summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2019-11-24 18:15:14 +0100
committerlassulus <lassulus@lassul.us>2019-11-24 18:17:31 +0100
commit5fa963b6bc879e1307978234c884e3a88d88c7a5 (patch)
tree00a639640861ca9f8889a69892a3cb43f8cac97c
parent1144633bd009f24180067e93f1e7fdc0deb41a8c (diff)
delete mbmb-rip
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/mb/default.nix151
-rw-r--r--mb/1systems/gr33n/configuration.nix144
-rw-r--r--mb/1systems/gr33n/hardware-configuration.nix37
-rw-r--r--mb/1systems/orange/configuration.nix238
-rw-r--r--mb/1systems/orange/hardware-configuration.nix28
-rw-r--r--mb/1systems/p1nk/configuration.nix227
-rw-r--r--mb/1systems/p1nk/hardware-configuration.nix29
-rw-r--r--mb/1systems/rofl/configuration.nix103
-rw-r--r--mb/1systems/sunsh1n3/configuration.nix181
-rw-r--r--mb/1systems/sunsh1n3/hardware-configuration.nix29
-rw-r--r--mb/2configs/default.nix222
-rw-r--r--mb/2configs/google-compute-config.nix231
-rw-r--r--mb/2configs/headless.nix25
-rw-r--r--mb/2configs/neovimrc446
-rw-r--r--mb/2configs/nvim.nix70
-rw-r--r--mb/2configs/qemu-guest.nix19
-rw-r--r--mb/2configs/retiolum.nix33
-rw-r--r--mb/2configs/tests/dummy-secrets/retiolum.rsa4
-rw-r--r--mb/3modules/default.nix6
-rw-r--r--mb/3modules/hosts.nix12
-rw-r--r--mb/5pkgs/default.nix11
-rw-r--r--mb/default.nix14
-rw-r--r--mb/krops.nix54
24 files changed, 0 insertions, 2315 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index c770391c..fcdbcbc1 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -103,7 +103,6 @@ let
{ krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; }
- { krebs = import ./mb { inherit config; }; }
{ krebs = import ./nin { inherit config; }; }
{ krebs = import ./external/palo.nix { inherit config; }; }
{ krebs = import ./tv { inherit config; }; }
diff --git a/krebs/3modules/mb/default.nix b/krebs/3modules/mb/default.nix
deleted file mode 100644
index 31e01c4a..00000000
--- a/krebs/3modules/mb/default.nix
+++ /dev/null
@@ -1,151 +0,0 @@
-with import <stockholm/lib>;
-{ config, ... }: let
-
- hostDefaults = hostName: host: flip recursiveUpdate host {
- ci = true;
- owner = config.krebs.users.mb;
- };
-
-in {
- hosts = mapAttrs hostDefaults {
- orange = {
- nets = {
- retiolum = {
- ip4.addr = "10.243.42.23";
- aliases = [
- "orange.r"
- "or4ng3.r"
- "0r4n93.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7P0CkmC5HWnTdgGFzmA
- zQuJzHSkSjcGgSkIt0pvqU6xi8P/d4eJlmeXeGTpH62JfM1xhEMpxMVd/4NOON2u
- IlWnfu5bB763145IJwE0HmZziWjQXWRPAZMqYdQ5f2Pvmxv1yr3uBNzr8UlV6BjD
- FXn8sCvikXttYzts9szlz5+pkY09qfiz48+DMzRBNO6JzXYQ9kPyS+TIXlGpN4Jp
- C1TRF38eF2DTEZ58Yx8Z99dGrXVuqlSe77fehTQGxCckTpaZ0HS3XfZNa/cas8JY
- /0RzH2n2AndnPirISDZ7r4ZIFuKAaivqaEkM8v7llI77URVB9ZJb/IqCrBzueAbt
- V/5ts2HpfBAUhw0RoiH8ql+IQZsuSOpRUC2gUN8460V4SQkVtDcsVTENiD+NM5Mg
- ImBv041CsW/rSJOilT2r/rWDN8RFnz/RrAQn+L31KXr81kg1TOLxO0ybs/eMJM3r
- RnHFZPiiKdqPlA60g0AnzKXPR2JTszHIgHHoRUW16I1WJeuAJNjg0JDQ0JM7pZ27
- JEaCc7uR12TPiuExKaNEaxKZVY1J0hzxOzF2MFIbAMVz/3K2ycvvuLxKojqIAXxA
- D+UtcOfJ62k2WnLXOEIZqFU0J2bvhxYUZOFS55wIn1UJF7hemD/LUFHBiWnuhwHk
- TAEl8M851t+Zp3hZeJzgx2kCAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- rofl = {
- nets = {
- retiolum = {
- ip4.addr = "10.243.42.43";
- aliases = [
- "rofl.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnysdVVwxkmSroNUleYZm
- xdaIB9EdZYCo2xj3WyhsD2lWMpj51FzSH6Y052Vy1V1TCuIXIwjidpmMohBvflG8
- txKCaBGQOZbVqRgzyCDXsNisbr05ayYuHcRrXTpn5ask4HN0Vtx2uJOn8YmOxA0D
- VhyEnf8xWu+vi8dwDqRVR17QnPBYqgenzIBmAuRngvNqg6WZg+E9X2e1Dco/PMzb
- VW0AgC2+zFCl4+G7dEW7uhsI6IJLy4LsJuEN4TlvWAf7tfdFEnBzTfODW8quGdts
- 1Yzah4svPNNt9F1ZhOR/1bDsfVoOjI76BgB0G+ZZPQAGV1zxgn8DXSKi/tJTLNu1
- vj/n9sUJfXMYQdTAOkABghCyEDFUspPKCffQqUXUcJbLKY9fNssGGBeanMsobUQC
- Ch9z7kIJ52JDcP/D58z9Yf62P5ENqXzeVPCcodIOey1EizOu/FH3jVo52we1M5sp
- 1iM4hMc3ZINUBI9AA1nLWWlB3lBnErAXrhmMMHjcO4nO7/M0YU+EalkDB5eIhqiH
- QJx7VnOE2UZYU9Y0vVNSWfYocU12aABK98T7lr5Tde4dI1J81sk2MUZcbNHger3f
- NxpvNzOBpeC5xvq/ENCRR7MDf/59xWW5P5N7PbGprLQAi8cfdSoIEhSPz17Taq1f
- 3aAAePgBsZvRQozxXZfqp58CAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- p1nk = {
- nets = {
- retiolum = {
- ip4.addr = "10.243.42.42";
- aliases = [
- "p1nk.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5YVML71oW3iJrzZKuX48
- AKrGitO5zNvsAHOI8BVsGfZTyxAAZgG4OaDX45kr27K39NcBU43LdDD0I1yjNvGe
- zAoL5MIiCPD/QR1kAvLmgpMUSqOVvrk+uoGLVt6dOGvxlOiG1AAaN0gA8Q0B/jZV
- 4tZlBpZ7MX9xeK10wqVT56msN69P3EzKQn1uoVRrBxEnNvI1iqmmkgMLcrFVJFBQ
- 888Uuw9Hx5MO7ES/ATe8mt0zReUGvn91jYVVsPpmAopWnjCol271gflY0RomFXKy
- XaIuvbeF+3otF0+MNqJfm4IsAKJjvl92pjVX0f0eBCSPCYR7D1EtgQrqflLkZKZ8
- jBGDlgpsFWt/Omz1BYcuGZU/djM4+SNxr4YRYMi3lMix3s2PmHvm304I7eEEBlC9
- qy1jq/sLaf8mHJrF6Htl7W5WS/Famkwv/VreI92iHrhsmIDiX7OIbXzYDCxT/PQa
- 6uCm/3jIbcHG/ZHZ12H6thkafK0Aoe009+p1n+5Y7V2oNvYe3KzZTnCN5t6z1QHZ
- V5iypsd6lNDzlodjleTgGK8FmHGRPRdq1wb3eOLE8mWZj7ygDT50FwaC8FzAcHgC
- bLN/zlHvCbYmk9IJhktO3B6wtMrZl60+XCpb5rTulM94RirifFYsnTIDJApI11yb
- 3AYi5dQXHjab/lvj6917xa0CAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- gr33n = {
- nets = {
- retiolum = {
- ip4.addr = "10.243.42.123";
- aliases = [
- "gr33n.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvcqecLfk8TlGFF7JJpv8
- kjLFNgoNfu9FYRMNG4GSxWL5w+49n6b+GC5ciOC+RJ+N56jfB9JYE0MtbuOmkY5M
- JUphuvgOCNhTbBJsjnmG9n02evpxZn9HWypNC3oQCvY2K7vHpIxGKR5PyTVKPO0P
- OOYKAbCLD9F2bmuLaBQ/dFXFQxfu3tjvJI9mYDWBpSkh1mYeMZLw2xxnRZLs0bEO
- ZWdzxCh9UM/mgb4WYuNED9+sz7MSsaMPAqquarFCguUxhjp6rElGFcNWjXaxA5zt
- JGS6VompUViVSHjSaQ5/3VRKoIQjr4NOFYQqLpmB5S2OpiggV6I9OpB7QUGlvcYd
- I3j+1AeK11HuEyPqSwxjNCCrI12bSIo3685BPHbl+AMhWGhzrCkAGcOCbAefreXQ
- 5v4SaKUIDlCYhN+vyNdlu2jvqQlxfJrPAfBt+jJBK6gMcAEKc7P/Oj4B9Fsl331X
- s0kWH5G9t6OhO/Of8/kb2/P+YEbM6zi1QQdZAOr6Cg0y4cMt9zxLWknaM4yEDAXH
- oSM33PTv9DOvBjfxRXqOHqOHRq5ayqZdIFgfLUlPTdbWRkhNzjG8f7k7p32m20A6
- Kal+OF//I2c9E9vKFzyepyTcnwi3B8+cFJ74+XYaNApdwHSb1BU/+c3O9RJExZGV
