10 files changed, 61 insertions, 32 deletions

diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix
new file mode 100644
index 000000000..7eba86c52
--- /dev/null
+++ b/lass/1systems/cabal/config.nix
@@ -0,0 +1,35 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    <stockholm/lass>
+    <stockholm/lass/2configs/hw/x220.nix>
+    <stockholm/lass/2configs/boot/stock-x220.nix>
+
+    <stockholm/lass/2configs/mouse.nix>
+    <stockholm/lass/2configs/retiolum.nix>
+    <stockholm/lass/2configs/exim-retiolum.nix>
+    <stockholm/lass/2configs/baseX.nix>
+    <stockholm/lass/2configs/browsers.nix>
+    <stockholm/lass/2configs/programs.nix>
+    <stockholm/lass/2configs/fetchWallpaper.nix>
+    <stockholm/lass/2configs/backups.nix>
+    <stockholm/lass/2configs/games.nix>
+    <stockholm/lass/2configs/bitcoin.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.cabal;
+
+  #fileSystems = {
+  #  "/bku" = {
+  #    device = "/dev/mapper/pool-bku";
+  #    fsType = "btrfs";
+  #    options = ["defaults" "noatime" "ssd" "compress=lzo"];
+  #  };
+  #};
+
+  #services.udev.extraRules = ''
+  #  SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
+  #  SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
+  #'';
+}
diff --git a/lass/1systems/cabal/source.nix b/lass/1systems/cabal/source.nix
new file mode 100644
index 000000000..5d9507f3d
--- /dev/null
+++ b/lass/1systems/cabal/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/lass/source.nix> {
+  name = "cabal";
+  secure = true;
+}
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index c4d99cb2c..e64cfbe79 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -131,7 +131,7 @@ with import <stockholm/lib>;
   ];
 
   services.xserver.displayManager.sessionCommands = ''
-    ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
+    ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
   '';
 
   networking.hostName = lib.mkForce "BLN02NB0162";
@@ -168,8 +168,6 @@ with import <stockholm/lib>;
     '')
   ];
 
-  lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
-
   programs.adb.enable = true;
   users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
 
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index cbb71ab24..f77bc64c2 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -170,31 +170,11 @@ with import <stockholm/lib>;
       export PATH=${makeBinPath [
         pkgs.bash
         pkgs.coreutils
-        pkgs.nix
-        (pkgs.writeDashBin "is-git-crypt-locked" ''
-          magic=$(dd status=none if="$1" skip=1 bs=1 count=8)
-          test "$magic" = GITCRYPT
-        '')
+        pkgs.nixUnstable
       ]}
       cd ~/stockholm
       export SYSTEM="$1"
-      if is-git-crypt-locked ~/secrets/ready; then
-        echo 'secrets are crypted' >&2
-        exit 23
-      else
-        exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
-      fi
-    '';
-    predeploy = pkgs.writeDash "predeploy" ''
-      set -eu
-      export PATH=${makeBinPath [
-        pkgs.bash
-        pkgs.coreutils
-        pkgs.nix
-      ]}
-      cd ~/stockholm
-      export SYSTEM="$1"
-      exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate'
+      exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
     '';
   };
 
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index ae652722a..4455d2761 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -78,6 +78,7 @@ with import <stockholm/lib>;
       { from = "github@lassul.us"; to = lass.mail; }
       { from = "ovh@lassul.us"; to = lass.mail; }
       { from = "hetzner@lassul.us"; to = lass.mail; }
+      { from = "allygator@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 03d39ef75..b9682c5ee 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -8,6 +8,16 @@ let
       logfile ~/.msmtp.log
     account prism
       host prism.r
+    account c-base
+      from lassulus@c-base.org
+      host c-mail.c-base.org
+      port 465
+      tls on
+      tls_starttls off
+      tls_fingerprint 8C:10:A6:AB:1F:82:C4:8F:B1:B4:22:D5:8B:8B:49:9B:59:0B:22:A4
+      auth on
+      user lassulus
+      passwordeval pass show c-base/pass
     account default: prism
   '';
 
@@ -36,9 +46,11 @@ let
     ];
     dezentrale = [ "to:dezentrale.space" ];
     dhl = [ "to:dhl@lassul.us" ];
+    eloop = [ "to:eloop.org" ];
     github = [ "to:github@lassul.us" ];
     gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
     kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
+    lugs = [ "to:lugs@lug-s.org" ];
     nix-devel = [ "to:nix-devel@googlegroups.com" ];
     patreon = [ "to:patreon@lassul.us" ];
     paypal = [ "to:paypal@lassul.us" ];
@@ -65,7 +77,7 @@ let
     # gpg
     source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
     set pgp_use_gpg_agent = yes
-    set pgp_sign_as = 0x976A7E4D
+    set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D
     set crypt_autosign = yes
     set crypt_replyencrypt = yes
     set crypt_verify_sig = yes
diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix
index c3d07d5fe..537c8a59b 100644
--- a/lass/2configs/security-workarounds.nix
+++ b/lass/2configs/security-workarounds.nix
@@ -5,6 +5,4 @@ with import <stockholm/lib>;
   boot.extraModprobeConfig = ''
     install dccp /run/current-system/sw/bin/false
   '';
-
-  boot.kernelPackages = pkgs.linuxPackages_latest;
 }
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 9ece2af77..7a72499c9 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -49,6 +49,7 @@ in {
       "www.ubikmedia.eu"
       "www.youthtube.xyz"
       "www.ubikmedia.de"
+      "www.joemisch.com"
       "www.weirdwednesday.de"
 
       "aldona2.ubikmedia.de"
@@ -63,6 +64,7 @@ in {
       "weirdwednesday.ubikmedia.de"
       "freemonkey.ubikmedia.de"
       "jarugadesign.ubikmedia.de"
+      "crypto4art.ubikmedia.de"
     ])
   ];
 
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index aa57a9857..14d6ce9ec 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -12,9 +12,8 @@ let
   ;
 
   msmtprc = pkgs.writeText "msmtprc" ''
-    account localhost
+    account default
       host localhost
-    account default: localhost
   '';
 
   sendmail = pkgs.writeDash "msmtp" ''
diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix
index e16ce9868..29c3861f2 100644
--- a/lass/3modules/screenlock.nix
+++ b/lass/3modules/screenlock.nix
@@ -14,7 +14,7 @@ let
     enable = mkEnableOption "screenlock";
     command = mkOption {
       type = types.str;
-      default = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f";
+      default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1";
     };
   };
 
@@ -28,7 +28,7 @@ let
       serviceConfig = {
         SyslogIdentifier = "screenlock";
         ExecStart = cfg.command;
-        Type = "forking";
+        Type = "simple";
         User = "lass";
       };
     };