From 5fa963b6bc879e1307978234c884e3a88d88c7a5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 24 Nov 2019 18:15:14 +0100 Subject: delete mb --- krebs/3modules/default.nix | 1 - krebs/3modules/mb/default.nix | 151 -------- mb/1systems/gr33n/configuration.nix | 144 -------- mb/1systems/gr33n/hardware-configuration.nix | 37 -- mb/1systems/orange/configuration.nix | 238 ------------- mb/1systems/orange/hardware-configuration.nix | 28 -- mb/1systems/p1nk/configuration.nix | 227 ------------ mb/1systems/p1nk/hardware-configuration.nix | 29 -- mb/1systems/rofl/configuration.nix | 103 ------ mb/1systems/sunsh1n3/configuration.nix | 181 ---------- mb/1systems/sunsh1n3/hardware-configuration.nix | 29 -- mb/2configs/default.nix | 222 ------------ mb/2configs/google-compute-config.nix | 231 ------------ mb/2configs/headless.nix | 25 -- mb/2configs/neovimrc | 446 ------------------------ mb/2configs/nvim.nix | 70 ---- mb/2configs/qemu-guest.nix | 19 - mb/2configs/retiolum.nix | 33 -- mb/2configs/tests/dummy-secrets/retiolum.rsa | 4 - mb/3modules/default.nix | 6 - mb/3modules/hosts.nix | 12 - mb/5pkgs/default.nix | 11 - mb/default.nix | 14 - mb/krops.nix | 54 --- 24 files changed, 2315 deletions(-) delete mode 100644 krebs/3modules/mb/default.nix delete mode 100644 mb/1systems/gr33n/configuration.nix delete mode 100644 mb/1systems/gr33n/hardware-configuration.nix delete mode 100644 mb/1systems/orange/configuration.nix delete mode 100644 mb/1systems/orange/hardware-configuration.nix delete mode 100644 mb/1systems/p1nk/configuration.nix delete mode 100644 mb/1systems/p1nk/hardware-configuration.nix delete mode 100644 mb/1systems/rofl/configuration.nix delete mode 100644 mb/1systems/sunsh1n3/configuration.nix delete mode 100644 mb/1systems/sunsh1n3/hardware-configuration.nix delete mode 100644 mb/2configs/default.nix delete mode 100644 mb/2configs/google-compute-config.nix delete mode 100644 mb/2configs/headless.nix delete mode 100644 mb/2configs/neovimrc delete mode 100644 mb/2configs/nvim.nix delete mode 100644 mb/2configs/qemu-guest.nix delete mode 100644 mb/2configs/retiolum.nix delete mode 100644 mb/2configs/tests/dummy-secrets/retiolum.rsa delete mode 100644 mb/3modules/default.nix delete mode 100644 mb/3modules/hosts.nix delete mode 100644 mb/5pkgs/default.nix delete mode 100644 mb/default.nix delete mode 100644 mb/krops.