30 changed files with 474 additions and 226 deletions
--- a/configuration/common/nix.nix
+++ b/configuration/common/nix.nix
@ -4,7 +4,7 @@
  clerie.nixfiles.enable = true;
-  clerie.system-auto-upgrade.enable = true;
+  clerie.nixfiles.system-auto-upgrade.enable = true;
  nix.settings = {
    trusted-users = [ "@wheel" "@guests" ];
@ -51,21 +51,8 @@
       };
       exact = true;
    };
    "templates" = {
       from = {
         type = "indirect";
         id = "templates";
       };
       to = {
         type = "git";
         url = "https://git.clerie.de/clerie/flake-templates.git";
       };
    };
  };
  documentation.doc.enable = false;
  environment.systemPackages = with pkgs; [
    nix-remove-result-links
  ];
 }
--- a/configuration/desktop/default.nix
+++ b/configuration/desktop/default.nix
@ -5,7 +5,6 @@
    ./audio.nix
    ./fonts.nix
    ./gnome.nix
    ./inputs.nix
    ./networking.nix
    ./power.nix
    ./printing.nix
--- a/configuration/desktop/gnome.nix
+++ b/configuration/desktop/gnome.nix
@ -32,27 +32,4 @@
  ];
  services.gnome.evolution-data-server.enable = true;
  programs.dconf.profiles = {
    user.databases = [
      {
        settings = {
          "org/gnome/desktop/calendar" = {
            show-weekdate = true;
          };
          "org/gnome/desktop/interface" = {
            enable-hot-corners = false;
            show-battery-percentage = true;
          };
          "org/gnome/desktop/notifications" = {
            show-in-lock-screen = false;
          };
          "org/gnome/gnome-system-monitor" = {
            network-in-bits = true;
            network-total-in-bits = true;
          };
        };
      }
    ];
  };
 }
--- a/configuration/desktop/inputs.nix
+++ b/configuration/desktop/inputs.nix
@ -1,42 +0,0 @@
 { ... }:
 {
  programs.dconf.profiles = {
    user.databases = [
      {
        settings = {
          "org/gnome/desktop/peripherals/touchpad" = {
            disable-while-typing = false;
            edge-scrolling-enabled = false;
            natural-scroll = true;
            tap-to-click = true;
            two-finger-scrolling-enabled = true;
          };
          "org/gnome/settings-daemon/plugins/media-keys" = {
            custom-keybindings = [
              "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/terminal/"
            ];
          };
          "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/terminal" = {
            name = "Terminal";
            binding = "<Primary><Alt>t";
            command = "gnome-terminal";
          };
        };
      }
    ];
    gdm.databases = [
      {
        settings = {
          "org/gnome/desktop/peripherals/touchpad" = {
            disable-while-typing = false;
            edge-scrolling-enabled = false;
            natural-scroll = true;
            tap-to-click = true;
            two-finger-scrolling-enabled = true;
          };
        };
      }
    ];
  };
 }
--- a/configuration/desktop/power.nix
+++ b/configuration/desktop/power.nix
@ -8,29 +8,4 @@
  systemd.sleep.extraConfig = ''
    HibernateDelaySec=30m
  '';
  programs.dconf.profiles = {
    user.databases = [
      {
        settings = {
          "org/gnome/settings-daemon/plugins/power" = {
            power-button-action = "hibernate";
            power-saver-profile-on-low-battery = false;
            sleep-inactive-ac-type = "nothing";
          };
        };
      }
    ];
    gdm.databases = [
      {
        settings = {
          "org/gnome/settings-daemon/plugins/power" = {
            power-button-action = "hibernate";
