm/lib>;
     urban
     mk_sql_pair
     remmina
-    thunderbird
 
     iodine
 
-- 
cgit v1.2.3


From 82a01f5e7abc1009ee406f4a48e2a9d7794e50ae Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 Aug 2017 23:37:40 +0200
Subject: l: add radio@lassul.us

---
 lass/2configs/exim-smarthost.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 728e265f6..611e1b9da 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -40,6 +40,7 @@ with import <stockholm/lib>;
       { from = "patreon@lassul.us"; to = lass.mail; }
       { from = "steam@lassul.us"; to = lass.mail; }
       { from = "securityfocus@lassul.us"; to = lass.mail; }
+      { from = "radio@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }
-- 
cgit v1.2.3


From 74bff93dbea3c2b8ef1d9f5c2fe7976a1b0df6d3 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 15 Aug 2017 21:54:15 +0200
Subject: rsync-filter: protect .version-suffix

This reduces rsync noice in populate.
---
 .rsync-filter | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.rsync-filter b/.rsync-filter
index d7657cd00..364a79864 100644
--- a/.rsync-filter
+++ b/.rsync-filter
@@ -1,2 +1,3 @@
 - /.git
 - /.graveyard
+P /.version-suffix
-- 
cgit v1.2.3


From f8762c3ce88ed3881cabcaa06c43da4a11cbf698 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 15 Aug 2017 21:46:49 +0200
Subject: shell: restyle --force-populate

---
 shell.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/shell.nix b/shell.nix
index bc14fe7d8..196a53aa1 100644
--- a/shell.nix
+++ b/shell.nix
@@ -166,7 +166,7 @@ let
     eval set -- "$args"
     force_populate=false
     while :; do case $1 in
-      --force-populate) force_populate=true; shift;;
+         --force-populate) force_populate=true; shift;;
       -Q|--quiet) quiet=true; shift;;
       -s|--system) system=$2; shift 2;;
       -t|--target) target=$2; shift 2;;
-- 
cgit v1.2.3


From 28cc576852cf5acfc910c6b556edde6d15f40718 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 15 Aug 2017 21:42:40 +0200
Subject: shell: add --source= flag

---
 shell.nix | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/shell.nix b/shell.nix
index 196a53aa1..6d32a6fc4 100644
--- a/shell.nix
+++ b/shell.nix
@@ -9,6 +9,7 @@ let
   # usage: deploy
   #         [--force-populate]
   #         [--quiet]
+  #         [--source=PATH]
   #         --system=SYSTEM
   #         [--target=TARGET]
   #         [--user=USER]
@@ -20,6 +21,7 @@ let
     \test -n "''${quiet-}" || quiet=false
     \test -n "''${target-}" || target=$system
     \test -n "''${user-}" || user=$LOGNAME
+    \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix
     . ${init.env}
     . ${init.proxy}
 
@@ -29,6 +31,7 @@ let
   # usage: install
   #         [--force-populate]
   #         [--quiet]
+  #         [--source=PATH]
   #         --system=SYSTEM
   #         --target=TARGET
   #         [--user=USER]
@@ -39,6 +42,7 @@ let
     . ${init.args}
     \test -n "''${quiet-}" || quiet=false
     \test -n "''${user-}" || user=$LOGNAME
+    \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix
     . ${init.env}
 
     if \test "''${using_proxy-}" != true; then
@@ -76,6 +80,7 @@ let
   # usage: test
   #         [--force-populate]
   #         [--quiet]
+  #         [--source=PATH]
   #         --system=SYSTEM
   #         --target=TARGET
   #         [--user=USER]
@@ -88,6 +93,7 @@ let
     . ${init.args}
     \test -n "''${quiet-}" || quiet=false
     \test -n "''${user-}" || user=$LOGNAME
+    \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix
     . ${init.env}
     . ${init.proxy}
 
@@ -160,14 +166,16 @@ let
   init.args = pkgs.writeText "init.args" /* sh */ ''
     args=$(${pkgs.utillinux}/bin/getopt -n "$command" -s sh \
         -o Qs:t:u: \
-        -l force-populate,quiet,system:,target:,user: \
+        -l force-populate,quiet,source:,system:,target:,user: \
         -- "$@")
     if \test $? != 0; then exit 1; fi
     eval set -- "$args"
     force_populate=false
+    source_file=
     while :; do case $1 in
          --force-populate) force_populate=true; shift;;
       -Q|--quiet) quiet=true; shift;;
+         --source) source_file=$2; shift 2;;
       -s|--system) system=$2; shift 2;;
       -t|--target) target=$2; shift 2;;
       -u|--user) user=$2; shift 2;;
@@ -196,7 +204,6 @@ let
   init.proxy = pkgs.writeText "init.proxy" /* sh */ ''
     if \test "''${using_proxy-}" != true; then
 
-      source_file=$user/1systems/$system/source.nix
       source=$(get-source "$source_file")
       qualified_target=$target_user@$target_host:$target_port$target_path
       if \test "$force_populate" = true; then
-- 
cgit v1.2.3


From 09edff54d1a2a722db86cf0d224e66b9bdc11612 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 15 Aug 2017 23:15:39 +0200
Subject: shell: s@$PWD@./.@

---
 shell.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/shell.nix b/shell.nix
index 6d32a6fc4..a4ccc3187 100644
--- a/shell.nix
+++ b/shell.nix
@@ -276,7 +276,7 @@ in pkgs.stdenv.mkDerivation {
   name = "stockholm";
   shellHook = /* sh */ ''
     export OLD_PATH="$PATH"
-    export NIX_PATH=stockholm=$PWD:nixpkgs=${toString <nixpkgs>}
+    export NIX_PATH=stockholm=${toString ./.}:nixpkgs=${toString <nixpkgs>}
     if test -e /nix/var/nix/daemon-socket/socket; then
       export NIX_REMOTE=daemon
     fi
-- 
cgit v1.2.3


From a48cf7052a176376ec1bfe8da78f0491f6324aa4 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 15 Aug 2017 23:20:58 +0200
Subject: populate: 1.2.2 -> 1.2.3

---
 krebs/5pkgs/simple/populate/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/krebs/5pkgs/simple/populate/default.nix b/krebs/5pkgs/simple/populate/default.nix
index 48afee037..1ed268cf0 100644
--- a/krebs/5pkgs/simple/populate/default.nix
+++ b/krebs/5pkgs/simple/populate/default.nix
@@ -13,12 +13,12 @@ in
 
 stdenv.mkDerivation rec {
   name = "populate";
-  version = "1.2.2";
+  version = "1.2.3";
 
   src = fetchgit {
     url = http://cgit.ni.krebsco.de/populate;
     rev = "refs/tags/v${version}";
-    sha256 = "041rpyhss6kby3jm14k7lhvagmg7hwvwxli06b00p76s110is40w";
+    sha256 = "14p9v28d5vcr5384qgycmgjh1angi2zx7qvi51651i7nd9qkjzmi";
   };
 
   phases = [
-- 
cgit v1.2.3


From c4940d5926bcd2e938b914568161f63125926369 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 Aug 2017 11:36:34 +0200
Subject: l prism.r: add container for kaepsele

