summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/fetchWallpaper.nix22
-rw-r--r--krebs/3modules/htgen.nix68
-rw-r--r--krebs/3modules/iptables.nix6
-rw-r--r--krebs/3modules/tv/default.nix4
-rw-r--r--krebs/5pkgs/htgen/default.nix28
-rw-r--r--krebs/5pkgs/krebspaste/default.nix2
-rw-r--r--lass/1systems/mors.nix6
-rw-r--r--lass/2configs/bepasty.nix24
-rw-r--r--lass/2configs/copyq.nix10
-rw-r--r--lass/2configs/default.nix5
-rw-r--r--lass/2configs/git.nix9
-rw-r--r--lass/2configs/hfos.nix9
-rw-r--r--lass/2configs/htop.nix1
-rw-r--r--lass/2configs/mail.nix17
-rw-r--r--lass/2configs/mc.nix6
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--lass/2configs/power-action.nix2
-rw-r--r--lass/2configs/repo-sync.nix1
-rw-r--r--lass/2configs/websites/domsen.nix1
-rw-r--r--lass/2configs/xresources.nix6
-rw-r--r--shared/1systems/wolf.nix12
-rw-r--r--shared/2configs/repo-sync.nix3
-rw-r--r--tv/1systems/wu.nix6
-rw-r--r--tv/1systems/xu.nix17
-rw-r--r--tv/1systems/zu.nix18
-rw-r--r--tv/2configs/default.nix3
-rw-r--r--tv/2configs/exim-smarthost.nix2
-rw-r--r--tv/2configs/vim.nix20
-rw-r--r--tv/3modules/iptables.nix6
30 files changed, 219 insertions, 98 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index f336c966f..d24cea1a2 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -20,6 +20,7 @@ let
./github-hosts-sync.nix
./git.nix
./go.nix
+ ./htgen.nix
./iptables.nix
./kapacitor.nix
./monit.nix
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index e226a9060..e00c0ec9b 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -21,10 +21,9 @@ let
OnCalendar = "*:00,10,20,30,40,50";
};
};
- # TODO find a better default stateDir
stateDir = mkOption {
type = types.str;
- default = "$HOME/wallpaper";
+ default = "/var/lib/wallpaper";
};
display = mkOption {
type = types.str;
@@ -52,27 +51,35 @@ let
mkdir -p ${cfg.stateDir}
cd ${cfg.stateDir}
(curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || :
- feh --no-fehbg --bg-scale wallpaper
+ feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
'';
imp = {
- systemd.user.timers.fetchWallpaper = {
+ users.users.fetchWallpaper = {
+ name = "fetchWallpaper";
+ uid = genid "fetchWallpaper";
+ description = "fetchWallpaper user";
+ home = cfg.stateDir;
+ createHome = true;
+ };
+
+ systemd.timers.fetchWallpaper = {
description = "fetch wallpaper timer";
wantedBy = [ "timers.target" ];
timerConfig = cfg.timerConfig;
};
- systemd.user.services.fetchWallpaper = {
+ systemd.services.fetchWallpaper = {
description = "fetch wallpaper";
- wantedBy = [ "default.target" ];
+ after = [ "network.target" ];
path = with pkgs; [
curl
feh
- coreutils
];
environment = {
+ URL = cfg.url;
DISPLAY = cfg.display;
};
restartIfChanged = true;
@@ -80,6 +87,7 @@ let
serviceConfig = {
Type = "simple";
ExecStart = fetchWallpaperScript;
+ User = "fetchWallpaper";
};
unitConfig = cfg.unitConfig;
diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix
new file mode 100644
index 000000000..0dddca6c8
--- /dev/null
+++ b/krebs/3modules/htgen.nix
