Merge remote-tracking branch 'prism/master'

This commit is contained in:
tv 2019-08-02 17:04:39 +02:00
commit 7c522820bd
26 changed files with 1460 additions and 8 deletions

View File

@ -70,7 +70,8 @@ let
filename = pkgs.writeDash "bier-balance" '' filename = pkgs.writeDash "bier-balance" ''
${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \ ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
| ${pkgs.coreutils}/bin/tail +2 \ | ${pkgs.coreutils}/bin/tail +2 \
| ${pkgs.miller}/bin/mlr --icsv --opprint cat | ${pkgs.miller}/bin/mlr --icsv --opprint cat \
| ${pkgs.gnused}/bin/sed 's/^/the_/'
''; '';
}; };
} }

View File

@ -232,7 +232,12 @@ in {
rose = { rose = {
owner = config.krebs.users.Mic92; owner = config.krebs.users.Mic92;
nets = rec { nets = rec {
internet = {
ip4.addr = "129.215.165.52";
aliases = [ "rose.i" ];
};
retiolum = { retiolum = {
via = internet;
addrs = [ addrs = [
config.krebs.hosts.rose.nets.retiolum.ip4.addr config.krebs.hosts.rose.nets.retiolum.ip4.addr
config.krebs.hosts.rose.nets.retiolum.ip6.addr config.krebs.hosts.rose.nets.retiolum.ip6.addr
@ -260,7 +265,12 @@ in {
martha = { martha = {
owner = config.krebs.users.Mic92; owner = config.krebs.users.Mic92;
nets = rec { nets = rec {
internet = {
ip4.addr = "129.215.165.53";
aliases = [ "martha.i" ];
};
retiolum = { retiolum = {
via = internet;
addrs = [ addrs = [
config.krebs.hosts.martha.nets.retiolum.ip4.addr config.krebs.hosts.martha.nets.retiolum.ip4.addr
config.krebs.hosts.martha.nets.retiolum.ip6.addr config.krebs.hosts.martha.nets.retiolum.ip6.addr
@ -288,7 +298,12 @@ in {
donna = { donna = {
owner = config.krebs.users.Mic92; owner = config.krebs.users.Mic92;
nets = rec { nets = rec {
internet = {
ip4.addr = "129.215.165.54";
aliases = [ "donna.i" ];
};
retiolum = { retiolum = {
via = internet;
addrs = [ addrs = [
config.krebs.hosts.donna.nets.retiolum.ip4.addr config.krebs.hosts.donna.nets.retiolum.ip4.addr
config.krebs.hosts.donna.nets.retiolum.ip6.addr config.krebs.hosts.donna.nets.retiolum.ip6.addr
@ -620,6 +635,13 @@ in {
}; };
}; };
}; };
domsen-backup = {
owner = config.krebs.users.domsen;
ci = false;
external = true;
syncthing.id = "22NLFY5-QMRM3BH-76QIBYI-OPMKVGM-DU4FNZI-3KN2POF-V4WIC6M-2SFFUAC";
nets = {};
};
}; };
users = { users = {
ciko = { ciko = {
@ -665,5 +687,7 @@ in {
filly = { filly = {
}; };
pie_ = {}; pie_ = {};
domsen = {
};
}; };
} }

View File

@ -393,6 +393,55 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD"; syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD";
}; };
xerxes = {
cores = 2;
nets = rec {
retiolum = {
ip4.addr = "10.243.1.3";
ip6.addr = r6 "3";
aliases = [
"xerxes.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U
MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk
gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W
/EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb
mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO
X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj
+2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim
hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9
3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4
H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5
JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4
hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe
SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo
4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe
vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3
Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO
scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv
jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ
Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u
/Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0
bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ
sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
wiregrill = {
ip6.addr = w6 "3";
aliases = [
"xerxes.w"
];
wireguard.pubkey = "UTm8B8YUVvBGqwwxAUMVFsVQFQGQ6jbcXAavZ8LxYT8=";
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM";
};
red = { red = {
monitoring = false; monitoring = false;
cores = 1; cores = 1;
@ -626,7 +675,7 @@ in {
}; };
lass-xerxes = { lass-xerxes = {
mail = "lass@xerxes.r"; mail = "lass@xerxes.r";
pubkey = builtins.readFile ./ssh/xerxes.rsa; pubkey = builtins.readFile ./ssh/xerxes.ed25519;
}; };
lass-daedalus = { lass-daedalus = {
mail = "lass@daedalus.r"; mail = "lass@daedalus.r";

View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwCq56DGqj/kz8d8ax0xIl29jV9f3tUtDgtnCnS1b4q lass@xerxes

View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGjBN0aFs6GxNwMjCvlddbN6+vb6LZuWiWWe+wbAynaGuGbae0TXCLp0/eMNy7fH8poDjpdW9M4mKbBFKOqyG8WJLCPFoQw761tjKl1hccJn0hFSkQAEGKxtfzHlAl/Mz+59yvqNg7/WNSivv41hE7btYltzRy238VQDYFv2eLM7acyxrgGo7tWOtkbpfELj5cM8Qw1j3TF9bGV5pK6IOEtaHbmalS8Iiz77syAu+6E/y6zKBTtGMHI15l6RNJ/Y7A1LM/WwuNL+9dJMYWJFVHy3/4dpaxiioHREiSawUbz9wNHknCrT6vaPCIVVcujhz9Oee1C5UiYUyyfJrFYdlzaTg7FuLNIt2hKMY6NYx1D8/Pwpq1JOsaEfK/K5ytCgaJb115mRevcaUA5s7KYNWHmmZvy08JzCgSM6ZPRtfkQIcha77wVq6DugJ+KgBz+oADQRKiaMrumOMldd0B3q4Oxb71gDTE1XLAbWJnd/0Up1H5GAtZZUUrMUslZiU/23R6SOkyEMLWQTx/KgkWcz8DZLtib5o03uZpfJDVqp2CR+sjmy4x9aa+lSaOzuZP0KRyg+mOKl0o3zL7TNAzrzSCORVBg7nOh+0SPJkDxVRkc6dVY1L3ZOfdm2P/19fhWEr5ECgVrmYYKnDPwWY1iWJlZsiEc3Mj7KB1m44ov0FJg2hiNnydImqcXTCoszp515MBmeHnpqJsqEZuWS8dAnaEiOwZaSKIO1E7lQ7CoP86+eD4yAwLq6fb2tgjHT69LgDMaIha4hMfrO2o4UDVw9OZMfnPtyatI4pxplaQDoQM1p0dej0rZ7uxL1tfoKAyT0UCdtjhxfnNs0x1gOQbML4eGbqyKuyF82eOQRgKRDqH/tParoE4SRBVi7o3s0kILRmXA3ng3n1uhEiGwPTH8JsQ9huM+XOhH8+CzQeg4yb/jCrhsDzvLaW654+ouq9G+kjwqmO4vLNs5eZxfae84rppbS2MJqK1x8rkJixvKBKEfvYJOuDNV+hXyMbToaq8qtGy7cCSq4+UDio3DsSHY0Tpt9e+yEzoOOqFQLQyq6uHv/+u9MY+VADoa4N64U3S2SXul9tE3g6hOAY0F5BYMbxQSuj59kzwghlAmbsyWN2FCmWdsfCQkkZX7wCTj20DtZB/GdVSGNgHGAoU5JZrXKca3A2Yc9hzbYjyNYr0NmQ9NUbkbaOkcYJRIUXtS2OBOHP+FoUkkqL3ieKXR07l5xJbWLzbyVUxN9Zii4Baj5xnDO/RLZPDvTUxbER/0d1orMZztL2EKmfSn4j4uhWqpi04Rg9sWH+WVLAq22EKhAuqcFEOUimjcyZWYKxcAq5Z51NJNBQB7euz55eCJUZkBUYEpNuYr0UDlmBxKB2r6ZWDeNXT7eLxBdwDHCHSqXV7qOG1vMhHtjbbxmQMnkQ4InhO9TdpaN3tj67nGmc6hhgYO4b7NvyL1/pvDPrHrR/3GzkDkwqvt3uESdVdqAJSCk6gFh9V1aGs= lass@xerxes

View File

@ -36,6 +36,32 @@ in {
}; };
}; };
}; };
rofl = {
nets = {
retiolum = {
ip4.addr = "10.243.42.43";
aliases = [
"rofl.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnysdVVwxkmSroNUleYZm
xdaIB9EdZYCo2xj3WyhsD2lWMpj51FzSH6Y052Vy1V1TCuIXIwjidpmMohBvflG8
txKCaBGQOZbVqRgzyCDXsNisbr05ayYuHcRrXTpn5ask4HN0Vtx2uJOn8YmOxA0D
VhyEnf8xWu+vi8dwDqRVR17QnPBYqgenzIBmAuRngvNqg6WZg+E9X2e1Dco/PMzb
VW0AgC2+zFCl4+G7dEW7uhsI6IJLy4LsJuEN4TlvWAf7tfdFEnBzTfODW8quGdts
1Yzah4svPNNt9F1ZhOR/1bDsfVoOjI76BgB0G+ZZPQAGV1zxgn8DXSKi/tJTLNu1
vj/n9sUJfXMYQdTAOkABghCyEDFUspPKCffQqUXUcJbLKY9fNssGGBeanMsobUQC
Ch9z7kIJ52JDcP/D58z9Yf62P5ENqXzeVPCcodIOey1EizOu/FH3jVo52we1M5sp
1iM4hMc3ZINUBI9AA1nLWWlB3lBnErAXrhmMMHjcO4nO7/M0YU+EalkDB5eIhqiH
QJx7VnOE2UZYU9Y0vVNSWfYocU12aABK98T7lr5Tde4dI1J81sk2MUZcbNHger3f
NxpvNzOBpeC5xvq/ENCRR7MDf/59xWW5P5N7PbGprLQAi8cfdSoIEhSPz17Taq1f
3aAAePgBsZvRQozxXZfqp58CAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
p1nk = { p1nk = {
nets = { nets = {
retiolum = { retiolum = {

View File

@ -176,6 +176,7 @@ in
config = mkIf kcfg.enable { config = mkIf kcfg.enable {
systemd.services.syncthing = mkIf (kcfg.cert != null || kcfg.key != null) { systemd.services.syncthing = mkIf (kcfg.cert != null || kcfg.key != null) {
serviceConfig.PermissionsStartOnly = mkDefault true;
preStart = '' preStart = ''
${optionalString (kcfg.cert != null) '' ${optionalString (kcfg.cert != null) ''
cp ${toString kcfg.cert} ${scfg.configDir}/cert.pem cp ${toString kcfg.cert} ${scfg.configDir}/cert.pem

View File

@ -14,6 +14,10 @@ with import <stockholm/lib>;
version = "2.2.0"; version = "2.2.0";
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
}; };
"19.09" = {
version = "2.2.0";
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
};
}.${versions.majorMinor version}; }.${versions.majorMinor version};
in mkDerivation { in mkDerivation {

View File

@ -20,6 +20,11 @@ with import <stockholm/lib>;
rev = "refs/tags/v${cfg.version}"; rev = "refs/tags/v${cfg.version}";
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
}; };
"19.09" = {
version = "0.4.1-tv1";
rev = "refs/tags/v${cfg.version}";
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
};
}.${versions.majorMinor version}; }.${versions.majorMinor version};
in mkDerivation { in mkDerivation {