- jtTSbSJHU5esECtAuXy1XH8CAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- sunsh1n3 = {
- ci = false;
- nets = {
- retiolum = {
- ip4.addr = "10.243.42.142";
- aliases = [
- "sunsh1n3.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo2VCqp6mUbyo3n+1XpKf
- QavpgRYQyv9wAZzYSYHjxThuLmNb/wERPbWJFMZfAGuku0blKWJISSgFWd9YL7dU
- pZQZxfqo/9xnS/r0xIKrKSsBiTZt7JZmTQzj1ri11TIO0S1QPjIP5HsxlZZAw0nz
- idEDlKmgWs74FPdezlXqvJyEUKDqL/ZQBtdhZZIDMkSJnCdBzXxKwv+uLVE46ZBf
- 4HrtQjcj+dyVMogMIoseAgf5lS6V3pyCM7/NHZFxrIxoIAxSsUoB59i2EbK6aUK5
- yuiWHI6ZHToxN2K/0SX96hzxcwrUmdk49tTHBY0Zhn2ku6NjQPU3LuxgIwrSaSJD
- /KWh6XkqR7EsCVN0AIsLvFelI2ckSyNyAlnYbMAHDt7GwHlNp4Lsy+x4ZQ6m0xTY
- Z+/jt6sfoMiulPcwWEpqNCCf5A65lF77DldQhH3qYrdQ756n/kOqSfQtPCnVNYXy
- LlN5rKCOgxKxxtKkwMUif2OM9RPHpM7wS09Rvek6zpL9ymhU5THF7UylLKxKGjYj
- 6dTooyRVQRJdrwIYLrJIy0MfGyYiGAJxf/C0KOOZnJPCW2b51+bo5Zh+BhKZYN8H
- C2DEGc8+4h5hX1TAaUfTpfVm3mMTh8H2m9N8Pdl5ji+A0m0IwHDLQyaoskcxSjvU
- 9IxYLfkSD6AJqasnHlz0L08CAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- };
- users = {
- mb = {
- mail = "mb0@codemonkey.cc";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCHAdKGHP/De/GLEsPo5RBfbaiiitMw4Y/akOekJbImswT6Np2lzqno/WBJcfVs3D39wgPKNld4P/QZc5IwxC26q/PnBFu93KES0GqnlAqUNE63IOJ8UzNdyEqWggnRiLrBU+ZgyFZvmqp6NoSO4YEGEK4RZRMJM/GcAuQMj/nGjx2AHwPGZCkIRgz8/ctBOzX1/knZd3cOnNowH1wlqUKX6UcEzJdAVDQijHF1wl0Ri8tJKq9u8s/fw+1PSOpOHaeF1BALsXSKgeJDqUCTnZW5mAVUWJ86LvvyfCP4In9lhhLisbDm2cD96QaVvJyV6HfmegdSxZ1Phh+9Qz+3WhDJRedBTSKWfK/9j7VWSb+z/KV37q72W25ZfFMSay58LmCqn3v5fGt9qj4nlPw0By4baGLiGlA7xyvkJfdt8ZVPps5d2g6UprTbSA79lYN4qtWKq2Z9t317xch7Lix6EunQcoTkJ6QXEbDrAIk3zvkWr/CtpwEhNcSdWvQsua42dkD2oOI2F2IgFyYgOx9Iba2yj8A0TD2iqfYVhsJIYuk12QfeaR7ovQ6DhHlUxyQzeF6h0Y+I4AN6Sq/Mmj/cxfQoIaAEybUQMX+7KjFceIszT3JbGlz7DCxi7DMmNYuc7LELMRG3jNAOk+fW8u42Bhgc44tzvAondojerUGqCbUDw== mb0@codemonkey.cc";
- };
- };
-}
diff --git a/mb/1systems/gr33n/configuration.nix b/mb/1systems/gr33n/configuration.nix
deleted file mode 100644
index dcf98779..00000000
--- a/mb/1systems/gr33n/configuration.nix
+++ /dev/null
@@ -1,144 +0,0 @@
-{ config, pkgs, callPackage, ... }: let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- <stockholm/mb>
- ];
-
- krebs.build.host = config.krebs.hosts.gr33n;
-
- boot.kernelPackages = pkgs.linuxPackages_latest;
- boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ];
-
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
- fileSystems."/mnt/public" = {
- device = "//192.168.0.4/public";
- fsType = "cifs";
- options = let
- automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
- in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
- };
-
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "de";
- defaultLocale = "en_US.UTF-8";
- };
-
- time.timeZone = "Europe/Berlin";
-
- nixpkgs.config.allowUnfree = true;
-
- nixpkgs.config.packageOverrides = super: {
- openvpn = super.openvpn.override {
- pkcs11Support = true;
- useSystemd = false;
- };
- };
-
- environment.shellAliases = {
- ll = "ls -alh";
- ls = "ls --color=tty";
- };
-
- environment.systemPackages = with pkgs; [
- curl
- fish
- git
- htop
- nmap
- ranger
- tcpdump
- tmux
- traceroute
- tree
- vim
- wcalc
- wget
- xz
- zbackup
- ];
-
- programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
-
- sound.enable = false;
-
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
-
- services.codimd = {
- enable = true;
- workDir = "/storage/codimd";
- configuration = {
- port = 1337;
- host = "0.0.0.0";
- db = {
- dialect = "sqlite";
- storage = "/storage/codimd/db.codimd.sqlite";
- };
- };
- };
-
- networking.wireless.enable = false;
- networking.networkmanager.enable = false;
- krebs.iptables.enable = true;
- networking.enableIPv6 = false;
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- nix.buildCores = 4;
- system.autoUpgrade.enable = false;
- system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
- system.stateVersion = "19.03";
-
-}
diff --git a/mb/1systems/gr33n/hardware-configuration.nix b/mb/1systems/gr33n/hardware-configuration.nix
deleted file mode 100644
index 1d13b8dc..00000000
--- a/mb/1systems/gr33n/hardware-configuration.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- boot.initrd.mdadmConf = ''
- ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 name=gr33n:0 UUID=5b715fd9:0be6bfa6:19f07db4:c16836d6
- devices=/dev/sda1,/dev/sdb1,/dev/sdc1,/dev/sdd1
- '';
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/a9f2c19b-f60f-450c-87f1-146a54c4198b";
- fsType = "ext4";
- };
- fileSystems."/storage" =
- { device = "/dev/disk/by-label/storage";
- fsType = "ext4";
- };
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/93EB-BCA3";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/mb/1systems/orange/configuration.nix b/mb/1systems/orange/configuration.nix
deleted file mode 100644
index b43bd8a0..00000000
--- a/mb/1systems/orange/configuration.nix
+++ /dev/null
@@ -1,238 +0,0 @@
-{ config, pkgs, callPackage, ... }: let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- <stockholm/mb>
- <stockholm/mb/2configs/nvim.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.orange;
-
- boot.kernelPackages = pkgs.linuxPackages_latest;
- boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ];
-
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- boot.initrd.luks.devices = [
- {
- name = "root";
- device = "/dev/disk/by-uuid/09a36f91-a713-4b82-8b41-4e7a6acc4acf";
- preLVM = true;
- allowDiscards = true;
- }
- ];
-
- fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
- fileSystems."/mnt/public" = {
- device = "//192.168.0.4/public";
- fsType = "cifs";
- options = let
- automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
- in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
- };
-
-
- # Select internationalisation properties.
