25 files changed, 443 insertions, 409 deletions

diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix
index d4a389a4a..470dd3aff 100644
--- a/lass/1systems/hilum/config.nix
+++ b/lass/1systems/hilum/config.nix
@@ -21,13 +21,9 @@
         source /grub/autoiso.cfg
       }
     '';
-    extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation {
-      name = "autoiso.cfg";
-      src = pkgs.grub2.src;
-      phases = [ "unpackPhase" "installPhase" ];
-      installPhase = ''
-        cp docs/autoiso.cfg $out
-      '';
-    });
+    extraFiles."/grub/autoiso.cfg" = "${pkgs.grub2.src}/docs/autoiso.cfg";
   };
+
+  services.logind.lidSwitch = "ignore";
+  services.logind.lidSwitchDocked = "ignore";
 }
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 46f0892a2..5e16052ad 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -20,6 +20,7 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/nfs-dl.nix>
     #<stockholm/lass/2configs/prism-share.nix>
     <stockholm/lass/2configs/ssh-cryptsetup.nix>
+    <stockholm/lass/2configs/network-manager.nix>
   ];
 
   #media center
diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix
index d764dabc1..861bd8b0b 100644
--- a/lass/1systems/icarus/physical.nix
+++ b/lass/1systems/icarus/physical.nix
@@ -1,22 +1,53 @@
+{ config, lib, pkgs, ... }:
 {
   imports = [
     ./config.nix
-    <stockholm/lass/2configs/hw/x220.nix>
-    <stockholm/lass/2configs/boot/coreboot.nix>
+    #<stockholm/lass/2configs/hw/x220.nix>
+    #<stockholm/lass/2configs/boot/universal.nix>
+    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    <stockholm/krebs/2configs/hw/x220.nix>
   ];
 
-  fileSystems = {
-    "/bku" = {
-      device = "/dev/mapper/pool-bku";
-      fsType = "btrfs";
-      options = ["defaults" "noatime" "ssd" "compress=lzo"];
-    };
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.efiSupport = true;
+  boot.loader.grub.efiInstallAsRemovable = true;
+  boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6";
+  boot.initrd.luks.devices.ssd.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6-part3";
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/298eb635-8db2-4c15-a73d-2e0d6afa10e8";
+    fsType = "xfs";
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/eec94bef-e745-4d95-ad17-4df728f5fd31";
+    fsType = "xfs";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/D975-2CAB";
+    fsType = "vfat";
   };
 
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 4;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+
   services.udev.extraRules = ''
     SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
     SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
   '';
 
