From d9cc50653d0c7998052284cfb66b2229e0ce849b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 30 Jun 2017 22:36:25 +0200
Subject: ma gen-oath-safe: init

---
 makefu/5pkgs/gen-oath-safe/default.nix | 37 ++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 makefu/5pkgs/gen-oath-safe/default.nix

diff --git a/makefu/5pkgs/gen-oath-safe/default.nix b/makefu/5pkgs/gen-oath-safe/default.nix
new file mode 100644
index 00000000..245e6517
--- /dev/null
+++ b/makefu/5pkgs/gen-oath-safe/default.nix
@@ -0,0 +1,37 @@
+{ coreutils, makeWrapper, openssl, libcaca, qrencode, fetchFromGitHub, yubikey-manager, python, stdenv, ... }:
+
+stdenv.mkDerivation {
+  name = "geno-oath-safe-2017-06-30";
+  src = fetchFromGitHub {
+    owner = "mcepl";
+    repo = "gen-oath-safe";
+    rev = "fb53841";
+    sha256 = "0018kqmhg0861r5xkbis2a1rx49gyn0dxcyj05wap5ms7zz69m0m";
+  };
+
+  phases = [
+    "unpackPhase"
+    "installPhase"
+    "fixupPhase"
+  ];
+
+  buildInputs = [ makeWrapper ];
+
+  installPhase =
+    let
+      path = stdenv.lib.makeBinPath [
+        coreutils
+        openssl
+        qrencode
+        yubikey-manager
+        libcaca
+        python
+      ];
+    in
+    ''
+      mkdir -p $out/bin
+      cp gen-oath-safe $out/bin/
+      wrapProgram $out/bin/gen-oath-safe \
+        --prefix PATH : ${path}
+    '';
+}
-- 
cgit v1.2.3


From 7cd2ff2679b688e8fa0c98bc9ecf1d99602c0421 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 30 Jun 2017 23:49:05 +0200
Subject: ma 2fa: init and enable for gum

---
 makefu/1systems/gum.nix       |  3 +++
 makefu/2configs/sshd-totp.nix | 18 ++++++++++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 makefu/2configs/sshd-totp.nix

diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 519313f5..6e57d140 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -26,6 +26,9 @@ in {
       ../2configs/tinc/retiolum.nix
       ../2configs/urlwatch.nix
 
+      # Security
+      ../2configs/sshd-totp.nix
+
       # Tools
       ../2configs/tools/core.nix
       ../2configs/tools/dev.nix
diff --git a/makefu/2configs/sshd-totp.nix b/makefu/2configs/sshd-totp.nix
new file mode 100644
index 00000000..f9984e24
--- /dev/null
+++ b/makefu/2configs/sshd-totp.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+# Enables second factor for ssh password login
+
+## Usage:
+#  gen-oath-safe <username> totp
+## scan the qrcode with google authenticator (or FreeOTP)
+## copy last line into secrets/<host>/users.oath (chmod 700)
+{
+  security.pam.oath = {
+    # enabling it will make it a requisite of `all` services
+    # enable = true;
+    digits = 6;
+    # TODO assert existing
+    usersFile = (toString <secrets>) + "/users.oath";
+  };
+  # I want TFA only active for sshd with password-auth
+  security.pam.services.sshd.oathAuth = true;
+}
-- 
cgit v1.2.3


From 09e31fb8a27d1f9f7acfc1f40f0b2ae598a22e34 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 1 Jul 2017 01:10:31 +0200
Subject: ma lancache: retab

---
 makefu/2configs/lanparty/lancache.nix | 59 ++++++++++++++++++-----------------
 1 file changed, 30 insertions(+), 29 deletions(-)

diff --git a/makefu/2configs/lanparty/lancache.nix b/makefu/2configs/lanparty/lancache.nix
index ff5b0d78..3df2e3f5 100644
--- a/makefu/2configs/lanparty/lancache.nix
+++ b/makefu/2configs/lanparty/lancache.nix
@@ -36,38 +36,39 @@ let
   };
 in {
   systemd.services.nginx-lancache = {
-      description = "Nginx lancache Server";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-      restartIfChanged = true;
+    description = "Nginx lancache Server";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    restartIfChanged = true;
 