@@ -0,0 +1,68 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ cfg = config.krebs.htgen;
+
+ out = {
+ options.krebs.htgen = api;
+ config = imp;
+ };
+
+ api = mkOption {
+ default = {};
+ type = types.attrsOf (types.submodule ({ config, ... }: {
+ options = {
+ enable = mkEnableOption "krebs.htgen-${config.name}";
+
+ name = mkOption {
+ type = types.username;
+ default = config._module.args.name;
+ };
+
+ port = mkOption {
+ type = types.uint;
+ };
+
+ script = mkOption {
+ type = types.str;
+ };
+ user = mkOption {
+ type = types.user;
+ default = {
+ name = "htgen-${config.name}";
+ home = "/var/lib/htgen-${config.name}";
+ };
+ };
+ };
+ }));
+ };
+ imp = {
+
+ systemd.services = mapAttrs' (name: htgen:
+ nameValuePair "htgen-${name}" {
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ environment = {
+ HTGEN_PORT = toString htgen.port;
+ HTGEN_SCRIPT = htgen.script;
+ };
+ serviceConfig = {
+ SyslogIdentifier = "htgen";
+ User = htgen.user.name;
+ PrivateTmp = true;
+ Restart = "always";
+ ExecStart = "${pkgs.htgen}/bin/htgen --serve";
+ };
+ }
+ ) cfg;
+
+ users.users = mapAttrs' (name: htgen:
+ nameValuePair htgen.user.name {
+ inherit (htgen.user) home name uid;
+ createHome = true;
+ }
+ ) cfg;
+
+ };
+in out
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index 09b493c20..d64ed86de 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -68,8 +68,8 @@ let
networking.firewall.enable = false;
systemd.services.krebs-iptables = {
- description = "krebs-iptables";
- wantedBy = [ "network-pre.target" ];
+ wantedBy = [ "sysinit.target" ];
+ wants = [ "network-pre.target" ];
before = [ "network-pre.target" ];
after = [ "systemd-modules-load.service" ];
@@ -85,6 +85,8 @@ let
Restart = "always";
ExecStart = startScript;
};
+
+ unitConfig.DefaultDependencies = false;
};
};
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index d44c322aa..3f00f30c2 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -224,8 +224,8 @@ with import <stockholm/lib>;
internet = {
ip4.addr = "188.68.36.196";
aliases = [
- "cgit.ni.i"
"ni.i"
+ "cgit.ni.i"
];
ssh.port = 11423;
};
@@ -360,8 +360,8 @@ with import <stockholm/lib>;
gg23 = {
ip4.addr = "10.23.1.38";
aliases = [
- "cache.xu.gg23"
"xu.gg23"
+ "cache.xu.gg23"
];
ssh.port = 11423;
};
diff --git a/krebs/5pkgs/htgen/default.nix b/krebs/5pkgs/htgen/default.nix
new file mode 100644
index 000000000..f9dfeb3d1
--- /dev/null
+++ b/krebs/5pkgs/htgen/default.nix
@@ -0,0 +1,28 @@
+{ bash, coreutils, gnused, stdenv, fetchgit, ucspi-tcp }:
+with import <stockholm/lib>;
+let
+ version = "1.1";
+in stdenv.mkDerivation {
+ name = "htgen-${version}";
+
+ src = fetchgit {
+ url = "http://cgit.krebsco.de/htgen";
+ rev = "refs/tags/v${version}";
+ sha256 = "1zxj0fv9vdrqyl3x2hgq7a6xdlzpclf93akygysrzsqk9wjapp4z";
+ };
+
+ installPhase = ''
+ mkdir -p $out/bin
+ {
+ echo '#! ${bash}/bin/bash'
+ echo 'export PATH=${makeBinPath [
+ ucspi-tcp
+ coreutils
+ gnused
+ ]}''${PATH+":$PATH"}'
+ cat htgen
+ } > $out/bin/htgen
+ chmod +x $out/bin/htgen
+ cp -r examples $out
+ '';