   services.thinkfan.enable = true;
+
+  services.logind.lidSwitch = "ignore";
+  services.logind.lidSwitchDocked = "ignore";
+
 }
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix
deleted file mode 100644
index a7b9f21b3..000000000
--- a/lass/1systems/iso.nix
+++ /dev/null
@@ -1,193 +0,0 @@
-{ config, pkgs, ... }:
-
-with import <stockholm/lib>;
-{
-  imports = [
-    <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
-    <stockholm/krebs>
-    <stockholm/lass/3modules>
-    <stockholm/lass/2configs/mc.nix>
-    <stockholm/lass/2configs/vim.nix>
-    {
-      # /dev/stderr doesn't work. I don't know why
-      # /proc/self doesn't seem to work correctly
-      # /dev/pts is empty except for 1 file
-      # my life sucks
-      nixpkgs.config.packageOverrides = super: {
-        irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> {
-          pkgs = pkgs // {
-            coreutils = pkgs.symlinkJoin {
-              name = "coreutils-hack";
-              paths = [
-                (pkgs.writeDashBin "tee" ''
-                  if test "$1" = /dev/stderr; then
-                    while read -r line; do
-                      echo "$line"
-                      echo "$line" >&2
-                    done
-                  else
-                    ${super.coreutils}/bin/tee "$@"
-                  fi
-                '')
-                pkgs.coreutils
-              ];
-            };
-          };
-        };
-      };
-      boot.kernelParams = [ "copytoram" ];
-      networking.hostName = "lass-iso";
-    }
-    {
-      nixpkgs.config.packageOverrides = import <stockholm/lass/5pkgs> pkgs;
-      krebs.enable = true;
-      krebs.build.user = config.krebs.users.lass;
-      krebs.build.host = {};
-    }
-    {
-      nixpkgs.config.allowUnfree = true;
-    }
-    {
-      users.extraUsers = {
-        root = {
-          openssh.authorizedKeys.keys = [
-            config.krebs.users.lass.pubkey
-          ];
-        };
-      };
-    }
-    {
-      environment.extraInit = ''
-        EDITOR=vim
-      '';
-    }
-    {
-      environment.systemPackages = with pkgs; [
-      #stockholm
-        git
-        gnumake
-        jq
-        parallel
-        proot
-        populate
-
-      #style
-        most
-        rxvt_unicode.terminfo
-
-      #monitoring tools
-        htop
-        iotop
-
-      #network
-        iptables
-        iftop
-
-      #stuff for dl
-        aria2
-
-      #neat utils
-        hashPassword
-        krebspaste
-        pciutils
-        pop
-        psmisc
-        q
-        rs
-        tmux
-        untilport
-        usbutils
-
-      #unpack stuff
-        p7zip
-        unzip
-        unrar
-
-      #data recovery
-        ddrescue
-        ntfs3g
-        dosfstools
-      ];
-    }
-    {
-      programs.bash = {
-        enableCompletion = true;
-        interactiveShellInit = ''
-          HISTCONTROL='erasedups:ignorespace'
-          HISTSIZE=65536
-          HISTFILESIZE=$HISTSIZE
-
-          shopt -s checkhash
-          shopt -s histappend histreedit histverify
-          shopt -s no_empty_cmd_completion
-          complete -d cd
-        '';
-        promptInit = ''
-          if test $UID = 0; then
-            PS1='\[\033[1;31m\]\w\[\033[0m\] '
-            PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
-          elif test $UID = 1337; then
-            PS1='\[\033[1;32m\]\w\[\033[0m\] '
-            PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
-          else
-            PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
-            PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
-          fi
-          if test -n "$SSH_CLIENT"; then
-            PS1='\[\033[35m\]\h'" $PS1"
-            PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
-          fi
-        '';
-      };
-    }
-    {
-      services.openssh = {
-        enable = true;
-        hostKeys = [
-          # XXX bits here make no science
-          { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
-        ];
-      };
-      systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
-    }
-    {
-      networking.firewall = {
-        enable = true;
-        allowedTCPPorts = [ 22 ];
-      };
-    }
-    {
-      krebs.hidden-ssh.enable = true;
-    }
-    {
-      services.xserver = {
-        enable = true;
-        #videoDrivers = mkForce [ "ati_unfree" ];
-
-        desktopManager.xterm.enable = false;
-        desktopManager.default = "none";
-        displayManager.lightdm.enable = true;
-        displayManager.lightdm.autoLogin = {
-          enable = true;
-          user = "lass";
-        };
-        windowManager.default = "xmonad";
-        windowManager.session = let
-          xmonad-lass = pkgs.callPackage <stockholm/lass/5pkgs/custom/xmonad-lass> { inherit config; };
-        in [{
-          name = "xmonad";
-          start = ''
-            ${pkgs.xorg.xhost}/bin/xhost +LOCAL:
-            ${xmonad-lass}/bin/xmonad &
-            waitPID=$!
-          '';
-        }];
-
-        layout = "us";
-        xkbModel = "evdev";
-        xkbVariant = "altgr-intl";
-        xkbOptions = "caps:backspace";
-      };
-    }
-  ];
-}
diff --git a/lass/1systems/iso/default.nix b/lass/1systems/iso/default.nix
new file mode 100644
index 000000000..a77a74fbe
--- /dev/null
+++ b/lass/1systems/iso/default.nix
@@ -0,0 +1,211 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+let
+
+  wizard = pkgs.writers.writeBash "wizard" ''
+    shopt -s extglob
+
+    echo -n '
+      welcome to the computer wizard
+      first we will check for internet connectivity
