From 2fb25e24dfefd5bfd1d6dc84550c77d1f6c22cb8 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:29:20 +0200
Subject: l baseX: add libarchive to pkgs

---
 lass/2configs/baseX.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index baf93ffe..9eb0120c 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -72,10 +72,11 @@ in {
     git-preview
     gnome3.dconf
     iodine
+    libarchive
     lm_sensors
     ncdu
     nix-index
-    nix-review
+    nixpkgs-review
     nmap
     pavucontrol
     ponymix
-- 
cgit v1.2.3


From 2dcf7167e7f4c60be29ab629a1f4d3f529ceaca0 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:29:38 +0200
Subject: l baseX: add -efu to screenshot script

---
 lass/2configs/baseX.nix | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 9eb0120c..e92ddbcc 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -93,6 +93,8 @@ in {
     xsel
     zathura
     (pkgs.writeDashBin "screenshot" ''
+      set -efu
+
       ${pkgs.flameshot-once}/bin/flameshot-once
       ${pkgs.klem}/bin/klem
     '')
-- 
cgit v1.2.3


From 63412ba8b964d0782e2cbb1f48d0d5e30b5cd298 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:31:40 +0200
Subject: l blue: add dovecot2 to serve mails

---
 lass/2configs/blue.nix | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
index a4000cad..15408a20 100644
--- a/lass/2configs/blue.nix
+++ b/lass/2configs/blue.nix
@@ -26,6 +26,8 @@ with (import <stockholm/lib>);
     { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";}
     { predicate = "-i retiolum -p tcp --dport 9998:9999"; target = "ACCEPT";}
     { predicate = "-i wiregrill -p tcp --dport 9998:9999"; target = "ACCEPT";}
+    { predicate = "-i retiolum -p tcp --dport imap"; target = "ACCEPT";}
+    { predicate = "-i wiregrill -p tcp --dport imap"; target = "ACCEPT";}
   ];
 
   systemd.services.chat = let
@@ -64,4 +66,9 @@ with (import <stockholm/lib>);
       ExecStop = "${tmux} kill-session -t IM";
     };
   };
+
+  services.dovecot2 = {
+    enable = true;
+    mailLocation = "maildir:~/Maildir";
+  };
 }
-- 
cgit v1.2.3


From 5b44319083e8ae5386e181d73b1585be8ecd4a35 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:32:38 +0200
Subject: l blue-host: disable syncing

---
 lass/2configs/blue-host.nix | 90 ++++++++++++++++++++++-----------------------
 1 file changed, 45 insertions(+), 45 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
index 718a92e9..7aabf093 100644
--- a/lass/2configs/blue-host.nix
+++ b/lass/2configs/blue-host.nix
@@ -49,54 +49,54 @@ in {
   };
 
 
-  systemd.services = builtins.listToAttrs (map (host:
-    let
-    in nameValuePair "sync-blue-${host}" {
-    bindsTo = [ "container@blue.service" ];
-    wantedBy = [ "container@blue.service" ];
-    # ssh needed for rsync
-    path = [ pkgs.openssh ];
-    serviceConfig = {
-      Restart = "always";
-      RestartSec = 10;
-      ExecStart = pkgs.writeDash "sync-blue-${host}" ''
-        set -efu
-        #make sure blue is running
-        /run/wrappers/bin/ping -c1 blue.r > /dev/null
+  #systemd.services = builtins.listToAttrs (map (host:
+  #  let
+  #  in nameValuePair "sync-blue-${host}" {
+  #  bindsTo = [ "container@blue.service" ];
+  #  wantedBy = [ "container@blue.service" ];
+  #  # ssh needed for rsync
+  #  path = [ pkgs.openssh ];
+  #  serviceConfig = {
+  #    Restart = "always";
+  #    RestartSec = 10;
+  #    ExecStart = pkgs.writeDash "sync-blue-${host}" ''
+  #      set -efu
+  #      #make sure blue is running
+  #      /run/wrappers/bin/ping -c1 blue.r > /dev/null
 
-        #make sure the container is unlocked
-        ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
+  #      #make sure the container is unlocked
+  #      ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
 
-        #make sure our target is reachable
-        ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null
+  #      #make sure our target is reachable
+  #      ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null
 
