54 files changed, 957 insertions, 323 deletions

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3f2f28d65..1946f269e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,5 +1,19 @@
+before_script:
+   - mkdir -p ~/.ssh
+   - echo "$deploy_privkey" > deploy.key
+   - export GIT_SSH_COMMAND="ssh -i $PWD/deploy.key"
+   - chmod 600 deploy.key
+   - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts
 nix-shell test:
   script:
     - env
     - nix-shell --pure --command 'true' -p stdenv && echo success
     - nix-shell --pure --command 'false' -p stdenv || echo success
+nur-packages makefu:
+  script:
+    - git reset --hard origin/master
+    - git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD
+    - git remote add deploy git@github.com:makefu/nur-packages.git  || git remote set-url deploy git@github.com:makefu/nur-packages.git
+    - git push --force deploy HEAD:master
+after_script:
+    - rm -f deploy.key
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 6addb0818..914b38051 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -25,6 +25,7 @@ in
     <stockholm/krebs/2configs/shack/muell_caller.nix>
     <stockholm/krebs/2configs/shack/radioactive.nix>
     <stockholm/krebs/2configs/shack/share.nix>
+    <stockholm/krebs/2configs/shack/mobile.mpd.nix>
     {
       systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate
       systemd.services.telegraf.environment = {
@@ -114,7 +115,7 @@ in
   networking = {
     firewall.enable = false;
     firewall.allowedTCPPorts = [ 8088 8086 8083 ];
-    interfaces."${ext-if}".ip4 = [{
+    interfaces."${ext-if}".ipv4.addresses = [{
       address = shack-ip;
       prefixLength = 20;
     }];
diff --git a/krebs/2configs/shack/mobile.mpd.nix b/krebs/2configs/shack/mobile.mpd.nix
new file mode 100644
index 000000000..2dc466edb
--- /dev/null
+++ b/krebs/2configs/shack/mobile.mpd.nix
@@ -0,0 +1,32 @@
+{lib,pkgs, ... }:
+let
+  mpdHost = "mpd.shack";
+  ympd = name: port: let
+    webPort = 10000 + port;
+  in {
+    systemd.services."ympd-${name}" = {
+      description = "mpd for ${name}";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody";
+    };
+    services.nginx.virtualHosts."mobile.${name}.mpd.shack" = {
+      serverAliases = [
+        "${name}.mpd.wolf.r"
+        "${name}.mpd.wolf.shack"
+      ];
+      locations."/".proxyPass = "http://localhost:${toString webPort}";
+    };
+  };
+in lib.mkMerge [{
+  services.nginx.enable = true;
+}
+  (ympd "lounge" 6600)
+  (ympd "seminarraum" 6601)
+  (ympd "elab" 6602)
+  (ympd "kueche" 6603)
+  (ympd "crafting" 6604)
+  (ympd "fablab" 6605)
+  (ympd "workshop" 6606)
+  (ympd "klo" 6607)
+
+]
diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix
index 53b06a702..faa3dd714 100644
--- a/krebs/3modules/retiolum-bootstrap.nix
+++ b/krebs/3modules/retiolum-bootstrap.nix
@@ -31,11 +31,8 @@ in
       enable = mkDefault true;
       virtualHosts.retiolum-bootstrap = {
         inherit (cfg) serverName sslCertificate sslCertificateKey;
-        enableSSL = true;
+        forceSSL = true;
         extraConfig =''
-          if ($scheme = http){
-            return 301 https://$server_name$request_uri;
-          }
 
           root ${pkgs.retiolum-bootstrap};
           try_files $uri $uri/retiolum.sh;
diff --git a/makefu/1systems/cake/source.nix b/makefu/1systems/cake/source.nix
index cd97a7c62..22c40039e 100644
--- a/makefu/1systems/cake/source.nix
