From 060a8f28fa1fc648bdf66afb31a5d1efac868837 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 28 Jul 2023 22:24:15 +0200
Subject: makefu: move out to own repo, add vacation-note

---
 .../2configs/deployment/board.euer.krebsco.de.nix  |  15 -
 makefu/2configs/deployment/boot-euer.nix           |  27 --
 makefu/2configs/deployment/dirctator.nix           |  34 --
 .../deployment/docker/archiveteam-warrior.nix      |  39 --
 .../deployment/feed.euer.krebsco.de/default.nix    |  52 ---
 .../deployment/feed.euer.krebsco.de/filter.yml     |  32 --
 makefu/2configs/deployment/gecloudpad/default.nix  |  46 --
 .../2configs/deployment/gecloudpad/gecloudpad.nix  |  24 -
 makefu/2configs/deployment/gitlab.nix              |  39 --
 makefu/2configs/deployment/graphs.nix              |  31 --
 makefu/2configs/deployment/hound/default.nix       |  28 --
 makefu/2configs/deployment/mediengewitter.de.nix   |  22 -
 .../2configs/deployment/mycube.connector.one.nix   |  42 --
 makefu/2configs/deployment/nixos.wiki/default.nix  |   9 -
 .../deployment/nixos.wiki/mediawiki.module.nix     | 481 ---------------------
 .../2configs/deployment/nixos.wiki/mediawiki.nix   |  67 ---
 .../deployment/nixos.wiki/mediawiki.password.txt   |   1 -
 makefu/2configs/deployment/nixos.wiki/network.nix  |   6 -
 makefu/2configs/deployment/ntfysh.nix              |  41 --
 makefu/2configs/deployment/owncloud.nix            | 107 -----
 .../2configs/deployment/photostore.krebsco.de.nix  |  43 --
 makefu/2configs/deployment/rss/ebk.yml             |  59 ---
 makefu/2configs/deployment/rss/ratt-hourly.sh      |  28 --
 makefu/2configs/deployment/rss/ratt.nix            |  26 --
 .../deployment/rss/rss.euer.krebsco.de.nix         |  34 --
 makefu/2configs/deployment/rss/urls                |   9 -
 makefu/2configs/deployment/scrape/default.nix      |   6 -
 makefu/2configs/deployment/scrape/elkstack.nix     |   5 -
 makefu/2configs/deployment/scrape/selenium.nix     |  65 ---
 29 files changed, 1418 deletions(-)
 delete mode 100644 makefu/2configs/deployment/board.euer.krebsco.de.nix
 delete mode 100644 makefu/2configs/deployment/boot-euer.nix
 delete mode 100644 makefu/2configs/deployment/dirctator.nix
 delete mode 100644 makefu/2configs/deployment/docker/archiveteam-warrior.nix
 delete mode 100644 makefu/2configs/deployment/feed.euer.krebsco.de/default.nix
 delete mode 100644 makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml
 delete mode 100644 makefu/2configs/deployment/gecloudpad/default.nix
 delete mode 100644 makefu/2configs/deployment/gecloudpad/gecloudpad.nix
 delete mode 100644 makefu/2configs/deployment/gitlab.nix
 delete mode 100644 makefu/2configs/deployment/graphs.nix
 delete mode 100644 makefu/2configs/deployment/hound/default.nix
 delete mode 100644 makefu/2configs/deployment/mediengewitter.de.nix
 delete mode 100644 makefu/2configs/deployment/mycube.connector.one.nix
 delete mode 100644 makefu/2configs/deployment/nixos.wiki/default.nix
 delete mode 100644 makefu/2configs/deployment/nixos.wiki/mediawiki.module.nix
 delete mode 100644 makefu/2configs/deployment/nixos.wiki/mediawiki.nix
 delete mode 100644 makefu/2configs/deployment/nixos.wiki/mediawiki.password.txt
 delete mode 100644 makefu/2configs/deployment/nixos.wiki/network.nix
 delete mode 100644 makefu/2configs/deployment/ntfysh.nix
 delete mode 100644 makefu/2configs/deployment/owncloud.nix
 delete mode 100644 makefu/2configs/deployment/photostore.krebsco.de.nix
 delete mode 100644 makefu/2configs/deployment/rss/ebk.yml
 delete mode 100755 makefu/2configs/deployment/rss/ratt-hourly.sh
 delete mode 100644 makefu/2configs/deployment/rss/ratt.nix
 delete mode 100644 makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix
 delete mode 100644 makefu/2configs/deployment/rss/urls
 delete mode 100644 makefu/2configs/deployment/scrape/default.nix
 delete mode 100644 makefu/2configs/deployment/scrape/elkstack.nix
 delete mode 100644 makefu/2configs/deployment/scrape/selenium.nix

(limited to 'makefu/2configs/deployment')

diff --git a/makefu/2configs/deployment/board.euer.krebsco.de.nix b/makefu/2configs/deployment/board.euer.krebsco.de.nix
deleted file mode 100644
index ca617976..00000000
--- a/makefu/2configs/deployment/board.euer.krebsco.de.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-let
-  fqdn = "board.euer.krebsco.de";
-  port = 13113;
-in {
-  services.restya-board = {
-    enable = true;
-    virtualHost.listenPort = port;
-  };
-  services.nginx.virtualHosts."${fqdn}" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/".proxyPass = "http://localhost:${toString port}";
-  };
-}
-
diff --git a/makefu/2configs/deployment/boot-euer.nix b/makefu/2configs/deployment/boot-euer.nix
deleted file mode 100644
index f890ea7a..00000000
--- a/makefu/2configs/deployment/boot-euer.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, lib, pkgs, ... }:
-# more than just nginx config but not enough to become a module
-with import <stockholm/lib>;
-let
-  hostname = config.krebs.build.host.name;
-  bootscript = pkgs.writeTextDir "runit" ''
-    set -euf
-    cd /root
-    mkdir -p .ssh
-    echo "${config.krebs.users.makefu.pubkey}" > .ssh/authorized_keys
-    chmod 700 -R .ssh
-    systemctl restart sshd
-  '';
-in {
-
-  services.nginx = {
-    enable = mkDefault true;
-    virtualHosts."boot.euer.krebsco.de" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        root = bootscript;
-        index = "runit";
-      };
-    };
-  };
-}
diff --git a/makefu/2configs/deployment/dirctator.nix b/makefu/2configs/deployment/dirctator.nix
deleted file mode 100644
index 7303bb41..00000000
--- a/makefu/2configs/deployment/dirctator.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ pkgs, lib, ... }:
-
-with lib;
-let
-  port = 18872;
-  runit = pkgs.writeDash "runit" ''
-    set -xeuf
-    export PULSE_COOKIE=/var/run/pulse/.config/pulse/cookie
-    echo "$@" | sed 's/^dirctator://' | ${pkgs.espeak}/bin/espeak -v mb-de7 2>&1 | tee -a /tmp/speak
-  '';
-in {
-  services.logstash = {
-    package = pkgs.logstash5;
-    enable = true;
-    inputConfig = ''
-      irc {
-        channels => [ "#krebs", "#afra" ]
-        host => "irc.hackint.org"
-        nick => "dirctator"
-      }
-    '';
-    filterConfig = ''
-    '';
-    outputConfig = ''
-      stdout { codec => rubydebug }
-      exec { command => "${runit} '%{message}" }
-    '';
-    extraSettings = ''
-      path.plugins: [ "${pkgs.logstash-output-exec}" ]
-    '';
-    ## NameError: `@path.plugins' is not allowable as an instance variable name
-    # plugins = [ pkgs.logstash-output-exec ];
-  };
-}
diff --git a/makefu/2configs/deployment/docker/archiveteam-warrior.nix b/makefu/2configs/deployment/docker/archiveteam-warrior.nix
deleted file mode 100644
index 0069e453..00000000
--- a/makefu/2configs/deployment/docker/archiveteam-warrior.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ lib, ... }:
-with lib;
-let
-  port = ident: toString (28000 + ident);
-  instances = [ 1 2 3 4 5 6 7 8 9 ];
-in {