-        #start sync
-        ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" ''
-          settings {
-            nodaemon = true,
-            inotifyMode = "CloseWrite or Modify",
-          }
-          sync {
-            default.rsyncssh,
-            source = "/var/lib/containers/.blue",
-            host = "${host}.r",
-            targetdir = "/var/lib/containers/.blue",
-            rsync = {
-              archive = true,
-              owner = true,
-              group = true,
-            };
-            ssh = {
-              binary = "${pkgs.openssh}/bin/ssh";
-              identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa",
-            },
-          }
-        ''}
-      '';
-    };
-    unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
-    }
-  ) remote_hosts);
+  #      #start sync
+  #      ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" ''
+  #        settings {
+  #          nodaemon = true,
+  #          inotifyMode = "CloseWrite or Modify",
+  #        }
+  #        sync {
+  #          default.rsyncssh,
+  #          source = "/var/lib/containers/.blue",
+  #          host = "${host}.r",
+  #          targetdir = "/var/lib/containers/.blue",
+  #          rsync = {
+  #            archive = true,
+  #            owner = true,
+  #            group = true,
+  #          };
+  #          ssh = {
+  #            binary = "${pkgs.openssh}/bin/ssh";
+  #            identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa",
+  #          },
+  #        }
+  #      ''}
+  #    '';
+  #  };
+  #  unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
+  #  }
+  #) remote_hosts);
 
   environment.systemPackages = [
     (pkgs.writeDashBin "start-blue" ''
-- 
cgit v1.2.3


From e73200db951ebd2fb891b0656f2d9c7fc76f4cc3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:33:14 +0200
Subject: l: add nix user to all systems

---
 lass/2configs/default.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index ae2754c9..e4996743 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -44,7 +44,15 @@ with import <stockholm/lib>;
             config.krebs.users.lass-yubikey.pubkey
           ];
         };
+        nix = {
+          isNormalUser = true;
+          uid = genid_uint31 "nix";
+          openssh.authorizedKeys.keys = [
+            config.krebs.hosts.mors.ssh.pubkey
+          ];
+        };
       };
+      nix.trustedUsers = ["nix"];
     }
     {
       environment.variables = {
-- 
cgit v1.2.3


From 9bb40397b71ae61b5e6b5a282fb8efc6f37a3f51 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:33:24 +0200
Subject: l: use 24:00 time format again

---
 lass/2configs/default.nix | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index e4996743..f59988b7 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -220,4 +220,7 @@ with import <stockholm/lib>;
   networking.dhcpcd.extraConfig = ''
     noipv4ll
   '';
+
+  # use 24:00 time format, the default got sneakily changed around 20.03
+  i18n.defaultLocale = mkDefault "C.UTF-8";
 }
-- 
cgit v1.2.3


From a2f2cff1c1d7161fd040ff7083fe2016f7c9b354 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:34:10 +0200
Subject: l exim-smarthost: mail only to blue

---
 lass/2configs/exim-smarthost.nix | 2 --
 1 file changed, 2 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 82839beb..012f44a0 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -2,8 +2,6 @@
 
   to = concatStringsSep "," [
     "lass@blue.r"
-    "lass@xerxes.r"
-    "lass@mors.r"
   ];
 
   mails = [
-- 
cgit v1.2.3


From 8564c687e5a1867d33fa5b95809f3e8f13cab150 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:34:24 +0200
Subject: l exim-smarthost: add more mail aliases

---
 lass/2configs/exim-smarthost.nix | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 012f44a0..797864b1 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -108,6 +108,12 @@
     "auschein@lassul.us"
     "tleech@lassul.us"
     "durstexpress@lassul.us"
+    "acme@lassul.us"
+    "antstore@lassul.us"
+    "openweather@lassul.us"
+    "lobsters@lassul.us"
+    "rewe@lassul.us"
+    "spotify@lassul.us"
   ];
 
 in {
-- 
cgit v1.2.3


From fc60a8a77794bfe608925dee51af9366fe81aa8c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:34:44 +0200
Subject: l gc: delete older than 15 days

---
 lass/2configs/gc.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix
index 0ddb63a0..f9c61c46 100644
--- a/lass/2configs/gc.nix
+++ b/lass/2configs/gc.nix
@@ -4,5 +4,6 @@ with import <stockholm/lib>;
 {
   nix.gc = {
     automatic = ! (elem config.krebs.build.host.name [ "mors" "xerxes" ] || config.boot.isContainer);
+    options = "--delete-older-than 15d";
   };
 }
-- 
cgit v1.2.3


From fbbd72feab82207992b410315d0e8a8f84bfe47e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:35:01 +0200
Subject: l git: add grib2json-bin repo

