From 6c734674da365c2529505a78dea9317f74dec260 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 16 Jan 2019 20:24:53 +0100
Subject: tv q: add sigils

---
 tv/5pkgs/simple/q/default.nix | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix
index cbcec1ba..6c1876ab 100644
--- a/tv/5pkgs/simple/q/default.nix
+++ b/tv/5pkgs/simple/q/default.nix
@@ -14,7 +14,7 @@ let
       assert n >= 1;
       n * calwidth + (n - 1) * hspace;
 
-    pad = ''{
+    pad = /* sh */ ''{
       ${pkgs.gnused}/bin/sed '
             # rtrim
             s/ *$//
@@ -31,7 +31,7 @@ let
               s/^[ 1-9][0-9]/[38;5;238;1m&[39;22m/
             '
     }'';
-  in ''
+  in /* sh */ ''
     cols=$(${pkgs.ncurses}/bin/tput cols)
     ${pkgs.coreutils}/bin/paste \
         <(if test $cols -ge ${toString (need_width 3)}; then
@@ -59,24 +59,24 @@ let
         '
   '';
 
-  q-isodate = ''
+  q-isodate = /* sh */ ''
     ${pkgs.coreutils}/bin/date \
         '+[1m%Y-%m-%d[;30mT[;38;5;085m%H:%M[m:%S%:z'
   '';
 
   # Singapore's red is #ED2E38
-  q-sgtdate = ''
+  q-sgtdate = /* sh */ ''
     TZ=Asia/Singapore \
     ${pkgs.coreutils}/bin/date \
         '+[1m%Y-%m-%d[;30mT[;38;5;088m%H:%M[m:%S%:z'
   '';
 
-  q-utcdate = ''
+  q-utcdate = /* sh */ ''
     ${pkgs.coreutils}/bin/date -u \
         '+[1m%Y-%m-%d[;30mT[;38;5;065m%H:%M[m:%S%:z'
   '';
 
-  q-gitdir = ''
+  q-gitdir = /* sh */ ''
     if test -d .git; then
       #git status --porcelain
       branch=$(
@@ -87,7 +87,7 @@ let
     fi
   '';
 
-  q-intel_backlight = ''
+  q-intel_backlight = /* sh */ ''
     cd /sys/class/backlight/intel_backlight
     </dev/null exec ${pkgs.gawk}/bin/awk '
       END {
@@ -227,11 +227,11 @@ let
     done
   '';
 
-  q-virtualization = ''
+  q-virtualization = /* sh */ ''
     echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)"
   '';
 
-  q-wireless = ''
+  q-wireless = /* sh */ ''
     for dev in $(
       ${pkgs.iw}/bin/iw dev \
         | ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
@@ -250,7 +250,7 @@ let
     done
   '';
 
-  q-online = ''
+  q-online = /* sh */ ''
     if ${pkgs.curl}/bin/curl -s google.com >/dev/null; then
       echo '[32;1monline[m'
     else
@@ -258,7 +258,7 @@ let
     fi
   '';
 
-  q-thermal_zone = ''
+  q-thermal_zone = /* sh */ ''
     for i in /sys/class/thermal/thermal_zone*; do
       type=$(${pkgs.coreutils}/bin/cat $i/type)
       temp=$(${pkgs.coreutils}/bin/cat $i/temp)
@@ -266,7 +266,7 @@ let
     done
   '';
 
-  q-todo = ''
+  q-todo = /* sh */ ''
     TODO_file=$PWD/TODO
     if test -e "$TODO_file"; then
       ${pkgs.coreutils}/bin/cat "$TODO_file" \
-- 
cgit v1.2.3


From 0ef96fc0cf8bf85be36f2911923a91143a484fdc Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 16 Jan 2019 20:25:17 +0100
Subject: tv q-todo: awk,bash,cat,date -> jq

