From 55e9a5760b3418cc2299ee88c94640d1f0663994 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Wed, 23 Nov 2016 00:12:07 +0100
Subject: Build libinfinity server on ymir

---
 users/gkleen@ymir.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/users/gkleen@ymir.nix b/users/gkleen@ymir.nix
index 79a121fc..363dce9a 100644
--- a/users/gkleen@ymir.nix
+++ b/users/gkleen@ymir.nix
@@ -1,4 +1,5 @@
 {
   packageOverrides = pkgs: rec {
+    libinfinity = pkgs.libinfinity.override { daemon = true };
   } // (import ../utils/nix/default.nix) {};
 }
-- 
cgit v1.2.3


From 40438610e11cc489c01f5657795a715bc5c0dc09 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Wed, 23 Nov 2016 00:18:05 +0100
Subject: rename libfinity with daemon

---
 users/gkleen@ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/users/gkleen@ymir.nix b/users/gkleen@ymir.nix
index 363dce9a..047cb8b0 100644
--- a/users/gkleen@ymir.nix
+++ b/users/gkleen@ymir.nix
@@ -1,5 +1,5 @@
 {
   packageOverrides = pkgs: rec {
-    libinfinity = pkgs.libinfinity.override { daemon = true };
+    infinoted = pkgs.libinfinity.override { daemon = true };
   } // (import ../utils/nix/default.nix) {};
 }
-- 
cgit v1.2.3


From bb66bb2fefd688a47132702a2e1baf647fc8e568 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Wed, 23 Nov 2016 00:19:06 +0100
Subject: fix syntax

---
 users/gkleen@ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/users/gkleen@ymir.nix b/users/gkleen@ymir.nix
index 047cb8b0..72d4c30c 100644
--- a/users/gkleen@ymir.nix
+++ b/users/gkleen@ymir.nix
@@ -1,5 +1,5 @@
 {
   packageOverrides = pkgs: rec {
-    infinoted = pkgs.libinfinity.override { daemon = true };
+    infinoted = pkgs.libinfinity.override { daemon = true; };
   } // (import ../utils/nix/default.nix) {};
 }
-- 
cgit v1.2.3


From 9ec2fa795cc625e9510eb0fe7b7d34fc421066f3 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Wed, 23 Nov 2016 00:26:01 +0100
Subject: Allow gkleen access to ssl

---
 ymir.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ymir.nix b/ymir.nix
index 424ca265..61744ff2 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -199,6 +199,7 @@ in rec {
                 "nginx"
                 "postfix"
                 "murmur"
+                "gkleen"
               ];
   };
 
-- 
cgit v1.2.3


From 7083e400227815ca1cd111a58ebe6a3237f4c3ee Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Wed, 23 Nov 2016 00:35:31 +0100
Subject: Allow obby through fw

---
 ymir.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ymir.nix b/ymir.nix
index 61744ff2..b738c2ec 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -144,6 +144,7 @@ in rec {
                           9418 # git
                           64738 # murmur
                           53 # DNS
+                          6523 # Obby
                         ];
       allowedUDPPorts = [ 64738 # murmur
                           53 # DNS
-- 
cgit v1.2.3


From e460fba86bb5169599b3911ffb495f92432aae10 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 15:44:03 +0100
Subject: infinoted

---
 ymir.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index b738c2ec..e82d89ff 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -200,7 +200,7 @@ in rec {
                 "nginx"
                 "postfix"
                 "murmur"
-                "gkleen"
+                "infinoted"
               ];
   };
 
@@ -696,4 +696,11 @@ in rec {
         forward-addr: 10.141.1.1
     '';
   };
+
+  services.infinoted = {
+    enable = true;
+    keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
+    certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
+    passwordFile = "/var/lib/infinoted/password";
+  };
 }
-- 
cgit v1.2.3


From 50254c4b86cfbb45cd8a697463026481ccb2e4a1 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:01:21 +0100
Subject: infinoted: certificate-auth

---
 ymir.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index e82d89ff..abd9eacd 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -702,5 +702,13 @@ in rec {
     keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
     certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
     passwordFile = "/var/lib/infinoted/password";
+    plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" ];
+    extraConfig = ''
+      [certificate-auth]
+      ca-list=/var/lib/infinoted/ca.cert.pem
+      ca-key=/var/lib/infinoted/ca.key.pem
+      accept-unauthenticated-clients=false
+      super-user=/var/lib/infinoted/su.pem
+    '';
   };
 }
-- 
cgit v1.2.3


From 58731c0f33fd85a2131f42b836821b8ffa0eb56b Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:02:21 +0100
Subject: infinoted: autosave

---
 ymir.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index abd9eacd..cd21d765 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -709,6 +709,9 @@ in rec {
       ca-key=/var/lib/infinoted/ca.key.pem
       accept-unauthenticated-clients=false
       super-user=/var/lib/infinoted/su.pem
+
+      [autosave]
+      interval=5
     '';
   };
 }
-- 
cgit v1.2.3


From 6d21bb76235b61a527c9c54e780f587dbcdafe72 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:07:36 +0100
Subject: Custom version of libinfinity

---
 ymir.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index cd21d765..0f12d1c3 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -114,6 +114,15 @@ in rec {
  
         printf "%s/%s/%s" "''${baseUrl}" "''${prefix}" "''${filename}"
       '';
+
+      libinfinity = pkgs.lib.overrideDerivation pkgs.libinfinity (oldAttrs: {
+        src = pkgs.fetchFromGitHub {
+          user = "gobby";
+          repo = "libinfinity";
+          rev = "6c461a34568d40dc1cfcaa6863817e70101873c8";
+          sha256 = "1jz9m16aw01z2w1ba9jkq8vr9yyx9yxm63jl6k5vsbp5jdk4xh0l";
+        };
+      });
     };
 
   environment.systemPackages = with pkgs; [
-- 
cgit v1.2.3


From e534f94d7133d80a96cd854c0e7ea0d259226ec8 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:08:53 +0100
Subject: Overridable

---
 ymir.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index 0f12d1c3..b649c911 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -115,14 +115,14 @@ in rec {
         printf "%s/%s/%s" "''${baseUrl}" "''${prefix}" "''${filename}"
       '';
 
-      libinfinity = pkgs.lib.overrideDerivation pkgs.libinfinity (oldAttrs: {
+      libinfinity = pkgs.lib.makeOverridable (pkgs.lib.overrideDerivation pkgs.libinfinity (oldAttrs: {
         src = pkgs.fetchFromGitHub {
           user = "gobby";
           repo = "libinfinity";
           rev = "6c461a34568d40dc1cfcaa6863817e70101873c8";
           sha256 = "1jz9m16aw01z2w1ba9jkq8vr9yyx9yxm63jl6k5vsbp5jdk4xh0l";
         };
-      });
+      }));
     };
 
   environment.systemPackages = with pkgs; [
-- 
cgit v1.2.3


From e25dbed6ca11ae277878f5c7a53c78e1c83dd4a3 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:17:16 +0100
Subject: do argument override, too

---
 ymir.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index b649c911..ac9eec63 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -115,14 +115,14 @@ in rec {
         printf "%s/%s/%s" "''${baseUrl}" "''${prefix}" "''${filename}"
       '';
 
-      libinfinity = pkgs.lib.makeOverridable (pkgs.lib.overrideDerivation pkgs.libinfinity (oldAttrs: {
+      libinfinity = pkgs.lib.overrideDerivation (pkgs.libinfinity.override { daemon = true; }) (oldAttrs: {
         src = pkgs.fetchFromGitHub {
           user = "gobby";
           repo = "libinfinity";
           rev = "6c461a34568d40dc1cfcaa6863817e70101873c8";
           sha256 = "1jz9m16aw01z2w1ba9jkq8vr9yyx9yxm63jl6k5vsbp5jdk4xh0l";
         };
-      }));
+      });
     };
 
   environment.systemPackages = with pkgs; [
-- 
cgit v1.2.3


From 8cae84bac3dd91418588c61f7faf7cd09cab2ab3 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:17:47 +0100
Subject: use proper package

---
 ymir.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ymir.nix b/ymir.nix
index ac9eec63..28fccc31 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -708,6 +708,7 @@ in rec {
 
   services.infinoted = {
     enable = true;
+    package = pkgs.libinfinity;
     keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
     certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
     passwordFile = "/var/lib/infinoted/password";
-- 
cgit v1.2.3


From 52797afa123b420e48570c89ea45bb04d1908734 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:18:50 +0100
Subject: Don't override package globally

---
 ymir.nix | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index 28fccc31..d40ac609 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -114,15 +114,6 @@ in rec {
  
         printf "%s/%s/%s" "''${baseUrl}" "''${prefix}" "''${filename}"
       '';
-
-      libinfinity = pkgs.lib.overrideDerivation (pkgs.libinfinity.override { daemon = true; }) (oldAttrs: {
-        src = pkgs.fetchFromGitHub {
-          user = "gobby";
-          repo = "libinfinity";
-          rev = "6c461a34568d40dc1cfcaa6863817e70101873c8";
-          sha256 = "1jz9m16aw01z2w1ba9jkq8vr9yyx9yxm63jl6k5vsbp5jdk4xh0l";
-        };
-      });
     };
 
   environment.systemPackages = with pkgs; [
@@ -708,7 +699,14 @@ in rec {
 
   services.infinoted = {
     enable = true;
-    package = pkgs.libinfinity;
+    package = pkgs.lib.overrideDerivation (pkgs.libinfinity.override { daemon = true; }) (oldAttrs: {
+      src = pkgs.fetchFromGitHub {
+        user = "gobby";
+        repo = "libinfinity";
+        rev = "6c461a34568d40dc1cfcaa6863817e70101873c8";
+        sha256 = "1jz9m16aw01z2w1ba9jkq8vr9yyx9yxm63jl6k5vsbp5jdk4xh0l";
+      };
+    });
     keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
     certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
     passwordFile = "/var/lib/infinoted/password";
-- 
cgit v1.2.3


From a9a1d25d590eccfe432bfe1a924bf0a88044939e Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:19:13 +0100
Subject: Use proper arguments

---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index d40ac609..424bddc0 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -701,7 +701,7 @@ in rec {
     enable = true;
     package = pkgs.lib.overrideDerivation (pkgs.libinfinity.override { daemon = true; }) (oldAttrs: {
       src = pkgs.fetchFromGitHub {
-        user = "gobby";
+        owner = "gobby";
         repo = "libinfinity";
         rev = "6c461a34568d40dc1cfcaa6863817e70101873c8";
         sha256 = "1jz9m16aw01z2w1ba9jkq8vr9yyx9yxm63jl6k5vsbp5jdk4xh0l";
-- 
cgit v1.2.3


From a1eda26312bcb3887c441dcfd150fe119d41748e Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:22:12 +0100
Subject: fix hash

---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index 424bddc0..da0b6e4a 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -704,7 +704,7 @@ in rec {
         owner = "gobby";
         repo = "libinfinity";
         rev = "6c461a34568d40dc1cfcaa6863817e70101873c8";
-        sha256 = "1jz9m16aw01z2w1ba9jkq8vr9yyx9yxm63jl6k5vsbp5jdk4xh0l";
+        sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w";
       };
     });
     keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
-- 
cgit v1.2.3


From 19266fd2c05ec943c962482a932d083c1ca545ac Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:25:30 +0100
Subject: Include autoconf

---
 ymir.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index da0b6e4a..39ddc531 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -706,6 +706,8 @@ in rec {
         rev = "6c461a34568d40dc1cfcaa6863817e70101873c8";
         sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w";
       };
+
+      buildInputs = [ pkgs.autoconf ];
     });
     keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
     certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
-- 
cgit v1.2.3


From be4dbfb9ed8931c87350934f0a595fc82ba1e9bc Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:27:23 +0100
Subject: autoreconfHook

---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index 39ddc531..7c7c5549 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -707,7 +707,7 @@ in rec {
         sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w";
       };
 
-      buildInputs = [ pkgs.autoconf ];
+      nativeBuildInputs = [ pkgs.autoreconfHook ];
     });
     keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
     certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
-- 
cgit v1.2.3


From 5a3934328228782396c9a32d5198cfa2e4a41ad0 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:28:26 +0100
Subject: gettext

---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index 7c7c5549..b5ac1b03 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -707,7 +707,7 @@ in rec {
         sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w";
       };
 
-      nativeBuildInputs = [ pkgs.autoreconfHook ];
+      nativeBuildInputs = [ pkgs.autoreconfHook pkgs.gettext ];
     });
     keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
     certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
-- 
cgit v1.2.3


From 19fc263f9eba6ad3e847f2666e49a2f6755421b9 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:33:35 +0100
Subject: move gettext to buildInputs

---
 ymir.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index b5ac1b03..c3b79a9c 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -707,7 +707,8 @@ in rec {
         sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w";
       };
 
-      nativeBuildInputs = [ pkgs.autoreconfHook pkgs.gettext ];
+      buildInputs = [ pkgs.glib pkgs.gettext ];
+      nativeBuildInputs = [ pkgs.autoreconfHook ];
     });
     keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
     certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
-- 
cgit v1.2.3


From 4600cbc9abd90fc81a735a608ee3c7209430ef2d Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:35:27 +0100
Subject: Build with gtk

---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index c3b79a9c..4bdc99df 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -707,7 +707,7 @@ in rec {
         sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w";
       };
 
-      buildInputs = [ pkgs.glib pkgs.gettext ];
+      buildInputs = [ pkgs.gtk2 pkgs.gtkdoc pkgs.glib pkgs.gettext ];
       nativeBuildInputs = [ pkgs.autoreconfHook ];
     });
     keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
-- 
cgit v1.2.3


From 687507e1a6fb154dbd33b5f34a1722aecc0a3aa9 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:36:30 +0100
Subject: locales

---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index 4bdc99df..2c823918 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -707,7 +707,7 @@ in rec {
         sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w";
       };
 
-      buildInputs = [ pkgs.gtk2 pkgs.gtkdoc pkgs.glib pkgs.gettext ];
+      buildInputs = [ pkgs.gtk2 pkgs.glibcLocales pkgs.glib pkgs.gettext ];
       nativeBuildInputs = [ pkgs.autoreconfHook ];
     });
     keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
-- 
cgit v1.2.3


From 1eaa7fa47e7d871c39dc406326fd888aa855ac57 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:40:59 +0100
Subject: stop trying to do su.pem

---
 ymir.nix | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index 2c823918..629eff39 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -699,17 +699,6 @@ in rec {
 
   services.infinoted = {
     enable = true;
-    package = pkgs.lib.overrideDerivation (pkgs.libinfinity.override { daemon = true; }) (oldAttrs: {
-      src = pkgs.fetchFromGitHub {
-        owner = "gobby";
-        repo = "libinfinity";
-        rev = "6c461a34568d40dc1cfcaa6863817e70101873c8";
-        sha256 = "1039gkf84hqw0m3h3cllh1z6i0j2mjyd79yykz1baxv7ir3bwm3w";
-      };
-
-      buildInputs = [ pkgs.gtk2 pkgs.glibcLocales pkgs.glib pkgs.gettext ];
-      nativeBuildInputs = [ pkgs.autoreconfHook ];
-    });
     keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
     certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
     passwordFile = "/var/lib/infinoted/password";
@@ -719,7 +708,6 @@ in rec {
       ca-list=/var/lib/infinoted/ca.cert.pem
       ca-key=/var/lib/infinoted/ca.key.pem
       accept-unauthenticated-clients=false
-      super-user=/var/lib/infinoted/su.pem
 
       [autosave]
       interval=5
-- 
cgit v1.2.3


From 058d4c81e08fcaa8b0cbba9cf1e47157711d977e Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:48:56 +0100
Subject: allow unauthenticated clients

---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index 629eff39..c12ab21c 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -707,7 +707,7 @@ in rec {
       [certificate-auth]
       ca-list=/var/lib/infinoted/ca.cert.pem
       ca-key=/var/lib/infinoted/ca.key.pem
-      accept-unauthenticated-clients=false
+      accept-unauthenticated-clients=true
 
       [autosave]
       interval=5
-- 
cgit v1.2.3


From af95d5951d2448820ade0cc81da4577b72dcb096 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:52:57 +0100
Subject: Revert "allow unauthenticated clients"

This reverts commit 058d4c81e08fcaa8b0cbba9cf1e47157711d977e.
---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index c12ab21c..629eff39 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -707,7 +707,7 @@ in rec {
       [certificate-auth]
       ca-list=/var/lib/infinoted/ca.cert.pem
       ca-key=/var/lib/infinoted/ca.key.pem
-      accept-unauthenticated-clients=true
+      accept-unauthenticated-clients=false
 
       [autosave]
       interval=5
-- 
cgit v1.2.3


From ca61fd9bab584d1268df1094d2b8a54e4767e242 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:53:08 +0100
Subject: infinoted: remove password

---
 ymir.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index 629eff39..82d47b50 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -701,7 +701,6 @@ in rec {
     enable = true;
     keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
     certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
-    passwordFile = "/var/lib/infinoted/password";
     plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" ];
     extraConfig = ''
       [certificate-auth]
-- 
cgit v1.2.3


From afc13d563478482a0f850c18f391cdff55f06d2b Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:57:19 +0100
Subject: Revert "infinoted: remove password"

This reverts commit ca61fd9bab584d1268df1094d2b8a54e4767e242.
---
 ymir.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ymir.nix b/ymir.nix
index 82d47b50..629eff39 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -701,6 +701,7 @@ in rec {
     enable = true;
     keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
     certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
+    passwordFile = "/var/lib/infinoted/password";
     plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" ];
     extraConfig = ''
       [certificate-auth]
-- 
cgit v1.2.3


From 03e54f8e17964fe547eac873d77132fb0020f80a Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 18:57:27 +0100
Subject: Revert "Revert "allow unauthenticated clients""

This reverts commit af95d5951d2448820ade0cc81da4577b72dcb096.
---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index 629eff39..c12ab21c 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -707,7 +707,7 @@ in rec {
       [certificate-auth]
       ca-list=/var/lib/infinoted/ca.cert.pem
       ca-key=/var/lib/infinoted/ca.key.pem
-      accept-unauthenticated-clients=false
+      accept-unauthenticated-clients=true
 
       [autosave]
       interval=5
-- 
cgit v1.2.3


From f5e2316fa5a7682250dc5291719c358010eeefa9 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 19:01:55 +0100
Subject: Revert "Revert "infinoted: remove password""

This reverts commit afc13d563478482a0f850c18f391cdff55f06d2b.
---
 ymir.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index c12ab21c..aaf7103c 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -701,7 +701,6 @@ in rec {
     enable = true;
     keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
     certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
-    passwordFile = "/var/lib/infinoted/password";
     plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" ];
     extraConfig = ''
       [certificate-auth]
-- 
cgit v1.2.3


From f55aab3fdf7e00ad3674ce5452dfbcde05977ada Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 19:02:14 +0100
Subject: Revert "Revert "Revert "allow unauthenticated clients"""

This reverts commit 03e54f8e17964fe547eac873d77132fb0020f80a.
---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index aaf7103c..82d47b50 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -706,7 +706,7 @@ in rec {
       [certificate-auth]
       ca-list=/var/lib/infinoted/ca.cert.pem
       ca-key=/var/lib/infinoted/ca.key.pem
-      accept-unauthenticated-clients=true
+      accept-unauthenticated-clients=false
 
       [autosave]
       interval=5
-- 
cgit v1.2.3


From 33b2535ec5a522d7a2c86a36b7f7cc7ac5fe5a51 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 24 Nov 2016 23:28:59 +0100
Subject: Revert "Revert "Revert "Revert "allow unauthenticated clients""""

This reverts commit f55aab3fdf7e00ad3674ce5452dfbcde05977ada.
---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index 82d47b50..aaf7103c 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -706,7 +706,7 @@ in rec {
       [certificate-auth]
       ca-list=/var/lib/infinoted/ca.cert.pem
       ca-key=/var/lib/infinoted/ca.key.pem
-      accept-unauthenticated-clients=false
+      accept-unauthenticated-clients=true
 
       [autosave]
       interval=5
-- 
cgit v1.2.3


From 6965602fe27a795a6494c9c2657c2abe83803496 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Fri, 25 Nov 2016 12:37:44 +0100
Subject: Drop lmu.li

---
 ymir/zones/index.nix  |  1 -
 ymir/zones/li.lmu.soa | 31 -------------------------------
 2 files changed, 32 deletions(-)
 delete mode 100644 ymir/zones/li.lmu.soa

diff --git a/ymir/zones/index.nix b/ymir/zones/index.nix
index 8424a0e0..9bde25e9 100644
--- a/ymir/zones/index.nix
+++ b/ymir/zones/index.nix
@@ -5,7 +5,6 @@ with lib;
 rec {
   "141.li" = { data = readFile ./li.141.soa; };
   "dirty-haskell.org" = { data = readFile ./org.dirty-haskell.soa; };
-  "lmu.li" = { data = readFile ./li.lmu.soa; };
   "praseodym.org" = { data = readFile ./org.praseodym.soa; };
   "xmpp.li" = { data = readFile ./li.xmpp.soa; };
   "yggdrasil.li" = { data = readFile ./li.yggdrasil.soa; };
diff --git a/ymir/zones/li.lmu.soa b/ymir/zones/li.lmu.soa
deleted file mode 100644
index d1e05738..00000000
--- a/ymir/zones/li.lmu.soa
+++ /dev/null
@@ -1,31 +0,0 @@
-$ORIGIN lmu.li.
-$TTL 3600
-@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
-  2016111011 ; serial
-  10800      ; refresh
-  3600       ; retry
-  604800     ; expire
-  3600       ; min TTL
-)
-                        IN      NS      ns.yggdrasil.li.
-                        IN      NS      ns.inwx.de.
-                        IN      NS      ns2.inwx.de.
-                        IN      NS      ns3.inwx.eu.
-                        IN      NS      ns4.inwx.com.
-                        IN      NS      ns5.inwx.net.
-
-@			IN	A	188.68.51.254
-@			IN	AAAA	2a03:4000:6:d004::
-@			IN	MX	10 ymir.yggdrasil.li.
-@			IN	TXT	"v=spf1 redirect=yggdrasil.li"
-
-*             		IN	A	188.68.51.254
-*              		IN	AAAA	2a03:4000:6:d004::
-*                       IN	MX	0 ymir.yggdrasil.li.
-*                       IN	TXT	"v=spf1 redirect=yggdrasil.li"
-
-ymir._domainkey	        IN	TXT	( 
-  "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
-  "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
-  "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
-)
-- 
cgit v1.2.3


From 6662c39fa0390827c9d66da9e7bd3a6aaa206137 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Fri, 25 Nov 2016 15:31:08 +0100
Subject: Ymir: haveged

---
 ymir.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index aaf7103c..67455541 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -712,4 +712,8 @@ in rec {
       interval=5
     '';
   };
+
+  services.haveged = {
+    enable = true;
+  };
 }
-- 
cgit v1.2.3


From fd89b4bf3a54d6c79a14d0328afdf55f1d20bcd6 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Sat, 26 Nov 2016 18:15:57 +0100
Subject: disable sane pending investigation

---
 hel.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/hel.nix b/hel.nix
index 3753a8df..0f976037 100644
--- a/hel.nix
+++ b/hel.nix
@@ -347,11 +347,11 @@
 
     bluetooth.enable = true;   
 
-    sane = {
-      enable = true;
-      extraBackends = with pkgs; [ samsung-unified-linux-driver ];
-      configDir = "/etc/sane.d";
-    };
+    # sane = {
+    #   enable = true;
+    #   extraBackends = with pkgs; [ samsung-unified-linux-driver ];
+    #   configDir = "/etc/sane.d";
+    # };
   };
 
   sound.enable = true;
-- 
cgit v1.2.3


From 17ebe527d099b026bb7eac699248f05fb24cae4c Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 1 Dec 2016 22:33:04 +0100
Subject: Allow sudo to mlmmj

---
 ymir.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index 67455541..c83771d4 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -606,7 +606,13 @@ in rec {
     group = "mlmmj";
   };
 
-  users.extraGroups."mlmmj" = {};
+  users.extraGroups."mlmmj" = {
+    members = [ "gkleen" ];
+  };
+
+  security.sudo.extraConfig = ''
+    %mlmmj ALL=(mlmmj) NOPASSWD: ALL
+  '';
 
   security.acme = {
     certs = {
-- 
cgit v1.2.3


From 2317f081606394f2230bc8c29c5306ee320256da Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 1 Dec 2016 22:33:36 +0100
Subject: Introduce more explicit group for mlmmj

---
 ymir.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index c83771d4..e46971f2 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -606,12 +606,14 @@ in rec {
     group = "mlmmj";
   };
 
-  users.extraGroups."mlmmj" = {
+  users.extraGroups."mlmmj" = {};
+
+  users.extraGroups."mladmin" = {
     members = [ "gkleen" ];
   };
 
   security.sudo.extraConfig = ''
-    %mlmmj ALL=(mlmmj) NOPASSWD: ALL
+    %mladmin ALL=(mlmmj) NOPASSWD: ALL
   '';
 
   security.acme = {
-- 
cgit v1.2.3


From 9381fa59a26ec1a4206808b444d3882fe8afe25e Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 1 Dec 2016 22:36:45 +0100
Subject: allow newgrp

---
 ymir.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index e46971f2..ad711c13 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -616,6 +616,8 @@ in rec {
     %mladmin ALL=(mlmmj) NOPASSWD: ALL
   '';
 
+  security.setuidPrograms = [ "newgrp" ];
+
   security.acme = {
     certs = {
       "yggdrasil.li" = {
-- 
cgit v1.2.3


From 0946461193d7264c897af3332e15cb73eb4f1c8f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Fri, 2 Dec 2016 23:29:50 +0100
Subject: Framework for git-sync

---
 ymir.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index ad711c13..e8837dcd 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -711,7 +711,7 @@ in rec {
     enable = true;
     keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
     certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
-    plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" ];
+    plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" "directory-sync" ];
     extraConfig = ''
       [certificate-auth]
       ca-list=/var/lib/infinoted/ca.cert.pem
@@ -720,9 +720,19 @@ in rec {
 
       [autosave]
       interval=5
+
+      [directory-sync]
+      directory=/var/lib/infinoted/dirsync
+      interval=5
+      hook=/var/lib/infinoted/git-sync.sh
     '';
   };
 
+  users.extraUsers."infinoted" = {
+    home = "/var/lib/infinoted";
+    createHome = true;
+  };
+
   services.haveged = {
     enable = true;
   };
-- 
cgit v1.2.3


From 5e1a5c38e7ac0e38302435cec47145f804554748 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Sat, 3 Dec 2016 01:00:36 +0100
Subject: Allow gitolite to control infinoted

---
 ymir.nix | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index e8837dcd..83fa823f 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -611,11 +611,30 @@ in rec {
   users.extraGroups."mladmin" = {
     members = [ "gkleen" ];
   };
+  
+  users.extraGroups."infinoted" = {
+    members = [ "infinoted gitolite" ];
+  };
 
   security.sudo.extraConfig = ''
     %mladmin ALL=(mlmmj) NOPASSWD: ALL
+    %infinoted ALL=(infinoted) NOPASSWD: ALL
   '';
 
+  security.polkit = {
+      enable = true;
+      extraConfig = ''
+        polkit.addRule(function(action, subject) {
+          if (    action.id == "org.freedesktop.systemd1.manage-units"
+               && action.lookup("unit") == "infinoted.service"
+               && subject.isInGroup("infinoted")
+             ) {
+              return polkit.Result.YES;
+          }
+        });
+      '';
+    };
+
   security.setuidPrograms = [ "newgrp" ];
 
   security.acme = {
-- 
cgit v1.2.3


From c37c0bd0f92d34d36de1c288e765c5f2d3b08551 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Sat, 3 Dec 2016 01:12:47 +0100
Subject: fix syntax screw up

---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index 83fa823f..f5a1c071 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -613,7 +613,7 @@ in rec {
   };
   
   users.extraGroups."infinoted" = {
-    members = [ "infinoted gitolite" ];
+    members = [ "infinoted" "gitolite" ];
   };
 
   security.sudo.extraConfig = ''
-- 
cgit v1.2.3


From 2c4603c01a36b4ed54ada906879f1c02956cd4c2 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 12 Dec 2016 10:50:38 +0100
Subject: List all subscribers

---
 ymir/mlmmj-expose.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ymir/mlmmj-expose.nix b/ymir/mlmmj-expose.nix
index 0873b0f7..122fafa4 100644
--- a/ymir/mlmmj-expose.nix
+++ b/ymir/mlmmj-expose.nix
@@ -69,6 +69,11 @@ let
           "mlmmj-get-exposed" -> do
             args <- getArgs
             case args of
+              [(dropTrailingPathSeperator -> listDir), (map toLower -> ident)] -> do
+                setCurrentDirectory listDir
+                identities <- getIdentities
+                unless (ident `elem` identities) . die $ "Unknown sender: ‘" ++ ident ++ "’"
+                mapM_ (\sub -> putStrLn $ sub ++ " " ++ takeFileName listDir ++ "+" ++ hash' (ident, sub) ++ "@subs.lists.yggdrasil.li") =<< getSubscribers
               (dropTrailingPathSeparator -> listDir) : (map toLower -> ident) : (map (map toLower) -> recipients) -> do
                 setCurrentDirectory listDir
                 identities <- getIdentities
-- 
cgit v1.2.3


From e90f3e6aa3853a17c0d33aef5306739cb36269b6 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 12 Dec 2016 10:52:34 +0100
Subject: typo

---
 ymir/mlmmj-expose.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir/mlmmj-expose.nix b/ymir/mlmmj-expose.nix
index 122fafa4..2bdcf619 100644
--- a/ymir/mlmmj-expose.nix
+++ b/ymir/mlmmj-expose.nix
@@ -69,7 +69,7 @@ let
           "mlmmj-get-exposed" -> do
             args <- getArgs
             case args of
-              [(dropTrailingPathSeperator -> listDir), (map toLower -> ident)] -> do
+              [(dropTrailingPathSeparator -> listDir), (map toLower -> ident)] -> do
                 setCurrentDirectory listDir
                 identities <- getIdentities
                 unless (ident `elem` identities) . die $ "Unknown sender: ‘" ++ ident ++ "’"
-- 
cgit v1.2.3


From 692a3961f1788abe8fd284d744e7389888dc2353 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 12 Dec 2016 15:21:04 +0100
Subject: mlmmj-serve-exposed