---
 lass/2configs/git.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index eba68c0b..edec2dcb 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -58,6 +58,10 @@ let
       cgit.desc = "url shortener";
       cgit.section = "software";
     };
+    grib2json-bin = {
+      cgit.desc = "build jar of grib2json";
+      cgit.section = "deployment";
+    };
     krebspage = {
       cgit.desc = "homepage of krebs";
       cgit.section = "configuration";
-- 
cgit v1.2.3


From 0cee1b93024ff9ca0e89687324682b69814b7107 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:35:28 +0200
Subject: l x220: use new luks device schema

---
 lass/2configs/hw/x220.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix
index 89b11934..668dcdf6 100644
--- a/lass/2configs/hw/x220.nix
+++ b/lass/2configs/hw/x220.nix
@@ -5,7 +5,7 @@
   ];
 
   boot = {
-    initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ];
+    initrd.luks.devices.luksroot.device = "/dev/sda3";
     initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
     initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
     extraModulePackages = [
-- 
cgit v1.2.3


From d450eb6c37745af467c30c1c1a83f764fdeb6ce6 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:36:01 +0200
Subject: l hass: make lovelace configurable

---
 lass/2configs/hass/default.nix    |  1 +
 lass/2configs/hass/rooms/bett.nix | 31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix
index a48c61a6..66d430cd 100644
--- a/lass/2configs/hass/default.nix
+++ b/lass/2configs/hass/default.nix
@@ -23,6 +23,7 @@ with import ./lib.nix { inherit lib; };
       # extraComponents = [ "hue" ];
     };
     configWritable = true;
+    lovelaceConfigWritable = true;
   };
 
   lass.hass.config = let
diff --git a/lass/2configs/hass/rooms/bett.nix b/lass/2configs/hass/rooms/bett.nix
index b5da9221..16227fcb 100644
--- a/lass/2configs/hass/rooms/bett.nix
+++ b/lass/2configs/hass/rooms/bett.nix
@@ -5,4 +5,35 @@ with import ../lib.nix { inherit lib; };
   lass.hass.config = lib.mkMerge [
     (lightswitch switches.dimmer.bett lights.bett)
   ];
+
+  lass.hass.love = {
+    resources = [{
+      url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map";
+      type = "js";
+    }];
+    views = [{
+      title = "bett";
+      cards = [
+        {
+          type = "markdown";
+          title = "hello world";
+          content = "This is just a test";
+        }
+        {
+          type = "light";
+          entity = "light.${lights.bett}";
+        }
+        {
+          type = "custom:light-entity-card";
+          entity = "light.${lights.bett}";
+        }
+        {
+          type = "history-graph";
+          entities = [
+            "light.${lights.bett}"
+          ];
+        }
+      ];
+    }];
+  };
 }
-- 
cgit v1.2.3


From 519223df33e8ff4573f7ce63d32834ad73c31fe5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:36:35 +0200
Subject: l x220: disable charging threshold

---
 lass/2configs/hw/x220.nix | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix
index 668dcdf6..31f9787e 100644
--- a/lass/2configs/hw/x220.nix
+++ b/lass/2configs/hw/x220.nix
@@ -47,9 +47,10 @@
   services.logind.lidSwitchDocked = "ignore";
 
   services.tlp.enable = true;
-  services.tlp.extraConfig = ''
-    START_CHARGE_THRESH_BAT0=80
-    STOP_CHARGE_THRESH_BAT0=95
-  '';
+  #services.tlp.extraConfig = ''
+  #  START_CHARGE_THRESH_BAT0=80
+  #  STOP_CHARGE_THRESH_BAT0=95
+  #'';
 
+  services.xserver.dpi = 80;
 }
-- 
cgit v1.2.3


From 919bf188859d077887f87fca7e19c133ac72437c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:37:26 +0200
Subject: l mail: update config to reflect upstream changes

---
 lass/2configs/mail.nix | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 174c1ab5..98affdd8 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -107,10 +107,12 @@ let
     set mailcap_path = ${mailcap}
 
     # notmuch
-    set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir
+    set folder="$HOME/Maildir"
+    set nm_default_uri = "notmuch://$HOME/Maildir"
     set nm_record = yes
     set nm_record_tags = "-inbox me archive"
-    set virtual_spoolfile=yes                    # enable virtual folders
+    set spoolfile = +Inbox
+    set virtual_spoolfile = yes
 
 
     set sendmail="${msmtp}/bin/msmtp"            # enables parsing of outgoing mail
@@ -132,8 +134,8 @@ let
       # V
     ''} %r |"
 