+++ b/makefu/1systems/cake/source.nix
@@ -1,4 +1,4 @@
-import <stockholm/makefu/source.nix> {
+{
   name="cake";
   full = true;
 }
diff --git a/makefu/1systems/darth/source.nix b/makefu/1systems/darth/source.nix
index b13b6c603..a8d7368ab 100644
--- a/makefu/1systems/darth/source.nix
+++ b/makefu/1systems/darth/source.nix
@@ -1,3 +1,3 @@
-import <stockholm/makefu/source.nix> {
+{
   name="darth";
 }
diff --git a/makefu/1systems/drop/config.nix b/makefu/1systems/drop/config.nix
index b7e0d0395..2757db8cc 100644
--- a/makefu/1systems/drop/config.nix
+++ b/makefu/1systems/drop/config.nix
@@ -30,7 +30,7 @@ in {
       allowedTCPPorts = [ ];
       allowedUDPPorts = [ 655 ];
     };
-    interfaces.enp0s3.ip4 = [{
+    interfaces.enp0s3.ipv4.addresses = [{
       address = external-ip;
       inherit prefixLength;
     }];
diff --git a/makefu/1systems/drop/source.nix b/makefu/1systems/drop/source.nix
index 45bd6f97e..a6bc834b0 100644
--- a/makefu/1systems/drop/source.nix
+++ b/makefu/1systems/drop/source.nix
@@ -1,4 +1,4 @@
-import <stockholm/makefu/source.nix> {
+{
   name="drop";
   torrent = true;
 }
diff --git a/makefu/1systems/fileleech/config.nix b/makefu/1systems/fileleech/config.nix
index e36afecd5..7e9dea9ec 100644
--- a/makefu/1systems/fileleech/config.nix
+++ b/makefu/1systems/fileleech/config.nix
@@ -145,13 +145,13 @@ in {
   networking.nameservers = [ "8.8.8.8" ];
   # SPF
   networking.defaultGateway = "151.217.176.1";
-  networking.interfaces.enp6s0f0.ip4 = [{
+  networking.interfaces.enp6s0f0.ipv4.addresses = [{
       address = "151.217.178.63";
       prefixLength = 22;
   }];
 
   # Gigabit
-  networking.interfaces.enp8s0f1.ip4 = [{
+  networking.interfaces.enp8s0f1.ipv4.addresses = [{
       address = "192.168.126.1";
       prefixLength = 24;
   }];
diff --git a/makefu/1systems/fileleech/source.nix b/makefu/1systems/fileleech/source.nix
index caca1fbcb..b6951a273 100644
--- a/makefu/1systems/fileleech/source.nix
+++ b/makefu/1systems/fileleech/source.nix
@@ -1,4 +1,4 @@
-import <stockholm/makefu/source.nix> {
+{
   name = "fileleech";
   torrent = true;
 }
diff --git a/makefu/1systems/filepimp/source.nix b/makefu/1systems/filepimp/source.nix
index 88c9f4f08..b81a2bf4a 100644
--- a/makefu/1systems/filepimp/source.nix
+++ b/makefu/1systems/filepimp/source.nix
@@ -1,3 +1,3 @@
-import <stockholm/makefu/source.nix> {
+{
   name="filepimp";
 }
diff --git a/makefu/1systems/full/source.nix b/makefu/1systems/full/source.nix
new file mode 100644
index 000000000..1e36c6e87
--- /dev/null
+++ b/makefu/1systems/full/source.nix
@@ -0,0 +1,5 @@
+{
+  name="gum";
+  torrent = true;
+  clever_kexec = true;
+}
diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix
index e3ca472e4..1e36c6e87 100644
--- a/makefu/1systems/gum/source.nix
+++ b/makefu/1systems/gum/source.nix
@@ -1,4 +1,4 @@
-import <stockholm/makefu/source.nix> {
+{
   name="gum";
   torrent = true;
   clever_kexec = true;
diff --git a/makefu/1systems/iso/source.nix b/makefu/1systems/iso/source.nix
index e200dbfd2..6bef8ada9 100644
--- a/makefu/1systems/iso/source.nix
+++ b/makefu/1systems/iso/source.nix
@@ -1,3 +1,3 @@
-import <stockholm/makefu/source.nix> {
+{
   name="iso";
 }
diff --git a/makefu/1systems/kexec/source.nix b/makefu/1systems/kexec/source.nix
index e200dbfd2..6bef8ada9 100644
--- a/makefu/1systems/kexec/source.nix
+++ b/makefu/1systems/kexec/source.nix
@@ -1,3 +1,3 @@
-import <stockholm/makefu/source.nix> {
+{
   name="iso";