---
 lass/1systems/prism/config.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 5d05ae399..744bae551 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -298,6 +298,22 @@ in {
         localAddress = "10.233.2.2";
       };
     }
+    {
+      #kaepsele
+      containers.kaepsele = {
+        config = { ... }: {
+          services.openssh.enable = true;
+          users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
+            lass.pubkey
+            tv.pubkey
+          ];
+        };
+        enableTun = true;
+        privateNetwork = true;
+        hostAddress = "10.233.2.3";
+        localAddress = "10.233.2.4";
+      };
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.prism;
-- 
cgit v1.2.3


From 0cb6eaf20544a5993d18123bcd6d8e1e938c0d1c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 Aug 2017 01:01:33 +0200
Subject: kaepsele.r: move to prism container

---
 krebs/3modules/tv/default.nix | 23 ++++++++---------------
 1 file changed, 8 insertions(+), 15 deletions(-)

diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 81db2d411..68cba633b 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -113,14 +113,6 @@ with import <stockholm/lib>;
     };
     kaepsele = {
       nets = {
-        internet = {
-          ip4.addr = "92.222.10.169";
-          aliases = [
-            "kaepsele.i"
-            "kaepsele.internet"
-            # TODO "kaepsele.org"
-          ];
-        };
         retiolum = {
           ip4.addr = "10.243.166.2";
           ip6.addr = "42:b9d:6660:d07c:2bb7:4e91:1a01:2e7d";
@@ -129,17 +121,18 @@ with import <stockholm/lib>;
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
-            MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/
-            Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo
-            rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y
-            y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu
-            yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5
-            FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB
+            MIIBCgKCAQEA4+kDaKhCBNlpHqRCA2R6c4UEFk0OaiPwHvjmBBjpihTJVyffIEYm
+            QFZ5ZNkaVumSOAgKk9ygppO9WsNasl1ag+IRWik9oupdzEkNjgvOMBVJGhcwGZGF
+            6UEY5sdA1n0qg74og5BGSiXUBiaahVM0rAfCNk8gV3qrot5kWJMQLb9BKabJ56eb
+            JrgWepxuVaw3BoEhz6uusuvw5i1IF382L8R11hlvyefifXONFOAUjCrCr0bCb4uK
+            ZZcRUU35pbHLDXXTOrOarOO1tuVGu85VXo3S1sLaaouHYjhTVT8bxqbwcNhxBXYf
+            ONLv0f7G5XwecgUNbE6ZTfjV5PQKaww3lwIDAQAB
             -----END RSA PUBLIC KEY-----
           '';
         };
       };
-      ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wr36T0MmB8pnSO5/pw9/Dfe5+IMgVHOhm6EUa55jj";
     };
     mu = {
       cores = 2;
-- 
cgit v1.2.3


From 188d579fdf326cf24f5dc6843ffe5aa2caaaf80b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 Aug 2017 11:37:37 +0200
Subject: echelon.i: set new ip

---
 krebs/3modules/lass/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index cae0d1f37..7aeeb1f21 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -43,7 +43,7 @@ with import <stockholm/lib>;
       cores = 2;
       nets = rec {
         internet = {
-          ip4.addr = "104.233.79.118";
+          ip4.addr = "45.62.226.163";
           aliases = [
             "echelon.i"
           ];
-- 
cgit v1.2.3


From 619af589d108040a78e753040a857bc58b51e78e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 Aug 2017 11:37:58 +0200
Subject: l iso: set networkingHostname

---
 lass/1systems/iso.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix
index 0b048a2b1..be064bed2 100644
--- a/lass/1systems/iso.nix
+++ b/lass/1systems/iso.nix
@@ -37,6 +37,7 @@ with import <stockholm/lib>;
         };
       };
       boot.kernelParams = [ "copytoram" ];
+      networking.hostName = "lass-iso";
     }
     {
       krebs.enable = true;
-- 
cgit v1.2.3


From f328ae8948d0f6c7070803adbf036872e1667ff4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 Aug 2017 11:38:26 +0200
Subject: l ircd: remove obsolete netword description

---
 lass/2configs/ircd.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lass/2configs/ircd.nix b/lass/2configs/ircd.nix
index b72e2b087..ee4c0216c 100644
--- a/lass/2configs/ircd.nix
+++ b/lass/2configs/ircd.nix
@@ -13,7 +13,6 @@
         sid = "1as";
         description = "miep!";
         network_name = "irc.retiolum";
-        network_desc = "Retiolum IRC Network";
         hub = yes;
 
         vhost = "0.0.0.0";
-- 
cgit v1.2.3


From f8c0bcf1e9e4d4dd660e6fe82017e28dbbfd6024 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 Aug 2017 11:38:45 +0200
Subject: l mail: show unread first

---
 lass/2configs/mail.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index ee0c3f938..9f9bb24fa 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -72,13 +72,13 @@ let
     ''} %r |"
 
     virtual-mailboxes \
+        "Unread"    "notmuch://?query=tag:unread"\
         "INBOX"     "notmuch://?query=tag:inbox \
                      and NOT tag:killed \
                      and NOT to:shackspace \
                      and NOT to:c-base \
                      and NOT from:security-alert@hpe.com \
                      and NOT to:nix-devel"\
-        "Unread"    "notmuch://?query=tag:unread"\
         "shack"     "notmuch://?query=to:shackspace"\
         "c-base"    "notmuch://?query=to:c-base"\
         "security"  "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\
-- 
cgit v1.2.3


From 445d4f74c225dcc44846488e4d30c0b8e4e52bd9 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 Aug 2017 13:35:30 +0200
Subject: l skynet.r: don't suspend on lid close

---
 lass/1systems/skynet/config.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
index b707f4388..0b9499982 100644
--- a/lass/1systems/skynet/config.nix
+++ b/lass/1systems/skynet/config.nix
@@ -44,6 +44,10 @@ with import <stockholm/lib>;
 
   krebs.build.host = config.krebs.hosts.skynet;
 
+  services.logind.extraConfig = ''
+    HandleLidSwitch=ignore
+  '';
+
   #fileSystems = {
   #  "/bku" = {
   #    device = "/dev/mapper/pool-bku";
-- 
cgit v1.2.3