+      (press enter to continue)
+    '
+    read -n 1 -s
+    if ! ping -c1 lassul.us; then
+      echo 'no internet detectio, you will have to provide credentials'
+      read -n 1 -s
+      nmtui
+    fi
+
+    # ping -c1 lassuls.us || ${pkgs.writeDash "nm-dmenu" ''
+    #   set -x
+    #   export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
+    #   exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"
+    # ''}
+
+    mode=$(echo -n '
+    1. help of the wizard
+    2. let the wizard watch and help if needed
+    3. I will do it alone
+    ' | ${pkgs.fzf}/bin/fzf --reverse)
+    case "$mode" in
+      1*)
+        echo 'mode_1' > /tmp/mode
+        systemctl start hidden-ssh-announce.service
+        tmux new -s help
+        ;;
+      2*)
+        echo 'mode_2' > /tmp/mode
+        ;;
+      3*)
+        echo 'mode_3' > /tmp/mode
+        ;;
+      *)
+        echo 'no mode selected'
+        ;;
+    esac
+  '';
+
+in {
+  imports = [
+    <stockholm/krebs>
+    <stockholm/lass/3modules>
+    <stockholm/lass/2configs/vim.nix>
+    {
+      nixpkgs.config.packageOverrides = import <stockholm/lass/5pkgs> pkgs;
+      krebs.enable = true;
+      krebs.build.user = config.krebs.users.lass;
+      krebs.build.host = {};
+    }
+    # {
+    #   systemd.services.wizard = {
+    #     description = "Computer Wizard";
+    #     wantedBy = [ "multi-user.target" ];
+    #     serviceConfig = {
+    #       ExecStart = pkgs.writers.writeDash "wizard" ''
+    #         set -efu
+    #         cat <<EOF
+    #         welcome to the computer wizard
+    #         you can choose between the following modes
+    #         echo -n '1\n2\n3' | ${pkgs.fzf}/bin/fzf
+    #         EOF
+    #       '';
+    #       StandardInput = "tty";
+    #       StandardOutput = "tty";
+    #       # TTYPath = "/dev/tty1";
+    #       TTYPath = "/dev/ttyS0";
+    #       TTYReset = true;
+    #       TTYVTDisallocate = true;
+    #       Restart = "always";
+    #     };
+    #   };
+    # }
+  ];
+
+  networking.hostName = "wizard";
+  nixpkgs.config.allowUnfree = true;
+
+  users.extraUsers = {
+    root = {
+      openssh.authorizedKeys.keys = [
+        config.krebs.users.lass.pubkey
+        config.krebs.users.lass-mors.pubkey
+      ];
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+  #stockholm
+    git
+    gnumake
+    jq
+    parallel
+    proot
+    populate
+
+  #style
+    most
+    rxvt_unicode.terminfo
+
+  #monitoring tools
+    htop
+    iotop
+
+  #network
+    iptables
+    iftop
+
+  #stuff for dl
+    aria2
+
+  #neat utils
+    dmenu
+    hashPassword
+    krebspaste
+    pciutils
+    pop
+    psmisc
+    q
+    rs
+    tmux
+    untilport
+    usbutils
+
+  #unpack stuff
+    p7zip
+    unzip
+    unrar
+
+  #data recovery
+    ddrescue
+    ntfs3g
+    dosfstools
+  ];
+
+  environment.extraInit = ''
+    EDITOR=vim
+  '';
+
+  programs.bash = {
+    enableCompletion = true;
+    interactiveShellInit = ''
+      HISTCONTROL='erasedups:ignorespace'
+      HISTSIZE=65536
+      HISTFILESIZE=$HISTSIZE
+
+      shopt -s checkhash
+      shopt -s histappend histreedit histverify
+      shopt -s no_empty_cmd_completion
+      complete -d cd
+    '';
+    promptInit = ''
+      if test $UID = 0; then
+        PS1='\[\033[1;31m\]\w\[\033[0m\] '
+        PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
+      elif test $UID = 1337; then
+        PS1='\[\033[1;32m\]\w\[\033[0m\] '
+        PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
+      else
+        PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
+        PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
+      fi
+      if test -n "$SSH_CLIENT"; then
+        PS1='\[\033[35m\]\h'" $PS1"
+        PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
+      fi
+      if ! test -e /tmp/mode; then
+        ${wizard}
+      fi
+    '';
+  };
+
+  services.openssh.enable = true;
+  systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 22 ];
+  };
+  networking.networkmanager.enable = true;
+  networking.wireless.enable = mkForce false;
+
+  krebs.hidden-ssh = {
+    enable = true;
+    channel = "##lassulus-wizard";
+
+  };
+  systemd.services.hidden-ssh-announce.wantedBy = mkForce [];
+  services.mingetty.autologinUser = "root";
+
+  nixpkgs.config.packageOverrides = super: {
+    dmenu = pkgs.writeDashBin "dmenu" ''
+      ${pkgs.fzf}/bin/fzf \
+        --history=/dev/null \
+        --print-query \
+        --prompt=\"$PROMPT\"
+    '';
+  };
+
+  boot.tmpOnTmpfs = true;
+}
diff --git a/lass/1systems/iso/generate-iso.sh b/lass/1systems/iso/generate-iso.sh
new file mode 100755
index 000000000..3179b31c1
--- /dev/null
+++ b/lass/1systems/iso/generate-iso.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env nix-shell
+#! nix-shell -i bash -p nixos-generators
+
+set -xefu
+
+WD=$(dirname "$0")
+nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/default.nix -f install-iso
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index b3de15837..9bb31191c 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -19,6 +19,7 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/ssh-cryptsetup.nix>
     <stockholm/lass/2configs/nfs-dl.nix>
     <stockholm/lass/2configs/gg23.nix>
+    <stockholm/lass/2configs/br.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.shodan;
diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix
index 77cf2206b..5a6f07215 100644
--- a/lass/1systems/xerxes/physical.nix
+++ b/lass/1systems/xerxes/physical.nix
@@ -5,40 +5,32 @@
     <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
   ];
 