            power-saver-profile-on-low-battery = false;
            sleep-inactive-ac-type = "nothing";
          };
        };
      }
    ];
  };
 }
--- a/flake.lock
+++ b/flake.lock
@ -252,11 +252,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1710451336,
+        "lastModified": 1709237383,
-        "narHash": "sha256-pP86Pcfu3BrAvRO7R64x7hs+GaQrjFes+mEPowCfkxY=",
+        "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d691274a972b3165335d261cc4671335f5c67de9",
+        "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -112,9 +112,9 @@
      };
    in {
      inherit (pkgs)
-        chromium-incognito
+        anycast_healthchecker
        flask-excel
        iot-data
        nix-remove-result-links
        nixfiles-add-secret
        nixfiles-auto-install
        nixfiles-generate-backup-secrets
@ -122,8 +122,11 @@
        nixfiles-system-upgrade
        nixfiles-updated-inputs
        nixfiles-update-ssh-host-keys
        pyexcel-xlsx
        pyexcel-webio
        update-from-hydra
-        uptimestatus;
+        uptimestatus
        wetter;
    });
    hydraJobs = {
--- a/hosts/dn42-il-gw1/configuration.nix
+++ b/hosts/dn42-il-gw1/configuration.nix
@ -329,7 +329,7 @@
  }
  '';
-  clerie.system-auto-upgrade = {
+  clerie.nixfiles.system-auto-upgrade = {
    allowReboot = true;
    autoUpgrade = true;
  };
--- a/hosts/dn42-il-gw5/configuration.nix
+++ b/hosts/dn42-il-gw5/configuration.nix
@ -183,7 +183,7 @@
  }
  '';
-  clerie.system-auto-upgrade = {
+  clerie.nixfiles.system-auto-upgrade = {
    allowReboot = true;
    autoUpgrade = true;
    startAt = "*-*-* 06:22:00";
--- a/hosts/dn42-il-gw6/configuration.nix
+++ b/hosts/dn42-il-gw6/configuration.nix
@ -183,7 +183,7 @@
  }
  '';
-  clerie.system-auto-upgrade = {
+  clerie.nixfiles.system-auto-upgrade = {
    allowReboot = true;
    autoUpgrade = true;
    startAt = "*-*-* 07:22:00";
--- a/hosts/krypton/programs.nix
+++ b/hosts/krypton/programs.nix
@ -25,7 +25,6 @@
    nmap
    okular
    chromium-incognito
  ];
  # Wireshark
--- a/hosts/minecraft-2/configuration.nix
+++ b/hosts/minecraft-2/configuration.nix
@ -62,7 +62,7 @@ in {
    };
  };
-  clerie.system-auto-upgrade = {
+  clerie.nixfiles.system-auto-upgrade = {
    allowReboot = true;
    autoUpgrade = true;
  };
--- a/hosts/nonat/configuration.nix
+++ b/hosts/nonat/configuration.nix
@ -39,7 +39,7 @@
  networking.firewall.allowedUDPPorts = [];
-  clerie.system-auto-upgrade = {
+  clerie.nixfiles.system-auto-upgrade = {
    allowReboot = true;
    autoUpgrade = true;
  };
--- a/hosts/storage-2/configuration.nix
+++ b/hosts/storage-2/configuration.nix
@ -5,10 +5,8 @@
    [
      ./hardware-configuration.nix
      ../../configuration/proxmox-vm
      ./firmware.nix
      ./mixcloud.nix
      ./syncthing.nix
      ./users.nix
    ];
  boot.loader.grub.enable = true;
@ -28,7 +26,7 @@
  networking.firewall.allowedTCPPorts = [ 80 443 ];
-  clerie.system-auto-upgrade = {
+  clerie.nixfiles.system-auto-upgrade = {
    allowReboot = true;
    autoUpgrade = true;
  };
--- a/hosts/storage-2/firmware.nix
+++ b/hosts/storage-2/firmware.nix
@ -1,37 +0,0 @@
 { config, lib, pkgs, ... }:
 with lib;
 {
  age.secrets.firmware-htpasswd = {
    owner = "nginx";
    group = "nginx";
  };
  services.nginx.virtualHosts = {
    "firmware.clerie.de" = {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        alias = "/data/firmware/";
        basicAuthFile = config.age.secrets.firmware-htpasswd.path;
        extraConfig = ''
          autoindex on;
          autoindex_exact_size off;
        '';
