9 files changed, 88 insertions, 58 deletions
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index a656fdce3..b859efc94 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -148,6 +148,11 @@ in {
             allowedIPs = [ "10.244.0.5/32" ];
             publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
           }
+          {
+            # workr
+            allowedIPs = [ "10.244.0.6/32" ];
+            publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
+          }
           ];
         };
       }
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 1e087fef4..01438397e 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -25,16 +25,18 @@ let
   # |       |
   # |*      |
   # |* d2   |
-  # |  * r0 |
+  # |  *    |
+  # |  *    |
   # |_______|
   cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
   cryptDisk1 = byid "ata-TP02000GB_TPW151006050068";
   cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
+  cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4";
   # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
   # all physical disks
 
   # TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
-  dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ];
+  dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ];
   allDisks = [ rootDisk ] ++ dataDisks;
 in {
   imports =
@@ -69,6 +71,7 @@ in {
       <stockholm/makefu/2configs/mqtt.nix>
       <stockholm/makefu/2configs/remote-build/slave.nix>
       <stockholm/makefu/2configs/deployment/google-muell.nix>
+      <stockholm/makefu/2configs/virtualisation/docker.nix>
 
 
       # security
@@ -117,7 +120,6 @@ in {
   services.sabnzbd.enable = true;
   systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
 
-  virtualisation.docker.enable = true;
   makefu.ps3netsrv = {
     enable = true;
     servedir = "/media/cryptX/emu/ps3";
@@ -127,6 +129,7 @@ in {
 
   makefu.snapraid = {
     enable = true;
+    # TODO: 3 is not protected
     disks = map toMapper [ 0 1 ];
     parity = toMapper 2;
   };
@@ -139,7 +142,7 @@ in {
   '';
   environment.systemPackages = with pkgs;[
     mergerfs # hard requirement for mount
-    wol # wake up filepimp
+    wol      # wake up filepimp
     f3
   ];
   fileSystems = let
@@ -151,6 +154,7 @@ in {
   in   cryptMount "crypt0"
     // cryptMount "crypt1"
     // cryptMount "crypt2"
+    // cryptMount "crypt3"
     // { "/media/cryptX" = {
             device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]);
             fsType = "mergerfs";
@@ -179,6 +183,7 @@ in {
         (usbkey "crypt0" cryptDisk0)
         (usbkey "crypt1" cryptDisk1)
         (usbkey "crypt2" cryptDisk2)
+        (usbkey "crypt3" cryptDisk3)
       ];
     };
     loader.grub.device = lib.mkForce rootDisk;
diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix
index 38c044be4..c2cd23d1e 100644
--- a/makefu/1systems/sdev/config.nix
+++ b/makefu/1systems/sdev/config.nix
@@ -5,32 +5,35 @@
   imports =
     [ # Include the results of the hardware scan.
       <stockholm/makefu>
-      (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
-      (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
+
+     #  <stockholm/makefu/2configs/hw/vbox-guest.nix>
+      { # until virtualbox-image is fixed
+        imports = [
+            <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
+          ];
+        boot.loader.grub.device = "/dev/sda";
+      }
       <stockholm/makefu/2configs/main-laptop.nix>
       # <secrets/extra-hosts.nix>
 
       # environment
       <stockholm/makefu/2configs/tinc/retiolum.nix>
+      <stockholm/makefu/2configs/virtualisation/docker.nix>
 
     ];
-  # workaround for https://github.com/NixOS/nixpkgs/issues/16641
-  services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
-
-  nixpkgs.config.allowUnfree = true;
-
   # allow sdev to deploy self
   users.extraUsers = {
     root = {
         openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey  ];
     };
   };
+  # corefonts
+  nixpkgs.config.allowUnfree = true;
 
   environment.systemPackages = with pkgs;[
     ppp xclip
     get
     passwdqc-utils
-    docker
     gnupg
     populate
     (pkgs.writeScriptBin "tor-browser" ''
@@ -39,18 +42,11 @@
     '')
   ];
 
-  virtualisation.docker.enable = true;
-
   networking.firewall.allowedTCPPorts = [
     25
     80
     8010
   ];
 
-  fileSystems."/media/share" = {
-    fsType = "vboxsf";
-    device = "share";
-    options = [ "rw" "uid=9001" "gid=9001" ];
-  };
 
 }
diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix
index ffd9deaee..208dd1ff7 100644
--- a/makefu/1systems/vbob/config.nix
+++ b/makefu/1systems/vbob/config.nix
@@ -8,30 +8,9 @@
       {
         imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
         boot.loader.grub.device = "/dev/sda";
-        virtualisation.virtualbox.guest.enable = true;
       }
-      # {
-      #   imports = [
-      #     <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
-      #   ];
-      #   virtualbox.baseImageSize = 35 * 1024;
-      #   fileSystems."/media/share" = {
-      #     fsType = "vboxsf";
-      #     device = "share";
-      #     options = [ "rw" "uid=9001" "gid=9001" ];
-      #   };
-      # }
-
-      # {
-      #   imports = [
-      #     <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
-      #   ];
-      #   fileSystems."/nix" = {
-      #     device ="/dev/disk/by-label/nixstore";
-      #     fsType = "ext4";
-      #   };
-      # }
-
+      # <stockholm/makefu/2configs/hw/vbox-guest.nix>
+      # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
 
       # base gui
       # <stockholm/makefu/2configs/main-laptop.nix>
@@ -75,14 +54,8 @@
     ];
   networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
 
-  nixpkgs.config.allowUnfree = true;
-
   # allow vbob to deploy self
-  users.extraUsers = {
-    root = {
-        openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey  ];
-    };
-  };
+  users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey  ];
 
   environment.shellAliases = {
     forti  = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
@@ -94,16 +67,18 @@
     ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
     ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
   '';
+
+  # for forticlient
+  nixpkgs.config.allowUnfree = true;
+
   environment.systemPackages = with pkgs;[
     fortclientsslvpn ppp xclip
     get
     logstash
-  #  docker
     #devpi-web
     #devpi-client
     ansible
   ];
-  # virtualisation.docker.enable = true;
 
 
   networking.firewall.allowedTCPPorts = [
@@ -111,6 +86,6 @@
     80
     8010
   ];
-
+  # required for qemu
   systemd.services."serial-getty@ttyS0".enable = true;
 }
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index d5a9bdcfb..b4d4aa66e 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -40,7 +40,7 @@ with import <stockholm/lib>;
       # Virtualization
       <stockholm/makefu/2configs/virtualisation/libvirt.nix>
       <stockholm/makefu/2configs/virtualisation/docker.nix>
-      <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
+      # <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
       {
         networking.firewall.allowedTCPPorts = [ 8080 ];
         networking.nat = {
@@ -60,7 +60,7 @@ with import <stockholm/lib>;
       # Hardware
       <stockholm/makefu/2configs/hw/tp-x230.nix>
       # <stockholm/makefu/2configs/hw/tpm.nix>
-      <stockholm/makefu/2configs/hw/rtl8812au.nix>
+      # <stockholm/makefu/2configs/hw/rtl8812au.nix>
       <stockholm/makefu/2configs/hw/network-manager.nix>
       <stockholm/makefu/2configs/hw/stk1160.nix>
       # <stockholm/makefu/2configs/rad1o.nix>
@@ -78,6 +78,38 @@ with import <stockholm/lib>;
       # <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
       # <stockholm/makefu/2configs/lanparty/samba.nix>
       # <stockholm/makefu/2configs/lanparty/mumble-server.nix>
+      # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
+
+      {
+        networking.wireguard.interfaces.wg0 = {
+          ips = [ "10.244.0.2/24" ];
+          privateKeyFile = (toString <secrets>) + "/wireguard.key";
+          allowedIPsAsRoutes = true;
+          peers = [
+          {
+            # gum
+            endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820";
+            allowedIPs = [ "10.244.0.0/24" ];
+            publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
+          }
+          #{
+          #  # vbob
+          #  allowedIPs = [ "10.244.0.3/32" ];
+          #  publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
+          #}
+          ];
+        };
+      }
+
+      { # auto-mounting
+        services.udisks2.enable = true;
+        services.devmon.enable = true;
+        # services.gnome3.gvfs.enable = true;
+        users.users.makefu.packages = with pkgs;[
+          gvfs pcmanfm lxmenu-data
+        ];
+        environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
+      }
 
     ];
 
diff --git a/makefu/2configs/hw/vbox-guest.nix b/makefu/2configs/hw/vbox-guest.nix
new file mode 100644
index 000000000..65f915a2f
--- /dev/null
+++ b/makefu/2configs/hw/vbox-guest.nix
@@ -0,0 +1,16 @@
+{ lib, ...}:
+{
+  ## Guest Extensions are currently broken
+  imports = [
+    (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
+  ];
+  virtualisation.virtualbox.guest.enable = true;
+  services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
+
+  fileSystems."/media/share" = {
+    fsType = "vboxsf";
+    device = "share";
+    options = [ "rw" "uid=9001" "gid=9001" "nofail" ];
+  };
+  # virtualbox.baseImageSize = 35 * 1024;
+}
diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix
index f2676f11c..1993a5212 100644
--- a/makefu/2configs/tools/mobility.nix
+++ b/makefu/2configs/tools/mobility.nix
@@ -5,5 +5,5 @@
     mosh
   ];
 
-  # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
+  boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
 }
diff --git a/makefu/2configs/tools/studio.nix b/makefu/2configs/tools/studio.nix
index 0356ba391..e0c68167f 100644
--- a/makefu/2configs/tools/studio.nix
+++ b/makefu/2configs/tools/studio.nix
@@ -9,8 +9,8 @@
     # owncloudclient
     (pkgs.writeScriptBin "prepare-pulseaudio" ''
       pactl load-module module-null-sink sink_name=stream sink_properties=device.description="Streaming"
-      pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream latency_msec=1
-      pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream latency_msec=1
+      pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream
+      pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream
       darkice -c ~/lol.conf
     '')
   ];
diff --git a/makefu/source.nix b/makefu/source.nix
index f06c9454f..708f0d20c 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -13,7 +13,8 @@ let
               then "buildbot"
               else "makefu";
   _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
-  ref = "cd36b3d"; # nixos-17.09 @ 2018-02-06
+  # TODO: automate updating of this ref + cherry-picks
+  ref = "51810e0"; # nixos-17.09 @ 2018-02-14
                    # + do_sqlite3 ruby: 55a952be5b5
                    # + signal: 0f19beef3