wip: add specus VPN

chore: update
feat(stardict): add turkish
2026-03-29 08:41:07 +02:00 · 2023-04-14 08:43:23 +02:00 · 2023-04-14 08:42:59 +02:00 · 2023-04-14 08:42:22 +02:00 · 2023-04-01 17:46:56 +02:00 · 2023-04-01 17:46:48 +02:00
30 changed files with 1120 additions and 336 deletions
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -13,10 +13,7 @@ in {
  imports = [
    inputs.self.nixosModules.system-dependent
    inputs.self.nixosModules.traadfri
-    inputs.stockholm.nixosModules.power-action
-    {
-      nixpkgs.config.overlays = [inputs.nix-writers];
-    }
+    inputs.self.nixosModules.power-action
    {
      boot.supportedFilesystems = ["ntfs"];
    }
--- a/configs/hu-berlin.nix
+++ b/configs/hu-berlin.nix
@@ -17,7 +17,7 @@
    "workgroup=german"
    "credentials=${config.age.secrets.cifs-credentials-hu-berlin.path}"
    "noauto"
-    "x-systemd.requires=hu-vpn.service"
+    # "x-systemd.requires=hu-vpn.service"
    "x-systemd.automount"
    "x-systemd.device-timeout=1"
    "x-systemd.idle-timeout=1min"
@@ -68,9 +68,11 @@ in {
    wants = ["network-online.target"];
    serviceConfig.LoadCredential = "password:${config.age.secrets.email-password-meinhark.path}";
    script = ''
-      ${pkgs.openfortivpn}/bin/openfortivpn \
-        --password="$(cat "$CREDENTIALS_DIRECTORY/password")" \
-        --config=${
+      if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
+      then
+        ${pkgs.openfortivpn}/bin/openfortivpn \
+          --password="$(cat "$CREDENTIALS_DIRECTORY/password")" \
+          --config=${
        pkgs.writeText "hu-berlin.config" ''
          host = forti-ssl.vpn.hu-berlin.de
          port = 443
@@ -78,6 +80,7 @@ in {
          trusted-cert = 9e5dea8e077970d245900839f437ef7fb9551559501c7defd70af70ea568573d
        ''
      }
+      fi
    '';
  };
 }
--- a/configs/packages.nix
+++ b/configs/packages.nix
@@ -134,7 +134,7 @@ in {
    okular # the word is nucular
    xournalpp # for annotating pdfs
    pdfpc # presenter console for pdf slides
-    inputs.stockholm.packages.x86_64-linux.hc # print files as qr codes
+    niveumPackages.hc # print files as qr codes
    yt-dlp
    espeak
    bc # calculator
@@ -191,6 +191,7 @@ in {
    qrencode

    inputs.menstruation-backend.defaultPackage.x86_64-linux
+    inputs.agenix.packages.x86_64-linux.default
    inputs.recht.defaultPackage.x86_64-linux

    (pkgs.writers.writeDashBin "worldradio" ''
@@ -214,10 +215,10 @@ in {
    niveumPackages.nix-index-update

    #krebs
-    inputs.stockholm.packages.x86_64-linux.dic
-    inputs.stockholm.packages.x86_64-linux.cyberlocker-tools
-    inputs.stockholm.packages.x86_64-linux.untilport
-    inputs.stockholm.packages.x86_64-linux.kpaste
+    niveumPackages.dic
+    niveumPackages.cyberlocker-tools
+    niveumPackages.untilport
+    niveumPackages.kpaste
    config.nur.repos.mic92.ircsink

    (python3.withPackages (py: [
--- a/configs/power-action.nix
+++ b/configs/power-action.nix
@@ -5,7 +5,7 @@
 }: let
  suspend = pkgs.writers.writeDash "suspend" "${pkgs.systemd}/bin/systemctl suspend";
 in {
-  krebs.power-action = {
+  services.power-action = {
    enable = true;
    plans.suspend = {
      upperLimit = 7;
@@ -19,6 +19,6 @@ in {
  };

  security.sudo.extraConfig = ''
-    ${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend}
+    ${config.services.power-action.user} ALL= (root) NOPASSWD: ${suspend}
  '';
 }
--- a/configs/stardict.nix
+++ b/configs/stardict.nix
@@ -158,6 +158,16 @@
        sha256 = "03f9wdmkgpjifpms7dyh10ma29wf3ka1j3zlp1av0cybhdldk2a8";
      };
    };
+    turkish = {
+      BabylonTurkishEnglish = pkgs.fetchzip {
+        url = "http://download.huzheng.org/babylon/bidirectional/stardict-babylon-Babylon_Turkish_English-2.4.2.tar.bz2";
+        sha256 = "17rv46r95nkikg7aszqmfrbgdhz9ny52w423m8n01g3p93shdb4i";
+      };
+      BabylonEnglishTurkish = pkgs.fetchzip {
+        url = "http://download.huzheng.org/babylon/bidirectional/stardict-babylon-Babylon_English_Turkish-2.4.2.tar.bz2";
+        sha256 = "063dl02s8ii8snsxgma8wi49xwr6afk6ysq0v986fygx5511353f";
+      };
+    };
  };

  makeStardictDataDir = dicts: pkgs.linkFarm "dictionaries" (lib.mapAttrsToList (name: path: {inherit name path;}) dicts);
@@ -292,7 +302,8 @@ in {
    // dictionaries.sanskrit
    // dictionaries.oed
    // dictionaries.russian
-    // dictionaries.englishGerman));
+    // dictionaries.englishGerman
+    // dictionaries.turkish));

