From f6a4131daecd6e5c1a0727adbcac43ba8530ec13 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:13:46 +0100
Subject: tv exim-retiolum: init

---
 tv/1systems/nomic.nix         | 7 +------
 tv/1systems/wu.nix            | 5 +----
 tv/1systems/xu.nix            | 8 +-------
 tv/2configs/exim-retiolum.nix | 5 +++++
 4 files changed, 8 insertions(+), 17 deletions(-)
 create mode 100644 tv/2configs/exim-retiolum.nix

diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index 7bc7b70d2..145e9b236 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -5,11 +5,9 @@ with lib;
 {
   krebs.build.host = config.krebs.hosts.nomic;
 
-  krebs.build.target = "root@nomic.gg23";
-
   imports = [
     ../2configs/hw/AO753.nix
-    #../2configs/consul-server.nix
+    ../2configs/exim-retiolum.nix
     ../2configs/git.nix
     ../2configs/pulse.nix
     ../2configs/xserver
@@ -24,9 +22,6 @@ with lib;
         ];
       };
     }
-    {
-      krebs.exim-retiolum.enable = true;
-    }
     {
       krebs.nginx = {
         enable = true;
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 3bdf8d37a..47fdb2092 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -7,7 +7,7 @@ with lib;
 
   imports = [
     ../2configs/hw/w110er.nix
-    #../2configs/consul-client.nix
+    ../2configs/exim-retiolum.nix
     ../2configs/git.nix
     ../2configs/mail-client.nix
     ../2configs/pulse.nix
@@ -134,9 +134,6 @@ with lib;
         ];
       };
     }
-    {
-      krebs.exim-retiolum.enable = true;
-    }
     {
       krebs.nginx = {
         enable = true;
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index e6894b55e..12c115eb8 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -5,12 +5,9 @@ with lib;
 {
   krebs.build.host = config.krebs.hosts.xu;
 
-  krebs.build.source.git.nixpkgs.rev =
-    "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a";
-
   imports = [
     ../2configs/hw/x220.nix
-    #../2configs/consul-client.nix
+    ../2configs/exim-retiolum.nix
     ../2configs/git.nix
     ../2configs/mail-client.nix
     ../2configs/pulse.nix
@@ -135,9 +132,6 @@ with lib;
         ];
       };
     }
-    {
-      krebs.exim-retiolum.enable = true;
-    }
     {
       krebs.nginx = {
         enable = true;
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
new file mode 100644
index 000000000..1af72c28f
--- /dev/null
+++ b/tv/2configs/exim-retiolum.nix
@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  krebs.exim-retiolum.enable = true;
+}
-- 
cgit v1.2.3


From a7e1709a466cee24783e20b6219ef5112b00e8c9 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:18:07 +0100
Subject: tv nginx-public_html: init

---
 tv/1systems/nomic.nix             | 11 +----------
 tv/1systems/wu.nix                | 11 +----------
 tv/1systems/xu.nix                | 11 +----------
 tv/2configs/nginx-public_html.nix | 14 ++++++++++++++
 4 files changed, 17 insertions(+), 30 deletions(-)
 create mode 100644 tv/2configs/nginx-public_html.nix

diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index 145e9b236..64fe5a635 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -9,6 +9,7 @@ with lib;
     ../2configs/hw/AO753.nix
     ../2configs/exim-retiolum.nix
     ../2configs/git.nix
+    ../2configs/nginx-public_html.nix
     ../2configs/pulse.nix
     ../2configs/xserver
     {
@@ -22,16 +23,6 @@ with lib;
         ];
       };
     }
-    {
-      krebs.nginx = {
-        enable = true;
-        servers.default.locations = [
-          (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
-            alias /home/$1/public_html$2;
-          '')
-        ];
-      };
-    }
     {
       krebs.retiolum = {
         enable = true;
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 47fdb2092..6dd051210 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -10,6 +10,7 @@ with lib;
     ../2configs/exim-retiolum.nix
     ../2configs/git.nix
     ../2configs/mail-client.nix
+    ../2configs/nginx-public_html.nix
     ../2configs/pulse.nix
     ../2configs/xserver
     {
@@ -134,16 +135,6 @@ with lib;
         ];
       };
     }
-    {
-      krebs.nginx = {
-        enable = true;
-        servers.default.locations = [
-          (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
-            alias /home/$1/public_html$2;
-          '')
-        ];
-      };
-    }
     {
       krebs.retiolum = {
         enable = true;
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 12c115eb8..409129581 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -10,6 +10,7 @@ with lib;
     ../2configs/exim-retiolum.nix
     ../2configs/git.nix
     ../2configs/mail-client.nix
+    ../2configs/nginx-public_html.nix
     ../2configs/pulse.nix
     ../2configs/xserver
     {
@@ -132,16 +133,6 @@ with lib;
         ];
       };
     }
-    {
-      krebs.nginx = {
-        enable = true;
-        servers.default.locations = [
-          (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
-            alias /home/$1/public_html$2;
-          '')
-        ];
-      };
-    }
     {
       krebs.retiolum = {
         enable = true;
diff --git a/tv/2configs/nginx-public_html.nix b/tv/2configs/nginx-public_html.nix
new file mode 100644
index 000000000..50c623915
--- /dev/null
+++ b/tv/2configs/nginx-public_html.nix
@@ -0,0 +1,14 @@
+{ lib, ... }:
+
+with lib;
+
+{
+  krebs.nginx = {
+    enable = true;
+    servers.default.locations = [
+      (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
+        alias /home/$1/public_html$2;
+      '')
+    ];
+  };
+}
-- 
cgit v1.2.3


From b3a481e0b9462bdb4ed92bfc27b2cbf723a8ec30 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:30:38 +0100
Subject: krebs lib.ne: init

---
 krebs/4lib/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix
index dfc51bbe4..4d7e0b549 100644
--- a/krebs/4lib/default.nix
+++ b/krebs/4lib/default.nix
@@ -6,6 +6,7 @@ with lib;
 let out = rec {
 
   eq = x: y: x == y;
+  ne = x: y: x != y;
 
   mod = x: y: x - y * (x / y);
 
-- 
cgit v1.2.3


From d6ded00d012d4fb2a2a0a824604b25dac35ee349 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:32:04 +0100
Subject: tv retiolum: init

---
 tv/1systems/cd.nix       | 11 +----------
 tv/1systems/nomic.nix    | 10 +---------
 tv/1systems/wu.nix       | 10 +---------
 tv/1systems/xu.nix       | 11 +----------
 tv/2configs/retiolum.nix | 16 ++++++++++++++++
 5 files changed, 20 insertions(+), 38 deletions(-)
 create mode 100644 tv/2configs/retiolum.nix

diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index b69d7655a..da44f5077 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -17,6 +17,7 @@ with lib;
     #../2configs/consul-server.nix
     ../2configs/exim-smarthost.nix
     ../2configs/git.nix
+    ../2configs/retiolum.nix
     ../2configs/urlwatch.nix
     {
       imports = [ ../2configs/charybdis.nix ];
@@ -77,16 +78,6 @@ with lib;
         '');
       };
     }
-    {
-      krebs.retiolum = {
-        enable = true;
-        connectTo = [
-          "fastpoke"
-          "pigstarter"
-          "ire"
-        ];
-      };
-    }
   ];
 
   networking.interfaces.enp2s1.ip4 = [
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index 64fe5a635..b7e77e973 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -11,6 +11,7 @@ with lib;
     ../2configs/git.nix
     ../2configs/nginx-public_html.nix
     ../2configs/pulse.nix
+    ../2configs/retiolum.nix
     ../2configs/xserver
     {
       tv.iptables = {
@@ -23,15 +24,6 @@ with lib;
         ];
       };
     }
-    {
-      krebs.retiolum = {
-        enable = true;
-        connectTo = [
-          "gum"
-          "pigstarter"
-        ];
-      };
-    }
   ];
 
   boot.initrd.luks = {
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 6dd051210..f52bbc091 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -12,6 +12,7 @@ with lib;
     ../2configs/mail-client.nix
     ../2configs/nginx-public_html.nix
     ../2configs/pulse.nix
+    ../2configs/retiolum.nix
     ../2configs/xserver
     {
       environment.systemPackages = with pkgs; [
@@ -135,15 +136,6 @@ with lib;
         ];
       };
     }
-    {
-      krebs.retiolum = {
-        enable = true;
-        connectTo = [
-          "gum"
-          "pigstarter"
-        ];
-      };
-    }
   ];
 
   boot.initrd.luks = {
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 409129581..54e16868f 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -12,6 +12,7 @@ with lib;
     ../2configs/mail-client.nix
     ../2configs/nginx-public_html.nix
     ../2configs/pulse.nix
+    ../2configs/retiolum.nix
     ../2configs/xserver
     {
       environment.systemPackages = with pkgs; [
@@ -133,16 +134,6 @@ with lib;
         ];
       };
     }
-    {
-      krebs.retiolum = {
-        enable = true;
-        connectTo = [
-          "cd"
-          "gum"
-          "pigstarter"
-        ];
-      };
-    }
   ];
 
   boot.initrd.luks = {
diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix
new file mode 100644
index 000000000..91fe81d69
--- /dev/null
+++ b/tv/2configs/retiolum.nix
@@ -0,0 +1,16 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+  krebs.retiolum = {
+    enable = true;
+    connectTo = filter (ne config.krebs.build.host.name) [
+      "gum"
+      "prism"
+      "echelon"
+      "cd"
+      "ire"
+    ];
+  };
+}
-- 
cgit v1.2.3


From bb1dbae8187601cea2ddfbdcdc9baa456bc5b4ab Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:40:25 +0100
Subject: tv: open ssh port by default

---
 tv/1systems/cd.nix      | 4 ----
 tv/1systems/nomic.nix   | 1 -
 tv/1systems/wu.nix      | 1 -
 tv/1systems/xu.nix      | 1 -
 tv/2configs/default.nix | 5 +++++
 5 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index da44f5077..6db78ca89 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -41,7 +41,6 @@ with lib;
       tv.iptables = {
         enable = true;
         input-internet-accept-new-tcp = [
-          "ssh"
           "tinc"
           "smtp"
           "xmpp-client"
@@ -58,10 +57,7 @@ with lib;
         "cgit.cd.krebsco.de"
         "cgit.cd.viljetic.de"
       ];
-    }
-    {
       # TODO make public_html also available to cd, cd.retiolum (AKA default)
-      tv.iptables.input-internet-accept-new-tcp = singleton "http";
       krebs.nginx.servers.public_html = {
         server-names = singleton "cd.viljetic.de";
         locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index b7e77e973..f176a5f23 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -17,7 +17,6 @@ with lib;
       tv.iptables = {
         enable = true;
         input-internet-accept-new-tcp = [
-          "ssh"
           "http"
           "tinc"
           "smtp"
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index f52bbc091..16709052b 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -129,7 +129,6 @@ with lib;
       tv.iptables = {
         enable = true;
         input-internet-accept-new-tcp = [
-          "ssh"
           "http"
           "tinc"
           "smtp"
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 54e16868f..c6f1a393e 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -127,7 +127,6 @@ with lib;
       tv.iptables = {
         enable = true;
         input-internet-accept-new-tcp = [
-          "ssh"
           "http"
           "tinc"
           "smtp"
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 310077021..abe9d3de8 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -162,6 +162,10 @@ with lib;
       };
     }
 
+    {
+      tv.iptables.enable = true;
+    }
+
     {
       services.openssh = {
         enable = true;
@@ -169,6 +173,7 @@ with lib;
           { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
         ];
       };
+      tv.iptables.input-internet-accept-new-tcp = singleton "ssh";
     }
 
     {
-- 
cgit v1.2.3


From b172630f894362dc32cb6af7d5c9d44902ec5752 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:44:19 +0100
Subject: tv retiolum: open tinc port

---
 tv/1systems/cd.nix       | 1 -
 tv/1systems/nomic.nix    | 1 -
 tv/1systems/wu.nix       | 1 -
 tv/1systems/xu.nix       | 1 -
 tv/2configs/retiolum.nix | 1 +
 5 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 6db78ca89..783d23ca9 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -41,7 +41,6 @@ with lib;
       tv.iptables = {
         enable = true;
         input-internet-accept-new-tcp = [
-          "tinc"
           "smtp"
           "xmpp-client"
           "xmpp-server"
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index f176a5f23..6f2c41823 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -18,7 +18,6 @@ with lib;
         enable = true;
         input-internet-accept-new-tcp = [
           "http"
-          "tinc"
           "smtp"
         ];
       };
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 16709052b..7635f6162 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -130,7 +130,6 @@ with lib;
         enable = true;
         input-internet-accept-new-tcp = [
           "http"
-          "tinc"
           "smtp"
         ];
       };
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index c6f1a393e..91b761d24 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -128,7 +128,6 @@ with lib;
         enable = true;
         input-internet-accept-new-tcp = [
           "http"
-          "tinc"
           "smtp"
         ];
       };
diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix
index 91fe81d69..d2bb9e6cf 100644
--- a/tv/2configs/retiolum.nix
+++ b/tv/2configs/retiolum.nix
@@ -13,4 +13,5 @@ with lib;
       "ire"
     ];
   };
+  tv.iptables.input-internet-accept-new-tcp = singleton "tinc";
 }
-- 
cgit v1.2.3


From d85c70d1d669636fe2fcbb1179dca2c4aecb0802 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:46:33 +0100
Subject: tv nginx-public_html: open http port

---
 tv/1systems/nomic.nix             | 1 -
 tv/1systems/wu.nix                | 1 -
 tv/1systems/xu.nix                | 1 -
 tv/2configs/nginx-public_html.nix | 1 +
 4 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index 6f2c41823..2b71a974e 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -17,7 +17,6 @@ with lib;
       tv.iptables = {
         enable = true;
         input-internet-accept-new-tcp = [
-          "http"
           "smtp"
         ];
       };
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 7635f6162..a51e0e678 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -129,7 +129,6 @@ with lib;
       tv.iptables = {
         enable = true;
         input-internet-accept-new-tcp = [
-          "http"
           "smtp"
         ];
       };
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 91b761d24..847b57249 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -127,7 +127,6 @@ with lib;
       tv.iptables = {
         enable = true;
         input-internet-accept-new-tcp = [
-          "http"
           "smtp"
         ];
       };
diff --git a/tv/2configs/nginx-public_html.nix b/tv/2configs/nginx-public_html.nix
index 50c623915..dc74f7f8d 100644
--- a/tv/2configs/nginx-public_html.nix
+++ b/tv/2configs/nginx-public_html.nix
@@ -11,4 +11,5 @@ with lib;
       '')
     ];
   };
+  tv.iptables.input-internet-accept-new-tcp = singleton "http";
 }
-- 
cgit v1.2.3


From fe025213ea5c15012fd83f1064269a315a2d576a Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:50:00 +0100
Subject: tv exim-retiolum: open smtp port to retiolum

---
 tv/1systems/nomic.nix         | 8 --------
 tv/1systems/wu.nix            | 8 --------
 tv/1systems/xu.nix            | 8 --------
 tv/2configs/exim-retiolum.nix | 5 ++++-
 4 files changed, 4 insertions(+), 25 deletions(-)

diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index 2b71a974e..37ef204c7 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -13,14 +13,6 @@ with lib;
     ../2configs/pulse.nix
     ../2configs/retiolum.nix
     ../2configs/xserver
-    {
-      tv.iptables = {
-        enable = true;
-        input-internet-accept-new-tcp = [
-          "smtp"
-        ];
-      };
-    }
   ];
 
   boot.initrd.luks = {
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index a51e0e678..aef8ca761 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -125,14 +125,6 @@ with lib;
         unison
       ];
     }
-    {
-      tv.iptables = {
-        enable = true;
-        input-internet-accept-new-tcp = [
-          "smtp"
-        ];
-      };
-    }
   ];
 
   boot.initrd.luks = {
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 847b57249..31a8a3e99 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -123,14 +123,6 @@ with lib;
         unison
       ];
     }
-    {
-      tv.iptables = {
-        enable = true;
-        input-internet-accept-new-tcp = [
-          "smtp"
-        ];
-      };
-    }
   ];
 
   boot.initrd.luks = {
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
index 1af72c28f..aedf25823 100644
--- a/tv/2configs/exim-retiolum.nix
+++ b/tv/2configs/exim-retiolum.nix
@@ -1,5 +1,8 @@
-{ ... }:
+{ lib, ... }:
+
+with lib;
 
 {
   krebs.exim-retiolum.enable = true;
+  tv.iptables.input-retiolum-accept-new-tcp = singleton "smtp";
 }
-- 
cgit v1.2.3


From b58f37ce3833b7800c0a9ec83367dc888ea571b3 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:53:16 +0100
Subject: tv exim-smarthost: open smtp port

---
 tv/1systems/cd.nix             | 1 -
 tv/2configs/exim-smarthost.nix | 5 ++++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 783d23ca9..1d9457600 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -41,7 +41,6 @@ with lib;
       tv.iptables = {
         enable = true;
         input-internet-accept-new-tcp = [
-          "smtp"
           "xmpp-client"
           "xmpp-server"
         ];
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index f5f63d284..bcfea7821 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -1,4 +1,6 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+with lib;
 
 {
   krebs.exim-smarthost = {
@@ -34,4 +36,5 @@
       { from = "mirko"; to = "mv"; }
     ];
   };
+  tv.iptables.input-internet-accept-new-tcp = singleton "smtp";
 }
-- 
cgit v1.2.3


From 0c1a2d11b18c73ddc7fdb429e0d09dcffa3906f8 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:56:10 +0100
Subject: cd: redistribute iptable rules

---
 tv/1systems/cd.nix | 20 +++++---------------
 1 file changed, 5 insertions(+), 15 deletions(-)

diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 1d9457600..27e94aef0 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -31,6 +31,10 @@ with lib;
         enable = true;
         hosts = [ "jabber.viljetic.de" ];
       };
+      tv.iptables.input-internet-accept-new-tcp = [
+        "xmpp-client"
+        "xmpp-server"
+      ];
     }
     {
       krebs.github-hosts-sync.enable = true;
@@ -38,19 +42,6 @@ with lib;
         singleton config.krebs.github-hosts-sync.port;
     }
     {
-      tv.iptables = {
-        enable = true;
-        input-internet-accept-new-tcp = [
-          "xmpp-client"
-          "xmpp-server"
-        ];
-        input-retiolum-accept-new-tcp = [
-          "http"
-        ];
-      };
-    }
-    {
-      tv.iptables.input-internet-accept-new-tcp = singleton "http";
       krebs.nginx.servers.cgit.server-names = [
         "cgit.cd.krebsco.de"
         "cgit.cd.viljetic.de"
@@ -62,8 +53,6 @@ with lib;
           alias /home/$1/public_html$2;
         '');
       };
-    }
-    {
       krebs.nginx.servers.viljetic = {
         server-names = singleton "viljetic.de";
         # TODO directly set root (instead via location)
@@ -71,6 +60,7 @@ with lib;
           root ${pkgs.viljetic-pages};
         '');
       };
+      tv.iptables.input-internet-accept-new-tcp = singleton "http";
     }
   ];
 
-- 
cgit v1.2.3


From 461fe008e72995a42e8546d5dcc46382ca820000 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 1 Feb 2016 21:58:19 +0100
Subject: ma 1 filepimp: use by-id fs path, snapraid

---
 makefu/1systems/filepimp.nix | 51 +++++++++++++++++++++++++++++++-------------
 1 file changed, 36 insertions(+), 15 deletions(-)

diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
index 2d008cee6..fb9324ee9 100644
--- a/makefu/1systems/filepimp.nix
+++ b/makefu/1systems/filepimp.nix
@@ -1,10 +1,14 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
+{ config, pkgs, lib, ... }:
+let
+  byid = dev: "/dev/disk/by-id/" + dev;
+  part1 = disk: disk + "-part1";
+  rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890";
+  jDisk0 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
+  jDisk1 = byid "ata-ST4000DM000-1F2168_Z3040NEA";
+  jDisk2 = byid "ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E0621363";
+  jDisk3 = byid "ata-TOSHIBA_MD04ACA400_156GK89OFSBA";
+  allDisks = [ rootDisk jDisk0 jDisk1 jDisk2 jDisk3 ];
+in {
   imports =
     [ # Include the results of the hardware scan.
       ../2configs/fs/single-partition-ext4.nix
@@ -12,16 +16,9 @@
       ../2configs/smart-monitor.nix
     ];
   krebs.build.host = config.krebs.hosts.filepimp;
-  services.smartd.devices = [
-    { device = "/dev/sda"; }
-    { device = "/dev/sdb"; }
-    { device = "/dev/sdc"; }
-    { device = "/dev/sdd"; }
-    { device = "/dev/sde"; }
-  ];
   # AMD N54L
   boot = {
-    loader.grub.device = "/dev/sde";
+    loader.grub.device = rootDisk;
 
     initrd.availableKernelModules = [
       "ahci"
@@ -40,4 +37,28 @@
 
   zramSwap.enable = true;
   zramSwap.numDevices = 2;
+
+  makefu.snapraid = let
+    toMedia = name: "/media/" + name;
+  in {
+    enable = true;
+    # todo combine creation when enabling the mount point
+    disks = map toMedia [ "j0" "j1" "j2" ];
+    parity = toMedia "par0";
+  };
+  # TODO: refactor, copy-paste from omo
+  services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
+  powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
+      ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
+      ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
+      ${pkgs.hdparm}/sbin/hdparm -y ${disk}
+    '') allDisks);
+  fileSystems = let
+    xfsmount = name: dev:
+      { "/media/${name}" = { device = dev; fsType = "xfs"; }; };
+  in
+        (xfsmount "j0" (part1 jDisk0))
+    //  (xfsmount "j1" (part1 jDisk1))
+    //  (xfsmount "j2" (part1 jDisk2))
+    //  (xfsmount "par0" (part1 jDisk3));
 }
-- 
cgit v1.2.3


From 40b13f240888be643e19939ceef79483aeb07ca5 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 1 Feb 2016 21:58:54 +0100
Subject: ma 1 gum: host update.connector.one

---
 makefu/1systems/gum.nix                        |  1 +
 makefu/2configs/nginx/update.connector.one.nix | 26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 makefu/2configs/nginx/update.connector.one.nix

diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index ac7524506..c4dfbf4b7 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -15,6 +15,7 @@ in {
       ../2configs/git/cgit-retiolum.nix
       ../2configs/mattermost-docker.nix
       ../2configs/nginx/euer.test.nix
+      ../2configs/nginx/update.connector.one.nix
 
       ../2configs/exim-retiolum.nix
       ../2configs/urlwatch.nix
diff --git a/makefu/2configs/nginx/update.connector.one.nix b/makefu/2configs/nginx/update.connector.one.nix
new file mode 100644
index 000000000..eb39a1668
--- /dev/null
+++ b/makefu/2configs/nginx/update.connector.one.nix
@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  hostname = config.krebs.build.host.name;
+  external-ip = head config.krebs.build.host.nets.internet.addrs4;
+in {
+  krebs.nginx = {
+    enable = mkDefault true;
+    servers = {
+      omo-share = {
+        listen = [ "${external-ip}:80" ];
+        server-names = [
+          "update.connector.one"
+          "firmware.connector.one"
+        ];
+        locations = singleton (nameValuePair "/" ''
+          autoindex on;
+          root /var/www/update.connector.one;
+          sendfile on;
+          gzip on;
+        '');
+      };
+    };
+  };
+}
-- 
cgit v1.2.3


From 44e0c5153ca6a65ee130f30ea8466906deedcada Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 1 Feb 2016 22:01:41 +0100
Subject: ma 1 omo: add shares

---
 makefu/1systems/omo.nix             | 30 +---------------
 makefu/2configs/nginx/omo-share.nix | 34 -------------------
 makefu/2configs/omo-share.nix       | 68 +++++++++++++++++++++++++++++++++++++
 3 files changed, 69 insertions(+), 63 deletions(-)
 delete mode 100644 makefu/2configs/nginx/omo-share.nix
 create mode 100644 makefu/2configs/omo-share.nix

diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 19183fea8..e9c51f485 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -28,7 +28,7 @@ in {
       ../2configs/smart-monitor.nix
       ../2configs/mail-client.nix
       ../2configs/share-user-sftp.nix
-      ../2configs/nginx/omo-share.nix
+      ../2configs/omo-share.nix
       ../3modules
     ];
   networking.firewall.trustedInterfaces = [ "enp3s0" ];
@@ -42,34 +42,6 @@ in {
   # services.openssh.allowSFTP = false;
   krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
 
-  # samba share /media/crypt1/share
-  users.users.smbguest = {
-    name = "smbguest";
-    uid = config.ids.uids.smbguest;
-    description = "smb guest user";
-    home = "/var/empty";
-  };
-  services.samba = {
-    enable = true;
-    shares = {
-      winshare = {
-        path = "/media/crypt1/share";
-        "read only" = "no";
-        browseable = "yes";
-        "guest ok" = "yes";
-      };
-    };
-    extraConfig = ''
-      guest account = smbguest
-      map to guest = bad user
-      # disable printing
-      load printers = no
-      printing = bsd
-      printcap name = /dev/null
-      disable spoolss = yes
-    '';
-  };
-
   # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
   services.sabnzbd.enable = true;
   systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
diff --git a/makefu/2configs/nginx/omo-share.nix b/makefu/2configs/nginx/omo-share.nix
deleted file mode 100644
index ce85e0442..000000000
--- a/makefu/2configs/nginx/omo-share.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
-  hostname = config.krebs.build.host.name;
-  # TODO local-ip from the nets config
-  local-ip = "192.168.1.11";
-  # local-ip = head config.krebs.build.host.nets.retiolum.addrs4;
-in {
-  krebs.nginx = {
-    enable = mkDefault true;
-    servers = {
-      omo-share = {
-        listen = [ "${local-ip}:80" ];
-        locations = singleton (nameValuePair "/" ''
-          autoindex on;
-          root /media;
-          limit_rate_after 100m;
-          limit_rate 5m;
-          mp4_buffer_size     4M;
-          mp4_max_buffer_size 10M;
-          allow all;
-          access_log off;
-          keepalive_timeout  65;
-          keepalive_requests 200;
-          reset_timedout_connection on;
-          sendfile on;
-          tcp_nopush on;
-          gzip off;
-        '');
-      };
-    };
-  };
-}
diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix
new file mode 100644
index 000000000..1e0975e1d
--- /dev/null
+++ b/makefu/2configs/omo-share.nix
@@ -0,0 +1,68 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  hostname = config.krebs.build.host.name;
+  # TODO local-ip from the nets config
+  local-ip = "192.168.1.11";
+  # local-ip = head config.krebs.build.host.nets.retiolum.addrs4;
+in {
+  krebs.nginx = {
+    enable = mkDefault true;
+    servers = {
+      omo-share = {
+        listen = [ "${local-ip}:80" ];
+        locations = singleton (nameValuePair "/" ''
+          autoindex on;
+          root /media;
+          limit_rate_after 100m;
+          limit_rate 5m;
+          mp4_buffer_size     4M;
+          mp4_max_buffer_size 10M;
+          allow all;
+          access_log off;
+          keepalive_timeout  65;
+          keepalive_requests 200;
+          reset_timedout_connection on;
+          sendfile on;
+          tcp_nopush on;
+          gzip off;
+        '');
+      };
+    };
+  };
+
+  # samba share /media/crypt1/share
+  users.users.smbguest = {
+    name = "smbguest";
+    uid = config.ids.uids.smbguest;
+    description = "smb guest user";
+    home = "/var/empty";
+  };
+  services.samba = {
+    enable = true;
+    shares = {
+      winshare = {
+        path = "/media/crypt1/share";
+        "read only" = "no";
+        browseable = "yes";
+        "guest ok" = "yes";
+      };
+      usenet = {
+        path = "/media/crypt0/usenet/dst";
+        "read only" = "yes";
+        browseable = "yes";
+        "guest ok" = "yes";
+      };
+    };
+    extraConfig = ''
+      guest account = smbguest
+      map to guest = bad user
+      # disable printing
+      load printers = no
+      printing = bsd
+      printcap name = /dev/null
+      disable spoolss = yes
+    '';
+  };
+}
-- 
cgit v1.2.3


From 07fa0d989609faca2e9f9847165db61428206ef7 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 01:35:19 +0100
Subject: nixpkgs: symlink upstream-nixpkgs/{default.nix,lib}

---
 nixpkgs/default.nix | 2 +-
 nixpkgs/lib         | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)
 mode change 100644 => 120000 nixpkgs/default.nix
 create mode 120000 nixpkgs/lib

diff --git a/nixpkgs/default.nix b/nixpkgs/default.nix
deleted file mode 100644
index 92da82c35..000000000
--- a/nixpkgs/default.nix
+++ /dev/null
@@ -1 +0,0 @@
-import <upstream-nixpkgs>
diff --git a/nixpkgs/default.nix b/nixpkgs/default.nix
new file mode 120000
index 000000000..74e9d7633
--- /dev/null
+++ b/nixpkgs/default.nix
@@ -0,0 +1 @@
+../upstream-nixpkgs/default.nix
\ No newline at end of file
diff --git a/nixpkgs/lib b/nixpkgs/lib
new file mode 120000
index 000000000..2284ef489
--- /dev/null
+++ b/nixpkgs/lib
@@ -0,0 +1 @@
+../upstream-nixpkgs/lib
\ No newline at end of file
-- 
cgit v1.2.3


From 2497533b90ce901a39d6642923738b2a337ad9aa Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 01:53:38 +0100
Subject: krebs/populate.nix -> krebs/v2 populate

---
 Makefile             |  13 ++++--
 krebs/populate.nix   | 116 -------------------------------------------------
 krebs/v2/default.nix | 120 +++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 129 insertions(+), 120 deletions(-)
 delete mode 100644 krebs/populate.nix
 create mode 100644 krebs/v2/default.nix

diff --git a/Makefile b/Makefile
index a35d6d128..d7534e1f3 100644
--- a/Makefile
+++ b/Makefile
@@ -33,15 +33,20 @@ deploy2: export target-host = $(target)
 else
 deploy2: export target-host = $(system)
 endif
+deploy2: export source = \
+	with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; \
+	assert source-version == 2; \
+	source
 deploy2:;@
 	target=$${target-$$system}
 	result=$$(nix-instantiate \
-			--json \
 			--eval \
-			krebs/populate.nix \
-			--arg source 'with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; assert source-version == 2; source' \
+			--json \
+			--arg source "$$source" \
 			--argstr target-host "$$target" \
-			--argstr target-path /var/src)
+			--argstr target-path /var/src \
+			-A populate \
+			krebs/v2)
 	script=$$(echo "$$result" | jq -r .)
 	echo "$$script" | sh
 	ssh root@$$target nixos-rebuild switch -I /var/src
diff --git a/krebs/populate.nix b/krebs/populate.nix
deleted file mode 100644
index 13270c8a7..000000000
--- a/krebs/populate.nix
+++ /dev/null
@@ -1,116 +0,0 @@
-{ source
-, target-user ? "root"
-, target-host
-, target-path ? "/var/src"
-}:
-with import <nixpkgs/lib>;
-with import ~/stockholm/krebs/4lib {
-  lib = import <nixpkgs/lib>;
-};
-with builtins;
-let
-  out = ''
-    #! /bin/sh
-    set -efu
-
-    echo ${shell.escape git-script} \
-      | ssh ${shell.escape "${target-user}@${target-host}"} -T
-
-    tmpdir=$(mktemp -dt stockholm.XXXXXXXX)
-    trap '
-      set +f
-      rm "$tmpdir"/*
-      rmdir "$tmpdir"
-      trap - EXIT INT QUIT
-    '        EXIT INT QUIT
-    chmod 0755 "$tmpdir"
-    ${concatStringsSep "\n"
-      (mapAttrsToList
-        (name: spec: let dst = removePrefix "symlink:" (get-url spec); in
-          "ln -s ${shell.escape dst} $tmpdir/${shell.escape name}")
-        symlink-specs)}
-
-    proot \
-        -b $tmpdir:${shell.escape target-path} \
-        ${concatStringsSep " \\\n    "
-          (mapAttrsToList
-            (name: spec:
-              "-b ${shell.escape "${get-url spec}:${target-path}/${name}"}")
-            file-specs)} \
-        rsync \
-            -f ${shell.escape "P /*"} \
-            ${concatMapStringsSep " \\\n        "
-              (name: "-f ${shell.escape "R /${name}"}")
-              (attrNames file-specs)} \
-            --delete \
-            -vFrlptD \
-            ${shell.escape target-path}/ \
-            ${shell.escape "${target-user}@${target-host}:${target-path}"}
-  '';
-
-  get-schema = uri:
-    if substring 0 1 uri == "/"
-      then "file"
-      else head (splitString ":" uri);
-
-  has-schema = schema: uri: get-schema uri == schema;
-
-  get-url = spec: {
-    string = spec;
-    path = toString spec;
-    set = get-url spec.url;
-  }.${typeOf spec};
-
-  git-specs =
-    filterAttrs (_: spec: has-schema "https" (get-url spec)) source //
-    filterAttrs (_: spec: has-schema "http" (get-url spec)) source //
-    filterAttrs (_: spec: has-schema "git" (get-url spec)) source;
-
-  file-specs =
-    filterAttrs (_: spec: has-schema "file" (get-url spec)) source;
-
-  symlink-specs =
-    filterAttrs (_: spec: has-schema "symlink" (get-url spec)) source;
-
-  git-script = ''
-    fetch_git() {(
-      dst_dir=$1
-      src_url=$2
-      src_ref=$3
-
-      if ! test -e "$dst_dir"; then
-        git clone "$src_url" "$dst_dir"
-      fi
-
-      cd "$dst_dir"
-
-      if ! url=$(git config remote.origin.url); then
-        git remote add origin "$src_url"
-      elif test "$url" != "$src_url"; then
-        git remote set-url origin "$src_url"
-      fi
-
-      # TODO resolve src_ref to commit hash
-      hash=$src_ref
-
-      if ! test "$(git log --format=%H -1)" = "$hash"; then
-        git fetch origin
-        git checkout "$hash" -- "$dst_dir"
-        git checkout "$hash"
-      fi
-
-      git clean -dxf
-    )}
-
-    ${concatStringsSep "\n"
-      (mapAttrsToList
-        (name: spec: toString (map shell.escape [
-          "fetch_git"
-          "${target-path}/${name}"
-          spec.url
-          spec.rev
-        ]))
-        git-specs)}
-  '';
-
-in out
diff --git a/krebs/v2/default.nix b/krebs/v2/default.nix
new file mode 100644
index 000000000..7eb60103f
--- /dev/null
+++ b/krebs/v2/default.nix
@@ -0,0 +1,120 @@
+{ source
+, target-user ? "root"
+, target-host
+, target-path ? "/var/src"
+}:
+with import <nixpkgs/lib>;
+with import ~/stockholm/krebs/4lib {
+  lib = import <nixpkgs/lib>;
+};
+with builtins;
+let
+  out = {
+    inherit populate;
+  };
+
+  populate = ''
+    #! /bin/sh
+    set -efu
+
+    echo ${shell.escape git-script} \
+      | ssh ${shell.escape "${target-user}@${target-host}"} -T
+
+    tmpdir=$(mktemp -dt stockholm.XXXXXXXX)
+    trap '
+      set +f
+      rm "$tmpdir"/*
+      rmdir "$tmpdir"
+      trap - EXIT INT QUIT
+    '        EXIT INT QUIT
+    chmod 0755 "$tmpdir"
+    ${concatStringsSep "\n"
+      (mapAttrsToList
+        (name: spec: let dst = removePrefix "symlink:" (get-url spec); in
+          "ln -s ${shell.escape dst} $tmpdir/${shell.escape name}")
+        symlink-specs)}
+
+    proot \
+        -b $tmpdir:${shell.escape target-path} \
+        ${concatStringsSep " \\\n    "
+          (mapAttrsToList
+            (name: spec:
+              "-b ${shell.escape "${get-url spec}:${target-path}/${name}"}")
+            file-specs)} \
+        rsync \
+            -f ${shell.escape "P /*"} \
+            ${concatMapStringsSep " \\\n        "
+              (name: "-f ${shell.escape "R /${name}"}")
+              (attrNames file-specs)} \
+            --delete \
+            -vFrlptD \
+            ${shell.escape target-path}/ \
+            ${shell.escape "${target-user}@${target-host}:${target-path}"}
+  '';
+
+  get-schema = uri:
+    if substring 0 1 uri == "/"
+      then "file"
+      else head (splitString ":" uri);
+
+  has-schema = schema: uri: get-schema uri == schema;
+
+  get-url = spec: {
+    string = spec;
+    path = toString spec;
+    set = get-url spec.url;
+  }.${typeOf spec};
+
+  git-specs =
+    filterAttrs (_: spec: has-schema "https" (get-url spec)) source //
+    filterAttrs (_: spec: has-schema "http" (get-url spec)) source //
+    filterAttrs (_: spec: has-schema "git" (get-url spec)) source;
+
+  file-specs =
+    filterAttrs (_: spec: has-schema "file" (get-url spec)) source;
+
+  symlink-specs =
+    filterAttrs (_: spec: has-schema "symlink" (get-url spec)) source;
+
+  git-script = ''
+    fetch_git() {(
+      dst_dir=$1
+      src_url=$2
+      src_ref=$3
+
+      if ! test -e "$dst_dir"; then
+        git clone "$src_url" "$dst_dir"
+      fi
+
+      cd "$dst_dir"
+
+      if ! url=$(git config remote.origin.url); then
+        git remote add origin "$src_url"
+      elif test "$url" != "$src_url"; then
+        git remote set-url origin "$src_url"
+      fi
+
+      # TODO resolve src_ref to commit hash
+      hash=$src_ref
+
+      if ! test "$(git log --format=%H -1)" = "$hash"; then
+        git fetch origin
+        git checkout "$hash" -- "$dst_dir"
+        git checkout "$hash"
+      fi
+
+      git clean -dxf
+    )}
+
+    ${concatStringsSep "\n"
+      (mapAttrsToList
+        (name: spec: toString (map shell.escape [
+          "fetch_git"
+          "${target-path}/${name}"
+          spec.url
+          spec.rev
+        ]))
+        git-specs)}
+  '';
+
+in out
-- 
cgit v1.2.3


From b849e3525edfe884a2e004e6497aad9995c093bd Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 03:19:20 +0100
Subject: make {deploy2 -> populate, rebuild}

---
 Makefile | 51 +++++++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 24 deletions(-)

diff --git a/Makefile b/Makefile
index d7534e1f3..ecfc7e50d 100644
--- a/Makefile
+++ b/Makefile
@@ -27,30 +27,6 @@ deploy infest:;@
 	script=$$(make -s eval)
 	echo "$$script" | sh
 
-.PHONY: deploy2
-ifdef target
-deploy2: export target-host = $(target)
-else
-deploy2: export target-host = $(system)
-endif
-deploy2: export source = \
-	with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; \
-	assert source-version == 2; \
-	source
-deploy2:;@
-	target=$${target-$$system}
-	result=$$(nix-instantiate \
-			--eval \
-			--json \
-			--arg source "$$source" \
-			--argstr target-host "$$target" \
-			--argstr target-path /var/src \
-			-A populate \
-			krebs/v2)
-	script=$$(echo "$$result" | jq -r .)
-	echo "$$script" | sh
-	ssh root@$$target nixos-rebuild switch -I /var/src
-
 .PHONY: eval
 eval:
 	@
@@ -73,6 +49,33 @@ endif
 		$${target+--argstr target "$$target"})
 	echo "$$result" | filter
 
+ifndef target
+export target = $(system)
+endif
+
+# usage: make populate system=foo [target=bar]
+.PHONY: populate
+populate: export source = \
+	with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; \
+	assert source-version == 2; \
+	source
+populate:;@
+	result=$$(nix-instantiate \
+			--eval \
+			--json \
+			--arg source "$$source" \
+			--argstr target-host "$$target" \
+			--argstr target-path /var/src \
+			-A populate \
+			krebs/v2)
+	script=$$(echo "$$result" | jq -r .)
+	echo "$$script" | sh
+
+# usage: make rebuild system=foo [target=bar] [operation=switch]
+.PHONY: rebuild
+rebuild: populate ;@
+	ssh root@"$$target" nixos-rebuild "$${operation-switch}" -I /var/src
+
 else
 $(error unbound variable: system[s])
 endif
-- 
cgit v1.2.3


From 8e219cd0a2446e8f141e0f2403413a9bd3f0b061 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 03:20:29 +0100
Subject: Makefile,krebs/v2: verbosity++

---
 Makefile             |  2 +-
 krebs/v2/default.nix | 28 +++++++++++++++++++++++-----
 2 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index ecfc7e50d..f81666ae3 100644
--- a/Makefile
+++ b/Makefile
@@ -73,7 +73,7 @@ populate:;@
 
 # usage: make rebuild system=foo [target=bar] [operation=switch]
 .PHONY: rebuild
-rebuild: populate ;@
+rebuild: populate ;@set -x
 	ssh root@"$$target" nixos-rebuild "$${operation-switch}" -I /var/src
 
 else
diff --git a/krebs/v2/default.nix b/krebs/v2/default.nix
index 7eb60103f..78e990d1c 100644
--- a/krebs/v2/default.nix
+++ b/krebs/v2/default.nix
@@ -15,26 +15,34 @@ let
 
   populate = ''
     #! /bin/sh
-    set -efu
+    set -eu
+
+    verbose() {
+      printf '+' >&2
+      printf ' %q' "$@" >&2
+      printf '\n'
+      "$@"
+    }
 
     echo ${shell.escape git-script} \
       | ssh ${shell.escape "${target-user}@${target-host}"} -T
 
-    tmpdir=$(mktemp -dt stockholm.XXXXXXXX)
+    unset tmpdir
     trap '
-      set +f
       rm "$tmpdir"/*
       rmdir "$tmpdir"
       trap - EXIT INT QUIT
     '        EXIT INT QUIT
+    tmpdir=$(mktemp -dt stockholm.XXXXXXXX)
     chmod 0755 "$tmpdir"
+
     ${concatStringsSep "\n"
       (mapAttrsToList
         (name: spec: let dst = removePrefix "symlink:" (get-url spec); in
-          "ln -s ${shell.escape dst} $tmpdir/${shell.escape name}")
+          "verbose ln -s ${shell.escape dst} $tmpdir/${shell.escape name}")
         symlink-specs)}
 