      };
    };
  };
  users.users.data-firmware = {
    group = "data-firmware";
    home = "/data/firmware";
    useDefaultShell = true;
    isSystemUser = true;
  };
  users.groups.data-firmware = {};
  systemd.tmpfiles.rules = [
    "d /data/firmware - data-firmware data-firmware - -"
  ];
 }
--- a/hosts/storage-2/secrets/firmware-htpasswd.age
+++ b/hosts/storage-2/secrets/firmware-htpasswd.age
@ -1,10 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 HwR33w AtsznTAUQumy3G6fSBwIiezL2Zdzl33t9TU3hDotcRs
 eG+bBDB+MOQk7cHx+3Ha/n83t2QEbZunRYi0idRF9RQ
 -> ssh-ed25519 pI7EWw egjmvw3f6zrl0XmxI7xWhKsPl8PXTkZDSY84VbtJTG4
 MFsjDhp5UrprE3w7q9W3ZmGlkNnOFbsJNVjfeO11trw
 -> 0=-grease Fi`a + >zPFov* a
 nx2zvPHhzkSNi/8oxnL07qefB248BCwJMjpVTc8i5j5aedELas87iI/WppKoa/tq
 /jYLHztLjqKy412YvA0xuzR6yZ7G
 --- 7M+CSupk4WV36DU/c8ZtODB6N8kuhttk4aLMULp8/Zc
 †!U©ÊÀÍÕ©ÁÒ±m<C2B1>îL¦ˆsøaYh?<3F>Uaq®a¤}¯¦ ˜ÂŽ•Ÿ¾ô®Ål@EqÇ˜˜Óà¦w¯ä<C2AF>¯¾þÈ*.¼ýL¯Ñ“JeFy@=	J™õ¹÷°
--- a/hosts/storage-2/users.nix
+++ b/hosts/storage-2/users.nix
@ -1,5 +0,0 @@
 { ... }:
 {
  users.users.clerie.extraGroups = [ "data-firmware" ];
 }
--- a/hosts/web-2/wetter.nix
+++ b/hosts/web-2/wetter.nix
@ -1,11 +1,90 @@
 { pkgs, ... }:
 let
  configFile = pkgs.writeText "wetter.cfg" ''
  SQLALCHEMY_DATABASE_URI="postgresql://wetter_web@/wetter?host=/run/postgresql"
  '';
 in {
  users.users.wetter = {
    description = "Wetter Service";
    group = "wetter";
    home = "/var/lib/wetter/";
    useDefaultShell = true;
    isSystemUser = true;
  };
  users.groups.wetter = {};
  users.users.wetter_web = {
    description = "Wetter Web Service";
    group = "wetter_web";
    home = "/var/lib/wetter/";
    useDefaultShell = true;
    isSystemUser = true;
  };
  users.groups.wetter_web = {};
  users.users.wetter_scraper = {
    description = "Wetter Scraper";
    group = "wetter_scraper";
    home = "/var/lib/wetter/";
    useDefaultShell = true;
    isSystemUser = true;
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4kCYnm6mnPI3nPF5YmYCxeVqL4i02dSIJ9kngxu9rS dwd-scraper"
    ];
  };
  users.groups.wetter_scraper = {};
  services.postgresql = {
    ensureDatabases = [ "wetter" ];
    ensureUsers = [
      {
        name = "wetter";
        ensurePermissions = {
          "DATABASE wetter" = "ALL PRIVILEGES";
        };
      }
      {
        name = "wetter_scraper";
        ensurePermissions = {
          "DATABASE wetter" = "CONNECT";
          "SCHEMA public" = "USAGE";
          "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
        };
      }
      {
        name = "wetter_web";
        ensurePermissions = {
          "DATABASE wetter" = "CONNECT";
          "SCHEMA public" = "USAGE";
          "ALL TABLES IN SCHEMA public" = "SELECT";
        };
      }
    ];
  };
 #  systemd.services.wetter = {
 #    wantedBy = [ "multi-user.target" ];
 #    serviceConfig = {
 #      RuntimeDirectory = "wetter";
 #      StateDirectory = "wetter";
 #      User = "wetter_web";
 #      Group = "wetter_web";
 #    };
 #    environment = {
 #      WETTER_SETTINGS = "${configFile}";
 #    };
 #    script = "gunicorn -w 4 -b [::1]:8234 wetter:app";
 #    path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn wetter ])) ];
 #  };
  services.nginx.virtualHosts = {
    "wetter.clerie.de" = {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        #proxyPass = "http://[::1]:8234";
        return = ''200 "wetter.clerie.de is currently offline, find source code on https://git.clerie.de/clerie/wetter\n"'';
        extraConfig = ''
          types { } default_type "text/plain; charset=utf-8";