From e7b1359a3345e9929120506c3da5eea08ec35338 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 18 Aug 2017 07:51:15 +0200
Subject: tv viljetic-pages: bump comment

---
 tv/5pkgs/simple/viljetic-pages/index.html | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tv/5pkgs/simple/viljetic-pages/index.html b/tv/5pkgs/simple/viljetic-pages/index.html
index c06b3f97b..fc186d6ed 100644
--- a/tv/5pkgs/simple/viljetic-pages/index.html
+++ b/tv/5pkgs/simple/viljetic-pages/index.html
@@ -3,8 +3,7 @@
 <link rel="shortcut icon" href="favicon2.png" type="image/png">
 <i>This page intentionally left blank.</i>
 <!--
-  Ok, it's not blank, here are the cookies (bots welcome):
   mailto:tomislav@viljetic.de
   https://github.com/4z3
-  irc://freenode.net/#krebs
+  irc://freenode.net/krebs
 -->
-- 
cgit v1.2.3


From b9a4e834c06bc32fa38389e13c0ec42467c0fc46 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 18 Aug 2017 09:06:27 +0200
Subject: tv mu: 300G HDD -> 120G SSD

---
 tv/1systems/mu/config.nix | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix
index 089481872..ee0f4f7f5 100644
--- a/tv/1systems/mu/config.nix
+++ b/tv/1systems/mu/config.nix
@@ -15,9 +15,9 @@ with import <stockholm/lib>;
   tv.x0vncserver.enable = true;
 
   # hardware configuration
-  boot.initrd.luks.devices = [
-    { name = "vgmu1"; device = "/dev/sda2"; }
-  ];
+  boot.initrd.luks.devices.muca = {
+    device = "/dev/disk/by-uuid/a8796bb3-6c03-4ddf-b2e4-c2e44c51d352";
+  };
   boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ];
   boot.initrd.availableKernelModules = [ "ahci" ];
   boot.kernelModules = [ "fbcon" "kvm-intel" ];
@@ -25,16 +25,17 @@ with import <stockholm/lib>;
 
   fileSystems = {
     "/" = {
-      device = "/dev/vgmu1/nixroot";
-      fsType = "ext4";
-      options = [ "defaults" "noatime" ];
+      device = "/dev/mapper/muvga-root";
+      fsType = "btrfs";
+      options = ["defaults" "noatime" "ssd" "compress=lzo"];
     };
     "/home" = {
-      device = "/dev/vgmu1/home";
-      options = [ "defaults" "noatime" ];
+      device = "/dev/mapper/muvga-home";
+      fsType = "btrfs";
+      options = ["defaults" "noatime" "ssd" "compress=lzo"];
     };
     "/boot" = {
-      device = "/dev/sda1";
+      device = "/dev/disk/by-uuid/DC38-F165";
     };
   };
 
-- 
cgit v1.2.3


From a70fc9b95abf47aca54d39076529b3718adeb7cc Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 21 Aug 2017 12:36:04 +0200
Subject: l: mors <-> daedalus

---
 lass/1systems/daedalus/config.nix | 6 +++---
 lass/1systems/mors/config.nix     | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index 290d8a780..72a45a3d9 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -4,7 +4,7 @@
   imports = [
     <stockholm/lass>
     <stockholm/lass/2configs/hw/x220.nix>
-    <stockholm/lass/2configs/boot/stock-x220.nix>
+    <stockholm/lass/2configs/boot/coreboot.nix>
 
     <stockholm/lass/2configs/mouse.nix>
     <stockholm/lass/2configs/retiolum.nix>
@@ -29,7 +29,7 @@
   };
 
   services.udev.extraRules = ''
-    SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0"
-    SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0"
+    SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
+    SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
   '';
 }
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 5bc52d633..bb6f84c7b 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -5,7 +5,7 @@ with import <stockholm/lib>;
   imports = [
     <stockholm/lass>
     <stockholm/lass/2configs/hw/x220.nix>
-    <stockholm/lass/2configs/boot/coreboot.nix>
+    <stockholm/lass/2configs/boot/stock-x220.nix>
 
     <stockholm/lass/2configs/mouse.nix>
     <stockholm/lass/2configs/retiolum.nix>
@@ -104,8 +104,8 @@ with import <stockholm/lib>;
   };
 
   services.udev.extraRules = ''
-    SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
-    SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
+    SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0"
+    SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0"
   '';
 
   #TODO activationScripts seem broken, fix them!
-- 
cgit v1.2.3


From 51cb5bb1f10aaf68499f6fbe53923959d35f039b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 21 Aug 2017 12:37:57 +0200
Subject: l daedalus.r: add kde desktop

---
 lass/1systems/daedalus/config.nix | 68 ++++++++++++++++++++++++++++++++++-----
 1 file changed, 60 insertions(+), 8 deletions(-)

diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index 72a45a3d9..36daea1d5 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -1,3 +1,4 @@
+with import <stockholm/lib>;
 { config, pkgs, ... }:
 
 {
@@ -6,18 +7,69 @@
     <stockholm/lass/2configs/hw/x220.nix>
     <stockholm/lass/2configs/boot/coreboot.nix>
 
-    <stockholm/lass/2configs/mouse.nix>
     <stockholm/lass/2configs/retiolum.nix>
-    <stockholm/lass/2configs/git.nix>
-    <stockholm/lass/2configs/exim-retiolum.nix>
-    <stockholm/lass/2configs/baseX.nix>
-    <stockholm/lass/2configs/browsers.nix>
-    <stockholm/lass/2configs/programs.nix>
-    <stockholm/lass/2configs/fetchWallpaper.nix>
     <stockholm/lass/2configs/backups.nix>
-    <stockholm/lass/2configs/games.nix>
+    {
+      # bubsy config
+      users.users.bubsy = {
+        uid = genid "bubsy";
+        home = "/home/bubsy";
+        group = "users";
+        createHome = true;
+        extraGroups = [
+          "audio"
+          "networkmanager"
+        ];
+        useDefaultShell = true;
+      };
+      networking.networkmanager.enable = true;
+      networking.wireless.enable = mkForce false;
+      hardware.pulseaudio = {
+        enable = true;
+        systemWide = true;
+      };
+      environment.systemPackages = with pkgs; [
+        pavucontrol
+        firefox
+        hexchat
+        networkmanagerapplet
+      ];
+      services.xserver.enable = true;
+      services.xserver.displayManager.lightdm.enable = true;
+      services.xserver.desktopManager.plasma5.enable = true;
+    }
+    {
+      krebs.per-user.bitcoin.packages = [
+        pkgs.electrum
+      ];
+      users.extraUsers = {
+        bitcoin = {
+          name = "bitcoin";
+          description = "user for bitcoin stuff";
+          home = "/home/bitcoin";
+          useDefaultShell = true;
+          createHome = true;
+        };
+      };
+      security.sudo.extraConfig = ''
+        bubsy ALL=(bitcoin) NOPASSWD: ALL
+      '';
+    }
   ];
 