-    virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox"
     virtual-mailboxes "Unread" "notmuch://?query=tag:unread"
+    virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox"
     ${concatMapStringsSep "\n" (i: ''${"  "}virtual-mailboxes "${i.name}" "notmuch://?query=tag:${i.name}"'') (mapAttrsToList nameValuePair mailboxes)}
     virtual-mailboxes "TODO" "notmuch://?query=tag:TODO"
     virtual-mailboxes "Starred" "notmuch://?query=tag:*"
@@ -200,9 +202,15 @@ let
     macro pager ] ,@1 'Toggle indexbar
 
     # sidebar
+    set sidebar_divider_char = '│'
+    set sidebar_delim_chars = "/"
+    set sidebar_short_path
+    set sidebar_folder_indent
+    set sidebar_visible = yes
+    set sidebar_format = '%B%?F? [%F]?%* %?N?%N/? %?S?%S?'
     set sidebar_width   = 20
-    set sidebar_visible = yes               # set to "no" to disable sidebar view at startup
-    color sidebar_new yellow default
+    color sidebar_new yellow red
+
     # sidebar bindings
     bind index <left> sidebar-prev          # got to previous folder in sidebar
     bind index <right> sidebar-next         # got to next folder in sidebar
@@ -229,7 +237,6 @@ in {
     mutt
     pkgs.notmuch
     pkgs.muchsync
-    pkgs.haskellPackages.much
     tag-new-mails
     tag-old-mails
   ];
-- 
cgit v1.2.3


From 7023f780542b8976e1e609e43ad2f135ffef9bb5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:37:48 +0200
Subject: l mpv: use gpu video output by default

---
 lass/2configs/mpv.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix
index 5d7bfed6..210551a6 100644
--- a/lass/2configs/mpv.nix
+++ b/lass/2configs/mpv.nix
@@ -80,7 +80,7 @@ let
     name = "mpv";
     paths = [
       (pkgs.writeDashBin "mpv" ''
-        exec ${pkgs.mpv}/bin/mpv --no-config --script=${autosub} "$@"
+        exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@"
       '')
       pkgs.mpv
     ];
-- 
cgit v1.2.3


From e998c4b789109ce6e941a4d23da28118303c32b3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:38:10 +0200
Subject: l paste: add imgur api under /image

---
 lass/2configs/paste.nix | 31 ++++++++++++++++++++++++++++---
 1 file changed, 28 insertions(+), 3 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix
index 23cab8e6..0cf62ec0 100644
--- a/lass/2configs/paste.nix
+++ b/lass/2configs/paste.nix
@@ -7,7 +7,17 @@ with import <stockholm/lib>;
     locations."/".extraConfig = ''
       client_max_body_size 4G;
       proxy_set_header Host $host;
-      proxy_pass http://localhost:9081;
+      proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port};
+    '';
+    locations."/image".extraConfig = /* nginx */ ''
+      client_max_body_size 40M;
+
+      proxy_set_header Host $host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+
+      proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
+      proxy_pass_header Server;
     '';
   };
   services.nginx.virtualHosts."p.krebsco.de" = {
@@ -19,21 +29,36 @@ with import <stockholm/lib>;
         return 403;
       }
       proxy_set_header Host $host;
-      proxy_pass http://localhost:9081;
+      proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port};
+    '';
+    locations."/image".extraConfig = ''
+      proxy_set_header Host $host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+
+      proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
+      proxy_pass_header Server;
     '';
   };
+
   krebs.htgen.paste = {
     port = 9081;
     script = toString [
       "PATH=${makeBinPath [
         pkgs.nix
+        pkgs.file
       ]}:$PATH"
       "STATEDIR=$HOME"
       ". ${pkgs.htgen}/examples/paste"
     ];
   };
+  krebs.htgen.imgur = {
+    port = 7771;
+    script = /* sh */ ''
+      (. ${pkgs.htgen-imgur}/bin/htgen-imgur)
+    '';
+  };
   krebs.iptables.tables.filter.INPUT.rules = [
     { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";}
-    { predicate = "-i retiolum -p tcp --dport 9081"; target = "ACCEPT";}
   ];
 }
-- 
cgit v1.2.3


From 7919c36f5c860fbcde9fed27b0b3c374261b224d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:39:04 +0200
Subject: l radio: announce more to irc, filter .graveyard