---
 ymir/mlmmj-expose.hs  | 180 ++++++++++++++++++++++++++++++++++++++++++++++++++
 ymir/mlmmj-expose.nix | 114 ++++----------------------------
 2 files changed, 194 insertions(+), 100 deletions(-)
 create mode 100644 ymir/mlmmj-expose.hs

diff --git a/ymir/mlmmj-expose.hs b/ymir/mlmmj-expose.hs
new file mode 100644
index 00000000..faf4e3b6
--- /dev/null
+++ b/ymir/mlmmj-expose.hs
@@ -0,0 +1,180 @@
+{-# LANGUAGE ViewPatterns, RecordWildCards #-}
+
+import System.IO
+import System.IO.Error
+import System.FilePath
+import System.Environment
+import System.Exit
+import System.Directory
+import System.Process
+import Text.Printf
+
+import Data.Char
+
+import Control.Monad
+
+import Crypto.Hash
+
+import qualified Data.ByteString.Lazy as LBS
+import qualified Data.ByteString.Char8 as CBS
+
+import qualified Data.UUID as UUID (toString)
+import qualified Data.UUID.V4 as UUID (nextRandom)
+
+import Data.Aeson
+import Data.Aeson.Encode.Pretty
+
+import Data.Set (Set)
+import qualified Data.Set as Set
+
+newtype FoxReplace = FoxReplace (Set FoxReplaceGroup)
+  deriving (Ord, Eq)
+
+data FoxReplaceGroup = FoxReplaceGroup
+                       { groupName :: String
+                       , groupUrls :: Set String
+                       , groupSubs :: Set FoxReplaceSub
+                       , groupHtmlMode  :: FoxReplaceHTML
+                       }
+  deriving (Ord, Eq)
+
+data FoxReplaceHTML = NoHTML | OutputOnlyHTML | BothHTML
+  deriving (Ord, Eq, Enum)
+
+data FoxReplaceSub = FoxReplaceSub
+                     { rInput, rOutput :: String
+                     , rInputType :: SubInput
+                     , rCaseSensitive :: Bool
+                     }
+  deriving (Ord, Eq)
+
+data SubInput = TextInput | WordInput | RegexpInput
+  deriving (Ord, Eq, Enum)
+
+
+instance ToJSON FoxReplace where
+  toJSON (FoxReplace groupSet) = object
+                                 [ "version" .= "0.15"
+                                 , "groups" .= groupSet
+                                 ]
+
+instance ToJSON FoxReplaceGroup where
+  toJSON FoxReplaceGroup{..} = object
+                               [ "name" .= groupName
+                               , "html" .= groupHtmlMode
+                               , "enabled" .= True
+                               , "urls" .= groupUrls
+                               , "substitutions" .= groupSubs
+                               ]
+
+instance ToJSON FoxReplaceHTML where
+  toJSON NoHTML         = String "none"
+  toJSON OutputOnlyHTML = String "output"
+  toJSON BothHTML       = String "inputoutput"
+
+instance ToJSON FoxReplaceSub where
+  toJSON FoxReplaceSub{..} = object
+                             [ "input" .= rInput
+                             , "output" .= rOutput
+                             , "inputType" .= rInputType
+                             , "caseSensitive" .= rCaseSensitive
+                             ]
+
+instance ToJSON SubInput where
+  toJSON TextInput   = String "text"
+  toJSON WordInput   = String "wholewords"
+  toJSON RegexpInput = String "regexp"
+
+
+main :: IO ()
+main = do
+  progName <- takeFileName <$> getProgName
+  case progName of
+    "mlmmj-exposed" -> do
+      args <- getArgs
+      case args of
+        [listDir, (map toLower -> extension)] -> do
+          setCurrentDirectory listDir
+          identities <- getIdentities
+          subscribers <- getSubscribers
+          let hashes = filter ((==) extension . snd) [((ident, sub), hash' (ident, sub)) | ident <- identities, sub <- subscribers]
+          case hashes of
+            [((_, recipient), _)] -> do
+              uuid <- UUID.nextRandom
+              let fName = "queue" </> "exposed" <.> uuidTrans uuid
+                  uuidTrans = uuidTrans' . UUID.toString
+                    where
+                      uuidTrans' []       = []
+                      uuidTrans' ('-':xs) =       uuidTrans' xs
+                      uuidTrans' (x:xs)   =   x : uuidTrans' xs
+              getContents >>= writeFile fName
+              hPrintf stdout "Forwarding mail to <%s>, subscribed to %s\n" recipient (takeBaseName listDir)
+              callProcess "${pkgs.mlmmj}/bin/mlmmj-send" ["-L", listDir, "-l", "6", "-m", fName, "-T", recipient]
+              removeFile fName
+            [] -> die "Unknown extension"
+            _  -> die "Ambiguous extension"
+        _ -> hPutStrLn stderr ("Called without expected arguments (<listDirectory> <recipientExtension>)") >> exitWith (ExitFailure 2)
+    "mlmmj-expose" -> do
+      args <- getArgs
+      case args of
+        [listDir, (map toLower -> ident)] -> do
+          setCurrentDirectory listDir
+          identities <- getIdentities
+          case ident `elem` identities of
+            True  -> putStrLn "Identity is already known"
+            False -> writeFile "exposed.ids" . unlines $ ident : identities
+            _     -> hPutStrLn stderr ("Called without expected arguments (<listDirectory> <senderIdentity>)") >> exitWith (ExitFailure 2)
+    "mlmmj-get-exposed" -> do
+      args <- getArgs
+      case args of
+        [(dropTrailingPathSeparator -> listDir), (map toLower -> ident)] -> do
+          setCurrentDirectory listDir
+          identities <- getIdentities
+          unless (ident `elem` identities) . die $ "Unknown sender: ‘" ++ ident ++ "’"
+          mapM_ (\sub -> putStrLn $ sub ++ " " ++ takeFileName listDir ++ "+" ++ hash' (ident, sub) ++ "@subs.lists.yggdrasil.li") =<< getSubscribers
+        (dropTrailingPathSeparator -> listDir) : (map toLower -> ident) : (map (map toLower) -> recipients) -> do
+          setCurrentDirectory listDir
+          identities <- getIdentities
+          unless (ident `elem` identities) . die $ "Unknown sender: ‘" ++ ident ++ "’"
+          subscribers <- getSubscribers
+          forM_ recipients $ \recipient -> do
+            unless (recipient `elem` subscribers) . die $ "Unknown recipient: ‘" ++ recipient ++ "’";
+            putStrLn $ takeFileName listDir ++ "+" ++ hash' (ident, recipient) ++ "@subs.lists.yggdrasil.li";
+        _ -> hPutStrLn stderr ("Called without expected arguments (<listDirectory> <senderIdentity> [<recipient> [...]])") >> exitWith (ExitFailure 2)
+    "mlmmj-serve-exposed" -> do
+      args <- getArgs
+      case args of
+        [(dropTrailingPathSeparator -> listDir)] -> do
+          subscribers <- getSubscribers
+          identities <- getIdentities
+
+          let
+            listName = takeBaseName listDir
+            replaceGroup ident = FoxReplaceGroup { groupName = ident ++ "." ++ listName
+                                                 , groupHtmlMode = False
+                                                 , groupUrls = Set.empty
+                                                 , groupSubs = Set.fromList $ map (replaceSub ident) subscribers
+                                                 }
+            replaceSub ident sub = FoxReplaceSub { rInput = hash' (ident, sub)
+                                                 , rOutput = sub
+                                                 , rInputType = WordInput
+                                                 , rCaseSensitive = True
+                                                 }
+
+          CLBS.putStrLn . encodePretty . FoxReplace . Set.fromList $ map replaceGroup identities
+        _ -> hPutStrLn stderr "Called without expected arguments (<listDirectory>)" >> exitWith (ExitFailure 2)
+    _ -> hPutStrLn stderr ("Called under unsupported name ‘" ++ progName ++ "’") >> exitWith (ExitFailure 2)
+
+getIdentities :: IO [String]
+getIdentities = (filter (not . null) . lines <$> readFile "exposed.ids") `catchIOError` (\e -> if isDoesNotExistError e then return [] else ioError e)
+
+getSubscribers :: IO [String]
+getSubscribers = map (map toLower) . concat <$> mapM (flip catchIOError (\e -> if isDoesNotExistError e then return [] else ioError e) . readDir) ["subscribers.d", "digesters.d"]
+  where
+    readDir dir = concat <$> (mapM (fmap lines . readFile) . map (dir </>) . filter (not . (`elem` [".", ".."]))=<< (getDirectoryContents dir))
+
+hash' :: Show a => a -> String
+hash' = take len . map toLower . show . (hash :: CBS.ByteString -> Digest SHA256) . CBS.pack . map toLower . show
+
+len :: Int
+len = 32
diff --git a/ymir/mlmmj-expose.nix b/ymir/mlmmj-expose.nix
index 2bdcf619..370219d3 100644
--- a/ymir/mlmmj-expose.nix
+++ b/ymir/mlmmj-expose.nix
@@ -1,110 +1,24 @@
 { config, pkgs, ... }:
 
 let
-  haskellEnv = pkgs.haskellPackages.ghcWithPackages (pkgs: with pkgs; [ filepath directory cryptonite bytestring uuid ]);
+  haskellEnv = pkgs.haskellPackages.ghcWithPackages dependencies;
+  dependencies = pkgs: with pkgs; [ filepath
+                                    directory
+                                    cryptonite
+                                    bytestring
+                                    uuid
+                                    aeson
+                                    aeson-pretty
+                                  ];
   mlmmj-exposed = pkgs.stdenv.mkDerivation {
-    name = "mlmmj-exposed";
-    src = pkgs.writeText "mlmmj-exposed.hs" ''
-      {-# LANGUAGE ViewPatterns #-}
-
-      import System.IO
-      import System.IO.Error
-      import System.FilePath
-      import System.Environment
-      import System.Exit
-      import System.Directory
-      import System.Process
-      import Text.Printf
-
-      import Data.Char
-
-      import Control.Monad
-
-      import Crypto.Hash
-
-      import qualified Data.ByteString.Lazy as LBS
-      import qualified Data.ByteString.Char8 as CBS
-
-      import qualified Data.UUID as UUID (toString)
-      import qualified Data.UUID.V4 as UUID (nextRandom)
-
-      main :: IO ()
-      main = do
-        progName <- takeFileName <$> getProgName
-        case progName of
-          "mlmmj-exposed" -> do
-            args <- getArgs
-            case args of
-              [listDir, (map toLower -> extension)] -> do
-                setCurrentDirectory listDir
-                identities <- getIdentities
-                subscribers <- getSubscribers
-                let hashes = filter ((==) extension . snd) [((ident, sub), hash' (ident, sub)) | ident <- identities, sub <- subscribers]
-                case hashes of
-                  [((_, recipient), _)] -> do
-                    uuid <- UUID.nextRandom
-                    let fName = "queue" </> "exposed" <.> uuidTrans uuid
-                        uuidTrans = uuidTrans' . UUID.toString
-                          where
-                            uuidTrans' []       = []
-                            uuidTrans' ('-':xs) =       uuidTrans' xs
-                            uuidTrans' (x:xs)   =   x : uuidTrans' xs
-                    getContents >>= writeFile fName
-                    hPrintf stdout "Forwarding mail to <%s>, subscribed to %s\n" recipient (takeBaseName listDir)
-                    callProcess "${pkgs.mlmmj}/bin/mlmmj-send" ["-L", listDir, "-l", "6", "-m", fName, "-T", recipient]
-                    removeFile fName
-                  [] -> die "Unknown extension"
-                  _ -> die "Ambiguous extension"
-              _ -> hPutStrLn stderr ("Called without expected arguments (<listDirectory> <recipientExtension>)") >> exitWith (ExitFailure 2)
-          "mlmmj-expose" -> do
-            args <- getArgs
-            case args of
-              [listDir, (map toLower -> ident)] -> do
-                setCurrentDirectory listDir
-                identities <- getIdentities
-                case ident `elem` identities of
-                  True -> putStrLn "Identity is already known"
-                  False -> writeFile "exposed.ids" . unlines $ ident : identities
-              _ -> hPutStrLn stderr ("Called without expected arguments (<listDirectory> <senderIdentity>)") >> exitWith (ExitFailure 2)
-          "mlmmj-get-exposed" -> do
-            args <- getArgs
-            case args of
-              [(dropTrailingPathSeparator -> listDir), (map toLower -> ident)] -> do
-                setCurrentDirectory listDir
-                identities <- getIdentities
-                unless (ident `elem` identities) . die $ "Unknown sender: ‘" ++ ident ++ "’"
-                mapM_ (\sub -> putStrLn $ sub ++ " " ++ takeFileName listDir ++ "+" ++ hash' (ident, sub) ++ "@subs.lists.yggdrasil.li") =<< getSubscribers
-              (dropTrailingPathSeparator -> listDir) : (map toLower -> ident) : (map (map toLower) -> recipients) -> do
-                setCurrentDirectory listDir
-                identities <- getIdentities
-                unless (ident `elem` identities) . die $ "Unknown sender: ‘" ++ ident ++ "’"
-                subscribers <- getSubscribers
-                forM_ recipients (\recipient -> do {
-                  unless (recipient `elem` subscribers) . die $ "Unknown recipient: ‘" ++ recipient ++ "’";
-                  putStrLn $ takeFileName listDir ++ "+" ++ hash' (ident, recipient) ++ "@subs.lists.yggdrasil.li";
-                })
-              _ -> hPutStrLn stderr ("Called without expected arguments (<listDirectory> <senderIdentity> [<recipient> [...]])") >> exitWith (ExitFailure 2)
-          _ -> hPutStrLn stderr ("Called under unsupported name ‘" ++ progName ++ "’") >> exitWith (ExitFailure 2)
-      getIdentities :: IO [String]
-      getIdentities = (filter (not . null) . lines <$> readFile "exposed.ids") `catchIOError` (\e -> if isDoesNotExistError e then return [] else ioError e)
-
-      getSubscribers :: IO [String]
-      getSubscribers = map (map toLower) . concat <$> mapM (flip catchIOError (\e -> if isDoesNotExistError e then return [] else ioError e) . readDir) ["subscribers.d", "digesters.d"]
-        where
-          readDir dir = concat <$> (mapM (fmap lines . readFile) . map (dir </>) . filter (not . (`elem` [".", ".."]))=<< (getDirectoryContents dir))
-
-      hash' :: Show a => a -> String
-      hash' = take len . map toLower . show . (hash :: CBS.ByteString -> Digest SHA256) . CBS.pack . map toLower . show
-
-      len :: Int
-      len = 32
-    '';
+    name = "mlmmj-expose";
+    src = ./mlmmj-expose.hs;
     buildCommand = ''
       mkdir -p $out/bin
       #cp $src $out/bin/.mlmmj-exposed
-      ${haskellEnv}/bin/ghc -o $out/bin/.mlmmj-exposed -odir . -hidir . $src
-      for f in mlmmj-exposed mlmmj-expose mlmmj-get-exposed; do
-        ln -s .mlmmj-exposed $out/bin/$f
+      ${haskellEnv}/bin/ghc -o $out/bin/.mlmmj-expose -odir . -hidir . $src
+      for f in mlmmj-exposed mlmmj-expose mlmmj-get-exposed mlmmj-serve-exposed; do
+        ln -s .mlmmj-expose $out/bin/$f
       done
     '';
   };
-- 
cgit v1.2.3


From 446086a87736caf0ca12e21f637fb7a3c86bd051 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 12 Dec 2016 15:21:46 +0100
Subject: syntax

---
 ymir/mlmmj-expose.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir/mlmmj-expose.hs b/ymir/mlmmj-expose.hs
index faf4e3b6..7255f404 100644
--- a/ymir/mlmmj-expose.hs
+++ b/ymir/mlmmj-expose.hs
@@ -161,7 +161,7 @@ main = do
                                                  , rCaseSensitive = True
                                                  }
 
-          CLBS.putStrLn . encodePretty . FoxReplace . Set.fromList $ map replaceGroup identities
+          CBS.putStrLn . encodePretty . FoxReplace . Set.fromList $ map replaceGroup identities
         _ -> hPutStrLn stderr "Called without expected arguments (<listDirectory>)" >> exitWith (ExitFailure 2)
     _ -> hPutStrLn stderr ("Called under unsupported name ‘" ++ progName ++ "’") >> exitWith (ExitFailure 2)
 
-- 
cgit v1.2.3


From 7ff8e88f35ea789a86a134dba790af3ac3693a12 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 12 Dec 2016 15:22:20 +0100
Subject: Overload strings

---
 ymir/mlmmj-expose.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir/mlmmj-expose.hs b/ymir/mlmmj-expose.hs
index 7255f404..6747ebc5 100644
--- a/ymir/mlmmj-expose.hs
+++ b/ymir/mlmmj-expose.hs
@@ -1,4 +1,4 @@
-{-# LANGUAGE ViewPatterns, RecordWildCards #-}
+{-# LANGUAGE ViewPatterns, RecordWildCards, OverloadedStrings #-}
 
 import System.IO
 import System.IO.Error
-- 
cgit v1.2.3


From fd80a539306d367ab8b228b30a024328cbd88f22 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 12 Dec 2016 15:26:28 +0100
Subject: Bytestring flavours

---
 ymir/mlmmj-expose.hs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ymir/mlmmj-expose.hs b/ymir/mlmmj-expose.hs
index 6747ebc5..2819462e 100644
--- a/ymir/mlmmj-expose.hs
+++ b/ymir/mlmmj-expose.hs
@@ -151,7 +151,7 @@ main = do
           let
             listName = takeBaseName listDir
             replaceGroup ident = FoxReplaceGroup { groupName = ident ++ "." ++ listName
-                                                 , groupHtmlMode = False
+                                                 , groupHtmlMode = NoHTML
                                                  , groupUrls = Set.empty
                                                  , groupSubs = Set.fromList $ map (replaceSub ident) subscribers
                                                  }
@@ -161,7 +161,8 @@ main = do
                                                  , rCaseSensitive = True
                                                  }
 
-          CBS.putStrLn . encodePretty . FoxReplace . Set.fromList $ map replaceGroup identities
+          LBS.putStr . encodePretty . FoxReplace . Set.fromList $ map replaceGroup identities
+          putChar '\n'
         _ -> hPutStrLn stderr "Called without expected arguments (<listDirectory>)" >> exitWith (ExitFailure 2)
     _ -> hPutStrLn stderr ("Called under unsupported name ‘" ++ progName ++ "’") >> exitWith (ExitFailure 2)
 
-- 
cgit v1.2.3


From 531b41944a1bef7d95f94bc267698b5db6777305 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 12 Dec 2016 15:27:13 +0100
Subject: Need type annotation for overloaded strings

---
 ymir/mlmmj-expose.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir/mlmmj-expose.hs b/ymir/mlmmj-expose.hs
index 2819462e..ef8d076b 100644
--- a/ymir/mlmmj-expose.hs
+++ b/ymir/mlmmj-expose.hs
@@ -54,7 +54,7 @@ data SubInput = TextInput | WordInput | RegexpInput
 
 instance ToJSON FoxReplace where
   toJSON (FoxReplace groupSet) = object
-                                 [ "version" .= "0.15"
+                                 [ "version" .= ("0.15" :: String)
                                  , "groups" .= groupSet
                                  ]
 
-- 
cgit v1.2.3


From 5fab29b4ffc801eba2d8747fa51bb82f102a5e14 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 12 Dec 2016 15:27:43 +0100
Subject: fix indentation

---
 ymir/mlmmj-expose.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir/mlmmj-expose.hs b/ymir/mlmmj-expose.hs
index ef8d076b..73e329d8 100644
--- a/ymir/mlmmj-expose.hs
+++ b/ymir/mlmmj-expose.hs
@@ -123,7 +123,7 @@ main = do
           case ident `elem` identities of
             True  -> putStrLn "Identity is already known"
             False -> writeFile "exposed.ids" . unlines $ ident : identities
-            _     -> hPutStrLn stderr ("Called without expected arguments (<listDirectory> <senderIdentity>)") >> exitWith (ExitFailure 2)
+        _     -> hPutStrLn stderr ("Called without expected arguments (<listDirectory> <senderIdentity>)") >> exitWith (ExitFailure 2)
     "mlmmj-get-exposed" -> do
       args <- getArgs
       case args of
-- 
cgit v1.2.3


From 87e9b7a54ae50398e3c93d8808ade354be035be3 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 12 Dec 2016 15:32:35 +0100
Subject: Debug output

---
 ymir/mlmmj-expose.hs | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/ymir/mlmmj-expose.hs b/ymir/mlmmj-expose.hs
index 73e329d8..b5fc9cab 100644
--- a/ymir/mlmmj-expose.hs
+++ b/ymir/mlmmj-expose.hs
@@ -28,7 +28,7 @@ import Data.Set (Set)
 import qualified Data.Set as Set
 
 newtype FoxReplace = FoxReplace (Set FoxReplaceGroup)
-  deriving (Ord, Eq)
+  deriving (Ord, Eq, Show)
 
 data FoxReplaceGroup = FoxReplaceGroup
                        { groupName :: String
@@ -36,20 +36,20 @@ data FoxReplaceGroup = FoxReplaceGroup
                        , groupSubs :: Set FoxReplaceSub
                        , groupHtmlMode  :: FoxReplaceHTML
                        }
-  deriving (Ord, Eq)
+  deriving (Ord, Eq, Show)
 
 data FoxReplaceHTML = NoHTML | OutputOnlyHTML | BothHTML
-  deriving (Ord, Eq, Enum)
+  deriving (Ord, Eq, Enum, Show)
 
 data FoxReplaceSub = FoxReplaceSub
                      { rInput, rOutput :: String
                      , rInputType :: SubInput
                      , rCaseSensitive :: Bool
                      }
-  deriving (Ord, Eq)
+  deriving (Ord, Eq, Show)
 
 data SubInput = TextInput | WordInput | RegexpInput
-  deriving (Ord, Eq, Enum)
+  deriving (Ord, Eq, Enum, Show)
 
 
 instance ToJSON FoxReplace where
@@ -160,6 +160,7 @@ main = do
                                                  , rInputType = WordInput
                                                  , rCaseSensitive = True
                                                  }
+          hPutStrLn stderr . show $ map replaceGroup identities
 
           LBS.putStr . encodePretty . FoxReplace . Set.fromList $ map replaceGroup identities
           putChar '\n'
-- 
cgit v1.2.3


From 49d1fd08abe933a6caacbe7e105facb76b4fa3b5 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 12 Dec 2016 15:34:24 +0100
Subject: chdir

---
 ymir/mlmmj-expose.hs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ymir/mlmmj-expose.hs b/ymir/mlmmj-expose.hs
index b5fc9cab..3d19035c 100644
--- a/ymir/mlmmj-expose.hs
+++ b/ymir/mlmmj-expose.hs
@@ -145,6 +145,7 @@ main = do
       args <- getArgs
       case args of
         [(dropTrailingPathSeparator -> listDir)] -> do
+          setCurrentDirectory listDir
           subscribers <- getSubscribers
           identities <- getIdentities
 
-- 
cgit v1.2.3


From 6ab9fbd771ec4f62c73f8040f664a091c3fa642d Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 12 Dec 2016 15:34:47 +0100
Subject: remove debug output

---
 ymir/mlmmj-expose.hs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ymir/mlmmj-expose.hs b/ymir/mlmmj-expose.hs
index 3d19035c..b6309825 100644
--- a/ymir/mlmmj-expose.hs
+++ b/ymir/mlmmj-expose.hs
@@ -161,7 +161,6 @@ main = do
                                                  , rInputType = WordInput
                                                  , rCaseSensitive = True
                                                  }
-          hPutStrLn stderr . show $ map replaceGroup identities
 
           LBS.putStr . encodePretty . FoxReplace . Set.fromList $ map replaceGroup identities
           putChar '\n'
-- 
cgit v1.2.3


From e242fa09afdf2d7763c3c99b900406eb1f7b287d Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 12 Dec 2016 15:36:05 +0100
Subject: replace whole emails

---
 ymir/mlmmj-expose.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir/mlmmj-expose.hs b/ymir/mlmmj-expose.hs
index b6309825..03af3c4b 100644
--- a/ymir/mlmmj-expose.hs
+++ b/ymir/mlmmj-expose.hs
@@ -156,7 +156,7 @@ main = do
                                                  , groupUrls = Set.empty
                                                  , groupSubs = Set.fromList $ map (replaceSub ident) subscribers
                                                  }
-            replaceSub ident sub = FoxReplaceSub { rInput = hash' (ident, sub)
+            replaceSub ident sub = FoxReplaceSub { rInput = listName ++ "+" ++ hash' (ident, sub) ++ "@subs.lists.yggdrasil.li"
                                                  , rOutput = sub
                                                  , rInputType = WordInput
                                                  , rCaseSensitive = True
-- 
cgit v1.2.3


From cc962485bf418451f528f2240a23f878898b6acd Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 12 Dec 2016 15:38:19 +0100
Subject: Regexp replacements

---
 ymir/mlmmj-expose.hs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ymir/mlmmj-expose.hs b/ymir/mlmmj-expose.hs
index 03af3c4b..56a70bba 100644
--- a/ymir/mlmmj-expose.hs
+++ b/ymir/mlmmj-expose.hs
@@ -156,9 +156,9 @@ main = do
                                                  , groupUrls = Set.empty
                                                  , groupSubs = Set.fromList $ map (replaceSub ident) subscribers
                                                  }
-            replaceSub ident sub = FoxReplaceSub { rInput = listName ++ "+" ++ hash' (ident, sub) ++ "@subs.lists.yggdrasil.li"
+            replaceSub ident sub = FoxReplaceSub { rInput = listName ++ "\\+" ++ hash' (ident, sub) ++ "(@[^ ]+)?"
                                                  , rOutput = sub
-                                                 , rInputType = WordInput
+                                                 , rInputType = RegexpInput
                                                  , rCaseSensitive = True
                                                  }
 
-- 
cgit v1.2.3


From 29362a81efcc6c3145b999e2324090b12eb2ecb4 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 12 Dec 2016 15:40:17 +0100
Subject: more precise regexps

---
 ymir/mlmmj-expose.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir/mlmmj-expose.hs b/ymir/mlmmj-expose.hs
index 56a70bba..169fbb42 100644
--- a/ymir/mlmmj-expose.hs
+++ b/ymir/mlmmj-expose.hs
@@ -156,7 +156,7 @@ main = do
                                                  , groupUrls = Set.empty
                                                  , groupSubs = Set.fromList $ map (replaceSub ident) subscribers
                                                  }
-            replaceSub ident sub = FoxReplaceSub { rInput = listName ++ "\\+" ++ hash' (ident, sub) ++ "(@[^ ]+)?"
+            replaceSub ident sub = FoxReplaceSub { rInput = listName ++ "\\+" ++ hash' (ident, sub) ++ "(@subs\\.lists\\.yggdrasil\\.li)?"
                                                  , rOutput = sub
                                                  , rInputType = RegexpInput
                                                  , rCaseSensitive = True
-- 
cgit v1.2.3


From 8b8f8d3b6e15b9121373d27b51e2edee561dc2d2 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Fri, 16 Dec 2016 21:51:32 +0100
Subject: Fix path to mlmmj

---
 ymir/mlmmj-expose.hs  | 2 +-
 ymir/mlmmj-expose.nix | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ymir/mlmmj-expose.hs b/ymir/mlmmj-expose.hs
index 169fbb42..f074659b 100644
--- a/ymir/mlmmj-expose.hs
+++ b/ymir/mlmmj-expose.hs
@@ -109,7 +109,7 @@ main = do
                       uuidTrans' (x:xs)   =   x : uuidTrans' xs
               getContents >>= writeFile fName
               hPrintf stdout "Forwarding mail to <%s>, subscribed to %s\n" recipient (takeBaseName listDir)
-              callProcess "${pkgs.mlmmj}/bin/mlmmj-send" ["-L", listDir, "-l", "6", "-m", fName, "-T", recipient]
+              callProcess "@mlmmj@/bin/mlmmj-send" ["-L", listDir, "-l", "6", "-m", fName, "-T", recipient]
               removeFile fName
             [] -> die "Unknown extension"
             _  -> die "Ambiguous extension"
diff --git a/ymir/mlmmj-expose.nix b/ymir/mlmmj-expose.nix
index 370219d3..1eac7c7b 100644
--- a/ymir/mlmmj-expose.nix
+++ b/ymir/mlmmj-expose.nix
@@ -12,7 +12,7 @@ let
                                   ];
   mlmmj-exposed = pkgs.stdenv.mkDerivation {
     name = "mlmmj-expose";
-    src = ./mlmmj-expose.hs;
+    src = (pkgs.substituteAll { src = ./mlmmj-expose.hs; inherit (pkgs) mlmmj; });
     buildCommand = ''
       mkdir -p $out/bin
       #cp $src $out/bin/.mlmmj-exposed
-- 
cgit v1.2.3


From 1b63b3ec308f5d8974153281ee38b8847709408e Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Fri, 16 Dec 2016 22:12:21 +0100
Subject: Cleanup code

---
 ymir/mlmmj-expose.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ymir/mlmmj-expose.nix b/ymir/mlmmj-expose.nix
index 1eac7c7b..b3f7499c 100644
--- a/ymir/mlmmj-expose.nix
+++ b/ymir/mlmmj-expose.nix
@@ -12,7 +12,10 @@ let
                                   ];
   mlmmj-exposed = pkgs.stdenv.mkDerivation {
     name = "mlmmj-expose";
-    src = (pkgs.substituteAll { src = ./mlmmj-expose.hs; inherit (pkgs) mlmmj; });
+    src = pkgs.substituteAll {
+      src = ./mlmmj-expose.hs;
+      inherit (pkgs) mlmmj;
+    };
     buildCommand = ''
       mkdir -p $out/bin
       #cp $src $out/bin/.mlmmj-exposed
-- 
cgit v1.2.3


From df966451abe39bd63d9b0fa3805cd172eb3d02eb Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 26 Dec 2016 23:20:59 +0100
Subject: Build samsung driver with ghostscript

---
 hel.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index 0f976037..5552c470 100644
--- a/hel.nix
+++ b/hel.nix
@@ -58,7 +58,7 @@
     '';
 
     samsung-unified-linux-driver = pkgs.stdenv.lib.overrideDerivation pkgs.samsung-unified-linux-driver (oldAttrs: {
-      buildInputs = with pkgs; [cups];
+      buildInputs = with pkgs; [ cups ghostscript ];
     });
   };
 
-- 
cgit v1.2.3


From b29a994028561a12f8c7d14b536b68b9b92669f8 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 26 Dec 2016 23:27:11 +0100
Subject: Wrap samsung filters

---
 hel.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index 5552c470..838b5535 100644
--- a/hel.nix
+++ b/hel.nix
@@ -58,7 +58,13 @@
     '';
 
     samsung-unified-linux-driver = pkgs.stdenv.lib.overrideDerivation pkgs.samsung-unified-linux-driver (oldAttrs: {
-      buildInputs = with pkgs; [ cups ghostscript ];
+      buildInputs = with pkgs; [ cups makeWrapper ];
+      fixupPhase = ''
+        wrapProgram $out/lib/cups/filter/rastertosamsungspl \
+          --prefix PATH : ${pkgs.ghostscript}/bin
+        wrapProgram $out/lib/cups/filter/rastertosamsungsplc \
+          --prefix PATH : ${pkgs.ghostscript}/bin
+      '';
     });
   };
 
-- 
cgit v1.2.3


From 70a6f7a5c9b3c571948ea262d6f0a4378c3174be Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 26 Dec 2016 23:32:13 +0100
Subject: move wrapping to build

---
 hel.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index 838b5535..d10c49e6 100644
--- a/hel.nix
+++ b/hel.nix
@@ -59,7 +59,8 @@
 
     samsung-unified-linux-driver = pkgs.stdenv.lib.overrideDerivation pkgs.samsung-unified-linux-driver (oldAttrs: {
       buildInputs = with pkgs; [ cups makeWrapper ];
-      fixupPhase = ''
+      postBuild = ''
+        echo "Wrapping samsung filters"
         wrapProgram $out/lib/cups/filter/rastertosamsungspl \
           --prefix PATH : ${pkgs.ghostscript}/bin
         wrapProgram $out/lib/cups/filter/rastertosamsungsplc \
-- 
cgit v1.2.3


From a7a1349b1efb10babe10fe6f57801f6039114f46 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 26 Dec 2016 23:33:15 +0100
Subject: More lowlevel hook

---
 hel.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index d10c49e6..f18a4c64 100644
--- a/hel.nix
+++ b/hel.nix
@@ -59,7 +59,9 @@
 
     samsung-unified-linux-driver = pkgs.stdenv.lib.overrideDerivation pkgs.samsung-unified-linux-driver (oldAttrs: {
       buildInputs = with pkgs; [ cups makeWrapper ];
-      postBuild = ''
+      buildCommand = ''
+        ${oldAttrs.buildCommand}
+      
         echo "Wrapping samsung filters"
         wrapProgram $out/lib/cups/filter/rastertosamsungspl \
           --prefix PATH : ${pkgs.ghostscript}/bin
-- 
cgit v1.2.3


From 944c95843d385af31a610fcaf54a68d14b8cb7fc Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 26 Dec 2016 23:34:47 +0100
Subject: Even more lowlevel

---
 hel.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index f18a4c64..16096ec3 100644
--- a/hel.nix
+++ b/hel.nix
@@ -59,7 +59,7 @@
 
     samsung-unified-linux-driver = pkgs.stdenv.lib.overrideDerivation pkgs.samsung-unified-linux-driver (oldAttrs: {
       buildInputs = with pkgs; [ cups makeWrapper ];
-      buildCommand = ''
+      builder = pkgs.writeScript "builder.sh" ''
         ${oldAttrs.buildCommand}
       
         echo "Wrapping samsung filters"
-- 
cgit v1.2.3


From 7146cb7a6588caccedebb798e55853a69bf55f8f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 26 Dec 2016 23:35:51 +0100
Subject: properly include builder

---
 hel.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index 16096ec3..653f6846 100644
--- a/hel.nix
+++ b/hel.nix
@@ -60,7 +60,7 @@
     samsung-unified-linux-driver = pkgs.stdenv.lib.overrideDerivation pkgs.samsung-unified-linux-driver (oldAttrs: {
       buildInputs = with pkgs; [ cups makeWrapper ];
       builder = pkgs.writeScript "builder.sh" ''
-        ${oldAttrs.buildCommand}
+        ${builtins.readFile oldAttrs.builder}
       
         echo "Wrapping samsung filters"
         wrapProgram $out/lib/cups/filter/rastertosamsungspl \
-- 
cgit v1.2.3


From a1fc25764b8613a8ea288009a031bb3040e17e11 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 26 Dec 2016 23:37:58 +0100
Subject: don't include, just call

---
 hel.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index 653f6846..fb7c8005 100644
--- a/hel.nix
+++ b/hel.nix
@@ -60,7 +60,7 @@
     samsung-unified-linux-driver = pkgs.stdenv.lib.overrideDerivation pkgs.samsung-unified-linux-driver (oldAttrs: {
       buildInputs = with pkgs; [ cups makeWrapper ];
       builder = pkgs.writeScript "builder.sh" ''
-        ${builtins.readFile oldAttrs.builder}
+        ${oldAttrs.builder}
       
         echo "Wrapping samsung filters"
         wrapProgram $out/lib/cups/filter/rastertosamsungspl \
-- 
cgit v1.2.3


From bc3e30adcabe173e816693d260c304da98a07e47 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 26 Dec 2016 23:52:49 +0100
Subject: shebang and builder arguments

---
 hel.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index fb7c8005..7f3d4f2c 100644
--- a/hel.nix
+++ b/hel.nix
@@ -60,7 +60,9 @@
     samsung-unified-linux-driver = pkgs.stdenv.lib.overrideDerivation pkgs.samsung-unified-linux-driver (oldAttrs: {
       buildInputs = with pkgs; [ cups makeWrapper ];
       builder = pkgs.writeScript "builder.sh" ''
-        ${oldAttrs.builder}
+        #!${pkgs.stdenv.shell}
+
+        ${oldAttrs.builder} ${pkgs.lib.concatStringsSep " " oldAttrs.args}
       
         echo "Wrapping samsung filters"
         wrapProgram $out/lib/cups/filter/rastertosamsungspl \
-- 
cgit v1.2.3


From d2b3da8c8bb36c356e2b0a8117cd5d1ff791c6e2 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 26 Dec 2016 23:57:26 +0100
Subject: ...