+  time.timeZone = "Europe/Berlin";
+
+  hardware.trackpoint = {
+    enable = true;
+    sensitivity = 220;
+    speed = 0;
+    emulateWheel = true;
+  };
+
+  services.logind.extraConfig = ''
+    HandleLidSwitch=ignore
+  '';
+
   krebs.build.host = config.krebs.hosts.daedalus;
 
   fileSystems = {
-- 
cgit v1.2.3


From bbc966fc7bcee828af7c0023ca3c6e63c625174f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 21 Aug 2017 12:40:29 +0200
Subject: l git: allow hooks to be set individually

---
 lass/2configs/git.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index d3f5d1f39..eb606037e 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -80,7 +80,7 @@ let
     public = true;
   };
 
-  make-restricted-repo = name: { collaborators ? [], announce ? false, ... }: {
+  make-restricted-repo = name: { collaborators ? [], announce ? false, hooks ? {}, ... }: {
     inherit collaborators name;
     public = false;
     hooks = optionalAttrs announce {
@@ -93,7 +93,7 @@ let
         # TODO define branches in some kind of option per repo
         branches = [ "master" "staging*" ];
       };
-    };
+    } // hooks;
   };
 
   make-rules =
-- 
cgit v1.2.3


From 2306996b10e1a750cc098e07ed7f21f6990bc24b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 21 Aug 2017 12:49:29 +0200
Subject: l pkgs.xmonad: bind brainmenu to M-o

---
 lass/5pkgs/xmonad-lass.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix
index 22ec7efa9..38a9550df 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/xmonad-lass.nix
@@ -98,6 +98,7 @@ myKeyMap =
     [ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f")
     , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png")
     , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
+    , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
     , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
     , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%")
     , ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%")
-- 
cgit v1.2.3


From 6a9e241df642e5b6b21d264719c52b29d577ff42 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 21 Aug 2017 12:57:36 +0200
Subject: l baseX: add gi to pkgs

---
 lass/2configs/baseX.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 86d0ac7c1..3a99e65a0 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -48,6 +48,7 @@ in {
     acpi
     dic
     dmenu
+    gi
     gitAndTools.qgit
     lm_sensors
     haskellPackages.hledger
-- 
cgit v1.2.3


From fd6b42355907de5313ea3576e5d1bfa549433099 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 21 Aug 2017 18:41:15 +0200
Subject: nixpkgs: 0590ecb -> 51a8326

---
 krebs/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/source.nix b/krebs/source.nix
index db30e1e35..400826351 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -14,6 +14,6 @@ in
     stockholm.file = toString <stockholm>;
     nixpkgs.git = {
       url = https://github.com/NixOS/nixpkgs;
-      ref = "0590ecbe9e6b9a076065be29370701da758c61f1"; # nixos-17.03 @ 2017-07-30
+      ref = "51a83266d164195698f04468d90d2c6238ed3491"; # nixos-17.03 @ 2017-07-30
     };
   }
-- 
cgit v1.2.3


From 920dd746747d03c7642b4f2fbdd29dc395ed7a29 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 24 Aug 2017 17:34:46 +0200
Subject: l: open mosh ports

---
 lass/2configs/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 22a7b1c19..e96f4dc7e 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -200,6 +200,7 @@ with import <stockholm/lib>;
       filter.INPUT.policy = "DROP";
       filter.FORWARD.policy = "DROP";
       filter.INPUT.rules = [
+        { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
         { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
         { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
         { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false;  precedence = 10000; }
-- 
cgit v1.2.3


From 76415ff3cd74b4469087d0c8ee2b5062147b40d2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 25 Aug 2017 23:43:19 +0200
Subject: l mors.r: remove deprecated zalando stuff

---
 lass/1systems/mors/config.nix | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index bb6f84c7b..5995e5ec9 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -39,15 +39,6 @@ with import <stockholm/lib>;
         enable = true;
       };
     }
-    {
-      #zalando project
-      services.postgresql = {
-        enable = true;
-        package = pkgs.postgresql;
-      };
-      virtualisation.docker.enable = true;
-      #users.users.mainUser.extraGroups = [ "docker" ];
-    }
     {
       lass.umts = {
         enable = true;
-- 
cgit v1.2.3


From eb6fab7527c0bd8d5193ca2adcba420d73c03501 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 25 Aug 2017 23:43:43 +0200
Subject: l mors.r: enable mongodb

---
 lass/1systems/mors/config.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 5995e5ec9..58f55ce68 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -82,6 +82,9 @@ with import <stockholm/lib>;
         client.enable = true;
       };
     }
+    {
+      services.mongodb.enable = true;
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.mors;
-- 
cgit v1.2.3


From 7031d9d2d132c750f6607b57801057b2637332d1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 25 Aug 2017 23:44:37 +0200
Subject: l mail: add radio folder

---
 lass/2configs/mail.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 9f9bb24fa..0d3e2b228 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -78,11 +78,13 @@ let
                      and NOT to:shackspace \
                      and NOT to:c-base \
                      and NOT from:security-alert@hpe.com \
-                     and NOT to:nix-devel"\
+                     and NOT to:nix-devel\
+                     and NOT to:radio"\
         "shack"     "notmuch://?query=to:shackspace"\
         "c-base"    "notmuch://?query=to:c-base"\
         "security"  "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\
         "nix"       "notmuch://?query=to:nix-devel"\
+        "radio"     "notmuch://?query=to:radio or tag:radio"\
         "TODO"      "notmuch://?query=tag:TODO"\
         "Starred"   "notmuch://?query=tag:*"\
         "Archive"   "notmuch://?query=tag:archive"\
-- 
cgit v1.2.3


From c63b86d9aff44c065cdcf5a486ee91b7565cd567 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 25 Aug 2017 23:45:03 +0200
Subject: l shodan.r: add /home lv

---
 lass/1systems/shodan/config.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index b6d49d6e4..ef015aebc 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -41,7 +41,11 @@ with import <stockholm/lib>;
     "/boot" = {
       device = "/dev/sda1";
     };
-
+    "/home" = {
+      device = "/dev/mapper/pool-home";
+      fsType = "btrfs";
+      options = ["defaults" "noatime" "ssd" "compress=lzo"];
+    };
     "/tmp" = {
       device = "tmpfs";
       fsType = "tmpfs";
-- 
cgit v1.2.3