-    proot \
+    verbose proot \
         -b $tmpdir:${shell.escape target-path} \
         ${concatStringsSep " \\\n    "
           (mapAttrsToList
@@ -77,6 +85,15 @@ let
     filterAttrs (_: spec: has-schema "symlink" (get-url spec)) source;
 
   git-script = ''
+    #! /bin/sh
+    set -efu
+
+    verbose() {
+      printf '+' >&2
+      printf ' %q' "$@" >&2
+      printf '\n'
+    }
+
     fetch_git() {(
       dst_dir=$1
       src_url=$2
@@ -109,6 +126,7 @@ let
     ${concatStringsSep "\n"
       (mapAttrsToList
         (name: spec: toString (map shell.escape [
+          "verbose"
           "fetch_git"
           "${target-path}/${name}"
           spec.url
-- 
cgit v1.2.3


From 1b67c62f15e1c92aa1ccdf392fcdfe85488e3f48 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 03:29:42 +0100
Subject: make populate: define and pass lib to krebs/v2

---
 Makefile             | 6 +++++-
 krebs/v2/default.nix | 9 +++------
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/Makefile b/Makefile
index f81666ae3..c4f5cd398 100644
--- a/Makefile
+++ b/Makefile
@@ -55,14 +55,18 @@ endif
 
 # usage: make populate system=foo [target=bar]
 .PHONY: populate
+populate: export lib = \
+	let nlib = import <nixpkgs/lib>; in \
+	nlib // import krebs/4lib { lib = nlib; } // builtins
 populate: export source = \
-	with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; \
+	with (import ./. {}).users.$(LOGNAME).$(system).config.krebs.build; \
 	assert source-version == 2; \
 	source
 populate:;@
 	result=$$(nix-instantiate \
 			--eval \
 			--json \
+			--arg lib "$$lib" \
 			--arg source "$$source" \
 			--argstr target-host "$$target" \
 			--argstr target-path /var/src \
diff --git a/krebs/v2/default.nix b/krebs/v2/default.nix
index 78e990d1c..ac1c13e72 100644
--- a/krebs/v2/default.nix
+++ b/krebs/v2/default.nix
@@ -1,13 +1,10 @@
-{ source
+{ lib
+, source
 , target-user ? "root"
 , target-host
 , target-path ? "/var/src"
 }:
-with import <nixpkgs/lib>;
-with import ~/stockholm/krebs/4lib {
-  lib = import <nixpkgs/lib>;
-};
-with builtins;
+with lib;
 let
   out = {
     inherit populate;
-- 
cgit v1.2.3


From 942511acb1ca0d3c6ef1e59694e888c7d4665aee Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 03:51:22 +0100
Subject: make {populate,rebuild}: use $target_{host,user,path}

---
 Makefile | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/Makefile b/Makefile
index c4f5cd398..501dfbe83 100644
--- a/Makefile
+++ b/Makefile
@@ -49,36 +49,39 @@ endif
 		$${target+--argstr target "$$target"})
 	echo "$$result" | filter
 
-ifndef target
-export target = $(system)
-endif
+export target_host ?= $(system)
+export target_user ?= root
+export target_path ?= /var/src
 
-# usage: make populate system=foo [target=bar]
+# usage: make populate system=foo [target_host=bar]
 .PHONY: populate
 populate: export lib = \
 	let nlib = import <nixpkgs/lib>; in \
 	nlib // import krebs/4lib { lib = nlib; } // builtins
 populate: export source = \
-	with (import ./. {}).users.$(LOGNAME).$(system).config.krebs.build; \
-	assert source-version == 2; \
-	source
+	with builtins; \
+	with (import ./. {}).users.$${getEnv "LOGNAME"}.$${getEnv "system"}; \
+	assert config.krebs.build.source-version == 2; \
+	config.krebs.build.source
 populate:;@
 	result=$$(nix-instantiate \
 			--eval \
 			--json \
 			--arg lib "$$lib" \
 			--arg source "$$source" \
-			--argstr target-host "$$target" \
-			--argstr target-path /var/src \
+			--argstr target-user "$$target_user" \
+			--argstr target-host "$$target_host" \
+			--argstr target-path "$$target_path" \
 			-A populate \
 			krebs/v2)
 	script=$$(echo "$$result" | jq -r .)
 	echo "$$script" | sh
 
-# usage: make rebuild system=foo [target=bar] [operation=switch]
+# usage: make rebuild system=foo [target_host=bar] [operation=switch]
 .PHONY: rebuild
 rebuild: populate ;@set -x
-	ssh root@"$$target" nixos-rebuild "$${operation-switch}" -I /var/src
+	ssh "$$target_user@$$target_host" \
+		nixos-rebuild "$${operation-switch}" -I "$$target_path"
 
 else
 $(error unbound variable: system[s])
-- 
cgit v1.2.3


From 74120066f0387339bc4b3c02b30ed303a90de5da Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 03:57:32 +0100
Subject: krebs/v2: simplify verbose

---
 krebs/v2/default.nix | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/krebs/v2/default.nix b/krebs/v2/default.nix
index ac1c13e72..cba7a75ff 100644
--- a/krebs/v2/default.nix
+++ b/krebs/v2/default.nix
@@ -15,9 +15,7 @@ let
     set -eu
 
     verbose() {
-      printf '+' >&2
-      printf ' %q' "$@" >&2
-      printf '\n'
+      printf '+%s\n' "$(printf ' %q' "$@")" >&2
       "$@"
     }
 
@@ -86,9 +84,8 @@ let
     set -efu
 
     verbose() {
-      printf '+' >&2
-      printf ' %q' "$@" >&2
-      printf '\n'
+      printf '+%s\n' "$(printf ' %q' "$@")" >&2
+      "$@"
     }
 
     fetch_git() {(
-- 
cgit v1.2.3


From 0414f344d9abec821883dcdc77acc6b1d7b8f0ae Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 04:01:55 +0100
Subject: nixpkgs/nixos/lib -> upstream-nixpkgs/nixos/lib

---
 nixpkgs/nixos/lib | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 nixpkgs/nixos/lib

diff --git a/nixpkgs/nixos/lib b/nixpkgs/nixos/lib
new file mode 120000
index 000000000..eb942f88b
--- /dev/null
+++ b/nixpkgs/nixos/lib
@@ -0,0 +1 @@
+../../upstream-nixpkgs/nixos/lib
\ No newline at end of file
-- 
cgit v1.2.3


From 5ce588fb8172ba4d91cfa31c9e043fa1799be9ae Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 13:21:59 +0100
Subject: nixpkgs/pkgs -> upstream-nixpkgs/pkgs

---
 nixpkgs/pkgs | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 nixpkgs/pkgs

diff --git a/nixpkgs/pkgs b/nixpkgs/pkgs
new file mode 120000
index 000000000..ce5f5448b
--- /dev/null
+++ b/nixpkgs/pkgs
@@ -0,0 +1 @@
+../upstream-nixpkgs/pkgs
\ No newline at end of file
-- 
cgit v1.2.3


From 11371608c1c6b5fc661d1c0a1f825226dfd9f599 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 15:29:40 +0100
Subject: with-tmpdir: init at 1

---
 krebs/5pkgs/with-tmpdir/default.nix | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 krebs/5pkgs/with-tmpdir/default.nix

diff --git a/krebs/5pkgs/with-tmpdir/default.nix b/krebs/5pkgs/with-tmpdir/default.nix
new file mode 100644
index 000000000..517e46310
--- /dev/null
+++ b/krebs/5pkgs/with-tmpdir/default.nix
@@ -0,0 +1,29 @@
+{ stdenv, fetchgit, coreutils, dash, ... }:
+
+stdenv.mkDerivation {
+  name = "with-tmpdir-1";
+
+  src = fetchgit {
+    url = http://cgit.cd.krebsco.de/with-tmpdir;
+    rev = "3243c02ed8cd27a04c080bd39560204980f6c16a";
+    sha256 = "80ee6cafb2c337999ddcd1e41747d6256b7cfcea605358c2046eb7e3729555c6";
+  };
+
+  phases = [
+    "unpackPhase"
+    "installPhase"
+  ];
+
+  installPhase = ''
+    mkdir -p $out/bin
+
+    { echo '#! ${dash}/bin/dash'
+      echo 'OLDPATH=$PATH'
+      echo 'PATH=${coreutils}/bin'
+      sed '$s/^/#/' ./with-tmpdir
+      echo '(PATH=$OLDPATH; exec "$@")'
+    } > $out/bin/with-tmpdir
+
+    chmod +x $out/bin/with-tmpdir
+  '';
+}
-- 
cgit v1.2.3


From 7dbfc126fb329a67d68b32803e866ba9f0e7b2f0 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 15:34:22 +0100
Subject: tv git public-repos += with-tmpdir

---
 tv/2configs/git.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index 800deff1b..5e0f95c15 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -39,6 +39,7 @@ let
     stockholm = {
       desc = "take all the computers hostage, they'll love you!";
     };
+    with-tmpdir = {};
   } // mapAttrValues (setAttr "section" "2. Haskell libraries") {
     blessings = {};
     mime = {};
-- 
cgit v1.2.3


From 03e5d03c129190451e1431fac6aae70f745812f9 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 19:17:19 +0100
Subject: tv config: use null for dummy secrets

---
 tv/2configs/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index abe9d3de8..777cd4ea3 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -12,6 +12,7 @@ with lib;
     source = mapAttrs (_: mkDefault) ({
       nixos-config = "symlink:stockholm-private/1systems/${config.krebs.build.host.name}.nix";
       nixpkgs = symlink:stockholm-nixpkgs;
+      null = "/home/tv/stockholm/null";
       secrets = "/home/tv/secrets/${config.krebs.build.host.name}";
       secrets-common = "/home/tv/secrets/common";
       stockholm-krebs = "/home/tv/stockholm/krebs";
@@ -101,7 +102,7 @@ with lib;
       };
 
       environment.variables = {
-        NIX_PATH = mkForce "/var/src";
+        NIX_PATH = mkForce "secrets=/var/src/null:/var/src";
       };
 
       programs.bash = {
-- 
cgit v1.2.3


From 28382e43e0df74a6b10bfcf23465d8415fa86460 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 19:51:01 +0100
Subject: tv: RIP consul

---
 tv/1systems/cd.nix            |   1 -
 tv/1systems/mkdir.nix         |   1 -
 tv/1systems/rmdir.nix         |   1 -
 tv/2configs/consul-client.nix |   9 ----
 tv/2configs/consul-server.nix |  21 --------
 tv/3modules/consul.nix        | 118 ------------------------------------------
 tv/3modules/default.nix       |   1 -
 7 files changed, 152 deletions(-)
 delete mode 100644 tv/2configs/consul-client.nix
 delete mode 100644 tv/2configs/consul-server.nix
 delete mode 100644 tv/3modules/consul.nix

diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 27e94aef0..e42d5750a 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -14,7 +14,6 @@ with lib;
   imports = [
     ../2configs/hw/CAC-Developer-2.nix
     ../2configs/fs/CAC-CentOS-7-64bit.nix
-    #../2configs/consul-server.nix
     ../2configs/exim-smarthost.nix
     ../2configs/git.nix
     ../2configs/retiolum.nix
diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix
index 9d8a0bcfa..79e5f73b9 100644
--- a/tv/1systems/mkdir.nix
+++ b/tv/1systems/mkdir.nix
@@ -22,7 +22,6 @@ in
   imports = [
     ../2configs/hw/CAC-Developer-1.nix
     ../2configs/fs/CAC-CentOS-7-64bit.nix
-    ../2configs/consul-server.nix
     ../2configs/exim-smarthost.nix
     ../2configs/git.nix
     {
diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix
index 1f1d975c9..6fd79c596 100644
--- a/tv/1systems/rmdir.nix
+++ b/tv/1systems/rmdir.nix
@@ -23,7 +23,6 @@ in
   imports = [
     ../2configs/hw/CAC-Developer-1.nix
     ../2configs/fs/CAC-CentOS-7-64bit.nix
-    ../2configs/consul-server.nix
     ../2configs/exim-smarthost.nix
     ../2configs/git.nix
     {
diff --git a/tv/2configs/consul-client.nix b/tv/2configs/consul-client.nix
deleted file mode 100644
index 0a8bf4d75..000000000
--- a/tv/2configs/consul-client.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs, ... }:
-
-{
-  imports = [ ./consul-server.nix ];
-
-  tv.consul = {
-    server = pkgs.lib.mkForce false;
-  };
-}
diff --git a/tv/2configs/consul-server.nix b/tv/2configs/consul-server.nix
deleted file mode 100644
index d10f9ea75..000000000
--- a/tv/2configs/consul-server.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, ... }:
-
-{
-  tv.consul = rec {
-    enable = true;
-
-    self = config.krebs.build.host;
-    inherit (self) dc;
-
-    server = true;
-
-    hosts = with config.krebs.hosts; [
-      # TODO get this list automatically from each host where tv.consul.enable is true
-      cd
-      mkdir
-      nomic
-      rmdir
-      #wu
-    ];
-  };
-}
diff --git a/tv/3modules/consul.nix b/tv/3modules/consul.nix
deleted file mode 100644
index 5c955fdb5..000000000
--- a/tv/3modules/consul.nix
+++ /dev/null
@@ -1,118 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-# if quorum gets lost, then start any node with a config that doesn't contain bootstrap_expect
-# but -bootstrap
-# TODO consul-bootstrap HOST  that actually does is
-# TODO tools to inspect state of a cluster in outage state
-
-with lib;
-let
-  cfg = config.tv.consul;
-
-  out = {
-    options.tv.consul = api;
-    config = mkIf cfg.enable (mkMerge [
-      imp
-      { tv.iptables.input-retiolum-accept-new-tcp = [ "8300" "8301" ]; }
-      # TODO udp for 8301
-    ]);
-  };
-
-  api = {
-    enable = mkEnableOption "tv.consul";
-
-    dc = mkOption {
-      type = types.label;
-    };
-    hosts = mkOption {
-      type = with types; listOf host;
-    };
-    encrypt-file = mkOption {
-      type = types.str; # TODO path (but not just into store)
-      default = toString <secrets/consul-encrypt.json>;
-    };
-    data-dir = mkOption {
-      type = types.str; # TODO path (but not just into store)
-      default = "/var/lib/consul";
-    };
-    self = mkOption {
-      type = types.host;
-    };
-    server = mkOption {
-      type = types.bool;
-      default = false;
-    };
-    GOMAXPROCS = mkOption {
-      type = types.int;
-      default = cfg.self.cores;
-    };
-  };
-
-  consul-config = {
-    datacenter = cfg.dc;
-    data_dir = cfg.data-dir;
-    log_level = "INFO";
-    #node_name =
-    server = cfg.server;
-    enable_syslog = true;
-    retry_join =
-      # TODO allow consul in other nets than retiolum [maybe]
-      concatMap (host: host.nets.retiolum.addrs)
-                (filter (host: host.name != cfg.self.name) cfg.hosts);
-    leave_on_terminate = true;
-  } // optionalAttrs cfg.server {
-    bootstrap_expect = length cfg.hosts;
-    leave_on_terminate = false;
-  };
-
-  imp = {
-    environment.systemPackages = with pkgs; [
-      consul
-    ];
-
-    systemd.services.consul = {
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-      path = with pkgs; [
-        consul
-      ];
-      environment = {
-        GOMAXPROCS = toString cfg.GOMAXPROCS;
-      };
-      serviceConfig = {
-        PermissionsStartOnly = "true";
-        SyslogIdentifier = "consul";
-        User = user.name;
-        PrivateTmp = "true";
-        Restart = "always";
-        ExecStartPre = pkgs.writeScript "consul-init" ''
-          #! /bin/sh
-          mkdir -p ${cfg.data-dir}
-          chown ${user.name}: ${cfg.data-dir}
-          install -o ${user.name} -m 0400 ${cfg.encrypt-file} /tmp/encrypt.json
-        '';
-        ExecStart = pkgs.writeScript "consul-service" ''
-          #! /bin/sh
-          set -euf
-          exec >/dev/null
-          exec consul agent \
-            -config-file=${toFile "consul.json" (toJSON consul-config)} \
-            -config-file=/tmp/encrypt.json
-        '';
-        #-node=${cfg.self.fqdn} \
-        #ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${user} -D";
-      };
-    };
-
-    users.extraUsers = singleton {
-      inherit (user) name uid;
-    };
-  };
-
-  user = rec {
-    name = "consul";
-    uid = genid name;
-  };
-
-in
-out
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index bb10d8261..f7889b245 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -2,7 +2,6 @@ _:
 
 {
   imports = [
-    ./consul.nix
     ./ejabberd.nix
     ./iptables.nix
   ];
-- 
cgit v1.2.3


From d341d1ad1006d49299007c2210dfd8f9903ae21a Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 20:01:28 +0100
Subject: tv vim: drop noise

---
 tv/2configs/vim.nix | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index bab949270..83cc6e117 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -7,11 +7,6 @@ let
       vim
     ];
 
-    # Nano really is just a stupid name for Vim.
-    nixpkgs.config.packageOverrides = pkgs: {
-      nano = pkgs.vim;
-    };
-
     environment.etc.vimrc.source = vimrc;
 
     environment.variables.EDITOR = mkForce "vim";
-- 
cgit v1.2.3


From ef0ce9065f312140cbcb51fc5102c4c5d4e80568 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 20:02:01 +0100
Subject: tv nix.vim: let b:current_syntax

---
 tv/2configs/vim.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 83cc6e117..23f90af05 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -105,6 +105,8 @@ let
 
       syn match String /"\([^\\"]\|\\.\)*"/
       syn match Comment /\(^\|\s\)#.*/
+
+      let b:current_syntax = "nix"
     ''}
 
     au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
-- 
cgit v1.2.3


From ba4bfed2715cb3973f9dbaa6f0a6010c59121a54 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 20:05:12 +0100
Subject: wu: selectively allowUnfree nvidia-x11

---
 tv/1systems/wu.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index aef8ca761..2fa0e8ab7 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -157,7 +157,7 @@ with lib;
 
   nixpkgs.config.chromium.enablePepperFlash = true;
 
-  nixpkgs.config.allowUnfree = true;
+  nixpkgs.config.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name;
   hardware.bumblebee.enable = true;
   hardware.bumblebee.group = "video";
   hardware.enableAllFirmware = true;
-- 
cgit v1.2.3


From 34dcaa692382072889e7e796461933ff129d5a13 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 20:06:15 +0100
Subject: xu: don't unconditionally allowUnfree

---
 tv/1systems/xu.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 31a8a3e99..8c4af2bd3 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -155,7 +155,6 @@ with lib;
 
   nixpkgs.config.chromium.enablePepperFlash = true;
 
-  nixpkgs.config.allowUnfree = true;
   #hardware.bumblebee.enable = true;
   #hardware.bumblebee.group = "video";
   hardware.enableAllFirmware = true;
-- 
cgit v1.2.3


From 44b9f90b2c70c997399afcc550dac2fff155af6b Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 20:12:06 +0100
Subject: tv config: allowUnfree = false

---
 tv/2configs/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 777cd4ea3..ee1d9521d 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -70,6 +70,9 @@ with lib;
 
       nix.useChroot = true;
     }
+    {
+      nixpkgs.config.allowUnfree = false;
+    }
     {
       environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
 
-- 
cgit v1.2.3


From afd09edbd3ec1739fb95eaab664a2400386ce7a0 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 20:17:10 +0100
Subject: tv: cleanup allowUnfree

---
 tv/2configs/hw/AO753.nix | 9 ++++-----
 tv/2configs/hw/x220.nix  | 1 -
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/tv/2configs/hw/AO753.nix b/tv/2configs/hw/AO753.nix
index acd9ee32b..72a40819f 100644
--- a/tv/2configs/hw/AO753.nix
+++ b/tv/2configs/hw/AO753.nix
@@ -1,4 +1,6 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+with lib;
 
 {
   imports = [
@@ -39,8 +41,5 @@
     HandleSuspendKey=ignore
   '';
 
-  nixpkgs.config = {
-    allowUnfree = false;
-    allowUnfreePredicate = (x: pkgs.lib.hasPrefix "broadcom-sta-" x.name);
-  };
+  nixpkgs.config.allowUnfreePredicate = pkg: hasPrefix "broadcom-sta-" pkg.name;
 }
diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix
index 8549311e7..7cec670fa 100644
--- a/tv/2configs/hw/x220.nix
+++ b/tv/2configs/hw/x220.nix
@@ -14,7 +14,6 @@
   networking.wireless.enable = true;
 
   #hardware.enableAllFirmware = true;
-  #nixpkgs.config.allowUnfree = true;
   #zramSwap.enable = true;
   #zramSwap.numDevices = 2;
 
-- 
cgit v1.2.3


From 68655d1ddf078eb1bb3a48ba7e6e9376d913985e Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 3 Feb 2016 11:32:58 +0100
Subject: krebs.git: remove trailing spaces

---
 krebs/3modules/git.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index e6267d7e6..0fa6b240b 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -27,7 +27,7 @@ let
       description = ''
           Enable cgit.
           Cgit is an attempt to create a fast web interface for the git version
-          control system, using a built in cache to decrease pressure on the 
+          control system, using a built in cache to decrease pressure on the
           git server.
           cgit in this module is being served via fastcgi nginx.This module
           deploys a http://cgit.<hostname> nginx configuration and enables nginx
@@ -127,7 +127,7 @@ let
 
   git-imp = {
     system.activationScripts.git-init = "${init-script}";
-    
+
     # TODO maybe put all scripts here and then use PATH?
     environment.etc."${etc-base}".source =
       scriptFarm "git-ssh-authorizers" {
@@ -136,7 +136,7 @@ let
           (map getName (ensureList repo))
           (map getName perm.allow-commands)
         ]) cfg.rules);
-    
+
         authorize-push = makeAuthorizeScript (map ({ repo, user, perm }: [
           (map getName (ensureList user))
           (map getName (ensureList repo))
@@ -144,7 +144,7 @@ let
           (map getName perm.allow-receive-modes)
         ]) (filter (x: hasAttr "allow-receive-ref" x.perm) cfg.rules));
       };
-    
+
     users.extraUsers = singleton rec {
       description = "Git repository hosting user";
       name = "git";
-- 
cgit v1.2.3


From cdb590be5072712c9552a98f8979aa94288dcbc8 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 3 Feb 2016 13:36:54 +0100
Subject: krebs.git.rules: specify type

---
 krebs/3modules/git.nix | 193 +++++++++++++++++++++++++++++++++++--------------
 tv/2configs/git.nix    |   4 +-
 2 files changed, 142 insertions(+), 55 deletions(-)

diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 0fa6b240b..7b28ffca8 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -44,48 +44,8 @@ let
       default = "/etc/git";
     };
     repos = mkOption {
-      type = types.attrsOf (types.submodule ({
-        options = {
-          desc = mkOption {
-            type = types.nullOr types.str;
-            default = null;
-            description = ''
-              Repository description.
-            '';
-          };
-          section = mkOption {
-            type = types.nullOr types.str;
-            default = null;
-            description = ''
-              Repository section.
-            '';
-          };
-          name = mkOption {
-            type = types.str;
-            description = ''
-              Repository name.
-            '';
-          };
-          hooks = mkOption {
-            type = types.attrsOf types.str;
-            default = {};
-            description = ''
-              Repository-specific hooks.
-            '';
-          };
-          public = mkOption {
-            type = types.bool;
-            default = false;
-            description = ''
-              Allow everybody to read the repository via HTTP if cgit enabled.
-            '';
-            # TODO allow every configured user to fetch the repository via SSH.
-          };
-        };
-      }));
-
+      type = types.attrsOf subtypes.repo;
       default = {};
-
       example = literalExample ''
         {
           testing = {
@@ -99,7 +59,6 @@ let
           testing2 = { name = "testing2"; };
         }
       '';
-
       description = ''
         Repositories.
       '';
@@ -121,28 +80,156 @@ let
       '';
     };
     rules = mkOption {
-      type = types.unspecified;
+      type = types.listOf subtypes.rule;
+      default = [];
+      example = literalExample ''
+        singleton {
+          user = [ config.krebs.users.tv ];
+          repo = [ testing ]; # see literal example of repos
+          perm = push "refs/*" (with lib.git; [
+            non-fast-forward create delete merge
+          ]);
+        }
+      '';
+      description = ''
+        Rules.
+      '';
     };
   };
 
+  # TODO put into krebs/4lib/types.nix?
+  subtypes = {
+    repo = types.submodule ({
+      options = {
+        collaborators = mkOption {
+          type = types.listOf types.user;
+          default = [];
+          description = ''
+            List of users that should be able to fetch from this repo.
+
+            This option is currently not used by krebs.git but instead can be
+            used to create rules.  See e.g. <stockholm/tv/2configs/git.nix> for
+            an example.
+          '';
+        };
+        desc = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = ''
+            Repository description.
+          '';
+        };
+        section = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = ''
+            Repository section.
+          '';
+        };
+        name = mkOption {
+          type = types.str;
+          description = ''
+            Repository name.
+          '';
+        };
+        hooks = mkOption {
+          type = types.attrsOf types.str;
+          default = {};
+          description = ''
+            Repository-specific hooks.
+          '';
+        };
+        public = mkOption {
+          type = types.bool;
+          default = false;
+          description = ''
+            Allow everybody to read the repository via HTTP if cgit enabled.
+          '';
+          # TODO allow every configured user to fetch the repository via SSH.
+        };
+      };
+    });
+    rule = types.submodule ({ config, ... }: {
+      options = {
+        user = mkOption {
+          type = types.listOf types.user;
+          description = ''
+            List of users this rule should apply to.
+            Checked by authorize-command.
+          '';
+        };
+        repo = mkOption {
+          type = types.listOf subtypes.repo;
+          description = ''
+            List of repos this rule should apply to.
+            Checked by authorize-command.
+          '';
+        };
+        perm = mkOption {
+          type = types.submodule {
+            # TODO generate enum argument from krebs/4lib/git.nix
+            options = {
+              allow-commands = mkOption {
+                type = types.listOf (types.enum (with git; [
+                  git-receive-pack
+                  git-upload-pack
+                ]));
+                default = [];
+                description = ''
+                  List of commands the rule's users are allowed to execute.
+                  Checked by authorize-command.
+                '';
+              };
+              allow-receive-ref = mkOption {
+                type = types.nullOr types.str;
+                default = null;
+                description = ''
+                  Ref that can receive objects.
+                  Checked by authorize-push.
+                '';
+              };
+              allow-receive-modes = mkOption {
+                type = types.listOf (types.enum (with git; [
+                  fast-forward
+                  non-fast-forward
+                  create
+                  delete
+                  merge
+                ]));
+                default = [];
+                description = ''
+                  List of allowed receive modes.
+                  Checked by pre-receive hook.
+                '';
+              };
+            };
+          };
+          description = ''
+            Permissions granted.
+          '';
+        };
+      };
+    });
+  };
+
   git-imp = {
     system.activationScripts.git-init = "${init-script}";
 
     # TODO maybe put all scripts here and then use PATH?
     environment.etc."${etc-base}".source =
       scriptFarm "git-ssh-authorizers" {
-        authorize-command = makeAuthorizeScript (map ({ repo, user, perm }: [
-          (map getName (ensureList user))
-          (map getName (ensureList repo))
-          (map getName perm.allow-commands)
+        authorize-command = makeAuthorizeScript (map (rule: [
+          (map getName (ensureList rule.user))
+          (map getName (ensureList rule.repo))
+          (map getName rule.perm.allow-commands)
         ]) cfg.rules);
 
-        authorize-push = makeAuthorizeScript (map ({ repo, user, perm }: [
-          (map getName (ensureList user))
-          (map getName (ensureList repo))
-          (ensureList perm.allow-receive-ref)
-          (map getName perm.allow-receive-modes)
-        ]) (filter (x: hasAttr "allow-receive-ref" x.perm) cfg.rules));
+        authorize-push = makeAuthorizeScript (map (rule: [
+          (map getName (ensureList rule.user))
+          (map getName (ensureList rule.repo))
+          (ensureList rule.perm.allow-receive-ref)
+          (map getName rule.perm.allow-receive-modes)
+        ]) (filter (rule: rule.perm.allow-receive-ref != null) cfg.rules));
       };
 
     users.extraUsers = singleton rec {
diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index 5e0f95c15..01dc7de9b 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -9,7 +9,7 @@ let
       enable = true;
       root-title = "public repositories at ${config.krebs.build.host.name}";
       root-desc = "keep calm and engage";
-      repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
+      repos = repos;
       rules = rules;
     };
   };
@@ -99,7 +99,7 @@ let
         repo = [ repo ];
         perm = fetch;
       } ++
-      optional (length (repo.collaborators or []) > 0) {
+      optional (repo.collaborators or [] != []) {
         user = repo.collaborators;
         repo = [ repo ];
         perm = fetch;
-- 
cgit v1.2.3


From 5bc7523bb54e960f5ac00492b16519b1bce21007 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 3 Feb 2016 19:39:00 +0100
Subject: cac-1.0.3 -> cac-api-1.1.0

---
 krebs/5pkgs/cac-api/default.nix                 | 37 +++++++++++++++++++++++
 krebs/5pkgs/cac/default.nix                     | 39 -------------------------
 krebs/5pkgs/test/infest-cac-centos7/default.nix |  4 +--
 krebs/5pkgs/test/infest-cac-centos7/notes       | 32 ++++++++++----------
 tv/1systems/wu.nix                              |  2 +-
 tv/2configs/git.nix                             |  4 +--
 6 files changed, 58 insertions(+), 60 deletions(-)
 create mode 100644 krebs/5pkgs/cac-api/default.nix
 delete mode 100644 krebs/5pkgs/cac/default.nix

diff --git a/krebs/5pkgs/cac-api/default.nix b/krebs/5pkgs/cac-api/default.nix
new file mode 100644
index 000000000..2a32bb096
--- /dev/null
+++ b/krebs/5pkgs/cac-api/default.nix
@@ -0,0 +1,37 @@
+{ stdenv, fetchgit, bc, coreutils, curl, gnused, inotifyTools, jq, ncurses, sshpass, ... }:
+
+stdenv.mkDerivation {
+  name = "cac-api-1.1.0";
+
+  src = fetchgit {
+    url = http://cgit.cd.krebsco.de/cac-api;
+    rev = "0809fae379239687ed1170e04311dc2880ef0aba";
+    sha256 = "357ced27c9ed88028967c934178a1d230bf38617a7494cd4632fabdd2a04fcdd";
+  };
+
+  phases = [
+    "unpackPhase"
+    "installPhase"
+  ];
+
+  installPhase =
+    let
+      path = stdenv.lib.makeSearchPath "bin" [
+        bc
+        coreutils
+        curl
+        gnused
+        inotifyTools
+        jq
+        ncurses
+        sshpass
+      ];
+    in
+    ''
+      mkdir -p $out/bin
+      cp cac-api $out/bin/cac-api
+      sed -i '
+        s;^_cac_cli_main .*;PATH=${path}''${PATH+:$PATH} &;
+      ' $out/bin/cac-api
+    '';
+}
diff --git a/krebs/5pkgs/cac/default.nix b/krebs/5pkgs/cac/default.nix
deleted file mode 100644
index 4d39ce2fb..000000000
--- a/krebs/5pkgs/cac/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ stdenv, fetchgit, bc, coreutils, curl, gnused, inotifyTools, jq, ncurses, sshpass, ... }:
-
-stdenv.mkDerivation {
-  name = "cac-1.0.3";
-
-  src = fetchgit {
-    url = http://cgit.cd.retiolum/cac;
-    rev = "22acc1b990ac7d97c16344fbcbc2621e24cdf915";
-    sha256 = "135b740617c983b3f46a1983d4744be17340d5146a0a0de0dff4bb7a53688f2f";
-  };
-
-  phases = [
-    "unpackPhase"
-    "installPhase"
-  ];
-
-  installPhase =
-    let
-      path = stdenv.lib.makeSearchPath "bin" [
-        bc
-        coreutils
-        curl
-        gnused
-        inotifyTools
-        jq
-        ncurses
-        sshpass
-      ];
-    in
-    ''
-      mkdir -p $out/bin
-
-      sed < ./cac > $out/bin/cac '
-        s;^_cac_main .*;PATH=${path}''${PATH+:$PATH} &;
-      '
-
-      chmod +x $out/bin/cac
-    '';
-}
diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix
index 7f2e3f231..ebea5ae1c 100644
--- a/krebs/5pkgs/test/infest-cac-centos7/default.nix
+++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, coreutils,makeWrapper, cac, cacpanel, gnumake, gnused, jq, openssh, ... }:
+{ stdenv, coreutils,makeWrapper, cac-api, cacpanel, gnumake, gnused, jq, openssh, ... }:
 
 stdenv.mkDerivation rec {
   name = "${shortname}-${version}";
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
 
   path = stdenv.lib.makeSearchPath "bin" [
     coreutils
-    cac
+    cac-api
     cacpanel
     gnumake
     gnused
diff --git a/krebs/5pkgs/test/infest-cac-centos7/notes b/krebs/5pkgs/test/infest-cac-centos7/notes
index 6bfb6906e..7b9cbb46f 100755
--- a/krebs/5pkgs/test/infest-cac-centos7/notes
+++ b/krebs/5pkgs/test/infest-cac-centos7/notes
@@ -1,6 +1,6 @@
 #! /bin/sh
 
-# nix-shell -p gnumake jq openssh cac cacpanel
+# nix-shell -p gnumake jq openssh cac-api cacpanel
 set -eufx
 
 # 2 secrets are required:
@@ -47,15 +47,15 @@ export cac_secrets=$sec_file
 cac-cli --config $krebs_cred panel  add-api-ip
 
 # test login:
-cac update
-cac servers
+cac-api update
+cac-api servers
 
 # preserve old trap
 old_trapstr=$(clear_defer)
 while true;do
   # Template 26: CentOS7
-  # TODO: use cac templates to determine the real Centos7 template in case it changes
-  out=$(cac build cpu=1 ram=512 storage=10 os=26 2>&1)
+  # TODO: use cac-api templates to determine the real Centos7 template in case it changes
+  out=$(cac-api build cpu=1 ram=512 storage=10 os=26 2>&1)
   if name=$(echo "$out" | jq -r .servername);then
     id=servername:$name
     echo "got a working machine, id=$id"
@@ -67,15 +67,15 @@ while true;do
   fi
 
   clear_defer >/dev/null
-  defer "cac delete $id"
+  defer "cac-api delete $id"
 
   # TODO: timeout?
 
   wait_login_cac(){
     # we wait for 30 minutes
     for t in `seq 180`;do
-      # now we have a working cac server
-      if cac ssh $1 -o ConnectTimeout=10 \
+      # now we have a working cac-api server
+      if cac-api ssh $1 -o ConnectTimeout=10 \
                     cat /etc/redhat-release | \
                       grep CentOS ;then
         return 0
@@ -87,7 +87,7 @@ while true;do
   # die on timeout
   if ! wait_login_cac $id;then
     echo "unable to boot a working system within time frame, retrying..." >&2
-    echo "Cleaning up old image,last status: $(cac update;cac getserver $id | jq -r .status)"
+    echo "Cleaning up old image,last status: $(cac-api update;cac-api getserver $id | jq -r .status)"
     eval "$(clear_defer | sed 's/;exit//')"
     sleep 15
   else
@@ -96,17 +96,17 @@ while true;do
   fi
 done
 clear_defer >/dev/null
-defer "cac delete $id;$old_trapstr"
+defer "cac-api delete $id;$old_trapstr"
 
 mkdir -p shared/2configs/temp
-cac generatenetworking $id > \
+cac-api generatenetworking $id > \
   shared/2configs/temp/networking.nix
 # new temporary ssh key we will use to log in after infest
 ssh-keygen -f $krebs_ssh -N ""
 cp $retiolum_key $krebs_secrets/retiolum.rsa_key.priv
 # we override the directories for secrets and stockholm
 # additionally we set the ssh key we generated
-ip=$(cac getserver $id | jq -r .ip)
+ip=$(cac-api getserver $id | jq -r .ip)
 
 cat > shared/2configs/temp/dirs.nix <<EOF
 _: {
@@ -123,18 +123,18 @@ EOF
 
 LOGNAME=shared make eval get=krebs.infest \
   target=derp system=test-centos7 filter=json \
-  | sed -e "s#^ssh.*<<#cac ssh $id<<#" \
-        -e "/^rsync/a -e 'cac ssh $id' \\\\"  \
+  | sed -e "s#^ssh.*<<#cac-api ssh $id<<#" \
+        -e "/^rsync/a -e 'cac-api ssh $id' \\\\"  \
         -e "s#root.derp:#:#" > $krebs_secrets/infest
 sh -x $krebs_secrets/infest
 
 # TODO: generate secrets directory $krebs_secrets for nix import
-cac powerop $id reset
+cac-api powerop $id reset
 
 wait_login(){
   # timeout
   for t in `seq 90`;do
-    # now we have a working cac server
+    # now we have a working cac-api server
     if ssh -o StrictHostKeyChecking=no \
            -o UserKnownHostsFile=/dev/null \
            -i $krebs_ssh \
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 2fa0e8ab7..29e6de08b 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -43,7 +43,7 @@ with lib;
         # tv
         bc
         bind # dig
-        cac
+        cac-api
         dic
         file
         get
diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index 01dc7de9b..b8180085f 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -22,8 +22,8 @@ let
 
   public-repos = mapAttrs make-public-repo ({
   } // mapAttrValues (setAttr "section" "1. Miscellaneous") {
-    cac = {
-      desc = "CloudAtCost command line interface";
+    cac-api = {
+      desc = "CloudAtCost API command line interface";
     };
     get = {};
     hack = {};
-- 
cgit v1.2.3


From a350db5ce9e3fcf27678a2b9bb6685358b63742a Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 3 Feb 2016 21:17:46 +0100
Subject: cacpanel 0.2.3 -> cac-panel 0.4.4

---
 krebs/5pkgs/cac-panel/default.nix | 18 ++++++++++++++++++
 krebs/5pkgs/cacpanel/default.nix  | 18 ------------------
 2 files changed, 18 insertions(+), 18 deletions(-)
 create mode 100644 krebs/5pkgs/cac-panel/default.nix
 delete mode 100644 krebs/5pkgs/cacpanel/default.nix

diff --git a/krebs/5pkgs/cac-panel/default.nix b/krebs/5pkgs/cac-panel/default.nix
new file mode 100644
index 000000000..fd4799535
--- /dev/null
+++ b/krebs/5pkgs/cac-panel/default.nix
@@ -0,0 +1,18 @@
+{pkgs, python3Packages, ...}:
+
+python3Packages.buildPythonPackage rec {
+  name = "cac-panel-${version}";
+  version = "0.4.4";
+
+  src = pkgs.fetchurl {
+    url = "https://pypi.python.org/packages/source/c/cac-panel/cac-panel-${version}.tar.gz";
+    sha256 = "16bx67fsbgwxciik42jhdnfzxx1xp5b0rimzrif3r7h4fawlnld8";
+  };
+
+  propagatedBuildInputs = with python3Packages; [
+    docopt
+    requests2
+    beautifulsoup4
+  ];
+}
+
diff --git a/krebs/5pkgs/cacpanel/default.nix b/krebs/5pkgs/cacpanel/default.nix
deleted file mode 100644
index 3df4dffed..000000000
--- a/krebs/5pkgs/cacpanel/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{pkgs, python3Packages, ...}:
-
-python3Packages.buildPythonPackage rec {
-  name = "cacpanel-${version}";
-  version = "0.2.3";
-
-  src = pkgs.fetchurl {
-    url = "https://pypi.python.org/packages/source/c/cacpanel/cacpanel-${version}.tar.gz";
-    sha256 = "1fib7416qqv8yzrj75kxra7ccpz9abqh58b6gkaavws2fa6m3mm8";
-  };
-
-  propagatedBuildInputs = with python3Packages; [
-    docopt
-    requests2
-    beautifulsoup4
-  ];
-}
-
-- 
cgit v1.2.3


From fdc4fa5c98aaabfb31be7e7f219ca2b134172cf9 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 3 Feb 2016 21:17:46 +0100
Subject: cacpanel 0.2.3 -> cac-panel 0.4.4

---
 krebs/5pkgs/cac-panel/default.nix | 18 ++++++++++++++++++
 krebs/5pkgs/cacpanel/default.nix  | 18 ------------------
 2 files changed, 18 insertions(+), 18 deletions(-)
 create mode 100644 krebs/5pkgs/cac-panel/default.nix
 delete mode 100644 krebs/5pkgs/cacpanel/default.nix

diff --git a/krebs/5pkgs/cac-panel/default.nix b/krebs/5pkgs/cac-panel/default.nix
new file mode 100644
index 000000000..fd4799535
--- /dev/null
+++ b/krebs/5pkgs/cac-panel/default.nix
@@ -0,0 +1,18 @@
+{pkgs, python3Packages, ...}:
+
+python3Packages.buildPythonPackage rec {
+  name = "cac-panel-${version}";
+  version = "0.4.4";
+
+  src = pkgs.fetchurl {
+    url = "https://pypi.python.org/packages/source/c/cac-panel/cac-panel-${version}.tar.gz";
+    sha256 = "16bx67fsbgwxciik42jhdnfzxx1xp5b0rimzrif3r7h4fawlnld8";
+  };
+
+  propagatedBuildInputs = with python3Packages; [
+    docopt
+    requests2
+    beautifulsoup4
+  ];
+}
+
diff --git a/krebs/5pkgs/cacpanel/default.nix b/krebs/5pkgs/cacpanel/default.nix
deleted file mode 100644
index 3df4dffed..000000000
--- a/krebs/5pkgs/cacpanel/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{pkgs, python3Packages, ...}:
-
-python3Packages.buildPythonPackage rec {
-  name = "cacpanel-${version}";
-  version = "0.2.3";
-
-  src = pkgs.fetchurl {
-    url = "https://pypi.python.org/packages/source/c/cacpanel/cacpanel-${version}.tar.gz";
-    sha256 = "1fib7416qqv8yzrj75kxra7ccpz9abqh58b6gkaavws2fa6m3mm8";
-  };
-
-  propagatedBuildInputs = with python3Packages; [
-    docopt
-    requests2
-    beautifulsoup4
-  ];
-}
-
-- 
cgit v1.2.3


From 48381bd8dd9607d54a936c644964ab5bac90e4a9 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 01:20:03 +0100
Subject: cac-api: don't GET broken listtasks + use complete cert

