9 files changed, 74 insertions, 27 deletions

diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix
index 6706914b5..bed8961b8 100644
--- a/lass/1systems/archprism/config.nix
+++ b/lass/1systems/archprism/config.nix
@@ -110,7 +110,6 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/iodined.nix>
     <stockholm/lass/2configs/paste.nix>
     <stockholm/lass/2configs/syncthing.nix>
-    <stockholm/lass/2configs/reaktor-coders.nix>
     <stockholm/lass/2configs/ciko.nix>
     <stockholm/lass/2configs/container-networking.nix>
     <stockholm/lass/2configs/monitoring/prometheus-server.nix>
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 6d65b58c2..cac13be2b 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -33,6 +33,7 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/rtl-sdr.nix>
     <stockholm/lass/2configs/backup.nix>
     <stockholm/lass/2configs/print.nix>
+    <stockholm/lass/2configs/blue-host.nix>
     {
       krebs.iptables.tables.filter.INPUT.rules = [
         #risk of rain
diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
index b6c08f797..08aa18b76 100644
--- a/lass/1systems/skynet/config.nix
+++ b/lass/1systems/skynet/config.nix
@@ -5,42 +5,34 @@ with import <stockholm/lib>;
     <stockholm/lass>
 
     <stockholm/lass/2configs/retiolum.nix>
-    #<stockholm/lass/2configs/exim-retiolum.nix>
     <stockholm/lass/2configs/fetchWallpaper.nix>
     {
-      # discordius config
       services.xserver.enable = true;
+      services.xserver.desktopManager.xfce.enable = true;
+
       users.users.discordius = {
-        uid = genid "discordius";
-        home = "/home/discordius";
-        group = "users";
-        createHome = true;
+        uid = genid "diskordius";
+        isNormalUser = true;
         extraGroups = [
           "audio"
           "networkmanager"
         ];
-        useDefaultShell = true;
-      };
-      networking.networkmanager.enable = true;
-      networking.wireless.enable = mkForce false;
-      hardware.pulseaudio = {
-        enable = true;
-        systemWide = true;
       };
       environment.systemPackages = with pkgs; [
-        pavucontrol
-        firefox
-        hexchat
-        networkmanagerapplet
+        google-chrome
       ];
-      services.xserver.desktopManager.gnome3 = {
+      hardware.pulseaudio = {
         enable = true;
+        systemWide = true;
       };
     }
   ];
 
   krebs.build.host = config.krebs.hosts.skynet;
 
+  networking.wireless.enable = false;
+  networking.networkmanager.enable = true;
+
   services.logind.extraConfig = ''
     HandleLidSwitch=ignore
   '';
diff --git a/lass/1systems/skynet/physical.nix b/lass/1systems/skynet/physical.nix
index 358e1f511..e3451293f 100644
--- a/lass/1systems/skynet/physical.nix
+++ b/lass/1systems/skynet/physical.nix
@@ -1,10 +1,27 @@
 {
   imports = [
     ./config.nix
-    <stockholm/lass/2configs/hw/x220.nix>
-    <stockholm/lass/2configs/boot/stock-x220.nix>
+    <stockholm/krebs/2configs/hw/x220.nix>
   ];
 
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.efiSupport = true;
+  boot.loader.grub.efiInstallAsRemovable = true;
+  boot.loader.grub.device = "nodev";
+
+  networking.hostId = "06442b9a";
+
+  fileSystems."/" =
+    { device = "rpool/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/0876-B308";
+      fsType = "vfat";
+    };
+
   services.udev.extraRules = ''
     SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
     SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
index 83c235f3e..2302c70ec 100644
--- a/lass/2configs/blue-host.nix
+++ b/lass/2configs/blue-host.nix
@@ -8,16 +8,38 @@ with import <stockholm/lib>;
   systemd.services."container@blue".reloadIfChanged = mkForce false;
   containers.blue = {
     config = { ... }: {
-      environment.systemPackages = [ pkgs.git ];
+      environment.systemPackages = [
+        pkgs.git
+        pkgs.rxvt_unicode.terminfo
+      ];
       services.openssh.enable = true;
       users.users.root.openssh.authorizedKeys.keys = [
         config.krebs.users.lass.pubkey
       ];
     };
-    autoStart = true;
+    autoStart = false;
     enableTun = true;
     privateNetwork = true;
     hostAddress = "10.233.2.9";
     localAddress = "10.233.2.10";
   };
+  environment.systemPackages = [
+    (pkgs.writeDashBin "start-blue" ''
+      set -ef
+      if ping -c1 blue.r; then
+        echo 'blue is already running. bailing out'
+        exit 23
+      fi
+      if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then
+        ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue
+      fi
+      nixos-container start blue
+      nixos-container run blue -- nixos-rebuild -I /var/src switch
+    '')
+    (pkgs.writeDashBin "stop-blue" ''
+      set -ef
+      nixos-container stop blue
+      fusermount -u /var/lib/containers/blue
+    '')
+  ];
 }
diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix
index aef671636..b7083c776 100644
--- a/lass/2configs/monitoring/prometheus-server.nix
+++ b/lass/2configs/monitoring/prometheus-server.nix
@@ -177,7 +177,8 @@
       addr = "0.0.0.0";
       domain = "grafana.example.com";
       rootUrl = "https://grafana.example.com/";
-      security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
+      auth.anonymous.enable = true;
+      auth.anonymous.org_role = "Admin";
     };
   };
   services.logstash = {
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 828cab95f..4935268a4 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -139,6 +139,13 @@ in {
     ssl_key = "/var/lib/acme/lassul.us/key.pem";
   };
 
+  users.users.xanf = {
+    uid = genid_uint31 "xanf";
+    home = "/home/xanf";
+    useDefaultShell = true;
+    createHome = true;
+  };
+
   users.users.domsen = {
     uid = genid_uint31 "domsen";
     description = "maintenance acc for domsen";
diff --git a/lass/krops.nix b/lass/krops.nix
index a898164c3..758c2a7d4 100644
--- a/lass/krops.nix
+++ b/lass/krops.nix
@@ -21,12 +21,20 @@
   ];
 
 in {
+
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
   deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
     source = source { test = false; };
     inherit target;
   };
 
+  # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate)
+  populate = { target, force ? false }: pkgs.populate {
+    inherit force;
+    source = source { test = false; };
+    target = lib.mkTarget target;
+  };
+
   # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
   test = { target }: pkgs.krops.writeTest "${name}-test" {
     force = true;
diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json
index 73798f44d..ae35f9e76 100644
--- a/makefu/nixpkgs.json
+++ b/makefu/nixpkgs.json
@@ -1,7 +1,7 @@
 {
   "url": "https://github.com/makefu/nixpkgs",
-  "rev": "bf46294e4cf20649182f76fc9200a48436f5874a",
-  "date": "2018-09-18T02:20:45+02:00",
-  "sha256": "13900gack7pgf5a7c11x30rzb3s0kjpbm2z2g8fw4720cr9lkd94",
+  "rev": "9728b2e83406c76efc734ebb1923f23b8e687819",
+  "date": "2018-11-19T20:36:35+01:00",
+  "sha256": "0nk75ldppjr6x04hgghgg9vanr1cw4k5xhg699d38g2rpxviz5bp",
   "fetchSubmodules": false
 }