13 files changed, 148 insertions, 29 deletions

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 140045b93..a6b5a1906 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -59,8 +59,6 @@ let
                   --exclude .graveyard \
                   --exclude old \
                   --rsync-path="mkdir -p \"$2\" && rsync" \
-                  --usermap=\*:0 \
-                  --groupmap=\*:0 \
                   --delete-excluded \
                   -vrLptgoD \
                   "$src" "$dst"
@@ -219,6 +217,37 @@ let
 
   lass-imp = {
     hosts = addNames {
+      echelon = {
+        cores = 4;
+        dc = "lass"; #dc = "cac";
+        nets = rec {
+          internet = {
+            addrs4 = ["162.248.167.198"];
+            aliases = [
+              "echelon.internet"
+            ];
+          };
+          retiolum = {
+            via = internet;
+            addrs4 = ["10.243.206.103"];
+            addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f763"];
+            aliases = [
+              "echelon.retiolum"
+              "cgit.echelon.retiolum"
+            ];
+            tinc.pubkey = ''
+              -----BEGIN RSA PUBLIC KEY-----
+              MIIBCgKCAQEA92ybhDahtGybpAkUNlG5Elxw05MVY4Pg7yK0dQugB4nVq+pnmi78
+              DOMeIciecMHmJM8n9UlUU0eWZVCgHeVd23d6J0hTHCv24p24uHEGGy7XlO/dPJ6A
+              IjROYU0l8c03pipdJ3cDBx6riArSglwmZJ7xH/Iw0BUhRZrPqbtijY7EcG2wc+8K
+              N9N9mBofVMl4EcBiDR/eecK+ro8OkeOmYPtYgFJLvxTYXiPIhOxMAlkOY2fpin/t
+              cgFLUFuN4ag751XjjcNpVovVq95vdg+VhKrrNVWZjJt03owW81BzoryY6CD2kIPq
+              UxK89zEdeYOUT7AxaT/5V5v41IvGFZxCzwIDAQAB
+              -----END RSA PUBLIC KEY-----
+            '';
+          };
+        };
+      };
       cloudkrebs = {
         cores = 1;
         dc = "lass"; #dc = "cac";
@@ -683,6 +712,31 @@ let
         };
         secure = true;
       };
+      xu = {
+        cores = 4;
+        # TODO xu is mobile, so dc means "home data center"
+        dc = "tv"; #dc = "gg23";
+        nets = {
+          retiolum = {
+            addrs4 = ["10.243.13.38"];
+            addrs6 = ["42:0:0:0:0:0:0:1338"];
+            aliases = [
+              "xu.retiolum"
+            ];
+            tinc.pubkey = ''
+              -----BEGIN RSA PUBLIC KEY-----
+              MIIBCgKCAQEAl3l7IWbfbkVgaJFM3s9g2UCh2rmqoTba16Of7NNWMj05L/hIkUsQ
+              uc43/QzidWh/4gEaq5MQ7JpLyzVBQYRJkNlPRF/Z07KdLBskAZCjDYdYue9BrziX
+              8s2Irs2+FNbCK2LqtrPhbcXQJvixsk6vjl2OBpWTDUcDEsk+D1YQilxdtyUzCUkw
+              mmRo/mzNsLZsYlSgZ6El/ZLkRdtexAzGxJ0DrukpDR0uqXXkp7jUaxRCZ+Cwanvj
+              4I1Hu5aHzWB7KJ1SIvpX3a4f+mun1gh3TPqWP5PUqJok1PSuScz6P2UGaLZZyH63
+              4o+9nGJPuzb9bpMVRaVGtKXd39jwY7mbqwIDAQAB
+              -----END RSA PUBLIC KEY-----
+            '';
+          };
+        };
+        secure = true;
+      };
     };
     users = addNames {
       mv = {
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index 4e123e723..f6b4bd8b1 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -67,7 +67,7 @@ types // rec {
           options = {
             config = mkOption {
               type = str;
-              apply = _: ''
+              default = ''