---
 krebs/5pkgs/cac-api/cac.pem     | 88 +++++++++++++++++++++++++++++++++++++++++
 krebs/5pkgs/cac-api/default.nix | 47 ++++++++++++----------
 2 files changed, 114 insertions(+), 21 deletions(-)
 create mode 100644 krebs/5pkgs/cac-api/cac.pem

diff --git a/krebs/5pkgs/cac-api/cac.pem b/krebs/5pkgs/cac-api/cac.pem
new file mode 100644
index 000000000..9d02b6bcf
--- /dev/null
+++ b/krebs/5pkgs/cac-api/cac.pem
@@ -0,0 +1,88 @@
+-----BEGIN CERTIFICATE-----
+MIIFWzCCBEOgAwIBAgIQXWIKGWRZf838+wW1zLdK0DANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlk
+YXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTEwMjMwMDAwMDBaFw0xODEwMjIyMzU5NTlaMF8x
+ITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NM
+IFdpbGRjYXJkMRowGAYDVQQDDBEqLmNsb3VkYXRjb3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAM9CyL8uUPoE3zYbvnwtUW69h0f+rkND1/Jsi15EEBFPQqiYCmPiSaJLn6JB
+Hri34t4lArGrPA6K01x18LJqFoYDy5ya37J8Bd4jF3cijWe/IQEWAw0r2ufhd4LTNMvEyJIECida
+LMhBxpORRdijmvEXCf9D0OEGBV3qfizcCH7+VPordCY3y9fwgbk0wAB1lAk29aRosK3gZJceu57Q
+YkEKjee6pZ473+xpCjaeTBUlPuGA95A2jPf8c+QSPegczOd9Hwo4JqAJSjTzzuHiSbEhd+8JIC/P
+6GYVOvwnNqCPuuXsoBy8xBQ8lHuZcWd5sh4MDRvm5YxVFhYN6kOgf1ECAwEAAaOCAd8wggHbMB8G
+A1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSC9dSGoIEPHBTUQJjOxxPg
+lhRLPDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
+KwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczov
+L3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDov
+L2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB
+LmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNv
+bS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzAB
+hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wLQYDVR0RBCYwJIIRKi5jbG91ZGF0Y29zdC5jb22C
+D2Nsb3VkYXRjb3N0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAPfUXBGDYOQnJuykm8I9cB2rBFVvt
+HgzKIM+SXRz/jRt4HN/fsQkq2mI8SUPigWbtrtL1yim0hHdTR4m6vn7eHqj8erjjEJy16OfyRwp8
+LfjjHvcPxAxiRcFdv+8Pu/o0umqtxmRn4enyAZWhqAp3TBjkJPkJgh/toJqGpE7dN1Jw1AF75rrA
+DXS8J5fcJYZQydJce+kacMHLh4C0Q37NgZKPfM+9jsygqY3Fhqh5GIt/CXNx2vlDPQP87QEtK7y7
+dCGd/MwrdKkUvOpsmqWiO1+02DesZSdIow/YW+8cUhPvYMqpM9zKbqVdRj3FJK56+/xNfNX5tiU1
+1VE7rIcEbw==
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRp
+b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7CAhnh
+oFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28ShbXcDow+G+eMGnD4LgYqbSRutA776S9uM
+IO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4Tg
+llfQcBhglo/uLQeTnaG6ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh
+7lgUq/51UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0nc13c
+RTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbx
+PISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz30O0Oija5zAOBgNVHQ8BAf8EBAMC
+AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYD
+VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNv
+bW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
+AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRy
+dXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcN
+AQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx
+3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsI
+tG8kO3KdY3RYPBpsP0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdo
+ltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js
+9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxGV/Iz2tDIY+3GH5QFlkoa
+kdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBm
+GqW5prU5wfWYQ//u+aen/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODc
+QgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje
+3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf+AZx
+AeKCINT+b72x
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn
+dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ
+FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+
+5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG
+x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX
+2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL
+OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3
+sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C
+GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5
+WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
+FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt
+rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+
+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg
+tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW
+sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp
+pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA
+zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq
+ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52
+7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I
+LaZRfyHBNVOFBkpdn627G190
+-----END CERTIFICATE-----
diff --git a/krebs/5pkgs/cac-api/default.nix b/krebs/5pkgs/cac-api/default.nix
index 2a32bb096..331b0853f 100644
--- a/krebs/5pkgs/cac-api/default.nix
+++ b/krebs/5pkgs/cac-api/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchgit, bc, coreutils, curl, gnused, inotifyTools, jq, ncurses, sshpass, ... }:
+{ stdenv, fetchgit, bc, coreutils, curl, dash, gnused, inotifyTools, jq, ncurses, openssh, sshpass, ... }:
 
 stdenv.mkDerivation {
   name = "cac-api-1.1.0";
@@ -14,24 +14,29 @@ stdenv.mkDerivation {
     "installPhase"
   ];
 
-  installPhase =
-    let
-      path = stdenv.lib.makeSearchPath "bin" [
-        bc
-        coreutils
-        curl
-        gnused
-        inotifyTools
-        jq
-        ncurses
-        sshpass
-      ];
-    in
-    ''
-      mkdir -p $out/bin
-      cp cac-api $out/bin/cac-api
-      sed -i '
-        s;^_cac_cli_main .*;PATH=${path}''${PATH+:$PATH} &;
-      ' $out/bin/cac-api
-    '';
+  installPhase = ''
+    mkdir -p $out/bin
+    { cat <<\EOF
+    #! ${dash}/bin/dash
+    export PATH=${stdenv.lib.makeSearchPath "bin" [
+      bc
+      coreutils
+      curl
+      gnused
+      inotifyTools
+      jq
+      ncurses
+      openssh
+      sshpass
+    ]}
+    EOF
+      # [1]: Disable fetching tasks; listtasks is currently broken:
+      # Unknown column 'iod.apitask.cid' in 'field list'
+      sed '
+        /^\s*tasks \\$/d; # [1]
+        s|\<_cac_exec curl|<${./cac.pem} & --cacert /dev/stdin|
+      ' cac-api
+    } > $out/bin/cac-api
+    chmod +x $out/bin/cac-api
+  '';
 }
-- 
cgit v1.2.3


From bbfef6bd25b4647d9587f891f9b7cb358fabfc87 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 01:32:38 +0100
Subject: Reaktor: use upstream lentil

---
 krebs/5pkgs/Reaktor/plugins.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/5pkgs/Reaktor/plugins.nix b/krebs/5pkgs/Reaktor/plugins.nix
index 7490be4ca..0f61688e3 100644
--- a/krebs/5pkgs/Reaktor/plugins.nix
+++ b/krebs/5pkgs/Reaktor/plugins.nix
@@ -82,7 +82,7 @@ rec {
   };
   stockholm-issue = buildSimpleReaktorPlugin "stockholm-issue" {
     script = ./scripts/random-issue.sh;
-    path = with pkgs; [ git gnused lentil ];
+    path = with pkgs; [ git gnused haskellPackages.lentil ];
     env = { "origin" = "http://cgit.gum/stockholm"; };
   };
 
-- 
cgit v1.2.3


From f095b0267a94e7b8b5ff9acbf54ce11df4a40d8f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 01:59:40 +0100
Subject: test: cacpanel -> cac-panel

---
 krebs/5pkgs/test/infest-cac-centos7/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix
index f7b2a5a08..7adb09ca9 100644
--- a/krebs/5pkgs/test/infest-cac-centos7/default.nix
+++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, coreutils,makeWrapper, cac-api, cacpanel, gnumake, gnused, jq, openssh, ... }:
+{ stdenv, coreutils,makeWrapper, cac-api, cac-panel, gnumake, gnused, jq, openssh, ... }:
 
 stdenv.mkDerivation rec {
   name = "${shortname}-${version}";
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
   path = stdenv.lib.makeSearchPath "bin" [
     coreutils
     cac-api
-    cacpanel
+    cac-panel
     gnumake
     gnused
     jq
-- 
cgit v1.2.3


From 1745d3efa0be1687d482077c75942cf9d6a5ecc2 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 01:55:59 +0100
Subject: cac-cert: init

---
 krebs/5pkgs/cac-api/cac.pem                        | 88 ----------------------
 krebs/5pkgs/cac-api/default.nix                    |  4 +-
 krebs/5pkgs/cac-cert/cac.pem                       | 88 ++++++++++++++++++++++
 krebs/5pkgs/test/infest-cac-centos7/default.nix    | 22 +++---
 .../infest-cac-centos7/panel.cloudatcost.com.crt   | 88 ----------------------
 5 files changed, 101 insertions(+), 189 deletions(-)
 delete mode 100644 krebs/5pkgs/cac-api/cac.pem
 create mode 100644 krebs/5pkgs/cac-cert/cac.pem
 delete mode 100644 krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt

diff --git a/krebs/5pkgs/cac-api/cac.pem b/krebs/5pkgs/cac-api/cac.pem
deleted file mode 100644
index 9d02b6bcf..000000000
--- a/krebs/5pkgs/cac-api/cac.pem
+++ /dev/null
@@ -1,88 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFWzCCBEOgAwIBAgIQXWIKGWRZf838+wW1zLdK0DANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UE
-BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
-A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlk
-YXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTEwMjMwMDAwMDBaFw0xODEwMjIyMzU5NTlaMF8x
-ITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NM
-IFdpbGRjYXJkMRowGAYDVQQDDBEqLmNsb3VkYXRjb3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAM9CyL8uUPoE3zYbvnwtUW69h0f+rkND1/Jsi15EEBFPQqiYCmPiSaJLn6JB
-Hri34t4lArGrPA6K01x18LJqFoYDy5ya37J8Bd4jF3cijWe/IQEWAw0r2ufhd4LTNMvEyJIECida
-LMhBxpORRdijmvEXCf9D0OEGBV3qfizcCH7+VPordCY3y9fwgbk0wAB1lAk29aRosK3gZJceu57Q
-YkEKjee6pZ473+xpCjaeTBUlPuGA95A2jPf8c+QSPegczOd9Hwo4JqAJSjTzzuHiSbEhd+8JIC/P
-6GYVOvwnNqCPuuXsoBy8xBQ8lHuZcWd5sh4MDRvm5YxVFhYN6kOgf1ECAwEAAaOCAd8wggHbMB8G
-A1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSC9dSGoIEPHBTUQJjOxxPg
-lhRLPDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
-KwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczov
-L3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDov
-L2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB
-LmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNv
-bS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzAB
-hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wLQYDVR0RBCYwJIIRKi5jbG91ZGF0Y29zdC5jb22C
-D2Nsb3VkYXRjb3N0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAPfUXBGDYOQnJuykm8I9cB2rBFVvt
-HgzKIM+SXRz/jRt4HN/fsQkq2mI8SUPigWbtrtL1yim0hHdTR4m6vn7eHqj8erjjEJy16OfyRwp8
-LfjjHvcPxAxiRcFdv+8Pu/o0umqtxmRn4enyAZWhqAp3TBjkJPkJgh/toJqGpE7dN1Jw1AF75rrA
-DXS8J5fcJYZQydJce+kacMHLh4C0Q37NgZKPfM+9jsygqY3Fhqh5GIt/CXNx2vlDPQP87QEtK7y7
-dCGd/MwrdKkUvOpsmqWiO1+02DesZSdIow/YW+8cUhPvYMqpM9zKbqVdRj3FJK56+/xNfNX5tiU1
-1VE7rIcEbw==
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
-MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
-BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
-A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMC
-R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
-ChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRp
-b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7CAhnh
-oFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28ShbXcDow+G+eMGnD4LgYqbSRutA776S9uM
-IO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4Tg
-llfQcBhglo/uLQeTnaG6ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh
-7lgUq/51UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0nc13c
-RTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbx
-PISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz30O0Oija5zAOBgNVHQ8BAf8EBAMC
-AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYD
-VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNv
-bW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
-AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRy
-dXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcN
-AQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx
-3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsI
-tG8kO3KdY3RYPBpsP0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdo
-ltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js
-9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxGV/Iz2tDIY+3GH5QFlkoa
-kdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBm
-GqW5prU5wfWYQ//u+aen/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODc
-QgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje
-3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf+AZx
-AeKCINT+b72x
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
-MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
-BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
-A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
-R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
-ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn
-dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ
-FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+
-5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG
-x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX
-2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL
-OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3
-sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C
-GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5
-WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
-FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
-DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt
-rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+
-nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg
-tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW
-sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp
-pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA
-zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq
-ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52
-7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I
-LaZRfyHBNVOFBkpdn627G190
------END CERTIFICATE-----
diff --git a/krebs/5pkgs/cac-api/default.nix b/krebs/5pkgs/cac-api/default.nix
index 331b0853f..9ab6ac8b2 100644
--- a/krebs/5pkgs/cac-api/default.nix
+++ b/krebs/5pkgs/cac-api/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchgit, bc, coreutils, curl, dash, gnused, inotifyTools, jq, ncurses, openssh, sshpass, ... }:
+{ stdenv, fetchgit, bc, cac-cert, coreutils, curl, dash, gnused, inotifyTools, jq, ncurses, openssh, sshpass, ... }:
 
 stdenv.mkDerivation {
   name = "cac-api-1.1.0";
@@ -34,7 +34,7 @@ stdenv.mkDerivation {
       # Unknown column 'iod.apitask.cid' in 'field list'
       sed '
         /^\s*tasks \\$/d; # [1]
-        s|\<_cac_exec curl|<${./cac.pem} & --cacert /dev/stdin|
+        s|\<_cac_exec curl|<${cac-cert} & --cacert /dev/stdin|
       ' cac-api
     } > $out/bin/cac-api
     chmod +x $out/bin/cac-api
diff --git a/krebs/5pkgs/cac-cert/cac.pem b/krebs/5pkgs/cac-cert/cac.pem
new file mode 100644
index 000000000..9d02b6bcf
--- /dev/null
+++ b/krebs/5pkgs/cac-cert/cac.pem
@@ -0,0 +1,88 @@
+-----BEGIN CERTIFICATE-----
+MIIFWzCCBEOgAwIBAgIQXWIKGWRZf838+wW1zLdK0DANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlk
+YXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTEwMjMwMDAwMDBaFw0xODEwMjIyMzU5NTlaMF8x
+ITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NM
+IFdpbGRjYXJkMRowGAYDVQQDDBEqLmNsb3VkYXRjb3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAM9CyL8uUPoE3zYbvnwtUW69h0f+rkND1/Jsi15EEBFPQqiYCmPiSaJLn6JB
+Hri34t4lArGrPA6K01x18LJqFoYDy5ya37J8Bd4jF3cijWe/IQEWAw0r2ufhd4LTNMvEyJIECida
+LMhBxpORRdijmvEXCf9D0OEGBV3qfizcCH7+VPordCY3y9fwgbk0wAB1lAk29aRosK3gZJceu57Q
+YkEKjee6pZ473+xpCjaeTBUlPuGA95A2jPf8c+QSPegczOd9Hwo4JqAJSjTzzuHiSbEhd+8JIC/P
+6GYVOvwnNqCPuuXsoBy8xBQ8lHuZcWd5sh4MDRvm5YxVFhYN6kOgf1ECAwEAAaOCAd8wggHbMB8G
+A1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSC9dSGoIEPHBTUQJjOxxPg
+lhRLPDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
+KwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczov
+L3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDov
+L2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB
+LmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNv
+bS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzAB
+hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wLQYDVR0RBCYwJIIRKi5jbG91ZGF0Y29zdC5jb22C
+D2Nsb3VkYXRjb3N0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAPfUXBGDYOQnJuykm8I9cB2rBFVvt
+HgzKIM+SXRz/jRt4HN/fsQkq2mI8SUPigWbtrtL1yim0hHdTR4m6vn7eHqj8erjjEJy16OfyRwp8
+LfjjHvcPxAxiRcFdv+8Pu/o0umqtxmRn4enyAZWhqAp3TBjkJPkJgh/toJqGpE7dN1Jw1AF75rrA
+DXS8J5fcJYZQydJce+kacMHLh4C0Q37NgZKPfM+9jsygqY3Fhqh5GIt/CXNx2vlDPQP87QEtK7y7
+dCGd/MwrdKkUvOpsmqWiO1+02DesZSdIow/YW+8cUhPvYMqpM9zKbqVdRj3FJK56+/xNfNX5tiU1
+1VE7rIcEbw==
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRp
+b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7CAhnh
+oFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28ShbXcDow+G+eMGnD4LgYqbSRutA776S9uM
+IO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4Tg
+llfQcBhglo/uLQeTnaG6ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh
+7lgUq/51UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0nc13c
+RTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbx
+PISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz30O0Oija5zAOBgNVHQ8BAf8EBAMC
+AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYD
+VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNv
+bW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
+AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRy
+dXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcN
+AQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx
+3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsI
+tG8kO3KdY3RYPBpsP0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdo
+ltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js
+9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxGV/Iz2tDIY+3GH5QFlkoa
+kdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBm
+GqW5prU5wfWYQ//u+aen/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODc
+QgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje
+3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf+AZx
+AeKCINT+b72x
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn
+dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ
+FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+
+5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG
+x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX
+2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL
+OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3
+sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C
+GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5
+WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
+FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt
+rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+
+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg
+tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW
+sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp
+pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA
+zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq
+ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52
+7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I
+LaZRfyHBNVOFBkpdn627G190
+-----END CERTIFICATE-----
diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix
index 7adb09ca9..3be4b1c41 100644
--- a/krebs/5pkgs/test/infest-cac-centos7/default.nix
+++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, coreutils,makeWrapper, cac-api, cac-panel, gnumake, gnused, jq, openssh, ... }:
+{ stdenv, coreutils,makeWrapper, cac-api, cac-cert, cac-panel, gnumake, gnused, jq, openssh, ... }:
 
 stdenv.mkDerivation rec {
   name = "${shortname}-${version}";
@@ -10,6 +10,7 @@ stdenv.mkDerivation rec {
   phases = [
     "installPhase"
   ];
+
   buildInputs = [ makeWrapper ];
 
   path = stdenv.lib.makeSearchPath "bin" [
@@ -22,16 +23,15 @@ stdenv.mkDerivation rec {
     openssh
   ];
 
-  installPhase =
-    ''
-      mkdir -p $out/bin
-      cp ${src} $out/bin/${shortname}
-      chmod +x $out/bin/${shortname}
-      wrapProgram $out/bin/${shortname} \
-              --prefix PATH : ${path} \
-              --set SSL_CERT_FILE ${./panel.cloudatcost.com.crt} \
-              --set REQUESTS_CA_BUNDLE ${./panel.cloudatcost.com.crt}
-    '';
+  installPhase = ''
+    mkdir -p $out/bin
+    cp ${src} $out/bin/${shortname}
+    chmod +x $out/bin/${shortname}
+    wrapProgram $out/bin/${shortname} \
+        --prefix PATH : ${path} \
+        --set REQUESTS_CA_BUNDLE ${cac-cert} \
+        --set SSL_CERT_FILE ${cac-cert}
+  '';
   meta = with stdenv.lib; {
     homepage = http://krebsco.de;
     description = "Krebs CI Scripts";
diff --git a/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt b/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt
deleted file mode 100644
index 9d02b6bcf..000000000
--- a/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt
+++ /dev/null
@@ -1,88 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFWzCCBEOgAwIBAgIQXWIKGWRZf838+wW1zLdK0DANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UE
-BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
-A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlk
-YXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTEwMjMwMDAwMDBaFw0xODEwMjIyMzU5NTlaMF8x
-ITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NM
-IFdpbGRjYXJkMRowGAYDVQQDDBEqLmNsb3VkYXRjb3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAM9CyL8uUPoE3zYbvnwtUW69h0f+rkND1/Jsi15EEBFPQqiYCmPiSaJLn6JB
-Hri34t4lArGrPA6K01x18LJqFoYDy5ya37J8Bd4jF3cijWe/IQEWAw0r2ufhd4LTNMvEyJIECida
-LMhBxpORRdijmvEXCf9D0OEGBV3qfizcCH7+VPordCY3y9fwgbk0wAB1lAk29aRosK3gZJceu57Q
-YkEKjee6pZ473+xpCjaeTBUlPuGA95A2jPf8c+QSPegczOd9Hwo4JqAJSjTzzuHiSbEhd+8JIC/P
-6GYVOvwnNqCPuuXsoBy8xBQ8lHuZcWd5sh4MDRvm5YxVFhYN6kOgf1ECAwEAAaOCAd8wggHbMB8G
-A1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSC9dSGoIEPHBTUQJjOxxPg
-lhRLPDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
-KwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczov
-L3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDov
-L2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB
-LmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNv
-bS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzAB
-hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wLQYDVR0RBCYwJIIRKi5jbG91ZGF0Y29zdC5jb22C
-D2Nsb3VkYXRjb3N0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAPfUXBGDYOQnJuykm8I9cB2rBFVvt
-HgzKIM+SXRz/jRt4HN/fsQkq2mI8SUPigWbtrtL1yim0hHdTR4m6vn7eHqj8erjjEJy16OfyRwp8
-LfjjHvcPxAxiRcFdv+8Pu/o0umqtxmRn4enyAZWhqAp3TBjkJPkJgh/toJqGpE7dN1Jw1AF75rrA
-DXS8J5fcJYZQydJce+kacMHLh4C0Q37NgZKPfM+9jsygqY3Fhqh5GIt/CXNx2vlDPQP87QEtK7y7
-dCGd/MwrdKkUvOpsmqWiO1+02DesZSdIow/YW+8cUhPvYMqpM9zKbqVdRj3FJK56+/xNfNX5tiU1
-1VE7rIcEbw==
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
-MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
-BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
-A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMC
-R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
-ChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRp
-b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7CAhnh
-oFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28ShbXcDow+G+eMGnD4LgYqbSRutA776S9uM
-IO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4Tg
-llfQcBhglo/uLQeTnaG6ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh
-7lgUq/51UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0nc13c
-RTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbx
-PISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz30O0Oija5zAOBgNVHQ8BAf8EBAMC
-AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYD
-VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNv
-bW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
-AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRy
-dXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcN
-AQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx
-3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsI
-tG8kO3KdY3RYPBpsP0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdo
-ltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js
-9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxGV/Iz2tDIY+3GH5QFlkoa
-kdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBm
-GqW5prU5wfWYQ//u+aen/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODc
-QgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje
-3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf+AZx
-AeKCINT+b72x
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
-MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
-BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
-A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
-R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
-ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn
-dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ
-FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+
-5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG
-x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX
-2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL
-OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3
-sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C
-GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5
-WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
-FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
-DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt
-rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+
-nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg
-tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW
-sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp
-pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA
-zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq
-ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52
-7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I
-LaZRfyHBNVOFBkpdn627G190
------END CERTIFICATE-----
-- 
cgit v1.2.3


From f7d979b21fc0a705105adbbc708645f94af6629c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Feb 2016 02:48:28 +0100
Subject: s 1 wolf: provide cgit mirror

---
 krebs/3modules/shared/default.nix |  1 +
 shared/1systems/wolf.nix          |  1 +
 shared/2configs/cgit-mirror.nix   | 41 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 43 insertions(+)
 create mode 100644 shared/2configs/cgit-mirror.nix

diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix
index 518e46587..91d92857b 100644
--- a/krebs/3modules/shared/default.nix
+++ b/krebs/3modules/shared/default.nix
@@ -50,6 +50,7 @@ in {
           addrs6 = ["42:0:0:0:0:0:77:1"];
           aliases = [
             "wolf.retiolum"
+            "cgit.wolf.retiolum"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 8cf5be71c..e45195487 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -12,6 +12,7 @@ in
     ../2configs/shack-nix-cacher.nix
     ../2configs/shack-drivedroid.nix
     ../2configs/buildbot-standalone.nix
+    ../2configs/cgit-mirror.nix
     # ../2configs/graphite.nix
   ];
   # use your own binary cache, fallback use cache.nixos.org (which is used by
diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix
new file mode 100644
index 000000000..5bcfc5818
--- /dev/null
+++ b/shared/2configs/cgit-mirror.nix
@@ -0,0 +1,41 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  rules = with git;[{
+    # user = git-sync;
+    user = git-sync;
+    repo = [ stockholm-mirror ];
+    perm = push ''refs/*'' [ non-fast-forward create delete merge ];
+  }];
+
+  stockholm-mirror = {
+    public = true;
+    name = "stockholm-mirror";
+    desc = "mirror for all stockholm branches";
+    hooks = {
+      post-receive = pkgs.git-hooks.irc-announce {
+        nick = config.networking.hostName;
+        verbose = false;
+        channel = "#retiolum";
+        server = "cd.retiolum";
+      };
+    };
+  };
+
+  git-sync = {
+    name = "git-sync";
+    mail = "spam@krebsco.de";
+    # TODO put git-sync pubkey somewhere more appropriate
+    pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzUuzyoAhMgJmsiaTVWNSXqcrZNTpKpv0nfFBOMcNXUWEbvfAq5eNpg5cX+P8eoYl6UQgfftbYi06flKK3yJdntxoZKLwJGgJt9NZr8yZTsiIfMG8XosvGNQtGPkBtpLusgmPpu7t2RQ9QrqumBvoUDGYEauKTslLwupp1QeyWKUGEhihn4CuqQKiPrz+9vbNd75XOfVZMggk3j4F7HScatmA+p1EQXWyq5Jj78jQN5ZIRnHjMQcIZ4DOz1U96atwSKMviI1xEZIODYfgoGjjiWYeEtKaLVPtSqtLRGI7l+RNouMfwHLdTWOJSlIdFncfPXC6R19hTll3UHeHLtqLP git-sync'';
+  };
+
+in {
+  krebs.git = {
+    enable = true;
+    root-title = "Shared Repos";
+    root-desc = "keep on krebsing";
+    inherit rules;
+    repos.stockholm-mirror = stockholm-mirror;
+  };
+}
-- 
cgit v1.2.3


From cc1a230fd2742b6ccadd0837d9cf569f246375aa Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Feb 2016 02:55:28 +0100
Subject: k 5 test: cac -> cac-api, cacpanel -> cac-panel

---
 krebs/5pkgs/test/infest-cac-centos7/default.nix |  6 +++---
 krebs/5pkgs/test/infest-cac-centos7/notes       | 26 ++++++++++++-------------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix
index 886e250e2..7adb09ca9 100644
--- a/krebs/5pkgs/test/infest-cac-centos7/default.nix
+++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, coreutils,makeWrapper, cac, cacpanel, gnumake, gnused, jq, openssh, ... }:
+{ stdenv, coreutils,makeWrapper, cac-api, cac-panel, gnumake, gnused, jq, openssh, ... }:
 
 stdenv.mkDerivation rec {
   name = "${shortname}-${version}";
@@ -14,8 +14,8 @@ stdenv.mkDerivation rec {
 
   path = stdenv.lib.makeSearchPath "bin" [
     coreutils
-    cac
-    cacpanel
+    cac-api
+    cac-panel
     gnumake
     gnused
     jq
diff --git a/krebs/5pkgs/test/infest-cac-centos7/notes b/krebs/5pkgs/test/infest-cac-centos7/notes
index 6bfb6906e..793ef3560 100755
--- a/krebs/5pkgs/test/infest-cac-centos7/notes
+++ b/krebs/5pkgs/test/infest-cac-centos7/notes
@@ -1,6 +1,6 @@
 #! /bin/sh
 
-# nix-shell -p gnumake jq openssh cac cacpanel
+# nix-shell -p gnumake jq openssh cac-api cac-panel
 set -eufx
 
 # 2 secrets are required:
@@ -40,22 +40,22 @@ defer "rm -r $krebs_secrets"
 
 cat > $sec_file <<EOF
 cac_login="$(jq -r .email $krebs_cred)"
-cac_key="$(cac-cli --config $krebs_cred panel settings | jq -r .apicode)"
+cac_key="$(cac-panel --config $krebs_cred settings | jq -r .apicode)"
 EOF
 
 export cac_secrets=$sec_file
-cac-cli --config $krebs_cred panel  add-api-ip
+cac-panel --config $krebs_cred add-api-ip
 
 # test login:
-cac update
-cac servers
+cac-api update
+cac-api servers
 
 # preserve old trap
 old_trapstr=$(clear_defer)
 while true;do
   # Template 26: CentOS7
   # TODO: use cac templates to determine the real Centos7 template in case it changes
-  out=$(cac build cpu=1 ram=512 storage=10 os=26 2>&1)
+  out=$(cac-api build cpu=1 ram=512 storage=10 os=26 2>&1)
   if name=$(echo "$out" | jq -r .servername);then
     id=servername:$name
     echo "got a working machine, id=$id"
@@ -87,7 +87,7 @@ while true;do
   # die on timeout
   if ! wait_login_cac $id;then
     echo "unable to boot a working system within time frame, retrying..." >&2
-    echo "Cleaning up old image,last status: $(cac update;cac getserver $id | jq -r .status)"
+    echo "Cleaning up old image,last status: $(cac-api update;cac-api getserver $id | jq -r .status)"
     eval "$(clear_defer | sed 's/;exit//')"
     sleep 15
   else
@@ -96,17 +96,17 @@ while true;do
   fi
 done
 clear_defer >/dev/null
-defer "cac delete $id;$old_trapstr"
+defer "cac-api delete $id;$old_trapstr"
 
 mkdir -p shared/2configs/temp
-cac generatenetworking $id > \
+cac-api generatenetworking $id > \
   shared/2configs/temp/networking.nix
 # new temporary ssh key we will use to log in after infest
 ssh-keygen -f $krebs_ssh -N ""
 cp $retiolum_key $krebs_secrets/retiolum.rsa_key.priv
 # we override the directories for secrets and stockholm
 # additionally we set the ssh key we generated
-ip=$(cac getserver $id | jq -r .ip)
+ip=$(cac-api getserver $id | jq -r .ip)
 
 cat > shared/2configs/temp/dirs.nix <<EOF
 _: {
@@ -123,13 +123,13 @@ EOF
 
 LOGNAME=shared make eval get=krebs.infest \
   target=derp system=test-centos7 filter=json \
-  | sed -e "s#^ssh.*<<#cac ssh $id<<#" \
-        -e "/^rsync/a -e 'cac ssh $id' \\\\"  \
+  | sed -e "s#^ssh.*<<#cac-api ssh $id<<#" \
+        -e "/^rsync/a -e 'cac-api ssh $id' \\\\"  \
         -e "s#root.derp:#:#" > $krebs_secrets/infest
 sh -x $krebs_secrets/infest
 
 # TODO: generate secrets directory $krebs_secrets for nix import
-cac powerop $id reset
+cac-api powerop $id reset
 
 wait_login(){
   # timeout
-- 
cgit v1.2.3


From fb734eded558aad5a728eb1b1b350235a921d541 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 03:07:47 +0100
Subject: stockholm: stockholm-path -> ./.

---
 default.nix             |  3 +--
 tv/2configs/default.nix | 11 +++++------
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/default.nix b/default.nix
index 1637aa464..b2b57ea4c 100644
--- a/default.nix
+++ b/default.nix
@@ -17,8 +17,7 @@ let stockholm = {
     nlib = import <nixpkgs/lib>;
     klib = import (slib.kpath "4lib") { lib = nlib; };
     slib = rec {
-      stockholm-path = ./.;
-      nspath = ns: p: stockholm-path + "/${ns}/${p}";
+      nspath = ns: p: ./. + "/${ns}/${p}";
       kpath = nspath "krebs";
       upath = nspath current-user-name;
     };
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index ee1d9521d..46320b738 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -10,14 +10,13 @@ with lib;
     target = mkDefault "root@${config.krebs.build.host.name}";
     source-version = 2;
     source = mapAttrs (_: mkDefault) ({
-      nixos-config = "symlink:stockholm-private/1systems/${config.krebs.build.host.name}.nix";
-      nixpkgs = symlink:stockholm-nixpkgs;
-      null = "/home/tv/stockholm/null";
+      nixos-config = "symlink:stockholm/tv/1systems/${config.krebs.build.host.name}.nix";
+      nixpkgs = symlink:stockholm/nixpkgs;
+      null = "symlink:stockholm/null";
       secrets = "/home/tv/secrets/${config.krebs.build.host.name}";
       secrets-common = "/home/tv/secrets/common";
-      stockholm-krebs = "/home/tv/stockholm/krebs";
-      stockholm-nixpkgs = "/home/tv/stockholm/nixpkgs";
-      stockholm-private = "/home/tv/stockholm/tv";
+      stockholm = "/home/tv/stockholm";
+      stockholm-user = "symlink:stockholm/tv";
       upstream-nixpkgs = {
         url = https://github.com/NixOS/nixpkgs;
         rev = "77f8f35d57618c1ba456d968524f2fb2c3448295";
-- 
cgit v1.2.3


From db0e7dfe82fbed065afb16f41b46900767d69a96 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 04:23:10 +0100
Subject: cac-cert: add default.nix

---
 krebs/5pkgs/cac-cert/default.nix | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 krebs/5pkgs/cac-cert/default.nix

diff --git a/krebs/5pkgs/cac-cert/default.nix b/krebs/5pkgs/cac-cert/default.nix
new file mode 100644
index 000000000..d99019dca
--- /dev/null
+++ b/krebs/5pkgs/cac-cert/default.nix
@@ -0,0 +1,2 @@
+{ writeText, ... }:
+writeText "cac.pem" (builtins.readFile ./cac.pem)
-- 
cgit v1.2.3


From 8e3d27a9499bb70d5d033e4fd007aa53dea70b18 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 04:35:39 +0100
Subject: stockholm: add slib.npath

---
 default.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/default.nix b/default.nix
index b2b57ea4c..9dd18a235 100644
--- a/default.nix
+++ b/default.nix
@@ -14,12 +14,12 @@ let stockholm = {
   krebs = import ./krebs (args // { inherit lib stockholm; });
 
   lib = let
-    nlib = import <nixpkgs/lib>;
+    nlib = import (slib.npath "lib");
     klib = import (slib.kpath "4lib") { lib = nlib; };
     slib = rec {
-      nspath = ns: p: ./. + "/${ns}/${p}";
-      kpath = nspath "krebs";
-      upath = nspath current-user-name;
+      npath = p: <nixpkgs> + "/${p}";
+      kpath = p: ./. + "/krebs/${p}";
+      upath = p: ./. + "/${current-user-name}/${p}";
     };
     ulib = let p = slib.upath "4lib"; in
       nlib.optionalAttrs (klib.dir.has-default-nix p)
@@ -44,7 +44,7 @@ let stockholm = {
     in kpkgs // upkgs;
   };
 
-  eval = config: import <nixpkgs/nixos/lib/eval-config.nix> {
+  eval = config: import (lib.npath "nixos/lib/eval-config.nix") {
     specialArgs = {
       inherit lib;
     };
-- 
cgit v1.2.3


From 65977c6108d9517d58a6bd6ce8676c6a7b97615e Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 04:44:26 +0100
Subject: RIP current-date

---
 Makefile                                | 1 -
 default.nix                             | 3 +--
 krebs/default.nix                       | 9 +--------
 shared/2configs/buildbot-standalone.nix | 2 --
 4 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/Makefile b/Makefile
index 501dfbe83..a1559b48c 100644
--- a/Makefile
+++ b/Makefile
@@ -42,7 +42,6 @@ endif
 		-A "$$get" \
 		-I stockholm="$$PWD" \
 		'<stockholm>' \
-		--argstr current-date "$$(date -Is)" \
 		--argstr current-host-name "$$HOSTNAME" \
 		--argstr current-user-name "$$LOGNAME" \
 		$${system+--argstr system "$$system"} \
diff --git a/default.nix b/default.nix
index 9dd18a235..4a5e4ea2c 100644
--- a/default.nix
+++ b/default.nix
@@ -1,5 +1,4 @@
-{ current-date ? abort "current-date not defined"
-, current-host-name ? abort "current-host-name not defined"
+{ current-host-name ? abort "current-host-name not defined"
 , current-user-name ? builtins.getEnv "LOGNAME"
 , StrictHostKeyChecking ? "yes"
 }@args:
diff --git a/krebs/default.nix b/krebs/default.nix
index df2d95483..e9ee71b34 100644
--- a/krebs/default.nix
+++ b/krebs/default.nix
@@ -1,5 +1,4 @@
-{ current-date
-, current-host-name
+{ current-host-name
 , current-user-name
 , lib
 , stockholm
@@ -21,7 +20,6 @@ let out = {
       config = get-config system;
     in ''
       #! /bin/sh
-      # ${current-date} ${current-user-name}@${current-host-name}
       # krebs.deploy
       set -efu
       (${populate args})
@@ -39,7 +37,6 @@ let out = {
       config = get-config system;
     in ''
       #! /bin/sh
-      # ${current-date} ${current-user-name}@${current-host-name}
       # krebs.infest
       set -efu
 
@@ -64,7 +61,6 @@ let out = {
       config = get-config system;
     in ''
       #! /bin/sh
-      # ${current-date} ${current-user-name}@${current-host-name}
       # krebs.init
       set -efu
 
@@ -100,7 +96,6 @@ let out = {
     }@args: let
     in ''
       #! /bin/sh
-      # ${current-date} ${current-user-name}@${current-host-name}
       # krebs.nixos-install
       (${populate (args // { root = "/mnt"; })})
 
@@ -196,7 +191,6 @@ let out = {
       nix-env \
         --show-trace \
         -f '<stockholm>' \
-        --argstr current-date ${lib.shell.escape current-date} \
         --argstr current-host-name ${lib.shell.escape current-host-name} \
         --argstr current-user-name ${lib.shell.escape current-user-name} \
         --profile ${lib.shell.escape config.krebs.build.profile} \
@@ -216,7 +210,6 @@ let out = {
     }@args:
     let out = ''
         #! /bin/sh
-        # ${current-date} ${current-user-name}@${current-host-name}
         set -efu
         ${lib.concatStringsSep "\n"
           (lib.concatMap
diff --git a/shared/2configs/buildbot-standalone.nix b/shared/2configs/buildbot-standalone.nix
index c614bd3c1..9982dd915 100644
--- a/shared/2configs/buildbot-standalone.nix
+++ b/shared/2configs/buildbot-standalone.nix
@@ -86,7 +86,6 @@
                             -I stockholm=. \
                             --show-trace \
                             -I secrets=. '<stockholm>' \
-                            --argstr current-date lol \
                             --argstr current-user-name shared \
                             --argstr current-host-name lol \
                             --strict --json"])
@@ -98,7 +97,6 @@
                             -I stockholm=. \
                             -I secrets=. '<stockholm>' \
                             --show-trace \
-                            --argstr current-date lol \
                             --argstr current-user-name shared \
                             --argstr current-host-name lol \
                             --strict --json"])
-- 
cgit v1.2.3


From 89d6f319d0909b127a603fd825e3a1143b14260b Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 04:47:58 +0100
Subject: stockholm: guess current-{host,user}-name harder

---
 default.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/default.nix b/default.nix
index 4a5e4ea2c..656a7f4b3 100644
--- a/default.nix
+++ b/default.nix
@@ -1,5 +1,9 @@
-{ current-host-name ? abort "current-host-name not defined"
-, current-user-name ? builtins.getEnv "LOGNAME"
+{ current-host-name ?
+    let v = builtins.getEnv "HOSTNAME"; in
+    if v != "" then v else builtins.readFile /proc/sys/kernel/hostname
+, current-user-name ?
+    let v = builtins.getEnv "LOGNAME"; in
+    if v != "" then v else abort "undefined variable: LOGNAME"
 , StrictHostKeyChecking ? "yes"
 }@args:
 
-- 
cgit v1.2.3


From b857a48632128be0324c68be95bee16fb0f1b15f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 05:40:26 +0100
Subject: krebs.build.populate: init and drop support for v1

---
 Makefile                  | 108 ++++++++---------------
 default.nix               |  16 +++-
 krebs/3modules/build.nix  | 218 +++++++++++++++++++++++++++++++---------------
 krebs/default.nix         |  95 +-------------------
 krebs/v2/default.nix      | 132 ----------------------------
 nixpkgs/krebs             |   0
 nixpkgs/nixos/default.nix |  66 +-------------
 nixpkgs/nixos/lib         |   2 +-
 nixpkgs/nixos/modules     |   2 +-
 root                      |   1 +
 tv/2configs/default.nix   |   4 +-
 11 files changed, 203 insertions(+), 441 deletions(-)
 delete mode 100644 krebs/v2/default.nix
 create mode 100644 nixpkgs/krebs
 create mode 120000 root

diff --git a/Makefile b/Makefile
index a1559b48c..87a636e72 100644
--- a/Makefile
+++ b/Makefile
@@ -1,87 +1,51 @@
-#
-# usage:
-#		make infest system=foo [target=bar]
-#		make [deploy] system=foo [target=bar]
-#		make [deploy] systems='foo bar'
-#		make eval get=users.tv.wu.config.time.timeZone [filter=json]
-#
-
 .ONESHELL:
 .SHELLFLAGS := -eufc
 
-ifdef systems
-$(systems):
-	@
-	unset target
-	parallel \
-		--line-buffer \
-		-j0 \
-		--no-notice \
-		--tagstring {} \
-		-q make -s systems= system={} ::: $(systems)
-else ifdef system
-.PHONY: deploy infest
-deploy infest:;@
-	export get=krebs.$@
-	export filter=json
-	script=$$(make -s eval)
-	echo "$$script" | sh
-
-.PHONY: eval
-eval:
-	@
-ifeq ($(filter),json)
-	extraArgs='--json --strict'
-	filter() { jq -r .; }
-else
-	filter() { cat; }
+ifndef system
+$(error unbound variable: system)
 endif
-	result=$$(nix-instantiate \
-		$${extraArgs-} \
-		--eval \
-		-A "$$get" \
-		-I stockholm="$$PWD" \
-		'<stockholm>' \
-		--argstr current-host-name "$$HOSTNAME" \
-		--argstr current-user-name "$$LOGNAME" \
-		$${system+--argstr system "$$system"} \
-		$${target+--argstr target "$$target"})
-	echo "$$result" | filter
 
 export target_host ?= $(system)
 export target_user ?= root
 export target_path ?= /var/src
 