--- a/modules/anycast_healthchecker/default.nix
+++ b/modules/anycast_healthchecker/default.nix
@ -0,0 +1,122 @@
 { config, pkgs, lib, ... }:
 with lib;
 let
  cfg = config.clerie.anycast_healthchecker;
  configFile = pkgs.writeText "anycast-healthchecker.conf" ''
    [DEFAULT]
    interface              = lo
    [daemon]
    pidfile                = /run/anycast-healthchecker/anycast-healthchecker.pid
    ipv4                   = true
    ipv6                   = true
    bird_conf              = /var/lib/anycast-healthchecker/anycast-prefixes.conf
    bird6_conf             = /var/lib/anycast-healthchecker/anycast-prefixes6.conf
    bird_variable          = ACAST_PS_ADVERTISE
    bird6_variable         = ACAST6_PS_ADVERTISE
    bird_reconfigure_cmd   = birdc configure
    bird6_reconfigure_cmd  = birdc configure
    dummy_ip_prefix        = 10.189.200.255/32
    dummy_ip6_prefix       = 2001:db8::1/128
    bird_keep_changes      = false
    bird6_keep_changes     = false
    bird_changes_counter   = 128
    bird6_changes_counter  = 128
    purge_ip_prefixes      = false
    loglevel               = debug
    log_maxbytes           = 104857600
    log_backups            = 8
    json_stdout            = false
    json_log_file          = false
    json_log_server        = false
  '';
  checksDir = pkgs.writeTextDir "checks.conf" (
    concatStringsSep "\n" (
      mapAttrsToList (
        name: check: ''
          [${name}]
          ip_prefix         = ${check.ip_prefix}
          check_cmd         = ${check.cmd}
        '' + (
          concatStringsSep "\n" (
               optional (check.timeout != null)  "check_timeout     = ${toString check.timeout}"
            ++ optional (check.rise != null)     "check_rise        = ${toString check.rise}"
            ++ optional (check.fail != null)     "check_fail        = ${toString check.fail}"
            ++ optional (check.interval != null) "check_interval    = ${toString check.interval}"
          )
        )
      ) cfg.checks
    )
  );
  checkOpts = { config, ... }@moduleAttrs: {
    options = {
      enable = mkOption {
        type = types.bool;
        default = true;
      };
      timeout = mkOption {
        type = with types; nullOr int;
        default = null;
      };
      rise = mkOption {
        type = with types; nullOr int;
        default = null;
      };
      fail = mkOption {
        type = with types; nullOr int;
        default = null;
      };
      interval = mkOption {
        type = with types; nullOr int;
        default = null;
      };
      ip_prefix = mkOption {
        type = types.str;
      };
      cmd = mkOption {
        type = types.str;
        default = "${pkgs.curl}/bin/curl --fail --silent http://${moduleAttrs.config.ip_prefix}";
      };
    };
  };
 in {
  options = {
    clerie.anycast_healthchecker = {
      enable = mkEnableOption "anycast healthchecker";
      checks = mkOption {
        type = with types; attrsOf (submodule checkOpts);
      };
    };
  };
  config = mkIf cfg.enable {
    systemd.services.anycast_healthchecker = {
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        RuntimeDirectory = "anycast-healthchecker";
        StateDirectory = "anycast-healthchecker";
        User = "bird2";
        Group = "bird2";
        ExecStart = "${pkgs.anycast_healthchecker}/bin/anycast-healthchecker -f ${configFile} -d ${checksDir}";
      };
      path = with pkgs; [ bird2 ];
    };
  };
 }
--- a/modules/default.nix
+++ b/modules/default.nix
@ -4,14 +4,16 @@
  imports = [
    ./policyrouting
