8 files changed, 172 insertions, 10 deletions

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index a38d2b227..9af42acc9 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -28,6 +28,7 @@ let
       ./on-failure.nix
       ./os-release.nix
       ./per-user.nix
+      ./power-action.nix
       ./Reaktor.nix
       ./realwallpaper.nix
       ./retiolum-bootstrap.nix
@@ -91,6 +92,7 @@ let
   imp = lib.mkMerge [
     { krebs = import ./lass   { inherit config lib; }; }
     { krebs = import ./makefu { inherit config lib; }; }
+    { krebs = import ./mv     { inherit config lib; }; }
     { krebs = import ./shared { inherit config lib; }; }
     { krebs = import ./tv     { inherit config lib; }; }
     {
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index aba6ee0b5..cfe2e5f04 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -2,6 +2,7 @@
 
 with config.krebs.lib;
 let
+  indent = replaceChars ["\n"] ["\n  "];
   cfg = config.krebs.exim-smarthost;
 
   out = {
@@ -12,6 +13,11 @@ let
   api = {
     enable = mkEnableOption "krebs.exim-smarthost";
 
+    authenticators = mkOption {
+      type = types.attrsOf types.str;
+      default = {};
+    };
+
     dkim = mkOption {
       type = types.listOf (types.submodule ({ config, ... }: {
         options = {
@@ -80,6 +86,16 @@ let
       default = [];
     };
 
+    ssl_cert = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+    };
+
+    ssl_key = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+    };
+
     system-aliases = mkOption {
       type = types.listOf (types.submodule ({
         options = {
@@ -136,7 +152,9 @@ let
         syslog_timestamp = false
         syslog_duplication = false
 
-        tls_advertise_hosts =
+        ${optionalString (cfg.ssl_cert != null) "tls_certificate = ${cfg.ssl_cert}"}
+        ${optionalString (cfg.ssl_key != null) "tls_privatekey = ${cfg.ssl_key}"}
+        tls_advertise_hosts =${optionalString (cfg.ssl_cert != null) " *"}
 