---
 tv/5pkgs/simple/q/default.nix | 33 +++++++++++++--------------------
 1 file changed, 13 insertions(+), 20 deletions(-)

diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix
index 6c1876ab..0e2aecb2 100644
--- a/tv/5pkgs/simple/q/default.nix
+++ b/tv/5pkgs/simple/q/default.nix
@@ -269,26 +269,19 @@ let
   q-todo = /* sh */ ''
     TODO_file=$PWD/TODO
     if test -e "$TODO_file"; then
-      ${pkgs.coreutils}/bin/cat "$TODO_file" \
-        | ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) '
-            BEGIN { print "remind=0" }
-            /^[0-9]/{
-              x = $1
-              gsub(".", "\\\\&", x)
-              rest = substr($0, index($0, " "))
-              rest = $0
-              sub(" *", "", rest)
-              gsub(".", "\\\\&", rest)
-              print "test $(${pkgs.coreutils}/bin/date +%s -d"x") -lt "now" && \
-                echo \"\x1b[38;5;208m\""rest esc "\"\x1b[m\" && \
-                (( remind++ ))"
-            }
-            END { print "test $remind = 0 && echo \"nothing to remind\"" }
-          ' \
-        | {
-          # bash needed for (( ... ))
-          ${pkgs.bash}/bin/bash
-        }
+      ${pkgs.jq}/bin/jq -Rrs <"$TODO_file" -f ${pkgs.writeJq "q-todo.jq" ''
+        split("\n") | map(
+          (match("^([0-9]+-\\d{2}-\\d{2})\\s+(.*)$").captures | map(.string))
+            as $captures |
+          ($captures[0] | strptime("%Y-%m-%d") | mktime) as $date |
+          $captures[1] as $text |
+
+          select(now >= $date) |
+
+          "\u001b[38;5;208m\(.)\u001b[m"
+        ) |
+        if length == 0 then "nothing to remind" else .[] end
+      ''}
     else
       echo "$TODO_file: no such file or directory"
     fi
-- 
cgit v1.2.3


From ce1baf93f264a43971130abca4b3dd3f485a17d9 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 16 Jan 2019 20:34:10 +0100
Subject: tv q-todo: highlight urgent stuff

---
 tv/5pkgs/simple/q/default.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix
index 0e2aecb2..7906b968 100644
--- a/tv/5pkgs/simple/q/default.nix
+++ b/tv/5pkgs/simple/q/default.nix
@@ -278,7 +278,11 @@ let
 
           select(now >= $date) |
 
-          "\u001b[38;5;208m\(.)\u001b[m"
+          ($text | test("\\[URGENT]"; "i")) as $urgent |
+          (if $urgent then "38;5;196" else "38;5;208" end) as $sgr |
+          if $urgent then sub("\\s*\\[URGENT]\\s*"; " "; "i") else . end |
+
+          "\u001b[\($sgr)m\(.)\u001b[m"
         ) |
         if length == 0 then "nothing to remind" else .[] end
       ''}
-- 
cgit v1.2.3


From c4be6cf076a9af9fc435992bcb2e42337fa7776e Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 18 Jan 2019 13:58:42 +0100
Subject: blessings: 1.2.0 -> 1.3.0

---
 krebs/5pkgs/haskell/blessings.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix
index 59c5b798..19f8da19 100644
--- a/krebs/5pkgs/haskell/blessings.nix
+++ b/krebs/5pkgs/haskell/blessings.nix
@@ -7,8 +7,8 @@ with import <stockholm/lib>;
       sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
     };
     "18.09" = {
-      version = "1.2.0";
-      sha256 = "03hz43ixww0h4fwxqrlrlvmj3pxswhb50ijaapwjz8457il2r300";
+      version = "1.3.0";
+      sha256 = "1y9jhh9pchrr48zgfib2jip97x1fkm7qb1gnfx477rmmryjs500h";
     };
   }.${versions.majorMinor nixpkgsVersion};
 
-- 
cgit v1.2.3


From 9f2a6465666ee7a69d9261beee0e5ab3cd133933 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 21 Jan 2019 10:09:16 +0100
Subject: krebs: move github known hosts to dedicated file

---
 krebs/3modules/default.nix            | 26 +----------------------
 krebs/3modules/github-known-hosts.nix | 40 +++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 25 deletions(-)
 create mode 100644 krebs/3modules/github-known-hosts.nix

