16 files changed, 147 insertions, 111 deletions

diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 651b9a3c6..650344981 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -427,7 +427,7 @@ with import <stockholm/lib>;
     };
 
     gum = rec {
-      cores = 1;
+      cores = 2;
 
       extraZones = {
         "krebsco.de" = ''
@@ -448,7 +448,7 @@ with import <stockholm/lib>;
       };
       nets = rec {
         internet = {
-          ip4.addr = "195.154.108.70";
+          ip4.addr = "188.68.40.19";
           aliases = [
             "gum.i"
           ];
@@ -456,7 +456,7 @@ with import <stockholm/lib>;
         retiolum = {
           via = internet;
           ip4.addr = "10.243.0.211";
-          # ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
+          ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
           aliases = [
             "gum.r"
             "cgit.gum.r"
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 95d092822..93ca8f643 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -2,23 +2,32 @@
 
 with import <stockholm/lib>;
 let
+  external-mac = "3a:66:48:8e:82:b2";
   external-ip = config.krebs.build.host.nets.internet.ip4.addr;
+  external-gw = "188.68.40.1";
+  external-netmask = 22;
   internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+  main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
 in {
   imports = [
       ../.
+       <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
       ../2configs/headless.nix
-      ../2configs/fs/simple-swap.nix
       ../2configs/fs/single-partition-ext4.nix
       ../2configs/smart-monitor.nix
       ../2configs/git/cgit-retiolum.nix
       ../2configs/backup.nix
       # ../2configs/mattermost-docker.nix
-      ../2configs/disable_v6.nix
+      # ../2configs/disable_v6.nix
       ../2configs/exim-retiolum.nix
       ../2configs/tinc/retiolum.nix
       ../2configs/urlwatch.nix
 
+      # Tools
+      ../2configs/tools/core.nix
+      ../2configs/tools/dev.nix
+      ../2configs/tools/sec.nix
+
       # services
       ../2configs/gum-share.nix
       ../2configs/sabnzbd.nix
@@ -46,7 +55,7 @@ in {
       # ../2configs/logging/central-logging-client.nix
 
   ];
-  services.smartd.devices = [ { device = "/dev/sda";} ];
+  services.smartd.devices = [ { device = main-disk;} ];
   makefu.dl-dir = "/var/download";
 
 
@@ -83,16 +92,15 @@ in {
     get
   ];
   services.bitlbee.enable = true;
-  systemd.services.bitlbee.environment.BITLBEE_DEBUG="1";
 
   # Hardware
-  boot.loader.grub.device = "/dev/sda";
-  boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ];
+  boot.loader.grub.device = main-disk;
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
   boot.kernelModules = [ "kvm-intel" ];
 
   # Network
   services.udev.extraRules = ''
-    SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
+    SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="et0"
   '';
   boot.kernelParams = [ ];
   networking = {
@@ -124,9 +132,9 @@ in {
     };
     interfaces.et0.ip4 = [{
       address = external-ip;
-      prefixLength = 24;
+      prefixLength = external-netmask;
     }];
-    defaultGateway = "195.154.108.1";
+    defaultGateway = external-gw;
     nameservers = [ "8.8.8.8" ];
   };
 
diff --git a/makefu/1systems/iso.nix b/makefu/1systems/iso.nix
new file mode 100644
index 000000000..ee1046f79
--- /dev/null
+++ b/makefu/1systems/iso.nix
@@ -0,0 +1,50 @@
+{ config, pkgs, lib, ... }:
+
+with import <stockholm/lib>;
+{
+  imports = [
+    ../.
+    <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
+    <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
+    ../2configs/tools/core.nix
+  ];
+  # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
+  # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
+  krebs.build.host = config.krebs.hosts.iso;
+  krebs.hidden-ssh.enable = true;
+  environment.systemPackages = with pkgs; [
+    aria2
+    ddrescue
+  ];
+  environment.extraInit = ''
+    EDITOR=vim
+  '';
+  # iso-specific
+  boot.kernelParams = [ "copytoram" ];
+  services.openssh = {
+    enable = true;
+    hostKeys = [
+      { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+    ];
+  };
+  # enable ssh in the iso boot process
+  systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
+  # hack `tee` behavior
+  nixpkgs.config.packageOverrides = super: {
+    irc-announce = super.callPackage <stockholm/krebs/5pkgs/irc-announce> {
+      pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [
+        pkgs.coreutils
+        (pkgs.writeDashBin "tee" ''
+          if test "$1" = /dev/stderr; then
+            while read -r line; do
+              echo "$line"
+              echo "$line" >&2
+            done
+          else
+            ${super.coreutils}/bin/tee "$@"
+          fi
+        '')
+      ];};
+    };
+  };
+}
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index ff34ee843..91785a078 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -55,7 +55,10 @@ in {
       ../2configs/logging/central-stats-server.nix
       # ../2configs/logging/central-logging-server.nix
       ../2configs/logging/central-stats-client.nix
+
+      # services
       ../2configs/syncthing.nix
+      ../2configs/mqtt.nix
       # ../2configs/logging/central-logging-client.nix
 
