6 files changed, 87 insertions, 8 deletions

diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index aac67f2e3..f12dda097 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -229,6 +229,32 @@ in {
         };
       };
     };
+    jongepad = {
+      owner = config.krebs.users.jonge;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.5.6";
+          aliases = [
+            "jongepad.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIICCgKCAgEAtJsF5jL/M72PCptLFC5iIEt0qAL544H/VLijvZEG9gnoqbs94aNJ
+            MM5Sr3yMB01WkcT1Lph3r4dxV0/QECu3Ca4xxuUntu42tFXhkikQGcZLuo2h4zr4
+            +wReudCCc7VqMcJDxriyyoW3i7smZnQGzo36gpKHbZfil8dJo0QE8mnujqkQCA0G
+            hjR7xdG+/usDgRUarfpNgoHKyZfLcomQLUuR8I3aHsdaCLgMJ8v5DjGymp2bIswT
+            puPx3IEZSXH8y6MZoISvLn+hwcWat34Bj1PF7vfgldivqHaDFpifpXvjbCmxcel9
+            WVZRSEvLSVT4FnpaJ7JkAaUpG+GOHVlPWARq9t9AZXKR1Zex9MIkHzWi/TIIkawj
+            wJNvUwvBYJ1UCuCby4/3nKlY7zWjj23YM6dTJDGMhJKR5m2SHp9SC0m0QdfSjN5z
+            8sJauCigGZ6rlmxkO4/2BBGshY8jWDl/z2oFiQfo7R2oZkJdWNHLGKtTZtqQQ3e6
+            SAE/HQvipiv35rMzHw3E9AJBhhQqT3vTLLZvMTBS6BRFvpqDNhXik1aFenNV4tjZ
+            XeYU1eXI4XzQqoW/avPTuLt8O0Ya/nziLXCaIy+hlx5Hd49hkGb+1saQ5yPUgoEt
+            wE9sy5+9b5ebn8B+N0yw7wnUYN8V8dmPmRwLt71IuBwHn/aAoXyWwFsCAwEAAQ==
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+    };
     rose = {
       owner = config.krebs.users.Mic92;
       nets = rec {
@@ -685,6 +711,9 @@ in {
     jan = {
       mail = "jan.heidbrink@posteo.de";
     };
+    jonge = {
+      mail = "jacek.galowicz@gmail.com";
+    };
     kmein = {
       mail = "kieran.meinhardt@gmail.com";
       pubkey = ssh-for "kmein";
@@ -695,6 +724,7 @@ in {
     };
     qubasa = {
       mail = "luis.nixos@gmail.com";
+      pubkey = ssh-for "qubasa";
     };
     raute = {
       mail = "macxylo@gmail.com";
diff --git a/krebs/3modules/external/ssh/qubasa.pub b/krebs/3modules/external/ssh/qubasa.pub
new file mode 100644
index 000000000..e9e1e6a29
--- /dev/null
+++ b/krebs/3modules/external/ssh/qubasa.pub
@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos
+
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index a8314e11c..78f3542fa 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -638,6 +638,46 @@ in {
       ssh.privkey.path = <secrets/ssh.id_ed25519>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f ";
     };
+    hilum = {
+      cores = 1;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.20.123";
+          ip6.addr = r6 "005b";
+          aliases = [
+            "hilum.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN PUBLIC KEY-----
+            MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb
+            pLx6gu6VycxaDcWAoTWSjPsOT2IJf3NYC6i8D6WASnRqR6djp06OG7Onu0r5hZhi
+            V5nelDUvR75qVAx9ZeuQDSdNpWuVMds/C3cQM6QQHD1kFwnr2n6VH/qy0W9duW8c
+            SGX3C80nRpmY0cCEEnxFdFdLSd0c15M+lFVAaqh2225ujXyyvkwH874yvpWLPSdh
+            4xjZdrOFarl5yb9q83HcZsdunn+469BeKCWB8bs+nRsp9Wwj1en1yAZTB3WazYNE
+            saFQ0xGa7VGfHN0PjqgZEF2I2IiQJ+H3N5XRQ7dcJzsDRB8lMrCx2ynJkJRSjLXz
+            vgZjW+Rf47V9CLRjJGCp1xh6GbXqjsIYh5yqZkgH4Sm1VpMBYdr/kLjiygwzV8jY