  environment.systemPackages = [
    # pkgs.goldendict
@@ -302,6 +313,7 @@ in {
    (makeStardict "sd-russian" dictionaries.russian)
    (makeStardict "sd" dictionaries.englishGerman)
    (makeStardict "jbo" dictionaries.lojban)
+    (makeStardict "sd-turkish" dictionaries.turkish)
  ];
 }
 /*
--- a/flake.lock
+++ b/flake.lock
@@ -8,11 +8,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1677969766,
-        "narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=",
+        "lastModified": 1680281360,
+        "narHash": "sha256-XdLTgAzjJNDhAG2V+++0bHpSzfvArvr2pW6omiFfEJk=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e",
+        "rev": "e64961977f60388dd0b49572bb0fc453b871f896",
        "type": "github"
      },
      "original": {
@@ -60,42 +60,15 @@
      }
    },
    "flake-utils": {
-      "locked": {
-        "lastModified": 1678901627,
-        "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
-        "type": "github"
+      "inputs": {
+        "systems": "systems"
      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_10": {
      "locked": {
-        "lastModified": 1659877975,
-        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "lastModified": 1681202837,
+        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_11": {
-      "locked": {
-        "lastModified": 1676283394,
-        "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
        "type": "github"
      },
      "original": {
@@ -196,11 +169,11 @@
    },
    "flake-utils_8": {
      "locked": {
-        "lastModified": 1676283394,
-        "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
        "type": "github"
      },
      "original": {
@@ -232,11 +205,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1679067101,
-        "narHash": "sha256-tMI1inGT9u4KWQml0w30dhWqQPlth1e9K/68sfDkEQA=",
+        "lastModified": 1681092193,
+        "narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "9154cd519a8942728038819682d6b3ff33f321bb",
+        "rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af",
        "type": "github"
      },
      "original": {
@@ -320,25 +293,6 @@
        "type": "github"
      }
    },
-    "nix-writers": {
-      "inputs": {
-        "flake-utils": "flake-utils_8",
-        "nixpkgs": "nixpkgs_7"
-      },
-      "locked": {
-        "lastModified": 1677612737,
-        "narHash": "sha256-UaCKZ4PbMZU6UZH7XNFcjRtd5jheswl66rjZDBfQgp8=",
-        "ref": "refs/heads/master",
-        "rev": "66a1f6833464bbb121b6d94247ad769f277351f8",
-        "revCount": 39,
-        "type": "git",
-        "url": "https://cgit.krebsco.de/nix-writers"
-      },
-      "original": {
-        "type": "git",
-        "url": "https://cgit.krebsco.de/nix-writers"
-      }
-    },
    "nixinate": {
      "inputs": {
        "nixpkgs": [
@@ -375,22 +329,6 @@
        "type": "github"
      }
    },
-    "nixpkgs_10": {
-      "locked": {
-        "lastModified": 1669418739,
-        "narHash": "sha256-T86oFvcUIRwHWBWUt7WjaP4BP/3lDGbv5AppQSI1FkI=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "695b3515251873e0a7e2021add4bba643c56cde3",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "695b3515251873e0a7e2021add4bba643c56cde3",
-        "type": "github"
-      }
-    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1665296151,
@@ -425,11 +363,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1679318992,
-        "narHash": "sha256-uoj5Oy6hruIHuxzfQZtcalObe5kPrX9v+ClUMFEOzmE=",
+        "lastModified": 1681269223,
+        "narHash": "sha256-i6OeI2f7qGvmLfD07l1Az5iBL+bFeP0RHixisWtpUGo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e2c97799da5f5cd87adfa5017fba971771e123ef",
+        "rev": "87edbd74246ccdfa64503f334ed86fa04010bab9",
        "type": "github"
      },
      "original": {
@@ -471,21 +409,6 @@
      }
    },
    "nixpkgs_7": {
-      "locked": {
-        "lastModified": 1677608380,
-        "narHash": "sha256-k82O23qBAK+43X0KSBjsMYXG2x4kWWXeAmpPTc2KRGY=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "4aba90e89f6d4ac6138939961f62842bd94ec929",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_8": {
      "locked": {
        "lastModified": 1659446231,
        "narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=",
@@ -501,7 +424,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_9": {
+    "nixpkgs_8": {
      "locked": {
        "lastModified": 1665296151,
        "narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=",
@@ -517,13 +440,29 @@
        "type": "github"
      }
    },
+    "nixpkgs_9": {
+      "locked": {
+        "lastModified": 1669418739,
+        "narHash": "sha256-T86oFvcUIRwHWBWUt7WjaP4BP/3lDGbv5AppQSI1FkI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "695b3515251873e0a7e2021add4bba643c56cde3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "695b3515251873e0a7e2021add4bba643c56cde3",
+        "type": "github"
+      }
+    },
    "nur": {
      "locked": {
-        "lastModified": 1679463968,
-        "narHash": "sha256-SBNgZb/Gc/9RbEvxz+jQ2o6nWNt1gzTwAw16lShT/ho=",
+        "lastModified": 1681454031,
+        "narHash": "sha256-JOamj7vKkFRp5mJ7FKt5dPfCmWj33sZLnBGDt15c/sc=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "52e6a7748992cde538e52f3fa4737f64b5bec03d",
+        "rev": "8a35714f0be00235e2a1c8b759e6dc3888763d8b",
        "type": "github"
      },
      "original": {
@@ -554,11 +493,11 @@
    },
    "retiolum": {
      "locked": {
-        "lastModified": 1678773616,
-        "narHash": "sha256-POr8rTMNmcnwe2tnWxhXG7T3W4wQp8cjN+TFpwsiLrs=",
+        "lastModified": 1681246809,
+        "narHash": "sha256-3RUAwk0ApPjq2Ms8KiAh+gG6EJKWurIur612w2m3Zu8=",
        "ref": "refs/heads/master",
-        "rev": "5492459f4516b89686e1d8086c9b46db39b6902b",
-        "revCount": 289,
+        "rev": "c8ddb36f3d85be762aeb1893a79da36014f55658",
+        "revCount": 296,
        "type": "git",
        "url": "https://git.thalheim.io/Mic92/retiolum"
      },
@@ -580,7 +519,6 @@
        "recht": "recht",
        "retiolum": "retiolum",
        "scripts": "scripts",
-        "stockholm": "stockholm",
        "telebots": "telebots",
        "tinc-graph": "tinc-graph",
        "traadfri": "traadfri",
@@ -646,8 +584,8 @@
    },
    "rust-overlay_4": {
      "inputs": {
-        "flake-utils": "flake-utils_10",
-        "nixpkgs": "nixpkgs_9"
+        "flake-utils": "flake-utils_8",
+        "nixpkgs": "nixpkgs_8"
      },
      "locked": {
        "lastModified": 1677119371,
@@ -691,32 +629,25 @@
        "type": "github"
      }
    },
-    "stockholm": {
-      "inputs": {
-        "flake-utils": "flake-utils_7",
-        "nix-writers": "nix-writers",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
+    "systems": {
      "locked": {
-        "lastModified": 1677747908,
-        "narHash": "sha256-PNXb97q62yK61alFlOeohpro8WLxt2ay1jYUTrFMgPA=",
-        "owner": "kmein",
-        "repo": "stockholm",
-        "rev": "f8575e3af5b6d1fbd60d89c4df2e120b77b923c5",
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
-        "owner": "kmein",
-        "repo": "stockholm",
+        "owner": "nix-systems",
+        "repo": "default",
        "type": "github"
      }
    },
    "telebots": {
      "inputs": {
-        "flake-utils": "flake-utils_9",
-        "nixpkgs": "nixpkgs_8"
+        "flake-utils": "flake-utils_7",
+        "nixpkgs": "nixpkgs_7"
      },
      "locked": {
        "lastModified": 1677156381,
@@ -758,8 +689,8 @@
    },
    "traadfri": {
      "inputs": {
-        "flake-utils": "flake-utils_11",
-        "nixpkgs": "nixpkgs_10"
+        "flake-utils": "flake-utils_9",
+        "nixpkgs": "nixpkgs_9"
      },
      "locked": {
        "lastModified": 1677165914,
@@ -793,11 +724,11 @@
    "voidrice": {
      "flake": false,
      "locked": {
-        "lastModified": 1679320229,
-        "narHash": "sha256-M4D8bR9PJnvBfx4EN06bj4Fr0yXSi9po09aT9v3D7QQ=",
+        "lastModified": 1681301489,
+        "narHash": "sha256-5Zz33Q3E4A9nsEmxPQikYeX7Rvu3hM+PlXx/0SIqG34=",
        "owner": "Lukesmithxyz",
        "repo": "voidrice",
-        "rev": "0e2cd987dc2659c5c08a834a7cb4c2478b49cf31",
+        "rev": "d4ff2ebaf3e88efe20cae0d1e592fddfc433c96e",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -17,14 +17,12 @@
    tinc-graph.url = "github:kmein/tinc-graph";
    traadfri.url = "github:kmein/traadfri";
    voidrice.url = "github:Lukesmithxyz/voidrice";
-    stockholm.url = "github:kmein/stockholm";

    agenix.inputs.nixpkgs.follows = "nixpkgs";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
    menstruation-backend.inputs.flake-utils.follows = "flake-utils";
    menstruation-backend.inputs.nixpkgs.follows = "nixpkgs";
    nixinate.inputs.nixpkgs.follows = "nixpkgs";
-    stockholm.inputs.nixpkgs.follows = "nixpkgs";
    tinc-graph.inputs.flake-utils.follows = "flake-utils";
    tinc-graph.inputs.nixpkgs.follows = "nixpkgs";
    voidrice.flake = false;
@@ -39,27 +37,34 @@
    agenix,
    retiolum,
    flake-utils,
-    stockholm,
    ...
  }:
    {
      apps = nixinate.nixinate.x86_64-linux self;

      nixosModules = {
+        htgen = import modules/htgen.nix;
        moodle-dl = import modules/moodle-dl.nix;
        networkmanager-declarative = import modules/networkmanager-declarative.nix;
        passport = import modules/passport.nix;
        panoptikon = import modules/panoptikon.nix;
+        power-action = import modules/power-action.nix;
+        specus = import modules/specus.nix;
        system-dependent = import modules/system-dependent.nix;
        telegram-bot = import modules/telegram-bot.nix;
        traadfri = import modules/traadfri.nix;
      };

+      lib = {
+        panoptikon = import lib/panoptikon.nix;
+      };
+
      nixosConfigurations = {
        ful = nixpkgs.lib.nixosSystem rec {
          system = "aarch64-linux";
          specialArgs = {
            niveumPackages = inputs.self.packages.${system};
+            niveumLib = inputs.self.lib;
            inherit inputs;
          };
          modules = [
@@ -75,6 +80,7 @@
            systems/ful/configuration.nix
            agenix.nixosModules.default
            inputs.self.nixosModules.passport
+            inputs.self.nixosModules.specus
            inputs.self.nixosModules.panoptikon
            retiolum.nixosModules.retiolum
            nur.nixosModules.nur
@@ -121,8 +127,9 @@
            }
            systems/makanek/configuration.nix
            inputs.self.nixosModules.telegram-bot
-            inputs.stockholm.nixosModules.htgen
+            inputs.self.nixosModules.htgen
            inputs.self.nixosModules.passport
+            inputs.self.nixosModules.specus
            agenix.nixosModules.default
            retiolum.nixosModules.retiolum
            nur.nixosModules.nur
@@ -186,6 +193,7 @@
            systems/kabsa/configuration.nix
            agenix.nixosModules.default
            retiolum.nixosModules.retiolum
+            inputs.self.nixosModules.specus
            home-manager.nixosModules.home-manager
            nur.nixosModules.nur
          ];
@@ -195,7 +203,13 @@
    // flake-utils.lib.eachSystem [flake-utils.lib.system.x86_64-linux flake-utils.lib.system.aarch64-linux] (system: let
      pkgs = import nixpkgs {
        inherit system;
-        overlays = [nur.overlay];
+        overlays = [
+          nur.overlay
+          (self: super: {
+            mpv = super.mpv.override {scripts = [inputs.self.packages.${system}.mpv-visualizer];};
+            dmenu = super.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
+          })
+        ];
      };
      wrapScript = {
        packages ? [],
@@ -209,6 +223,7 @@
        betacode = pkgs.callPackage packages/betacode.nix {};
        cheat-sh = pkgs.callPackage packages/cheat-sh.nix {};
        closest = pkgs.callPackage packages/closest {};
+        cyberlocker-tools = pkgs.callPackage packages/cyberlocker-tools.nix {};
        default-gateway = pkgs.callPackage packages/default-gateway.nix {};
        depp = pkgs.callPackage packages/depp.nix {};
        devanagari = pkgs.callPackage packages/devanagari {};
@@ -223,7 +238,9 @@
        genius = pkgs.callPackage packages/genius.nix {};
        gfs-fonts = pkgs.callPackage packages/gfs-fonts.nix {};
        git-preview = pkgs.callPackage packages/git-preview.nix {};
+        hc = pkgs.callPackage packages/hc.nix {};
        heuretes = pkgs.callPackage packages/heuretes.nix {};
+        htgen = pkgs.callPackage packages/htgen.nix {};
        image-convert-favicon = pkgs.callPackage packages/image-convert-favicon.nix {};
        image-convert-tolino = pkgs.callPackage packages/image-convert-tolino.nix {};
        infschmv = pkgs.callPackage packages/infschmv.nix {};
@@ -234,6 +251,7 @@
        k-lock = pkgs.callPackage packages/k-lock.nix {};
        kirciuoklis = pkgs.callPackage packages/kirciuoklis.nix {};
        klem = pkgs.callPackage packages/klem.nix {};
+        kpaste = pkgs.callPackage packages/kpaste.nix {};
        literature-quote = pkgs.callPackage packages/literature-quote.nix {};
        mahlzeit = pkgs.haskellPackages.callPackage packages/mahlzeit.nix {};
        man-pandoc = pkgs.callPackage packages/man/pandoc.nix {};
@@ -260,6 +278,7 @@
        trans = pkgs.callPackage packages/trans.nix {};
        ttspaste = pkgs.callPackage packages/ttspaste.nix {};
        unicodmenu = pkgs.callPackage packages/unicodmenu.nix {};
+        untilport = pkgs.callPackage packages/untilport.nix {};
        vg = pkgs.callPackage packages/vg.nix {};
        vimPlugins-cheat-sh-vim = pkgs.callPackage packages/vimPlugins/cheat-sh.nix {};
        vimPlugins-icalendar-vim = pkgs.callPackage packages/vimPlugins/icalendar-vim.nix {};
@@ -271,6 +290,7 @@
        vimPlugins-vim-mail = pkgs.callPackage packages/vimPlugins/vim-mail.nix {};
        vimPlugins-vim-reason-plus = pkgs.callPackage packages/vimPlugins/vim-reason-plus.nix {};
        vimv = pkgs.callPackage packages/vimv.nix {};
+        weechat-declarative = pkgs.callPackage packages/weechat-declarative.nix {};
        weechatScripts-hotlist2extern = pkgs.callPackage packages/weechatScripts/hotlist2extern.nix {};
        wttr = pkgs.callPackage packages/wttr.nix {};