View File

@ -1,6 +1,6 @@
{ lib, pkgs, ... }: { lib, pkgs, test, ... }:
{ {
nixpkgs = lib.mkForce { nixpkgs = lib.mkIf (! test) (lib.mkForce {
file = { file = {
path = toString (pkgs.fetchFromGitHub { path = toString (pkgs.fetchFromGitHub {
owner = "nixos"; owner = "nixos";
@ -10,5 +10,5 @@
}); });
useChecksum = true; useChecksum = true;
}; };
}; });
} }

View File

@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/baseX.nix>
<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/mail.nix>
];
krebs.build.host = config.krebs.hosts.xerxes;
services.xserver = {
displayManager.lightdm.autoLogin.enable = true;
displayManager.lightdm.autoLogin.user = "lass";
};
boot.blacklistedKernelModules = [
"xpad"
];
lass.screenlock.enable = lib.mkForce false;
krebs.syncthing = {
folders = {
the_playlist = {
path = "/home/lass/tmp/the_playlist";
peers = [ "mors" "phone" "prism" "xerxes" ];
};
};
};
krebs.permown = {
"/home/lass/tmp/the_playlist" = {
owner = "lass";
group = "syncthing";
umask = "0007";
};
};
}

View File

@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/git.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/baseX.nix>
#<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/wine.nix>
#<stockholm/lass/2configs/blue-host.nix>
#<stockholm/lass/2configs/xtreemfs.nix>
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/nfs-dl.nix>
#<stockholm/lass/2configs/prism-share.nix>
<stockholm/lass/2configs/ssh-cryptsetup.nix>
];
krebs.build.host = config.krebs.hosts.icarus;
environment.systemPackages = with pkgs; [
macchanger
nix-review
];
programs.adb.enable = true;
}

View File

@ -0,0 +1,25 @@
{
imports = [
./config.nix
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/coreboot.nix>
];
fileSystems = {
"/bku" = {
device = "/dev/mapper/pool-bku";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
services.thinkfan.enable = true;
services.tlp.extraConfig = ''
START_CHARGE_THRESH_BAT0=80
'';
}

View File

@ -0,0 +1,86 @@
{ pkgs, lib, ... }:
{
imports = [
./config.nix
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.zfs.enableUnstable = true;
boot.loader.grub = {
enable = true;
device = "/dev/sda";
efiSupport = true;
};
boot.loader.efi.canTouchEfiVariables = true;
# TODO fix touchscreen
boot.blacklistedKernelModules = [
"goodix"
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.initrd.luks.devices.crypted.device = "/dev/sda3";
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [
"fbcon=rotate:1"
"boot.shell_on_fail"
];
services.xserver.displayManager.sessionCommands = ''
(sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP-1 --rotate right)
(sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1)
'';
fileSystems."/" = {
device = "rpool/root";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/home";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/E749-784C";
fsType = "vfat";
};
swapDevices = [ ];
boot.extraModprobeConfig = ''
options zfs zfs_arc_max=1073741824
'';
nix.maxJobs = lib.mkDefault 4;
networking.hostId = "9b0a74ac";
networking.networkmanager.enable = true;
hardware.opengl.enable = true;
services.tlp.enable = true;
services.tlp.extraConfig = ''
CPU_SCALING_GOVERNOR_ON_AC=ondemand
CPU_SCALING_GOVERNOR_ON_BAT=powersave
CPU_MIN_PERF_ON_AC=0
CPU_MAX_PERF_ON_AC=100
CPU_MIN_PERF_ON_BAT=0
CPU_MAX_PERF_ON_BAT=30
'';
services.logind.extraConfig = ''
HandlePowerKey=suspend
IdleAction=suspend
IdleActionSec=300
'';
services.xserver.extraConfig = ''
Section "Device"
Identifier "Intel Graphics"
Driver "Intel"
Option "TearFree" "true"
EndSection
'';
}

View File

@ -62,6 +62,7 @@ in {
wcalc wcalc
wget wget
xz xz
zbackup
]; ];
programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
@ -71,6 +72,19 @@ in {
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.passwordAuthentication = false; services.openssh.passwordAuthentication = false;
services.codimd = {
enable = true;
workDir = "/storage/codimd";
configuration = {
port = 1337;
host = "0.0.0.0";
db = {
dialect = "sqlite";
storage = "/storage/codimd/db.codimd.sqlite";
};
};
};
networking.wireless.enable = false; networking.wireless.enable = false;
networking.networkmanager.enable = false; networking.networkmanager.enable = false;
krebs.iptables.enable = true; krebs.iptables.enable = true;

View File

@ -5,6 +5,7 @@ in {
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
<stockholm/mb> <stockholm/mb>
<stockholm/mb/2configs/nvim.nix>
]; ];
krebs.build.host = config.krebs.hosts.orange; krebs.build.host = config.krebs.hosts.orange;
@ -124,15 +125,19 @@ in {
unstable.ponyc unstable.ponyc
unstable.sublime3 unstable.sublime3
unstable.youtube-dl unstable.youtube-dl
vim
virt-viewer virt-viewer
virtmanager virtmanager
vulnix vulnix
wcalc wcalc
wget wget
xz xz
zbackup
]; ];
environment.variables = {
EDITOR = ["nvim"];
};
environment.shellAliases = { environment.shellAliases = {
ll = "ls -alh"; ll = "ls -alh";
ls = "ls --color=tty"; ls = "ls --color=tty";

View File

@ -5,6 +5,7 @@ in {
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
<stockholm/mb> <stockholm/mb>
<stockholm/mb/2configs/nvim.nix>
]; ];
krebs.build.host = config.krebs.hosts.p1nk; krebs.build.host = config.krebs.hosts.p1nk;
@ -118,13 +119,13 @@ in {
unstable.ponyc unstable.ponyc
unstable.sublime3 unstable.sublime3
youtube-dl youtube-dl
vim
virt-viewer virt-viewer
virtmanager virtmanager
vulnix vulnix
wcalc wcalc
wget wget
xz xz
zbackup
]; ];
environment.shellAliases = { environment.shellAliases = {
@ -159,6 +160,7 @@ in {
}; };
}; };
windowManager.ratpoison.enable = true; windowManager.ratpoison.enable = true;
windowManager.pekwm.enable = true;
}; };
services.openssh.enable = true; services.openssh.enable = true;