-  boot.zfs.enableUnstable = true;
   boot.loader.grub = {
     enable = true;
     device = "/dev/sda";
     efiSupport = true;
+    efiInstallAsRemovable = true;
   };
-  boot.loader.efi.canTouchEfiVariables = true;
 
   boot.blacklistedKernelModules = [
     "sdhci_pci"
   ];
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
   boot.initrd.luks.devices.crypted.device = "/dev/sda3";
   boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
   boot.kernelParams = [
     "fbcon=rotate:1"
     "boot.shell_on_fail"
   ];
 
   fileSystems."/" = {
-    device = "rpool/root";
-    fsType = "zfs";
-  };
-
-  fileSystems."/home" = {
-    device = "rpool/home";
-    fsType = "zfs";
+    device = "/dev/disk/by-uuid/8efd0c22-f712-46bf-baad-1fbf19d9ec25";
+    fsType = "xfs";
   };
 
   fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/E749-784C";
+    device = "/dev/disk/by-uuid/7F23-DDB4";
     fsType = "vfat";
   };
 
@@ -74,7 +66,6 @@
   services.xserver = {
     videoDrivers = [ "intel" ];
     displayManager.sessionCommands = ''
-      echo nonono > /tmp/xxyy
       (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right)
       (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1)
     '';
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index d049bdee6..abbc0045b 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -47,17 +47,6 @@ with import <stockholm/lib>;
     };
     virtualHosts.default = {
       default = true;
-      locations."=/Nginx-Fancyindex-Theme-dark" = {
-        extraConfig = ''
-          alias ${pkgs.fetchFromGitHub {
-            owner = "Naereen";
-            repo = "Nginx-Fancyindex-Theme";
-            rev = "e84f7d6a32085c2b6238f85f5fdebe9ceb710fc4";
-            sha256 = "0wzl4ws2w8f0749vxfd1c8c21p3jw463wishgfcmaljbh4dwplg6";
-          }}/Nginx-Fancyindex-Theme-dark;
-          autoindex on;
-        '';
-      };
       locations."/dl".extraConfig = ''
         return 301 /;
       '';
@@ -65,8 +54,6 @@ with import <stockholm/lib>;
         root = "/var/download/finished";
         extraConfig = ''
           fancyindex on;
-          fancyindex_header "/Nginx-Fancyindex-Theme-dark/header.html";
-          fancyindex_footer "/Nginx-Fancyindex-Theme-dark/footer.html";
           dav_methods PUT DELETE MKCOL COPY MOVE;
 
           create_full_put_path on;
diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix
index 6818db460..3d87fb620 100644
--- a/lass/2configs/ciko.nix
+++ b/lass/2configs/ciko.nix
@@ -11,14 +11,6 @@ with import <stockholm/lib>;
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr"
     ];
   };
-  krebs.exim-smarthost = {
-    internet-aliases = [
-      { from = "*@slash16.net"; to = "ciko"; }
-    ];
-    sender_domains = [
-      "slash16.net"
-    ];
-  };
 
   system.activationScripts.user-shadow = ''
     ${pkgs.coreutils}/bin/chmod +x /home/ciko
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index dcae2f3eb..b0d7ff23b 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -96,9 +96,6 @@ with import <stockholm/lib>;
     git
     gnumake
     jq
-    parallel
-    proot
-    populate
 
   #style
     most
@@ -118,6 +115,7 @@ with import <stockholm/lib>;
 
   #neat utils
     file
+    hashPassword
     kpaste
     krebspaste
     mosh
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index a82672998..565608633 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -1,8 +1,110 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, ... }: with import <stockholm/lib>; let
 
