7 files changed, 27 insertions, 18 deletions

diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix
index 46b386e1..51b4a1af 100644
--- a/krebs/2configs/binary-cache/prism.nix
+++ b/krebs/2configs/binary-cache/prism.nix
@@ -3,7 +3,7 @@
 {
   nix = {
     binaryCaches = [
-      "http://cache.prism.r"
+      "https://cache.krebsco.de"
     ];
     binaryCachePublicKeys = [
       "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
diff --git a/krebs/3modules/makefu/ssh/ulrich.pub b/krebs/3modules/makefu/ssh/ulrich.pub
index 88313ee7..8ac69004 100644
--- a/krebs/3modules/makefu/ssh/ulrich.pub
+++ b/krebs/3modules/makefu/ssh/ulrich.pub
@@ -1 +1 @@
-AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de
diff --git a/makefu/2configs/bgt/auphonic.pub b/makefu/2configs/bgt/auphonic.pub
new file mode 100644
index 00000000..37b8e059
--- /dev/null
+++ b/makefu/2configs/bgt/auphonic.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvP50lgtHhlC3LKzC1/4yzJNxkZFDSIBvEfavNfchNKJUEBPo82oVtfFgJR5XfjI7c2U9dHl+0q4qMl+9ZiZWr2YgDpAr78kpur4gjWKrnBa2eT9GIfXB3Tm1+OpI2HoeOHUKEK1gKqqe9tJfS+CLb7DLCjulW8zdLiiH6KmvyaH78hGjZv+bpx7H4rItAinl8vGe+ceRIk4tZbmkyhphXbQZa3Ov+imiJXIr7fmX3tkOhUp4YwrVlUK8J0MEa1Kf7ZYWRqvGnKYFQ73LwLPz7UIOZ93zPF4d0R7xqvdEEhIx+u1/gToQZSMUczbVqg3dixr3yeBhFA/6h0lTA61mx
diff --git a/makefu/2configs/nginx/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
index 6b5687e7..6d64848f 100644
--- a/makefu/2configs/nginx/download.binaergewitter.de.nix
+++ b/makefu/2configs/bgt/download.binaergewitter.de.nix
@@ -1,12 +1,25 @@
 { config, lib, pkgs, ... }:
 
+with import <stockholm/lib>;
 let
-  ident = (toString <secrets>) + "/mirrorsync.gum.id_ed25519";
+  ident = (builtins.readFile ./auphonic.pub);
 in {
-  systemd.services.mirrorsync = {
-    startAt = "08:00:00";
-    path = with pkgs; [ rsync openssh ];
-    script = ''rsync -av -e "ssh -i ${ident}" mirrorsync@159.69.132.234:/var/www/html/ /var/www/binaergewitter'';
+  services.openssh = {
+    allowSFTP = true;
+    sftpFlags = [ "-l VERBOSE" ];
+    extraConfig = ''
+      Match User auphonic
+        ForceCommand internal-sftp
+        AllowTcpForwarding no
+        X11Forwarding no
+        PasswordAuthentication no
+    '';
+  };
+  users.users.auphonic = {
+    uid = genid "auphonic";
+    group = "nginx";
+    useDefaultShell = true;
+    openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
   };
   services.nginx = {
     enable = lib.mkDefault true;
diff --git a/makefu/2configs/deployment/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix
index c1a31b8d..c1a31b8d 100644
--- a/makefu/2configs/deployment/bgt/hidden_service.nix
+++ b/makefu/2configs/bgt/hidden_service.nix
diff --git a/makefu/krops.nix b/makefu/krops.nix
index 6c510eba..2a2f70a0 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -7,7 +7,6 @@
 
   host-src = {
     secure = false;
-    full = false;
     torrent = false;
     hw = false;
     musnix = false;
@@ -23,7 +22,11 @@
     {
       # nixos-18.09 @ 2018-09-18
       # + uhub/sqlite: 5dd7610401747
-      nixpkgs = if test then {
+      # + hovercraft: 7134801b17d72
+      nixpkgs = if host-src.arm6 then {
+        # TODO: we want to track the unstable channel
+        symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
+      } else {
         file = {
           path = toString (pkgs.fetchFromGitHub {
             owner = "makefu";
@@ -33,14 +36,6 @@
           });
           useChecksum = true;
         };
-      } else if host-src.full then {
-        git.ref = nixpkgs-src.rev;
-        git.url = nixpkgs-src.url;
-      } else if host-src.arm6 then {
-        # TODO: we want to track the unstable channel
-        symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
-      } else {
-        file = "/home/makefu/store/${nixpkgs-src.rev}";
       };
       nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix";
 
diff --git a/makefu/update-channel.sh b/makefu/update-channel.sh
index 59d3c434..0899581e 100755
--- a/makefu/update-channel.sh
+++ b/makefu/update-channel.sh
@@ -6,4 +6,4 @@ nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
   --rev refs/heads/master' \
 > $dir/nixpkgs.json
 newref=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
-echo git commit $dir/nixpkgs.json -m "nixpkgs: $oldref -> $newref"
+echo "git commit $dir/nixpkgs.json -m 'ma nixpkgs: $oldref -> $newref'"