--- a/lib/panoptikon.nix
+++ b/lib/panoptikon.nix
@@ -0,0 +1,45 @@
+{
+  pkgs,
+  lib,
+  niveumPackages,
+  config,
+  ...
+}: {
+  # watcher scripts
+  url = address:
+    pkgs.writers.writeDash "watch-url" ''
+      ${pkgs.curl}/bin/curl -sSL ${lib.escapeShellArg address} \
+        | ${pkgs.python3Packages.html2text}/bin/html2text --decode-errors=ignore
+    '';
+  urlSelector = selector: address:
+    pkgs.writers.writeDash "watch-url-selector" ''
+      ${pkgs.curl}/bin/curl -sSL ${lib.escapeShellArg address} \
+        | ${pkgs.htmlq}/bin/htmlq ${lib.escapeShellArg selector} \
+        | ${pkgs.python3Packages.html2text}/bin/html2text
+    '';
+  urlJSON = {jqScript ? "."}: address:
+    pkgs.writers.writeDash "watch-url-json" ''
+      ${pkgs.curl}/bin/curl -sSL ${lib.escapeShellArg address} | ${pkgs.jq}/bin/jq -f ${pkgs.writeText "script.jq" jqScript}
+    '';
+
+  # reporter scripts
+  kpaste-irc = {
+    target,
+    retiolumLink ? false,
+    server ? "irc.r",
+    messagePrefix ? "change detected: ",
+    nick ? ''"$PANOPTIKON_WATCHER"-watcher'',
+  }:
+    pkgs.writers.writeDash "kpaste-irc-reporter" ''
+      ${niveumPackages.kpaste}/bin/kpaste \
+        | ${pkgs.gnused}/bin/sed -n "${
+        if retiolumLink
+        then "2"
+        else "3"
+      }s/^/${messagePrefix}/p" \
+        | ${config.nur.repos.mic92.ircsink}/bin/ircsink \
+          --nick ${nick} \
+          --server ${server} \
+          --target ${target}
+    '';
+}
--- a/lib/streams.nix
+++ b/lib/streams.nix
@@ -1847,71 +1847,127 @@ in
      stream = dr "p8jazz";
      tags = [tags.jazz tags.danish];
    }
+    {
+      station = "CNN morse code slow";
+      stream = "http://cw.dimebank.com:8080/CNNslow";
+      tags = [tags.text];
+    }
+    {
+      station = "CNN morse code fast";
+      stream = "http://cw.dimebank.com:8080/CNNfast";
+      tags = [tags.text];
+    }
+    {
+      station = "XXX orchestral";
+      stream = "http://orion.shoutca.st:8978/stream";
+      tags = [tags.classical];
+    }
+    {
+      station = "XXX greek";
+      stream = "http://radio.hostchefs.net:8046/stream?1520818130148";
+      tags = [tags.greek];
+    }
+    {
+      station = "XXX turkish or greek";
+      stream = "https://onairmediagroup.live24.gr/kralfm100xanthi";
+      tags = [tags.greek tags.turkish];
+    }
+    {
+      station = "Hard Rock Hell Radio";
+      tags = [tags.rock];
+      stream = "http://andromeda.shoutca.st:9254/stream";
+    }
+    {
+      station = "Divyavani";
+      tags = [tags.trad tags.indian];
+      stream = "https://divyavani.radioca.st/stream";
+    }
+    {
+      station = "XXX sanskrit radio";
+      tags = [tags.text tags.indian];
+      stream = "https://stream-23.zeno.fm/m08mkwsyw8quv?zs=0w7MJFPdRfavhR_zPt0M2g";
+    }
+    {
+      station = "Radio Mariam Arabic";
+      stream = "http://www.dreamsiteradiocp4.com:8014/stream";
+      tags = [tags.text tags.arabic];
+    }
+    {
+      station = "Kamchatka Live Rock";
+      stream = "https://radio.kamchatkalive.ru:8103/rock";
+      tags = [tags.rock];
+    }
+    {
+      station = "Kamchatka Live Chillout";
+      stream = "https://radio.kamchatkalive.ru:8103/chillout";
+      tags = [tags.chill];
+    }
+    {
+      station = "Kamchatka Live Dance";
+      stream = "https://radio.kamchatkalive.ru:8103/dance";
+      tags = [tags.party];
+    }
+    {
+      tags = [tags.arabic tags.text];
+      stream = "http://n02.radiojar.com/sxfbks1vfy8uv.mp3";
+      station = "Bahrain Radio 102.3 FM (Arabic Stories)";
+    }
+    {
+      tags = [tags.arabic tags.text tags.holy];
+      stream = "http://s2.voscast.com:12312/;";
+      station = "Bahrain Quran Radio";
+    }
+    {
+      tags = [tags.arabic tags.text tags.holy];
+      stream = "http://162.244.81.30:8224/;";
+      station = "Quran Radio Lebanon";
+    }
+    {
+      tags = [tags.arabic tags.text tags.holy];
+      station = "Coptic for God";
+      stream = "http://66.70.249.70:5832/stream";
+    }
+    {
+      stream = "http://stream-025.zeno.fm/5y95pu36sm0uv?";
+      station = "Hayat FM";
+      tags = [tags.arabic tags.text tags.holy];
+    }
+    {
+      stream = "http://uk2.internet-radio.com:8151/stream";
+      station = "The Quran Radio";
+      tags = [tags.arabic tags.text tags.holy];
+    }
  ]
+  ++ map (name: {
+    stream = "https://${name}.stream.publicradio.org/${name}.aac";
+    station = "${name} | Your Classical";
+    tags = [tags.classical];
+  }) ["ycradio" "guitar" "cms" "relax" "lullabies" "choral" "favorites" "chambermusic" "concertband" "holiday"]
 /*
      (caster-fm "TODO" "noasrv" 10182) # https://github.com/cccruzr/albumsyoumusthear/blob/7e00baf575e4d357cd275d54d1aeb717321141a8/HLS/IBERO_90_1.m3u
      (caster-fm "TODO" "shaincast" 20866) # https://github.com/cccruzr/albumsyoumusthear/blob/7e00baf575e4d357cd275d54d1aeb717321141a8/HLS/IBERO_90_1.m3u

-CNN news in morse code
-http://cw.dimebank.com:8080/CNNslow
-http://cw.dimebank.com:8080/CNNfast
-
-Orchestral
-http://orion.shoutca.st:8978/stream

 LoFi / Chill
 http://ice55.securenetsystems.net/DASH76

-News background music
-https://c13014-l-hls.u.core.cdn.streamfarm.net/1000153copo/hk2.m3u8
-
-?
-http://94.23.221.158:9163/stream
-
-Greek radio
-http://radio.hostchefs.net:8046/stream?1520818130148

 : http://audiokrishna.com/stations/japa2.mp3
-http://185.105.4.53:2339//;stream.mp3
-http://cast5.servcast.net:1390/;stream.mp3
-
-Hard rock
-http://andromeda.shoutca.st:9254/stream

