19 files changed, 165 insertions, 119 deletions

diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix
index a17ec0883..02176ec4a 100644
--- a/krebs/3modules/setuid.nix
+++ b/krebs/3modules/setuid.nix
@@ -5,7 +5,7 @@ let
 
   out = {
     options.krebs.setuid = api;
-    config = imp;
+    config = mkIf (cfg != {}) imp;
   };
 
   api = mkOption {
diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh
index 3f5d66431..50d521e17 100644
--- a/krebs/4lib/infest/prepare.sh
+++ b/krebs/4lib/infest/prepare.sh
@@ -43,6 +43,13 @@ prepare() {(
             exit
         esac
         ;;
+      stockholm)
+        case $(cat /proc/cmdline) in
+          *' root=LABEL=NIXOS_ISO '*)
+            prepare_nixos_iso "$@"
+            exit
+        esac
+        ;;
     esac
   elif test -e /etc/centos-release; then
     case $(cat /etc/centos-release) in
diff --git a/krebs/5pkgs/simple/brain/default.nix b/krebs/5pkgs/simple/brain/default.nix
index 079db825f..e69b44f0f 100644
--- a/krebs/5pkgs/simple/brain/default.nix
+++ b/krebs/5pkgs/simple/brain/default.nix
@@ -1,11 +1,11 @@
 { pass, writeOut, writeDash, ... }:
 
 writeOut "brain" {
-  "/bin/brain-pass".link = writeDash "brain-pass" ''
+  "/bin/brain".link = writeDash "brain" ''
     PASSWORD_STORE_DIR=$HOME/brain \
     exec ${pass}/bin/pass $@
   '';
-  "/bin/brain-passmenu".link = writeDash "brain-passmenu" ''
+  "/bin/brainmenu".link = writeDash "brainmenu" ''
     PASSWORD_STORE_DIR=$HOME/brain \
     exec ${pass}/bin/passmenu $@
   '';
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix
index 8b2e82d31..b45d5b228 100644
--- a/lass/1systems/iso.nix
+++ b/lass/1systems/iso.nix
@@ -21,7 +21,6 @@ with import <stockholm/lib>;
             coreutils = pkgs.symlinkJoin {
               name = "coreutils-hack";
               paths = [
-                pkgs.coreutils
                 (pkgs.writeDashBin "tee" ''
                   if test "$1" = /dev/stderr; then
                     while read -r line; do
@@ -32,6 +31,7 @@ with import <stockholm/lib>;
                     ${super.coreutils}/bin/tee "$@"
                   fi
                 '')
+                pkgs.coreutils
               ];
             };
           };
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 6790c0aea..b9ab54503 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -17,7 +17,7 @@ with import <stockholm/lib>;
     ../2configs/steam.nix
     ../2configs/wine.nix
     ../2configs/git.nix
-    ../2configs/libvirt.nix
+    ../2configs/virtualbox.nix
     ../2configs/fetchWallpaper.nix
     #../2configs/c-base.nix
     ../2configs/mail.nix
@@ -156,15 +156,6 @@ with import <stockholm/lib>;
   #activationScripts
   #split up and move into base
   system.activationScripts.powertopTunables = ''
-    #Enable Audio codec power management
-    echo '1' > '/sys/module/snd_hda_intel/parameters/power_save'
-    #VM writeback timeout
-    echo '1500' > '/proc/sys/vm/dirty_writeback_centisecs'
-    #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp]
-    #echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
-    #Autosuspend for USB device Biometric Coprocessor
-    #echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
-
     #Runtime PMs
     echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
     echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control'
@@ -183,6 +174,7 @@ with import <stockholm/lib>;
 
   environment.systemPackages = with pkgs; [
     acronym
+    brain
     cac-api
     sshpass
     get
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 02054a8e5..af847333d 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -46,6 +46,10 @@ in {
     ../2configs/paste.nix
     ../2configs/syncthing.nix
     ../2configs/coders-irc.nix
+    ../2configs/ciko.nix
+    {
+      lass.pyload.enable = true;
+    }
     {
       imports = [
         ../2configs/bepasty.nix
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 5edd1075d..e765ddbb4 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -32,7 +32,7 @@ in {
               stockholm_repo,
               workdir='stockholm-poller', branches=True,
               project='stockholm',
-              pollinterval=120
+              pollinterval=10
           )
       )
     '';
@@ -44,7 +44,7 @@ in {
                   change_filter=util.ChangeFilter(branch_re=".*"),
                   treeStableTimer=10,
                   name="build-all-branches",
-                  builderNames=["build-hosts", "build-pkgs"]
+                  builderNames=["build-hosts"]
               )
         )
       '';
@@ -77,6 +77,11 @@ in {
         "NIX_REMOTE": "daemon",
         "dummy_secrets": "true",
       }
+      env_tv = {
+        "LOGNAME": "tv",
+        "NIX_REMOTE": "daemon",
+        "dummy_secrets": "true",
+      }
 