-with import <stockholm/lib>;
+  to = concatStringsSep "," [
+    "lass@blue.r"
+    "lass@xerxes.r"
+    "lass@mors.r"
+  ];
+
+  mails = [
+    "postmaster@lassul.us"
+    "lass@lassul.us"
+    "lassulus@lassul.us"
+    "test@lassul.us"
+    "outlook@lassul.us"
+    "steuer@aidsballs.de"
+    "lass@aidsballs.de"
+    "wordpress@ubikmedia.de"
+    "finanzamt@lassul.us"
+    "netzclub@lassul.us"
+    "nebenan@lassul.us"
+    "feed@lassul.us"
+    "art@lassul.us"
+    "irgendwas@lassul.us"
+    "polo@lassul.us"
+    "shack@lassul.us"
+    "nix@lassul.us"
+    "c-base@lassul.us"
+    "paypal@lassul.us"
+    "patreon@lassul.us"
+    "steam@lassul.us"
+    "securityfocus@lassul.us"
+    "radio@lassul.us"
+    "btce@lassul.us"
+    "raf@lassul.us"
+    "apple@lassul.us"
+    "coinbase@lassul.us"
+    "tomtop@lassul.us"
+    "aliexpress@lassul.us"
+    "business@lassul.us"
+    "payeer@lassul.us"
+    "github@lassul.us"
+    "bitwala@lassul.us"
+    "bitstamp@lassul.us"
+    "bitcoin.de@lassul.us"
+    "ableton@lassul.us"
+    "dhl@lassul.us"
+    "sipgate@lassul.us"
+    "coinexchange@lassul.us"
+    "verwaltung@lassul.us"
+    "gearbest@lassul.us"
+    "binance@lassul.us"
+    "bitfinex@lassul.us"
+    "alternate@lassul.us"
+    "redacted@lassul.us"
+    "mytaxi@lassul.us"
+    "pizza@lassul.us"
+    "robinhood@lassul.us"
+    "drivenow@lassul.us"
+    "aws@lassul.us"
+    "reddit@lassul.us"
+    "banggood@lassul.us"
+    "immoscout@lassul.us"
+    "gmail@lassul.us"
+    "amazon@lassul.us"
+    "humblebundle@lassul.us"
+    "meetup@lassul.us"
+    "gebfrei@lassul.us"
+    "github@lassul.us"
+    "ovh@lassul.us"
+    "hetzner@lassul.us"
+    "allygator@lassul.us"
+    "immoscout@lassul.us"
+    "elitedangerous@lassul.us"
+    "boardgamegeek@lassul.us"
+    "qwertee@lassul.us"
+    "zazzle@lassul.us"
+    "hackbeach@lassul.us"
+    "transferwise@lassul.us"
+    "cis@lassul.us"
+    "afra@lassul.us"
+    "ksp@lassul.us"
+    "ccc@lassul.us"
+    "neocron@lassul.us"
+    "osmocom@lassul.us"
+    "lesswrong@lassul.us"
+    "nordvpn@lassul.us"
+    "csv-direct@lassul.us"
+    "nintendo@lassul.us"
+    "overleaf@lassul.us"
+    "box@lassul.us"
+    "paloalto@lassul.us"
+    "subtitles@lassul.us"
+    "lobsters@lassul.us"
+    "fysitech@lassul.us"
+    "threema@lassul.us"
+    "ubisoft@lassul.us"
+    "kottezeller@lassul.us"
+    "pie@lassul.us"
+    "vebit@lassul.us"
+    "vcvrack@lassul.us"
+    "epic@lassul.us"
+    "microsoft@lassul.us"
+    "stickers@lassul.us"
+    "nextbike@lassul.us"
+  ];
 