---
 hel.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index 7f3d4f2c..788031c8 100644
--- a/hel.nix
+++ b/hel.nix
@@ -58,11 +58,14 @@
     '';
 
     samsung-unified-linux-driver = pkgs.stdenv.lib.overrideDerivation pkgs.samsung-unified-linux-driver (oldAttrs: {
-      buildInputs = with pkgs; [ cups makeWrapper ];
       builder = pkgs.writeScript "builder.sh" ''
         #!${pkgs.stdenv.shell}
 
+        source ${pkgs.stdenv}/setup
+
         ${oldAttrs.builder} ${pkgs.lib.concatStringsSep " " oldAttrs.args}
+
+        export PATH=${pkgs.makeWrapper}/bin:$PATH
       
         echo "Wrapping samsung filters"
         wrapProgram $out/lib/cups/filter/rastertosamsungspl \
-- 
cgit v1.2.3


From 0cf390264454ff12b1abe63f720658890a6f7c17 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Sun, 1 Jan 2017 14:58:35 +0100
Subject: -lmu.li

---
 ymir.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index f5a1c071..6fffb856 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -15,7 +15,6 @@ let
   };
   myDomains = ["dirty-haskell.org" "www.dirty-haskell.org" "lists.dirty-haskell.org" "l.dirty-haskell.org"
                "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li"
-               "files.lmu.li" "f.lmu.li" "ymir.lmu.li" "lmu.li" "www.lmu.li" "lists.lmu.li" "l.lmu.li"
                "ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li"
                "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li"
                "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org"
@@ -358,7 +357,6 @@ in rec {
         /\.?141\.li$/ ACCEPT
         /\.?xmpp\.li$/ ACCEPT
         /\.?dirty-haskell\.org$/ ACCEPT
-        /\.?lmu\.li$/ ACCEPT
         /\.?yggdrasil$/ ACCEPT
         /\.?localdomain$/ ACCEPT
         /^localhost$/ ACCEPT
-- 
cgit v1.2.3


From 36729ca5911c6c3ba351bca48bb7fc26ba55ad8f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Sun, 1 Jan 2017 17:35:35 +0100
Subject: Input makeWrapper

---
 hel.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hel.nix b/hel.nix
index 788031c8..51586c53 100644
--- a/hel.nix
+++ b/hel.nix
@@ -58,6 +58,7 @@
     '';
 
     samsung-unified-linux-driver = pkgs.stdenv.lib.overrideDerivation pkgs.samsung-unified-linux-driver (oldAttrs: {
+      buildInputs = oldAttrs.buildInputs ++ [ pkgs.makeWrapper ];
       builder = pkgs.writeScript "builder.sh" ''
         #!${pkgs.stdenv.shell}
 
-- 
cgit v1.2.3


From 54f859ea6260270cb5ed1dec159087da58a02d96 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 2 Jan 2017 14:10:14 +0100
Subject: Replace reverse dns check with greylisting

---
 ymir.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index 6fffb856..ef56d98e 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -426,7 +426,6 @@ in rec {
         permit_sasl_authenticated,
         reject_non_fqdn_helo_hostname,
         reject_invalid_helo_hostname,
-        reject_unknown_reverse_client_hostname,
         reject_unauth_destination,
         check_client_access regexp:${pkgs.writeText "spfpolicy" ''
           /(^|\.)tu-muenchen\.de$/ DUNNO
@@ -444,7 +443,8 @@ in rec {
         ''}
       smtpd_restriction_classes = spfcheck
       spfcheck =
-        check_policy_service unix:private/policy-spf
+        check_policy_service unix:private/policy-spf,
+        check_policy_service unix:/var/run/postgrey.sock
 
       smtpd_relay_restrictions =
         permit_mynetworks,
@@ -532,6 +532,10 @@ in rec {
     '';
   };
 
+  services.postgrey = {
+    enable = true;
+  };
+
   services.dovecot2 = {
     enable = true;
     enableImap = true;
-- 
cgit v1.2.3


From 8f54cc7fffc25fe580a22b2f42d9e24b2feb3717 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 2 Jan 2017 15:53:53 +0100
Subject: Tighten greylisting timers

---
 ymir.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index ef56d98e..5e611699 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -534,6 +534,9 @@ in rec {
 
   services.postgrey = {
     enable = true;
+    delay = 60;
+    autoWhitelist = 1;
+    maxAge = 7;
   };
 
   services.dovecot2 = {
-- 
cgit v1.2.3


From 3d7744b7f018b69f78d725ceb583a164d512fcc7 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 2 Jan 2017 16:14:40 +0100
Subject: Move postgrey socket to more standard location

---
 ymir.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index 5e611699..44b7c3e8 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -444,7 +444,7 @@ in rec {
       smtpd_restriction_classes = spfcheck
       spfcheck =
         check_policy_service unix:private/policy-spf,
-        check_policy_service unix:/var/run/postgrey.sock
+        check_policy_service unix:private/policy-greylist
 
       smtpd_relay_restrictions =
         permit_mynetworks,
@@ -534,6 +534,10 @@ in rec {
 
   services.postgrey = {
     enable = true;
+    socket = {
+      path = "/var/lib/postfix/queue/private/policy-greylist";
+      mode = "0777";
+    };
     delay = 60;
     autoWhitelist = 1;
     maxAge = 7;
-- 
cgit v1.2.3


From 3d9cbfd244aa77f7bb009fdab2563dd06eab61b8 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 2 Jan 2017 18:33:29 +0100
Subject: Tighten postgrey retry window

---
 ymir.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ymir.nix b/ymir.nix
index 44b7c3e8..b9e76c00 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -541,6 +541,7 @@ in rec {
     delay = 60;
     autoWhitelist = 1;
     maxAge = 7;
+    retryWindow = "1h";
   };
 
   services.dovecot2 = {
-- 
cgit v1.2.3


From 4a30893233245d29a5478e2dd53f95da684147ab Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 2 Jan 2017 22:25:52 +0100
Subject: We don't receive mails claiming to be from us from the internet

---
 ymir.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ymir.nix b/ymir.nix
index b9e76c00..c2ad2574 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -424,6 +424,7 @@ in rec {
         reject_unknown_recipient_domain,
         permit_mynetworks,
         permit_sasl_authenticated,
+        reject_unauthenticated_sender_login_mismatch,
         reject_non_fqdn_helo_hostname,
         reject_invalid_helo_hostname,
         reject_unauth_destination,
-- 
cgit v1.2.3


From c302d1eef4bdd3ddb745303e71b5e0804ad147a4 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Tue, 3 Jan 2017 15:15:06 +0100
Subject: Revert "We don't receive mails claiming to be from us from the
 internet"

This reverts commit 4a30893233245d29a5478e2dd53f95da684147ab.
---
 ymir.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index c2ad2574..b9e76c00 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -424,7 +424,6 @@ in rec {
         reject_unknown_recipient_domain,
         permit_mynetworks,
         permit_sasl_authenticated,
-        reject_unauthenticated_sender_login_mismatch,
         reject_non_fqdn_helo_hostname,
         reject_invalid_helo_hostname,
         reject_unauth_destination,
-- 
cgit v1.2.3


From 76739db05bd08f4c89ed737b41a261f692aa9d14 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 5 Jan 2017 15:19:24 +0100
Subject: mlocate on hel

---
 hel.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hel.nix b/hel.nix
index 51586c53..2d7aa59d 100644
--- a/hel.nix
+++ b/hel.nix
@@ -280,6 +280,12 @@
     upower = {
       enable = true;
     };
+
+    locate = {
+      enable = true;
+      interval = "daily";
+      locate = pkgs.mlocate;
+    };
   };
 
   users = {
-- 
cgit v1.2.3


From c88d7c8af4d39711112399c17f6fe1c3bec57d90 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 5 Jan 2017 15:30:16 +0100
Subject: Fix for mlocate

---
 hel.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hel.nix b/hel.nix
index 2d7aa59d..e0cf40e7 100644
--- a/hel.nix
+++ b/hel.nix
@@ -285,6 +285,7 @@
       enable = true;
       interval = "daily";
       locate = pkgs.mlocate;
+      localuser = null;
     };
   };
 
-- 
cgit v1.2.3


From a28ea4f08d4bd0ddd9e4a71e9196dec904daa45f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 5 Jan 2017 19:07:00 +0100
Subject: Include store

---
 hel.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hel.nix b/hel.nix
index e0cf40e7..7a4026f8 100644
--- a/hel.nix
+++ b/hel.nix
@@ -286,6 +286,7 @@
       interval = "daily";
       locate = pkgs.mlocate;
       localuser = null;
+      includeStore = true;
     };
   };
 
-- 
cgit v1.2.3


From a932ee4d2721a881f967c840956dac3e804e6324 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 5 Jan 2017 19:30:52 +0100
Subject: Revert "Include store"

This reverts commit a28ea4f08d4bd0ddd9e4a71e9196dec904daa45f.
---
 hel.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index 7a4026f8..e0cf40e7 100644
--- a/hel.nix
+++ b/hel.nix
@@ -286,7 +286,6 @@
       interval = "daily";
       locate = pkgs.mlocate;
       localuser = null;
-      includeStore = true;
     };
   };
 
-- 
cgit v1.2.3


From aac0331deff8beb49096128f2066697d8660dd38 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 5 Jan 2017 19:32:17 +0100
Subject: Include /nix/store

---
 hel.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hel.nix b/hel.nix
index e0cf40e7..f1618d72 100644
--- a/hel.nix
+++ b/hel.nix
@@ -286,6 +286,7 @@
       interval = "daily";
       locate = pkgs.mlocate;
       localuser = null;
+      prunePaths = ["/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool"];
     };
   };
 
-- 
cgit v1.2.3


From 6daa4cd542caa38df9f7a923132467873ca4d4c9 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 5 Jan 2017 19:54:48 +0100
Subject: Fix locate db location

---
 hel.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index f1618d72..35033515 100644
--- a/hel.nix
+++ b/hel.nix
@@ -284,7 +284,9 @@
     locate = {
       enable = true;
       interval = "daily";
-      locate = pkgs.mlocate;
+      locate = pkgs.stdenv.lib.overrideDerivation pkgs.mlocate (oldAttrs: rec {
+        makeFlags = [ "dbfile=${config.locate.output}" ];
+      });
       localuser = null;
       prunePaths = ["/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool"];
     };
-- 
cgit v1.2.3


From f1d87b4a1917cb280421e3a94e2e22e9d9d45edc Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 5 Jan 2017 19:55:28 +0100
Subject: ...

---
 hel.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index 35033515..f3d951cc 100644
--- a/hel.nix
+++ b/hel.nix
@@ -285,7 +285,7 @@
       enable = true;
       interval = "daily";
       locate = pkgs.stdenv.lib.overrideDerivation pkgs.mlocate (oldAttrs: rec {
-        makeFlags = [ "dbfile=${config.locate.output}" ];
+        makeFlags = [ "dbfile=${config.services.locate.output}" ];
       });
       localuser = null;
       prunePaths = ["/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool"];
-- 
cgit v1.2.3


From e7659e992faae059379f792b941331c67387da42 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 5 Jan 2017 20:17:19 +0100
Subject: Revert "..."

This reverts commit f1d87b4a1917cb280421e3a94e2e22e9d9d45edc.
---
 hel.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index f3d951cc..35033515 100644
--- a/hel.nix
+++ b/hel.nix
@@ -285,7 +285,7 @@
       enable = true;
       interval = "daily";
       locate = pkgs.stdenv.lib.overrideDerivation pkgs.mlocate (oldAttrs: rec {
-        makeFlags = [ "dbfile=${config.services.locate.output}" ];
+        makeFlags = [ "dbfile=${config.locate.output}" ];
       });
       localuser = null;
       prunePaths = ["/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool"];
-- 
cgit v1.2.3


From b7a0a3e6775770cae3e49e75838ebdca3a47cd6e Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 5 Jan 2017 20:17:35 +0100
Subject: Revert "Fix locate db location"

This reverts commit 6daa4cd542caa38df9f7a923132467873ca4d4c9.
---
 hel.nix | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/hel.nix b/hel.nix
index 35033515..f1618d72 100644
--- a/hel.nix
+++ b/hel.nix
@@ -284,9 +284,7 @@
     locate = {
       enable = true;
       interval = "daily";
-      locate = pkgs.stdenv.lib.overrideDerivation pkgs.mlocate (oldAttrs: rec {
-        makeFlags = [ "dbfile=${config.locate.output}" ];
-      });
+      locate = pkgs.mlocate;
       localuser = null;
       prunePaths = ["/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool"];
     };
-- 
cgit v1.2.3


From 12a4e8f94f851d4511200afe2765fc515769744e Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 5 Jan 2017 20:29:54 +0100
Subject: Mlocate allows frequent reindexing

---
 hel.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index f1618d72..1513a533 100644
--- a/hel.nix
+++ b/hel.nix
@@ -283,7 +283,7 @@
 
     locate = {
       enable = true;
-      interval = "daily";
+      interval = "hourly";
       locate = pkgs.mlocate;
       localuser = null;
       prunePaths = ["/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool"];
-- 
cgit v1.2.3


From 304e007de947298c38ca9e1140c8bed358316ebf Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Fri, 6 Jan 2017 15:37:36 +0100
Subject: Extend retry window to 1 day

---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index b9e76c00..8ce9eb8d 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -541,7 +541,7 @@ in rec {
     delay = 60;
     autoWhitelist = 1;
     maxAge = 7;
-    retryWindow = "1h";
+    retryWindow = 1;
   };
 
   services.dovecot2 = {
-- 
cgit v1.2.3


From bc018711c042d7b20f16a430933799f5bb5f6c5a Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Fri, 20 Jan 2017 11:05:12 +0100
Subject: Eavesdrop dbus

---
 hel.nix | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/hel.nix b/hel.nix
index 1513a533..6a55abd0 100644
--- a/hel.nix
+++ b/hel.nix
@@ -319,6 +319,27 @@
         members = [ "gkleen" ];
       };
     };
+
+    dbus = {
+      enable = true;
+      packages = [ (pkgs.writeTextFile {
+                      name = "eavesdrop.conf";
+                      text = ''
+                        <!DOCTYPE busconfig PUBLIC
+                        "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+                        "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+                        <busconfig>
+                          <policy user="root">
+                            <allow eavesdrop="true"/>
+                            <allow eavesdrop="true" send_destination="*"/>
+                          </policy>
+                        </busconfig>
+                      '';
+                      destination = "/etc/dbus-1/system.d/eavesdrop.conf";
+                      };
+                    )
+                 ];
+    };
   };
 
   security = {
-- 
cgit v1.2.3


From e3de8e2dfafc5e29e91b48e3d8cfed214987f33e Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Fri, 20 Jan 2017 11:06:02 +0100
Subject: Syntax

---
 hel.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/hel.nix b/hel.nix
index 6a55abd0..1f8f892f 100644
--- a/hel.nix
+++ b/hel.nix
@@ -336,8 +336,7 @@
                         </busconfig>
                       '';
                       destination = "/etc/dbus-1/system.d/eavesdrop.conf";
-                      };
-                    )
+                    })
                  ];
     };
   };
-- 
cgit v1.2.3


From b0804cf12042f912b2fe65482d431506bf2c8549 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Fri, 20 Jan 2017 11:07:35 +0100
Subject: services.dbus instead of users.dbus

---
 hel.nix | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/hel.nix b/hel.nix
index 1f8f892f..dcd56456 100644
--- a/hel.nix
+++ b/hel.nix
@@ -288,6 +288,26 @@
       localuser = null;
       prunePaths = ["/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool"];
     };
+
+    dbus = {
+      enable = true;
+      packages = [ (pkgs.writeTextFile {
+                      name = "eavesdrop.conf";
+                      text = ''
+                        <!DOCTYPE busconfig PUBLIC
+                        "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+                        "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+                        <busconfig>
+                          <policy user="root">
+                            <allow eavesdrop="true"/>
+                            <allow eavesdrop="true" send_destination="*"/>
+                          </policy>
+                        </busconfig>
+                      '';
+                      destination = "/etc/dbus-1/system.d/eavesdrop.conf";
+                    })
+                 ];
+    };
   };
 
   users = {
@@ -319,26 +339,6 @@
         members = [ "gkleen" ];
       };
     };
-
-    dbus = {
-      enable = true;
-      packages = [ (pkgs.writeTextFile {
-                      name = "eavesdrop.conf";
-                      text = ''
-                        <!DOCTYPE busconfig PUBLIC
-                        "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
-                        "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-                        <busconfig>
-                          <policy user="root">
-                            <allow eavesdrop="true"/>
-                            <allow eavesdrop="true" send_destination="*"/>
-                          </policy>
-                        </busconfig>
-                      '';
-                      destination = "/etc/dbus-1/system.d/eavesdrop.conf";
-                    })
-                 ];
-    };
   };
 
   security = {
-- 
cgit v1.2.3


From 930b8eaf78fb6f19b73e1b9723f896db8cb61093 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 23 Jan 2017 16:13:16 +0100
Subject: Bump thermoprint

---
 custom/thermoprint | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/thermoprint b/custom/thermoprint
index e95dac74..99fc4947 160000
--- a/custom/thermoprint
+++ b/custom/thermoprint
@@ -1 +1 @@
-Subproject commit e95dac748371afcad3ffddf5c98e5fcb0a8302b7
+Subproject commit 99fc4947543c1916e9fec952526a688eb7753490
-- 
cgit v1.2.3


From 0f699bb372430e59f0998e4fdf18a99f731358c8 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 23 Jan 2017 16:17:12 +0100
Subject: Bump musnix

---
 musnix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/musnix b/musnix
index a933288d..b12c9950 160000
--- a/musnix
+++ b/musnix
@@ -1 +1 @@
-Subproject commit a933288d481af2432861015ffff9800d22f4bd79
+Subproject commit b12c99505b16c0de43a9dcade98baf7621d34161
-- 
cgit v1.2.3


From 9b90f5c2cabaaf5de15d9a57c02e8b83159fcb0b Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 23 Jan 2017 16:20:59 +0100
Subject: Track musnix unstable

---
 musnix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/musnix b/musnix
index b12c9950..f50fd664 160000
--- a/musnix
+++ b/musnix
@@ -1 +1 @@
-Subproject commit b12c99505b16c0de43a9dcade98baf7621d34161
+Subproject commit f50fd6646706815285c6b51eb3a11d2561b84bcb
-- 
cgit v1.2.3


From 9dac6865ee4295eab02bbd90a68a7c641d57ded3 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Tue, 24 Jan 2017 12:53:10 +0100
Subject: Reset password mherold

---
 users/mherold.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/users/mherold.nix b/users/mherold.nix
index 209dbadc..4a35d2b9 100644
--- a/users/mherold.nix
+++ b/users/mherold.nix
@@ -3,6 +3,6 @@
   description = "Magdalena Herold";
   extraGroups = ["xmpp" "mail"];
   group = "users";
-  hashedPassword = "$6$rounds=500000$MUhLTEEvBI$NJ1l17WtRpDJGCWzVPfbjxCcx4G/yKSIbYXDMX3D.q3Go6nyWjl6.kF.D5O8.72eTDlbhkJIWF4fkMrs0MQt10";
+  hashedPassword = "$6$rounds=500000$y5qNae9r/U/7$HbSrmPcrPl9OQvRFMeo8PDYar32Y1i/C1R5di82rN4PPQZYxg/W.anHSI5Xws6fOQmDtvGsT0lCe4NFNxuTF41";
   isNormalUser = true;
 }
-- 
cgit v1.2.3


From 8fd86a7fb98c5c8dfc114bbc9322110ffc53dff0 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Wed, 25 Jan 2017 15:55:24 +0100
Subject: Bump Thermoprint

---
 custom/thermoprint | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/thermoprint b/custom/thermoprint
index 99fc4947..75d9fe61 160000
--- a/custom/thermoprint
+++ b/custom/thermoprint
@@ -1 +1 @@
-Subproject commit 99fc4947543c1916e9fec952526a688eb7753490
+Subproject commit 75d9fe614dca572aa1d7cfa53553e9c103eb2dd0
-- 
cgit v1.2.3


From b74f82dc6d7f2c56d933177fafed38d8f67b91bc Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 26 Jan 2017 16:57:33 +0100
Subject: Bump trivmix

---
 custom/trivmix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/trivmix b/custom/trivmix
index 72467d55..9d6d8e86 160000
--- a/custom/trivmix
+++ b/custom/trivmix
@@ -1 +1 @@
-Subproject commit 72467d55a7b6e3afcafc2cd1527da10574cf6366
+Subproject commit 9d6d8e865951d76b518e2cf11358ecec7e8adbb7
-- 
cgit v1.2.3


From 8b156718f742c4eda1f929dfe1b5c6b616bc9386 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 26 Jan 2017 16:59:41 +0100
Subject: Bump trivmix

---
 custom/trivmix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/trivmix b/custom/trivmix
index 9d6d8e86..649796f4 160000
--- a/custom/trivmix
+++ b/custom/trivmix
@@ -1 +1 @@
-Subproject commit 9d6d8e865951d76b518e2cf11358ecec7e8adbb7
+Subproject commit 649796f438107a0229a57cbbb6248c5801270ac8
-- 
cgit v1.2.3


From 1c25a3a1c10604f77ea88ca5b85e38e137373e0b Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 26 Jan 2017 17:05:24 +0100
Subject: Bump trivmix

---
 custom/trivmix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/trivmix b/custom/trivmix
index 649796f4..80541308 160000
--- a/custom/trivmix
+++ b/custom/trivmix
@@ -1 +1 @@
-Subproject commit 649796f438107a0229a57cbbb6248c5801270ac8
+Subproject commit 805413081bcb33f6918e69350fabc5ab0ce57742
-- 
cgit v1.2.3


From ad0f8ccc4e588033589b54c51da5ed00bdc2ea76 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 26 Jan 2017 17:06:36 +0100
Subject: Bump trivmix

---
 custom/trivmix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/trivmix b/custom/trivmix
index 80541308..c22d1fba 160000
--- a/custom/trivmix
+++ b/custom/trivmix
@@ -1 +1 @@
-Subproject commit 805413081bcb33f6918e69350fabc5ab0ce57742
+Subproject commit c22d1fbab9ffd09d461b82b096d9cac0edea7775
-- 
cgit v1.2.3


From ab58cbc6ac0e958bf204c4aa93b16a073c8f4250 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 26 Jan 2017 23:57:15 +0100
Subject: Kleen.li

---
 ymir/zones/index.nix    |  1 +
 ymir/zones/li.kleen.soa | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 ymir/zones/li.kleen.soa

diff --git a/ymir/zones/index.nix b/ymir/zones/index.nix
index 9bde25e9..b81df783 100644
--- a/ymir/zones/index.nix
+++ b/ymir/zones/index.nix
@@ -8,4 +8,5 @@ rec {
   "praseodym.org" = { data = readFile ./org.praseodym.soa; };
   "xmpp.li" = { data = readFile ./li.xmpp.soa; };
   "yggdrasil.li" = { data = readFile ./li.yggdrasil.soa; };
+  "kleen.li" = { data = readFile ./li.kleen.soa; };
 }
diff --git a/ymir/zones/li.kleen.soa b/ymir/zones/li.kleen.soa
new file mode 100644
index 00000000..8c5af16e
--- /dev/null
+++ b/ymir/zones/li.kleen.soa
@@ -0,0 +1,34 @@
+$ORIGIN kleen.li.
+$TTL 3600
+@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
+  2017012601 ; serial
+  10800      ; refresh
+  3600       ; retry
+  604800     ; expire
+  3600       ; min TTL
+)
+                        IN      NS      ns.yggdrasil.li.
+                        IN      NS      ns.inwx.de.
+                        IN      NS      ns2.inwx.de.
+                        IN      NS      ns3.inwx.eu.
+                        IN      NS      ns4.inwx.com.
+                        IN      NS      ns5.inwx.net.
+
+@			IN	A	188.68.51.254
+@			IN	AAAA	2a03:4000:6:d004::
+@			IN	MX	0 ymir.yggdrasil.li.
+@			IN	TXT	"v=spf1 redirect=yggdrasil.li"
+
+*			IN	A	188.68.51.254
+*			IN	AAAA	2a03:4000:6:d004::
+*			IN	MX	0 ymir.yggdrasil.li.
+*			IN	TXT	"v=spf1 redirect=yggdrasil.li"
+
+ymir._domainkey	        IN	TXT	( 
+  "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
+  "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
+  "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
+)
+
+_xmpp-client._tcp 	IN	SRV	5 0 5222 ymir.yggdrasil.li.
+_xmpp-server._tcp 	IN	SRV	5 0 5269 ymir.yggdrasil.li.
-- 
cgit v1.2.3


From 1e99c43db12a5e3f5c9827d650af2f92a2f21138 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 26 Jan 2017 23:57:18 +0100
Subject: Always greylist

---
 ymir.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index 8ce9eb8d..1cbd2301 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -440,11 +440,11 @@ in rec {
           /(^|\.)mhn\.de$/ DUNNO
           /(^|\.)mwn\.de$/ DUNNO
           /.*/ spfcheck
-        ''}
+        ''},
+        check_policy_service unix:private/policy-greylist
       smtpd_restriction_classes = spfcheck
       spfcheck =
-        check_policy_service unix:private/policy-spf,
-        check_policy_service unix:private/policy-greylist
+        check_policy_service unix:private/policy-spf
 
       smtpd_relay_restrictions =
         permit_mynetworks,
-- 
cgit v1.2.3


From d0826674392367533712e94fd7ea26bb7b2c708a Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 26 Jan 2017 23:59:51 +0100
Subject: TLS for kleen.li

---
 ymir.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ymir.nix b/ymir.nix
index 1cbd2301..beef1a7a 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -18,6 +18,7 @@ let
                "ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li"
                "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li"
                "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org"
+               "ymir.kleen.li" "kleen.li" "www.kleen.li"
               ];
 in rec {
   imports =
-- 
cgit v1.2.3


From 6f04e7acd4572b92911c60588bdba453037e830b Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 27 Jan 2017 00:02:08 +0100
Subject: Email for kleen.li

---
 ymir.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index beef1a7a..b4969f5a 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -357,6 +357,7 @@ in rec {
         /\.?praseodym\.org$/ ACCEPT
         /\.?141\.li$/ ACCEPT
         /\.?xmpp\.li$/ ACCEPT
+        /\.?kleen\.li$/ ACCEPT
         /\.?dirty-haskell\.org$/ ACCEPT
         /\.?yggdrasil$/ ACCEPT
         /\.?localdomain$/ ACCEPT
@@ -495,6 +496,7 @@ in rec {
                        ".praseodym.org" "praseodym.org"
                        ".141.li" "141.li"
                        ".xmpp.li" "xmpp.li"
+                       ".kleen.li" "kleen.li"
                        ".lmu.li" "lmu.li"
                        ".dirty-haskell.org" "dirty-haskell.org"
                      ];
-- 
cgit v1.2.3


From 5cc169a20d2a7524c6d4cdb6960c44f5e423a6ab Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 27 Jan 2017 00:32:11 +0100
Subject: Fix prosody location

---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index b4969f5a..81357bc6 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -660,7 +660,7 @@ in rec {
         extraDomains = builtins.listToAttrs (builtins.map (name: { inherit name; value = "/srv/www/acme/${name}"; }) myDomains);
         postRun = ''
           systemctl reload nginx.service
-          prosodyctl reload
+          ${pkgs.prosody}/bin/prosodyctl reload
         '';
       };
     };
-- 
cgit v1.2.3


From 5ca14bd4b643ffba6be3fcb93af436462e9b982e Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 27 Jan 2017 00:56:26 +0100
Subject: nights.email

---
 ymir.nix                    |  5 ++++-
 ymir/zones/email.nights.soa | 34 ++++++++++++++++++++++++++++++++++
 ymir/zones/index.nix        |  1 +
 3 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 ymir/zones/email.nights.soa

diff --git a/ymir.nix b/ymir.nix
index 81357bc6..0293578e 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -19,6 +19,7 @@ let
                "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li"
                "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org"
                "ymir.kleen.li" "kleen.li" "www.kleen.li"
+               "ymir.nights.email" "nights.email" "www.nights.email"
               ];
 in rec {
   imports =
@@ -238,7 +239,7 @@ in rec {
     '';
 
     virtualHosts = builtins.listToAttrs (map (name: { inherit name; value = prosodyVirtHost name; })
-      ["xmpp.li" "yggdrasil.li" "praseodym.org" "141.li"]);
+      ["xmpp.li" "yggdrasil.li" "praseodym.org" "141.li" "nights.email"]);
   };
   security.pam.services."xmpp".text = ''
     auth requisite  pam_succeed_if.so user ingroup xmpp
@@ -359,6 +360,7 @@ in rec {
         /\.?xmpp\.li$/ ACCEPT
         /\.?kleen\.li$/ ACCEPT
         /\.?dirty-haskell\.org$/ ACCEPT
+        /\.?nights\.email$/ ACCEPT
         /\.?yggdrasil$/ ACCEPT
         /\.?localdomain$/ ACCEPT
         /^localhost$/ ACCEPT
@@ -497,6 +499,7 @@ in rec {
                        ".141.li" "141.li"
                        ".xmpp.li" "xmpp.li"
                        ".kleen.li" "kleen.li"
+                       ".nights.email" "nights.email"
                        ".lmu.li" "lmu.li"
                        ".dirty-haskell.org" "dirty-haskell.org"
                      ];
diff --git a/ymir/zones/email.nights.soa b/ymir/zones/email.nights.soa
new file mode 100644
index 00000000..ac31f254
--- /dev/null
+++ b/ymir/zones/email.nights.soa
@@ -0,0 +1,34 @@
+$ORIGIN nights.email.
+$TTL 3600
+@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
+  2017012701 ; serial
+  10800      ; refresh
+  3600       ; retry
+  604800     ; expire
+  3600       ; min TTL
+)
+                        IN      NS      ns.yggdrasil.li.
+                        IN      NS      ns.inwx.de.
+                        IN      NS      ns2.inwx.de.
+                        IN      NS      ns3.inwx.eu.
+                        IN      NS      ns4.inwx.com.
+                        IN      NS      ns5.inwx.net.
+
+@			IN	A	188.68.51.254
+@			IN	AAAA	2a03:4000:6:d004::
+@			IN	MX	0 ymir.yggdrasil.li.
+@			IN	TXT	"v=spf1 redirect=yggdrasil.li"
+
+*			IN	A	188.68.51.254
+*			IN	AAAA	2a03:4000:6:d004::
+*			IN	MX	0 ymir.yggdrasil.li.
+*			IN	TXT	"v=spf1 redirect=yggdrasil.li"
+
+ymir._domainkey	        IN	TXT	( 
+  "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
+  "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
+  "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
+)
+
+_xmpp-client._tcp 	IN	SRV	5 0 5222 ymir.yggdrasil.li.
+_xmpp-server._tcp 	IN	SRV	5 0 5269 ymir.yggdrasil.li.
diff --git a/ymir/zones/index.nix b/ymir/zones/index.nix
index b81df783..05da73f1 100644
--- a/ymir/zones/index.nix
+++ b/ymir/zones/index.nix
@@ -9,4 +9,5 @@ rec {
   "xmpp.li" = { data = readFile ./li.xmpp.soa; };
   "yggdrasil.li" = { data = readFile ./li.yggdrasil.soa; };
   "kleen.li" = { data = readFile ./li.kleen.soa; };
+  "nights.email" = { data = readFile ./email.nights.soa; };
 }
-- 
cgit v1.2.3


From 7f096ed1c2403225a34f5fd40fa93be2b87625b1 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 27 Jan 2017 01:09:31 +0100
Subject: +some

---
 users.nix      | 1 +
 users/some.nix | 8 ++++++++
 2 files changed, 9 insertions(+)
 create mode 100644 users/some.nix

diff --git a/users.nix b/users.nix
index 9772535a..cdfbd51b 100644
--- a/users.nix
+++ b/users.nix
@@ -7,6 +7,7 @@ let
   extraUsers = {
     ymir = {
       "mherold" = import ./users/mherold.nix;
+      "some" = import ./users/some.nix;
       "llovisa" = import ./users/llovisa.nix;
       "vkleen" = import ./users/vkleen.nix;
       "tkleen" = import ./users/tkleen.nix;
diff --git a/users/some.nix b/users/some.nix
new file mode 100644
index 00000000..505b3abd
--- /dev/null
+++ b/users/some.nix
@@ -0,0 +1,8 @@
+{
+  name = "some";
+  description = "SomeNights";
+  extraGroups = ["xmpp" "mail"];
+  group = "users";
+  hashedPassword = "$6$rounds=500000$ZOKcPFUxFCCxbS$PSjgCpHs5GfmmusjTVEBY89NFS.hvY21.iuscfiXW8R.B2UW6ScyrIWWWPJkL4ZfI.6pKwXuf01gxazmDjy251";
+  isNormalUser = true;
+}
-- 
cgit v1.2.3


From 1f3884269170ee6bd90a4d0c773cf09d5f517185 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 27 Jan 2017 10:36:04 +0100
Subject: UUCP is not initial user submission

---
 custom/uucp.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/uucp.nix b/custom/uucp.nix
index d7c2aae2..b5e5a0aa 100644
--- a/custom/uucp.nix
+++ b/custom/uucp.nix
@@ -246,7 +246,7 @@ in {
             *) from="$from@$relay";;
           esac
 
-          exec /var/setuid-wrappers/sendmail -i -f "$from" -- "$@"
+          exec /var/setuid-wrappers/sendmail -G -i -f "$from" -- "$@"
         '';
     };
 
-- 
cgit v1.2.3


From f9a02d2a343ddfe04416721e41b45bb8cec305fd Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 27 Jan 2017 17:00:23 +0100
Subject: Virtual aliases

---
 ymir.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index 0293578e..518053a7 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -467,9 +467,24 @@ in rec {
 
       alias_maps = texthash:${pkgs.writeText "aliases" ''
         postmaster gkleen
+        webmaster gkleen
+        abuse gkleen
+        noc gkleen
+        security gkleen
+        hostmaster gkleen
+        usenet gkleen
+        news gkleen
+        www gkleen
+        uucp gkleen
+        ftp gkleen
         root gkleen
       ''} texthash:/srv/mail/spm
 
+      virtual_alias_maps = texthash:${pkgs.writeText "virtual_aliases" ''
+        nights.email x
+        @nights.email some@nights.email
+      ''}
+
       queue_run_delay = 10s
       minimal_backoff_time = 1m
       maximal_backoff_time = 10m
-- 
cgit v1.2.3


From ce9cf6171f9c464df915e98717531562c6766eaf Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 27 Jan 2017 17:02:15 +0100
Subject: Move virtual to correct location

---
 ymir.nix | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index 518053a7..033fc0b9 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -351,6 +351,8 @@ in rec {
     postmasterAlias = ""; rootAlias = ""; extraAliases = "";
     virtual = ''
       blog@dirty-haskell.org dirty-haskell@lists.yggdrasil.li
+      nights.email x
+      @nights.email some@nights.email
     '';
     #destination = ["yggdrasil.li" "ymir.yggdrasil.li" "praseodym.org" "ymir.praseodym.org" "141.li" "ymir.141.li" "xmpp.li" "ymir.xmpp.li" "dirty-haskell.org" "explainuxul.de" "www.explainuxul.de" "lmu.li" "www.lmu.li" "localhost.yggdrasil.li" "localhost"];
     destination = [''regexp:${pkgs.writeText "destination" ''
@@ -480,11 +482,6 @@ in rec {
         root gkleen
       ''} texthash:/srv/mail/spm
 
-      virtual_alias_maps = texthash:${pkgs.writeText "virtual_aliases" ''
-        nights.email x
-        @nights.email some@nights.email
-      ''}
-
       queue_run_delay = 10s
       minimal_backoff_time = 1m
       maximal_backoff_time = 10m
-- 
cgit v1.2.3


From db4f39097862dc18aaa343ef4f43dd752deb03c6 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 27 Jan 2017 17:09:42 +0100
Subject: Send copies of sent emails directly to storage

---
 hel.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index dcd56456..3eb83309 100644
--- a/hel.nix
+++ b/hel.nix
@@ -213,9 +213,12 @@
         uucp        unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a $sender - $nexthop!rmail ($recipient)
         sshsendmail unix - n n - - pipe flags=Fq user=postfix_ssh argv=${pkgs.openssh}/bin/ssh -F /var/db/postfix_ssh/ssh.config $nexthop sendmail -f $sender -G $recipient
       '';
+      transport = ''
+        gkleen+sent@yggdrasil.li uucp:isaac
+      '';
       extraConfig = ''
         default_transport = uucp:ymir
-      
+
         inet_interfaces = loopback-only
       
         authorized_submit_users = !uucp, static:anyone
-- 
cgit v1.2.3


From 2c7682355532cb84a41f7db6ab5bcc1da028f8bc Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 28 Jan 2017 13:35:21 +0100
Subject: Remove nights.email (in general) from virtual

---
 ymir.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index 033fc0b9..ded8d077 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -351,7 +351,6 @@ in rec {
     postmasterAlias = ""; rootAlias = ""; extraAliases = "";
     virtual = ''
       blog@dirty-haskell.org dirty-haskell@lists.yggdrasil.li
-      nights.email x
       @nights.email some@nights.email
     '';
     #destination = ["yggdrasil.li" "ymir.yggdrasil.li" "praseodym.org" "ymir.praseodym.org" "141.li" "ymir.141.li" "xmpp.li" "ymir.xmpp.li" "dirty-haskell.org" "explainuxul.de" "www.explainuxul.de" "lmu.li" "www.lmu.li" "localhost.yggdrasil.li" "localhost"];
-- 
cgit v1.2.3


From 58c85daa6a37e2f9a8625181140e3b033de2088b Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 8 Feb 2017 14:23:19 +0100
Subject: Disable greylisting

---
 ymir.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index ded8d077..4190efb9 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -445,8 +445,7 @@ in rec {
           /(^|\.)mhn\.de$/ DUNNO
           /(^|\.)mwn\.de$/ DUNNO
           /.*/ spfcheck
-        ''},
-        check_policy_service unix:private/policy-greylist
+        ''}
       smtpd_restriction_classes = spfcheck
       spfcheck =
         check_policy_service unix:private/policy-spf
-- 
cgit v1.2.3


From 7382aad9c3ed764bd56700ca2e9879a6fc6692d7 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 12 Feb 2017 22:49:55 +0100
Subject: Additional prosody modules

---
 ymir.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index 4190efb9..1afd9dbf 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -222,6 +222,10 @@ in rec {
                      "auth_custom"
                      "carbons"
                      "reload_modules"
+                     "smacks"
+                     "csi"
+                     "csi_pump"
+                     "cloud_notify"
                    ];
     extraConfig = ''
       reload_modules = { "group", "tls" }
-- 
cgit v1.2.3


From cf92c8d096fac5cbe786bf1cbe69a7806e2f0d7e Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 12 Feb 2017 23:12:35 +0100
Subject: Link prosody against lua5_sec

---
 customized/prosody.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/customized/prosody.nix b/customized/prosody.nix
index a3445517..c7ca03c5 100644
--- a/customized/prosody.nix
+++ b/customized/prosody.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchurl, libidn, openssl, makeWrapper, fetchhg
-, lua5, luasocket, luasec, luaexpat, luafilesystem, luabitop, luaevent ? null, luazlib ? null
+, lua5, luasocket, lua5_sec, luaexpat, luafilesystem, luabitop, luaevent ? null, luazlib ? null
 , withLibevent ? true, withZlib ? true
 , communityModules ? [], extraLibs ? [], extraModules ? []
 }:
@@ -10,7 +10,7 @@ assert withZlib -> luazlib != null;
 with stdenv.lib;
 
 let
-  libs             = [ luasocket luasec luaexpat luafilesystem luabitop ]
+  libs             = [ luasocket lua5_sec luaexpat luafilesystem luabitop ]
                      ++ optional withLibevent luaevent
                      ++ optional withZlib luazlib
                      ++ extraLibs;
@@ -40,7 +40,7 @@ stdenv.mkDerivation rec {
     sha256 = "0010x2rl9f9ihy2nwqan2jdlz25433srj2zna1xh10490mc28hij";
   };
 
-  buildInputs = [ lua5 luasocket luasec luaexpat luabitop libidn openssl makeWrapper ]
+  buildInputs = [ lua5 luasocket lua5_sec luaexpat luabitop libidn openssl makeWrapper ]
                 ++ optional withLibevent luaevent
                 ++ optional withZlib luazlib;
 
-- 
cgit v1.2.3


From d06d3dbb18c7020a59e9b75b824f1a39c93e4903 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 12 Feb 2017 23:13:44 +0100
Subject: Do last commit properly

---
 customized/prosody.nix | 6 +++---
 ymir.nix               | 3 ++-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/customized/prosody.nix b/customized/prosody.nix
index c7ca03c5..a3445517 100644
--- a/customized/prosody.nix
+++ b/customized/prosody.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchurl, libidn, openssl, makeWrapper, fetchhg
-, lua5, luasocket, lua5_sec, luaexpat, luafilesystem, luabitop, luaevent ? null, luazlib ? null
+, lua5, luasocket, luasec, luaexpat, luafilesystem, luabitop, luaevent ? null, luazlib ? null
 , withLibevent ? true, withZlib ? true
 , communityModules ? [], extraLibs ? [], extraModules ? []
 }:
@@ -10,7 +10,7 @@ assert withZlib -> luazlib != null;
 with stdenv.lib;
 
 let
-  libs             = [ luasocket lua5_sec luaexpat luafilesystem luabitop ]
+  libs             = [ luasocket luasec luaexpat luafilesystem luabitop ]
                      ++ optional withLibevent luaevent
                      ++ optional withZlib luazlib
                      ++ extraLibs;
@@ -40,7 +40,7 @@ stdenv.mkDerivation rec {
     sha256 = "0010x2rl9f9ihy2nwqan2jdlz25433srj2zna1xh10490mc28hij";
   };
 
-  buildInputs = [ lua5 luasocket lua5_sec luaexpat luabitop libidn openssl makeWrapper ]
+  buildInputs = [ lua5 luasocket luasec luaexpat luabitop libidn openssl makeWrapper ]
                 ++ optional withLibevent luaevent
                 ++ optional withZlib luazlib;
 
diff --git a/ymir.nix b/ymir.nix
index 1afd9dbf..a57edeb6 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -48,7 +48,8 @@ in rec {
   nixpkgs.config.packageOverrides = pkgs:
     rec {
       prosody = pkgs.callPackage ./customized/prosody.nix ({
-          inherit (pkgs.lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib;
+          inherit (pkgs.lua51Packages) luasocket luaexpat luafilesystem luabitop luaevent luazlib;
+          luasec = pkgs.lua5_sec;
           lua5 = pkgs.lua5_1;
           communityModules = ["mod_carbons" "mod_reload_modules"];
           extraModules = [prosodyAuth];
-- 
cgit v1.2.3


From c72a8c62b5cc02ef3a362fb486046b04122e3d03 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 12 Feb 2017 23:21:02 +0100
Subject: Integrate lua5_sec deeper

---
 ymir.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index a57edeb6..ecc14a44 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -48,13 +48,13 @@ in rec {
   nixpkgs.config.packageOverrides = pkgs:
     rec {
       prosody = pkgs.callPackage ./customized/prosody.nix ({
-          inherit (pkgs.lua51Packages) luasocket luaexpat luafilesystem luabitop luaevent luazlib;
-          luasec = pkgs.lua5_sec;
+          inherit (pkgs.lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib;
           lua5 = pkgs.lua5_1;
           communityModules = ["mod_carbons" "mod_reload_modules"];
           extraModules = [prosodyAuth];
           extraLibs = [luaPam luaPosix luaSha2];
         });
+      lua51Packages = lua51Packages \\ { luasec = pkgs.lua5_sec; };
       uwsgi = pkgs.callPackage ./customized/uwsgi.nix {
         extraPlugins = {
           cgi = {
-- 
cgit v1.2.3


From 1bb2403068c88d1df2f728ea43f74c91b178c1ee Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 12 Feb 2017 23:22:00 +0100
Subject: ditto

---
 ymir.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index ecc14a44..309ebdb3 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -48,13 +48,13 @@ in rec {
   nixpkgs.config.packageOverrides = pkgs:
     rec {
       prosody = pkgs.callPackage ./customized/prosody.nix ({
-          inherit (pkgs.lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib;
+          inherit (lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib;
           lua5 = pkgs.lua5_1;
           communityModules = ["mod_carbons" "mod_reload_modules"];
           extraModules = [prosodyAuth];
           extraLibs = [luaPam luaPosix luaSha2];
         });
-      lua51Packages = lua51Packages \\ { luasec = pkgs.lua5_sec; };
+      lua51Packages = pkgs.lua51Packages // { luasec = pkgs.lua5_sec; };
       uwsgi = pkgs.callPackage ./customized/uwsgi.nix {
         extraPlugins = {
           cgi = {
-- 
cgit v1.2.3


From 97c83f6733817691c02dbb8bed8b884c401283fd Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 12 Feb 2017 23:22:53 +0100
Subject: Revert "ditto"

This reverts commit 1bb2403068c88d1df2f728ea43f74c91b178c1ee.
---
 ymir.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index 309ebdb3..ecc14a44 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -48,13 +48,13 @@ in rec {
   nixpkgs.config.packageOverrides = pkgs:
     rec {
       prosody = pkgs.callPackage ./customized/prosody.nix ({
-          inherit (lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib;
+          inherit (pkgs.lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib;
           lua5 = pkgs.lua5_1;
           communityModules = ["mod_carbons" "mod_reload_modules"];
           extraModules = [prosodyAuth];
           extraLibs = [luaPam luaPosix luaSha2];
         });
-      lua51Packages = pkgs.lua51Packages // { luasec = pkgs.lua5_sec; };
+      lua51Packages = lua51Packages \\ { luasec = pkgs.lua5_sec; };
       uwsgi = pkgs.callPackage ./customized/uwsgi.nix {
         extraPlugins = {
           cgi = {
-- 
cgit v1.2.3


From e53c05f347749e95ed443443d3fc0ee35fee504b Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 12 Feb 2017 23:22:57 +0100
Subject: Revert "Integrate lua5_sec deeper"

This reverts commit c72a8c62b5cc02ef3a362fb486046b04122e3d03.
---
 ymir.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index ecc14a44..a57edeb6 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -48,13 +48,13 @@ in rec {
   nixpkgs.config.packageOverrides = pkgs:
     rec {
       prosody = pkgs.callPackage ./customized/prosody.nix ({
-          inherit (pkgs.lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib;
+          inherit (pkgs.lua51Packages) luasocket luaexpat luafilesystem luabitop luaevent luazlib;
+          luasec = pkgs.lua5_sec;
           lua5 = pkgs.lua5_1;
           communityModules = ["mod_carbons" "mod_reload_modules"];
           extraModules = [prosodyAuth];
           extraLibs = [luaPam luaPosix luaSha2];
         });
-      lua51Packages = lua51Packages \\ { luasec = pkgs.lua5_sec; };
       uwsgi = pkgs.callPackage ./customized/uwsgi.nix {
         extraPlugins = {
           cgi = {
-- 
cgit v1.2.3


From be684493efb788be9dea9b622d78a4295188e2e7 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 12 Feb 2017 23:24:08 +0100
Subject: Compile luasec with lua5.1

---
 ymir.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ymir.nix b/ymir.nix
index a57edeb6..2b7b0ffb 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -55,6 +55,7 @@ in rec {
           extraModules = [prosodyAuth];
           extraLibs = [luaPam luaPosix luaSha2];
         });
+      lua5_sec = pkgs.lua5_sec.override { lua5 = pkgs.lua5_1; };
       uwsgi = pkgs.callPackage ./customized/uwsgi.nix {
         extraPlugins = {
           cgi = {
-- 
cgit v1.2.3


From 9b3e00078064ea6d71668daac5bf164922e988ee Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 12 Feb 2017 23:25:34 +0100
Subject: Use proper luasec version, too

---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index 2b7b0ffb..0fc04a10 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -49,7 +49,7 @@ in rec {
     rec {
       prosody = pkgs.callPackage ./customized/prosody.nix ({
           inherit (pkgs.lua51Packages) luasocket luaexpat luafilesystem luabitop luaevent luazlib;
-          luasec = pkgs.lua5_sec;
+          luasec = lua5_sec;
           lua5 = pkgs.lua5_1;
           communityModules = ["mod_carbons" "mod_reload_modules"];
           extraModules = [prosodyAuth];
-- 
cgit v1.2.3


From 3c4e505ff4b7cdbe7f52b663ad37cbdf8bbb84f2 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 12 Feb 2017 23:27:17 +0100
Subject: Copy additional community modules into place

---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index 0fc04a10..f2e1da7e 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -51,7 +51,7 @@ in rec {
           inherit (pkgs.lua51Packages) luasocket luaexpat luafilesystem luabitop luaevent luazlib;
           luasec = lua5_sec;
           lua5 = pkgs.lua5_1;
-          communityModules = ["mod_carbons" "mod_reload_modules"];
+          communityModules = ["mod_carbons" "mod_reload_modules" "mod_csi" "mod_cloud_notify" "mod_csi_pump" "mod_smacks"];
           extraModules = [prosodyAuth];
           extraLibs = [luaPam luaPosix luaSha2];
         });
-- 
cgit v1.2.3


From 4707cdf9ff5f19052bfb9cc0fb4792a7d266cd05 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 12 Feb 2017 23:31:41 +0100
Subject: Bump prosody community modules

---
 customized/prosody.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/customized/prosody.nix b/customized/prosody.nix
index a3445517..816d6b5e 100644
--- a/customized/prosody.nix
+++ b/customized/prosody.nix
@@ -35,9 +35,9 @@ stdenv.mkDerivation rec {
   };
 
   communityModules = fetchhg {
-    url = "http://prosody-modules.googlecode.com/hg/";
-    rev = "4b55110b0aa8";
-    sha256 = "0010x2rl9f9ihy2nwqan2jdlz25433srj2zna1xh10490mc28hij";
+    url = "https://hg.prosody.im/prosody-modules/";
+    rev = "5ca2470a7755";
+    sha256 = "06f3ndj15zhjwx8vjdyn73h3minw9wb37l9r753h6db56db2c0zl";
   };
 
   buildInputs = [ lua5 luasocket luasec luaexpat luabitop libidn openssl makeWrapper ]
-- 
cgit v1.2.3


From 15ae61a74fddba1a8205ed5e2f84e18787c9f7f9 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 12 Feb 2017 23:33:22 +0100
Subject: No more mod_websocket?

---
 customized/prosody.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/customized/prosody.nix b/customized/prosody.nix
index 816d6b5e..2a23b651 100644
--- a/customized/prosody.nix
+++ b/customized/prosody.nix
@@ -21,7 +21,7 @@ let
   copyExtraModule  = path: "n=0; for i in ${path}/*; do n=1; done; if [[ $n -gt 0 ]]; then cp -rv ${path}/* $out/lib/prosody/modules/; fi";
   luaPath          = concatStringsSep ";" (map getLuaPath  libs);
   luaCPath         = concatStringsSep ";" (map getLuaCPath libs);
-  copyModules      = concatStringsSep ";" (map copyModule  (communityModules ++ ["mod_websocket"]));
+  copyModules      = concatStringsSep ";" (map copyModule  communityModules);
   copyExtraModules = concatStringsSep ";" (map copyExtraModule extraModules);
 in
 
-- 
cgit v1.2.3


From dbb20f11069af3c302de02f122dd3f54535068a4 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 12 Feb 2017 23:34:33 +0100
Subject: Fix dependency issue

---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index f2e1da7e..f44260cd 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -51,7 +51,7 @@ in rec {
           inherit (pkgs.lua51Packages) luasocket luaexpat luafilesystem luabitop luaevent luazlib;
           luasec = lua5_sec;
           lua5 = pkgs.lua5_1;
-          communityModules = ["mod_carbons" "mod_reload_modules" "mod_csi" "mod_cloud_notify" "mod_csi_pump" "mod_smacks"];
+          communityModules = ["mod_carbons" "mod_reload_modules" "mod_csi" "mod_cloud_notify" "mod_csi_pump" "mod_smacks" "mod_track_muc_joins"];
           extraModules = [prosodyAuth];
           extraLibs = [luaPam luaPosix luaSha2];
         });
-- 
cgit v1.2.3


From 65924ba6e9a34aac5d5ab51db4cfb43d08825269 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Feb 2017 01:45:04 +0100
Subject: Bump setuid wrappers

---
 custom/uucp.nix |  2 +-
 hel.nix         | 25 +++++++++++++------------
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/custom/uucp.nix b/custom/uucp.nix
index b5e5a0aa..2fbba8f9 100644
--- a/custom/uucp.nix
+++ b/custom/uucp.nix
@@ -208,7 +208,7 @@ in {
       text = config.services.uucp.extraSys + "\n" + concatStringsSep "\n" (map sysSpec config.services.uucp.remoteNodes);
     };
 
-    security.setuidOwners = map (p: {program = p; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"];
+    security.wrappers = listToAttrs (map (p: {source = "${pkgs.uucp}/bin/${p}"; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]);
 
     nixpkgs.config.packageOverrides = pkgs: with pkgs; {
       uucp = stdenv.lib.overrideDerivation uucp (oldAttrs: {
diff --git a/hel.nix b/hel.nix
index 3eb83309..5d9de1b8 100644
--- a/hel.nix
+++ b/hel.nix
@@ -45,7 +45,6 @@
     git
     slock
     shadow
-    (callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })
     (callPackage ./utils/nix/rebuild-system.nix {})
     rewacom
   ];
@@ -350,17 +349,19 @@
       %wheel ALL=(ALL) NOPASSWD: SYSCTRL
     '';
 
-    setuidPrograms = ["slock" "mount" "mount.nfs" "umount" "newgrp" "thinklight"];
-
-    setuidOwners = [ { group = "users";
-                       owner = "gkleen";
-                       permissions = "u+rx,g+x,o+x";
-                       program = "notify-gkleen";
-                       setgid = true;
-                       setuid = true;
-                       source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
-                     }
-                   ];
+    security.wrappers = { "slock".source = "${pkgs.slock}/bin/slock";
+                          "mount".source = "${pkgs.utillinux.bin}/bin/mount";
+                          "umount".source = "${pkgs.utillinux.bin}/bin/umount";
+                          "newgrp".source = "${pkgs.shadow}/bin/newgrp";
+                          "thinklight".source =
+                            "${(callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })}/bin/thinklight";
+                          "notify-gkleen" = {
+                            group = "users";
+                            owner = "gkleen";
+                            setgid = true;
+                            setuid = true;
+                            source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
+                        };
 
     polkit = {
       enable = true;
-- 
cgit v1.2.3


From 61ceac5fbd1f12727a3b60aa821daee2f8332042 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Feb 2017 01:45:38 +0100
Subject: syntax

---
 hel.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hel.nix b/hel.nix
index 5d9de1b8..79deac49 100644
--- a/hel.nix
+++ b/hel.nix
@@ -361,6 +361,7 @@
                             setgid = true;
                             setuid = true;
                             source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
+                          };
                         };
 
     polkit = {
-- 
cgit v1.2.3


From d32974e2bc198f05af65ff0826f54554a58a89ce Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Feb 2017 01:45:53 +0100
Subject: scoping

---
 hel.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index 79deac49..a85797a5 100644
--- a/hel.nix
+++ b/hel.nix
@@ -354,7 +354,7 @@
                           "umount".source = "${pkgs.utillinux.bin}/bin/umount";
                           "newgrp".source = "${pkgs.shadow}/bin/newgrp";
                           "thinklight".source =
-                            "${(callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })}/bin/thinklight";
+                            "${(pkgs.callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })}/bin/thinklight";
                           "notify-gkleen" = {
                             group = "users";
                             owner = "gkleen";
-- 
cgit v1.2.3


From 2bb81a18aa8a8247c900b762f7fcc9d7e966a1e2 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Feb 2017 01:46:26 +0100
Subject: Scoping

---
 hel.nix | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/hel.nix b/hel.nix
index a85797a5..602db286 100644
--- a/hel.nix
+++ b/hel.nix
@@ -349,20 +349,20 @@
       %wheel ALL=(ALL) NOPASSWD: SYSCTRL
     '';
 
-    security.wrappers = { "slock".source = "${pkgs.slock}/bin/slock";
-                          "mount".source = "${pkgs.utillinux.bin}/bin/mount";
-                          "umount".source = "${pkgs.utillinux.bin}/bin/umount";
-                          "newgrp".source = "${pkgs.shadow}/bin/newgrp";
-                          "thinklight".source =
-                            "${(pkgs.callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })}/bin/thinklight";
-                          "notify-gkleen" = {
-                            group = "users";
-                            owner = "gkleen";
-                            setgid = true;
-                            setuid = true;
-                            source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
-                          };
-                        };
+    wrappers = { "slock".source = "${pkgs.slock}/bin/slock";
+                 "mount".source = "${pkgs.utillinux.bin}/bin/mount";
+                 "umount".source = "${pkgs.utillinux.bin}/bin/umount";
+                 "newgrp".source = "${pkgs.shadow}/bin/newgrp";
+                 "thinklight".source =
+                   "${(pkgs.callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })}/bin/thinklight";
+                 "notify-gkleen" = {
+                   group = "users";
+                   owner = "gkleen";
+                   setgid = true;
+                   setuid = true;
+                   source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
+                 };
+               };
 
     polkit = {
       enable = true;
-- 
cgit v1.2.3


From 47a2a43ad79edea3465f97e6bf307871e1fc5e23 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Feb 2017 01:47:15 +0100
Subject: Syntax

---
 custom/uucp.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/custom/uucp.nix b/custom/uucp.nix
index 2fbba8f9..0e38f4d2 100644
--- a/custom/uucp.nix
+++ b/custom/uucp.nix
@@ -208,7 +208,9 @@ in {
       text = config.services.uucp.extraSys + "\n" + concatStringsSep "\n" (map sysSpec config.services.uucp.remoteNodes);
     };
 
-    security.wrappers = listToAttrs (map (p: {source = "${pkgs.uucp}/bin/${p}"; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]);
+    security.wrappers = let
+      wrapper = p: { name = p; source = "${pkgs.uucp}/bin/${p}"; owner = "root"; group = "root"; setuid = true; setgid = false; };
+    in listToAttrs (map wrapper ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]);
 
     nixpkgs.config.packageOverrides = pkgs: with pkgs; {
       uucp = stdenv.lib.overrideDerivation uucp (oldAttrs: {
-- 
cgit v1.2.3


From 24fd13099b8eb92d8ee73b29843f882fe95f5254 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Feb 2017 01:48:17 +0100
Subject: Syntax

---
 custom/uucp.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/custom/uucp.nix b/custom/uucp.nix
index 0e38f4d2..c69d15c5 100644
--- a/custom/uucp.nix
+++ b/custom/uucp.nix
@@ -209,7 +209,15 @@ in {
     };
 
     security.wrappers = let
-      wrapper = p: { name = p; source = "${pkgs.uucp}/bin/${p}"; owner = "root"; group = "root"; setuid = true; setgid = false; };
+      wrapper = p: { name = p;
+                     value = {
+                       source = "${pkgs.uucp}/bin/${p}";
+                       owner = "root";
+                       group = "root";
+                       setuid = true;
+                       setgid = false;
+                     };
+                   };
     in listToAttrs (map wrapper ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]);
 
     nixpkgs.config.packageOverrides = pkgs: with pkgs; {
-- 
cgit v1.2.3


From 269739ccbb65ed1daccd768dc1f32d2707694c43 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Feb 2017 01:51:55 +0100
Subject: permissions are needed to honor owner

---
 hel.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hel.nix b/hel.nix
index 602db286..4e528bba 100644
--- a/hel.nix
+++ b/hel.nix
@@ -360,6 +360,7 @@
                    owner = "gkleen";
                    setgid = true;
                    setuid = true;
+                   permissions = "u+rx,g+x,o+x";
                    source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
                  };
                };
-- 
cgit v1.2.3


From 0bf7868f3a34156fbc2222092246d4420379ad98 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Feb 2017 01:54:55 +0100
Subject: Wrappers on ymir

---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index f44260cd..b276adbf 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -667,7 +667,7 @@ in rec {
       '';
     };
 
-  security.setuidPrograms = [ "newgrp" ];
+  security.wrappers = { "newgrp".source = "${pkgs.shadow}/bin/newgrp"; };
 
   security.acme = {
     certs = {
-- 
cgit v1.2.3


From 74910038136583c57eb7bda7ae00485f226f76e1 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Feb 2017 21:47:07 +0100
Subject: Accept mail for all local addresses

