22 files changed, 305 insertions, 48 deletions

diff --git a/krebs/3modules/build/default.nix b/krebs/3modules/build/default.nix
index 23bd8c8f..6097a7b5 100644
--- a/krebs/3modules/build/default.nix
+++ b/krebs/3modules/build/default.nix
@@ -214,6 +214,11 @@ let
             options = {
               host = mkOption {
                 type = types.host;
+                description = ''
+                define the host where the directory is stored on.
+                XXX: currently it is just used to check if rsync is working,
+                     becomes part of url
+                '';
               };
               path = mkOption {
                 type = types.str;
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 2b4a13c4..f0eb290c 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -352,8 +352,8 @@ let
 
         extraZones = {
           "krebsco.de" = ''
-            mediengewitter    IN A      ${elemAt nets.internet.addrs4 0}
-            flap              IN A      ${elemAt nets.internet.addrs4 0}'';
+            mediengewitter    IN A      ${head nets.internet.addrs4}
+            flap              IN A      ${head nets.internet.addrs4}'';
         };
         nets = {
           internet = {
@@ -390,14 +390,13 @@ let
                               IN MX 10  mx42
             euer              IN MX 1   aspmx.l.google.com.
             io                IN NS     pigstarter.krebsco.de.
-            euer              IN A      ${elemAt nets.internet.addrs4 0}
-            pigstarter        IN A      ${elemAt nets.internet.addrs4 0}
-            conf              IN A      ${elemAt nets.internet.addrs4 0}
-            gold              IN A      ${elemAt nets.internet.addrs4 0}
-            graph             IN A      ${elemAt nets.internet.addrs4 0}
-            tinc              IN A      ${elemAt nets.internet.addrs4 0}
-            boot              IN A      ${elemAt nets.internet.addrs4 0}
-            mx42              IN A      ${elemAt nets.internet.addrs4 0}'';
+            pigstarter        IN A      ${head nets.internet.addrs4}
+            conf              IN A      ${head nets.internet.addrs4}
+            gold              IN A      ${head nets.internet.addrs4}
+            graph             IN A      ${head nets.internet.addrs4}
+            tinc              IN A      ${head nets.internet.addrs4}
+            boot              IN A      ${head nets.internet.addrs4}
+            mx42              IN A      ${head nets.internet.addrs4}'';
         };
         nets = {
           internet = {
@@ -426,15 +425,56 @@ let
           };
         };
       };
+      wry = rec {
+        cores = 1;
+        dc = "makefu"; #dc = "cac";
+        extraZones = {
+          "krebsco.de" = ''
+            wry            IN A ${head nets.internet.addrs4}
+            '';
+        };
+        nets = rec {
+          internet = {
+            addrs4 = ["162.219.7.216"];
+            aliases = [
+              "wry.internet"
+            ];
+          };
+          retiolum = {
+            via = internet;
+            addrs4 = ["10.243.29.169"];
+            addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"];
+            aliases = [
+              "wry.retiolum"
+            ];
+            tinc.pubkey = ''
+              -----BEGIN RSA PUBLIC KEY-----
+              MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
+              rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
+              e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
+              sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
+              CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
+              PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
+              LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
+              DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
+              ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
+              jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
+              Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
+              -----END RSA PUBLIC KEY-----
+            '';
+          };
+        };
+      };
       gum = rec {
         cores = 1;
         dc = "online.net"; #root-server
 
         extraZones = {
           "krebsco.de" = ''
-            omo               IN A      ${elemAt nets.internet.addrs4 0}
-            gum               IN A      ${elemAt nets.internet.addrs4 0}
-            paste             IN A      ${elemAt nets.internet.addrs4 0}'';
+            omo               IN A      ${head nets.internet.addrs4}
+            euer              IN A      ${head nets.internet.addrs4}
+            gum               IN A      ${head nets.internet.addrs4}
+            paste             IN A      ${head nets.internet.addrs4}'';
         };
         nets = {
           internet = {
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 4724fd3e..de5e824c 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -22,6 +22,7 @@
     ../2configs/retiolum.nix
     ../2configs/wordpress.nix
     ../2configs/bitlbee.nix
+    ../2configs/firefoxPatched.nix
   ];
 