+# usage: make deploy system=foo [target_host=bar]
+.PHONY: deploy
+deploy: populate ;@set -x
+	ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path"
+
 # usage: make populate system=foo [target_host=bar]
 .PHONY: populate
-populate: export lib = \
-	let nlib = import <nixpkgs/lib>; in \
-	nlib // import krebs/4lib { lib = nlib; } // builtins
-populate: export source = \
-	with builtins; \
-	with (import ./. {}).users.$${getEnv "LOGNAME"}.$${getEnv "system"}; \
-	assert config.krebs.build.source-version == 2; \
-	config.krebs.build.source
 populate:;@
-	result=$$(nix-instantiate \
-			--eval \
-			--json \
-			--arg lib "$$lib" \
-			--arg source "$$source" \
-			--argstr target-user "$$target_user" \
-			--argstr target-host "$$target_host" \
-			--argstr target-path "$$target_path" \
-			-A populate \
-			krebs/v2)
-	script=$$(echo "$$result" | jq -r .)
-	echo "$$script" | sh
-
-# usage: make rebuild system=foo [target_host=bar] [operation=switch]
-.PHONY: rebuild
-rebuild: populate ;@set -x
-	ssh "$$target_user@$$target_host" \
-		nixos-rebuild "$${operation-switch}" -I "$$target_path"
+	result=$$(make -s eval get=config.krebs.build.populate filter=json)
+	echo "$$result" | sh
 
+# usage: make eval system=foo get=config.krebs.build [LOGNAME=tv] [filter=json]
+.PHONY: eval
+eval:;@
+ifeq ($(filter),json)
+	extraArgs='--json --strict'
+	filter() { echo "$$1" | jq -r .; }
 else
-$(error unbound variable: system[s])
+	filter() { echo "$$1"; }
 endif
+	result=$$(nix-instantiate \
+		$${extraArgs-} \
+		--show-trace \
+		--readonly-mode \
+		--eval \
+		-A "$$get" \
+		--arg configuration "<stockholm/$$LOGNAME/1systems/$$system.nix>")
+	filter "$$result"
+
+## usage: make install system=foo target=
+#.PHONY: install
+#install: ssh = ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
+#install:;@set -x
+#	$(ssh) "$$target_user@$$target_host" \
+#		env target_path=/var/src \
+#			sh -s prepare < krebs/4lib/infest/prepare.sh
+#	make -s populate target_path=/mnt"$$target_path"
+#	$(ssh) "$$target_user@$$target_host" \
+#		env NIXOS_CONFIG=/var/src/nixos-config \
+#			nixos-install
diff --git a/default.nix b/default.nix
index 656a7f4b3..278f1d14d 100644
--- a/default.nix
+++ b/default.nix
@@ -1,9 +1,15 @@
-{ current-host-name ?
+{ configuration ? import (nixpkgs-path + "/nixos/lib/from-env.nix") "NIXOS_CONFIG" <nixos-config>
+, system ? builtins.currentSystem
+, current-host-name ?
     let v = builtins.getEnv "HOSTNAME"; in
     if v != "" then v else builtins.readFile /proc/sys/kernel/hostname
 , current-user-name ?
     let v = builtins.getEnv "LOGNAME"; in
     if v != "" then v else abort "undefined variable: LOGNAME"
+, nixpkgs-path ?
+    if (builtins.tryEval <nixpkgs/krebs>).success
+      then <upstream-nixpkgs>
+      else <nixpkgs>
 , StrictHostKeyChecking ? "yes"
 }@args:
 
@@ -11,7 +17,8 @@ let stockholm = {
     inherit krebs;
     inherit users;
     inherit lib;
-    inherit pkgs;
+    inherit config options pkgs;
+    system = config.system.build.toplevel;
   };
 
   krebs = import ./krebs (args // { inherit lib stockholm; });
@@ -20,7 +27,7 @@ let stockholm = {
     nlib = import (slib.npath "lib");
     klib = import (slib.kpath "4lib") { lib = nlib; };
     slib = rec {
-      npath = p: <nixpkgs> + "/${p}";
+      npath = p: nixpkgs-path + "/${p}";
       kpath = p: ./. + "/krebs/${p}";
       upath = p: ./. + "/${current-user-name}/${p}";
     };
@@ -29,7 +36,7 @@ let stockholm = {
                          (import p { lib = nlib // klib; });
   in nlib // klib // slib // ulib // builtins;
 
-  inherit (eval {}) pkgs;
+  inherit (eval configuration) config options pkgs;
 
   base-module = { config, ... }: {
     imports = builtins.filter lib.dir.has-default-nix (lib.concatLists [
@@ -48,6 +55,7 @@ let stockholm = {
   };
 
   eval = config: import (lib.npath "nixos/lib/eval-config.nix") {
+    inherit system;
     specialArgs = {
       inherit lib;
     };
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 0f8aec89d..00142acdd 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -28,81 +28,157 @@ let
       type = types.user;
     };
 
-    options.krebs.build.source-version = mkOption {
-      type = types.enum [ 1 2 ];
-      default = 1;
+    options.krebs.build.source = let
+      raw = types.either types.str types.path;
+      url = types.submodule {
+        options = {
+          url = mkOption {
+            type = types.str;
+          };
+          rev = mkOption {
+            type = types.str;
+          };
+          dev = mkOption {
+            type = types.str;
+          };
+        };
+      };
+    in mkOption {
+      type = types.attrsOf (types.either types.str url);
+      apply = let f = mapAttrs (_: value: {
+        string = value;
+        path = toString value;
+        set = f value;
+      }.${typeOf value}); in f;
+      default = {};
     };
 
-    options.krebs.build.source = getAttr "v${toString config.krebs.build.source-version}" {
-      v1 = {
-        dir = mkOption {
-          type = let
-            default-host = config.krebs.current.host;
-          in types.attrsOf (types.submodule ({ config, ... }: {
-            options = {
-              host = mkOption {
-                type = types.host;
-                default = default-host;
-              };
-              path = mkOption {
-                type = types.str;
-              };
-              target-path = mkOption {
-                type = types.str;
-                default = "/root/${config._module.args.name}";
-              };
-              url = mkOption {
-                type = types.str;
-                default = "file://${config.host.name}${config.path}";
-              };
-            };
-          }));
-          default = {};
-        };
+    options.krebs.build.populate = mkOption {
+      type = types.str;
+      default = let
+        source = config.krebs.build.source;
+        target-user = maybeEnv "target_user" "root";
+        target-host = maybeEnv "target_host" config.krebs.build.host.name;
+        target-path = maybeEnv "target_path" "/var/src";
+        out = ''
+          #! /bin/sh
+          set -eu
 
-        git = mkOption {
-          type = with types; attrsOf (submodule ({ config, ... }: {
-            options = {
-              url = mkOption {
-                type = types.str; # TODO must be shell safe
-              };
-              rev = mkOption {
-                type = types.str;
-              };
-              target-path = mkOption {
-                type = types.str;
-                default = "/root/${config._module.args.name}";
-              };
-            };
-          }));
-          default = {};
-        };
-      };
+          verbose() {
+            printf '+%s\n' "$(printf ' %q' "$@")" >&2
+            "$@"
+          }
 
-      v2 = let
-        raw = types.either types.str types.path;
-        url = types.submodule {
-          options = {
-            url = mkOption {
-              type = types.str;
-            };
-            rev = mkOption {
-              type = types.str;
-            };
-            dev = mkOption {
-              type = types.str;
-            };
-          };
-        };
-      in mkOption {
-        type = types.attrsOf (types.either types.str url);
-        apply = let f = mapAttrs (_: value: {
-          string = value;
-          path = toString value;
-          set = f value;
-        }.${typeOf value}); in f;
-        default = {};
-      };
+          echo ${shell.escape git-script} \
+            | ssh ${shell.escape "${target-user}@${target-host}"} -T
+
+          unset tmpdir
+          trap '
+            rm "$tmpdir"/*
+            rmdir "$tmpdir"
+            trap - EXIT INT QUIT
+          '        EXIT INT QUIT
+          tmpdir=$(mktemp -dt stockholm.XXXXXXXX)
+          chmod 0755 "$tmpdir"
+
+          ${concatStringsSep "\n"
+            (mapAttrsToList
+              (name: spec: let dst = removePrefix "symlink:" (get-url spec); in
+                "verbose ln -s ${shell.escape dst} $tmpdir/${shell.escape name}")
+              symlink-specs)}
+
+          verbose proot \
+              -b $tmpdir:${shell.escape target-path} \
+              ${concatStringsSep " \\\n    "
+                (mapAttrsToList
+                  (name: spec:
+                    "-b ${shell.escape "${get-url spec}:${target-path}/${name}"}")
+                  file-specs)} \
+              rsync \
+                  -f ${shell.escape "P /*"} \
+                  ${concatMapStringsSep " \\\n        "
+                    (name: "-f ${shell.escape "R /${name}"}")
+                    (attrNames file-specs)} \
+                  --delete \
+                  -vFrlptD \
+                  ${shell.escape target-path}/ \
+                  ${shell.escape "${target-user}@${target-host}:${target-path}"}
+        '';
+
+        get-schema = uri:
+          if substring 0 1 uri == "/"
+            then "file"
+            else head (splitString ":" uri);
+
+        has-schema = schema: uri: get-schema uri == schema;
+
+        get-url = spec: {
+          string = spec;
+          path = toString spec;
+          set = get-url spec.url;
+        }.${typeOf spec};
+
+        git-specs =
+          filterAttrs (_: spec: has-schema "https" (get-url spec)) source //
+          filterAttrs (_: spec: has-schema "http" (get-url spec)) source //
+          filterAttrs (_: spec: has-schema "git" (get-url spec)) source;
+
+        file-specs =
+          filterAttrs (_: spec: has-schema "file" (get-url spec)) source;
+
+        symlink-specs =
+          filterAttrs (_: spec: has-schema "symlink" (get-url spec)) source;
+
+        git-script = ''
+          #! /bin/sh
+          set -efu
+
+          verbose() {
+            printf '+%s\n' "$(printf ' %q' "$@")" >&2
+            "$@"
+          }
+
+          fetch_git() {(
+            dst_dir=$1
+            src_url=$2
+            src_ref=$3
+
+            if ! test -e "$dst_dir"; then
+              git clone "$src_url" "$dst_dir"
+            fi
+
+            cd "$dst_dir"
+
+            if ! url=$(git config remote.origin.url); then
+              git remote add origin "$src_url"
+            elif test "$url" != "$src_url"; then
+              git remote set-url origin "$src_url"
+            fi
+
+            # TODO resolve src_ref to commit hash
+            hash=$src_ref
+
+            if ! test "$(git log --format=%H -1)" = "$hash"; then
+              git fetch origin
+              git checkout "$hash" -- "$dst_dir"
+              git checkout "$hash"
+            fi
+
+            git clean -dxf
+          )}
+
+          ${concatStringsSep "\n"
+            (mapAttrsToList
+              (name: spec: toString (map shell.escape [
+                "verbose"
+                "fetch_git"
+                "${target-path}/${name}"
+                spec.url
+                spec.rev
+              ]))
+              git-specs)}
+        '';
+      in out;
     };
 
   };
diff --git a/krebs/default.nix b/krebs/default.nix
index e9ee71b34..17c035896 100644
--- a/krebs/default.nix
+++ b/krebs/default.nix
@@ -1,3 +1,5 @@
+assert false;
+
 { current-host-name
 , current-user-name
 , lib
@@ -6,30 +8,11 @@
 }:
 
 let out = {
-    inherit deploy;
     inherit infest;
     inherit init;
     inherit nixos-install;
-    inherit populate;
   };
 
-  deploy =
-    { system ? current-host-name
-    , target ? system
-    }@args: let
-      config = get-config system;
-    in ''
-      #! /bin/sh
-      # krebs.deploy
-      set -efu
-      (${populate args})
-      ${rootssh target ''
-        ${nix-install args}
-        ${config.krebs.build.profile}/bin/switch-to-configuration switch
-      ''}
-      echo OK
-    '';
-
   infest =
     { system ? current-host-name
     , target ? system
@@ -45,9 +28,6 @@ let out = {
         ${builtins.readFile ./4lib/infest/install-nix.sh}
       ''}
 
-      # Prepare target source via bind-mounting
-
-
       (${nixos-install args})
 
       ${rootssh target ''
@@ -169,9 +149,7 @@ let out = {
   get-config = system: let
     config = stockholm.users.${current-user-name}.${system}.config
       or (abort "unknown system: ${system}, user: ${current-user-name}");
-  in
-  assert config.krebs.build.source-version == 1;
-  config;
+  in config;
 
   nix-install =
     { system ? current-host-name
@@ -203,73 +181,6 @@ let out = {
             ])}
     '';
 
-  populate =
-    { system ? current-host-name
-    , target ? system
-    , root ? ""
-    }@args:
-    let out = ''
-        #! /bin/sh
-        set -efu
-        ${lib.concatStringsSep "\n"
-          (lib.concatMap
-            (type: lib.mapAttrsToList (_: methods.${type})
-                                      config.krebs.build.source.${type})
-            ["dir" "git"])}
-      '';
-
-
-      config = get-config system;
-
-      current-host = config.krebs.hosts.${current-host-name};
-      current-user = config.krebs.users.${current-user-name};
-
-      methods.dir = config:
-        let
-          can-push = config.host.name == current-host.name;
-          target-path = root + config.target-path;
-          push-method = ''
-            rsync \
-              --exclude .git \
-              --exclude .graveyard \
-              --exclude old \
-              --exclude tmp \
-              --rsync-path='mkdir -p ${target-path} && rsync' \
-              --delete-excluded \
-              -vrlptD \
-              ${config.path}/ \
-              root@${target}:${target-path}
-          '';
-        in
-        if can-push then push-method else
-        let dir = "file://${config.host.name}${config.path}"; in
-        # /!\ revise this message when using more than just push-method
-        throw "No way to push ${dir} from ${current-host.name} to ${target}";
-
-      methods.git = config:
-        let target-path = root + config.target-path;
-        in rootssh target ''
-          mkdir -p ${target-path}
-          cd ${target-path}
-          if ! test -e .git; then
-            git init
-          fi
-          if ! cur_url=$(git config remote.origin.url 2>/dev/null); then
-            git remote add origin ${config.url}
-          elif test "$cur_url" != ${config.url}; then
-            git remote set-url origin ${config.url}
-          fi
-          if test "$(git rev-parse --verify HEAD 2>/dev/null)" != ${config.rev}; then
-            git fetch origin
-            git checkout ${config.rev} -- .
-            git checkout -q ${config.rev}
-            git submodule init
-            git submodule update
-          fi
-          git clean -dxf
-        '';
-    in out;
-
   rootssh = target: script:
     let
       flags = "-o StrictHostKeyChecking=${StrictHostKeyChecking}";
diff --git a/krebs/v2/default.nix b/krebs/v2/default.nix
deleted file mode 100644
index cba7a75ff..000000000
--- a/krebs/v2/default.nix
+++ /dev/null
@@ -1,132 +0,0 @@
-{ lib
-, source
-, target-user ? "root"
-, target-host
-, target-path ? "/var/src"
-}:
-with lib;
-let
-  out = {
-    inherit populate;
-  };
-
-  populate = ''
-    #! /bin/sh
-    set -eu
-
-    verbose() {
-      printf '+%s\n' "$(printf ' %q' "$@")" >&2
-      "$@"
-    }
-
-    echo ${shell.escape git-script} \
-      | ssh ${shell.escape "${target-user}@${target-host}"} -T
-
-    unset tmpdir
-    trap '
-      rm "$tmpdir"/*
-      rmdir "$tmpdir"
-      trap - EXIT INT QUIT
-    '        EXIT INT QUIT
-    tmpdir=$(mktemp -dt stockholm.XXXXXXXX)
-    chmod 0755 "$tmpdir"
-
-    ${concatStringsSep "\n"
-      (mapAttrsToList
-        (name: spec: let dst = removePrefix "symlink:" (get-url spec); in
-          "verbose ln -s ${shell.escape dst} $tmpdir/${shell.escape name}")
-        symlink-specs)}
-
-    verbose proot \
-        -b $tmpdir:${shell.escape target-path} \
-        ${concatStringsSep " \\\n    "
-          (mapAttrsToList
-            (name: spec:
-              "-b ${shell.escape "${get-url spec}:${target-path}/${name}"}")
-            file-specs)} \
-        rsync \
-            -f ${shell.escape "P /*"} \
-            ${concatMapStringsSep " \\\n        "
-              (name: "-f ${shell.escape "R /${name}"}")
-              (attrNames file-specs)} \
-            --delete \
-            -vFrlptD \
-            ${shell.escape target-path}/ \
-            ${shell.escape "${target-user}@${target-host}:${target-path}"}
-  '';
-
-  get-schema = uri:
-    if substring 0 1 uri == "/"
-      then "file"
-      else head (splitString ":" uri);
-
-  has-schema = schema: uri: get-schema uri == schema;
-
-  get-url = spec: {
-    string = spec;
-    path = toString spec;
-    set = get-url spec.url;
-  }.${typeOf spec};
-
-  git-specs =
-    filterAttrs (_: spec: has-schema "https" (get-url spec)) source //
-    filterAttrs (_: spec: has-schema "http" (get-url spec)) source //
-    filterAttrs (_: spec: has-schema "git" (get-url spec)) source;
-
-  file-specs =
-    filterAttrs (_: spec: has-schema "file" (get-url spec)) source;
-
-  symlink-specs =
-    filterAttrs (_: spec: has-schema "symlink" (get-url spec)) source;
-
-  git-script = ''
-    #! /bin/sh
-    set -efu
-
-    verbose() {
-      printf '+%s\n' "$(printf ' %q' "$@")" >&2
-      "$@"
-    }
-
-    fetch_git() {(
-      dst_dir=$1
-      src_url=$2
-      src_ref=$3
-
-      if ! test -e "$dst_dir"; then
-        git clone "$src_url" "$dst_dir"
-      fi
-
-      cd "$dst_dir"
-
-      if ! url=$(git config remote.origin.url); then
-        git remote add origin "$src_url"
-      elif test "$url" != "$src_url"; then
-        git remote set-url origin "$src_url"
-      fi
-
-      # TODO resolve src_ref to commit hash
-      hash=$src_ref
-
-      if ! test "$(git log --format=%H -1)" = "$hash"; then
-        git fetch origin
-        git checkout "$hash" -- "$dst_dir"
-        git checkout "$hash"
-      fi
-
-      git clean -dxf
-    )}
-
-    ${concatStringsSep "\n"
-      (mapAttrsToList
-        (name: spec: toString (map shell.escape [
-          "verbose"
-          "fetch_git"
-          "${target-path}/${name}"
-          spec.url
-          spec.rev
-        ]))
-        git-specs)}
-  '';
-
-in out
diff --git a/nixpkgs/krebs b/nixpkgs/krebs
new file mode 100644
index 000000000..e69de29bb
diff --git a/nixpkgs/nixos/default.nix b/nixpkgs/nixos/default.nix
index 6c5adf365..4fe08efd2 100644
--- a/nixpkgs/nixos/default.nix
+++ b/nixpkgs/nixos/default.nix
@@ -1,65 +1 @@
-{ configuration ? import <upstream-nixpkgs/nixos/lib/from-env.nix> "NIXOS_CONFIG" <nixos-config>
-, system ? builtins.currentSystem
-}:
-
-let
-  eval-config = modules: import <upstream-nixpkgs/nixos/lib/eval-config.nix> {
-    inherit system;
-    modules = modules ++ [({ config, lib, ... }: with lib; {
-      imports = filter dir.has-default-nix (concatLists [
-        (map (p: p + "/2configs") [ <stockholm-private> ])
-        (map (p: p + "/3modules") [ <stockholm-krebs> <stockholm-private> ])
-      ]);
-
-      krebs.current = {
-        enable = true;
-        host = config.krebs.hosts.${readFile /proc/sys/kernel/hostname};
-        user = config.krebs.users.${getEnv "LOGNAME"};
-      };
-
-      nixpkgs.config.packageOverrides = pkgs: let
-        kpkgs = import <stockholm-krebs/5pkgs> { inherit lib pkgs; };
-        upkgs = import <stockholm-private/5pkgs> { inherit lib; pkgs = pkgs // kpkgs; };
-      in kpkgs // upkgs;
-    })];
-    specialArgs = {
-      lib = let
-        nlib = import <upstream-nixpkgs/lib> // builtins;
-        klib = nlib // import <stockholm-krebs/4lib> { lib = nlib; };
-        ulib = klib // (with klib; let p = <stockholm-private> + "/4lib"; in
-          optionalAttrs (dir.has-default-nix p)
-                        (import p { lib = klib; }));
-      in ulib;
-    };
-  };
-
-  eval = eval-config [
-    configuration
-  ];
-
-  # This is for `nixos-rebuild build-vm'.
-  vm = eval-config [
-    configuration
-    <upstream-nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
-  ];
-
-  # This is for `nixos-rebuild build-vm-with-bootloader'.
-  vm-with-bootloader = eval-config [
-    configuration
-    <upstream-nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
-    { virtualisation.useBootLoader = true; }
-  ];
-in
-
-{
-  inherit (eval) config options;
-
-  system = eval.config.system.build.toplevel;
-
-  vm = vm.config.system.build.vm;
-
-  vmWithBootLoader = vm-with-bootloader.config.system.build.vm;
-
-  # The following are used by nixos-rebuild.
-  nixFallback = eval.pkgs.nixUnstable;
-}
+import <stockholm>
diff --git a/nixpkgs/nixos/lib b/nixpkgs/nixos/lib
index eb942f88b..9e69d1a67 120000
--- a/nixpkgs/nixos/lib
+++ b/nixpkgs/nixos/lib
@@ -1 +1 @@
-../../upstream-nixpkgs/nixos/lib
\ No newline at end of file
+../../../upstream-nixpkgs/nixos/lib
\ No newline at end of file
diff --git a/nixpkgs/nixos/modules b/nixpkgs/nixos/modules
index 8fbc4373e..8aa24885c 120000
--- a/nixpkgs/nixos/modules
+++ b/nixpkgs/nixos/modules
@@ -1 +1 @@
-../../upstream-nixpkgs/nixos/modules
\ No newline at end of file
+../../../upstream-nixpkgs/nixos/modules
\ No newline at end of file
diff --git a/root b/root
new file mode 120000
index 000000000..1cd18253d
--- /dev/null
+++ b/root
@@ -0,0 +1 @@
+../stockholm-user
\ No newline at end of file
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 46320b738..57c4620c4 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -8,11 +8,9 @@ with lib;
   krebs.build = {
     user = config.krebs.users.tv;
     target = mkDefault "root@${config.krebs.build.host.name}";
-    source-version = 2;
     source = mapAttrs (_: mkDefault) ({
       nixos-config = "symlink:stockholm/tv/1systems/${config.krebs.build.host.name}.nix";
       nixpkgs = symlink:stockholm/nixpkgs;
-      null = "symlink:stockholm/null";
       secrets = "/home/tv/secrets/${config.krebs.build.host.name}";
       secrets-common = "/home/tv/secrets/common";
       stockholm = "/home/tv/stockholm";
@@ -104,7 +102,7 @@ with lib;
       };
 
       environment.variables = {
-        NIX_PATH = mkForce "secrets=/var/src/null:/var/src";
+        NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
       };
 
       programs.bash = {
-- 
cgit v1.2.3


From 307e0afe851654e07e0c3fca25adf60ada3d974d Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 05:52:06 +0100
Subject: make eval: use ./.

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 87a636e72..e82e39c7e 100644
--- a/Makefile
+++ b/Makefile
@@ -35,7 +35,7 @@ endif
 		--readonly-mode \
 		--eval \
 		-A "$$get" \
-		--arg configuration "<stockholm/$$LOGNAME/1systems/$$system.nix>")
+		--arg configuration "./$$LOGNAME/1systems/$$system.nix")
 	filter "$$result"
 
 ## usage: make install system=foo target=
-- 
cgit v1.2.3


From a91803319b3d340ab9a879c11669e3e60d564572 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 07:12:56 +0100
Subject: stockholm: bring back nspath

---
 default.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/default.nix b/default.nix
index 278f1d14d..b0ad60d8a 100644
--- a/default.nix
+++ b/default.nix
@@ -27,9 +27,10 @@ let stockholm = {
     nlib = import (slib.npath "lib");
     klib = import (slib.kpath "4lib") { lib = nlib; };
     slib = rec {
+      nspath = ns: p: ./. + "/${ns}/${p}";
       npath = p: nixpkgs-path + "/${p}";
-      kpath = p: ./. + "/krebs/${p}";
-      upath = p: ./. + "/${current-user-name}/${p}";
+      kpath = nspath "krebs";
+      upath = nspath current-user-name;
     };
     ulib = let p = slib.upath "4lib"; in
       nlib.optionalAttrs (klib.dir.has-default-nix p)
-- 
cgit v1.2.3


From 07a1e29b32f1c507380a252092ff85b1e69dec08 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 11:32:13 +0100
Subject: make eval: add some more awesome

---
 Makefile | 40 +++++++++++++++-------------------------
 1 file changed, 15 insertions(+), 25 deletions(-)

diff --git a/Makefile b/Makefile
index e82e39c7e..958629055 100644
--- a/Makefile
+++ b/Makefile
@@ -9,34 +9,24 @@ export target_host ?= $(system)
 export target_user ?= root
 export target_path ?= /var/src
 
+evaluate = \
+	nix-instantiate \
+		--arg configuration "./$$LOGNAME/1systems/$$system.nix" \
+		--eval \
+		--readonly-mode \
+		--show-trace \
+		$(1)
+
+execute = $(call evaluate,-A config.krebs.build.$(1) --json) | jq -r . | sh
+
 # usage: make deploy system=foo [target_host=bar]
-.PHONY: deploy
-deploy: populate ;@set -x
+deploy:
+	$(call execute,populate)
 	ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path"
 
-# usage: make populate system=foo [target_host=bar]
-.PHONY: populate
-populate:;@
-	result=$$(make -s eval get=config.krebs.build.populate filter=json)
-	echo "$$result" | sh
-
-# usage: make eval system=foo get=config.krebs.build [LOGNAME=tv] [filter=json]
-.PHONY: eval
-eval:;@
-ifeq ($(filter),json)
-	extraArgs='--json --strict'
-	filter() { echo "$$1" | jq -r .; }
-else
-	filter() { echo "$$1"; }
-endif
-	result=$$(nix-instantiate \
-		$${extraArgs-} \
-		--show-trace \
-		--readonly-mode \
-		--eval \
-		-A "$$get" \
-		--arg configuration "./$$LOGNAME/1systems/$$system.nix")
-	filter "$$result"
+# usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name
+eval eval.:;@$(call evaluate)
+eval.%:;@$(call evaluate,-A $*)
 
 ## usage: make install system=foo target=
 #.PHONY: install
-- 
cgit v1.2.3


From 0939b8b37601fbbd509f88f95f7cab30b906a383 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 11:54:00 +0100
Subject: make deploy: properly print ssh target

---
 Makefile | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/Makefile b/Makefile
index 958629055..886a26f89 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,3 @@
-.ONESHELL:
-.SHELLFLAGS := -eufc
-
 ifndef system
 $(error unbound variable: system)
 endif
@@ -22,7 +19,7 @@ execute = $(call evaluate,-A config.krebs.build.$(1) --json) | jq -r . | sh
 # usage: make deploy system=foo [target_host=bar]
 deploy:
 	$(call execute,populate)
-	ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path"
+	@set -x; ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path"
 
 # usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name
 eval eval.:;@$(call evaluate)
@@ -33,7 +30,7 @@ eval.%:;@$(call evaluate,-A $*)
 #install: ssh = ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
 #install:;@set -x
 #	$(ssh) "$$target_user@$$target_host" \
-#		env target_path=/var/src \
+#		env target_path="$target_path" \
 #			sh -s prepare < krebs/4lib/infest/prepare.sh
 #	make -s populate target_path=/mnt"$$target_path"
 #	$(ssh) "$$target_user@$$target_host" \
-- 
cgit v1.2.3


From 8682f49ed7ba2687f65e8d11f1b943777896a228 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 11:57:47 +0100
Subject: Makefile execute: don't try to run failed evaluations :D

---
 Makefile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 886a26f89..e61d16b75 100644
--- a/Makefile
+++ b/Makefile
@@ -14,7 +14,10 @@ evaluate = \
 		--show-trace \
 		$(1)
 
-execute = $(call evaluate,-A config.krebs.build.$(1) --json) | jq -r . | sh
+execute = \
+	result=$$($(call evaluate,-A config.krebs.build.$(1) --json)) && \
+	script=$$(echo "$$result" | jq -r .) && \
+	echo "$$script" | sh
 
 # usage: make deploy system=foo [target_host=bar]
 deploy:
-- 
cgit v1.2.3


From c9cfaa010dabbd37a329a9690debf7cf7ef5e3ba Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Feb 2016 12:02:11 +0100
Subject: ma: finish merge of new sources v2, nixos compatibility

---
 makefu/2configs/default.nix | 12 ++++--------
 makefu/2configs/wwan.nix    |  1 -
 2 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index a98393e2b..2b4e31119 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -20,10 +20,10 @@ with lib;
     build =  {
       target = mkDefault "root@${config.krebs.build.host.name}";
       user = config.krebs.users.makefu;
-      source =  {
+      source =  mapAttrs (_: mkDefault) {
         upstream-nixpkgs = {
-          url = mkDefault https://github.com/nixos/nixpkgs;
-          rev = mkDefault "93d8671e2c6d1d25f126ed30e5e6f16764330119"; # unstable @ 2015-01-03, tested on filepimp
+          url = https://github.com/nixos/nixpkgs;
+          rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119"; # unstable @ 2015-01-03, tested on filepimp
         };
         secrets = "/home/makefu/secrets/${config.krebs.build.host.name}/";
         stockholm = "/home/makefu/stockholm";
@@ -80,11 +80,7 @@ with lib;
   ];
 
   environment.variables = {
-    NIX_PATH = with config.krebs.build.source; with dir; with git;
-      mkForce (concatStringsSep ":" [
-        "nixpkgs=${nixpkgs.target-path}"
-        "${nixpkgs.target-path}"
-      ]);
+    NIX_PATH = mkForce "/var/src";
     EDITOR = mkForce "vim";
   };
 
diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/wwan.nix
index 1e76cd28a..0eb0c97d7 100644
--- a/makefu/2configs/wwan.nix
+++ b/makefu/2configs/wwan.nix
@@ -1,7 +1,6 @@
 _:
 
 {
-  imports = [ ../3modules ];
   makefu.umts = {
     enable = true;
     modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
-- 
cgit v1.2.3


From d739448ab940da4ed5bdf9be5398f6b93b854412 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 12:46:09 +0100
Subject: krebs.build.populate: cleanup (less) harder

---
 krebs/3modules/build.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 00142acdd..0da5dd38a 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -74,7 +74,7 @@ let
 
           unset tmpdir
           trap '
-            rm "$tmpdir"/*
+            rm -f "$tmpdir"/*
             rmdir "$tmpdir"
             trap - EXIT INT QUIT
           '        EXIT INT QUIT
-- 
cgit v1.2.3


From e402c8ce1d2786abafc1efdc64adca84d174a756 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Feb 2016 13:07:47 +0100
Subject: k 3 git.nix: flesh out rules description

---
 krebs/3modules/git.nix   |  2 +-
 makefu/1systems/omo.nix  |  1 -
 makefu/1systems/vbob.nix | 19 -------------------
 3 files changed, 1 insertion(+), 21 deletions(-)

diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 7b28ffca8..11cf21b5f 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -92,7 +92,7 @@ let
         }
       '';
       description = ''
-        Rules.
+        access and permission rules for git repositories.
       '';
     };
   };
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index d15cc2779..34d5a394d 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -29,7 +29,6 @@ in {
       ../2configs/mail-client.nix
       ../2configs/share-user-sftp.nix
       ../2configs/omo-share.nix
-      ../3modules
     ];
   networking.firewall.trustedInterfaces = [ "enp3s0" ];
   # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 6c8f5ca26..f4a22d720 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -18,25 +18,6 @@
     tinc = pkgs.tinc_pre;
   };
 
-  makefu.buildbot.master = {
-    enable = false;
-    irc = {
-      enable = true;
-      server = "cd.retiolum";
-      channel = "retiolum";
-      allowForce = true;
-    };
-  };
-  # services.logstash.enable = true;
-  makefu.buildbot.slave = {
-    enable = false;
-    masterhost = "localhost";
-    username = "testslave";
-    password = "krebspass";
-    packages = with pkgs;[ git nix ];
-    extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
-  };
-
   krebs.build.source.nixpkgs = {
     # url = https://github.com/nixos/nixpkgs;
     # HTTP Everywhere + libredir
-- 
cgit v1.2.3


From 5be8920fb0262ff703f23ef484c59f4b55a9b015 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Feb 2016 14:36:48 +0100
Subject: s 2 base: new paths, cosmetics

---
 shared/2configs/base.nix        | 18 +++++++-----------
 shared/2configs/cgit-mirror.nix |  7 +++----
 2 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix
index 5e6072661..dd698ba97 100644
--- a/shared/2configs/base.nix
+++ b/shared/2configs/base.nix
@@ -16,20 +16,16 @@ with lib;
   # TODO rename shared user to "krebs"
   krebs.build.user = mkDefault config.krebs.users.shared;
   krebs.build.source = {
-    git.nixpkgs = {
+    upstream-nixpkgs = mkDefault {
       url = https://github.com/NixOS/nixpkgs;
       rev = "d0e3cca";
-      target-path = "/var/src/nixpkgs";
-    };
-    dir.secrets = {
-      host = config.krebs.current.host;
-      path = mkDefault "${getEnv "HOME"}/secrets/krebs/${config.krebs.build.host.name}";
-    };
-    dir.stockholm = {
-      host = config.krebs.current.host;
-      path = mkDefault "${getEnv "HOME"}/stockholm";
-      target-path = "/var/src/stockholm";
     };
+    secrets =  mkDefault "${getEnv "HOME"}/secrets/krebs/${config.krebs.build.host.name}";
+    stockholm = mkDefault "${getEnv "HOME"}/stockholm";
+
+    nixos-config = "symlink:stockholm/${config.krebs.build.user.name}/1systems/${config.krebs.build.host.name}.nix";
+    nixpkgs = symlink:stockholm/nixpkgs;
+    stockholm-user = "symlink:stockholm/${config.krebs.build.user.name}";
   };
 
   networking.hostName = config.krebs.build.host.name;
diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix
index 5bcfc5818..4ff1902f9 100644
--- a/shared/2configs/cgit-mirror.nix
+++ b/shared/2configs/cgit-mirror.nix
@@ -2,12 +2,11 @@
 
 with lib;
 let
-  rules = with git;[{
-    # user = git-sync;
-    user = git-sync;
+  rules = with git; singleton {
+    user = [ git-sync ];
     repo = [ stockholm-mirror ];
     perm = push ''refs/*'' [ non-fast-forward create delete merge ];
-  }];
+  };
 
   stockholm-mirror = {
     public = true;
-- 
cgit v1.2.3


From 4c23e33dea4d9901b64bf287983c43862f4990f2 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Feb 2016 16:38:21 +0100
Subject: ma 1: refactor buildbot config, add documentation

---
 shared/1systems/wolf.nix                |   2 +-
 shared/2configs/buildbot-standalone.nix | 150 --------------------------------
 shared/2configs/shared-buildbot.nix     | 148 +++++++++++++++++++++++++++++++
 3 files changed, 149 insertions(+), 151 deletions(-)
 delete mode 100644 shared/2configs/buildbot-standalone.nix
 create mode 100644 shared/2configs/shared-buildbot.nix

diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index e45195487..bcfbd6810 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -11,7 +11,7 @@ in
     ../2configs/collectd-base.nix
     ../2configs/shack-nix-cacher.nix
     ../2configs/shack-drivedroid.nix
-    ../2configs/buildbot-standalone.nix
+    ../2configs/shared-buildbot.nix
     ../2configs/cgit-mirror.nix
     # ../2configs/graphite.nix
   ];
diff --git a/shared/2configs/buildbot-standalone.nix b/shared/2configs/buildbot-standalone.nix
deleted file mode 100644
index 9982dd915..000000000
--- a/shared/2configs/buildbot-standalone.nix
+++ /dev/null
@@ -1,150 +0,0 @@
-{ lib, config, pkgs, ... }:
-
-{
-  networking.firewall.allowedTCPPorts = [ 8010 9989 ];
-  krebs.buildbot.master = {
-    secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ];
-    slaves = {
-      testslave =  "krebspass";
-    };
-    change_source.stockholm = ''
-  stockholm_repo = 'http://cgit.gum/stockholm'
-  cs.append(changes.GitPoller(
-          stockholm_repo,
-          workdir='stockholm-poller', branch='master',
-          project='stockholm',
-          pollinterval=120))
-    '';
-    scheduler = {
-        force-scheduler = ''
-  sched.append(schedulers.ForceScheduler(
-                              name="force",
-                              builderNames=["full-tests"]))
-        '';
-        fast-tests-scheduler = ''
-  # test the master real quick
-  sched.append(schedulers.SingleBranchScheduler(
-                              change_filter=util.ChangeFilter(branch="master"),
-                              treeStableTimer=10, #only test the latest push
-                              name="fast-master-test",
-                              builderNames=["fast-tests"]))
-        '';
-        test-cac-infest-master = ''
-  # files everyone depends on or are part of the share branch
-  def shared_files(change):
-    r =re.compile("^((krebs|shared)/.*|Makefile|default.nix)")
-    for file in change.files:
-      if r.match(file):
-        return True
-    return False
-
-  sched.append(schedulers.SingleBranchScheduler(
-                              change_filter=util.ChangeFilter(branch="master"),
-                              fileIsImportant=shared_files,
-                              treeStableTimer=60*60, # master was stable for the last hour
-                              name="full-master-test",
-                              builderNames=["full-tests"]))
-        '';
-    };
-    builder_pre = ''
-  # prepare grab_repo step for stockholm
-  stockholm_repo = "http://cgit.gum.retiolum/stockholm"
-  grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
-
-  env = {"LOGNAME": "shared", "NIX_REMOTE": "daemon"}
-
-  # prepare nix-shell
-  # the dependencies which are used by the test script
-  deps = [ "gnumake", "jq","nix","rsync",
-            "(import <stockholm> {}).pkgs.test.infest-cac-centos7" ]
-  # TODO: --pure , prepare ENV in nix-shell command:
-  #                   SSL_CERT_FILE,LOGNAME,NIX_REMOTE
-  nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
-
-  # prepare addShell function
-  def addShell(factory,**kwargs):
-    factory.addStep(steps.ShellCommand(**kwargs))
-    '';
-    builder = {
-      fast-tests = ''
-  f = util.BuildFactory()
-  f.addStep(grab_repo)
-  addShell(f,name="deploy-eval-centos7",env=env,
-            command=nixshell + ["make -s eval get=krebs.deploy filter=json system=test-centos7"])
-
-  addShell(f,name="deploy-eval-wolf",env=env,
-            command=nixshell + ["make -s eval get=krebs.deploy filter=json system=wolf"])
-
-  addShell(f,name="deploy-eval-cross-check",env=env,
-            command=nixshell + ["! make eval get=krebs.deploy filter=json system=test-failing"])
-
-  addShell(f,name="instantiate-test-all-modules",env=env,
-            command=nixshell + \
-                      ["touch retiolum.rsa_key.priv; \
-                        nix-instantiate --eval -A \
-                            users.shared.test-all-krebs-modules.system \
-                            -I stockholm=. \
-                            --show-trace \
-                            -I secrets=. '<stockholm>' \
-                            --argstr current-user-name shared \
-                            --argstr current-host-name lol \
-                            --strict --json"])
-
-  addShell(f,name="instantiate-test-minimal-deploy",env=env,
-            command=nixshell + \
-                      ["nix-instantiate --eval -A \
-                            users.shared.test-minimal-deploy.system \
-                            -I stockholm=. \
-                            -I secrets=. '<stockholm>' \
-                            --show-trace \
-                            --argstr current-user-name shared \
-                            --argstr current-host-name lol \
-                            --strict --json"])
-
-  bu.append(util.BuilderConfig(name="fast-tests",
-        slavenames=slavenames,
-        factory=f))
-      '';
-      slow-tests = ''
-  s = util.BuildFactory()
-  s.addStep(grab_repo)
-
-  # slave needs 2 files:
-  # * cac.json
-  # * retiolum
-  s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", slavedest="cac.json"))
-  s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", slavedest="retiolum.rsa_key.priv"))
-
-  addShell(s, name="infest-cac-centos7",env=env,
-              sigtermTime=60,           # SIGTERM 1 minute before SIGKILL
-              timeout=10800,             # 3h
-              command=nixshell + ["infest-cac-centos7"])
-
-  bu.append(util.BuilderConfig(name="full-tests",
-        slavenames=slavenames,
-        factory=s))
-      '';
-    };
-    enable = true;
-    web = {
-      enable = true;
-    };
-    irc = {
-      enable = true;
-      nick = "shared-buildbot";
-      server = "cd.retiolum";
-      channels = [ "retiolum" ];
-      allowForce = true;
-    };
-  };
-
-  krebs.buildbot.slave = {
-    enable = true;
-    masterhost = "localhost";
-    username = "testslave";
-    password = "krebspass";
-    packages = with pkgs;[ git nix ];
-    # all nix commands will need a working nixpkgs installation
-    extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
-  };
-}
diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix
new file mode 100644
index 000000000..50b279036
--- /dev/null
+++ b/shared/2configs/shared-buildbot.nix
@@ -0,0 +1,148 @@
+{ lib, config, pkgs, ... }:
+# The buildbot config is seilf-contained and provides a way to test "shared"
+# configuration (infrastructure to be used by every krebsminister).
+
+# You can add your own test, test steps as required. Deploy the config on a
+# shared host like wolf and everything should be fine.
+{
+  networking.firewall.allowedTCPPorts = [ 8010 9989 ];
+  krebs.buildbot.master = {
+    secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ];
+    slaves = {
+      testslave =  "krebspass";
+    };
+    change_source.stockholm = ''
+  stockholm_repo = 'http://cgit.gum/stockholm'
+  cs.append(changes.GitPoller(
+          stockholm_repo,
+          workdir='stockholm-poller', branch='master',
+          project='stockholm',
+          pollinterval=120))
+    '';
+    scheduler = {
+        force-scheduler = ''
+  sched.append(schedulers.ForceScheduler(
+                              name="force",
+                              builderNames=["full-tests"]))
+        '';
+        fast-tests-scheduler = ''
+  # test the master real quick
+  sched.append(schedulers.SingleBranchScheduler(
+                              change_filter=util.ChangeFilter(branch="master"),
+                              treeStableTimer=10, #only test the latest push
+                              name="fast-master-test",
+                              builderNames=["fast-tests"]))
+        '';
+        test-cac-infest-master = ''
+  # files everyone depends on or are part of the share branch
+  def shared_files(change):
+    r =re.compile("^((krebs|shared)/.*|Makefile|default.nix)")
+    for file in change.files:
+      if r.match(file):
+        return True
+    return False
+
+  sched.append(schedulers.SingleBranchScheduler(
+                              change_filter=util.ChangeFilter(branch="master"),
+                              fileIsImportant=shared_files,
+                              treeStableTimer=60*60, # master was stable for the last hour
+                              name="full-master-test",
+                              builderNames=["full-tests"]))
+        '';
+    };
+    builder_pre = ''
+  # prepare grab_repo step for stockholm
+  stockholm_repo = "http://cgit.gum.retiolum/stockholm"
+  grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
+
+  env = {"LOGNAME": "shared", "NIX_REMOTE": "daemon"}
+
+  # prepare nix-shell
+  # the dependencies which are used by the test script
+  deps = [ "gnumake", "jq","nix","rsync",
+            "(import <stockholm> {}).pkgs.test.infest-cac-centos7" ]
+  # TODO: --pure , prepare ENV in nix-shell command:
+  #                   SSL_CERT_FILE,LOGNAME,NIX_REMOTE
+  nixshell = ["nix-shell",
+                "-I", "stockholm=.",
+                "-I", "nixpkgs=/var/src/upstream-nixpkgs",
+                "-p" ] + deps + [ "--run" ]
+
+  # prepare addShell function
+  def addShell(factory,**kwargs):
+    factory.addStep(steps.ShellCommand(**kwargs))
+    '';
+    builder = {
+      fast-tests = ''
+  f = util.BuildFactory()
+  f.addStep(grab_repo)
+  for i in [ "test-centos7", "wolf", "test-failing" ]:
+    addShell(f,name="populate-{}".format(i),env=env,
+            command=nixshell + ["set -o pipefail;{}( nix-instantiate --arg configuration shared/1systems/{}.nix --eval --readonly-mode --show-trace -A config.krebs.build.populate --strict | jq -r .)".format("!" if "failing" in i else "",i)])
+
+  addShell(f,name="instantiate-test-all-modules",env=env,
+            command=nixshell + \
+                      ["touch retiolum.rsa_key.priv; \
+                        nix-instantiate --eval -A \
+                            users.shared.test-all-krebs-modules.system \
+                            -I stockholm=. \
+                            --show-trace \
+                            -I secrets=. '<stockholm>' \
+                            --strict --json"])
+
+  addShell(f,name="instantiate-test-minimal-deploy",env=env,
+            command=nixshell + \
+                      ["nix-instantiate --eval -A \
+                            users.shared.test-minimal-deploy.system \
+                            -I stockholm=. \
+                            -I secrets=. '<stockholm>' \
+                            --show-trace \
+                            --strict --json"])
+
+  bu.append(util.BuilderConfig(name="fast-tests",
+        slavenames=slavenames,
+        factory=f))
+      '';
+      slow-tests = ''
+  s = util.BuildFactory()
+  s.addStep(grab_repo)
+
+  # slave needs 2 files:
+  # * cac.json
+  # * retiolum
+  s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", slavedest="cac.json"))
+  s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", slavedest="retiolum.rsa_key.priv"))
+
+  addShell(s, name="infest-cac-centos7",env=env,
+              sigtermTime=60,           # SIGTERM 1 minute before SIGKILL
+              timeout=10800,             # 3h
+              command=nixshell + ["infest-cac-centos7"])
+
+  bu.append(util.BuilderConfig(name="full-tests",
+        slavenames=slavenames,
+        factory=s))
+      '';
+    };
+    enable = true;
+    web = {
+      enable = true;
+    };
+    irc = {
+      enable = true;
+      nick = "shared-buildbot";
+      server = "cd.retiolum";
+      channels = [ "retiolum" ];
+      allowForce = true;
+    };
+  };
+
+  krebs.buildbot.slave = {
+    enable = true;
+    masterhost = "localhost";
+    username = "testslave";
+    password = "krebspass";
+    packages = with pkgs;[ git nix ];
+    # all nix commands will need a working nixpkgs installation
+    extraEnviron = { NIX_PATH="/var/src"; };
+  };
+}
-- 
cgit v1.2.3