View File

@ -0,0 +1,103 @@
{ config, pkgs, callPackage, ... }: let
unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
in {
imports =
[ # Include the results of the hardware scan.
<stockholm/mb/2configs/google-compute-config.nix>
<stockholm/mb>
];
krebs.build.host = config.krebs.hosts.rofl;
i18n = {
consoleFont = "Lat2-Terminus16";
consoleKeyMap = "de";
defaultLocale = "en_US.UTF-8";
};
time.timeZone = "Europe/Berlin";
nixpkgs.config.allowUnfree = true;
environment.shellAliases = {
ll = "ls -alh";
ls = "ls --color=tty";
};
environment.systemPackages = with pkgs; [
curl
fish
git
htop
nmap
ranger
tcpdump
tmux
traceroute
tree
vim
xz
zbackup
];
sound.enable = false;
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
networking.wireless.enable = false;
networking.networkmanager.enable = false;
krebs.iptables.enable = true;
networking.enableIPv6 = false;
programs.fish = {
enable = true;
shellInit = ''
function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
if begin
set -q SSH_AGENT_PID
and kill -0 $SSH_AGENT_PID
and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
end
echo "ssh-agent running on pid $SSH_AGENT_PID"
else
eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
end
set -l identity $HOME/.ssh/id_rsa
set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
ssh-add -l | grep -q $fingerprint
or ssh-add $identity
end
'';
promptInit = ''
function fish_prompt --description 'Write out the prompt'
set -l color_cwd
set -l suffix
set -l nix_shell_info (
if test "$IN_NIX_SHELL" != ""
echo -n " <nix-shell>"
end
)
switch "$USER"
case root toor
if set -q fish_color_cwd_root
set color_cwd $fish_color_cwd_root
else
set color_cwd $fish_color_cwd
end
set suffix '#'
case '*'
set color_cwd $fish_color_cwd
set suffix '>'
end
echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
end
'';
};
system.autoUpgrade.enable = false;
system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
system.stateVersion = "19.03";
}

View File

@ -0,0 +1,181 @@
{ config, pkgs, ... }: let
unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
in {
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
<stockholm/mb>
];
krebs.build.host = config.krebs.hosts.sunsh1n3;
boot.kernelPackages = pkgs.linuxPackages_latest;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
boot.initrd.luks.devices = [
{
name = "root";
device = "/dev/disk/by-uuid/5354ba31-c7de-4b55-8f86-a2a437dfbb21";
preLVM = true;
allowDiscards = true;
}
];
i18n = {
consoleFont = "Lat2-Terminus16";
consoleKeyMap = "de";
defaultLocale = "en_US.UTF-8";
};
time.timeZone = "Europe/Berlin";
nixpkgs.config.packageOverrides = super : {
openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = true ; };
};
nixpkgs.config.allowUnfree = true;
fonts = {
enableCoreFonts = true;
enableGhostscriptFonts = true;
fonts = with pkgs; [
anonymousPro
corefonts
dejavu_fonts
envypn-font
fira
gentium
gohufont
inconsolata
liberation_ttf
powerline-fonts
source-code-pro
terminus_font
ttf_bitstream_vera
ubuntu_font_family
unifont
unstable.cherry
xorg.fontbitstream100dpi
xorg.fontbitstream75dpi
xorg.fontbitstreamtype1
];
};
environment.systemPackages = with pkgs; [
wget vim git curl fish
ag
chromium
firefox
gimp
p7zip
htop
mpv
mpvc
nmap
ntfs3g
keepassx2
sshfs
#unstable.skrooge
skrooge
unstable.alacritty
tmux
tree
wcalc
virtmanager
virt-viewer
(wine.override { wineBuild = "wineWow"; })
xz
zbackup
];
virtualisation.libvirtd.enable = true;
virtualisation.kvmgt.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
programs.dconf.enable = true;
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
krebs.iptables.enable = true;
#networking.wireless.enable = true;
networking.networkmanager.enable = true;
networking.enableIPv6 = false;
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
hardware.pulseaudio.support32Bit = true;
nixpkgs.config.pulseaudio = true;
services.xserver.enable = true;
services.xserver.layout = "de";
services.xserver.xkbOptions = "nodeadkeys";
services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
programs.fish = {
enable = true;
shellInit = ''
function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
if begin
set -q SSH_AGENT_PID
and kill -0 $SSH_AGENT_PID
and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
end
echo "ssh-agent running on pid $SSH_AGENT_PID"
else
eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
end
set -l identity $HOME/.ssh/id_rsa
set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
ssh-add -l | grep -q $fingerprint
or ssh-add $identity
end
'';
promptInit = ''
function fish_prompt --description 'Write out the prompt'
set -l color_cwd
set -l suffix
set -l nix_shell_info (
if test "$IN_NIX_SHELL" != ""
echo -n " <nix-shell>"
end
)
switch "$USER"
case root toor
if set -q fish_color_cwd_root
set color_cwd $fish_color_cwd_root
else
set color_cwd $fish_color_cwd
end
set suffix '#'
case '*'
set color_cwd $fish_color_cwd
set suffix '>'
end
echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
end
'';
};
nix.buildCores = 4;
system.stateVersion = "19.09";
}

View File

@ -0,0 +1,29 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a3257922-d2d4-45ae-87cc-cc38d32e0774";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/60A6-4DAB";
fsType = "vfat";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

View File

@ -21,6 +21,29 @@ with import <stockholm/lib>;
"video" "video"
"fuse" "fuse"
"wheel" "wheel"
"kvm"
"qemu-libvirtd"
"libvirtd"
];
openssh.authorizedKeys.keys = [
config.krebs.users.mb.pubkey
];
};
xo = {
name = "xo";
uid = 2323;
home = "/home/xo";
group = "users";
createHome = true;
shell = "/run/current-system/sw/bin/fish";
extraGroups = [
"audio"
"video"
"fuse"
"wheel"
"kvm"
"qemu-libvirtd"
"libvirtd"
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
config.krebs.users.mb.pubkey config.krebs.users.mb.pubkey

View File

@ -0,0 +1,231 @@
{ config, lib, pkgs, ... }:
with lib;
let
gce = pkgs.google-compute-engine;
in
{
imports = [
./headless.nix
./qemu-guest.nix
];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
autoResize = true;
};
boot.growPartition = true;
boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
boot.initrd.kernelModules = [ "virtio_scsi" ];
boot.kernelModules = [ "virtio_pci" "virtio_net" ];
# Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd.
boot.loader.grub.device = "/dev/sda";
boot.loader.timeout = 0;
# Don't put old configurations in the GRUB menu. The user has no
# way to select them anyway.
boot.loader.grub.configurationLimit = 0;
# Allow root logins only using the SSH key that the user specified
# at instance creation time.
#services.openssh.enable = true;
#services.openssh.permitRootLogin = "prohibit-password";
#services.openssh.passwordAuthentication = mkDefault false;
# Use GCE udev rules for dynamic disk volumes
services.udev.packages = [ gce ];
# Force getting the hostname from Google Compute.
networking.hostName = mkDefault "";
# Always include cryptsetup so that NixOps can use it.
environment.systemPackages = [ pkgs.cryptsetup ];
# Make sure GCE image does not replace host key that NixOps sets
environment.etc."default/instance_configs.cfg".text = lib.mkDefault ''
[InstanceSetup]
set_host_keys = false
'';
# Rely on GCP's firewall instead
networking.firewall.enable = mkDefault false;
# Configure default metadata hostnames
networking.extraHosts = ''
169.254.169.254 metadata.google.internal metadata
'';
networking.timeServers = [ "metadata.google.internal" ];
networking.usePredictableInterfaceNames = false;
# GC has 1460 MTU
networking.interfaces.eth0.mtu = 1460;
security.googleOsLogin.enable = true;
systemd.services.google-clock-skew-daemon = {
description = "Google Compute Engine Clock Skew Daemon";
after = [
"network.target"
"google-instance-setup.service"
"google-network-setup.service"
];
requires = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${gce}/bin/google_clock_skew_daemon --debug";
};
};
systemd.services.google-instance-setup = {
description = "Google Compute Engine Instance Setup";
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"];
before = ["sshd.service"];
wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "sshd.service" "multi-user.target" ];
path = with pkgs; [ ethtool openssh ];
serviceConfig = {
ExecStart = "${gce}/bin/google_instance_setup --debug";
Type = "oneshot";
};
};
systemd.services.google-network-daemon = {
description = "Google Compute Engine Network Daemon";
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"];
wants = ["local-fs.target" "network-online.target" "network.target"];
requires = ["network.target"];
partOf = ["network.target"];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ iproute ];
serviceConfig = {
ExecStart = "${gce}/bin/google_network_daemon --debug";
};
};
systemd.services.google-shutdown-scripts = {
description = "Google Compute Engine Shutdown Scripts";
after = [
"local-fs.target"
"network-online.target"
"network.target"
"rsyslog.service"
"systemd-resolved.service"
"google-instance-setup.service"
"google-network-daemon.service"
];
wants = [ "local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.coreutils}/bin/true";
ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown";
Type = "oneshot";
RemainAfterExit = true;
TimeoutStopSec = "infinity";
};
};
systemd.services.google-startup-scripts = {
description = "Google Compute Engine Startup Scripts";
after = [
"local-fs.target"
"network-online.target"
"network.target"
"rsyslog.service"
"google-instance-setup.service"
"google-network-daemon.service"
];
wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup";
KillMode = "process";
Type = "oneshot";
};
};
# Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
boot.kernel.sysctl = {
# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
# of TCP functionality/features under normal conditions. When flood
# protections kick in under high unanswered-SYN load, the system
# should remain more stable, with a trade off of some loss of TCP
# functionality/features (e.g. TCP Window scaling).
"net.ipv4.tcp_syncookies" = mkDefault "1";
# ignores source-routed packets
"net.ipv4.conf.all.accept_source_route" = mkDefault "0";
# ignores source-routed packets
"net.ipv4.conf.default.accept_source_route" = mkDefault "0";
# ignores ICMP redirects
"net.ipv4.conf.all.accept_redirects" = mkDefault "0";
# ignores ICMP redirects
"net.ipv4.conf.default.accept_redirects" = mkDefault "0";
# ignores ICMP redirects from non-GW hosts
"net.ipv4.conf.all.secure_redirects" = mkDefault "1";
# ignores ICMP redirects from non-GW hosts
"net.ipv4.conf.default.secure_redirects" = mkDefault "1";
# don't allow traffic between networks or act as a router
"net.ipv4.ip_forward" = mkDefault "0";
# don't allow traffic between networks or act as a router
"net.ipv4.conf.all.send_redirects" = mkDefault "0";
# don't allow traffic between networks or act as a router
"net.ipv4.conf.default.send_redirects" = mkDefault "0";
# reverse path filtering - IP spoofing protection
"net.ipv4.conf.all.rp_filter" = mkDefault "1";
# reverse path filtering - IP spoofing protection
"net.ipv4.conf.default.rp_filter" = mkDefault "1";
# ignores ICMP broadcasts to avoid participating in Smurf attacks
"net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1";
# ignores bad ICMP errors
"net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1";
# logs spoofed, source-routed, and redirect packets
"net.ipv4.conf.all.log_martians" = mkDefault "1";
# log spoofed, source-routed, and redirect packets
"net.ipv4.conf.default.log_martians" = mkDefault "1";
# implements RFC 1337 fix
"net.ipv4.tcp_rfc1337" = mkDefault "1";
# randomizes addresses of mmap base, heap, stack and VDSO page
"kernel.randomize_va_space" = mkDefault "2";
# Reboot the machine soon after a kernel panic.
"kernel.panic" = mkDefault "10";
## Not part of the original config
# provides protection from ToCToU races
"fs.protected_hardlinks" = mkDefault "1";
# provides protection from ToCToU races
"fs.protected_symlinks" = mkDefault "1";
# makes locating kernel addresses more difficult
"kernel.kptr_restrict" = mkDefault "1";
# set ptrace protections
"kernel.yama.ptrace_scope" = mkOverride 500 "1";
# set perf only available to root
"kernel.perf_event_paranoid" = mkDefault "2";
};
}