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index c770391c..fcdbcbc1 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -103,7 +103,6 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } - { krebs = import ./mb { inherit config; }; } { krebs = import ./nin { inherit config; }; } { krebs = import ./external/palo.nix { inherit config; }; } { krebs = import ./tv { inherit config; }; } diff --git a/krebs/3modules/mb/default.nix b/krebs/3modules/mb/default.nix deleted file mode 100644 index 31e01c4a..00000000 --- a/krebs/3modules/mb/default.nix +++ /dev/null @@ -1,151 +0,0 @@ -with import ; -{ config, ... }: let - - hostDefaults = hostName: host: flip recursiveUpdate host { - ci = true; - owner = config.krebs.users.mb; - }; - -in { - hosts = mapAttrs hostDefaults { - orange = { - nets = { - retiolum = { - ip4.addr = "10.243.42.23"; - aliases = [ - "orange.r" - "or4ng3.r" - "0r4n93.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7P0CkmC5HWnTdgGFzmA - zQuJzHSkSjcGgSkIt0pvqU6xi8P/d4eJlmeXeGTpH62JfM1xhEMpxMVd/4NOON2u - IlWnfu5bB763145IJwE0HmZziWjQXWRPAZMqYdQ5f2Pvmxv1yr3uBNzr8UlV6BjD - FXn8sCvikXttYzts9szlz5+pkY09qfiz48+DMzRBNO6JzXYQ9kPyS+TIXlGpN4Jp - C1TRF38eF2DTEZ58Yx8Z99dGrXVuqlSe77fehTQGxCckTpaZ0HS3XfZNa/cas8JY - /0RzH2n2AndnPirISDZ7r4ZIFuKAaivqaEkM8v7llI77URVB9ZJb/IqCrBzueAbt - V/5ts2HpfBAUhw0RoiH8ql+IQZsuSOpRUC2gUN8460V4SQkVtDcsVTENiD+NM5Mg - ImBv041CsW/rSJOilT2r/rWDN8RFnz/RrAQn+L31KXr81kg1TOLxO0ybs/eMJM3r - RnHFZPiiKdqPlA60g0AnzKXPR2JTszHIgHHoRUW16I1WJeuAJNjg0JDQ0JM7pZ27 - JEaCc7uR12TPiuExKaNEaxKZVY1J0hzxOzF2MFIbAMVz/3K2ycvvuLxKojqIAXxA - D+UtcOfJ62k2WnLXOEIZqFU0J2bvhxYUZOFS55wIn1UJF7hemD/LUFHBiWnuhwHk - TAEl8M851t+Zp3hZeJzgx2kCAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - rofl = { - nets = { - retiolum = { - ip4.addr = "10.243.42.43"; - aliases = [ - "rofl.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnysdVVwxkmSroNUleYZm - xdaIB9EdZYCo2xj3WyhsD2lWMpj51FzSH6Y052Vy1V1TCuIXIwjidpmMohBvflG8 - txKCaBGQOZbVqRgzyCDXsNisbr05ayYuHcRrXTpn5ask4HN0Vtx2uJOn8YmOxA0D - VhyEnf8xWu+vi8dwDqRVR17QnPBYqgenzIBmAuRngvNqg6WZg+E9X2e1Dco/PMzb - VW0AgC2+zFCl4+G7dEW7uhsI6IJLy4LsJuEN4TlvWAf7tfdFEnBzTfODW8quGdts - 1Yzah4svPNNt9F1ZhOR/1bDsfVoOjI76BgB0G+ZZPQAGV1zxgn8DXSKi/tJTLNu1 - vj/n9sUJfXMYQdTAOkABghCyEDFUspPKCffQqUXUcJbLKY9fNssGGBeanMsobUQC - Ch9z7kIJ52JDcP/D58z9Yf62P5ENqXzeVPCcodIOey1EizOu/FH3jVo52we1M5sp - 1iM4hMc3ZINUBI9AA1nLWWlB3lBnErAXrhmMMHjcO4nO7/M0YU+EalkDB5eIhqiH - QJx7VnOE2UZYU9Y0vVNSWfYocU12aABK98T7lr5Tde4dI1J81sk2MUZcbNHger3f - NxpvNzOBpeC5xvq/ENCRR7MDf/59xWW5P5N7PbGprLQAi8cfdSoIEhSPz17Taq1f - 3aAAePgBsZvRQozxXZfqp58CAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - p1nk = { - nets = { - retiolum = { - ip4.addr = "10.243.42.42"; - aliases = [ - "p1nk.