From 900441db8a557c602f478860d290c568c78f7b2a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 25 Aug 2017 23:47:25 +0200
Subject: l mail: t -> tag mail

---
 lass/2configs/mail.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 0d3e2b228..7a9881186 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -128,7 +128,7 @@ let
 
     bind index t noop
     bind pager t noop
-    macro index t "<modify-labels>+TODO\n"        # tag as Archived
+    macro index t "<modify-labels>"        # tag as Archived
 
     # top index bar in email view
     set pager_index_lines=7
-- 
cgit v1.2.3


From 7f08382fbe599a5907ebcdaba59aab1ecf6c71d9 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 25 Aug 2017 23:48:16 +0200
Subject: l mpv: remove unneded moveToDir bindings

---
 lass/2configs/mpv.nix | 26 +-------------------------
 1 file changed, 1 insertion(+), 25 deletions(-)

diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix
index 04fd9213e..b3de42c7b 100644
--- a/lass/2configs/mpv.nix
+++ b/lass/2configs/mpv.nix
@@ -2,40 +2,16 @@
 
 let
 
-  scripts = lib.concatStringsSep "," [
-    good
-    delete
-  ];
-
   mpv = pkgs.symlinkJoin {
     name = "mpv";
     paths = [
       (pkgs.writeDashBin "mpv" ''
-        exec ${pkgs.mpv}/bin/mpv --no-config --script=${scripts} "$@"
+        exec ${pkgs.mpv}/bin/mpv --no-config "$@"
       '')
       pkgs.mpv
     ];
   };
 
-  moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
-    tmp_dir = "${dir}"
-
-    function move_current_track_${key}()
-      track = mp.get_property("path")
-      os.execute("mkdir -p '" .. tmp_dir .. "'")
-      os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
-      print("moved '" .. track .. "' to " .. tmp_dir)
-    end
-
-    mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
-  '';
-
-  good = moveToDir "G" "./.good";
-  delete = moveToDir "D" "./.graveyard";
-
-  up = moveToDir "U" "./up";
-  down = moveToDir "Y" "./down";
-
 in {
   environment.systemPackages = [
     mpv
-- 
cgit v1.2.3


From d970e20a5a706a0aef494f887f2a771571350b5a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 26 Aug 2017 12:35:50 +0200
Subject: lass umts: no longer use environment.wvdial

---
 lass/3modules/umts.nix | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/lass/3modules/umts.nix b/lass/3modules/umts.nix
index 83de4d403..c93c65ad2 100644
--- a/lass/3modules/umts.nix
+++ b/lass/3modules/umts.nix
@@ -31,6 +31,16 @@ let
       type = types.str;
       default = "default";
     };
+    pppDefaults = mkOption {
+      type = types.str;
+      default = ''
+        noipdefault
+        usepeerdns
+        defaultroute
+        persist
+        noauth
+      '';
+    };
   };
 
   nixpkgs-1509 = import (pkgs.fetchFromGitHub {
@@ -71,7 +81,16 @@ let
       lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts
     '';
 
-    environment.wvdial.dialerDefaults = wvdial-defaults;
+    environment.etc = [
+      {
+        source = pkgs.writeText "wvdial.conf" wvdial-defaults;
+        target = "wvdial.conf";
+      }
+      {
+        source = pkgs.writeText "wvdial" cfg.pppDefaults;
+        target = "ppp/peers/wvdial";
+      }
+    ];
 
     systemd.services.umts = {
       description = "UMTS wvdial Service";
-- 
cgit v1.2.3


From d6aee94277e4329db12d0dfd78fbd6ab58fdeab7 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 26 Aug 2017 17:18:58 +0200
Subject: init hope.r

---
 krebs/1systems/hope/config.nix   | 41 ++++++++++++++++++++++++++++++++++++++++
 krebs/1systems/hope/source.nix   |  3 +++
 krebs/3modules/krebs/default.nix | 32 +++++++++++++++++++++++++++++++
 3 files changed, 76 insertions(+)
 create mode 100644 krebs/1systems/hope/config.nix
 create mode 100644 krebs/1systems/hope/source.nix

diff --git a/krebs/1systems/hope/config.nix b/krebs/1systems/hope/config.nix
new file mode 100644
index 000000000..c19b210c5
--- /dev/null
+++ b/krebs/1systems/hope/config.nix
@@ -0,0 +1,41 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+
+  ip = config.krebs.build.host.nets.internet.ip4.addr;
+  bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
+
+in {
+  imports = [
+    <stockholm/krebs>
+    <stockholm/krebs/2configs>
+    <stockholm/krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix>
+
+    <stockholm/krebs/2configs/secret-passwords.nix>
+    {
+      users.extraUsers = {
+        satan = {
+          name = "satan";
+          uid = 1338;
+          home = "/home/satan";
+          group = "users";
+          createHome = true;
+          useDefaultShell = true;
+          initialPassword = "test";
+        };
+      };
+    }
+  ];
+
+  krebs.build.host = config.krebs.hosts.hope;
+
+  networking = let
+    address = config.krebs.build.host.nets.internet.ip4.addr;
+  in {
+    defaultGateway = bestGuessGateway address;
+    interfaces.enp2s1.ip4 = singleton {
+      inherit address;
+      prefixLength = 24;
+    };
+    nameservers = ["8.8.8.8"];
+  };
+}
diff --git a/krebs/1systems/hope/source.nix b/krebs/1systems/hope/source.nix
new file mode 100644
index 000000000..7121d1d9d
--- /dev/null
+++ b/krebs/1systems/hope/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/krebs/source.nix> {
+  name = "hope";
+}
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 27fbb7088..9cd103175 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -30,6 +30,38 @@ let
   });
 in {
   hosts = {
+    hope = {
+      owner = config.krebs.users.krebs;
+      managed = true;
+      nets = {
+        internet = {
+          ip4.addr = "45.62.225.18";
+          aliases = [
+            "hope.i"
+          ];
+          ssh.port = 45621;
+        };
+        retiolum = {
+          ip4.addr = "10.243.77.4";
+          ip6.addr = "42:0:0:0:0:0:77:4";
+          aliases = [
+            "hope.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEAsQVWCoNZZd77tYw1qEDlUsfcF0ld+jVorq2uR5il1D8sqER644l5
+            uaWxPQjSl27xdq5kvzIH24Ab6/xF2EDgE2fUTwpO5coBYafeiGyi5AwURQmYMp2a
+            2CV7uUAagFQaSzD0Aj796r1BXPn1IeE+uRSBmmc/+/7L0hweRGLiha34NOMZkq+4
+            A0pwI/CjnyRXdV4AqfORHXkelykJPATm+m3bC+KYogPBeNMP2AV2aYgY8a0UJPMK
+            fjAJCzxYJjiYxm8faJlm2U1bWytZODQa8pRZOrYQa4he2UoU6x78CNcrQkYLPOFC
+            K2Q7+B5WJNKV6CqYztXuU/6LTHJRmV0FiwIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdLHRI29xJj1jmfSidE2Dh7EsDNszm+WH3Kj4zYBkP/";
+    };
     hotdog = {
       owner = config.krebs.users.krebs;
       managed = true;
-- 
cgit v1.2.3


From 48c75276c5a5ed8e7ea33ccb330f8ee6b7a6a927 Mon Sep 17 00:00:00 2001
From: mv <mv@ni.r>
Date: Tue, 29 Aug 2017 21:00:46 +0200
Subject: mv: the future is now!