                 ${optionalString (net-config.via != null)
                   (concatMapStringsSep "\n" (a: "Address = ${a}") net-config.via.addrs)}
                 ${concatMapStringsSep "\n" (a: "Subnet = ${a}") net-config.addrs}
diff --git a/krebs/Zhosts/xu b/krebs/Zhosts/xu
new file mode 100644
index 000000000..688e4a340
--- /dev/null
+++ b/krebs/Zhosts/xu
@@ -0,0 +1,13 @@
+
+Subnet = 10.243.13.38
+Subnet = 42:0:0:0:0:0:0:1338
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAl3l7IWbfbkVgaJFM3s9g2UCh2rmqoTba16Of7NNWMj05L/hIkUsQ
+uc43/QzidWh/4gEaq5MQ7JpLyzVBQYRJkNlPRF/Z07KdLBskAZCjDYdYue9BrziX
+8s2Irs2+FNbCK2LqtrPhbcXQJvixsk6vjl2OBpWTDUcDEsk+D1YQilxdtyUzCUkw
+mmRo/mzNsLZsYlSgZ6El/ZLkRdtexAzGxJ0DrukpDR0uqXXkp7jUaxRCZ+Cwanvj
+4I1Hu5aHzWB7KJ1SIvpX3a4f+mun1gh3TPqWP5PUqJok1PSuScz6P2UGaLZZyH63
+4o+9nGJPuzb9bpMVRaVGtKXd39jwY7mbqwIDAQAB
+-----END RSA PUBLIC KEY-----
+
+
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
new file mode 100644
index 000000000..12765a101
--- /dev/null
+++ b/lass/1systems/echelon.nix
@@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ../../tv/2configs/CAC-Developer-2.nix
+    ../../tv/2configs/CAC-CentOS-7-64bit.nix
+    ../2configs/base.nix
+    ../2configs/retiolum.nix
+    ../2configs/fastpoke-pages.nix
+    ../2configs/new-repos.nix
+    {
+      networking.interfaces.enp2s1.ip4 = [
+        {
+          address = "162.248.167.198";
+          prefixLength = 24;
+        }
+      ];
+      networking.defaultGateway = "162.248.167.1";
+      networking.nameservers = [
+        "8.8.8.8"
+      ];
+
+    }
+  ];
+
+  krebs.build = {
+    user = config.krebs.users.lass;
+    target = "root@162.248.167.198";
+    host = config.krebs.hosts.echelon;
+    deps = {
+      secrets = {
+        url = "/home/lass/secrets/${config.krebs.build.host.name}";
+      };
+      stockholm = {
+        url = toString ../..;
+      };
+    };
+  };
+
+  networking.hostName = "cloudkrebs";
+
+}
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 7c3d08123..bb98975e4 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -16,7 +16,7 @@ with builtins;
       users.extraUsers = {
         root = {
           openssh.authorizedKeys.keys = map readFile [
-            ../../Zpubkeys/uriel.ssh.pub
+            ../../krebs/Zpubkeys/uriel.ssh.pub
           ];
         };
       };
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index d44a19c1e..18acd15ab 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -14,7 +14,7 @@ with lib;
       users.extraUsers = {
         root = {
           openssh.authorizedKeys.keys = map readFile [
-            ../../Zpubkeys/lass.ssh.pub
+            ../../krebs/Zpubkeys/lass.ssh.pub
           ];
         };
         mainUser = {
@@ -29,7 +29,7 @@ with lib;
             "wheel"
           ];
           openssh.authorizedKeys.keys = map readFile [
-            ../../Zpubkeys/lass.ssh.pub
+            ../../krebs/Zpubkeys/lass.ssh.pub
           ];
         };
       };
@@ -42,7 +42,7 @@ with lib;
     exim-retiolum.enable = true;
     build.deps.nixpkgs = {
       url = https://github.com/Lassulus/nixpkgs;
-      rev = "58a82ff50b8605b88a8f66481d8c85bf8ab53be3";
+      rev = "e74d0e7ff83c16846a81e1173543f180ad565076";
     };
   };
 
