7 files changed, 34 insertions, 149 deletions
diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix
new file mode 100644
index 00000000..b814d718
--- /dev/null
+++ b/lass/1systems/dishfire/config.nix
@@ -0,0 +1,10 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    <stockholm/lass>
+    <stockholm/lass/2configs/retiolum.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.dishfire;
+}
diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix
new file mode 100644
index 00000000..ca013132
--- /dev/null
+++ b/lass/1systems/dishfire/physical.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    ./config.nix
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+  boot.loader.grub.devices = [ "/dev/sda" ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/84053adc-49bc-4e02-8a19-3838bf3a43fd";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 95b68859..88ac90de 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -183,35 +183,6 @@ with import <stockholm/lib>;
   users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
   virtualisation.docker.enable = true;
 
-  lass.restic = genAttrs [
-    "daedalus"
-    "icarus"
-    "littleT"
-    "prism"
-    "shodan"
-    "skynet"
-  ] (dest: {
-    dirs = [
-      "/home/lass/src"
-      "/home/lass/work"
-      "/home/lass/.gnupg"
-      "/home/lass/Maildir"
-      "/home/lass/stockholm"
-      "/home/lass/.password-store"
-      "/home/bitcoin"
-      "/home/bch"
-    ];
-    passwordFile = (toString <secrets>) + "/restic/${dest}";
-    repo = "sftp:backup@${dest}.r:/backups/mors";
-    #sshPrivateKey = config.krebs.build.host.ssh.privkey.path;
-    extraArguments = [
-      "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
-    ];
-    timerConfig = {
-      OnCalendar = "00:05";
-      RandomizedDelaySec = "5h";
-    };
-  });
   virtualisation.libvirtd.enable = true;
 
   services.earlyoom = {
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 91922e5c..c3fbc209 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -215,6 +215,8 @@ with import <stockholm/lib>;
     noipv4ll
   '';
 
+  documentation.nixos.includeAllModules = true;
+
   # use 24:00 time format, the default got sneakily changed around 20.03
   i18n.defaultLocale = mkDefault "C.UTF-8";
   time.timeZone = mkDefault"Europe/Berlin";
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 1ce88b23..570bb45b 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -9,7 +9,6 @@ _:
     ./news.nix
     ./nichtparasoup.nix
     ./pyload.nix
-    ./restic.nix
     ./screenlock.nix
     ./usershadow.nix
     ./xjail.nix
diff --git a/lass/3modules/restic.nix b/lass/3modules/restic.nix
deleted file mode 100644
index c720793b..00000000
--- a/lass/3modules/restic.nix
+++ /dev/null
@@ -1,119 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
-  options.lass.restic = mkOption {
-    type = types.attrsOf (types.submodule ({ config, ... }: {
-      options = {
-        name = mkOption {
-          type = types.str;
-          default = config._module.args.name;
-        };
-        passwordFile = mkOption {
-          type = types.str;
-          default = toString <secrets/restic-password>;
-          description = ''
-            read the repository password from a file.
-          '';
-          example = "/etc/nixos/restic-password";
-
-        };
-        repo = mkOption {
-          type = types.str;
-          default = "sftp:backup@prism.r:/backups/${config.name}";
-          description = ''
-            repository to backup to.
-          '';
-          example = "sftp:backup@192.168.1.100:/backups/${config.name}";
-        };
-        dirs = mkOption {
-          type = types.listOf types.str;
-          default = [];
-          description = ''
-            which directories to backup.
-          '';
-          example = [
-            "/var/lib/postgresql"
-            "/home/user/backup"
-          ];
-        };
-        timerConfig = mkOption {
-          type = types.attrsOf types.str;
-          default = {
-            OnCalendar = "daily";
-          };
-          description = ''
-            When to run the backup. See man systemd.timer for details.
-          '';
-          example = {
-            OnCalendar = "00:05";
-            RandomizedDelaySec = "5h";
-          };
-        };
-        user = mkOption {
-          type = types.str;
-          default = "root";
-          description = ''
-            As which user the backup should run.
-          '';
-          example = "postgresql";
-        };
-        extraArguments = mkOption {
-          type = types.listOf types.str;
-          default = [];
-          description = ''
-            Extra arguments to append to the restic command.
-          '';
-          example = [
-            "sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp"
-          ];
-        };
-        initialize = mkOption {
-          type = types.bool;
-          default = false;
-          description = ''
-            Create the repository if it doesn't exist.
-          '';
-        };
-      };
-    }));
-    default = {};
-  };
-
-  config = {
-    systemd.services =
-      mapAttrs' (_: plan:
-        let
-          extraArguments = concatMapStringsSep " " (arg: "-o ${arg}") plan.extraArguments;
-          connectTo = elemAt (splitString ":" plan.repo) 1;
-          resticCmd = "${pkgs.restic}/bin/restic ${extraArguments}";
-        in nameValuePair "backup.${plan.name}" {
-          environment = {
-            RESTIC_PASSWORD_FILE = plan.passwordFile;
-            RESTIC_REPOSITORY = plan.repo;
-          };
-          path = with pkgs; [
-            openssh
-          ];
-          restartIfChanged = false;
-          serviceConfig = {
-            ExecStartPre = mkIf plan.initialize (pkgs.writeScript "rustic-${plan.name}-init" ''
-              #! ${pkgs.bash}/bin/bash
-              ${resticCmd} snapshots || ${resticCmd} init
-            '');
-            ExecStart = pkgs.writeDash "rustic-${plan.name}" (
-              "#! ${pkgs.bash}/bin/bash\n" +
-              concatMapStringsSep "\n" (dir: "${resticCmd} backup ${dir}") plan.dirs
-            );
-            User = plan.user;
-          };
-        }
-      ) config.lass.restic;
-    systemd.timers =
-      mapAttrs' (_: plan: nameValuePair "backup.${plan.name}" {
-        wantedBy = [ "timers.target" ];
-        timerConfig = plan.timerConfig;
-      }) config.lass.restic;
-  };
-}
diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix
index 526e12db..f94e7ebb 100644
--- a/lass/3modules/xjail.nix
+++ b/lass/3modules/xjail.nix
@@ -48,6 +48,7 @@ with import <stockholm/lib>;
         wm = mkOption {
           #TODO find type
           type = types.str;
+          defaultText = "‹script›";
           default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" {
             executables.xmonad = {
               extra-depends = [