         begin acl
 
@@ -257,6 +275,10 @@ let
 
         begin rewrite
         begin authenticators
+        ${concatStringsSep "\n" (mapAttrsToList (name: text: ''
+        ${name}:
+          ${indent text}
+        '') cfg.authenticators)}
       '';
     };
   };
diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix
new file mode 100644
index 000000000..dc47d8983
--- /dev/null
+++ b/krebs/3modules/mv/default.nix
@@ -0,0 +1,41 @@
+{ config, ... }:
+
+with config.krebs.lib;
+
+{
+  hosts = mapAttrs (_: setAttr "owner" config.krebs.users.mv) {
+    stro = {
+      cores = 4;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.111.111";
+          ip6.addr = "42:0:0:0:0:0:111:111";
+          aliases = [
+            "stro.r"
+            "cgit.stro.r"
+            "stro.retiolum"
+            "cgit.stro.retiolum"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEA0vIzLyoetOyi3R7qOh3gjSvUVjPEdqCvd0NEevDCIhhFy0nIbZ/b
+            vnuk3EUeTb6e384J8fKB4agig0JeR3JjtDvtjy5g9Cdy2nrU71w8wqU0etmv2PTb
+            FjbCFfeBXn0N3U7gXwjZGCvjAXa1a4jGb4R2iYBYGG3aY4reCN8B8Ah81h+S0oLg
+            ZJJfaBmWM5vNRFEI5X4CLaVnwtsoZuXIjYStgNn/9Mg/Y6NQS0H0H+HFeyhigAqG
+            oYGqNar/2QqPU176V/FwrD30F3qJV1uyzuPta7hmdfOxqYjZ/jqdPSRYtlunYYcq
+            XbH5oYmzO9NEeVWzjdac/DiV2OP8HufoYwIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+      ssh.privkey.path = <secrets/ssh.ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro";
+    };
+  };
+  users = {
+    mv = {
+      mail = "mv@stro.r";
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfMqkfXsGRaXJ86Pi5svAx4508ij5kc4cMLGwr1CLvFI5G7EHggiHMZYooibmkZimBF1PvLM1lOdoptJ4nSmc3UGuQaeV9BpZ1dNXexc8wOmVPKzAHYZG/2upcV/xVZQ9lk3UOmDym6fDUXThMx4nXdhOjScgWpKp7+0N3JRCf2UHusZjWFGlhE9l4irLFHCwlZeBQ16DNF4fc03vsfZBB1ZrGGZlaVpkcY+FTC3sm8R0iF5QGaq8PgltJoCNnp3L1g3Yn7Elva7kCHjZfJC1pu5icV8vZMNptPn1b10gPsNwb302FCjvZohzRcMo39L2gwdNWQmflYfYk+NPY9EgqkLtSvZJywYu8oTVLeYBAp0ZGzJR4+uIH9at/WQF499HFMxpF4uwYiQweUcPiHrrOqI5zLQoOvqh9Jv0UMsnFynNrszbCTgwzeW8bcvv8ILcjE9of8GXRCrlIMvt7Z9q8xrb5j1RhKscvusyyNOAL+HMZl6jgSxUBDtzRqPZ62QHJsBEBdRXdJRQLGeHNW9kGPrh/tiKGucuT3/HZC+2Rcemxt3RVT60+lHkghrMLi0/VOWBUKL9J94UK5xIE4Gb3RTW9DcNK53U4ql+N4ORSSEuhk3Rqzx3Bzv7AXpLKQCFKdB7tjxzGN7sCQM3PBUUo6Tk0VG2cIKOjzTRnDJlb7Q== mv@stro";
+    };
+  };
+}
diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix
index 25dfb5d6a..214f55018 100644
--- a/krebs/3modules/nginx.nix
+++ b/krebs/3modules/nginx.nix
@@ -31,12 +31,10 @@ let
         options = {
           server-names = mkOption {
             type = with types; listOf str;
-            # TODO use identity
-            default = [
-              "${config.networking.hostName}"
-              "${config.networking.hostName}.r"
-              "${config.networking.hostName}.retiolum"
-            ];
+            default =
+              [config.krebs.build.host.name] ++
+              concatMap (getAttr "aliases")
+                        (attrValues config.krebs.build.host.nets);
           };
           listen = mkOption {
             type = with types; either str (listOf str);
diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix
new file mode 100644
index 000000000..4c2533eb7
--- /dev/null
+++ b/krebs/3modules/power-action.nix
@@ -0,0 +1,97 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+let
+  cfg = config.krebs.power-action;
+
+  out = {
+    options.krebs.power-action = api;
+    config = lib.mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "power-action";
+    battery = mkOption {
+      type = types.str;
+      default = "BAT0";
+    };
+    user = mkOption {
+      type = types.user;
+      default = {
+        name = "power-action";
+      };
+    };
+    startAt = mkOption {
+      type = types.str;
+      default = "*:0/1";
+    };
+    plans = mkOption {
+      type = with types; attrsOf (submodule {
+        options = {
+          charging = mkOption {
+            type = nullOr bool;
+            default = null;
+            description = ''
+              check for charging status.
+              null = don't care
+              true = only if system is charging
+              false = only if system is discharging
+            '';
+          };
+          upperLimit = mkOption {
+            type = int;
+          };
+          lowerLimit = mkOption {
+            type = int;
+          };
+          action = mkOption {
+            type = path;
+          };
+        };
+      });
+    };
+  };
+
+  imp = {
+    systemd.services.power-action = {
+      serviceConfig = rec {
+        ExecStart = startScript;
+        User = cfg.user.name;
+      };
+      startAt = cfg.startAt;
+    };
+    users.users.${cfg.user.name} = {
+      inherit (cfg.user) name uid;
+    };
+  };
+
+  startScript = pkgs.writeDash "power-action" ''
+    set -euf
+
+    power="$(${powerlvl})"
+    state="$(${state})"
+    ${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)}
+  '';
+  charging_check = plan:
+    if (plan.charging == null) then "" else
+      if plan.charging
+        then ''&& [ "$state" = "true" ]''
+        else ''&& ! [ "$state" = "true" ]''
+    ;
+
+  writeRule = _: plan:
+    "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi";
+
+  powerlvl = pkgs.writeDash "powerlvl" ''
+    cat /sys/class/power_supply/${cfg.battery}/capacity
+  '';
+
+  state = pkgs.writeDash "state" ''
+    if [ "$(cat /sys/class/power_supply/${cfg.battery}/status)" = "Discharging" ]
+      then echo "false"
+      else echo "true"
+    fi
+  '';
+
+in out
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index d04f1cab2..a933cbddb 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -418,7 +418,7 @@ with config.krebs.lib;
     dv = {
       mail = "dv@alnus.r";
     };
-    mv = {
+    mv-cd = {
       mail = "mv@cd.r";
       pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";
     };
diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix
index 296748333..f62c033bd 100644
--- a/krebs/4lib/default.nix
+++ b/krebs/4lib/default.nix
@@ -33,6 +33,7 @@ let out = rec {
   dir.has-default-nix = path: pathExists (path + "/default.nix");
 
   genid = import ./genid.nix { lib = lib // out; };
+  genid_signed = x: ((genid x) + 16777216) / 2;
   git = import ./git.nix { lib = lib // out; };
   shell = import ./shell.nix { inherit lib; };
   tree = import ./tree.nix { inherit lib; };
diff --git a/krebs/5pkgs/exim/default.nix b/krebs/5pkgs/exim/default.nix
index 0918e308d..835970555 100644
--- a/krebs/5pkgs/exim/default.nix
+++ b/krebs/5pkgs/exim/default.nix
@@ -1,4 +1,4 @@
-{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }:
+{ coreutils, fetchurl, db, openssl, pam, pcre, perl, pkgconfig, stdenv }:
 
 stdenv.mkDerivation rec {
   name = "exim-4.87";
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     sha256 = "1jbxn13shq90kpn0s73qpjnx5xm8jrpwhcwwgqw5s6sdzw6iwsbl";
   };
 
-  buildInputs = [ coreutils db openssl pcre perl pkgconfig ];
+  buildInputs = [ coreutils db openssl pam pcre perl pkgconfig ];
 
   preBuild = ''
     sed '
@@ -24,6 +24,7 @@ stdenv.mkDerivation rec {
       s:^# \(SUPPORT_TLS\)=.*:\1=yes:
       s:^# \(USE_OPENSSL_PC=openssl\)$:\1:
       s:^# \(LOG_FILE_PATH=syslog\)$:\1:
+      s:^# \(SUPPORT_PAM\)=.*:\1=yes\nEXTRALIBS=-lpam:
       s:^# \(HAVE_IPV6=yes\)$:\1:
       s:^# \(CHOWN_COMMAND\)=.*:\1=${coreutils}/bin/chown:
       s:^# \(CHGRP_COMMAND\)=.*:\1=${coreutils}/bin/chgrp: