Merge branch 'master' of prism.r:stockholm

This commit is contained in:
jeschli 2019-07-16 19:06:14 +02:00
commit cd4f0290ed
22 changed files with 1493 additions and 7 deletions

View File

@ -229,6 +229,90 @@ in {
};
};
};
rose = {
owner = config.krebs.users.Mic92;
nets = rec {
retiolum = {
addrs = [
config.krebs.hosts.rose.nets.retiolum.ip4.addr
config.krebs.hosts.rose.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.178";
aliases = [ "rose.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA0h88uEcgVFhggGh3xqHySt8T+oDdoSN8ve4ZPmMzrGCD4dnlWcUO
6uMiwE7XG667wvjB0J2RbCJ8n8/r6eQgp6sRfPzSQL/Mc74J+py+sOVOjjjL5wJX
btrYmASO3GKUSMhGmM0IiwHMIPrmUViaREDrweF3bUwK45d/ocqpBkc+nF27kksd
DMYjHMWRIkKuQaj592zo/kY1pAJ/yAvDPess0x1CLL6uDNbjTr2S/L7JHdzZs9Xq
1+SGdVtqD0sWgSBKA0PC/Mi+Divd4PC1SoSL7wZRWD0Y2DNgj3+xUc7hAWRCw2Gs
5wofK+qiwnyYAmeNYcyQfDLosKZF9hOM8U3UbxptkPLsOK3cfZoGoLQCuOryVDBe
6GfJkJ49WfuSSNWs3WPWL6/6zmVPeGR0TvoMt02VQ3cKTmeIkWyTIzSVoC7wYv5D
Dl8Xt3aFr9UFI2GxenesViyuDLi8cy2fOsM3r+gowXQtgEKoXc9W2vyPwIIlcWUJ
QrKVsyNlkKKL0YjsnGazaEvqdiE30/Iq7f7VBnXnWXRLnZhr85HbTdDQnpT4GcEv
W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ
0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
martha = {
owner = config.krebs.users.Mic92;
nets = rec {
retiolum = {
addrs = [
config.krebs.hosts.martha.nets.retiolum.ip4.addr
config.krebs.hosts.martha.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.179";
aliases = [ "martha.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA3lR3Wup2yd9SYs9n9a7lq/jXxlKdwjgp9gPEirLn3/XCFM7NpLIp
LRm3Wdplv0NWim4zI3AsdGmUBrV3y0Ugj48Td4RpXlOiFjS8NHnvRbamCZF7m/pJ
3T/QpQx98+QEKXb3gZ5aDGgcHLRbUYUBuwFOxAKaikuDe2qJxqXqOmA7RXZDkEqe
FrQE/H1/+8HqJ1vhgZKi3Vu7zLRB1EV8nggWFjQKR8o0AeViLwM3OxFtGyKTaXuK
WAQrvSdKQDpQwqAPogyeftGesOfW7z0xrelkux10p42YM9epYvZDFRG97/nupw/S
iYGiTTFDBDTzpyT3zl1uwhmQ3re/nJXf5e4fgnZEcsweU8ysHtDhbimqrm9impVn
XdKnnuNa9F8VlyHCT2pVC9+WDKDNtA2M8f+8lG8/hoJ7hhp5HhBZ3ncROyQqOg4F
e6YtaFidi+fYXjQkdUXHv5FCkqFJnoxZdI2vwqU2DumltG/o+qsksI2WSsLsuMVs
sa4KUq0+5OsmCJnIAKWV2YwbLVf1tJMjPGA0jQECrHPL6SKobRefqav6MPuTbytC
4frtEIGbfdKqQ6nNTvTpCrAo+WAm3NE3khTYqGe4LqX/JMoGtWXp/Ex9IdG+sflM
mESMjuHp9vPY4aZGPtYPP93Cxv3q7gm+EfIGebajISpaG28J+XjiNNsCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
donna = {
owner = config.krebs.users.Mic92;
nets = rec {
retiolum = {
addrs = [
config.krebs.hosts.donna.nets.retiolum.ip4.addr
config.krebs.hosts.donna.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.180";
aliases = [ "donna.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAnv5zVPwjHk5Q72D3tv2rlQkp7SOsZD7Wvz8l1yI/mWkxoriJ9MVa
x8RziSB3KF8sF1lRWIKmuynkgLI3w0X/YFs/fAvtayxk6Qf8DOl23Vd8Is0h/i3I
0fCmCEIHhHboKsREW6NxY7w5WAI2+SFNmGef1P7vzrAv7iLyPbo9nQ8wlrAmc+PJ
Ao3BOf4U7kP778fhsPA4dlGtF2v9CBhygeGVI/DQR8jcvzeiPd2Dr0k/JvrVMYtf
wJW4xUwZkIpws/yfI8b4VJOFl2X/Yw9712Z8Jvga0rR32OG4YbnggvuCMum1g94k
YwMjaSckv1XTalvPQuf1Od96XzwL2hjPFpEK3Tdl4AitMnArgj9HNzhcRL+eGonf
U24zk52OToHnoP3palNpodi7DziIBeXIaIMl7VMXku2ymbOUJsI6zeew+uZahJkv
QIWjxveQ8N40BoTc8Yg6pea1AId3l4f3brtwJbQOVbb3bVQ5VcrxM9Q/TBvyADYR
Knwszxw3uBw5Za1FMbwCPwd8/y/Ar19qGCx25xK0QnsyqZZT/cHsbBOTzh6BBWwI
IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7
awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
inspector = {
owner = config.krebs.users.Mic92;
nets = rec {