---
 mv/1systems/stro.nix        | 169 --------------------------------------------
 mv/1systems/stro/config.nix | 156 ++++++++++++++++++++++++++++++++++++++++
 mv/1systems/stro/source.nix |   3 +
 mv/source.nix               |  23 ++++++
 4 files changed, 182 insertions(+), 169 deletions(-)
 delete mode 100644 mv/1systems/stro.nix
 create mode 100644 mv/1systems/stro/config.nix
 create mode 100644 mv/1systems/stro/source.nix
 create mode 100644 mv/source.nix

diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix
deleted file mode 100644
index bb37aedda..000000000
--- a/mv/1systems/stro.nix
+++ /dev/null
@@ -1,169 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
-  krebs = {
-    enable = true;
-    build = {
-      user = config.krebs.users.mv;
-      host = config.krebs.hosts.stro;
-      source = let
-        HOME = getEnv "HOME";
-        host = config.krebs.build.host;
-      in {
-        nixos-config.symlink = "stockholm/mv/1systems/${host.name}.nix";
-        secrets.file = "${HOME}/secrets/${host.name}";
-        stockholm.file = "${HOME}/stockholm";
-        nixpkgs.git = {
-          url = https://github.com/NixOS/nixpkgs;
-          ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f";
-        };
-      };
-    };
-  };
-
-  imports = [
-    <secrets>
-    <stockholm/krebs>
-    <stockholm/tv/2configs/audit.nix>
-    <stockholm/tv/2configs/bash.nix>
-    <stockholm/tv/2configs/exim-retiolum.nix>
-    <stockholm/tv/2configs/hw/x220.nix>
-    <stockholm/tv/2configs/im.nix>
-    <stockholm/tv/2configs/mail-client.nix>
-    <stockholm/tv/2configs/nginx/public_html.nix>
-    <stockholm/tv/2configs/retiolum.nix>
-    <stockholm/tv/2configs/ssh.nix>
-    <stockholm/tv/2configs/sshd.nix>
-    <stockholm/tv/2configs/vim.nix>
-    <stockholm/tv/2configs/xdg.nix>
-    <stockholm/tv/2configs/xserver>
-    <stockholm/tv/3modules>
-    <stockholm/tv/5pkgs>
-  ];
-
-  boot.kernel.sysctl = {
-    # Enable IPv6 Privacy Extensions
-    "net.ipv6.conf.all.use_tempaddr" = 2;
-    "net.ipv6.conf.default.use_tempaddr" = 2;
-  };
-
-  boot.initrd.luks = {
-    cryptoModules = [ "aes" "sha512" "xts" ];
-    devices = [
-      {
-        name = "luks1";
-        device = "/dev/disk/by-id/ata-TOSHIBA-TR150_467B50JXK8WU-part2";
-      }
-    ];
-  };
-
-  environment = {
-    profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
-    shellAliases = mkForce {
-      gp = "${pkgs.pari}/bin/gp -q";
-      df = "df -h";
-      du = "du -h";
-      ls = "ls -h --color=auto --group-directories-first";
-      dmesg = "dmesg -L --reltime";
-      view = "vim -R";
-
-      reload = "systemctl reload";
-      restart = "systemctl restart";
-      start = "systemctl start";
-      status = "systemctl status";
-      stop = "systemctl stop";
-    };
-    systemPackages = with pkgs; [
-      dic
-      htop
-      p7zip
-      q
-
-      pavucontrol
-      rxvt_unicode.terminfo
-
-      # stockholm
-      git
-      gnumake
-      populate
-    ];
-    variables = {
-      NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
-    };
-  };
-
-  fileSystems = {
-    "/boot" = {
-      device = "/dev/disk/by-id/ata-TOSHIBA-TR150_467B50JXK8WU-part1";
-    };
-    "/" = {
-      device = "/dev/mapper/vg1-root";
-      fsType = "btrfs";
-      options = ["defaults" "noatime" "ssd" "compress=lzo"];
-    };
-    "/home" = {
-      device = "/dev/mapper/vg1-home";
-      fsType = "btrfs";
-      options = ["defaults" "noatime" "ssd" "compress=lzo"];
-    };
-    "/tmp" = {
-      device = "tmpfs";
-      fsType = "tmpfs";
-      options = ["nosuid" "nodev" "noatime"];
-    };
-  };
-
-  hardware.pulseaudio = {
-    enable = true;
-    systemWide = true;
-  };
-
-  networking.hostName = config.krebs.build.host.name;
-
-  nix = {
-    binaryCaches = ["https://cache.nixos.org"];
-    # TODO check if both are required:
-    chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
-    requireSignedBinaryCaches = true;
-    useChroot = true;
-  };
-
-  nixpkgs.config.allowUnfree = false;
-
-  users = {
-    defaultUserShell = "/run/current-system/sw/bin/bash";
-    mutableUsers = false;
-    users = {
-      mv = {
-        inherit (config.krebs.users.mv) home uid;
-        isNormalUser = true;
-      };
-    };
-  };
-
-  security.sudo.extraConfig = ''
-    Defaults env_keep+="SSH_CLIENT"
-    Defaults mailto="${config.krebs.users.mv.mail}"
-    Defaults !lecture
-  '';
-
-  services.cron.enable = false;
-  services.journald.extraConfig = ''
-    SystemMaxUse=1G
-    RuntimeMaxUse=128M
-  '';
-  services.nscd.enable = false;
-  services.ntp.enable = false;
-  services.timesyncd.enable = true;
-
-  time.timeZone = "Europe/Berlin";
-
-  tv.iptables = {
-    enable = true;
-    accept-echo-request = "internet";
-  };
-
-  system.stateVersion = "16.03";
-}
diff --git a/mv/1systems/stro/config.nix b/mv/1systems/stro/config.nix
new file mode 100644
index 000000000..669655eec
--- /dev/null
+++ b/mv/1systems/stro/config.nix
@@ -0,0 +1,156 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+{