From cb264dfb9119de4fb6d081171473e4276cdbb9d5 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 5 Feb 2016 15:11:22 +0100
Subject: urlwatch: 2.0 -> 2.1

---
 krebs/5pkgs/urlwatch/default.nix | 23 ++++++-----------------
 1 file changed, 6 insertions(+), 17 deletions(-)

diff --git a/krebs/5pkgs/urlwatch/default.nix b/krebs/5pkgs/urlwatch/default.nix
index d9b595314..780ad24f5 100644
--- a/krebs/5pkgs/urlwatch/default.nix
+++ b/krebs/5pkgs/urlwatch/default.nix
@@ -1,29 +1,18 @@
 { stdenv, fetchurl, python3Packages }:
 
 python3Packages.buildPythonPackage rec {
-  name = "urlwatch-2.0";
+  name = "urlwatch-2.1";
 
   src = fetchurl {
     url = "https://thp.io/2008/urlwatch/${name}.tar.gz";
-    sha256 = "0j38qzw4jxw41vnnpi6j851hqpv8d6p1cbni6cv8r2vqf5307s3b";
+    sha256 = "0xn435cml9wjwk39117p1diqmvw3jbmv9ccr7230iaf7z59vf9v6";
   };
 
   propagatedBuildInputs = with python3Packages; [
-    pyyaml
     keyring
-    (python3Packages.buildPythonPackage rec {
-      name = "minidb-2.0.1";
-      src = fetchurl {
-        url = "https://thp.io/2010/minidb/${name}.tar.gz";
-        sha256 = "1x958zr9jc26vaqij451qb9m2l7apcpz34ir9fwfjg4fwv24z2dy";
-      };
-      meta = {
-        description = "A simple SQLite3-based store for Python objects";
-        homepage = https://thp.io/2010/minidb/;
-        license = stdenv.lib.licenses.isc;
-        maintainers = [ stdenv.lib.maintainers.tv ];
-      };
-    })
+    minidb
+    pyyaml
+    requests2
   ];
 
   postFixup = ''
@@ -36,4 +25,4 @@ python3Packages.buildPythonPackage rec {
     license = stdenv.lib.licenses.bsd3;
     maintainers = [ stdenv.lib.maintainers.tv ];
   };
-}#
+}
-- 
cgit v1.2.3


From b2303e081fb1ccc9a0b88f538736045fb2fba14f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 5 Feb 2016 15:18:28 +0100
Subject: cd: use default upstream-nixpkgs

---
 tv/1systems/cd.nix | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index e42d5750a..8297a56df 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -6,11 +6,6 @@ with lib;
   krebs.build.host = config.krebs.hosts.cd;
   krebs.build.target = "root@cd.internet";
 
-  krebs.build.source.upstream-nixpkgs = {
-    url = https://github.com/NixOS/nixpkgs;
-    rev = "b7ff030";
-  };
-
   imports = [
     ../2configs/hw/CAC-Developer-2.nix
     ../2configs/fs/CAC-CentOS-7-64bit.nix
-- 
cgit v1.2.3


From 23c7c10f5a5ed83dca001d7382e5b89981277f8c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 15:11:30 +0100
Subject: krebs.retiolum.hosts: change type to attrsOf host

---
 krebs/3modules/retiolum.nix            | 46 +++++++++++++++++-----------------
 krebs/4lib/types.nix                   | 16 ++++++------
 krebs/Zhosts/Styx                      | 10 --------
 krebs/Zhosts/ThinkArmageddon           |  9 -------
 krebs/Zhosts/TriBot                    | 11 --------
 krebs/Zhosts/ach                       | 11 --------
 krebs/Zhosts/air                       | 11 --------
 krebs/Zhosts/alarmpi                   | 11 --------
 krebs/Zhosts/albi10                    | 11 --------
 krebs/Zhosts/albi7                     | 10 --------
 krebs/Zhosts/almoehi                   | 11 --------
 krebs/Zhosts/alphalabs                 | 10 --------
 krebs/Zhosts/apfull                    | 11 --------
 krebs/Zhosts/bitchctl                  | 11 --------
 krebs/Zhosts/bitchextend               | 11 --------
 krebs/Zhosts/bitchtop                  | 11 --------
 krebs/Zhosts/bobby                     | 11 --------
 krebs/Zhosts/box                       | 10 --------
 krebs/Zhosts/bridge                    | 12 ---------
 krebs/Zhosts/c2ft                      | 10 --------
 krebs/Zhosts/c2fthome                  | 10 --------
 krebs/Zhosts/casino                    | 11 --------
 krebs/Zhosts/cat1                      | 11 --------
 krebs/Zhosts/cband                     | 11 --------
 krebs/Zhosts/cd                        | 17 -------------
 krebs/Zhosts/cloudkrebs                | 12 ---------
 krebs/Zhosts/darth                     | 12 ---------
 krebs/Zhosts/dei                       | 11 --------
 krebs/Zhosts/destroy                   | 11 --------
 krebs/Zhosts/devstar                   | 11 --------
 krebs/Zhosts/echelon                   | 12 ---------
 krebs/Zhosts/eigenserv                 | 11 --------
 krebs/Zhosts/elvis                     | 12 ---------
 krebs/Zhosts/eulerwalk                 | 11 --------
 krebs/Zhosts/exile                     |  9 -------
 krebs/Zhosts/exitium_mobilis           | 10 --------
 krebs/Zhosts/falk                      | 11 --------
 krebs/Zhosts/fastpoke                  | 12 ---------
 krebs/Zhosts/filebitch                 | 11 --------
 krebs/Zhosts/filepimp                  | 11 --------
 krebs/Zhosts/flap                      | 12 ---------
 krebs/Zhosts/foobar                    | 11 --------
 krebs/Zhosts/fuerkrebs                 | 10 --------
 krebs/Zhosts/gum                       | 15 -----------
 krebs/Zhosts/heidi                     | 11 --------
 krebs/Zhosts/horisa                    | 12 ---------
 krebs/Zhosts/horreum_magnus            | 15 -----------
 krebs/Zhosts/incept                    | 13 ----------
 krebs/Zhosts/ire                       | 12 ---------
 krebs/Zhosts/ire2                      |  9 -------
 krebs/Zhosts/irkel                     | 12 ---------
 krebs/Zhosts/juhulian                  | 11 --------
 krebs/Zhosts/k2                        | 28 ---------------------
 krebs/Zhosts/kabinett                  | 11 --------
 krebs/Zhosts/kaepsele                  | 11 --------
 krebs/Zhosts/kalle                     | 11 --------
 krebs/Zhosts/karthus                   | 10 --------
 krebs/Zhosts/kebsco                    | 11 --------
 krebs/Zhosts/khackplug                 | 11 --------
 krebs/Zhosts/kheurop                   | 12 ---------
 krebs/Zhosts/kiosk                     | 12 ---------
 krebs/Zhosts/krebsplug                 | 10 --------
 krebs/Zhosts/kvasir                    | 11 --------
 krebs/Zhosts/laqueus                   | 11 --------
 krebs/Zhosts/linuxatom                 | 11 --------
 krebs/Zhosts/luminos                   | 11 --------
 krebs/Zhosts/machine                   | 11 --------
 krebs/Zhosts/makalu                    | 11 --------
 krebs/Zhosts/mako                      | 11 --------
 krebs/Zhosts/miefda0                   | 10 --------
 krebs/Zhosts/minikrebs                 | 10 --------
 krebs/Zhosts/mkdir                     | 11 --------
 krebs/Zhosts/monitor                   | 11 --------
 krebs/Zhosts/mors                      | 10 --------
 krebs/Zhosts/motor                     | 12 ---------
 krebs/Zhosts/mu                        | 10 --------
 krebs/Zhosts/muhbaasu                  | 13 ----------
 krebs/Zhosts/nomic                     | 10 --------
 krebs/Zhosts/nomic2                    | 10 --------
 krebs/Zhosts/nukular                   | 11 --------
 krebs/Zhosts/omo                       |  9 -------
 krebs/Zhosts/pic                       | 11 --------
 krebs/Zhosts/pigstarter                | 13 ----------
 krebs/Zhosts/pike                      | 11 --------
 krebs/Zhosts/pnp                       | 11 --------
 krebs/Zhosts/pornocauster              | 10 --------
 krebs/Zhosts/prism                     | 12 ---------
 krebs/Zhosts/radiotuxmini              | 11 --------
 krebs/Zhosts/random                    | 10 --------
 krebs/Zhosts/raspafari                 | 11 --------
 krebs/Zhosts/reimae                    | 12 ---------
 krebs/Zhosts/rmdir                     | 11 --------
 krebs/Zhosts/robchina                  | 11 --------
 krebs/Zhosts/rockit                    | 11 --------
 krebs/Zhosts/rtjure_debian_oder_so     | 11 --------
 krebs/Zhosts/rtjure_ras                | 11 --------
 krebs/Zhosts/rtjure_rdrlab_linkstation | 11 --------
 krebs/Zhosts/rubus                     |  9 -------
 krebs/Zhosts/senderechner              | 10 --------
 krebs/Zhosts/serenity                  | 11 --------
 krebs/Zhosts/seruundroid               | 12 ---------
 krebs/Zhosts/sir_krebs_a_lot           | 11 --------
 krebs/Zhosts/skirfir                   | 11 --------
 krebs/Zhosts/sleipnir                  | 12 ---------
 krebs/Zhosts/smove                     |  9 -------
 krebs/Zhosts/sokrates                  | 11 --------
 krebs/Zhosts/sokrateslaptop            | 11 --------
 krebs/Zhosts/soundflower               | 10 --------
 krebs/Zhosts/steve                     | 10 --------
 krebs/Zhosts/stro                      | 10 --------
 krebs/Zhosts/tahoe                     | 12 ---------
 krebs/Zhosts/taschenkrebs              | 11 --------
 krebs/Zhosts/terrapi                   | 11 --------
 krebs/Zhosts/thomasDOTde               |  9 -------
 krebs/Zhosts/tincdroid                 |  9 -------
 krebs/Zhosts/tmpd                      | 11 --------
 krebs/Zhosts/tpsw                      | 11 --------
 krebs/Zhosts/tsp                       | 16 ------------
 krebs/Zhosts/ufo                       | 11 --------
 krebs/Zhosts/uriel                     | 11 --------
 krebs/Zhosts/vault                     | 10 --------
 krebs/Zhosts/vbob                      |  9 -------
 krebs/Zhosts/voyager                   | 17 -------------
 krebs/Zhosts/wbob                      | 10 --------
 krebs/Zhosts/wolf                      | 10 --------
 krebs/Zhosts/wooktop                   | 11 --------
 krebs/Zhosts/wry                       | 16 ------------
 krebs/Zhosts/wu                        | 10 --------
 krebs/Zhosts/xu                        | 13 ----------
 krebs/Zhosts/ytart                     |  9 -------
 krebs/Zhosts/zombiecancer              | 11 --------
 lass/2configs/retiolum.nix             |  1 -
 makefu/1systems/repunit.nix            |  1 -
 makefu/1systems/vbob.nix               |  1 -
 134 files changed, 32 insertions(+), 1479 deletions(-)
 delete mode 100644 krebs/Zhosts/Styx
 delete mode 100644 krebs/Zhosts/ThinkArmageddon
 delete mode 100644 krebs/Zhosts/TriBot
 delete mode 100644 krebs/Zhosts/ach
 delete mode 100644 krebs/Zhosts/air
 delete mode 100644 krebs/Zhosts/alarmpi
 delete mode 100644 krebs/Zhosts/albi10
 delete mode 100644 krebs/Zhosts/albi7
 delete mode 100644 krebs/Zhosts/almoehi
 delete mode 100644 krebs/Zhosts/alphalabs
 delete mode 100644 krebs/Zhosts/apfull
 delete mode 100644 krebs/Zhosts/bitchctl
 delete mode 100644 krebs/Zhosts/bitchextend
 delete mode 100644 krebs/Zhosts/bitchtop
 delete mode 100644 krebs/Zhosts/bobby
 delete mode 100644 krebs/Zhosts/box
 delete mode 100644 krebs/Zhosts/bridge
 delete mode 100644 krebs/Zhosts/c2ft
 delete mode 100644 krebs/Zhosts/c2fthome
 delete mode 100644 krebs/Zhosts/casino
 delete mode 100644 krebs/Zhosts/cat1
 delete mode 100644 krebs/Zhosts/cband
 delete mode 100644 krebs/Zhosts/cd
 delete mode 100644 krebs/Zhosts/cloudkrebs
 delete mode 100644 krebs/Zhosts/darth
 delete mode 100644 krebs/Zhosts/dei
 delete mode 100644 krebs/Zhosts/destroy
 delete mode 100644 krebs/Zhosts/devstar
 delete mode 100644 krebs/Zhosts/echelon
 delete mode 100644 krebs/Zhosts/eigenserv
 delete mode 100644 krebs/Zhosts/elvis
 delete mode 100644 krebs/Zhosts/eulerwalk
 delete mode 100644 krebs/Zhosts/exile
 delete mode 100644 krebs/Zhosts/exitium_mobilis
 delete mode 100644 krebs/Zhosts/falk
 delete mode 100644 krebs/Zhosts/fastpoke
 delete mode 100644 krebs/Zhosts/filebitch
 delete mode 100644 krebs/Zhosts/filepimp
 delete mode 100644 krebs/Zhosts/flap
 delete mode 100644 krebs/Zhosts/foobar
 delete mode 100644 krebs/Zhosts/fuerkrebs
 delete mode 100644 krebs/Zhosts/gum
 delete mode 100644 krebs/Zhosts/heidi
 delete mode 100644 krebs/Zhosts/horisa
 delete mode 100644 krebs/Zhosts/horreum_magnus
 delete mode 100644 krebs/Zhosts/incept
 delete mode 100644 krebs/Zhosts/ire
 delete mode 100644 krebs/Zhosts/ire2
 delete mode 100644 krebs/Zhosts/irkel
 delete mode 100644 krebs/Zhosts/juhulian
 delete mode 100644 krebs/Zhosts/k2
 delete mode 100644 krebs/Zhosts/kabinett
 delete mode 100644 krebs/Zhosts/kaepsele
 delete mode 100644 krebs/Zhosts/kalle
 delete mode 100644 krebs/Zhosts/karthus
 delete mode 100644 krebs/Zhosts/kebsco
 delete mode 100644 krebs/Zhosts/khackplug
 delete mode 100644 krebs/Zhosts/kheurop
 delete mode 100644 krebs/Zhosts/kiosk
 delete mode 100644 krebs/Zhosts/krebsplug
 delete mode 100644 krebs/Zhosts/kvasir
 delete mode 100644 krebs/Zhosts/laqueus
 delete mode 100644 krebs/Zhosts/linuxatom
 delete mode 100644 krebs/Zhosts/luminos
 delete mode 100644 krebs/Zhosts/machine
 delete mode 100644 krebs/Zhosts/makalu
 delete mode 100644 krebs/Zhosts/mako
 delete mode 100644 krebs/Zhosts/miefda0
 delete mode 100644 krebs/Zhosts/minikrebs
 delete mode 100644 krebs/Zhosts/mkdir
 delete mode 100644 krebs/Zhosts/monitor
 delete mode 100644 krebs/Zhosts/mors
 delete mode 100644 krebs/Zhosts/motor
 delete mode 100644 krebs/Zhosts/mu
 delete mode 100644 krebs/Zhosts/muhbaasu
 delete mode 100644 krebs/Zhosts/nomic
 delete mode 100644 krebs/Zhosts/nomic2
 delete mode 100644 krebs/Zhosts/nukular
 delete mode 100644 krebs/Zhosts/omo
 delete mode 100644 krebs/Zhosts/pic
 delete mode 100644 krebs/Zhosts/pigstarter
 delete mode 100644 krebs/Zhosts/pike
 delete mode 100644 krebs/Zhosts/pnp
 delete mode 100644 krebs/Zhosts/pornocauster
 delete mode 100644 krebs/Zhosts/prism
 delete mode 100644 krebs/Zhosts/radiotuxmini
 delete mode 100644 krebs/Zhosts/random
 delete mode 100644 krebs/Zhosts/raspafari
 delete mode 100644 krebs/Zhosts/reimae
 delete mode 100644 krebs/Zhosts/rmdir
 delete mode 100644 krebs/Zhosts/robchina
 delete mode 100644 krebs/Zhosts/rockit
 delete mode 100644 krebs/Zhosts/rtjure_debian_oder_so
 delete mode 100644 krebs/Zhosts/rtjure_ras
 delete mode 100644 krebs/Zhosts/rtjure_rdrlab_linkstation
 delete mode 100644 krebs/Zhosts/rubus
 delete mode 100644 krebs/Zhosts/senderechner
 delete mode 100644 krebs/Zhosts/serenity
 delete mode 100644 krebs/Zhosts/seruundroid
 delete mode 100644 krebs/Zhosts/sir_krebs_a_lot
 delete mode 100644 krebs/Zhosts/skirfir
 delete mode 100644 krebs/Zhosts/sleipnir
 delete mode 100644 krebs/Zhosts/smove
 delete mode 100644 krebs/Zhosts/sokrates
 delete mode 100644 krebs/Zhosts/sokrateslaptop
 delete mode 100644 krebs/Zhosts/soundflower
 delete mode 100644 krebs/Zhosts/steve
 delete mode 100644 krebs/Zhosts/stro
 delete mode 100644 krebs/Zhosts/tahoe
 delete mode 100644 krebs/Zhosts/taschenkrebs
 delete mode 100644 krebs/Zhosts/terrapi
 delete mode 100644 krebs/Zhosts/thomasDOTde
 delete mode 100644 krebs/Zhosts/tincdroid
 delete mode 100644 krebs/Zhosts/tmpd
 delete mode 100644 krebs/Zhosts/tpsw
 delete mode 100644 krebs/Zhosts/tsp
 delete mode 100644 krebs/Zhosts/ufo
 delete mode 100644 krebs/Zhosts/uriel
 delete mode 100644 krebs/Zhosts/vault
 delete mode 100644 krebs/Zhosts/vbob
 delete mode 100644 krebs/Zhosts/voyager
 delete mode 100644 krebs/Zhosts/wbob
 delete mode 100644 krebs/Zhosts/wolf
 delete mode 100644 krebs/Zhosts/wooktop
 delete mode 100644 krebs/Zhosts/wry
 delete mode 100644 krebs/Zhosts/wu
 delete mode 100644 krebs/Zhosts/xu
 delete mode 100644 krebs/Zhosts/ytart
 delete mode 100644 krebs/Zhosts/zombiecancer

diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix
index e0e2692a8..08ac96461 100644
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@@ -1,6 +1,4 @@
 { config, pkgs, lib, ... }:
-
-with builtins;
 with lib;
 let
   cfg = config.krebs.retiolum;
@@ -40,7 +38,7 @@ let
       '';
     };
 
-    network = mkOption {
+    netname = mkOption {
       type = types.str;
       default = "retiolum";
       description = ''
@@ -65,10 +63,13 @@ let
     };
 
     hosts = mkOption {
-      type = with types; either package path;
-      default = ../Zhosts;
+      type = with types; attrsOf host;
+      default =
+        filterAttrs (_: h: hasAttr cfg.netname h.nets) config.krebs.hosts;
       description = ''
-        If a path is given, then it will be used to generate an ad-hoc package.
+        Hosts which should be part of the tinc configuration.
+        Note that these hosts must have a correspondingly named network
+        configured, see <literal>config.krebs.retiolum.netname</literal>.
       '';
     };
 
@@ -104,7 +105,7 @@ let
   };
 
   imp = {
-    environment.systemPackages = [ tinc hosts iproute ];
+    environment.systemPackages = [ tinc iproute ];
 
     networking.extraHosts = retiolumExtraHosts;
 
@@ -140,17 +141,16 @@ let
 
   tinc = cfg.tincPackage;
 
-  hosts = getAttr (typeOf cfg.hosts) {
-    package = cfg.hosts;
-    path = pkgs.stdenv.mkDerivation {
-      name = "custom-retiolum-hosts";
-      src = cfg.hosts;
-      installPhase = ''
-        mkdir $out
-        find . -name .git -prune -o -type f -print0 \
-          | xargs -0 cp --target-directory $out
-      '';
-    };
+  tinc-hosts = pkgs.stdenv.mkDerivation {
+    name = "${cfg.netname}-tinc-hosts";
+    phases = [ "installPhase" ];
+    installPhase = ''
+      mkdir $out
+      ${concatStrings (mapAttrsToList (_: host: ''
+        echo ${shell.escape host.nets.${cfg.netname}.tinc.config} \
+          > $out/${shell.escape host.name}
+      '') cfg.hosts)}
+    '';
   };
 
   iproute = cfg.iproutePackage;
@@ -159,7 +159,7 @@ let
     { }
     ''
       generate() {
-        (cd ${hosts}
+        (cd ${tinc-hosts}
           printf \'\'
           for i in `ls`; do
             names=$(hostnames $i)
@@ -180,11 +180,11 @@ let
           generate
           ;;
         long)
-          hostnames() { echo "$1.${cfg.network}"; }
+          hostnames() { echo "$1.${cfg.netname}"; }
           generate
           ;;
         both)
-          hostnames() { echo "$1.${cfg.network} $1"; }
+          hostnames() { echo "$1.${cfg.netname} $1"; }
           generate
           ;;
         *)
@@ -203,12 +203,12 @@ let
 