View File

@ -393,6 +393,55 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD";
};
xerxes = {
cores = 2;
nets = rec {
retiolum = {
ip4.addr = "10.243.1.3";
ip6.addr = r6 "3";
aliases = [
"xerxes.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U
MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk
gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W
/EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb
mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO
X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj
+2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim
hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9
3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4
H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5
JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4
hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe
SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo
4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe
vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3
Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO
scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv
jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ
Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u
/Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0
bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ
sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
wiregrill = {
ip6.addr = w6 "3";
aliases = [
"xerxes.w"
];
wireguard.pubkey = "UTm8B8YUVvBGqwwxAUMVFsVQFQGQ6jbcXAavZ8LxYT8=";
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM";
};
red = {
monitoring = false;
cores = 1;
@ -626,7 +675,7 @@ in {
};
lass-xerxes = {
mail = "lass@xerxes.r";
pubkey = builtins.readFile ./ssh/xerxes.rsa;
pubkey = builtins.readFile ./ssh/xerxes.ed25519;
};
lass-daedalus = {
mail = "lass@daedalus.r";

View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwCq56DGqj/kz8d8ax0xIl29jV9f3tUtDgtnCnS1b4q lass@xerxes

View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGjBN0aFs6GxNwMjCvlddbN6+vb6LZuWiWWe+wbAynaGuGbae0TXCLp0/eMNy7fH8poDjpdW9M4mKbBFKOqyG8WJLCPFoQw761tjKl1hccJn0hFSkQAEGKxtfzHlAl/Mz+59yvqNg7/WNSivv41hE7btYltzRy238VQDYFv2eLM7acyxrgGo7tWOtkbpfELj5cM8Qw1j3TF9bGV5pK6IOEtaHbmalS8Iiz77syAu+6E/y6zKBTtGMHI15l6RNJ/Y7A1LM/WwuNL+9dJMYWJFVHy3/4dpaxiioHREiSawUbz9wNHknCrT6vaPCIVVcujhz9Oee1C5UiYUyyfJrFYdlzaTg7FuLNIt2hKMY6NYx1D8/Pwpq1JOsaEfK/K5ytCgaJb115mRevcaUA5s7KYNWHmmZvy08JzCgSM6ZPRtfkQIcha77wVq6DugJ+KgBz+oADQRKiaMrumOMldd0B3q4Oxb71gDTE1XLAbWJnd/0Up1H5GAtZZUUrMUslZiU/23R6SOkyEMLWQTx/KgkWcz8DZLtib5o03uZpfJDVqp2CR+sjmy4x9aa+lSaOzuZP0KRyg+mOKl0o3zL7TNAzrzSCORVBg7nOh+0SPJkDxVRkc6dVY1L3ZOfdm2P/19fhWEr5ECgVrmYYKnDPwWY1iWJlZsiEc3Mj7KB1m44ov0FJg2hiNnydImqcXTCoszp515MBmeHnpqJsqEZuWS8dAnaEiOwZaSKIO1E7lQ7CoP86+eD4yAwLq6fb2tgjHT69LgDMaIha4hMfrO2o4UDVw9OZMfnPtyatI4pxplaQDoQM1p0dej0rZ7uxL1tfoKAyT0UCdtjhxfnNs0x1gOQbML4eGbqyKuyF82eOQRgKRDqH/tParoE4SRBVi7o3s0kILRmXA3ng3n1uhEiGwPTH8JsQ9huM+XOhH8+CzQeg4yb/jCrhsDzvLaW654+ouq9G+kjwqmO4vLNs5eZxfae84rppbS2MJqK1x8rkJixvKBKEfvYJOuDNV+hXyMbToaq8qtGy7cCSq4+UDio3DsSHY0Tpt9e+yEzoOOqFQLQyq6uHv/+u9MY+VADoa4N64U3S2SXul9tE3g6hOAY0F5BYMbxQSuj59kzwghlAmbsyWN2FCmWdsfCQkkZX7wCTj20DtZB/GdVSGNgHGAoU5JZrXKca3A2Yc9hzbYjyNYr0NmQ9NUbkbaOkcYJRIUXtS2OBOHP+FoUkkqL3ieKXR07l5xJbWLzbyVUxN9Zii4Baj5xnDO/RLZPDvTUxbER/0d1orMZztL2EKmfSn4j4uhWqpi04Rg9sWH+WVLAq22EKhAuqcFEOUimjcyZWYKxcAq5Z51NJNBQB7euz55eCJUZkBUYEpNuYr0UDlmBxKB2r6ZWDeNXT7eLxBdwDHCHSqXV7qOG1vMhHtjbbxmQMnkQ4InhO9TdpaN3tj67nGmc6hhgYO4b7NvyL1/pvDPrHrR/3GzkDkwqvt3uESdVdqAJSCk6gFh9V1aGs= lass@xerxes

View File

@ -36,6 +36,32 @@ in {
};
};
};
rofl = {
nets = {
retiolum = {
ip4.addr = "10.243.42.43";
aliases = [
"rofl.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnysdVVwxkmSroNUleYZm
xdaIB9EdZYCo2xj3WyhsD2lWMpj51FzSH6Y052Vy1V1TCuIXIwjidpmMohBvflG8
txKCaBGQOZbVqRgzyCDXsNisbr05ayYuHcRrXTpn5ask4HN0Vtx2uJOn8YmOxA0D
VhyEnf8xWu+vi8dwDqRVR17QnPBYqgenzIBmAuRngvNqg6WZg+E9X2e1Dco/PMzb
VW0AgC2+zFCl4+G7dEW7uhsI6IJLy4LsJuEN4TlvWAf7tfdFEnBzTfODW8quGdts
1Yzah4svPNNt9F1ZhOR/1bDsfVoOjI76BgB0G+ZZPQAGV1zxgn8DXSKi/tJTLNu1
vj/n9sUJfXMYQdTAOkABghCyEDFUspPKCffQqUXUcJbLKY9fNssGGBeanMsobUQC
Ch9z7kIJ52JDcP/D58z9Yf62P5ENqXzeVPCcodIOey1EizOu/FH3jVo52we1M5sp
1iM4hMc3ZINUBI9AA1nLWWlB3lBnErAXrhmMMHjcO4nO7/M0YU+EalkDB5eIhqiH
QJx7VnOE2UZYU9Y0vVNSWfYocU12aABK98T7lr5Tde4dI1J81sk2MUZcbNHger3f
NxpvNzOBpeC5xvq/ENCRR7MDf/59xWW5P5N7PbGprLQAi8cfdSoIEhSPz17Taq1f
3aAAePgBsZvRQozxXZfqp58CAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
p1nk = {
nets = {
retiolum = {