25
mb/2configs/headless.nix Normal file
View File

@ -0,0 +1,25 @@
# Common configuration for headless machines (e.g., Amazon EC2
# instances).
{ lib, ... }:
with lib;
{
boot.vesa = false;
# Don't start a tty on the serial consoles.
systemd.services."serial-getty@ttyS0".enable = false;
systemd.services."serial-getty@hvc0".enable = false;
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@".enable = false;
# Since we can't manually respond to a panic, just reboot.
boot.kernelParams = [ "panic=1" "boot.panic_on_fail" ];
# Don't allow emergency mode, because we don't have a console.
systemd.enableEmergencyMode = false;
# Being headless, we don't need a GRUB splash image.
boot.loader.grub.splashImage = null;
}

446
mb/2configs/neovimrc Normal file
View File

@ -0,0 +1,446 @@
"*****************************************************************************
"" Functions
"*****************************************************************************
function! GetBufferList()
redir =>buflist
silent! ls!
redir END
return buflist
endfunction
function! ToggleList(bufname, pfx)
let buflist = GetBufferList()
for bufnum in map(filter(split(buflist, '\n'), 'v:val =~ "'.a:bufname.'"'), 'str2nr(matchstr(v:val, "\\d\\+"))')
if bufwinnr(bufnum) != -1
exec(a:pfx.'close')
return
endif
endfor
if a:pfx == 'l' && len(getloclist(0)) == 0
echohl ErrorMsg
echo "Location List is Empty."
return
endif
let winnr = winnr()
exec(a:pfx.'open')
if winnr() != winnr
wincmd p
endif
endfunction
"*****************************************************************************
"" Basic Setup
"*****************************************************************************"
" General
let no_buffers_menu=1
syntax on
set ruler
set number
set mousemodel=popup
set t_Co=256
set guioptions=egmrti
set gfn=Monospace\ 10
" TODO: Testing if this works against automatically setting paste mode
" Issue: https://github.com/neovim/neovim/issues/7994
au InsertLeave * set nopaste
" undofile - This allows you to use undos after exiting and restarting
" This, like swap and backups, uses .vim-undo first, then ~/.vim/undo
" :help undo-persistence
if exists("+undofile")
if isdirectory($HOME . '/.vim/undo') == 0
:silent !mkdir -p ~/.vim/undo > /dev/null 2>&1
endif
set undodir=./.vim-undo//
set undodir+=~/.vim/undo//
set undofile
endif
" Encoding
set encoding=utf-8
set fileencoding=utf-8
set fileencodings=utf-8
set bomb
set binary
" Fix backspace indent
set backspace=indent,eol,start
" Tabs. May be overriten by autocmd rules
set tabstop=4
set softtabstop=0
set shiftwidth=4
set expandtab
" Map leader to ,
let mapleader=','
" Enable hidden buffers
set hidden
" Searching
set hlsearch
set incsearch
set ignorecase
set smartcase
" Directories for swp files
set nobackup
set noswapfile
set fileformats=unix,dos,mac
" File overview
set wildmode=list:longest,list:full
set wildignore+=*.o,*.obj,.git,*.rbc,*.pyc,__pycache__
" Shell to emulate
if exists('$SHELL')
set shell=$SHELL
else
set shell=/bin/bash
endif
" Set color scheme
colorscheme molokai
"Show always Status bar
set laststatus=2
" Use modeline overrides
set modeline
set modelines=10
" Set terminal title
set title
set titleold="Terminal"
set titlestring=%F
" search will center on the line it's found in.
nnoremap n nzzzv
nnoremap N Nzzzv
"*****************************************************************************
"" Abbreviations
"*****************************************************************************
" no one is really happy until you have this shortcuts
cnoreabbrev W! w!
cnoreabbrev Q! q!
cnoreabbrev Qall! qall!
cnoreabbrev Wq wq
cnoreabbrev Wa wa
cnoreabbrev wQ wq
cnoreabbrev WQ wq
cnoreabbrev W w
cnoreabbrev Q q
cnoreabbrev Qall qall
" NERDTree configuration
let g:NERDTreeChDirMode=2
let g:NERDTreeIgnore=['\.rbc$', '\~$', '\.pyc$', '\.db$', '\.sqlite$', '__pycache__']
let g:NERDTreeSortOrder=['^__\.py$', '\/$', '*', '\.swp$', '\.bak$', '\~$']
let g:NERDTreeShowBookmarks=1
let g:nerdtree_tabs_focus_on_files=1
let g:NERDTreeMapOpenInTabSilent = '<RightMouse>'
let g:NERDTreeWinSize = 50
set wildignore+=*/tmp/*,*.so,*.swp,*.zip,*.pyc,*.db,*.sqlite
nnoremap <silent> <F1> :NERDTreeFind<CR>
nnoremap <silent> <F2> :NERDTreeToggle<CR>
" open terminal emulation
nnoremap <silent> <leader>sh :terminal<CR>:startinsert<CR>
"*****************************************************************************
"" Autocmd Rules
"*****************************************************************************
"" The PC is fast enough, do syntax highlight syncing from start unless 200 lines
augroup vimrc-sync-fromstart
autocmd!
autocmd BufEnter * :syntax sync maxlines=200
augroup END
" Nasm filetype
augroup nasm
autocmd!
autocmd BufRead,BufNewFile *.nasm set ft=nasm
augroup END
" Binary filetype
augroup Binary
au!
au BufReadPre *.bin,*.exe,*.elf let &bin=1
au BufReadPost *.bin,*.exe,*.elf if &bin | %!xxd
au BufReadPost *.bin,*.exe,*.elf set ft=xxd | endif
au BufWritePre *.bin,*.exe,*.elf if &bin | %!xxd -r
au BufWritePre *.bin,*.exe,*.elf endif
au BufWritePost *.bin,*.exe,*.elf if &bin | %!xxd
au BufWritePost *.bin,*.exe,*.elf set nomod | endif
augroup END
" Binary filetype
augroup fasm
au!
au BufReadPost *.fasm set ft=fasm
augroup END
augroup deoplete-update
autocmd!
autocmd VimEnter * UpdateRemotePlugin
augroup END
"" Remember cursor position
augroup vimrc-remember-cursor-position
autocmd!
autocmd BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
augroup END
"" txt
" augroup vimrc-wrapping
" autocmd!
" autocmd BufRead,BufNewFile *.txt call s:setupWrapping()
" augroup END
"" make/cmake
augroup vimrc-make-cmake
autocmd!
autocmd FileType make setlocal noexpandtab
autocmd BufNewFile,BufRead CMakeLists.txt setlocal filetype=cmake
augroup END
set autoread
"*****************************************************************************
"" Mappings
"*****************************************************************************
" Split
