delete mb
This commit is contained in:
parent
1144633bd0
commit
5fa963b6bc
@ -103,7 +103,6 @@ let
|
|||||||
{ krebs = import ./krebs { inherit config; }; }
|
{ krebs = import ./krebs { inherit config; }; }
|
||||||
{ krebs = import ./lass { inherit config; }; }
|
{ krebs = import ./lass { inherit config; }; }
|
||||||
{ krebs = import ./makefu { inherit config; }; }
|
{ krebs = import ./makefu { inherit config; }; }
|
||||||
{ krebs = import ./mb { inherit config; }; }
|
|
||||||
{ krebs = import ./nin { inherit config; }; }
|
{ krebs = import ./nin { inherit config; }; }
|
||||||
{ krebs = import ./external/palo.nix { inherit config; }; }
|
{ krebs = import ./external/palo.nix { inherit config; }; }
|
||||||
{ krebs = import ./tv { inherit config; }; }
|
{ krebs = import ./tv { inherit config; }; }
|
||||||
|
@ -1,151 +0,0 @@
|
|||||||
with import <stockholm/lib>;
|
|
||||||
{ config, ... }: let
|
|
||||||
|
|
||||||
hostDefaults = hostName: host: flip recursiveUpdate host {
|
|
||||||
ci = true;
|
|
||||||
owner = config.krebs.users.mb;
|
|
||||||
};
|
|
||||||
|
|
||||||
in {
|
|
||||||
hosts = mapAttrs hostDefaults {
|
|
||||||
orange = {
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.42.23";
|
|
||||||
aliases = [
|
|
||||||
"orange.r"
|
|
||||||
"or4ng3.r"
|
|
||||||
"0r4n93.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7P0CkmC5HWnTdgGFzmA
|
|
||||||
zQuJzHSkSjcGgSkIt0pvqU6xi8P/d4eJlmeXeGTpH62JfM1xhEMpxMVd/4NOON2u
|
|
||||||
IlWnfu5bB763145IJwE0HmZziWjQXWRPAZMqYdQ5f2Pvmxv1yr3uBNzr8UlV6BjD
|
|
||||||
FXn8sCvikXttYzts9szlz5+pkY09qfiz48+DMzRBNO6JzXYQ9kPyS+TIXlGpN4Jp
|
|
||||||
C1TRF38eF2DTEZ58Yx8Z99dGrXVuqlSe77fehTQGxCckTpaZ0HS3XfZNa/cas8JY
|
|
||||||
/0RzH2n2AndnPirISDZ7r4ZIFuKAaivqaEkM8v7llI77URVB9ZJb/IqCrBzueAbt
|
|
||||||
V/5ts2HpfBAUhw0RoiH8ql+IQZsuSOpRUC2gUN8460V4SQkVtDcsVTENiD+NM5Mg
|
|
||||||
ImBv041CsW/rSJOilT2r/rWDN8RFnz/RrAQn+L31KXr81kg1TOLxO0ybs/eMJM3r
|
|
||||||
RnHFZPiiKdqPlA60g0AnzKXPR2JTszHIgHHoRUW16I1WJeuAJNjg0JDQ0JM7pZ27
|
|
||||||
JEaCc7uR12TPiuExKaNEaxKZVY1J0hzxOzF2MFIbAMVz/3K2ycvvuLxKojqIAXxA
|
|
||||||
D+UtcOfJ62k2WnLXOEIZqFU0J2bvhxYUZOFS55wIn1UJF7hemD/LUFHBiWnuhwHk
|
|
||||||
TAEl8M851t+Zp3hZeJzgx2kCAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
rofl = {
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.42.43";
|
|
||||||
aliases = [
|
|
||||||
"rofl.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnysdVVwxkmSroNUleYZm
|
|
||||||
xdaIB9EdZYCo2xj3WyhsD2lWMpj51FzSH6Y052Vy1V1TCuIXIwjidpmMohBvflG8
|
|
||||||
txKCaBGQOZbVqRgzyCDXsNisbr05ayYuHcRrXTpn5ask4HN0Vtx2uJOn8YmOxA0D
|
|
||||||
VhyEnf8xWu+vi8dwDqRVR17QnPBYqgenzIBmAuRngvNqg6WZg+E9X2e1Dco/PMzb
|
|
||||||
VW0AgC2+zFCl4+G7dEW7uhsI6IJLy4LsJuEN4TlvWAf7tfdFEnBzTfODW8quGdts
|
|
||||||
1Yzah4svPNNt9F1ZhOR/1bDsfVoOjI76BgB0G+ZZPQAGV1zxgn8DXSKi/tJTLNu1
|
|
||||||
vj/n9sUJfXMYQdTAOkABghCyEDFUspPKCffQqUXUcJbLKY9fNssGGBeanMsobUQC
|
|
||||||
Ch9z7kIJ52JDcP/D58z9Yf62P5ENqXzeVPCcodIOey1EizOu/FH3jVo52we1M5sp
|
|
||||||
1iM4hMc3ZINUBI9AA1nLWWlB3lBnErAXrhmMMHjcO4nO7/M0YU+EalkDB5eIhqiH
|
|
||||||
QJx7VnOE2UZYU9Y0vVNSWfYocU12aABK98T7lr5Tde4dI1J81sk2MUZcbNHger3f
|
|
||||||
NxpvNzOBpeC5xvq/ENCRR7MDf/59xWW5P5N7PbGprLQAi8cfdSoIEhSPz17Taq1f
|
|
||||||
3aAAePgBsZvRQozxXZfqp58CAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
p1nk = {
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.42.42";
|
|
||||||
aliases = [
|
|
||||||
"p1nk.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5YVML71oW3iJrzZKuX48
|
|
||||||
AKrGitO5zNvsAHOI8BVsGfZTyxAAZgG4OaDX45kr27K39NcBU43LdDD0I1yjNvGe
|
|
||||||
zAoL5MIiCPD/QR1kAvLmgpMUSqOVvrk+uoGLVt6dOGvxlOiG1AAaN0gA8Q0B/jZV
|
|
||||||
4tZlBpZ7MX9xeK10wqVT56msN69P3EzKQn1uoVRrBxEnNvI1iqmmkgMLcrFVJFBQ
|
|
||||||
888Uuw9Hx5MO7ES/ATe8mt0zReUGvn91jYVVsPpmAopWnjCol271gflY0RomFXKy
|
|
||||||
XaIuvbeF+3otF0+MNqJfm4IsAKJjvl92pjVX0f0eBCSPCYR7D1EtgQrqflLkZKZ8
|
|
||||||
jBGDlgpsFWt/Omz1BYcuGZU/djM4+SNxr4YRYMi3lMix3s2PmHvm304I7eEEBlC9
|
|
||||||
qy1jq/sLaf8mHJrF6Htl7W5WS/Famkwv/VreI92iHrhsmIDiX7OIbXzYDCxT/PQa
|
|
||||||
6uCm/3jIbcHG/ZHZ12H6thkafK0Aoe009+p1n+5Y7V2oNvYe3KzZTnCN5t6z1QHZ
|
|
||||||
V5iypsd6lNDzlodjleTgGK8FmHGRPRdq1wb3eOLE8mWZj7ygDT50FwaC8FzAcHgC
|
|
||||||
bLN/zlHvCbYmk9IJhktO3B6wtMrZl60+XCpb5rTulM94RirifFYsnTIDJApI11yb
|
|
||||||
3AYi5dQXHjab/lvj6917xa0CAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
gr33n = {
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.42.123";
|
|
||||||
aliases = [
|
|
||||||
"gr33n.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvcqecLfk8TlGFF7JJpv8
|
|
||||||
kjLFNgoNfu9FYRMNG4GSxWL5w+49n6b+GC5ciOC+RJ+N56jfB9JYE0MtbuOmkY5M
|
|
||||||
JUphuvgOCNhTbBJsjnmG9n02evpxZn9HWypNC3oQCvY2K7vHpIxGKR5PyTVKPO0P
|
|
||||||
OOYKAbCLD9F2bmuLaBQ/dFXFQxfu3tjvJI9mYDWBpSkh1mYeMZLw2xxnRZLs0bEO
|
|
||||||
ZWdzxCh9UM/mgb4WYuNED9+sz7MSsaMPAqquarFCguUxhjp6rElGFcNWjXaxA5zt
|
|
||||||
JGS6VompUViVSHjSaQ5/3VRKoIQjr4NOFYQqLpmB5S2OpiggV6I9OpB7QUGlvcYd
|
|
||||||
I3j+1AeK11HuEyPqSwxjNCCrI12bSIo3685BPHbl+AMhWGhzrCkAGcOCbAefreXQ
|
|
||||||
5v4SaKUIDlCYhN+vyNdlu2jvqQlxfJrPAfBt+jJBK6gMcAEKc7P/Oj4B9Fsl331X
|
|
||||||
s0kWH5G9t6OhO/Of8/kb2/P+YEbM6zi1QQdZAOr6Cg0y4cMt9zxLWknaM4yEDAXH
|
|
||||||
oSM33PTv9DOvBjfxRXqOHqOHRq5ayqZdIFgfLUlPTdbWRkhNzjG8f7k7p32m20A6
|
|
||||||
Kal+OF//I2c9E9vKFzyepyTcnwi3B8+cFJ74+XYaNApdwHSb1BU/+c3O9RJExZGV
|
|
||||||
jtTSbSJHU5esECtAuXy1XH8CAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
sunsh1n3 = {
|
|
||||||
ci = false;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.42.142";
|
|
||||||
aliases = [
|
|
||||||
"sunsh1n3.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo2VCqp6mUbyo3n+1XpKf
|
|
||||||
QavpgRYQyv9wAZzYSYHjxThuLmNb/wERPbWJFMZfAGuku0blKWJISSgFWd9YL7dU
|
|
||||||
pZQZxfqo/9xnS/r0xIKrKSsBiTZt7JZmTQzj1ri11TIO0S1QPjIP5HsxlZZAw0nz
|
|
||||||
idEDlKmgWs74FPdezlXqvJyEUKDqL/ZQBtdhZZIDMkSJnCdBzXxKwv+uLVE46ZBf
|
|
||||||
4HrtQjcj+dyVMogMIoseAgf5lS6V3pyCM7/NHZFxrIxoIAxSsUoB59i2EbK6aUK5
|
|
||||||
yuiWHI6ZHToxN2K/0SX96hzxcwrUmdk49tTHBY0Zhn2ku6NjQPU3LuxgIwrSaSJD
|
|
||||||
/KWh6XkqR7EsCVN0AIsLvFelI2ckSyNyAlnYbMAHDt7GwHlNp4Lsy+x4ZQ6m0xTY
|
|
||||||
Z+/jt6sfoMiulPcwWEpqNCCf5A65lF77DldQhH3qYrdQ756n/kOqSfQtPCnVNYXy
|
|
||||||
LlN5rKCOgxKxxtKkwMUif2OM9RPHpM7wS09Rvek6zpL9ymhU5THF7UylLKxKGjYj
|
|
||||||
6dTooyRVQRJdrwIYLrJIy0MfGyYiGAJxf/C0KOOZnJPCW2b51+bo5Zh+BhKZYN8H
|
|
||||||
C2DEGc8+4h5hX1TAaUfTpfVm3mMTh8H2m9N8Pdl5ji+A0m0IwHDLQyaoskcxSjvU
|
|
||||||
9IxYLfkSD6AJqasnHlz0L08CAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
users = {
|
|
||||||
mb = {
|
|
||||||
mail = "mb0@codemonkey.cc";
|
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCHAdKGHP/De/GLEsPo5RBfbaiiitMw4Y/akOekJbImswT6Np2lzqno/WBJcfVs3D39wgPKNld4P/QZc5IwxC26q/PnBFu93KES0GqnlAqUNE63IOJ8UzNdyEqWggnRiLrBU+ZgyFZvmqp6NoSO4YEGEK4RZRMJM/GcAuQMj/nGjx2AHwPGZCkIRgz8/ctBOzX1/knZd3cOnNowH1wlqUKX6UcEzJdAVDQijHF1wl0Ri8tJKq9u8s/fw+1PSOpOHaeF1BALsXSKgeJDqUCTnZW5mAVUWJ86LvvyfCP4In9lhhLisbDm2cD96QaVvJyV6HfmegdSxZ1Phh+9Qz+3WhDJRedBTSKWfK/9j7VWSb+z/KV37q72W25ZfFMSay58LmCqn3v5fGt9qj4nlPw0By4baGLiGlA7xyvkJfdt8ZVPps5d2g6UprTbSA79lYN4qtWKq2Z9t317xch7Lix6EunQcoTkJ6QXEbDrAIk3zvkWr/CtpwEhNcSdWvQsua42dkD2oOI2F2IgFyYgOx9Iba2yj8A0TD2iqfYVhsJIYuk12QfeaR7ovQ6DhHlUxyQzeF6h0Y+I4AN6Sq/Mmj/cxfQoIaAEybUQMX+7KjFceIszT3JbGlz7DCxi7DMmNYuc7LELMRG3jNAOk+fW8u42Bhgc44tzvAondojerUGqCbUDw== mb0@codemonkey.cc";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,144 +0,0 @@
|
|||||||
{ config, pkgs, callPackage, ... }: let
|
|
||||||
unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
|
|
||||||
in {
|
|
||||||
imports =
|
|
||||||
[ # Include the results of the hardware scan.
