3 files changed, 103 insertions, 188 deletions
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index d4e231ec7..9b6211278 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -3,6 +3,6 @@ _:
 {
   imports = [
     ./xresources.nix
-    ./iptables.nix
+    ./realwallpaper.nix
   ];
 }
diff --git a/lass/3modules/iptables.nix b/lass/3modules/iptables.nix
deleted file mode 100644
index 8c6ad3fa1..000000000
--- a/lass/3modules/iptables.nix
+++ /dev/null
@@ -1,187 +0,0 @@
-arg@{ config, lib, pkgs, ... }:
-
-let
-  inherit (pkgs) writeScript writeText;
-
-  inherit (lib)
-    concatMapStringsSep
-    concatStringsSep
-    attrNames
-    unique
-    fold
-    any
-    attrValues
-    catAttrs
-    filter
-    flatten
-    length
-    hasAttr
-    mkEnableOption
-    mkOption
-    mkIf
-    types
-    sort;
-
-  elemIsIn = a: as:
-    any (x: x == a) as;
-
-  cfg = config.lass.iptables;
-
-  out = {
-    options.lass.iptables = api;
-    config = mkIf cfg.enable imp;
-  };
-
-  api = {
-    enable = mkEnableOption "iptables";
-
-    #tables.filter.INPUT = {
-    # policy = "DROP";
-    # rules = [
-    #   { predicate = "-i retiolum"; target = "ACCEPT"; priority = -10; }
-    # ];
-    #};
-    #new api
-    tables = mkOption {
-      type = with types; attrsOf (attrsOf (submodule ({
-        options = {
-          policy = mkOption {
-            type = str;
-            default = "-";
-          };
-          rules = mkOption {
-            type = nullOr (listOf (submodule ({
-              options = {
-                predicate = mkOption {
-                  type = str;
-                };
-                target = mkOption {
-                  type = str;
-                };
-                precedence = mkOption {
-                  type = int;
-                  default = 0;
-                };
-              };
-            })));
-            default = null;
-          };
-        };
-      })));
-    };
-  };
-
-  imp = {
-    networking.firewall.enable = false;
-
-    systemd.services.lass-iptables = {
-      description = "lass-iptables";
-      wantedBy = [ "network-pre.target" ];
-      before = [ "network-pre.target" ];
-      after = [ "systemd-modules-load.service" ];
-
-      path = with pkgs; [
-        iptables
-      ];
-
-      restartIfChanged = true;
-
-      serviceConfig = {
-        Type = "simple";
-        RemainAfterExit = true;
-        Restart = "always";
-        ExecStart = "@${startScript} lass-iptables_start";
-      };
-    };
-  };
-
-  #buildTable :: iptablesVersion -> iptablesAttrSet` -> str
-  #todo: differentiate by iptables-version
-  buildTables = v: ts:
-    let
-
-      declareChain = t: cn:
-        #TODO: find out what to do whit these count numbers
-        ":${cn} ${t."${cn}".policy} [0:0]";
-
-      buildChain = tn: cn:
-        let
-          sortedRules = sort (a: b: a.precedence > b.precedence) ts."${tn}"."${cn}".rules;
-
-        in
-          #TODO: double check should be unneccessary, refactor!
-          if (hasAttr "rules" ts."${tn}"."${cn}") then
-            if (ts."${tn}"."${cn}".rules == null) then
-              ""
-            else
-              concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([]
-                ++ map (buildRule tn cn) sortedRules
-              )
-          else
-            ""
-          ;
-
-
-      buildRule = tn: cn: rule:
-        #target validation test:
-        assert (elemIsIn rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}")));
-
-        #predicate validation test:
-        #maybe use iptables-test
-        #TODO: howto exit with evaluation error by shellscript?
-          #apperantly not possible from nix because evalatution wouldn't be deterministic.