---
 ymir.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index b276adbf..a6967749 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -407,6 +407,8 @@ in rec {
         /@subs?\.(lists?|l)\./ mlmmj-subs:
       ''} regexp:/srv/mail/transport pipemap:{texthash:/srv/mail/discard,static:{discard:}}
 
+      local_recipient_maps = 
+
       luser_relay = gkleen+''${local}
       
       # 10 GiB
-- 
cgit v1.2.3


From 2d7616fb3070fc5aeb2b3f5cc7082dcf21714a6f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Feb 2017 22:39:19 +0100
Subject: Fix setuid-wrappers path

---
 custom/tinc/def.nix |  2 +-
 custom/uucp.nix     |  6 +++---
 hel.nix             | 10 +++++-----
 hel/recv-media.nix  |  3 ++-
 ymir.nix            |  8 ++++----
 5 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix
index 58c5237c..a3bb00a0 100644
--- a/custom/tinc/def.nix
+++ b/custom/tinc/def.nix
@@ -18,7 +18,7 @@ in
 
       networks = mkOption {
         default = { };
-        type = types.loaOf types.optionSet;
+        type = types.loaOf types.submodule;
         description = ''
           Defines the tinc networks which will be started.
           Each network invokes a different daemon.
diff --git a/custom/uucp.nix b/custom/uucp.nix
index c69d15c5..0b4b1306 100644
--- a/custom/uucp.nix
+++ b/custom/uucp.nix
@@ -237,7 +237,7 @@ in {
                 choices as appropriate.  */
              #if 1
             -#define MAIL_PROGRAM "/usr/lib/sendmail -t"
-            +#define MAIL_PROGRAM "/var/setuid-wrappers/sendmail -t"
+            +#define MAIL_PROGRAM "${config.security.wrapperDir}/sendmail -t"
              /* #define MAIL_PROGRAM "/usr/sbin/sendmail -t" */
              #define MAIL_PROGRAM_TO_BODY 1
              #define MAIL_PROGRAM_SUBJECT_BODY 1
@@ -256,7 +256,7 @@ in {
             *) from="$from@$relay";;
           esac
 
-          exec /var/setuid-wrappers/sendmail -G -i -f "$from" -- "$@"
+          exec ${config.security.wrapperDir}/sendmail -G -i -f "$from" -- "$@"
         '';
     };
 
@@ -264,6 +264,6 @@ in {
       uucp
     ];
 
-    services.cron.systemCronJobs = (map (name: "${config.services.uucp.interval} /var/setuid-wrappers/uucico -D -S ${name}") (if (config.services.uucp.interval != null) then config.services.uucp.remoteNodes else []));
+    services.cron.systemCronJobs = (map (name: "${config.services.uucp.interval} ${config.security.wrapperDir}/uucico -D -S ${name}") (if (config.services.uucp.interval != null) then config.services.uucp.remoteNodes else []));
   };
 }
diff --git a/hel.nix b/hel.nix
index 4e528bba..a7b34fe4 100644
--- a/hel.nix
+++ b/hel.nix
@@ -176,8 +176,8 @@
       nodeName = "hel";
       remoteNodes = ["isaac" "ymir"]; # legacy name for odin
       sshUser = {
-        openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFH1QWdgoC03nzW5GBuCl2pqASHeIXIYtE9IInHdaKcO uucp@ymir''
-	                                ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${pkgs.writeScript "odin.sh" "#!${pkgs.stdenv.shell}\necho .\nexec -a uucico /var/setuid-wrappers/uucico\n"}" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhACtnt9+3j2ev4QVA2QBlPtblPnu7yol2njgfMlHtC uucp@odin''
+        openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${config.security.wrapperDir}/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFH1QWdgoC03nzW5GBuCl2pqASHeIXIYtE9IInHdaKcO uucp@ymir''
+	                                ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${pkgs.writeScript "odin.sh" "#!${pkgs.stdenv.shell}\necho .\nexec -a uucico ${config.security.wrapperDir}/uucico\n"}" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhACtnt9+3j2ev4QVA2QBlPtblPnu7yol2njgfMlHtC uucp@odin''
                                       ];
       };
       sshConfig = ''
@@ -188,7 +188,7 @@
 	  Hostname ymir.niflheim.yggdrasil
 	  IdentityFile ~/.ssh/ymir
       '';
-      commandPath = [ "${pkgs.callPackage ./hel/recv-media.nix {}}/bin" "/var/setuid-wrappers/" ];
+      commandPath = [ "${pkgs.callPackage ./hel/recv-media.nix {}}/bin" config.security.wrapperDir ];
       defaultCommands = [];
       commands = {
         "isaac" = ["recv-media" "notify-gkleen"];
@@ -209,7 +209,7 @@
       relayHost = "uucp:ymir";
       recipientDelimiter = "+";
       extraMasterConf = ''
-        uucp        unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a $sender - $nexthop!rmail ($recipient)
+        uucp        unix - n n - - pipe flags=Fqhu user=uucp argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)
         sshsendmail unix - n n - - pipe flags=Fq user=postfix_ssh argv=${pkgs.openssh}/bin/ssh -F /var/db/postfix_ssh/ssh.config $nexthop sendmail -f $sender -G $recipient
       '';
       transport = ''
@@ -361,7 +361,7 @@
                    setgid = true;
                    setuid = true;
                    permissions = "u+rx,g+x,o+x";
-                   source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
+                   source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; inherit (config.security) wrapperDir}}/bin/notify-gkleen'';
                  };
                };
 
diff --git a/hel/recv-media.nix b/hel/recv-media.nix
index 52d5bae6..a074e76b 100644
--- a/hel/recv-media.nix
+++ b/hel/recv-media.nix
@@ -6,6 +6,7 @@
 , showTitle ? true
 , ffmpeg ? null
 , gnused ? null
+, wrapperDir ? "/run/wrappers/bin"
 }:
 
 assert showTitle -> ffmpeg != null && gnused != null && notifyUser != null;
@@ -15,7 +16,7 @@ writeScriptBin "recv-media" ''
 
   pid=$?
 
-  PATH=${eject}/bin:${coreutils}/bin:${if showTitle then ''${ffmpeg}/bin:${gnused}/bin:'' else ""}/var/setuid-wrappers
+  PATH=${eject}/bin:${coreutils}/bin:${if showTitle then ''${ffmpeg}/bin:${gnused}/bin:'' else ""}${wrapperDir}
 
   exec 1> >(logger --id=$pid -t recv-media -p user.notice)
   exec 2> >(logger --id=$pid -t recv-media -p user.error)
diff --git a/ymir.nix b/ymir.nix
index a6967749..5dfa265e 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -500,7 +500,7 @@ in rec {
       recipient_canonical_classes= envelope_recipient,header_recipient
     '';
     extraMasterConf = ''
-      uucp            unix - n n - - pipe  flags=Fqhu user=uucp   argv=/var/setuid-wrappers/uux -z -a $sender - $nexthop!rmail ($recipient)
+      uucp            unix - n n - - pipe  flags=Fqhu user=uucp   argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)
       mlmmj           unix - n n - - pipe  flags=ORhu user=mlmmj  argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L /var/spool/lists/''${user}
       mlmmj-subs      unix - n n - - pipe  flags=ORhu user=mlmmj  argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /var/spool/lists/''${user} ''${extension}
       policy-spf      unix - n n - - spawn            user=nobody argv=${pkgs.pythonPackages.pypolicyd-spf}/bin/policyd-spf ${./ymir/spf.conf}
@@ -551,7 +551,7 @@ in rec {
     selector = "ymir";
     configFile = builtins.toFile "opendkim.conf" ''
       Syslog true
-      MTACommand /var/setuid-wrappers/sendmail
+      MTACommand ${config.security.wrapperDir}/sendmail
       LogResults true
     '';
   };
@@ -692,8 +692,8 @@ in rec {
     nodeName = "ymir";
     remoteNodes = ["isaac" "hel"]; # legacy name for odin
     sshUser = {
-      openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgtDHA7oDIaRwggGGznNaKZF68rFTziqefSCn1t9ZKe uucp@odin''
-                                      ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/var/setuid-wrappers/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWBybBQKbPucqBgULQ1phv7IKFWl1Xc4drkCx3D5mIz uucp@hel''
+      openssh.authorizedKeys.keys = [ ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${config.security.wrapperDir}/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgtDHA7oDIaRwggGGznNaKZF68rFTziqefSCn1t9ZKe uucp@odin''
+                                      ''no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="${config.security.wrapperDir}/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWBybBQKbPucqBgULQ1phv7IKFWl1Xc4drkCx3D5mIz uucp@hel''
                                     ];
     };
     sshConfig = ''
-- 
cgit v1.2.3


From bb71967abe693ea2124ba21a6703f7eecc85ca42 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Feb 2017 22:41:20 +0100
Subject: Bump utils

---
 utils | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils b/utils
index 6b443335..8b11946e 160000
--- a/utils
+++ b/utils
@@ -1 +1 @@
-Subproject commit 6b443335b97cc2d6479595313e5a19d2f49c6b7a
+Subproject commit 8b11946e67c5aee3e3dff1fc1b8754249b4677ca
-- 
cgit v1.2.3


From cf4568d2f5e131a29efaac141fde1ade8e47dd7d Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Feb 2017 22:45:20 +0100
Subject: use submodule properly

---
 custom/tinc/def.nix | 145 ++++++++++++++++++++++++++--------------------------
 1 file changed, 72 insertions(+), 73 deletions(-)

diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix
index a3bb00a0..98174eb6 100644
--- a/custom/tinc/def.nix
+++ b/custom/tinc/def.nix
@@ -6,6 +6,77 @@ let
 
   cfg = config.services.customTinc;
 
+  networkModule = {
+    extraConfig = mkOption {
+      default = ''
+        PingTimeout = 10
+      '';
+      type = types.lines;
+      description = ''
+        Extra lines to add to the tinc service configuration file.
+      '';
+    };
+
+    name = mkOption {
+      default = null;
+      type = types.nullOr types.str;
+      description = ''
+        The name of the node which is used as an identifier when communicating
+        with the remote nodes in the mesh. If null then the hostname of the system
+        is used.
+      '';
+    };
+
+    debugLevel = mkOption {
+      default = 0;
+      type = types.addCheck types.int (l: l >= 0 && l <= 5);
+      description = ''
+        The amount of debugging information to add to the log. 0 means little
+        logging while 5 is the most logging. <command>man tincd</command> for
+        more details.
+      '';
+    };
+
+    hosts = mkOption {
+      default = { };
+      type = types.loaOf types.lines;
+      description = ''
+        The name of the host in the network as well as the configuration for that host.
+        This name should only contain alphanumerics and underscores.
+      '';
+    };
+
+    interfaceType = mkOption {
+      default = "tun";
+      type = types.addCheck types.str (n: n == "tun" || n == "tap");
+      description = ''
+        The type of virtual interface used for the network connection
+      '';
+    };
+
+    interfaceConfig = mkOption {
+      default = { };
+      description = ''
+        Additional configuration for the generated network interface
+      '';
+    };
+
+    package = mkOption {
+      default = pkgs.tinc_pre;
+      description = ''
+        The package to use for the tinc daemon's binary.
+      '';
+    };
+
+    scripts = mkOption {
+      default = { };
+      type = types.loaOf (types.nullOr types.str);
+      description = ''
+        Hook scripts
+      '';
+    };
+
+  };
 in
 
 {
@@ -18,83 +89,11 @@ in
 
       networks = mkOption {
         default = { };
-        type = types.loaOf types.submodule;
+        type = types.loaOf (types.submodule networkModule);
         description = ''
           Defines the tinc networks which will be started.
           Each network invokes a different daemon.
         '';
-        options = {
-
-          extraConfig = mkOption {
-            default = ''
-              PingTimeout = 10
-            '';
-            type = types.lines;
-            description = ''
-              Extra lines to add to the tinc service configuration file.
-            '';
-          };
-
-          name = mkOption {
-            default = null;
-            type = types.nullOr types.str;
-            description = ''
-              The name of the node which is used as an identifier when communicating
-              with the remote nodes in the mesh. If null then the hostname of the system
-              is used.
-            '';
-          };
-
-          debugLevel = mkOption {
-            default = 0;
-            type = types.addCheck types.int (l: l >= 0 && l <= 5);
-            description = ''
-              The amount of debugging information to add to the log. 0 means little
-              logging while 5 is the most logging. <command>man tincd</command> for
-              more details.
-            '';
-          };
-
-          hosts = mkOption {
-            default = { };
-            type = types.loaOf types.lines;
-            description = ''
-              The name of the host in the network as well as the configuration for that host.
-              This name should only contain alphanumerics and underscores.
-            '';
-          };
-
-          interfaceType = mkOption {
-            default = "tun";
-            type = types.addCheck types.str (n: n == "tun" || n == "tap");
-            description = ''
-              The type of virtual interface used for the network connection
-            '';
-          };
-
-          interfaceConfig = mkOption {
-            default = { };
-            description = ''
-              Additional configuration for the generated network interface
-            '';
-          };
-
-          package = mkOption {
-            default = pkgs.tinc_pre;
-            description = ''
-              The package to use for the tinc daemon's binary.
-            '';
-          };
-
-          scripts = mkOption {
-            default = { };
-            type = types.loaOf (types.nullOr types.str);
-            description = ''
-              Hook scripts
-            '';
-          };
-
-        };
       };
     };
 
-- 
cgit v1.2.3


From bb20dfd761b9ad171e62270bc7d7c874b88f9e74 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Feb 2017 22:47:56 +0100
Subject: Syntax

---
 custom/tinc/def.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix
index 98174eb6..563335ad 100644
--- a/custom/tinc/def.nix
+++ b/custom/tinc/def.nix
@@ -89,7 +89,7 @@ in
 
       networks = mkOption {
         default = { };
-        type = types.loaOf (types.submodule networkModule);
+        type = types.loaOf (types.submodule { options = networkModule; });
         description = ''
           Defines the tinc networks which will be started.
           Each network invokes a different daemon.
-- 
cgit v1.2.3


From 3be2bc7caa2a524a2e2f713af304b4b9647db34a Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 22 Feb 2017 15:21:15 +0100
Subject: Potential to log email

---
 ymir.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index 5dfa265e..3f4fd496 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -504,6 +504,17 @@ in rec {
       mlmmj           unix - n n - - pipe  flags=ORhu user=mlmmj  argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L /var/spool/lists/''${user}
       mlmmj-subs      unix - n n - - pipe  flags=ORhu user=mlmmj  argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /var/spool/lists/''${user} ''${extension}
       policy-spf      unix - n n - - spawn            user=nobody argv=${pkgs.pythonPackages.pypolicyd-spf}/bin/policyd-spf ${./ymir/spf.conf}
+      logEmail        unix - n n - 10 pipe flags=Rq   user=postfix null_sender= argv=${pkgs.writeScript "logEmail" ''
+        #!${pkgs.stdenv.shell}
+
+        mailFile=/tmp/logEmail/$(date +"%F-%H%M%S").$$
+
+        mkdir -p -m 700 /tmp/logEmail
+
+        cat >$mailFile
+
+        sendmail -G -i "$@" <$mailFile
+      ''} -f ''${sender} -- ''${recipient}
     '';
     networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"];
   };
-- 
cgit v1.2.3


From c801ca01de76c26ca29b5ffdfbff8c06b71754eb Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 22 Feb 2017 15:30:12 +0100
Subject: Turn on email logging

---
 ymir.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index 3f4fd496..ade822e7 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -498,6 +498,8 @@ in rec {
       sender_canonical_classes = envelope_sender
       recipient_canonical_maps = tcp:localhost:10002
       recipient_canonical_classes= envelope_recipient,header_recipient
+
+      content_filter = logEmail:ymir
     '';
     extraMasterConf = ''
       uucp            unix - n n - - pipe  flags=Fqhu user=uucp   argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)
-- 
cgit v1.2.3


From e5121a3ea6c134ac422138cb074ad63756728850 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 22 Feb 2017 15:31:16 +0100
Subject: Fix logEmail owner

---
 ymir.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ymir.nix b/ymir.nix
index ade822e7..d2f02b23 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -506,7 +506,7 @@ in rec {
       mlmmj           unix - n n - - pipe  flags=ORhu user=mlmmj  argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L /var/spool/lists/''${user}
       mlmmj-subs      unix - n n - - pipe  flags=ORhu user=mlmmj  argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /var/spool/lists/''${user} ''${extension}
       policy-spf      unix - n n - - spawn            user=nobody argv=${pkgs.pythonPackages.pypolicyd-spf}/bin/policyd-spf ${./ymir/spf.conf}
-      logEmail        unix - n n - 10 pipe flags=Rq   user=postfix null_sender= argv=${pkgs.writeScript "logEmail" ''
+      logEmail        unix - n n - 10 pipe flags=Rq   user=nobody null_sender= argv=${pkgs.writeScript "logEmail" ''
         #!${pkgs.stdenv.shell}
 
         mailFile=/tmp/logEmail/$(date +"%F-%H%M%S").$$
-- 
cgit v1.2.3


From c2147948b480a887b812b79f014b27f492298055 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 22 Feb 2017 15:33:09 +0100
Subject: Fix path in logging script

---
 ymir.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index d2f02b23..e77c81f1 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -509,6 +509,8 @@ in rec {
       logEmail        unix - n n - 10 pipe flags=Rq   user=nobody null_sender= argv=${pkgs.writeScript "logEmail" ''
         #!${pkgs.stdenv.shell}
 
+        export PATH=${config.security.wrapperDir}:/run/current-system/sw/bin
+
         mailFile=/tmp/logEmail/$(date +"%F-%H%M%S").$$
 
         mkdir -p -m 700 /tmp/logEmail
-- 
cgit v1.2.3


From 1ad1772008dd2e9e530d7c5175882fefff777a31 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 22 Feb 2017 15:34:36 +0100
Subject: Disable logging again

---
 ymir.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index e77c81f1..74eb1a39 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -498,8 +498,6 @@ in rec {
       sender_canonical_classes = envelope_sender
       recipient_canonical_maps = tcp:localhost:10002
       recipient_canonical_classes= envelope_recipient,header_recipient
-
-      content_filter = logEmail:ymir
     '';
     extraMasterConf = ''
       uucp            unix - n n - - pipe  flags=Fqhu user=uucp   argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)
-- 
cgit v1.2.3


From 72e212521d9b2ef2384d0a1ffec95a4c1ad869f1 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 23 Feb 2017 11:54:51 +0100
Subject: Move BCC self to mailserver config

---
 hel.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hel.nix b/hel.nix
index a7b34fe4..15640956 100644
--- a/hel.nix
+++ b/hel.nix
@@ -216,6 +216,8 @@
         gkleen+sent@yggdrasil.li uucp:isaac
       '';
       extraConfig = ''
+        always_bcc = gkleen+sent@yggdrasil.li
+      
         default_transport = uucp:ymir
 
         inet_interfaces = loopback-only
-- 
cgit v1.2.3


From 3047cae0f583ce6897e0fc01bf13fb02fda54cc6 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 23 Feb 2017 11:55:35 +0100
Subject: Syntax

---
 hel.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index 15640956..5e314af8 100644
--- a/hel.nix
+++ b/hel.nix
@@ -363,7 +363,7 @@
                    setgid = true;
                    setuid = true;
                    permissions = "u+rx,g+x,o+x";
-                   source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; inherit (config.security) wrapperDir}}/bin/notify-gkleen'';
+                   source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; inherit (config.security) wrapperDir; }}/bin/notify-gkleen'';
                  };
                };
 
-- 
cgit v1.2.3


From 287abe234d3778962664b83e09d2eb1e3c1ead80 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 1 Mar 2017 14:56:01 +0100
Subject: Sane environment variable

---
 hel.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hel.nix b/hel.nix
index 5e314af8..95db2ebb 100644
--- a/hel.nix
+++ b/hel.nix
@@ -425,6 +425,8 @@
   environment.etc."sane.d/dll.conf".text = "xerox_mfp";
   environment.etc."sane.d/xerox_mfp.conf".text = "tcp printer.asgard.yggdrasil";
 
+  environment.sessionVariables = { "SANE_CONFIG_DIR" = "/etc/sane.d"; };
+
   systemd.services."kill-user@" = {
     serviceConfig = {
       Type = "oneshot";
-- 
cgit v1.2.3


From bec33e1c9d1305b86c5be5bc508f1daa72f6d9c0 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 1 Mar 2017 14:56:09 +0100
Subject: notify-user does not need to know about security wrappers

---
 hel.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index 95db2ebb..e6a50da2 100644
--- a/hel.nix
+++ b/hel.nix
@@ -363,7 +363,7 @@
                    setgid = true;
                    setuid = true;
                    permissions = "u+rx,g+x,o+x";
-                   source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; inherit (config.security) wrapperDir; }}/bin/notify-gkleen'';
+                   source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
                  };
                };
 
-- 
cgit v1.2.3


From 837fc46618162b1c941fe0587e175542a377fed0 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 3 Mar 2017 15:43:50 +0100
Subject: Additional audio ports

---
 bragi.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/bragi.nix b/bragi.nix
index fe447e2d..1a77a024 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -136,6 +136,12 @@ in rec {
   systemd.services."passmix4" = trivmixService { name = "passmix4"; connectOut = "system:playback_3"; connectIn = "system:capture_7"; group = "hel_out"; };
   systemd.services."passmix5" = trivmixService { name = "passmix5"; connectOut = "system:playback_4"; connectIn = "system:capture_8"; group = "hel_out"; };
 
+  systemd.services."passmix6" = trivmixService { name = "passmix6"; connectOut = "system:playback_7"; connectIn = "system:capture_1"; group = "hel_in"; };
+  systemd.services."passmix7" = trivmixService { name = "passmix7"; connectOut = "system:playback_8"; connectIn = "system:capture_1"; group = "hel_in"; };
+
+  systemd.services."passmix8" = trivmixService { name = "passmix8"; connectOut = "system:playback_3"; connectIn = "system:capture_3"; group = "analog"; };
+  systemd.services."passmix9" = trivmixService { name = "passmix9"; connectOut = "system:playback_4"; connectIn = "system:capture_4"; group = "analog"; };
+
   services.mpd = {
     enable = true;
     musicDirectory = "/media/odin/music";
-- 
cgit v1.2.3


From 523df0e6643c63a6927bac7f4de8be42f1484b8d Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 3 Mar 2017 16:01:49 +0100
Subject: Drop analog input

---
 bragi.nix | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/bragi.nix b/bragi.nix
index 1a77a024..28d304f4 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -139,9 +139,6 @@ in rec {
   systemd.services."passmix6" = trivmixService { name = "passmix6"; connectOut = "system:playback_7"; connectIn = "system:capture_1"; group = "hel_in"; };
   systemd.services."passmix7" = trivmixService { name = "passmix7"; connectOut = "system:playback_8"; connectIn = "system:capture_1"; group = "hel_in"; };
 
-  systemd.services."passmix8" = trivmixService { name = "passmix8"; connectOut = "system:playback_3"; connectIn = "system:capture_3"; group = "analog"; };
-  systemd.services."passmix9" = trivmixService { name = "passmix9"; connectOut = "system:playback_4"; connectIn = "system:capture_4"; group = "analog"; };
-
   services.mpd = {
     enable = true;
     musicDirectory = "/media/odin/music";
-- 
cgit v1.2.3


From cf8aef18aad8e92f699165350ec4e18a0f2ee3f5 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 6 Mar 2017 21:13:03 +0100
Subject: Migrate thermoprint-server to postgresql

---
 bragi.nix                                      | 48 ++++++--------------------
 bragi/thermoprint-server/thermoprint-server.hs | 30 ++++++++++++++++
 2 files changed, 41 insertions(+), 37 deletions(-)
 create mode 100644 bragi/thermoprint-server/thermoprint-server.hs

diff --git a/bragi.nix b/bragi.nix
index 28d304f4..a971e6a9 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -275,43 +275,9 @@ in rec {
     home = "/var/lib/thermoprint";
   };
 
-  environment.etc."thermoprint-server/thermoprint-server.hs" = {
-    text = ''
-      {-# LANGUAGE OverloadedStrings  #-}
-      {-# LANGUAGE ImpredicativeTypes #-}
-
-      module Main (main) where
-
-      import Thermoprint.Server
-
-      import Thermoprint.Server.Printer.Generic
-
-      import Control.Monad.Trans.Resource
-      import Control.Monad.Logger
-      import Control.Monad.Reader
-
-      import Database.Persist.Sqlite
-    
-      import qualified Network.Wai.Handler.Warp as Warp
-
-      main :: IO ()
-      main = thermoprintServer True (Nat runSqlite) $ (\c -> c { queueManagers = queueManagers, warpSettings = wSettings }) <$> def `withPrinters` printers
-        where
-          runSqlite :: ReaderT ConnectionPool (LoggingT IO) a -> IO a
-          runSqlite = runStderrLoggingT . withSqlitePool "${users.extraUsers."thermoprint".home}/thermoprint.sqlite" 1 . runReaderT
-
-          printers = [ (pure $ genericPrint "/dev/usb/lp0", def :: QMConfig (ResourceT (ReaderT ConnectionPool (LoggingT IO))))
-                     ]
-
-          queueManagers _ = QMConfig
-            { manager = union [ limitHistorySize 100
-                              , limitHistoryAge 3600
-                              ]
-            , collapse = standardCollapse
-            }
-
-          wSettings = Warp.setHost "127.0.0.1" . Warp.setPort 8080 $ Warp.defaultSettings 
-    '';
+  environment.etc."thermoprint-server" = {
+    source = ./bragi/thermoprint-server;
+    mode = "symlink";
   };
 
   systemd.services."thermoprint" = {
@@ -319,6 +285,7 @@ in rec {
       THERMOPRINT_CONFIG = "/etc/thermoprint-server";
       THERMOPRINT_CACHE = ''${users.extraUsers."thermoprint".home}/dyre'';
     };
+    requires = [ "postgresql.service" ];
     wantedBy = [ "default.target" ];
     serviceConfig = {
       Type = "simple";
@@ -395,6 +362,13 @@ in rec {
     '';
   };
 
+  services.postgresql = {
+    enable = true;
+    authorization = lib.mkForce ''
+      local sameuser all peer
+    '';
+  };
+
   nix = {
     daemonIONiceLevel = 3;
     daemonNiceLevel = 10;
diff --git a/bragi/thermoprint-server/thermoprint-server.hs b/bragi/thermoprint-server/thermoprint-server.hs
new file mode 100644
index 00000000..4f909f80
--- /dev/null
+++ b/bragi/thermoprint-server/thermoprint-server.hs
@@ -0,0 +1,30 @@
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE ImpredicativeTypes #-}
+
+module Main (main) where
+
+import Thermoprint.Server
+
+import Thermoprint.Server.Printer.Generic
+
+import Control.Monad.Trans.Resource
+import Control.Monad.Logger
+import Control.Monad.Reader
+
+import Database.Persist.Postgresql
+
+main :: IO ()
+main = thermoprintServer True (Nat runDb) $ (\c -> c { queueManagers = queueManagers }) <$> def `withPrinters` printers
+  where
+    runDb :: ReaderT ConnectionPool (LoggingT IO) a -> IO a
+    runDb = runStderrLoggingT . withPostgresqlPool "" 5 . runReaderT
+
+    printers = [ (pure $ genericPrint "/dev/usb/lp0", def)
+               ]
+
+    queueManagers _ = QMConfig
+      { manager = union [ limitHistorySize 100
+                        , limitHistoryAge 3600
+                        ]
+      , collapse = standardCollapse
+      }
-- 
cgit v1.2.3


From 9abb83359120d17556605c4232798fbfc7a62392 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 6 Mar 2017 21:14:21 +0100
Subject: Bring lib into scope

---
 bragi.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bragi.nix b/bragi.nix
index a971e6a9..518a3f94 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -3,6 +3,7 @@
 let
   trivmixService = opts: (pkgs.callPackage ./custom/trivmix-service.nix opts).out;
   thermoprint-servant = (pkgs.callPackage ./custom/thermoprint {}).thermoprint-servant;
+  inherit (pkgs) lib;
 in rec {
   imports =
     [ ./musnix
-- 
cgit v1.2.3


From 2953a0bae26a0a44418b10c625ae1bc44fd5a6a4 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 6 Mar 2017 21:15:02 +0100
Subject: Typo

---
 bragi.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index 518a3f94..0d0a2ca6 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -365,7 +365,7 @@ in rec {
 
   services.postgresql = {
     enable = true;
-    authorization = lib.mkForce ''
+    authentication = lib.mkForce ''
       local sameuser all peer
     '';
   };
-- 
cgit v1.2.3


From 163c1e27f47bf3994dbcb98d196ce0cb3e715cdd Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 6 Mar 2017 21:18:08 +0100
Subject: Fix setuid wrapper

---
 bragi.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index 0d0a2ca6..a5e7d7c3 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -171,7 +171,7 @@ in rec {
     group = "audio";
   };
 
-  security.setuidPrograms = ["mount.nfs"];
+  security.wrappers = { "mount.nfs".source = "${pkgs.nfs-utils}/bin/mount.nfs"; };
 
   programs.bash.promptInit = ''
     PROMPT_COLOR="1;31m"
-- 
cgit v1.2.3


From 5157c5e1bda53715bc3244f1081bc863ce85acb3 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 6 Mar 2017 21:18:26 +0100
Subject: Specify we mean IPv4

---
 bragi.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index a5e7d7c3..18a8c331 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -224,7 +224,7 @@ in rec {
     '';
   };
 
-  services.dhcpd = {
+  services.dhcpd4 = {
     enable = true;
     interfaces = [ "enp1s0"
                  ];
-- 
cgit v1.2.3


From 0ee4a2f01c8607e503acc74bc10b7b362f53880d Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 6 Mar 2017 21:21:45 +0100
Subject: Jailbreak cabal-test-quickcheck

---
 bragi.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/bragi.nix b/bragi.nix
index 18a8c331..f969a9f1 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -34,6 +34,9 @@ in rec {
           in {
             trivmix = callPackage ./custom/trivmix.nix {};
             # filelock = callPackage ./custom/filelock.nix {};
+            cabal-test-quickcheck = self.lib.overrideCabal super.cabal-test-quickcheck (drv: {
+              jailbreak = true;
+            });
           };
         }
       );
-- 
cgit v1.2.3


From 45cfb08af3e7c66a711dfd82d0c934075bd5c394 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 6 Mar 2017 21:26:04 +0100
Subject: Massage

---
 bragi.nix | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/bragi.nix b/bragi.nix
index f969a9f1..493c2a18 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -34,9 +34,7 @@ in rec {
           in {
             trivmix = callPackage ./custom/trivmix.nix {};
             # filelock = callPackage ./custom/filelock.nix {};
-            cabal-test-quickcheck = self.lib.overrideCabal super.cabal-test-quickcheck (drv: {
-              jailbreak = true;
-            });
+            cabal-test-quickcheck = super.lib.doJailbreak super.cabal-test-quickcheck;
           };
         }
       );
-- 
cgit v1.2.3


From 9ec4494121da0d1bc7485c516c428cad1c71722f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 7 Mar 2017 14:17:44 +0100
Subject: Bump thermoprint

---
 bragi.nix          | 4 +---
 custom/thermoprint | 2 +-
 hel.nix            | 5 ++++-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/bragi.nix b/bragi.nix
index 493c2a18..d8664321 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -33,8 +33,6 @@ in rec {
             callPackage = pkgs.lib.callPackageWith ( pkgs // self );
           in {
             trivmix = callPackage ./custom/trivmix.nix {};
-            # filelock = callPackage ./custom/filelock.nix {};
-            cabal-test-quickcheck = super.lib.doJailbreak super.cabal-test-quickcheck;
           };
         }
       );
@@ -51,7 +49,7 @@ in rec {
         '';
       };
       
-      inherit (pkgs.callPackage ./custom/thermoprint {}) thermoprint-server thermoprint-webgui tprint;
+      inherit (pkgs.callPackage ./custom/thermoprint { extraPackages = (p: with p; [ persistent-postgresql ]); }) thermoprint-server thermoprint-webgui tprint;
 
       inherit (haskellPackages) trivmix;
     };
diff --git a/custom/thermoprint b/custom/thermoprint
index 75d9fe61..7065a8cc 160000
--- a/custom/thermoprint
+++ b/custom/thermoprint
@@ -1 +1 @@
-Subproject commit 75d9fe614dca572aa1d7cfa53553e9c103eb2dd0
+Subproject commit 7065a8cc1b8b01cd32d4b1d5317b323fec5238bd
diff --git a/hel.nix b/hel.nix
index e6a50da2..e81627cb 100644
--- a/hel.nix
+++ b/hel.nix
@@ -425,7 +425,10 @@
   environment.etc."sane.d/dll.conf".text = "xerox_mfp";
   environment.etc."sane.d/xerox_mfp.conf".text = "tcp printer.asgard.yggdrasil";
 
-  environment.sessionVariables = { "SANE_CONFIG_DIR" = "/etc/sane.d"; };
+  environment.sessionVariables = {
+    "SANE_CONFIG_DIR" = "/etc/sane.d";
+    "TPRINT_BASEURL" = "http://bragi.asgard.yggdrasil/thermoprint/api";
+  };
 
   systemd.services."kill-user@" = {
     serviceConfig = {
-- 
cgit v1.2.3


From 8a865390e31f4b6ded8cdbb711a50924c72da00c Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 7 Mar 2017 14:22:01 +0100
Subject: Bump thermoprint

---
 custom/thermoprint | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/thermoprint b/custom/thermoprint
index 7065a8cc..ba2e44af 160000
--- a/custom/thermoprint
+++ b/custom/thermoprint
@@ -1 +1 @@
-Subproject commit 7065a8cc1b8b01cd32d4b1d5317b323fec5238bd
+Subproject commit ba2e44af40746f339e1ed652ea233c739790556b
-- 
cgit v1.2.3


From c16c1e973412260d0a849d227bc6e79ed69984fd Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 8 Mar 2017 19:06:23 +0100
Subject: Bump trivmix

---
 bragi.nix                  | 22 +++++++++++-----------
 custom/trivmix             |  2 +-
 custom/trivmix-service.nix |  3 ++-
 custom/trivmix.nix         |  1 -
 4 files changed, 14 insertions(+), 14 deletions(-)
 delete mode 120000 custom/trivmix.nix

diff --git a/bragi.nix b/bragi.nix
index d8664321..c128f0ac 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -32,7 +32,7 @@ in rec {
           overrides = self: super: let
             callPackage = pkgs.lib.callPackageWith ( pkgs // self );
           in {
-            trivmix = callPackage ./custom/trivmix.nix {};
+            trivmix = callPackage ./custom/trivmix {};
           };
         }
       );
@@ -124,20 +124,20 @@ in rec {
     };
   };
 
-  systemd.services."mpdmix0" = trivmixService { name = "mpdmix0"; connectOut = "system:playback_3"; group = "mpd"; };
-  systemd.services."mpdmix1" = trivmixService { name = "mpdmix1"; connectOut = "system:playback_4"; group = "mpd"; };
+  systemd.services."mpdmix0" = trivmixService { name = "mpdmix0"; connectOut = "system:playback_3"; group = "mpd"; initial = "-35dB"; };
+  systemd.services."mpdmix1" = trivmixService { name = "mpdmix1"; connectOut = "system:playback_4"; group = "mpd"; initial = "-35dB"; };
 
-  systemd.services."passmix0" = trivmixService { name = "passmix0"; connectOut = "system:playback_3"; connectIn = "system:capture_5"; group = "vali_out"; };
-  systemd.services."passmix1" = trivmixService { name = "passmix1"; connectOut = "system:playback_4"; connectIn = "system:capture_6"; group = "vali_out"; };
+  systemd.services."passmix0" = trivmixService { name = "passmix0"; connectOut = "system:playback_3"; connectIn = "system:capture_5"; group = "vali_out"; initial = "-20dB"; };
+  systemd.services."passmix1" = trivmixService { name = "passmix1"; connectOut = "system:playback_4"; connectIn = "system:capture_6"; group = "vali_out"; initial = "-20dB"; };
 
-  systemd.services."passmix2" = trivmixService { name = "passmix2"; connectOut = "system:playback_5"; connectIn = "system:capture_1"; group = "vali_in"; };
-  systemd.services."passmix3" = trivmixService { name = "passmix3"; connectOut = "system:playback_6"; connectIn = "system:capture_1"; group = "vali_in"; };
+  systemd.services."passmix2" = trivmixService { name = "passmix2"; connectOut = "system:playback_5"; connectIn = "system:capture_1"; group = "vali_in"; initial = "1"; };
+  systemd.services."passmix3" = trivmixService { name = "passmix3"; connectOut = "system:playback_6"; connectIn = "system:capture_1"; group = "vali_in"; initial = "1"; };
 
-  systemd.services."passmix4" = trivmixService { name = "passmix4"; connectOut = "system:playback_3"; connectIn = "system:capture_7"; group = "hel_out"; };
-  systemd.services."passmix5" = trivmixService { name = "passmix5"; connectOut = "system:playback_4"; connectIn = "system:capture_8"; group = "hel_out"; };
+  systemd.services."passmix4" = trivmixService { name = "passmix4"; connectOut = "system:playback_3"; connectIn = "system:capture_7"; group = "hel_out"; initial = "-17.5dB"; };
+  systemd.services."passmix5" = trivmixService { name = "passmix5"; connectOut = "system:playback_4"; connectIn = "system:capture_8"; group = "hel_out"; initial = "-17.5dB"; };
 
-  systemd.services."passmix6" = trivmixService { name = "passmix6"; connectOut = "system:playback_7"; connectIn = "system:capture_1"; group = "hel_in"; };
-  systemd.services."passmix7" = trivmixService { name = "passmix7"; connectOut = "system:playback_8"; connectIn = "system:capture_1"; group = "hel_in"; };
+  systemd.services."passmix6" = trivmixService { name = "passmix6"; connectOut = "system:playback_7"; connectIn = "system:capture_1"; group = "hel_in"; initial = "1"; };
+  systemd.services."passmix7" = trivmixService { name = "passmix7"; connectOut = "system:playback_8"; connectIn = "system:capture_1"; group = "hel_in"; initial = "1"; };
 
   services.mpd = {
     enable = true;
diff --git a/custom/trivmix b/custom/trivmix
index c22d1fba..6454da50 160000
--- a/custom/trivmix
+++ b/custom/trivmix
@@ -1 +1 @@
-Subproject commit c22d1fbab9ffd09d461b82b096d9cac0edea7775
+Subproject commit 6454da50559e0eee810f81d33365a621857d8068
diff --git a/custom/trivmix-service.nix b/custom/trivmix-service.nix
index 3c3cded7..09a6dd3b 100644
--- a/custom/trivmix-service.nix
+++ b/custom/trivmix-service.nix
@@ -3,6 +3,7 @@
 , connectOut ? null
 , connectIn ? null
 , group ? null
+, initial ? null
 , trivmix
 , stdenv
 , makeWrapper
@@ -39,7 +40,7 @@ in rec {
     before = [ "mpd.service" ];
     serviceConfig = {
       Type = "simple";
-      ExecStart = ''${trivmix}/bin/trivmix --client ${name} --run ${genRun} /dev/shm/mix/${name}/level${if ! isNull group then " /dev/shm/mix/${group}/level" else ""}'';
+      ExecStart = ''${trivmix}/bin/trivmix --client ${name} --run ${genRun}${optionalString (initial != null) " --level ${initial}"} /dev/shm/mix/${name}/level${if ! isNull group then " /dev/shm/mix/${group}/level" else ""}'';
       User = "jack";
       Group = "audio";
       Nice = "-10";
diff --git a/custom/trivmix.nix b/custom/trivmix.nix
deleted file mode 120000
index c2f64840..00000000
--- a/custom/trivmix.nix
+++ /dev/null
@@ -1 +0,0 @@
-trivmix/package.nix
\ No newline at end of file
-- 
cgit v1.2.3


From 6fe2b6698f801d8f1e3d9b8a6a5b8db321481a45 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 8 Mar 2017 19:07:30 +0100
Subject: Bring optionalString into scope

---
 custom/trivmix-service.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/custom/trivmix-service.nix b/custom/trivmix-service.nix
index 09a6dd3b..5e0e5b47 100644
--- a/custom/trivmix-service.nix
+++ b/custom/trivmix-service.nix
@@ -33,6 +33,7 @@ let
         --prefix PATH : ${jack2Full}/bin
     '';
   };
+  inherit (stdenv.lib) optionalString;
 in rec {
   out = {
     wantedBy = [ "sound.target" ];
-- 
cgit v1.2.3


From 0631b6b91d79c55a4b3527719c6dc6b851369f3c Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 13:52:21 +0100
Subject: Bump trivmix

---
 custom/trivmix             |  2 +-
 custom/trivmix-service.nix | 59 ++++++++++++++++++++--------------------------
 2 files changed, 26 insertions(+), 35 deletions(-)

diff --git a/custom/trivmix b/custom/trivmix
index 6454da50..2f5f8801 160000
--- a/custom/trivmix
+++ b/custom/trivmix
@@ -1 +1 @@
-Subproject commit 6454da50559e0eee810f81d33365a621857d8068
+Subproject commit 2f5f880136f3411e7e8d919631e71ef05d0ae9ad
diff --git a/custom/trivmix-service.nix b/custom/trivmix-service.nix
index 5e0e5b47..56b26b6f 100644
--- a/custom/trivmix-service.nix
+++ b/custom/trivmix-service.nix
@@ -9,44 +9,35 @@
 , makeWrapper
 , jack2Full
 , coreutils
+, writeScript
 }:
 
 let
-  genRun = if ! isNull run then run else (
-    "${derivRun}/bin/run.sh"
-  );
-  derivRun = stdenv.mkDerivation {
-    name = "trivmix-run";
-    src = builtins.toFile "run.sh" ''
-      #!/bin/sh
+  connect = (! isNull connectOut) || (! isNull connectIn);
+  connectScript = writeScript "connect" ''
+    #!${stdenv.shell}
 
-      ${if ! isNull connectIn then "jack_connect ${connectIn} $1" else ""}
-      ${if ! isNull connectOut then "jack_connect $2 ${connectOut}" else ""}
-    '';
-    unpackPhase = "cat";
-    buildInputs = [ makeWrapper ];
-    installPhase = ''
-      mkdir -p $out/bin
-      cp $src $out/bin/run.sh
-      chmod 755 $out/bin/run.sh
-      wrapProgram $out/bin/run.sh \
-        --prefix PATH : ${jack2Full}/bin
-    '';
-  };
+    ${optionalString (! isNull connectIn) "jack_connect ${connectIn} $1"}
+    ${optionalString (! isNull connectOut) "jack_connect $2 ${connectOu}"}
+  '';
   inherit (stdenv.lib) optionalString;
-in rec {
-  out = {
-    wantedBy = [ "sound.target" ];
-    requires = [ "jack.service" ];
-    before = [ "mpd.service" ];
-    serviceConfig = {
-      Type = "simple";
-      ExecStart = ''${trivmix}/bin/trivmix --client ${name} --run ${genRun}${optionalString (initial != null) " --level ${initial}"} /dev/shm/mix/${name}/level${if ! isNull group then " /dev/shm/mix/${group}/level" else ""}'';
-      User = "jack";
-      Group = "audio";
-      Nice = "-10";
-      LimitRTPRIO = "95:95";
-      LimitMEMLOCK = "infinity";
-    };
+in {
+  wantedBy = [ "sound.target" ];
+  requires = [ "jack.service" ];
+  before = [ "mpd.service" ];
+  serviceConfig = {
+    Type = "simple";
+    ExecStart = ''${trivmix}/bin/trivmix --client ${name} \
+      ${optionalString connect "--run ${connectScript}"} \
+      ${optionalString (! isNull run) "--run ${run}"} \
+      ${optionalString (! isNull initial) "--level ${initial}"} \
+      /dev/shm/mix/${name}/level \
+      ${optionalString (! isNull group) "/dev/shm/mix/${group}/level"}
+    '';
+    User = "jack";
+    Group = "audio";
+    Nice = "-10";
+    LimitRTPRIO = "95:95";
+    LimitMEMLOCK = "infinity";
   };
 }
-- 
cgit v1.2.3


From 12d03d700f4b6b756111d6088dbd5db7ffbb7e7b Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 14:14:09 +0100
Subject: Bump trivmix

---
 custom/trivmix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/trivmix b/custom/trivmix
index 2f5f8801..10ed6c7c 160000
--- a/custom/trivmix
+++ b/custom/trivmix
@@ -1 +1 @@
-Subproject commit 2f5f880136f3411e7e8d919631e71ef05d0ae9ad
+Subproject commit 10ed6c7c73ac455b3dbfbbae2dd522f1581e68dc
-- 
cgit v1.2.3


From 879e4d4df3de9cd634f911cf320221b41dfa0427 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 14:36:13 +0100
Subject: Bump trivmix

---
 custom/trivmix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/trivmix b/custom/trivmix
index 10ed6c7c..96954e57 160000
--- a/custom/trivmix
+++ b/custom/trivmix
@@ -1 +1 @@
-Subproject commit 10ed6c7c73ac455b3dbfbbae2dd522f1581e68dc
+Subproject commit 96954e570a1143c25cd7674d4551e9813afd1416
-- 
cgit v1.2.3


From 78d20865d0ff0e743c0654600fa854bdb3fa6c99 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 16:04:07 +0100
Subject: Allow MPD to be RT (maybe)

---
 bragi.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/bragi.nix b/bragi.nix
index c128f0ac..a37eb915 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -162,6 +162,8 @@ in rec {
   systemd.services."mpd".requires = [ "jack.service" ];
   systemd.services."mpd".serviceConfig = {
       LimitMEMLOCK = "infinity";
+      Nice = "-5";
+      LimitRTPRIO = "95:95";
   };
 
   users.extraUsers.jack = {
-- 
cgit v1.2.3


From 91e7a818fc03704ef66176597551de347daafcd1 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 16:39:54 +0100
Subject: Authenticate root for any db

---
 bragi.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bragi.nix b/bragi.nix
index a37eb915..938206a9 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -368,6 +368,7 @@ in rec {
     enable = true;
     authentication = lib.mkForce ''
       local sameuser all peer
+      local root all peer
     '';
   };
 
-- 
cgit v1.2.3


From a75cb731911c5b7fcd194d78010847f14f0f69fe Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 16:41:04 +0100
Subject: Fix typo

---
 custom/trivmix-service.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/trivmix-service.nix b/custom/trivmix-service.nix
index 56b26b6f..7243f5e1 100644
--- a/custom/trivmix-service.nix
+++ b/custom/trivmix-service.nix
@@ -18,7 +18,7 @@ let
     #!${stdenv.shell}
 
     ${optionalString (! isNull connectIn) "jack_connect ${connectIn} $1"}
-    ${optionalString (! isNull connectOut) "jack_connect $2 ${connectOu}"}
+    ${optionalString (! isNull connectOut) "jack_connect $2 ${connectOut}"}
   '';
   inherit (stdenv.lib) optionalString;
 in {
-- 
cgit v1.2.3


From d88973bfbfc285fe2291ed606a271db26e0b51e8 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 16:42:35 +0100
Subject: Fix trivmix-service

---
 bragi.nix                  | 2 +-
 custom/trivmix-service.nix | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index 938206a9..69717890 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 
 let
-  trivmixService = opts: (pkgs.callPackage ./custom/trivmix-service.nix opts).out;
+  trivmixService = pkgs.callPackage ./custom/trivmix-service.nix;
   thermoprint-servant = (pkgs.callPackage ./custom/thermoprint {}).thermoprint-servant;
   inherit (pkgs) lib;
 in rec {
diff --git a/custom/trivmix-service.nix b/custom/trivmix-service.nix
index 7243f5e1..04f1634b 100644
--- a/custom/trivmix-service.nix
+++ b/custom/trivmix-service.nix
@@ -17,6 +17,8 @@ let
   connectScript = writeScript "connect" ''
     #!${stdenv.shell}
 
+    PATH=${jack2Full}/bin:$PATH
+
     ${optionalString (! isNull connectIn) "jack_connect ${connectIn} $1"}
     ${optionalString (! isNull connectOut) "jack_connect $2 ${connectOut}"}
   '';
-- 
cgit v1.2.3


From 370dd4bd9a5ee6526590a09f75a36769bf4a6907 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 16:44:08 +0100
Subject: Syntax?

---
 bragi.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index 69717890..9214c894 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 
 let
-  trivmixService = pkgs.callPackage ./custom/trivmix-service.nix;
+  trivmixService = opts: pkgs.callPackage ./custom/trivmix-service.nix opts;
   thermoprint-servant = (pkgs.callPackage ./custom/thermoprint {}).thermoprint-servant;
   inherit (pkgs) lib;
 in rec {
-- 
cgit v1.2.3


From 7ef554f858013163087a05ee3811ddadbc2a0109 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 16:45:13 +0100
Subject: Clean up mpd wrapping

---
 bragi.nix | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/bragi.nix b/bragi.nix
index 9214c894..62939d22 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -39,15 +39,7 @@ in rec {
 
       jack2Full = pkgs.jack2Full.override { dbus = null; };
 
-      mpd = pkgs.symlinkJoin {
-        name = "mpd";
-        paths = [ (pkgs.mpd.override { gmeSupport = false; pulseaudioSupport = false; }) ];
-        buildInputs = [ pkgs.makeWrapper ];
-        postBuild = ''
-          wrapProgram $out/bin/mpd \
-            --run "umask 0"
-        '';
-      };
+      mpd = pkgs.mpd.override { gmeSupport = false; pulseaudioSupport = false; };
       
       inherit (pkgs.callPackage ./custom/thermoprint { extraPackages = (p: with p; [ persistent-postgresql ]); }) thermoprint-server thermoprint-webgui tprint;
 
@@ -164,6 +156,7 @@ in rec {
       LimitMEMLOCK = "infinity";
       Nice = "-5";
       LimitRTPRIO = "95:95";
+      UMask = "0000";
   };
 
   users.extraUsers.jack = {
-- 
cgit v1.2.3


From fd5865d6f7fcd39ab1a1a2c0cb57c98c16e1ae9e Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 16:46:33 +0100
Subject: revert to having .out

---
 bragi.nix                  |  2 +-
 custom/trivmix-service.nix | 36 +++++++++++++++++++-----------------
 2 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/bragi.nix b/bragi.nix
index 62939d22..a3896b60 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 
 let
-  trivmixService = opts: pkgs.callPackage ./custom/trivmix-service.nix opts;
+  trivmixService = opts: (pkgs.callPackage ./custom/trivmix-service.nix opts).out;
   thermoprint-servant = (pkgs.callPackage ./custom/thermoprint {}).thermoprint-servant;
   inherit (pkgs) lib;
 in rec {
diff --git a/custom/trivmix-service.nix b/custom/trivmix-service.nix
index 04f1634b..e9120f88 100644
--- a/custom/trivmix-service.nix
+++ b/custom/trivmix-service.nix
@@ -24,22 +24,24 @@ let
   '';
   inherit (stdenv.lib) optionalString;
 in {
-  wantedBy = [ "sound.target" ];
-  requires = [ "jack.service" ];
-  before = [ "mpd.service" ];
-  serviceConfig = {
-    Type = "simple";
-    ExecStart = ''${trivmix}/bin/trivmix --client ${name} \
-      ${optionalString connect "--run ${connectScript}"} \
-      ${optionalString (! isNull run) "--run ${run}"} \
-      ${optionalString (! isNull initial) "--level ${initial}"} \
-      /dev/shm/mix/${name}/level \
-      ${optionalString (! isNull group) "/dev/shm/mix/${group}/level"}
-    '';
-    User = "jack";
-    Group = "audio";
-    Nice = "-10";
-    LimitRTPRIO = "95:95";
-    LimitMEMLOCK = "infinity";
+  out = {
+    wantedBy = [ "sound.target" ];
+    requires = [ "jack.service" ];
+    before = [ "mpd.service" ];
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = ''${trivmix}/bin/trivmix --client ${name} \
+        ${optionalString connect "--run ${connectScript}"} \
+        ${optionalString (! isNull run) "--run ${run}"} \
+        ${optionalString (! isNull initial) "--level ${initial}"} \
+        /dev/shm/mix/${name}/level \
+        ${optionalString (! isNull group) "/dev/shm/mix/${group}/level"}
+      '';
+      User = "jack";
+      Group = "audio";
+      Nice = "-10";
+      LimitRTPRIO = "95:95";
+      LimitMEMLOCK = "infinity";
+    };
   };
 }
-- 
cgit v1.2.3


From a73856721c85691f98b54de869df12ac7feb4f2e Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 16:57:28 +0100
Subject: Fix postgres auth

---
 bragi.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index a3896b60..c4a10e83 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -361,7 +361,8 @@ in rec {
     enable = true;
     authentication = lib.mkForce ''
       local sameuser all peer
-      local root all peer
+      local postgres all peer
+      local all root,@admins peer
     '';
   };
 
-- 
cgit v1.2.3


From 05e002206e42b703411294890fd07d3f3bd7d545 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 16:57:44 +0100
Subject: Bump trivmix

---
 custom/trivmix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/trivmix b/custom/trivmix
index 96954e57..6dd4d256 160000
--- a/custom/trivmix
+++ b/custom/trivmix
@@ -1 +1 @@
-Subproject commit 96954e570a1143c25cd7674d4551e9813afd1416
+Subproject commit 6dd4d2560b7a50b3d9415983560e2a1aa9046381
-- 
cgit v1.2.3


From 16f52b7974da86c916bf8048b02178c3da820c49 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 17:05:02 +0100
Subject: Bump trivmix

---
 custom/trivmix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/trivmix b/custom/trivmix
index 6dd4d256..70e60034 160000
--- a/custom/trivmix
+++ b/custom/trivmix
@@ -1 +1 @@
-Subproject commit 6dd4d2560b7a50b3d9415983560e2a1aa9046381
+Subproject commit 70e600346fb5875defe14d578883c9838695d533
-- 
cgit v1.2.3


From 69542f257e76eaa6840b06ec395c96f448d31279 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 21:24:45 +0100
Subject: Postgresql schema

---
 bragi.nix | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/bragi.nix b/bragi.nix
index c4a10e83..ed60b241 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -360,9 +360,12 @@ in rec {
   services.postgresql = {
     enable = true;
     authentication = lib.mkForce ''
-      local sameuser all peer
-      local postgres all peer
-      local all root,@admins peer
+      local all all peer
+    '';
+    initialScript = ''
+      CREATE DATABASE thermoprint;
+      CREATE USER thermoprint;
+      GRANT ALL ON DATABASE thermoprint TO thermoprint;
     '';
   };
 
-- 
cgit v1.2.3


From b519427c4e02671dffa24aa6e6ddf536480fb9d4 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 21:30:10 +0100
Subject: Add types to thermoprint-server

---
 bragi/thermoprint-server/thermoprint-server.hs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/bragi/thermoprint-server/thermoprint-server.hs b/bragi/thermoprint-server/thermoprint-server.hs
index 4f909f80..6142e7d9 100644
--- a/bragi/thermoprint-server/thermoprint-server.hs
+++ b/bragi/thermoprint-server/thermoprint-server.hs
@@ -13,12 +13,15 @@ import Control.Monad.Reader
 
 import Database.Persist.Postgresql
 
+type ServerM = ReaderT ConnectionPool (LoggingT IO)
+
 main :: IO ()
 main = thermoprintServer True (Nat runDb) $ (\c -> c { queueManagers = queueManagers }) <$> def `withPrinters` printers
   where
-    runDb :: ReaderT ConnectionPool (LoggingT IO) a -> IO a
+    runDb :: ServerM a -> IO a
     runDb = runStderrLoggingT . withPostgresqlPool "" 5 . runReaderT
 
+    printers :: [(ResourceT ServerM PrinterMethod, QMConfig (ResourceT ServerM))]
     printers = [ (pure $ genericPrint "/dev/usb/lp0", def)
                ]
 
-- 
cgit v1.2.3


From 504f37e806fec0077fa894955c818578f68a69b1 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 21:31:58 +0100
Subject: Typing

---
 bragi.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index ed60b241..c363b22e 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -362,7 +362,7 @@ in rec {
     authentication = lib.mkForce ''
       local all all peer
     '';
-    initialScript = ''
+    initialScript = pkgs.writeText "schema.sql" ''
       CREATE DATABASE thermoprint;
       CREATE USER thermoprint;
       GRANT ALL ON DATABASE thermoprint TO thermoprint;
-- 
cgit v1.2.3


From edd2494e67cc92b8fb4a0ff706ea3a53248ca6d3 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 21:38:11 +0100
Subject: Adjust schema

---
 bragi.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index c363b22e..3fc941cc 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -363,8 +363,8 @@ in rec {
       local all all peer
     '';
     initialScript = pkgs.writeText "schema.sql" ''
-      CREATE DATABASE thermoprint;
       CREATE USER thermoprint;
+      CREATE DATABASE thermoprint WITH OWNER = thermoprint;
       GRANT ALL ON DATABASE thermoprint TO thermoprint;
     '';
   };
-- 
cgit v1.2.3


From 03025c105e5fb3055e57e2df9d2af258d579ff7f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 21:58:34 +0100
Subject: Configure warp

---
 bragi/thermoprint-server/thermoprint-server.hs | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/bragi/thermoprint-server/thermoprint-server.hs b/bragi/thermoprint-server/thermoprint-server.hs
index 6142e7d9..97b37374 100644
--- a/bragi/thermoprint-server/thermoprint-server.hs
+++ b/bragi/thermoprint-server/thermoprint-server.hs
@@ -1,5 +1,6 @@
 {-# LANGUAGE OverloadedStrings  #-}
 {-# LANGUAGE ImpredicativeTypes #-}
+{-# LANGUAGE RecordWildCards    #-}
 
 module Main (main) where
 
@@ -11,19 +12,22 @@ import Control.Monad.Trans.Resource
 import Control.Monad.Logger
 import Control.Monad.Reader
 
+import Data.Function ((&))
+
 import Database.Persist.Postgresql
 
+import qualified Network.Wai.Handler.Warp as Warp
+
 type ServerM = ReaderT ConnectionPool (LoggingT IO)
 
 main :: IO ()
-main = thermoprintServer True (Nat runDb) $ (\c -> c { queueManagers = queueManagers }) <$> def `withPrinters` printers
+main = thermoprintServer True (Nat runDb) $ configure (\c -> c{..}) <$> def `withPrinters` printers'
   where
     runDb :: ServerM a -> IO a
     runDb = runStderrLoggingT . withPostgresqlPool "" 5 . runReaderT
 
-    printers :: [(ResourceT ServerM PrinterMethod, QMConfig (ResourceT ServerM))]
-    printers = [ (pure $ genericPrint "/dev/usb/lp0", def)
-               ]
+    printers' = [ (pure $ genericPrint "/dev/usb/lp0", def :: QMConfig (ResourceT ServerM))
+                ]
 
     queueManagers _ = QMConfig
       { manager = union [ limitHistorySize 100
@@ -31,3 +35,7 @@ main = thermoprintServer True (Nat runDb) $ (\c -> c { queueManagers = queueMana
                         ]
       , collapse = standardCollapse
       }
+
+    warpSettings = Warp.defaultSettings
+      & Warp.setHost "localhost"
+      & Warp.setPort 8080
-- 
cgit v1.2.3


From cf6ba7cbff444db49797076b70a639961f29e8ef Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 22:02:46 +0100
Subject: Syntax

---
 bragi/thermoprint-server/thermoprint-server.hs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/bragi/thermoprint-server/thermoprint-server.hs b/bragi/thermoprint-server/thermoprint-server.hs
index 97b37374..7e571021 100644
--- a/bragi/thermoprint-server/thermoprint-server.hs
+++ b/bragi/thermoprint-server/thermoprint-server.hs
@@ -1,6 +1,5 @@
 {-# LANGUAGE OverloadedStrings  #-}
 {-# LANGUAGE ImpredicativeTypes #-}
-{-# LANGUAGE RecordWildCards    #-}
 
 module Main (main) where
 
@@ -21,7 +20,7 @@ import qualified Network.Wai.Handler.Warp as Warp
 type ServerM = ReaderT ConnectionPool (LoggingT IO)
 
 main :: IO ()
-main = thermoprintServer True (Nat runDb) $ configure (\c -> c{..}) <$> def `withPrinters` printers'
+main = thermoprintServer True (Nat runDb) $ configure <$> def `withPrinters` printers'
   where
     runDb :: ServerM a -> IO a
     runDb = runStderrLoggingT . withPostgresqlPool "" 5 . runReaderT
@@ -29,6 +28,11 @@ main = thermoprintServer True (Nat runDb) $ configure (\c -> c{..}) <$> def `wit
     printers' = [ (pure $ genericPrint "/dev/usb/lp0", def :: QMConfig (ResourceT ServerM))
                 ]
 
+    configure c = c
+      { queueManagers = queueManagers
+      , warpSettings  = warpSettings
+      }
+
     queueManagers _ = QMConfig
       { manager = union [ limitHistorySize 100
                         , limitHistoryAge 3600
-- 
cgit v1.2.3


From 5f7dfe0b58e961d4f798691e6067d61e44460470 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 22:08:24 +0100
Subject: Poke thermoprint config

---
 bragi.nix                                      | 9 ++-------
 bragi/thermoprint-server/thermoprint-server.hs | 2 +-
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/bragi.nix b/bragi.nix
index 3fc941cc..987a83d6 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -270,14 +270,9 @@ in rec {
     home = "/var/lib/thermoprint";
   };
 
-  environment.etc."thermoprint-server" = {
-    source = ./bragi/thermoprint-server;
-    mode = "symlink";
-  };
-
   systemd.services."thermoprint" = {
     environment = {
-      THERMOPRINT_CONFIG = "/etc/thermoprint-server";
+      THERMOPRINT_CONFIG = ./bragi/thermoprint-server;
       THERMOPRINT_CACHE = ''${users.extraUsers."thermoprint".home}/dyre'';
     };
     requires = [ "postgresql.service" ];
@@ -344,7 +339,7 @@ in rec {
         server_name _;
 
         location /thermoprint/api/ {
-          proxy_pass http://localhost:8080/;
+          proxy_pass http://::1:8080/;
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection "upgrade";
diff --git a/bragi/thermoprint-server/thermoprint-server.hs b/bragi/thermoprint-server/thermoprint-server.hs
index 7e571021..4635dd0a 100644
--- a/bragi/thermoprint-server/thermoprint-server.hs
+++ b/bragi/thermoprint-server/thermoprint-server.hs
@@ -41,5 +41,5 @@ main = thermoprintServer True (Nat runDb) $ configure <$> def `withPrinters` pri
       }
 
     warpSettings = Warp.defaultSettings
-      & Warp.setHost "localhost"
+      & Warp.setHost "::1"
       & Warp.setPort 8080
-- 
cgit v1.2.3


From dc35d6f401e0906efcd51ce9306d63a69a9ee561 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Mar 2017 22:10:16 +0100
Subject: IPv6 needs brackets

---
 bragi.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index 987a83d6..7e29ec43 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -339,7 +339,7 @@ in rec {
         server_name _;
 
         location /thermoprint/api/ {
-          proxy_pass http://::1:8080/;
+          proxy_pass http://[::1]:8080/;
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection "upgrade";
-- 
cgit v1.2.3


From 5052da408a92789628bef30c83ad6da65d7d6fc9 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 10 Mar 2017 00:43:03 +0100
Subject: Bar.hs

---
 bragi.nix    | 33 +++++++++++++++++++++++++
 bragi/bar.hs | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 113 insertions(+)
 create mode 100755 bragi/bar.hs

diff --git a/bragi.nix b/bragi.nix
index 7e29ec43..474ccb1a 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -282,6 +282,7 @@ in rec {
       ExecStart = ''${pkgs.thermoprint-server}/bin/thermoprint-server --force-reconf'';
       User = users.extraUsers."thermoprint".name;
       Group = users.extraUsers."thermoprint".group;
+      WorkingDirectory = "~";
     };
   };
 
