5 files changed, 90 insertions, 11 deletions

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index f336c966f..d24cea1a2 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -20,6 +20,7 @@ let
       ./github-hosts-sync.nix
       ./git.nix
       ./go.nix
+      ./htgen.nix
       ./iptables.nix
       ./kapacitor.nix
       ./monit.nix
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index e226a9060..e00c0ec9b 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -21,10 +21,9 @@ let
         OnCalendar = "*:00,10,20,30,40,50";
       };
     };
-    # TODO find a better default stateDir
     stateDir = mkOption {
       type = types.str;
-      default = "$HOME/wallpaper";
+      default = "/var/lib/wallpaper";
     };
     display = mkOption {
       type = types.str;
@@ -52,27 +51,35 @@ let
     mkdir -p ${cfg.stateDir}
     cd ${cfg.stateDir}
     (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || :
-    feh --no-fehbg --bg-scale wallpaper
+    feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
   '';
 
   imp = {
-    systemd.user.timers.fetchWallpaper = {
+    users.users.fetchWallpaper = {
+      name = "fetchWallpaper";
+      uid = genid "fetchWallpaper";
+      description = "fetchWallpaper user";
+      home = cfg.stateDir;
+      createHome = true;
+    };
+
+    systemd.timers.fetchWallpaper = {
       description = "fetch wallpaper timer";
       wantedBy = [ "timers.target" ];
 
       timerConfig = cfg.timerConfig;
     };
-    systemd.user.services.fetchWallpaper = {
+    systemd.services.fetchWallpaper = {
       description = "fetch wallpaper";
-      wantedBy = [ "default.target" ];
+      after = [ "network.target" ];
 
       path = with pkgs; [
         curl
         feh
-        coreutils
       ];
 
       environment = {
+        URL = cfg.url;
         DISPLAY = cfg.display;
       };
       restartIfChanged = true;
@@ -80,6 +87,7 @@ let
       serviceConfig = {
         Type = "simple";
         ExecStart = fetchWallpaperScript;
+        User = "fetchWallpaper";
       };
 
       unitConfig = cfg.unitConfig;
diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix
new file mode 100644
index 000000000..0dddca6c8
--- /dev/null
+++ b/krebs/3modules/htgen.nix
@@ -0,0 +1,68 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+  cfg = config.krebs.htgen;
+
+  out = {
+    options.krebs.htgen = api;
+    config = imp;
+  };
+
+  api = mkOption {
+    default = {};
+    type = types.attrsOf (types.submodule ({ config, ... }: {
+      options = {
+        enable = mkEnableOption "krebs.htgen-${config.name}";
+
+        name = mkOption {
+          type = types.username;
+          default = config._module.args.name;
+        };
+
+        port = mkOption {
+          type = types.uint;
+        };
+
+        script = mkOption {
+          type = types.str;
+        };
+        user = mkOption {
+          type = types.user;
+          default = {
+            name = "htgen-${config.name}";
+            home = "/var/lib/htgen-${config.name}";
+          };
+        };
+      };
+    }));
+  };
+  imp = {
+
+    systemd.services = mapAttrs' (name: htgen:
+      nameValuePair "htgen-${name}" {
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+        environment = {
+          HTGEN_PORT = toString htgen.port;
+          HTGEN_SCRIPT = htgen.script;
+        };
+        serviceConfig = {
+          SyslogIdentifier = "htgen";
+          User = htgen.user.name;
+          PrivateTmp = true;
+          Restart = "always";
+          ExecStart = "${pkgs.htgen}/bin/htgen --serve";
+        };
+      }
+    ) cfg;
+
+    users.users = mapAttrs' (name: htgen:
+      nameValuePair htgen.user.name {
+        inherit (htgen.user) home name uid;
+        createHome = true;
+      }
+    ) cfg;
+
+  };
+in out
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index 09b493c20..d64ed86de 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -68,8 +68,8 @@ let
     networking.firewall.enable = false;
 
     systemd.services.krebs-iptables = {
-      description = "krebs-iptables";
-      wantedBy = [ "network-pre.target" ];
+      wantedBy = [ "sysinit.target" ];
+      wants = [ "network-pre.target" ];
       before = [ "network-pre.target" ];
       after = [ "systemd-modules-load.service" ];
 
@@ -85,6 +85,8 @@ let
         Restart = "always";
         ExecStart = startScript;
       };
+
+      unitConfig.DefaultDependencies = false;
     };
   };
 
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index d44c322aa..3f00f30c2 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -224,8 +224,8 @@ with import <stockholm/lib>;
         internet = {
           ip4.addr = "188.68.36.196";
           aliases = [
-            "cgit.ni.i"
             "ni.i"
+            "cgit.ni.i"
           ];
           ssh.port = 11423;
         };
@@ -360,8 +360,8 @@ with import <stockholm/lib>;
         gg23 = {
           ip4.addr = "10.23.1.38";
           aliases = [
-            "cache.xu.gg23"
             "xu.gg23"
+            "cache.xu.gg23"
           ];
           ssh.port = 11423;
         };