    ./akne
    ./anycast_healthchecker
    ./backup
    ./clerie-firewall
    ./clerie-gc-dir
-    ./clerie-system-upgrade
+    ./gre-tunnel
    ./minecraft-server
    ./monitoring
    ./nginx-port-forward
    ./nixfiles
    ./nixfiles/nixfiles-system-upgrade.nix
    ./update-from-hydra
    ./wg-clerie
    ./wireguard-initrd
--- a/modules/gre-tunnel/default.nix
+++ b/modules/gre-tunnel/default.nix
@ -0,0 +1,89 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.clerie.gre-tunnel;
  generateInterfaceUnit = isIPv6: (name: tunnel:
    nameValuePair "gre-tunnel-${name}" {
        description = "GRE Tunnel - ${name}";
        requires = [ "network-online.target" ];
        after = [ "network.target" "network-online.target" ];
        wantedBy = [ "multi-user.target" ];
        environment.DEVICE = name;
        path = with pkgs; [ iproute ];
        serviceConfig = {
          Type = "oneshot";
          RemainAfterExit = true;
        };
        script = ''
          ${tunnel.preSetup}
          ip${optionalString isIPv6 " -6"} tunnel add ${name} mode ${optionalString isIPv6 "ip6"}gre remote ${tunnel.remote} local ${tunnel.local}
          ip link set ${name} up
          ip${optionalString isIPv6 " -6"} a add ${tunnel.address} dev ${name}
          ${tunnel.postSetup}
        '';
        postStop = ''
          ip link set ${name} down
          ip tunnel del ${name}
          ${tunnel.postShutdown}
        '';
      });
  checkOpts = { config, ... }@moduleAttrs: {
    options = {
      remote = mkOption {
        type = types.str;
        description = "Address of reciever.";
      };
      local = mkOption {
        type = types.str;
        description = "Address our packets originate from.";
      };
      address = mkOption {
        type = types.str;
        description = "Our address in this tunnel.";
      };
      preSetup = mkOption {
        type = types.str;
        default = "";
        description = "Commands called at the start of the interface setup.";
      };
      postSetup = mkOption {
        type = types.str;
        default = "";
        description = "Commands called at the end of the interface setup.";
      };
      postShutdown = mkOption {
        type = types.str;
        default = "";
        description = "Commands called after shutting down the interface.";
      };
    };
  };
 in {
  options = {
    clerie.gre-tunnel = {
      enable = mkEnableOption "Declarative Policy-Routing";
      ipv6 = mkOption {
        type = with types; attrsOf (submodule checkOpts);
        default = {};
      };
      ipv4 = mkOption {
        type = with types; attrsOf (submodule checkOpts);
        default = {};
      };
    };
  };
  config = mkIf cfg.enable {
    systemd.services =
    (mapAttrs' (generateInterfaceUnit false) cfg.ipv4)
    // (mapAttrs' (generateInterfaceUnit true) cfg.ipv6);
  };
 }
--- a/modules/nixfiles/nixfiles-system-upgrade.nix
+++ b/modules/nixfiles/nixfiles-system-upgrade.nix
@ -3,13 +3,13 @@
 with lib;
 let
-  cfg = config.clerie.system-auto-upgrade;
+  cfg = config.clerie.nixfiles.system-auto-upgrade;
 in
 {
  options = {
-    clerie.system-auto-upgrade = {
+    clerie.nixfiles.system-auto-upgrade = {
-      enable = mkEnableOption "clerie system upgrade";
+      enable = mkEnableOption "clerie nixfiles tools";
      allowReboot = mkOption {
        type = types.bool;
        default = false;
@ -28,7 +28,7 @@ in
    };
  };
  config = mkIf cfg.enable {
-    systemd.services.clerie-system-auto-upgrade = {
+    systemd.services.nixfiles-system-auto-upgrade = {
