From 4feafd70204f9c13500bd427d250fac60ca595ef Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 14 Dec 2017 11:18:14 +0100
Subject: ma pkgs.vpn-ws: init at 0.2

---
 makefu/5pkgs/vpn-ws/default.nix | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 makefu/5pkgs/vpn-ws/default.nix

diff --git a/makefu/5pkgs/vpn-ws/default.nix b/makefu/5pkgs/vpn-ws/default.nix
new file mode 100644
index 000000000..71573384d
--- /dev/null
+++ b/makefu/5pkgs/vpn-ws/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, openssl }:
+stdenv.mkDerivation rec {
+  pname = "vpn-ws";
+  version = "9d0e866";
+  name = "${pname}-${version}";
+
+  src = fetchFromGitHub {
+    owner = "unbit";
+    repo = "vpn-ws";
+    rev = version;
+    sha256 = "068vzrpzgksadb31khancnpkgzhdcr6kh6k9wgm77q68skwl3w0k";
+  };
+
+  patchPhase = ''
+    sed -i 's/-Werror//' Makefile
+  '';
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp vpn-ws vpn-ws-client $out/bin
+  '';
+
+  buildInputs = [ openssl.dev ];
+
+  meta = {
+    homepage = https://github.com/unbit/vpn-ws;
+    description = "A VPN system over websockets";
+    license = lib.licenses.mit;
+  };
+}
-- 
cgit v1.2.3


From 1fff5ae3724a811c6205e1e7abf5052e05412757 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 18 Dec 2017 21:26:45 +0100
Subject: ma nginx: add vpn-ws prototype

---
 makefu/2configs/nginx/euer.blog.vpn.nix | 35 +++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 makefu/2configs/nginx/euer.blog.vpn.nix

diff --git a/makefu/2configs/nginx/euer.blog.vpn.nix b/makefu/2configs/nginx/euer.blog.vpn.nix
new file mode 100644
index 000000000..b3db0bc60
--- /dev/null
+++ b/makefu/2configs/nginx/euer.blog.vpn.nix
@@ -0,0 +1,35 @@
+{pkgs, options, ... }:
+let
+  pkg = pkgs.vpn-ws;
+  uid = "nginx";
+  gid = "nginx";
+  ip = "${pkgs.iproute}/bin/ip";
+in {
+  services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = {
+    # TODO client auth
+    extraConfig = ''
+      uwsgi_pass   unix:/run/vpn.sock;
+      include      ${pkgs.nginx}/conf/uwsgi_params;
+    '';
+  };
+
+  networking.interfaces.vpnws = {
+    virtual = true;
+    virtualType = "tap";
+  };
+  systemd.services.vpnws = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    serviceConfig = {
+      Restart = "always";
+      PrivateTmp = true;
+      ExecStartPre = pkgs.writeDash "vpnws-pre" ''
+        ${ip} link set vpnws up
+        ${ip} addr add 10.244.1.1/24 dev vpnws || :
+      '';
+      ExecStart = pkgs.writeDash "vpnws-start" ''
+        ${pkg}/bin/vpn-ws --tuntap vpnws /run/vpn.sock
+      '';
+    };
+  };
+}
-- 
cgit v1.2.3


From 4d4d11a76501246e485ed73f33277ce470d32dfd Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 18 Dec 2017 21:26:59 +0100
Subject: ma stats: add bamstats

---
 makefu/2configs/stats/telegraf/bamstats.nix | 35 +++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 makefu/2configs/stats/telegraf/bamstats.nix

diff --git a/makefu/2configs/stats/telegraf/bamstats.nix b/makefu/2configs/stats/telegraf/bamstats.nix
new file mode 100644
index 000000000..ae5301204
--- /dev/null
+++ b/makefu/2configs/stats/telegraf/bamstats.nix
@@ -0,0 +1,35 @@
+{ pkgs, ...}:
+
+let
+  genTopic = name: topic: tags: {
+      servers = [ "tcp://localhost:1883" ];
+      qos = 0;
+      connection_timeout = "30s";
+      topics = [ topic ];
+      tags = tags;
+      persistent_session = false;
+      name_override = name;
+      data_format = "value";
+      data_type = "float";
+    };
+  bamStat = stat:   # Temperature or Humidity
+            host:   # easy{1-4}
+            sensor: # dht11, dht22, ds18
+            (genTopic stat
+                      "/bam/${host}/${sensor}/${stat}"
+                      {"host" = host;
+                       "scope" = "bam";
+                       "sensor" = sensor;
+                      } );
+  dht22 = host: [(bamStat "Temperature" host "dht22")
+                 (bamStat "Humidity" host "dht22")];
+  dht11 = host: [(bamStat "Temperature" host "dht11")
+                 (bamStat "Humidity" host "dht11")];
+  ds18 = host:  [(bamStat "Temperature" host "ds18")];
+in {
+  services.telegraf.extraConfig.inputs.mqtt_consumer =
+       (dht22 "easy1")
+    ++ (dht22 "easy2")
+    ++ (dht11 "easy3")
+    ++ (ds18  "easy3");
+}
-- 
cgit v1.2.3


From e2369d551e211c0eeb360868c2bba30564e33ca0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 18 Dec 2017 21:27:26 +0100
Subject: ma vpn: add vpnws client and server

---
 makefu/2configs/nginx/euer.blog.vpn.nix | 35 ---------------------------
 makefu/2configs/vpn/vpnws/client.nix    |  9 +++++++
 makefu/2configs/vpn/vpnws/server.nix    | 42 +++++++++++++++++++++++++++++++++
 3 files changed, 51 insertions(+), 35 deletions(-)
 delete mode 100644 makefu/2configs/nginx/euer.blog.vpn.nix
 create mode 100644 makefu/2configs/vpn/vpnws/client.nix
 create mode 100644 makefu/2configs/vpn/vpnws/server.nix

diff --git a/makefu/2configs/nginx/euer.blog.vpn.nix b/makefu/2configs/nginx/euer.blog.vpn.nix
deleted file mode 100644
index b3db0bc60..000000000
--- a/makefu/2configs/nginx/euer.blog.vpn.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{pkgs, options, ... }:
-let
-  pkg = pkgs.vpn-ws;
-  uid = "nginx";
-  gid = "nginx";
-  ip = "${pkgs.iproute}/bin/ip";
-in {
-  services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = {
-    # TODO client auth
-    extraConfig = ''
-      uwsgi_pass   unix:/run/vpn.sock;
-      include      ${pkgs.nginx}/conf/uwsgi_params;
-    '';
-  };
-
-  networking.interfaces.vpnws = {
-    virtual = true;
-    virtualType = "tap";
-  };
-  systemd.services.vpnws = {
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" ];
-    serviceConfig = {
-      Restart = "always";
-      PrivateTmp = true;
-      ExecStartPre = pkgs.writeDash "vpnws-pre" ''
-        ${ip} link set vpnws up
-        ${ip} addr add 10.244.1.1/24 dev vpnws || :
-      '';
-      ExecStart = pkgs.writeDash "vpnws-start" ''
-        ${pkg}/bin/vpn-ws --tuntap vpnws /run/vpn.sock
-      '';
-    };
-  };
-}
diff --git a/makefu/2configs/vpn/vpnws/client.nix b/makefu/2configs/vpn/vpnws/client.nix
new file mode 100644
index 000000000..d06bc27db
--- /dev/null
+++ b/makefu/2configs/vpn/vpnws/client.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+{
+  users.users.makefu.packages = with pkgs; [ iproute vpn-ws ];
+  # vpn-ws-client  vpnws wss://localhost/vpn --no-verify --exec "ip link set vpnws up;ip addr add 10.244.1.2/24 dev vpnws"
+  networking.interfaces.vpnws = {
+    virtual = true;
+    virtualType = "tap";
+  };
+}
diff --git a/makefu/2configs/vpn/vpnws/server.nix b/makefu/2configs/vpn/vpnws/server.nix
new file mode 100644
index 000000000..6baa5ff11
--- /dev/null
+++ b/makefu/2configs/vpn/vpnws/server.nix
@@ -0,0 +1,42 @@
+{pkgs, options, ... }:
+let
+  pkg = pkgs.vpn-ws;
+  uid = "nginx";
+  gid = "nginx";
+  ip = "${pkgs.iproute}/bin/ip";
+  socket = "/run/vpn.sock";
+  htpasswd = (toString <secrets>) + "/vpn-ws-auth";
+  nginx-prepared-secrets = "/var/spool/nginx/vpn-ws-auth";
+in {
+  systemd.services.vpn-ws-auth-prepare = {
+    wantedBy = [ "multi-user.target" ];
+    before = [ "nginx.service" ];
+    script = "install -m700 -o${uid} -g${gid} ${htpasswd} ${nginx-prepared-secrets}";
+  };
+  services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = {
+    extraConfig = ''
+      auth_basic "please stand by...";
+      auth_basic_user_file ${nginx-prepared-secrets};
+      uwsgi_pass   unix:${socket};
+      include      ${pkgs.nginx}/conf/uwsgi_params;
+    '';
+  };
+
+  networking.interfaces.vpnws = {
+    virtual = true;
+    virtualType = "tap";
+  };
+  systemd.services.vpnws = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    serviceConfig = {
+      Restart = "always";
+      PrivateTmp = true;
+      ExecStartPre = pkgs.writeDash "vpnws-pre" ''
+        ${ip} link set vpnws up
+        ${ip} addr add 10.244.1.1/24 dev vpnws || :
+      '';
+      ExecStart = "${pkg}/bin/vpn-ws --uid ${uid} --gid ${gid} --tuntap vpnws ${socket}";
+    };
+  };
+}
-- 
cgit v1.2.3


