17 files changed, 270 insertions, 4 deletions
diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
index aab568352..1a0999b8d 100644
--- a/krebs/3modules/nin/default.nix
+++ b/krebs/3modules/nin/default.nix
@@ -32,6 +32,47 @@ with import <stockholm/lib>;
       ssh.privkey.path = <secrets/ssh.id_ed25519>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
     };
+     axon= {
+      cores = 2;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.134.66";
+          ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
+          aliases = [
+            "axon.retiolum"
+            "axon.r"
+          ];
+          tinc.pubkey = ''
+          -----BEGIN RSA PUBLIC KEY-----
+          MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
+          glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
+          KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
+          L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
+          VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
+          PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
+          X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
+          m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
+          OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
+          LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
+          /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
+          MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
+          7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
+          ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
+          1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
+          29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
+          4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
+          FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
+          buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
+          hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
+          yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
+          ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
+          -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
+    };
     onondaga = {
       cores = 1;
       nets = {
@@ -63,6 +104,10 @@ with import <stockholm/lib>;
   };
   users = {
     nin = {
+      mail = "nin@axon.retiolum";
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
+    };
+    nin_h = {
       mail = "nin@hiawatha.retiolum";
       pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
     };
diff --git a/krebs/source.nix b/krebs/source.nix
index 8fbdce284..b952aa2a2 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -17,6 +17,6 @@ in
     stockholm.file = toString <stockholm>;
     nixpkgs.git = {
       url = https://github.com/NixOS/nixpkgs;
-      ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13
+      ref = "0b30c1dd4c638e318957fc6a9198cf2429e38cb5"; # nixos-17.09 @ 2018-01-04
     };
   }
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index ad133802f..8c7c39a6f 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -30,6 +30,7 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/otp-ssh.nix>
     <stockholm/lass/2configs/c-base.nix>
     <stockholm/lass/2configs/br.nix>
+    <stockholm/lass/2configs/ableton.nix>
     {
       #risk of rain port
       krebs.iptables.tables.filter.INPUT.rules = [
diff --git a/lass/2configs/ableton.nix b/lass/2configs/ableton.nix
new file mode 100644
index 000000000..9d6f481b0
--- /dev/null
+++ b/lass/2configs/ableton.nix
@@ -0,0 +1,20 @@
+{ config, pkgs, ... }: let
+  mainUser = config.users.extraUsers.mainUser;
+in {
+  users.users= {
+    ableton = {
+      isNormalUser = true;
+      extraGroups = [
+        "audio"
+        "video"
+      ];
+      packages = [
+        pkgs.wine
+        pkgs.winetricks
+      ];
+    };
+  };
+  security.sudo.extraConfig = ''
+    ${mainUser.name} ALL=(ableton) NOPASSWD: ALL
+  '';
+}
diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix
index 537c8a59b..c3d07d5fe 100644
--- a/lass/2configs/security-workarounds.nix
+++ b/lass/2configs/security-workarounds.nix
@@ -5,4 +5,6 @@ with import <stockholm/lib>;
   boot.extraModprobeConfig = ''
     install dccp /run/current-system/sw/bin/false
   '';
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
 }
diff --git a/lass/source.nix b/lass/source.nix
index 473dd2cf2..a6314694c 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
         url = https://github.com/nixos/nixpkgs;
-        ref = "3aec59c";
+        ref = "0b30c1d";
       };
       secrets = getAttr builder {
         buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 25f9f63bf..0a89d2023 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -11,6 +11,9 @@ with import <stockholm/lib>;
     ./vim.nix
     ./binary-cache/nixos.nix
   ];
+
+  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+
   programs.command-not-found.enable = false;
   nixpkgs.config.allowUnfreePredicate =  (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
   krebs = {
diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix
index 1ac22e34c..2bb438f16 100644
--- a/makefu/2configs/tools/all.nix
+++ b/makefu/2configs/tools/all.nix
@@ -1,6 +1,7 @@
 {
   imports = [
     ./android-pentest.nix
+    ./consoles.nix
     ./core.nix
     ./core-gui.nix
     ./dev.nix
diff --git a/makefu/2configs/tools/consoles.nix b/makefu/2configs/tools/consoles.nix
new file mode 100644
index 000000000..543215adf
--- /dev/null
+++ b/makefu/2configs/tools/consoles.nix
@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+  users.users.makefu.packages = with pkgs; [
+    opl-utils
+    hdl-dump
+    bin2iso
+  ];
+}
diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index 04a65df26..b652241bd 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -21,6 +21,9 @@
     gen-oath-safe