-      preStart = ''
-        mkdir -p ${cfg.statedir} && cd ${cfg.statedir}
-        PATH_CACHE=$PATH_BASE/cache
-        PATH_LOGS=$PATH_BASE/logs
+    preStart = ''
+      mkdir -p ${cfg.statedir} && cd ${cfg.statedir}
+      PATH_CACHE=$PATH_BASE/cache
+      PATH_LOGS=$PATH_BASE/logs
 
-        mkdir -p cache/{installers,tmp} logs
-        rm -f conf; ln -s ${lancache} conf
-        chown -R ${cfg.user}:${cfg.group} .
-        '';
-      serviceConfig = {
-        ExecStart = "${cfg.package}/bin/nginx  -p ${cfg.statedir}";
-        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
-        Restart = "always";
-        RestartSec = "10s";
-        StartLimitInterval = "1min";
-      };
+      mkdir -p cache/{installers,tmp} logs
+      rm -f conf; ln -s ${lancache} conf
+      chown -R ${cfg.user}:${cfg.group} .
+      '';
+    serviceConfig = {
+      ExecStart = "${cfg.package}/bin/nginx  -p ${cfg.statedir}";
+      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+      Restart = "always";
+      RestartSec = "10s";
+      StartLimitInterval = "1min";
     };
-    environment.etc.nginx.source = lancache;
-      users.extraUsers = (singleton
-    { name = cfg.user;
-      group = cfg.group;
-      uid = genid cfg.group;
-    });
+  };
 
-    users.extraGroups = (singleton
-      { name = "${cfg.group}";
-        gid = genid cfg.group;
-    });
+  environment.etc.nginx.source = lancache;
+    users.extraUsers = (singleton
+  { name = cfg.user;
+    group = cfg.group;
+    uid = genid cfg.group;
+  });
 
+  users.extraGroups = (singleton
+    { name = "${cfg.group}";
+      gid = genid cfg.group;
+  });
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
-- 
cgit v1.2.3


From 4d9d70c6cc7c47cf62a83e838d70134c33594065 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 1 Jul 2017 01:11:31 +0200
Subject: ma: add gen-oath-safe to dev tools

---
 makefu/2configs/tools/dev.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index e40f5b36..42006eb2 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -14,5 +14,6 @@
     ovh-zone
     whatsupnix
     brain
+    gen-oath-safe
   ];
 }
-- 
cgit v1.2.3


From d95039620550368bcee37f74d9828db97d38722f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 1 Jul 2017 01:12:52 +0200
Subject: ma vbob: enable totp

---
 makefu/1systems/vbob.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index b79ec64c..d8e275bf 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -8,6 +8,7 @@
       (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
       (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
       ../2configs/main-laptop.nix #< base-gui
+      ../2configs/sshd-totp.nix
 
       # Tools
       ../2configs/tools/core.nix
-- 
cgit v1.2.3


From 38a9f8f6d51bbaa83c7bbd50525844a3039f53fc Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 1 Jul 2017 01:13:28 +0200
Subject: ma x.r: enable 2fa for sshd

---
 makefu/1systems/x.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix
index b37c3294..235862e8 100644
--- a/makefu/1systems/x.nix
+++ b/makefu/1systems/x.nix
@@ -19,6 +19,8 @@ with import <stockholm/lib>;
       # ../2configs/disable_v6.nix
 
       # Testing
+      # ../2configs/lanparty/lancache.nix
+      # ../2configs/lanparty/lancache-dns.nix
       # ../2configs/deployment/dirctator.nix
       # ../2configs/vncserver.nix
       # ../2configs/deployment/led-fader
@@ -58,6 +60,9 @@ with import <stockholm/lib>;
       # Filesystem
       ../2configs/fs/sda-crypto-root-home.nix
 