From 96c7074c08e914a230124073ef6209bb9b888108 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 18 Dec 2017 21:29:13 +0100
Subject: ma remote-build: update to only use hotdog

---
 makefu/2configs/remote-build/master.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/makefu/2configs/remote-build/master.nix b/makefu/2configs/remote-build/master.nix
index 4ad2c5ed8..2a2c68119 100644
--- a/makefu/2configs/remote-build/master.nix
+++ b/makefu/2configs/remote-build/master.nix
@@ -8,7 +8,7 @@ in {
   {   inherit hostName sshKey;
       sshUser = "nixBuild";
       system = "x86_64-linux";
-      maxJobs = 1;
-  }) [ "omo.r"  "gum.r" "latte.r" ];
-  # puyak.r "wbob.r"
+      maxJobs = 8;
+  }) [ "hotdog.r" ];
+  # puyak.r "wbob.r" "omo.r"  "gum.r" "latte.r"
 }
-- 
cgit v1.2.3


From c90f3a34934e5487c32e9424239a0040b4036e44 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 20 Dec 2017 14:20:47 +0100
Subject: l nixpkgs: af7e479 -> ed3b1bc

---
 lass/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/source.nix b/lass/source.nix
index bf992d4d2..403156000 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
         url = https://github.com/nixos/nixpkgs;
-        ref = "af7e479";
+        ref = "ed3b1bc";
       };
       secrets = getAttr builder {
         buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
-- 
cgit v1.2.3


From 13be61e360e769ad28fc48df20524e483cf00efc Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 21 Dec 2017 01:24:11 +0100
Subject: eximlog: init

---
 krebs/5pkgs/simple/eximlog.nix | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 krebs/5pkgs/simple/eximlog.nix

diff --git a/krebs/5pkgs/simple/eximlog.nix b/krebs/5pkgs/simple/eximlog.nix
new file mode 100644
index 000000000..2d64e13e9
--- /dev/null
+++ b/krebs/5pkgs/simple/eximlog.nix
@@ -0,0 +1,28 @@
+{ jq, systemd, writeDashBin }:
+
+let
+  lib = import <stockholm/lib>;
+  user = "exim"; # TODO make this configurable
+in
+
+# TODO execute eximlog only if journalctl doesn't fail
+# bash's set -o pipefail isn't enough
+
+writeDashBin "eximlog" ''
+  ${systemd}/bin/journalctl \
+      -u ${lib.shell.escape user} \
+      -o short-unix \
+      "$@" \
+    |
+  ${jq}/bin/jq -Rr '
+    # Only select lines that start with a timestamp
+    select(test("^[0-9]")) |
+
+    split(" ") |
+    (.[0] | tonumber) as $time |
+    (.[3:] | join(" ")) as $message |
+
+    "\($time | strftime("%Y-%m-%d %H:%M:%S %z")) \($message)"
+
+  '
+''
-- 
cgit v1.2.3


From 9f37a4c4f7fff0246577d233a1497fc5a7ceb8d2 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 21 Dec 2017 01:27:07 +0100
Subject: tv exim-*: add eximlog

---
 tv/2configs/exim-retiolum.nix  | 3 +++
 tv/2configs/exim-smarthost.nix | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
index bf13a388a..8b34b16cf 100644
--- a/tv/2configs/exim-retiolum.nix
+++ b/tv/2configs/exim-retiolum.nix
@@ -3,6 +3,9 @@
 with import <stockholm/lib>;
 
 {
+  environment.systemPackages = [
+    pkgs.eximlog
+  ];
   krebs.exim-retiolum.enable = true;
   tv.iptables.input-retiolum-accept-tcp = singleton "smtp";
 }
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index 079013c79..68fbcd151 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -3,6 +3,9 @@
 with import <stockholm/lib>;
 
 {
+  environment.systemPackages = [
+    pkgs.eximlog
+  ];
   krebs.exim-smarthost = {
     enable = true;
     dkim = [
-- 
cgit v1.2.3


From 28085c8e6d37a0dd31d7627fa01d072723c4f46c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 22 Dec 2017 21:31:39 +0100
Subject: tv querel: add chromium with flash

---
 tv/1systems/querel/config.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix
index 05b4d9133..07ec8e403 100644
--- a/tv/1systems/querel/config.nix
+++ b/tv/1systems/querel/config.nix
@@ -29,6 +29,7 @@ with import <stockholm/lib>;
   };
 
   environment.systemPackages = with pkgs; [
+    chromium
     firefoxWrapper
     gimp
     kate
@@ -65,6 +66,8 @@ with import <stockholm/lib>;
 
   networking.networkmanager.enable = true;
 
+  nixpkgs.config.chromium.enablePepperFlash = true;
+
   programs.ssh.startAgent = false;
 
   services.printing = {
-- 
cgit v1.2.3


From b73b1c45e57e3bab0300f5ecbed261c6d45a5d53 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 25 Dec 2017 21:39:14 +0100
Subject: l nixpkgs: ed3b1bc -> 53e6d67

---
 lass/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/source.nix b/lass/source.nix
index 403156000..de7351604 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
         url = https://github.com/nixos/nixpkgs;
-        ref = "ed3b1bc";
+        ref = "53e6d67";
       };
       secrets = getAttr builder {
         buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
-- 
cgit v1.2.3


From 2589f81f9a9f53ccfc40d946ca693a83f2c81900 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 26 Dec 2017 23:20:56 +0100
Subject: x: use nixos-hardware

---
 makefu/1systems/x/source.nix   |  2 ++
 makefu/2configs/hw/tp-x230.nix | 30 +++---------------------------
 makefu/2configs/hw/tp-x2x0.nix |  2 ++
 makefu/source.nix              | 18 +++++++++++++++++-
 4 files changed, 24 insertions(+), 28 deletions(-)

diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix
index 6dc17b656..6278877c3 100644
--- a/makefu/1systems/x/source.nix
+++ b/makefu/1systems/x/source.nix
@@ -1,5 +1,7 @@
 import <stockholm/makefu/source.nix> {
   name="x";
   full = true;
+  python = true;
+  hw = true;
   # torrent = true;
 }
diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix
index 14572b35c..ec4e05d1b 100644
--- a/makefu/2configs/hw/tp-x230.nix
+++ b/makefu/2configs/hw/tp-x230.nix
@@ -3,38 +3,14 @@
 with import <stockholm/lib>;
 {
 