View File

@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "d77e3bd661354ea775a8cacc97bb59ddde513c09",
"date": "2019-06-18T23:08:17+02:00",
"sha256": "1m82zs00n6nc0pkdpmd9amm013qxwksjfhzcm6gck3p469q7n866",
"rev": "754763ff4ba1dd03fe3fad3a0fea36d2e39f5860",
"date": "2019-07-05T14:34:03+02:00",
"sha256": "10752kda1rzljlpcchi826hmbc8853vnbg9rkh7s89mxq6yjnm15",
"fetchSubmodules": false
}

View File

@ -0,0 +1,35 @@
{ config, lib, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/baseX.nix>
<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/mail.nix>
];
krebs.build.host = config.krebs.hosts.xerxes;
services.xserver = {
displayManager.lightdm.autoLogin.enable = true;
displayManager.lightdm.autoLogin.user = "lass";
};
boot.blacklistedKernelModules = [
"xpad"
];
lass.screenlock.enable = lib.mkForce false;
}

View File

@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/git.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/baseX.nix>
#<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/wine.nix>
#<stockholm/lass/2configs/blue-host.nix>
#<stockholm/lass/2configs/xtreemfs.nix>
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/nfs-dl.nix>
#<stockholm/lass/2configs/prism-share.nix>
<stockholm/lass/2configs/ssh-cryptsetup.nix>
];
krebs.build.host = config.krebs.hosts.icarus;
environment.systemPackages = with pkgs; [
macchanger
nix-review
];
programs.adb.enable = true;
}

View File

@ -0,0 +1,25 @@
{
imports = [
./config.nix
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/coreboot.nix>
];
fileSystems = {
"/bku" = {
device = "/dev/mapper/pool-bku";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
services.thinkfan.enable = true;
services.tlp.extraConfig = ''
START_CHARGE_THRESH_BAT0=80
'';
}

View File

@ -0,0 +1,86 @@
{ pkgs, lib, ... }:
{
imports = [
./config.nix
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.zfs.enableUnstable = true;
boot.loader.grub = {
enable = true;
device = "/dev/sda";
efiSupport = true;
};
boot.loader.efi.canTouchEfiVariables = true;
# TODO fix touchscreen
boot.blacklistedKernelModules = [
"goodix"
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.initrd.luks.devices.crypted.device = "/dev/sda3";
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [
"fbcon=rotate:1"
"boot.shell_on_fail"
];
services.xserver.displayManager.sessionCommands = ''
(sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP-1 --rotate right)
(sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop 'Goodix Capacitive TouchScreen' 'Coordinate Transformation Matrix' 0 1 0 -1 0 1 0 0 1)
'';
fileSystems."/" = {
device = "rpool/root";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/home";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/E749-784C";
fsType = "vfat";
};
swapDevices = [ ];
boot.extraModprobeConfig = ''
options zfs zfs_arc_max=1073741824
'';
nix.maxJobs = lib.mkDefault 4;
networking.hostId = "9b0a74ac";
networking.networkmanager.enable = true;
hardware.opengl.enable = true;
services.tlp.enable = true;
services.tlp.extraConfig = ''
CPU_SCALING_GOVERNOR_ON_AC=ondemand
CPU_SCALING_GOVERNOR_ON_BAT=powersave
CPU_MIN_PERF_ON_AC=0
CPU_MAX_PERF_ON_AC=100
CPU_MIN_PERF_ON_BAT=0
CPU_MAX_PERF_ON_BAT=30
'';
services.logind.extraConfig = ''
HandlePowerKey=suspend
IdleAction=suspend
IdleActionSec=300
'';
services.xserver.extraConfig = ''
Section "Device"
Identifier "Intel Graphics"
Driver "Intel"
Option "TearFree" "true"
EndSection
'';
}

View File

@ -62,6 +62,7 @@ in {
wcalc
wget
xz
zbackup
];
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
@ -71,6 +72,19 @@ in {
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
services.codimd = {
enable = true;
workDir = "/storage/codimd";
configuration = {
port = 1337;
host = "0.0.0.0";
db = {
dialect = "sqlite";
storage = "/storage/codimd/db.codimd.sqlite";
};
};
};
networking.wireless.enable = false;
networking.networkmanager.enable = false;
krebs.iptables.enable = true;

View File

@ -5,6 +5,7 @@ in {
[ # Include the results of the hardware scan.
./hardware-configuration.nix
<stockholm/mb>
<stockholm/mb/2configs/nvim.nix>
];
krebs.build.host = config.krebs.hosts.orange;
@ -124,15 +125,19 @@ in {
unstable.ponyc
unstable.sublime3
unstable.youtube-dl
vim
virt-viewer
virtmanager
vulnix
wcalc
wget
xz
zbackup
];
environment.variables = {
EDITOR = ["nvim"];
};
environment.shellAliases = {
ll = "ls -alh";
ls = "ls --color=tty";

View File

@ -5,6 +5,7 @@ in {
[ # Include the results of the hardware scan.
./hardware-configuration.nix
<stockholm/mb>
<stockholm/mb/2configs/nvim.nix>
];
krebs.build.host = config.krebs.hosts.p1nk;
@ -118,13 +119,13 @@ in {
unstable.ponyc
unstable.sublime3
youtube-dl
vim
virt-viewer
virtmanager
vulnix
wcalc
wget
xz
zbackup
];
environment.shellAliases = {
@ -159,6 +160,7 @@ in {
};
};
windowManager.ratpoison.enable = true;
windowManager.pekwm.enable = true;
};
services.openssh.enable = true;

View File

@ -0,0 +1,103 @@
{ config, pkgs, callPackage, ... }: let
unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
in {
imports =
[ # Include the results of the hardware scan.
<stockholm/mb/2configs/google-compute-config.nix>
<stockholm/mb>
];
krebs.build.host = config.krebs.hosts.rofl;
i18n = {
consoleFont = "Lat2-Terminus16";
consoleKeyMap = "de";
defaultLocale = "en_US.UTF-8";
};
time.timeZone = "Europe/Berlin";
nixpkgs.config.allowUnfree = true;
environment.shellAliases = {
ll = "ls -alh";
ls = "ls --color=tty";
};
environment.systemPackages = with pkgs; [
curl
fish
git
htop
nmap
ranger
tcpdump
tmux
traceroute
tree
vim
xz
zbackup
];
sound.enable = false;
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
networking.wireless.enable = false;
networking.networkmanager.enable = false;
krebs.iptables.enable = true;
networking.enableIPv6 = false;
programs.fish = {
enable = true;
shellInit = ''
function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
if begin
set -q SSH_AGENT_PID
and kill -0 $SSH_AGENT_PID
and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
end
echo "ssh-agent running on pid $SSH_AGENT_PID"
else
eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
end
set -l identity $HOME/.ssh/id_rsa
set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
ssh-add -l | grep -q $fingerprint
or ssh-add $identity
end
'';
promptInit = ''
function fish_prompt --description 'Write out the prompt'
set -l color_cwd
set -l suffix
set -l nix_shell_info (
if test "$IN_NIX_SHELL" != ""
echo -n " <nix-shell>"
end
)
switch "$USER"
case root toor
if set -q fish_color_cwd_root
set color_cwd $fish_color_cwd_root
else
set color_cwd $fish_color_cwd
end
set suffix '#'
case '*'
set color_cwd $fish_color_cwd
set suffix '>'
end
echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
end
'';
};
system.autoUpgrade.enable = false;
system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
system.stateVersion = "19.03";
}

View File

@ -0,0 +1,181 @@
{ config, pkgs, ... }: let
unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
in {
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
<stockholm/mb>
];
krebs.build.host = config.krebs.hosts.sunsh1n3;
boot.kernelPackages = pkgs.linuxPackages_latest;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
boot.initrd.luks.devices = [
{
name = "root";
device = "/dev/disk/by-uuid/5354ba31-c7de-4b55-8f86-a2a437dfbb21";
preLVM = true;
allowDiscards = true;
}
];
i18n = {
consoleFont = "Lat2-Terminus16";
consoleKeyMap = "de";
defaultLocale = "en_US.UTF-8";
};
time.timeZone = "Europe/Berlin";
nixpkgs.config.packageOverrides = super : {
openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = true ; };
};
nixpkgs.config.allowUnfree = true;
fonts = {
enableCoreFonts = true;
enableGhostscriptFonts = true;
fonts = with pkgs; [
anonymousPro
corefonts
dejavu_fonts
envypn-font
fira
gentium
gohufont
inconsolata
liberation_ttf
powerline-fonts
source-code-pro
terminus_font
ttf_bitstream_vera
ubuntu_font_family
unifont
unstable.cherry
xorg.fontbitstream100dpi
xorg.fontbitstream75dpi
xorg.fontbitstreamtype1
];
};
environment.systemPackages = with pkgs; [
wget vim git curl fish
ag
chromium
firefox
gimp
p7zip
htop
mpv
mpvc
nmap
ntfs3g
keepassx2
sshfs
#unstable.skrooge
skrooge
unstable.alacritty
tmux
tree
wcalc
virtmanager
virt-viewer
(wine.override { wineBuild = "wineWow"; })
xz
zbackup
];
virtualisation.libvirtd.enable = true;
virtualisation.kvmgt.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
programs.dconf.enable = true;
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
krebs.iptables.enable = true;
#networking.wireless.enable = true;
networking.networkmanager.enable = true;
networking.enableIPv6 = false;
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
hardware.pulseaudio.support32Bit = true;
nixpkgs.config.pulseaudio = true;
services.xserver.enable = true;
services.xserver.layout = "de";
services.xserver.xkbOptions = "nodeadkeys";
services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
programs.fish = {
enable = true;
shellInit = ''
function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
if begin
set -q SSH_AGENT_PID
and kill -0 $SSH_AGENT_PID
and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
end
echo "ssh-agent running on pid $SSH_AGENT_PID"
else
eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
end
set -l identity $HOME/.ssh/id_rsa
set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
ssh-add -l | grep -q $fingerprint
or ssh-add $identity
end
'';
promptInit = ''
function fish_prompt --description 'Write out the prompt'
set -l color_cwd
set -l suffix
set -l nix_shell_info (
if test "$IN_NIX_SHELL" != ""
echo -n " <nix-shell>"
end
)
switch "$USER"
case root toor
if set -q fish_color_cwd_root
set color_cwd $fish_color_cwd_root
else
set color_cwd $fish_color_cwd
end
set suffix '#'
case '*'
set color_cwd $fish_color_cwd
set suffix '>'
end
echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
end
'';
};
nix.buildCores = 4;
system.stateVersion = "19.09";
}

View File

@ -0,0 +1,29 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a3257922-d2d4-45ae-87cc-cc38d32e0774";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/60A6-4DAB";
fsType = "vfat";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

View File

@ -21,6 +21,29 @@ with import <stockholm/lib>;
"video"
"fuse"
"wheel"
"kvm"
"qemu-libvirtd"
"libvirtd"
];
openssh.authorizedKeys.keys = [
config.krebs.users.mb.pubkey
];
};
xo = {
name = "xo";
uid = 2323;
home = "/home/xo";
group = "users";
createHome = true;
shell = "/run/current-system/sw/bin/fish";
extraGroups = [
"audio"
"video"
"fuse"
"wheel"
"kvm"
"qemu-libvirtd"
"libvirtd"
];
openssh.authorizedKeys.keys = [
config.krebs.users.mb.pubkey

View File

@ -0,0 +1,231 @@
{ config, lib, pkgs, ... }:
with lib;
let
gce = pkgs.google-compute-engine;
in
{
imports = [
./headless.nix
./qemu-guest.nix
];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
autoResize = true;
};
boot.growPartition = true;
boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
boot.initrd.kernelModules = [ "virtio_scsi" ];
boot.kernelModules = [ "virtio_pci" "virtio_net" ];
# Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd.
boot.loader.grub.device = "/dev/sda";
boot.loader.timeout = 0;
# Don't put old configurations in the GRUB menu. The user has no
# way to select them anyway.
boot.loader.grub.configurationLimit = 0;
# Allow root logins only using the SSH key that the user specified
# at instance creation time.
#services.openssh.enable = true;
#services.openssh.permitRootLogin = "prohibit-password";
#services.openssh.passwordAuthentication = mkDefault false;
# Use GCE udev rules for dynamic disk volumes
services.udev.packages = [ gce ];
# Force getting the hostname from Google Compute.
networking.hostName = mkDefault "";
# Always include cryptsetup so that NixOps can use it.
environment.systemPackages = [ pkgs.cryptsetup ];
# Make sure GCE image does not replace host key that NixOps sets
environment.etc."default/instance_configs.cfg".text = lib.mkDefault ''
[InstanceSetup]
set_host_keys = false
'';
# Rely on GCP's firewall instead
networking.firewall.enable = mkDefault false;
# Configure default metadata hostnames
networking.extraHosts = ''
169.254.169.254 metadata.google.internal metadata
'';
networking.timeServers = [ "metadata.google.internal" ];
networking.usePredictableInterfaceNames = false;
# GC has 1460 MTU
networking.interfaces.eth0.mtu = 1460;
security.googleOsLogin.enable = true;
systemd.services.google-clock-skew-daemon = {
description = "Google Compute Engine Clock Skew Daemon";
after = [
"network.target"
"google-instance-setup.service"
"google-network-setup.service"
];
requires = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${gce}/bin/google_clock_skew_daemon --debug";
};
};
systemd.services.google-instance-setup = {
description = "Google Compute Engine Instance Setup";
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"];
before = ["sshd.service"];
wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "sshd.service" "multi-user.target" ];
path = with pkgs; [ ethtool openssh ];
serviceConfig = {
ExecStart = "${gce}/bin/google_instance_setup --debug";
Type = "oneshot";
};
};
systemd.services.google-network-daemon = {
description = "Google Compute Engine Network Daemon";
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"];
wants = ["local-fs.target" "network-online.target" "network.target"];
requires = ["network.target"];
partOf = ["network.target"];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ iproute ];
serviceConfig = {
ExecStart = "${gce}/bin/google_network_daemon --debug";
};
};
systemd.services.google-shutdown-scripts = {
description = "Google Compute Engine Shutdown Scripts";
after = [
"local-fs.target"
"network-online.target"
"network.target"
"rsyslog.service"
"systemd-resolved.service"
"google-instance-setup.service"
"google-network-daemon.service"
];
wants = [ "local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.coreutils}/bin/true";
ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown";
Type = "oneshot";
RemainAfterExit = true;
TimeoutStopSec = "infinity";
};
};
systemd.services.google-startup-scripts = {
description = "Google Compute Engine Startup Scripts";
after = [
"local-fs.target"
"network-online.target"
"network.target"
"rsyslog.service"
"google-instance-setup.service"
"google-network-daemon.service"
];
wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup";
KillMode = "process";
Type = "oneshot";
};
};
# Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
boot.kernel.sysctl = {
# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
# of TCP functionality/features under normal conditions. When flood
# protections kick in under high unanswered-SYN load, the system
# should remain more stable, with a trade off of some loss of TCP
# functionality/features (e.g. TCP Window scaling).
"net.ipv4.tcp_syncookies" = mkDefault "1";
# ignores source-routed packets
"net.ipv4.conf.all.accept_source_route" = mkDefault "0";
# ignores source-routed packets
"net.ipv4.conf.default.accept_source_route" = mkDefault "0";
# ignores ICMP redirects
"net.ipv4.conf.all.accept_redirects" = mkDefault "0";
# ignores ICMP redirects
"net.ipv4.conf.default.accept_redirects" = mkDefault "0";
# ignores ICMP redirects from non-GW hosts
"net.ipv4.conf.all.secure_redirects" = mkDefault "1";
# ignores ICMP redirects from non-GW hosts
"net.ipv4.conf.default.secure_redirects" = mkDefault "1";
# don't allow traffic between networks or act as a router
"net.ipv4.ip_forward" = mkDefault "0";
# don't allow traffic between networks or act as a router
"net.ipv4.conf.all.send_redirects" = mkDefault "0";
# don't allow traffic between networks or act as a router
"net.ipv4.conf.default.send_redirects" = mkDefault "0";
# reverse path filtering - IP spoofing protection
"net.ipv4.conf.all.rp_filter" = mkDefault "1";
# reverse path filtering - IP spoofing protection
"net.ipv4.conf.default.rp_filter" = mkDefault "1";
# ignores ICMP broadcasts to avoid participating in Smurf attacks
"net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1";
# ignores bad ICMP errors
"net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1";
# logs spoofed, source-routed, and redirect packets
"net.ipv4.conf.all.log_martians" = mkDefault "1";
# log spoofed, source-routed, and redirect packets
"net.ipv4.conf.default.log_martians" = mkDefault "1";
# implements RFC 1337 fix
"net.ipv4.tcp_rfc1337" = mkDefault "1";
# randomizes addresses of mmap base, heap, stack and VDSO page
"kernel.randomize_va_space" = mkDefault "2";
# Reboot the machine soon after a kernel panic.
"kernel.panic" = mkDefault "10";
## Not part of the original config
# provides protection from ToCToU races
"fs.protected_hardlinks" = mkDefault "1";
# provides protection from ToCToU races
"fs.protected_symlinks" = mkDefault "1";
# makes locating kernel addresses more difficult
"kernel.kptr_restrict" = mkDefault "1";
# set ptrace protections
"kernel.yama.ptrace_scope" = mkOverride 500 "1";
# set perf only available to root
"kernel.perf_event_paranoid" = mkDefault "2";
};
}

25
mb/2configs/headless.nix Normal file
View File

@ -0,0 +1,25 @@
# Common configuration for headless machines (e.g., Amazon EC2
# instances).
{ lib, ... }:
with lib;
{
boot.vesa = false;
# Don't start a tty on the serial consoles.
systemd.services."serial-getty@ttyS0".enable = false;
systemd.services."serial-getty@hvc0".enable = false;
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@".enable = false;
# Since we can't manually respond to a panic, just reboot.
boot.kernelParams = [ "panic=1" "boot.panic_on_fail" ];
# Don't allow emergency mode, because we don't have a console.
systemd.enableEmergencyMode = false;
# Being headless, we don't need a GRUB splash image.
boot.loader.grub.splashImage = null;
}

446
mb/2configs/neovimrc Normal file
View File

@ -0,0 +1,446 @@
"*****************************************************************************
"" Functions
"*****************************************************************************
function! GetBufferList()
redir =>buflist
silent! ls!
redir END
return buflist
endfunction
function! ToggleList(bufname, pfx)
let buflist = GetBufferList()
for bufnum in map(filter(split(buflist, '\n'), 'v:val =~ "'.a:bufname.'"'), 'str2nr(matchstr(v:val, "\\d\\+"))')
if bufwinnr(bufnum) != -1
exec(a:pfx.'close')
return
endif
endfor
if a:pfx == 'l' && len(getloclist(0)) == 0
echohl ErrorMsg
echo "Location List is Empty."
return
endif
let winnr = winnr()
exec(a:pfx.'open')
if winnr() != winnr
wincmd p
endif
endfunction
"*****************************************************************************
"" Basic Setup
"*****************************************************************************"
" General
let no_buffers_menu=1
syntax on
set ruler
set number
set mousemodel=popup
set t_Co=256
set guioptions=egmrti
set gfn=Monospace\ 10
" TODO: Testing if this works against automatically setting paste mode
" Issue: https://github.com/neovim/neovim/issues/7994
au InsertLeave * set nopaste
" undofile - This allows you to use undos after exiting and restarting
" This, like swap and backups, uses .vim-undo first, then ~/.vim/undo
" :help undo-persistence
if exists("+undofile")
if isdirectory($HOME . '/.vim/undo') == 0
:silent !mkdir -p ~/.vim/undo > /dev/null 2>&1
endif
set undodir=./.vim-undo//
set undodir+=~/.vim/undo//
set undofile
endif
" Encoding
set encoding=utf-8
set fileencoding=utf-8
set fileencodings=utf-8
set bomb
set binary
" Fix backspace indent
set backspace=indent,eol,start
" Tabs. May be overriten by autocmd rules
set tabstop=4
set softtabstop=0
set shiftwidth=4
set expandtab
" Map leader to ,
let mapleader=','
" Enable hidden buffers
set hidden
" Searching
set hlsearch
set incsearch
set ignorecase
set smartcase
" Directories for swp files
set nobackup
set noswapfile
set fileformats=unix,dos,mac
" File overview
set wildmode=list:longest,list:full
set wildignore+=*.o,*.obj,.git,*.rbc,*.pyc,__pycache__
" Shell to emulate
if exists('$SHELL')
set shell=$SHELL
else
set shell=/bin/bash
endif
" Set color scheme
colorscheme molokai
"Show always Status bar
set laststatus=2
" Use modeline overrides
set modeline
set modelines=10
" Set terminal title
set title
set titleold="Terminal"
set titlestring=%F
" search will center on the line it's found in.
nnoremap n nzzzv
nnoremap N Nzzzv
"*****************************************************************************
"" Abbreviations
"*****************************************************************************
" no one is really happy until you have this shortcuts
cnoreabbrev W! w!
cnoreabbrev Q! q!
cnoreabbrev Qall! qall!
cnoreabbrev Wq wq
cnoreabbrev Wa wa
cnoreabbrev wQ wq
cnoreabbrev WQ wq
cnoreabbrev W w
cnoreabbrev Q q
cnoreabbrev Qall qall
" NERDTree configuration
let g:NERDTreeChDirMode=2
let g:NERDTreeIgnore=['\.rbc$', '\~$', '\.pyc$', '\.db$', '\.sqlite$', '__pycache__']
let g:NERDTreeSortOrder=['^__\.py$', '\/$', '*', '\.swp$', '\.bak$', '\~$']
let g:NERDTreeShowBookmarks=1
let g:nerdtree_tabs_focus_on_files=1
let g:NERDTreeMapOpenInTabSilent = '<RightMouse>'
let g:NERDTreeWinSize = 50
set wildignore+=*/tmp/*,*.so,*.swp,*.zip,*.pyc,*.db,*.sqlite
nnoremap <silent> <F1> :NERDTreeFind<CR>
nnoremap <silent> <F2> :NERDTreeToggle<CR>
" open terminal emulation
nnoremap <silent> <leader>sh :terminal<CR>:startinsert<CR>
"*****************************************************************************
"" Autocmd Rules
"*****************************************************************************
"" The PC is fast enough, do syntax highlight syncing from start unless 200 lines
augroup vimrc-sync-fromstart
autocmd!
autocmd BufEnter * :syntax sync maxlines=200
augroup END
" Nasm filetype
augroup nasm
autocmd!
autocmd BufRead,BufNewFile *.nasm set ft=nasm
augroup END
" Binary filetype
augroup Binary
au!
au BufReadPre *.bin,*.exe,*.elf let &bin=1
au BufReadPost *.bin,*.exe,*.elf if &bin | %!xxd
au BufReadPost *.bin,*.exe,*.elf set ft=xxd | endif
au BufWritePre *.bin,*.exe,*.elf if &bin | %!xxd -r
au BufWritePre *.bin,*.exe,*.elf endif
au BufWritePost *.bin,*.exe,*.elf if &bin | %!xxd
au BufWritePost *.bin,*.exe,*.elf set nomod | endif
augroup END
" Binary filetype
augroup fasm
au!
au BufReadPost *.fasm set ft=fasm
augroup END
augroup deoplete-update
autocmd!
autocmd VimEnter * UpdateRemotePlugin
augroup END
"" Remember cursor position
augroup vimrc-remember-cursor-position
autocmd!
autocmd BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
augroup END
"" txt
" augroup vimrc-wrapping
" autocmd!
" autocmd BufRead,BufNewFile *.txt call s:setupWrapping()
" augroup END
"" make/cmake
augroup vimrc-make-cmake
autocmd!
autocmd FileType make setlocal noexpandtab
autocmd BufNewFile,BufRead CMakeLists.txt setlocal filetype=cmake
augroup END
set autoread
"*****************************************************************************
"" Mappings
"*****************************************************************************
" Split