     cdrtools
     stockholm
+    # nix related
+    nix-repl
+    nix-index
     # git-related
     tig
   ];
diff --git a/makefu/5pkgs/hdl-dump/default.nix b/makefu/5pkgs/hdl-dump/default.nix
new file mode 100644
index 000000000..bd454223a
--- /dev/null
+++ b/makefu/5pkgs/hdl-dump/default.nix
@@ -0,0 +1,33 @@
+{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }:
+stdenv.mkDerivation rec {
+  pname = "hdl-dump";
+  version = "75df8d7";
+  name = "${pname}-${version}";
+
+  src = fetchFromGitHub {
+    owner = "AKuHAK";
+    repo = "hdl-dump";
+    rev = version;
+    sha256 = "10jjr6p5yn0c182x17m7q68jmf8gizcny7wjxw7z5yh0fv5s48z4";
+  };
+
+  buildInputs = [ upx wine ];
+
+  makeFlags = [ "RELEASE=yes" ];
+
+  # uses wine, currently broken
+  #postBuild = ''
+  #  make -C gui
+  #'';
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp hdl_dump $out/bin
+  '';
+
+  meta = {
+    homepage = https://github.com/AKuHAK/hdl-dump ;
+    description = "copy isos to psx hdd";
+    license = lib.licenses.gpl2;
+  };
+}
diff --git a/makefu/5pkgs/opl-utils/default.nix b/makefu/5pkgs/opl-utils/default.nix
new file mode 100644
index 000000000..f4430f333
--- /dev/null
+++ b/makefu/5pkgs/opl-utils/default.nix
@@ -0,0 +1,27 @@
+{ stdenv, lib, pkgs, fetchFromGitHub }:
+stdenv.mkDerivation rec {
+  pname = "opl-utils";
+  version = "881c0d2";
+  name = "${pname}-${version}";
+
+  src = fetchFromGitHub {
+    owner = "ifcaro";
+    repo = "open-ps2-loader";
+    rev = version;
+    sha256 = "1c2hgbyp5hymyq60mrk7g0m3gi00wqx165pdwwwb740q0qig07d1";
+  };
+
+
+  preBuild = "cd pc/";
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp */bin/* $out/bin
+  '';
+
+  meta = {
+    homepage = https://github.com/ifcaro/Open-PS2-Loader;
+    description = "open-ps2-loader utils (opl2iso,iso2opl,genvmc)";
+    license = lib.licenses.afl3;
+  };
+}
diff --git a/makefu/source.nix b/makefu/source.nix
index fde1d9680..ccdc7b9f0 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -13,7 +13,7 @@ let
               then "buildbot"
               else "makefu";
   _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
-  ref = "3874de4"; # unstable @ 2017-12-08
+  ref = "475bec2"; # unstable @ 2017-08-04
                    # + do_sqlite3 ruby: 55a952be5b5
 
 in
diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix
new file mode 100644
index 000000000..c5f38c1f3
--- /dev/null
+++ b/nin/1systems/axon/config.nix
@@ -0,0 +1,117 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+  imports = [
+    <stockholm/nin>
+    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    #../2configs/copyq.nix
+    <stockholm/nin/2configs/games.nix>
+    <stockholm/nin/2configs/git.nix>
+    <stockholm/nin/2configs/retiolum.nix>
+    <stockholm/nin/2configs/termite.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.axon;
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/pool/root";
+      fsType = "ext4";
+    };
+
+  fileSystems."/tmp" =
+    { device = "tmpfs";
+      fsType = "tmpfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/sda1";
+      fsType = "ext2";
+    };
+
+  boot.initrd.luks.devices.crypted.device = "/dev/sda2";
+  boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 4;
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  # Define on which hard drive you want to install Grub.
+  boot.loader.grub.device = "/dev/sda";
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # nin config
+  time.timeZone = "Europe/Berlin";
+  services.xserver.enable = true;
+
+  networking.networkmanager.enable = true;
+  #networking.wireless.enable = true;
+
+  hardware.pulseaudio = {
+    enable = true;
+    systemWide = true;
+  };
+
+  hardware.bluetooth.enable = true;
+
+  hardware.opengl.driSupport32Bit = true;
+
+  #nixpkgs.config.steam.java = true;
+
+  environment.systemPackages = with pkgs; [
+    firefox
+    git
+    lmms
+    networkmanagerapplet
+    python
+    steam
+    thunderbird
+    vim
+    virtmanager
+  ];
+
+  nixpkgs.config = {
+
+    allowUnfree = true;
+
+  };
+
+  #services.logind.extraConfig = "HandleLidSwitch=ignore";
+
+  services.xserver.synaptics = {
+    enable = true;
+  };
+
+
+  services.xserver.desktopManager.xfce = let
+    xbindConfig = pkgs.writeText "xbindkeysrc" ''
+      "${pkgs.pass}/bin/passmenu --type"
+        Control + p
+  '';
+  in {
+    enable = true;
+      extraSessionCommands = ''
+      ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig}
+    '';
+  };
+
+ # The NixOS release to be compatible with for stateful data such as databases.
+  system.stateVersion = "17.03";
+
+}
diff --git a/nin/1systems/axon/source.nix b/nin/1systems/axon/source.nix
new file mode 100644
index 000000000..6a40296da
--- /dev/null
+++ b/nin/1systems/axon/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/nin/source.nix> {
+  name = "axon";
+  secure = true;
+}
diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix
index d7b89c80c..62f499a2d 100644
--- a/nin/2configs/default.nix
+++ b/nin/2configs/default.nix
@@ -16,6 +16,7 @@ with import <stockholm/lib>;
         root = {
           openssh.authorizedKeys.keys = [
             config.krebs.users.nin.pubkey
+            config.krebs.users.nin_h.pubkey
           ];
         };
         nin = {
@@ -31,6 +32,7 @@ with import <stockholm/lib>;
           ];
           openssh.authorizedKeys.keys = [
             config.krebs.users.nin.pubkey
+            config.krebs.users.nin_h.pubkey
           ];
         };
       };
diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix
index 2a8604689..9ebbaabd2 100644
--- a/nin/2configs/git.nix
+++ b/nin/2configs/git.nix
@@ -53,7 +53,7 @@ let
     with git // config.krebs.users;
     repo:
       singleton {
-        user = [ nin ];
+        user = [ nin nin_h ];
         repo = [ repo ];
         perm = push "refs/*" [ non-fast-forward create delete merge ];
       } ++