-  imports = [ ./tp-x2x0.nix ];
-  boot = {
-    # tp-smapi is not supported bt x230 anymore
-    kernelModules = [
-      "kvm-intel"
-      "thinkpad_ec"
-      "acpi_call"
-   #   "thinkpad_acpi"
-   #   "tpm-rng"
-    ];
-    extraModulePackages = [
-      config.boot.kernelPackages.acpi_call
-    ];
-    # support backlight adjustment
-    kernelParams = [ "acpi_osi=Linux" "acpi_backlight=vendor" ];
-  };
+  imports = [ ./tp-x2x0.nix  <nixos-hardware/lenovo/thinkpad/x230> ];
 
   # configured media keys inside awesomerc
   # sound.mediaKeys.enable = true;
   hardware.bluetooth.enable = true;
 
-  services.acpid.enable = true;
-  hardware.opengl.extraPackages =  [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
-  services.xserver = {
-    videoDriver = "intel";
-    deviceSection = ''
-      Option "AccelMethod" "sna"
-      Option "Backlight"     "intel_backlight"
-    '';
-  };
-
-  security.rngd.enable = true;
+  # possible i915 powersave options:
+  #  options i915 enable_rc6=1 enable_fbc=1 semaphores=1
 
   services.xserver.displayManager.sessionCommands =''
     xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index 81c4bf4c8..680545c99 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -17,6 +17,8 @@ with import <stockholm/lib>;
 
   # enable synaptics so we can easily disable the touchpad
   #   enable the touchpad with `synclient TouchpadOff=0`
+
+  services.xserver.libinput.enable = false;
   services.xserver.synaptics = {
     enable = true;
     additionalOptions = ''Option "TouchpadOff" "1"'';
diff --git a/makefu/source.nix b/makefu/source.nix
index ce5855430..2456dc76e 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -4,7 +4,9 @@ host@{ name,
   secure ? false,
   full ? false,
   torrent ? false,
-  musnix ? false
+  hw ? false,
+  musnix ? false,
+  python ? false
 }:
 let
   builder = if getEnv "dummy_secrets" == "true"
@@ -45,6 +47,20 @@ in
         ref = "d8b989f";
       };
     })
+
+    (mkIf ( hw ) {
+      nixos-hardware.git = {
+        url = https://github.com/makefu/nixos-hardware.git;
+        ref = "1fef1c1";
+      };
+    })
+
+    (mkIf ( python ) {
+      python.git = {
+        url = https://github.com/garbas/nixpkgs-python;
+        ref = "cac319b";
+      };
+    })
     (mkIf ( torrent ) {
       torrent-secrets.file = getAttr builder {
         buildbot = toString <stockholm/makefu/6tests/data/secrets>;
-- 
cgit v1.2.3


From 6124dfffcf321c52a7a83880ec8a1ce0183009ba Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 27 Dec 2017 06:12:07 +0100
Subject: hw/exfat-nofuse -> tools/mobility

---
 makefu/2configs/hw/exfat-nofuse.nix | 4 ----
 makefu/2configs/tools/all.nix       | 1 +
 makefu/2configs/tools/dev.nix       | 3 ++-
 makefu/2configs/tools/mobility.nix  | 8 ++++++++
 4 files changed, 11 insertions(+), 5 deletions(-)
 delete mode 100644 makefu/2configs/hw/exfat-nofuse.nix
 create mode 100644 makefu/2configs/tools/mobility.nix

diff --git a/makefu/2configs/hw/exfat-nofuse.nix b/makefu/2configs/hw/exfat-nofuse.nix
deleted file mode 100644
index ca3485e9f..000000000
--- a/makefu/2configs/hw/exfat-nofuse.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{ config, ... }:
-{
-  boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
-}
diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix
index 7755e2872..1ac22e34c 100644
--- a/makefu/2configs/tools/all.nix
+++ b/makefu/2configs/tools/all.nix
@@ -7,6 +7,7 @@
     ./extra-gui.nix
     ./games.nix
     ./media.nix
+    ./mobility.nix
     ./scanner-tools.nix
     ./sec.nix
     ./sec-gui.nix
diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index 26e9808b2..0f8a76c29 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -2,8 +2,9 @@
 
 {
   users.users.makefu.packages = with pkgs;[
-    python3Packages.virtualenv
+    python3
     python3Packages.pyserial
+    python3Packages.virtualenv
     # embedded
     gi
     flashrom
diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix
new file mode 100644
index 000000000..70d376608
--- /dev/null
+++ b/makefu/2configs/tools/mobility.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+{
+  users.users.makefu.packages = with pkgs;[
+    go-mtpfs
+  ];
+
+  boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
+}
-- 
cgit v1.2.3


From 04b711f516c978e84b334a82008d40dfaad1de1b Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 27 Dec 2017 15:32:02 +0100
Subject: tv nixpkgs: d0f0657 -> 53e6d67

---
 tv/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tv/source.nix b/tv/source.nix
index f3bda2715..31308fc99 100644
--- a/tv/source.nix
+++ b/tv/source.nix
@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix";
       nixpkgs.git = {
         # nixos-17.09
-        ref = mkDefault "d0f0657ca06cc8cb239cb94f430b53bcdf755887";
+        ref = mkDefault "53e6d671a9662922080635482b7e1c418d2cdc72";
         url = https://github.com/NixOS/nixpkgs;
       };
       secrets.file = getAttr builder {
-- 
cgit v1.2.3


From 9d4436644115c2cc5c130d9c210c201bb506c789 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 28 Dec 2017 15:10:22 +0100
Subject: ma source: use official nixos-hardware

---
 makefu/source.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/makefu/source.nix b/makefu/source.nix
index 2456dc76e..fde1d9680 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -50,8 +50,8 @@ in
 
     (mkIf ( hw ) {
       nixos-hardware.git = {
-        url = https://github.com/makefu/nixos-hardware.git;
-        ref = "1fef1c1";
+        url = https://github.com/nixos/nixos-hardware.git;
+        ref = "8a05dc9";
       };
     })
 
-- 
cgit v1.2.3


From 4cc193cffd02ca5352d47ab4772f468acb3973b6 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 28 Dec 2017 16:00:14 +0100
Subject: ma hw: add kvm-intel

---
 makefu/2configs/hw/tp-x2x0.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index 680545c99..f33c12a8f 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -5,6 +5,11 @@ with import <stockholm/lib>;
   imports = [
     ./tpm.nix
   ];
+
+  boot.kernelModules = [
+    "kvm-intel"
+  ];
+
   networking.wireless.enable = lib.mkDefault true;
 
   hardware.enableAllFirmware = true;
-- 
cgit v1.2.3


From 4414e50bb84c307627e5c9ec71510ab907d87c62 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 28 Dec 2017 16:00:40 +0100
Subject: ma vpn-ws: fix sha256

---
 makefu/5pkgs/vpn-ws/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makefu/5pkgs/vpn-ws/default.nix b/makefu/5pkgs/vpn-ws/default.nix
index 71573384d..1f2e45fe4 100644
--- a/makefu/5pkgs/vpn-ws/default.nix
+++ b/makefu/5pkgs/vpn-ws/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     owner = "unbit";
     repo = "vpn-ws";
     rev = version;
-    sha256 = "068vzrpzgksadb31khancnpkgzhdcr6kh6k9wgm77q68skwl3w0k";
+    sha256 = "0k7338xxvg1k988zz3nb681nsqmfiik9bnkk7jmxjz7j0wfwq8nj";
   };
 
   patchPhase = ''
-- 
cgit v1.2.3


From 4ab161be0aed7598ebbc32ed95d13e979ab2dbcf Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 28 Dec 2017 16:01:57 +0100
Subject: pkgs.Reaktor: add help for shack-correct