+      # Security
+      ../2configs/sshd-totp.nix
+
     ];
 
   makefu.server.primary-itf = "wlp3s0";
-- 
cgit v1.2.3


From 01a4ed89c72af0beefd2ba4bcd894017002720ff Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 2 Jul 2017 12:41:14 +0200
Subject: gum.r: provide iodine endpoint

gum now runs io.krebsco.de (was configured before but not exposed
via the DNS zone file)
---
 krebs/3modules/makefu/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 4c0ce0fe..c517ac1d 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -308,7 +308,6 @@ with import <stockholm/lib>;
       extraZones = {
         "krebsco.de" = ''
           wry               IN A      ${nets.internet.ip4.addr}
-          io                IN NS     wry.krebsco.de.
           tinc              IN A      ${nets.internet.ip4.addr}
         '';
       };
@@ -470,6 +469,7 @@ with import <stockholm/lib>;
           wiki.euer         IN A      ${nets.internet.ip4.addr}
           graph             IN A      ${nets.internet.ip4.addr}
           ghook             IN A      ${nets.internet.ip4.addr}
+          io                IN NS     gum.krebsco.de.
         '';
       };
       nets = rec {
-- 
cgit v1.2.3


From c36d644059049dba69cf4e5a072f2c5b4c6f5856 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 2 Jul 2017 21:06:04 +0200
Subject: urlwatch: set dataDir to home of urlwatch user

otherwise /var/empty will be used which then will clash
with exim which tries to create Maildir in this folder
explicitly setting the home directory in users also
avoids the usage of execstartpre in favor of createHome
---
 krebs/3modules/urlwatch.nix | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix
index c06e5ddb..380e30ae 100644
--- a/krebs/3modules/urlwatch.nix
+++ b/krebs/3modules/urlwatch.nix
@@ -142,17 +142,6 @@ let
         PrivateTmp = "true";
         SyslogIdentifier = "urlwatch";
         Type = "oneshot";
-        ExecStartPre =
-          pkgs.writeDash "urlwatch-prestart" ''
-            set -euf
-
-            dataDir=$HOME
-
-            if ! test -e "$dataDir"; then
-              mkdir -m 0700 -p "$dataDir"
-              chown ${user.name}: "$dataDir"
-            fi
-          '';
         ExecStart = pkgs.writeDash "urlwatch" ''
           set -euf
 
@@ -185,6 +174,8 @@ let
     };
     users.extraUsers = singleton {
       inherit (user) name uid;
+      home = cfg.dataDir;
+      createHome = true;
     };
   };
 
-- 
cgit v1.2.3


From b4bcf2b0a4dd5fbc69a4b539b32f82fb3eccc4a2 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 2 Jul 2017 23:06:36 +0200
Subject: ma urlwatch: use hook for json api

---
 makefu/2configs/urlwatch.nix         | 27 ---------------------------
 makefu/2configs/urlwatch/default.nix | 35 +++++++++++++++++++++++++++++++++++
 makefu/2configs/urlwatch/hook.py     | 12 ++++++++++++
 3 files changed, 47 insertions(+), 27 deletions(-)
 delete mode 100644 makefu/2configs/urlwatch.nix
 create mode 100644 makefu/2configs/urlwatch/default.nix
 create mode 100644 makefu/2configs/urlwatch/hook.py

diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix
deleted file mode 100644
index 9493b2b7..00000000
--- a/makefu/2configs/urlwatch.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, lib, ... }:
-
-{
-  krebs.urlwatch = {
-    enable = true;
-    mailto = config.krebs.users.makefu.mail;
-    onCalendar = "*-*-* 05:00:00";
-    urls = [
-      ## nixpkgs maintenance
-      https://api.github.com/repos/ovh/python-ovh/tags
-      https://api.github.com/repos/embray/d2to1/tags
-      https://api.github.com/repos/Mic92/vicious/tags
-      https://pypi.python.org/simple/bepasty/
-      https://pypi.python.org/simple/xstatic/
-      http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
-      http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
-      https://github.com/amadvance/snapraid/releases.atom
-      https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
-      https://api.github.com/repos/embray/d2to1/tags
-      https://api.github.com/repos/dorimanx/exfat-nofuse/commits
-      https://api.github.com/repos/dorimanx/exfat-nofuse/tags
-      https://api.github.com/repos/radare/radare2/tags
-      https://api.github.com/repos/rapid7/metasploit-framework/tags
-    ];
-  };
-}
-
diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix
new file mode 100644
index 00000000..54c8ee92
--- /dev/null
+++ b/makefu/2configs/urlwatch/default.nix
@@ -0,0 +1,35 @@
+{ config, lib, ... }:
+
+{
+  krebs.urlwatch = {
+    enable = true;
+    mailto = config.krebs.users.makefu.mail;
+    onCalendar = "*-*-* 05:00:00";
+    hooksFile = ./hook.py;
+    urls = [
+      ## nixpkgs maintenance
+      https://api.github.com/repos/ovh/python-ovh/tags
+      https://api.github.com/repos/embray/d2to1/tags
+      https://api.github.com/repos/Mic92/vicious/tags
+      https://pypi.python.org/simple/bepasty/
+      https://pypi.python.org/simple/xstatic/
+      https://pypi.python.org/simple/devpi-client/
+      http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
+      http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
+      https://github.com/amadvance/snapraid/releases.atom
+      https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
+      https://api.github.com/repos/embray/d2to1/tags
+      https://api.github.com/repos/dorimanx/exfat-nofuse/commits
+      https://api.github.com/repos/dorimanx/exfat-nofuse/tags
+      https://api.github.com/repos/radare/radare2/tags
+      https://api.github.com/repos/rapid7/metasploit-framework/tags
+      https://api.github.com/repos/mcepl/gen-oath-safe/commits
+      https://api.github.com/repos/naim94a/udpt/commits
+      https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack
+      https://api.github.com/repos/dirkvdb/ps3netsrv--/commits
+      # TODO: dymo cups
+
+    ];
+  };
+}
+
diff --git a/makefu/2configs/urlwatch/hook.py b/makefu/2configs/urlwatch/hook.py
new file mode 100644
index 00000000..fc598423
--- /dev/null
+++ b/makefu/2configs/urlwatch/hook.py
@@ -0,0 +1,12 @@
+import logging
+logging.basicConfig(level=logging.INFO)
+log = logging.getLogger()
+# log.setLevel(level=logging.INFO)
+def filter(url, data):
+    log.info("handling url '{}'".format(url))
+    if "api.github.com" in url:
+        import json
+        log.info("url is a github api link, assuming json")
+        return json.dumps(json.loads(data),indent=2)
+
+    return data
-- 
cgit v1.2.3


From 5c26d65ae48aa73c8a738e4ef22dcb3ad6daa00d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 2 Jul 2017 23:08:09 +0200
Subject: urlwatch: filter _module with kv

before this commit { url= ...; filter=... } didn't work because
the result contained _module
---
 krebs/3modules/urlwatch.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix
index 380e30ae..463fa26b 100644
--- a/krebs/3modules/urlwatch.nix
+++ b/krebs/3modules/urlwatch.nix
@@ -60,6 +60,7 @@ let
       description = "URL to watch.";
       example = [
         https://nixos.org/channels/nixos-unstable/git-revision
+        { url = http://localhost ; filter = "grep:important.*stuff"; }
       ];
       apply = map (x: getAttr (typeOf x) {
         set = x;
@@ -79,7 +80,8 @@ let
   };
 
   urlsFile = pkgs.writeText "urls"
-    (concatMapStringsSep "\n---\n" toJSON cfg.urls);
+    (concatMapStringsSep "\n---\n"
+      (x: toJSON (filterAttrs (n: v: n != "_module") x)) cfg.urls);
 
   hooksFile = cfg.hooksFile;
 
-- 
cgit v1.2.3


From 2eb910183a92bd6e8d3796d821c783d878ae956b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 2 Jul 2017 23:09:12 +0200
Subject: ma urlwatch: refactor

