101 files changed, 3220 insertions, 636 deletions

diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix
new file mode 100644
index 000000000..75296bafb
--- /dev/null
+++ b/krebs/3modules/apt-cacher-ng.nix
@@ -0,0 +1,157 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+  acng-config = pkgs.writeTextFile {
+    name = "acng-configuration";
+    destination = "/acng.conf";
+    text = ''
+      ForeGround: 1
+      CacheDir: ${cfg.cacheDir}
+      LogDir: ${cfg.logDir}
+      PidFile: /var/run/apt-cacher-ng.pid
+      ExTreshold: ${toString cfg.cacheExpiration}
+      CAfile: ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
+
+      Port: ${toString cfg.port}
+      BindAddress: ${cfg.bindAddress}
+
+      # defaults:
+      Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian
+      Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu
+      Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol
+      Remap-cygwin: file:cygwin_mirrors /cygwin
+      Remap-sfnet:  file:sfnet_mirrors
+      Remap-alxrep: file:archlx_mirrors /archlinux
+      Remap-fedora: file:fedora_mirrors
+      Remap-epel:   file:epel_mirrors
+      Remap-slrep:  file:sl_mirrors # Scientific Linux
+      Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo
+
+      ReportPage: acng-report.html
+      SupportDir: ${pkgs.apt-cacher-ng}/lib/apt-cacher-ng
+      LocalDirs: acng-doc ${pkgs.apt-cacher-ng}/share/doc/apt-cacher-ng
+
+      # Nix cache
+      ${optionalString cfg.enableNixCache ''
+        Remap-nix: http://cache.nixos.org /nixos ; https://cache.nixos.org
+        PfilePatternEx: (^|.*?/).*\.nar(info)?(|\.gz|\.xz|\.bz2)$
+        VfilePatternEx: (^|.*?/)nix-cache-info$
+      ''}
+
+      ${cfg.extraConfig}
+    '';
+  };
+
+  acng-home = "/var/cache/acng";
+  cfg = config.krebs.apt-cacher-ng;
+
+  api = {
+    enable = mkEnableOption "apt-cacher-ng";
+
+    cacheDir = mkOption {
+      default = acng-home + "/cache";
+      type = types.str;
+      description = ''
+        Path to apt-cacher-ng cache directory.
+        Will be created and chowned to acng-user
+      '';
+    };
+
+    logDir = mkOption {
+      default = acng-home + "/log";
+      type = types.str;
+      description = ''
+        Path to apt-cacher-ng log directory.
+        Will be created and chowned to acng-user
+      '';
+    };
+
+    port = mkOption {
+      default = 3142;
+      type = types.int;
+      description = ''
+        port of apt-cacher-ng
+      '';
+    };
+
+    bindAddress = mkOption {
+      default = "";
+      type = types.str;
+      example = "localhost 192.168.7.254 publicNameOnMainInterface";
+      description = ''
+        listen address of apt-cacher-ng. Defaults to every interface.
+      '';
+    };
+
+    cacheExpiration = mkOption {
+      default = 4;
+      type = types.int;
+      description = ''
+        number of days before packages expire in the cache without being
+        requested.
+      '';
+    };
+
+    enableNixCache = mkOption {
+      default = true;
+      type = types.bool;
+      description = ''
+        enable cache.nixos.org caching via PfilePatternEx and VfilePatternEx.
+
+        to use the apt-cacher-ng in your nixos configuration:
+          nix.binary-cache = [ http://acng-host:port/nixos ];
+
+        These options cannot be used in extraConfig, use SVfilePattern and
+        SPfilePattern or disable this option.
+      '';
+    };
+
+    extraConfig = mkOption {
+      default = "";
+      type = types.lines;
+      description = ''
+        extra config appended to the generated acng.conf
+      '';
+    };
+  };
+
+  imp = {
+
+    users.extraUsers.acng = {
+    # uid = config.ids.uids.acng;
+      uid = 897955083; #genid Reaktor
+      description = "apt-cacher-ng";
+      home = acng-home;
+      createHome = false;
+    };
+
+    users.extraGroups.acng = {
+      gid = 897955083; #genid Reaktor
+    # gid = config.ids.gids.Reaktor;
+    };
+
+    systemd.services.apt-cacher-ng = {
+      description = "apt-cacher-ng";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        PermissionsStartOnly = true;
+        ExecStartPre = pkgs.writeScript "acng-init" ''
+          #!/bin/sh
+          mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
+          chown acng:acng  ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
+        '';
+        ExecStart = "${pkgs.apt-cacher-ng}/bin/apt-cacher-ng -c ${acng-config}";
+        PrivateTmp = "true";
+        User = "acng";
+        Restart = "always";
+        RestartSec = "10";
+      };
+    };
+  };
+in
+{
+  options.krebs.apt-cacher-ng = api;
+  config = mkIf cfg.enable imp;
+}
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index a908d437b..740ba67b8 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -6,13 +6,16 @@ let
 
   out = {
     imports = [
+      ./apt-cacher-ng.nix
       ./bepasty-server.nix
       ./build.nix
       ./current.nix
       ./exim-retiolum.nix
       ./exim-smarthost.nix
+      ./fetchWallpaper.nix
       ./github-hosts-sync.nix
       ./git.nix
+      ./go.nix
       ./iptables.nix
       ./nginx.nix
       ./per-user.nix
@@ -85,6 +88,7 @@ let
       krebs.dns.providers = {
         de.krebsco = "zones";
         gg23 = "hosts";
+        shack = "hosts";
         internet = "hosts";
         retiolum = "hosts";
       };
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
new file mode 100644
index 000000000..83ecf4177
--- /dev/null
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -0,0 +1,89 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.krebs.fetchWallpaper;
+
+  out = {
+    options.krebs.fetchWallpaper = api;
+    config = mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "fetch wallpaper";
+    predicate = mkOption {
+      type = with types; nullOr path;
+      default = null;
+    };
+    url = mkOption {
+      type = types.str;
+    };
+    timerConfig = mkOption {
+      type = types.unspecified;
+      default = {
+        OnCalendar = "*:00,10,20,30,40,50";
+      };
+    };
+    stateDir = mkOption {
+      type = types.str;
+      default = "/var/lib/wallpaper";
+    };
+    display = mkOption {
+      type = types.str;
+      default = ":11";
+    };
+  };
+
+  fetchWallpaperScript = pkgs.writeScript "fetchWallpaper" ''
+    #! ${pkgs.bash}/bin/bash
+    ${optionalString (cfg.predicate != null) ''
+      if ! ${cfg.predicate}; then
+        echo "predicate failed - will not fetch from remote"
+        exit 0
+      fi
+    ''}
+    mkdir -p ${shell.escape cfg.stateDir}
+    curl -s -o ${shell.escape cfg.stateDir}/wallpaper -z ${shell.escape cfg.stateDir}/wallpaper ${shell.escape cfg.url}
+    feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
+  '';
+
+  imp = {
+    users.users.fetchWallpaper = {
+      name = "fetchWallpaper";
+      uid = 3332383611; #genid fetchWallpaper
+      description = "fetchWallpaper user";
+      home = cfg.stateDir;
+      createHome = true;
+    };
+
+    systemd.timers.fetchWallpaper = {
+      description = "fetch wallpaper timer";
+      wantedBy = [ "timers.target" ];
+