       # prepare nix-shell
       # the dependencies which are used by the test script
@@ -91,6 +96,7 @@ in {
       #                   SSL_CERT_FILE,LOGNAME,NIX_REMOTE
       nixshell = [
         "nix-shell",
+        "-I", "/var/src",
         "-I", "stockholm=.",
         "-p"
       ] + deps + [ "--run" ]
@@ -103,45 +109,31 @@ in {
       build-hosts = ''
         f = util.BuildFactory()
         f.addStep(grab_repo)
-        for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]:
-            addShell(f,name="build-{}".format(i),env=env_shared,
-                command=nixshell + \
-                    ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
-                        make NIX_PATH=$HOME/$LOGNAME test method=build \
-                            target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
-                            system={}".format(i)
-                    ]
+
+        def build_host(env, host):
+            addShell(f,name="build-{}".format(i),env=env,
+                command=nixshell + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
+                      echo $HOME; echo $LOGNAME; \
+                      test -e $HOME/$LOGNAME/nixpkgs || cp -r /var/src/nixpkgs $HOME/$LOGNAME/; \
+                      make NIX_PATH=$HOME/$LOGNAME:secrets=/var/src/stockholm/null test method=build \
+                          target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
+                          system={}".format(host)]
             )
 
+        for i in [ "alnus", "mu", "nomic", "wu", "xu", "zu" ]:
+            build_host(env_tv, i)
+
         for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
-            addShell(f,name="build-{}".format(i),env=env_lass,
-                command=nixshell + \
-                    ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
-                        make NIX_PATH=$HOME/$LOGNAME test method=build \
-                            target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
-                            system={}".format(i)
-                    ]
-            )
+            build_host(env_lass, i)
 
         for i in [ "x", "wry", "vbob", "wbob", "shoney" ]:
-            addShell(f,name="build-{}".format(i),env=env_makefu,
-                command=nixshell + \
-                    ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
-                        make NIX_PATH=$HOME/$LOGNAME test method=build \
-                            target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
-                            system={}".format(i)
-                    ]
-            )
+            build_host(env_makefu, i)
 
         for i in [ "hiawatha", "onondaga" ]:
-            addShell(f,name="build-{}".format(i),env=env_nin,
-                command=nixshell + \
-                    ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
-                        make NIX_PATH=$HOME/$LOGNAME test method=build \
-                            target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
-                            system={}".format(i)
-                    ]
-            )
+            build_host(env_nin, i)
+
+        for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]:
+            build_host(env_shared, i)
 
         bu.append(
             util.BuilderConfig(
@@ -152,63 +144,6 @@ in {
         )
 