+  krebs = {
+    enable = true;
+    build = {
+      user = config.krebs.users.mv;
+      host = config.krebs.hosts.stro;
+    };
+  };
+
+  imports = [
+    <secrets>
+    <stockholm/krebs>
+    <stockholm/tv/2configs/audit.nix>
+    <stockholm/tv/2configs/bash>
+    <stockholm/tv/2configs/exim-retiolum.nix>
+    <stockholm/tv/2configs/hw/x220.nix>
+    <stockholm/tv/2configs/im.nix>
+    <stockholm/tv/2configs/mail-client.nix>
+    <stockholm/tv/2configs/nginx/public_html.nix>
+    <stockholm/tv/2configs/retiolum.nix>
+    <stockholm/tv/2configs/ssh.nix>
+    <stockholm/tv/2configs/sshd.nix>
+    <stockholm/tv/2configs/vim.nix>
+    <stockholm/tv/2configs/xdg.nix>
+    <stockholm/tv/2configs/xserver>
+    <stockholm/tv/3modules>
+  ];
+
+  boot.kernel.sysctl = {
+    # Enable IPv6 Privacy Extensions
+    "net.ipv6.conf.all.use_tempaddr" = 2;
+    "net.ipv6.conf.default.use_tempaddr" = 2;
+  };
+
+  boot.initrd.luks = {
+    cryptoModules = [ "aes" "sha512" "xts" ];
+    devices = [
+      {
+        name = "luks1";
+        device = "/dev/disk/by-id/ata-TOSHIBA-TR150_467B50JXK8WU-part2";
+      }
+    ];
+  };
+
+  environment = {
+    profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
+    shellAliases = mkForce {
+      gp = "${pkgs.pari}/bin/gp -q";
+      df = "df -h";
+      du = "du -h";
+      ls = "ls -h --color=auto --group-directories-first";
+      dmesg = "dmesg -L --reltime";
+      view = "vim -R";
+
+      reload = "systemctl reload";
+      restart = "systemctl restart";
+      start = "systemctl start";
+      status = "systemctl status";
+      stop = "systemctl stop";
+    };
+    systemPackages = with pkgs; [
+      dic
+      htop
+      p7zip
+      q
+
+      pavucontrol
+      rxvt_unicode.terminfo
+
+      # stockholm
+      git
+      gnumake
+      populate
+    ];
+    variables = {
+      NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
+    };
+  };
+
+  fileSystems = {
+    "/boot" = {
+      device = "/dev/disk/by-id/ata-TOSHIBA-TR150_467B50JXK8WU-part1";
+    };
+    "/" = {
+      device = "/dev/mapper/vg1-root";
+      fsType = "btrfs";
+      options = ["defaults" "noatime" "ssd" "compress=lzo"];
+    };
+    "/home" = {
+      device = "/dev/mapper/vg1-home";
+      fsType = "btrfs";
+      options = ["defaults" "noatime" "ssd" "compress=lzo"];
+    };
+    "/tmp" = {
+      device = "tmpfs";
+      fsType = "tmpfs";
+      options = ["nosuid" "nodev" "noatime"];
+    };
+  };
+
+  hardware.pulseaudio = {
+    enable = true;
+    systemWide = true;
+  };
+
+  networking.hostName = config.krebs.build.host.name;
+
+  nix = {
+    binaryCaches = ["https://cache.nixos.org"];
+    requireSignedBinaryCaches = true;
+    # TODO check if both are required:
+    sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ];
+    useSandbox = true;
+  };
+
+  nixpkgs.config.packageOverrides = import <stockholm/tv/5pkgs> pkgs;
+
+  users = {
+    defaultUserShell = "/run/current-system/sw/bin/bash";
+    mutableUsers = false;
+    users = {
+      mv = {
+        inherit (config.krebs.users.mv) home uid;
+        isNormalUser = true;
+      };
+    };
+  };
+
+  security.sudo.extraConfig = ''
+    Defaults env_keep+="SSH_CLIENT"
+    Defaults mailto="${config.krebs.users.mv.mail}"
+    Defaults !lecture
+  '';
+
+  services.cron.enable = false;
+  services.journald.extraConfig = ''
+    SystemMaxUse=1G
+    RuntimeMaxUse=128M
+  '';
+  services.nscd.enable = false;
+  services.ntp.enable = false;
+  services.timesyncd.enable = true;
+
+  time.timeZone = "Europe/Berlin";
+
+  tv.iptables = {
+    enable = true;
+    accept-echo-request = "internet";
+  };
+
+  system.stateVersion = "16.03";
+}
diff --git a/mv/1systems/stro/source.nix b/mv/1systems/stro/source.nix
new file mode 100644
index 000000000..888d616c8
--- /dev/null
+++ b/mv/1systems/stro/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/mv/source.nix> {
+  name = "stro";
+}
diff --git a/mv/source.nix b/mv/source.nix
new file mode 100644
index 000000000..8b1563914
--- /dev/null
+++ b/mv/source.nix
@@ -0,0 +1,23 @@
+with import <stockholm/lib>;
+host@{ name, override ? {} }: let
+  builder = if getEnv "dummy_secrets" == "true"
+              then "buildbot"
+              else "mv";
+  _file = <stockholm> + "/mv/1systems/${name}/source.nix";
+in
+  evalSource (toString _file) [
+    {
+      nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
+      nixpkgs.git = {
+        # nixos-17.03
+        ref = mkDefault "94941cb0455bfc50b1bf63186cfad7136d629f78";
+        url = https://github.com/NixOS/nixpkgs;
+      };
+      secrets.file = getAttr builder {
+        buildbot = toString <stockholm/mv/dummy_secrets>;
+        mv = "/home/mv/secrets/${name}";
+      };
+      stockholm.file = toString <stockholm>;
+    }
+    override
+  ]
-- 
cgit v1.2.3


From aaeacc6471d5b120c205d1710d89993fa475e266 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 30 Aug 2017 17:54:11 +0200
Subject: dic: 1.0.2 -> 1.1.0