+}
diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix
index dd7616a05..8c6676d0e 100644
--- a/krebs/5pkgs/krebspaste/default.nix
+++ b/krebs/5pkgs/krebspaste/default.nix
@@ -2,5 +2,5 @@
# TODO use `execve` instead?
writeDashBin "krebspaste" ''
- exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
+ exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@"
''
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 223e16bae..534d65162 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -86,6 +86,10 @@ with import <stockholm/lib>;
pkgs.krebszones
];
}
+ {
+ #ps vita stuff
+ boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
+ }
];
krebs.build.host = config.krebs.hosts.mors;
@@ -180,8 +184,6 @@ with import <stockholm/lib>;
'';
environment.systemPackages = with pkgs; [
- exfat
-
acronym
cac-api
sshpass
diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix
index a3c6d0f28..c2bc3f3cd 100644
--- a/lass/2configs/bepasty.nix
+++ b/lass/2configs/bepasty.nix
@@ -9,7 +9,10 @@ with import <stockholm/lib>;
with import <stockholm/lib>;
let
secKey = import <secrets/bepasty-secret.nix>;
- ext-dom = "paste.lassul.us" ;
+ ext-doms = [
+ "paste.lassul.us"
+ "paste.krebsco.de"
+ ];
in {
services.nginx.enable = mkDefault true;
@@ -25,16 +28,15 @@ in {
defaultPermissions = "admin,list,create,read,delete";
secretKey = secKey;
};
-
- "${ext-dom}" = {
- nginx = {
- enableSSL = true;
- forceSSL = true;
- enableACME = true;
- };
- defaultPermissions = "read";
- secretKey = secKey;
+ } //
+ genAttrs ext-doms (ext-dom: {
+ nginx = {
+ enableSSL = true;
+ forceSSL = true;
+ enableACME = true;
};
- };
+ defaultPermissions = "read";
+ secretKey = secKey;
+ });
};
}
diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix
index 0616c4025..b255254f2 100644
--- a/lass/2configs/copyq.nix
+++ b/lass/2configs/copyq.nix
@@ -9,7 +9,7 @@ let
${pkgs.copyq}/bin/copyq config activate_closes true
${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
- ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard
+ ${pkgs.copyq}/bin/copyq config clipboard_tab \&clipboard
${pkgs.copyq}/bin/copyq config disable_tray true
${pkgs.copyq}/bin/copyq config hide_tabs true
${pkgs.copyq}/bin/copyq config hide_toolbar true
@@ -19,10 +19,9 @@ let
${pkgs.copyq}/bin/copyq config text_wrap true
'';
in {
- systemd.user.services.copyq = {
- after = [ "graphical.target" ];
- wants = [ "graphical.target" ];
- wantedBy = [ "default.target" ];
+ systemd.services.copyq = {
+ wantedBy = [ "multi-user.target" ];
+ requires = [ "display-manager.service" ];
environment = {
DISPLAY = ":0";
};
@@ -33,6 +32,7 @@ in {
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;
+ User = "lass";
};
};
}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 96f70d312..f4e4cd2cc 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -64,7 +64,10 @@ with import <stockholm/lib>;
];
}
{
- services.dnscrypt-proxy.enable = true;
+ services.dnscrypt-proxy = {
+ enable = true;
+ resolverName = "d0wn-nl-ns3";
+ };
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 3e1b2c6e3..be08d0ec1 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -32,10 +32,13 @@ let
public-repos = mapAttrs make-public-repo {
stockholm = {
cgit.desc = "take all the computers hostage, they'll love you!";
+ cgit.section = "configuration";
};
- kimsufi-check = {};
} // mapAttrs make-public-repo-silent {
- the_playlist = {};
+ the_playlist = {
+ cgit.desc = "Good Music collection + tools";
+ cgit.section = "art";
+ };
};
restricted-repos = mapAttrs make-restricted-repo (
@@ -58,7 +61,7 @@ let
server = "ni.r";
verbose = config.krebs.build.host.name == "prism";
# TODO define branches in some kind of option per repo
- branches = [ "master" "newest" ];
+ branches = [ "master" ];
};
};
};
diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix
index a28a6a5d2..f63e5ea53 100644
--- a/lass/2configs/hfos.nix
+++ b/lass/2configs/hfos.nix
@@ -36,5 +36,12 @@ with import <stockholm/lib>;
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
];
- systemd.services.krebs-iptables.after = [ "libvirtd.service" ];
+ # TODO use bridge interfaces instead of this crap
+ systemd.services.libvirtd.serviceConfig.ExecStartPost = let
+ restart-iptables = pkgs.writeDash "restart-iptables" ''
