9 files changed, 66 insertions, 45 deletions

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 1e796015a..a67c25145 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -13,6 +13,14 @@ in {
         systemWide = true;
       };
     }
+    {
+      krebs.per-user.lass.packages = [
+        pkgs.sshuttle
+      ];
+      security.sudo.extraConfig = ''
+        lass ALL= (root) NOPASSWD:SETENV: ${pkgs.sshuttle}/bin/.sshuttle-wrapped
+      '';
+    }
   ];
 
   users.extraUsers.mainUser.extraGroups = [ "audio" "video" ];
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 6fea97728..1cb68a985 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -56,6 +56,12 @@ with import <stockholm/lib>;
         SSL_CERT_FILE = ca-bundle;
       };
     })
+    {
+      #for sshuttle
+      environment.systemPackages = [
+        pkgs.pythonPackages.python
+      ];
+    }
   ];
 
   networking.hostName = config.krebs.build.host.name;
diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix
index f6f09e226..7d4d544aa 100644
--- a/lass/2configs/hfos.nix
+++ b/lass/2configs/hfos.nix
@@ -7,7 +7,7 @@ with import <stockholm/lib>;
     isNormalUser = true;
     extraGroups = [ "libvirtd" ];
     openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5NnADMRySix1kcxQwseHfem/SCDmkbvwc+ZZu7HFz4zss1k4Fh1knsukMY83zlno8p/8bBPWyixLTxuZHNy26af8GP95bvV3brnpRmrijkE4dOlpd+wvPcIyTKNunJvMzNDP/ry9g2GczEZKGWvQZudq/nI54HaCaRWM2kzEMEg8Rr9SGlZEKo8B+8HGVsz1a8USOnm8dqYP9dmfLdpy/s+7yWJSPh8wokvWeOOrahirOhO99ZfXm2gcdHqSKvbD2+4EYEm5w8iFrbYBT2wZ3u9ZOiooL/JuEBBdnDrcqZqeaTw0vOdKPvkUP8/rzRjvIwSkynMSD8fixpdGRNeIB riot@lagrange"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
       config.krebs.users.lass.pubkey
     ];
   };
@@ -21,12 +21,14 @@ with import <stockholm/lib>;
 
   krebs.iptables.tables.nat.PREROUTING.rules = [
     { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 22"; target = "DNAT --to-destination 192.168.122.208:22"; }
+    { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 25"; target = "DNAT --to-destination 192.168.122.208:25"; }
     { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 80"; target = "DNAT --to-destination 192.168.122.208:1080"; }
     { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
   ];
 
   krebs.iptables.tables.filter.FORWARD.rules = [
     { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
+    { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
     { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
     { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
   ];
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 6885ef59d..a33e69bf8 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
 {
   krebs.build.source.nixpkgs.git = {
     url = https://github.com/lassulus/nixpkgs;
-    ref = "819c1ab486a9c81d6a6b76c759aedece2df39037";
+    ref = "d98b556864f2b3a634e39ed1ae29f47c0e3fae35";
   };
 }
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index eba40532d..7a7bf95be 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -16,9 +16,9 @@
     enable = true;
     connectTo = [
       "prism"
-      "pigstarter"
       "gum"
-      "flap"
+      "ni"
+      "dishfire"
     ];
   };
 
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index bfaae24c8..f79e6b807 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -5,6 +5,7 @@ let
   out = {
     environment.systemPackages = [
       vim
+      pkgs.pythonPackages.flake8
     ];
 
     environment.etc.vimrc.source = vimrc;
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 2bbfe7333..5ed73a22c 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -7,7 +7,6 @@ let
     genid_signed
   ;
   inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
-    ssl
     servePage
     serveOwncloud
     serveWordpress;
@@ -25,47 +24,16 @@ let
 in {
   imports = [
     ./sqlBackup.nix
-    (ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
     (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
 
-    (ssl [ "karlaskop.de" "www.karlaskop.de" ])
     (servePage [ "karlaskop.de" "www.karlaskop.de" ])
 
-    (ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
     (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
 
-    (ssl [ "pixelpocket.de" ])
     (servePage [ "pixelpocket.de" ])
 
-    (ssl [ "o.ubikmedia.de" ])
     (serveOwncloud [ "o.ubikmedia.de" ])
 
-    (ssl [
-      "ubikmedia.de"
-      "aldona.ubikmedia.de"
-      "apanowicz.de"
-      "nirwanabluete.de"
-      "aldonasiech.com"
-      "360gradvideo.tv"
-      "ubikmedia.eu"
-      "facts.cloud"
-      "youthtube.xyz"
-      "illucloud.eu"
-      "illucloud.de"
-      "illucloud.com"
-      "www.ubikmedia.de"
-      "www.aldona.ubikmedia.de"
-      "www.apanowicz.de"
-      "www.nirwanabluete.de"
-      "www.aldonasiech.com"
-      "www.360gradvideo.tv"
-      "www.ubikmedia.eu"
-      "www.facts.cloud"
-      "www.youthtube.xyz"
-      "www.illucloud.eu"
-      "www.illucloud.de"
-      "www.illucloud.com"
-    ])
     (serveWordpress [
       "ubikmedia.de"
       "apanowicz.de"
@@ -88,6 +56,16 @@ in {
       "www.illucloud.eu"
       "www.illucloud.de"
       "www.illucloud.com"
+      "www.ubikmedia.de"
+      "aldona2.ubikmedia.de"
+      "apanowicz.ubikmedia.de"
+      "cinevita.ubikmedia.de"
+      "factscloud.ubikmedia.de"
+      "illucloud.ubikmedia.de"
+      "joemisch.ubikmedia.de"
+      "karlaskop.ubikmedia.de"
+      "nb.ubikmedia.de"
+      "youthtube.ubikmedia.de"
     ])
   ];
 
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 00e987116..9bf7e4a9c 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -7,7 +7,6 @@ let
     head
   ;
   inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
-    ssl
     servePage
     serveWordpress
   ;
@@ -29,28 +28,20 @@ in {
   imports = [
     ./sqlBackup.nix
 
-    (ssl [ "radical-dreamers.de" "www.radical-dreamers.de" ])
     (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])
 
-    (ssl [ "gs-maubach.de" "www.gs-maubach.de" ])
     (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ])
 
-    (ssl [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
     (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
 
-    (ssl [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
     (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
 
-    (ssl [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
     (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
 
-    (ssl [ "eastuttgart.de" "www.eastuttgart.de" ])
     (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
 
-    (ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
     (servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
 
-    (ssl [ "goldbarrendiebstahl.radical-dreamers.de" ])
     (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
   ];
 
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index 53c8f9444..cba4db766 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -2,6 +2,24 @@
 with import <stockholm/lib>;
 let
   user = config.krebs.build.user;
+
+  copyqConfig = pkgs.writeDash "copyq-config" ''
+    ${pkgs.copyq}/bin/copyq config check_clipboard true
+    ${pkgs.copyq}/bin/copyq config check_selection true
+    ${pkgs.copyq}/bin/copyq config copy_clipboard true
+    ${pkgs.copyq}/bin/copyq config copy_selection true
+
+    ${pkgs.copyq}/bin/copyq config activate_closes true
+    ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0
+    ${pkgs.copyq}/bin/copyq config clipboard_tab &clipboard
+    ${pkgs.copyq}/bin/copyq config disable_tray true
+    ${pkgs.copyq}/bin/copyq config hide_tabs true
+    ${pkgs.copyq}/bin/copyq config hide_toolbar true
+    ${pkgs.copyq}/bin/copyq config item_popup_interval true
+    ${pkgs.copyq}/bin/copyq config maxitems 1000
+    ${pkgs.copyq}/bin/copyq config move true
+    ${pkgs.copyq}/bin/copyq config text_wrap true
+  '';
 in {
 
   environment.systemPackages = [
@@ -109,4 +127,21 @@ in {
       User = user.name;
     };
   };
+
+  systemd.services.copyq = {
+    wantedBy = [ "multi-user.target" ];
+    requires = [ "xserver.service" ];
+    environment = {
+      DISPLAY = ":${toString config.services.xserver.display}";
+    };
+    serviceConfig = {
+      SyslogIdentifier = "copyq";
+      ExecStart = "${pkgs.copyq}/bin/copyq";
+      ExecStartPost = copyqConfig;
+      Restart = "always";
+      RestartSec = "2s";
+      StartLimitBurst = 0;
+      User = user.name;
+    };
+  };
 }