      # Make sure this unit does not stop themself while upgrading
      restartIfChanged = false;
      unitConfig.X-StopOnRemoval = false;
@ -38,7 +38,7 @@ in
        ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}${optionalString (config.clerie.monitoring.enable) " --node-exporter-metrics-path /var/lib/prometheus-node-exporter/textfiles/nixfiles-system-upgrade.prom"}";
      };
    };
-    systemd.timers.clerie-system-auto-upgrade = mkIf cfg.autoUpgrade {
+    systemd.timers.nixfiles-system-auto-upgrade = mkIf cfg.autoUpgrade {
      wantedBy = [ "timers.target" ];
      timerConfig = {
        OnCalendar = if cfg.startAt == null then "*-*-* 05:37:00" else cfg.startAt;
--- a/pkgs/anycast_healthchecker/default.nix
+++ b/pkgs/anycast_healthchecker/default.nix
@ -0,0 +1,18 @@
 { buildPythonPackage, fetchPypi, pbr, docopt, python-json-logger }:
 buildPythonPackage rec {
  pname = "anycast-healthchecker";
  version = "0.9.1";
  src = fetchPypi {
    inherit pname version;
    sha256 = "1d555aa420113c9119f9f548eac35cb4789018b8866535a91f05086727146ea4";
  };
  buildInputs = [
    pbr
  ];
  propagatedBuildInputs = [
    docopt python-json-logger
  ];
 }
--- a/pkgs/chromium-incognito/default.nix
+++ b/pkgs/chromium-incognito/default.nix
@ -1,36 +0,0 @@
 { pkgs, ... }:
 let
  chromium-incognito-wrapper = pkgs.writeShellScriptBin "chromium" ''
    ${pkgs.ungoogled-chromium}/bin/chromium --incognito "$@"
  '';
 in pkgs.stdenv.mkDerivation {
  pname = "chromium-incognito";
  version = "0.1.0";
  src = pkgs.writeTextDir "chromium-incognito.desktop" ''
    [Desktop Entry]
    Version=1.0
    Name=Chromium Incognito
    Exec=${chromium-incognito-wrapper}/bin/chromium %U
    StartupNotify=true
    Terminal=false
    Icon=chromium
    Type=Application
    Categories=Network;WebBrowser;
    MimeType=application/pdf;application/rdf+xml;application/rss+xml;application/xhtml+xml;application/xhtml_xml;application/xml;image/gif;image/jpeg;image/png;image/webp;text/html;text/xml;x-scheme-handler/http;x-scheme-handler/https;
    Actions=new-window;
    [Desktop Action new-window]
    Name=New Incognito Window
    Exec=${chromium-incognito-wrapper}/bin/chromium
  '';
  buildPhase = ''
    mkdir -p $out/bin
    ln -s ${chromium-incognito-wrapper}/bin/chromium $out/bin
    install -D chromium-incognito.desktop $out/share/applications/chromium-incognito.desktop
    ln -s ${pkgs.ungoogled-chromium}/share/icons $out/share
  '';
  meta.mainProgram = "chromium";
 }
--- a/pkgs/flask-excel/default.nix
+++ b/pkgs/flask-excel/default.nix
@ -0,0 +1,17 @@
 { buildPythonPackage, fetchPypi, pyexcel-webio, flask }:
 buildPythonPackage rec {
  pname = "Flask-Excel";
  version = "0.0.7";
  src = fetchPypi {
    inherit pname version;
    sha256 = "b82ddfe6319ecf2f796ada9966737ac8eaf9a99d6bce773f8acdc08acd7e9fae";
  };
  propagatedBuildInputs = [
    pyexcel-webio flask
  ];
  doCheck = false;
 }
--- a/pkgs/nix-remove-result-links/default.nix
+++ b/pkgs/nix-remove-result-links/default.nix
@ -1,9 +0,0 @@
 { pkgs, ... }:
 pkgs.writeShellApplication {
  name = "nix-remove-result-links";
  text = ''
    #!/usr/bin/env bash
    find "''${1:-.}" -depth -type l -name "result*" -lname "/nix/store/*" -print -delete
  '';
 }
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@ -1,7 +1,7 @@
 final: prev: {
-  chromium-incognito = final.callPackage ./chromium-incognito {};
+  anycast_healthchecker = final.python3.pkgs.callPackage ./anycast_healthchecker {};
  flask-excel = final.python3.pkgs.callPackage ./flask-excel {};
  iot-data = final.python3.pkgs.callPackage ./iot-data {};