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "de";
- defaultLocale = "en_US.UTF-8";
- };
-
- time.timeZone = "Europe/Berlin";
-
- nixpkgs.config.packageOverrides = super: {
- openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; };
- };
-
- nixpkgs.config.allowUnfree = true;
-
- fonts = {
- enableCoreFonts = true;
- enableGhostscriptFonts = true;
- fonts = with pkgs; [
- anonymousPro
- corefonts
- dejavu_fonts
- envypn-font
- fira
- gentium
- gohufont
- inconsolata
- liberation_ttf
- powerline-fonts
- source-code-pro
- terminus_font
- ttf_bitstream_vera
- ubuntu_font_family
- unifont
- unstable.cherry
- xorg.fontbitstream100dpi
- xorg.fontbitstream75dpi
- xorg.fontbitstreamtype1
- ];
- };
-
- environment.systemPackages = with pkgs; [
- adapta-gtk-theme
- aircrackng
- ag
- arandr
- binutils
- chromium
- cifs-utils
- curl
- evince
- exfat
- feh
- file
- firefox
- freetype
- gimp
- git
- gnupg
- graphite2
- hicolor_icon_theme
- htop
- i3lock
- jq
- keepassx2
- kvm
- lxappearance
- man-pages
- moc
- mpv
- mpvc
- mupdf
- ncdu
- nmap
- openvpn
- pass
- p7zip
- powertop
- ranger
- rofi
- sshfs
- tcpdump
- tmux
- traceroute
- tree
- unstable.alacritty
- unstable.ponyc
- unstable.sublime3
- unstable.youtube-dl
- virt-viewer
- virtmanager
- vulnix
- wcalc
- wget
- xz
- zbackup
- ];
-
- environment.variables = {
- EDITOR = ["nvim"];
- };
-
- environment.shellAliases = {
- ll = "ls -alh";
- ls = "ls --color=tty";
- };
-
- virtualisation.libvirtd.enable = true;
- #virtualisation.kvmgt.enable = true;
-
- programs.gnupg.agent = {
- enable = true;
- enableSSHSupport = true;
- };
-
- sound.enable = true;
- hardware.pulseaudio.enable = true;
- hardware.pulseaudio.support32Bit = true;
- nixpkgs.config.pulseaudio = true;
-
- services.xserver = {
- enable = true;
- layout = "de";
- xkbVariant = "nodeadkeys";
- libinput.enable = true;
- desktopManager = {
- default = "xfce";
- xterm.enable = false;
- xfce = {
- enable = true;
- noDesktop = true;
- enableXfwm = false;
- };
- };
- windowManager.ratpoison.enable = true;
- };
-
- services.openssh.enable = true;
- #services.openssh.permitRootLogin = "yes";
- services.openssh.passwordAuthentication = false;
-
- networking.wireless.enable = false;
- networking.networkmanager.enable = false;
- krebs.iptables.enable = true;
- #networking.nameservers = [ "8.8.8.8" "141.1.1.1" ];
- networking.enableIPv6 = false;
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- nix.maxJobs = 4;
- nix.buildCores = 4;
- system.autoUpgrade.enable = false;
- system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
- system.stateVersion = "19.03";
-
-}
diff --git a/mb/1systems/orange/hardware-configuration.nix b/mb/1systems/orange/hardware-configuration.nix
deleted file mode 100644
index 8aa19126..00000000
--- a/mb/1systems/orange/hardware-configuration.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
- boot.kernelModules = [ "kvm-amd" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/b1d32c54-35f8-4bf1-9fd2-82adc760af01";
- fsType = "btrfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/BF9B-03A2";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
-}
diff --git a/mb/1systems/p1nk/configuration.nix b/mb/1systems/p1nk/configuration.nix
deleted file mode 100644
index 19efc75b..00000000
--- a/mb/1systems/p1nk/configuration.nix
+++ /dev/null
@@ -1,227 +0,0 @@
-{ config, pkgs, callPackage, ... }: let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- <stockholm/mb>
- <stockholm/mb/2configs/nvim.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.p1nk;
-
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- boot.initrd.luks.devices = [
- {
- name = "root";
- device = "/dev/disk/by-uuid/0392257b-f6cf-484d-8c46-e20aab4fddb7";
- preLVM = true;
- allowDiscards = true;
- }
- ];
- fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
- fileSystems."/mnt/public" = {
- device = "//192.168.0.4/public";
- fsType = "cifs";
- options = let
- automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
- in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
- };
-
-
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "de";
- defaultLocale = "en_US.UTF-8";
- };
-
- time.timeZone = "Europe/Berlin";
-
- fonts = {
- enableCoreFonts = true;
- enableGhostscriptFonts = true;
- fonts = with pkgs; [
- anonymousPro
- corefonts
- dejavu_fonts
- envypn-font
- fira
- gentium
- gohufont
- inconsolata
- liberation_ttf
- powerline-fonts
- source-code-pro
- terminus_font
- ttf_bitstream_vera
- ubuntu_font_family
- unifont
- unstable.cherry
- xorg.fontbitstream100dpi
- xorg.fontbitstream75dpi
- xorg.fontbitstreamtype1
- ];
- };
-
- nixpkgs.config.packageOverrides = super: {
- openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; };
- };
-
- nixpkgs.config.allowUnfree = true;
-
- environment.systemPackages = with pkgs; [
- adapta-gtk-theme
- aircrackng
- ag
- arandr
- binutils
- chromium
- cifs-utils
- curl
- evince
- exfat
- feh
- file
- firefox
- freetype
- gimp
- git
- gnupg
- graphite2
- hicolor_icon_theme
- htop
- i3lock
- jq
- keepassx2
- kvm
- lxappearance
- man-pages
- moc
- mpv
- mpvc
- mupdf
- ncdu
- nmap
- openvpn
- pass
- p7zip
- powertop
- ranger
- rofi
- sshfs
- tcpdump
- tmux
- traceroute
- tree
- unstable.alacritty
- unstable.ponyc
- unstable.sublime3
- youtube-dl
- virt-viewer
- virtmanager
- vulnix
- wcalc
- wget
- xz
- zbackup
- ];
-
- environment.shellAliases = {
- ll = "ls -alh";
- ls = "ls --color=tty";
- };
-
- virtualisation.libvirtd.enable = true;
- virtualisation.kvmgt.enable = true;
-
- programs.gnupg.agent = {
- enable = true;
- enableSSHSupport = true;
- };
-
- sound.enable = true;
- hardware.pulseaudio.enable = true;
- hardware.pulseaudio.support32Bit = true;
-
- services.xserver = {
- enable = true;
- layout = "de";
- xkbOptions = "nodeadkeys";
- libinput.enable = true;
- desktopManager = {
- default = "xfce";
- xterm.enable = false;
- xfce = {
- enable = true;
- noDesktop = true;
- enableXfwm = false;
- };
- };
- windowManager.ratpoison.enable = true;
- windowManager.pekwm.enable = true;
- };
-
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
-
- krebs.iptables.enable = true;
- networking.networkmanager.enable = false;
- networking.wireless.enable = true;
- networking.nameservers = [ "8.8.8.8" "141.1.1.1" ];
- networking.enableIPv6 = false;
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color magenta) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- nix.maxJobs = 4;
- nix.buildCores = 4;
- system.autoUpgrade.enable = false;
- system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
- system.stateVersion = "19.03";
-
-}
diff --git a/mb/1systems/p1nk/hardware-configuration.nix b/mb/1systems/p1nk/hardware-configuration.nix
deleted file mode 100644
index ab5b6e20..00000000
--- a/mb/1systems/p1nk/hardware-configuration.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/4cc2add6-ed19-4685-bbd9-b992bd8d51fb";
- fsType = "btrfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/9F87-AEAA";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/mb/1systems/rofl/configuration.nix b/mb/1systems/rofl/configuration.nix
deleted file mode 100644
index 3c5c56c8..00000000
--- a/mb/1systems/rofl/configuration.nix
+++ /dev/null
@@ -1,103 +0,0 @@
-{ config, pkgs, callPackage, ... }: let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in {
- imports =
- [ # Include the results of the hardware scan.