-  services.nginx.recommendedProxySettings = true;
-  services.nginx.virtualHosts."warrior.gum.r".locations = let
-    # TODO location "/" shows all warrior instances
-    proxy = ident: 
-    {
-      "/warrior${toString ident}/" = {
-        proxyPass = "http://localhost:${port ident}/";
-          # rewrite   ^/info /warrior${toString ident}/info;
-        extraConfig = ''
-          sub_filter "http://warrior.gum.r/info" "http://warrior.gum.r/warrior${toString ident}/info";
-          sub_filter_once off;
-        '';
-      };
-
-    };
-  in
-    foldl' mergeAttrs {} (map proxy instances);
-  virtualisation.oci-containers.containers = let
-    container = ident:
-      { "archiveteam-warrior${toString ident}" = {
-        image = "archiveteam/warrior-dockerfile";
-        ports = [ "127.0.0.1:${port ident}:8001" ];
-        environment = {
-          DOWNLOADER = "makefu";
-          SELECTED_PROJECT = "auto";
-          CONCURRENT_ITEMS = "6";
-          WARRIOR_ID = toString ident;
-        };
-      };
-    };
-  in
-    foldl' mergeAttrs {} (map container instances);
-}
diff --git a/makefu/2configs/deployment/feed.euer.krebsco.de/default.nix b/makefu/2configs/deployment/feed.euer.krebsco.de/default.nix
deleted file mode 100644
index de072092..00000000
--- a/makefu/2configs/deployment/feed.euer.krebsco.de/default.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  filter-file = ./filter.yml;
-  pkg = with pkgs.python3Packages;buildPythonPackage rec {
-    version = "d16ce227dc68c9f60f6dd06e6835bab7cdfdf61b";
-    pname = "ebk-notify";
-    propagatedBuildInputs = [
-      docopt
-      pyyaml
-      requests
-      beautifulsoup4
-      dateutil
-      feedgen
-    ];
-    src = pkgs.fetchgit {
-      url = "http://cgit.euer.krebsco.de/ebk-notify";
-      rev = version;
-      sha256 = "15dlhp17alm01fw7mzdyh2z9zwz8psrs489lxs3hgg1p5wa0kzsp";
-    };
-  };
-  domain = "feed.euer.krebsco.de";
-  path = "/var/www/feed.euer.krebsco.de";
-in
-{
-  systemd.tmpfiles.rules = [
-    "d ${path} nginx nogroup - -"
-  ];
-  krebs.secret.files.ebknotify = {
-    path = "/etc/ebk-notify.yml";
-    owner.name = "nginx";
-    source-path = "${<secrets/ebk-notify.yml>}";
-  };
-  systemd.services.ebk-notify = {
-    startAt = "*:0/10";
-    serviceConfig = {
-      User = "nginx"; # TODO better permission setting
-      # PrivateTmp = true;
-      ExecStart = "${pkg}/bin/ebk-notify --atom --outdir ${path} --config /etc/ebk-notify.yml --cache /tmp/ebk-cache.json --filter ${filter-file} --wait 30";
-    };
-  };
-  systemd.timers.ebk-notify.timerConfig.RandomizedDelaySec = "120";
-  services.nginx = {
-    virtualHosts."${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        root = path;
-        index = "root.atom";
-      };
-    };
-  };
-}
diff --git a/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml b/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml
deleted file mode 100644
index 29e5e714..00000000
--- a/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-- name: Free Stuff by Category
-  zipcode: 70378
-  distance: 2
-  categoryId: 192
-- name: Kies
-  zipcode: 70378
-  q: grobkies
-  distance: 2
-- name: pflanzkübel
-  zipcode: 70378
-  q: Pflanzkübel
-  distance: 3
-- name: Ikea Samla
-  zipcode: 70378
-  q: samla
-  distance: 5
-- name: Duplo
-  zipcode: 70378
-  q: Duplo
-  distance: 10
-- name: Baby Gummistiefel
-  zipcode: 70378
-  q: Gummistiefel
-  distance: 5
-- name: Werkbank
-  zipcode: 70378
-  q: Werkbank
-  distance: 5
-- name: Einhell
-  zipcode: 70378
-  q: Einhell
-  distance: 5
diff --git a/makefu/2configs/deployment/gecloudpad/default.nix b/makefu/2configs/deployment/gecloudpad/default.nix
deleted file mode 100644
index 8b88626a..00000000
--- a/makefu/2configs/deployment/gecloudpad/default.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{ config, lib, pkgs, ... }:
-# more than just nginx config but not enough to become a module
-let
-  wsgi-sock = "${workdir}/uwsgi-gecloudpad.sock";
-  workdir = config.services.uwsgi.runDir;
-  gecloudpad = pkgs.python3Packages.callPackage ./gecloudpad.nix {};
-  gecloudpad_settings = pkgs.writeText "gecloudpad_settings" ''
-    BASEURL = "https://etherpad.euer.krebsco.de"
-  '';
-in {
-
-  services.uwsgi = {
-    enable = true;
-    user = "nginx";
-    plugins = [ "python3" ];
-    instance = {
-      type = "emperor";
-      vassals = {
-        gecloudpad = {
-          type = "normal";
-          pythonPackages = self: with self; [ gecloudpad ];
-          socket = wsgi-sock;
-          env = ["GECLOUDPAD_SETTINGS=${gecloudpad_settings}"];
-        };
-      };
-    };
-  };
-
-  services.nginx = {
-    enable = lib.mkDefault true;
-    virtualHosts."pad.binaergewitter.de" = {
-      enableACME = true;
-      forceSSL = true;
-      locations = {
-        "/".extraConfig = ''
-        expires -1;
-        uwsgi_pass                  unix://${wsgi-sock};
-        uwsgi_param UWSGI_CHDIR     ${gecloudpad}/${pkgs.python.sitePackages};
-        uwsgi_param UWSGI_MODULE    gecloudpad.main;
-        uwsgi_param UWSGI_CALLABLE  app;
-        include                     ${pkgs.nginx}/conf/uwsgi_params;
-      '';
-      };
-    };
-  };
-}
diff --git a/makefu/2configs/deployment/gecloudpad/gecloudpad.nix b/makefu/2configs/deployment/gecloudpad/gecloudpad.nix
deleted file mode 100644
index 6f20ff57..00000000
--- a/makefu/2configs/deployment/gecloudpad/gecloudpad.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ lib, pkgs, fetchFromGitHub, ... }:
-
-with pkgs.python3Packages;buildPythonPackage rec {
-  name = "gecloudpad-${version}";
-  version = "0.2.3";
-
-  propagatedBuildInputs = [
-    flask requests
-  ];
-
-  src = fetchFromGitHub {
-    owner = "binaergewitter";
-    repo = "gecloudpad";
-    rev = "1399ede4e609f63fbf1c4560979a6b22b924e0c5";
-    sha256 = "1w74j5ks7naalzrib87r0adq20ik5x3x5l520apagb7baszn17lb";
-  };
-
-  meta = {
-    homepage = https://github.com/binaergeiwtter/gecloudpad;
-    description = "server side for gecloudpad";
-    license = lib.licenses.wtfpl;
-  };
-}
-
diff --git a/makefu/2configs/deployment/gitlab.nix b/makefu/2configs/deployment/gitlab.nix
deleted file mode 100644
index d61f50c1..00000000
--- a/makefu/2configs/deployment/gitlab.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ lib, config, ... }:
-let
-  web-port = 19453;
-  hostn = "gitlab.makefu.r";
-  internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
-in {
-
-  services.gitlab = {
-    enable = true;
-    https = false;
-    port = web-port;
-    secrets = import <secrets/gitlab/secrets.nix>;
-    databasePassword = import <secrets/gitlab/dbpw.nix>;
-    initialRootEmail = "makefu@x.r";
-    initialRootPassword = import <secrets/gitlab/rootpw.nix>;
-    host = hostn;
-    smtp = {
-      enable = true;
-      domain = "r";
-      enableStartTLSAuto = false;
-      port = 25;
-    };
-  };
-
-  services.nginx = {
-    enable = lib.mkDefault true;
-    virtualHosts."${hostn}".locations."/" = {
-        proxyPass  = "http://localhost:${toString web-port}/";