 }
diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix
index d9600909a..ab0a454c0 100644
--- a/makefu/1systems/latte/source.nix
+++ b/makefu/1systems/latte/source.nix
@@ -1,4 +1,4 @@
-import <stockholm/makefu/source.nix> {
+{
   name = "latte";
   torrent = true;
 }
diff --git a/makefu/1systems/nextgum/source.nix b/makefu/1systems/nextgum/source.nix
index 413889c47..6940498f1 100644
--- a/makefu/1systems/nextgum/source.nix
+++ b/makefu/1systems/nextgum/source.nix
@@ -1,4 +1,4 @@
-import <stockholm/makefu/source.nix> {
+{
   name="nextgum";
   torrent = true;
   clever_kexec = true;
diff --git a/makefu/1systems/omo/source.nix b/makefu/1systems/omo/source.nix
index da0d87aad..0d42cc9e2 100644
--- a/makefu/1systems/omo/source.nix
+++ b/makefu/1systems/omo/source.nix
@@ -1,4 +1,4 @@
-import <stockholm/makefu/source.nix> {
+{
   name="omo";
   torrent = true;
 }
diff --git a/makefu/1systems/pnp/source.nix b/makefu/1systems/pnp/source.nix
index 0b630aa3b..02f7d0ab6 100644
--- a/makefu/1systems/pnp/source.nix
+++ b/makefu/1systems/pnp/source.nix
@@ -1,3 +1,3 @@
-import <stockholm/makefu/source.nix> {
+{
   name="pnp";
 }
diff --git a/makefu/1systems/repunit/source.nix b/makefu/1systems/repunit/source.nix
index ff361fb55..20d3cd1cb 100644
--- a/makefu/1systems/repunit/source.nix
+++ b/makefu/1systems/repunit/source.nix
@@ -1,3 +1,3 @@
-import <stockholm/makefu/source.nix> {
+{
   name="repunit";
 }
diff --git a/makefu/1systems/sdev/source.nix b/makefu/1systems/sdev/source.nix
index 833d9bf73..2e085740a 100644
--- a/makefu/1systems/sdev/source.nix
+++ b/makefu/1systems/sdev/source.nix
@@ -1,3 +1,3 @@
-import <stockholm/makefu/source.nix> {
+{
   name="sdev";
 }
diff --git a/makefu/1systems/shack-autoinstall/source.nix b/makefu/1systems/shack-autoinstall/source.nix
new file mode 100644
index 000000000..6bef8ada9
--- /dev/null
+++ b/makefu/1systems/shack-autoinstall/source.nix
@@ -0,0 +1,3 @@
+{
+  name="iso";
+}
diff --git a/makefu/1systems/shoney/config.nix b/makefu/1systems/shoney/config.nix
index ba9d0911e..27d389b85 100644
--- a/makefu/1systems/shoney/config.nix
+++ b/makefu/1systems/shoney/config.nix
@@ -46,7 +46,7 @@ in {
     dst = "10.8.10.6";
   };
   networking =  {
-    interfaces.enp2s1.ip4 = [
+    interfaces.enp2s1.ipv4.addresses = [
       { address = ip; prefixLength = 24; }
       # { address = alt-ip; prefixLength = 24; }
     ];
diff --git a/makefu/1systems/shoney/source.nix b/makefu/1systems/shoney/source.nix
index 382474f5e..3616716f9 100644
--- a/makefu/1systems/shoney/source.nix
+++ b/makefu/1systems/shoney/source.nix
@@ -1,3 +1,3 @@
-import <stockholm/makefu/source.nix> {
+{
   name="shoney";
 }
diff --git a/makefu/1systems/studio/source.nix b/makefu/1systems/studio/source.nix
index f662653e7..ff88d3557 100644
--- a/makefu/1systems/studio/source.nix
+++ b/makefu/1systems/studio/source.nix
@@ -1,4 +1,4 @@
-import <stockholm/makefu/source.nix> {
+{
   name="studio";
   musnix = true;
 }
diff --git a/makefu/1systems/tsp/source.nix b/makefu/1systems/tsp/source.nix
index 79f6a435d..9abf503e2 100644
--- a/makefu/1systems/tsp/source.nix
+++ b/makefu/1systems/tsp/source.nix
@@ -1,3 +1,5 @@
-import <stockholm/makefu/source.nix> {
+{
   name="tsp";
+  full = true;
+  hw = true;
 }
diff --git a/makefu/1systems/vbob/source.nix b/makefu/1systems/vbob/source.nix
index 5419215e2..59744faf5 100644
--- a/makefu/1systems/vbob/source.nix
+++ b/makefu/1systems/vbob/source.nix