---
 krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
index 3b4d04f80..d500b3cb3 100644
--- a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
+++ b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
@@ -2,5 +2,5 @@
 set -eu
 printf "Sie meinten wohl \""
 echo -n $@ | sed 's/Shack/shack/g'
-echo "\""
+echo "\" check out https://wiki.shackspace.de/project/logo_and_ci#name_ci"
 echo "${_from}--"
-- 
cgit v1.2.3


From 161c810b7470727da320b617b874002f43c8fd6f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 28 Dec 2017 16:02:32 +0100
Subject: forticlientsslvpn: use archive.org

---
 krebs/5pkgs/simple/fortclientsslvpn/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/krebs/5pkgs/simple/fortclientsslvpn/default.nix b/krebs/5pkgs/simple/fortclientsslvpn/default.nix
index cbcfab05f..1f86d6fe4 100644
--- a/krebs/5pkgs/simple/fortclientsslvpn/default.nix
+++ b/krebs/5pkgs/simple/fortclientsslvpn/default.nix
@@ -12,8 +12,8 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     # archive.org mirror:
-    # https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz
-    url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz;
+    url = https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz;
+    # url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz;
     sha256 = "19clnf9rgrnwazlpah8zz5kvz6kc8lxawrgmksx25k5ywflmbcrr";
   };
   phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ];
-- 
cgit v1.2.3


From 14634592a67b874d3fe9b47efd0d06aca72f5e5e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 28 Dec 2017 16:03:05 +0100
Subject: ma fileleech: retab, use torrent

---
 makefu/1systems/fileleech/config.nix | 75 +++++++++++++++++++-----------------
 1 file changed, 40 insertions(+), 35 deletions(-)

diff --git a/makefu/1systems/fileleech/config.nix b/makefu/1systems/fileleech/config.nix
index b5ec370a5..e36afecd5 100644
--- a/makefu/1systems/fileleech/config.nix
+++ b/makefu/1systems/fileleech/config.nix
@@ -6,18 +6,18 @@ let
   rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
   rootPartition = rootDisk + "-part3";
 
-	dataDisks =  let
-		idpart = dev: byid  dev + "-part1";
-	in [
-		{ name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";}
-	  {	name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";}
-	  {	name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";}
-	  {	name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";}
-	  {	name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";}
-	  {	name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";}
-	  {	name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";}
-	  {	name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity
-	];
+  dataDisks =  let
+    idpart = dev: byid  dev + "-part1";
+  in [
+    { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";}
+    { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";}
+    { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";}
+    { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";}
+    { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";}
+    { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";}
+    { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";}
+    { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity
+  ];
 
   disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks;
 in {
@@ -25,13 +25,13 @@ in {
       <stockholm/makefu>
       <stockholm/makefu/2configs/tinc/retiolum.nix>
       <stockholm/makefu/2configs/disable_v6.nix>
-      # <stockholm/makefu/2configs/torrent.nix>
+      <stockholm/makefu/2configs/torrent.nix>
       <stockholm/makefu/2configs/fs/sda-crypto-root.nix>
 
       #<stockholm/makefu/2configs/elchos/irc-token.nix>
-      <stockholm/makefu/2configs/elchos/log.nix>
-      <stockholm/makefu/2configs/elchos/search.nix>
-      <stockholm/makefu/2configs/elchos/stats.nix>
+      # <stockholm/makefu/2configs/elchos/log.nix>
+      # <stockholm/makefu/2configs/elchos/search.nix>
+      # <stockholm/makefu/2configs/elchos/stats.nix>
 
     ];
   systemd.services.grafana.serviceConfig.LimitNOFILE=10032;
@@ -42,8 +42,8 @@ in {
       enable = true;
       build.host = config.krebs.hosts.fileleech;
   };
-	# git clone https://github.com/makefu/docker-pyload
-	# docker build .
+  # git clone https://github.com/makefu/docker-pyload
+  # docker build .
   # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P docker-pyload
 
   virtualisation.docker.enable = true; # for pyload
@@ -60,7 +60,7 @@ in {
   ];
   services.nginx.virtualHosts._download = {
     default = true;
-    root = "/media/cryptX";
+    root = config.makefu.dl-dir;
     extraConfig = ''
       autoindex on;
     '';
@@ -80,10 +80,11 @@ in {
   services.sabnzbd.enable = true;
   systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
 
+  # TODO use users.motd and pam.services.sshd.showMotd
   services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" ''
     Services:
-      ssh://download@fileleech - ssh via filebitch.shack
-      ftp://download@fileleech - access to /media/cryptX
+      ssh://download@fileleech - ssh via filebitch
+      ftp://download@fileleech - access to ${config.makefu.dl-dir}
       http://fileleech:8112 - rutorrent
       http://fileleech:8113 - pyload
       https://fileleech:9090 - sabnzb
@@ -104,13 +105,13 @@ in {
     cryptMount = name:
       { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
   in  cryptMount "crypt0"
-		// cryptMount "crypt1"
-		// cryptMount "crypt2"
-		// cryptMount "crypt3"
-		// cryptMount "crypt4"
-		// cryptMount "crypt5"
-		// cryptMount "crypt6"
-		// cryptMount "crypt7"
+    // cryptMount "crypt1"
+    // cryptMount "crypt2"
+    // cryptMount "crypt3"
+    // cryptMount "crypt4"
+    // cryptMount "crypt5"
+    // cryptMount "crypt6"
+    // cryptMount "crypt7"
 
     # this entry sometimes creates issues
     // { "/media/cryptX" = {
@@ -121,10 +122,10 @@ in {
         }
 
     ;
+  makefu.dl-dir = "/media/cryptX";
   users.users.download = {
     useDefaultShell = true;
     #  name = "download";
-    home = "/media/cryptX/";
     #  createHome = true;
     openssh.authorizedKeys.keys = [
       config.krebs.users.makefu.pubkey
@@ -132,7 +133,7 @@ in {
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13"
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local"
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de"
-			"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius"
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClaVl9Fwp4wdGLeTZdfy5MpJf+hM6fpL1k6UmtYXWgVYU7tgmStdlpLlbyMQspoFRtT7/76n4kPwCmM0c82xNXaJJMuWa98pwMp+bAwSSdOGAP/vjfzL/TUAX+Xtrw6ehF7r1O+zqw/E/bWt6UezKj08wDLWjByzdDQwslJV6lrGek4mmYRdgmHHeZ1oG89ePEZJZOM6jcZqv0AfIj0NID3ir9Z0kz9uSSXb1279Qt4953mfjs5xwhtc1B7vrxJ3qtTZUsBoAkUkLeulUEIjkfn60wvDGu/66GP5ZClXyk2gck/ZNmtFYrQoqx9EtF1KK02cC17A0nfRySQy5BnfWn root@filebitch"
     ];
   };
@@ -142,15 +143,19 @@ in {
     parity = toMapper 7;
   };
   networking.nameservers = [ "8.8.8.8" ];
-  #networking.interfaces.enp6s0f0.ip4 = [{
-  #    address = "151.217.173.20";
-  #    prefixLength = 22;
-  #}];
-  #networking.defaultGateway = "151.217.172.1";
+  # SPF
+  networking.defaultGateway = "151.217.176.1";
+  networking.interfaces.enp6s0f0.ip4 = [{
+      address = "151.217.178.63";
+      prefixLength = 22;
+  }];
+
+  # Gigabit
   networking.interfaces.enp8s0f1.ip4 = [{
       address = "192.168.126.1";
       prefixLength = 24;
   }];
+
   #interfaces.enp6s0f1.ip4 = [{
   #  address = external-ip;
   #  prefixLength = 22;
-- 
cgit v1.2.3