-        extraConfig = ''
-          if ( $server_addr != "${internal-ip}" ) {
-            return 403;
-          }
-          proxy_set_header   Host             $host;
-          proxy_set_header   X-Real-IP        $remote_addr;
-          proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
-      '';
-    };
-  };
-}
diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix
deleted file mode 100644
index 1f6deb1b..00000000
--- a/makefu/2configs/deployment/graphs.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
-  external-ip = config.krebs.build.host.nets.internet.ip4.addr;
-  internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
-  hn = config.krebs.build.host.name;
-in {
-  krebs.tinc_graphs = {
-    enable = true;
-    nginx = {
-      enable = true;
-      # TODO: remove hard-coded hostname
-      complete = {
-        extraConfig = ''
-          if ( $server_addr = "${external-ip}" ) {
-            return 403;
-          }
-        '';
-        serverAliases = [
-          "graph.makefu.r"
-          "graph.${hn}" "graph.${hn}.r"
-        ];
-      };
-      anonymous = {
-        forceSSL = true;
-        enableACME = true;
-      };
-    };
-  };
-}
diff --git a/makefu/2configs/deployment/hound/default.nix b/makefu/2configs/deployment/hound/default.nix
deleted file mode 100644
index 0cfb5cde..00000000
--- a/makefu/2configs/deployment/hound/default.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ config, pkgs, ... }:
-{
-  services.nginx.virtualHosts."wikisearch.krebsco.de" = {
-    forceSSL = true;
-    enableACME = true;
-    locations."/".proxyPass = "http://localhost:6080";
-  };
-  services.hound = {
-    enable = true;
-    listen = "127.0.0.1:6080";
-    # package = pkgs.hound.overrideDerivation(oldAttrs: {
-    #   patches = [ ./keep-repo.patch ];
-    # });
-    config = ''{
-        "max-concurrent-indexers" : 2,
-        "dbpath" : "${config.services.hound.home}/data",
-        "repos" : {
-          "nixos-users-wiki": {
-            "url" : "https://github.com/nixos-users/wiki.wiki.git",
-            "url-pattern" : {
-              "base-url" : "{url}/{path}"
-            }
-          }
-        }
-      }'';
-  };
-
-}
diff --git a/makefu/2configs/deployment/mediengewitter.de.nix b/makefu/2configs/deployment/mediengewitter.de.nix
deleted file mode 100644
index 7c2073e8..00000000
--- a/makefu/2configs/deployment/mediengewitter.de.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, lib, pkgs, ... }:
-# more than just nginx config but not enough to become a module
-let
-  domain = "over.voltage.nz";
-in {
-
-  services.nginx = {
-    enable = lib.mkDefault true;
-    virtualHosts."mediengewitter.de" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/".return = "301 http://${domain}\$request_uri";
-      #locations."/" = {
-      #  proxyPass = "http://over.voltage.nz";
-      #};
-      #locations."/socket.io" = {
-      #  proxyPass = "ws://over.voltage.nz";
-      #  proxyWebsockets = true;
-      #};
-    };
-  };
-}
diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix
deleted file mode 100644
index aa9ff514..00000000
--- a/makefu/2configs/deployment/mycube.connector.one.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{ config, lib, pkgs, ... }:
-# more than just nginx config but not enough to become a module
-let
-  hostname = config.krebs.build.host.name;
-  external-ip = config.krebs.build.host.nets.internet.ip4.addr;
-  wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock";
-in {
-  services.redis = { enable = true; };
-  systemd.services.redis.serviceConfig.LimitNOFILE=65536;
-
-  services.uwsgi = {
-    enable = true;
-    user = "nginx";
-    plugins = [ "python2" ];
-    instance = {
-      type = "emperor";
-      vassals = {
-        mycube-flask = {
-          type = "normal";
-          pythonPackages = self: with self; [ pkgs.mycube-flask ];
-          socket = wsgi-sock;
-        };
-      };
-    };
-  };
-
-  services.nginx = {
-    enable = lib.mkDefault true;
-    virtualHosts."mybox.connector.one" = {
-        locations = {
-          "/".extraConfig = ''
-          uwsgi_pass unix://${wsgi-sock};
-          uwsgi_param         UWSGI_CHDIR     ${pkgs.mycube-flask}/${pkgs.python.sitePackages};
-          uwsgi_param         UWSGI_MODULE    mycube.websrv;
-          uwsgi_param         UWSGI_CALLABLE  app;
-
-          include ${pkgs.nginx}/conf/uwsgi_params;
-        '';
-      };
-    };
-  };
-}
diff --git a/makefu/2configs/deployment/nixos.wiki/default.nix b/makefu/2configs/deployment/nixos.wiki/default.nix
deleted file mode 100644
index cd738ea8..00000000
--- a/makefu/2configs/deployment/nixos.wiki/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports =
-    [ ./mediawiki.nix
-      ./network.nix
-    ];
-
-}
diff --git a/makefu/2configs/deployment/nixos.wiki/mediawiki.module.nix b/makefu/2configs/deployment/nixos.wiki/mediawiki.module.nix
deleted file mode 100644
index 24715f81..00000000
--- a/makefu/2configs/deployment/nixos.wiki/mediawiki.module.nix
+++ /dev/null
@@ -1,481 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
-
-  inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption;
-  inherit (lib) concatStringsSep literalExample mapAttrsToList optional optionals optionalString types;
-
-  cfg = config.services.mediawiki;
-  fpm = config.services.phpfpm.pools.mediawiki;
-  user = "mediawiki";
-  group = config.services.httpd.group;
-  cacheDir = "/var/cache/mediawiki";
-  stateDir = "/var/lib/mediawiki";
-
-  pkg = pkgs.stdenv.mkDerivation rec {
-    pname = "mediawiki-full";
-    version = src.version;
-    src = cfg.package;
-
-    installPhase = ''
-      mkdir -p $out
-      cp -r * $out/
-
-      rm -rf $out/share/mediawiki/skins/*
-      rm -rf $out/share/mediawiki/extensions/*
-
-      ${concatStringsSep "\n" (mapAttrsToList (k: v: ''
-        ln -s ${v} $out/share/mediawiki/skins/${k}
-      '') cfg.skins)}
-
-      ${concatStringsSep "\n" (mapAttrsToList (k: v: ''
-        ln -s ${if v != null then v else "$src/share/mediawiki/extensions/${k}"} $out/share/mediawiki/extensions/${k}
-      '') cfg.extensions)}
-    '';
-  };
-
-  mediawikiScripts = pkgs.runCommand "mediawiki-scripts" {
-    buildInputs = [ pkgs.makeWrapper ];
-    preferLocalBuild = true;
-  } ''
-    mkdir -p $out/bin
-    for i in changePassword.php createAndPromote.php userOptions.php edit.php nukePage.php update.php; do
-      makeWrapper ${pkgs.php}/bin/php $out/bin/mediawiki-$(basename $i .php) \
-        --set MEDIAWIKI_CONFIG ${mediawikiConfig} \
-        --add-flags ${pkg}/share/mediawiki/maintenance/$i
-    done
-  '';
-
-  mediawikiConfig = pkgs.writeText "LocalSettings.php" ''
-    <?php
-      # Protect against web entry
-      if ( !defined( 'MEDIAWIKI' ) ) {
-        exit;
-      }
-
-      $wgSitename = "${cfg.name}";
-      $wgMetaNamespace = false;
-
-      ## The URL base path to the directory containing the wiki;
-      ## defaults for all runtime URL paths are based off of this.