|
|
||||||
./hardware-configuration.nix
|
|
||||||
<stockholm/mb>
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.gr33n;
|
|
||||||
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
||||||
boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ];
|
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
|
|
||||||
fileSystems."/mnt/public" = {
|
|
||||||
device = "//192.168.0.4/public";
|
|
||||||
fsType = "cifs";
|
|
||||||
options = let
|
|
||||||
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
|
|
||||||
in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
i18n = {
|
|
||||||
consoleFont = "Lat2-Terminus16";
|
|
||||||
consoleKeyMap = "de";
|
|
||||||
defaultLocale = "en_US.UTF-8";
|
|
||||||
};
|
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = super: {
|
|
||||||
openvpn = super.openvpn.override {
|
|
||||||
pkcs11Support = true;
|
|
||||||
useSystemd = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.shellAliases = {
|
|
||||||
ll = "ls -alh";
|
|
||||||
ls = "ls --color=tty";
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
curl
|
|
||||||
fish
|
|
||||||
git
|
|
||||||
htop
|
|
||||||
nmap
|
|
||||||
ranger
|
|
||||||
tcpdump
|
|
||||||
tmux
|
|
||||||
traceroute
|
|
||||||
tree
|
|
||||||
vim
|
|
||||||
wcalc
|
|
||||||
wget
|
|
||||||
xz
|
|
||||||
zbackup
|
|
||||||
];
|
|
||||||
|
|
||||||
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
|
||||||
|
|
||||||
sound.enable = false;
|
|
||||||
|
|
||||||
services.openssh.enable = true;
|
|
||||||
services.openssh.passwordAuthentication = false;
|
|
||||||
|
|
||||||
services.codimd = {
|
|
||||||
enable = true;
|
|
||||||
workDir = "/storage/codimd";
|
|
||||||
configuration = {
|
|
||||||
port = 1337;
|
|
||||||
host = "0.0.0.0";
|
|
||||||
db = {
|
|
||||||
dialect = "sqlite";
|
|
||||||
storage = "/storage/codimd/db.codimd.sqlite";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.wireless.enable = false;
|
|
||||||
networking.networkmanager.enable = false;
|
|
||||||
krebs.iptables.enable = true;
|
|
||||||
networking.enableIPv6 = false;
|
|
||||||
|
|
||||||
programs.fish = {
|
|
||||||
enable = true;
|
|
||||||
shellInit = ''
|
|
||||||
function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
|
|
||||||
if begin
|
|
||||||
set -q SSH_AGENT_PID
|
|
||||||
and kill -0 $SSH_AGENT_PID
|
|
||||||
and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
|
|
||||||
end
|
|
||||||
echo "ssh-agent running on pid $SSH_AGENT_PID"
|
|
||||||
else
|
|
||||||
eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
|
|
||||||
end
|
|
||||||
set -l identity $HOME/.ssh/id_rsa
|
|
||||||
set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
|
|
||||||
ssh-add -l | grep -q $fingerprint
|
|
||||||
or ssh-add $identity
|
|
||||||
end
|
|
||||||
'';
|
|
||||||
promptInit = ''
|
|
||||||
function fish_prompt --description 'Write out the prompt'
|
|
||||||
set -l color_cwd
|
|
||||||
set -l suffix
|
|
||||||
set -l nix_shell_info (
|
|
||||||
if test "$IN_NIX_SHELL" != ""
|
|
||||||
echo -n " <nix-shell>"
|
|
||||||
end
|
|
||||||
)
|
|
||||||
switch "$USER"
|
|
||||||
case root toor
|
|
||||||
if set -q fish_color_cwd_root
|
|
||||||
set color_cwd $fish_color_cwd_root
|
|
||||||
else
|
|
||||||
set color_cwd $fish_color_cwd
|
|
||||||
end
|
|
||||||
set suffix '#'
|
|
||||||
case '*'
|
|
||||||
set color_cwd $fish_color_cwd
|
|
||||||
set suffix '>'
|
|
||||||
end
|
|
||||||
|
|
||||||
echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
|
|
||||||
end
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
nix.buildCores = 4;
|
|
||||||
system.autoUpgrade.enable = false;
|
|
||||||
system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
|
|
||||||
system.stateVersion = "19.03";
|
|
||||||
|
|
||||||
}
|
|
@ -1,37 +0,0 @@
|
|||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
boot.initrd.mdadmConf = ''
|
|
||||||
ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 name=gr33n:0 UUID=5b715fd9:0be6bfa6:19f07db4:c16836d6
|
|
||||||
devices=/dev/sda1,/dev/sdb1,/dev/sdc1,/dev/sdd1
|
|
||||||
'';
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "/dev/disk/by-uuid/a9f2c19b-f60f-450c-87f1-146a54c4198b";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/storage" =
|
|
||||||
{ device = "/dev/disk/by-label/storage";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{ device = "/dev/disk/by-uuid/93EB-BCA3";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 4;
|
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
|
||||||
}
|
|
@ -1,238 +0,0 @@
|
|||||||
{ config, pkgs, callPackage, ... }: let
|
|
||||||
unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
|
|
||||||
in {
|
|
||||||
imports =
|
|
||||||
[ # Include the results of the hardware scan.
|
|
||||||
./hardware-configuration.nix
|
|
||||||
<stockholm/mb>
|
|
||||||
<stockholm/mb/2configs/nvim.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.orange;
|
|
||||||
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
||||||
boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ];
|
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
boot.initrd.luks.devices = [
|
|
||||||
{
|
|
||||||
name = "root";
|
|
||||||
device = "/dev/disk/by-uuid/09a36f91-a713-4b82-8b41-4e7a6acc4acf";
|
|
||||||
preLVM = true;
|
|
||||||
allowDiscards = true;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
|
|
||||||
fileSystems."/mnt/public" = {
|
|
||||||
device = "//192.168.0.4/public";
|
|
||||||
fsType = "cifs";
|
|
||||||
options = let
|
|
||||||
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
|
|
||||||
in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
# Select internationalisation properties.
|
|
||||||
i18n = {
|
|
||||||
consoleFont = "Lat2-Terminus16";
|
|
||||||
consoleKeyMap = "de";
|
|
||||||
defaultLocale = "en_US.UTF-8";
|
|
||||||
};
|
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = super: {
|
|
||||||
openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; };
|
|
||||||
};
|
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
fonts = {
|
|
||||||
enableCoreFonts = true;
|
|
||||||
enableGhostscriptFonts = true;
|
|
||||||
fonts = with pkgs; [
|
|
||||||
anonymousPro
|
|
||||||
corefonts
|
|
||||||
dejavu_fonts
|
|
||||||
envypn-font
|
|
||||||
fira
|
|
||||||
gentium
|
|
||||||
gohufont
|
|
||||||
inconsolata
|
|
||||||
liberation_ttf
|
|
||||||
powerline-fonts
|
|
||||||
source-code-pro
|
|
||||||
terminus_font
|
|
||||||
ttf_bitstream_vera
|
|
||||||
ubuntu_font_family
|
|
||||||
unifont
|
|
||||||
unstable.cherry
|
|
||||||
xorg.fontbitstream100dpi
|
|
||||||
xorg.fontbitstream75dpi
|
|
||||||
xorg.fontbitstreamtype1
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
adapta-gtk-theme
|
|
||||||
aircrackng
|
|
||||||
ag
|
|
||||||
arandr
|
|
||||||
binutils
|
|
||||||
chromium
|
|
||||||
cifs-utils
|
|
||||||
curl
|
|
||||||
evince
|
|
||||||
exfat
|
|
||||||
feh
|
|
||||||
file
|
|
||||||
firefox
|
|
||||||
freetype
|
|
||||||
gimp
|
|
||||||
git
|
|
||||||
gnupg
|
|
||||||
graphite2
|
|
||||||
hicolor_icon_theme
|
|
||||||
htop
|
|
||||||
i3lock
|
|
||||||
jq
|
|
||||||
keepassx2
|
|
||||||
kvm
|
|
||||||
lxappearance
|
|
||||||
man-pages
|
|
||||||
moc
|
|
||||||
mpv
|
|
||||||
mpvc
|
|
||||||
mupdf
|
|
||||||
ncdu
|
|
||||||
nmap
|
|
||||||
openvpn
|
|
||||||
pass
|
|
||||||
p7zip
|
|
||||||
powertop
|
|
||||||
ranger
|
|
||||||
rofi
|
|
||||||
sshfs
|
|
||||||
tcpdump
|
|
||||||
tmux
|
|
||||||
traceroute
|
|
||||||
tree
|
|
||||||
unstable.alacritty
|
|
||||||
unstable.ponyc
|
|
||||||
unstable.sublime3
|
|
||||||
unstable.youtube-dl
|
|
||||||
virt-viewer
|
|
||||||
virtmanager
|
|
||||||
vulnix
|
|
||||||
wcalc
|
|
||||||
wget
|
|
||||||
xz
|
|
||||||
zbackup
|
|
||||||
];
|
|
||||||
|
|
||||||
environment.variables = {
|
|
||||||
EDITOR = ["nvim"];
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.shellAliases = {
|
|
||||||
ll = "ls -alh";
|
|
||||||
ls = "ls --color=tty";
|
|
||||||
};
|
|
||||||
|
|
||||||
virtualisation.libvirtd.enable = true;
|
|
||||||
#virtualisation.kvmgt.enable = true;
|
|
||||||
|
|
||||||
programs.gnupg.agent = {
|
|
||||||
enable = true;
|
|
||||||
enableSSHSupport = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
sound.enable = true;
|
|
||||||
hardware.pulseaudio.enable = true;
|
|
||||||
hardware.pulseaudio.support32Bit = true;
|
|
||||||
nixpkgs.config.pulseaudio = true;
|
|
||||||
|
|
||||||
services.xserver = {
|
|
||||||
enable = true;
|
|
||||||
layout = "de";
|
|
||||||
xkbVariant = "nodeadkeys";
|
|
||||||
libinput.enable = true;
|
|
||||||
desktopManager = {
|
|
||||||
default = "xfce";
|
|
||||||
xterm.enable = false;
|
|
||||||
xfce = {
|
|
||||||
enable = true;
|
|
||||||
noDesktop = true;
|
|
||||||
enableXfwm = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
windowManager.ratpoison.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.openssh.enable = true;
|
|
||||||
#services.openssh.permitRootLogin = "yes";
|
|
||||||
services.openssh.passwordAuthentication = false;
|
|
||||||
|
|
||||||
networking.wireless.enable = false;
|
|
||||||