From 6f150a4ab47f037c1b8ec5e8d1675d86b0738155 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 28 Dec 2017 16:03:38 +0100
Subject: ma gum.r: use wireguard, vpnws

---
 makefu/1systems/gum/config.nix | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index b66ef1ab8..4981872c0 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -48,9 +48,14 @@ in {
       <stockholm/makefu/2configs/share/gum.nix>
       # <stockholm/makefu/2configs/sabnzbd.nix>
       <stockholm/makefu/2configs/torrent.nix>
-      <stockholm/makefu/2configs/iodined.nix>
+
+      # network
       <stockholm/makefu/2configs/vpn/openvpn-server.nix>
+      <stockholm/makefu/2configs/vpn/vpnws/server.nix>
       <stockholm/makefu/2configs/dnscrypt/server.nix>
+      <stockholm/makefu/2configs/iodined.nix>
+
+      # buildbot
       <stockholm/makefu/2configs/remote-build/slave.nix>
 
       ## Web
@@ -103,15 +108,16 @@ in {
       #}
       { # wireguard server
         networking.firewall.allowedUDPPorts = [ 51820 ];
-        #networking.wireguard.interfaces.wg0 = {
-        #  ips = [ "10.244.0.1/24" ];
-        #  privateKeyFile = (toString <secrets>) + "/wireguard.key";
-        #  allowedIPsAsRoutes = true;
-        #  peers = [{
-        #    allowedIPs = [ "0.0.0.0/0" "::/0" ];
-        #    publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
-        #  }];
-        #};
+        networking.wireguard.interfaces.wg0 = {
+          ips = [ "10.244.0.1/24" ];
+          privateKeyFile = (toString <secrets>) + "/wireguard.key";
+          allowedIPsAsRoutes = true;
+          peers = [{
+            # allowedIPs = [ "0.0.0.0/0" "::/0" ];
+            allowedIPs = [ "10.244.0.2/32" ];
+            publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
+          }];
+        };
       }
 
   ];
-- 
cgit v1.2.3


From 040f6f9f5c7808ea188444f15a704818f94624f7 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 28 Dec 2017 16:04:47 +0100
Subject: ma vbob.r: prepare pppd

---
 makefu/1systems/vbob/config.nix | 64 ++++++++++++++++++++++++++---------------
 1 file changed, 41 insertions(+), 23 deletions(-)

diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix
index f71634501..f318c0e61 100644
--- a/makefu/1systems/vbob/config.nix
+++ b/makefu/1systems/vbob/config.nix
@@ -3,37 +3,57 @@
   krebs.build.host = config.krebs.hosts.vbob;
   makefu.awesome.modkey = "Mod1";
   imports =
-    [ # Include the results of the hardware scan.
+    [
       <stockholm/makefu>
-      (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
-      (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
+      {
+        imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
+        boot.loader.grub.device = "/dev/vda";
+      }
+      # {
+      #   imports = [
+      #     <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
+      #   ];
+      #   virtualbox.baseImageSize = 35 * 1024;
+      #   fileSystems."/media/share" = {
+      #     fsType = "vboxsf";
+      #     device = "share";
+      #     options = [ "rw" "uid=9001" "gid=9001" ];
+      #   };
+      # }
+
+      # {
+      #   imports = [
+      #     <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
+      #   ];
+      #   fileSystems."/nix" = {
+      #     device ="/dev/disk/by-label/nixstore";
+      #     fsType = "ext4";
+      #   };
+      # }
+
+
       # base gui
-      <stockholm/makefu/2configs/main-laptop.nix>
+      # <stockholm/makefu/2configs/main-laptop.nix>
+      # <stockholm/makefu/2configs/tools/core-gui.nix>
+
+      <stockholm/makefu/2configs/zsh-user.nix>
 
       # security
       <stockholm/makefu/2configs/sshd-totp.nix>
 
       # Tools
       <stockholm/makefu/2configs/tools/core.nix>
-      <stockholm/makefu/2configs/tools/core-gui.nix>
       <stockholm/makefu/2configs/tools/dev.nix>
-      <stockholm/makefu/2configs/tools/extra-gui.nix>
-      <stockholm/makefu/2configs/tools/sec.nix>
+      # <stockholm/makefu/2configs/tools/extra-gui.nix>
+      # <stockholm/makefu/2configs/tools/sec.nix>
 
       # environment
       <stockholm/makefu/2configs/tinc/retiolum.nix>
 
-      <stockholm/makefu/2configs/audio/jack-on-pulse.nix>
-      <stockholm/makefu/2configs/audio/realtime-audio.nix>
-
     ];
   networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
 
   nixpkgs.config.allowUnfree = true;
-  fileSystems."/nix" = {
-    device ="/dev/disk/by-label/nixstore";
-    fsType = "ext4";
-  };
 
   # allow vbob to deploy self
   users.extraUsers = {
@@ -45,9 +65,13 @@
   environment.shellAliases = {
     forti  = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
   };
-  # TODO: for forticleintsslpn
-  #       ln -s /r/current-system/sw/bin/pppd /usr/sbin/pppd
-  #       ln -s /r/current-system/sw/bin/tail /usr/bin/tail
+
+  system.activationScripts.prepare-fortclientvpnssl = ''
+    # TODO: for forticlientsslpn
+    mkdir -p /usr/{s,}bin
+    ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
+    ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
+  '';
   environment.systemPackages = with pkgs;[
     fortclientsslvpn ppp xclip
     get
@@ -55,7 +79,6 @@
   #  docker
     #devpi-web
     #devpi-client
-    debmirror
     ansible
   ];
   # virtualisation.docker.enable = true;
@@ -67,10 +90,5 @@
     8010
   ];
 
-  fileSystems."/media/share" = {
-    fsType = "vboxsf";
-    device = "share";
-    options = [ "rw" "uid=9001" "gid=9001" ];
-  };
 
 }
-- 
cgit v1.2.3


From a7e031c91c65928452b2ba426bfcb22be238262d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 28 Dec 2017 16:05:12 +0100
Subject: ma vbob.source: do not deploy musnix

---
 makefu/1systems/vbob/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makefu/1systems/vbob/source.nix b/makefu/1systems/vbob/source.nix
index 5b726e40b..5419215e2 100644
--- a/makefu/1systems/vbob/source.nix
+++ b/makefu/1systems/vbob/source.nix
@@ -1,4 +1,4 @@
 import <stockholm/makefu/source.nix> {
   name="vbob";
-  musnix = true;
+  # musnix = true;
 }
-- 
cgit v1.2.3


From 555a0ec0f368b5b594446096c7e9b93f6926f7a6 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 28 Dec 2017 16:05:39 +0100
Subject: ma wbob.r: receive bamstats

---
 makefu/1systems/wbob/config.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index c30ee4c58..f44211b93 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -32,10 +32,13 @@ in {
       <stockholm/makefu/2configs/remote-build/slave.nix>
       <stockholm/makefu/2configs/share/wbob.nix>
 
+      # Sensors
       <stockholm/makefu/2configs/stats/telegraf>
       <stockholm/makefu/2configs/deployment/led-fader.nix>
       <stockholm/makefu/2configs/stats/external/aralast.nix>
       <stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
+      # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
+
       <stockholm/makefu/2configs/deployment/bureautomation>
       (let
           collectd-port = 25826;
-- 
cgit v1.2.3


From 5af2f438441c46bc508a038303b6e36946f7f5d4 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 28 Dec 2017 16:06:49 +0100
Subject: ma stats.airsensor: generate Topic receiver