-      ## For more information on customizing the URLs
-      ## (like /w/index.php/Page_title to /wiki/Page_title) please see:
-      ## https://www.mediawiki.org/wiki/Manual:Short_URL
-      $wgScriptPath = "${cfg.basePath}";
-
-      ## The protocol and server name to use in fully-qualified URLs
-      #$wgServer = "${if cfg.virtualHost.addSSL || cfg.virtualHost.forceSSL || cfg.virtualHost.onlySSL then "https" else "http"}://${cfg.virtualHost.hostName}";
-      #$wgServer = "";
-      $wgServer = "http://localhost";
-
-      ## The URL path to static resources (images, scripts, etc.)
-      $wgResourceBasePath = $wgScriptPath;
-
-      ## The URL path to the logo.  Make sure you change this from the default,
-      ## or else you'll overwrite your logo when you upgrade!
-      $wgLogo = "$wgResourceBasePath/resources/assets/wiki.png";
-
-      ## UPO means: this is also a user preference option
-
-      $wgEnableEmail = true;
-      $wgEnableUserEmail = true; # UPO
-
-      $wgEmergencyContact = "${if cfg.virtualHost.adminAddr != null then cfg.virtualHost.adminAddr else config.services.httpd.adminAddr}";
-      $wgPasswordSender = $wgEmergencyContact;
-
-      $wgEnotifUserTalk = false; # UPO
-      $wgEnotifWatchlist = false; # UPO
-      $wgEmailAuthentication = true;
-
-      ## Database settings
-      $wgDBtype = "${cfg.database.type}";
-      $wgDBserver = "${cfg.database.host}:${if cfg.database.socket != null then cfg.database.socket else toString cfg.database.port}";
-      $wgDBname = "${cfg.database.name}";
-      $wgDBuser = "${cfg.database.user}";
-      ${optionalString (cfg.database.passwordFile != null) "$wgDBpassword = file_get_contents(\"${cfg.database.passwordFile}\");"}
-
-      ${optionalString (cfg.database.type == "mysql" && cfg.database.tablePrefix != null) ''
-        # MySQL specific settings
-        $wgDBprefix = "${cfg.database.tablePrefix}";
-      ''}
-
-      ${optionalString (cfg.database.type == "mysql") ''
-        # MySQL table options to use during installation or update
-        $wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
-      ''}
-
-      ## Shared memory settings
-      $wgMainCacheType = CACHE_NONE;
-      $wgMemCachedServers = [];
-
-      ${optionalString (cfg.uploadsDir != null) ''
-        $wgEnableUploads = true;
-        $wgUploadDirectory = "${cfg.uploadsDir}";
-      ''}
-
-      $wgUseImageMagick = true;
-      $wgImageMagickConvertCommand = "${pkgs.imagemagick}/bin/convert";
-
-      # InstantCommons allows wiki to use images from https://commons.wikimedia.org
-      $wgUseInstantCommons = false;
-
-      # Periodically send a pingback to https://www.mediawiki.org/ with basic data
-      # about this MediaWiki instance. The Wikimedia Foundation shares this data
-      # with MediaWiki developers to help guide future development efforts.
-      $wgPingback = true;
-
-      ## If you use ImageMagick (or any other shell command) on a
-      ## Linux server, this will need to be set to the name of an
-      ## available UTF-8 locale
-      $wgShellLocale = "C.UTF-8";
-
-      ## Set $wgCacheDirectory to a writable directory on the web server
-      ## to make your wiki go slightly faster. The directory should not
-      ## be publically accessible from the web.
-      $wgCacheDirectory = "${cacheDir}";
-
-      # Site language code, should be one of the list in ./languages/data/Names.php
-      $wgLanguageCode = "en";
-
-      $wgSecretKey = file_get_contents("${stateDir}/secret.key");
-
-      # Changing this will log out all existing sessions.
-      $wgAuthenticationTokenVersion = "";
-
-      ## For attaching licensing metadata to pages, and displaying an
-      ## appropriate copyright notice / icon. GNU Free Documentation
-      ## License and Creative Commons licenses are supported so far.
-      $wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
-      $wgRightsUrl = "";
-      $wgRightsText = "";
-      $wgRightsIcon = "";
-
-      # Path to the GNU diff3 utility. Used for conflict resolution.
-      $wgDiff = "${pkgs.diffutils}/bin/diff";
-      $wgDiff3 = "${pkgs.diffutils}/bin/diff3";
-
-      # Enabled skins.
-      ${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadSkin('${k}');") cfg.skins)}
-
-      # Enabled extensions.
-      ${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadExtension('${k}');") cfg.extensions)}
-
-
-      # End of automatically generated settings.
-      # Add more configuration options below.
-
-      ${cfg.extraConfig}
-  '';
-
-in
-{
-  # interface
-  options = {
-    services.mediawiki = {
-
-      enable = mkEnableOption "MediaWiki";
-
-      package = mkOption {
-        type = types.package;
-        default = pkgs.mediawiki;
-        description = "Which MediaWiki package to use.";
-      };
-
-      basePath = mkOption {
-        type = types.str;
-        default = "/";
-        description = "Base path to Wiki";
-      };
-
-      name = mkOption {
-        default = "MediaWiki";
-        example = "Foobar Wiki";
-        description = "Name of the wiki.";
-      };
-
-      uploadsDir = mkOption {
-        type = types.nullOr types.path;
-        default = "${stateDir}/uploads";
-        description = ''
-          This directory is used for uploads of pictures. The directory passed here is automatically
-          created and permissions adjusted as required.
-        '';
-      };
-
-      passwordFile = mkOption {
-        type = types.path;
-        description = "A file containing the initial password for the admin user.";
-        example = "/run/keys/mediawiki-password";
-      };
-
-      skins = mkOption {
-        default = {};
-        type = types.attrsOf types.path;
-        description = ''
-          Attribute set of paths whose content is copied to the <filename>skins</filename>
-          subdirectory of the MediaWiki installation in addition to the default skins.
-        '';
-      };
-
-      extensions = mkOption {
-        default = {};
-        type = types.attrsOf (types.nullOr types.path);
-        description = ''
-          Attribute set of paths whose content is copied to the <filename>extensions</filename>
-          subdirectory of the MediaWiki installation and enabled in configuration.