- <stockholm/mb/2configs/google-compute-config.nix>
- <stockholm/mb>
- ];
-
- krebs.build.host = config.krebs.hosts.rofl;
-
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "de";
- defaultLocale = "en_US.UTF-8";
- };
-
- time.timeZone = "Europe/Berlin";
-
- nixpkgs.config.allowUnfree = true;
-
- environment.shellAliases = {
- ll = "ls -alh";
- ls = "ls --color=tty";
- };
-
- environment.systemPackages = with pkgs; [
- curl
- fish
- git
- htop
- nmap
- ranger
- tcpdump
- tmux
- traceroute
- tree
- vim
- xz
- zbackup
- ];
-
- sound.enable = false;
-
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
-
- networking.wireless.enable = false;
- networking.networkmanager.enable = false;
- krebs.iptables.enable = true;
- networking.enableIPv6 = false;
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- system.autoUpgrade.enable = false;
- system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
- system.stateVersion = "19.03";
-
-}
diff --git a/mb/1systems/sunsh1n3/configuration.nix b/mb/1systems/sunsh1n3/configuration.nix
deleted file mode 100644
index 633d122e..00000000
--- a/mb/1systems/sunsh1n3/configuration.nix
+++ /dev/null
@@ -1,181 +0,0 @@
-
-{ config, pkgs, ... }: let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- <stockholm/mb>
- ];
-
- krebs.build.host = config.krebs.hosts.sunsh1n3;
-
- boot.kernelPackages = pkgs.linuxPackages_latest;
-
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
-
- boot.initrd.luks.devices = [
- {
- name = "root";
- device = "/dev/disk/by-uuid/5354ba31-c7de-4b55-8f86-a2a437dfbb21";
- preLVM = true;
- allowDiscards = true;
- }
- ];
-
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "de";
- defaultLocale = "en_US.UTF-8";
- };
-
- time.timeZone = "Europe/Berlin";
-
- nixpkgs.config.packageOverrides = super : {
- openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = true ; };
- };
-
- nixpkgs.config.allowUnfree = true;
-
- fonts = {
- enableCoreFonts = true;
- enableGhostscriptFonts = true;
- fonts = with pkgs; [
- anonymousPro
- corefonts
- dejavu_fonts
- envypn-font
- fira
- gentium
- gohufont
- inconsolata
- liberation_ttf
- powerline-fonts
- source-code-pro
- terminus_font
- ttf_bitstream_vera
- ubuntu_font_family
- unifont
- unstable.cherry
- xorg.fontbitstream100dpi
- xorg.fontbitstream75dpi
- xorg.fontbitstreamtype1
- ];
- };
-
- environment.systemPackages = with pkgs; [
- wget vim git curl fish
- ag
- chromium
- firefox
- gimp
- p7zip
- htop
- mpv
- mpvc
- nmap
- ntfs3g
- keepassx2
- sshfs
- #unstable.skrooge
- skrooge
- unstable.alacritty
- tmux
- tree
- wcalc
- virtmanager
- virt-viewer
- (wine.override { wineBuild = "wineWow"; })
- xz
- zbackup
- ];
-
- virtualisation.libvirtd.enable = true;
- virtualisation.kvmgt.enable = true;
-
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.mtr.enable = true;
-
- programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
- programs.dconf.enable = true;
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
-
- krebs.iptables.enable = true;
- #networking.wireless.enable = true;
- networking.networkmanager.enable = true;
- networking.enableIPv6 = false;
-
- # Enable sound.
- sound.enable = true;
- hardware.pulseaudio.enable = true;
- hardware.pulseaudio.support32Bit = true;
- nixpkgs.config.pulseaudio = true;
-
- services.xserver.enable = true;
- services.xserver.layout = "de";
- services.xserver.xkbOptions = "nodeadkeys";
- services.xserver.libinput.enable = true;
-
- # Enable the KDE Desktop Environment.
- services.xserver.displayManager.sddm.enable = true;
- services.xserver.desktopManager.plasma5.enable = true;
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- nix.buildCores = 4;
-
- system.stateVersion = "19.09";
-
-}
diff --git a/mb/1systems/sunsh1n3/hardware-configuration.nix b/mb/1systems/sunsh1n3/hardware-configuration.nix
deleted file mode 100644
index 2beee7c4..00000000
--- a/mb/1systems/sunsh1n3/hardware-configuration.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/a3257922-d2d4-45ae-87cc-cc38d32e0774";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/60A6-4DAB";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/mb/2configs/default.nix b/mb/2configs/default.nix
deleted file mode 100644
index 3066d1c3..00000000
--- a/mb/2configs/default.nix
+++ /dev/null
@@ -1,222 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }:
-{
- imports = [
- {
- users.users = {
- root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.mb.pubkey
- ];
- };
- mb = {
- name = "mb";
- uid = 1337;
- home = "/home/mb";
- group = "users";
- createHome = true;
- shell = "/run/current-system/sw/bin/fish";
- extraGroups = [
- "audio"
- "video"
- "fuse"
- "wheel"
- "kvm"
- "qemu-libvirtd"
- "libvirtd"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.mb.pubkey
- ];
- };
- xo = {
- name = "xo";
- uid = 2323;
- home = "/home/xo";
- group = "users";
- createHome = true;
- shell = "/run/current-system/sw/bin/fish";
- extraGroups = [
- "audio"
- "video"
- "fuse"
- "wheel"
- "kvm"
- "qemu-libvirtd"
- "libvirtd"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.mb.pubkey
- ];
- };
- };
- }
- {
- environment.variables = {
- NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
- };
- }
- (let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in {
- environment.variables = {
- CURL_CA_BUNDLE = ca-bundle;
- GIT_SSL_CAINFO = ca-bundle;
- SSL_CERT_FILE = ca-bundle;
- };
- })
- ];
-
- networking.hostName = config.krebs.build.host.name;
-
- krebs = {
- enable = true;
- build.user = config.krebs.users.mb;
- };
-
- users.mutableUsers = true;
-
- services.timesyncd.enable = mkForce true;
-
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -"
- ];
-
- # multiple-definition-problem when defining environment.variables.EDITOR
- environment.extraInit = ''
- EDITOR=vim
- '';
-
- nixpkgs.config.allowUnfree = true;
-
- environment.systemPackages = with pkgs; [
- #stockholm
- git
- git-preview
- gnumake
- jq
- parallel
- proot
- populate
-
- #style
- most
- rxvt_unicode.terminfo
-
- #monitoring tools
- htop
- iotop
-
- #network
- iptables
- iftop
- tcpdump
-
- #stuff for dl
- aria2
-
- #neat utils
- fish
- file
- kpaste
- krebspaste
- mosh
- pciutils
- psmisc
- tmux
- untilport
- usbutils
-
- #unpack stuff
- p7zip
-
- (pkgs.writeDashBin "sshn" ''
- ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
- '')
- ];
-
- services.openssh = {
- enable = true;
- permitRootLogin = "yes";
- passwordAuthentication = false;
- hostKeys = [
- # XXX bits here make no science
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
- krebs.iptables = {
- enable = true;
- tables = {
- nat.PREROUTING.rules = [
- { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
- { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
- ];
- nat.OUTPUT.rules = [
- { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
- ];
- filter.INPUT.policy = "DROP";
- filter.FORWARD.policy = "DROP";
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
- { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
- { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
- { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
- { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
- { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
- { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
- ];
- };
- };
-}
diff --git a/mb/2configs/google-compute-config.nix b/mb/2configs/google-compute-config.nix
deleted file mode 100644
index b201bd4b..00000000
--- a/mb/2configs/google-compute-config.nix
+++ /dev/null
@@ -1,231 +0,0 @@
-{ config, lib, pkgs, ... }:
-with lib;
-let
- gce = pkgs.google-compute-engine;
-in
-{
- imports = [
- ./headless.nix
- ./qemu-guest.nix
- ];
-
- fileSystems."/" = {
- device = "/dev/disk/by-label/nixos";
- autoResize = true;
- };
-
- boot.growPartition = true;
- boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
- boot.initrd.kernelModules = [ "virtio_scsi" ];
- boot.kernelModules = [ "virtio_pci" "virtio_net" ];
-
- # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd.
- boot.loader.grub.device = "/dev/sda";
- boot.loader.timeout = 0;
-
- # Don't put old configurations in the GRUB menu. The user has no
- # way to select them anyway.
- boot.loader.grub.configurationLimit = 0;
-
- # Allow root logins only using the SSH key that the user specified
- # at instance creation time.
- #services.openssh.enable = true;
- #services.openssh.permitRootLogin = "prohibit-password";
- #services.openssh.passwordAuthentication = mkDefault false;
-
- # Use GCE udev rules for dynamic disk volumes
- services.udev.packages = [ gce ];
-
- # Force getting the hostname from Google Compute.
- networking.hostName = mkDefault "";
-
- # Always include cryptsetup so that NixOps can use it.
- environment.systemPackages = [ pkgs.cryptsetup ];
-
- # Make sure GCE image does not replace host key that NixOps sets
- environment.etc."default/instance_configs.cfg".text = lib.mkDefault ''
- [InstanceSetup]
- set_host_keys = false
- '';
-
- # Rely on GCP's firewall instead
- networking.firewall.enable = mkDefault false;
-
- # Configure default metadata hostnames
- networking.extraHosts = ''
- 169.254.169.254 metadata.google.internal metadata
- '';
-
- networking.timeServers = [ "metadata.google.internal" ];
-
- networking.usePredictableInterfaceNames = false;
-
- # GC has 1460 MTU
- networking.interfaces.eth0.mtu = 1460;
-
- security.googleOsLogin.enable = true;
-
- systemd.services.google-clock-skew-daemon = {
- description = "Google Compute Engine Clock Skew Daemon";
- after = [
- "network.target"
- "google-instance-setup.service"
- "google-network-setup.service"
- ];
- requires = ["network.target"];
- wantedBy = ["multi-user.target"];
- serviceConfig = {
- Type = "simple";
- ExecStart = "${gce}/bin/google_clock_skew_daemon --debug";
- };
- };
-
- systemd.services.google-instance-setup = {
- description = "Google Compute Engine Instance Setup";
- after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"];
- before = ["sshd.service"];
- wants = ["local-fs.target" "network-online.target" "network.target"];
- wantedBy = [ "sshd.service" "multi-user.target" ];
- path = with pkgs; [ ethtool openssh ];
- serviceConfig = {
- ExecStart = "${gce}/bin/google_instance_setup --debug";
- Type = "oneshot";
- };
- };
-
- systemd.services.google-network-daemon = {
- description = "Google Compute Engine Network Daemon";
- after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"];
- wants = ["local-fs.target" "network-online.target" "network.target"];
- requires = ["network.target"];
- partOf = ["network.target"];
- wantedBy = [ "multi-user.target" ];
- path = with pkgs; [ iproute ];
- serviceConfig = {
- ExecStart = "${gce}/bin/google_network_daemon --debug";
- };
- };
-
- systemd.services.google-shutdown-scripts = {
- description = "Google Compute Engine Shutdown Scripts";
- after = [
- "local-fs.target"
- "network-online.target"
- "network.target"
- "rsyslog.service"
- "systemd-resolved.service"
- "google-instance-setup.service"
- "google-network-daemon.service"
- ];
- wants = [ "local-fs.target" "network-online.target" "network.target"];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- ExecStart = "${pkgs.coreutils}/bin/true";
- ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown";
- Type = "oneshot";
- RemainAfterExit = true;
- TimeoutStopSec = "infinity";
- };
- };
-
- systemd.services.google-startup-scripts = {
- description = "Google Compute Engine Startup Scripts";
- after = [
- "local-fs.target"
- "network-online.target"
- "network.target"
- "rsyslog.service"
- "google-instance-setup.service"
- "google-network-daemon.service"
- ];
- wants = ["local-fs.target" "network-online.target" "network.target"];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup";
- KillMode = "process";
- Type = "oneshot";
- };
- };
-
-
- # Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
- boot.kernel.sysctl = {
- # Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
- # of TCP functionality/features under normal conditions. When flood
- # protections kick in under high unanswered-SYN load, the system
- # should remain more stable, with a trade off of some loss of TCP
- # functionality/features (e.g. TCP Window scaling).
- "net.ipv4.tcp_syncookies" = mkDefault "1";
-
- # ignores source-routed packets
- "net.ipv4.conf.all.accept_source_route" = mkDefault "0";
-
- # ignores source-routed packets
- "net.ipv4.conf.default.accept_source_route" = mkDefault "0";
-
- # ignores ICMP redirects
- "net.ipv4.conf.all.accept_redirects" = mkDefault "0";
-
- # ignores ICMP redirects
- "net.ipv4.conf.default.accept_redirects" = mkDefault "0";
-
- # ignores ICMP redirects from non-GW hosts
- "net.ipv4.conf.all.secure_redirects" = mkDefault "1";
-
- # ignores ICMP redirects from non-GW hosts
- "net.ipv4.conf.default.secure_redirects" = mkDefault "1";
-
- # don't allow traffic between networks or act as a router
- "net.ipv4.ip_forward" = mkDefault "0";
-
- # don't allow traffic between networks or act as a router
- "net.ipv4.conf.all.send_redirects" = mkDefault "0";
-
- # don't allow traffic between networks or act as a router
- "net.ipv4.conf.default.send_redirects" = mkDefault "0";
-
- # reverse path filtering - IP spoofing protection
- "net.ipv4.conf.all.rp_filter" = mkDefault "1";
-
- # reverse path filtering - IP spoofing protection
- "net.ipv4.conf.default.rp_filter" = mkDefault "1";
-
- # ignores ICMP broadcasts to avoid participating in Smurf attacks
- "net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1";
-
- # ignores bad ICMP errors
- "net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1";
-
- # logs spoofed, source-routed, and redirect packets
- "net.ipv4.conf.all.log_martians" = mkDefault "1";
-
- # log spoofed, source-routed, and redirect packets
- "net.ipv4.conf.default.log_martians" = mkDefault "1";
-
- # implements RFC 1337 fix
- "net.ipv4.tcp_rfc1337" = mkDefault "1";
-
- # randomizes addresses of mmap base, heap, stack and VDSO page
- "kernel.randomize_va_space" = mkDefault "2";
-
- # Reboot the machine soon after a kernel panic.