networking.networkmanager.enable = false;
|
|
||||||
krebs.iptables.enable = true;
|
|
||||||
#networking.nameservers = [ "8.8.8.8" "141.1.1.1" ];
|
|
||||||
networking.enableIPv6 = false;
|
|
||||||
|
|
||||||
programs.fish = {
|
|
||||||
enable = true;
|
|
||||||
shellInit = ''
|
|
||||||
function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
|
|
||||||
if begin
|
|
||||||
set -q SSH_AGENT_PID
|
|
||||||
and kill -0 $SSH_AGENT_PID
|
|
||||||
and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
|
|
||||||
end
|
|
||||||
echo "ssh-agent running on pid $SSH_AGENT_PID"
|
|
||||||
else
|
|
||||||
eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
|
|
||||||
end
|
|
||||||
set -l identity $HOME/.ssh/id_rsa
|
|
||||||
set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
|
|
||||||
ssh-add -l | grep -q $fingerprint
|
|
||||||
or ssh-add $identity
|
|
||||||
end
|
|
||||||
'';
|
|
||||||
promptInit = ''
|
|
||||||
function fish_prompt --description 'Write out the prompt'
|
|
||||||
set -l color_cwd
|
|
||||||
set -l suffix
|
|
||||||
set -l nix_shell_info (
|
|
||||||
if test "$IN_NIX_SHELL" != ""
|
|
||||||
echo -n " <nix-shell>"
|
|
||||||
end
|
|
||||||
)
|
|
||||||
switch "$USER"
|
|
||||||
case root toor
|
|
||||||
if set -q fish_color_cwd_root
|
|
||||||
set color_cwd $fish_color_cwd_root
|
|
||||||
else
|
|
||||||
set color_cwd $fish_color_cwd
|
|
||||||
end
|
|
||||||
set suffix '#'
|
|
||||||
case '*'
|
|
||||||
set color_cwd $fish_color_cwd
|
|
||||||
set suffix '>'
|
|
||||||
end
|
|
||||||
|
|
||||||
echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
|
|
||||||
end
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
nix.maxJobs = 4;
|
|
||||||
nix.buildCores = 4;
|
|
||||||
system.autoUpgrade.enable = false;
|
|
||||||
system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
|
|
||||||
system.stateVersion = "19.03";
|
|
||||||
|
|
||||||
}
|
|
@ -1,28 +0,0 @@
|
|||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
|
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "/dev/disk/by-uuid/b1d32c54-35f8-4bf1-9fd2-82adc760af01";
|
|
||||||
fsType = "btrfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{ device = "/dev/disk/by-uuid/BF9B-03A2";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 4;
|
|
||||||
}
|
|
@ -1,227 +0,0 @@
|
|||||||
{ config, pkgs, callPackage, ... }: let
|
|
||||||
unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
|
|
||||||
in {
|
|
||||||
imports =
|
|
||||||
[ # Include the results of the hardware scan.
|
|
||||||
./hardware-configuration.nix
|
|
||||||
<stockholm/mb>
|
|
||||||
<stockholm/mb/2configs/nvim.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.p1nk;
|
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
boot.initrd.luks.devices = [
|
|
||||||
{
|
|
||||||
name = "root";
|
|
||||||
device = "/dev/disk/by-uuid/0392257b-f6cf-484d-8c46-e20aab4fddb7";
|
|
||||||
preLVM = true;
|
|
||||||
allowDiscards = true;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
|
|
||||||
fileSystems."/mnt/public" = {
|
|
||||||
device = "//192.168.0.4/public";
|
|
||||||
fsType = "cifs";
|
|
||||||
options = let
|
|
||||||
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
|
|
||||||
in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
i18n = {
|
|
||||||
consoleFont = "Lat2-Terminus16";
|
|
||||||
consoleKeyMap = "de";
|
|
||||||
defaultLocale = "en_US.UTF-8";
|
|
||||||
};
|
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
|
|
||||||
fonts = {
|
|
||||||
enableCoreFonts = true;
|
|
||||||
enableGhostscriptFonts = true;
|
|
||||||
fonts = with pkgs; [
|
|
||||||
anonymousPro
|
|
||||||
corefonts
|
|
||||||
dejavu_fonts
|
|
||||||
envypn-font
|
|
||||||
fira
|
|
||||||
gentium
|
|
||||||
gohufont
|
|
||||||
inconsolata
|
|
||||||
liberation_ttf
|
|
||||||
powerline-fonts
|
|
||||||
source-code-pro
|
|
||||||
terminus_font
|
|
||||||
ttf_bitstream_vera
|
|
||||||
ubuntu_font_family
|
|
||||||
unifont
|
|
||||||
unstable.cherry
|
|
||||||
xorg.fontbitstream100dpi
|
|
||||||
xorg.fontbitstream75dpi
|
|
||||||
xorg.fontbitstreamtype1
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = super: {
|
|
||||||
openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; };
|
|
||||||
};
|
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
adapta-gtk-theme
|
|
||||||
aircrackng
|
|
||||||
ag
|
|
||||||
arandr
|
|
||||||
binutils
|
|
||||||
chromium
|
|
||||||
cifs-utils
|
|
||||||
curl
|
|
||||||
evince
|
|
||||||
exfat
|
|
||||||
feh
|
|
||||||
file
|
|
||||||
firefox
|
|
||||||
freetype
|
|
||||||
gimp
|
|
||||||
git
|
|
||||||
gnupg
|
|
||||||
graphite2
|
|
||||||
hicolor_icon_theme
|
|
||||||
htop
|
|
||||||
i3lock
|
|
||||||
jq
|
|
||||||
keepassx2
|
|
||||||
kvm
|
|
||||||
lxappearance
|
|
||||||
man-pages
|
|
||||||
moc
|
|
||||||
mpv
|
|
||||||
mpvc
|
|
||||||
mupdf
|
|
||||||
ncdu
|
|
||||||
nmap
|
|
||||||
openvpn
|
|
||||||
pass
|
|
||||||
p7zip
|
|
||||||
powertop
|
|
||||||
ranger
|
|
||||||
rofi
|
|
||||||
sshfs
|
|
||||||
tcpdump
|
|
||||||
tmux
|
|
||||||
traceroute
|
|
||||||
tree
|
|
||||||
unstable.alacritty
|
|
||||||
unstable.ponyc
|
|
||||||
unstable.sublime3
|
|
||||||
youtube-dl
|
|
||||||
virt-viewer
|
|
||||||
virtmanager
|
|
||||||
vulnix
|
|
||||||
wcalc
|
|
||||||
wget
|
|
||||||
xz
|
|
||||||
zbackup
|
|
||||||
];
|
|
||||||
|
|
||||||
environment.shellAliases = {
|
|
||||||
ll = "ls -alh";
|
|
||||||
ls = "ls --color=tty";
|
|
||||||
};
|
|
||||||
|
|
||||||
virtualisation.libvirtd.enable = true;
|
|
||||||
virtualisation.kvmgt.enable = true;
|
|
||||||
|
|
||||||
programs.gnupg.agent = {
|
|
||||||
enable = true;
|
|
||||||
enableSSHSupport = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
sound.enable = true;
|
|
||||||
hardware.pulseaudio.enable = true;
|
|
||||||
hardware.pulseaudio.support32Bit = true;
|
|
||||||
|
|
||||||
services.xserver = {
|
|
||||||
enable = true;
|
|
||||||
layout = "de";
|
|
||||||
xkbOptions = "nodeadkeys";
|
|
||||||
libinput.enable = true;
|
|
||||||
desktopManager = {
|
|
||||||
default = "xfce";
|
|
||||||
xterm.enable = false;
|
|
||||||
xfce = {
|
|
||||||
enable = true;
|
|
||||||
noDesktop = true;
|
|
||||||
enableXfwm = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
windowManager.ratpoison.enable = true;
|
|
||||||
windowManager.pekwm.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.openssh.enable = true;
|
|
||||||
services.openssh.passwordAuthentication = false;
|
|
||||||
|
|
||||||
krebs.iptables.enable = true;
|
|
||||||
networking.networkmanager.enable = false;
|
|
||||||
networking.wireless.enable = true;
|
|
||||||
networking.nameservers = [ "8.8.8.8" "141.1.1.1" ];
|
|
||||||
networking.enableIPv6 = false;
|
|
||||||
|
|
||||||
programs.fish = {
|
|
||||||
enable = true;
|
|
||||||
shellInit = ''
|
|
||||||
function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
|
|
||||||
if begin
|
|
||||||
set -q SSH_AGENT_PID
|
|
||||||
and kill -0 $SSH_AGENT_PID
|
|
||||||
and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
|
|
||||||
end
|
|
||||||
echo "ssh-agent running on pid $SSH_AGENT_PID"
|
|
||||||
else
|
|
||||||
eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
|
|
||||||
end
|
|
||||||
set -l identity $HOME/.ssh/id_rsa
|
|
||||||
set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
|
|
||||||
ssh-add -l | grep -q $fingerprint
|
|
||||||
or ssh-add $identity
|
|
||||||
end
|
|
||||||
'';
|
|
||||||
promptInit = ''
|
|
||||||
function fish_prompt --description 'Write out the prompt'
|
|
||||||
set -l color_cwd
|
|
||||||
set -l suffix
|
|
||||||
set -l nix_shell_info (
|
|
||||||
if test "$IN_NIX_SHELL" != ""
|
|
||||||
echo -n " <nix-shell>"
|
|
||||||
end
|
|
||||||
)
|
|
||||||
switch "$USER"
|
|
||||||
case root toor
|
|
||||||
if set -q fish_color_cwd_root
|
|
||||||
set color_cwd $fish_color_cwd_root
|
|
||||||
else
|
|
||||||
set color_cwd $fish_color_cwd
|
|
||||||
end
|
|
||||||
set suffix '#'
|
|
||||||
case '*'
|
|
||||||
set color_cwd $fish_color_cwd
|
|
||||||
set suffix '>'
|
|
||||||
end
|
|
||||||
|
|
||||||
echo -n -s "$USER" @ (set_color magenta) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
|
|
||||||
end
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
nix.maxJobs = 4;
|
|
||||||
nix.buildCores = 4;
|
|
||||||
system.autoUpgrade.enable = false;
|
|
||||||
system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
|
|
||||||
system.stateVersion = "19.03";
|
|
||||||
|
|
||||||
}
|
|
@ -1,29 +0,0 @@
|
|||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "/dev/disk/by-uuid/4cc2add6-ed19-4685-bbd9-b992bd8d51fb";
|
|
||||||
fsType = "btrfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{ device = "/dev/disk/by-uuid/9F87-AEAA";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 4;
|
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
|
||||||
}
|
|
@ -1,103 +0,0 @@
|
|||||||
{ config, pkgs, callPackage, ... }: let
|
|
||||||
unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
|
|
||||||
in {
|
|
||||||
imports =
|
|
||||||
[ # Include the results of the hardware scan.