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 2e7c61fb..0b785c0c 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -23,6 +23,7 @@ let
       ./exim-smarthost.nix
       ./fetchWallpaper.nix
       ./github-hosts-sync.nix
+      ./github-known-hosts.nix
       ./git.nix
       ./go.nix
       ./hidden-ssh.nix
@@ -238,31 +239,6 @@ let
             };
           })
         //
-        {
-          github = {
-            hostNames = [
-              "github.com"
-              # List generated with
-              # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
-              "192.30.252.*"
-              "192.30.253.*"
-              "192.30.254.*"
-              "192.30.255.*"
-              "185.199.108.*"
-              "185.199.109.*"
-              "185.199.110.*"
-              "185.199.111.*"
-              "13.229.188.59"
-              "13.250.177.223"
-              "18.194.104.89"
-              "18.195.85.27"
-              "35.159.8.160"
-              "52.74.223.119"
-            ];
-            publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
-          };
-        }
-        //
         mapAttrs
           (name: host: {
             hostNames =
diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix
new file mode 100644
index 00000000..def06f17
--- /dev/null
+++ b/krebs/3modules/github-known-hosts.nix
@@ -0,0 +1,40 @@
+{
+  services.openssh.knownHosts.github = {
+    hostNames = [
+      "github.com"
+      # List generated with
+      # curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R .
+      "192.30.252.*"
+      "192.30.253.*"
+      "192.30.254.*"
+      "192.30.255.*"
+      "185.199.108.*"
+      "185.199.109.*"
+      "185.199.110.*"
+      "185.199.111.*"
+      "140.82.112.*"
+      "140.82.113.*"
+      "140.82.114.*"
+      "140.82.115.*"
+      "140.82.116.*"
+      "140.82.117.*"
+      "140.82.118.*"
+      "140.82.119.*"
+      "140.82.120.*"
+      "140.82.121.*"
+      "140.82.122.*"
+      "140.82.123.*"
+      "140.82.124.*"
+      "140.82.125.*"
+      "140.82.126.*"
+      "140.82.127.*"
+      "13.229.188.59"
+      "13.250.177.223"
+      "18.194.104.89"
+      "18.195.85.27"
+      "35.159.8.160"
+      "52.74.223.119"
+    ];
+    publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
+  };
+}
-- 
cgit v1.2.3


From 9082adf6878b5f917efc633cba63932d94942d13 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 21 Jan 2019 10:22:18 +0100
Subject: krebs: move exim aliases to dedicated file

---
 krebs/2configs/exim-smarthost.nix | 50 +++++++++++++++++++++++++++++++++++++++
 krebs/3modules/default.nix        | 45 -----------------------------------
 2 files changed, 50 insertions(+), 45 deletions(-)
 create mode 100644 krebs/2configs/exim-smarthost.nix

diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix
new file mode 100644
index 00000000..5dc24f1d
--- /dev/null
+++ b/krebs/2configs/exim-smarthost.nix
@@ -0,0 +1,50 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+
+  format = from: to: {
+    inherit from;
+    # TODO assert is-retiolum-mail-address to;
+    to = concatMapStringsSep "," (getAttr "mail") (toList to);
+  };
+
+in {
+  krebs.exim-smarthost.internet-aliases =
+    mapAttrsToList format (with config.krebs.users; let
+      brain-ml = [
+        lass
+        makefu
+        tv
+      ];
+      eloop-ml = spam-ml ++ [ ciko ];
+      spam-ml = [
+        lass
+        makefu
+        tv
+      ];
+      ciko.mail = "ciko@slash16.net";
+    in {
+      "anmeldung@eloop.org" = eloop-ml;
+      "brain@krebsco.de" = brain-ml;
+      "cfp@eloop.org" = eloop-ml;
+      "kontakt@eloop.org" = eloop-ml;
+      "root@eloop.org" = eloop-ml;
+      "youtube@eloop.org" = eloop-ml;
+      "eloop2016@krebsco.de" = eloop-ml;
+      "eloop2017@krebsco.de" = eloop-ml;
+      "postmaster@krebsco.de" = spam-ml; # RFC 822
+      "lass@krebsco.de" = lass;
+      "makefu@krebsco.de" = makefu;
+      "spam@krebsco.de" = spam-ml;
+      "tv@krebsco.de" = tv;
+      # XXX These are no internet aliases
+      # XXX exim-retiolum hosts should be able to relay to retiolum addresses
+      "lass@retiolum" = lass;
+      "makefu@retiolum" = makefu;
+      "spam@retiolum" = spam-ml;
+      "tv@retiolum" = tv;
+      "lass@r" = lass;
+      "makefu@r" = makefu;
+      "spam@r" = spam-ml;
+      "tv@r" = tv;
+    });
+}
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 0b785c0c..7b0f4ebf 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -180,51 +180,6 @@ let
             '';
           };
 