-{
+in {
   krebs.exim-smarthost = {
     enable = true;
     dkim = [
@@ -17,101 +119,7 @@ with import <stockholm/lib>;
       config.krebs.hosts.blue
       config.krebs.hosts.xerxes
     ];
-    internet-aliases = with config.krebs.users; [
-      { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
-      { from = "lass@lassul.us"; to = lass.mail; }
-      { from = "lassulus@lassul.us"; to = lass.mail; }
-      { from = "test@lassul.us"; to = lass.mail; }
-      { from = "outlook@lassul.us"; to = lass.mail; }
-      { from = "steuer@aidsballs.de"; to = lass.mail; }
-      { from = "lass@aidsballs.de"; to = lass.mail; }
-      { from = "wordpress@ubikmedia.de"; to = lass.mail; }
-      { from = "finanzamt@lassul.us"; to = lass.mail; }
-      { from = "netzclub@lassul.us"; to = lass.mail; }
-      { from = "nebenan@lassul.us"; to = lass.mail; }
-      { from = "feed@lassul.us"; to = lass.mail; }
-      { from = "art@lassul.us"; to = lass.mail; }
-      { from = "irgendwas@lassul.us"; to = lass.mail; }
-      { from = "polo@lassul.us"; to = lass.mail; }
-      { from = "shack@lassul.us"; to = lass.mail; }
-      { from = "nix@lassul.us"; to = lass.mail; }
-      { from = "c-base@lassul.us"; to = lass.mail; }
-      { from = "paypal@lassul.us"; to = lass.mail; }
-      { from = "patreon@lassul.us"; to = lass.mail; }
-      { from = "steam@lassul.us"; to = lass.mail; }
-      { from = "securityfocus@lassul.us"; to = lass.mail; }
-      { from = "radio@lassul.us"; to = lass.mail; }
-      { from = "btce@lassul.us"; to = lass.mail; }
-      { from = "raf@lassul.us"; to = lass.mail; }
-      { from = "apple@lassul.us"; to = lass.mail; }
-      { from = "coinbase@lassul.us"; to = lass.mail; }
-      { from = "tomtop@lassul.us"; to = lass.mail; }
-      { from = "aliexpress@lassul.us"; to = lass.mail; }
-      { from = "business@lassul.us"; to = lass.mail; }
-      { from = "payeer@lassul.us"; to = lass.mail; }
-      { from = "github@lassul.us"; to = lass.mail; }
-      { from = "bitwala@lassul.us"; to = lass.mail; }
-      { from = "bitstamp@lassul.us"; to = lass.mail; }
-      { from = "bitcoin.de@lassul.us"; to = lass.mail; }
-      { from = "ableton@lassul.us"; to = lass.mail; }
-      { from = "dhl@lassul.us"; to = lass.mail; }
-      { from = "sipgate@lassul.us"; to = lass.mail; }
-      { from = "coinexchange@lassul.us"; to = lass.mail; }
-      { from = "verwaltung@lassul.us"; to = lass.mail; }
-      { from = "gearbest@lassul.us"; to = lass.mail; }
-      { from = "binance@lassul.us"; to = lass.mail; }
-      { from = "bitfinex@lassul.us"; to = lass.mail; }
-      { from = "alternate@lassul.us"; to = lass.mail; }
-      { from = "redacted@lassul.us"; to = lass.mail; }
-      { from = "mytaxi@lassul.us"; to = lass.mail; }
-      { from = "pizza@lassul.us"; to = lass.mail; }
-      { from = "robinhood@lassul.us"; to = lass.mail; }
-      { from = "drivenow@lassul.us"; to = lass.mail; }
-      { from = "aws@lassul.us"; to = lass.mail; }
-      { from = "reddit@lassul.us"; to = lass.mail; }
-      { from = "banggood@lassul.us"; to = lass.mail; }
-      { from = "immoscout@lassul.us"; to = lass.mail; }
-      { from = "gmail@lassul.us"; to = lass.mail; }
-      { from = "amazon@lassul.us"; to = lass.mail; }
-      { from = "humblebundle@lassul.us"; to = lass.mail; }
-      { from = "meetup@lassul.us"; to = lass.mail; }
-      { from = "gebfrei@lassul.us"; to = lass.mail; }
-      { from = "github@lassul.us"; to = lass.mail; }
-      { from = "ovh@lassul.us"; to = lass.mail; }
-      { from = "hetzner@lassul.us"; to = lass.mail; }
-      { from = "allygator@lassul.us"; to = lass.mail; }
-      { from = "immoscout@lassul.us"; to = lass.mail; }
-      { from = "elitedangerous@lassul.us"; to = lass.mail; }
-      { from = "boardgamegeek@lassul.us"; to = lass.mail; }
-      { from = "qwertee@lassul.us"; to = lass.mail; }
-      { from = "zazzle@lassul.us"; to = lass.mail; }
-      { from = "hackbeach@lassul.us"; to = lass.mail; }
-      { from = "transferwise@lassul.us"; to = lass.mail; }
-      { from = "cis@lassul.us"; to = lass.mail; }
-      { from = "afra@lassul.us"; to = lass.mail; }
-      { from = "ksp@lassul.