|
|
||||||
<stockholm/mb/2configs/google-compute-config.nix>
|
|
||||||
<stockholm/mb>
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.rofl;
|
|
||||||
|
|
||||||
i18n = {
|
|
||||||
consoleFont = "Lat2-Terminus16";
|
|
||||||
consoleKeyMap = "de";
|
|
||||||
defaultLocale = "en_US.UTF-8";
|
|
||||||
};
|
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
environment.shellAliases = {
|
|
||||||
ll = "ls -alh";
|
|
||||||
ls = "ls --color=tty";
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
curl
|
|
||||||
fish
|
|
||||||
git
|
|
||||||
htop
|
|
||||||
nmap
|
|
||||||
ranger
|
|
||||||
tcpdump
|
|
||||||
tmux
|
|
||||||
traceroute
|
|
||||||
tree
|
|
||||||
vim
|
|
||||||
xz
|
|
||||||
zbackup
|
|
||||||
];
|
|
||||||
|
|
||||||
sound.enable = false;
|
|
||||||
|
|
||||||
services.openssh.enable = true;
|
|
||||||
services.openssh.passwordAuthentication = false;
|
|
||||||
|
|
||||||
networking.wireless.enable = false;
|
|
||||||
networking.networkmanager.enable = false;
|
|
||||||
krebs.iptables.enable = true;
|
|
||||||
networking.enableIPv6 = false;
|
|
||||||
|
|
||||||
programs.fish = {
|
|
||||||
enable = true;
|
|
||||||
shellInit = ''
|
|
||||||
function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
|
|
||||||
if begin
|
|
||||||
set -q SSH_AGENT_PID
|
|
||||||
and kill -0 $SSH_AGENT_PID
|
|
||||||
and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
|
|
||||||
end
|
|
||||||
echo "ssh-agent running on pid $SSH_AGENT_PID"
|
|
||||||
else
|
|
||||||
eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
|
|
||||||
end
|
|
||||||
set -l identity $HOME/.ssh/id_rsa
|
|
||||||
set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
|
|
||||||
ssh-add -l | grep -q $fingerprint
|
|
||||||
or ssh-add $identity
|
|
||||||
end
|
|
||||||
'';
|
|
||||||
promptInit = ''
|
|
||||||
function fish_prompt --description 'Write out the prompt'
|
|
||||||
set -l color_cwd
|
|
||||||
set -l suffix
|
|
||||||
set -l nix_shell_info (
|
|
||||||
if test "$IN_NIX_SHELL" != ""
|
|
||||||
echo -n " <nix-shell>"
|
|
||||||
end
|
|
||||||
)
|
|
||||||
switch "$USER"
|
|
||||||
case root toor
|
|
||||||
if set -q fish_color_cwd_root
|
|
||||||
set color_cwd $fish_color_cwd_root
|
|
||||||
else
|
|
||||||
set color_cwd $fish_color_cwd
|
|
||||||
end
|
|
||||||
set suffix '#'
|
|
||||||
case '*'
|
|
||||||
set color_cwd $fish_color_cwd
|
|
||||||
set suffix '>'
|
|
||||||
end
|
|
||||||
|
|
||||||
echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
|
|
||||||
end
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
system.autoUpgrade.enable = false;
|
|
||||||
system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
|
|
||||||
system.stateVersion = "19.03";
|
|
||||||
|
|
||||||
}
|
|
@ -1,181 +0,0 @@
|
|||||||
|
|
||||||
{ config, pkgs, ... }: let
|
|
||||||
unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
|
|
||||||
in {
|
|
||||||
imports =
|
|
||||||
[ # Include the results of the hardware scan.
|
|
||||||
./hardware-configuration.nix
|
|
||||||
<stockholm/mb>
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.sunsh1n3;
|
|
||||||
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
|
|
||||||
|
|
||||||
boot.initrd.luks.devices = [
|
|
||||||
{
|
|
||||||
name = "root";
|
|
||||||
device = "/dev/disk/by-uuid/5354ba31-c7de-4b55-8f86-a2a437dfbb21";
|
|
||||||
preLVM = true;
|
|
||||||
allowDiscards = true;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
i18n = {
|
|
||||||
consoleFont = "Lat2-Terminus16";
|
|
||||||
consoleKeyMap = "de";
|
|
||||||
defaultLocale = "en_US.UTF-8";
|
|
||||||
};
|
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = super : {
|
|
||||||
openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = true ; };
|
|
||||||
};
|
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
fonts = {
|
|
||||||
enableCoreFonts = true;
|
|
||||||
enableGhostscriptFonts = true;
|
|
||||||
fonts = with pkgs; [
|
|
||||||
anonymousPro
|
|
||||||
corefonts
|
|
||||||
dejavu_fonts
|
|
||||||
envypn-font
|
|
||||||
fira
|
|
||||||
gentium
|
|
||||||
gohufont
|
|
||||||
inconsolata
|
|
||||||
liberation_ttf
|
|
||||||
powerline-fonts
|
|
||||||
source-code-pro
|
|
||||||
terminus_font
|
|
||||||
ttf_bitstream_vera
|
|
||||||
ubuntu_font_family
|
|
||||||
unifont
|
|
||||||
unstable.cherry
|
|
||||||
xorg.fontbitstream100dpi
|
|
||||||
xorg.fontbitstream75dpi
|
|
||||||
xorg.fontbitstreamtype1
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
wget vim git curl fish
|
|
||||||
ag
|
|
||||||
chromium
|
|
||||||
firefox
|
|
||||||
gimp
|
|
||||||
p7zip
|
|
||||||
htop
|
|
||||||
mpv
|
|
||||||
mpvc
|
|
||||||
nmap
|
|
||||||
ntfs3g
|
|
||||||
keepassx2
|
|
||||||
sshfs
|
|
||||||
#unstable.skrooge
|
|
||||||
skrooge
|
|
||||||
unstable.alacritty
|
|
||||||
tmux
|
|
||||||
tree
|
|
||||||
wcalc
|
|
||||||
virtmanager
|
|
||||||
virt-viewer
|
|
||||||
(wine.override { wineBuild = "wineWow"; })
|
|
||||||
xz
|
|
||||||
zbackup
|
|
||||||
];
|
|
||||||
|
|
||||||
virtualisation.libvirtd.enable = true;
|
|
||||||
virtualisation.kvmgt.enable = true;
|
|
||||||
|
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
|
||||||
# started in user sessions.
|
|
||||||
# programs.mtr.enable = true;
|
|
||||||
|
|
||||||
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
|
||||||
programs.dconf.enable = true;
|
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
|
||||||
services.openssh.enable = true;
|
|
||||||
services.openssh.passwordAuthentication = false;
|
|
||||||
|
|
||||||
krebs.iptables.enable = true;
|
|
||||||
#networking.wireless.enable = true;
|
|
||||||
networking.networkmanager.enable = true;
|
|
||||||
networking.enableIPv6 = false;
|
|
||||||
|
|
||||||
# Enable sound.
|
|
||||||
sound.enable = true;
|
|
||||||
hardware.pulseaudio.enable = true;
|
|
||||||
hardware.pulseaudio.support32Bit = true;
|
|
||||||
nixpkgs.config.pulseaudio = true;
|
|
||||||
|
|
||||||
services.xserver.enable = true;
|
|
||||||
services.xserver.layout = "de";
|
|
||||||
services.xserver.xkbOptions = "nodeadkeys";
|
|
||||||
services.xserver.libinput.enable = true;
|
|
||||||
|
|
||||||
# Enable the KDE Desktop Environment.
|
|
||||||
services.xserver.displayManager.sddm.enable = true;
|
|
||||||
services.xserver.desktopManager.plasma5.enable = true;
|
|
||||||
|
|
||||||
programs.fish = {
|
|
||||||
enable = true;
|
|
||||||
shellInit = ''
|
|
||||||
function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
|
|
||||||
if begin
|
|
||||||
set -q SSH_AGENT_PID
|
|
||||||
and kill -0 $SSH_AGENT_PID
|
|
||||||
and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
|
|
||||||
end
|
|
||||||
echo "ssh-agent running on pid $SSH_AGENT_PID"
|
|
||||||
else
|
|
||||||
eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
|
|
||||||
end
|
|
||||||
set -l identity $HOME/.ssh/id_rsa
|
|
||||||
set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
|
|
||||||
ssh-add -l | grep -q $fingerprint
|
|
||||||
or ssh-add $identity
|
|
||||||
end
|
|
||||||
'';
|
|
||||||
promptInit = ''
|
|
||||||
function fish_prompt --description 'Write out the prompt'
|
|
||||||
set -l color_cwd
|
|
||||||
set -l suffix
|
|
||||||
set -l nix_shell_info (
|
|
||||||
if test "$IN_NIX_SHELL" != ""
|
|
||||||
echo -n " <nix-shell>"
|
|
||||||
end
|
|
||||||
)
|
|
||||||
switch "$USER"
|
|
||||||
case root toor
|
|
||||||
if set -q fish_color_cwd_root
|
|
||||||
set color_cwd $fish_color_cwd_root
|
|
||||||
else
|
|
||||||
set color_cwd $fish_color_cwd
|
|
||||||
end
|
|
||||||
set suffix '#'
|
|
||||||
case '*'
|
|
||||||
set color_cwd $fish_color_cwd
|
|
||||||
set suffix '>'
|
|
||||||
end
|
|
||||||
|
|
||||||
echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
|
|
||||||
end
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
nix.buildCores = 4;
|
|
||||||
|
|
||||||
system.stateVersion = "19.09";
|
|
||||||
|
|
||||||
}
|
|
@ -1,29 +0,0 @@
|
|||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ];
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "/dev/disk/by-uuid/a3257922-d2d4-45ae-87cc-cc38d32e0774";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{ device = "/dev/disk/by-uuid/60A6-4DAB";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 4;
|
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
|
||||||
}
|
|
@ -1,222 +0,0 @@
|
|||||||
with import <stockholm/lib>;
|
|
||||||
{ config, pkgs, ... }:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
{
|
|
||||||
users.users = {
|
|
||||||
root = {
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
config.krebs.users.mb.pubkey
|
|
||||||
];
|
|
||||||
};
|
|
||||||
mb = {
|
|
||||||
name = "mb";
|
|
||||||
uid = 1337;
|
|
||||||
home = "/home/mb";
|
|
||||||
group = "users";
|
|
||||||
createHome = true;
|
|
||||||
shell = "/run/current-system/sw/bin/fish";
|
|
||||||
extraGroups = [
|
|
||||||
"audio"
|
|
||||||
"video"
|
|
||||||
"fuse"
|
|
||||||
"wheel"
|
|
||||||
"kvm"
|
|
||||||
"qemu-libvirtd"
|
|
||||||
"libvirtd"
|
|
||||||
];
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
config.krebs.users.mb.pubkey
|
|
||||||
];
|
|
||||||
};
|
|
||||||
xo = {
|
|
||||||
name = "xo";
|
|
||||||
uid = 2323;
|
|
||||||
home = "/home/xo";
|
|
||||||
group = "users";
|
|
||||||
createHome = true;
|
|
||||||
shell = "/run/current-system/sw/bin/fish";
|
|
||||||
extraGroups = [
|
|
||||||
"audio"
|
|
||||||
"video"
|
|
||||||
"fuse"
|
|
||||||
"wheel"
|
|
||||||
"kvm"
|
|
||||||
"qemu-libvirtd"
|
|
||||||
"libvirtd"
|
|
||||||
];
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
config.krebs.users.mb.pubkey
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
environment.variables = {
|
|
||||||
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
(let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in {
|
|
||||||
environment.variables = {
|
|
||||||
CURL_CA_BUNDLE = ca-bundle;
|
|
||||||
GIT_SSL_CAINFO = ca-bundle;