---
 makefu/2configs/stats/telegraf/airsensor.nix | 36 +++++++++++++++++++++++++---
 1 file changed, 33 insertions(+), 3 deletions(-)

diff --git a/makefu/2configs/stats/telegraf/airsensor.nix b/makefu/2configs/stats/telegraf/airsensor.nix
index 09d23e7d4..9d481000f 100644
--- a/makefu/2configs/stats/telegraf/airsensor.nix
+++ b/makefu/2configs/stats/telegraf/airsensor.nix
@@ -1,11 +1,36 @@
 { pkgs, ...}:
-
-{
+let
+  genTopic = name: topic: tags: {
+      servers = [ "tcp://localhost:1883" ];
+      qos = 0;
+      connection_timeout = "30s";
+      topics = [ topic ];
+      tags = tags;
+      persistent_session = false;
+      name_override = name;
+      data_format = "value";
+      data_type = "float";
+    };
+  bamStat = stat:   # Temperature or Humidity
+            host:   # easy{1-4}
+            sensor: # dht11, dht22, ds18
+            (genTopic stat
+                      "/bam/${host}/${sensor}/${stat}"
+                      {"host" = host;
+                       "scope" = "bam";
+                       "sensor" = sensor;
+                      } );
+  dht22 = host: [(bamStat "Temperature" host "dht22")
+                 (bamStat "Humidity" host "dht22")];
+  dht11 = host: [(bamStat "Temperature" host "dht11")
+                 (bamStat "Humidity" host "dht11")];
+  ds18 = host:  [(bamStat "Temperature" host "ds18")];
+in {
   services.udev.extraRules = ''
     SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input"
   '';
   users.users.telegraf.extraGroups = [ "input" ];
-  services.telegraf.extraConfig.inputs.exec = [
+  services.telegraf.extraConfig.inputs.exec =  [
     {
       commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"];
       timeout = "10s";
@@ -16,4 +41,9 @@
       tags.unit="VOC";
     }
   ];
+  services.telegraf.extraConfig.inputs.mqtt_consumer =
+       (dht22 "easy1")
+    ++ (dht22 "easy2")
+    ++ (dht11 "easy3")
+    ++ (ds18  "easy3");
 }
-- 
cgit v1.2.3


From ce8efbc80bc05f27f55ea87be2d826134afec6fd Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 28 Dec 2017 16:10:07 +0100
Subject: ma torrent: set workDir instead of downloadDir

---
 makefu/2configs/torrent.nix | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix
index d063ad3e3..a076479c2 100644
--- a/makefu/2configs/torrent.nix
+++ b/makefu/2configs/torrent.nix
@@ -8,13 +8,13 @@ let
   peer-port = 51412;
   web-port = 8112;
   daemon-port = 58846;
-  dl-dir = config.makefu.dl-dir;
+  torrent-dir = config.makefu.dl-dir;
 in {
 
   users.users = {
     download = {
       name = "download";
-      home = dl-dir;
+      home = torrent-dir;
       uid = mkDefault (genid "download");
       createHome = true;
       useDefaultShell = true;
@@ -26,9 +26,9 @@ in {
   # todo: race condition, do this after download user has been created
   system.activationScripts."download-dir-chmod" = ''
     for i in finished watch torrents; do
-      mkdir -p "${dl-dir}/$i"
-      chown download:download "${dl-dir}/$i"
-      chmod 770 "${dl-dir}/$i"
+      mkdir -p "${torrent-dir}/$i"
+      chown download:download "${torrent-dir}/$i"
+      chmod 770 "${torrent-dir}/$i"
     done
   '';
 
@@ -54,9 +54,8 @@ in {
     rutorrent.enable = true;
     enableXMLRPC = true;
     listenPort = peer-port;
-    downloadDir = dl-dir + "/finished";
+    workDir = torrent-dir;
     # dump old torrents into watch folder to have them re-added
-    watchDir = dl-dir +"/watch";
   };
 
   networking.firewall.extraCommands = ''
-- 
cgit v1.2.3


From b7954ebe00060a93191253d40ad5869e65b50966 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Dec 2017 00:12:37 +0100
Subject: ma mosh: init

---
 makefu/1systems/gum/config.nix     | 1 +
 makefu/1systems/omo/config.nix     | 1 +
 makefu/2configs/mosh.nix           | 3 +++
 makefu/2configs/tools/mobility.nix | 1 +
 4 files changed, 6 insertions(+)
 create mode 100644 makefu/2configs/mosh.nix

diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 4981872c0..1fe0b62f9 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -48,6 +48,7 @@ in {
       <stockholm/makefu/2configs/share/gum.nix>
       # <stockholm/makefu/2configs/sabnzbd.nix>
       <stockholm/makefu/2configs/torrent.nix>
+      <stockholm/makefu/2configs/mosh.nix>
 
       # network
       <stockholm/makefu/2configs/vpn/openvpn-server.nix>
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 4af87dc10..aaecebadc 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -47,6 +47,7 @@ in {
       <stockholm/makefu/2configs/exim-retiolum.nix>
       <stockholm/makefu/2configs/smart-monitor.nix>
       <stockholm/makefu/2configs/mail-client.nix>
+      <stockholm/makefu/2configs/mosh.nix>
       # <stockholm/makefu/2configs/disable_v6.nix>
       #<stockholm/makefu/2configs/graphite-standalone.nix>
       #<stockholm/makefu/2configs/share-user-sftp.nix>
diff --git a/makefu/2configs/mosh.nix b/makefu/2configs/mosh.nix
new file mode 100644
index 000000000..1c2e34e0b
--- /dev/null
+++ b/makefu/2configs/mosh.nix
@@ -0,0 +1,3 @@
+{
+  programs.mosh.enable = true;
+}
diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix
index 70d376608..1993a5212 100644
--- a/makefu/2configs/tools/mobility.nix
+++ b/makefu/2configs/tools/mobility.nix
@@ -2,6 +2,7 @@
 {
   users.users.makefu.packages = with pkgs;[
     go-mtpfs
+    mosh
   ];
 
   boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
-- 
cgit v1.2.3


From a6891271f1bfd3b130dedec51961288f37853420 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Dec 2017 02:44:11 +0100
Subject: ma tools: add tig

---
 makefu/2configs/tools/dev.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index 0f8a76c29..04a65df26 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -21,5 +21,7 @@
     gen-oath-safe
     cdrtools
     stockholm
+    # git-related
+    tig
   ];
 }
-- 
cgit v1.2.3


From dd817f9e26ee2aeae839dddc73b869d218a337cb Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 29 Dec 2017 15:27:06 +0100
Subject: l nixpkgs: 53e6d67 -> 3aec59c

---
 lass/source.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/source.nix b/lass/source.nix
index de7351604..473dd2cf2 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -10,7 +10,7 @@ in
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
         url = https://github.com/nixos/nixpkgs;
-        ref = "53e6d67";
+        ref = "3aec59c";
       };
       secrets = getAttr builder {
         buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
-- 
cgit v1.2.3


From 181bd547f370848df1a49f886355e6fe8853c02f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 30 Dec 2017 14:11:43 +0100
Subject: ma x.r: remove exfat-nofuse

---
 makefu/1systems/x/config.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 1dd1a070f..3686acb6e 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -60,7 +60,6 @@ with import <stockholm/lib>;
       # Hardware
       <stockholm/makefu/2configs/hw/tp-x230.nix>
       <stockholm/makefu/2configs/hw/rtl8812au.nix>
-      <stockholm/makefu/2configs/hw/exfat-nofuse.nix>
       <stockholm/makefu/2configs/hw/wwan.nix>
       # <stockholm/makefu/2configs/hw/stk1160.nix>
       # <stockholm/makefu/2configs/rad1o.nix>
-- 
cgit v1.2.3


From a1a2ab22950e3217a4a0496b3ae350de861e595e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 31 Dec 2017 02:37:32 +0100
Subject: hw x220: force rngd off

---
 krebs/2configs/hw/x220.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix
index 44743b87d..09b10fcbb 100644
--- a/krebs/2configs/hw/x220.nix
+++ b/krebs/2configs/hw/x220.nix
@@ -23,7 +23,7 @@ with import <stockholm/lib>;
     pkgs.vaapiVdpau
   ];
 