- "kernel.panic" = mkDefault "10";
-
- ## Not part of the original config
-
- # provides protection from ToCToU races
- "fs.protected_hardlinks" = mkDefault "1";
-
- # provides protection from ToCToU races
- "fs.protected_symlinks" = mkDefault "1";
-
- # makes locating kernel addresses more difficult
- "kernel.kptr_restrict" = mkDefault "1";
-
- # set ptrace protections
- "kernel.yama.ptrace_scope" = mkOverride 500 "1";
-
- # set perf only available to root
- "kernel.perf_event_paranoid" = mkDefault "2";
- };
-}
diff --git a/mb/2configs/headless.nix b/mb/2configs/headless.nix
deleted file mode 100644
index 46a9b6a7..00000000
--- a/mb/2configs/headless.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-# Common configuration for headless machines (e.g., Amazon EC2
-# instances).
-
-{ lib, ... }:
-
-with lib;
-
-{
- boot.vesa = false;
-
- # Don't start a tty on the serial consoles.
- systemd.services."serial-getty@ttyS0".enable = false;
- systemd.services."serial-getty@hvc0".enable = false;
- systemd.services."getty@tty1".enable = false;
- systemd.services."autovt@".enable = false;
-
- # Since we can't manually respond to a panic, just reboot.
- boot.kernelParams = [ "panic=1" "boot.panic_on_fail" ];
-
- # Don't allow emergency mode, because we don't have a console.
- systemd.enableEmergencyMode = false;
-
- # Being headless, we don't need a GRUB splash image.
- boot.loader.grub.splashImage = null;
-}
diff --git a/mb/2configs/neovimrc b/mb/2configs/neovimrc
deleted file mode 100644
index 8dbeaec7..00000000
--- a/mb/2configs/neovimrc
+++ /dev/null
@@ -1,446 +0,0 @@
-
-"*****************************************************************************
-"" Functions
-"*****************************************************************************
-
-function! GetBufferList()
- redir =>buflist
- silent! ls!
- redir END
- return buflist
-endfunction
-
-function! ToggleList(bufname, pfx)
- let buflist = GetBufferList()
- for bufnum in map(filter(split(buflist, '\n'), 'v:val =~ "'.a:bufname.'"'), 'str2nr(matchstr(v:val, "\\d\\+"))')
- if bufwinnr(bufnum) != -1
- exec(a:pfx.'close')
- return
- endif
- endfor
- if a:pfx == 'l' && len(getloclist(0)) == 0
- echohl ErrorMsg
- echo "Location List is Empty."
- return
- endif
- let winnr = winnr()
- exec(a:pfx.'open')
- if winnr() != winnr
- wincmd p
- endif
-endfunction
-
-
-"*****************************************************************************
-"" Basic Setup
-"*****************************************************************************"
-" General
-let no_buffers_menu=1
-syntax on
-set ruler
-set number
-set mousemodel=popup
-set t_Co=256
-set guioptions=egmrti
-set gfn=Monospace\ 10
-
-" TODO: Testing if this works against automatically setting paste mode
-" Issue: https://github.com/neovim/neovim/issues/7994
-au InsertLeave * set nopaste
-
-
-" undofile - This allows you to use undos after exiting and restarting
-" This, like swap and backups, uses .vim-undo first, then ~/.vim/undo
-" :help undo-persistence
-if exists("+undofile")
- if isdirectory($HOME . '/.vim/undo') == 0
- :silent !mkdir -p ~/.vim/undo > /dev/null 2>&1
- endif
- set undodir=./.vim-undo//
- set undodir+=~/.vim/undo//
- set undofile
-endif
-
-" Encoding
-set encoding=utf-8
-set fileencoding=utf-8
-set fileencodings=utf-8
-set bomb
-set binary
-
-" Fix backspace indent
-set backspace=indent,eol,start
-
-" Tabs. May be overriten by autocmd rules
-set tabstop=4
-set softtabstop=0
-set shiftwidth=4
-set expandtab
-
-" Map leader to ,
-let mapleader=','
-
-" Enable hidden buffers
-set hidden
-
-" Searching
-set hlsearch
-set incsearch
-set ignorecase
-set smartcase
-
-" Directories for swp files
-set nobackup
-set noswapfile
-
-set fileformats=unix,dos,mac
-
-" File overview
-set wildmode=list:longest,list:full
-set wildignore+=*.o,*.obj,.git,*.rbc,*.pyc,__pycache__
-
-" Shell to emulate
-if exists('$SHELL')
- set shell=$SHELL
-else
- set shell=/bin/bash
-endif
-
-" Set color scheme
-colorscheme molokai
-
-"Show always Status bar
-set laststatus=2
-
-" Use modeline overrides
-set modeline
-set modelines=10
-
-" Set terminal title
-set title
-set titleold="Terminal"
-set titlestring=%F
-
-" search will center on the line it's found in.
-nnoremap n nzzzv
-nnoremap N Nzzzv
-
-
-
-"*****************************************************************************
-"" Abbreviations
-"*****************************************************************************
-" no one is really happy until you have this shortcuts
-cnoreabbrev W! w!
-cnoreabbrev Q! q!
-cnoreabbrev Qall! qall!
-cnoreabbrev Wq wq
-cnoreabbrev Wa wa
-cnoreabbrev wQ wq
-cnoreabbrev WQ wq
-cnoreabbrev W w
-cnoreabbrev Q q
-cnoreabbrev Qall qall
-
-" NERDTree configuration
-let g:NERDTreeChDirMode=2
-let g:NERDTreeIgnore=['\.rbc$', '\~$', '\.pyc$', '\.db$', '\.sqlite$', '__pycache__']
-let g:NERDTreeSortOrder=['^__\.py$', '\/$', '*', '\.swp$', '\.bak$', '\~$']
-let g:NERDTreeShowBookmarks=1
-let g:nerdtree_tabs_focus_on_files=1
-let g:NERDTreeMapOpenInTabSilent = '<RightMouse>'
-let g:NERDTreeWinSize = 50
-set wildignore+=*/tmp/*,*.so,*.swp,*.zip,*.pyc,*.db,*.sqlite
-nnoremap <silent> <F1> :NERDTreeFind<CR>
-nnoremap <silent> <F2> :NERDTreeToggle<CR>
-
-" open terminal emulation
-nnoremap <silent> <leader>sh :terminal<CR>:startinsert<CR>
-
-"*****************************************************************************
-"" Autocmd Rules
-"*****************************************************************************
-"" The PC is fast enough, do syntax highlight syncing from start unless 200 lines
-augroup vimrc-sync-fromstart
- autocmd!
- autocmd BufEnter * :syntax sync maxlines=200
-augroup END
-
-" Nasm filetype
-augroup nasm
- autocmd!
- autocmd BufRead,BufNewFile *.nasm set ft=nasm
-augroup END
-
-" Binary filetype
-augroup Binary
- au!
- au BufReadPre *.bin,*.exe,*.elf let &bin=1
- au BufReadPost *.bin,*.exe,*.elf if &bin | %!xxd
- au BufReadPost *.bin,*.exe,*.elf set ft=xxd | endif
- au BufWritePre *.bin,*.exe,*.elf if &bin | %!xxd -r
- au BufWritePre *.bin,*.exe,*.elf endif
- au BufWritePost *.bin,*.exe,*.elf if &bin | %!xxd
- au BufWritePost *.bin,*.exe,*.elf set nomod | endif
-augroup END
-
-" Binary filetype
-augroup fasm
- au!
- au BufReadPost *.fasm set ft=fasm
-augroup END
-
-augroup deoplete-update
- autocmd!
- autocmd VimEnter * UpdateRemotePlugin
-augroup END
-
-"" Remember cursor position
-augroup vimrc-remember-cursor-position
- autocmd!