@@ -147,4 +147,8 @@ with lib;
     };
   };
 
+  networking.dhcpcd.extraConfig = ''
+    noipv4ll
+  '';
+
 }
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 9849c829a..2aaeda63d 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -26,8 +26,17 @@ let
       ];
     };
 
+  #TODO: abstract this
+
 in {
 
+  environment.systemPackages = [
+    (simpleScript "browser-select" ''
+      BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu)
+      $BROWSER $@
+    '')
+  ];
+
   imports = [
     ../3modules/per-user.nix
   ] ++ [
diff --git a/lass/2configs/chromium-patched.nix b/lass/2configs/chromium-patched.nix
index 715181778..d9d7760dd 100644
--- a/lass/2configs/chromium-patched.nix
+++ b/lass/2configs/chromium-patched.nix
@@ -37,12 +37,12 @@ let
 in {
   environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy;
 
-  environment.systemPackages = [
-    #pkgs.chromium
-    (pkgs.lib.overrideDerivation pkgs.chromium (attrs: {
-      buildCommand = attrs.buildCommand + ''
-        touch $out/TEST123
-      '';
-    }))
-  ];
+  #environment.systemPackages = [
+  #  #pkgs.chromium
+  #  (pkgs.lib.overrideDerivation pkgs.chromium (attrs: {
+  #    buildCommand = attrs.buildCommand + ''
+  #      touch $out/TEST123
+  #    '';
+  #  }))
+  #];
 }
diff --git a/lass/2configs/desktop-base.nix b/lass/2configs/desktop-base.nix
index 9b98e4a8b..52c29d7e8 100644
--- a/lass/2configs/desktop-base.nix
+++ b/lass/2configs/desktop-base.nix
@@ -58,6 +58,7 @@ in {
     layout = "us";
     xkbModel = "evdev";
     xkbVariant = "altgr-intl";
+    xkbOptions = "caps:backspace";
   };
 
 }
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index 7c7f2b4d4..17cd1d822 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -17,7 +17,7 @@
 
   krebs.retiolum = {
     enable = true;
-    hosts = ../../Zhosts;
+    hosts = ../../krebs/Zhosts;
     connectTo = [
       "fastpoke"
       "cloudkrebs"
diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix
index 7d088fc6a..bd895e156 100644
--- a/lass/2configs/steam.nix
+++ b/lass/2configs/steam.nix
@@ -16,15 +16,14 @@
   environment.systemPackages = with pkgs; [
     steam
   ];
-  networking.firewall = {
-    allowedUDPPorts = [
-      27031
-      27036
-    ];
-    allowedTCPPorts = [
-      27036
-      27037
-    ];
+  lass.iptables = {
+    tables = {
+      filter.INPUT.rules = [
+        { predicate = "-p tcp --dport 27031"; target = "ACCEPT"; }
+        { predicate = "-p tcp --dport 27036"; target = "ACCEPT"; }
+        { predicate = "-p udp --dport 27031"; target = "ACCEPT"; }
+        { predicate = "-p udp --dport 27036"; target = "ACCEPT"; }
+      ];
+    };
   };
-
 }
diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix
index ad7ac1429..9769cd68d 100644
--- a/lass/2configs/virtualbox.nix
+++ b/lass/2configs/virtualbox.nix
@@ -4,7 +4,6 @@ let
   mainUser = config.users.extraUsers.mainUser;
 
 in {
-  virtualisation.virtualbox.host.enable = true;
 
   users.extraUsers = {
     virtual = {
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index c776262ff..6df35b905 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -2,10 +2,8 @@
 
 let
   inherit (pkgs) callPackage;
-  kpkgs = import ../../krebs/5pkgs { inherit pkgs; };
 in
 
-kpkgs //
 rec {
   bitlbee-dev = callPackage ./bitlbee-dev.nix {};
   bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; };