-  security.rngd.enable = true;
+  security.rngd.enable = mkForce true;
 
   services.xserver = {
     videoDriver = "intel";
-- 
cgit v1.2.3


From 9babbab936696b12ee850274529492a57cff523b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 31 Dec 2017 02:39:22 +0100
Subject: init bitlbee-discord

---
 krebs/5pkgs/simple/bitlbee-discord/default.nix | 29 ++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 krebs/5pkgs/simple/bitlbee-discord/default.nix

diff --git a/krebs/5pkgs/simple/bitlbee-discord/default.nix b/krebs/5pkgs/simple/bitlbee-discord/default.nix
new file mode 100644
index 000000000..da6a58801
--- /dev/null
+++ b/krebs/5pkgs/simple/bitlbee-discord/default.nix
@@ -0,0 +1,29 @@
+{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoconf, automake, libtool, pkgconfig, glib }:
+
+with stdenv.lib;
+stdenv.mkDerivation rec {
+  name = "bitlbee-discord-2017-12-27";
+
+  src = fetchFromGitHub {
+    rev = "6a03db169ad44fee55609ecd16e19f3c0f99a182";
+    owner = "sm00th";
+    repo = "bitlbee-discord";
+    sha256 = "1ci9a12c6zg8d6i9f95pq6dal79cp4klmmsyj8ag2gin90kl3x95";
+  };
+
+  nativeBuildInputs = [ pkgconfig ];
+  buildInputs = [ bitlbee autoconf automake libtool glib ];
+
+  preConfigure = ''
+    export BITLBEE_PLUGINDIR=$out/lib/bitlbee
+    ./autogen.sh
+  '';
+
+  meta = {
+    description = "Bitlbee plugin for Discord";
+
+    homepage = https://github.com/sm00th/bitlbee-discord;
+    license = licenses.gpl2Plus;
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
-- 
cgit v1.2.3


From f53dac60601ee2d10731e859f09f541342979b82 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 31 Dec 2017 02:40:30 +0100
Subject: l bitlbee: add more plugins

---
 lass/2configs/bitlbee.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix
index b23628dc5..e7be0a61c 100644
--- a/lass/2configs/bitlbee.nix
+++ b/lass/2configs/bitlbee.nix
@@ -7,6 +7,8 @@
     plugins = [
       pkgs.bitlbee-facebook
       pkgs.bitlbee-steam
+      pkgs.bitlbee-discord
     ];
+    libpurple_plugins = [ pkgs.telegram-purple ];
   };
 }
-- 
cgit v1.2.3


From 91e13324ec4d16f15ab2f4113802752f0cb4d7e6 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 31 Dec 2017 02:42:01 +0100
Subject: l weechat: add service

---
 lass/2configs/weechat.nix | 52 ++++++++++++++++++++++++++++-------------------
 1 file changed, 31 insertions(+), 21 deletions(-)

diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
index d5496ac09..b94cb0634 100644
--- a/lass/2configs/weechat.nix
+++ b/lass/2configs/weechat.nix
@@ -1,12 +1,24 @@
+with (import <stockholm/lib>);
 { config, lib, pkgs, ... }:
 
 let
-  inherit (import <stockholm/lib>) genid;
+  tmux = pkgs.writeDash "tmux" ''
+    exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
+      set-option -g prefix `
+      unbind-key C-b
+      bind ` send-prefix
+
+      set-option -g status off
+      set-option -g default-terminal screen-256color
+
+      #use session instead of windows
+      bind-key c new-session
+      bind-key p switch-client -p
+      bind-key n switch-client -n
+      bind-key C-s switch-client -l
+    ''} "$@"
+  '';
 in {
-  krebs.per-user.chat.packages = with pkgs; [
-    mosh
-    weechat
-  ];
 
   users.extraUsers.chat = {
     home = "/home/chat";
@@ -24,24 +36,22 @@ in {
   # mosh
   krebs.iptables.tables.filter.INPUT.rules = [
     { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
+    { predicate = "-p tcp --dport 9999"; target = "ACCEPT";}
   ];
 
-  #systemd.services.chat = {
-  #  description = "chat environment setup";
-  #  after = [ "network.target" ];
-  #  wantedBy = [ "multi-user.target" ];
+  systemd.services.chat = {
+    description = "chat environment setup";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
 
-  #  path = with pkgs; [
-  #    weechat
-  #    tmux
-  #  ];
+    restartIfChanged = false;
 
-  #  restartIfChanged = true;
-
-  #  serviceConfig = {
-  #    User = "chat";
-  #    Restart = "always";
-  #    ExecStart = "${pkgs.tmux}/bin/tmux new -s IM weechat";
-  #  };
-  #};
+    serviceConfig = {
+      User = "chat";
+      RemainAfterExit = true;
+      Type = "oneshot";
+      ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
+      ExecStop = "${tmux} kill-session -t IM";
+    };
+  };
 }
-- 
cgit v1.2.3


From 5ff41af39e8ce98b8ba9f3e4f3f76bffda7e096d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 31 Dec 2017 02:43:36 +0100
Subject: l news: default ircServer is localhost

---
 lass/3modules/news.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/3modules/news.nix b/lass/3modules/news.nix
index 06b80df8d..b6061736c 100644
--- a/lass/3modules/news.nix
+++ b/lass/3modules/news.nix
@@ -38,7 +38,7 @@ let
     };
     ircServer = mkOption {
       type = types.str;
-      default = "echelon.r";
+      default = "localhost";
       description = "to which server the bot should connect";
     };
   };
-- 
cgit v1.2.3


From 448746ebbc7c8c0258fe88185f32b94c7fcc728d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 31 Dec 2017 02:44:20 +0100
Subject: l: force timesyncd off

---
 lass/2configs/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 0e00dc2fd..c68aee330 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -1,5 +1,5 @@
-{ config, pkgs, ... }:
 with import <stockholm/lib>;
+{ config, pkgs, ... }:
 {
   imports = [
     ../2configs/binary-cache/client.nix
@@ -78,7 +78,7 @@ with import <stockholm/lib>;
 
   users.mutableUsers = false;
 
-  services.timesyncd.enable = true;
+  services.timesyncd.enable = mkForce true;
 
   #why is this on in the first place?
   services.nscd.enable = false;
-- 
cgit v1.2.3


From ae028952a605666e2e7f1c7c063381c775a42df3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 31 Dec 2017 02:45:43 +0100
Subject: l: enable ssh-agent

---
 lass/1systems/helios/config.nix | 2 --
 lass/2configs/baseX.nix         | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index 8bd9735a9..fc30a3478 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -120,8 +120,6 @@ with import <stockholm/lib>;
     ];
   };
 
-  programs.ssh.startAgent = lib.mkForce true;
-
   services.tlp.enable = true;
 
   services.xserver.videoDrivers = [ "nvidia" ];
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 6f5533b0d..59ea0ecb7 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -53,7 +53,7 @@ in {
 
   time.timeZone = "Europe/Berlin";
 
-  programs.ssh.startAgent = false;
+  programs.ssh.startAgent = true;
   services.openssh.forwardX11 = true;
 
   services.printing = {
-- 
cgit v1.2.3


From e66f702fc62331a1c06169179929bf2510d41604 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 31 Dec 2017 02:47:21 +0100
Subject: l mails: add more aliases

---
 lass/2configs/exim-smarthost.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 2d848773f..94191fcb7 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -49,6 +49,11 @@ with import <stockholm/lib>;
       { from = "aliexpress@lassul.us"; to = lass.mail; }
       { from = "business@lassul.us"; to = lass.mail; }
       { from = "payeer@lassul.us"; to = lass.mail; }
+      { from = "github@lassul.us"; to = lass.mail; }
+      { from = "bitwala@lassul.us"; to = lass.mail; }
+      { from = "bitstamp@lassul.us"; to = lass.mail; }
+      { from = "bitcoin.de@lassul.us"; to = lass.mail; }
+      { from = "ableton@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }
-- 
cgit v1.2.3