     mkdir -p $out
 
-    ln -s ${hosts} $out/hosts
+    ln -s ${tinc-hosts} $out/hosts
 
     cat > $out/tinc.conf <<EOF
     Name = ${cfg.name}
     Device = /dev/net/tun
-    Interface = ${cfg.network}
+    Interface = ${cfg.netname}
     ${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)}
     PrivateKeyFile = /tmp/retiolum-rsa_key.priv
     ${cfg.extraConfig}
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index c596d0f9d..6c396a132 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -119,16 +119,18 @@ types // rec {
         default = {};
       };
       tinc = mkOption {
-        type = let net-config = config; in nullOr (submodule ({ config, ... }: {
+        type = let net = config; in nullOr (submodule ({ config, ... }: {
           options = {
             config = mkOption {
               type = str;
-              default = ''
-                ${optionalString (net-config.via != null)
-                  (concatMapStringsSep "\n" (a: "Address = ${a}") net-config.via.addrs)}
-                ${concatMapStringsSep "\n" (a: "Subnet = ${a}") net-config.addrs}
-                ${config.pubkey}
-              '';
+              default = concatStringsSep "\n" (
+                (optionals (net.via != null)
+                  (map (a: "Address = ${a}") net.via.addrs))
+                ++
+                (map (a: "Subnet = ${a}") net.addrs)
+                ++
+                [config.pubkey]
+              );
             };
             pubkey = mkOption {
               type = str;
diff --git a/krebs/Zhosts/Styx b/krebs/Zhosts/Styx
deleted file mode 100644
index fad453168..000000000
--- a/krebs/Zhosts/Styx
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.42/32
-Compression = 9
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA4jbOi+HZIGOGNm4aBSwnq4m3Vg3IXHmYUbJx1AzP4a/yvEgswfk6
-MP5FXvoY/hZ0NQ0IRzbbJxGbcUdulz0WSjX1C+8uQUZstz+lvYZ4FeCXcdE5cuFM
-ROKAbA4qxO3WOFhPAs4G+K6srDqswmmBSfgPAfOBexEZxHweoBQLOYKUPnBCWf5q
-I1gKWgMVWv6KY/pgYxloarycb8gEd2GsNZcNwoNhRd2G/Tn6idh1qRBI96eaasbV
-P24FEVkPVFVgIGrvFZCICCeQzA4g+Sn4TmgxnTWLQxG4hAHOZQX/ld8u7NHTU9Qm
-PwmjESwfas9Z8UjknrbcaZvuqKrnMp7JwwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/ThinkArmageddon b/krebs/Zhosts/ThinkArmageddon
deleted file mode 100644
index e51e1c92b..000000000
--- a/krebs/Zhosts/ThinkArmageddon
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.0.137/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1EAiyBWICkyB1zHE31fHSbGR1nJJmXSfnrqm9yXRZSGweIKrbsof
-QVcRzM4vsFBRUMBeKW7fzlGcvgXULFRnGelvEl4GRiBMO9odBlBI3t8CjZW7X2N7
-JqCMkB+CRuiHbNYQdRFTozQEfPq+DNh8accD5LjUM6gF0dKUdby5qNeHCfZSxU4v
-YZDRqq/haO4up6m8/S6YhnHPOSaIAu7R7hFaUeB/FPT+s5irKk6WtAiWnIdXb22q
-0zxT4+t9sWFb4V9u/MImggYQVWjk+TfF5KpihBOvExEQsSR8JJcRUJAtN4W0w2Pc
-S4/j9ArKcBj5Wf2qHcJMN5MbwUFW1oMkGwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/TriBot b/krebs/Zhosts/TriBot
deleted file mode 100644
index 821046f5d..000000000
--- a/krebs/Zhosts/TriBot
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.117.163
-Subnet = 42:ff05:504f:f27a:3534:9be1:4343:5e95
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAz8pZtvSqDEKo/8IHt71GzWa2oTqZPUv2kRoipUXbJGv3eWpkbd4n
-OpaLuY7MjUveZ39m830t5RAkgB9iChU5wurszgfLrxJ15uibJe+yFJl9O6kuYJr1
-69s12F/v/pPno5eWuXWJ+CdMW8srZB1I/ZIL1/GaptuDoMxu7uBnDbL/NJrpPBSr
-JxCJGHET8jh2++B3cqsBWNGkQjQTM8NwwAup6HQjBrbOQYOAQbcOTMmalc/9JFfO
-LUz63LrCPk5pIeLi+876IdAJBuJsVWwmTbl/D9R6D34Z8bYHIv9mDmO/omckcxX2
-JJgEq5/xlLb2gHt/qfUunbYHIstp/s2bSwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/ach b/krebs/Zhosts/ach
deleted file mode 100644
index 7774f17c4..000000000
--- a/krebs/Zhosts/ach
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.32.89
-Subnet = 42:6bb3:0a07:6777:9aa5:e39c:e140:cb68
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAsTyjNQ5aO2aIKXgkgZSiUb0POtEVoAPFrIkSv5Ci+7AYv+CLXsIr
-TKBfFIg474KZ4MCrX0oA3Z66s9d2UW6mcH5JufW8siRPJvdydqaANyF6Fvk++59R
-+GMKR0MGdPGfcxjaw64ChemOZx1T6ODHF7KTgaWRI+Aiz+jWsvVCSKutSwVDJTgJ
-4lub95/gbWckRY6fchkh7rSTfNXXYevbysQYdZaAR/qgquUNt23/ewlagF7uqgZt
-CQx7MHMU2quEdvIfZuUPFWe0yHBb1bZCHYxKXo6XG8I7WdUAFRuwFLTjqgSYPD1j
-EpUyU0+xxfyXB3vWrM/jcw8XKzi04wWHuQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/air b/krebs/Zhosts/air
deleted file mode 100644
index f27106f0e..000000000
--- a/krebs/Zhosts/air
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.99
-Subnet = 42:32d7:b589:8ae8:57a5:4cde:f49e:851d/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1yNqMyy9C1O031M518kzLYLh+Ox0D2r9UgVSSb9OgpQ85ZJgl7Kb
-SUzlZLbC9CX4O+PmtWvZwtPfLjua9VbVOtUJTB6zTB9Oqe4hTmX0oKIgheGf1rKS
-ylOaLfSz7PaPR3zGms17F4ovLDUBG2rpOyoHJM54T9LyJbPny/t7v/fjAFqu6atK
-1RgER3j3s5oPaRPw0pYR0kiGXayZRL6q7Qc6AXMlMi22sdRI9e1YCMCyC4u1oU6U
-grw7khyPWoEaue9B7fKfG5PixRHHlrsVDdwXEVvH87+/X2IU3H3C1/pslenAQ98i
-qGNJOl2eJ9FHInQjI1cDMgFURcT6i8mGpQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/alarmpi b/krebs/Zhosts/alarmpi
deleted file mode 100644
index 205b0d838..000000000
--- a/krebs/Zhosts/alarmpi
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.124.187
-Subnet = 42:2de9:fab6:7460:2fee:9199:fa1d:70ea
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAunQOFP1mnEmsmnMYjCwbWdbGe0/hHQs2bxIdwO1RXngXgw/TBBhN
-Xlp75LzPiT0ELF5WBPVclqskT+bl+FOOITH9XDkYzm22jzeLHq3bs3YiZhwzidkO
-Xhq5pwGY4HL4o3SfFtfOHse688qqLXefoc9CfyAIKMCRRAxlzpqNVuZEg1eUcuUJ
-z6gugJj+YyA4V3JGq7GuJDiPPOMrGel0rITMlWtYYtm0jf6deYBPjo+ZogDESlez
-tBmPKNCXynSxb6cV39StUsbUQbLvHgPBrA01T+Hw1DV5eHmWoycvD4IfJqXdfMbc
-BOqRHOlErXGTG5m2EUoU0VSj75zl06gW6wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/albi10 b/krebs/Zhosts/albi10
deleted file mode 100644
index 9bcca7ccd..000000000
--- a/krebs/Zhosts/albi10
+++ /dev/null
@@ -1,11 +0,0 @@
-Address = 74.122.198.15
-Subnet = 10.243.0.10
-Subnet = 42:aaa9:4ba3:8c43:bdd8:2cc8:29a0:e8e6/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0Jz5rQ7NpIQWwhDsrZHlJYAnC1k1onl2ln/6CJbdV9t3gG2hlx/9
-0SEARo6sq9fftyzzZd3iY4WK7+zRXJFXHsLmDa6mq8Mme7Yv+YHZoHPTm9c3tN3v
-laiV/qAdoi/sv43DCo7JywI2lTW1pPxuitXuud2ajd7GXuCoRqFRqLtaURorVKkW
-4j9UGpMKrEa+CV9wP5jZ57RSPQ7aMq8D4GiMqKDgUeCZnvXxpYWDOEdGNlpuUcWt
-/erC6u50/vnjUkkHx66OmkZe5AX5MmwNp2q4zC4sTh/BRhqk27AmNl5wbp0kL7/B
-hg+r0F8ckrdLc21sSU36lUIeeFa/S+A06QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/albi7 b/krebs/Zhosts/albi7
deleted file mode 100644
index 32cf0dc84..000000000
--- a/krebs/Zhosts/albi7
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.7/32
-Subnet = 42:6c61:6962:6137:626c:3769:000a:1337/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA+SwdWv1anjIaKSnvel9d23tgqye5RguIVfgMnjpMsqOYpFklLIa8
-4wREhVvpiArnIsoTXbKzdeCFgaAbMS6aQ701Pyv7QriVy8m3iUlgqvB/znogxN8U
-z1fqL0jAHLkQkoyZ2a6mUgHpByvUqZNcq6istYLwGnXO3JQrS7U54hHPpXbxwFY5
-0/Wli9OueG4fWaZ9skDa2Faq4c/Lngku+Iv1gBBgII1EDSsgedNWw3YBTmHDFNTZ
-SsORj2ho5nQgdvw42qEINbxpU01jK8XB+jmVEO+ixZZCsWlOeCjl9Zym4MZDRePg
-euTLTbgs/809ElM8V+EzRKSPNR2k6FrBXwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/almoehi b/krebs/Zhosts/almoehi
deleted file mode 100644
index d856f682f..000000000
--- a/krebs/Zhosts/almoehi
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.239.66
-Subnet = 42:0730:2eed:2bb9:9d4b:eeb1:641c:0fe6
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAtyfcqaDrDmsBVh5w4CksDI1Hn/jDcZVyNWZlqxQojjB2SsxH1VyD
-VcpmwyzDSE87CCZPN4xjIbrc+KgjiOVSAu+8Ax4dLqVrP96s5lJUIunVcwd3lQVi
-D7Ol2zDredbXuNi3jb0qBU+/qiK9mp1vTcEXhXmCSTiXIHz0d7vkv9S0h+YgKGMJ
-xBQsyCsEI9uAeGghVwrLcwY0ea6ZJuYz0miIn9+g4D5PROxImBAJV6uvbG0cP8QG
-rLY85YYByk2qKPIXrpec4uc1A/P1+1DSl5I+GEkBBhSmQB71UYCDULfuL4Eu6mFN
-AFAPsSCk8DFo5//lULky24CEkxTtp4rcPwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/alphalabs b/krebs/Zhosts/alphalabs
deleted file mode 100644
index e5f98d692..000000000
--- a/krebs/Zhosts/alphalabs
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0:0:0:0:0:0:a1fa/128
-Subnet = 10.243.1.10/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvUAbMmmOFn+4kOvJAvmi0R/XCQa1YBlkjUvC6Pmt0Q8gV1DodXjB
-DgwP8yhLcxaVy2Hk82aJvNTUrfMeB2sdt1RJHQiEPQkHthdp8Spm0Px4uTiMjmFB
-ev91xi00eCCGIKsXdh/qso1K7EDHt9MEVHOvSlkawWzoyJ6AaHStW1ElwDdGjZpl
-0YWrhx4Gk5X7pCp3LKkQJFfGtqoqGOVg2JjqK3qMsAdRo6QvYDqjFzARed/D0k55
-kcKXjBJAVxoU/CqGfS/Lr0fL8tdYgXaAXvPO9dbr1t0KyOUY2KRNBePeSvRp/etb
-H0LBPsO9F7PQiPI3DBoWCYgsuj/hBXapvwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/apfull b/krebs/Zhosts/apfull
deleted file mode 100644
index c64750b84..000000000
--- a/krebs/Zhosts/apfull
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.138.112
-Subnet = 42:0707:afc5:96a3:8215:305e:0474:02fb
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAxNnJB29djjUFUZqM7EQ8kj+IRx/a+2fA0ZdNoUm4ar6t7kTmOc40
-GzGr0zE+QPqQ3abDk7eTmZbU3yUNiAUDzDMD+iqwKAVJnMb8pjXlGmcpdvMuxwbz
-bHeTEaVqBmF4seXlwUKL+waa2Yr1t0YsynCUte8dbcauaD9CY61QjDUP7TQBglmk
-eKq+qbFNKjzIjLQf2iXsl2+dzuFqg4OUaUD0zZJVzjNpKSz24uEK2mD9fSmS3oYF
-yzsNaOKaXr/j+1Xlosxy9Rde/o54UbtZTPYsNdhNgnXmBan4zTv/QnI67Uf9RqiK
-PHsSAkfCj/K7iAOKE/A30xYbd8eV2tPANwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/bitchctl b/krebs/Zhosts/bitchctl
deleted file mode 100644
index 8f188a2ae..000000000
--- a/krebs/Zhosts/bitchctl
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.104.101
-Subnet = 42:5ac9:c698:4d1d:6ec5:45b9:647b:a8ee
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuxd4ZU3y1ZgvI+/7mQkWBlF6VvX6ty8+iKYwmjsSUCclxz3O5DB+
-clps9k+0tQvtKlsxG3lnFQz9fd4Pj0GIuWsAdHRH/hpnb9nYSRePKWy0RBjAZRr4
-8rXqI8NOdkQiIQT8gWw3ujzw/Mau/bV6AWqi+CbeExm+J0bPW/QZlAZ4BEKFvuqK
-U8yOQ38p9s3Dpe4S5JZ3cu54j5f5JygXTZgk2ZW3frJ/JS+lRHfFlIW0ZAuTqn/u
-GD5ahHLbRZPGsG5aSR+agfOVIAHLBnDoFx6AQUr09m4zyMgPEC+Xq/DvdP/Hvuas
-RYRol9qHtNeFJViWIUOQPHypTw2a4Ev7fQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/bitchextend b/krebs/Zhosts/bitchextend
deleted file mode 100644
index 82d8ffa43..000000000
--- a/krebs/Zhosts/bitchextend
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.141.142
-Subnet = 42:f8a6:9f59:381d:eedf:d90d:8611:4a9e
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA02Zp9aYkEn5yLSaOhrmuFzObpmWdZfT5OWzE11LUeoCu4rsEZY9T
-DB93iliJpxKYuLnmI49vGfSSzqGs6B2yoh6Y60OsrYrvBSQ2Li3aTOqUTL8GpR6Y
-GivInlr6F5/T+6BEg8paau/1rwRE/r2cJ78AvG1nd+JtRL9Hl4tYPakOVIbRk3D9
-4qDtWDWZS5BdirbaO66wvYxS8ps14LRvyVkjiT7IPMXf8p6rxumXPIr3JtJ6QC/K
-DKuP95v0vztZm3U32hO92NB+mDb0XjGSOaspEl2HX45phad6GnGBPqhGpSv47xDa
-HprcO9uxkGcEhyQtCALWD8THX1SNoNHh0QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/bitchtop b/krebs/Zhosts/bitchtop
deleted file mode 100644
index 975575efa..000000000
--- a/krebs/Zhosts/bitchtop
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.12.178
-Subnet = 42:4119:cdae:6fb4:0b58:59c6:a993:17ea
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA3NJmRzOn5e8FwhlcdvjIwZSvCL2eJ/lJ6E3/m/BOy7qUneMwfotE
-DarxHFxd6ccMLK8yH0fUuTC9zKVud6bw5Xfaw8BnFm8QXTr3eSwol3Lq1I8+k06I
-PZ5a3tkdK7bQxOi+v70jGyR9E/Q1D7fP6L/q9L3W2RmNivlvS5qi5LgfxiEkFvgM
-EO1FPfXwTKhBCB5LqFY4e+viyGxjZ+nK55QgacU7MMNEJN0ntvSp4pLepL29q7ZN
-wSRAjZC3PJX5QZtOOtCYAJ0QqsUv8vZPhaObwPfLvGHku2vl9E8TH+HY0DWjvrte
-E9ZjPn19RWRFExiK2KpbfTJezFULhaAQaQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/bobby b/krebs/Zhosts/bobby
deleted file mode 100644
index aac6e377b..000000000
--- a/krebs/Zhosts/bobby
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.111.112/32
-Subnet = 42:0:0:0:0:0:111:112/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s
-uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y
-Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny
-0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+
-jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu
-cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/box b/krebs/Zhosts/box
deleted file mode 100644
index e02f8ca67..000000000
--- a/krebs/Zhosts/box
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.43.43
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvUMfRZOPb/zKvALZTyxKQuzowqqJ/HW2lm/RIOKL2uoTUgVX1DJB
-fCLf66e2fHnjnStXuaMDNs1kq2gi4EyK5Q50RxVBq7XayXYqfnFwzTE+Iqape542
-vYSWKLdrxljln8a2EYU7njtcWkTpW+cJIwSHEUkDLAowF87ElQ0gBmyX4p107pow
-jg7zcYierVdQXkI7mO4g2zWsywfhwscbu5hdCp1Fw3wHFDatgyhPj1pJruKe+O3c
-AebF5yQOAsCxAk8ZcwGLmmF5xK7lAeux2Qzu1B4Pkfxi97g1GVLnX+so7PR+vvkQ
-+OMzQGIWXtaOqov5q2O1N5RJzng/kCjC/QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/bridge b/krebs/Zhosts/bridge
deleted file mode 100644
index db75113be..000000000
--- a/krebs/Zhosts/bridge
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.26.29
-Subnet = 42:927a:3d59:1cb3:29d6:1a08:78d3:812e
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEApeeMSYMuXg4o/fNHnG2ftp2WskZLrt63zhRag7U1HqYUnuPqY60d
-VVy9MBTawm6N02nC2Svm3V07ZXaRp/XsXQLx+evZcDjPjnDYgl2ZGX0ir5Cn50bm
-UzhJiMW6/J7AYvucgeAaVJ0YmIwRw6ndYGcxmXWi4TK0jSzhuSLgookWM6iJfbdB
-oaYsjiXisEvNxt7rBlCfacaHMlPhz3gr1gc4IDCwF+RAMM29NUN3OinI+/f56d7b
-/hLZWbimiwtvGVsGLiA2EIcfxQ7aD/LINu+XXMaq7f8QByXj/Lzi7456tDi3pdJg
-lyg9yqRJYt4Zle5PVejn08qiofTUmlEhnwIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/c2ft b/krebs/Zhosts/c2ft
deleted file mode 100644
index 8ce0539e2..000000000
--- a/krebs/Zhosts/c2ft
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:e674:8a82:7fe4:fa51:d305:192e:846b/128
-Subnet = 42.221.17.214/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqS+nvuQnAlhsGHgjKRz0nq2nj9HWwzrA96xnng6UCmkTpFyprM7b
-20vQ5wqcHFAbuZh1dOOb9G2qqsZYE6V1452YLZZLMsnxiJD8kSorHrF6kJid5JjH
-xyyqSvkXaHClQItVjo7rIn5P/Tl+BMt64KaPxpu/4GBVHkCE1apLtaVRnEq5t2DG
-htZuUqzhuLN4TQiSVC++7qY1UQotjLbAQpYxf67np5sKWMOqg5UA+ghuLeO9jpqL
-qKoh2TMzotGwlYBMXVA0jJtQu5Sq/IWKWAyk9zca2LT0W0ZZWYiTl+Ai5urbJgCV
-GvWeJCoBKteIKUHRVNK1RLDFl6/ITOu9XQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/c2fthome b/krebs/Zhosts/c2fthome
deleted file mode 100644
index a8eaabc97..000000000
--- a/krebs/Zhosts/c2fthome
+++ /dev/null
@@ -1,10 +0,0 @@
-Address = samularity.mine.nu
-Subnet = 42.44.64.126/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA4ADumWibheOOocw3diK27ww4xfyptLZzlPcih5BJFUPOljXN33th
-1rbFwBr0QyRSad5U+/w1qlTCCqadjNdu+0RPGxbCrEqE3bUlrbES3Fw1ZtyIeuRH
-v6yTQuOzJXyceGGYJpK4JjFgFOggSH35dURDa1+x3pJECyWUAVDknWE5CS7HNufW
-bcREh18LoTUi7SGPeWauDLvVb/eeuDNJkoFj+HWpNqupFXpXUD7vQ+FBTtKO9FZu
-vd/QGYv7gkRGQfma3+2XW9fWgIfE1oS0qf4UfbycaEKMFS5Tn7li3tzCcH9Da4iB
-SsyWm1Hg1UYXccBdDYWYo+vdG59hIjmh8wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/casino b/krebs/Zhosts/casino
deleted file mode 100644
index e35691c3c..000000000
--- a/krebs/Zhosts/casino
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.233
-Subnet = 42:3c1f:ea16:e181:7ab2:c51a:8892:7fb7/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzmZ7x4HVpW8RC3ZkwmNKY/6VGlMKQbpBQtmrUzV1XFxKWZRhH3VI
-NOqlfVpTEaRTorht7R8F1aw9psDDUcg7yuQFcUdoXxBJxwbc1h0FKyZZr5kAIfpS
-ObE0rbBRRqJVAWgztpQAalWC95D73y/+tpHnQ+LRFq9IWeX5+QobaSym1oG4Y0Jz
-STSbw2ksjH8CuWHS5TjZr50Nyx6cH99HABDnadxhLBtQriJPSYRYdWyp7tYrW3jd
-As28mxkyFj0sFV3IJ/bYfZD9KSGg1KjQu+c73xKOBUhNtSHFjUzN5myYGd/nWCw8
-0PUReLrWC1ZHYPzqiwelTHcNJ3UcojpO9wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/cat1 b/krebs/Zhosts/cat1
deleted file mode 100644
index 1a9dd2fea..000000000
--- a/krebs/Zhosts/cat1
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.244.32
-Subnet = 42:86cf:a3fb:16b4:edbb:df13:a7a9:cd61
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAyjmB9IyBYexahK+fxSzVNrVxMXroXMc4Fyx16+XOt9hugn24Suht
-06kQwwbpkwjWfIEONzr0UPAbsOWG/Qj3w+dqiC5iqHZWFW/NdBgwunF5+INnEamj
-eIIqei1230C/NNpTph9u3UsT+ZgZnc+r4usEmTpZslvtkVwg20jwT4w3Vq1ws1Jc
-8Ccy8vk4FjgBP88zuvqzjBtTGQMrDgBd68XlGVKOhrvxCebHknbcHWpUz4cN8TX7
-bRNpSUTCSGd2taY6g4cUxiegbTeK2LDVvW/6XtISvJqVVllLD/p661W6gRUlkspv
-phLJc+zNLRxOC624JRivt+Ag5iBI4YP4SQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/cband b/krebs/Zhosts/cband
deleted file mode 100644
index 51c51e9c9..000000000
--- a/krebs/Zhosts/cband
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.7.76
-Subnet = 42:c293:090f:df44:0926:c7af:5012:7cd8
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA11kwqXkkDRmxmoZNFDqtUsxK6d/HzTdFC/v1V3fttePuYFiEOhZl
-rLBS3+Eei4CsQrOwnaRBhHdnoOZGEdxJmq3YXDWGoVAn4bEgommCddzssVzWtVMf
-hIntuCExczEMIY+MGzM3QupYxUgRRVjFtvxoC9kKOSlaq0BhkdJiWygzN/NUfqpv
-HgDufoAcORLQInTpmQYEkZO+XmXejcCY/C+VD0MENqj3SijGw9tm2YmInwSwZnwX
-Zjh2xn96QbV9O7bpfGHcLxWhsUyyRC46knbbBXuAdbDsa2TUdzT5D7nb/TLfP412
-agIhk+cwFM24y/ChHdfoUBakKF4wZI3l4wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/cd b/krebs/Zhosts/cd
deleted file mode 100644
index d65814f46..000000000
--- a/krebs/Zhosts/cd
+++ /dev/null
@@ -1,17 +0,0 @@
-Address = 162.219.7.216
-Subnet = 10.243.113.222
-Subnet = 42:4522:25f8:36bb:8ccb:0150:231a:2af3
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
-rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
-e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
-sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
-CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
-PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
-LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
-DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
-ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
-jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
-Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/cloudkrebs b/krebs/Zhosts/cloudkrebs
deleted file mode 100644
index 3886371ff..000000000
--- a/krebs/Zhosts/cloudkrebs
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 104.167.113.104
-Subnet = 10.243.206.102
-Subnet = 42:941e:2816:35f4:5c5e:206b:3f0b:f762
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAttUygCu7G6lIA9y+9rfTpLKIy2UgNDglUVoKZYLs8JPjtAtQVbtA
-OcWwwPc8ijLQvwJWa8e/shqSzSIrtOe+HJbRGdXLdBLtOuLKpz+ZFHcS+95RS5aF
-QTehg+QY7pvhbrrwKX936tkMR568suTQG6C8qNC/5jWYO/wIxFMhnQ2iRRKQOq1v
-3aGGPC16KeXKVioY9KoV98S3n1rZW1JK07CIsZU4qb5txtLlW6FplJ7UmhVku1WC
-sgOOj9yi6Zk1t8R2Pwv9gxa3Hc270voj5U+I2hgLV/LjheE8yhQgYHEA4vXerPdO
-TGSATlSmMtE2NYGrKsLM7pKn286aSpXinwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/darth b/krebs/Zhosts/darth
deleted file mode 100644
index bcabc5f58..000000000
--- a/krebs/Zhosts/darth
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.0.84
-Subnet = 42:ff6b:5f0b:460d:2cee:4d05:73f7:5566/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAyx5x0jzfhex8EBSFLlOIkP1yJ5cSPLQ3hpPMvN0J7QdVbypU6a9C
-fzGpzBph1sRwXnaqCMe0og5VT3EdFtngbmm6t/CyMhBojkxMQI08m71JT5c07+1U
-OSSLXBXYHcN6cAEYEsvTiSuvP9RoAbUeQQbZryI4wpzzQ7ET1l7k/3eeXAwqRKR6
-xiqn/4597U09QYmllqfplJUBv2pIAIcFlm/KHvNTZGEZS83udfnECwDwgU63PMns
-38yiCpI79kagXyTOGCbkUatt0KNTzGNLAm0CyeFd1AdgUrj8fVg2jQLQlBrze+Gx
-jkphgkVEgMtVMTz8WKfz+Dro3jBfQstIjQIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/dei b/krebs/Zhosts/dei
deleted file mode 100644
index 0d401b019..000000000
--- a/krebs/Zhosts/dei
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.247.164
-Subnet = 42:d702:e261:bf4d:2f5f:00e8:bf56:4d50
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAva8pJ7H+ebQFEpqLZhr6hE6OlCRhSlPQwEoWtQLHT/zsgmUEhXcw
-9045IAAgALc1Wf6lVWKwNEBNyLNULUgmkXzgjCG1OuLAn7jWtaNQZT+b6ZM/b2Qn
-hrGdHCcpvW1kpIfho3zMts4dVx28Z85JJlI4ZqfFZWwiuCj+x8OELdqtm2IYryiu
-6dHRR+4WkgEvqL+1YF2RRxXIcSW2wFdZOggjXYobzC2wl9zWkTBPC6lKQjlKlSrV
-ZZBKRwuHloHPt7HJTjWZTX28CbC/P+3l5NyMhfmqtFPZuhC4p7EAWwcXXDz1Gkxl
-w5EbcTz01pePFj5oVfK5aUoi1JFZ9GSZFQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/destroy b/krebs/Zhosts/destroy
deleted file mode 100644
index 8b5f7f5ab..000000000
--- a/krebs/Zhosts/destroy
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 42:9277:1f1e:7599:ae4b:7cca:b4a3:fe47/128
-Subnet = 10.243.0.31/32
-Compression = 9
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAofIF/j4ddJEG0sOJJNp6hVXqLpj9FPw6a1vLLqZsn/NuZi3QCZ/w
-xj1nIsQbc1TnPLluHhpn5kuvzb0lThqmPJvX2uXnbq7WH6OvRyN/FV/Gn40txdni
-MFWD53zGlAle1/Jdt+to/+0mvRP8U+dKuggemGljX2nrUxaJgVRVzynvkys5l6vZ
-2oMeO/LnFcAt9ZkMFoqDfKB/RPOqTD9k6Sz8xubVtasQ4ufpQl8Uv6zcYl1PnV7C
-9Pj5MMtQVtRRV8hljImqpERunU6ZsXhyqI9O/cVw9+QkWf7Qh5E0vUKTT9FISyTV
-nmQ9v8JGV2zPDVMmwP1ewyA1W9YhGiFd7QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/devstar b/krebs/Zhosts/devstar
deleted file mode 100644
index 875f62e2a..000000000
--- a/krebs/Zhosts/devstar
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.133
-Subnet = 42:2be0:92f5:3546:5f0f:8f22:6244:25f4/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwkkmkhGMnI0x5VIgdLwV2SvXO9Bw3Sy1U5AToZiG2dSB+OiwwLir
-JIrTHv4r73lMLROJjQhznq06VMmNviC82178H7/DZqgSqlGU7d9p1Okd5XCs6LI3
-eaL5mYTXFuA+PMHVvYqQ5fDQRQ4KoWmlSV65XUPejPlxtl3FXqOSHVuuBSbka+St
-qLyWLAh9d8AfWjxbAIv41fl6WOyw2IuDc05K36aT/TwzA3ykl+ekNObAjvpI0cxI
-+d3j8H8JY5jDcg1hvWT06JqpUcTJRkWLL7BBdQvWySaBcET1Flfo8eYVqVQDK4kU
-XV/tA1ax7YPFBQ7Lh3Ru9nEC45Gv6R4HbwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/echelon b/krebs/Zhosts/echelon
deleted file mode 100644
index de4366875..000000000
--- a/krebs/Zhosts/echelon
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 104.233.84.57
-Subnet = 10.243.206.103
-Subnet = 42:941e:2816:35f4:5c5e:206b:3f0b:f763
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ
-oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX
-MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f
-4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA
-n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p
-do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/eigenserv b/krebs/Zhosts/eigenserv
deleted file mode 100644
index f59667940..000000000
--- a/krebs/Zhosts/eigenserv
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 42:c9d8:ab9e:c7fe:43ff:0268:f862:42f7/128
-Subnet = 10.243.0.32/32
-Compression = 9
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAyy060LWeo6Z+Kp2h5LtyMx+KGdxL9/WjWfc1yf/YZ8lhZutNb+Kd
-u9AHbnrqTRWRslP+toNiC55aJ/KlTBFQA5nBu2DC1KdG71AX5th7bRvUMfEAEG1+
-7MpcyuC8Owvleg/b4Ihr+/kQNbIPPhAraPJU780Oy173jnt+PCIYY+aTnEuO3UBh
-yt3oPhfwMa2ssPL8GfF3YL9Pvh4UEbUu1E7zSOqzCOzH3od5I/G/TjvfHl3u4tEr
-6kWHVqOYaKMJlqYvb7tnw7QjJNFhVneBJN6eMaWfcmTp2G9S+SwOppW3P4yRxrar
-GLWPgEU6to1wduAktecWU/oWambgXb/hUQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/elvis b/krebs/Zhosts/elvis
deleted file mode 100644
index c98ce7865..000000000
--- a/krebs/Zhosts/elvis
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 94.79.154.86
-Subnet = 10.243.228.181
-Subnet = 42:42a3:7ad4:f156:906f:f6f3:943b:7b1d
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAv7wpfzpazvXzKJsDkJ8J9zsTZRoI6LnpSIcO8hLQcHNk6LTWjBy1
-xdnsSe3eQYxNmZPKi28PdbMo4YQlFdewLSB69PP6ZX5ISNXVlCZ5Cend/kfU1fXV
-tcZ4JQCl/adHqg8niLAODfnXhwVjMpllgq6gCg5mVPILy+CZ08OM6Ij7Q5d+3Jr4
-1zMvAXyeuNQcL+MkBveblKC6j/e9fqaK86sUh/4unfgmkB7GWjqFwmoHZepR83o9
-HTBmKxEIDKYjLWVXV1Wph3/JN/65igTtju26cVarUmTtGIhU44NzCi+94+wKuJMU
-Bbjk/CnuWQoU2ABPsxtW3r6m4pSDhypNZQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/eulerwalk b/krebs/Zhosts/eulerwalk
deleted file mode 100644
index b6dbf43e0..000000000
--- a/krebs/Zhosts/eulerwalk
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.176.249
-Subnet = 42:7429:4e08:14cf:fb5d:9c17:76e5:ddcb
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAv0GyX62KaykRkN9f6ZgtAOPk1rr+ZFG6Il24crrkIJgx0He+VVjr
-XgXE7EaVwNjNm/7nIhGGWbCzravDIrRzQXzY+IQIzXwSPKv0WZkqFHZj122SIt9L
-QKtkGnECA136uH3AqbXoxhsz2FnuDunZ6gKAi6XIlq5Qr2Nyv0qKKaM0zTZZ4pI5
-PqsNfV6r2gc3jo/tOuxVgG86dMAEHLMdwjdBE6/49daGXyhsGG7Gh93c8UlyFKyt
-r6LC+4Oc1MCMtCbxsmE/iZWJtpUHAcQDzTcAynP916xg1PBLhczfWFCPR0LXOQGe
-MYSv34G0gZqPmkNJryi1MEFZ61zo/SiO9wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/exile b/krebs/Zhosts/exile
deleted file mode 100644
index 25d68ca4c..000000000
--- a/krebs/Zhosts/exile
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 42.116.243.248/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0H+DslKV6EDCZWBCJs+MFyvTR9Ej0yWthIHKzFrA4qI8rxskrGGP
-xhb16keQLPCAgBVVVmikh3pQVMq1K6ry5Of0uM7rU7crBzRfJ8zpGZXfYlBDFDAd
-Vg8wwDvEYsYCAKrZbYIKb88WR0mT7K47ipTbXd9utzmoWGa/SuGtPkYOigcWYMRN
-4QClPDLdICQvdohVvfd7/LXRNuwrWOJcmtLitTEZY9lo2hhv+ZKs7PBrmpTBhTMY
-N2Et69tVPQh1t7cljf3Esij5AUczv979C9Lvukj8Kb51Et0T9qcGAs/M3b64X7FO
-KjWVVQttj3AkjgLZ5OdYlm7uRRmYmKQ95wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/exitium_mobilis b/krebs/Zhosts/exitium_mobilis
deleted file mode 100644
index 3b112a0f7..000000000
--- a/krebs/Zhosts/exitium_mobilis
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0:0:0:0:0:0:AFFF/128
-Subnet = 42.127.75.187/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1zv7tkHIUxJX2FIFcfakvZZYuI3VH56nkQYlpTUzO9WscMF1BgoH
-WKOvHy9QzxAJgqmceroZKbV2PIws/PZgwk7vNGPmmZtzkTuNS+RXd2y1WwKTHpxT
-IZ5TKo9AGuU4dcMLAR2xheCJzTRNoxj4UrUgN1WkAqdKhN0Dysglfb+FuUiMdbop
-rbzsKhJZKnJOnS00Z9K7ZrTWkYQR6nhMuZ0EMggc+pa5NesHfIoeitXQxB7tz9M4
-6O7xE8ZkECdKXmRBGhSU2ghnCqiomDj9l6L6S6Ms8Q0ElPM78RTh1a32Euj9Ffob
-v4gQuzI0fUKe+pbm3VC6B+9awkdd8n1AzwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/falk b/krebs/Zhosts/falk
deleted file mode 100644
index a8c9e2f21..000000000
--- a/krebs/Zhosts/falk
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.120.19
-Subnet = 42:845f:0432:a816:c623:fa89:8485:8700
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA961eCQE562VPYjuZtd0+FNRfUghvD2ccjUlihMjzg46GAK+duqK+
-4peWklGOL4eRYQBg6G2VDzWiU2MxXVbXUZaMrxh7fTc3G3LdbqTxzAv3GQKR/6iA
-9bGUf6u4ztVNAcj2mrY3mfs4gMlBQyQ2wcM0ZUpiAMaRB4cdq7I4GVHbYTFYfQuI
-2zdnr0w8AjlMpFFcD0ExsWeppiJsE7iiME/S2VVfh2NrEpAKQbLH9fKrfkiJA/+9
-0VIH9wLLIYngUtQKbvEQ5xgx6ybrg0vO8ZqZ1ZGXYxOQZzWzPP0tvDU0QHSKYSWb
-FjcOf1lWSWjsjHxMl/Gh57hjNJFCbs8yjQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/fastpoke b/krebs/Zhosts/fastpoke
deleted file mode 100644
index c897a97bc..000000000
--- a/krebs/Zhosts/fastpoke
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 193.22.164.36
-Subnet = 10.243.253.152
-Subnet = 42:422a:194f:ff3b:e196:2f82:5cf5:bc00
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq
-DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O
-FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ
-ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB
-EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy
-rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/filebitch b/krebs/Zhosts/filebitch
deleted file mode 100644
index 64c88cb0d..000000000
--- a/krebs/Zhosts/filebitch
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.189.130
-Subnet = 42:c64e:011f:9755:31e1:c3e6:73c0:af2d
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d
-fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs
-e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1
-KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99
-oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf
-wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/filepimp b/krebs/Zhosts/filepimp
deleted file mode 100644
index c689c8852..000000000
--- a/krebs/Zhosts/filepimp
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.153.102
-Subnet = 42:4b0b:d990:55ba:8da8:630f:dc0e:aae0
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
-3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
-wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
-oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
-UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
-8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/flap b/krebs/Zhosts/flap
deleted file mode 100644
index 94e6bdc75..000000000
--- a/krebs/Zhosts/flap
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.211.172
-Subnet = 10.243.211.172 53
-Subnet = 42:472a:3d01:bbe4:4425:567e:592b:065d
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy
-2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM
-8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn
-3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL
-hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
-Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/foobar b/krebs/Zhosts/foobar
deleted file mode 100644
index 2c77b79c4..000000000
--- a/krebs/Zhosts/foobar
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.135.219
-Subnet = 42:edd1:d518:f7d8:ada3:1ce3:f4f5:a986
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAsCu6xC0OctUKu0UsscOWfyQlMtMrD0Pt/wB+IDOnkEgDKqcTYGXW
-h6VqMqE2cQhV3ThoxqeIPnQzwiMuVd0n2q3ZDexfYvHmqTZoaMrQZJlgY4rDx8jC
-USFqnvtkJbOxFBiS3c5yjOIybGSGDXrAaxmn80xewNIsdSqaY1/2FxKwx1Fn+Kf2
-hIQOEYkdLhwPso+HyNGUwVKjsRVCSWdJSzBHB38cPZRoPpcmRHOTs/Jtx0b4RXQr
-tVYW8i+Jq6hCt9sDLJexP9unPGl30Gn052noj1t4DRCPFpOYSLJFcGU4n/OzYbzY
-O8VB5DjgGK0eyEXvtByxvWYPnuRwSLaH3wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/fuerkrebs b/krebs/Zhosts/fuerkrebs
deleted file mode 100644
index 35bbcf181..000000000
--- a/krebs/Zhosts/fuerkrebs
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0f19:8a1e:7865:721b:2378:bef7:1159/128
-Subnet = 10.243.0.144/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1HoKqh7HvXCKybe2FNBI/wuOvkZuftL0/DDZfZtPlCRtdcOA4XFj
-hQng5+VE3NG0yKcRs59U8iHSeN9b7Is1YF4q0RtM9YQTDhvS/vfpHDq42ftjMs/e
-MIFvYBGr2WIOzOYPiACURRcaMmoAViqK2Bwda45jORPUGo1afibH9UcDs76lFuaI
-f3mUZvLlqdJEtG040WoT1douGWtUWkCB6/pVUgLAurncOz/XiSI3GFzkMUY+0pT6
-0G34AcYqvdQyxH3x0ebclFlfY2aPStf6bGMejcpRJm4M02xF809DVYlUL3mG6krF
-MdWP85dCQ4V/RL0HdZ9PEjlVhgNOF1aQowIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/gum b/krebs/Zhosts/gum
deleted file mode 100644
index 7a1a305d6..000000000
--- a/krebs/Zhosts/gum
+++ /dev/null
@@ -1,15 +0,0 @@
-Address= 195.154.108.70
-Address= 195.154.108.70 53
-Address= 195.154.108.70 21031
-
-Subnet = 10.243.0.211
-Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
-BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
-i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
-09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
-u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
-OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/heidi b/krebs/Zhosts/heidi
deleted file mode 100644
index c8af51b04..000000000
--- a/krebs/Zhosts/heidi
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.124.21
-Subnet = 42:9898:a8be:ce56:0ee3:b99c:42c5:109e
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqRLnAJNZ1OoO1bTS58DQgxi1VKgITHIuTW0fVGDvbXnsjPUB3cgx
-1GEVtLc0LN6R9wrPKDaqHS6mkiRSDVScaW/FqkdFhTDaBJy8LfomL9ZmkU9DzkvQ
-jncDjr0WoR+49rJHYsUULp1fe98Ev+y3VwVdJOOH92pAj1CAAUdtfG7XcGyHznYY
-ZNLriGZe3l1AwsWMEflzHLeXcKQ/ZPOrjZ4EFVvfGfdQdJ24UUF3r4sBypYnasmA
-q8lCw9rCrFh1OS6mHLC9qsvGfal6X4x2/xKc5VxZD4MQ/Bp7pBi1kwfHpKoREFKo
-w/Jr3oG/uDxMGIzphGX185ObIkZ1wl/9DwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/horisa b/krebs/Zhosts/horisa
deleted file mode 100644
index ac4ed6dab..000000000
--- a/krebs/Zhosts/horisa
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.226.213
-Subnet = 42:432e:2379:0cd2:8486:f3b5:335a:5d83
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1hhBqCku98gimv0yXr6DFwE2HUemigyqX8o7IsPOW5XT/K8o+V40
-Oxk3r0+c7IYREvug/raxoullf5TMJFzTzqzX4njgsiTs25V8D7hVT4jcRKTcXmBn
-XpjtD+tIeDW1E6dIMMDbxKCyfd/qaeg83G7gPobeFYr4JNqQLXrnotlWMO9S13UT
-+EgSP2pixv/dGIqX8WRg23YumO8jZKbso/sKKFMIEOJvnh/5EcWb24+q2sDRCitP
-sWJ5j/9M1Naec/Zl27Ac2HyMWRk39F9Oo+iSbc47QvjKTEmn37P4bBg3hY9FSSFo
-M90wG/NRbw1Voz6BgGlwOAoA+Ln0rVKqDQIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/horreum_magnus b/krebs/Zhosts/horreum_magnus
deleted file mode 100644
index 3019e9cf5..000000000
--- a/krebs/Zhosts/horreum_magnus
+++ /dev/null
@@ -1,15 +0,0 @@
-Subnet = 42:0:0:0:0:0:0:affe/128
-Subnet = 42.35.89.21/32
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA4PcEqnw1ZrBgPl0yNO7eQ9aJpV4HKlENVhc/cobLh3dQgbmpw2Qr
-MQODR5qPxY+WmyZiQeU5sh8WutfpVn6xBCmR7QDqA+xpPhe/Y6uqWGDjxNftnetz
-gphYv/nPGj0Dv5mo2HGPFK1VG+kp9k+vlZb3r+03OVFrIVHsUg6qE4e8o7pN4OmF
-O10i85csMyKvSfA/rNHC7RdYP0tVLZTw4ZMTQh5t6zr/foHMr5KPXGVM/hjUWXW+
-ujSxUam6JxS1wk1zFp72Vd3X+JQH1eaDHidm3BBVAvCynyhUyaQh7nSjIDWZdGqQ
-GmBcj0M05o1tVGV/7sgQUTNHiLaX6vE35hQoq0Jr2bhfIzjhESLl7HuBMpvDntLE
-Tv+c/R3qryTNBBHFZOvYU0qx7I0cq5NLx4BqUXd6EykQvLZ53TyjFlINGQuEZXsj
-LOtyAj4n2EEg6WmSUhrB+tyowqumdT8ltemuhZ2zDmimep9EvMiZOVns8VkTqmBw
-lRzatTHS5tv6NieDzWTBuMqZiWjgpK8GILUn5e/ecIT2xTSVvo0jzIBwKtFpwf+X
-CkBB0tNlYYmDmHJxiKWBsgw27BFmQI59h3wGHXHSDRgShLBjNH62Lm6omDwivDJQ
-CJaTYPIsL8sdoCglCIV9NwUkj8tM+cvxZiZjvB3zizNxL57ZqpAcNGsCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/incept b/krebs/Zhosts/incept
deleted file mode 100644
index 348e44b1b..000000000
--- a/krebs/Zhosts/incept
+++ /dev/null
@@ -1,13 +0,0 @@
-Address = 77.95.224.63
-#Address = incept.krebsco.de
-Address = 2a00:7b80:3008:3::fafc:241
-Subnet = 10.243.0.174
-Subnet = 42:a2fc:1c89:65c7:6e60:1f62:eaf9:e9b6/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvy4J8CewsXeFkFOLqDwiTN+3fF0yjmP5ZVtrLrPJn7Ux75elTdn3
-iLcJYTgaO1/dmw8fPD5DkNnb3wiadZiFGXpsTd1jD69mHcn/6RY/0Fcne9qDiqgp
-vafpUD5UP7/7S+l5kkD6n7HVRblLXJIJk6Z8RCRN8OGyfjMM1IKeoR8kR1+85fpf
-C28fnU3Nz3YJDazOaMD7aGiyGZDRyY+wRjbWtMXE/NH8ydN148ZpFaMvBjM7fl/B
-q8XS5Rs9lFlW2jpex+W2DNq5t4QRMUDrLgD0gug0UiYCYw4IJg7OiI3g6vwjSDtq
-hRxpQ4nq3avmTR/NWzZ97PP4eXTCIQhiQQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/ire b/krebs/Zhosts/ire
deleted file mode 100644
index db4f9808c..000000000
--- a/krebs/Zhosts/ire
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 198.147.22.115
-Subnet = 10.243.231.66
-Subnet = 42:b912:0f42:a82d:0d27:8610:e89b:490c
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwofjmP/XBf5pwsJlWklkSzI+Bo0I0B9ONc7/j+zpbmMRkwbWk4X7
-rVLt1cWvTY15ujg2u8l0o6OgEbIkc6rslkD603fv1sEAd0KOv7iKLgRpE9qfSvAt
-6YpiSv+mxEMTpH0g36OmBfOJ10uT+iHDB/FfxmgGJx//jdJADzLjjWC6ID+iGkGU
-1Sf+yHXF7HRmQ29Yak8LYVCJpGC5bQfWIMSL5lujLq4NchY2d+NZDkuvh42Ayr0K
-LPflnPBQ3XnKHKtSsnFR2vaP6q+d3Opsq/kzBnAkjL26jEuFK1v7P/HhNhJoPzwu
-nKKWj/W/k448ce374k5ycjvKm0c6baAC/wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/ire2 b/krebs/Zhosts/ire2
deleted file mode 100644
index 6b9d0a79c..000000000
--- a/krebs/Zhosts/ire2
+++ /dev/null
@@ -1,9 +0,0 @@
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwXkn0H/+BUiARYSzZCpjqEwGeDZsbRHoWcRNlmlP6XjPMbKKQBHf
-gdERPevhoGaNtQdW6SEA5xb1cJDHZILHZtpJ63hs6999gB9x/n4x7eR6C9d7HPDD
-rGv+tBdwo8QWOIQIVnSAr6WdduSg2CyZbHd6d2Xd12vrfqJxnODSUHibrUusEc/D
-XBK2n1un3znzk7P+KT0xXMtNPU2678tGuwsvSIOoDfDx9+2xuxGANeqvEOeSAgg/
-SUH5CbcAFI2/4AKWP4e/yxM26YoKdz1Fu/hx7WqKwYmPERrgcr8ienx4WFGG83AJ
-CmiYwO23L4qSp1KZT8SbGDh2YpamZg2BZwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/irkel b/krebs/Zhosts/irkel
deleted file mode 100644
index b197e5d29..000000000
--- a/krebs/Zhosts/irkel
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.253.117
-Subnet = 42:1970:cb1b:d9e2:4603:c1fe:ee00:8145
-Address = 2a01:4f8:140:21cb::5
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1i2XcUold9p5aa4qGv2o3hMwlIt4+CBxuOwnzMOp4WjJyGWBrQiM
-Lw9qpwvc0W6c/MYTAUzkq42766jlYRzA/yse0/DeKJvF5BrCk36eH9R2okK1A7K5
-tk725pTf6D37mkjbiupo7FFfHNGjFdSH7174ZpK/N81YWgrGo1cQUU8JJKGgFv6S
-XZWiWbJWKnLW/a4zyg7wnkH3KlvOAthSNgyrVqZazi6gTJ12kZTg9DGg+Q7iTdi5
-oXc4hilymCdF2fDfmG7M3naaRQKntjlpJmc2Au7wTVXj3525c3Ms+1k//HlX8DQK
-a93ZJA25nfpoYznx73lz/IASO2n/jn/3mwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/juhulian b/krebs/Zhosts/juhulian
deleted file mode 100644
index d9da75aa0..000000000
--- a/krebs/Zhosts/juhulian
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.38
-Subnet = 42:449f:b00a:e973:514c:3e9f:97ed:aac2/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAnNyOsNItOzNQndheZ3ppOMWvIOuO1wgLXArINS1ORcgIAJmLpqDI
-whsZFCVifwAXsdeBJyyZOPZrc2PQ4F3KB9ByX6PQ9jqAhun1aE9SDDqp+woOrTlP
-BtJ/8zAmRhrfak61TxpeTndLk95xOLaCwvS2P4SJLIcyutTbbFdBCqpu7cFUGOOP
-qCKLX7/mv2L+GNmQAnWZ5HwXQzBS6gNaNIcQ8mPCUAIZgRU2T83x/tnyH1RlATK2
-lYUWRM0ie+dRMhiDcwmmZrwYl8wzyvuBPEr/p8ZBM2tua8GlQzJUJl44AiAcx3w9
-0EB5MIRL5Qb0yBvXD0yR+bDizqvhd40LvQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/k2 b/krebs/Zhosts/k2
deleted file mode 100644
index 588f96cc3..000000000
--- a/krebs/Zhosts/k2
+++ /dev/null
@@ -1,28 +0,0 @@
-Subnet = 10.243.97.72
-Subnet = 42:717e:2a17:e7ff:eb6f:b760:5af4:7da9
-
-
------BEGIN RSA PUBLIC KEY-----
-MIIECgKCBAEA53djolgdUlLom7SDi+x1jscvLduf+fzPNlVRk0c6UtR54iHpzVrg
-7OT+PZEAirhWrHyhQQIRoKRK6vRKMwm0PfrMjQXo+1zhBVD/JiPzVGSBfETqVI8E
-jeCS7EaKsZ8gRdWZ4QkDfaQhdWA2RrvVcwpVVxMkjYsHj3EtaHkWGcJs1JAuOsK5
-Zo8ZbxpzgcNz3tiFR4PSp+N3ARE7t2sj8U6z2lk/0TIff3To56u8rDasUGAKf3Rp
-okQmG0EGgTN+qJs/dwIdeKtxcZrRCVd68shphiYE9wC4WXELgJJ8jo4tIiZRu7n4
-lXRn9zQYY2lax4OlBZSkRiaPEISwv5Vv48/H+I1vRaEhx02QL/PnODWSlqMNGiic
-wMBh+DdvQIXRm1W0xxlsY2YOo7GdCywJyLDue6v7ykmQBFgYqP/gVrsoR1y68IdS
-3/dT0lYhrNL+PwKjI0iXPBvA018yw0Dvdgup681C9nzdyvd7y9NorxjeE9Gl9/yd
-X6W8ZE2WIAsli2wGsZLuedcn0mZ25flXbFn6OhrPhP++Kub5IBid/iT60KvxY6H1
-l/DEBJJmFJBsBvFPyFXoEkPJSD/Uc/2veMlb/ues4ur0eBMVML1ZaiK0EzdBYfCv
-kgnVwQG6c5+0XkMk3x5kQ93E0Mr5whILK2upI2tBygAN/SpTsoNXvOFIHw/Ksmcl
-Eqly4P7DtQ9Lu+1DkoLa4ltcejZj0Jjy1j3AI59v0p3Ygx2OWHFv4H5GVjq1T2Pk
-1IAU8X2UTNmcQw5UReJxkNdREOw/XI2pNSBKBDOCMKXH4+a7P3GwheadQiVU5z/Z
-ie/wbsAtp8MGd67aN/i2nrTQfk7RZzIec/UG1XhlQPmJAVIfS5QnFnw+cTAMtYeU
-wHHe4Q3m2+bikBFoqdhJo93Ut5ywGeueKXSyJX6I5AXiiiWnme+IHuNH0G5568yO
-bA9OwDLt4C2U6BFEQtHBA0I8Hh2RT9ObrLUVBUK1aAujLvGvfPhq8QYCcWDJsvxm
-/uAJGb8UdPScTEjftYTWIc1/jikIpK70qOeKiQfxT91hQEBw5mgMCRnAy4m9OjCI
-ntVpHGpylesZWM/na8gZe4lo2dXI7tc2urpqyOThkbpYXNdlNG4F/QcuP90QmiV1
-hyriyHPjbSwIRM3aX7Y/WKwzky0swW+J6mW78yqa5Gt4SzDQxd3KHDAP5lZuFgEM
-aHLOkmOoYlOxWi8eOIWByoH77GFyudeH0EMZV8pwCOTw3GUa1ehhOUlDD6i3CH1/
-gJOQjoKC/ndny8Qz/S+tCLjRHIpQAx36yLME3AvXoKXctuZsZy/9CAsLt9tLZJI5
-AqC/vsOcurKsk1i4GtwuCFnu3qr4OvhwywIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kabinett b/krebs/Zhosts/kabinett
deleted file mode 100644
index e434d4190..000000000
--- a/krebs/Zhosts/kabinett
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.213.120
-Subnet = 42:e792:1d5c:c89f:f932:e954:6ada:1dbf
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1sVtqyeCdKB1nabs0FOC62J+J+grP5B/3/s1cuAxcJmER+NaT/Kv
-rvQeB13BmrIjfJTBaezdR+wp0RiPB7s/aMPjWwS5rzh3KhSFk2SFpnLjB2WIpKqs
-N9TQEf2xB0TBWHqcpSqSthjP3SOGNP7gt5l0D13QIHkRQ2xX1PqYikkYi07cQLO4
-rwXrlEBOY8Dn0GR37NA0k+zt0AIdJ78zXHNjVn5hRj8aLGKB0q/FOtdMNRYEGD40
-An82Y2sW+b7U6Tnrw43TOO+AP/OrclEjmNDTRqYLiVAeFHXKjwbCsSlof0qmoipZ
-H+nbsB3qkFpNEy1cA9c/pqHfSpqV3WihRQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kaepsele b/krebs/Zhosts/kaepsele
deleted file mode 100644
index fc8bf4587..000000000
--- a/krebs/Zhosts/kaepsele
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.166.2
-Subnet = 42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/
-Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo
-rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y
-y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu
-yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5
-FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kalle b/krebs/Zhosts/kalle
deleted file mode 100644
index 8238887c8..000000000
--- a/krebs/Zhosts/kalle
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.154.218
-Subnet = 42:05bb:0d2f:4f25:2c6c:1217:6264:dee0
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAtILSBsb+ISWiyUjJHWN5JWNY7Z5hxxxFADQbK/1ZdlCdeIorQI2j
-gDHdWgck9NasXXa04I+5jw2eDLjU26+r+T1vP/fdOg5yLOgnknL4jkHFVCb/ScRM
-2JZAEXLSAz6g33ks2snQzuyAPTEvZhp49+PN9VmX0JBr/ErKGZzFKVVU+gREVRKa
-fOC4+daKrmRzZWg9DFaH5DIrIEiXidixuX/boHprJeULdp81NbnymXxhc929UWbV
-5g8BnuTlKqDDM7stJC4dwKizrv6wXuH6GD0OsDiU8JcoxV3jvM16NmgtAe9BKH1q
-tg1fIY6f67eIihr3Lnjb3UPw3UqwFXosGQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/karthus b/krebs/Zhosts/karthus
deleted file mode 100644
index 75a8d15d6..000000000
--- a/krebs/Zhosts/karthus
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.42.13                                           
-Subnet = 42:42:42:42:23:23:23:23                                
------BEGIN RSA PUBLIC KEY-----                                  
-MIIBCgKCAQEAtGL2Gu8Dw/NsgJNcu4XY9eWUM8prL0JC1UfnACXuOCPns+Bdm/dG
-uVTHdejjxv6y4FjWNCoD+45lP31QfBIqIOtUsfz/4ox9bvyTOUWQCe0NtBs2SMyO
-O1eWSD4cnNfskYdyOHQbD+KSSiksyzaZdcqqx9FgWo1VT0f+oElnZ4nLBKRNBguN
-GwVLjreE0GSxhcV2r6oHsaT+udvQ/PlQgn/zia2tKT+OI54WDJGXsKEvwRRnaRz5
-33Di58g3dffo0i7B3S889sa5B7l1kh229cw24Gc0AOtmm8Vacle6iTw3Eg0uLzxM
-nKpOma0+K7CoE4IqSZy350iTgheHwq+y0QIDAQAB                        
------END RSA PUBLIC KEY-----                                    
diff --git a/krebs/Zhosts/kebsco b/krebs/Zhosts/kebsco
deleted file mode 100644
index 2fd1c5f42..000000000
--- a/krebs/Zhosts/kebsco
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.212.68
-Subnet = 42:9d30:3845:c822:988b:96c5:39ab:90b7
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0dEwTZh2uzJpP9GL7YRyiLuezJqYiJ8/4Bl4IPshJnuO9IGbEcto
-0cFm9uM9gxxqggfaCi96DsIQNlyqff2vDfEj3mdIu9T3tkRROByQF8y1NWX29NyH
-zZEX8Ri8u4U2KdYTEzPXEFxBEl0GQX9mMtlvwzCq7V4ueCcWB1xDA+DtJjpd894z
-3FOw0rIxYmfYhLAL5B3rzF74bcHFGV30f4JWq11wLBkyR6/Q5gxgZzkKYGwdZ/SN
-C6gg86abKdp65/Wq5P331IbwPBal1ZhGbaAo1y7JpjpLvZytI2jboXeQuPZ8P5hU
-L3zKKceAibPKrw9+y8lb+IKoYLF7I1KYIwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/khackplug b/krebs/Zhosts/khackplug
deleted file mode 100644
index c149d93b1..000000000
--- a/krebs/Zhosts/khackplug
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.217.107
-Subnet = 42:ebe3:90b0:539a:6ef0:0910:b724:00b1
-                                                                                                                               │
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvytShP1vgYLDYJhiC26Vc1/cVJOptUnuyTc8Id9vkCkgHZRpKs3T
-jO2KRaQMDWMXfXkMfVp84/2Q85hpUzYqXQHaNzitg9nHGR2n+a6zfwNKWAm6n2WK
-AMsPf1weamzs6EfCm5WztqenoHKNUxpzXVyLJES/WK6e5ba7FEpszZx+ydoc5GjL
-kezqch5p+U/J2JoUx3aIpQuWvc0i/4KYOuGzlWgUYLNyqL1m3gBkahiPuOtzf9Ul
-EP8QY/GQa1HTFuhLS0Y5nVjZvWnjVVEloXbq9SD2I2fc4GD4+F8wtFMsJyEF2qxY
-XfSLTlpHaJbSBNiopQyWG62RZda/p0yq3QIDAQAB
------END RSA PUBLIC KEY-----                                                                                                   
diff --git a/krebs/Zhosts/kheurop b/krebs/Zhosts/kheurop
deleted file mode 100644
index bbe93fe0f..000000000
--- a/krebs/Zhosts/kheurop
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 91.250.101.180
-Subnet = 10.243.78.78
-Subnet = 42:bcd9:7340:9628:9604:7068:5061:4976
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqIFB0Nk2eSg/K/dJGOEegtezhn5P1RUi1ZgxoZoTR6K4T/tSbD2u
-gjPU53mhRN622lLayMMXtWVKdhO4IUu3mKfemA/8/fy7Qu9T51UUS+NXu/4g5X3W
-Jg2a37TrnQUrsqNud7QQhPTGF8L0+UT2mHlfRYggtAO1J2pSWtsqDiMAOD+89zvg
-Gta8aMdaFPhdkfboaHH6mVJBFOkrjQJE4RiUzwZS24PKh6gRJV4cENdcNRYdVwhv
-dOM+SWzPZXDTAVyG6HptvSdfDUKi4hJY4yS+TIf9j7yR0YpUie3CsbN4a9jP2KVt
-/NhzZ9nNaEv6O8Nk+7Zu8OaxUPgctEFYfQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kiosk b/krebs/Zhosts/kiosk
deleted file mode 100644
index 8f53a08fe..000000000
--- a/krebs/Zhosts/kiosk
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 2003:6a:674e:1001:211:25ff:fe05:a54d/64
-Subnet = 10.243.232.122
-Subnet = 42:1ad1:b481:00f5:aab8:f8cc:51fe:4b87
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwohazY/T/cp5Na3zLEWhz9Lnz78PladH7CMN+1TLzNXgK96bPvrN
-6ktxIFc0s4m/jWW1AZOjxxGZGmwvaGag9XH8NLMmaqtd2NpASI4c801wEVLuNpss
-gqPAIhDdDWV0WmiDiHe96qQuBVNGv7jlHTuNghwlmgLF0csRDiZZDHn5Bq7plAJB
-0kQSspvq7UpBzVHVlDefIIe15/Yyt9IC21S1o746ZIZ8RYCG63Mnbcs4vfShVxJX
-NnD9++HJV39NA9ozR0bDQUw6s0rVHH/n5iWaktJZ23r2TG3O+7ZZj4QHmkng/Xow
-pgIjcpIWlaqfG29Gl43SWgsVnphemvyP3QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/krebsplug b/krebs/Zhosts/krebsplug
deleted file mode 100644
index ab9c966c1..000000000
--- a/krebs/Zhosts/krebsplug
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.182
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAyd4FnOIEcUDQDudDOhU4wwKT+lqV4RJMfg9QgZC2O3xTGvzsFeRG
-aSMIDMkPzhJ/ggIWAzC+IM2kBv+YCRhu4zOnzWIo5IaC8Me2TZ1JhZ0nZN1YzEGD
-LmBsnngO5L1VnWLYSKRALa5Kv6wQHHz0T6PlsvBQ8SWDG3IKIe/gOFz7eh1Z+ss/
-5XaiYeLMmukEuuilOJZhfDiZPmYOeFI5w7YTM+8Iz/oZRyf8P57pjN21R3feoyTm
-WusgHUuRLRqSUHdYu/E36EyZ9Oc0WPk5yLUhstkPaS1Y35xMEhZfQQpIruQxOst1
-fgiOQg/gKmizzgzdCbfAf13dknkWsqoc0wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kvasir b/krebs/Zhosts/kvasir
deleted file mode 100644
index 470172528..000000000
--- a/krebs/Zhosts/kvasir
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.103.166
-Subnet = 42:c039:e082:3c01:2577:a367:7097:6824
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA4Jp39vupT7tRf+o6H/ucM01lUwgd0UBCqnapUHZhWKVSAde91lxU
-Z49unHxUrfQMzuJkY3MgsS/fyIC9eBHexwRpLnhc56p7d+tmLk1WZ2ysLifNi/k+
-AOvyBcwT3u/59VJGDcAyJwXeoX6CvX9nxUshGqQ2mkVUwbZEt5lLwtiDMnp2K5rg
-dqQK6tBrmzup/yzppPPRSPwMfGi9Gv8T5OrWqwr78I7WiVkH9LBpudJqJHPFVreF
-TTsN9a/4OWJGZ01M23IGcO6eCnynOIP7gxsmUEwSSxK7MEy2kxBKi/2+OtsCUOpT
-QQRFu/MTVEFXl/cl5XyXOMQadMZEB6MjwwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/laqueus b/krebs/Zhosts/laqueus
deleted file mode 100644
index 0bdef307e..000000000
--- a/krebs/Zhosts/laqueus
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 42:0:0:0:0:0:0:1a1a/128
-Subnet = 10.243.0.12/32
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAy9lnH4qDSYeNbpzpcQyq2LzzxkVy2N1vGgKkVttzx0cgMvyRm3aX
-wlacS+3ILBZ3tw+JuCKR9gjRluwKkqoReEINcAam/GbubJ6QBpV54goYm7YGOIuf
-GkbWVk7Kts67KWWhZDzEL30GRv94K6e+m8e7rhnqrTgPyPk3oSwHzvPy1oaf6bTI
-Y/aDQjohFVvQZxF8joKhAE8JrzjKAn8yXmX8VlGW53XBXAb88Ggkr5raMZ24Rcc4
-pdkOc7sFfVImH/ASwkcPi2xX0adlz937lD7rkn5/Q9B9AwsHb1yQKJgWEeYWOQ8C
-F0SzpZiwHz5qB+eg3wMT0ZnvPJKitshyjQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/linuxatom b/krebs/Zhosts/linuxatom
deleted file mode 100644
index dfd09b514..000000000
--- a/krebs/Zhosts/linuxatom