       '';
-
-      build-pkgs = ''
-        f = util.BuildFactory()
-        f.addStep(grab_repo)
-        for i in [
-          "apt-cacher-ng",
-          "bepasty-client-cli",
-          "cac-api",
-          "cac-cert",
-          "cac-panel",
-          "charybdis",
-          "collectd-connect-time",
-          "dic",
-          "drivedroid-gen-repo",
-          "exim",
-          "fortclientsslvpn",
-          "get",
-          "git-hooks",
-          "github-hosts-sync",
-          "go",
-          "hashPassword",
-          "haskellPackages.blessings",
-          "haskellPackages.email-header",
-          "haskellPackages.scanner",
-          "haskellPackages.xmonad-stockholm",
-          "krebspaste",
-          "logf",
-          "much",
-          "newsbot-js",
-          "noVNC",
-          "ovh-zone",
-          "passwdqc-utils",
-          "populate",
-          "posix-array",
-          "pssh",
-          "push",
-          "Reaktor",
-          "realwallpaper",
-          "repo-sync",
-          "retiolum-bootstrap",
-          "tarantool",
-          "test",
-          "tinc_graphs",
-          "translate-shell",
-          "urlwatch",
-          "with-tmpdir",
-          "youtube-tools",
-        ]:
-          addShell(f,name="build-{}".format(i),env=env_lass,
-                  command=nixshell + \
-                      ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
-                        make system=prism pkgs.{}".format(i)])
-
-        bu.append(util.BuilderConfig(name="build-pkgs",
-              workernames=workernames,
-              factory=f))
-            '';
     };
     enable = true;
     web.enable = true;
@@ -230,9 +165,6 @@ in {
     username = "testworker";
     password = "lasspass";
     packages = with pkgs; [ gnumake jq nix populate ];
-    extraEnviron = {
-      NIX_PATH="/var/src";
-    };
   };
   config.krebs.iptables = {
     tables = {
diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix
new file mode 100644
index 000000000..56c9a286c
--- /dev/null
+++ b/lass/2configs/ciko.nix
@@ -0,0 +1,23 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+  users.users.ciko = {
+    uid = genid_signed "ciko";
+    description = "acc for ciko";
+    home = "/home/ciko";
+    useDefaultShell = true;
+    createHome = true;
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr"
+    ];
+  };
+  krebs.exim-smarthost = {
+    internet-aliases = [
+      { from = "*@slash16.net"; to = "ciko"; }
+    ];
+    sender_domains = [
+      "slash16.net"
+    ];
+  };
+}
+
diff --git a/lass/2configs/htop.nix b/lass/2configs/htop.nix
index ec86d4120..d9307347e 100644
--- a/lass/2configs/htop.nix
+++ b/lass/2configs/htop.nix
@@ -8,7 +8,6 @@ with import <stockholm/lib>;
     htop = pkgs.symlinkJoin {
       name = "htop";
       paths = [
-        super.htop
         (pkgs.writeDashBin "htop" ''
           export HTOPRC=${pkgs.writeText "htoprc" ''
             fields=0 48 17 18 38 39 40 2 46 47 49 1
@@ -38,6 +37,7 @@ with import <stockholm/lib>;
           ''}
           exec ${super.htop}/bin/htop "$@"
         '')
+        super.htop
       ];
     };
   };
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 5748b6eaf..feb532709 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -116,10 +116,10 @@ let
   mutt = pkgs.symlinkJoin {
     name = "mutt";
     paths = [
-      pkgs.neomutt
       (pkgs.writeDashBin "mutt" ''
         exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@
       '')
+      pkgs.neomutt
     ];
   };
 
diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix
index 62fd52f3f..3bd1852a8 100644
--- a/lass/2configs/mc.nix
+++ b/lass/2configs/mc.nix
@@ -325,7 +325,6 @@ in {
     (pkgs.symlinkJoin {
       name = "mc";
       paths = [
-        pkgs.mc
         (pkgs.writeDashBin "mc" ''
           export MC_DATADIR=${pkgs.writeOut "mc-ext" {
               "/mc.ext".link = mcExt;
@@ -334,6 +333,7 @@ in {
           export TERM=xterm-256color
           exec ${pkgs.mc}/bin/mc -S xoria256 "$@"
         '')
+        pkgs.mc
       ];
     })
   ];
diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix
index c8b590857..04fd9213e 100644
--- a/lass/2configs/mpv.nix
+++ b/lass/2configs/mpv.nix
@@ -10,10 +10,10 @@ let
   mpv = pkgs.symlinkJoin {
     name = "mpv";
     paths = [
-      pkgs.mpv
       (pkgs.writeDashBin "mpv" ''
         exec ${pkgs.mpv}/bin/mpv --no-config --script=${scripts} "$@"
       '')
+      pkgs.mpv
     ];
   };
 
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 1c68d58d5..2adba34bb 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
 {
   krebs.build.source.nixpkgs.git = {
     url = https://cgit.lassul.us/nixpkgs;
-    ref = "0a4db15";
+    ref = "4847963";
   };
 }
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 1e14e31bb..7f531bf3a 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -132,7 +132,10 @@ in {
 
   krebs.Reaktor.playlist = {
     nickname = "the_playlist|r";
-    channels = [ "#the_playlist" ];
+    channels = [
+      "#the_playlist"
+      "#krebs"
+    ];
     extraEnviron = {
       REAKTOR_HOST = "irc.freenode.org";
     };
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index b0d28d4da..aaf311576 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -35,17 +35,16 @@ in {
       "apanowicz.de"
       "nirwanabluete.de"
       "aldonasiech.com"
-      "360gradvideo.tv"
       "ubikmedia.eu"
       "facts.cloud"
       "youthtube.xyz"
       "illucloud.eu"
       "illucloud.de"
       "illucloud.com"
+      "joemisch.com"
       "www.apanowicz.de"
       "www.nirwanabluete.de"
       "www.aldonasiech.com"
-      "www.360gradvideo.tv"
       "www.ubikmedia.eu"
       "www.facts.cloud"
       "www.youthtube.xyz"
@@ -62,7 +61,6 @@ in {
       "karlaskop.ubikmedia.de"
       "nb.ubikmedia.de"
       "youthtube.ubikmedia.de"
-      "joemisch.com"
     ])
   ];
 
diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix
index d1503c8d7..ee3a7bb1b 100644
--- a/makefu/1systems/x.nix
+++ b/makefu/1systems/x.nix
@@ -55,7 +55,7 @@ with import <stockholm/lib>;
       ../2configs/rad1o.nix
 
       # services
-      #../2configs/git/brain-retiolum.nix
+      ../2configs/git/brain-retiolum.nix
       ../2configs/tor.nix
       ../2configs/steam.nix
       # ../2configs/buildbot-standalone.nix
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 0d61e8dee..bcd998826 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -22,7 +22,7 @@ with import <stockholm/lib>;
       user = config.krebs.users.makefu;
       source = let
           inherit (config.krebs.build) host user;
-          ref = "a772c3a"; # unstable @ 2017-05-09 + graceful requests2
+          ref = "7a7c39c"; # unstable @ 2017-05-09 + graceful requests2 + logstash5
       in {
         nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
           {
diff --git a/makefu/2configs/deployment/dirctator.nix b/makefu/2configs/deployment/dirctator.nix
new file mode 100644
index 000000000..b8e61955d
--- /dev/null
+++ b/makefu/2configs/deployment/dirctator.nix
@@ -0,0 +1,30 @@
+{ pkgs, lib, ... }:
+
+with lib;
+let
+  port = 18872;
+  runit = pkgs.writeDash "runit" ''
+    set -xeuf
+    export PULSE_COOKIE=/var/run/pulse/.config/pulse/cookie
+    echo "$@" | sed 's/^dirctator://' | ${pkgs.espeak}/bin/espeak -v mb-de7 2>&1 | tee -a /tmp/speak
+  '';
+in {
+  services.logstash = {
+    package = pkgs.logstash5;
+    enable = true;
+    inputConfig = ''
+      irc {
+        channels => [ "#krebs", "#afra" ]
+        host => "irc.freenode.net"
+        nick => "dirctator"
+      }
+    '';
+    filterConfig = ''
+    '';
+    outputConfig = ''
+      stdout { codec => rubydebug }
+      exec { command => "${runit} '%{message}" }
+    '';
+    plugins = [ ];
+  };
+}
diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix
new file mode 100644
index 000000000..18275e3df
--- /dev/null
+++ b/makefu/2configs/git/brain-retiolum.nix
@@ -0,0 +1,57 @@
+{ config, lib, pkgs, ... }:
+# TODO: remove tv lib :)
+with import <stockholm/lib>;
+let
+
+  repos = krebs-repos;
+  rules = concatMap krebs-rules (attrValues krebs-repos);
+
+  krebs-repos = mapAttrs make-krebs-repo {
+    brain = { };
+  };
+
+
+  make-krebs-repo = with git; name: { cgit ? {}, ... }: {
+    inherit cgit name;
+    public = false;
+    hooks = {
+      post-receive = pkgs.git-hooks.irc-announce {
+        nick = config.networking.hostName;
+        verbose = true;
+        channel = "#retiolum";
+        # TODO remove the hardcoded hostname
+        server = "ni.r";
+      };
+    };
+  };
+
+
+
+  # TODO: get the list of all krebsministers
+  krebsminister = with config.krebs.users; [ lass tv ];
+  krebs-rules = repo:
+    set-owners repo [ config.krebs.users.makefu ] ++ set-ro-access repo krebsminister;
+
+  set-ro-access = with git; repo: user:
+      optional repo.public {
+        inherit user;
+        repo = [ repo ];
+        perm = fetch;
+      };
+
+  set-owners = with git;repo: user:
+      singleton {
+        inherit user;
+        repo = [ repo ];
+        perm = push "refs/*" [ non-fast-forward create delete merge ];
+      };
+
+in {
+  krebs.git = {
+    enable = true;
+    cgit = {
+      enable = false;
+    };
+    inherit repos rules;
+  };
+}