---
 makefu/2configs/urlwatch/default.nix | 36 +++++++++++++++++++++++-------------
 makefu/2configs/urlwatch/hook.py     | 22 +++++++++++++---------
 2 files changed, 36 insertions(+), 22 deletions(-)

diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix
index 54c8ee92..f17bcdc3 100644
--- a/makefu/2configs/urlwatch/default.nix
+++ b/makefu/2configs/urlwatch/default.nix
@@ -8,27 +8,37 @@
     hooksFile = ./hook.py;
     urls = [
       ## nixpkgs maintenance
-      https://api.github.com/repos/ovh/python-ovh/tags
-      https://api.github.com/repos/embray/d2to1/tags
-      https://api.github.com/repos/Mic92/vicious/tags
+      # github 
+      ## No rate limit
+      https://github.com/amadvance/snapraid/releases.atom
+      https://github.com/radare/radare2/releases.atom
+      https://github.com/ovh/python-ovh/releases.atom
+      https://github.com/embray/d2to1/releases.atom
+      https://github.com/Mic92/vicious/releases.atom
+      https://github.com/embray/d2to1/releases.atom
+      https://github.com/dorimanx/exfat-nofuse/releases.atom
+      https://github.com/rapid7/metasploit-framework/releases.atom
+      ## rate limited
+      # https://api.github.com/repos/dorimanx/exfat-nofuse/commits
+      # https://api.github.com/repos/mcepl/gen-oath-safe/commits
+      https://api.github.com/repos/naim94a/udpt/commits
+      https://api.github.com/repos/dirkvdb/ps3netsrv--/commits
+
+      # pypi
       https://pypi.python.org/simple/bepasty/
       https://pypi.python.org/simple/xstatic/
       https://pypi.python.org/simple/devpi-client/
+      # weird shit
       http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
       http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
-      https://github.com/amadvance/snapraid/releases.atom
       https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
-      https://api.github.com/repos/embray/d2to1/tags
-      https://api.github.com/repos/dorimanx/exfat-nofuse/commits
-      https://api.github.com/repos/dorimanx/exfat-nofuse/tags
-      https://api.github.com/repos/radare/radare2/tags
-      https://api.github.com/repos/rapid7/metasploit-framework/tags
-      https://api.github.com/repos/mcepl/gen-oath-safe/commits
-      https://api.github.com/repos/naim94a/udpt/commits
       https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack
-      https://api.github.com/repos/dirkvdb/ps3netsrv--/commits
-      # TODO: dymo cups
 
+      {
+        url = https://newellrubbermaid.secure.force.com/dymopkb/articles/en_US/FAQ/Dymo-Drivers-and-Downloads/?l=en_US&c=Segment:Dymo&fs=Search&pn=1 ;
+        filter = "grep:Software/Linux/dymo-cups-drivers";
+      }
+      # TODO: dymo cups
     ];
   };
 }
diff --git a/makefu/2configs/urlwatch/hook.py b/makefu/2configs/urlwatch/hook.py
index fc598423..7d9282c7 100644
--- a/makefu/2configs/urlwatch/hook.py
+++ b/makefu/2configs/urlwatch/hook.py
@@ -1,12 +1,16 @@
 import logging
 logging.basicConfig(level=logging.INFO)
 log = logging.getLogger()
-# log.setLevel(level=logging.INFO)
-def filter(url, data):
-    log.info("handling url '{}'".format(url))
-    if "api.github.com" in url:
-        import json
-        log.info("url is a github api link, assuming json")
-        return json.dumps(json.loads(data),indent=2)
-
-    return data
+log.setLevel(level=logging.INFO)
+
+import re
+import json
+
+from urlwatch import filters
+
+
+class JsonFilter(filters.RegexMatchFilter):
+    MATCH = {'url': re.compile('https?://api.github.com/.*')}
+
+    def filter(self, data):
+        return json.dumps(json.loads(data),indent=2,sort_keys=True)
-- 
cgit v1.2.3


From 5f3bece0d647f65c2354ae0944a50d775a3b488e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 2 Jul 2017 23:09:30 +0200
Subject: ma gum: use urlwatch folder

---
 makefu/1systems/gum.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 6e57d140..51761d3f 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -24,7 +24,7 @@ in {
       # ../2configs/disable_v6.nix
       ../2configs/exim-retiolum.nix
       ../2configs/tinc/retiolum.nix
-      ../2configs/urlwatch.nix
+      ../2configs/urlwatch
 
       # Security
       ../2configs/sshd-totp.nix
-- 
cgit v1.2.3