- autocmd BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
-augroup END
-
-"" txt
-" augroup vimrc-wrapping
-" autocmd!
-" autocmd BufRead,BufNewFile *.txt call s:setupWrapping()
-" augroup END
-
-"" make/cmake
-augroup vimrc-make-cmake
- autocmd!
- autocmd FileType make setlocal noexpandtab
- autocmd BufNewFile,BufRead CMakeLists.txt setlocal filetype=cmake
-augroup END
-
-set autoread
-
-"*****************************************************************************
-"" Mappings
-"*****************************************************************************
-
-" Split
-noremap <Leader>h :<C-u>split<CR>
-noremap <Leader>v :<C-u>vsplit<CR>
-
-" Git
-noremap <Leader>ga :Gwrite<CR>
-noremap <Leader>gc :Gcommit<CR>
-noremap <Leader>gsh :Gpush<CR>
-noremap <Leader>gll :Gpull<CR>
-noremap <Leader>gs :Gstatus<CR>
-noremap <Leader>gb :Gblame<CR>
-noremap <Leader>gd :Gvdiff<CR>
-noremap <Leader>gr :Gremove<CR>
-
-" Tabs
-nnoremap <Tab> gt
-nnoremap <S-Tab> gT
-nnoremap <silent> <S-t> :tabnew<CR>
-
-" Set working directory
-nnoremap <leader>. :lcd %:p:h<CR>
-
-" Opens an edit command with the path of the currently edited file filled in
-noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR>
-
-" Opens a tab edit command with the path of the currently edited file filled
-noremap <Leader>te :tabe <C-R>=expand("%:p:h") . "/" <CR>
-
-" Tagbar
-nmap <silent> <F3> :TagbarToggle<CR>
-let g:tagbar_autofocus = 1
-
-" Copy/Paste/Cut
-set clipboard^=unnamed,unnamedplus
-
-noremap YY "+y<CR>
-noremap <leader>p "+gP<CR>
-noremap XX "+x<CR>
-
-" Enable mouse for vim
-set mouse=a
-
-" Buffer nav
-noremap <leader>z :bp<CR>
-noremap <leader>q :bp<CR>
-noremap <leader>x :bn<CR>
-noremap <leader>w :bn<CR>
-
-" Close buffer
-noremap <leader>c :bd<CR>
-
-" Clean search (highlight)
-nnoremap <silent> <leader><space> :noh<cr>
-
-" Switching windows
-noremap <C-j> <C-w>j
-noremap <C-k> <C-w>k
-noremap <C-l> <C-w>l
-noremap <C-h> <C-w>h
-
-" Vmap for maintain Visual Mode after shifting > and <
-vmap < <gv
-vmap > >gv
-
-" Move visual block
-vnoremap J :m '>+1<CR>gv=gv
-vnoremap K :m '<-2<CR>gv=gv
-
-" Open current line on GitHub
-nnoremap <Leader>o :.Gbrowse<CR>
-
-
-" Save on strg+s if not in paste mode
-nmap <c-s> :w<CR>
-vmap <c-s> <Esc><c-s>gv
-imap <c-s> <Esc><c-s>
-
-" Quit on strg+q in normal mode
-nnoremap <c-q> :q<cr>
-
-" Strg+d to replace word under cursor
-nnoremap <c-d> :%s/\<<C-r><C-w>\>//g<Left><Left>
-
-" Strg+f ro find word under cursor
-nnoremap <c-f> :/<C-r><C-w><Left><Left>
-
-" Remove unneccessary spaces
-nnoremap <silent> <F5> :let _s=@/ <Bar> :%s/\s\+$//e <Bar> :let @/=_s <Bar> :nohl <Bar> :unlet _s <CR>
-
-" Reindent whole file with F6
-map <F6> mzgg=G`z
-
-" Toggle location list
-nmap <silent> <F4> :call ToggleList("Quickfix List", 'c')<CR>
-
-" Replacing text in visual mode doesn't copy it anymore
-xmap p <Plug>ReplaceWithRegisterVisual
-xmap <MiddleMouse> <Plug>ReplaceWithRegisterVisual
-
-" ALE mappings
-nmap <Leader>i <Plug>(ale_hover)
-nmap <Leader>d <Plug>(ale_go_to_definition_in_tab)
-nmap <Leader>rf <Plug>(ale_find_references)
-nmap <silent><F7> <Plug>(ale_fix)
-
-" Vim-Go mappings
-au FileType go nmap <Leader>i :GoDoc<cr>
-au FileType go nmap <Leader>d :GoDef<cr>
-au FileType go nmap <Leader>rf :GoReferrers<cr>
-
-
-"" Opens an edit command with the path of the currently edited file filled in
-noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR>
-
-" Use tab for navigatin in autocompletion window
-inoremap <expr> <Tab> pumvisible() ? "\<C-n>" : "\<Tab>"
-inoremap <expr> <S-Tab> pumvisible() ? "\<C-p>" : "\<S-Tab>"
-
-
-"*****************************************************************************
-"" Plugin settings
-"*****************************************************************************
-
-" vim-airline
-set statusline+=%{fugitive#statusline()}
-let g:airline_theme = 'powerlineish'
-let g:airline#extensions#syntastic#enabled = 1
-let g:airline#extensions#branch#enabled = 1
-let g:airline#extensions#tabline#enabled = 1
-let g:airline#extensions#tagbar#enabled = 1
-let g:airline_skip_empty_sections = 1
-let g:airline#extensions#ale#enabled = 1
-
-" show indent lines
-let g:indent_guides_enable_on_vim_startup = 1
-let g:indent_guides_auto_colors = 0
-hi IndentGuidesOdd ctermbg=235
-hi IndentGuidesEven ctermbg=235
-let g:indent_guides_guide_size = 1
-let g:indent_guides_start_level = 2
-
-" Enable autocompletion
-let g:deoplete#enable_at_startup = 1
-set completeopt-=preview
-
-" Ale no preview on hover
-let g:ale_close_preview_on_insert = 0
-let g:ale_cursor_detail = 0
-
-" Ale skip if file size over 2G
-let g:ale_maximum_file_size = "2147483648"
-
-" Ale to loclist and quickfix
-let g:ale_set_quickfix = 1
-" let g:ale_set_loclist = 1
-
-
-" Ale language server
-let g:ale_linters = {
- \ 'python': ['pyls'],
- \ 'c': ['cquery'],
- \ 'cpp': ['cquery'],
- \ 'xml': ['xmllint']
- \ }
-
-
-" ALE fixers
-let g:ale_fixers = { '*': ['remove_trailing_lines', 'trim_whitespace'] }
-let g:ale_fixers.python = ['black']
-let g:ale_fixers.go = ['gofmt']
-let g:ale_fixers.c = ['clang-format']
-let g:ale_fixers.cpp = ['clang-format']
-let g:ale_fixers.json = ['jq']
-let g:ale_fixers.xml = ['xmllint']
-
-let g:ale_completion_enabled = 1
-let g:ale_sign_error = '⤫'
-let g:ale_sign_warning = '⚠'
-let g:ale_lint_on_insert_leave = 1
-
-" Vim-Go Settings
-let g:go_auto_sameids = 1
-let g:go_fmt_command = "goimports"
-let g:go_auto_type_info = 1
-
-" Disable syntastic for langserver supported languages
-let g:syntastic_mode_map = {
- \ "mode": "active",
- \ "passive_filetypes": ["go", "python", "c", "cpp", "xml" ]
- \ }
-let g:syntastic_always_populate_loc_list = 1
-let g:syntastic_auto_loc_list = 2
-let g:syntastic_aggregate_errors = 1
-let g:syntastic_check_on_open = 1
-let g:syntastic_check_on_wq = 0
-let g:syntastic_error_symbol='✗'
-let g:syntastic_warning_symbol='⚠'
-let g:syntastic_style_error_symbol = '✗'
-let g:syntastic_style_warning_symbol = '⚠'
-
-"*****************************************************************************
-"" Shortcuts overview
-"*****************************************************************************
-" Shortcuts overview
-" F1 --> Filetree find
-" F2 --> Filetree toggle
-" F3 --> Function overview
-" F4 --> Toggle error bar
-
-" F5 --> Remove trailing whitespaces
-" F6 --> Reindent whole file
-" F7 --> Format and lint file
-" ,i --> Information about function
-" ,d --> Jump to definition
-" ,r --> Rename in all occurences
-" ,rf --> Find references of function/variable
-" ,e --> Change current file
-" ,te --> Open file in new tab
-" strg+f --> Find current selected word
-" strg+d --> Replace current selected word
-" strg+s --> Save file
-" strg+q --> Close current file
-" space+, --> Stop highlighting words after search
-