-      krebs.exim-smarthost.internet-aliases = let
-        format = from: to: {
-          inherit from;
-          # TODO assert is-retiolum-mail-address to;
-          to = concatMapStringsSep "," (getAttr "mail") (toList to);
-        };
-      in mapAttrsToList format (with config.krebs.users; let
-        brain-ml = [
-          lass
-          makefu
-          tv
-        ];
-        eloop-ml = spam-ml ++ [ ciko ];
-        spam-ml = [
-          lass
-          makefu
-          tv
-        ];
-        ciko.mail = "ciko@slash16.net";
-      in {
-        "anmeldung@eloop.org" = eloop-ml;
-        "brain@krebsco.de" = brain-ml;
-        "cfp@eloop.org" = eloop-ml;
-        "kontakt@eloop.org" = eloop-ml;
-        "root@eloop.org" = eloop-ml;
-        "youtube@eloop.org" = eloop-ml;
-        "eloop2016@krebsco.de" = eloop-ml;
-        "eloop2017@krebsco.de" = eloop-ml;
-        "postmaster@krebsco.de" = spam-ml; # RFC 822
-        "lass@krebsco.de" = lass;
-        "makefu@krebsco.de" = makefu;
-        "spam@krebsco.de" = spam-ml;
-        "tv@krebsco.de" = tv;
-        # XXX These are no internet aliases
-        # XXX exim-retiolum hosts should be able to relay to retiolum addresses
-        "lass@retiolum" = lass;
-        "makefu@retiolum" = makefu;
-        "spam@retiolum" = spam-ml;
-        "tv@retiolum" = tv;
-        "lass@r" = lass;
-        "makefu@r" = makefu;
-        "spam@r" = spam-ml;
-        "tv@r" = tv;
-      });
-
       services.openssh.hostKeys =
         let inherit (config.krebs.build.host.ssh) privkey; in
         mkIf (privkey != null) (mkForce [privkey]);
-- 
cgit v1.2.3


From da79d23ebbc0c3fb7c579b366f29fb3744948706 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 21 Jan 2019 10:32:15 +0100
Subject: krebs: move dns stuff to dedicated file

---
 krebs/3modules/default.nix  | 26 ++++++++------------------
 krebs/3modules/dns.nix      | 12 ++++++++++++
 lass/2configs/default.nix   |  1 -
 makefu/2configs/default.nix |  1 -
 4 files changed, 20 insertions(+), 20 deletions(-)
 create mode 100644 krebs/3modules/dns.nix

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 7b0f4ebf..21d68ef3 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -18,6 +18,7 @@ let
       ./charybdis.nix
       ./ci.nix
       ./current.nix
+      ./dns.nix
       ./exim.nix
       ./exim-retiolum.nix
       ./exim-smarthost.nix
@@ -59,12 +60,6 @@ let
   api = {
     enable = mkEnableOption "krebs";
 
-    dns = {
-      providers = mkOption {
-        type = with types; attrsOf str;
-      };
-    };
-
     hosts = mkOption {
       type = with types; attrsOf host;
       default = {};
@@ -74,13 +69,6 @@ let
       type = with types; attrsOf user;
     };
 
-    # XXX is there a better place to define search-domain?
-    # TODO search-domains :: listOf hostname
-    search-domain = mkOption {
-      type = types.hostname;
-      default = "r";
-    };
-
     sitemap = mkOption {
       default = {};
       type = types.attrsOf types.sitemap.entry;
@@ -126,6 +114,8 @@ let
         w = "hosts";
       };
 