noremap <Leader>h :<C-u>split<CR>
noremap <Leader>v :<C-u>vsplit<CR>
" Git
noremap <Leader>ga :Gwrite<CR>
noremap <Leader>gc :Gcommit<CR>
noremap <Leader>gsh :Gpush<CR>
noremap <Leader>gll :Gpull<CR>
noremap <Leader>gs :Gstatus<CR>
noremap <Leader>gb :Gblame<CR>
noremap <Leader>gd :Gvdiff<CR>
noremap <Leader>gr :Gremove<CR>
" Tabs
nnoremap <Tab> gt
nnoremap <S-Tab> gT
nnoremap <silent> <S-t> :tabnew<CR>
" Set working directory
nnoremap <leader>. :lcd %:p:h<CR>
" Opens an edit command with the path of the currently edited file filled in
noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR>
" Opens a tab edit command with the path of the currently edited file filled
noremap <Leader>te :tabe <C-R>=expand("%:p:h") . "/" <CR>
" Tagbar
nmap <silent> <F3> :TagbarToggle<CR>
let g:tagbar_autofocus = 1
" Copy/Paste/Cut
set clipboard^=unnamed,unnamedplus
noremap YY "+y<CR>
noremap <leader>p "+gP<CR>
noremap XX "+x<CR>
" Enable mouse for vim
set mouse=a
" Buffer nav
noremap <leader>z :bp<CR>
noremap <leader>q :bp<CR>
noremap <leader>x :bn<CR>
noremap <leader>w :bn<CR>
" Close buffer
noremap <leader>c :bd<CR>
" Clean search (highlight)
nnoremap <silent> <leader><space> :noh<cr>
" Switching windows
noremap <C-j> <C-w>j
noremap <C-k> <C-w>k
noremap <C-l> <C-w>l
noremap <C-h> <C-w>h
" Vmap for maintain Visual Mode after shifting > and <
vmap < <gv
vmap > >gv
" Move visual block
vnoremap J :m '>+1<CR>gv=gv
vnoremap K :m '<-2<CR>gv=gv
" Open current line on GitHub
nnoremap <Leader>o :.Gbrowse<CR>
" Save on strg+s if not in paste mode
nmap <c-s> :w<CR>
vmap <c-s> <Esc><c-s>gv
imap <c-s> <Esc><c-s>
" Quit on strg+q in normal mode
nnoremap <c-q> :q<cr>
" Strg+d to replace word under cursor
nnoremap <c-d> :%s/\<<C-r><C-w>\>//g<Left><Left>
" Strg+f ro find word under cursor
nnoremap <c-f> :/<C-r><C-w><Left><Left>
" Remove unneccessary spaces
nnoremap <silent> <F5> :let _s=@/ <Bar> :%s/\s\+$//e <Bar> :let @/=_s <Bar> :nohl <Bar> :unlet _s <CR>
" Reindent whole file with F6
map <F6> mzgg=G`z
" Toggle location list
nmap <silent> <F4> :call ToggleList("Quickfix List", 'c')<CR>
" Replacing text in visual mode doesn't copy it anymore
xmap p <Plug>ReplaceWithRegisterVisual
xmap <MiddleMouse> <Plug>ReplaceWithRegisterVisual
" ALE mappings
nmap <Leader>i <Plug>(ale_hover)
nmap <Leader>d <Plug>(ale_go_to_definition_in_tab)
nmap <Leader>rf <Plug>(ale_find_references)
nmap <silent><F7> <Plug>(ale_fix)
" Vim-Go mappings
au FileType go nmap <Leader>i :GoDoc<cr>
au FileType go nmap <Leader>d :GoDef<cr>
au FileType go nmap <Leader>rf :GoReferrers<cr>
"" Opens an edit command with the path of the currently edited file filled in
noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR>
" Use tab for navigatin in autocompletion window
inoremap <expr> <Tab> pumvisible() ? "\<C-n>" : "\<Tab>"
inoremap <expr> <S-Tab> pumvisible() ? "\<C-p>" : "\<S-Tab>"
"*****************************************************************************
"" Plugin settings
"*****************************************************************************
" vim-airline
set statusline+=%{fugitive#statusline()}
let g:airline_theme = 'powerlineish'
let g:airline#extensions#syntastic#enabled = 1
let g:airline#extensions#branch#enabled = 1
let g:airline#extensions#tabline#enabled = 1
let g:airline#extensions#tagbar#enabled = 1
let g:airline_skip_empty_sections = 1
let g:airline#extensions#ale#enabled = 1
" show indent lines
let g:indent_guides_enable_on_vim_startup = 1
let g:indent_guides_auto_colors = 0
hi IndentGuidesOdd ctermbg=235
hi IndentGuidesEven ctermbg=235
let g:indent_guides_guide_size = 1
let g:indent_guides_start_level = 2
" Enable autocompletion
let g:deoplete#enable_at_startup = 1
set completeopt-=preview
" Ale no preview on hover
let g:ale_close_preview_on_insert = 0
let g:ale_cursor_detail = 0
" Ale skip if file size over 2G
let g:ale_maximum_file_size = "2147483648"
" Ale to loclist and quickfix
let g:ale_set_quickfix = 1
" let g:ale_set_loclist = 1
" Ale language server
let g:ale_linters = {
\ 'python': ['pyls'],
\ 'c': ['cquery'],
\ 'cpp': ['cquery'],
\ 'xml': ['xmllint']
\ }
" ALE fixers
let g:ale_fixers = { '*': ['remove_trailing_lines', 'trim_whitespace'] }
let g:ale_fixers.python = ['black']
let g:ale_fixers.go = ['gofmt']
let g:ale_fixers.c = ['clang-format']
let g:ale_fixers.cpp = ['clang-format']
let g:ale_fixers.json = ['jq']
let g:ale_fixers.xml = ['xmllint']
let g:ale_completion_enabled = 1
let g:ale_sign_error = ''
let g:ale_sign_warning = '⚠'
let g:ale_lint_on_insert_leave = 1
" Vim-Go Settings
let g:go_auto_sameids = 1
let g:go_fmt_command = "goimports"
let g:go_auto_type_info = 1
" Disable syntastic for langserver supported languages
let g:syntastic_mode_map = {
\ "mode": "active",
\ "passive_filetypes": ["go", "python", "c", "cpp", "xml" ]
\ }
let g:syntastic_always_populate_loc_list = 1
let g:syntastic_auto_loc_list = 2
let g:syntastic_aggregate_errors = 1
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
let g:syntastic_error_symbol='✗'
let g:syntastic_warning_symbol='⚠'
let g:syntastic_style_error_symbol = '✗'
let g:syntastic_style_warning_symbol = '⚠'
"*****************************************************************************
"" Shortcuts overview
"*****************************************************************************
" Shortcuts overview
" F1 --> Filetree find
" F2 --> Filetree toggle
" F3 --> Function overview
" F4 --> Toggle error bar
" F5 --> Remove trailing whitespaces
" F6 --> Reindent whole file
" F7 --> Format and lint file
" ,i --> Information about function
" ,d --> Jump to definition
" ,r --> Rename in all occurences
" ,rf --> Find references of function/variable
" ,e --> Change current file
" ,te --> Open file in new tab
" strg+f --> Find current selected word
" strg+d --> Replace current selected word
" strg+s --> Save file
" strg+q --> Close current file
" space+, --> Stop highlighting words after search

70
mb/2configs/nvim.nix Normal file
View File

@ -0,0 +1,70 @@
{ pkgs, config, ... }: let
#unstable = import <nixos-unstable> { };
in
{
environment.variables = {
EDITOR = ["nvim"];
};
nixpkgs.config.packageOverrides = pkgs: with pkgs;{
neovim_custom = neovim.override {
configure = {
customRC = builtins.readFile ./neovimrc;
packages.myVimPackage = with pkgs.vimPlugins;
{
# loaded on launch
start = [
nerdtree # file manager
commentary # comment stuff out based on language
fugitive # full git integration
vim-airline-themes # lean & mean status/tabline
vim-airline # status bar
gitgutter # git diff in the gutter (sign column)
vim-trailing-whitespace # trailing whitspaces in red
tagbar # F3 function overview
syntastic # Fallback to singlethreaded but huge syntax support
ReplaceWithRegister # For better copying/replacing
polyglot # Language pack
vim-indent-guides # for displaying indent levels
ale # threaded language client
vim-go # go linting
deoplete-go # go autocompletion completion
deoplete-nvim # general autocompletion
molokai # color scheme
];
# manually loadable by calling `:packadd $plugin-name`
opt = [];
};
};
};
};
environment.systemPackages = with pkgs; [
ctags
neovim_custom
jq # For fixing json files
xxd # .bin files will be displayed with xxd
shellcheck # Shell linting
ansible-lint # Ansible linting
unzip # To vim into unzipped files
nodePackages.jsonlint # json linting
#python36Packages.python-language-server # python linting
#python36Packages.pyls-mypy # Python static type checker
#python36Packages.black # Python code formatter
#python37Packages.yamllint # For linting yaml files
#python37Packages.libxml2 # For fixing yaml files
cquery # C/C++ support
clang-tools # C++ fixer
];
fonts = {
fonts = with pkgs; [
font-awesome_5
];
};
}

View File

@ -0,0 +1,19 @@
# Common configuration for virtual machines running under QEMU (using
# virtio).
{ ... }:
{
boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ];
boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ];
boot.initrd.postDeviceCommands =
''
# Set the system time from the hardware clock to work around a
# bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
# to the *boot time* of the host).
hwclock -s
'';
security.rngd.enable = false;
}