|
|
||||||
SSL_CERT_FILE = ca-bundle;
|
|
||||||
};
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.hostName = config.krebs.build.host.name;
|
|
||||||
|
|
||||||
krebs = {
|
|
||||||
enable = true;
|
|
||||||
build.user = config.krebs.users.mb;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.mutableUsers = true;
|
|
||||||
|
|
||||||
services.timesyncd.enable = mkForce true;
|
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"d /tmp 1777 root root - -"
|
|
||||||
];
|
|
||||||
|
|
||||||
# multiple-definition-problem when defining environment.variables.EDITOR
|
|
||||||
environment.extraInit = ''
|
|
||||||
EDITOR=vim
|
|
||||||
'';
|
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
#stockholm
|
|
||||||
git
|
|
||||||
git-preview
|
|
||||||
gnumake
|
|
||||||
jq
|
|
||||||
parallel
|
|
||||||
proot
|
|
||||||
populate
|
|
||||||
|
|
||||||
#style
|
|
||||||
most
|
|
||||||
rxvt_unicode.terminfo
|
|
||||||
|
|
||||||
#monitoring tools
|
|
||||||
htop
|
|
||||||
iotop
|
|
||||||
|
|
||||||
#network
|
|
||||||
iptables
|
|
||||||
iftop
|
|
||||||
tcpdump
|
|
||||||
|
|
||||||
#stuff for dl
|
|
||||||
aria2
|
|
||||||
|
|
||||||
#neat utils
|
|
||||||
fish
|
|
||||||
file
|
|
||||||
kpaste
|
|
||||||
krebspaste
|
|
||||||
mosh
|
|
||||||
pciutils
|
|
||||||
psmisc
|
|
||||||
tmux
|
|
||||||
untilport
|
|
||||||
usbutils
|
|
||||||
|
|
||||||
#unpack stuff
|
|
||||||
p7zip
|
|
||||||
|
|
||||||
(pkgs.writeDashBin "sshn" ''
|
|
||||||
${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
|
|
||||||
'')
|
|
||||||
];
|
|
||||||
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
permitRootLogin = "yes";
|
|
||||||
passwordAuthentication = false;
|
|
||||||
hostKeys = [
|
|
||||||
# XXX bits here make no science
|
|
||||||
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.fish = {
|
|
||||||
enable = true;
|
|
||||||
shellInit = ''
|
|
||||||
function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
|
|
||||||
if begin
|
|
||||||
set -q SSH_AGENT_PID
|
|
||||||
and kill -0 $SSH_AGENT_PID
|
|
||||||
and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
|
|
||||||
end
|
|
||||||
echo "ssh-agent running on pid $SSH_AGENT_PID"
|
|
||||||
else
|
|
||||||
eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
|
|
||||||
end
|
|
||||||
set -l identity $HOME/.ssh/id_rsa
|
|
||||||
set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
|
|
||||||
ssh-add -l | grep -q $fingerprint
|
|
||||||
or ssh-add $identity
|
|
||||||
end
|
|
||||||
'';
|
|
||||||
promptInit = ''
|
|
||||||
function fish_prompt --description 'Write out the prompt'
|
|
||||||
set -l color_cwd
|
|
||||||
set -l suffix
|
|
||||||
set -l nix_shell_info (
|
|
||||||
if test "$IN_NIX_SHELL" != ""
|
|
||||||
echo -n " <nix-shell>"
|
|
||||||
end
|
|
||||||
)
|
|
||||||
switch "$USER"
|
|
||||||
case root toor
|
|
||||||
if set -q fish_color_cwd_root
|
|
||||||
set color_cwd $fish_color_cwd_root
|
|
||||||
else
|
|
||||||
set color_cwd $fish_color_cwd
|
|
||||||
end
|
|
||||||
set suffix '#'
|
|
||||||
case '*'
|
|
||||||
set color_cwd $fish_color_cwd
|
|
||||||
set suffix '>'
|
|
||||||
end
|
|
||||||
|
|
||||||
echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
|
|
||||||
end
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
services.journald.extraConfig = ''
|
|
||||||
SystemMaxUse=1G
|
|
||||||
RuntimeMaxUse=128M
|
|
||||||
'';
|
|
||||||
|
|
||||||
krebs.iptables = {
|
|
||||||
enable = true;
|
|
||||||
tables = {
|
|
||||||
nat.PREROUTING.rules = [
|
|
||||||
{ predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
|
|
||||||
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
|
|
||||||
];
|
|
||||||
nat.OUTPUT.rules = [
|
|
||||||
{ predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
|
|
||||||
];
|
|
||||||
filter.INPUT.policy = "DROP";
|
|
||||||
filter.FORWARD.policy = "DROP";
|
|
||||||
filter.INPUT.rules = [
|
|
||||||
{ predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
|
|
||||||
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
|
|
||||||
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
|
|
||||||
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
|
|
||||||
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
|
|
||||||
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
|
|
||||||
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
|
|
||||||
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
|
|
||||||
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,231 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
gce = pkgs.google-compute-engine;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./headless.nix
|
|
||||||
./qemu-guest.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/disk/by-label/nixos";
|
|
||||||
autoResize = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.growPartition = true;
|
|
||||||
boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
|
|
||||||
boot.initrd.kernelModules = [ "virtio_scsi" ];
|
|
||||||
boot.kernelModules = [ "virtio_pci" "virtio_net" ];
|
|
||||||
|
|
||||||
# Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd.
|
|
||||||
boot.loader.grub.device = "/dev/sda";
|
|
||||||
boot.loader.timeout = 0;
|
|
||||||
|
|
||||||
# Don't put old configurations in the GRUB menu. The user has no
|
|
||||||
# way to select them anyway.
|
|
||||||
boot.loader.grub.configurationLimit = 0;
|
|
||||||
|
|
||||||
# Allow root logins only using the SSH key that the user specified
|
|
||||||
# at instance creation time.
|
|
||||||
#services.openssh.enable = true;
|
|
||||||
#services.openssh.permitRootLogin = "prohibit-password";
|
|
||||||
#services.openssh.passwordAuthentication = mkDefault false;
|
|
||||||
|
|
||||||
# Use GCE udev rules for dynamic disk volumes
|
|
||||||
services.udev.packages = [ gce ];
|
|
||||||
|
|
||||||
# Force getting the hostname from Google Compute.
|
|
||||||
networking.hostName = mkDefault "";
|
|
||||||
|
|
||||||
# Always include cryptsetup so that NixOps can use it.
|
|
||||||
environment.systemPackages = [ pkgs.cryptsetup ];
|
|
||||||
|
|
||||||
# Make sure GCE image does not replace host key that NixOps sets
|
|
||||||
environment.etc."default/instance_configs.cfg".text = lib.mkDefault ''
|
|
||||||
[InstanceSetup]
|
|
||||||
set_host_keys = false
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Rely on GCP's firewall instead
|
|
||||||
networking.firewall.enable = mkDefault false;
|
|
||||||
|
|
||||||
# Configure default metadata hostnames
|
|
||||||
networking.extraHosts = ''
|
|
||||||
169.254.169.254 metadata.google.internal metadata
|
|
||||||
'';
|
|
||||||
|
|
||||||
networking.timeServers = [ "metadata.google.internal" ];
|
|
||||||
|
|
||||||
networking.usePredictableInterfaceNames = false;
|
|
||||||
|
|
||||||
# GC has 1460 MTU
|
|
||||||
networking.interfaces.eth0.mtu = 1460;
|
|
||||||
|
|
||||||
security.googleOsLogin.enable = true;
|
|
||||||
|
|
||||||
systemd.services.google-clock-skew-daemon = {
|
|
||||||
description = "Google Compute Engine Clock Skew Daemon";
|
|
||||||
after = [
|
|
||||||
"network.target"
|
|
||||||
"google-instance-setup.service"
|
|
||||||
"google-network-setup.service"
|
|
||||||
];
|
|
||||||
requires = ["network.target"];
|
|
||||||
wantedBy = ["multi-user.target"];
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "simple";
|
|
||||||
ExecStart = "${gce}/bin/google_clock_skew_daemon --debug";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.google-instance-setup = {
|
|
||||||
description = "Google Compute Engine Instance Setup";
|
|
||||||
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"];
|
|
||||||
before = ["sshd.service"];
|
|
||||||
wants = ["local-fs.target" "network-online.target" "network.target"];
|
|
||||||
wantedBy = [ "sshd.service" "multi-user.target" ];
|
|
||||||
path = with pkgs; [ ethtool openssh ];
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = "${gce}/bin/google_instance_setup --debug";
|
|
||||||
Type = "oneshot";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.google-network-daemon = {
|
|
||||||
description = "Google Compute Engine Network Daemon";
|
|
||||||
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"];
|
|
||||||
wants = ["local-fs.target" "network-online.target" "network.target"];
|
|
||||||
requires = ["network.target"];
|
|
||||||
partOf = ["network.target"];
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
path = with pkgs; [ iproute ];
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = "${gce}/bin/google_network_daemon --debug";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.google-shutdown-scripts = {
|
|
||||||
description = "Google Compute Engine Shutdown Scripts";
|
|
||||||
after = [
|
|
||||||
"local-fs.target"
|
|
||||||
"network-online.target"
|
|
||||||
"network.target"
|
|
||||||
"rsyslog.service"
|
|
||||||
"systemd-resolved.service"
|
|
||||||
"google-instance-setup.service"
|
|
||||||
"google-network-daemon.service"
|
|
||||||
];
|
|
||||||
wants = [ "local-fs.target" "network-online.target" "network.target"];
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = "${pkgs.coreutils}/bin/true";
|
|
||||||
ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown";
|
|
||||||
Type = "oneshot";
|
|
||||||
RemainAfterExit = true;
|
|
||||||
TimeoutStopSec = "infinity";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.google-startup-scripts = {
|
|
||||||
description = "Google Compute Engine Startup Scripts";
|
|
||||||
after = [
|
|
||||||
"local-fs.target"
|
|
||||||
"network-online.target"
|
|
||||||
"network.target"
|
|
||||||
"rsyslog.service"
|
|
||||||
"google-instance-setup.service"
|
|
||||||
"google-network-daemon.service"
|
|
||||||
];
|
|
||||||
wants = ["local-fs.target" "network-online.target" "network.target"];
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup";
|
|
||||||
KillMode = "process";