noremap <Leader>h :<C-u>split<CR>
noremap <Leader>v :<C-u>vsplit<CR>
" Git
noremap <Leader>ga :Gwrite<CR>
noremap <Leader>gc :Gcommit<CR>
noremap <Leader>gsh :Gpush<CR>
noremap <Leader>gll :Gpull<CR>
noremap <Leader>gs :Gstatus<CR>
noremap <Leader>gb :Gblame<CR>
noremap <Leader>gd :Gvdiff<CR>
noremap <Leader>gr :Gremove<CR>
" Tabs
nnoremap <Tab> gt
nnoremap <S-Tab> gT
nnoremap <silent> <S-t> :tabnew<CR>
" Set working directory
nnoremap <leader>. :lcd %:p:h<CR>
" Opens an edit command with the path of the currently edited file filled in
noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR>
" Opens a tab edit command with the path of the currently edited file filled
noremap <Leader>te :tabe <C-R>=expand("%:p:h") . "/" <CR>
" Tagbar
nmap <silent> <F3> :TagbarToggle<CR>
let g:tagbar_autofocus = 1
" Copy/Paste/Cut
set clipboard^=unnamed,unnamedplus
noremap YY "+y<CR>
noremap <leader>p "+gP<CR>
noremap XX "+x<CR>
" Enable mouse for vim
set mouse=a
" Buffer nav
noremap <leader>z :bp<CR>
noremap <leader>q :bp<CR>
noremap <leader>x :bn<CR>
noremap <leader>w :bn<CR>
" Close buffer
noremap <leader>c :bd<CR>
" Clean search (highlight)
nnoremap <silent> <leader><space> :noh<cr>
" Switching windows
noremap <C-j> <C-w>j
noremap <C-k> <C-w>k
noremap <C-l> <C-w>l
noremap <C-h> <C-w>h
" Vmap for maintain Visual Mode after shifting > and <
vmap < <gv
vmap > >gv
" Move visual block
vnoremap J :m '>+1<CR>gv=gv
vnoremap K :m '<-2<CR>gv=gv
" Open current line on GitHub
nnoremap <Leader>o :.Gbrowse<CR>
" Save on strg+s if not in paste mode
nmap <c-s> :w<CR>
vmap <c-s> <Esc><c-s>gv
imap <c-s> <Esc><c-s>
" Quit on strg+q in normal mode
nnoremap <c-q> :q<cr>
" Strg+d to replace word under cursor
nnoremap <c-d> :%s/\<<C-r><C-w>\>//g<Left><Left>
" Strg+f ro find word under cursor
nnoremap <c-f> :/<C-r><C-w><Left><Left>
" Remove unneccessary spaces
nnoremap <silent> <F5> :let _s=@/ <Bar> :%s/\s\+$//e <Bar> :let @/=_s <Bar> :nohl <Bar> :unlet _s <CR>
" Reindent whole file with F6
map <F6> mzgg=G`z
" Toggle location list
nmap <silent> <F4> :call ToggleList("Quickfix List", 'c')<CR>
" Replacing text in visual mode doesn't copy it anymore
xmap p <Plug>ReplaceWithRegisterVisual
xmap <MiddleMouse> <Plug>ReplaceWithRegisterVisual
" ALE mappings
nmap <Leader>i <Plug>(ale_hover)
nmap <Leader>d <Plug>(ale_go_to_definition_in_tab)
nmap <Leader>rf <Plug>(ale_find_references)
nmap <silent><F7> <Plug>(ale_fix)
" Vim-Go mappings
au FileType go nmap <Leader>i :GoDoc<cr>
au FileType go nmap <Leader>d :GoDef<cr>
au FileType go nmap <Leader>rf :GoReferrers<cr>
"" Opens an edit command with the path of the currently edited file filled in
noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR>
" Use tab for navigatin in autocompletion window
inoremap <expr> <Tab> pumvisible() ? "\<C-n>" : "\<Tab>"
inoremap <expr> <S-Tab> pumvisible() ? "\<C-p>" : "\<S-Tab>"
"*****************************************************************************
"" Plugin settings
"*****************************************************************************
" vim-airline
set statusline+=%{fugitive#statusline()}
let g:airline_theme = 'powerlineish'
let g:airline#extensions#syntastic#enabled = 1
let g:airline#extensions#branch#enabled = 1
let g:airline#extensions#tabline#enabled = 1
let g:airline#extensions#tagbar#enabled = 1
let g:airline_skip_empty_sections = 1
let g:airline#extensions#ale#enabled = 1
" show indent lines
let g:indent_guides_enable_on_vim_startup = 1
let g:indent_guides_auto_colors = 0
hi IndentGuidesOdd ctermbg=235
hi IndentGuidesEven ctermbg=235
let g:indent_guides_guide_size = 1
let g:indent_guides_start_level = 2
" Enable autocompletion
let g:deoplete#enable_at_startup = 1
set completeopt-=preview
" Ale no preview on hover
let g:ale_close_preview_on_insert = 0
let g:ale_cursor_detail = 0
" Ale skip if file size over 2G
let g:ale_maximum_file_size = "2147483648"
" Ale to loclist and quickfix
let g:ale_set_quickfix = 1
" let g:ale_set_loclist = 1
" Ale language server
let g:ale_linters = {
\ 'python': ['pyls'],
\ 'c': ['cquery'],
\ 'cpp': ['cquery'],
\ 'xml': ['xmllint']
\ }
" ALE fixers
let g:ale_fixers = { '*': ['remove_trailing_lines', 'trim_whitespace'] }
let g:ale_fixers.python = ['black']
let g:ale_fixers.go = ['gofmt']
let g:ale_fixers.c = ['clang-format']
let g:ale_fixers.cpp = ['clang-format']
let g:ale_fixers.json = ['jq']
let g:ale_fixers.xml = ['xmllint']
let g:ale_completion_enabled = 1
let g:ale_sign_error = ''
let g:ale_sign_warning = '⚠'
let g:ale_lint_on_insert_leave = 1
" Vim-Go Settings
let g:go_auto_sameids = 1
let g:go_fmt_command = "goimports"
let g:go_auto_type_info = 1
" Disable syntastic for langserver supported languages
let g:syntastic_mode_map = {
\ "mode": "active",
\ "passive_filetypes": ["go", "python", "c", "cpp", "xml" ]
\ }
let g:syntastic_always_populate_loc_list = 1
let g:syntastic_auto_loc_list = 2
let g:syntastic_aggregate_errors = 1
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
let g:syntastic_error_symbol='✗'
let g:syntastic_warning_symbol='⚠'
let g:syntastic_style_error_symbol = '✗'
let g:syntastic_style_warning_symbol = '⚠'
"*****************************************************************************
"" Shortcuts overview
"*****************************************************************************
" Shortcuts overview
" F1 --> Filetree find
" F2 --> Filetree toggle
" F3 --> Function overview
" F4 --> Toggle error bar
" F5 --> Remove trailing whitespaces
" F6 --> Reindent whole file
" F7 --> Format and lint file
" ,i --> Information about function
" ,d --> Jump to definition
" ,r --> Rename in all occurences
" ,rf --> Find references of function/variable
" ,e --> Change current file
" ,te --> Open file in new tab
" strg+f --> Find current selected word
" strg+d --> Replace current selected word
" strg+s --> Save file
" strg+q --> Close current file
" space+, --> Stop highlighting words after search

70
mb/2configs/nvim.nix Normal file
View File

@ -0,0 +1,70 @@
{ pkgs, config, ... }: let
#unstable = import <nixos-unstable> { };
in
{
environment.variables = {
EDITOR = ["nvim"];
};
nixpkgs.config.packageOverrides = pkgs: with pkgs;{
neovim_custom = neovim.override {
configure = {
customRC = builtins.readFile ./neovimrc;
packages.myVimPackage = with pkgs.vimPlugins;
{
# loaded on launch
start = [
nerdtree # file manager
commentary # comment stuff out based on language
fugitive # full git integration
vim-airline-themes # lean & mean status/tabline
vim-airline # status bar
gitgutter # git diff in the gutter (sign column)
vim-trailing-whitespace # trailing whitspaces in red
tagbar # F3 function overview
syntastic # Fallback to singlethreaded but huge syntax support
ReplaceWithRegister # For better copying/replacing
polyglot # Language pack
vim-indent-guides # for displaying indent levels
ale # threaded language client
vim-go # go linting
deoplete-go # go autocompletion completion
deoplete-nvim # general autocompletion
molokai # color scheme
];
# manually loadable by calling `:packadd $plugin-name`
opt = [];
};
};
};
};
environment.systemPackages = with pkgs; [
ctags
neovim_custom
jq # For fixing json files
xxd # .bin files will be displayed with xxd
shellcheck # Shell linting
ansible-lint # Ansible linting
unzip # To vim into unzipped files
nodePackages.jsonlint # json linting
#python36Packages.python-language-server # python linting
#python36Packages.pyls-mypy # Python static type checker
#python36Packages.black # Python code formatter
#python37Packages.yamllint # For linting yaml files
#python37Packages.libxml2 # For fixing yaml files
cquery # C/C++ support
clang-tools # C++ fixer
];
fonts = {
fonts = with pkgs; [
font-awesome_5
];
};
}

View File

@ -0,0 +1,19 @@
# Common configuration for virtual machines running under QEMU (using
# virtio).
{ ... }:
{
boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ];
boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ];
boot.initrd.postDeviceCommands =
''
# Set the system time from the hardware clock to work around a
# bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
# to the *boot time* of the host).
hwclock -s
'';
security.rngd.enable = false;
}