   krebs.build = {
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 7c483546..6cdeab1b 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -44,7 +44,7 @@ with lib;
     exim-retiolum.enable = true;
     build.deps.nixpkgs = {
       url = https://github.com/Lassulus/nixpkgs;
-      rev = "e74d0e7ff83c16846a81e1173543f180ad565076";
+      rev = "68bd8e4a9dc247726ae89cc8739574261718e328";
     };
   };
 
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 4fe06b72..f37dace2 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -62,7 +62,7 @@ in {
   imports = [
     ../3modules/per-user.nix
   ] ++ [
-    ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] )
+    ( createFirefoxUser "ff" [ "audio" ] [ ] )
     ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
     ( createChromiumUser "fb" [ ] [ pkgs.chromium ] )
     ( createChromiumUser "gm" [ ] [ pkgs.chromium ] )
diff --git a/lass/2configs/desktop-base.nix b/lass/2configs/desktop-base.nix
index 52c29d7e..8ae768ca 100644
--- a/lass/2configs/desktop-base.nix
+++ b/lass/2configs/desktop-base.nix
@@ -61,4 +61,8 @@ in {
     xkbOptions = "caps:backspace";
   };
 
+  services.logind.extraConfig = ''
+    HandleLidSwitch=ignore
+  '';
+
 }
diff --git a/lass/2configs/firefoxPatched.nix b/lass/2configs/firefoxPatched.nix
new file mode 100644
index 00000000..daf8a28b
--- /dev/null
+++ b/lass/2configs/firefoxPatched.nix
@@ -0,0 +1,58 @@
+{ config, lib, pkgs, ... }:
+
+let
+  lpkgs = import ../5pkgs { inherit pkgs; };
+
+  inherit (lib)
+    concatMapStrings
+  ;
+
+  plugins = with lpkgs.firefoxPlugins; [
+    noscript
+    ublock
+    vimperator
+  ];
+
+  copyXpi = plugin:
+    "cp ${plugin}/*.xpi $out/usr/lib/firefox-*/browser/extensions/";
+
+  preferences = pkgs.writeText "autoload.js" ''
+    pref('general.config.filename', 'firefox.cfg');
+    pref('general.config.obscure_value', 0);
+  '';
+
+  config = pkgs.writeText "firefox.cfg" ''
+    //
+    lockPref("app.update.enabled", false);
+    lockPref("extensions.update.enabled", false);
+    lockPref("autoadmin.global_config_url", "");
+    lockPref("extensions.checkUpdateSecurity", false);
+    lockPref("services.sync.enabled", false);
+    lockPref("browser.shell.checkDefaultBrowser", false);
+    lockPref("layout.spellcheckDefault", 0);
+    lockPref("app.update.auto", false);
+    lockPref("browser.newtabpage.enabled", false);
+    lockPref("noscript.firstRunRedirection", false);
+    lockPref("noscript.hoverUI", false);
+    lockPref("noscript.notify", false);
+    defaultPref("extensions.newAddons", false);
+    defaultPref("extensions.autoDisableScopes", 0);
+    defaultPref("plugin.scan.plid.all", false);
+  '';
+
+in {
+  environment.systemPackages = [
+    (pkgs.lib.overrideDerivation pkgs.firefox-bin (original : {
+      installPhase = ''
+        ${original.installPhase}
+        find $out/usr/lib
+        ${concatMapStrings copyXpi plugins}
+        cd $out/usr/lib/firefox-*/
+        mkdir -p browser/defaults/preferences
+        cp ${preferences} browser/defaults/preferences/autoload.js
+        cp ${config} ./firefox.cfg
+      '';
+    }))
+  ];
+}
+
diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix
index 41d241ba..e4840383 100644
--- a/lass/2configs/programs.nix
+++ b/lass/2configs/programs.nix
@@ -7,7 +7,6 @@
     gnupg1compat
     htop
     i3lock
-    mc
     mosh
     mpv
     pass
diff --git a/lass/2configs/texlive.nix b/lass/2configs/texlive.nix
index 18d72297..fa20ef81 100644
--- a/lass/2configs/texlive.nix
+++ b/lass/2configs/texlive.nix
@@ -2,6 +2,11 @@
 
 {
   environment.systemPackages = with pkgs; [
-    texLive
+    (texLiveAggregationFun { paths = [
+      texLive
+      texLiveExtra
+      texLiveCMSuper
+      texLiveModerncv
+    ];})
   ];
 }
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
index 646e816f..64aa4582 100644
--- a/lass/2configs/zsh.nix
+++ b/lass/2configs/zsh.nix
@@ -57,7 +57,7 @@
       #exports
       export EDITOR='vim'
       export MANPAGER='most'
-      export PAGER='vim -'
+      export PAGER='vim -R -'
       # export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -'
 
       #beautiful colors
@@ -103,23 +103,21 @@
 
       case $UID in
         0)
-          username='%F{red}root%f'
+          username='%F{red}root%f '
           ;;
         1337)
           username=""
           ;;
         *)
-          username='%F{blue}%n%f'
+          username='%F{blue}%n%f '
           ;;
       esac
 
       if test -n "$SSH_CLIENT"; then
         PROMPT="$error$username@%F{magenta}%M%f %~ "
       else
-        PROMPT="$error$username %~ "
+        PROMPT="$error$username%~ "
       fi
-
-
     '';
   };
   users.defaultUserShell = "/run/current-system/sw/bin/zsh";
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 6df35b90..7427cb62 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -8,4 +8,9 @@ rec {
   bitlbee-dev = callPackage ./bitlbee-dev.nix {};
   bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; };
   bitlbee = callPackage ./bitlbee.nix { inherit bitlbee-steam; };
+  firefoxPlugins = {
+    noscript = callPackage ./firefoxPlugins/noscript.nix {};
+    ublock = callPackage ./firefoxPlugins/ublock.nix {};
+    vimperator = callPackage ./firefoxPlugins/vimperator.nix {};
+  };
 }
diff --git a/lass/5pkgs/firefoxPlugins/noscript.nix b/lass/5pkgs/firefoxPlugins/noscript.nix
new file mode 100644
index 00000000..67a00a1b
--- /dev/null
+++ b/lass/5pkgs/firefoxPlugins/noscript.nix
@@ -0,0 +1,28 @@
+{ fetchgit, stdenv, bash, zip }:
+
+stdenv.mkDerivation rec {
+  name = "noscript";
+  id = "{73a6fe31-595d-460b-a920-fcc0f8843232}";
+
+  src = fetchgit {
+    url = "https://github.com/avian2/noscript";
+    rev = "c900a079793868bb080ab1e23522d29dc121b4c6";
+    sha256 = "1y06gh5a622yrsx0h7v92qnvdi97i54ln09zc1lvk8x430z5bdly";
+  };
+
+  buildInputs = [ zip ];
+
+  patchPhase = ''
+    substituteInPlace "version.sh" \
+    --replace "/bin/bash" "${bash}/bin/bash"
+  '';
+
+  buildPhase = ''
+    ./makexpi.sh
+  '';
+
+  installPhase = ''
+    mkdir -p $out/
+    cp *.xpi $out/${id}.xpi
+  '';
+}
diff --git a/lass/5pkgs/firefoxPlugins/result b/lass/5pkgs/firefoxPlugins/result
new file mode 120000
index 00000000..aa533441
--- /dev/null
+++ b/lass/5pkgs/firefoxPlugins/result
@@ -0,0 +1 @@
+/nix/store/gxr152p1bbgqcd839b0rckdd1h5cr886-vimperator
\ No newline at end of file
diff --git a/lass/5pkgs/firefoxPlugins/ublock.nix b/lass/5pkgs/firefoxPlugins/ublock.nix
new file mode 100644
index 00000000..29ef250e
--- /dev/null
+++ b/lass/5pkgs/firefoxPlugins/ublock.nix
@@ -0,0 +1,31 @@
+{ fetchgit, stdenv, bash, python, zip }:
+
+stdenv.mkDerivation rec {
+  name = "ublock";
+  id = "{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}";
+
+  src = fetchgit {
+    url = "https://github.com/chrisaljoudi/uBlock";
+    rev = "a70a50052a7914cbf86d46a725812b98434d8c70";
+    sha256 = "1qfzy79f8x01i33x0m95k833z1jgxjwb8wvlr6fj6id1kxfvzh77";
+  };
+
+  buildInputs = [
+    zip
+    python
+  ];
+
+  patchPhase = ''
+    substituteInPlace "tools/make-firefox.sh" \
+    --replace "/bin/bash" "${bash}/bin/bash"
+  '';
+
+  buildPhase = ''
+    tools/make-firefox.sh all
+  '';
+
+  installPhase = ''
+    mkdir -p $out/
+    cp dist/build/uBlock.firefox.xpi $out/${id}.xpi
+  '';
+}
diff --git a/lass/5pkgs/firefoxPlugins/vimperator.nix b/lass/5pkgs/firefoxPlugins/vimperator.nix
new file mode 100644
index 00000000..dabef3d2
--- /dev/null
+++ b/lass/5pkgs/firefoxPlugins/vimperator.nix
@@ -0,0 +1,19 @@
+{ fetchgit, stdenv, zip }:
+
+stdenv.mkDerivation rec {
+  name = "vimperator";
+  id = "vimperator@mozdev.org";
+
+  src = fetchgit {
+    url = "https://github.com/vimperator/vimperator-labs.git";
+    rev = "ba7d8e72516fdc22246748c8183d7bc90f6fb073";
+    sha256 = "0drz67qm5hxxzw699rswlpjkg4p2lfipx119pk1nyixrqblcsvq2";
+  };
+
+  buildInputs = [ zip ];
+
+  installPhase = ''
+    mkdir -p $out/
+    cp downloads/vimperator*.xpi $out/${id}.xpi
+  '';
+}
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index 2dce87d5..497c03e1 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -9,6 +9,7 @@
     [ # Include the results of the hardware scan.
       # Base
       ../2configs/base.nix
+      ../2configs/base-sources.nix
       ../2configs/tinc-basic-retiolum.nix
 
       # HW/FS
@@ -38,12 +39,6 @@
 
   nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
 
-  krebs.build.deps = {
-    nixpkgs = {
-      url = https://github.com/NixOS/nixpkgs;
-      rev = "03921972268934d900cc32dad253ff383926771c";
-    };
-  };
 
   networking.firewall.allowedTCPPorts = [
   # nginx runs on 80
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 4dcfe4ec..d43f89a0 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -9,6 +9,9 @@
       ../2configs/base.nix
       ../2configs/main-laptop.nix #< base-gui
 
+      # configures sources
+      ../2configs/base-sources.nix
+
       # Krebs
       ../2configs/tinc-basic-retiolum.nix
       #../2configs/disable_v6.nix
@@ -18,34 +21,30 @@
 
       # applications
       ../2configs/exim-retiolum.nix
-      ../2configs/virtualization.nix
+      #../2configs/virtualization.nix
+      ../2configs/virtualization-virtualbox.nix
       ../2configs/wwan.nix
 
       # services
       ../2configs/git/brain-retiolum.nix
-      # ../2configs/Reaktor/simpleExtend.nix
+      ../2configs/tor.nix
 
       # hardware specifics are in here
       ../2configs/hw/tp-x220.nix
       # mount points
       ../2configs/fs/sda-crypto-root-home.nix
     ];
+  krebs.Reaktor.enable = true;
+  krebs.Reaktor.debug = true;
+  krebs.Reaktor.nickname = "makefu|r";
 
   krebs.build.host = config.krebs.hosts.pornocauster;
   krebs.build.user = config.krebs.users.makefu;
   krebs.build.target = "root@pornocauster";
 