|
|
||||||
Type = "oneshot";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
# Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
|
|
||||||
boot.kernel.sysctl = {
|
|
||||||
# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
|
|
||||||
# of TCP functionality/features under normal conditions. When flood
|
|
||||||
# protections kick in under high unanswered-SYN load, the system
|
|
||||||
# should remain more stable, with a trade off of some loss of TCP
|
|
||||||
# functionality/features (e.g. TCP Window scaling).
|
|
||||||
"net.ipv4.tcp_syncookies" = mkDefault "1";
|
|
||||||
|
|
||||||
# ignores source-routed packets
|
|
||||||
"net.ipv4.conf.all.accept_source_route" = mkDefault "0";
|
|
||||||
|
|
||||||
# ignores source-routed packets
|
|
||||||
"net.ipv4.conf.default.accept_source_route" = mkDefault "0";
|
|
||||||
|
|
||||||
# ignores ICMP redirects
|
|
||||||
"net.ipv4.conf.all.accept_redirects" = mkDefault "0";
|
|
||||||
|
|
||||||
# ignores ICMP redirects
|
|
||||||
"net.ipv4.conf.default.accept_redirects" = mkDefault "0";
|
|
||||||
|
|
||||||
# ignores ICMP redirects from non-GW hosts
|
|
||||||
"net.ipv4.conf.all.secure_redirects" = mkDefault "1";
|
|
||||||
|
|
||||||
# ignores ICMP redirects from non-GW hosts
|
|
||||||
"net.ipv4.conf.default.secure_redirects" = mkDefault "1";
|
|
||||||
|
|
||||||
# don't allow traffic between networks or act as a router
|
|
||||||
"net.ipv4.ip_forward" = mkDefault "0";
|
|
||||||
|
|
||||||
# don't allow traffic between networks or act as a router
|
|
||||||
"net.ipv4.conf.all.send_redirects" = mkDefault "0";
|
|
||||||
|
|
||||||
# don't allow traffic between networks or act as a router
|
|
||||||
"net.ipv4.conf.default.send_redirects" = mkDefault "0";
|
|
||||||
|
|
||||||
# reverse path filtering - IP spoofing protection
|
|
||||||
"net.ipv4.conf.all.rp_filter" = mkDefault "1";
|
|
||||||
|
|
||||||
# reverse path filtering - IP spoofing protection
|
|
||||||
"net.ipv4.conf.default.rp_filter" = mkDefault "1";
|
|
||||||
|
|
||||||
# ignores ICMP broadcasts to avoid participating in Smurf attacks
|
|
||||||
"net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1";
|
|
||||||
|
|
||||||
# ignores bad ICMP errors
|
|
||||||
"net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1";
|
|
||||||
|
|
||||||
# logs spoofed, source-routed, and redirect packets
|
|
||||||
"net.ipv4.conf.all.log_martians" = mkDefault "1";
|
|
||||||
|
|
||||||
# log spoofed, source-routed, and redirect packets
|
|
||||||
"net.ipv4.conf.default.log_martians" = mkDefault "1";
|
|
||||||
|
|
||||||
# implements RFC 1337 fix
|
|
||||||
"net.ipv4.tcp_rfc1337" = mkDefault "1";
|
|
||||||
|
|
||||||
# randomizes addresses of mmap base, heap, stack and VDSO page
|
|
||||||
"kernel.randomize_va_space" = mkDefault "2";
|
|
||||||
|
|
||||||
# Reboot the machine soon after a kernel panic.
|
|
||||||
"kernel.panic" = mkDefault "10";
|
|
||||||
|
|
||||||
## Not part of the original config
|
|
||||||
|
|
||||||
# provides protection from ToCToU races
|
|
||||||
"fs.protected_hardlinks" = mkDefault "1";
|
|
||||||
|
|
||||||
# provides protection from ToCToU races
|
|
||||||
"fs.protected_symlinks" = mkDefault "1";
|
|
||||||
|
|
||||||
# makes locating kernel addresses more difficult
|
|
||||||
"kernel.kptr_restrict" = mkDefault "1";
|
|
||||||
|
|
||||||
# set ptrace protections
|
|
||||||
"kernel.yama.ptrace_scope" = mkOverride 500 "1";
|
|
||||||
|
|
||||||
# set perf only available to root
|
|
||||||
"kernel.perf_event_paranoid" = mkDefault "2";
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,25 +0,0 @@
|
|||||||
# Common configuration for headless machines (e.g., Amazon EC2
|
|
||||||
# instances).
|
|
||||||
|
|
||||||
{ lib, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
{
|
|
||||||
boot.vesa = false;
|
|
||||||
|
|
||||||
# Don't start a tty on the serial consoles.
|
|
||||||
systemd.services."serial-getty@ttyS0".enable = false;
|
|
||||||
systemd.services."serial-getty@hvc0".enable = false;
|
|
||||||
systemd.services."getty@tty1".enable = false;
|
|
||||||
systemd.services."autovt@".enable = false;
|
|
||||||
|
|
||||||
# Since we can't manually respond to a panic, just reboot.
|
|
||||||
boot.kernelParams = [ "panic=1" "boot.panic_on_fail" ];
|
|
||||||
|
|
||||||
# Don't allow emergency mode, because we don't have a console.
|
|
||||||
systemd.enableEmergencyMode = false;
|
|
||||||
|
|
||||||
# Being headless, we don't need a GRUB splash image.
|
|
||||||
boot.loader.grub.splashImage = null;
|
|
||||||
}
|
|
@ -1,446 +0,0 @@
|
|||||||
|
|
||||||
"*****************************************************************************
|
|
||||||
"" Functions
|
|
||||||
"*****************************************************************************
|
|
||||||
|
|
||||||
function! GetBufferList()
|
|
||||||
redir =>buflist
|
|
||||||
silent! ls!
|
|
||||||
redir END
|
|
||||||
return buflist
|
|
||||||
endfunction
|
|
||||||
|
|
||||||
function! ToggleList(bufname, pfx)
|
|
||||||
let buflist = GetBufferList()
|
|
||||||
for bufnum in map(filter(split(buflist, '\n'), 'v:val =~ "'.a:bufname.'"'), 'str2nr(matchstr(v:val, "\\d\\+"))')
|
|
||||||
if bufwinnr(bufnum) != -1
|
|
||||||
exec(a:pfx.'close')
|
|
||||||
return
|
|
||||||
endif
|
|
||||||
endfor
|
|
||||||
if a:pfx == 'l' && len(getloclist(0)) == 0
|
|
||||||
echohl ErrorMsg
|
|
||||||
echo "Location List is Empty."
|
|
||||||
return
|
|
||||||
endif
|
|
||||||
let winnr = winnr()
|
|
||||||
exec(a:pfx.'open')
|
|
||||||
if winnr() != winnr
|
|
||||||
wincmd p
|
|
||||||
endif
|
|
||||||
endfunction
|
|
||||||
|
|
||||||
|
|
||||||
"*****************************************************************************
|
|
||||||
"" Basic Setup
|
|
||||||
"*****************************************************************************"
|
|
||||||
" General
|
|
||||||
let no_buffers_menu=1
|
|
||||||
syntax on
|
|
||||||
set ruler
|
|
||||||
set number
|
|
||||||
set mousemodel=popup
|
|
||||||
set t_Co=256
|
|
||||||
set guioptions=egmrti
|
|
||||||
set gfn=Monospace\ 10
|
|
||||||
|
|
||||||
" TODO: Testing if this works against automatically setting paste mode
|
|
||||||
" Issue: https://github.com/neovim/neovim/issues/7994
|
|
||||||
au InsertLeave * set nopaste
|
|
||||||
|
|
||||||
|
|
||||||
" undofile - This allows you to use undos after exiting and restarting
|
|
||||||
" This, like swap and backups, uses .vim-undo first, then ~/.vim/undo
|
|
||||||
" :help undo-persistence
|
|
||||||
if exists("+undofile")
|
|
||||||
if isdirectory($HOME . '/.vim/undo') == 0
|
|
||||||
:silent !mkdir -p ~/.vim/undo > /dev/null 2>&1
|
|
||||||
endif
|
|
||||||
set undodir=./.vim-undo//
|
|
||||||
set undodir+=~/.vim/undo//
|
|
||||||
set undofile
|
|
||||||
endif
|
|
||||||
|
|
||||||
" Encoding
|
|
||||||
set encoding=utf-8
|
|
||||||
set fileencoding=utf-8
|
|
||||||
set fileencodings=utf-8
|
|
||||||
set bomb
|
|
||||||
set binary
|
|
||||||
|
|
||||||
" Fix backspace indent
|
|
||||||
set backspace=indent,eol,start
|
|
||||||
|
|
||||||
" Tabs. May be overriten by autocmd rules
|
|
||||||
set tabstop=4
|
|
||||||
set softtabstop=0
|
|
||||||
set shiftwidth=4
|
|
||||||
set expandtab
|
|
||||||
|
|
||||||
" Map leader to ,
|
|
||||||
let mapleader=','
|
|
||||||
|
|
||||||
" Enable hidden buffers
|
|
||||||
set hidden
|
|
||||||
|
|
||||||
" Searching
|
|
||||||
set hlsearch
|
|
||||||
set incsearch
|
|
||||||
set ignorecase
|
|
||||||
set smartcase
|
|
||||||
|
|
||||||
" Directories for swp files
|
|
||||||
set nobackup
|
|
||||||
set noswapfile
|
|
||||||
|
|
||||||
set fileformats=unix,dos,mac
|
|
||||||
|
|
||||||
" File overview
|
|
||||||
set wildmode=list:longest,list:full
|
|
||||||
set wildignore+=*.o,*.obj,.git,*.rbc,*.pyc,__pycache__
|
|
||||||
|
|
||||||
" Shell to emulate
|
|
||||||
if exists('$SHELL')
|
|
||||||
set shell=$SHELL
|
|
||||||
else
|
|
||||||
set shell=/bin/bash
|
|
||||||
endif
|
|
||||||
|
|
||||||
" Set color scheme
|
|
||||||
colorscheme molokai
|
|
||||||
|
|
||||||
"Show always Status bar
|
|
||||||
set laststatus=2
|
|
||||||
|
|
||||||
" Use modeline overrides
|
|
||||||
set modeline
|
|
||||||
set modelines=10
|
|
||||||
|
|
||||||
" Set terminal title
|
|
||||||
set title
|
|
||||||
set titleold="Terminal"
|
|
||||||
set titlestring=%F
|
|
||||||
|
|
||||||
" search will center on the line it's found in.
|
|
||||||
nnoremap n nzzzv
|
|
||||||
nnoremap N Nzzzv
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
"*****************************************************************************
|
|
||||||
"" Abbreviations
|
|
||||||
"*****************************************************************************
|
|
||||||
" no one is really happy until you have this shortcuts
|
|
||||||
cnoreabbrev W! w!
|
|
||||||
cnoreabbrev Q! q!
|
|
||||||
cnoreabbrev Qall! qall!
|
|
||||||
cnoreabbrev Wq wq
|
|
||||||
cnoreabbrev Wa wa
|
|
||||||
cnoreabbrev wQ wq
|
|
||||||
cnoreabbrev WQ wq
|
|
||||||
cnoreabbrev W w
|
|
||||||
cnoreabbrev Q q
|
|
||||||
cnoreabbrev Qall qall
|
|
||||||
|
|
||||||
" NERDTree configuration
|
|
||||||
let g:NERDTreeChDirMode=2
|
|
||||||
let g:NERDTreeIgnore=['\.rbc$', '\~$', '\.pyc$', '\.db$', '\.sqlite$', '__pycache__']
|
|
||||||
let g:NERDTreeSortOrder=['^__\.py$', '\/$', '*', '\.swp$', '\.bak$', '\~$']
|
|
||||||
let g:NERDTreeShowBookmarks=1
|
|
||||||
let g:nerdtree_tabs_focus_on_files=1
|
|
||||||
let g:NERDTreeMapOpenInTabSilent = '<RightMouse>'
|
|
||||||
let g:NERDTreeWinSize = 50
|
|
||||||
set wildignore+=*/tmp/*,*.so,*.swp,*.zip,*.pyc,*.db,*.sqlite
|
|
||||||
nnoremap <silent> <F1> :NERDTreeFind<CR>
|
|
||||||
nnoremap <silent> <F2> :NERDTreeToggle<CR>
|
|
||||||
|
|
||||||
" open terminal emulation
|
|
||||||
nnoremap <silent> <leader>sh :terminal<CR>:startinsert<CR>
|
|
||||||
|
|
||||||
"*****************************************************************************
|
|
||||||
"" Autocmd Rules
|
|
||||||
"*****************************************************************************
|
|
||||||
"" The PC is fast enough, do syntax highlight syncing from start unless 200 lines
|
|
||||||
augroup vimrc-sync-fromstart
|
|
||||||
autocmd!