-
-          Use <literal>null</literal> instead of path to enable extensions that are part of MediaWiki.
-        '';
-        example = literalExample ''
-          {
-            Matomo = pkgs.fetchzip {
-              url = "https://github.com/DaSchTour/matomo-mediawiki-extension/archive/v4.0.1.tar.gz";
-              sha256 = "0g5rd3zp0avwlmqagc59cg9bbkn3r7wx7p6yr80s644mj6dlvs1b";
-            };
-            ParserFunctions = null;
-          }
-        '';
-      };
-
-      database = {
-        type = mkOption {
-          type = types.enum [ "mysql" "postgres" "sqlite" "mssql" "oracle" ];
-          default = "mysql";
-          description = "Database engine to use. MySQL/MariaDB is the database of choice by MediaWiki developers.";
-        };
-
-        host = mkOption {
-          type = types.str;
-          default = "localhost";
-          description = "Database host address.";
-        };
-
-        port = mkOption {
-          type = types.port;
-          default = 3306;
-          description = "Database host port.";
-        };
-
-        name = mkOption {
-          type = types.str;
-          default = "mediawiki";
-          description = "Database name.";
-        };
-
-        user = mkOption {
-          type = types.str;
-          default = "mediawiki";
-          description = "Database user.";
-        };
-
-        passwordFile = mkOption {
-          type = types.nullOr types.path;
-          default = null;
-          example = "/run/keys/mediawiki-dbpassword";
-          description = ''
-            A file containing the password corresponding to
-            <option>database.user</option>.
-          '';
-        };
-
-        tablePrefix = mkOption {
-          type = types.nullOr types.str;
-          default = null;
-          description = ''
-            If you only have access to a single database and wish to install more than
-            one version of MediaWiki, or have other applications that also use the
-            database, you can give the table names a unique prefix to stop any naming
-            conflicts or confusion.
-            See <link xlink:href='https://www.mediawiki.org/wiki/Manual:$wgDBprefix'/>.
-          '';
-        };
-
-        socket = mkOption {
-          type = types.nullOr types.path;
-          default = if cfg.database.createLocally then "/run/mysqld/mysqld.sock" else null;
-          defaultText = "/run/mysqld/mysqld.sock";
-          description = "Path to the unix socket file to use for authentication.";
-        };
-
-        createLocally = mkOption {
-          type = types.bool;
-          default = cfg.database.type == "mysql";
-          defaultText = "true";
-          description = ''
-            Create the database and database user locally.
-            This currently only applies if database type "mysql" is selected.
-          '';
-        };
-      };
-
-      virtualHost = mkOption {
-        type = types.submodule (import <nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix>);
-        example = literalExample ''
-          {
-            hostName = "mediawiki.example.org";
-            adminAddr = "webmaster@example.org";
-            forceSSL = true;
-            enableACME = true;
-          }
-        '';
-        description = ''
-          Apache configuration can be done by adapting <option>services.httpd.virtualHosts</option>.
-          See <xref linkend="opt-services.httpd.virtualHosts"/> for further information.
-        '';
-      };
-
-      poolConfig = mkOption {
-        type = with types; attrsOf (oneOf [ str int bool ]);
-        default = {
-          "pm" = "dynamic";
-          "pm.max_children" = 32;
-          "pm.start_servers" = 2;
-          "pm.min_spare_servers" = 2;
-          "pm.max_spare_servers" = 4;
-          "pm.max_requests" = 500;
-        };
-        description = ''
-          Options for the MediaWiki PHP pool. See the documentation on <literal>php-fpm.conf</literal>
-          for details on configuration directives.
-        '';
-      };
-
-      extraConfig = mkOption {
-        type = types.lines;
-        description = ''
-          Any additional text to be appended to MediaWiki's
-          LocalSettings.php configuration file. For configuration
-          settings, see <link xlink:href="https://www.mediawiki.org/wiki/Manual:Configuration_settings"/>.
-        '';
-        default = "";
-        example = ''
-          $wgEnableEmail = false;
-        '';
-      };
-
-    };
-  };
-
-  # implementation
-  config = mkIf cfg.enable {
-
-    assertions = [
-      { assertion = cfg.database.createLocally -> cfg.database.type == "mysql";
-        message = "services.mediawiki.createLocally is currently only supported for database type 'mysql'";
-      }
-      { assertion = cfg.database.createLocally -> cfg.database.user == user;
-        message = "services.mediawiki.database.user must be set to ${user} if services.mediawiki.database.createLocally is set true";
-      }
-      { assertion = cfg.database.createLocally -> cfg.database.socket != null;
-        message = "services.mediawiki.database.socket must be set if services.mediawiki.database.createLocally is set to true";
-      }
-      { assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
-        message = "a password cannot be specified if services.mediawiki.database.createLocally is set to true";
-      }
-    ];
-
-    services.mediawiki.skins = {
-      MonoBook = "${cfg.package}/share/mediawiki/skins/MonoBook";
-      Timeless = "${cfg.package}/share/mediawiki/skins/Timeless";
-      Vector = "${cfg.package}/share/mediawiki/skins/Vector";
-    };
-
-    services.mysql = mkIf cfg.database.createLocally {
-      enable = true;
-      package = mkDefault pkgs.mariadb;
-      ensureDatabases = [ cfg.database.name ];
-      ensureUsers = [
-        { name = cfg.database.user;
-          ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
-        }
-      ];
-    };
-
-    services.phpfpm.pools.mediawiki = {
-      inherit user group;
-      phpEnv.MEDIAWIKI_CONFIG = "${mediawikiConfig}";
-      settings = {
-        "listen.owner" = config.services.httpd.user;
-        "listen.group" = config.services.httpd.group;
-      } // cfg.poolConfig;
-    };
-
-    services.httpd = {
-      enable = true;
-      extraModules = [ "proxy_fcgi" ];
-      virtualHosts.${cfg.virtualHost.hostName} = mkMerge [ cfg.virtualHost {
-        documentRoot = mkForce "${pkg}/share/mediawiki";
-        extraConfig = ''
-          <Directory "${pkg}/share/mediawiki">
-            <FilesMatch "\.php$">
-              <If "-f %{REQUEST_FILENAME}">
-                SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/"
-              </If>
-            </FilesMatch>
-
-            Require all granted
-            DirectoryIndex index.php
-            AllowOverride All
-          </Directory>
-        '' + optionalString (cfg.uploadsDir != null) ''
