10 files changed, 81 insertions, 9 deletions
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index 4472816e3..298c9083d 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -30,6 +30,7 @@ with import <stockholm/lib>;
       networking.wireless.enable = true;
       hardware.pulseaudio = {
         enable = true;
+        systemWide = true;
       };
       users.users.ferret = {
         uid = genid "ferret";
diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix
new file mode 100644
index 000000000..9a6654648
--- /dev/null
+++ b/lass/1systems/icarus.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+  imports = [
+    ../.
+    ../2configs/retiolum.nix
+    ../2configs/hw/tp-x220.nix
+    ../2configs/baseX.nix
+    ../2configs/git.nix
+    ../2configs/exim-retiolum.nix
+    ../2configs/browsers.nix
+    ../2configs/programs.nix
+    ../2configs/fetchWallpaper.nix
+    ../2configs/backups.nix
+    #{
+    #  users.extraUsers = {
+    #    root = {
+    #      openssh.authorizedKeys.keys = map readFile [
+    #        ../../krebs/Zpubkeys/uriel.ssh.pub
+    #      ];
+    #    };
+    #  };
+    #}
+  ];
+
+  krebs.build.host = config.krebs.hosts.icarus;
+
+  boot = {
+    loader.grub.enable = true;
+    loader.grub.version = 2;
+    loader.grub.device = "/dev/sda";
+
+    initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+    initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+    initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+    #kernelModules = [ "kvm-intel" "msr" ];
+  };
+  fileSystems = {
+    "/" = {
+      device = "/dev/pool/nix";
+      fsType = "btrfs";
+    };
+
+    "/boot" = {
+      device = "/dev/sda1";
+    };
+    "/tmp" = {
+      device = "tmpfs";
+      fsType = "tmpfs";
+      options = ["nosuid" "nodev" "noatime"];
+    };
+  };
+
+  services.udev.extraRules = ''
+    SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
+    SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+  '';
+}
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 594f342db..4553cc15b 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -68,11 +68,19 @@ with import <stockholm/lib>;
     {
       krebs.nginx = {
         enable = true;
-        servers.default.locations = [
-          (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
-            alias /home/$1/public_html$2;
-          '')
-        ];
+        servers.default = {
+          server-names = [
+            "localhost"
+            "${config.krebs.build.host.name}"
+            "${config.krebs.build.host.name}.r"
+            "${config.krebs.build.host.name}.retiolum"
+          ];
+          locations = [
+            (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
+              alias /home/$1/public_html$2;
+            '')
+          ];
+        };
       };
     }
     {
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 269f94526..6c11a2f62 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -230,6 +230,7 @@ in {
     }
     {
       virtualisation.libvirtd.enable = true;
+      users.users.mainUser.extraGroups = [ "libvirtd" ];
     }
   ];
 
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 72cd66420..7057d0c3d 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -102,7 +102,7 @@ in {
                     ]
             )
 
-        for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
+        for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
             addShell(f,name="build-{}".format(i),env=env_lass,
                 command=nixshell + \
                     ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 21a2ec038..900dd36b3 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -32,6 +32,7 @@ with import <stockholm/lib>;
           createHome = true;
           useDefaultShell = true;
           extraGroups = [
+            "audio"
             "fuse"
           ];
           openssh.authorizedKeys.keys = [
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 57950e1b7..ded0922b8 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -75,7 +75,7 @@ let
     with git // config.krebs.users;
     repo:
       singleton {
-        user = [ lass lass-uriel ];
+        user = [ lass lass-shodan ];
         repo = [ repo ];
         perm = push "refs/*" [ non-fast-forward create delete merge ];
       } ++
diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix
index c83dc80dc..f22bf451a 100644
--- a/lass/2configs/power-action.nix
+++ b/lass/2configs/power-action.nix
@@ -14,8 +14,8 @@ in {
   krebs.power-action = {
     enable = true;
     plans.low-battery = {
-      upperLimit = 30;
-      lowerLimit = 25;
+      upperLimit = 10;
+      lowerLimit = 15;
       charging = false;
       action = pkgs.writeDash "warn-low-battery" ''
         ${speak "power level low"}
diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
index ae07b9a2e..1e5f2d177 100644
--- a/lass/2configs/weechat.nix
+++ b/lass/2configs/weechat.nix
@@ -16,6 +16,7 @@ in {
     openssh.authorizedKeys.keys = [
       config.krebs.users.lass.pubkey
       config.krebs.users.lass-shodan.pubkey
+      config.krebs.users.lass-icarus.pubkey
     ];
   };
 
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
index aa159be07..442a1d4d9 100644
--- a/lass/2configs/zsh.nix
+++ b/lass/2configs/zsh.nix
@@ -118,4 +118,5 @@
       fi
     '';
   };
+  users.users.${config.krebs.build.user.name}.shell = "/run/current-system/sw/bin/zsh";
 }