|
|
||||||
autocmd BufEnter * :syntax sync maxlines=200
|
|
||||||
augroup END
|
|
||||||
|
|
||||||
" Nasm filetype
|
|
||||||
augroup nasm
|
|
||||||
autocmd!
|
|
||||||
autocmd BufRead,BufNewFile *.nasm set ft=nasm
|
|
||||||
augroup END
|
|
||||||
|
|
||||||
" Binary filetype
|
|
||||||
augroup Binary
|
|
||||||
au!
|
|
||||||
au BufReadPre *.bin,*.exe,*.elf let &bin=1
|
|
||||||
au BufReadPost *.bin,*.exe,*.elf if &bin | %!xxd
|
|
||||||
au BufReadPost *.bin,*.exe,*.elf set ft=xxd | endif
|
|
||||||
au BufWritePre *.bin,*.exe,*.elf if &bin | %!xxd -r
|
|
||||||
au BufWritePre *.bin,*.exe,*.elf endif
|
|
||||||
au BufWritePost *.bin,*.exe,*.elf if &bin | %!xxd
|
|
||||||
au BufWritePost *.bin,*.exe,*.elf set nomod | endif
|
|
||||||
augroup END
|
|
||||||
|
|
||||||
" Binary filetype
|
|
||||||
augroup fasm
|
|
||||||
au!
|
|
||||||
au BufReadPost *.fasm set ft=fasm
|
|
||||||
augroup END
|
|
||||||
|
|
||||||
augroup deoplete-update
|
|
||||||
autocmd!
|
|
||||||
autocmd VimEnter * UpdateRemotePlugin
|
|
||||||
augroup END
|
|
||||||
|
|
||||||
"" Remember cursor position
|
|
||||||
augroup vimrc-remember-cursor-position
|
|
||||||
autocmd!
|
|
||||||
autocmd BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
|
|
||||||
augroup END
|
|
||||||
|
|
||||||
"" txt
|
|
||||||
" augroup vimrc-wrapping
|
|
||||||
" autocmd!
|
|
||||||
" autocmd BufRead,BufNewFile *.txt call s:setupWrapping()
|
|
||||||
" augroup END
|
|
||||||
|
|
||||||
"" make/cmake
|
|
||||||
augroup vimrc-make-cmake
|
|
||||||
autocmd!
|
|
||||||
autocmd FileType make setlocal noexpandtab
|
|
||||||
autocmd BufNewFile,BufRead CMakeLists.txt setlocal filetype=cmake
|
|
||||||
augroup END
|
|
||||||
|
|
||||||
set autoread
|
|
||||||
|
|
||||||
"*****************************************************************************
|
|
||||||
"" Mappings
|
|
||||||
"*****************************************************************************
|
|
||||||
|
|
||||||
" Split
|
|
||||||
noremap <Leader>h :<C-u>split<CR>
|
|
||||||
noremap <Leader>v :<C-u>vsplit<CR>
|
|
||||||
|
|
||||||
" Git
|
|
||||||
noremap <Leader>ga :Gwrite<CR>
|
|
||||||
noremap <Leader>gc :Gcommit<CR>
|
|
||||||
noremap <Leader>gsh :Gpush<CR>
|
|
||||||
noremap <Leader>gll :Gpull<CR>
|
|
||||||
noremap <Leader>gs :Gstatus<CR>
|
|
||||||
noremap <Leader>gb :Gblame<CR>
|
|
||||||
noremap <Leader>gd :Gvdiff<CR>
|
|
||||||
noremap <Leader>gr :Gremove<CR>
|
|
||||||
|
|
||||||
" Tabs
|
|
||||||
nnoremap <Tab> gt
|
|
||||||
nnoremap <S-Tab> gT
|
|
||||||
nnoremap <silent> <S-t> :tabnew<CR>
|
|
||||||
|
|
||||||
" Set working directory
|
|
||||||
nnoremap <leader>. :lcd %:p:h<CR>
|
|
||||||
|
|
||||||
" Opens an edit command with the path of the currently edited file filled in
|
|
||||||
noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR>
|
|
||||||
|
|
||||||
" Opens a tab edit command with the path of the currently edited file filled
|
|
||||||
noremap <Leader>te :tabe <C-R>=expand("%:p:h") . "/" <CR>
|
|
||||||
|
|
||||||
" Tagbar
|
|
||||||
nmap <silent> <F3> :TagbarToggle<CR>
|
|
||||||
let g:tagbar_autofocus = 1
|
|
||||||
|
|
||||||
" Copy/Paste/Cut
|
|
||||||
set clipboard^=unnamed,unnamedplus
|
|
||||||
|
|
||||||
noremap YY "+y<CR>
|
|
||||||
noremap <leader>p "+gP<CR>
|
|
||||||
noremap XX "+x<CR>
|
|
||||||
|
|
||||||
" Enable mouse for vim
|
|
||||||
set mouse=a
|
|
||||||
|
|
||||||
" Buffer nav
|
|
||||||
noremap <leader>z :bp<CR>
|
|
||||||
noremap <leader>q :bp<CR>
|
|
||||||
noremap <leader>x :bn<CR>
|
|
||||||
noremap <leader>w :bn<CR>
|
|
||||||
|
|
||||||
" Close buffer
|
|
||||||
noremap <leader>c :bd<CR>
|
|
||||||
|
|
||||||
" Clean search (highlight)
|
|
||||||
nnoremap <silent> <leader><space> :noh<cr>
|
|
||||||
|
|
||||||
" Switching windows
|
|
||||||
noremap <C-j> <C-w>j
|
|
||||||
noremap <C-k> <C-w>k
|
|
||||||
noremap <C-l> <C-w>l
|
|
||||||
noremap <C-h> <C-w>h
|
|
||||||
|
|
||||||
" Vmap for maintain Visual Mode after shifting > and <
|
|
||||||
vmap < <gv
|
|
||||||
vmap > >gv
|
|
||||||
|
|
||||||
" Move visual block
|
|
||||||
vnoremap J :m '>+1<CR>gv=gv
|
|
||||||
vnoremap K :m '<-2<CR>gv=gv
|
|
||||||
|
|
||||||
" Open current line on GitHub
|
|
||||||
nnoremap <Leader>o :.Gbrowse<CR>
|
|
||||||
|
|
||||||
|
|
||||||
" Save on strg+s if not in paste mode
|
|
||||||
nmap <c-s> :w<CR>
|
|
||||||
vmap <c-s> <Esc><c-s>gv
|
|
||||||
imap <c-s> <Esc><c-s>
|
|
||||||
|
|
||||||
" Quit on strg+q in normal mode
|
|
||||||
nnoremap <c-q> :q<cr>
|
|
||||||
|
|
||||||
" Strg+d to replace word under cursor
|
|
||||||
nnoremap <c-d> :%s/\<<C-r><C-w>\>//g<Left><Left>
|
|
||||||
|
|
||||||
" Strg+f ro find word under cursor
|
|
||||||
nnoremap <c-f> :/<C-r><C-w><Left><Left>
|
|
||||||
|
|
||||||
" Remove unneccessary spaces
|
|
||||||
nnoremap <silent> <F5> :let _s=@/ <Bar> :%s/\s\+$//e <Bar> :let @/=_s <Bar> :nohl <Bar> :unlet _s <CR>
|
|
||||||
|
|
||||||
" Reindent whole file with F6
|
|
||||||
map <F6> mzgg=G`z
|
|
||||||
|
|
||||||
" Toggle location list
|
|
||||||
nmap <silent> <F4> :call ToggleList("Quickfix List", 'c')<CR>
|
|
||||||
|
|
||||||
" Replacing text in visual mode doesn't copy it anymore
|
|
||||||
xmap p <Plug>ReplaceWithRegisterVisual
|
|
||||||
xmap <MiddleMouse> <Plug>ReplaceWithRegisterVisual
|
|
||||||
|
|
||||||
" ALE mappings
|
|
||||||
nmap <Leader>i <Plug>(ale_hover)
|
|
||||||
nmap <Leader>d <Plug>(ale_go_to_definition_in_tab)
|
|
||||||
nmap <Leader>rf <Plug>(ale_find_references)
|
|
||||||
nmap <silent><F7> <Plug>(ale_fix)
|
|
||||||
|
|
||||||
" Vim-Go mappings
|
|
||||||
au FileType go nmap <Leader>i :GoDoc<cr>
|
|
||||||
au FileType go nmap <Leader>d :GoDef<cr>
|
|
||||||
au FileType go nmap <Leader>rf :GoReferrers<cr>
|
|
||||||
|
|
||||||
|
|
||||||
"" Opens an edit command with the path of the currently edited file filled in
|
|
||||||
noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR>
|
|
||||||
|
|
||||||
" Use tab for navigatin in autocompletion window
|
|
||||||
inoremap <expr> <Tab> pumvisible() ? "\<C-n>" : "\<Tab>"
|
|
||||||
inoremap <expr> <S-Tab> pumvisible() ? "\<C-p>" : "\<S-Tab>"
|
|
||||||
|
|
||||||
|
|
||||||
"*****************************************************************************
|
|
||||||
"" Plugin settings
|
|
||||||
"*****************************************************************************
|
|
||||||
|
|
||||||
" vim-airline
|
|
||||||
set statusline+=%{fugitive#statusline()}
|
|
||||||
let g:airline_theme = 'powerlineish'
|
|
||||||
let g:airline#extensions#syntastic#enabled = 1
|
|
||||||
let g:airline#extensions#branch#enabled = 1
|
|
||||||
let g:airline#extensions#tabline#enabled = 1
|
|
||||||
let g:airline#extensions#tagbar#enabled = 1
|
|
||||||
let g:airline_skip_empty_sections = 1
|
|
||||||
let g:airline#extensions#ale#enabled = 1
|
|
||||||
|
|
||||||
" show indent lines
|
|
||||||
let g:indent_guides_enable_on_vim_startup = 1
|
|
||||||
let g:indent_guides_auto_colors = 0
|
|
||||||
hi IndentGuidesOdd ctermbg=235
|
|
||||||
hi IndentGuidesEven ctermbg=235
|
|
||||||
let g:indent_guides_guide_size = 1
|
|
||||||
let g:indent_guides_start_level = 2
|
|
||||||
|
|
||||||
" Enable autocompletion
|
|
||||||
let g:deoplete#enable_at_startup = 1
|
|
||||||
set completeopt-=preview
|
|
||||||
|
|
||||||
" Ale no preview on hover
|
|
||||||
let g:ale_close_preview_on_insert = 0
|
|
||||||
let g:ale_cursor_detail = 0
|
|
||||||
|
|
||||||
" Ale skip if file size over 2G
|
|
||||||
let g:ale_maximum_file_size = "2147483648"
|
|
||||||
|
|
||||||
" Ale to loclist and quickfix
|
|
||||||
let g:ale_set_quickfix = 1
|
|
||||||
" let g:ale_set_loclist = 1
|
|
||||||
|
|
||||||
|
|
||||||
" Ale language server
|
|
||||||
let g:ale_linters = {
|
|
||||||
\ 'python': ['pyls'],
|
|
||||||
\ 'c': ['cquery'],
|
|
||||||
\ 'cpp': ['cquery'],
|
|
||||||
\ 'xml': ['xmllint']
|
|
||||||
\ }
|
|
||||||
|
|
||||||
|
|
||||||
" ALE fixers
|
|
||||||
let g:ale_fixers = { '*': ['remove_trailing_lines', 'trim_whitespace'] }
|
|
||||||
let g:ale_fixers.python = ['black']
|
|
||||||
let g:ale_fixers.go = ['gofmt']
|
|
||||||
let g:ale_fixers.c = ['clang-format']
|
|
||||||
let g:ale_fixers.cpp = ['clang-format']
|
|
||||||
let g:ale_fixers.json = ['jq']
|
|
||||||
let g:ale_fixers.xml = ['xmllint']
|
|
||||||
|
|
||||||
let g:ale_completion_enabled = 1
|
|
||||||
let g:ale_sign_error = '⤫'
|
|
||||||
let g:ale_sign_warning = '⚠'
|
|
||||||
let g:ale_lint_on_insert_leave = 1
|
|
||||||
|
|
||||||
" Vim-Go Settings
|
|
||||||
let g:go_auto_sameids = 1
|
|
||||||
let g:go_fmt_command = "goimports"
|
|
||||||
let g:go_auto_type_info = 1
|
|
||||||
|
|
||||||
" Disable syntastic for langserver supported languages
|
|
||||||
let g:syntastic_mode_map = {
|
|
||||||
\ "mode": "active",
|
|
||||||
\ "passive_filetypes": ["go", "python", "c", "cpp", "xml" ]