-          Alias "/images" "${cfg.uploadsDir}"
-          <Directory "${cfg.uploadsDir}">
-            Require all granted
-          </Directory>
-        '';
-      } ];
-    };
-
-    systemd.tmpfiles.rules = [
-      "d '${stateDir}' 0750 ${user} ${group} - -"
-      "d '${cacheDir}' 0750 ${user} ${group} - -"
-    ] ++ optionals (cfg.uploadsDir != null) [
-      "d '${cfg.uploadsDir}' 0750 ${user} ${group} - -"
-      "Z '${cfg.uploadsDir}' 0750 ${user} ${group} - -"
-    ];
-
-    systemd.services.mediawiki-init = {
-      wantedBy = [ "multi-user.target" ];
-      before = [ "phpfpm-mediawiki.service" ];
-      after = optional cfg.database.createLocally "mysql.service";
-      script = ''
-        if ! test -e "${stateDir}/secret.key"; then
-          tr -dc A-Za-z0-9 </dev/urandom 2>/dev/null | head -c 64 > ${stateDir}/secret.key
-        fi
-
-        echo "exit( wfGetDB( DB_MASTER )->tableExists( 'user' ) ? 1 : 0 );" | \
-        ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/eval.php --conf ${mediawikiConfig} && \
-        ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/install.php \
-          --confpath /tmp \
-          --scriptpath ${cfg.basePath} \
-          --dbserver ${cfg.database.host}${optionalString (cfg.database.socket != null) ":${cfg.database.socket}"} \
-          --dbport ${toString cfg.database.port} \
-          --dbname ${cfg.database.name} \
-          ${optionalString (cfg.database.tablePrefix != null) "--dbprefix ${cfg.database.tablePrefix}"} \
-          --dbuser ${cfg.database.user} \
-          ${optionalString (cfg.database.passwordFile != null) "--dbpassfile ${cfg.database.passwordFile}"} \
-          --passfile ${cfg.passwordFile} \
-          "${cfg.name}" \
-          admin
-
-        ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/update.php --conf ${mediawikiConfig} --quick
-      '';
-
-      serviceConfig = {
-        Type = "oneshot";
-        User = user;
-        Group = group;
-        PrivateTmp = true;
-      };
-    };
-
-    systemd.services.httpd.after = optional (cfg.database.createLocally && cfg.database.type == "mysql") "mysql.service";
-
-    users.users.${user} = {
-      group = group;
-      isSystemUser = true;
-    };
-
-    environment.systemPackages = [ mediawikiScripts ];
-  };
-}
diff --git a/makefu/2configs/deployment/nixos.wiki/mediawiki.nix b/makefu/2configs/deployment/nixos.wiki/mediawiki.nix
deleted file mode 100644
index a346b82c..00000000
--- a/makefu/2configs/deployment/nixos.wiki/mediawiki.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  hostAddress = "192.168.48.1";
-  localAddress = "192.168.48.3";
-in
-
-{
-  containers.mediawiki =
-  { autoStart = true;
-    privateNetwork = true;
-    inherit hostAddress localAddress;
-    config = { config, pkgs, ... }:
-    {
-      # NOTE: This disabling and importing is so that the basePath can be altered
-      disabledModules = [ "services/web-apps/mediawiki.nix" ];
-      imports = [
-        ./mediawiki.module.nix
-      ];
-      time.timeZone = "America/New_York";
-      system.stateVersion = "20.09";
-      networking.defaultGateway = hostAddress;
-      # NOTE: you might want to change this namserver address
-      networking.nameservers = [ "8.8.8.8" ];
-      networking.firewall.allowedTCPPorts = [ 80 ];
-      services.mediawiki = {
-        enable = true;
-        name = "Example Containerized Wiki";
-        # NOTE: here is where the basePath is specified, which requires the imported mediawiki NixOS module
-        basePath = "/wiki";
-        passwordFile = ./mediawiki.password.txt;
-        extraConfig = ''
-          $wgRCFeeds['euerkrebsco'] = array(
-              'formatter' => 'JSONRCFeedFormatter',
-              'uri' => 'udp://euer.krebsco.de:5005',
-              'add_interwiki_prefix' => false,
-              'omit_bots' => true,
-          );
-          $wgRCFeeds['euerkrebscoIRC'] = array(
-              'formatter' => 'IRCColourfulRCFeedFormatter',
-              'uri' => 'udp://euer.krebsco.de:5006',
-              'add_interwiki_prefix' => false,
-              'omit_bots' => true,
-          );
-        '';
-        virtualHost = {
-          hostName = "localhost";
-          adminAddr = "root@localhost";
-          forceSSL = false;
-          addSSL = false;
-          onlySSL = false;
-          enableACME = false;
-        };
-      };
-    };
-  };
-
-  # Put the MediaWiki web page behind an NGINX proxy
-  services.nginx = {
-    enable = true;
-    virtualHosts.localhost.locations."/wiki" = {
-      # NOTE: the slash at the end of the URI is important.  It causes the location base path to be removed when passed onto the proxy
-      proxyPass = "http://${localAddress}:80/";
-    };
-  };
-
-}
diff --git a/makefu/2configs/deployment/nixos.wiki/mediawiki.password.txt b/makefu/2configs/deployment/nixos.wiki/mediawiki.password.txt
deleted file mode 100644
index b11b15f0..00000000
--- a/makefu/2configs/deployment/nixos.wiki/mediawiki.password.txt
+++ /dev/null
@@ -1 +0,0 @@
-thisisthepassword
diff --git a/makefu/2configs/deployment/nixos.wiki/network.nix b/makefu/2configs/deployment/nixos.wiki/network.nix
deleted file mode 100644
index a7ffb28f..00000000
--- a/makefu/2configs/deployment/nixos.wiki/network.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
-  networking.nat.enable = true;
-  networking.nat.internalInterfaces = ["ve-+"];
-  networking.nat.externalInterface = "wlan0";
-}
diff --git a/makefu/2configs/deployment/ntfysh.nix b/makefu/2configs/deployment/ntfysh.nix
deleted file mode 100644
index 1a3311d9..00000000
--- a/makefu/2configs/deployment/ntfysh.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ lib, config, ... }:
-let
-  web-port = 19455;
-  hostn = "ntfy.euer.krebsco.de";
-  internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
-in 
-{
-  services.ntfy-sh = {
-    enable = true;
-    settings = {
-      listen-http = "127.0.0.1:${toString web-port}";
-      auth-file = "/var/lib/ntfy-sh/user.db";
-      auth-default-access = "deny-all";
-      behind-proxy = true;
-      attachment-cache-dir = "/media/cloud/ntfy-sh/attachments";
-      attachment-file-size-limit = "500m";
-      attachment-total-size-limit = "100g";
-      base-url = "https://ntfy.euer.krebsco.de";
-      attachment-expiry-duration = "48h";
-    };
-  };
-
-  systemd.services.ntfy-sh.serviceConfig = {
-    StateDirectory = "ntfy-sh";
-    SupplementaryGroups = [ "download" ];
-  };
-  
-  services.nginx = {
-    enable = lib.mkDefault true;
-    virtualHosts."${hostn}" = {
-      forceSSL = true;
-      enableACME = true;
-
-      locations."/" = {
-        proxyPass  = "http://localhost:${toString web-port}/";
-        proxyWebsockets = true;
-        recommendedProxySettings = true;
-      };
-    };
-  };
-}
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
deleted file mode 100644
index 8e5e71f1..00000000