@@ -1,4 +1,4 @@
-import <stockholm/makefu/source.nix> {
+{
   name="vbob";
   # musnix = true;
 }
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index 9d8a91e6d..e1d66a2f9 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -150,7 +150,7 @@ in {
   # rt2870 with nonfree creates wlp2s0 from wlp0s20u2
   # not explicitly setting the interface results in wpa_supplicant to crash
   networking.wireless.interfaces = [ "wlp2s0" ];
-  networking.interfaces.virbr1.ip4 = [{
+  networking.interfaces.virbr1.ipv4.addresses = [{
     address = "10.8.8.11";
     prefixLength = 24;
   }];
diff --git a/makefu/1systems/wbob/source.nix b/makefu/1systems/wbob/source.nix
index b768aa87d..c76f73760 100644
--- a/makefu/1systems/wbob/source.nix
+++ b/makefu/1systems/wbob/source.nix
@@ -1,4 +1,4 @@
-import <stockholm/makefu/source.nix> {
+{
   name="wbob";
   # musnix = true;
 }
diff --git a/makefu/1systems/wry/config.nix b/makefu/1systems/wry/config.nix
index 2db1a9a95..b728703ec 100644
--- a/makefu/1systems/wry/config.nix
+++ b/makefu/1systems/wry/config.nix
@@ -42,7 +42,7 @@ in {
       allowedTCPPorts = [ 53 80 443 ];
       allowedUDPPorts = [ 655 53 ];
     };
-    interfaces.enp2s1.ip4 = [{
+    interfaces.enp2s1.ipv4.addresses = [{
       address = external-ip;
       prefixLength = 24;
     }];
diff --git a/makefu/1systems/wry/source.nix b/makefu/1systems/wry/source.nix
index fac3877ee..730300590 100644
--- a/makefu/1systems/wry/source.nix
+++ b/makefu/1systems/wry/source.nix
@@ -1,3 +1,3 @@
-import <stockholm/makefu/source.nix> {
+{
   name="wry";
 }
diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix
index ab6429dc1..75af3255b 100644
--- a/makefu/1systems/x/source.nix
+++ b/makefu/1systems/x/source.nix
@@ -1,9 +1,10 @@
-import <stockholm/makefu/source.nix> {
+{
   name="x";
   full = true;
   python = true;
   hw = true;
   unstable = true;
   mic92 = true;
+  clever_kexec = true;
   # torrent = true;
 }
diff --git a/makefu/2configs/deployment/events-publisher/default.nix b/makefu/2configs/deployment/events-publisher/default.nix
index c671b1a0b..a09554e6a 100644
--- a/makefu/2configs/deployment/events-publisher/default.nix
+++ b/makefu/2configs/deployment/events-publisher/default.nix
@@ -2,8 +2,8 @@
 with import <stockholm/lib>;
 let
   shack-announce = pkgs.callPackage (builtins.fetchTarball {
-    url = "https://github.com/makefu/events-publisher/archive/5e7b083c63f25182a02c1fddb3d32cb9534fbc50.tar.gz";
-    sha256 = "1zzlhyj8fr6y3a3b6qlyrm474xxxs1ydqjpkd2jva3g1lnzlmvkp";
+    url = "https://github.com/makefu/events-publisher/archive/4cef900ba10348050208367af6b2035f5a0ef8b6.tar.gz";
+    sha256 = "137vsibr289p3xxlw37xhizi309sygki95919hmj02dxgwmy1k74";
   }) {} ;
   home = "/var/lib/shackannounce";
   user = "shackannounce";
diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix
new file mode 100644
index 000000000..d14a611b4
--- /dev/null
+++ b/makefu/2configs/editor/vim.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+
+let
+  customPlugins.vim-better-whitespace = pkgs.vimUtils.buildVimPlugin {
+    name = "vim-better-whitespace";
+    src = pkgs.fetchFromGitHub {
+      owner = "ntpeters";
+      repo = "vim-better-whitespace";
+      rev = "984c8da518799a6bfb8214e1acdcfd10f5f1eed7";
+      sha256 = "10l01a8xaivz6n01x6hzfx7gd0igd0wcf9ril0sllqzbq7yx2bbk";
+    };
+  };
+
+in {
+
+  environment.systemPackages = [
+    pkgs.python27Full # required for youcompleteme
