Merge remote-tracking branch 'pnp/master'

9 files changed, 108 insertions, 8 deletions

diff --git a/makefu/2configs/Reaktor/random-emoji.nix b/makefu/2configs/Reaktor/random-emoji.nix
index b2d99b36b..3113a826b 100644
--- a/makefu/2configs/Reaktor/random-emoji.nix
+++ b/makefu/2configs/Reaktor/random-emoji.nix
@@ -12,6 +12,7 @@ let
                         coreutils
                         gnused
                         gnugrep
+                        xmlstarlet
                         curl]);
 in {
   # TODO: make origin a variable, <- module is generic enough to handle different origins, not only stockholm
diff --git a/makefu/2configs/Reaktor/random-emoji.sh b/makefu/2configs/Reaktor/random-emoji.sh
index 913d615be..386aa68b9 100644
--- a/makefu/2configs/Reaktor/random-emoji.sh
+++ b/makefu/2configs/Reaktor/random-emoji.sh
@@ -2,4 +2,5 @@
 curl http://emojicons.com/random -s | \
   grep data-text | \
   sed -n 's/.*>\(.*\)<\/textarea>/\1/p' | \
-  head -n 1
+  head -n 1 | \
+  xmlstarlet unesc
diff --git a/makefu/2configs/base-sources.nix b/makefu/2configs/base-sources.nix
index 826cd6fef..7e6bebec3 100644
--- a/makefu/2configs/base-sources.nix
+++ b/makefu/2configs/base-sources.nix
@@ -3,9 +3,9 @@
 {
   krebs.build.source = {
     git.nixpkgs = {
-      url = https://github.com/NixOS/nixpkgs;
-      #url = https://github.com/makefu/nixpkgs;
-      rev = "dc18f39bfb2f9d1ba62c7e8ad98544bb15cb26b2"; # nixos-15.09
+      #url = https://github.com/NixOS/nixpkgs;
+      url = https://github.com/makefu/nixpkgs;
+      rev = "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picked iodine
     };
 
     dir.secrets = {
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
new file mode 100644
index 000000000..fb170957a
--- /dev/null
+++ b/makefu/2configs/bepasty-dual.nix
@@ -0,0 +1,52 @@
+{ config, lib, pkgs, ... }:
+
+# 1systems should configure itself:
+#   krebs.bepasty.servers.internal.nginx.listen  = [ "80" ]
+#   krebs.bepasty.servers.external.nginx.listen  = [ "80" "443 ssl" ]
+#     80 is redirected to 443 ssl
+
+# secrets used:
+#   wildcard.krebsco.de.crt
+#   wildcard.krebsco.de.key
+#   bepasty-secret.nix     <- contains single string
+
+with lib;
+{
+
+  krebs.nginx.enable = mkDefault true;
+  krebs.bepasty = {
+    enable = true;
+    serveNginx= true;
+
+    servers = {
+      internal = {
+        nginx = {
+          server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
+        };
+        defaultPermissions = "admin,list,create,read,delete";
+        secretKey = import <secrets/bepasty-secret.nix>;
+      };
+
+      external = {
+        nginx = {
+          server-names = [ "paste.krebsco.de" ];
+          extraConfig = ''
+          ssl_session_cache    shared:SSL:1m;
+          ssl_session_timeout  10m;
+          ssl_certificate     /root/secrets/wildcard.krebsco.de.crt;
+          ssl_certificate_key /root/secrets/wildcard.krebsco.de.key;
+          ssl_verify_client off;
+          proxy_ssl_session_reuse off;
+          ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
+          ssl_ciphers RC4:HIGH:!aNULL:!MD5;
+          ssl_prefer_server_ciphers on;
+          if ($scheme = http){
+            return 301 https://$server_name$request_uri;
+          }'';
+        };
+        defaultPermissions = "read";
+        secretKey = import <secrets/bepasty-secret.nix>;
+      };
+    };
+  };
+}
diff --git a/makefu/2configs/exim-retiolum.nix b/makefu/2configs/exim-retiolum.nix
index cebfd7cea..b8c5c5236 100644
--- a/makefu/2configs/exim-retiolum.nix
+++ b/makefu/2configs/exim-retiolum.nix
@@ -5,10 +5,6 @@ with lib;
   krebs.exim-retiolum.enable = true;
   environment.systemPackages = with pkgs; [
     msmtp
-    mutt-kz
-    notmuch
-    # TODO: put this somewhere else
-    offlineimap
   ];
 
 }
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 1277a014e..189dd66c8 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -10,6 +10,9 @@ let
     stockholm = {
       desc = "Make all the systems into 1systems!";
     };
+    tinc_graphs = {
+      desc = "Tinc Advanced Graph Generation";
+    };
   };
 
   priv-repos = mapAttrs make-priv-repo {
diff --git a/makefu/2configs/iodined.nix b/makefu/2configs/iodined.nix
new file mode 100644
index 000000000..db8a1bfed
--- /dev/null
+++ b/makefu/2configs/iodined.nix
@@ -0,0 +1,16 @@
+{ services,builtins,environment,pkgs, ... }:
+
+let
+  # TODO: make this a parameter
+  domain = "io.krebsco.de";
+  pw = import <secrets/iodinepw.nix>;
+in {
+
+  services.iodined = {
+    enable = true;
+    domain = domain;
+    ip = "172.16.10.1/24";
+    extraConfig = "-P ${pw}";
+  };
+
+}
diff --git a/makefu/2configs/mail-client.nix b/makefu/2configs/mail-client.nix
new file mode 100644
index 000000000..a6ae33d2f
--- /dev/null
+++ b/makefu/2configs/mail-client.nix
@@ -0,0 +1,12 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+  environment.systemPackages = with pkgs; [
+    msmtp
+    mutt-kz
+    notmuch
+    offlineimap
+  ];
+
+}
diff --git a/makefu/2configs/unstable-sources.nix b/makefu/2configs/unstable-sources.nix
new file mode 100644
index 000000000..f2d28dcaf
--- /dev/null
+++ b/makefu/2configs/unstable-sources.nix
@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+
+{
+  krebs.build.source = {
+    git.nixpkgs = {
+      url = https://github.com/makefu/nixpkgs;
+      rev = "984d33884d63d404ff2da76920b8bc8b15471552";
+    };
+
+    dir.secrets = {
+      host = config.krebs.hosts.pornocauster;
+      path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
+    };
+    dir.stockholm = {
+      host = config.krebs.hosts.pornocauster;
+      path = toString ../.. ;
+    };
+  };
+}