5 files changed, 6 insertions, 127 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 60479fd90..8e03e3b52 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -27,7 +27,7 @@
 
     ### shackspace ###
     # handle the worlddomination map via coap
-    #../../2configs/shack/worlddomination.nix (FIXME error: python3.13-LinkHeader-0.4.3 does not configure a `format`. To build with setuptools as before, set `pyproject = true` and `build-system = [ setuptools ]`.)
+    ../../2configs/shack/worlddomination.nix
     ../../2configs/shack/ssh-keys.nix
 
     # drivedroid.shack for shackphone
diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix
index 66a4095db..eba6cc83b 100644
--- a/krebs/2configs/shack/worlddomination.nix
+++ b/krebs/2configs/shack/worlddomination.nix
@@ -3,7 +3,7 @@
 with import ../../../lib/pure.nix { inherit lib; };
 let
   pkg = pkgs.stdenv.mkDerivation {
-    name = "worlddomination-2020-12-01";
+    name = "worlddomination-2025-04-02";
     src = pkgs.fetchFromGitHub {
       owner = "shackspace";
       repo = "worlddomination";
@@ -11,9 +11,8 @@ let
       sha256 = "sha256-AbRqxxY6hYNg4qkk/akuw4f+wJh4nx1hfEA4Lp5B+1E=";
     };
     buildInputs = [
-      (pkgs.python310.withPackages (pythonPackages: with pythonPackages; [
+      (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
         docopt
-        LinkHeader
         aiocoap
         grequests
         paramiko
@@ -31,16 +30,6 @@ let
   pythonPackages = pkgs.python3Packages;
   # https://github.com/chrysn/aiocoap
 
-  LinkHeader = pythonPackages.buildPythonPackage {
-    name = "LinkHeader-0.4.3";
-    src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; };
-    propagatedBuildInputs = [ ];
-    meta = with pkgs.lib; {
-      homepage = "";
-      license = licenses.bsdOriginal;
-      description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";
-    };
-  };
   wdpath = "/usr/worlddomination/wd.lst";
   esphost = "10.42.24.7"; # esp8266
   afrihost = "10.42.25.201"; # africa
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
index 7b2be4057..62d99e160 100644
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@@ -17,6 +17,7 @@ let
           branches = mkOption {
             type = types.attrsOf (types.submodule ({ config, ... }: {
               options = {
+                smart = mkEnableOption "smart sync behavior";
                 origin = mkOption {
                   type = types.source-types.git;
                 };
diff --git a/krebs/5pkgs/simple/ecrypt/default.nix b/krebs/5pkgs/simple/ecrypt/default.nix
deleted file mode 100644
index f83f8cfe7..000000000
--- a/krebs/5pkgs/simple/ecrypt/default.nix
+++ /dev/null
@@ -1,111 +0,0 @@
-{ pkgs, lib }:
-
-#usage: ecrypt mount /var/crypted /var/unencrypted
-pkgs.writers.writeDashBin "ecrypt" ''
-  set -euf
-
-  PATH=${lib.makeBinPath (with pkgs; [
-    coreutils
-    ecryptfs
-    gnused
-    gnugrep
-    jq
-    mount
-    keyutils
-    umount
-  ])}
-
-  # turn echo back on if killed
-  trap 'stty echo' INT
-
-  case "$1" in
-    init)
-      shift
-      mkdir -p "$1" "$2"
-
-      # abort if src or dest are not empty
-      if [ -e "$1"/.cfg.json ]; then
-        echo 'source dir is already configured, aborting'
-        exit 1
-      elif ls -1qA "$2" | grep -q .; then
-        echo 'destination dir is not empty, aborting'
-        exit 1
-      else
-        # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails
-        echo 4 | ecryptfs-manager
-        stty -echo
-        printf "passphrase: "
-        read  passphrase
-        stty echo
-        sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/')
-        mount -t ecryptfs \
-          -o ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \
-          "$1" "$2"
-
-        # add sig to json state file
-        jq -n --arg sig "$sig" '{ "sig": $sig }' > "$1"/.cfg.json
-      fi
-      ;;
-
-    mount)
-      shift
-      if ! [ -e "$1"/.cfg.json ]; then
-        echo '.cfg.json missing in src'
-        exit 1
-      fi
-      old_sig=$(cat "$1"/.cfg.json | jq -r .sig)
-
-      # check if key is already in keyring, otherwise add it
-      
-      if keyctl list @u | grep -q "$old_sig"; then
-        echo 'pw already saved'
-      else
-        # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails
-        echo 4 | ecryptfs-manager
-        stty -echo
-        printf "passphrase: "
-        read  passphrase
-        stty echo
-        new_sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/')
-
-        # check if passphrase matches sig
-        if [ "$old_sig" != "$new_sig" ]; then
-          echo 'passphrase does not match sig, bailing out'
-          new_keyid=$(keyctl list @u | grep "$new_sig" | sed 's/\([0-9]*\).*/\1/')
-          keyctl revoke "$new_keyid"
-          keyctl unlink "$new_keyid"
-          exit 1
-        fi
-      fi
-
-      sig=$old_sig
-      keyid=$(keyctl list @u | grep "$sig" | sed 's/\([0-9]*\).*/\1/')
-      if (ls -1qA "$2" | grep -q .); then
-        echo 'destination is not empty, bailing out'
-        exit 1
-      else
-        mount -i -t ecryptfs \
-          -o ecryptfs_passthrough=no,verbose=no,ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \
-          "$1" "$2"
-      fi
-      ;;
-
-    unmount)
-      shift
-
-      sig=$(cat "$1"/.cfg.json | jq -r .sig)
-      keyid=$(keyctl list @u | grep "$sig" | sed 's/\s*\([0-9]*\).*/\1/')
-
-      umount "$2" || :
-      keyctl revoke "$keyid"
-      keyctl unlink "$keyid"
-      ;;
-
-    *)
-      echo 'usage:
-        ecrypt init /tmp/src/ /tmp/dst/
-        ecrypt mount /tmp/src/ /tmp/dst/
-        ecrypt unmount /tmp/src/ /tmp/dst/
-      '
-  esac
-''
diff --git a/krebs/5pkgs/simple/repo-sync/default.nix b/krebs/5pkgs/simple/repo-sync/default.nix
index 801e3b1ba..1c88c2e91 100644
--- a/krebs/5pkgs/simple/repo-sync/default.nix
+++ b/krebs/5pkgs/simple/repo-sync/default.nix
@@ -2,7 +2,7 @@
 
 with python3Packages; buildPythonPackage rec {
   name = "repo-sync-${version}";
-  version = "0.2.7";
+  version = "1.0.0";
   pyproject = true;
   build-system = [ python3Packages.setuptools ];
   propagatedBuildInputs = [
@@ -14,7 +14,7 @@ with python3Packages; buildPythonPackage rec {
     owner = "krebs";
     repo = "repo-sync";
     rev = version;
-    sha256 = "1qjf1jmxf7xzwskybdys4vqncnwj9f3xwk1gv354zrla68s533cw";
+    hash = "sha256-dkhPUaCL+tZn5rF7NN8A6NK/0tz669dLLYRGtRxO+fM=";
   };
   meta = {
     homepage = http://github.com/makefu/repo-sync;