       # ../2configs/torrent.nix
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 0865c3a31..6cc891047 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -4,7 +4,7 @@ with import <stockholm/lib>;
 {
   imports = [
     {
-      users.extraUsers =
+      users.users =
         mapAttrs (_: h: { hashedPassword = h; })
                  (import <secrets/hashedPasswords.nix>);
     }
@@ -134,6 +134,7 @@ with import <stockholm/lib>;
   };
 
   environment.shellAliases = {
+    # TODO: see .aliases
     lsl = "ls -lAtr";
     psg = "ps -ef | grep";
     nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix
new file mode 100644
index 000000000..39c9fdfdd
--- /dev/null
+++ b/makefu/2configs/mqtt.nix
@@ -0,0 +1,9 @@
+{ ... }:
+{
+  services.mosquitto = {
+    enable = true;
+    host = "0.0.0.0";
+    users = {};
+    allowAnonymous = true;
+  };
+}
diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix
index 0538647ae..f409b68a2 100644
--- a/makefu/2configs/tools/core-gui.nix
+++ b/makefu/2configs/tools/core-gui.nix
@@ -20,5 +20,6 @@
     xdotool
     xorg.xbacklight
     scrot
+    wireshark
   ];
 }
diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix
index 6ae2951eb..8a15ae2e7 100644
--- a/makefu/2configs/tools/core.nix
+++ b/makefu/2configs/tools/core.nix
@@ -12,11 +12,11 @@
     rsync
     exif
     file
+    # fs
     ntfs3g
+    dosfstools
     pv
-    proot
     sshpass
-    populate
     usbutils
     p7zip
     hdparm
@@ -27,21 +27,30 @@
     sysstat
     which
     weechat
-    curl
-    wget
     wol
     tmux
+    iftop
+    mkpasswd
+    # storage
     smartmontools
     cifs-utils
-    iftop
-    taskwarrior
-    mplayer
+    # net
+    wget
+    curl
 
-    cac-api
-    cac-panel
+    # stockholm
+    git
+    gnumake
+    jq
+    parallel
+    proot
+    populate
+
+    rxvt_unicode.terminfo
     krebspaste
-    krebszones
-    ledger
+
+    # TODO:
+    taskwarrior
     pass
   ];
 }
diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index 8acc25fcc..8e4e3270d 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -2,9 +2,15 @@
 
 {
   krebs.per-user.makefu.packages = with pkgs;[
-    nodemcu-uploader
-    esptool
     python35Packages.virtualenv
+    # embedded
     flashrom
+    mosquitto
+    libcoap
+    nodemcu-uploader
+    esptool
+    cac-api
+    cac-panel
+    krebszones
   ];
 }
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index 596734dd5..56cdccd1f 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -2,12 +2,13 @@
 
 {
   krebs.per-user.makefu.packages = with pkgs;[
-    inkscape
     gimp
+    inkscape
     libreoffice
+    saleae-logic
     skype
-    virtmanager
     synergy
-    saleae-logic
+    tdesktop
+    virtmanager
   ];
 }
diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix
index 4fc3413e8..4de2b545e 100644
--- a/makefu/2configs/tools/media.nix
+++ b/makefu/2configs/tools/media.nix
@@ -8,5 +8,6 @@
     calibre
     vlc
     mumble
+    mplayer
   ];
 }
diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix
index e53d9ee8e..5fb9a5fc8 100644
--- a/makefu/2configs/tools/sec.nix
+++ b/makefu/2configs/tools/sec.nix
@@ -11,6 +11,7 @@
     nmap
     msf
     thc-hydra
-    wireshark
+    borgbackup
+    ledger
   ];
 }
diff --git a/makefu/5pkgs/f3/default.nix b/makefu/5pkgs/f3/default.nix
deleted file mode 100644
index e7f20b1e6..000000000
--- a/makefu/5pkgs/f3/default.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ stdenv, fetchFromGitHub }:
-
-stdenv.mkDerivation rec {
-  name = "f3-${version}";
-  version = "6.0";
-
-  enableParallelBuilding = true;
-
-  src = fetchFromGitHub {
-    owner = "AltraMayor";
-    repo = "f3";
-    rev = "v${version}";
-    sha256 = "1azi10ba0h9z7m0gmfnyymmfqb8380k9za8hn1rrw1s442hzgnz2";
-  };
-
-  makeFlags = [ "PREFIX=$(out)" ];
-  patchPhase = "sed -i 's/-oroot -groot//' Makefile";
-
-  meta = {
-    description = "Fight Flash Fraud";
-    homepage = http://oss.digirati.com.br/f3/;
-    license = stdenv.lib.licenses.gpl2;
-    platforms = stdenv.lib.platforms.linux;
-    maintainers = with stdenv.lib.maintainers; [ makefu ];
-  };
-}
diff --git a/makefu/5pkgs/libcoap/default.nix b/makefu/5pkgs/libcoap/default.nix
new file mode 100644
index 000000000..7e8d03edd
--- /dev/null
+++ b/makefu/5pkgs/libcoap/default.nix
@@ -0,0 +1,27 @@
+{ lib, stdenv, fetchFromGitHub, autoreconfHook, autoconf-archive, pkgconfig,
+gettext, asciidoc, doxygen, libxml2, libxslt, docbook_xsl, ... }:
+stdenv.mkDerivation rec {
+  name = "libcoap-${version}";
+  version = "4.1.2";
+
+  src = fetchFromGitHub {
+    owner = "obgm";
+    repo = "libcoap";
+    rev = "v${version}";
+    sha256 = "0f0qq15480ja1s03vn8lzw4b3mzdgy46hng4aigi6i6qbzf29kf5";
+  };
+
+  patchPhase = ''
+    sed -i 's/$(A2X)/& --no-xmllint/' examples/Makefile.am
+  '';
+  buildInputs = [ gettext asciidoc doxygen libxml2.bin libxslt docbook_xsl];
+  nativeBuildInputs = [ autoreconfHook  autoconf-archive pkgconfig ];
+
+  meta = {
+    description = "";
+    homepage = http://coap.technology;
+    license = stdenv.lib.licenses.gpl2;
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = with stdenv.lib.maintainers; [ makefu ];
+  };
+}
diff --git a/makefu/5pkgs/mergerfs/default.nix b/makefu/5pkgs/mergerfs/default.nix
deleted file mode 100644
index cfb7b0ae7..000000000
--- a/makefu/5pkgs/mergerfs/default.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ stdenv, fetchgit, fuse, pkgconfig, which, attr, pandoc, git }:
-
-stdenv.mkDerivation rec {
-  name = "mergerfs-${version}";
-  version = "2.16.1";
-
-  # not using fetchFromGitHub because of changelog being built with git log
-  src = fetchgit {
-    url = "https://github.com/trapexit/mergerfs";
-    rev = "refs/tags/${version}";
-    sha256 = "12fqgk54fnnibqiq82p4g2k6qnw3iy6dd64csmlf73yi67za5iwf";
-    deepClone = true;
-  };
-
-  buildInputs = [ fuse pkgconfig which attr pandoc git ];
-
-  makeFlags = [ "PREFIX=$(out)" "XATTR_AVAILABLE=1" ];
-
-
-  meta = {
-    homepage = https://github.com/trapexit/mergerfs;
-    description = "a FUSE based union filesystem";
-    license = stdenv.lib.licenses.isc;
-    maintainers = [ stdenv.lib.maintainers.makefu ];
-  };
-}
diff --git a/makefu/5pkgs/ps3netsrv/default.nix b/makefu/5pkgs/ps3netsrv/default.nix
deleted file mode 100644
index f62ee0c9a..000000000
--- a/makefu/5pkgs/ps3netsrv/default.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ stdenv, fetchgit, clang, makeWrapper, gnugrep }:
-
-stdenv.mkDerivation rec {
-  name = "ps3netsrv-${version}";
-  version = "1.1.0";
-
-  enableParallelBuilding = true;
-
-  src = fetchgit {
-    url = "https://github.com/dirkvdb/ps3netsrv--";
-    fetchSubmodules = true;
-    rev = "e54a66cbf142b86e2cffc1701984b95adb921e81"; # latest @ 2016-05-24
-    sha256 = "09hvmfzqy2jckpsml0z1gkcnar8sigmgs1q66k718fph2d3g54sa";
-  };
-
-  nativeBuildInputs = [ gnugrep ];
-  buildPhase = "make CXX=g++";
-  installPhase = ''
-    mkdir -p $out/bin
-    cp ps3netsrv++ $out/bin
-  '';
-  meta = {
-    description = "C++ implementation of the ps3netsrv server";
-    homepage = https://github.com/dirkvdb/ps3netsrv--;
-    license = stdenv.lib.licenses.mit;
-    platforms = stdenv.lib.platforms.linux;
-    maintainers = with stdenv.lib.maintainers; [ makefu ];
-  };
-}