 Rock alternative
 http://icy.unitedradio.it/VirginRockAlternative.mp3

-American nautical weather news
-http://ca.radioboss.fm:8149/stream

 Christian radio in all languages
 https://jesuscomingfm.com/#
 tamazight http://live.jesuscomingfm.com:8462/;

-supposedly good Greek radio
-https://onairmediagroup.live24.gr/kralfm100xanthi

 Somali Radio
 http://n0b.radiojar.com/1pu7hhf8kfhvv

-Sanskrit
-https://stream-23.zeno.fm/m08mkwsyw8quv?zs=0w7MJFPdRfavhR_zPt0M2g
-https://divyavani.radioca.st/stream

 Chillout from kassel
 https://server4.streamserver24.com:2199/tunein/ejanowsk.pls
-
-Radio Mariam Arabic (Rome)
-http://www.dreamsiteradiocp4.com:8014/stream
-
-https://radio.kamchatkalive.ru:8103/rock
-https://radio.kamchatkalive.ru:8103/chillout
-https://radio.kamchatkalive.ru:8103/dance
-
-Fuṣḥā Stories (Bahrain Radio 102.3 FM)
-http://n02.radiojar.com/sxfbks1vfy8uv.mp3
-
-Bahrain Quran Radio
-http://s2.voscast.com:12312/;
 */

--- a/modules/htgen.nix
+++ b/modules/htgen.nix
@@ -0,0 +1,47 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  htgen = pkgs.callPackage ../packages/htgen.nix {};
+in {
+  options.services.htgen = lib.mkOption {
+    default = {};
+    type = lib.types.attrsOf (lib.types.submodule ({config, ...}: {
+      options = {
+        enable = lib.mkEnableOption "htgen-${config._module.args.name}";
+        port = lib.mkOption {
+          type = lib.types.int;
+        };
+        script = lib.mkOption {
+          type = lib.types.str;
+        };
+      };
+    }));
+  };
+  config = {
+    systemd.services =
+      lib.mapAttrs' (
+        name: cfg:
+          lib.nameValuePair "htgen-${name}" {
+            wantedBy = ["multi-user.target"];
+            after = ["network.target"];
+            environment = {
+              HOME = "/var/lib/htgen-${name}";
+              HTGEN_PORT = toString cfg.port;
+              HTGEN_SCRIPT = cfg.script;
+            };
+            serviceConfig = {
+              SyslogIdentifier = "htgen-${name}";
+              DynamicUser = true;
+              StateDirectory = "htgen-${name}";
+              PrivateTmp = true;
+              Restart = "always";
+              ExecStart = "${htgen}/bin/htgen --serve";
+            };
+          }
+      )
+      config.services.htgen;
+  };
+}
--- a/modules/panoptikon.nix
+++ b/modules/panoptikon.nix
@@ -67,48 +67,64 @@

      systemd.timers = lib.attrsets.mapAttrs' (watcherName: _:
        lib.nameValuePair "panoptikon-${watcherName}" {
-          timerConfig.RandomizedDelaySec = "60";
+          timerConfig.RandomizedDelaySec = toString (60 * 60);
        })
      cfg.watchers;

-      systemd.services = lib.attrsets.mapAttrs' (watcherName: watcherOptions:
-        lib.nameValuePair "panoptikon-${watcherName}" {
-          enable = true;
-          startAt = watcherOptions.frequency;
-          serviceConfig = {
-            Type = "oneshot";
-            User = "panoptikon";
-            Group = "panoptikon";
-            WorkingDirectory = "/var/lib/panoptikon";
-            RestartSec = "60";
-            Restart = "on-failure";
+      systemd.services =
+        {
+          setup-panoptikon = {
+            enable = true;
+            wantedBy = ["multi-user.target"];
+            serviceConfig = {
+              Type = "oneshot";
+              User = "panoptikon";
+              Group = "panoptikon";
+              WorkingDirectory = "/var/lib/panoptikon";
+              Restart = "on-failure";
+            };
+            script = ''
+              ${pkgs.git}/bin/git init --quiet
+              ${pkgs.git}/bin/git config user.email "panoptikon@${config.networking.hostName}"
+              ${pkgs.git}/bin/git config user.name Panoptikon
+            '';
          };
-          unitConfig = {
-            StartLimitIntervalSec = "300";
-            StartLimitBurst = "5";
-          };
-          environment.PANOPTIKON_WATCHER = watcherName;
-          wants = ["network-online.target"];
-          script = ''
-            set -efux
+        }
+        // lib.attrsets.mapAttrs' (watcherName: watcherOptions:
+          lib.nameValuePair "panoptikon-${watcherName}" {
+            enable = true;
+            after = ["setup-panoptikon.service"];
+            startAt = watcherOptions.frequency;
+            serviceConfig = {
+              Type = "oneshot";
+              User = "panoptikon";
+              Group = "panoptikon";
+              WorkingDirectory = "/var/lib/panoptikon";
+              RestartSec = "60";
+              Restart = "on-failure";
+            };
+            unitConfig = {
+              StartLimitIntervalSec = "300";
+              StartLimitBurst = "5";
+            };
+            environment.PANOPTIKON_WATCHER = watcherName;
+            wants = ["network-online.target"];
+            script = ''
+              set -efu

-            ${pkgs.git}/bin/git init --quiet
-            ${pkgs.git}/bin/git config user.email "panoptikon@${config.networking.hostName}"
-            ${pkgs.git}/bin/git config user.name Panoptikon
+              ${watcherOptions.script} > ${watcherName}
+              ${pkgs.git}/bin/git add ${watcherName}
+              ${pkgs.git}/bin/git commit --message "${watcherName} / $(${pkgs.coreutils}/bin/date -Is)" || :

-            ${watcherOptions.script} > ${watcherName}
-            ${pkgs.git}/bin/git add ${watcherName}
-            ${pkgs.git}/bin/git commit --message "$(${pkgs.coreutils}/bin/date -Is)" || :
-
-            if [ -n "$(${pkgs.git}/bin/git diff HEAD^ -- ${watcherName})" ]; then
-              ${lib.strings.concatMapStringsSep "\n" (reporter: ''
-                ${pkgs.git}/bin/git diff HEAD^ -- ${watcherName} | ${reporter}
-              '')
-              watcherOptions.reporters}
-              :
-            fi
-          '';
-        })
-      cfg.watchers;
+              if [ -n "$(${pkgs.git}/bin/git diff HEAD^ -- ${watcherName})" ]; then
+                ${lib.strings.concatMapStringsSep "\n" (reporter: ''
+                  ${pkgs.git}/bin/git diff HEAD^ -- ${watcherName} | ${reporter}
+                '')
+                watcherOptions.reporters}
+                :
+              fi
+            '';
+          })
+        cfg.watchers;
    };
 }
--- a/modules/power-action.nix
+++ b/modules/power-action.nix
@@ -0,0 +1,94 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.services.power-action;
+
+  out = {
+    options.services.power-action = api;
+    config = lib.mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "power-action";
+    battery = mkOption {
+      type = types.str;
+      default = "BAT0";
+    };
+    user = mkOption {
+      type = types.str;
+      default = "power-action";
+    };
+    startAt = mkOption {
+      type = types.str;
+      default = "*:0/1";
+    };
+    plans = mkOption {
+      type = with types;
+        attrsOf (submodule {
+          options = {
+            charging = mkOption {
+              type = nullOr bool;
+              default = null;
+              description = ''
+                check for charging status.
+                null = don't care
+                true = only if system is charging or unknown
+                false = only if system is discharging
+              '';
+            };
+            upperLimit = mkOption {
+              type = int;
+            };
+            lowerLimit = mkOption {
+              type = int;
+            };
+            action = mkOption {
+              type = path;
+            };
+          };
+        });
+    };
+  };
+
+  imp = {
+    systemd.services.power-action = {
+      serviceConfig = rec {
+        ExecStart = startScript;
+        User = cfg.user;
+      };
+      startAt = cfg.startAt;
+    };
+  };
+
+  startScript = pkgs.writers.writeDash "power-action" ''
+    set -euf
+
+    power="$(${powerlvl})"
+    state="$(${state})"
+    ${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)}
+  '';
+  charging_check = plan:
+    if (plan.charging == null)
+    then ""
+    else if plan.charging
+    then ''&& [ "$state" = "true" ]''
+    else ''&& ! [ "$state" = "true" ]'';
+
+  writeRule = _: plan: "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi";
+
+  powerlvl = pkgs.writers.writeDash "powerlvl" ''
+    cat /sys/class/power_supply/${cfg.battery}/capacity
+  '';
+
+  state = pkgs.writers.writeDash "state" ''
+    if [ "$(cat /sys/class/power_supply/${cfg.battery}/status)" = "Discharging" ]
+      then echo "false"
+      else echo "true"
+    fi
+  '';
+in
+  out
--- a/modules/retiolum.nix
+++ b/modules/retiolum.nix
@@ -0,0 +1,72 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; let
+  netname = "retiolum";
+  cfg = config.networking.retiolum;
+in {
+  options = {
+    networking.retiolum.ipv4 = mkOption {
+      type = types.str;
+      description = ''
+        own ipv4 address
+      '';
+    };
+    networking.retiolum.ipv6 = mkOption {
+      type = types.str;
+      description = ''
+        own ipv6 address
+      '';
+    };
+    networking.retiolum.nodename = mkOption {
+      type = types.str;
+      default = config.networking.hostName;
+      description = ''
+        tinc network name
+      '';
+    };
+  };
+
+  config = {
+    services.tinc.networks.${netname} = {
+      name = cfg.nodename;
+      hosts =
+        builtins.mapAttrs
+        (name: _: builtins.readFile "${<retiolum/hosts>}/${name}")
+        (builtins.readDir <retiolum/hosts>);
+      rsaPrivateKeyFile = toString <system-secrets/retiolum.key>;
+      ed25519PrivateKeyFile = toString <system-secrets/retiolum.ed25519>;
+      extraConfig = ''
+        LocalDiscovery = yes
+        AutoConnect = yes
+      '';
+    };
+
+    networking.extraHosts = builtins.readFile (toString <retiolum/etc.hosts>);
+
+    environment.systemPackages = [config.services.tinc.networks.${netname}.package];
+
+    networking.firewall = {
+      allowedTCPPorts = [655];
+      allowedUDPPorts = [655];
+    };
+    #services.netdata.portcheck.checks.tinc.port = 655;
+
+    systemd.network = {
+      enable = true;
+      networks = {
+        "${netname}".extraConfig = ''
+          [Match]
+          Name = tinc.${netname}
+
+          [Network]
+          Address=${cfg.ipv4}/12
+          Address=${cfg.ipv6}/16
+        '';
+      };
+    };
+  };
+}
--- a/modules/specus.nix
+++ b/modules/specus.nix
@@ -0,0 +1,96 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  specusMachines = {
+    servers = {
+      makanek = {
+        ipv4 = "10.100.0.1";
+        publicKey = "KhcScd4fBpdhQzK8Vc+1mEHQMQBpbKBUPB4oZ7skeSk=";
+      };
+      ful = {
+        ipv4 = "10.100.0.2";
+        publicKey = "0Y7+zoXkWJGVOWWnMjvYjtwP+WpggAlmkRbgMw0z8Dk=";
+      };
+    };
+    clients = {
+      kabsa = {
+        ipv4 = "10.100.0.101";
+        publicKey = "nRkzoRi9crKHF7263U37lt4GGL7/8637NBSKjifI9hY=";
+      };
+    };
+  };
+in {
+  options.services.specus = {
+    server = {
+      enable = lib.mkEnableOption "Specus private VPN (server)";
+    };
+    client = {
+      enable = lib.mkEnableOption "Specus private VPN (client)";
+    };
+    privateKeyFile = lib.mkOption {
+      type = lib.types.path;
+      description = "Private key file of the server/client machine";
+    };
+  };
+
+  config = let
+    cfg = config.services.specus;
+    specusPort = 22;
+  in
+    {
+      assertions = [
+        {
+          assertion =
+            !(cfg.server.enable && cfg.client.enable);
+          message = "specus: systems cannot be client and server at the same time";
+        }
+      ];
+    }
+    // lib.mkIf cfg.server.enable {
+      networking.nat = {
+        enable = true;
+        externalInterface = "eth0"; # TODO
+        internalInterfaces = ["specus"];
+      };
+      networking.firewall.allowedUDPPorts = [specusPort];
+      networking.wireguard.interfaces.specus = {
+        ips = ["${specusMachines.servers.${config.networking.hostName}.ipv4}/24"];
+        # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
+        postSetup = ''
+          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
+        '';
+        postShutdown = ''
+          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
+        '';
+        listenPort = specusPort;
+        privateKeyFile = cfg.privateKeyFile;
+        peers =
+          lib.mapAttrsToList (clientName: clientConfig: {
+            publicKey = clientConfig.publicKey;
+            allowedIPs = ["${clientConfig.ipv4}/32"];
+          })
+          specusMachines.clients;
+      };
+    }
+    // lib.mkIf cfg.client.enable {
+      networking.firewall.allowedUDPPorts = [specusPort];
+      networking.wireguard.interfaces = lib.attrsets.mapAttrs' (serverName: serverConfig:
+        lib.nameValuePair "specus-${serverName}" {
+          ips = ["${specusMachines.clients.${config.networking.hostName}.ipv4}/24"];
+          listenPort = specusPort;
+          privateKeyFile = cfg.privateKeyFile;
+          peers = [
+            {
+              allowedIPs = ["0.0.0.0/0"];
+              endpoint = "${(import ../lib/external-network.nix).${serverName}}:${toString specusPort}";
+              persistentKeepalive = 25;
+              publicKey = serverConfig.publicKey;
+            }
+          ];
+        })
+      specusMachines.servers;
+    };
+}
--- a/packages/cyberlocker-tools.nix
+++ b/packages/cyberlocker-tools.nix
@@ -0,0 +1,23 @@
+{pkgs}:
+pkgs.symlinkJoin {
+  name = "cyberlocker-tools";
+  paths = [
+    (pkgs.writers.writeDashBin "cput" ''
+      set -efu
+      path=''${1:-$(hostname)}
+      path=$(echo "/$path" | sed -E 's:/+:/:')
+      url=http://c.r$path
+
+      ${pkgs.curl}/bin/curl -fSs --data-binary @- "$url"
+      echo "$url"
+    '')
+    (pkgs.writers.writeDashBin "cdel" ''
+      set -efu
+      path=$1
+      path=$(echo "/$path" | sed -E 's:/+:/:')
+      url=http://c.r$path
+
+      ${pkgs.curl}/bin/curl -f -X DELETE "$url"
+    '')
+  ];
+}
--- a/packages/dic.nix
+++ b/packages/dic.nix
@@ -0,0 +1,43 @@
+{
+  fetchgit,
+  lib,
+  stdenv,
+  coreutils,
+  curl,
+  gnugrep,
+  gnused,
+  util-linux,
+}:
+stdenv.mkDerivation {
+  name = "dic";
+
+  src = fetchgit {
+    url = https://cgit.ni.krebsco.de/dic;
+    rev = "refs/tags/v1.1.1";
+    sha256 = "1gbj967a5hj53fdkkxijqgwnl9hb8kskz0cmpjq7v65ffz3v6vag";
+  };
+
+  phases = [
+    "unpackPhase"
+    "installPhase"
+  ];
+
+  installPhase = let
+    path = lib.makeBinPath [
+      coreutils
+      curl
+      gnused
+      gnugrep
+      util-linux
+    ];
+  in ''
+    mkdir -p $out/bin
+
+    sed \
+      's,^main() {$,&\n  PATH=${path}; export PATH,' \
+      < ./dic \
+      > $out/bin/dic
+
+    chmod +x $out/bin/dic
+  '';
+}
--- a/packages/hc.nix
+++ b/packages/hc.nix
@@ -0,0 +1,49 @@
+{
+  fetchgit,
+  lib,
+  makeWrapper,
+  stdenv,
+  coreutils,
+  findutils,
+  gawk,
+  gnugrep,
+  qrencode,
+  texlive,
+  utillinux,
+  zbar,
+}:
+stdenv.mkDerivation rec {
+  name = "hc-${meta.version}";
+
+  src = fetchgit {
+    url = "https://cgit.krebsco.de/hc";
+    rev = "refs/tags/v${meta.version}";
+    sha256 = "09349gja22p0j3xs082kp0fnaaada14bafszn4r3q7rg1id2slfb";
+  };
+
+  nativeBuildInputs = [makeWrapper];
+
+  buildPhase = null;
+
+  installPhase = ''
+    mkdir -p $out/bin
+
+    cp $src/bin/hc $out/bin/hc
+
+    wrapProgram $out/bin/hc \
+      --prefix PATH : ${lib.makeBinPath [
+      coreutils
+      findutils
+      gawk
+      gnugrep
+      qrencode
+      texlive.combined.scheme-full
+      utillinux
+      zbar
+    ]}
+  '';
+
+  meta = {
+    version = "1.0.0";
+  };
+}
--- a/packages/htgen.nix
+++ b/packages/htgen.nix
@@ -0,0 +1,31 @@
+{
+  fetchgit,
+  lib,
+  pkgs,
+  stdenv,
+}:
+stdenv.mkDerivation rec {
+  pname = "htgen";
+  version = "1.3.1";
+
+  src = fetchgit {
+    url = "http://cgit.krebsco.de/htgen";
+    rev = "refs/tags/${version}";
+    sha256 = "0ml8kp89bwkrwy6iqclzyhxgv2qn9dcpwaafbmsr4mgcl70zx22r";
+  };
+
+  installPhase = ''
+    mkdir -p $out/bin
+    {
+      echo '#! ${pkgs.dash}/bin/dash'
+      echo 'export PATH=${lib.makeBinPath [
+      pkgs.coreutils
+      pkgs.jq
+      pkgs.ucspi-tcp
+    ]}''${PATH+":$PATH"}'
+      sed 's:^Server=htgen$:&/${version}:' htgen
+    } > $out/bin/htgen
+    chmod +x $out/bin/htgen
+    cp -r examples $out
+  '';
+}
--- a/packages/kpaste.nix
+++ b/packages/kpaste.nix
@@ -0,0 +1,9 @@
+{
+  curl,
+  gnused,
+  writers,
+}:
+writers.writeDashBin "kpaste" ''
+  ${curl}/bin/curl -sS http://p.r --data-binary @"''${1:--}" |
+  ${gnused}/bin/sed '$ {p;s|http://p.r|https://p.krebsco.de|}'
+''
--- a/packages/timer.nix
+++ b/packages/timer.nix
@@ -9,6 +9,9 @@ writers.writeDashBin "timer" ''
    echo "Usage: $0 TIME MESSAGE" 1>&2
    exit 1
  }
+  time=$(echo "$1" | ${bc}/bin/bc)
  echo "sleeping $time seconds, then saying: $2"
-  ${coreutils}/bin/sleep "$time" && ${espeak}/bin/espeak -v german-mbrola-6 "$2"
+  ${coreutils}/bin/sleep "$time" && {
+    echo "$2" | ${espeak}/bin/espeak -v german-mbrola-6
+  }
 ''
--- a/packages/untilport.nix
+++ b/packages/untilport.nix
@@ -0,0 +1,17 @@
+{pkgs, ...}:
+pkgs.writers.writeDashBin "untilport" ''
+  set -euf
+
+  usage() {
+    echo 'untiport $target $port'
+    echo 'Sleeps until the destinated port is reachable.'
+    echo 'ex: untilport google.de 80 && echo "google is now reachable"'
+  }
+
+
+  if [ $# -ne 2 ]; then
+    usage
+  else
+    until ${pkgs.libressl.nc}/bin/nc -z "$@"; do sleep 1; done
+  fi
+''
--- a/packages/weechat-declarative.nix
+++ b/packages/weechat-declarative.nix
@@ -0,0 +1,177 @@
+{
+  pkgs,
+  lib,
+  ...
+} @ args: let
+  # config cannot be declared in the input attribute set because that would
+  # cause callPackage to inject the wrong config.  Instead, get it from ...
+  # via args.
+  config = args.config or {};
+
+  lib =
+    args.lib
+    // rec {
+      attrPaths = let
+        recurse = path: value:
+          if builtins.isAttrs value
+          then lib.mapAttrsToList (name: recurse (path ++ [name])) value
+          else [(lib.nameValuePair path value)];
+      in
+        attrs: lib.flatten (recurse [] attrs);
+
+      attrPathsSep = sep: attrs: lib.listToAttrs (map (x: x // {name = lib.concatStringsSep sep x.name;}) (attrPaths attrs));
+
+      toWeechatValue = x:
+        {
+          bool = builtins.toJSON x;
+          string = x;
+          list = lib.concatMapStringsSep "," toWeechatValue x;
+          int = toString x;
+        }
+        .${builtins.typeOf x};
+
+      setCommand = name: value: "/set ${name} \"${toWeechatValue value}\"";
+
+      filterAddreplace = name: filter: "/filter addreplace ${name} ${filter.buffer} ${toWeechatValue filter.tags} ${filter.regex}";
+    };
+
+  cfg = eval.config;
+
+  eval = lib.evalModules {
+    modules = lib.singleton {
+      _file = toString ./default.nix;
+      imports = lib.singleton config;
+      options = {
+        scripts = lib.mkOption {
+          type = lib.types.listOf lib.types.package;
+          default = [];
+          description = ''
+            some stuff from pkgs.weechatScripts
+          '';
+        };
+        settings = lib.mkOption {
+          type = (pkgs.formats.json {}).type;
+          description = ''
+            your weechat config in nix-style syntax.
+            secrets can be defined with \''${my.secret.value}
+          '';
+          default = {};
+          example = {
+            irc.server_default.nicks = "rick_\\\${sec.data.foo}";
+            irc.server_default.msg_part = "ciao kakao";
+            irc.server_default.msg_quit = "tschö mit \\\${sec.data.foo}";
+            irc.look.color_nicks_in_nicklist = true;
+            matrix.server.nibbana = {
+              address = "nibbana.jp";
+            };
+            irc.server.hackint = {
+              address = "irc.hackint.org/6697";
+              ssl = true;
+              autoconnect = true;
+              autojoin = ["#krebs"];
+            };
+            weechat.bar.buflist.hidden = true;
+            irc.server.hackint.command = lib.concatStringsSep "\\;" [
+              "/msg nickserv IDENTIFY \\\${sec.data.hackint_password}"
+              "/msg nickserv SET CLOAK ON"
+            ];
+            filters.playlist_topic = {
+              buffer = "irc.*.#the_playlist";
+              tags = ["irc_topic"];
+              regex = "*";
+            };
+            relay = {
+              port.weechat = 9000;
+              network.password = "hunter2";
+            };
+            alias.cmd.mod = "quote omode $channel +o $nick";
+            secure.test.passphrase_command = "echo lol1234123124";
+          };
+        };
+        extraCommands = lib.mkOption {
+          type = lib.types.lines;
+          default = "";
+        };
+        files = lib.mkOption {
+          type = lib.types.attrsOf lib.types.str;
+          default = {};
+          example = lib.literalExpression ''
+            {
+              "sec.conf" = toString (pkgs.writeText "sec.conf" '''
+                [crypt]
+                cipher = aes256
+                hash_algo = sha256
+                passphrase_command = ""
+                salt = on
+
+                [data]
+                __passphrase__ = off
+                foo = "bar"
+              ''');
+            }
+          '';
+        };
+      };
+    };
+  };
+
+  setFile = pkgs.writeText "weechat.set" (
+    lib.optionalString (cfg.settings != {})
+    (lib.concatStringsSep "\n" (
+      lib.optionals
+      (cfg.settings.irc or {} != {})
+      (lib.mapAttrsToList
+        (name: server: "/server add ${name} ${lib.toWeechatValue server.addresses}")
+        cfg.settings.irc.server)
+      ++ lib.optionals
+      (cfg.settings.matrix or {} != {})
+      (lib.mapAttrsToList
+        (name: server: "/matrix server add ${name} ${server.address}")
+        cfg.settings.matrix.server)
+      ++ lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings)
+      ++ lib.optionals
+      (cfg.settings.filters or {} != {})
+      (lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters)
+      ++ lib.singleton cfg.extraCommands
+    ))
+  );
+
+  weechat = pkgs.weechat.override {
+    configure = _: {
+      init = "/exec -oc cat ${setFile}";
+
+      scripts = cfg.scripts;
+    };
+  };
+
+  wrapper = pkgs.writers.writeDashBin "weechat" ''
+    CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat
+    ${pkgs.coreutils}/bin/mkdir -p "$CONFDIR"
+    ${
+      lib.concatStringsSep "\n"
+      (
+        lib.mapAttrsToList
+        (name: target:
+          /*
+          sh
+          */
+          ''
+            ${pkgs.coreutils}/bin/cp ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name}
+            ${pkgs.coreutils}/bin/chmod -w "$CONFDIR"/${lib.escapeShellArg name}
+          '')
+        cfg.files
+      )
+    }
+    exec ${weechat}/bin/weechat "$@"
+  '';
+in
+  pkgs.symlinkJoin {
+    name = "weechat-configured";
+    paths = [
+      wrapper
+      pkgs.weechat
+    ];
+    postBuild = ''
+      ln -s ${setFile} $out/weechat.set
+    '';
+  }
--- a/2
+++ b/2
--- a/systems/ful/configuration.nix
+++ b/systems/ful/configuration.nix
@@ -49,6 +49,12 @@ in {
    };
    root.file = ../../secrets/ful-root.age;
    restic.file = ../../secrets/restic.age;
+    specus.file = ../../secrets/ful-specus-privateKey.age;
+  };
+
+  services.specus = {
+    privateKeyFile = config.age.secrets.specus.path;
+    server.enable = true;
  };