---
 lass/2configs/radio.nix | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 6245691f..3e8d1238 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -12,7 +12,16 @@ let
   music_dir = "/home/radio/music";
 
   add_random = pkgs.writeDashBin "add_random" ''
-    ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.findutils}/bin/find "${music_dir}/the_playlist" | grep -v '/other/' | grep '\.ogg$' | shuf -n1 | sed 's,${music_dir}/,,')"
+    ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.findutils}/bin/find "${music_dir}/the_playlist" \
+      | grep -Ev '/other/|/.graveyard/' \
+      | grep '\.ogg$' \
+      | shuf -n1 \
+      | sed 's,${music_dir}/,,' \
+    )"
+  '';
+
+  get_current_track_position = pkgs.writeDash "get_current_track_position" ''
+    ${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }'
   '';
 
   skip_track = pkgs.writeBashBin "skip_track" ''
@@ -28,8 +37,8 @@ let
       ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$music_dir"/"$current_track"
       echo skipping: "$track_infos" skip_count: "$skip_count"
     else
-      mkdir -p "$music_dir"/.graveyard/
-      mv "$music_dir"/"$current_track" "$music_dir"/.graveyard/
+      mkdir -p "$music_dir"/the_playlist/.graveyard/
+      mv "$music_dir"/"$current_track" "$music_dir"/the_playlist/.graveyard/
       echo killing: "$track_infos"
     fi
     ${pkgs.mpc_cli}/bin/mpc -q next
@@ -62,10 +71,18 @@ let
   print_current_json = pkgs.writeDashBin "print_current_json" ''
     ${pkgs.jq}/bin/jq -n -c \
       --arg name "$(${pkgs.mpc_cli}/bin/mpc current)" \
+      --arg artist "$(${pkgs.mpc_cli}/bin/mpc current -f %artist%)" \
+      --arg title "$(${pkgs.mpc_cli}/bin/mpc current -f %title%)" \
       --arg filename "$(${pkgs.mpc_cli}/bin/mpc current -f %file%)" \
+      --arg position "$(${get_current_track_position})" \
+      --arg length "$(${pkgs.mpc_cli}/bin/mpc current -f %time%)" \
       --arg youtube "$(${track_youtube_link})" '{
         name: $name,
+        artist: $artist,
+        title: $title,
         filename: $filename,
+        position: $position,
+        length: $length,
         youtube: $youtube
       }'
   '';
@@ -193,7 +210,7 @@ in {
 
       timeLeft () {
         playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
-        currentTime=$(${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }')
+        currentTime=$(${get_current_track_position})
         expr ''${playlistDuration:-0} - ''${currentTime:-0}
       }
 
@@ -221,9 +238,11 @@ in {
         ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null
         ${pkgs.mpc_cli}/bin/mpc current -f %file%
       done | while read track; do
+        listeners=$(${pkgs.curl}/bin/curl 'http://localhost:8000/status-json.xsl' \
+          | ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add')
         echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE"
         echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
-        ${write_to_irc} "playing: $track"
+        ${write_to_irc} "playing: $track listeners: $listeners"
       done
     '';
   in {
-- 
cgit v1.2.3


From aaefc7edd2157dd1985052a972c2816bd21ba779 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:39:23 +0200
Subject: l steam: add Halo MCC fix

---
 lass/2configs/steam.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix
index eae31aec..2b981195 100644
--- a/lass/2configs/steam.nix
+++ b/lass/2configs/steam.nix
@@ -13,7 +13,11 @@
   nixpkgs.config.steam.java = true;
   hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
 
-  users.users.games.packages = [ pkgs.steam ];
+  users.users.games.packages = [ (pkgs.steam.override {
+    extraPkgs = p: with p; [
+      gnutls # needed for Halo MCC
+    ];
+  }) ];
 
   #ports for inhome streaming
   krebs.iptables = {
-- 
cgit v1.2.3


From 9463cb64457bf4648ebfccc3f133d73843ae2046 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:39:47 +0200
Subject: l syncthing: keepGoing with permown

---
 lass/2configs/syncthing.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index 5397c2ca..7758b860 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -31,5 +31,6 @@ in {
     owner = "lass";
     group = "syncthing";
     umask = "0002";
+    keepGoing = true;
   };
 }
-- 
cgit v1.2.3


From f76b72358dabd94c1e17a415e7e13cb8ecba2438 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:40:10 +0200
Subject: l domsen: apanowicz.de is now a static site

---
 lass/2configs/websites/domsen.nix | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index bd113567..48ea5f0a 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -26,6 +26,7 @@ in {
     ./default.nix
     ./sqlBackup.nix
     (servePage [ "aldonasiech.com" "www.aldonasiech.com" ])
+    (servePage [ "apanowicz.de" "www.apanowicz.de" ])
     (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
     (servePage [
       "freemonkey.art"
@@ -34,7 +35,6 @@ in {
     (serveOwncloud [ "o.ubikmedia.de" ])
     (serveWordpress [
       "ubikmedia.de"
-      "apanowicz.de"
       "nirwanabluete.de"
       "ubikmedia.eu"
       "youthtube.xyz"
@@ -42,7 +42,6 @@ in {
       "weirdwednesday.de"
       "jarugadesign.de"
 