--- a/makefu/2configs/deployment/owncloud.nix
+++ /dev/null
@@ -1,107 +0,0 @@
-{ lib, pkgs, config, ... }:
-with lib;
-
-# services.redis.enable = true;
-# to enable caching with redis first start up everything, then run:
-# nextcloud-occ config:system:set redis 'host' --value 'localhost' --type string
-# nextcloud-occ config:system:set redis 'port' --value 6379 --type integer
-# nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\Redis' --type string
-# nextcloud-occ config:system:set memcache.locking --value '\OC\Memcache\Redis' --type string
-
-# services.memcached.enable = true;
-# to enable caching with memcached run:
-# nextcloud-occ config:system:set memcached_servers 0 0 --value 127.0.0.1 --type string
-# nextcloud-occ config:system:set memcached_servers 0 1 --value 11211 --type integer
-# nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\APCu' --type string
-# nextcloud-occ config:system:set memcache.distributed --value '\OC\Memcache\Memcached' --type string
-
-let
-  adminpw = "/run/secret/nextcloud-admin-pw";
-  dbpw = "/run/secret/nextcloud-db-pw";
-in {
-
-  fileSystems."/var/lib/nextcloud/data" = {
-    device = "/media/cloud/nextcloud-data";
-    options = [ "bind" ];
-    depends = [ "/media/cloud" ];
-  };
-
-
-
-  krebs.secret.files.nextcloud-db-pw = {
-    path = dbpw;
-    owner.name = "nextcloud";
-    source-path = toString <secrets> + "/nextcloud-db-pw";
-  };
-
-  krebs.secret.files.nextcloud-admin-pw = {
-    path = adminpw;
-    owner.name = "nextcloud";
-    source-path = toString <secrets> + "/nextcloud-admin-pw";
-  };
-
-  services.nginx.virtualHosts."o.euer.krebsco.de" = {
-    forceSSL = true;
-    enableACME = true;
-  };
-  services.postgresqlBackup = {
-    enable = true;
-    databases = [ config.services.nextcloud.config.dbname ];
-  };
-systemd.services.postgresqlBackup-nextcloud.serviceConfig.SupplementaryGroups = [ "download" ];
-  
-  state = [
-    # services.postgresql.dataDir
-    # "${config.services.nextcloud.home}/config"
-    config.services.postgresqlBackup.location
-  ];
-
-  users.users.nextcloud.extraGroups = [ "download" ];
-  services.nextcloud = {
-    enable = true;
-    package = pkgs.nextcloud25;
-    hostName = "o.euer.krebsco.de";
-    # Use HTTPS for links
-    https = true;
-    # Auto-update Nextcloud Apps
-    autoUpdateApps.enable = true;
-    # Set what time makes sense for you
-    autoUpdateApps.startAt = "05:00:00";
-
-    caching.redis = true;
-    caching.apcu = true;
-    config = {
-      # Further forces Nextcloud to use HTTPS
-      overwriteProtocol = "https";
-      defaultPhoneRegion = "DE";
-
-      # Nextcloud PostegreSQL database configuration, recommended over using SQLite
-      dbtype = "pgsql";
-      dbuser = "nextcloud";
-      dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
-      dbname = "nextcloud";
-      dbpassFile = dbpw;
-      adminpassFile = adminpw;
-      adminuser = "root";
-    };
-  };
-  services.redis.enable = true;
-  systemd.services.redis.serviceConfig.LimitNOFILE=mkForce "65536";
-  services.postgresql = {
-    enable = true;
-    # Ensure the database, user, and permissions always exist
-    ensureDatabases = [ "nextcloud" ];
-    ensureUsers = [ { name = "nextcloud"; ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; } ];
-  };
-
-  systemd.services."nextcloud-setup" = {
-    requires = ["postgresql.service"];
-    after = ["postgresql.service"];
-    serviceConfig.RequiresMountFor = [ "/media/cloud" ];
-  };
-  systemd.services."phpfpm-nextcloud".serviceConfig.RequiresMountFor = [
-    "/media/cloud"
-    "/var/lib/nextcloud/data"
-  ];
-  systemd.services."phpfpm".serviceConfig.RequiresMountFor = [ "/media/cloud" ];
-}
diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix
deleted file mode 100644
index 19a8df23..00000000
--- a/makefu/2configs/deployment/photostore.krebsco.de.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ config, lib, pkgs, ... }:
-# more than just nginx config but not enough to become a module
-with import <stockholm/lib>;
-let
-  wsgi-sock = "${workdir}/uwsgi-photostore.sock";
-  workdir = config.services.uwsgi.runDir;
-in {
-
-  services.uwsgi = {
-    enable = true;
-    user = "nginx";
-    runDir = "/var/lib/photostore";
-    plugins = [ "python3" ];
-    instance = {
-      type = "emperor";
-      vassals = {
-        cameraupload-server = {
-          type = "normal";
-          pythonPackages = self: with self; [ pkgs.cameraupload-server ];
-          socket = wsgi-sock;
-        };
-      };
-    };
-  };
-
-  services.nginx = {
-    enable = mkDefault true;
-    virtualHosts."photostore.krebsco.de" = {
-      enableACME = true;
-      forceSSL = true;
-      locations = {
-        "/".extraConfig = ''
-        expires -1;
-        uwsgi_pass                  unix://${wsgi-sock};
-        uwsgi_param UWSGI_CHDIR     ${workdir};
-        uwsgi_param UWSGI_MODULE    cuserver.main;
-        uwsgi_param UWSGI_CALLABLE  app;
-        include                     ${pkgs.nginx}/conf/uwsgi_params;
-      '';
-      };
-    };
-  };
-}
diff --git a/makefu/2configs/deployment/rss/ebk.yml b/makefu/2configs/deployment/rss/ebk.yml
deleted file mode 100644
index 3248f5c4..00000000
--- a/makefu/2configs/deployment/rss/ebk.yml
+++ /dev/null
@@ -1,59 +0,0 @@
-regex: https://www.ebay\-kleinanzeigen.de/s\-.*
-selectors:
-  httpsettings:
-    cookie: {}
-    header: {}
-    useragent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)
-      Chrome/90.0.4430.72 Safari/537.36
-    insecure: false
-  feed:
-    title: title
-    authorname: ""
-    authoremail: ""
-  item:
-    container: ul[id='srchrslt-adtable'] li[class='ad-listitem lazyload-item   ']
-    title: |
-      title = sel:find("h2.text-module-begin"):first():text():gsub("^%s*(.-)%s*$", "%1")
-      print(title)
-    link: |
-      link = sel:find("a"):first():attr("href")
-      print("https://www.ebay-kleinanzeigen.de" .. link)
-    created: |-
-      created = ""
-      sel:find("div.aditem-main--top--right"):each(function(i, s)
-        created = s:text():gsub("^%s*(.-)%s*$", "%1")
-      end)
-      if created:match("Heute") then
-        time = created:gsub("^.*,", "")
-        print(os.date("%d.%m.%Y") .. time .. " CET")
-        return
-      end
-      if created:match("Gestern") then
-        time = created:gsub("^.*,", "")
-        print(os.date("%d.%m.%Y", os.time()-24*60*60) .. time .. " CET")
-        return
-      end
-      if created:match("\.") then
-        print(created .. " 00:00 CET")
-        return
-      end
-    createdformat: 02.01.2006 15:04 MST
-    description: |-
-      description = sel:find(".aditem-main--middle"):html()
-      place = sel:find(".aditem-main--top--left"):html()
-      print(description .. place)
-    content: ""
-    image: |
-      img = sel:find("div.imagebox"):first():attr("data-imgsrc")
-      if img ~= "" then
-        -- prepend host if needed