+      krebs.dns.search-domain = mkDefault "r";
+
       krebs.users = {
         krebs = {
           home = "/krebs";
@@ -147,7 +137,7 @@ let
             let
               aliases = longs ++ shorts;
               longs = filter check net.aliases;
-              shorts = let s = ".${cfg.search-domain}"; in
+              shorts = let s = ".${cfg.dns.search-domain}"; in
                 map (removeSuffix s) (filter (hasSuffix s) longs);
             in
               optionals
@@ -203,8 +193,8 @@ let
                     let
                       longs = net.aliases;
                       shorts =
-                        map (removeSuffix ".${cfg.search-domain}")
-                            (filter (hasSuffix ".${cfg.search-domain}")
+                        map (removeSuffix ".${cfg.dns.search-domain}")
+                            (filter (hasSuffix ".${cfg.dns.search-domain}")
                                     longs);
                       add-port = a:
                         if net.ssh.port != 22
@@ -228,8 +218,8 @@ let
           (concatMap (host: attrValues host.nets)
             (mapAttrsToList
               (_: host: recursiveUpdate host
-                (optionalAttrs (hasAttr config.krebs.search-domain host.nets) {
-                  nets."" = host.nets.${config.krebs.search-domain} // {
+                (optionalAttrs (hasAttr cfg.dns.search-domain host.nets) {
+                  nets."" = host.nets.${cfg.dns.search-domain} // {
                     aliases = [host.name];
                     addrs = [];
                   };
diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix
new file mode 100644
index 00000000..b7e2a2cb
--- /dev/null
+++ b/krebs/3modules/dns.nix
@@ -0,0 +1,12 @@
+with import <stockholm/lib>;
+{
+  options = {
+    krebs.dns.providers = mkOption {
+      type = types.attrsOf types.str;
+    };
+
+    krebs.dns.search-domain = mkOption {
+      type = types.hostname;
+    };
+  };
+}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 62a42baf..69e697a1 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -72,7 +72,6 @@ with import <stockholm/lib>;
 
   krebs = {
     enable = true;
-    search-domain = "r";
     build.user = config.krebs.users.lass;
   };
 
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 61cba86d..cbfb4da1 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -36,7 +36,6 @@ with import <stockholm/lib>;
     enable = true;
 
     dns.providers.lan  = "hosts";
-    search-domain = "r";
     build.user = config.krebs.users.makefu;
   };
 
-- 
cgit v1.2.3


From 799f132d588f2a5f6c6dabc43e862c90d9efa4b7 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 21 Jan 2019 10:54:01 +0100
Subject: krebs: move retiolum-hosts to dedicated file

---
 krebs/3modules/default.nix        | 24 +-----------------------
 krebs/3modules/retiolum-hosts.nix | 28 ++++++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 23 deletions(-)
 create mode 100644 krebs/3modules/retiolum-hosts.nix

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 21d68ef3..ea4d03ad 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -43,6 +43,7 @@ let
       ./Reaktor.nix
       ./realwallpaper.nix
       ./retiolum-bootstrap.nix
+      ./retiolum-hosts.nix
       ./rtorrent.nix
       ./secret.nix
       ./setuid.nix
@@ -147,29 +148,6 @@ let
         ) cfg.hosts
       ));
 
-      # TODO dedup with networking.extraHosts
-      nixpkgs.config.packageOverrides = oldpkgs:
-        let
-          domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers);
-          check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
-        in
-          {
-            retiolum-hosts = oldpkgs.writeText "retiolum-hosts" ''
-              ${concatStringsSep "\n" (flatten (
-                map (host:
-                    let
-                      net = host.nets.retiolum;
-                      aliases = longs;
-                      longs = filter check net.aliases;
-                    in
-                      optionals
-                        (aliases != [])
-                        (map (addr: "${addr} ${toString aliases}") net.addrs)
-                ) (filter (host: hasAttr "retiolum" host.nets)
-                          (attrValues cfg.hosts))))}
-            '';
-          };
-
       services.openssh.hostKeys =
         let inherit (config.krebs.build.host.ssh) privkey; in
         mkIf (privkey != null) (mkForce [privkey]);
diff --git a/krebs/3modules/retiolum-hosts.nix b/krebs/3modules/retiolum-hosts.nix
new file mode 100644
index 00000000..2821d62d
--- /dev/null
+++ b/krebs/3modules/retiolum-hosts.nix
@@ -0,0 +1,28 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+  # TODO dedup functions with networking.extraHosts
+  check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
+  domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
+in {
+  nixpkgs.config.packageOverrides = super: {
+    retiolum-hosts =
+      super.writeText "retiolum-hosts" ''
+        ${
+          concatStringsSep
+            "\n"
+            (flatten
+              (map
+                (host: let
+                  net = host.nets.retiolum;
+                  aliases = longs;
+                  longs = filter check net.aliases;
+                in
+                  optionals
+                    (aliases != [])
+                    (map (addr: "${addr} ${toString aliases}") net.addrs))
+                (filter (host: hasAttr "retiolum" host.nets)
+                        (attrValues config.krebs.hosts))))
+        }
+      '';
+  };
+}
-- 
cgit v1.2.3