-      "www.apanowicz.de"
       "www.nirwanabluete.de"
       "www.ubikmedia.eu"
       "www.youthtube.xyz"
@@ -52,7 +51,6 @@ in {
       "www.jarugadesign.de"
 
       "aldona2.ubikmedia.de"
-      "apanowicz.ubikmedia.de"
       "cinevita.ubikmedia.de"
       "factscloud.ubikmedia.de"
       "illucloud.ubikmedia.de"
-- 
cgit v1.2.3


From c361849c38cc1bfb86536043c9554bdc75953508 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:40:34 +0200
Subject: l domsen: add legacy ssl certs for legacy devices

---
 lass/2configs/websites/domsen.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 48ea5f0a..8cd489bd 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -105,6 +105,10 @@ in {
 
   # MAIL STUFF
   # TODO: make into its own module
+
+  # workaround for android 7
+  security.acme.certs."lassul.us".keyType = "rsa4096";
+
   services.dovecot2 = {
     enable = true;
     mailLocation = "maildir:~/Mail";
-- 
cgit v1.2.3


From bdc1cb2f02e61810e3e5ccd674cecb91d50c8e80 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:40:52 +0200
Subject: l domsen: use nextcloud 18

---
 lass/2configs/websites/domsen.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 8cd489bd..2d2ba79b 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -91,6 +91,7 @@ in {
   services.nextcloud = {
     enable = true;
     hostName = "o.xanf.org";
+    package = pkgs.nextcloud18;
     config = {
       adminpassFile = toString <secrets> + "/nextcloud_pw";
       overwriteProtocol = "https";
-- 
cgit v1.2.3


From e1251ee299af6b00dc81a76560d4810cd0a6126c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:41:35 +0200
Subject: l domsen: update mail aliases

---
 lass/2configs/websites/domsen.nix | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 2d2ba79b..a177a022 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -134,18 +134,16 @@ in {
       server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
     '';
     internet-aliases = [
-      { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
       { from = "dma@ubikmedia.de"; to = "domsen"; }
       { from = "dma@ubikmedia.eu"; to = "domsen"; }
       { from = "mail@habsys.de"; to = "domsen"; }
       { from = "mail@habsys.eu"; to = "domsen"; }
+      { from = "hallo@apanowicz.de"; to = "domsen"; }
       { from = "bruno@apanowicz.de"; to = "bruno"; }
       { from = "mail@jla-trading.com"; to = "jla-trading"; }
       { from = "jms@ubikmedia.eu"; to = "jms"; }
       { from = "ms@ubikmedia.eu"; to = "ms"; }
       { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
-      { from = "akayguen@freemonkey.art"; to ="akayguen"; }
-      { from = "bui@freemonkey.art"; to ="bui"; }
       { from = "kontakt@alewis.de"; to ="klabusterbeere"; }
       { from = "hallo@jarugadesign.de"; to ="kasia"; }
 
@@ -156,9 +154,14 @@ in {
       "jla-trading.com"
       "ubikmedia.eu"
       "ubikmedia.de"
+      "apanowicz.de"
       "alewis.de"
       "jarugadesign.de"
     ];
+    dkim = [
+      { domain = "ubikmedia.eu"; }
+      { domain = "apanowicz.de"; }
+    ];
     ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
     ssl_key = "/var/lib/acme/lassul.us/key.pem";
   };
-- 
cgit v1.2.3


From 687ae7ca86bad6648ef53bf8ef5c6f335ad88037 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:42:33 +0200
Subject: l init: update with local tests, sgdisk, etc..