-  #krebs.Reaktor.nickname = "makefu|r";
 
   networking.firewall.allowedTCPPorts = [
     25
   ];
 
-  krebs.build.deps = {
-    nixpkgs = {
-      url = https://github.com/NixOS/nixpkgs;
-      #url = https://github.com/makefu/nixpkgs;
-      rev = "03921972268934d900cc32dad253ff383926771c";
-    };
-  };
 }
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
new file mode 100644
index 00000000..29ad82d4
--- /dev/null
+++ b/makefu/1systems/wry.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+let
+
+  ip = (lib.elemAt config.krebs.build.host.nets.internet.addrs4 0);
+in {
+  imports = [
+    ../../tv/2configs/CAC-CentOS-7-64bit.nix
+    ../2configs/base.nix
+    ../2configs/tinc-basic-retiolum.nix
+    {
+    }
+  ];
+  networking.firewall.allowPing = true;
+  networking.interfaces.enp2s1.ip4 = [
+      {
+        address = ip;
+        prefixLength = 24;
+      }
+    ];
+    networking.defaultGateway = "104.233.80.1";
+    networking.nameservers = [
+      "8.8.8.8"
+    ];
+
+  # based on ../../tv/2configs/CAC-Developer-2.nix
+  sound.enable = false;
+  krebs.build = {
+    user = config.krebs.users.makefu;
+    target = "root@${ip}";
+    host = config.krebs.hosts.wry;
+  };
+
+}
diff --git a/makefu/2configs/base-sources.nix b/makefu/2configs/base-sources.nix
new file mode 100644
index 00000000..a2715ba4
--- /dev/null
+++ b/makefu/2configs/base-sources.nix
@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+
+{
+  krebs.build.source = {
+    git.nixpkgs = {
+      url = https://github.com/NixOS/nixpkgs;
+      #url = https://github.com/makefu/nixpkgs;
+      rev = "68bd8e4a9dc247726ae89cc8739574261718e328";
+    };
+    dir.secrets = {
+      host = config.krebs.hosts.pornocauster;
+      path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
+    };
+    dir.stockholm = {
+      host = config.krebs.hosts.pornocauster;
+      path = toString ../.. ;
+    };
+  };
+}
diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix
index a5c64f4f..34b41302 100644
--- a/makefu/2configs/base.nix
+++ b/makefu/2configs/base.nix
@@ -37,15 +37,6 @@ with lib;
   time.timeZone = "Europe/Berlin";
   #nix.maxJobs = 1;
 
-  krebs.build.deps = {
-    secrets = {
-      url = "/home/makefu/secrets/${config.krebs.build.host.name}";
-    };
-    stockholm = {
-      url = toString ../..;
-    };
-  };
-
   services.openssh.enable = true;
   nix.useChroot = true;
 
diff --git a/makefu/2configs/tor.nix b/makefu/2configs/tor.nix
new file mode 100644
index 00000000..e466a183
--- /dev/null
+++ b/makefu/2configs/tor.nix
@@ -0,0 +1,7 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.tor.enable = true;
+  services.tor.client.enable = true;
+  # also enables services.tor.client.privoxy
+}
diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix
new file mode 100644
index 00000000..164401f7
--- /dev/null
+++ b/makefu/2configs/virtualization-virtualbox.nix
@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+
+let
+  mainUser = config.krebs.build.user;
+  version = "5.0.4";
+  rev = "102546";
+  vboxguestpkg = pkgs.fetchurl {
+        url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
+        sha256 = "1ykwpjvfgj11iwhx70bh2hbxhyy3hg6rnqzl4qac7xzg8xw8wqg4";
+      };
+in {
+  inherit vboxguestpkg;
+  virtualisation.virtualbox.host.enable = true;
+  nixpkgs.config.virtualbox.enableExtensionPack = true;
+
+  users.extraGroups.vboxusers.members = [ "${mainUser.name}" ];
+  environment.systemPackages = [ vboxguestpkg ];
+}