11 files changed, 157 insertions, 10 deletions
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 1205e192..7f004cd8 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -29,10 +29,13 @@ let
     };
 
     options.krebs.build.source.dir = mkOption {
-      type = types.attrsOf (types.submodule ({ config, ... }: {
+      type = let
+        default-host = config.krebs.current.host;
+      in types.attrsOf (types.submodule ({ config, ... }: {
         options = {
           host = mkOption {
             type = types.host;
+            default = default-host;
           };
           path = mkOption {
             type = types.str;
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index fd9d56ed..b4e7f925 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -15,6 +15,7 @@ let
       ./git.nix
       ./iptables.nix
       ./nginx.nix
+      ./per-user.nix
       ./Reaktor.nix
       ./retiolum-bootstrap.nix
       ./realwallpaper.nix
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 2d33b927..652527da 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -164,6 +164,7 @@ with lib;
       dc = "makefu"; #dc = "cac";
       extraZones = {
         "krebsco.de" = ''
+          euer           IN A  ${head nets.internet.addrs4}
           wiki.euer      IN A  ${head nets.internet.addrs4}
           wry            IN A  ${head nets.internet.addrs4}
           io             IN NS wry.krebsco.de.
@@ -191,6 +192,9 @@ with lib;
             "paste.retiolum"
             "wry.retiolum"
             "wiki.makefu.retiolum"
+            "wiki.wry.retiolum"
+            "blog.makefu.retiolum"
+            "blog.wry.retiolum"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -210,13 +214,36 @@ with lib;
         };
       };
     };
+    filepimp = rec {
+      cores = 1;
+      dc = "makefu"; #nas
+
+      nets = {
+        retiolum = {
+          addrs4 = ["10.243.153.102"];
+          addrs6 = ["42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"];
+          aliases = [
+            "filepimp.retiolum"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
+            BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
+            i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
+            09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
+            u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
+            OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
+            -----END RSA PUBLIC KEY-----
+            '';
+        };
+      };
+    };
     gum = rec {
       cores = 1;
       dc = "online.net"; #root-server
 
       extraZones = {
         "krebsco.de" = ''
-          euer              IN A      ${head nets.internet.addrs4}
           share.euer        IN A      ${head nets.internet.addrs4}
           gum               IN A      ${head nets.internet.addrs4}
         '';
diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix
new file mode 100644
index 00000000..ee213ded
--- /dev/null
+++ b/krebs/3modules/per-user.nix
@@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.krebs.per-user;
+
+  out = {
+    options.krebs.per-user = api;
+    config = imp;
+  };
+
+  api = mkOption {
+    type = with types; attrsOf (submodule {
+      options = {
+        packages = mkOption {
+          type = listOf path;
+          default = [];
+        };
+      };
+    });
+    default = {};
+  };
+
+  imp = {
+    environment = {
+      etc = flip mapAttrs' cfg (name: { packages, ... }: {
+        name = "per-user/${name}";
+        value.source = pkgs.symlinkJoin "per-user.${name}" packages;
+      });
+      profiles = ["/etc/per-user/$LOGNAME"];
+    };
+  };
+
+in out
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 4c295dff..6fd1c422 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -158,7 +158,8 @@ with lib;
         };
       };
       secure = true;
-      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILn7C3LxAs9kUynENdRNgQs4qjrhNDfXzlHTpVJt6e09";
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic";
     };
     ok = {
       nets = {
@@ -276,17 +277,26 @@ with lib;
         };
       };
       secure = true;
-      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw";
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
     };
   };
-  users = addNames {
+  users = addNames rec {
     mv = {
       mail = "mv@cd.retiolum";
-      pubkey = readFile ../../Zpubkeys/mv_vod.ssh.pub;
+      pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";
     };
     tv = {
       mail = "tv@wu.retiolum";
-      pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
+    };
+    tv_nomic = {
+      inherit (tv) mail;
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2";
+    };
+    tv_xu = {
+      inherit (tv) mail;
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
     };
   };
 }
diff --git a/krebs/5pkgs/bepasty-client-cli/default.nix b/krebs/5pkgs/bepasty-client-cli/default.nix
new file mode 100644
index 00000000..990f99af
--- /dev/null
+++ b/krebs/5pkgs/bepasty-client-cli/default.nix
@@ -0,0 +1,22 @@
+{ lib, pkgs, pythonPackages, fetchurl, ... }:
+
+with pythonPackages; buildPythonPackage rec {
+  name = "bepasty-client-cli-${version}";
+  version = "0.3.0";
+  propagatedBuildInputs = [
+    python_magic
+    click
+    requests2
+  ];
+
+  src = fetchurl {
+    url = "https://pypi.python.org/packages/source/b/bepasty-client-cli/bepasty-client-cli-${version}.tar.gz";
+    sha256 = "002kcplyfnmr5pn2ywdfilss0rmbm8wcdzz8hzp03ksy2zr4sdbw";
+  };
+
+  meta = {
+    homepage = https://github.com/bepasty/bepasty-client-cli;
+    description = "CLI client for bepasty-server";
+    license = lib.licenses.bsd2;
+  };
+}
diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix
new file mode 100644
index 00000000..fb318af8
--- /dev/null
+++ b/krebs/5pkgs/krebspaste/default.nix
@@ -0,0 +1,7 @@
+{ writeScriptBin, pkgs }:
+
+# TODO: use `wrapProgram --add-flags` instead?
+writeScriptBin "krebspaste" ''
+  #! /bin/sh
+  exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
+''
diff --git a/krebs/5pkgs/translate-shell/default.nix b/krebs/5pkgs/translate-shell/default.nix
new file mode 100644
index 00000000..00ab226e
--- /dev/null
+++ b/krebs/5pkgs/translate-shell/default.nix
@@ -0,0 +1,43 @@
+{stdenv, fetchurl,pkgs,... }:
+let
+  s =
+  rec {
+    baseName="translate-shell";
+    version="0.9.0.9";
+    name="${baseName}-${version}";
+    url=https://github.com/soimort/translate-shell/archive/v0.9.0.9.tar.gz;
+    sha256="1269j4yr9dr1d8c5kmysbzfplbgdg8apqnzs5w57d29sd7gz2i34";
+  };
+  searchpath = with pkgs; stdenv.lib.makeSearchPath "bin" [
+    fribidi
+    gawk
+    bash
+    curl
+    less
+  ];
+  buildInputs = [
+    pkgs.makeWrapper
+  ];
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  src = fetchurl {
+    inherit (s) url sha256;
+  };
+  # TODO: maybe mplayer
+  installPhase = ''
+    mkdir -p $out/bin
+    make PREFIX=$out install
+    wrapProgram $out/bin/trans --suffix PATH : "${searchpath}"
+  '';
+
+  meta = {
+    inherit (s) version;
+    description = ''translate using google api'';
+    license = stdenv.lib.licenses.free;
+    maintainers = [stdenv.lib.maintainers.makefu];
+    platforms = stdenv.lib.platforms.linux ;
+  };
+}
+
diff --git a/krebs/Zhosts/gum b/krebs/Zhosts/gum
index f1eaa4ea..d43bb0d0 100644
--- a/krebs/Zhosts/gum
+++ b/krebs/Zhosts/gum
@@ -2,7 +2,6 @@ Address= 195.154.108.70
 Address= 195.154.108.70 53
 Subnet = 10.243.0.211
 Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
-Aliases = paste
 
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
diff --git a/krebs/Zpubkeys/tv_wu.ssh.pub b/krebs/Zpubkeys/tv_wu.ssh.pub
deleted file mode 100644
index b6e2634e..00000000
--- a/krebs/Zpubkeys/tv_wu.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu
diff --git a/krebs/default.nix b/krebs/default.nix
index 31a7f7d0..bfd6175d 100644
--- a/krebs/default.nix
+++ b/krebs/default.nix
@@ -84,6 +84,7 @@ let out = {
 
       cat<<EOF
       # put following into config.krebs.hosts.$system:
+      ssh.privkey.path = <secrets/ssh.$key_type>;
       ssh.pubkey = $(echo $pubkey | jq -R .);
       EOF
     '';
@@ -178,7 +179,7 @@ let out = {
 
       nix-path =
         lib.concatStringsSep ":"
-          (lib.mapAttrsToList (name: _: "${name}=/root/${name}")
+          (lib.mapAttrsToList (name: src: "${name}=${src.target-path}")
             (config.krebs.build.source.dir //
              config.krebs.build.source.git));
     in ''