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.173.58
-Subnet = 42:1c07:1a24:1a26:c799:3b44:a8f5:59ea
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvGy172meTuwHfGZLVHi04+7jb+GRumqNRowffrmMOxFAq6wiL1E6
-7NfJFSc2/wmLZdTCnAtScVicVFZ8UEK2Uv/WMdevJWP63LxUOXpSFtoxNAlpSk9e
-rzwxWj3VxHru7EZA6gu45ff4/seApy/jDy+hceOmOiG5z8VudoRYWe98IoO1ua0E
-rtz415WP0xN+Mb4mGU48JSLYZkOHVIvkf+VVF5jXFbbnH+w0kkTuRMMp6Z7ETvdZ
-RU9nKJ55sflkPhs1/ttU4cYkci55YPVGl7GCCr6Xw4oerIz/jHnzBGroh/wDpEXm
-6RxpsC6DnVQUW3zw0DXuSKoAy0UoQPYqQwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/luminos b/krebs/Zhosts/luminos
deleted file mode 100644
index fe04b33da..000000000
--- a/krebs/Zhosts/luminos
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 42:23:42:23:42:23:42:23
-Subnet = 10.243.42.129
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuxgY9SfSCyCuTw2bPtC/He2/NZDYQOcGd8+5Bo6h1/h2pU+qKPQB
-0digU617dG2NVMaT0qmzEz86e2avr0PQsyfhmHO8JNOTqwjyQzKcv3iA+B0jU7Gh
-F/PaW+e+0O+a3LO27FCA0uuxEHyWaXqk53a3wKmjo4fuVy1QKOOoiaFaYLaaTgmm
-8OJG+AKWR/ArihpopgAHFjiqB89xWVw5CgxHDwfzVcmI9SOAaEuTfL065XM4uoH/
-LnbtoyT8zN+He1AlaEJMUaWdo8SWfjBFyVrT1zRQ+0S47tlTCW8Neb0KKs+m9d0G
-rAdv6+iFmQzpv76cgYQw2+AkqkUF8Y8xSwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/machine b/krebs/Zhosts/machine
deleted file mode 100644
index 4927fc847..000000000
--- a/krebs/Zhosts/machine
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.60.31
-Subnet = 42:698d:4e02:4d70:b080:acdd:513d:70aa
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvkLboZ6wRALd++ntUXfyzCT9G1pWSJNJhrdut8dPfz/+IIbx4thz
-tbq5apWQRaHj6IILMiQqpfUkhbfz3WS2YP62f8nAzKLKB0zzRAJ1lQjoZOXQseQJ
-Ydyf9dEDhRtnSnOwsmSDEch/2KhgCj+fdMcnbcoAg3PYJGzsz2ykEtoh80Rv1IQa
-tW285CP2GooRp1gwy3WKL6at/uW6D4/tTIimHML5JbLKj7mH+3nOyrhRGyZP1b9s
-XtdkePuaQKrIjmv4rEIYx2taFmmQp7XpC2m4Vdoy7WdIzR3WTgWo546IOygY1KIW
-fDOH+3UoG5oI6y4hNNa7+NH8DpmdtzXYnQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/makalu b/krebs/Zhosts/makalu
deleted file mode 100644
index 3d080ca52..000000000
--- a/krebs/Zhosts/makalu
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.90.132
-Subnet = 42:5ee8:8626:f03e:bdf1:562d:94d1:f395
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEArFuedyPX7kDeH2GwYD3UcRoFjGpTBJXjJzm3LoleyXOeYSdkZZ3d
-ljIeEq9alf6UtqEvYH2HfX8m9fEcHxwFMmJ1CPEwkDZI2IgbLOYV0x2MWLShEvtC
-vGeNyPt+TdiDqDhN8EyRvhB/KzEXdbCUZ79htf8lRonNLYPSRNh58CTZ18T/+3iF
-vy6igdpj4JiLGzdXEggO0KToW5ZVCRjuEaH65BlXdjkCM0dk28FJGh/oakv7hjlZ
-M6c3HJY5RAygO4uLWOyB37j38GDAseDYnNwnLt4jCk7gO48SnsS77efEghEMVVXK
-qnSKbX0KCSvVOJbrvVyP/16o2521eGl3MQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/mako b/krebs/Zhosts/mako
deleted file mode 100644
index 0488bcaae..000000000
--- a/krebs/Zhosts/mako
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.7.19
-Subnet = 42:4522:2222:2222:2222:2222:fefe:fefe
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0FQq5EDxcRUfquoDottz1urpT72PB7pReCSZ1fLGqK5z8+DLW4m9
-YB36xW4jJ8pct9iD6kKnX1JCNt11h19QZvc8GI/9pELV3nNaliz+PI1SQNhOrwM+
-Lza/lnddpmvQmJvF6TTLtuGqTANEZcJ7MUpLJ5x/XEFwIcZb9L30EDIaQQNeRyIs
-xJbuAxHquKrb2Wpanm4hWNYqknV1W7lNbcvmONZ/GupQ411XBhXs4EIAA7fqBEcp
-7FAgjgHIxiAT07Z1hBclv6CPDjFT4ieJAq6giCR/gc484x0UNwSpHBkalK558m4e
-icDuVgajrCZ0ShIAQXgtrSpSM3Y53GUhnwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/miefda0 b/krebs/Zhosts/miefda0
deleted file mode 100644
index acf001249..000000000
--- a/krebs/Zhosts/miefda0
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.8.1
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqrYc7LfSPjKpgnbfENU3oeAoFIRnG1CKHi0r4Tvy34anMBRHA4yY
-olPC/IWiNoEadnCvlAEGtcFFh/xncNm+rW+BhO1WPLuo0wDe5fxJrkApuuhwP/lk
-DMNrKtPOH6PV18yuQTtWgmiLo9gT15rRTDs8SaEf9eyTEV6zWVRDFDiFqwuY77iJ
-GihKSlKGDYCUdT8TdaguUQ8akdAUhfXk0F33fAqTYwT25BDAXJdeldTLTb/5EADx
-UMhnY0CsWgDYz9fpL5UNUDe3Gu53GghFS5RWvApasbzmlbrCwCF7MFDfc/yJFCrE
-lF3Nm+GVqU6Uu6cNJ9VYHCu+uxk4PIU5GQIDAQAB
------END RSA PUBLIC KEY-----
-ECDSAPublicKey = DEwsTd8tdaQLx/o0EgIOl9l+d0MqDRLEVWnBT9imfRyuzXWatwgXotADc723HxhZ4NXlvuOu+er7PdWstif3nS9/qC
diff --git a/krebs/Zhosts/minikrebs b/krebs/Zhosts/minikrebs
deleted file mode 100644
index b0d605583..000000000
--- a/krebs/Zhosts/minikrebs
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.1.1/32
-#Subnet = 42:0:0:0:0:0:1:1/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0fu8F+XJ6hHsIj8QtdSZIhE+Ae2sEIY4dHcnHbCOeHJlOQQDJrme
-frmG65BX4BMcClUyhvvMwlZIerFwsJoEwa39lB3/Y58OwSS9cNCZTShQPbyVy5wo
-oS97tVUyQENMELXgodg7CUNaloVXGOyXgCOkfYOb5CpWi8NXNsSE1CjZc1XZNI2Q
-2dFBzp6FtRcKc5x5xWuUMnw1Ll2upW2uHZWfgRtgv+pzxVTiNvDqACu8Klwj0bls
-B87DEYeUmiC+CioOtyhiQimUGE8lU1aMaqCyfSsqeBEclSvOCnpaEQu4j6aiY8SE
-5Gm+rteYWKfK2LYV2NOg7n9AUR6d0v8P2wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/mkdir b/krebs/Zhosts/mkdir
deleted file mode 100644
index 2233fd5b5..000000000
--- a/krebs/Zhosts/mkdir
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.113.223
-Subnet = 42:4522:25f8:36bb:8ccb:0150:231a:2af4
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuyfM+3od75zOYXqnqRMAt+yp/4z/vC3vSWdjUvEmCuM23c5BOBw+
-dKqbWoSPTzOuaQ0szdL7a6YxT+poSUXd/i3pPz59KgCl192rd1pZoJKgvoluITev
-voYSP9rFQOUrustfDb9qKW/ZY95cwdCvypo7Vf4ghxwDCnlmyCGz7qXTJMLydNKF
-2PH9KiY4suv15sCg/zisu+q0ZYQXUc1TcgpoIYBOftDunOJoNdbti+XjwWdjGmJZ
-Bn4GelsrrpwJFvfDmouHUe8GsD7nTgbZFtiJbKfCEiK16N0Q0d0ZFHhAV2nPjsk2
-3JhG4n9vxATBkO82f7RLrcrhkx9cbLfN3wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/monitor b/krebs/Zhosts/monitor
deleted file mode 100644
index 8584f70b1..000000000
--- a/krebs/Zhosts/monitor
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.227.145
-Subnet = 42:2ae3:6ed3:a317:d0be:022f:6343:1de8
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAlNDrSskoSPInRiO8JW529o178D2kDdHbt3zZklM+jveFZuynDH2/
-WTfxr7wAIUd26jb12/6zLZ/gnEikLd3LpYiTA1J+ZL2c5SvXOoIqTU3Q3dwEecG2
-qwLcZ8UCjjOKiwWmjGHhNgEx/XUF7gpMwXb/m7fqzTGEiQozaCnQ3ZJA4t8GG00Z
-PZnDZHj8xYtXK3c3vOUa11xj9/dOwZb9e+VON0bXJxvxh+C7XkLO3NYTayyRX9qL
-+OOdRLSkzINzoj94+juPepCEQtRusrIbOkSPwCl2u29rKRNfPBkqbAcN3zP1mfDC
-IXNqUobWP8xvSLyBZh5zglcbQbczxMkKiwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/mors b/krebs/Zhosts/mors
deleted file mode 100644
index be9782b10..000000000
--- a/krebs/Zhosts/mors
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0:0:0:0:0:0:dea7/128
-Subnet = 10.243.0.2/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE
-H0QwkiMmk3aZy1beq3quM6gX13aT+/wMfWnLyuvT11T5C9JEf/IS91STpM2BRN+R
-+P/DhbuDcW4UsdEe6uwQDGEJbXRN5ZA7GI0bmcYcwHJ9SQmW5v7P9Z3oZ+09hMD+
-1cZ3HkPN7weSdMLMPpUpmzCsI92cXGW0xRC4iBEt1ZeBwjkLCRsBFBGcUMuKWwVa
-9sovca0q3DUar+kikEKVrVy26rZUlGuBLobMetDGioSawWkRSxVlfZvTHjAK5JzU
-O6y6hj0yQ1sp6W2JjU8ntDHf63aM71dB9QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/motor b/krebs/Zhosts/motor
deleted file mode 100644
index 41ff57438..000000000
--- a/krebs/Zhosts/motor
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.167.69
-Subnet = 42:e31e:c798:6192:c408:8520:df6c:9d76
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA4xYBdiGtzg77lLeIjbpdXDb6hEfAhcdZgEZeKYWqyeMeu0D5tHod
-3nSPTZu70XhLGgzM3vG1GSmcmg0BeJPQCZkEcyu10RtLN6gvMVqtU54IT57RpoXi
-3MKfMKuHkohzeir0ihlwaN1XF2CbuNiE5q1IaW15lz9IAPE0WuRKcaHs4fc9n6wh
-dk/4pQ74M+/gYHdCNWoxqklpY61tk/QBIS0bAs2wKCSER9rahtLAttAC0Dccgxkq
-vrs3IkJg5omjgJ9pgCo/VeX4JJuVFlrVa9o1D0OMUDssyymt/RjYyXejxvemyeV0
-jbavVMB9GEDIZxD7w2ef18FsvZZnILPQHwIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/mu b/krebs/Zhosts/mu
deleted file mode 100644
index 90bca775b..000000000
--- a/krebs/Zhosts/mu
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.20.01/32
-Subnet = 42:0:0:0:0:0:0:2001/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEApXErmPSn2CO4V25lqxanCGCFgxEAjdzFUiTCCu0IvELEuCc3PqVA
-g4ecf8gGwPCbzMW/1txjlgbsQcm87U5enaCwzSv/pa7P9/memV74OhqEVOypFlDE
-XeZczqQfNbjoLYl4cKZpTsSZmOgASXaMDrH2N37f50q35C0MQw0HRzaQM5VLrzb4
-o87MClS+yPqpvp34QjW+1lqnOKvMkr6mDrmtcAjCOs9Ma16txyfjGVFi8KmYqIs1
-QEJmyC9Uocz5zuoSLUghgVRn9yl4+MEw6++akFDwKt/eMkcSq0GPB+3Rz/WLDiBs
-FK6BsssQWdwiEWpv6xIl1Fi+s7F0riq2cwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/muhbaasu b/krebs/Zhosts/muhbaasu
deleted file mode 100644
index 490fe3fae..000000000
--- a/krebs/Zhosts/muhbaasu
+++ /dev/null
@@ -1,13 +0,0 @@
-Address = 217.160.206.154
-#Address = muhbaasu.de
-Subnet = 10.243.139.184
-Subnet = 42:d568:6106:ba30:753b:0f2a:8225:b1fb
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0f4C4xKXpnyV1ig03O2Kef8ag+/5WGkW90uxEBb/h5NY9barex+Z
-KqVbkPdHhwoCIINuCVcOnJXzeo0FZtSEq3zVhscVm0PVdNfjct8a9KMsK0iUmuul
-5WD9Glh5/1wkEmbRfVxDErhssz1b8YmFOAGQn+ujO/Znn3BLv36uKQvpqU2y5bzb
-+rVnq3eE1bCSeuj41bgEve8+vxpforjLO6gbE91mwp3Ol6nkkp6CjpG+aFTuLCAj
-YR0MIl2gGwskOGSI38QxlLouOlIGwus5f+KfC94ZP0pMwu5pT45UOUkVnlBXuZ9E
-igNHG2Vtm76nB3yYHndOvuDTOufatX61dQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/nomic b/krebs/Zhosts/nomic
deleted file mode 100644
index f418233c1..000000000
--- a/krebs/Zhosts/nomic
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.110/32
-Subnet = 42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwb8Yk/YRc17g2J9n960p6j4W/l559OPyuMPdGJ4DmCm3WNQtxoa+
-qTFUiDiI85BcmfqnSeddLG8zTC2XnSlIvCRMJ9oKzppFM4PX4OTAaJZVE5WyCQhw
-Kd4tHVdoQgJW5yFepmT9IUmHqkxXJ0R2W93l2eSZNOcnFvFn0ooiAlRi4zAiHClu
-5Mz80Sc2rvez+n9wtC2D06aYjP23pHYld2xighHR9SUqX1dFzgSXNSoWWCcgNp2a
-OKcM8LzxLV7MTMZFOJCJndZ77e4LsUvxhQFP6nyKZWg30PC0zufZsuN5o2xsWSlA
-Wi9sMB1AUR6mZrxgcgTFpUjbjbLQf+36CwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/nomic2 b/krebs/Zhosts/nomic2
deleted file mode 100644
index 63d83ff54..000000000
--- a/krebs/Zhosts/nomic2
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.111/32
-Subnet = 42:02d5:733f:d6da:c0f5:2bb7:2b18:09ed/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA4RATrMG+MJyNq77+qUqoXkBIpUeytIvUNXT5OdvU5v91Xo2eGI23
-NXiFtILDb1nEPB+L4vVWkUKRuPAy+ThgqgTH1vyugT6jRoRhWWmGmSn2GjaF+UxK
-edTfGJqO0Iwn0kZsIFxXUibkmG5iRbJBoPXXz33VtNxOv2gZZ6klfv/pYWnrxmLm
-RZXkE1H3Y0U2ulQEXvpexzVscfYmlAw7h0Ew4aaY2LK4spLLPjx9RdDgfwZOZdS+
-gi5cmi/qM71/o67/4XippR9+7GQ8YecbeoR4bcZpDNoDy1ri7HPPu/t6CiqsYVyg
-jYGBm+IGbwI9hxGel2bXCVBGLE7gpN51TwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/nukular b/krebs/Zhosts/nukular
deleted file mode 100644
index 27bd2bfd3..000000000
--- a/krebs/Zhosts/nukular
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.231.219
-Subnet = 42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAnt/d9Ys9gmQMGEPzPydAs0Etp9aPb5PreogzVilvazFCZ8HiQHl/
-gRGlNBImcPPAPGgLjQ49TZ6V1s0bX0GMlu9gJxqU7Nz/TPbAaDJSmEDPkXnaMC97
-gLoluwJHURKPP6+0VNQuK/IOjjDLzLjRDiVeIg6NR0nFAQPlxUhrCN/PhxqNV5WP
-H1nR+a4UDoLcKbtgQP+4Eu09iEm+H6o5eCFTX2Ov9Ok2m948Jm0rAqUbPAISf9m4
-tOOhhUhn0xvQy5iNHI72ndLvogQ968rnFwBpZM7HF1FsiaQfOF9Nhf11rHCJod3P
-meq9GsIUyppZmEKecnTtVfG1oUHMbt1GxQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/omo b/krebs/Zhosts/omo
deleted file mode 100644
index d2788d28c..000000000
--- a/krebs/Zhosts/omo
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.0.89/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
-ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
-sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
-s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
-GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
-5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/pic b/krebs/Zhosts/pic
deleted file mode 100644
index fb091856d..000000000
--- a/krebs/Zhosts/pic
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.64.210
-Subnet = 42:8115:848f:f56d:4025:49bf:9042:d3b8
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA7jWZo6QlyLMW1BK/PxBDgU/qBZajMfSo5nLtp/WUMSMa6cJCjFFO
-ppUSfAKBu4uwzjYUmdzQMoxE2AQKT2+gMc7moxz18sVBTbbWlyueBlsTvhpC1b9k
-YPs3eAJDV6mQPvKb908iubqhardaZAdODDas1S5W4N7DuZZBKryARYOoO7cN6/wd
-+YDTAxf97sV5IuxCDOV1inTuOrNx8XfGU4wVVELqzd9VLCHGuD8kAcz0+emDrI9d
-MSo8ryCL9tbF5owtC1A8HFDo3LM4da7411HrPHpVyOVgjXmX6bjlLIQ23XNDQOC9
-IbyhK2tCc5q+pms7gYEWPByxmy/mb6WBBQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/pigstarter b/krebs/Zhosts/pigstarter
deleted file mode 100644
index dd12a0d8e..000000000
--- a/krebs/Zhosts/pigstarter
+++ /dev/null
@@ -1,13 +0,0 @@
-Address = 192.40.56.122
-Address = 2604:2880::841f:72c
-#Address = pigstarter.de
-Subnet = 10.243.0.153
-Subnet = 42:9143:b4c0:f981:6030:7aa2:8bc5:4110/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA/efJuJRLUIZROe3QE8WYTD/zyNGRh9I2/yw+5It9HSNVDMIOV1FZ
-9PaspsC+YQSBUQRN8SJ95G4RM6TIn/+ei7LiUYsf1Ik+uEOpP5EPthXqvdJEeswv
-3QFwbpBeOMNdvmGvQLeR1uJKVyf39iep1wWGOSO1sLtUA+skUuN38QKc1BPASzFG
-4ATM6rd2Tkt8+9hCeoePJdLr3pXat9BBuQIxImgx7m5EP02SH1ndb2wttQeAi9cE
-DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv
-sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/pike b/krebs/Zhosts/pike
deleted file mode 100644
index 1d47a6144..000000000
--- a/krebs/Zhosts/pike
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.97.232
-Subnet = 42:4d6d:8699:99c2:0de9:ea78:8d50:f53a
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0CS28CMhqeUuJxY+JEISeEDzP2I5T5ILFn4/3loEagEtS90QAm/K
-rbMDbvJENrNCnaaOcHuOsG3vS8s31ffY9RM89Na2zjcV9l0QBhBkNebUr/Ol0nQp
-ONWXEgmXV2mCGfFnC4uOHhELkZhnkwJduWfR5kyGPPApjxlBVIbI8pkAV4GFqjoF
-WTTm9qp80G26sD4O2q+Ldv9eIKquPAHN/zMFk0TzhgmAylgQUcc84HdUDZ+g9n1Q
-Ap62VwM8lGcnRy+f03cBaPyWQEEdnA3hG2mMfaaAoVYw4eruBbAz8GGUPMT3UH/E
-rGGNmyVzzUQOKvnOjB4qvyseSI+/mPzGJQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/pnp b/krebs/Zhosts/pnp
deleted file mode 100644
index 66c99f24d..000000000
--- a/krebs/Zhosts/pnp
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.210
-Subnet = 42:f9f1:0000:0000:0000:0000:0000:0001
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAugkgEK4iy2C5+VZHwhjj/q3IOhhazE3TYHuipz37KxHWX8ZbjH+g
-Ewtm79dVysujAOX8ZqV8nD8JgDAvkIZDp8FCIK0/rgckhpTsy1HVlHxa7ECrOS8V
-pGz4xOxgcPFRbv5H2coHtbnfQc4GdA5fcNedQ3BP3T2Tn7n/dbbVs30bOP5V0EMR
-SqZwNmtqaDQxOvjpPg9EoHvAYTevrpbbIst9UzCyvmNli9R+SsiDrzEPgB7zOc4T
-TG12MT+XQr6JUu4jPpzdhb6H/36V6ADCIkBjzWh0iSfWGiFDQFinD+YSWbA1NOTr
-Qtd1I3Ov+He7uc2Z719mb0Og2kCGnCnPIwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/pornocauster b/krebs/Zhosts/pornocauster
deleted file mode 100644
index cc7d89556..000000000
--- a/krebs/Zhosts/pornocauster
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db/128
-Subnet = 10.243.0.91/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG
-RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA
-kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD
-JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2
-2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf
-+h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/prism b/krebs/Zhosts/prism
deleted file mode 100644
index 4c875631f..000000000
--- a/krebs/Zhosts/prism
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 213.239.205.240
-Subnet = 10.243.0.103
-Subnet = 42:0000:0000:0000:0000:0000:0000:15ab
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
-kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
-JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
-AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
-jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
-anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/radiotuxmini b/krebs/Zhosts/radiotuxmini
deleted file mode 100644
index 96c069314..000000000
--- a/krebs/Zhosts/radiotuxmini
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.185
-Subnet = 42:5553:9d1f:5e66:ed7f:bbd6:b7fd:51b2/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA3A0wJPSrNGpb3g98iv1EDTk7s9dgUKSHf7rmqrN2IlW9g21pkGEY
-T3EWz5X8mGEQbDw2im9W8Lm7OSnYuRQjNxacq5WMIN3AGpsiGB6KWEXu73lDWDkE
-hL7dxjSWFSQQMUkbjhduxyaibmLLI748w5npYzhAsjICs4MsrBhcL/ER7tCwVyKm
-AEKUBbLd21tVLGM5dapJslKamZ5NxeHY6TBdtbd2AQZ+67EINKt/WEx9Ruw/t57P
-OAa37NhFrjBbRClQQZVOunbh1Sb0EX3Abj4oZczrtAaBfcDQbA7x2LwbqugZH/EN
-i/oa3sCqOLo7ZcYvuvyxaZgWLK3KB2MEQwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/random b/krebs/Zhosts/random
deleted file mode 100644
index 59a354e93..000000000
--- a/krebs/Zhosts/random
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.134
-Subnet = 42:725b:abec:0922:09c6:b51e:1a33:b93a/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEApgs77ljzQp7I8/9KbqzGjoDdNAA3Bp6dKziIJnHLAIDAHD30yY+o
-UHbRPhaCP9s2M4A39wTDjrakngF75M+0covz4WBIiuGdwZywgVnliRk/9dcnqdZm
-OeCxeRJ0BY3Iy8oMieFaPJW1XgwKYi2p0eSpBeKasBct2xNQwyvh+r+xHBa6NK0P
-vV6rK04OrJu04U/tqklTFMTHGmZfjx1vmuecuPWZlgT39788/5aD9uqg2ldMoenE
-eamrPdU2Vh6qlZc8CyHVy5YZDykbXTauUL5OmW2Om4Qc05pinsNnDXfMTkSSmWpN
-oj6nieBqbp/ExuZ79LC5XxvQcAMQtk7gUwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/raspafari b/krebs/Zhosts/raspafari
deleted file mode 100644
index 1e1b48503..000000000
--- a/krebs/Zhosts/raspafari
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.156
-#Subnet = 42:9571:c499:5adc:f9e1:8982:3cb1:cf91/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA14OlKZwL5+ZMwxoMTuTpt+PLr1Mp6pIlfIdYfkkx1od6c3fuvNi6
-CHLpR0fAWDDec/hDwR55VLzonDrPa/nOj6yHCXCTpHhQXJIdZTazxSPAsUuzzKa+
-TZQcCGZWJKG09Rg8gIceTjS99l7BOVtPQXnVQc7Gfxu8csjynHOHWinZy34JU9FA
-HdcTzKsxrAr297iQCPEht7XPDCJj2hRy+NS5UOzkTF7UGTKveyRdsqVIWx/rMrll
-UlBEwxRpstuhG33bv+tAXKNi2eJn32IvHDhPZtHgrvXE71FT43V6bJLT0+xH2qFc
-SGZCCdjv3/3mO/g7Kkth64mpxMw93NGkEQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/reimae b/krebs/Zhosts/reimae
deleted file mode 100644
index 125cde652..000000000
--- a/krebs/Zhosts/reimae
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 193.22.164.39
-Subnet = 10.243.177.212
-Subnet = 42:5965:bb44:aed3:9d3d:29f6:201d:7adf
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA37lXlJpfT4pgxV1XB3VzUiALVjOexrHezJZ3YxgZTVUtTTxOnydl
-urN7S4WaRgFkRPlwATGrp+KzJ6fz5/zeryYwbBUY66kcTEfJBP3+zKgWu3NIqOll
-SCcnpjlEm46FcstJ5dnnuYqhpnp98z8QkTiXHZKMI4rB+yf5NdKnMetAUsSUe2wI
-bXSxJ9lNrSm/IFToaVZ3KPYZwQ0HgzUxSWb5grkCuK5iWtGhqdf0/pqEzMpI1Y1c
-QKepcJkRCUcd2InKb9AdpwT/xygNwbPkvjxIAKj7vK/4rr5LApJAOcFL+HJRz4CT
-lDrM5LDeGtsIr+mIUbSTR6R0onWCn543LQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rmdir b/krebs/Zhosts/rmdir
deleted file mode 100644
index 09dec741b..000000000
--- a/krebs/Zhosts/rmdir
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.113.224
-Subnet = 42:4522:25f8:36bb:8ccb:0150:231a:2af5
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA+twy4obSbJdmZLfBoe9YYeyoDnXkO/WPa2D6Eh6jXrWk5fbhBjRf
-i3EAQfLiXXFJX3E8V8YvJyazXklI19jJtCLDiu/F5kgJJfyAkWHH+a/hcg7qllDM
-Xx2CvS/nCbs+p48/VLO6zLC7b1oHu3K/ob5M5bwPK6j9NEDIL5qYiM5PQzV6zryz
-hS9E/+l8Z+UUpYcfS3bRovXJAerB4txc/gD3Xmptq1zk53yn1kJFYfVlwyyz+NEF
-59JZj2PDrvWoG0kx/QjiNurs6XfdnyHe/gP3rmSTrihKFVuA3cZM62sDR4FcaeWH
-SnKSp02pqjBOjC/dOK97nXpKLJgNH046owIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/robchina b/krebs/Zhosts/robchina
deleted file mode 100644
index ee67405ae..000000000
--- a/krebs/Zhosts/robchina
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.131.174
-Subnet = 42:c483:5bdb:f54e:dc72:f682:ddd1:14f8
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAxfCyJD9G9BgUtdZoT/t8rr6TzzcNDyUex46D0arMOliJUWTvkP9I
-m7YHzxZNeb4QoWGW3TZwDGq63OuSDLfXcmKbeTAs9hLDFFOcAzuBeACnQzd5SIqW
-sxjWOgI1yn/Thk2GVzjs2YXIKSCFwpRRR9r0d+YjuSF87ByBXkhgMmoIxn9tQYjx
-RqpAd1ELWRqGgi5W6qbN3m3C3R/3g86SsiOvJ/HbJ+MaRy+b9EC2+XoPRoSAJqWg
-XN5MHY01EmDaz2gRB2kAo1j90y6Xi3JdzMn+nl53nOdSGIBWn6dWbm3gd8KBtn5X
-KernecPr3o4YT77C481hRc68hpi+1aff8wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rockit b/krebs/Zhosts/rockit
deleted file mode 100644
index e67272c35..000000000
--- a/krebs/Zhosts/rockit
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.199.33
-Subnet = 42:cec2:0a67:0ebb:7d97:8138:ac9a:8a58
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAnUtx3KPzNmS6/LxpYSolmhmF+Xqsum2po3lvmZszu2aIKdcAeIfb
-B6bwz08zC9UNQjnO+27px5LMTTH9zhzRxo5xP/mcco2mVQFl5V+/73qBW5NnUV+4
-nPvUDi0+IhuVixHc+KlkxiHhgIDLdCN2WvVTkUCgxT2xVlPoESXq1dhdE3/5vvJt
-0tphFUnP0sLCVzV25IYCocul+ELj8PAc/9mP4twifM4V0uwhh+J3AHR0+14QM61r
-9qRhEnNEEkGeToYQPsoromiKPWczerUPBpaQHOpjnjg08Coz4OyrrM7+DXyspPfT
-/862pAygKmeJMuzT2b52JbRlk3NMCxw5wQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rtjure_debian_oder_so b/krebs/Zhosts/rtjure_debian_oder_so
deleted file mode 100644
index 3000705b4..000000000
--- a/krebs/Zhosts/rtjure_debian_oder_so
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.124.21
-Subnet = 42:9d30:3845:c822:988b:96c5:39ab:90b7
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA6J+B/2Wpr9MKu5fuWg9LSoabBKmWmXEWfN7Bs5KMyux9obSBaM8y
-dUEx0ayGwUOvDxizuhma9YCbys4P9SDGmocxrhFz2yQeyinEj03EB9ZZiPNQSqbI
-Jia39Q/fkxeCescUjr63wR0OY++a+NdefVG5OaSRhNwAmjENZzAxTE/1y5lR7mf4
-U0Pyik/BIARZIc7rnwoYn2TlGgUlu3HX7BxCXIndOFeIjtRzoSG6d+XKhcTXOvvH
-WnBNl2D5i48l+V/mDDbLYcXS0al3lgFAOgqXxVXr9WufCBGtNdxlgWlM4zSTUQZw
-UopJToHcnucM3ofb/NrDs3ygHdQPSRkhhQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rtjure_ras b/krebs/Zhosts/rtjure_ras
deleted file mode 100644
index ba44cb020..000000000
--- a/krebs/Zhosts/rtjure_ras
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.212.68
-Subnet = 42:627f:6f2a:b631:26f7:8d69:4c3a:23b0
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvu1ZjElrPpJ/ery0BAYxWPtb/ZLio+PuhrsOy9BBq6b7/FHw/1yf
-GOCDa2fkdE1/pVLhI62KL+j/nDCgpHtVxzupVYKSyKOuZXnNGAS7vAHNM27jaYHp
-3DTI0Npu13v2r5rgraPOm6eGrd/D0u2gr3T9Zq8PRtg5JrXBWMU4Ugt+Kfv0V+xL
-v0lX21xZrUjvhtd0/vTcNkYLWZK5ftfU18/i3D6CimlG+AsKyeAnYe9Nkcmet84s
-65SbgQ6SBr2YyN5c7wC9j1/Ney3k+aTbxsvHqDyQ8bq8WnsDQR2B8JPZGPLd7VHD
-hdPGzus2PmJa84oB7smuUdt/5oAjzgghkQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rtjure_rdrlab_linkstation b/krebs/Zhosts/rtjure_rdrlab_linkstation
deleted file mode 100644
index dfc8c0311..000000000
--- a/krebs/Zhosts/rtjure_rdrlab_linkstation
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.188.107
-Subnet = 42:b859:6e9e:21ee:6884:171e:ebd3:3316
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA3nKxW4euCO/XN/0C2H4pvTMRLJAXCbMlsGVR80U9JXFYz85x5yDY
-6UDLJfhROCMPg8JJa1WwG9+jF9uUD315hF/wMmMReqKAX0ct50Uhr5iv5QA0ER/3
-q4eg1dh920K+qZ2LAweCDt2pnJYZYw3pSX2jfiFEu1/DfwZIVUkymEKC27ObC+Zw
-KMderOYU4UPkTmrg4WkAUiHH09PToMVQukL4PLslhNMvFqhdLdGMyY2hqEltK+QP
-6cKFDUCAoZRc/L5JhNtklr7RLqYhwkQ7kgPWqbW50tdi9B8YDJfBbfAT7+QS70gj
-THyNfEm3R4Xc8FrbKw3ju1PO4LDb9KOhUQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rubus b/krebs/Zhosts/rubus
deleted file mode 100644
index aef8d4b39..000000000
--- a/krebs/Zhosts/rubus
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 42:537a:0c95:6315:6598:e109:74b2:0887/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqudpo1cC1ETPA3d16cNTAwwud195Yetdx32ty5/VkY2KgLnnl672
-XTPZBVhFppG+NU6QIYq2c0+BdUV+42XNnSeTKy79xr49eSMDaAXuWiX4eY8dh4v9
-n7elTWikzTaElS5SI3wcJPz8SdajWclnRkqXbyMY7Pw7uJMgT3svC/chN8tgp1LT
-2s1DdvxaHhnFPef2NQvIWgfgytReLB8dQnSYoAiwIGvNXQT4OXgshJkTAwmok/Sq
-io8K1FeJyOranBM/ZyYbQWMEXuknoJ9PXKPbrGjD+ftS18Gs75ODWqh/Bpj75rpT
-q6HLJv6H6YpToxueTL1iYM00MNW4g/oPZQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/senderechner b/krebs/Zhosts/senderechner
deleted file mode 100644
index 4cce73cab..000000000
--- a/krebs/Zhosts/senderechner
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.163
-Subnet = 42:b67b:5752:a730:5f28:d80d:6b37:5bda/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
-lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
-rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
-inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
-BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
-OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/serenity b/krebs/Zhosts/serenity
deleted file mode 100644
index 09c519a00..000000000
--- a/krebs/Zhosts/serenity
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.137.182
-Subnet = 42:7538:6f17:220f:bcc0:2d2d:d6f6:911f
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvVxASw+8nrkQisvliqjYXASQ8O0v4KGlQDHQWx4eBKOfPyQbgJpU
-LOF1nikZTz56SyJAwZY1r7JXpvzycWKXkLK/deqJrHkm83lRbwbzKrExzW8hNaVD
-nO+P4X19uG/gcfxc9+CdPbHxtUPCNQKUhtYfnXrzTu9jiz7WibkJRYMvY1bd4SK1
-rkKGwIfQiWGvA2cLyWZH2XnFptl0YVHulGnIIVp/bvTuPDsba4mTWeuJhi+16ZzP
-PwsR5taxB+dxygESp+kwu00Xmwv5MnmL6QWDlTHYZX19FXkeAV+sHxEO0K4YLFQn
-pucTzUBNiZX68HF3R5SdH7wsg9jsvE8c3wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/seruundroid b/krebs/Zhosts/seruundroid
deleted file mode 100644
index b4f0848e7..000000000
--- a/krebs/Zhosts/seruundroid
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.127.2
-Subnet = 42:81de:f850:152b:0988:1942:265d:dacb
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvNtSbaaacF05L2mAxxA5SYc6DuoZEAkXlhcvLTlpu9f/0vZwUWh7
-175pLn6VqUijVoFb9vyoOwkrs9Uk3aX8mYws+5yJLwXhIje+U3uiVTphowKva+m9
-BzV6waZ5dLbh+3CGimx1TBkFTly3NkdZs886QWSO4aXLdU6lt3jRYsuay0Eop/j0
-eQ0BWg9o0QEcfDRQ7RirXrD0B7TSo6qZC0b4NSAMHTE+dvOMo7c+Z7cIPNLS0B+T
-Am7ju3gF7UU68kKPyczrNSPPPZayEvZYUZE4PHt8dyIsppojoRq0SJqsMr/mOC15
-dg/KnoKezn9nqUWzisRWrrqWStAKITJkjQIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/sir_krebs_a_lot b/krebs/Zhosts/sir_krebs_a_lot
deleted file mode 100644
index f4fffd9d5..000000000
--- a/krebs/Zhosts/sir_krebs_a_lot
+++ /dev/null
@@ -1,11 +0,0 @@
-Address = 84.23.79.81
-Subnet = 42:48bd:f4cd:b2f1:ff6b:865c:d041:def6/128
-Subnet = 42.130.57.249/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzkVF0BSWUEqzdUidLTa6qL4wlNSb8gaxyZperzoAj65d5l25SCqc
-jjqvREcE6p+jM4t1STXoohnNvexubNXW3PVo5Zpew+BsaGjVvow0LkqCJ9k96Rrk
-JzU5lAVH6om3/QYws/Ot0zq1Z/+Xw/0+9JpVKhEipMWLpLgjAvWdvzSW6aBIHVN1
-3E85fkTE5f0azct+XNSNzUebdyIy8wu/EexGmFI9bN+ewIvqjZJdvxP+Ank55MsE
-8P7K9TKwVXw440MGqqoQaOhdaT75TL+2nsAfWYcrNnE3YehMOmCMp9oY+RAvsIkK
-iAYyF5l7ZTi/7KGHNsG7rr0cbytiz2nS6wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/skirfir b/krebs/Zhosts/skirfir
deleted file mode 100644
index 0214e7a1c..000000000
--- a/krebs/Zhosts/skirfir
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.18/32
-Subnet = 42:423b:0f94:6b03:7c3c:593e:67e8:c857/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvQ2yhEbW2a7rOlJGb7pV8OhDMQC00jNffM9LML+sn/BAbIX6jzzi
-XgD9o5qwyW/ktpEViUbYepIB/wBbHdMgHRWux5nPS/WygxnVKcf4mPr846udJ2kx
-/38l40DjHTzMWTV6G+TFm4+Wg7++B/NUonMJczRNjX4zDVwmObZpS+XSjl8bT1DP
-vvNHeUOr06a/IPyOF7b6B/dlr+0pr4YLFw587M1KA+eee8gvJx7YvCdwUMMJP++K
-KX30apeJQ+jpf9CsVvpxGefysMTv0uUB7Rmya3b5jjddnW0ge6lTMwT87TzIF5jz
-e3hIt+dvvq7cHI7nnyyRtKcvcm1hH+ZIaQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/sleipnir b/krebs/Zhosts/sleipnir
deleted file mode 100644
index 1c82461de..000000000
--- a/krebs/Zhosts/sleipnir
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.62.238
-Subnet = 42:d442:7668:e533:cd65:0e50:4714:ad05
-Address = 91.203.214.50
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA155UrbREv8ktrafcK+BMLSnDnTwPdvs70i5fLGJGefiyNc0ZzZVw
-M2+R3TGGYPqtid087zYfl6M1JLEZeDtRIcda3N5S5bxXQe6Dz70DxpVNlE1a59zy
-7xoD4D3hTJbOYzz9DIBj+9Q91+4JGIi+ZLjuulNNbj/AGGbvtzgLOKRPK5f+Gyfl
-beI8xtgD1fLUNbeYGzqz7KDFFTUz+oImWvhkf9fTlsS8riGiA6RketxCaeQGqZ4v
-s8z7S70MFjpiR8He9UyUoFWKODYY7eA+BV1EkQTuSiji1oa/GY8RexjMb83S5cBn
-hnSoQb3Q35hd1oM06Wz9LKcOiL2pczEx+QIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/smove b/krebs/Zhosts/smove
deleted file mode 100644
index fc7e194fa..000000000
--- a/krebs/Zhosts/smove
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.42.42
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzFFj6yAy2qC4gVrUV5vN6PztulRggkyXIMr2oPmPLuB85uxJE9nI
-9uvsQdbgcmmEM++moPM/ASCEXuu1ikUK1Gl+8C3rv2IxF/zhcrWEJV4e4EvHrBWP
-Xt4hSPyFG3LYpaX1OAWL2zmCvGVDmflWp+YkbBRrkMMEyXg0gZMNx+E7yJiNVYFo
-DZ7p4VSncWsAqk0I1varQpkl7BR6p7QcJlMO403Rh2oQT1bPXskkZsfAyXN8wJTP
-ATiTm5vijXiRUao+h9L60oxQTcvi9hcbhg+FpB3HYx2Rq6lWR0SqDO2OiBTTJnFM
-6qvN7Wfdmxim0mLAwaqccRLCWA06iN8b7wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/sokrates b/krebs/Zhosts/sokrates
deleted file mode 100644
index 97cf1b478..000000000
--- a/krebs/Zhosts/sokrates
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.97.126
-Subnet = 42:28be:6907:ab4b:5c79:99f5:a4a1:2a25
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0emA0JAong4wHSAEUrLrkh21n8I/+pLtpS4uGTcMHn9ZrS8Tg101
-S2poRE0jZUZu868mDeOwwxZRLmCE+bL0q1OrAUDY7+ricQSAz3CNQAAQB0Sjp7ju
-YXKqLZQEYyOV3M8IJOALS72q4g1VTv5jQrLhGzMsv9vzuRSZV0pEV8tZwb187wLi
-n27rwB6SPZv7uhC3R060x8Ze/pLmfmVfrxb9DwZS3d8X1PwygTrTjSAUTeMaDa69
-NSOzvKLx25fhZ0Gm3BA3pUQDEOiGOze3oT/0l3QJMvZ48TbG1KlSBOVwtL3+f5yM
-gJZLF/JoTsYL0aZM+zHL6NAUmciy9dNXEQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/sokrateslaptop b/krebs/Zhosts/sokrateslaptop
deleted file mode 100644
index e05f24153..000000000
--- a/krebs/Zhosts/sokrateslaptop
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.142.104
-Subnet = 42:f8a1:044d:0f75:9d73:56d8:f432:c6cc
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
-t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
-rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
-egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
-aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
-VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/soundflower b/krebs/Zhosts/soundflower
deleted file mode 100644
index 4085fd11f..000000000
--- a/krebs/Zhosts/soundflower
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.69.184
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0a0oenAy9MDa2M6NoLtB8elduGgc3oLtUwsm3iUu6w8L+Je5TndN
-H8dPn3sByUk1Jkd8tGGRk/vSFj/mtUn7xXKCnFXfKDqVowu/0KS3Q+6o4mcoATeb
-Ax7e6Cz1YH5+qhQjR7apuase9X9Dzp56//5VW2gaScvWevvzrij2x7eNvJRF+W/l
-FDXc8zBPkFW5TLFHOizRoLl4mK1hz2NrUiqcq5Ghs2yPsFxl/o5+e2MOwtdI49T6
-lMkeshAeNOSMKYfP9nmHZoKI/MIpGak0EF3ZQtLvyv+tM2Q0nuwH3RvxlK/Xf6U+
-8SoQu4yRIeK+pMiLEHhFPzBpk+sblUlG7QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/steve b/krebs/Zhosts/steve
deleted file mode 100644
index f86eaa50d..000000000
--- a/krebs/Zhosts/steve
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:58a0:e7b1:506e:b09e:1b68:5149:c6e8/128
-Subnet = 42.145.33.57/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA2mt6xByDU2eVsQhjG33vT18Byfxqq4TPOvbV8RAyx0RWeolXGWnx
-p+wKHVITCyL5JCYs7fUYQoDC900bQa/waWgcN8dHfiUmUPtiUjcc35UWaNTLkVGs
-XEe47JMpnnB3D8ynXXKHsG8JXFjpxQpan/fnSuUG7nsB6anxjNHstkmsGGp60P1V
-6Xt5GcN+Mw1peH5LhIOcXaMNEHj/DlIjQSubCf3yelcxoSgnZibP5GfiI6JwKXDu
-A3Sv+wfAGTYdTOE6RBsvBI0lTNUSw02WxaMG4Hfe6+19XEnC1bSwg8+7VsqFmeWi
-uoaQeerhP1QD3GIX81Xe8ENvvFGzCdfARwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/stro b/krebs/Zhosts/stro
deleted file mode 100644
index cddab5421..000000000
--- a/krebs/Zhosts/stro
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.111.111/32
-Subnet = 42:0:0:0:0:0:111:111/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0vIzLyoetOyi3R7qOh3gjSvUVjPEdqCvd0NEevDCIhhFy0nIbZ/b
-vnuk3EUeTb6e384J8fKB4agig0JeR3JjtDvtjy5g9Cdy2nrU71w8wqU0etmv2PTb
-FjbCFfeBXn0N3U7gXwjZGCvjAXa1a4jGb4R2iYBYGG3aY4reCN8B8Ah81h+S0oLg
-ZJJfaBmWM5vNRFEI5X4CLaVnwtsoZuXIjYStgNn/9Mg/Y6NQS0H0H+HFeyhigAqG
-oYGqNar/2QqPU176V/FwrD30F3qJV1uyzuPta7hmdfOxqYjZ/jqdPSRYtlunYYcq
-XbH5oYmzO9NEeVWzjdac/DiV2OP8HufoYwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/tahoe b/krebs/Zhosts/tahoe
deleted file mode 100644
index 3e78595d3..000000000
--- a/krebs/Zhosts/tahoe
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 148.251.47.69
-Subnet = 10.243.57.85
-Subnet = 42:2f06:b899:a3b5:1dcf:51a4:a02b:8731
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAx6R+CuJu4Bql+DgGPpE7wI+iasRY6ltxW0/L04uW9XiOKiEjx66y
-QMMaW18bcb0SOfTE8qYo8pOsZ5E9FFPY6cKH4DGi8g1FpaODle9V8RrVg3F7RuZ8
-dXDXeZxvYvJ2LwPBvlr1aisqJqgxAwF2ipPPX97rAYbp46a/vkgU5bPF1OFlTDaH
-9jjThuidiEwY4EMtJGKisnTGx8yS5iQibDMqzrcRpCxCLcl68FgFNKCTtSIj1mo6
-hgO1ZKmHw73ysmrL2tImmalHYcqDJnq/KInG2ZkCZI/2ZqfJyrRSTk86t5ubfD6p
-egC5N0Y5dQHJd66AytNwXxymiAcWuYth9QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/taschenkrebs b/krebs/Zhosts/taschenkrebs
deleted file mode 100644
index 94c37eadd..000000000
--- a/krebs/Zhosts/taschenkrebs
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.66/32
-Subnet = 42:55bf:5f2b:73f4:f989:910e:ee73:2831/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0YAfK9s29WDjJmiri3Oj0hEyjKui9ylA3mlmWSiTLnk1O2REOwgD
-5DPsdYPbu+bTkW7GdzcxX/mNvHogWgC+2+F70dles1lDiSDUhSQOEHFMlz+rBbvz
-FGY3Xmm3m3qdRYOcpHUXL/ZXN6kBvsl2b5rfEkejRb+Z1OOLjssISEzNe2vPEnp4
-OmY8ZQA5UAjnxsX+GKsH2OBqD+6Xm+/l/XLHDApHfby+X3upXaJRBjUAp8DiOm0T
-hVHfYXEE3iuC8JaCzWSFtG+4qLXf9MJ5xRfwUkuyPqiiTIpeM8GxHQJ+l+QKycNd
-Dk+9AwsQ/WsoXMHqIWHyNmuqhr82wEQo4QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/terrapi b/krebs/Zhosts/terrapi
deleted file mode 100644
index cf1748eb8..000000000
--- a/krebs/Zhosts/terrapi
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.30.159                        
-Subnet = 42:b0bd:090e:2a37:2cb4:3314:58e7:20d1
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAtVhVDRBzq0L6JtdVUVEakBzhMP2RjOj7cHZnEUsXzl1TXxuOBhL1
-XOXd3LUuU0jNMMvzxO2VU7K/wM6lX30B6ryqDSfsXKEBM60BiGVzb4Kd+7No76RN
-0NsoLygtvtOm1SmvvT1UCsjomoIE4eGdBDsfQzNKt2PUoh/0rTZBHd6qGJuCZQSX
-F4IRby4jzYvjOsaSi7GVadvhoyETVxbUAi9VquxOltytA+Ud4CXPb/JW25uVmQQK
-RXhoWahWJGJ2WJLGnT1RkTvFQk0zM3XJfPBVItnKCYHuE5HMU/5nnnPvKWiICdsA
-1NNU8+kXtK3IJEHwfpRWe/isMj8rROU37wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/thomasDOTde b/krebs/Zhosts/thomasDOTde
deleted file mode 100644
index ce47b39e8..000000000
--- a/krebs/Zhosts/thomasDOTde
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.42.23/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA3btaQpK89aRDJ66cW8H9RlDIzr4k4WIGiqNCsIAE5MhSGCtjboWO
-elgRWlYP59l54yRzn5FpvABAWeRupbX/AMhG8IiBgU6438+F2kVlZdJM4DP51F7c
-N2Ek2WKSoIJuiv7Aqb1WlHIWlN3ehg/BXcFPLSav+iChWXAD+MkKmMwL8lGEzsus
-MdbpRLxB0g90FUmpwr2f8euanOXYhU6sjnxH+0JY+j9AwWQLfAqtQ1eGO5MK75Dw
-htPM3Pj90bkfnYNjNXvnyjsQScDjYG/cv/zDwqRQWNcsmT3EqsBnmM5q0EL+Djo1
-lsPTacJdRtHsnQne9daNadnHywQPX+t/QwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/tincdroid b/krebs/Zhosts/tincdroid
deleted file mode 100644
index c240f3d6b..000000000
--- a/krebs/Zhosts/tincdroid
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.0.11/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwZSgdnymspnwy8NOJ1UKVIbUXxaDUCLWGGtSpYvRt4wrzkIMpeyc
-+Bi2c/85Guy6B5H7X+3hMY7YFzM8AiixVr/FCAlKFwseZOc8ld07PuUPVtqdRN9N
-Dy4dqATaaWvjGL9320AJmccbYvoV0MZGTmWk86ZaA06tgDb0ZihEfYEFhw+5fakE
-7mxpdYmVdzaqScRyKWCF7ogn91/fQ01om/hsl+wzTI/ykqPTUumdNcijBMIK8EtZ
-qJbgOt9NSKulhDBFJ02vJmt3o6hmJSONjKcN7dify/ZotQffGCRMgdaWx0YTQJxY
-VJ1rPLlbZaPWRydsbMm3BTZAdMRXUq3uDwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/tmpd b/krebs/Zhosts/tmpd
deleted file mode 100644
index 52db6b258..000000000
--- a/krebs/Zhosts/tmpd
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.235.99
-Subnet = 42:cd60:2f4b:3382:b9ba:74d7:5a13:ceb7
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwSNjd1jYjsx+8JDRUV9QXhyMOrAIOMtKUGo/+Ufr+jHIY7h2BlQS
-6Jy7xjZv6zmHhEenhWs+P4qUCASXJPtZ7URgelA4NgkfVMsbgUQDM6VDZr0JwYXq
-csmp/9vxWRRbaNifG9x5+N50tMh9E5rMmDCV9ySWr3DAvDQckKAjfMtys2EWajW2
-sM02mXtMPAy5QgKNRvSbIVDnRjJyZpCkc5xNhv2rl7k+6RZltcec4IarIlnu5nv5
-f1cTAlPaWwGuyyXZeyFbzD0IAGJeWzCkt8+F8kOobRXJQbgDqYWLdH5BXagxBX4g
-VpDZTwdWU6oGph8m4kCg4vJCW1/XYOU1aQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/tpsw b/krebs/Zhosts/tpsw
deleted file mode 100644
index 4e7b2a890..000000000
--- a/krebs/Zhosts/tpsw
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.183.236
-Subnet = 42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
-Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
-WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
-OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
-0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
-pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/tsp b/krebs/Zhosts/tsp
deleted file mode 100644
index 314abb3f5..000000000
--- a/krebs/Zhosts/tsp
+++ /dev/null
@@ -1,16 +0,0 @@
-Subnet = 10.243.0.212
-Subnet = 42:f9f1:0000:0000:0000:0000:0000:0002
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
-HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
-mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
-n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
-R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
-Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
-aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
-ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
-KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
-XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
-teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/ufo b/krebs/Zhosts/ufo
deleted file mode 100644
index 7103515b4..000000000
--- a/krebs/Zhosts/ufo
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.223.142
-Subnet = 42:d9d0:64b5:4dc5:21cc:6a57:cbc9:fac6
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuOly18THum73KzUbky8Vwmjz33sLl67bvm338Nacq8nuV1/8RkHz
-O1VWSnPiyUEpwf69jE5VP8GE/v+7gvJJ5WW/7A7K7A1Ox3vRjwDnO8PllCrzfei3
-jKffWRP9PcxwaWOjE7LKK16Y7t6ZM9k2zMyxAJtM+MmSnBvLoyd+14bIltXz+ZEU
-bpFk1g75CXMrqj29SDGfuFPWxbDfjr2bfNuYr3fCLIOKXyfBmHRaLiuPynezbZxQ
-HlLVMtCCZoKCctmlOlHON/JaL0ZHM1ZA1l6n4EaaPAL2nakMTU513LqQiCqTMej5
-r+wxsrjhHxVmWYhtPrJGOPlkQyJx9LiWjwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/uriel b/krebs/Zhosts/uriel
deleted file mode 100644
index f5f6de5f8..000000000
--- a/krebs/Zhosts/uriel
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.81.176
-Subnet = 42:dc25:60cf:94ef:759b:d2b6:98a9:2e56
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzw0pvoEmqeqiZrzSOPH0IT99gr1rrvMZbvabXoU4MAiVgGoGrkmR
-duJkk8Fj12ftMc+Of1gnwDkFhRcfAKOeH1RSc4CTircWVq99WyecTwEZoaR/goQb
-MND022kIBoG6NQNxv1Y5I1B/h7hfloMFEPym9oFtOAXoGhBY2vVl4g64NNz+RLME
-m1RipLXKANAh6LRNPGPQCUYX4TVY2ZJVxM3CM1XdomUAdOYXJmWFyUg9NcIKaacx
-uRrmuy7J9yFBcihZX5Y7NV361kINrpRmZYxJRf9cr0hb5EkJJ7bMIKQMEFQ5RnYo
-u7MPGKD7aNHa6hLLCeIfJ5u0igVmSLh3pwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/vault b/krebs/Zhosts/vault
deleted file mode 100644
index 7ed3866c6..000000000
--- a/krebs/Zhosts/vault
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.229.17
-Subnet = 42:17ed:1eff:5aab:a541:57a2:7ca2:5c38
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzra4v9cIU8mUeC8Vr1YUTWxir/IexD4FlGc087+i7hu6LLpt7Xi8
-XdwiGMTmQLegohtaVN3yShX1a5YywAboxaZFS1aLFBptmV9VIMtsTJRIgm2dBwMy
-5tFRfu3ElV408JBr8OGwYC967p/SY5hxvSAQRc2cmSeY5duWGxybpzfdKmnjnmLr
-pGfmavBaLAi2DP+KejCFjAu4oWayVlM2BIXtbtxxn90JvZ8HI4gdfHLBbwfxiEHb
-qODqiWbu7wznQ3g4N5SUW2rq8WUqubufcx30Z+096doc0i+Zdxb5JBU79CGTNcbZ
-X6Spc/CtkrLNbsTCjVmXgNvYo6WZeg4+rwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/vbob b/krebs/Zhosts/vbob
deleted file mode 100644
index b233a46b0..000000000
--- a/krebs/Zhosts/vbob
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
-4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
-AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
-hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
-Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
-AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
------END RSA PUBLIC KEY-----
-Subnet = 10.243.1.91/32
diff --git a/krebs/Zhosts/voyager b/krebs/Zhosts/voyager
deleted file mode 100644
index 216d8dff4..000000000
--- a/krebs/Zhosts/voyager
+++ /dev/null
@@ -1,17 +0,0 @@
-Subnet = 10.243.24.5
-Subnet = 42:b434:5bee:21ed:2e99:a4d4:35b1:34cf 
-
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAvaSESJ+KK+DAVOdj8S7AmBb9Cqepi8VwjrnT+WTUFqbDQJ7Dwwfi
-vbqRZituKbD67xljtYbhv0MOdAXRKYgxhCuO6SO7GRlSL00Lb+lYT5KLR1LeMyMe
-Y0r1FOTSHZIYV5NfrmznMnV7FxsM3IkSiPHBZUAVxDyoJAYyb8L+loTvJyaD6lno
-i8PUNVsyRISE+UXxoIEMnGVtkOQVIhnrdO9k02pRBe/dNNKOKH2tUyPxtyP4TujX
-/A/OEqniwf1RBtGddhmKJOew2SPvNbiqJMBU+PNAs0ACTBn5GdyWg6/i6gvUpPZi
-SX4xlDNt7fmfJr32elD0Mv08r3+/dmeP1+LFGSEMkZM9R70iHTRZyqJf1TKwE8LI
-KRSflzV8EhcOa2znS5gM7YZW60OHdjSgQ8J3Czfp7ig923zxj3JA0sctCuuHtbXp
-BUfi98tb2eMT0E58dtge6TwTn/dAcYYTRN2H+fgVOUCc2NKIwN3Vt03Y+HT7Duaj
-B3klQW5setLz/SZf9Bw2W+mpnIeHjzS5M2EZ+O9gosH+bVAMMs7w2wLhuSaPnJY7
-24kF7hGMI5zHqWpNjLdB7AN+vkqHbzBnfkVLSLyHyrJCBebQCg3in/uW650Zo/D/
-Ad1k/5+a2R9xKHqONF2FUyZb26FkzROnBW1M47K1e4x/r/5N0Vq5mkcCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/wbob b/krebs/Zhosts/wbob
deleted file mode 100644
index 829a59110..000000000
--- a/krebs/Zhosts/wbob
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.214.15/32
-Subnet = 42:5a02:2c30:c1b1:3f2e:7c19:2496:a732/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
-QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
-cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
-khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
-rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
-TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/wolf b/krebs/Zhosts/wolf
deleted file mode 100644
index ded8275bd..000000000
--- a/krebs/Zhosts/wolf
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.77.1/32
-Subnet = 42:0:0:0:0:0:77:1/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb
-HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7
-apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg
-4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk
-7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH
-8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/wooktop b/krebs/Zhosts/wooktop
deleted file mode 100644
index bd0cb9454..000000000
--- a/krebs/Zhosts/wooktop
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.63.202
-Subnet = 42:9f67:f701:81af:b8ba:6183:4f3b:c60e
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuP6ZaGowomnda2aisQjQ/li58I9C26y6x2W8++CnkrVx+2siSpsg
-M3nNOLc4n2k7hgjFIkeODqiSX4VKb94A0eHJwk6il507ILHrsgwJmheIKMWQJEx0
-44h6o1r6fbpZdsf2dREK6qjIp+wEv1sYZ74sv3fP4V3QbjPVH3WVJ/gW+CDOT5zc
-Ff6+JZNdLWwdRvHq1snQGdnUfAk3jLWpv8FZo2g0xAo1kIGfh9KCuxDgr1sonl0Y
-GcCKI+8tsJhzDT4uo6xJrZH6Hx3pqb9hqTTlAYMGRoJUMTlQAFi/efo5bxNx85Mh
-xz313oHXDnK6eVr0vqq62UcatcxIRwBpVQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/wry b/krebs/Zhosts/wry
deleted file mode 100644
index bd55d1792..000000000
--- a/krebs/Zhosts/wry
+++ /dev/null
@@ -1,16 +0,0 @@
-Address = 104.233.87.86
-Subnet = 10.243.29.169
-Subnet = 42:6e1e:cc8a:7cef:827:f938:8c64:baad
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAs9bq++H4HF8EpZMfWGfoIsh/C+YNO2pg74UPBsP/tFFe71yzWwUn
-U9LW0n3bBqCMQ/oDthbSMwCkS9JzcUi22QJEdjbQs/aay9gZR115b+UxWPocw0Ms
-ZoREKo3Oe0hETk7Ing8NdBDI0kCBh9QnvqQ3iKd0rBae3DYvcWlDsY93GLGMddgA
-7E9oa3EHVYH/MPZaeJtTknaJduanBSbiEb/xQOqxTadHoQASKU6DQD1czMH3hLG2
-8Wn4MBj9fgKBAoIy092tIzPtE2QwAHO73yz4mSW/3r190hREgVbjuEPiw4w5mEyQ
-j+NeN3f3heFKx+GCgdWH9xPw6m6qPdqUiGUPq91KXMOhNa8lLcTp95mHdCMesZCF
-TFj7hf6y+SVt17Vo+YUL7UqnMtAm3eZZmwyDu0DfKFrdgz6MtDD+5dQp9g8VHpqw
-RfbaB1Srlr24EUYYoOBEF9CcIacFbsr+MKh+hQk5R0uEMSeAWARzxvvr69iMgdEC
-zDiu0rrRLN+CrfgkDir7pkRKxeA1lz8KpySyIZRziNg6mSHjKjih4++Bbu4N2ack
-86h84qBrA8lq2xsub4+HgKZGH2l5Y8tvlr+rx0mQKEJkT6XDKCXZFPfl2N0QrWGT
-Dv7l2vn0QMj9E6+BdRhYaO/m3+cIZ9faM851nRj/gq2OOtzW3ekrne0CAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/wu b/krebs/Zhosts/wu
deleted file mode 100644
index a63adc7cc..000000000
--- a/krebs/Zhosts/wu
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.13.37/32
-Subnet = 42:0:0:0:0:0:0:1337/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
-M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
-GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
-KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
-4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
-AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/xu b/krebs/Zhosts/xu
deleted file mode 100644
index 688e4a340..000000000
--- a/krebs/Zhosts/xu
+++ /dev/null
@@ -1,13 +0,0 @@
-
-Subnet = 10.243.13.38
-Subnet = 42:0:0:0:0:0:0:1338
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAl3l7IWbfbkVgaJFM3s9g2UCh2rmqoTba16Of7NNWMj05L/hIkUsQ
-uc43/QzidWh/4gEaq5MQ7JpLyzVBQYRJkNlPRF/Z07KdLBskAZCjDYdYue9BrziX
-8s2Irs2+FNbCK2LqtrPhbcXQJvixsk6vjl2OBpWTDUcDEsk+D1YQilxdtyUzCUkw
-mmRo/mzNsLZsYlSgZ6El/ZLkRdtexAzGxJ0DrukpDR0uqXXkp7jUaxRCZ+Cwanvj
-4I1Hu5aHzWB7KJ1SIvpX3a4f+mun1gh3TPqWP5PUqJok1PSuScz6P2UGaLZZyH63
-4o+9nGJPuzb9bpMVRaVGtKXd39jwY7mbqwIDAQAB
------END RSA PUBLIC KEY-----
-
-
diff --git a/krebs/Zhosts/ytart b/krebs/Zhosts/ytart
deleted file mode 100644
index 09a55f65e..000000000
--- a/krebs/Zhosts/ytart
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.65.226/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA2yCCN8nAPmZNL75Jr+FtfP5jmyuqg7IpgfW03L3s8Gg7NB1eTQAg
-UFPh13cj4lZleZOl3Yus7yx4HxMO8tYCptqnRPyP+UXrxvL+kECS4J3rLzjH/eOM
-0oAxuEe+DOa5R9Vj2bRtTouePlEvXDpgZZcDnedutRUYFGLNvkoWxu0RGqfQaJmd
-7KtOk1NJn9efNqwpl6ejPj5A+ivh2T1vAMWherM60JTjjhNGiSP4so0WG8PlBPYc
-GKnmMSQl0u5n10uTvLoVvnSfLj/QvL3d8abTrFV2lRqaCTJy+lxgkS1A5AnsTP1G
-OBbm/Gk9hRuYy2iP6FQ65q64/JfoeoqpPwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/zombiecancer b/krebs/Zhosts/zombiecancer
deleted file mode 100644
index c073123f5..000000000
--- a/krebs/Zhosts/zombiecancer
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.226.40
-Subnet = 42:2cb2:77f2:86c1:ffcc:f9ff:fdcb:726f
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwmIAhFzsJb6Pjy8TjAWMECwh8TRYIFaL0sAzGMtoibyAUnIpX6UU
-kYLYUjsd6Wo8HZUn38awjoa0tD1SE43UueyD45OAEk3zYY9/ku0BVBOgGYZahcWO
-cKMkO1BtIle7lI4/+gxyfoSrj+2/0pf56odFIZTIV+kyKtFg+97Mn/eb6o7b46oR
-edhU+Nz02YGLuSs4Pv663GAuIyCUj0OTxhX3F3lYWYyP6Hbj4FW5W8YJrlfw12x3
-f5OUceLLBz2JTk2thBSgd/bXW4hAOFgpuHTu8FWZ4sh7vKFiRmPyTTN0uE7NaVdX
-vSw7x+V9kSeonkW7uPp6A3ngl1ki2xc8AwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index d26a2f4c4..f8a63706e 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -14,7 +14,6 @@
 