  services.restic.backups.niveum = {
--- a/systems/ful/panoptikon.nix
+++ b/systems/ful/panoptikon.nix
@@ -2,128 +2,106 @@
  config,
  pkgs,
  lib,
+  niveumLib,
+  niveumPackages,
  ...
 }: let
-  kpaste = pkgs.writers.writeDash "kpaste" ''
-    ${pkgs.curl}/bin/curl -sS -sS http://p.r --data-binary @"''${1:--}" | ${pkgs.gnused}/bin/sed '$ {p;s|http://p.r|https://p.krebsco.de|}'
-  '';
+  panoptikon = niveumLib.panoptikon {inherit pkgs lib niveumPackages config;};

-  url = address:
-    pkgs.writers.writeDash "watch-url" ''
-      ${pkgs.w3m}/bin/w3m -dump ${lib.escapeShellArg address}
-    '';
+  irc-xxx = panoptikon.kpaste-irc {
+    target = lib.escapeShellArg "#xxx";
+    retiolumLink = true;
+  };

-  urlJSON = address:
-    pkgs.writers.writeDash "watch-url-json" ''
-      ${pkgs.curl}/bin/curl -sSL ${lib.escapeShellArg address} | ${pkgs.jq}/bin/jq
-    '';
-
-  urlSelector = selector: address:
-    pkgs.writers.writeDash "watch-url-selector" ''
-      ${pkgs.curl}/bin/curl -sSL ${lib.escapeShellArg address} \
-        | ${pkgs.htmlq}/bin/htmlq ${lib.escapeShellArg selector} \
-        | ${pkgs.python3Packages.html2text}/bin/html2text
-    '';
-
-  reporters.irc-xxx = pkgs.writers.writeDash "irc-xxx" ''
-    ${kpaste} \
-    | ${pkgs.gnused}/bin/sed -n '2s/^/change detected: /p' \
-    | ${config.nur.repos.mic92.ircsink}/bin/ircsink \
-      --nick "$PANOPTIKON_WATCHER"-watcher \
-      --server irc.r \
-      --target '#xxx'
-  '';
-
-  reporters.irc-kmein = pkgs.writers.writeDash "irc-xxx" ''
-    ${kpaste} \
-    | ${pkgs.gnused}/bin/sed -n "3s/^/$PANOPTIKON_WATCHER: /p" \
-    | ${config.nur.repos.mic92.ircsink}/bin/ircsink \
-      --nick panoptikon-kmein \
-      --server irc.r \
-      --target 'kmein'
-  '';
+  irc-kmein = panoptikon.kpaste-irc {
+    messagePrefix = "$PANOPTIKON_WATCHER: ";
+    target = "kmein";
+    nick = "panoptikon-kmein";
+    retiolumLink = false;
+  };
 in {
  services.panoptikon = {
    enable = true;
    watchers = {
      "github-meta" = {
-        script = urlJSON "https://api.github.com/meta";
-        reporters = [reporters.irc-xxx];
+        script = panoptikon.urlJSON {} "https://api.github.com/meta";
+        reporters = [irc-xxx];
      };
      lammla = {
-        script = url "http://lammla.info/index.php?reihe=30";
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.url "http://lammla.info/index.php?reihe=30";
+        reporters = [irc-kmein];
      };
      kratylos = {
-        script = url "https://kratylos.reichert-online.org/current_issue/KRATYLOS";
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.url "https://kratylos.reichert-online.org/current_issue/KRATYLOS";
+        reporters = [irc-kmein];
      };
      zeno-free = {
-        script = urlSelector ".zenoCOMain" "http://www.zeno.org/Lesesaal/M/E-Books";
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.urlSelector ".zenoCOMain" "http://www.zeno.org/Lesesaal/M/E-Books";
+        reporters = [irc-kmein];
      };
      carolinawelslau = {
-        script = urlSelector "#main" "https://carolinawelslau.de/";
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.urlSelector "#main" "https://carolinawelslau.de/";
+        reporters = [irc-kmein];
      };
      lisalittmann = {
-        script = urlSelector "#main" "https://lisalittmann.de/";
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.urlSelector "#site-content" "https://lisalittmann.de/";
+        reporters = [irc-kmein];
      };
      lisalittmann-archive = {
-        script = urlSelector "#main" "https://lisalittmann.de/archive/";
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.urlSelector "#site-content" "https://lisalittmann.de/archive/";
+        reporters = [irc-kmein];
      };
      lisalittmann-projects = {
-        script = urlSelector "#main" "https://lisalittmann.de/projects/";
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.urlSelector "#site-content" "https://lisalittmann.de/projects/";
+        reporters = [irc-kmein];
      };
      tatort = {
-        script = urlSelector ".linklist" "https://www.daserste.de/unterhaltung/krimi/tatort/sendung/index.html";
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.urlSelector ".linklist" "https://www.daserste.de/unterhaltung/krimi/tatort/sendung/index.html";
+        reporters = [irc-kmein];
      };
      warpgrid-idiomarium = {
-        script = urlSelector "#site-content" "https://warpgrid.de/idiomarium/";
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/idiomarium/";
+        reporters = [irc-kmein];
      };
      warpgrid-futurism = {
-        script = urlSelector "#site-content" "https://warpgrid.de/futurism/";
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/futurism/";
+        reporters = [irc-kmein];
      };
      warpgrid-imagiary = {
-        script = urlSelector "#site-content" "https://warpgrid.de/imagiary/";
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/imagiary/";
+        reporters = [irc-kmein];
      };
      warpgrid-alchemy = {
-        script = urlSelector "#site-content" "https://warpgrid.de/alchemy/";
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/alchemy/";
+        reporters = [irc-kmein];
      };
      indogermanische-forschungen = {
-        script = urlSelector "#latestIssue" "https://www.degruyter.com/journal/key/INDO/html";
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.urlSelector "#latestIssue" "https://www.degruyter.com/journal/key/INDO/html";
+        reporters = [irc-kmein];
      };
      ig-neuigkeiten = {
-        script = urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/aktuelles/neuigkeiten.html";
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/aktuelles/neuigkeiten.html";
+        reporters = [irc-kmein];
      };
      ig-tagungen = {
-        script = urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/aktuelles/tagungen-der-ig.html";
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/tagungen/tagungen-der-ig.html";
+        reporters = [irc-kmein];
      };
      fxght-or-flxght = {
-        script = pkgs.writers.writeDash "watch-url-json" ''
-          ${pkgs.curl}/bin/curl -sSL 'https://api.tellonym.me/profiles/name/fxght.or.flxght?limit=20' \
-          | ${pkgs.jq}/bin/jq '.answers | map(
-            select(.type == "answer")
-            | {
-               question: .tell,
-               answer: .answer,
-               date: .createdAt,
-               media: .media | map(.url)
-            }
-          )'
-        '';
-        reporters = [reporters.irc-kmein];
+        script = panoptikon.urlJSON {
+          jqScript = ''
+            .answers | map(
+              select(.type == "answer")
+              | {
+                 question: .tell,
+                 answer: .answer,
+                 date: .createdAt,
+                 media: .media | map(.url)
+              }
+            )
+          '';
+        } "https://api.tellonym.me/profiles/name/fxght.or.flxght?limit=20";
+        reporters = [irc-kmein];
      };
    };
  };
--- a/systems/ful/radio.nix
+++ b/systems/ful/radio.nix
@@ -2,11 +2,38 @@
  lib,
  pkgs,
  config,
+  niveumPackages,
  ...
 }: let
  inherit (import ../../lib) tmpfilesConfig;
  liquidsoapDirectory = "/var/cache/liquidsoap";
  icecastPassword = "hackme";
+  refresh-qasaid = pkgs.writers.writeDashBin "refresh-qasaid" ''
+    (
+      for i in $(seq 1 22)
+      do
+        ${pkgs.curl}/bin/curl -sSL "https://www.hindawi.org/poems/$i/"
+      done
+    ) | ${pkgs.htmlq}/bin/htmlq '.poems li' \
+      | ${pkgs.fq}/bin/fq -d html  '
+        .html.body.li
+        | map(.a
+          | {
+            id: .[0].["@href"] | sub("/poems/"; "") | sub("/$"; "") | tonumber,
+            poem: .[0].["#text"],
+            author: .[1].["#text"]
+          })
+      ' | ${niveumPackages.cyberlocker-tools}/bin/cput qasaid.json
+  '';
+  qasida-poem = pkgs.writers.writeDash "qasida.sh" ''
+    set -efu
+    ${pkgs.jq}/bin/jq -c '.[]' < ${pkgs.fetchurl {
+      url = "https://c.krebsco.de/qasaid.json";
+      sha256 = "0vh1jzdrvjrdyq7dzya9k9g3jyli9jr0zfsqb2m1phm39psy4g2b";
+    }} \
+      | shuf -n1 \
+      | ${pkgs.jq}/bin/jq -r '"annotate:title=\"\(.poem) | https://www.hindawi.org/poems/\(.id)/\",artist=\"\(.author)\":https://downloads.hindawi.org/poems/\(.id)/\(.id).m4a"'
+  '';
  lyrikline-poem = pkgs.writers.writeDash "lyrikline.sh" ''
    set -efu

@@ -92,6 +119,7 @@ in {
    end

    make_streams("lyrikline", random_url("${lyrikline-poem}"), description="lyrikline. listen to the poet (unofficial)", genre="poetry")
+    make_streams("qasida", random_url("${qasida-poem}"), description="Qasa'id. Classical arabic poetry", genre="poetry")
    make_streams("lyrik", random_url("${stavenhagen-poem}"), description="Fritz Stavenhagen – Lyrik für alle | www.deutschelyrik.de", genre="poetry")
    make_streams("wikipedia", random_url("${wikipedia-article}"), description="Zufällige Artikel von Wikipedia", genre="useless knowledge")
  '';
--- a/systems/kabsa/configuration.nix
+++ b/systems/kabsa/configuration.nix
@@ -40,10 +40,16 @@ in {
    restic.file = ../../secrets/restic.age;
    syncthing-cert.file = ../../secrets/kabsa-syncthing-cert.age;
    syncthing-key.file = ../../secrets/kabsa-syncthing-key.age;
+    specus.file = ../../secrets/kabsa-specus-privateKey.age;
  };

  environment.systemPackages = [pkgs.minecraft pkgs.zeroad];