From 9084e063938558e31c1e4342c7a3352d7db3b955 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 31 Dec 2017 02:48:02 +0100
Subject: l xmonad: float pinentry

---
 lass/5pkgs/xmonad-lass.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix
index d3f76903d..2dd352bd4 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/xmonad-lass.nix
@@ -66,7 +66,7 @@ main' = do
             { terminal           = myTerm
             , modMask            = mod4Mask
             , layoutHook         = smartBorders $ myLayoutHook
-            , manageHook         = placeHook (smart (1,0)) <+> floatNextHook
+            , manageHook         = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks
             , startupHook =
                 whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
                           (\path -> forkFile path [] Nothing)
@@ -80,6 +80,14 @@ myLayoutHook = defLayout
   where
     defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
 
+floatHooks = composeAll . concat $
+    [ [ title =? t --> doFloat | t <- myTitleFloats]
+    , [ className =? c --> doFloat | c <- myClassFloats ] ]
+  where
+      myTitleFloats = [] -- for the KDE "open link" popup from konsole
+      myClassFloats = ["Pinentry"] -- for gpg passphrase entry
+
+
 myKeyMap :: [([Char], X ())]
 myKeyMap =
     [ ("M4-<F11>", spawn "${config.lass.screenlock.command}")
-- 
cgit v1.2.3


From efb159a059e9bf1652ccfc86a81f5bbe5785814a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 31 Dec 2017 02:49:09 +0100
Subject: l vim: save x-ed text in clipboard again

---
 lass/2configs/vim.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index f6c736fbc..5fe9e1450 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -103,7 +103,6 @@ let
     cnoreabbrev Ack Ack!
 
     " copy/paste from/to xclipboard
-    noremap x "_x
     set clipboard=unnamedplus
   '';
 
-- 
cgit v1.2.3


From 8bee3a7b1a463665bc69f25d3d119ef2b5c587d3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 31 Dec 2017 02:49:38 +0100
Subject: l reaktor-coders: add sed-plugin

---
 lass/2configs/reaktor-coders.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
index 61cc7cfe0..f9cf0d96a 100644
--- a/lass/2configs/reaktor-coders.nix
+++ b/lass/2configs/reaktor-coders.nix
@@ -21,6 +21,7 @@ with import <stockholm/lib>;
         -XFlexibleInstances -XMultiParamTypeClasses \
         -XOverloadedStrings -XFunctionalDependencies \'';
     in [
+      sed-plugin
       url-title
       (buildSimpleReaktorPlugin "lambdabot-pl" {
         pattern = "^@pl (?P<args>.*)$$";
-- 
cgit v1.2.3


From d5a69ce257d44c804d1edb679e5667eae6a71853 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 31 Dec 2017 02:52:18 +0100
Subject: l: merge bitlbee and weechat into IM.nix

---
 lass/1systems/prism/config.nix |  3 +--
 lass/2configs/IM.nix           | 57 ++++++++++++++++++++++++++++++++++++++++++
 lass/2configs/bitlbee.nix      | 14 -----------
 lass/2configs/weechat.nix      | 57 ------------------------------------------
 4 files changed, 58 insertions(+), 73 deletions(-)
 create mode 100644 lass/2configs/IM.nix
 delete mode 100644 lass/2configs/bitlbee.nix
 delete mode 100644 lass/2configs/weechat.nix

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 1cca76331..593a1fc9c 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -234,8 +234,7 @@ in {
     }
     <stockholm/lass/2configs/exim-smarthost.nix>
     <stockholm/lass/2configs/ts3.nix>
-    <stockholm/lass/2configs/bitlbee.nix>
-    <stockholm/lass/2configs/weechat.nix>
+    <stockholm/lass/2configs/IM.nix>
     <stockholm/lass/2configs/privoxy-retiolum.nix>
     <stockholm/lass/2configs/radio.nix>
     <stockholm/lass/2configs/repo-sync.nix>
diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
new file mode 100644
index 000000000..b94cb0634
--- /dev/null
+++ b/lass/2configs/IM.nix
@@ -0,0 +1,57 @@
+with (import <stockholm/lib>);
+{ config, lib, pkgs, ... }:
+
+let
+  tmux = pkgs.writeDash "tmux" ''
+    exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
+      set-option -g prefix `
+      unbind-key C-b
+      bind ` send-prefix
+
+      set-option -g status off
+      set-option -g default-terminal screen-256color
+
+      #use session instead of windows
+      bind-key c new-session
+      bind-key p switch-client -p
+      bind-key n switch-client -n
+      bind-key C-s switch-client -l
+    ''} "$@"
+  '';
+in {
+
+  users.extraUsers.chat = {
+    home = "/home/chat";
+    uid = genid "chat";
+    useDefaultShell = true;
+    createHome = true;
+    openssh.authorizedKeys.keys = with config.krebs.users; [
+      lass.pubkey
+      lass-shodan.pubkey
+      lass-icarus.pubkey
+      lass-android.pubkey
+    ];
+  };
+
+  # mosh
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
+    { predicate = "-p tcp --dport 9999"; target = "ACCEPT";}
+  ];
+
+  systemd.services.chat = {
+    description = "chat environment setup";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    restartIfChanged = false;
+
+    serviceConfig = {
+      User = "chat";
+      RemainAfterExit = true;
+      Type = "oneshot";
+      ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
+      ExecStop = "${tmux} kill-session -t IM";
+    };
+  };
+}
diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix
deleted file mode 100644
index e7be0a61c..000000000
--- a/lass/2configs/bitlbee.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  services.bitlbee = {
-    enable = true;
-    portNumber = 6666;
-    plugins = [
-      pkgs.bitlbee-facebook
-      pkgs.bitlbee-steam
-      pkgs.bitlbee-discord
-    ];
-    libpurple_plugins = [ pkgs.telegram-purple ];
-  };
-}
diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
deleted file mode 100644
index b94cb0634..000000000
--- a/lass/2configs/weechat.nix
+++ /dev/null
@@ -1,57 +0,0 @@
-with (import <stockholm/lib>);
-{ config, lib, pkgs, ... }:
-
-let
-  tmux = pkgs.writeDash "tmux" ''
-    exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
-      set-option -g prefix `
-      unbind-key C-b
-      bind ` send-prefix
-
-      set-option -g status off
-      set-option -g default-terminal screen-256color
-
-      #use session instead of windows
-      bind-key c new-session
-      bind-key p switch-client -p
-      bind-key n switch-client -n
-      bind-key C-s switch-client -l
-    ''} "$@"
-  '';
-in {
-
-  users.extraUsers.chat = {
-    home = "/home/chat";
-    uid = genid "chat";
-    useDefaultShell = true;
-    createHome = true;
-    openssh.authorizedKeys.keys = with config.krebs.users; [
-      lass.pubkey
-      lass-shodan.pubkey
-      lass-icarus.pubkey
-      lass-android.pubkey
-    ];
-  };
-
-  # mosh
-  krebs.iptables.tables.filter.INPUT.rules = [
-    { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
-    { predicate = "-p tcp --dport 9999"; target = "ACCEPT";}
-  ];
-
-  systemd.services.chat = {
-    description = "chat environment setup";
-    after = [ "network.target" ];
-    wantedBy = [ "multi-user.target" ];
-
-    restartIfChanged = false;
-
-    serviceConfig = {
-      User = "chat";
-      RemainAfterExit = true;
-      Type = "oneshot";
-      ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
-      ExecStop = "${tmux} kill-session -t IM";
-    };
-  };
-}
-- 
cgit v1.2.3


From 073c2a9cb18725f82e45c9e74e51fdea17c73fa3 Mon Sep 17 00:00:00 2001
From: