7 files changed, 37 insertions, 8 deletions

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 3032e244f..9c51effdc 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -32,8 +32,6 @@ in {
 
   time.timeZone = "Europe/Berlin";
 
-  virtualisation.libvirtd.enable = true;
-
   programs.ssh.startAgent = false;
 
   services.printing = {
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 3006e9dfb..7b38e44c6 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -20,7 +20,7 @@ in {
   };
 
   config.krebs.buildbot.master = let
-    stockholm-mirror-url = http://cgit.lassul.us/stockholm ;
+    stockholm-mirror-url = http://cgit.prism.r/stockholm ;
   in {
     workers = {
       testworker = "lasspass";
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 69f8a681e..e964704c3 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -64,7 +64,10 @@ with import <stockholm/lib>;
       ];
     }
     {
-      services.dnscrypt-proxy.enable = true;
+      services.dnscrypt-proxy = {
+        enable = true;
+        resolverName = "cs-de";
+      };
       networking.extraResolvconfConf = ''
         name_servers='127.0.0.1'
       '';
@@ -151,6 +154,10 @@ with import <stockholm/lib>;
     p7zip
     unzip
     unrar
+
+    (pkgs.writeDashBin "sshn" ''
+      ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
+    '')
   ];
 
   programs.bash = {
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index 971be9588..31a01c754 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -6,7 +6,7 @@ in {
   krebs.fetchWallpaper = {
     enable = true;
     unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
-    url = "prism/wallpaper.png";
+    url = "prism/realwallpaper-sat-krebs.png";
     maxTime = 10;
   };
 }
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 24437d040..5f9800b0f 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
 {
   krebs.build.source.nixpkgs.git = {
     url = https://cgit.lassul.us/nixpkgs;
-    ref = "a563923";
+    ref = "c85f39e";
   };
 }
diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix
index cf9795071..116d66276 100644
--- a/lass/2configs/realwallpaper.nix
+++ b/lass/2configs/realwallpaper.nix
@@ -10,11 +10,23 @@ in {
   krebs.realwallpaper.enable = true;
 
   services.nginx.virtualHosts.wallpaper = {
+    extraConfig = ''
+      if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
+        return 403;
+      }
+    '';
     serverAliases = [
       hostname
+      "${hostname}.r"
     ];
-    locations."/wallpaper.png".extraConfig = ''
-      root /tmp/;
+    locations."/realwallpaper.png".extraConfig = ''
+      root /var/realwallpaper/;
+    '';
+    locations."/realwallpaper-sat.png".extraConfig = ''
+      root /var/realwallpaper/;
+    '';
+    locations."/realwallpaper-sat-krebs.png".extraConfig = ''
+      root /var/realwallpaper/;
     '';
   };
 
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
new file mode 100644
index 000000000..cef43d1e6
--- /dev/null
+++ b/lass/2configs/syncthing.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+  services.syncthing = {
+    enable = true;
+    useInotify = true;
+  };
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
+    { predicate = "-p udp --dport 21027"; target = "ACCEPT";}
+  ];
+}