|
|
||||||
\ }
|
|
||||||
let g:syntastic_always_populate_loc_list = 1
|
|
||||||
let g:syntastic_auto_loc_list = 2
|
|
||||||
let g:syntastic_aggregate_errors = 1
|
|
||||||
let g:syntastic_check_on_open = 1
|
|
||||||
let g:syntastic_check_on_wq = 0
|
|
||||||
let g:syntastic_error_symbol='✗'
|
|
||||||
let g:syntastic_warning_symbol='⚠'
|
|
||||||
let g:syntastic_style_error_symbol = '✗'
|
|
||||||
let g:syntastic_style_warning_symbol = '⚠'
|
|
||||||
|
|
||||||
"*****************************************************************************
|
|
||||||
"" Shortcuts overview
|
|
||||||
"*****************************************************************************
|
|
||||||
" Shortcuts overview
|
|
||||||
" F1 --> Filetree find
|
|
||||||
" F2 --> Filetree toggle
|
|
||||||
" F3 --> Function overview
|
|
||||||
" F4 --> Toggle error bar
|
|
||||||
|
|
||||||
" F5 --> Remove trailing whitespaces
|
|
||||||
" F6 --> Reindent whole file
|
|
||||||
" F7 --> Format and lint file
|
|
||||||
" ,i --> Information about function
|
|
||||||
" ,d --> Jump to definition
|
|
||||||
" ,r --> Rename in all occurences
|
|
||||||
" ,rf --> Find references of function/variable
|
|
||||||
" ,e --> Change current file
|
|
||||||
" ,te --> Open file in new tab
|
|
||||||
" strg+f --> Find current selected word
|
|
||||||
" strg+d --> Replace current selected word
|
|
||||||
" strg+s --> Save file
|
|
||||||
" strg+q --> Close current file
|
|
||||||
" space+, --> Stop highlighting words after search
|
|
||||||
|
|
@ -1,70 +0,0 @@
|
|||||||
{ pkgs, config, ... }: let
|
|
||||||
#unstable = import <nixos-unstable> { };
|
|
||||||
in
|
|
||||||
|
|
||||||
{
|
|
||||||
environment.variables = {
|
|
||||||
EDITOR = ["nvim"];
|
|
||||||
};
|
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: with pkgs;{
|
|
||||||
neovim_custom = neovim.override {
|
|
||||||
configure = {
|
|
||||||
customRC = builtins.readFile ./neovimrc;
|
|
||||||
|
|
||||||
packages.myVimPackage = with pkgs.vimPlugins;
|
|
||||||
{
|
|
||||||
# loaded on launch
|
|
||||||
start = [
|
|
||||||
nerdtree # file manager
|
|
||||||
commentary # comment stuff out based on language
|
|
||||||
fugitive # full git integration
|
|
||||||
vim-airline-themes # lean & mean status/tabline
|
|
||||||
vim-airline # status bar
|
|
||||||
gitgutter # git diff in the gutter (sign column)
|
|
||||||
vim-trailing-whitespace # trailing whitspaces in red
|
|
||||||
tagbar # F3 function overview
|
|
||||||
syntastic # Fallback to singlethreaded but huge syntax support
|
|
||||||
ReplaceWithRegister # For better copying/replacing
|
|
||||||
polyglot # Language pack
|
|
||||||
vim-indent-guides # for displaying indent levels
|
|
||||||
ale # threaded language client
|
|
||||||
vim-go # go linting
|
|
||||||
deoplete-go # go autocompletion completion
|
|
||||||
deoplete-nvim # general autocompletion
|
|
||||||
molokai # color scheme
|
|
||||||
];
|
|
||||||
|
|
||||||
# manually loadable by calling `:packadd $plugin-name`
|
|
||||||
opt = [];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
ctags
|
|
||||||
neovim_custom
|
|
||||||
jq # For fixing json files
|
|
||||||
xxd # .bin files will be displayed with xxd
|
|
||||||
shellcheck # Shell linting
|
|
||||||
ansible-lint # Ansible linting
|
|
||||||
unzip # To vim into unzipped files
|
|
||||||
nodePackages.jsonlint # json linting
|
|
||||||
#python36Packages.python-language-server # python linting
|
|
||||||
#python36Packages.pyls-mypy # Python static type checker
|
|
||||||
#python36Packages.black # Python code formatter
|
|
||||||
#python37Packages.yamllint # For linting yaml files
|
|
||||||
#python37Packages.libxml2 # For fixing yaml files
|
|
||||||
cquery # C/C++ support
|
|
||||||
clang-tools # C++ fixer
|
|
||||||
];
|
|
||||||
|
|
||||||
fonts = {
|
|
||||||
fonts = with pkgs; [
|
|
||||||
font-awesome_5
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
@ -1,19 +0,0 @@
|
|||||||
# Common configuration for virtual machines running under QEMU (using
|
|
||||||
# virtio).
|
|
||||||
|
|
||||||
{ ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ];
|
|
||||||
boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ];
|
|
||||||
|
|
||||||
boot.initrd.postDeviceCommands =
|
|
||||||
''
|
|
||||||
# Set the system time from the hardware clock to work around a
|
|
||||||
# bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
|
|
||||||
# to the *boot time* of the host).
|
|
||||||
hwclock -s
|
|
||||||
'';
|
|
||||||
|
|
||||||
security.rngd.enable = false;
|
|
||||||
}
|
|
@ -1,33 +0,0 @@
|
|||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
|
|
||||||
krebs.iptables = {
|
|
||||||
tables = {
|
|
||||||
filter.INPUT.rules = let
|
|
||||||
tincport = toString config.krebs.build.host.nets.retiolum.tinc.port;
|
|
||||||
in [
|
|
||||||
{ predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; }
|
|
||||||
{ predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
krebs.tinc.retiolum = {
|
|
||||||
enableLegacy = true;
|
|
||||||
enable = true;
|
|
||||||
connectTo = [
|
|
||||||
"prism"
|
|
||||||
"gum"
|
|
||||||
"ni"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
|
||||||
tinc = pkgs.tinc_pre;
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = [
|
|
||||||
pkgs.tinc
|
|
||||||
];
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
|
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
this is a private key
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
@ -1,6 +0,0 @@
|
|||||||
_:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./hosts.nix
|
|
||||||
];
|
|
||||||
}
|
|
@ -1,12 +0,0 @@
|
|||||||
{ config, ... }:
|
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
|
|
||||||
{
|
|
||||||
options.mb.hosts = mkOption {
|
|
||||||
type = types.attrsOf types.host;
|
|
||||||
default =
|
|
||||||
filterAttrs (_: host: host.owner.name == "mb" && host.ci)
|
|
||||||
config.krebs.hosts;
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,11 +0,0 @@
|
|||||||
with import <stockholm/lib>;
|
|
||||||
|
|
||||||
self: super:
|
|
||||||
|
|
||||||
# Import files and subdirectories like they are overlays.
|
|
||||||
foldl' mergeAttrs {}
|
|
||||||
(map
|
|
||||||
(name: import (./. + "/${name}") self super)
|
|
||||||
(filter
|
|
||||||
(name: name != "default.nix" && !hasPrefix "." name)
|
|
||||||
(attrNames (readDir ./.))))
|
|
@ -1,14 +0,0 @@
|
|||||||
{ config, pkgs, ... }:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
../krebs
|
|
||||||
./2configs
|
|
||||||
./3modules
|
|
||||||
];
|
|
||||||
nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
|
|
||||||
krebs.tinc.retiolum.privkey = {
|
|
||||||
source-path = toString <secrets> + "/${config.krebs.tinc.retiolum.netname}.rsa";
|
|
||||||
path = "${config.krebs.tinc.retiolum.user.home}/tinc.rsa_key.priv";
|
|
||||||
owner = config.krebs.tinc.retiolum.user;
|
|
||||||
};
|
|
||||||
}
|
|
54
mb/krops.nix
54
mb/krops.nix
@ -1,54 +0,0 @@
|
|||||||
{ name }: let
|
|
||||||
inherit (import ../krebs/krops.nix { inherit name; })
|
|
||||||
krebs-source
|
|
||||||
lib
|
|
||||||
pkgs
|
|
||||||
;
|
|
||||||
|
|
||||||
host-source = if lib.pathExists (./. + "/1systems/${name}/source.nix") then
|
|
||||||
import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs; }
|
|
||||||
else
|
|
||||||
{}
|
|
||||||
;
|
|
||||||
|
|
||||||
source = { test }: lib.evalSource ([
|
|
||||||
(krebs-source { test = test; })
|
|
||||||
{
|
|
||||||
nixos-config.symlink = "stockholm/mb/1systems/${name}/configuration.nix";
|
|
||||||
nixpkgs-unstable.git = {
|
|
||||||
url = "https://github.com/nixos/nixpkgs-channels";
|
|
||||||
ref = "nixos-unstable";
|
|
||||||
};
|
|
||||||
secrets = if test then {
|
|
||||||
file = toString ./2configs/tests/dummy-secrets;
|
|
||||||
} else {
|
|
||||||
pass = {
|
|
||||||
dir = "${lib.getEnv "HOME"}/.password-store";
|
|
||||||
name = "hosts/${name}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
] ++ (lib.optional (! test) host-source));
|
|
||||||
|
|
||||||
in {
|
|
||||||
|
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
|
|
||||||
deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
|
|
||||||
source = source { test = false; };
|
|
||||||
inherit target;
|
|
||||||
};
|
|
||||||
|
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate)
|
|
||||||
populate = { target, force ? false }: pkgs.populate {
|
|
||||||
inherit force;
|
|
||||||
source = source { test = false; };
|
|
||||||
target = lib.mkTarget target;
|
|
||||||
};
|
|
||||||
|
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
|
|
||||||
test = { target }: pkgs.krops.writeTest "${name}-test" {
|
|
||||||
force = true;
|
|
||||||
inherit target;
|
|
||||||
source = source { test = true; };
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user