@@ -292,6 +293,30 @@ in rec {
       ExecStart = ''${pkgs.thermoprint-webgui}/bin/thermoprint-webgui -P 80 -A localhost -F /thermoprint/api/ -a "localhost" -p 8081'';
       User = users.extraUsers."thermoprint".name;
       Group = users.extraUsers."thermoprint".group;
+      WorkingDirectory = "~";
+    };
+  };
+
+  users.extraUsers."bar" = {
+    name = "bar";
+    group = "bar";
+    isSystemUser = true;
+    createHome = true;
+    home = "/var/lib/bar";
+  };
+
+  systemd.services."bar" = {
+    environment = {
+      PORT = 8082;
+    };
+    requires = [ "postgresql.service" ];
+    wantedBy = [ "default.target" ];
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = ./bragi/bar.hs;
+      User = users.extraUsers."bar".name;
+      Group = users.extraUsers."bar".group;
+      WorkingDirectory = "~";
     };
   };
 
@@ -348,6 +373,10 @@ in rec {
         location /thermoprint/ {
           proxy_pass http://localhost:8081/;
         }
+
+        location /bar/ {
+          proxy_pass http://localhost:8082/;
+        };
       }
     '';
   };
@@ -361,6 +390,10 @@ in rec {
       CREATE USER thermoprint;
       CREATE DATABASE thermoprint WITH OWNER = thermoprint;
       GRANT ALL ON DATABASE thermoprint TO thermoprint;
+
+      CREATE USER bar;
+      CREATE DATABASE bar WITH OWNER = bar;
+      GRANT ALL ON DATABASE bar TO bar;
     '';
   };
 
diff --git a/bragi/bar.hs b/bragi/bar.hs
new file mode 100755
index 00000000..43e1306b
--- /dev/null
+++ b/bragi/bar.hs
@@ -0,0 +1,80 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -i runghc -p "haskellPackages.ghcWithPackages (p: with p; [ yesod persistent-postgresql ])"
+
+
+{-# LANGUAGE RecordWildCards            #-}
+{-# LANGUAGE FlexibleContexts           #-}
+{-# LANGUAGE GADTs                      #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE MultiParamTypeClasses      #-}
+{-# LANGUAGE OverloadedStrings          #-}
+{-# LANGUAGE QuasiQuotes                #-}
+{-# LANGUAGE TemplateHaskell            #-}
+{-# LANGUAGE TypeFamilies               #-}
+{-# LANGUAGE FlexibleInstances          #-}
+  
+
+import Yesod
+import Database.Persist.Postgresql
+import Control.Monad.Logger (runStderrLoggingT)
+import Control.Monad.Reader
+
+import Data.Time.Calendar
+
+import Data.Text (Text)
+import qualified Data.Text as Text
+
+import Data.Map.Lazy (Map)
+import qualified Data.Map.Lazy as Map
+
+import Data.Aeson
+
+
+share [mkPersist sqlSettings, mkMigrate "migrateAll"] [persistLowerCase|
+Item
+    kind Text
+    bought Day Maybe
+    expires Day Maybe
+    opened Day Maybe
+    deriving Show
+|]
+
+instance ToJSON Item where
+  toJSON Item{..} = object
+    [ "kind" .= itemKind
+    , "bought" .= itemBought
+    , "expires" .= itemExpires
+    , "opened" .= itemOpened
+    ]
+  
+instance ToJSON (Entity Item) where
+  toJSON = entityIdToJSON
+
+
+data BarInventory = BarInventory
+  { sqlPool :: ConnectionPool
+  }
+
+mkYesod "BarInventory" [parseRoutes|
+/ InventoryR GET
+|]
+
+instance Yesod BarInventory
+
+instance YesodPersist BarInventory where
+  type YesodPersistBackend BarInventory = SqlBackend
+
+  runDB action = runSqlPool action . sqlPool =<< getYesod
+
+
+main = runStderrLoggingT . withPostgresqlPool "" 5 . runReaderT $ do
+  sqlPool <- ask
+  liftIO . warpEnv $ BarInventory{..}
+
+
+getInventoryR :: Handler TypedContent
+getInventoryR = do
+  stock <- runDB $ selectList [] []
+  
+  selectRep $ do
+    provideRep . return . toJSON $ (stock :: [Entity Item])
-- 
cgit v1.2.3


From 614ecef9341c8a0e1128269e0fe548718d89c2bd Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 10 Mar 2017 00:44:17 +0100
Subject: Environment is strings

---
 bragi.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index 474ccb1a..66f2efd9 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -307,7 +307,7 @@ in rec {
 
   systemd.services."bar" = {
     environment = {
-      PORT = 8082;
+      PORT = "8082";
     };
     requires = [ "postgresql.service" ];
     wantedBy = [ "default.target" ];
-- 
cgit v1.2.3


From 52a128f091db3f802a42c1101989c6f5edff41c7 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 10 Mar 2017 00:46:19 +0100
Subject: nginx syntax

---
 bragi.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index 66f2efd9..efbe287f 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -376,7 +376,7 @@ in rec {
 
         location /bar/ {
           proxy_pass http://localhost:8082/;
-        };
+        }
       }
     '';
   };
-- 
cgit v1.2.3


From f8aa757637c79d8fb3a1cf499e40dd384de93fba Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 10 Mar 2017 00:47:55 +0100
Subject: Strike useless group

---
 bragi.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index efbe287f..2d46c072 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -299,7 +299,6 @@ in rec {
 
   users.extraUsers."bar" = {
     name = "bar";
-    group = "bar";
     isSystemUser = true;
     createHome = true;
     home = "/var/lib/bar";
-- 
cgit v1.2.3


From ecb2ef2cad73b2d3e77a2373ce3f7c970f345497 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 10 Mar 2017 00:49:37 +0100
Subject: We still need a (any) group

---
 bragi.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bragi.nix b/bragi.nix
index 2d46c072..2b05c0be 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -299,6 +299,7 @@ in rec {
 
   users.extraUsers."bar" = {
     name = "bar";
+    group = "nogroup";
     isSystemUser = true;
     createHome = true;
     home = "/var/lib/bar";
-- 
cgit v1.2.3


From a427cc83112aabc7a2e6c5c96d937a9e5ef6aecb Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 10 Mar 2017 00:52:00 +0100
Subject: bar.hs needs path for nix-shell

---
 bragi.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bragi.nix b/bragi.nix
index 2b05c0be..4768ab60 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -308,6 +308,7 @@ in rec {
   systemd.services."bar" = {
     environment = {
       PORT = "8082";
+      PATH = "/run/current-system/sw/bin";
     };
     requires = [ "postgresql.service" ];
     wantedBy = [ "default.target" ];
-- 
cgit v1.2.3


From c24a5e4fed251bad81ec517882fd99c918b7b5eb Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 10 Mar 2017 00:52:46 +0100
Subject: chrony was already replaced by timesyncd

---
 bragi.nix | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/bragi.nix b/bragi.nix
index 4768ab60..4e537696 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -247,14 +247,6 @@ in rec {
     '';
   };
 
-  services.ntp = {
-    enable = false;
-  };
-
-  services.chrony = {
-    enable = true;
-  };
-
   users.extraUsers.root = let
     template = (import users/gkleen.nix);
     in {
-- 
cgit v1.2.3


From 2ead8126253b9737ec9a78e3d3d4b52904a8835c Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 10 Mar 2017 01:01:15 +0100
Subject: Poke service config

---
 bragi.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/bragi.nix b/bragi.nix
index 4e537696..f5774548 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -298,15 +298,16 @@ in rec {
   };
 
   systemd.services."bar" = {
-    environment = {
+    environment = config.nix.envVars // {
+      inherit (config.environment.sessionVariables) NIX_PATH;
       PORT = "8082";
-      PATH = "/run/current-system/sw/bin";
     };
     requires = [ "postgresql.service" ];
     wantedBy = [ "default.target" ];
+    path = [ config.nix.package.out ];
     serviceConfig = {
       Type = "simple";
-      ExecStart = ./bragi/bar.hs;
+      execStart = ./bragi/bar.hs;
       User = users.extraUsers."bar".name;
       Group = users.extraUsers."bar".group;
       WorkingDirectory = "~";
-- 
cgit v1.2.3


From 65750f6a2e08be179c716fd676654acc419071e0 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 10 Mar 2017 01:02:44 +0100
Subject: Typo

---
 bragi.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index f5774548..e1ac5d20 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -307,7 +307,7 @@ in rec {
     path = [ config.nix.package.out ];
     serviceConfig = {
       Type = "simple";
-      execStart = ./bragi/bar.hs;
+      ExecStart = ./bragi/bar.hs;
       User = users.extraUsers."bar".name;
       Group = users.extraUsers."bar".group;
       WorkingDirectory = "~";
-- 
cgit v1.2.3


From 1c20c173d1748be5a28719fcdd12e7ac180fc075 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 10 Mar 2017 01:05:18 +0100
Subject: Configure deps in service

---
 bragi.nix | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/bragi.nix b/bragi.nix
index e1ac5d20..ce53e6ee 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -298,16 +298,14 @@ in rec {
   };
 
   systemd.services."bar" = {
-    environment = config.nix.envVars // {
-      inherit (config.environment.sessionVariables) NIX_PATH;
+    environment = {
       PORT = "8082";
     };
     requires = [ "postgresql.service" ];
     wantedBy = [ "default.target" ];
-    path = [ config.nix.package.out ];
     serviceConfig = {
       Type = "simple";
-      ExecStart = ./bragi/bar.hs;
+      ExecStart = (pkgs.haskellPackages.ghcWithPackages (p: with p; [yesod persistent-postgresql])) ++ "/bin/runghc ${./bragi/bar.hs}";
       User = users.extraUsers."bar".name;
       Group = users.extraUsers."bar".group;
       WorkingDirectory = "~";
-- 
cgit v1.2.3


From 0fb12fb1b1f56df29e21f47d0560abb696d82fcf Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 10 Mar 2017 01:06:00 +0100
Subject: Cleanup

---
 bragi.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/bragi.nix b/bragi.nix
index ce53e6ee..cc8c5976 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -297,7 +297,9 @@ in rec {
     home = "/var/lib/bar";
   };
 
-  systemd.services."bar" = {
+  systemd.services."bar" = let
+    ghc = pkgs.haskellPackages.ghcWithPackages (p: with p; [yesod persistent-postgresql]);
+  in {
     environment = {
       PORT = "8082";
     };
@@ -305,7 +307,7 @@ in rec {
     wantedBy = [ "default.target" ];
     serviceConfig = {
       Type = "simple";
-      ExecStart = (pkgs.haskellPackages.ghcWithPackages (p: with p; [yesod persistent-postgresql])) ++ "/bin/runghc ${./bragi/bar.hs}";
+      ExecStart = "${ghc}/bin/runghc ${./bragi/bar.hs}";
       User = users.extraUsers."bar".name;
       Group = users.extraUsers."bar".group;
       WorkingDirectory = "~";
-- 
cgit v1.2.3


From 0eeb4d561ab478747d721db4a0f015b7b976fb32 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 10 Mar 2017 01:13:25 +0100
Subject: Run migration

---
 bragi/bar.hs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bragi/bar.hs b/bragi/bar.hs
index 43e1306b..067e5af4 100755
--- a/bragi/bar.hs
+++ b/bragi/bar.hs
@@ -69,6 +69,7 @@ instance YesodPersist BarInventory where
 
 main = runStderrLoggingT . withPostgresqlPool "" 5 . runReaderT $ do
   sqlPool <- ask
+  mapM_ ($(logWarnS) "DB") =<< runSqlPool (runMigrationSilent migrateAll) sqlPool
   liftIO . warpEnv $ BarInventory{..}
 
 
-- 
cgit v1.2.3


From a91deb0648eaf9e8526236c6e4cf29159567ceeb Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 11 Mar 2017 21:37:45 +0100
Subject: Feature complete bar

---
 bragi/bar.hs | 396 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 385 insertions(+), 11 deletions(-)

diff --git a/bragi/bar.hs b/bragi/bar.hs
index 067e5af4..64650779 100755
--- a/bragi/bar.hs
+++ b/bragi/bar.hs
@@ -12,14 +12,22 @@
 {-# LANGUAGE TemplateHaskell            #-}
 {-# LANGUAGE TypeFamilies               #-}
 {-# LANGUAGE FlexibleInstances          #-}
+{-# LANGUAGE ViewPatterns               #-}
+{-# LANGUAGE TupleSections              #-}
+{-# LANGUAGE ApplicativeDo              #-}
   
 
 import Yesod
 import Database.Persist.Postgresql
+  
 import Control.Monad.Logger (runStderrLoggingT)
 import Control.Monad.Reader
+import Control.Monad.Writer
+import Control.Monad.Trans.Maybe
 
+import Data.Time.Clock
 import Data.Time.Calendar
+import Data.Time.Format
 
 import Data.Text (Text)
 import qualified Data.Text as Text
@@ -27,7 +35,17 @@ import qualified Data.Text as Text
 import Data.Map.Lazy (Map)
 import qualified Data.Map.Lazy as Map
 
+import Data.Set (Set)
+import qualified Data.Set as Set
+
 import Data.Aeson
+import Data.Traversable
+import Data.Maybe
+import Data.Bool
+import Data.String (IsString(..))
+import Data.Unique
+import Data.List (sortOn)
+import Data.Ord
 
 
 share [mkPersist sqlSettings, mkMigrate "migrateAll"] [persistLowerCase|
@@ -36,46 +54,402 @@ Item
     bought Day Maybe
     expires Day Maybe
     opened Day Maybe
-    deriving Show
+    deriving Show Eq
 |]
 
+instance Ord Item where
+  x `compare` y = mconcat
+                  [ (isNothing $ itemOpened x) `compare` (isNothing $ itemOpened y)
+                  , itemOpened x `compare` itemOpened y
+                  , itemExpires x `compare` itemExpires x
+                  , itemKind x `compare` itemKind x
+                  , itemBought x `compare` itemBought x
+                  ]
+
 instance ToJSON Item where
-  toJSON Item{..} = object
+  toJSON Item{..} = object $
     [ "kind" .= itemKind
-    , "bought" .= itemBought
-    , "expires" .= itemExpires
-    , "opened" .= itemOpened
-    ]
+    ] ++ maybe [] (\x -> ["bought" .= x]) itemBought
+    ++ maybe [] (\x -> ["expires" .= x]) itemExpires
+    ++ maybe [] (\x -> ["opened" .= x]) itemOpened
+
+instance FromJSON Item where
+  parseJSON = withObject "Item" $ \obj -> do
+    itemKind <- obj .: "kind"
+    itemBought <- obj .:? "bought"
+    itemExpires <- obj .:? "expires"
+    itemOpened <- obj .:? "opened"
+    return Item{..}
   
 instance ToJSON (Entity Item) where
   toJSON = entityIdToJSON
 
+instance FromJSON (Entity Item) where
+  parseJSON = entityIdFromJSON
+
+data ItemDiff = DiffKind Text
+              | DiffBought (Maybe Day)
+              | DiffExpires (Maybe Day)
+              | DiffOpened (Maybe Day)
+
+newtype ItemDiffs = ItemDiffs [ItemDiff]
 
+instance FromJSON ItemDiffs where
+  parseJSON = withObject "ItemDiff" $ \obj -> fmap ItemDiffs . execWriterT $ do
+    tell =<< maybe [] (pure . DiffKind) <$> lift (obj .:? "kind")
+    tell =<< maybe [] (pure . DiffBought) <$> lift (obj .:! "bought")
+    tell =<< maybe [] (pure . DiffExpires) <$> lift (obj .:! "expires")
+    tell =<< maybe [] (pure . DiffOpened) <$> lift (obj .:! "opened")
+
+toUpdate :: ItemDiffs -> [Update Item]
+toUpdate (ItemDiffs ds) = do
+  x <- ds
+  return $ case x of
+    DiffKind t -> ItemKind =. t
+    DiffBought d -> ItemBought =. d
+    DiffExpires d -> ItemExpires =. d
+    DiffOpened d -> ItemOpened =. d
+
+  
 data BarInventory = BarInventory
   { sqlPool :: ConnectionPool
   }
 
 mkYesod "BarInventory" [parseRoutes|
-/ InventoryR GET
+/ InventoryR GET PUT POST
+/#ItemId ItemR GET PUT PATCH DELETE
+/#ItemId/open OpenItemR POST
+/#ItemId/update UpdateItemR POST GET
+/#ItemId/delete DeleteItemR POST
 |]
 
 instance Yesod BarInventory
 
+instance RenderMessage BarInventory FormMessage where
+  renderMessage _ _ = defaultFormMessage
+
 instance YesodPersist BarInventory where
   type YesodPersistBackend BarInventory = SqlBackend
 
   runDB action = runSqlPool action . sqlPool =<< getYesod
 
 
-main = runStderrLoggingT . withPostgresqlPool "" 5 . runReaderT $ do
+data ViewState = ViewState
+  { errs :: [Text]
+  , insertForm :: Maybe Widget
+  , insertEncoding :: Maybe Enctype
+  , stock :: [Entity Item]
+  , updateItem :: Maybe ItemId
+  , updateForm :: Maybe Widget
+  , updateEncoding :: Maybe Enctype
+  }
+
+
+
+main = runStderrLoggingT . withPostgresqlPool "user=bar dbname=bar" 5 . runReaderT $ do
   sqlPool <- ask
   mapM_ ($(logWarnS) "DB") =<< runSqlPool (runMigrationSilent migrateAll) sqlPool
   liftIO . warpEnv $ BarInventory{..}
 
 
-getInventoryR :: Handler TypedContent
+itemFragment itemId = "item" <> show (fromSqlKey itemId)
+  
+itemForm :: Maybe Item -> Html -> MForm Handler (FormResult Item, Widget)
+itemForm proto identView = do
+  today <- utctDay <$> liftIO getCurrentTime
+  
+  (kindRes, kindView) <- mreq textField "" $ itemKind <$> proto
+  (boughtRes, boughtWidget) <- dayForm (maybe (Just $ Just today) Just $ fmap itemBought proto) "Unknown"
+  (expiresRes, expiresWidget) <- dayForm (fmap itemExpires proto) "Never"
+  (openedRes, openedWidget) <- dayForm (fmap itemOpened proto) "Never"
+
+  let itemRes = do
+        itemKind <- kindRes
+        itemBought <- boughtRes
+        itemExpires <- expiresRes
+        itemOpened <- openedRes
+        return Item{..}
+
+  return . (itemRes, ) $ do
+    toWidget
+      [cassius|
+              label.checkbox
+                input
+                  vertical-align: middle
+                span
+                  vertical-align: middle
+              |]
+    -- addScriptRemote "https://cdn.jsdelivr.net/webshim/1.16.0/extras/modernizr-custom.js"
+    addScriptRemote "https://cdn.jsdelivr.net/webshim/1.16.0/polyfiller.js"
+    addScriptRemote "https://cdn.jsdelivr.net/jquery/3.1.1/jquery.js"
+    toWidget
+      [julius|
+             webshims.setOptions("forms-ext", {
+               "widgets": {
+                 "classes": "hide-dropdownbtn"
+               }
+             });
+             webshims.activeLang("en-GB");
+             webshims.polyfill("forms forms-ext");
+             |]
+    [whamlet|
+            #{identView}
+            <div .td>^{fvInput kindView}
+            <div .td>^{boughtWidget}
+            <div .td>^{expiresWidget}
+            <div .td>^{openedWidget}
+            |]
+  where
+    dayForm :: Maybe (Maybe Day) -> String -> MForm Handler (FormResult (Maybe Day), Widget)
+    dayForm proto label = do
+      today <- utctDay <$> liftIO getCurrentTime
+
+      checkboxId <- ("check" <>) . show . hashUnique <$> liftIO newUnique
+      
+      (fmap (fromMaybe False) -> isNothingRes, isNothingView) <-
+        mopt checkBoxField ("" { fsId = Just $ Text.pack checkboxId }) . Just . Just . fromMaybe True $ fmap isNothing proto
+      (dayRes, dayView) <-
+        mreq dayField "" . Just . fromMaybe today $ join proto
+
+      let res = (bool Just (const Nothing) <$> isNothingRes) <*> dayRes
+      return . (res, ) $ do
+        [whamlet|
+                $newline never
+                <div .table>
+                  <div .tr>
+                    <label for=#{checkboxId} .checkbox .td>
+                      ^{fvInput isNothingView}
+                      <span>
+                        #{label}
+                  <div .tr>
+                    <div .td .dayInput>^{fvInput dayView}
+                |]
+
+
+
+getInventoryR, postInventoryR :: Handler TypedContent
+postInventoryR = getInventoryR
 getInventoryR = do
-  stock <- runDB $ selectList [] []
+  ((insertResult, (Just -> insertForm)), (Just -> insertEncoding)) <- runFormPost $ itemForm Nothing
+
+  errs <- case insertResult of 
+    FormSuccess newItem -> [] <$ runDB (insert newItem)
+    FormFailure errors -> return errors
+    _ -> return []
+
+  (sortOn entityVal -> stock) <- runDB $ selectList [] []
+
+  selectRep $ do
+    provideJson (stock :: [Entity Item])
+    provideRep $ mainView ViewState
+      { updateItem = Nothing
+      , updateForm = Nothing
+      , updateEncoding = Nothing
+      , ..
+      }
+
+postUpdateItemR, getUpdateItemR :: ItemId -> Handler TypedContent
+postUpdateItemR = getUpdateItemR
+getUpdateItemR updateItem = do
+  Just entity <- fmap (Entity updateItem) <$> runDB (get updateItem)
   
+  ((updateResult, (Just -> updateForm)), (Just -> updateEncoding)) <- runFormPost . itemForm . Just $ entityVal entity
+
+  errs <- case updateResult of 
+    FormSuccess Item{..} -> [] <$ runDB (update updateItem [ ItemKind =. itemKind
+                                                           , ItemBought =. itemBought
+                                                           , ItemExpires =. itemExpires
+                                                           , ItemOpened =. itemOpened
+                                                           ])
+    FormFailure errors -> return errors
+    _ -> return []
+
+  selectRep $ do
+    provideRep $ case updateResult of
+      FormSuccess _ -> redirect $ InventoryR :#: itemFragment updateItem :: Handler Html
+      _ -> do
+        (sortOn entityVal -> stock) <- runDB $ selectList [] []
+        mainView ViewState
+          { insertForm = Nothing
+          , insertEncoding = Nothing
+          , updateItem = Just updateItem
+          , ..
+          }
+    provideJson ()
+
+mainView :: ViewState -> Handler Html
+mainView ViewState{..} = defaultLayout $ do 
+    let
+      dayFormat = formatTime defaultTimeLocale "%e. %b %y"
+              
+    setTitle "Bar Inventory"
+    toWidget
+      [cassius|
+              .table
+                display: table
+              .table div
+                vertical-align: middle
+              .td
+                display: table-cell
+                text-align: center
+                padding: 0.25em
+              .tr
+                display: table-row
+              .tc
+                display: table-caption
+                padding: 0.25em
+              .th
+                display: table-cell
+                font-variant: small-caps
+                font-weight: bold
+                text-align: center
+                padding: 0.25em
+              .kind
+                display: table-cell
+                text-align: left
+                padding: 0.25em
+              .table .table .td, .table .table .tc, .table .table .th, .table .table .kind
+                padding: 0
+              .error
+                background-color: #fdd
+                text-align: center
+                color: #c00
+                list-style-type: none
+              button
+                width: 6em
+                display:inline-text
+              .day hr
+                width: 2em
+                border: 1px solid #ddd
+                border-style: solid none solid none
+              .sepBelow > div, .sepAbove > div
+                border: 2px none #ddd
+              .sepBelow > div
+                border-bottom-style: solid
+              .sepAbove > div
+                border-top-style: solid
+              .color:nth-child(even)
+                background-color: #f0f0f0
+              .color:nth-child(odd)
+                background-color: #fff
+              body > div
+                margin: 0 auto
+              .table > h1
+                display: table-caption
+              h1
+                font-size: 1.5em
+                font-weight: bold
+                font-variant: small-caps
+                text-align: center
+                margin:0 0 .5em 0
+              |]
+    toWidget
+      [whamlet|
+              <div .table>
+                <h1>
+                  Inventory
+                $if not $ null errs
+                  <ul .tc .error .sepBelow>
+                  $forall e <- errs
+                    <li>#{e}
+                <div .tr .sepBelow>
+                  <div .th>Description
+                  <div .th>Bought
+                  <div .th>Expires
+                  <div .th>Opened
+                  <div .th>Actions
+                $maybe insertEncoding <- insertEncoding
+                  $maybe insertForm <- insertForm
+                    <form .tr .sepBelow action=@{InventoryR} method=post enctype=#{insertEncoding}>
+                      ^{insertForm}
+                      <div .td>
+                        <button type=submit>
+                          Insert
+                $forall e@(Entity itemId Item{..}) <- stock
+                  $with idN <- fromSqlKey itemId
+                    $if and [ Just itemId == updateItem, isJust updateEncoding, isJust updateForm ]
+                      $maybe updateEncoding <- updateEncoding
+                        $maybe updateForm <- updateForm
+                          <form .tr .color action=@{UpdateItemR itemId}##{itemFragment itemId} method=post enctype=#{updateEncoding} ##{itemFragment itemId}>
+                            ^{updateForm}
+                            <div .td>
+                              <button type=submit>
+                                Save Changes
+                    $else
+                      <div .tr .color ##{itemFragment itemId}>
+                        <div .kind>#{itemKind}
+                        <div .td .day>
+                          $maybe bought <- itemBought
+                            #{dayFormat bought}
+                          $nothing
+                            <hr>
+                        <div .td .day>
+                          $maybe expires <- itemExpires
+                            #{dayFormat expires}
+                          $nothing
+                            <hr>
+                        <div .td .day>
+                          $maybe opened <- itemOpened
+                            #{dayFormat opened}
+                          $nothing
+                            <form method=post action=@{OpenItemR itemId}>
+                              <button type=submit>
+                                Open
+                        <div .td>
+                          <form method=get action=@{UpdateItemR itemId}##{itemFragment itemId}>
+                            <button type=submit>
+                              Alter
+                          <form method=post action=@{DeleteItemR itemId}>
+                            <button type=submit>
+                              Delete
+              |]
+
+putInventoryR :: Handler Value
+putInventoryR = returnJson =<< runDB . insertEntity =<< (requireCheckJsonBody :: Handler Item)
+
+getItemR :: ItemId -> Handler TypedContent
+getItemR itemId = do
+  let getEntity id = fmap (Entity id) <$> get id
+
+  eLookup <- runDB $ getEntity itemId
+
+  case eLookup of
+    Nothing -> notFound
+    Just entity -> do
+      
+      selectRep $ do
+        provideJson entity
+
+patchItemR :: ItemId -> Handler Value
+patchItemR itemId = do
+  diffs <- (requireCheckJsonBody :: Handler ItemDiffs)
+  returnJson . Entity itemId =<< runDB (updateGet itemId $ toUpdate diffs)
+
+putItemR :: ItemId -> Handler Value
+putItemR itemId = do
+  Item{..} <- requireCheckJsonBody
+  returnJson . Entity itemId =<< runDB
+    (updateGet itemId [ ItemKind =. itemKind
+                      , ItemBought =. itemBought
+                      , ItemExpires =. itemExpires
+                      , ItemOpened =. itemOpened
+                      ])
+
+deleteItemR :: ItemId -> Handler ()
+deleteItemR = runDB . delete
+
+postDeleteItemR :: ItemId -> Handler TypedContent
+postDeleteItemR itemId = do
+  runDB $ delete itemId
+  selectRep $ do
+    provideJson ()
+    provideRep (redirect $ InventoryR :: Handler Html)
+
+postOpenItemR :: ItemId -> Handler TypedContent
+postOpenItemR itemId = do
+  today <- utctDay <$> liftIO getCurrentTime
+  result <- fmap (Entity itemId) . runDB $ updateGet itemId [ ItemOpened =. Just today
+                                                            ]
   selectRep $ do
-    provideRep . return . toJSON $ (stock :: [Entity Item])
+    provideJson result
+    provideRep (redirect $ InventoryR :#: itemFragment itemId :: Handler Html)
-- 
cgit v1.2.3


From 211086aa91b5ed7f9525bf82793fc8525a55f185 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 11 Mar 2017 21:42:41 +0100
Subject: Guess Approot

---
 bragi/bar.hs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bragi/bar.hs b/bragi/bar.hs
index 64650779..61d24119 100755
--- a/bragi/bar.hs
+++ b/bragi/bar.hs
@@ -123,7 +123,8 @@ mkYesod "BarInventory" [parseRoutes|
 /#ItemId/delete DeleteItemR POST
 |]
 
-instance Yesod BarInventory
+instance Yesod BarInventory where
+  approot = guessApproot
 
 instance RenderMessage BarInventory FormMessage where
   renderMessage _ _ = defaultFormMessage
-- 
cgit v1.2.3


From 24148102292ba2f327546c8a97dddb7dcae3aec4 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 11 Mar 2017 22:41:16 +0100
Subject: Send AppRoot via HTTP header

---
 bragi.nix    | 1 +
 bragi/bar.hs | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index cc8c5976..d00f2598 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -369,6 +369,7 @@ in rec {
         }
 
         location /bar/ {
+          proxy_set_header AppRoot "http://$server_name/bar";
           proxy_pass http://localhost:8082/;
         }
       }
diff --git a/bragi/bar.hs b/bragi/bar.hs
index 61d24119..1cf10fdf 100755
--- a/bragi/bar.hs
+++ b/bragi/bar.hs
@@ -19,6 +19,7 @@
 
 import Yesod
 import Database.Persist.Postgresql
+import Network.Wai (requestHeaders)
   
 import Control.Monad.Logger (runStderrLoggingT)
 import Control.Monad.Reader
@@ -32,6 +33,9 @@ import Data.Time.Format
 import Data.Text (Text)
 import qualified Data.Text as Text
 
+import qualified Data.Text.Encoding                 as TE
+import qualified Data.Text.Encoding.Error           as TEE
+
 import Data.Map.Lazy (Map)
 import qualified Data.Map.Lazy as Map
 
@@ -124,7 +128,7 @@ mkYesod "BarInventory" [parseRoutes|
 |]
 
 instance Yesod BarInventory where
-  approot = guessApproot
+  approot = ApprootRequest $ \_ req -> maybe "" (TE.decodeUtf8With TEE.lenientDecode) $ Map.lookup "AppRoot" (Map.fromList $ requestHeaders req)
 
 instance RenderMessage BarInventory FormMessage where
   renderMessage _ _ = defaultFormMessage
-- 
cgit v1.2.3


From 99452cac03db6a7d6bceb03c0505aa8064b67810 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 11 Mar 2017 22:44:01 +0100
Subject: Fix host variable

---
 bragi.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index d00f2598..3bef0daa 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -369,7 +369,7 @@ in rec {
         }
 
         location /bar/ {
-          proxy_set_header AppRoot "http://$server_name/bar";
+          proxy_set_header AppRoot "http://$host/bar";
           proxy_pass http://localhost:8082/;
         }
       }
-- 
cgit v1.2.3


From 84e6bb9cd5dbca0efa37fcbafe3e1107a206f460 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 11 Mar 2017 23:09:27 +0100
Subject: Fix sorting

---
 bragi/bar.hs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bragi/bar.hs b/bragi/bar.hs
index 1cf10fdf..40548f37 100755
--- a/bragi/bar.hs
+++ b/bragi/bar.hs
@@ -65,6 +65,7 @@ instance Ord Item where
   x `compare` y = mconcat
                   [ (isNothing $ itemOpened x) `compare` (isNothing $ itemOpened y)
                   , itemOpened x `compare` itemOpened y
+                  , (isNothing $ itemExpires x) `compare` (isNothing $ itemExpires y)
                   , itemExpires x `compare` itemExpires x
                   , itemKind x `compare` itemKind x
                   , itemBought x `compare` itemBought x
-- 
cgit v1.2.3