---
 lass/2configs/websites/lassulus.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index baeac213..5a45f03e 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -61,7 +61,7 @@ in {
         pubkey = config.krebs.users.lass.pubkey;
       };
     in ''
-      alias ${initscript};
+      alias ${initscript}/bin/init;
     '';
     locations."= /blue.pub".extraConfig = ''
       alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
-- 
cgit v1.2.3


From e870fd3ef82c06ad620ebff4ead8e7be9fb4a6c1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:43:33 +0200
Subject: l websites: serve yubi pubkey

---
 lass/2configs/websites/lassulus.nix | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lass/2configs')

diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 5a45f03e..74585a6f 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -69,6 +69,9 @@ in {
     locations."= /mors.pub".extraConfig = ''
       alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey};
     '';
+    locations."= /yubi.pub".extraConfig = ''
+      alias ${pkgs.writeText "pub" config.krebs.users.lass-yubikey.pubkey};
+    '';
   };
 
   security.acme.certs."cgit.lassul.us" = {
-- 
cgit v1.2.3


From 3eafd0943b9c473e4900fc9cec98392a228ced18 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:44:07 +0200
Subject: l wine: minimize footprint

---
 lass/2configs/wine.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix
index 02d7ffc8..5cb019c1 100644
--- a/lass/2configs/wine.nix
+++ b/lass/2configs/wine.nix
@@ -14,8 +14,7 @@ in {
       ];
       createHome = true;
       packages = [
-        pkgs.wine
-        pkgs.winetricks
+        pkgs.wineMinimal
       ];
     };
   };
-- 
cgit v1.2.3


From b1d3ce19c4d89a8a8cc940346b90ae8626c494ea Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 27 Sep 2020 15:44:29 +0200
Subject: l zsh: fix weird multiline errors

---
 lass/2configs/zsh.nix | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
index 05964eb5..e65cdd97 100644
--- a/lass/2configs/zsh.nix
+++ b/lass/2configs/zsh.nix
@@ -122,14 +122,15 @@
       case $TERM in
         (*xterm* | *rxvt*)
           function precmd {
-            PROMPT_EVALED="$(print -P $TITLE)"
+            PROMPT_EVALED=$(print -P "$TITLE")
             echo -ne "\033]0;$$ $PROMPT_EVALED\007"
           }
-          # This is seen while the shell waits for a command to complete.
-          function preexec {
-            PROMPT_EVALED="$(print -P $TITLE)"
-            echo -ne "\033]0;$$ $PROMPT_EVALED $1\007"
-          }
+          # This seems broken for some reason
+          # # This is seen while the shell waits for a command to complete.
+          # function preexec {
+          #   PROMPT_EVALED=$(print -P "$TITLE")
+          #   echo -ne "\033]0;$$ $PROMPT_EVALED $1\007"
+          # }
         ;;
       esac
     '';
-- 
cgit v1.2.3


From d554acc06850a83399de48ff3bbcb3afdf38b4bb Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 15 Oct 2020 20:19:57 +0200
Subject: l green-host: use cryfs & nixos-containers

---
 lass/2configs/green-host.nix | 109 +++++++++++++++++++++++++------------------
 1 file changed, 63 insertions(+), 46 deletions(-)

(limited to 'lass/2configs')

diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
index 0cccbc30..6cccab4b 100644
--- a/lass/2configs/green-host.nix
+++ b/lass/2configs/green-host.nix
@@ -1,38 +1,44 @@
 { config, lib, pkgs, ... }:
 with import <stockholm/lib>;
 
-{
+let
+
+  cname = "green";
+  cryfs = pkgs.cryfs.overrideAttrs (old: {
+    patches = [
+      (pkgs.writeText "file_mode.patch" ''
+        --- a/src/cryfs/filesystem/CryNode.cpp
+        +++ b/src/cryfs/filesystem/CryNode.cpp
+        @@ -171,7 +171,7 @@ CryNode::stat_info CryNode::stat() const {
+             result.uid = fspp::uid_t(getuid());
+             result.gid = fspp::gid_t(getgid());
+         #endif
+        -    result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag();
+        +    result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag().addGroupReadFlag().addGroupExecFlag().addOtherReadFlag().addOtherExecFlag();;
+             result.size = fsblobstore::DirBlob::DIR_LSTAT_SIZE;
+             //TODO If possible without performance loss, then for a directory, st_nlink should return number of dir entries (including "." and "..")
+             result.nlink = 1;
+      '')
+    ] ++ old.patches;
+  });
+
+in {
   imports = [
     <stockholm/lass/2configs/container-networking.nix>
     <stockholm/lass/2configs/syncthing.nix>
-    { #hack for already defined
-      systemd.services."container@green".reloadIfChanged = mkForce false;
-      systemd.services."container@green".preStart = ''
-        ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q ' on /var/lib/containers/green '
-      '';
-      systemd.services."container@green".postStop = ''
-        set -x
-        ${pkgs.umount}/bin/umount /var/lib/containers/green
-        ls -la /dev/mapper/control
-        ${pkgs.devicemapper}/bin/dmsetup ls
-        ${pkgs.cryptsetup}/bin/cryptsetup -v luksClose /var/lib/sync-containers/green.img
-      '';
-    }
   ];
 