  nix-remove-result-links = final.callPackage ./nix-remove-result-links {};
  nixfiles-add-secret = final.callPackage ./nixfiles/nixfiles-add-secret.nix {};
  nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
  nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
@ -9,6 +9,11 @@ final: prev: {
  nixfiles-system-upgrade = final.callPackage ./nixfiles/nixfiles-system-upgrade.nix {};
  nixfiles-updated-inputs = final.callPackage ./nixfiles/nixfiles-updated-inputs.nix {};
  nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
  pyexcel-xlsx = final.python3.pkgs.callPackage ./pyexcel-xlsx {};
  pyexcel-webio = final.python3.pkgs.callPackage ./pyexcel-webio {};
  update-from-hydra = final.callPackage ./update-from-hydra {};
  uptimestatus = final.python3.pkgs.callPackage ./uptimestatus {};
  wetter = final.python3.pkgs.callPackage ./wetter {
    inherit (final) pkg-config libsass;
  };
 }
--- a/pkgs/pyexcel-webio/default.nix
+++ b/pkgs/pyexcel-webio/default.nix
@ -0,0 +1,17 @@
 { buildPythonPackage, fetchPypi, pyexcel }:
 buildPythonPackage rec {
  pname = "pyexcel-webio";
  version = "0.1.4";
  src = fetchPypi {
    inherit pname version;
    sha256 = "039538f1b35351f1632891dde29ef4d7fba744e217678ebb5a501336e28ca265";
  };
  propagatedBuildInputs = [
    pyexcel
  ];
  doCheck = false;
 }
--- a/pkgs/pyexcel-xlsx/default.nix
+++ b/pkgs/pyexcel-xlsx/default.nix
@ -0,0 +1,17 @@
 { buildPythonPackage, fetchPypi, openpyxl, pyexcel-io }:
 buildPythonPackage rec {
  pname = "pyexcel-xlsx";
  version = "0.6.0";
  src = fetchPypi {
    inherit pname version;
    sha256 = "55754f764252461aca6871db203f4bd1370ec877828e305e6be1de5f9aa6a79d";
  };
  propagatedBuildInputs = [
    openpyxl pyexcel-io
  ];
  doCheck = false;
 }
--- a/pkgs/wetter/default.nix
+++ b/pkgs/wetter/default.nix
@ -0,0 +1,83 @@
 {
  pkgs,
  buildPythonPackage,
  flask,
  flask_sqlalchemy,
  lib,
  libsass,
  yarn2nix-moretea,
  nodejs,
  pkg-config,
  psycopg2,
  python3,
  stdenv,
  flask-excel,
  pyexcel-xlsx,
 }:
 let
  src = pkgs.fetchgit {
    url = "https://git.clerie.de/clerie/wetter.git";
    rev = "3193c6d507af5d6f5d62c23046b7fbf0c638ddb4";
    sha256 = "sha256-ouUmmw020jKg/SRlYhGBFRw/atxW+atQ1JSTFQNi5iw=";
  };
  pname = "wetter";
  version = "0.0.1";
  packageJSON = src + "/package.json";
  yarnLock = src + "/yarn.lock";
  modules = yarn2nix-moretea.mkYarnModules {
    pname = "${pname}-modules";
    name = "${pname}-modules-${version}";
    inherit version packageJSON yarnLock;
    /* build native node-sass extensions */
    pkgConfig.node-sass = {
      buildInputs = [ python3 libsass pkg-config ];
      postInstall = ''
        export npm_config_nodedir=${nodejs}
        LIBSASS_EXT=auto yarn --offline run build
        rm build/config.gypi
      '';
    };
  };
  assets = stdenv.mkDerivation {
    inherit src pname version;
    NODE_ENV = "production";
    buildPhase = ''
      runHook preBuild
      ln -s ${modules}/node_modules
      node_modules/.bin/rollup -c
      runHook postBuild
    '';
    installPhase = ''
      runHook preInstall
      cp -r wetter/static/bundle $out
      runHook postInstall
    '';
  };
 in buildPythonPackage rec {
  inherit src pname version;
  propagatedBuildInputs = [
    flask
    flask_sqlalchemy
    psycopg2
    flask-excel
    pyexcel-xlsx
  ];
  postInstall = ''
    mkdir -p $out/${python3.sitePackages}/wetter/static
    cp -r ${assets} $out/${python3.sitePackages}/wetter/static/bundle
    cp -r wetter/templates $out/${python3.sitePackages}/wetter/templates
  '';
  doCheck = false;
 }