13 files changed, 103 insertions, 98 deletions

diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix
index 5ea78f227..d85cde175 100644
--- a/krebs/2configs/buildbot-all.nix
+++ b/krebs/2configs/buildbot-all.nix
@@ -5,6 +5,5 @@ with import <stockholm/lib>;
   krebs.ci.enable = true;
   krebs.ci.treeStableTimer = 1;
   krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts);
-  krebs.ci.tests = [ "deploy" ];
 }
 
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index e269d1fa1..0c3e68c39 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -89,7 +89,7 @@ with import <stockholm/lib>;
                           60 IN NS     ns16.ovh.net.
                           60 IN NS     dns16.ovh.net.
                           60 IN A      ${config.krebs.hosts.prism.nets.internet.ip4.addr}
-                          60 IN TXT    v=spf1 mx -all
+                          60 IN TXT    v=spf1 mx a:lassul.us -all
           cgit            60 IN A      ${config.krebs.hosts.prism.nets.internet.ip4.addr}
           io              60 IN NS     ions.lassul.us.
           ions            60 IN A      ${config.krebs.hosts.prism.nets.internet.ip4.addr}
@@ -618,6 +618,47 @@ with import <stockholm/lib>;
       ssh.privkey.path = <secrets/ssh.id_ed25519>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
     };
+    cabal = {
+      cores = 2;
+      nets = rec {
+        retiolum = {
+          ip4.addr = "10.243.1.4";
+          ip6.addr = "42::1:4";
+          aliases = [
+            "cabal.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A
+            SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj
+            rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK
+            qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e
+            LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq
+            rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3
+            6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE
+            fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v
+            yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A
+            kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR
+            KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi
+            TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U
+            oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs
+            TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw
+            3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD
+            rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ
+            4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf
+            luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py
+            w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG
+            09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1
+            K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g
+            ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+      secure = true;
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
+    };
   };
   users = {
     lass = {
diff --git a/krebs/5pkgs/simple/electron-cash/default.nix b/krebs/5pkgs/simple/electron-cash/default.nix
deleted file mode 100644
index e51136c60..000000000
--- a/krebs/5pkgs/simple/electron-cash/default.nix
+++ /dev/null
@@ -1,64 +0,0 @@
-{ stdenv, fetchFromGitHub, python2Packages }:
-
-python2Packages.buildPythonApplication rec {
-  name = "electron-cash-${src.rev}";
-
-  src = fetchFromGitHub {
-    owner = "fyookball";
-    repo = "electrum";
-    rev = "a2245ea";
-    sha256 = "1a0ym94azfd1yn97n2jcky344ajbj2amr9l6jpx30pqxndffpbgv";
-  };
-
-  propagatedBuildInputs = with python2Packages; [
-    dns
-    ecdsa
-    jsonrpclib
-    pbkdf2
-    pyaes
-    pycrypto
-    pyqt4
-    pysocks
-    qrcode
-    requests
-    tlslite
-
-    # plugins
-    keepkey
-    trezor
-  ];
-
-  preBuild = ''
-    sed -i 's,usr_share = .*,usr_share = "'$out'/share",g' setup.py
-    pyrcc4 icons.qrc -o gui/qt/icons_rc.py
-    # Recording the creation timestamps introduces indeterminism to the build
-    sed -i '/Created: .*/d' gui/qt/icons_rc.py
-  '';
-
-  postInstall = ''
-    # Despite setting usr_share above, these files are installed under
-    # $out/nix ...
-    mv $out/lib/python2.7/site-packages/nix/store"/"*/share $out
-    rm -rf $out/lib/python2.7/site-packages/nix
-
-    substituteInPlace $out/share/applications/electron.desktop \
-      --replace "Exec=electrum %u" "Exec=$out/bin/electrum %u"
-  '';
-
-  doInstallCheck = true;
-  installCheckPhase = ''
-    $out/bin/electrum help >/dev/null
-  '';
-
-  meta = with stdenv.lib; {
-    description = "A lightweight Bitcoin wallet";
-    longDescription = ''
-      An easy-to-use Bitcoin client featuring wallets generated from
-      mnemonic seeds (in addition to other, more advanced, wallet options)
-      and the ability to perform transactions without downloading a copy
-      of the blockchain.
-    '';
-    homepage = https://electrum.org/;
-    license = licenses.mit;
-  };
-}
diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix
new file mode 100644
index 000000000..7eba86c52
--- /dev/null
+++ b/lass/1systems/cabal/config.nix
@@ -0,0 +1,35 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    <stockholm/lass>
+    <stockholm/lass/2configs/hw/x220.nix>
+    <stockholm/lass/2configs/boot/stock-x220.nix>
+
+    <stockholm/lass/2configs/mouse.nix>
+    <stockholm/lass/2configs/retiolum.nix>
+    <stockholm/lass/2configs/exim-retiolum.nix>
+    <stockholm/lass/2configs/baseX.nix>
+    <stockholm/lass/2configs/browsers.nix>
+    <stockholm/lass/2configs/programs.nix>
+    <stockholm/lass/2configs/fetchWallpaper.nix>
+    <stockholm/lass/2configs/backups.nix>
+    <stockholm/lass/2configs/games.nix>
+    <stockholm/lass/2configs/bitcoin.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.cabal;
+
+  #fileSystems = {
+  #  "/bku" = {
+  #    device = "/dev/mapper/pool-bku";
+  #    fsType = "btrfs";
+  #    options = ["defaults" "noatime" "ssd" "compress=lzo"];
+  #  };
+  #};
+
+  #services.udev.extraRules = ''
+  #  SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
+  #  SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
+  #'';
+}
diff --git a/lass/1systems/cabal/source.nix b/lass/1systems/cabal/source.nix
new file mode 100644
index 000000000..5d9507f3d
--- /dev/null
+++ b/lass/1systems/cabal/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/lass/source.nix> {
+  name = "cabal";
+  secure = true;
+}
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index c4d99cb2c..e64cfbe79 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -131,7 +131,7 @@ with import <stockholm/lib>;
   ];
 
   services.xserver.displayManager.sessionCommands = ''
-    ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
+    ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
   '';
 
   networking.hostName = lib.mkForce "BLN02NB0162";
@@ -168,8 +168,6 @@ with import <stockholm/lib>;
     '')
   ];
 