   krebs.retiolum = {
     enable = true;
-    hosts = ../../krebs/Zhosts;
     connectTo = [
       "prism"
       "cloudkrebs"
diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix
index a069cc36f..0c6ba09fb 100644
--- a/makefu/1systems/repunit.nix
+++ b/makefu/1systems/repunit.nix
@@ -32,7 +32,6 @@
   };
   krebs.retiolum = {
     enable = true;
-    hosts = ../../krebs/Zhosts;
     connectTo = [
       "gum"
       "pigstarter"
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index d95362919..e8a2959d0 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -71,7 +71,6 @@
   krebs.retiolum = {
     enable = true;
     extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000";
-    hosts = ../../krebs/Zhosts;
     connectTo = [
       "gum"
     ];
-- 
cgit v1.2.3


From df89fb7e9121d395357885e00a24a616eb1fef57 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 15:43:24 +0100
Subject: krebs.retiolum: don't generate extraHosts

---
 krebs/3modules/default.nix  |  1 -
 krebs/3modules/retiolum.nix | 54 ++-------------------------------------------
 2 files changed, 2 insertions(+), 53 deletions(-)

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index ba1f425d9..7418434ea 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -96,7 +96,6 @@ let
         retiolum = "hosts";
       };
 
-      # XXX This overlaps with krebs.retiolum
       networking.extraHosts = concatStringsSep "\n" (flatten (
         mapAttrsToList (hostname: host:
           mapAttrsToList (netname: net:
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix
index 08ac96461..2bf8aa5db 100644
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@@ -29,22 +29,13 @@ let
       '';
     };
 
-    generateEtcHosts = mkOption {
-      type = types.str;
-      default = "both";
-      description = ''
-        If set to <literal>short</literal>, <literal>long</literal>, or <literal>both</literal>,
-        then generate entries in <filename>/etc/hosts</filename> from subnets.
-      '';
-    };
-
     netname = mkOption {
       type = types.str;
       default = "retiolum";
       description = ''
         The tinc network name.
-        It is used to generate long host entries,
-        and name the TUN device.
+        It is used to name the TUN device and to generate the default value for
+        <literal>config.krebs.retiolum.hosts</literal>.
       '';
     };
 
@@ -107,8 +98,6 @@ let
   imp = {
     environment.systemPackages = [ tinc iproute ];
 
-    networking.extraHosts = retiolumExtraHosts;
-
     systemd.services.retiolum = {
       description = "Tinc daemon for Retiolum";
       after = [ "network.target" ];
@@ -155,45 +144,6 @@ let
 
   iproute = cfg.iproutePackage;
 
-  retiolumExtraHosts = import (pkgs.runCommand "retiolum-etc-hosts"
-    { }
-    ''
-      generate() {
-        (cd ${tinc-hosts}
-          printf \'\'
-          for i in `ls`; do
-            names=$(hostnames $i)
-            for j in `sed -En 's|^ *Aliases *= *(.+)|\1|p' $i`; do
-              names="$names $(hostnames $j)"
-            done
-            sed -En '
-              s|^ *Subnet *= *([^ /]*)(/[0-9]*)? *$|\1  '"$names"'|p
-            ' $i
-          done | sort
-          printf \'\'
-        )
-      }
-
-      case ${cfg.generateEtcHosts} in
-        short)
-          hostnames() { echo "$1"; }
-          generate
-          ;;
-        long)
-          hostnames() { echo "$1.${cfg.netname}"; }
-          generate
-          ;;
-        both)
-          hostnames() { echo "$1.${cfg.netname} $1"; }
-          generate
-          ;;
-        *)
-          echo '""'
-          ;;
-      esac > $out
-    '');
-
-
   confDir = pkgs.runCommand "retiolum" {
     # TODO text
     executable = true;
-- 
cgit v1.2.3


From a1f7f5e510ddc7a35bebe4ec7698e19d83d57c3f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 15:57:43 +0100
Subject: krebs: DRY up shorts of the networking.extraHosts generator

---
 krebs/3modules/default.nix | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 7418434ea..20eb944e2 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -103,10 +103,8 @@ let
               aliases = longs ++ shorts;
               providers = dns.split-by-provider net.aliases cfg.dns.providers;
               longs = providers.hosts;
-              shorts =
-                map (removeSuffix ".${cfg.search-domain}")
-                    (filter (hasSuffix ".${cfg.search-domain}")
-                            longs);
+              shorts = let s = ".${cfg.search-domain}"; in
+                map (removeSuffix s) (filter (hasSuffix s) longs);
             in
               map (addr: "${addr} ${toString aliases}") net.addrs
           ) (filterAttrs (name: host: host.aliases != []) host.nets)
-- 
cgit v1.2.3


From 171df3acbe8ebe97d690bfb386fbf15bc14984cd Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 16:15:25 +0100
Subject: tv: adopt kaepsele

---
 krebs/3modules/tv/default.nix | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 31c1a375a..5f70f8489 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -130,6 +130,35 @@ with lib;
       };
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaMjBJ/BfYlHjyn5CO0xzFNaQ0LPvMP3W9UlOs1OxGY";
     };
+    kaepsele = {
+      nets = {
+        internet = {
+          addrs4 = ["92.222.10.169"];
+          aliases = [
+            "kaepsele.internet"
+            # TODO "kaepsele.org"
+          ];
+        };
+        retiolum = {
+          addrs4 = ["10.243.166.2"];
+          addrs6 = ["42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"];
+          aliases = [
+            "kaepsele.retiolum"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/
+            Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo
+            rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y
+            y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu
+            yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5
+            FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+      ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
+    };
     nomic = {
       cores = 2;
       dc = "tv"; #dc = "gg23";
-- 
cgit v1.2.3


From c4655c3baad28525550e7c1d0fb9589e06663a2b Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 16:21:30 +0100
Subject: krebs.dns.providers: add i and r

---
 krebs/3modules/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 20eb944e2..529506905 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -92,7 +92,9 @@ let
         de.krebsco = "zones";
         gg23 = "hosts";
         shack = "hosts";
+        i = "hosts";
         internet = "hosts";
+        r = "hosts";
         retiolum = "hosts";
       };
 
-- 
cgit v1.2.3


From b16bfb9c99e6f1f063c5b7358003149db42b70e3 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 16:18:52 +0100
Subject: tv: add .i and .r TLDs

---
 krebs/3modules/tv/default.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 5f70f8489..7db5c532e 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -24,6 +24,7 @@ with lib;
         internet = {
           addrs4 = ["162.219.7.216"];
           aliases = [
+            "cd.i"
             "cd.internet"
             "cd.krebsco.de"
             "cgit.cd.krebsco.de"
@@ -37,6 +38,7 @@ with lib;
           addrs4 = ["10.243.113.222"];
           addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"];
           aliases = [
+            "cd.r"
             "cd.retiolum"
             "cgit.cd.retiolum"
           ];
@@ -67,6 +69,7 @@ with lib;
         internet = {
           addrs4 = ["104.167.114.142"];
           aliases = [
+            "mkdir.i"
             "mkdir.internet"
           ];
         };
@@ -75,6 +78,7 @@ with lib;
           addrs4 = ["10.243.113.223"];
           addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"];
           aliases = [
+            "mkdir.r"
             "mkdir.retiolum"
             "cgit.mkdir.retiolum"
           ];
@@ -104,6 +108,7 @@ with lib;
         internet = {
           addrs4 = ["198.147.22.115"];
           aliases = [
+            "ire.i"
             "ire.internet"
             "ire.krebsco.de"
           ];
@@ -113,6 +118,7 @@ with lib;
           addrs4 = ["10.243.231.66"];
           addrs6 = ["42:b912:0f42:a82d:0d27:8610:e89b:490c"];
           aliases = [
+            "ire.r"
             "ire.retiolum"
           ];
           tinc.pubkey = ''
@@ -135,6 +141,7 @@ with lib;
         internet = {
           addrs4 = ["92.222.10.169"];
           aliases = [
+            "kaepsele.i"
             "kaepsele.internet"
             # TODO "kaepsele.org"
           ];
@@ -143,6 +150,7 @@ with lib;
           addrs4 = ["10.243.166.2"];
           addrs6 = ["42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"];
           aliases = [
+            "kaepsele.r"
             "kaepsele.retiolum"
           ];
           tinc.pubkey = ''
@@ -171,6 +179,7 @@ with lib;
           addrs4 = ["10.243.0.110"];
           addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"];
           aliases = [
+            "nomic.r"
             "nomic.retiolum"
             "cgit.nomic.retiolum"
           ];
@@ -205,6 +214,7 @@ with lib;
         internet = {
           addrs4 = ["167.88.34.182"];
           aliases = [
+            "rmdir.i"
             "rmdir.internet"
           ];
         };
@@ -213,6 +223,7 @@ with lib;
           addrs4 = ["10.243.113.224"];
           addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"];
           aliases = [
+            "rmdir.r"
             "rmdir.retiolum"
             "cgit.rmdir.retiolum"
           ];
@@ -260,6 +271,7 @@ with lib;
           addrs4 = ["10.243.13.37"];
           addrs6 = ["42:0:0:0:0:0:0:1337"];
           aliases = [
+            "wu.r"
             "wu.retiolum"
             "cgit.wu.retiolum"
           ];
@@ -292,6 +304,7 @@ with lib;
           addrs4 = ["10.243.13.38"];
           addrs6 = ["42:0:0:0:0:0:0:1338"];
           aliases = [
+            "xu.r"
             "xu.retiolum"
           ];
           tinc.pubkey = ''
-- 
cgit v1.2.3


From 18784b439d6c58eb4102068a5a31e0e46794ee73 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 16:30:56 +0100
Subject: tv: remove stale krebs/Zpubkeys

---
 krebs/Zpubkeys/deploy_wu.ssh.pub | 1 -
 krebs/Zpubkeys/mv_vod.ssh.pub    | 1 -
 2 files changed, 2 deletions(-)
 delete mode 100644 krebs/Zpubkeys/deploy_wu.ssh.pub
 delete mode 100644 krebs/Zpubkeys/mv_vod.ssh.pub

diff --git a/krebs/Zpubkeys/deploy_wu.ssh.pub b/krebs/Zpubkeys/deploy_wu.ssh.pub
deleted file mode 100644
index a54a1ca37..000000000
--- a/krebs/Zpubkeys/deploy_wu.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEieAihh+o208aeCA14fAtjzyZN/nrpOJt2vZ5VYZp69 deploy@wu
diff --git a/krebs/Zpubkeys/mv_vod.ssh.pub b/krebs/Zpubkeys/mv_vod.ssh.pub
deleted file mode 100644
index 7b7d2e260..000000000
--- a/krebs/Zpubkeys/mv_vod.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod
-- 
cgit v1.2.3


From 9742953ee932b96cafb390f7b61edd68499cec82 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 16:53:35 +0100
Subject: tv: add cgit.*.r aliases

---
 krebs/3modules/tv/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 7db5c532e..b7fd1c54c 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -40,6 +40,7 @@ with lib;
           aliases = [
             "cd.r"
             "cd.retiolum"
+            "cgit.cd.r"
             "cgit.cd.retiolum"
           ];
           tinc.pubkey = ''
@@ -80,6 +81,7 @@ with lib;
           aliases = [
             "mkdir.r"
             "mkdir.retiolum"
+            "cgit.mkdir.r"
             "cgit.mkdir.retiolum"
           ];
           tinc.pubkey = ''
@@ -181,6 +183,7 @@ with lib;
           aliases = [
             "nomic.r"
             "nomic.retiolum"
+            "cgit.nomic.r"
             "cgit.nomic.retiolum"
           ];
           tinc.pubkey = ''
@@ -225,6 +228,7 @@ with lib;
           aliases = [
             "rmdir.r"
             "rmdir.retiolum"
+            "cgit.rmdir.r"
             "cgit.rmdir.retiolum"
           ];
           tinc.pubkey = ''
@@ -273,6 +277,7 @@ with lib;
           aliases = [
             "wu.r"
             "wu.retiolum"
+            "cgit.wu.r"
             "cgit.wu.retiolum"
           ];
           tinc.pubkey = ''
-- 
cgit v1.2.3


From c784d271c5dc8783e5e6308baf4f6dd26430bfca Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 18:38:51 +0100
Subject: tv: adopt mu

---
 krebs/3modules/tv/default.nix | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index b7fd1c54c..9adb0ce11 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -169,6 +169,28 @@ with lib;
       };
       ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
     };
+    mu = {
+      nets = {
+        retiolum = {
+          addrs4 = ["10.243.20.01"];
+          addrs6 = ["42:0:0:0:0:0:0:2001"];
+          aliases = [
+            "mu.r"
+            "mu.retiolum"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEApXErmPSn2CO4V25lqxanCGCFgxEAjdzFUiTCCu0IvELEuCc3PqVA
+            g4ecf8gGwPCbzMW/1txjlgbsQcm87U5enaCwzSv/pa7P9/memV74OhqEVOypFlDE
+            XeZczqQfNbjoLYl4cKZpTsSZmOgASXaMDrH2N37f50q35C0MQw0HRzaQM5VLrzb4
+            o87MClS+yPqpvp34QjW+1lqnOKvMkr6mDrmtcAjCOs9Ma16txyfjGVFi8KmYqIs1
+            QEJmyC9Uocz5zuoSLUghgVRn9yl4+MEw6++akFDwKt/eMkcSq0GPB+3Rz/WLDiBs
+            FK6BsssQWdwiEWpv6xIl1Fi+s7F0riq2cwIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+    };
     nomic = {
       cores = 2;
       dc = "tv"; #dc = "gg23";
-- 
cgit v1.2.3

[cgit] Unable to lock slot /tmp/cgit/2b200000.lock: No such file or directory (2)