+  services.specus = {
+    privateKeyFile = config.age.secrets.specus.path;
+    client.enable = false;
+  };
+
  networking = {
    hostName = "kabsa";
    wireless.interfaces = ["wlp3s0"];
--- a/systems/makanek/configuration.nix
+++ b/systems/makanek/configuration.nix
@@ -95,6 +95,12 @@ in {
      group = "tinc.retiolum";
    };
    restic.file = ../../secrets/restic.age;
+    specus.file = ../../secrets/makanek-specus-privateKey.age;
+  };
+
+  services.specus = {
+    privateKeyFile = config.age.secrets.specus.path;
+    server.enable = true;
  };

  system.stateVersion = "20.03";
--- a/systems/makanek/tarot.nix
+++ b/systems/makanek/tarot.nix
@@ -15,32 +15,32 @@
    sha256 = "1n2m53kjg2vj9dbr70b9jrsbqwdfrcb48l4wswn21549fi24g6dx";
  };
 in {
-  krebs.htgen.tarot = {
+  services.htgen.tarot = {
    port = tarotPort;
-    scriptFile = pkgs.writers.writeDash "tarot" ''
-      case "$Method $Request_URI" in
-        "GET /")
-          if item=$(${pkgs.findutils}/bin/find ${toString tarotFiles} -type f | ${pkgs.coreutils}/bin/shuf -n1); then
-            card=$(mktemp --tmpdir tarot.XXX)
-            trap 'rm $card' EXIT
-            reverse=$(${pkgs.coreutils}/bin/shuf -i0-1 -n1)
-            if [ "$reverse" -eq 1 ]; then
-              ${pkgs.imagemagick}/bin/convert -rotate 180 "$item" "$card"
-            else
-              ${pkgs.coreutils}/bin/cp "$item" "$card"
+    script = ''. ${pkgs.writers.writeDash "tarot" ''
+        case "$Method $Request_URI" in
+          "GET /")
+            if item=$(${pkgs.findutils}/bin/find ${toString tarotFiles} -type f | ${pkgs.coreutils}/bin/shuf -n1); then
+              card=$(mktemp --tmpdir tarot.XXX)
+              trap 'rm $card' EXIT
+              reverse=$(${pkgs.coreutils}/bin/shuf -i0-1 -n1)
+              if [ "$reverse" -eq 1 ]; then
+                ${pkgs.imagemagick}/bin/convert -rotate 180 "$item" "$card"
+              else
+                ${pkgs.coreutils}/bin/cp "$item" "$card"
+              fi
+              printf 'HTTP/1.1 200 OK\r\n'
+              printf 'Content-Type: %s\r\n' "$(${pkgs.file}/bin/file -ib "$card")"
+              printf 'Server: %s\r\n' "$Server"
+              printf 'Connection: close\r\n'
+              printf 'Content-Length: %d\r\n' $(${pkgs.coreutils}/bin/wc -c < "$card")
+              printf '\r\n'
+              cat "$card"
+              exit
            fi
-            printf 'HTTP/1.1 200 OK\r\n'
-            printf 'Content-Type: %s\r\n' "$(${pkgs.file}/bin/file -ib "$card")"
-            printf 'Server: %s\r\n' "$Server"
-            printf 'Connection: close\r\n'
-            printf 'Content-Length: %d\r\n' $(${pkgs.coreutils}/bin/wc -c < "$card")
-            printf '\r\n'
-            cat "$card"
-            exit
-          fi
-        ;;
-      esac
-    '';
+          ;;
+        esac
+      ''}'';
  };

  niveum.passport.services = [
--- a/systems/makanek/weechat.nix
+++ b/systems/makanek/weechat.nix
@@ -1,11 +1,12 @@
 {
  lib,
  pkgs,
-  inputs,
+  config,
  ...
 }: let
  inherit (import ../../lib) kieran;
  weechatHome = "/var/lib/weechat";
+  weechat-declarative = pkgs.callPackage ../../packages/weechat-declarative.nix {};
 in {
  systemd.services.weechat = let
    tmux = pkgs.writers.writeDash "tmux" ''
@@ -26,12 +27,12 @@ in {
        ''
      } "$@"
    '';
-    weechat = inputs.stockholm.packages.x86_64-linux.weechat-declarative.override {
+    weechat = weechat-declarative.override {
      config = {
        scripts = [
          pkgs.weechatScripts.weechat-autosort
          pkgs.weechatScripts.colorize_nicks
-          pkgs.weechatScripts.weechat-matrix
+          # pkgs.weechatScripts.weechat-matrix
          (pkgs.callPackage ../../packages/weechatScripts/hotlist2extern.nix {})
        ];
        settings = let
@@ -63,6 +64,7 @@ in {
                autojoin = ["#eloop" "#krebs" "#hsmr" "#hsmr-moin" "#nixos" "#the_playlist" "#flipdot-berlin" "#hackint"];
                sasl_mechanism = "plain";
                sasl_username = nick;
+                sasl_password = "\${sec.data.hackint_sasl}";
              };
              libera = {
                autoconnect = true;
@@ -71,12 +73,17 @@ in {
                autojoin = ["#flipdot" "#haskell" "#nixos" "#fysi" "#binaergewitter" "#vim" "#newsboat"];
                sasl_mechanism = "plain";
                sasl_username = nick;
+                sasl_password = "\${sec.data.libera_sasl}";
              };
              oftc = {
                autoconnect = true;
                addresses = "irc.oftc.net/6697";
                ssl = true;
                ipv6 = true;
+                command = lib.concatStringsSep "\\;" [
+                  "/msg nickserv identify  \${sec.data.oftc_account}"
+                  "/msg nickserv set cloak on"
+                ];
                autojoin = ["#home-manager"];
              };
              retiolum = {
@@ -91,6 +98,7 @@ in {
                ];
                sasl_mechanism = "plain";
                sasl_username = nick;
+                sasl_password = "\${sec.data.retiolum_sasl}";
              };
              news = {
                autoconnect = true;
@@ -115,11 +123,13 @@ in {
          matrix.server.nibbana = {
            address = "nibbana.jp";
            username = nick;
+            password = "\${sec.data.nibbana_account}";
            autoconnect = true;
          };
          alias.cmd.mod = "/quote omode $channel +o $nick";
          relay = {
            port.weechat = 9000;
+            network.password = "\${sec.data.relay_password}";
          };
          filters = {
            zerocovid = {
@@ -156,9 +166,9 @@ in {
        };
        extraCommands = ''
          /save
-          /matrix connect nibbana
          /connect -all
        '';
+        # /matrix connect nibbana
      };
    };
  in {
@@ -168,7 +178,7 @@ in {
    restartIfChanged = true;
    path = [pkgs.alacritty.terminfo];
    environment.WEECHAT_HOME = weechatHome;
-    preStart = "${pkgs.coreutils}/bin/rm $WEECHAT_HOME/*.conf";
+    # preStart = "${pkgs.coreutils}/bin/rm $WEECHAT_HOME/*.conf";
    script = "${tmux} -2 new-session -d -s IM ${weechat}/bin/weechat";
    preStop = "${tmux} kill-session -t IM";
    serviceConfig = {
@@ -194,6 +204,14 @@ in {
    packages = [pkgs.tmux];
  };

+  age.secrets.weechat-sec = {
+    file = ../../secrets/weechat-sec.conf.age;
+    path = "/var/lib/weechat/sec.conf";
+    owner = "weechat";
+    group = "weechat";
+    mode = "440";
+  };
+
  niveum.passport.services = [
    {
      title = "weechat bouncer";
Author	SHA1	Message	Date
Kierán Meinhardt	2d25c1fc7b	wip: add specus VPN	2023-04-14 08:43:23 +02:00
Kierán Meinhardt	9456adc0b5	chore: update	2023-04-14 08:42:59 +02:00
Kierán Meinhardt	d6372b8d8e	feat(stardict): add turkish	2023-04-14 08:42:22 +02:00
Kierán Meinhardt	5da8218a8f	feat(streams): add more	2023-04-01 17:46:56 +02:00
Kierán Meinhardt	17cbff9917	feat(radio): add qasida arabic poetry radio	2023-04-01 17:46:48 +02:00
Kierán Meinhardt	d72c234adb	fix(weechat): disable matrix for now	2023-03-31 11:00:01 +02:00
Kierán Meinhardt	ffc5f9b596	fix(panoptikon): add watcher name to commit message, random delay 1h, ignore html errors, #xxx notification	2023-03-31 10:59:52 +02:00
Kierán Meinhardt	c20a9e3098	feat(flake): override mpv and dmenu for own packages	2023-03-30 19:16:54 +02:00
Kierán Meinhardt	7759cfb35f	feat(panoptikon): add library to flake outputs and use	2023-03-30 19:16:54 +02:00
Kierán Meinhardt	b7a5c3c333	chore: update	2023-03-28 22:28:51 +02:00
Kierán Meinhardt	672257fc04	fix: hu-vpn conflicts with hu-eduroam	2023-03-28 11:03:20 +02:00
Kierán Meinhardt	fada909105	feat(panoptikon): setup in different service	2023-03-27 09:27:44 +02:00
Kierán Meinhardt	96d44a52f0	feat: install agenix package	2023-03-27 09:27:30 +02:00
Kierán Meinhardt	22f957ee1f	fix(weechat): do not delete secrets on startup	2023-03-26 20:22:44 +02:00
Kierán Meinhardt	13e674389d	feat: independence from stockholm	2023-03-26 19:24:38 +02:00
Kierán Meinhardt	f805550ff8	fix(panoptikon)	2023-03-26 19:14:57 +02:00