+            8uoBUgEHLc5B73/D3GlMe3bOJmxxMfyPITVTFHgznycalBNBSsgKpIwWae6LbYhZ
+            wrpi66IQOyC6YYThqn8pz3KUz17HxyacA/mS6/jcRP+IiHb9CYcS4BsjTpH3NnM3
+            RkSWE3FGE+ULH1W/VeA8pZRKAR1rypvMRdewbFTQpe/dNgif5O5Fe/7l/6KDzzCh
+            Zqqr6sEFhutPUd6PcaVtQlfzYkJ9MGYWYr4S17D7Q9V0H37a0AcRaYH59FCmlFjl
+            87b8jfJNXlKFW+EBxBxN2uECAwEAAQ==
+            -----END PUBLIC KEY-----
+          '';
+        };
+        wiregrill = {
+          ip6.addr = w6 "005b";
+          aliases = [
+            "hilum.w"
+          ];
+          wireguard.pubkey = ''
+            0DRcCDR0O+UqV07DsGfS4On+6YaZ3LPfvni9u1NZNhw=
+          '';
+        };
+      };
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w";
+      syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC";
+    };
   };
   users = rec {
     lass = lass-blue;
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 9581712fb..ab24d9096 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -189,6 +189,7 @@ in {
           wg.euer           IN A      ${nets.internet.ip4.addr}
           wiki.euer         IN A      ${nets.internet.ip4.addr}
           wikisearch        IN A      ${nets.internet.ip4.addr}
+          bookmark.euer     IN A      ${nets.internet.ip4.addr}
           io                IN NS     gum.krebsco.de.
           mediengewitter    IN CNAME  over.dose.io.
         '';
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index 24eac7158..ed00d187c 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -110,8 +110,12 @@ let
         hostsArchive = mkOption {
           type = types.package;
           default = pkgs.runCommand "retiolum-hosts.tar.bz2" {} ''
-            ${pkgs.coreutils}/bin/ln -s ${tinc.config.hostsPackage} hosts
-            ${pkgs.gnutar}/bin/tar -hcjf $out hosts
+            cp \
+                --no-preserve=mode \
+                --recursive \
+                ${tinc.config.hostsPackage} \
+                hosts
+            ${pkgs.gnutar}/bin/tar -cjf $out hosts
           '';
           readOnly = true;
         };
diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix
index 61ee72e74..43535b08f 100644
--- a/krebs/3modules/urlwatch.nix
+++ b/krebs/3modules/urlwatch.nix
@@ -75,10 +75,7 @@ let
       ];
       apply = map (x: getAttr (typeOf x) {
         set = x;
-        string = {
-          url = x;
-          filter = null;
-        };
+        string.url = x;
       });
     };
     verbose = mkOption {
@@ -96,7 +93,7 @@ let
 
   hooksFile = cfg.hooksFile;
 
-  configFile = pkgs.writeText "urlwatch.yaml" (toJSON {
+  configFile = pkgs.writeJSON "urlwatch.yaml" {
     display = {
       error = true;
       new = true;
@@ -132,7 +129,7 @@ let
         line_length = 75;
       };
     };
-  });
+  };
 
   imp = {
     systemd.timers.urlwatch = {
@@ -210,8 +207,13 @@ let
         type = types.str;
       };
       filter = mkOption {
+        default = null;
         type = with types; nullOr str; # TODO nullOr subtypes.filter
       };
+      ignore_cached = mkOption {
+        default = null;
+        type = with types; nullOr bool;
+      };
     };
   };
 in out