+ #soo hacky
+ ${pkgs.coreutils}/bin/sleep 1s
+ ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
+ '';
+ in restart-iptables;
}
diff --git a/lass/2configs/htop.nix b/lass/2configs/htop.nix
index 0296101ac..69e04a05b 100644
--- a/lass/2configs/htop.nix
+++ b/lass/2configs/htop.nix
@@ -3,6 +3,7 @@
with import <stockholm/lib>;
{
+ security.hideProcessInformation = true;
nixpkgs.config.packageOverrides = super: {
htop = pkgs.concat "htop" [
super.htop
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index e4b319528..a08dc88da 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -66,7 +66,6 @@ let
# notmuch bindings
macro index \\\\ "<vfolder-from-query>" # looks up a hand made query
- macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
macro index + "<modify-labels>+*\n<sync-mailbox>" # tag as starred
macro index - "<modify-labels>-*\n<sync-mailbox>" # tag as unstarred
@@ -75,9 +74,25 @@ let
bind index d noop
bind pager d noop
+ bind index S noop
+ bind index s noop
bind pager S noop
+ bind pager s noop
macro index S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
+ macro index s "<modify-labels>-junk\n" # tag as Junk mail
macro pager S "<modify-labels-then-hide>-inbox -unread +junk\n" # tag as Junk mail
+ macro pager s "<modify-labels>-junk\n" # tag as Junk mail
+
+
+ bind index A noop
+ bind index a noop
+ bind pager A noop
+ bind pager a noop
+ macro index A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
+ macro index a "<modify-labels>-archive\n" # tag as Archived
+ macro pager A "<modify-labels>+archive -unread -inbox\n" # tag as Archived
+ macro pager a "<modify-labels>-archive\n" # tag as Archived
+
bind index t noop
bind pager t noop
diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix
index fc347ba3c..513ee1bd0 100644
--- a/lass/2configs/mc.nix
+++ b/lass/2configs/mc.nix
@@ -325,12 +325,10 @@ in {
(pkgs.concat "mc" [
pkgs.mc
(pkgs.writeDashBin "mc" ''
- export MC_DATADIR=${pkgs.concat "mc-datadir" [
- (pkgs.writeOut "mc-ext" {
+ export MC_DATADIR=${pkgs.writeOut "mc-ext" {
"/mc.ext".link = mcExt;
"/sfs.ini".text = "";
- })
- ]}
+ }};
export TERM=xterm-256color
exec ${pkgs.mc}/bin/mc -S xoria256 "$@"
'')
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index a6409b7db..7f6512552 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://cgit.lassul.us/nixpkgs;
- ref = "c0ecd31";
+ ref = "ade5837";
};
}
diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix
index f22bf451a..c7bdb525d 100644
--- a/lass/2configs/power-action.nix
+++ b/lass/2configs/power-action.nix
@@ -26,7 +26,7 @@ in {
lowerLimit = 0;
charging = false;
action = pkgs.writeDash "suspend-wrapper" ''
- /var/setuid-wrappers/sudo ${suspend}
+ /run/wrappers/bin/sudo ${suspend}
'';
};
user = "lass";
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index dfea637ed..74e508549 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -10,6 +10,7 @@ let
public = true;
name = mkDefault "${name}";
cgit.desc = mkDefault "mirror for ${name}";
+ cgit.section = mkDefault "mirror";
hooks = mkIf announce (mkDefault {
post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index daecdcd2f..fde3f7c2b 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -120,6 +120,7 @@ in {
sender_domains = [
"jla-trading.com"
"ubikmedia.eu"
+ "ubikmedia.de"
];
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
ssl_key = "/var/lib/acme/lassul.us/key.pem";
diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix
index 35dbe2044..b5e721483 100644
--- a/lass/2configs/xresources.nix
+++ b/lass/2configs/xresources.nix
@@ -36,9 +36,10 @@ let
'';
in {
- systemd.user.services.xresources = {
+ systemd.services.xresources = {
description = "xresources";
- wantedBy = [ "default.target" ];
+ wantedBy = [ "multi-user.target" ];
+ after = [ "display-manager.service" ];
environment = {
DISPLAY = ":0";
@@ -50,6 +51,7 @@ in {
Type = "simple";
ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}";
Restart = "on-failure";
+ User = "lass";
};
};
}
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index ce3c63f28..b0b822780 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -32,7 +32,17 @@ in
security = import <secrets/grafana_security.nix>;
};
- nix.binaryCaches = [ "http://localhost:3142/nixos" "https://cache.nixos.org" ];