From 55f736c1064377eea8d07344378b125d9ccdd038 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 12 Mar 2017 00:03:16 +0100
Subject: Redirect /#itemId GET to /#itemId/update

---
 bragi/bar.hs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bragi/bar.hs b/bragi/bar.hs
index 40548f37..df799326 100755
--- a/bragi/bar.hs
+++ b/bragi/bar.hs
@@ -425,6 +425,7 @@ getItemR itemId = do
       
       selectRep $ do
         provideJson entity
+        provideRep (redirect $ UpdateItemR itemId :#: itemFragment itemId :: Handler Html)
 
 patchItemR :: ItemId -> Handler Value
 patchItemR itemId = do
-- 
cgit v1.2.3


From 16f1b64b015af80852577aa95ae640c06dbd658e Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 12 Mar 2017 01:57:55 +0100
Subject: s/Alter/Edit/

---
 bragi/bar.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bragi/bar.hs b/bragi/bar.hs
index df799326..826593e7 100755
--- a/bragi/bar.hs
+++ b/bragi/bar.hs
@@ -404,7 +404,7 @@ mainView ViewState{..} = defaultLayout $ do
                         <div .td>
                           <form method=get action=@{UpdateItemR itemId}##{itemFragment itemId}>
                             <button type=submit>
-                              Alter
+                              Edit
                           <form method=post action=@{DeleteItemR itemId}>
                             <button type=submit>
                               Delete
-- 
cgit v1.2.3


From 3e5936afb361125e64c28f5cef150e208e967ca7 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 13 Mar 2017 02:42:29 +0100
Subject: ssmtp on bragi

---
 bragi.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/bragi.nix b/bragi.nix
index 3bef0daa..ea1b7821 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -218,6 +218,13 @@ in rec {
     '';
   };
 
+  networking.defaultMailServer = {
+    directDelivery = true;
+    hostName = "ymir.niflheim.yggdrasil";
+    useSTARTTLS = true;
+    setSendmail = true;
+  };
+
   services.dhcpd4 = {
     enable = true;
     interfaces = [ "enp1s0"
-- 
cgit v1.2.3


From c27b598b314fb93886008ab671817eef67929872 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 13 Mar 2017 16:47:30 +0100
Subject: Enable connections via tcp/ip to postgresql

---
 bragi.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/bragi.nix b/bragi.nix
index ea1b7821..871d3e6c 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -385,8 +385,10 @@ in rec {
 
   services.postgresql = {
     enable = true;
+    enableTCPIP = true;
     authentication = lib.mkForce ''
       local all all peer
+      host all all 10.141.0.0/16 md5
     '';
     initialScript = pkgs.writeText "schema.sql" ''
       CREATE USER thermoprint;
-- 
cgit v1.2.3


From 6dba8c599f9b3379bca55d3eda7076b4fa21885a Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 13 Mar 2017 20:02:45 +0100
Subject: Set mpd environment

---
 hel.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hel.nix b/hel.nix
index e81627cb..7a3a3af7 100644
--- a/hel.nix
+++ b/hel.nix
@@ -428,6 +428,8 @@
   environment.sessionVariables = {
     "SANE_CONFIG_DIR" = "/etc/sane.d";
     "TPRINT_BASEURL" = "http://bragi.asgard.yggdrasil/thermoprint/api";
+    "MPD_HOST" = "bragi.asgard.yggdrasil";
+    "MPD_PORT" = "6600";
   };
 
   systemd.services."kill-user@" = {
-- 
cgit v1.2.3


From 97dbf9d563938589eee6124aaa040b84d9bf5a62 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 13 Mar 2017 21:23:08 +0100
Subject: Allow postgresql through firewall

---
 bragi.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bragi.nix b/bragi.nix
index 871d3e6c..86c24228 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -206,6 +206,7 @@ in rec {
     allowPing = true;
     allowedTCPPorts = [ 22 # SSH
                         80 # HTTP
+                        5432 # PostgreSQL
                         6600 # MPD
                       ];
     allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
-- 
cgit v1.2.3


From 09bd8b84cc1b01f8b067a1344c6fcc9592fd214e Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 13 Mar 2017 21:47:59 +0100
Subject: Turn off sandboxing as a test

---
 hel.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index 7a3a3af7..526a8e20 100644
--- a/hel.nix
+++ b/hel.nix
@@ -414,7 +414,7 @@
   #   options = "--delete-older-than 30d";
   # };
 
-  nix.useSandbox = true;
+  nix.useSandbox = false;
 
   environment.variables = {
     SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
-- 
cgit v1.2.3


From 3490d0dac52f79478fdb8db84106a505926e760f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 13 Mar 2017 21:50:38 +0100
Subject: Revert "Turn off sandboxing as a test"

This reverts commit 09bd8b84cc1b01f8b067a1344c6fcc9592fd214e.
---
 hel.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hel.nix b/hel.nix
index 526a8e20..7a3a3af7 100644
--- a/hel.nix
+++ b/hel.nix
@@ -414,7 +414,7 @@
   #   options = "--delete-older-than 30d";
   # };
 
-  nix.useSandbox = false;
+  nix.useSandbox = true;
 
   environment.variables = {
     SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
-- 
cgit v1.2.3


From 47f54fc6d1f081c9fe7ac3d0bee705b3a78609d5 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 14 Mar 2017 01:23:09 +0100
Subject: Switch to bar in repo

---
 .gitignore                  |   4 +-
 bragi.nix                   |   4 +-
 bragi/bar.hs                | 462 --------------------------------------------
 bragi/bar/default.nix       |  30 +++
 bragi/bar/generated.nix     |  34 ++++
 bragi/bar/generated.nix.gup |   5 +
 6 files changed, 75 insertions(+), 464 deletions(-)
 delete mode 100755 bragi/bar.hs
 create mode 100644 bragi/bar/default.nix
 create mode 100644 bragi/bar/generated.nix
 create mode 100644 bragi/bar/generated.nix.gup

diff --git a/.gitignore b/.gitignore
index 3b10a887..eb514beb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
 configuration.nix
 config.nix
-**/\#*\#
\ No newline at end of file
+**/\#*\#
+**/.gup/
+**/result
diff --git a/bragi.nix b/bragi.nix
index 86c24228..ff58967f 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -315,7 +315,9 @@ in rec {
     wantedBy = [ "default.target" ];
     serviceConfig = {
       Type = "simple";
-      ExecStart = "${ghc}/bin/runghc ${./bragi/bar.hs}";
+      ExecStart = ''
+        ${pkgs.callPackage ./bragi/bar {}}/bin/bar
+      '';
       User = users.extraUsers."bar".name;
       Group = users.extraUsers."bar".group;
       WorkingDirectory = "~";
diff --git a/bragi/bar.hs b/bragi/bar.hs
deleted file mode 100755
index 826593e7..00000000
--- a/bragi/bar.hs
+++ /dev/null
@@ -1,462 +0,0 @@
-#! /usr/bin/env nix-shell
-#! nix-shell -i runghc -p "haskellPackages.ghcWithPackages (p: with p; [ yesod persistent-postgresql ])"
-
-
-{-# LANGUAGE RecordWildCards            #-}
-{-# LANGUAGE FlexibleContexts           #-}
-{-# LANGUAGE GADTs                      #-}
-{-# LANGUAGE GeneralizedNewtypeDeriving #-}
-{-# LANGUAGE MultiParamTypeClasses      #-}
-{-# LANGUAGE OverloadedStrings          #-}
-{-# LANGUAGE QuasiQuotes                #-}
-{-# LANGUAGE TemplateHaskell            #-}
-{-# LANGUAGE TypeFamilies               #-}
-{-# LANGUAGE FlexibleInstances          #-}
-{-# LANGUAGE ViewPatterns               #-}
-{-# LANGUAGE TupleSections              #-}
-{-# LANGUAGE ApplicativeDo              #-}
-  
-
-import Yesod
-import Database.Persist.Postgresql
-import Network.Wai (requestHeaders)
-  
-import Control.Monad.Logger (runStderrLoggingT)
-import Control.Monad.Reader
-import Control.Monad.Writer
-import Control.Monad.Trans.Maybe
-
-import Data.Time.Clock
-import Data.Time.Calendar
-import Data.Time.Format
-
-import Data.Text (Text)
-import qualified Data.Text as Text
-
-import qualified Data.Text.Encoding                 as TE
-import qualified Data.Text.Encoding.Error           as TEE
-
-import Data.Map.Lazy (Map)
-import qualified Data.Map.Lazy as Map
-
-import Data.Set (Set)
-import qualified Data.Set as Set
-
-import Data.Aeson
-import Data.Traversable
-import Data.Maybe
-import Data.Bool
-import Data.String (IsString(..))
-import Data.Unique
-import Data.List (sortOn)
-import Data.Ord
-
-
-share [mkPersist sqlSettings, mkMigrate "migrateAll"] [persistLowerCase|
-Item
-    kind Text
-    bought Day Maybe
-    expires Day Maybe
-    opened Day Maybe
-    deriving Show Eq
-|]
-
-instance Ord Item where
-  x `compare` y = mconcat
-                  [ (isNothing $ itemOpened x) `compare` (isNothing $ itemOpened y)
-                  , itemOpened x `compare` itemOpened y
-                  , (isNothing $ itemExpires x) `compare` (isNothing $ itemExpires y)
-                  , itemExpires x `compare` itemExpires x
-                  , itemKind x `compare` itemKind x
-                  , itemBought x `compare` itemBought x
-                  ]
-
-instance ToJSON Item where
-  toJSON Item{..} = object $
-    [ "kind" .= itemKind
-    ] ++ maybe [] (\x -> ["bought" .= x]) itemBought
-    ++ maybe [] (\x -> ["expires" .= x]) itemExpires
-    ++ maybe [] (\x -> ["opened" .= x]) itemOpened
-
-instance FromJSON Item where
-  parseJSON = withObject "Item" $ \obj -> do
-    itemKind <- obj .: "kind"
-    itemBought <- obj .:? "bought"
-    itemExpires <- obj .:? "expires"
-    itemOpened <- obj .:? "opened"
-    return Item{..}
-  
-instance ToJSON (Entity Item) where
-  toJSON = entityIdToJSON
-
-instance FromJSON (Entity Item) where
-  parseJSON = entityIdFromJSON
-
-data ItemDiff = DiffKind Text
-              | DiffBought (Maybe Day)
-              | DiffExpires (Maybe Day)
-              | DiffOpened (Maybe Day)
-
-newtype ItemDiffs = ItemDiffs [ItemDiff]
-
-instance FromJSON ItemDiffs where
-  parseJSON = withObject "ItemDiff" $ \obj -> fmap ItemDiffs . execWriterT $ do
-    tell =<< maybe [] (pure . DiffKind) <$> lift (obj .:? "kind")
-    tell =<< maybe [] (pure . DiffBought) <$> lift (obj .:! "bought")
-    tell =<< maybe [] (pure . DiffExpires) <$> lift (obj .:! "expires")
-    tell =<< maybe [] (pure . DiffOpened) <$> lift (obj .:! "opened")
-
-toUpdate :: ItemDiffs -> [Update Item]
-toUpdate (ItemDiffs ds) = do
-  x <- ds
-  return $ case x of
-    DiffKind t -> ItemKind =. t
-    DiffBought d -> ItemBought =. d
-    DiffExpires d -> ItemExpires =. d
-    DiffOpened d -> ItemOpened =. d
-
-  
-data BarInventory = BarInventory
-  { sqlPool :: ConnectionPool
-  }
-
-mkYesod "BarInventory" [parseRoutes|
-/ InventoryR GET PUT POST
-/#ItemId ItemR GET PUT PATCH DELETE
-/#ItemId/open OpenItemR POST
-/#ItemId/update UpdateItemR POST GET
-/#ItemId/delete DeleteItemR POST
-|]
-
-instance Yesod BarInventory where
-  approot = ApprootRequest $ \_ req -> maybe "" (TE.decodeUtf8With TEE.lenientDecode) $ Map.lookup "AppRoot" (Map.fromList $ requestHeaders req)
-
-instance RenderMessage BarInventory FormMessage where
-  renderMessage _ _ = defaultFormMessage
-
-instance YesodPersist BarInventory where
-  type YesodPersistBackend BarInventory = SqlBackend
-
-  runDB action = runSqlPool action . sqlPool =<< getYesod
-
-
-data ViewState = ViewState
-  { errs :: [Text]
-  , insertForm :: Maybe Widget
-  , insertEncoding :: Maybe Enctype
-  , stock :: [Entity Item]
-  , updateItem :: Maybe ItemId
-  , updateForm :: Maybe Widget
-  , updateEncoding :: Maybe Enctype
-  }
-
-
-
-main = runStderrLoggingT . withPostgresqlPool "user=bar dbname=bar" 5 . runReaderT $ do
-  sqlPool <- ask
-  mapM_ ($(logWarnS) "DB") =<< runSqlPool (runMigrationSilent migrateAll) sqlPool
-  liftIO . warpEnv $ BarInventory{..}
-
-
-itemFragment itemId = "item" <> show (fromSqlKey itemId)
-  
-itemForm :: Maybe Item -> Html -> MForm Handler (FormResult Item, Widget)
-itemForm proto identView = do
-  today <- utctDay <$> liftIO getCurrentTime
-  
-  (kindRes, kindView) <- mreq textField "" $ itemKind <$> proto
-  (boughtRes, boughtWidget) <- dayForm (maybe (Just $ Just today) Just $ fmap itemBought proto) "Unknown"
-  (expiresRes, expiresWidget) <- dayForm (fmap itemExpires proto) "Never"
-  (openedRes, openedWidget) <- dayForm (fmap itemOpened proto) "Never"
-
-  let itemRes = do
-        itemKind <- kindRes
-        itemBought <- boughtRes
-        itemExpires <- expiresRes
-        itemOpened <- openedRes
-        return Item{..}
-
-  return . (itemRes, ) $ do
-    toWidget
-      [cassius|
-              label.checkbox
-                input
-                  vertical-align: middle
-                span
-                  vertical-align: middle
-              |]
-    -- addScriptRemote "https://cdn.jsdelivr.net/webshim/1.16.0/extras/modernizr-custom.js"
-    addScriptRemote "https://cdn.jsdelivr.net/webshim/1.16.0/polyfiller.js"
-    addScriptRemote "https://cdn.jsdelivr.net/jquery/3.1.1/jquery.js"
-    toWidget
-      [julius|
-             webshims.setOptions("forms-ext", {
-               "widgets": {
-                 "classes": "hide-dropdownbtn"
-               }
-             });
-             webshims.activeLang("en-GB");
-             webshims.polyfill("forms forms-ext");
-             |]
-    [whamlet|
-            #{identView}
-            <div .td>^{fvInput kindView}
-            <div .td>^{boughtWidget}
-            <div .td>^{expiresWidget}
-            <div .td>^{openedWidget}
-            |]
-  where
-    dayForm :: Maybe (Maybe Day) -> String -> MForm Handler (FormResult (Maybe Day), Widget)
-    dayForm proto label = do
-      today <- utctDay <$> liftIO getCurrentTime
-
-      checkboxId <- ("check" <>) . show . hashUnique <$> liftIO newUnique
-      
-      (fmap (fromMaybe False) -> isNothingRes, isNothingView) <-
-        mopt checkBoxField ("" { fsId = Just $ Text.pack checkboxId }) . Just . Just . fromMaybe True $ fmap isNothing proto
-      (dayRes, dayView) <-
-        mreq dayField "" . Just . fromMaybe today $ join proto
-
-      let res = (bool Just (const Nothing) <$> isNothingRes) <*> dayRes
-      return . (res, ) $ do
-        [whamlet|
-                $newline never
-                <div .table>
-                  <div .tr>
-                    <label for=#{checkboxId} .checkbox .td>
-                      ^{fvInput isNothingView}
-                      <span>
-                        #{label}
-                  <div .tr>
-                    <div .td .dayInput>^{fvInput dayView}
-                |]
-
-
-
-getInventoryR, postInventoryR :: Handler TypedContent
-postInventoryR = getInventoryR
-getInventoryR = do
-  ((insertResult, (Just -> insertForm)), (Just -> insertEncoding)) <- runFormPost $ itemForm Nothing
-
-  errs <- case insertResult of 
-    FormSuccess newItem -> [] <$ runDB (insert newItem)
-    FormFailure errors -> return errors
-    _ -> return []
-
-  (sortOn entityVal -> stock) <- runDB $ selectList [] []
-
-  selectRep $ do
-    provideJson (stock :: [Entity Item])
-    provideRep $ mainView ViewState
-      { updateItem = Nothing
-      , updateForm = Nothing
-      , updateEncoding = Nothing
-      , ..
-      }
-
-postUpdateItemR, getUpdateItemR :: ItemId -> Handler TypedContent
-postUpdateItemR = getUpdateItemR
-getUpdateItemR updateItem = do
-  Just entity <- fmap (Entity updateItem) <$> runDB (get updateItem)
-  
-  ((updateResult, (Just -> updateForm)), (Just -> updateEncoding)) <- runFormPost . itemForm . Just $ entityVal entity
-
-  errs <- case updateResult of 
-    FormSuccess Item{..} -> [] <$ runDB (update updateItem [ ItemKind =. itemKind
-                                                           , ItemBought =. itemBought
-                                                           , ItemExpires =. itemExpires
-                                                           , ItemOpened =. itemOpened
-                                                           ])
-    FormFailure errors -> return errors
-    _ -> return []
-
-  selectRep $ do
-    provideRep $ case updateResult of
-      FormSuccess _ -> redirect $ InventoryR :#: itemFragment updateItem :: Handler Html
-      _ -> do
-        (sortOn entityVal -> stock) <- runDB $ selectList [] []
-        mainView ViewState
-          { insertForm = Nothing
-          , insertEncoding = Nothing
-          , updateItem = Just updateItem
-          , ..
-          }
-    provideJson ()
-
-mainView :: ViewState -> Handler Html
-mainView ViewState{..} = defaultLayout $ do 
-    let
-      dayFormat = formatTime defaultTimeLocale "%e. %b %y"
-              
-    setTitle "Bar Inventory"
-    toWidget
-      [cassius|
-              .table
-                display: table
-              .table div
-                vertical-align: middle
-              .td
-                display: table-cell
-                text-align: center
-                padding: 0.25em
-              .tr
-                display: table-row
-              .tc
-                display: table-caption
-                padding: 0.25em
-              .th
-                display: table-cell
-                font-variant: small-caps
-                font-weight: bold
-                text-align: center
-                padding: 0.25em
-              .kind
-                display: table-cell
-                text-align: left
-                padding: 0.25em
-              .table .table .td, .table .table .tc, .table .table .th, .table .table .kind
-                padding: 0
-              .error
-                background-color: #fdd
-                text-align: center
-                color: #c00
-                list-style-type: none
-              button
-                width: 6em
-                display:inline-text
-              .day hr
-                width: 2em
-                border: 1px solid #ddd
-                border-style: solid none solid none
-              .sepBelow > div, .sepAbove > div
-                border: 2px none #ddd
-              .sepBelow > div
-                border-bottom-style: solid
-              .sepAbove > div
-                border-top-style: solid
-              .color:nth-child(even)
-                background-color: #f0f0f0
-              .color:nth-child(odd)
-                background-color: #fff
-              body > div
-                margin: 0 auto
-              .table > h1
-                display: table-caption
-              h1
-                font-size: 1.5em
-                font-weight: bold
-                font-variant: small-caps
-                text-align: center
-                margin:0 0 .5em 0
-              |]
-    toWidget
-      [whamlet|
-              <div .table>
-                <h1>
-                  Inventory
-                $if not $ null errs
-                  <ul .tc .error .sepBelow>
-                  $forall e <- errs
-                    <li>#{e}
-                <div .tr .sepBelow>
-                  <div .th>Description
-                  <div .th>Bought
-                  <div .th>Expires
-                  <div .th>Opened
-                  <div .th>Actions
-                $maybe insertEncoding <- insertEncoding
-                  $maybe insertForm <- insertForm
-                    <form .tr .sepBelow action=@{InventoryR} method=post enctype=#{insertEncoding}>
-                      ^{insertForm}
-                      <div .td>
-                        <button type=submit>
-                          Insert
-                $forall e@(Entity itemId Item{..}) <- stock
-                  $with idN <- fromSqlKey itemId
-                    $if and [ Just itemId == updateItem, isJust updateEncoding, isJust updateForm ]
-                      $maybe updateEncoding <- updateEncoding
-                        $maybe updateForm <- updateForm
-                          <form .tr .color action=@{UpdateItemR itemId}##{itemFragment itemId} method=post enctype=#{updateEncoding} ##{itemFragment itemId}>
-                            ^{updateForm}
-                            <div .td>
-                              <button type=submit>
-                                Save Changes
-                    $else
-                      <div .tr .color ##{itemFragment itemId}>
-                        <div .kind>#{itemKind}
-                        <div .td .day>
-                          $maybe bought <- itemBought
-                            #{dayFormat bought}
-                          $nothing
-                            <hr>
-                        <div .td .day>
-                          $maybe expires <- itemExpires
-                            #{dayFormat expires}
-                          $nothing
-                            <hr>
-                        <div .td .day>
-                          $maybe opened <- itemOpened
-                            #{dayFormat opened}
-                          $nothing
-                            <form method=post action=@{OpenItemR itemId}>
-                              <button type=submit>
-                                Open
-                        <div .td>
-                          <form method=get action=@{UpdateItemR itemId}##{itemFragment itemId}>
-                            <button type=submit>
-                              Edit
-                          <form method=post action=@{DeleteItemR itemId}>
-                            <button type=submit>
-                              Delete
-              |]
-
-putInventoryR :: Handler Value
-putInventoryR = returnJson =<< runDB . insertEntity =<< (requireCheckJsonBody :: Handler Item)
-
-getItemR :: ItemId -> Handler TypedContent
-getItemR itemId = do
-  let getEntity id = fmap (Entity id) <$> get id
-
-  eLookup <- runDB $ getEntity itemId
-
-  case eLookup of
-    Nothing -> notFound
-    Just entity -> do
-      
-      selectRep $ do
-        provideJson entity
-        provideRep (redirect $ UpdateItemR itemId :#: itemFragment itemId :: Handler Html)
-
-patchItemR :: ItemId -> Handler Value
-patchItemR itemId = do
-  diffs <- (requireCheckJsonBody :: Handler ItemDiffs)
-  returnJson . Entity itemId =<< runDB (updateGet itemId $ toUpdate diffs)
-
-putItemR :: ItemId -> Handler Value
-putItemR itemId = do
-  Item{..} <- requireCheckJsonBody
-  returnJson . Entity itemId =<< runDB
-    (updateGet itemId [ ItemKind =. itemKind
-                      , ItemBought =. itemBought
-                      , ItemExpires =. itemExpires
-                      , ItemOpened =. itemOpened
-                      ])
-
-deleteItemR :: ItemId -> Handler ()
-deleteItemR = runDB . delete
-
-postDeleteItemR :: ItemId -> Handler TypedContent
-postDeleteItemR itemId = do
-  runDB $ delete itemId
-  selectRep $ do
-    provideJson ()
-    provideRep (redirect $ InventoryR :: Handler Html)
-
-postOpenItemR :: ItemId -> Handler TypedContent
-postOpenItemR itemId = do
-  today <- utctDay <$> liftIO getCurrentTime
-  result <- fmap (Entity itemId) . runDB $ updateGet itemId [ ItemOpened =. Just today
-                                                            ]
-  selectRep $ do
-    provideJson result
-    provideRep (redirect $ InventoryR :#: itemFragment itemId :: Handler Html)
diff --git a/bragi/bar/default.nix b/bragi/bar/default.nix
new file mode 100644
index 00000000..fd5e7acf
--- /dev/null
+++ b/bragi/bar/default.nix
@@ -0,0 +1,30 @@
+{ haskellPackages
+, stdenv
+, fetchFromGitHub
+, jquery
+}:
+
+let
+  pkg = haskellPackages.callPackage ./generated.nix {};
+  webshim = stdenv.mkDerivation rec {
+    name = "webshim-${version}";
+    version = "1.16.0";
+    src = fetchFromGitHub {
+      owner = "aFarkas";
+      repo = "webshim";
+      rev = "1.16.0";
+      sha256 = "14pk7hljqipzp0n7vpgcfxr3w4bla57cwyd7bmwmmxrm2zn62cyh";
+    };
+
+    installPhase = ''
+      mkdir -p $out/js
+      cp -r $src/js-webshim/dev/* $out/js/
+    '';
+  };
+in stdenv.lib.overrideDerivation pkg (drv: {
+  postUnpack = ''
+    rm -rf bar/static/jquery.js bar/static/webshim
+    ln -vs ${jquery}/js/jquery.js bar/static
+    ln -vs ${webshim}/js bar/static/webshim
+  '';
+})
diff --git a/bragi/bar/generated.nix b/bragi/bar/generated.nix
new file mode 100644
index 00000000..4243ad4d
--- /dev/null
+++ b/bragi/bar/generated.nix
@@ -0,0 +1,34 @@
+{ mkDerivation, aeson, base, bytestring, case-insensitive
+, classy-prelude, classy-prelude-conduit, classy-prelude-yesod
+, conduit, containers, data-default, directory, fast-logger
+, fetchgit, file-embed, hjsmin, http-conduit, lens, monad-control
+, monad-logger, mtl, persistent, persistent-postgresql
+, persistent-template, safe, shakespeare, stdenv, template-haskell
+, text, time, unordered-containers, vector, wai, wai-extra
+, wai-logger, warp, yaml, yesod, yesod-auth, yesod-core, yesod-form
+, yesod-static
+}:
+mkDerivation {
+  pname = "bar";
+  version = "0.0.0";
+  src = fetchgit {
+    url = "git://git.yggdrasil.li/gkleen/pub/bar";
+    sha256 = "13h5hxwx4y79jr19l894zq4ynvkmhfds52xm8dlsdl5j69gg7laa";
+    rev = "53fcf55c02f9335518c28d26429913258fc28f87";
+  };
+  isLibrary = true;
+  isExecutable = true;
+  libraryHaskellDepends = [
+    aeson base bytestring case-insensitive classy-prelude
+    classy-prelude-conduit classy-prelude-yesod conduit containers
+    data-default directory fast-logger file-embed hjsmin http-conduit
+    lens monad-control monad-logger mtl persistent
+    persistent-postgresql persistent-template safe shakespeare
+    template-haskell text time unordered-containers vector wai
+    wai-extra wai-logger warp yaml yesod yesod-auth yesod-core
+    yesod-form yesod-static
+  ];
+  executableHaskellDepends = [ base ];
+  doHaddock = false;
+  license = stdenv.lib.licenses.unfree;
+}
diff --git a/bragi/bar/generated.nix.gup b/bragi/bar/generated.nix.gup
new file mode 100644
index 00000000..eeb13ad2
--- /dev/null
+++ b/bragi/bar/generated.nix.gup
@@ -0,0 +1,5 @@
+#!/usr/bin/env zsh
+
+gup -u ${2:r}.cabal
+cd ${2:h}
+cabal2nix --no-haddock "git://git.yggdrasil.li/gkleen/pub/bar" >! ${1}
-- 
cgit v1.2.3


From dab26febc53aa1f6314c1c448be29db2ff65d1d6 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 14 Mar 2017 01:24:28 +0100
Subject: Allow unfree on bragi

---
 bragi.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/bragi.nix b/bragi.nix
index ff58967f..50608e70 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -46,6 +46,8 @@ in rec {
       inherit (haskellPackages) trivmix;
     };
 
+  nixpkgs.config.allowUnfree = true;
+
   environment.systemPackages = with pkgs; [
     git
     mosh
-- 
cgit v1.2.3


From 501b58422a67d462d524bc59f06ba64bb920350d Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 14 Mar 2017 01:44:47 +0100
Subject: Poke bar

---
 bragi/bar/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/bragi/bar/default.nix b/bragi/bar/default.nix
index fd5e7acf..8b4fc6af 100644
--- a/bragi/bar/default.nix
+++ b/bragi/bar/default.nix
@@ -23,8 +23,8 @@ let
   };
 in stdenv.lib.overrideDerivation pkg (drv: {
   postUnpack = ''
-    rm -rf bar/static/jquery.js bar/static/webshim
-    ln -vs ${jquery}/js/jquery.js bar/static
-    ln -vs ${webshim}/js bar/static/webshim
+    rm -rf static/jquery.js static/webshim
+    ln -vs ${jquery}/js/jquery.js static
+    ln -vs ${webshim}/js static/webshim
   '';
 })
-- 
cgit v1.2.3


From 2ec093a696e583abaaf360d9439c817c4fcf6656 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 14 Mar 2017 01:46:30 +0100
Subject: Poke

---
 bragi/bar/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bragi/bar/default.nix b/bragi/bar/default.nix
index 8b4fc6af..d512f3d0 100644
--- a/bragi/bar/default.nix
+++ b/bragi/bar/default.nix
@@ -24,6 +24,7 @@ let
 in stdenv.lib.overrideDerivation pkg (drv: {
   postUnpack = ''
     rm -rf static/jquery.js static/webshim
+    ls -R
     ln -vs ${jquery}/js/jquery.js static
     ln -vs ${webshim}/js static/webshim
   '';
-- 
cgit v1.2.3


From 20710a50c845adaccbe21152df34860c0fc33dd8 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 14 Mar 2017 01:48:24 +0100
Subject: Undo pokings

---
 bragi/bar/default.nix | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/bragi/bar/default.nix b/bragi/bar/default.nix
index d512f3d0..480e3ea3 100644
--- a/bragi/bar/default.nix
+++ b/bragi/bar/default.nix
@@ -24,8 +24,7 @@ let
 in stdenv.lib.overrideDerivation pkg (drv: {
   postUnpack = ''
     rm -rf static/jquery.js static/webshim
-    ls -R
-    ln -vs ${jquery}/js/jquery.js static
-    ln -vs ${webshim}/js static/webshim
+    ln -vs ${jquery}/js/jquery.js bar-*/static
+    ln -vs ${webshim}/js bar-*/static/webshim
   '';
 })
-- 
cgit v1.2.3


From ddf14c42cb08b2086565ffe87089d6338451f560 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 14 Mar 2017 01:50:56 +0100
Subject: Repoke

---
 bragi/bar/default.nix | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/bragi/bar/default.nix b/bragi/bar/default.nix
index 480e3ea3..bbfa170c 100644
--- a/bragi/bar/default.nix
+++ b/bragi/bar/default.nix
@@ -23,8 +23,11 @@ let
   };
 in stdenv.lib.overrideDerivation pkg (drv: {
   postUnpack = ''
-    rm -rf static/jquery.js static/webshim
-    ln -vs ${jquery}/js/jquery.js bar-*/static
-    ln -vs ${webshim}/js bar-*/static/webshim
+    (
+      cd bar-*/static
+      rm -rf jquery.js webshim
+      ln -vs ${jquery}/js/jquery.js .
+      ln -vs ${webshim}/js webshim
+    )
   '';
 })
-- 
cgit v1.2.3


From f655f88cbbc334ad56a79c2287f18defa5aa98ba Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 14 Mar 2017 02:13:27 +0100
Subject: Force bar to IPv6

---
 bragi.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bragi.nix b/bragi.nix
index 50608e70..f0817580 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -312,6 +312,7 @@ in rec {
   in {
     environment = {
       PORT = "8082";
+      HOST = "::1";
     };
     requires = [ "postgresql.service" ];
     wantedBy = [ "default.target" ];
@@ -382,7 +383,7 @@ in rec {
 
         location /bar/ {
           proxy_set_header AppRoot "http://$host/bar";
-          proxy_pass http://localhost:8082/;
+          proxy_pass http://[::1]:8082/;
         }
       }
     '';
-- 
cgit v1.2.3