From af0463b23493d8c31ce725beb8ff5a2fd0398001 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 21 Jan 2019 11:04:37 +0100
Subject: krebs: move hosts to dedeicated file

---
 krebs/3modules/default.nix        | 25 +------------------------
 krebs/3modules/hosts.nix          | 36 ++++++++++++++++++++++++++++++++++++
 krebs/3modules/retiolum-hosts.nix |  2 +-
 3 files changed, 38 insertions(+), 25 deletions(-)
 create mode 100644 krebs/3modules/hosts.nix

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index ea4d03ad..bb69bfad 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -28,6 +28,7 @@ let
       ./git.nix
       ./go.nix
       ./hidden-ssh.nix
+      ./hosts.nix
       ./htgen.nix
       ./iana-etc.nix
       ./iptables.nix
@@ -61,11 +62,6 @@ let
   api = {
     enable = mkEnableOption "krebs";
 
-    hosts = mkOption {
-      type = with types; attrsOf host;
-      default = {};
-    };
-
     users = mkOption {
       type = with types; attrsOf user;
     };
@@ -129,25 +125,6 @@ let
         };
       };
 
-      networking.extraHosts = let
-        domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers);
-        check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
-      in concatStringsSep "\n" (flatten (
-        mapAttrsToList (hostname: host:
-          mapAttrsToList (netname: net:
-            let
-              aliases = longs ++ shorts;
-              longs = filter check net.aliases;
-              shorts = let s = ".${cfg.dns.search-domain}"; in
-                map (removeSuffix s) (filter (hasSuffix s) longs);
-            in
-              optionals
-                (aliases != [])
-                (map (addr: "${addr} ${toString aliases}") net.addrs)
-          ) (filterAttrs (name: host: host.aliases != []) host.nets)
-        ) cfg.hosts
-      ));
-
       services.openssh.hostKeys =
         let inherit (config.krebs.build.host.ssh) privkey; in
         mkIf (privkey != null) (mkForce [privkey]);
diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix
new file mode 100644
index 00000000..a95557b3
--- /dev/null
+++ b/krebs/3modules/hosts.nix
@@ -0,0 +1,36 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+  # TODO dedup functions with ./retiolum-hosts.nix
+  check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
+  domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
+in {
+
+  options = {
+    krebs.hosts = mkOption {
+      default = {};
+      type = types.attrsOf types.host;
+    };
+  };
+
+  config = {
+    networking.extraHosts =
+      concatStringsSep
+        "\n"
+        (flatten
+          (mapAttrsToList
+            (hostname: host:
+              mapAttrsToList
+                (netname: net: let
+                  aliases = longs ++ shorts;
+                  longs = filter check net.aliases;
+                  shorts = let s = ".${config.krebs.dns.search-domain}"; in
+                    map (removeSuffix s) (filter (hasSuffix s) longs);
+                in
+                  optionals
+                    (aliases != [])
+                    (map (addr: "${addr} ${toString aliases}") net.addrs))
+                (filterAttrs (name: host: host.aliases != []) host.nets))
+            config.krebs.hosts));
+  };
+
+}
diff --git a/krebs/3modules/retiolum-hosts.nix b/krebs/3modules/retiolum-hosts.nix
index 2821d62d..ddf85ead 100644
--- a/krebs/3modules/retiolum-hosts.nix
+++ b/krebs/3modules/retiolum-hosts.nix
@@ -1,6 +1,6 @@
 with import <stockholm/lib>;
 { config, ... }: let
-  # TODO dedup functions with networking.extraHosts
+  # TODO dedup functions with ./hosts.nix
   check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
   domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
 in {
-- 
cgit v1.2.3