---
 krebs/5pkgs/simple/dic/default.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/krebs/5pkgs/simple/dic/default.nix b/krebs/5pkgs/simple/dic/default.nix
index ffd1092f7..6533a1b9b 100644
--- a/krebs/5pkgs/simple/dic/default.nix
+++ b/krebs/5pkgs/simple/dic/default.nix
@@ -1,12 +1,12 @@
-{ stdenv, fetchgit, coreutils, curl, gnused, gnugrep, ... }:
+{ coreutils, curl, fetchgit, gnugrep, gnused, stdenv, utillinux }:
 
 stdenv.mkDerivation {
   name = "dic";
 
   src = fetchgit {
     url = http://cgit.ni.krebsco.de/dic;
-    rev = "refs/tags/v1.0.2";
-    sha256 = "133x2z3dr5synckdvgnyc9fa7jdca43vj0973v148i13x4dqgr36";
+    rev = "refs/tags/v1.1.0";
+    sha256 = "1xzn20b9kfz96nvjli8grpi11v80jbl0dmifksmirwcj5v81ndav";
   };
 
   phases = [
@@ -21,6 +21,7 @@ stdenv.mkDerivation {
         curl
         gnused
         gnugrep
+        utillinux
       ];
     in
     ''
-- 
cgit v1.2.3


From cf1d5ebb8f63cc2178fefae4afd59a131ce2d96c Mon Sep 17 00:00:00 2001
From: mv <mv@ni.r>
Date: Wed, 30 Aug 2017 18:03:15 +0200
Subject: mv nixpkgs: 94941cb -> 56da88a

---
 mv/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mv/source.nix b/mv/source.nix
index 8b1563914..aa2b13fd8 100644
--- a/mv/source.nix
+++ b/mv/source.nix
@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
       nixpkgs.git = {
         # nixos-17.03
-        ref = mkDefault "94941cb0455bfc50b1bf63186cfad7136d629f78";
+        ref = mkDefault "56da88a298a6f549701a10bb12072804a1ebfbd5";
         url = https://github.com/NixOS/nixpkgs;
       };
       secrets.file = getAttr builder {
-- 
cgit v1.2.3


From 522f6c03cfaada59e4c571a735b5022acbc31c18 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 31 Aug 2017 00:26:37 +0200
Subject: l nixpkgs: 60dc02d -> fe46ffc

---
 lass/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/source.nix b/lass/source.nix
index 8430ecb16..26c668241 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -19,6 +19,6 @@ in
       #   87a4615 & 334ac4f
       # + acme permissions for groups
       #   fd7a8f1
-      ref = "60dc02d";
+      ref = "fe46ffc";
     };
   }
-- 
cgit v1.2.3


From eb2d780e5c4c5aee09153c56ea6150414c1c6db1 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 31 Aug 2017 18:08:14 +0200
Subject: mv dummy_secrets: init

---
 mv/dummy_secrets/default.nix | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 mv/dummy_secrets/default.nix

diff --git a/mv/dummy_secrets/default.nix b/mv/dummy_secrets/default.nix
new file mode 100644
index 000000000..0967ef424
--- /dev/null
+++ b/mv/dummy_secrets/default.nix
@@ -0,0 +1 @@
+{}
-- 
cgit v1.2.3


From 0bde01ddff0842122d17f886d7690c1dc9fc500a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 31 Aug 2017 19:01:53 +0200
Subject: ci: replace users by hosts

---
 krebs/2configs/buildbot-all.nix   |  7 ++----
 krebs/2configs/buildbot-krebs.nix |  5 ++--
 krebs/3modules/ci.nix             | 50 +++++++--------------------------------
 3 files changed, 13 insertions(+), 49 deletions(-)

diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix
index acd806d6e..7344d9d18 100644
--- a/krebs/2configs/buildbot-all.nix
+++ b/krebs/2configs/buildbot-all.nix
@@ -1,3 +1,4 @@
+with import <stockholm/lib>;
 { lib, config, pkgs, ... }:
 {
   imports = [
@@ -7,10 +8,6 @@
   networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
   krebs.ci.enable = true;
   krebs.ci.treeStableTimer = 1;
-  krebs.ci.users.krebs.all = true;
-  krebs.ci.users.lass.all = true;
-  krebs.ci.users.makefu.all = true;
-  krebs.ci.users.nin.all = true;
-  krebs.ci.users.tv.all = true;
+  krebs.ci.hosts = filter (getAttr "managed") (attrValues config.krebs.hosts);
 }
 
diff --git a/krebs/2configs/buildbot-krebs.nix b/krebs/2configs/buildbot-krebs.nix
index 40ca3c66d..a09b3b98b 100644
--- a/krebs/2configs/buildbot-krebs.nix
+++ b/krebs/2configs/buildbot-krebs.nix
@@ -1,3 +1,4 @@
+with import <stockholm/lib>;
 { lib, config, pkgs, ... }:
 {
   imports = [
@@ -7,7 +8,5 @@
   networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
   krebs.ci.enable = true;
   krebs.ci.treeStableTimer = 120;
-  krebs.ci.users.krebs.hosts = [
-    config.networking.hostName
-  ];
+  krebs.ci.hosts = [ config.krebs.build.host ];
 }
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index b55827e3a..dab87792e 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -17,30 +17,12 @@ in
       default = 10;
       description = "how long to wait until we test changes (in minutes)";
     };
-    users = mkOption {
-      type = with types; attrsOf (submodule {
-        options = {
-          all = mkOption {
-            type = bool;
-            default = false;
-          };
-          hosts = mkOption {
-            type = listOf str;
-            default = [];
-          };
-        };
-      });
-      example = {
-        lass.all = true;
-        krebs = {
-          all = true;
-          hosts = [
-            "test-all-krebs-modules"
-            "test-arch"
-          ];
-        };
-      };
-      default = {};
+    hosts = mkOption {
+      type = types.listOf types.host;
+      default = [];
+      description = ''
+        List of hosts that should be build
+      '';
     };
   };
 
@@ -132,23 +114,9 @@ in
                   timeout=90001
               )
 
-          ${let
-            user-hosts = mapAttrs (user: a: let
-              managed-hosts = attrNames (filterAttrs (_: h: (h.owner.name == user) && h.managed) config.krebs.hosts);
-              defined-hosts = a.hosts;
-            in
-              defined-hosts ++ (optionals a.all managed-hosts)
-            ) cfg.users;
-
-          in
-            concatStringsSep "\n" (
-              (mapAttrsToList (user: hosts:
-                concatMapStringsSep "\n" (host:
-                  "build_host(\"${user}\", \"${host}\")"
-                ) hosts
-              ) user-hosts)
-            )
-          }
+          ${concatMapStringsSep "\n" (host:
+             "build_host(\"${host.owner.name}\", \"${host.name}\")"
+          ) cfg.hosts}
 
           bu.append(
               util.BuilderConfig(
-- 
cgit v1.2.3


From dbc9889f82467b4740b649c4baefc80c352fa2f1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 31 Aug 2017 19:15:09 +0200
Subject: types.host: managed ->