+ nix = {
+ binaryCaches = [
+ "http://localhost:3142/nixos"
+ "http://cache.prism.r"
+ "https://cache.nixos.org/"
+ ];
+ binaryCachePublicKeys = [
+ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
+ ];
+ };
networking = {
firewall.enable = false;
diff --git a/shared/2configs/repo-sync.nix b/shared/2configs/repo-sync.nix
index 004ea5942..637a26e3c 100644
--- a/shared/2configs/repo-sync.nix
+++ b/shared/2configs/repo-sync.nix
@@ -23,7 +23,8 @@ with lib;
};
};
latest = {
- mirror.url = mirror;
+ url = mirror;
+ ref = "heads/master";
};
};
};
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 4cde8b903..328e71fdc 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -19,12 +19,6 @@ with import <stockholm/lib>;
../2configs/xserver
{
environment.systemPackages = with pkgs; [
-
- # stockholm
- gnumake
- hashPassword
- parallel
-
# root
cryptsetup
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 4b8fe8da2..8cf6146b5 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -20,23 +20,6 @@ with import <stockholm/lib>;
{
environment.systemPackages = with pkgs; [
- # stockholm
- gnumake
- hashPassword
- #haskellPackages.lentil
- parallel
- (pkgs.writeBashBin "im" ''
- export PATH=${makeSearchPath "bin" (with pkgs; [
- tmux
- gnugrep
- weechat
- ])}
- if tmux list-sessions -F\#S | grep -q '^im''$'; then
- exec tmux attach -t im
- else
- exec tmux new -s im weechat
- fi
- '')
# root
cryptsetup
diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix
index 194ac2928..b1b2d58ce 100644
--- a/tv/1systems/zu.nix
+++ b/tv/1systems/zu.nix
@@ -25,24 +25,6 @@ with import <stockholm/lib>;
{
environment.systemPackages = with pkgs; [
- # stockholm
- gnumake
- hashPassword
- haskellPackages.lentil
- parallel
- (pkgs.writeBashBin "im" ''
- export PATH=${makeSearchPath "bin" (with pkgs; [
- tmux
- gnugrep
- weechat
- ])}
- if tmux list-sessions -F\#S | grep -q '^im''$'; then
- exec tmux attach -t im
- else
- exec tmux new -s im weechat
- fi
- '')
-
# root
cryptsetup
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index e170156a4..d17e41351 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -38,6 +38,8 @@ with import <stockholm/lib>;
# stockholm dependencies
environment.systemPackages = with pkgs; [
git
+ gnumake
+ hashPassword
populate
];
}
@@ -152,6 +154,7 @@ with import <stockholm/lib>;
{
environment.systemPackages = [
pkgs.get
+ pkgs.krebspaste
pkgs.krebszones
pkgs.nix-prefetch-scripts
pkgs.push
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index cc3bdf95d..816dce78d 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -13,7 +13,7 @@ with import <stockholm/lib>;
"shackspace.de"
"viljetic.de"
];
- relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
+ relay_from_hosts = concatMap (host: host.nets.retiolum.addrs) [
config.krebs.hosts.nomic
config.krebs.hosts.wu
config.krebs.hosts.xu
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 1ffafe9c9..8b83b0503 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -297,14 +297,18 @@ let {
alldirs = attrValues dirs ++ map dirOf (attrValues files);
in unique (sort lessThan alldirs);
- vim = pkgs.writeDashBin "vim" ''
- set -efu
- (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
- if test $# = 0 && test -e "$PWD/.ctrlpignore"; then
- set -- +CtrlP
- fi
- exec ${pkgs.vim}/bin/vim "$@"
- '';
+ vim = pkgs.concat "vim" [
+ pkgs.vim_configurable
+ (pkgs.writeDashBin "vim" ''
+ set -efu
+ (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
+ if test $# = 0 && test -e "$PWD/.ctrlpignore"; then
+ set -- +CtrlP
+ fi
+ # vim-orgmode needs Python, thus vim_configurable instead of just vim
+ exec ${pkgs.vim_configurable}/bin/vim "$@"
+ '')
+ ];
vimrc = pkgs.writeText "vimrc" ''
set nocompatible
diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix
index 803ed6fbf..56861dc74 100644
--- a/tv/3modules/iptables.nix
+++ b/tv/3modules/iptables.nix
@@ -57,8 +57,8 @@ let {
networking.firewall.enable = false;
systemd.services.tv-iptables = {
- description = "tv-iptables";
- wantedBy = [ "network-pre.target" ];
+ wantedBy = [ "sysinit.target" ];
+ wants = [ "network-pre.target" ];
before = [ "network-pre.target" ];
after = [ "systemd-modules-load.service" ];
@@ -79,6 +79,8 @@ let {
ip6tables-restore < $