diff --git a/mb/2configs/nvim.nix b/mb/2configs/nvim.nix
deleted file mode 100644
index a8e4173e..00000000
--- a/mb/2configs/nvim.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-{ pkgs, config, ... }: let
- #unstable = import <nixos-unstable> { };
-in
-
-{
- environment.variables = {
- EDITOR = ["nvim"];
- };
-
- nixpkgs.config.packageOverrides = pkgs: with pkgs;{
- neovim_custom = neovim.override {
- configure = {
- customRC = builtins.readFile ./neovimrc;
-
- packages.myVimPackage = with pkgs.vimPlugins;
- {
- # loaded on launch
- start = [
- nerdtree # file manager
- commentary # comment stuff out based on language
- fugitive # full git integration
- vim-airline-themes # lean & mean status/tabline
- vim-airline # status bar
- gitgutter # git diff in the gutter (sign column)
- vim-trailing-whitespace # trailing whitspaces in red
- tagbar # F3 function overview
- syntastic # Fallback to singlethreaded but huge syntax support
- ReplaceWithRegister # For better copying/replacing
- polyglot # Language pack
- vim-indent-guides # for displaying indent levels
- ale # threaded language client
- vim-go # go linting
- deoplete-go # go autocompletion completion
- deoplete-nvim # general autocompletion
- molokai # color scheme
- ];
-
- # manually loadable by calling `:packadd $plugin-name`
- opt = [];
- };
- };
- };
- };
-
- environment.systemPackages = with pkgs; [
- ctags
- neovim_custom
- jq # For fixing json files
- xxd # .bin files will be displayed with xxd
- shellcheck # Shell linting
- ansible-lint # Ansible linting
- unzip # To vim into unzipped files
- nodePackages.jsonlint # json linting
- #python36Packages.python-language-server # python linting
- #python36Packages.pyls-mypy # Python static type checker
- #python36Packages.black # Python code formatter
- #python37Packages.yamllint # For linting yaml files
- #python37Packages.libxml2 # For fixing yaml files
- cquery # C/C++ support
- clang-tools # C++ fixer
- ];
-
- fonts = {
- fonts = with pkgs; [
- font-awesome_5
- ];
- };
-
-}
-
diff --git a/mb/2configs/qemu-guest.nix b/mb/2configs/qemu-guest.nix
deleted file mode 100644
index 315d0409..00000000
--- a/mb/2configs/qemu-guest.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-# Common configuration for virtual machines running under QEMU (using
-# virtio).
-
-{ ... }:
-
-{
- boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ];
- boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ];
-
- boot.initrd.postDeviceCommands =
- ''
- # Set the system time from the hardware clock to work around a
- # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
- # to the *boot time* of the host).
- hwclock -s
- '';
-
- security.rngd.enable = false;
-}
diff --git a/mb/2configs/retiolum.nix b/mb/2configs/retiolum.nix
deleted file mode 100644
index 5a87d52a..00000000
--- a/mb/2configs/retiolum.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = let
- tincport = toString config.krebs.build.host.nets.retiolum.tinc.port;
- in [
- { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; }
- { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; }
- ];
- };
- };
-
- krebs.tinc.retiolum = {
- enableLegacy = true;
- enable = true;
- connectTo = [
- "prism"
- "gum"
- "ni"
- ];
- };
-
- nixpkgs.config.packageOverrides = pkgs: {
- tinc = pkgs.tinc_pre;
- };
-
- environment.systemPackages = [
- pkgs.tinc
- ];
-}
diff --git a/mb/2configs/tests/dummy-secrets/retiolum.rsa b/mb/2configs/tests/dummy-secrets/retiolum.rsa
deleted file mode 100644
index 99a4033f..00000000
--- a/mb/2configs/tests/dummy-secrets/retiolum.rsa
+++ /dev/null
@@ -1,4 +0,0 @@
-
------BEGIN RSA PRIVATE KEY-----
-this is a private key
------END RSA PRIVATE KEY-----
diff --git a/mb/3modules/default.nix b/mb/3modules/default.nix
deleted file mode 100644
index 99d09d4e..00000000
--- a/mb/3modules/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-_:
-{
- imports = [
- ./hosts.nix
- ];
-}
diff --git a/mb/3modules/hosts.nix b/mb/3modules/hosts.nix
deleted file mode 100644
index 5dc9b5ca..00000000
--- a/mb/3modules/hosts.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, ... }:
-
-with import <stockholm/lib>;
-
-{
- options.mb.hosts = mkOption {
- type = types.attrsOf types.host;
- default =
- filterAttrs (_: host: host.owner.name == "mb" && host.ci)
- config.krebs.hosts;
- };
-}
diff --git a/mb/5pkgs/default.nix b/mb/5pkgs/default.nix
deleted file mode 100644
index 3fa5b5e8..00000000
--- a/mb/5pkgs/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-with import <stockholm/lib>;
-
-self: super:
-
-# Import files and subdirectories like they are overlays.
-foldl' mergeAttrs {}
- (map
- (name: import (./. + "/${name}") self super)
- (filter
- (name: name != "default.nix" && !hasPrefix "." name)
- (attrNames (readDir ./.))))
diff --git a/mb/default.nix b/mb/default.nix
deleted file mode 100644
index 0bec0c2c..00000000
--- a/mb/default.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, pkgs, ... }:
-{
- imports = [
- ../krebs
- ./2configs
- ./3modules
- ];
- nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
- krebs.tinc.retiolum.privkey = {
- source-path = toString <secrets> + "/${config.krebs.tinc.retiolum.netname}.rsa";
- path = "${config.krebs.tinc.retiolum.user.home}/tinc.rsa_key.priv";
- owner = config.krebs.tinc.retiolum.user;
- };
-}
diff --git a/mb/krops.nix b/mb/krops.nix
deleted file mode 100644
index cb9ab3fd..00000000
--- a/mb/krops.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{ name }: let
- inherit (import ../krebs/krops.nix { inherit name; })
- krebs-source
- lib
- pkgs
- ;
-
- host-source = if lib.pathExists (./. + "/1systems/${name}/source.nix") then
- import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs; }
- else
- {}
- ;
-
- source = { test }: lib.evalSource ([
- (krebs-source { test = test; })
- {
- nixos-config.symlink = "stockholm/mb/1systems/${name}/configuration.nix";
- nixpkgs-unstable.git = {
- url = "https://github.com/nixos/nixpkgs-channels";
- ref = "nixos-unstable";
- };
- secrets = if test then {
- file = toString ./2configs/tests/dummy-secrets;
- } else {
- pass = {
- dir = "${lib.getEnv "HOME"}/.password-store";
- name = "hosts/${name}";
- };
- };
- }
- ] ++ (lib.optional (! test) host-source));
-
-in {
-
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
- deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
- source = source { test = false; };
- inherit target;
- };
-
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate)
- populate = { target, force ? false }: pkgs.populate {
- inherit force;
- source = source { test = false; };
- target = lib.mkTarget target;
- };
-
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
- test = { target }: pkgs.krops.writeTest "${name}-test" {
- force = true;
- inherit target;
- source = source { test = true; };
- };
-}