-  lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
-
   programs.adb.enable = true;
   users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
 
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index cbb71ab24..f77bc64c2 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -170,31 +170,11 @@ with import <stockholm/lib>;
       export PATH=${makeBinPath [
         pkgs.bash
         pkgs.coreutils
-        pkgs.nix
-        (pkgs.writeDashBin "is-git-crypt-locked" ''
-          magic=$(dd status=none if="$1" skip=1 bs=1 count=8)
-          test "$magic" = GITCRYPT
-        '')
+        pkgs.nixUnstable
       ]}
       cd ~/stockholm
       export SYSTEM="$1"
-      if is-git-crypt-locked ~/secrets/ready; then
-        echo 'secrets are crypted' >&2
-        exit 23
-      else
-        exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
-      fi
-    '';
-    predeploy = pkgs.writeDash "predeploy" ''
-      set -eu
-      export PATH=${makeBinPath [
-        pkgs.bash
-        pkgs.coreutils
-        pkgs.nix
-      ]}
-      cd ~/stockholm
-      export SYSTEM="$1"
-      exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate'
+      exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
     '';
   };
 
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index ae652722a..4455d2761 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -78,6 +78,7 @@ with import <stockholm/lib>;
       { from = "github@lassul.us"; to = lass.mail; }
       { from = "ovh@lassul.us"; to = lass.mail; }
       { from = "hetzner@lassul.us"; to = lass.mail; }
+      { from = "allygator@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 03d39ef75..b9682c5ee 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -8,6 +8,16 @@ let
       logfile ~/.msmtp.log
     account prism
       host prism.r
+    account c-base
+      from lassulus@c-base.org
+      host c-mail.c-base.org
+      port 465
+      tls on
+      tls_starttls off
+      tls_fingerprint 8C:10:A6:AB:1F:82:C4:8F:B1:B4:22:D5:8B:8B:49:9B:59:0B:22:A4
+      auth on
+      user lassulus
+      passwordeval pass show c-base/pass
     account default: prism
   '';
 
@@ -36,9 +46,11 @@ let
     ];
     dezentrale = [ "to:dezentrale.space" ];
     dhl = [ "to:dhl@lassul.us" ];
+    eloop = [ "to:eloop.org" ];
     github = [ "to:github@lassul.us" ];
     gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
     kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
+    lugs = [ "to:lugs@lug-s.org" ];
     nix-devel = [ "to:nix-devel@googlegroups.com" ];
     patreon = [ "to:patreon@lassul.us" ];
     paypal = [ "to:paypal@lassul.us" ];
@@ -65,7 +77,7 @@ let
     # gpg
     source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
     set pgp_use_gpg_agent = yes
-    set pgp_sign_as = 0x976A7E4D
+    set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D
     set crypt_autosign = yes
     set crypt_replyencrypt = yes
     set crypt_verify_sig = yes
diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix
index c3d07d5fe..537c8a59b 100644
--- a/lass/2configs/security-workarounds.nix
+++ b/lass/2configs/security-workarounds.nix
@@ -5,6 +5,4 @@ with import <stockholm/lib>;
   boot.extraModprobeConfig = ''
     install dccp /run/current-system/sw/bin/false
   '';
-
-  boot.kernelPackages = pkgs.linuxPackages_latest;
 }
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 9ece2af77..7a72499c9 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -49,6 +49,7 @@ in {
       "www.ubikmedia.eu"
       "www.youthtube.xyz"
       "www.ubikmedia.de"
+      "www.joemisch.com"
       "www.weirdwednesday.de"
 
       "aldona2.ubikmedia.de"
@@ -63,6 +64,7 @@ in {
       "weirdwednesday.ubikmedia.de"
       "freemonkey.ubikmedia.de"
       "jarugadesign.ubikmedia.de"
+      "crypto4art.ubikmedia.de"
     ])
   ];
 
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index aa57a9857..14d6ce9ec 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -12,9 +12,8 @@ let
   ;
 
   msmtprc = pkgs.writeText "msmtprc" ''
-    account localhost
+    account default
       host localhost
-    account default: localhost
   '';
 
   sendmail = pkgs.writeDash "msmtp" ''
diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix
index e16ce9868..29c3861f2 100644
--- a/lass/3modules/screenlock.nix
+++ b/lass/3modules/screenlock.nix
@@ -14,7 +14,7 @@ let
     enable = mkEnableOption "screenlock";
     command = mkOption {
       type = types.str;
-      default = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f";
+      default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1";
     };
   };
 
@@ -28,7 +28,7 @@ let
       serviceConfig = {
         SyslogIdentifier = "screenlock";
         ExecStart = cfg.command;
-        Type = "forking";
+        Type = "simple";
         User = "lass";
       };
     };