-  services.syncthing.declarative.folders."/var/lib/sync-containers".devices = [ "icarus" "skynet" "littleT" "shodan" ];
-  krebs.permown."/var/lib/sync-containers" = {
-    owner = "root";
-    group = "syncthing";
-    umask = "0007";
-  };
+  programs.fuse.userAllowOther = true;
 
-  system.activationScripts.containerPermissions = ''
-    mkdir -p /var/lib/containers
-    chmod 711 /var/lib/containers
-  '';
+  services.syncthing.declarative.folders."/var/lib/sync-containers/${cname}".devices = [ "icarus" "skynet" "littleT" "shodan" ];
+  # krebs.permown."/var/lib/sync-containers/${cname}" = {
+  #   owner = "root";
+  #   group = "syncthing";
+  #   umask = "0007";
+  # };
 
-  containers.green = {
+  systemd.services."container@green".reloadIfChanged = mkForce false;
+  containers.${cname} = {
     config = { ... }: {
       environment.systemPackages = [
         pkgs.git
@@ -42,41 +48,52 @@ with import <stockholm/lib>;
       users.users.root.openssh.authorizedKeys.keys = [
         config.krebs.users.lass.pubkey
       ];
+      system.activationScripts.fuse = {
+        text = ''
+          ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229
+        '';
+        deps = [];
+      };
     };
+    allowedDevices = [
+      { modifier = "rwm"; node = "/dev/fuse"; }
+    ];
     autoStart = false;
     enableTun = true;
     privateNetwork = true;
-    hostAddress = "10.233.2.15";
-    localAddress = "10.233.2.16";
+    hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs
+    localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs
   };
 
   environment.systemPackages = [
-    (pkgs.writeDashBin "start-green" ''
-      set -fu
-      CONTAINER='green'
-      IMAGE='/var/lib/sync-containers/green.img'
-
-      ${pkgs.cryptsetup}/bin/cryptsetup status "$CONTAINER" >/dev/null
-      if [ "$?" -ne 0 ]; then
-        ${pkgs.cryptsetup}/bin/cryptsetup luksOpen "$IMAGE" "$CONTAINER"
-      fi
-
-      mkdir -p /var/lib/containers/"$CONTAINER"
+    (pkgs.writeDashBin "start-${cname}" ''
+      set -euf
 
-      ${pkgs.mount}/bin/mount | grep -q " on /var/lib/containers/"$CONTAINER" "
-      if [ "$?" -ne 0 ]; then
-        ${pkgs.mount}/bin/mount -o sync /dev/mapper/"$CONTAINER" /var/lib/containers/"$CONTAINER"
+      mkdir -p /var/lib/containers/${cname}/var/state
+      chown ${config.services.syncthing.user}: /var/lib/containers/${cname}/var/state
+      if ! ${pkgs.mount}/bin/mount | grep -q '^cryfs@/var/lib/sync-containers/${cname} on /var/lib/containers/${cname}/var/state '; then
+        /run/wrappers/bin/sudo -u "${config.services.syncthing.user}" \
+          ${cryfs}/bin/cryfs /var/lib/sync-containers/${cname} /var/lib/containers/${cname}/var/state -o allow_other -o default_permissions
       fi
 
-      STATE=$(${pkgs.nixos-container}/bin/nixos-container status "$CONTAINER")
+      STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${cname})
       if [ "$STATE" = 'down' ]; then
-        ${pkgs.nixos-container}/bin/nixos-container start "$CONTAINER"
+        ${pkgs.nixos-container}/bin/nixos-container start ${cname}
       fi
-      ping -c1 green.r
-      if [ "$?" -ne 0 ]; then
-        ${pkgs.nixos-container}/bin/nixos-container run green -- nixos-rebuild -I /var/src switch
+
+      if ! ping -c1 -q -w5 ${cname}.r && [ -d /var/lib/containers/${cname}/var/src ]; then
+        ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- ${pkgs.writeDash "deploy-${cname}" ''
+          mkdir -p /var/state/var_src
+          ln -sf state/var_Src /var/src
+          nixos-rebuild -I /var/src switch
+        ''}
       fi
+    '')
+    (pkgs.writeDashBin "stop-${cname}" ''
+      set -euf
 
+      ${pkgs.nixos-container}/bin/nixos-container stop ${cname}
+      ${cryfs}/bin/cryfs-unmount /var/lib/containers/${cname}/var/state
     '')
   ];
 }
-- 
cgit v1.2.3