-        if not(img:match("https*:\/\/.*")) then
-          img = "https://www.ebay-kleinanzeigen.de" .. img
-        end
-        print(img)
-      end
-  nextpage: |
-    nextpage = sel:find("link[rel=next]"):attr("href")
-    print("https://www.ebay-kleinanzeigen.de" .. nextpage)
-  nextpagecount: 5
-  sort: ""
diff --git a/makefu/2configs/deployment/rss/ratt-hourly.sh b/makefu/2configs/deployment/rss/ratt-hourly.sh
deleted file mode 100755
index 67f2529b..00000000
--- a/makefu/2configs/deployment/rss/ratt-hourly.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/sh
-set -eu
-URLS=${1?must provide URLS file}
-OUTFILE=${2:-all.xml}
-
-echo "init, writing to $OUTFILE"
-
-cat > "$OUTFILE" <<EOF
-<?xml version="1.0" encoding="UTF-8"?>
-<rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/">
-  <channel>
-    <title>makefu Ebay Kleinanzeigen</title>
-    <link>https://www.ebay-kleinanzeigen.de/</link>
-    <description>Feed for all kleinanzeigen</description>
-    <pubDate>$(date '+%a, %d %b %Y %H:%M:%S %z')</pubDate>
-EOF
-echo "looping through $URLS"
-cat "$URLS" | while read line;do
-  echo "fetching $line"
-  ratt auto "$line"  | \
-  xmlstarlet sel -t -c "//item" >> "$OUTFILE" || :
-done
-
-echo "close"
-cat >> "$OUTFILE" <<EOF
-  </channel>
-</rss>
-EOF
diff --git a/makefu/2configs/deployment/rss/ratt.nix b/makefu/2configs/deployment/rss/ratt.nix
deleted file mode 100644
index 2e7ecb45..00000000
--- a/makefu/2configs/deployment/rss/ratt.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ pkgs, lib, config, ... }:
-let
-  fqdn = "rss.euer.krebsco.de";
-  ratt-path = "/var/lib/ratt/";
-  out-path = "${ratt-path}/all.xml";
-in {
-  systemd.tmpfiles.rules = ["d ${ratt-path} 0750 nginx nginx - -" ];
-  systemd.services.run-ratt = {
-    enable = true;
-    path = with pkgs; [ ratt xmlstarlet ];
-    script = builtins.readFile ./ratt-hourly.sh;
-    scriptArgs = "${./urls} ${out-path}";
-
-    preStart = "install -v -m750 ${./ebk.yml} ${ratt-path}/ebk.yml"; # ratt requires the config file in the cwd
-    serviceConfig.User = "nginx";
-    serviceConfig.WorkingDirectory= ratt-path;
-    startAt = "00/3:07"; # every 3 hours, fetch latest
-  };
-
-  services.nginx.virtualHosts."${fqdn}" = {
-    locations."=/ratt/all.xml" = {
-      alias = out-path;
-    };
-  };
-}
-
diff --git a/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix b/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix
deleted file mode 100644
index e204050b..00000000
--- a/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ pkgs, lib, config, ... }:
-let
-  fqdn = "rss.euer.krebsco.de";
-  ratt-path = "/var/lib/ratt/";
-in {
-  systemd.tmpfiles.rules = ["d ${ratt-path} 0750 nginx nginx - -" ];
-  services.tt-rss = {
-    enable = true;
-    virtualHost = fqdn;
-    selfUrlPath = "https://${fqdn}";
-  };
-
-  state = [ config.services.postgresqlBackup.location ];
-
-  services.postgresqlBackup = {
-    enable = true;
-    databases = [ config.services.tt-rss.database.name ];
-  };
-  systemd.services.tt-rss.serviceConfig =  {
-    Restart = lib.mkForce "always";
-  };
-
-  systemd.services.postgresqlBackup-tt_rss.serviceConfig.SupplementaryGroups = [ "download" ];
-
-  services.nginx.virtualHosts."${fqdn}" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/ratt/" = {
-      alias = ratt-path;
-      extraConfig = "autoindex on;";
-    };
-  };
-}
-
diff --git a/makefu/2configs/deployment/rss/urls b/makefu/2configs/deployment/rss/urls
deleted file mode 100644
index cbc68ccc..00000000
--- a/makefu/2configs/deployment/rss/urls
+++ /dev/null
@@ -1,9 +0,0 @@
-https://www.ebay-kleinanzeigen.de/s-heimwerken/nein/muehlhausen/bohrmaschine/k0c84l9313r5+heimwerken.versand_s:nein
-https://www.ebay-kleinanzeigen.de/s-stuttgart/zigbee/k0l9280
-https://www.ebay-kleinanzeigen.de/s-70378/d%C3%B6rrautomat/k0l9334r5
-https://www.ebay-kleinanzeigen.de/s-zu-verschenken/muehlhausen/c192l9313
-https://www.ebay-kleinanzeigen.de/s-spielzeug/muehlhausen/brettspiel/k0c23l9313
-https://www.ebay-kleinanzeigen.de/s-muehlhausen/dymo/k0l9313r5
-https://www.ebay-kleinanzeigen.de/s-zu-verschenken/muehlhausen/lautsprecher/k0c192l9313r5
-https://www.ebay-kleinanzeigen.de/s-muehlhausen/preis::40/winkelschleifer/k0l9313r5
-https://www.ebay-kleinanzeigen.de/s-muehlhausen/preis::40/kontaktgrill/k0l9313r5
diff --git a/makefu/2configs/deployment/scrape/default.nix b/makefu/2configs/deployment/scrape/default.nix
deleted file mode 100644
index c7a5b5c1..00000000
--- a/makefu/2configs/deployment/scrape/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  imports = [
-    ./elkstack.nix
-    ./selenium.nix
-  ];
-}
diff --git a/makefu/2configs/deployment/scrape/elkstack.nix b/makefu/2configs/deployment/scrape/elkstack.nix
deleted file mode 100644
index c6bf1c6d..00000000
--- a/makefu/2configs/deployment/scrape/elkstack.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-_:
-{
-  services.elasticsearch.enable = true;
-  services.kibana.enable = true;
-}
diff --git a/makefu/2configs/deployment/scrape/selenium.nix b/makefu/2configs/deployment/scrape/selenium.nix
deleted file mode 100644
index d700259b..00000000
--- a/makefu/2configs/deployment/scrape/selenium.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{config, pkgs, lib, ...}:
-with <stockholm/lib>;
-let
-  selenium-pw = <secrets/selenium-vncpasswd>;
-in {
-  services.jenkinsSlave.enable = true;
-  users.users.selenium = {
-    uid = genid "selenium";
-    extraGroups = [ "plugdev" ];
-  };
-
-  fonts.enableFontDir = true;
-
-  # networking.firewall.allowedTCPPorts = [ 5910 ];
-
-  systemd.services.selenium-X11 =
-  {
-    description = "X11 vnc for selenium";
-    wantedBy = [ "multi-user.target" ];
-    path = [ pkgs.xorg.xorgserver pkgs.tightvnc pkgs.dwm ];
-    environment =
-    {
-      DISPLAY = ":10";
-    };
-    script = ''
-      set -ex
-      [ -e /tmp/.X10-lock ] && ( set +e ; chmod u+w /tmp/.X10-lock ; rm /tmp/.X10-lock )
-      [ -e /tmp/.X11-unix/X10 ] && ( set +e ; chmod u+w /tmp/.X11-unix/X10 ; rm /tmp/.X11-unix/X10 )
-      mkdir -p ~/.vnc
-      cp -f ${selenium-pw} ~/.vnc/passwd
-      chmod go-rwx ~/.vnc/passwd
-      echo > ~/.vnc/xstartup
-      chmod u+x ~/.vnc/xstartup
-      vncserver $DISPLAY -geometry 1280x1024 -depth 24 -name jenkins -ac
-      dwm
-    '';
-    preStop = ''
-      vncserver -kill $DISPLAY
-    '';
-    serviceConfig = {
-      User = "selenium";
-    };
-  };
-
-  systemd.services.selenium-server =
-  {
-    description = "selenium-server";
-    wantedBy = [ "multi-user.target" ];
-    requires = [ "selenium-X11.service" ];
-    path = [ pkgs.chromium
-             pkgs.firefoxWrapper ];
-    environment =
-    {
-      DISPLAY = ":10";
-    };
-    script = ''
-      ${pkgs.selenium-server-standalone}/bin/selenium-server -Dwebdriver.enable.native.events=1
-    '';
-    serviceConfig = {
-      User = "selenium";
-    };
-  };
-
-
-}
-- 
cgit v1.2.3