+    (pkgs.vim_configurable.customize {
+      name = "vim";
+
+      vimrcConfig.customRC = builtins.readFile ./vimrc;
+      vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
+      vimrcConfig.vam.pluginDictionaries = [
+        { names = [ "undotree"
+          # "YouCompleteMe"
+          "vim-better-whitespace" ]; }
+        # vim-nix handles indentation better but does not perform sanity
+        { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
+      ];
+
+    })
+  ];
+}
diff --git a/makefu/2configs/editor/vimrc b/makefu/2configs/editor/vimrc
new file mode 100644
index 000000000..8cdab55db
--- /dev/null
+++ b/makefu/2configs/editor/vimrc
@@ -0,0 +1,98 @@
+set nocompatible
+syntax on
+set list
+set listchars=tab:▸\ 
+"set list listchars=tab:>-,trail:.,extends:>
+
+filetype off
+filetype plugin indent on
+
+colorscheme darkblue
+set background=dark
+
+set number
+set relativenumber
+set mouse=a
+set ignorecase
+set incsearch
+set wildignore=*.o,*.obj,*.bak,*.exe,*.os
+set textwidth=79
+set shiftwidth=2
+set expandtab
+set softtabstop=2
+set shiftround
+set smarttab
+set tabstop=2
+set et
+set autoindent
+set backspace=indent,eol,start
+
+
+inoremap <F1> <ESC>
+nnoremap <F1> <ESC>
+vnoremap <F1> <ESC>
+
+nnoremap <F5> :UndotreeToggle<CR>
+set undodir  =~/.vim/undo
+set undofile
+"maximum number of changes that can be undone
+set undolevels=1000000
+"maximum number lines to save for undo on a buffer reload
+set undoreload=10000000
+
+nnoremap <F2> :set invpaste paste?<CR>
+set pastetoggle=<F2>
+set showmode
+
+set showmatch
+set matchtime=3
+set hlsearch
+
+autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red
+
+
+" save on focus lost
+au FocusLost * :wa
+
+autocmd BufRead *.json set filetype=json
+au  BufNewFile,BufRead *.mustache set syntax=mustache
+
+cnoremap SudoWrite w !sudo tee > /dev/null %
+
+" create Backup/tmp/undo dirs
+set backupdir=~/.vim/backup
+set directory=~/.vim/tmp
+
+function! InitBackupDir()
+  let l:parent = $HOME    . '/.vim/'
+  let l:backup = l:parent . 'backup/'
+  let l:tmpdir = l:parent . 'tmp/'
+  let l:undodir= l:parent . 'undo/'
+
+
+  if !isdirectory(l:parent)
+    call mkdir(l:parent)
+  endif
+  if !isdirectory(l:backup)
+    call mkdir(l:backup)
+  endif
+  if !isdirectory(l:tmpdir)
+    call mkdir(l:tmpdir)
+  endif
+  if !isdirectory(l:undodir)
+    call mkdir(l:undodir)
+  endif
+endfunction
+call InitBackupDir()
+
+augroup Binary
+  " edit binaries in xxd-output, xxd is part of vim
+  au!
+  au BufReadPre  *.bin let &bin=1
+  au BufReadPost *.bin if &bin | %!xxd
+  au BufReadPost *.bin set ft=xxd | endif
+  au BufWritePre *.bin if &bin | %!xxd -r
+  au BufWritePre *.bin endif
+  au BufWritePost *.bin if &bin | %!xxd
+  au BufWritePost *.bin set nomod | endif
+augroup END
diff --git a/makefu/2configs/hw/smartcard.nix b/makefu/2configs/hw/smartcard.nix
new file mode 100644
index 000000000..1e9bca53b
--- /dev/null
+++ b/makefu/2configs/hw/smartcard.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+{
+  services.pcscd = {
+    enable = true;
+    plugins = with pkgs; [ ifdnfc ccid ];
+
+  };
+  environment.systemPackages = with pkgs; [
+    # need to run ifdnfc-activate before usage
+    ifdnfc
+    # pcsc_scan
+    pcsctools
+  ];
+  boot.blacklistedKernelModules = [
+    "pn533" "pn533_usb"
+    "nfc"
+  ];
+}
diff --git a/makefu/2configs/nginx/rompr.nix b/makefu/2configs/nginx/rompr.nix
new file mode 100644
index 000000000..8c1fb