-        "${rule.predicate} -j ${rule.target}";
-
-      buildTable = tn:
-        "*${tn}\n" +
-        concatStringsSep "\n" ([]
-          ++ map (declareChain ts."${tn}") (attrNames ts."${tn}")
-        ) +
-        #this looks dirty, find a better way to do this (maybe optionalString)
-        concatStringsSep "" ([]
-          ++ map (buildChain tn) (attrNames ts."${tn}")
-        ) +
-        "\nCOMMIT";
-    in
-      concatStringsSep "\n" ([]
-        ++ map buildTable (attrNames ts)
-      );
-
-#=====
-
-  rules4 = iptables-version:
-    let
-      #TODO: find out good defaults.
-      tables-defaults = {
-        nat.PREROUTING.policy = "ACCEPT";
-        nat.INPUT.policy = "ACCEPT";
-        nat.OUTPUT.policy = "ACCEPT";
-        nat.POSTROUTING.policy = "ACCEPT";
-        filter.INPUT.policy = "ACCEPT";
-        filter.FORWARD.policy = "ACCEPT";
-        filter.OUTPUT.policy = "ACCEPT";
-
-        #if someone specifies any other rules on this chain, the default rules get lost.
-        #is this wanted beahiviour or a bug?
-        #TODO: implement abstraction of rules
-        filter.INPUT.rules = [
-          { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
-        ];
-      };
-      tables = tables-defaults // cfg.tables;
-
-    in
-      writeText "lass-iptables-rules${toString iptables-version}" ''
-        ${buildTables iptables-version tables}
-      '';
-
-  startScript = writeScript "lass-iptables_start" ''
-    #! /bin/sh
-    set -euf
-    iptables-restore < ${rules4 4}
-    ip6tables-restore < ${rules4 6}
-  '';
-
-in
-out
-
diff --git a/lass/3modules/realwallpaper.nix b/lass/3modules/realwallpaper.nix
new file mode 100644
index 000000000..85dd35233
--- /dev/null
+++ b/lass/3modules/realwallpaper.nix
@@ -0,0 +1,102 @@
+arg@{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib)
+    mkEnableOption
+    mkOption
+    types
+    mkIf
+  ;
+
+  lpkgs = import ../5pkgs { inherit pkgs; };
+
+  cfg = config.lass.realwallpaper;
+
+  out = {
+    options.lass.realwallpaper = api;
+    config = mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "realwallpaper";
+
+    workingDir = mkOption {
+      type = types.str;
+      default = "/var/realwallpaper/";
+    };
+
+    nightmap = mkOption {
+      type = types.str;
+      default = "http://eoimages.gsfc.nasa.gov/images/imagerecords/55000/55167/earth_lights_lrg.jpg";
+    };
+
+    daymap = mkOption {
+      type = types.str;
+      default = "http://www.nnvl.noaa.gov/images/globaldata/SnowIceCover_Daily.png";
+    };
+
+    cloudmap = mkOption {
+      type = types.str;
+      default = "http://xplanetclouds.com/free/local/clouds_2048.jpg";
+    };
+
+    outFile = mkOption {
+      type = types.str;
+      default = "/tmp/wallpaper.png";
+    };
+
+    timerConfig = mkOption {
+      type = types.unspecified;
+      default = {
+        OnCalendar = "*:0/15";
+      };
+    };
+
+  };
+
+  imp = {
+    systemd.timers.realwallpaper = {
+      description = "real wallpaper generator timer";
+
+      timerConfig = cfg.timerConfig;
+    };
+
+    systemd.services.realwallpaper = {
+      description = "real wallpaper generator";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      path = with pkgs; [
+        xplanet
+        imagemagick
+        curl
+        file
+      ];
+
+      environment = {
+        working_dir = cfg.workingDir;
+        nightmap_url = cfg.nightmap;
+        daymap_url = cfg.daymap;
+        cloudmap_url = cfg.cloudmap;
+        out_file = cfg.outFile;
+      };
+
+      restartIfChanged = true;
+
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${lpkgs.realwallpaper}/realwallpaper.sh";
+        User = "realwallpaper";
+      };
+    };
+
+    users.extraUsers.realwallpaper = {
+      uid = 2009435407; #genid realwallpaper
+      home = cfg.workingDir;
+      createHome = true;
+    };
+  };
+
+in
+out
+