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5YVML71oW3iJrzZKuX48 - AKrGitO5zNvsAHOI8BVsGfZTyxAAZgG4OaDX45kr27K39NcBU43LdDD0I1yjNvGe - zAoL5MIiCPD/QR1kAvLmgpMUSqOVvrk+uoGLVt6dOGvxlOiG1AAaN0gA8Q0B/jZV - 4tZlBpZ7MX9xeK10wqVT56msN69P3EzKQn1uoVRrBxEnNvI1iqmmkgMLcrFVJFBQ - 888Uuw9Hx5MO7ES/ATe8mt0zReUGvn91jYVVsPpmAopWnjCol271gflY0RomFXKy - XaIuvbeF+3otF0+MNqJfm4IsAKJjvl92pjVX0f0eBCSPCYR7D1EtgQrqflLkZKZ8 - jBGDlgpsFWt/Omz1BYcuGZU/djM4+SNxr4YRYMi3lMix3s2PmHvm304I7eEEBlC9 - qy1jq/sLaf8mHJrF6Htl7W5WS/Famkwv/VreI92iHrhsmIDiX7OIbXzYDCxT/PQa - 6uCm/3jIbcHG/ZHZ12H6thkafK0Aoe009+p1n+5Y7V2oNvYe3KzZTnCN5t6z1QHZ - V5iypsd6lNDzlodjleTgGK8FmHGRPRdq1wb3eOLE8mWZj7ygDT50FwaC8FzAcHgC - bLN/zlHvCbYmk9IJhktO3B6wtMrZl60+XCpb5rTulM94RirifFYsnTIDJApI11yb - 3AYi5dQXHjab/lvj6917xa0CAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - gr33n = { - nets = { - retiolum = { - ip4.addr = "10.243.42.123"; - aliases = [ - "gr33n.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvcqecLfk8TlGFF7JJpv8 - kjLFNgoNfu9FYRMNG4GSxWL5w+49n6b+GC5ciOC+RJ+N56jfB9JYE0MtbuOmkY5M - JUphuvgOCNhTbBJsjnmG9n02evpxZn9HWypNC3oQCvY2K7vHpIxGKR5PyTVKPO0P - OOYKAbCLD9F2bmuLaBQ/dFXFQxfu3tjvJI9mYDWBpSkh1mYeMZLw2xxnRZLs0bEO - ZWdzxCh9UM/mgb4WYuNED9+sz7MSsaMPAqquarFCguUxhjp6rElGFcNWjXaxA5zt - JGS6VompUViVSHjSaQ5/3VRKoIQjr4NOFYQqLpmB5S2OpiggV6I9OpB7QUGlvcYd - I3j+1AeK11HuEyPqSwxjNCCrI12bSIo3685BPHbl+AMhWGhzrCkAGcOCbAefreXQ - 5v4SaKUIDlCYhN+vyNdlu2jvqQlxfJrPAfBt+jJBK6gMcAEKc7P/Oj4B9Fsl331X - s0kWH5G9t6OhO/Of8/kb2/P+YEbM6zi1QQdZAOr6Cg0y4cMt9zxLWknaM4yEDAXH - oSM33PTv9DOvBjfxRXqOHqOHRq5ayqZdIFgfLUlPTdbWRkhNzjG8f7k7p32m20A6 - Kal+OF//I2c9E9vKFzyepyTcnwi3B8+cFJ74+XYaNApdwHSb1BU/+c3O9RJExZGV - jtTSbSJHU5esECtAuXy1XH8CAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - sunsh1n3 = { - ci = false; - nets = { - retiolum = { - ip4.addr = "10.243.42.142"; - aliases = [ - "sunsh1n3.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo2VCqp6mUbyo3n+1XpKf - QavpgRYQyv9wAZzYSYHjxThuLmNb/wERPbWJFMZfAGuku0blKWJISSgFWd9YL7dU - pZQZxfqo/9xnS/r0xIKrKSsBiTZt7JZmTQzj1ri11TIO0S1QPjIP5HsxlZZAw0nz - idEDlKmgWs74FPdezlXqvJyEUKDqL/ZQBtdhZZIDMkSJnCdBzXxKwv+uLVE46ZBf - 4HrtQjcj+dyVMogMIoseAgf5lS6V3pyCM7/NHZFxrIxoIAxSsUoB59i2EbK6aUK5 - yuiWHI6ZHToxN2K/0SX96hzxcwrUmdk49tTHBY0Zhn2ku6NjQPU3LuxgIwrSaSJD - /KWh6XkqR7EsCVN0AIsLvFelI2ckSyNyAlnYbMAHDt7GwHlNp4Lsy+x4ZQ6m0xTY - Z+/jt6sfoMiulPcwWEpqNCCf5A65lF77DldQhH3qYrdQ756n/kOqSfQtPCnVNYXy - LlN5rKCOgxKxxtKkwMUif2OM9RPHpM7wS09Rvek6zpL9ymhU5THF7UylLKxKGjYj - 6dTooyRVQRJdrwIYLrJIy0MfGyYiGAJxf/C0KOOZnJPCW2b51+bo5Zh+BhKZYN8H - C2DEGc8+4h5hX1TAaUfTpfVm3mMTh8H2m9N8Pdl5ji+A0m0IwHDLQyaoskcxSjvU - 9IxYLfkSD6AJqasnHlz0L08CAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - }; - users = { - mb = { - mail = "mb0@codemonkey.cc"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCHAdKGHP/De/GLEsPo5RBfbaiiitMw4Y/akOekJbImswT6Np2lzqno/WBJcfVs3D39wgPKNld4P/QZc5IwxC26q/PnBFu93KES0GqnlAqUNE63IOJ8UzNdyEqWggnRiLrBU+ZgyFZvmqp6NoSO4YEGEK4RZRMJM/GcAuQMj/nGjx2AHwPGZCkIRgz8/ctBOzX1/knZd3cOnNowH1wlqUKX6UcEzJdAVDQijHF1wl0Ri8tJKq9u8s/fw+1PSOpOHaeF1BALsXSKgeJDqUCTnZW5mAVUWJ86LvvyfCP4In9lhhLisbDm2cD96QaVvJyV6HfmegdSxZ1Phh+9Qz+3WhDJRedBTSKWfK/9j7VWSb+z/KV37q72W25ZfFMSay58LmCqn3v5fGt9qj4nlPw0By4baGLiGlA7xyvkJfdt8ZVPps5d2g6UprTbSA79lYN4qtWKq2Z9t317xch7Lix6EunQcoTkJ6QXEbDrAIk3zvkWr/CtpwEhNcSdWvQsua42dkD2oOI2F2IgFyYgOx9Iba2yj8A0TD2iqfYVhsJIYuk12QfeaR7ovQ6DhHlUxyQzeF6h0Y+I4AN6Sq/Mmj/cxfQoIaAEybUQMX+7KjFceIszT3JbGlz7DCxi7DMmNYuc7LELMRG3jNAOk+fW8u42Bhgc44tzvAondojerUGqCbUDw== mb0@codemonkey.cc"; - }; - }; -} diff --git a/mb/1systems/gr33n/configuration.nix b/mb/1systems/gr33n/configuration.nix deleted file mode 100644 index dcf98779..00000000 --- a/mb/1systems/gr33n/configuration.nix +++ /dev/null @@ -1,144 +0,0 @@ -{ config, pkgs, callPackage, ... }: let - unstable = import { config = { allowUnfree = true; }; }; -in { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - - ]; - - krebs.build.host = config.krebs.hosts.gr33n; - - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; - fileSystems."/mnt/public" = { - device = "//192.168.0.4/public"; - fsType = "cifs"; - options = let - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ]; - }; - - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "de"; - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "Europe/Berlin"; - - nixpkgs.config.allowUnfree = true; - - nixpkgs.config.packageOverrides = super: { - openvpn = super.openvpn.override { - pkcs11Support = true; - useSystemd = false; - }; - }; - - environment.shellAliases = { - ll = "ls -alh"; - ls = "ls --color=tty"; - }; - - environment.systemPackages = with pkgs; [ - curl - fish - git - htop - nmap - ranger - tcpdump - tmux - traceroute - tree - vim - wcalc - wget - xz - zbackup - ]; - - programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - - sound.enable = false; - - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - services.codimd = { - enable = true; - workDir = "/storage/codimd"; - configuration = { - port = 1337; - host = "0.0.0.0"; - db = { - dialect = "sqlite"; - storage = "/storage/codimd/db.codimd.sqlite"; - }; - }; - }; - - networking.wireless.enable = false; - networking.networkmanager.enable = false; - krebs.iptables.enable = true; - networking.enableIPv6 = false; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " " - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - nix.buildCores = 4; - system.autoUpgrade.enable = false; - system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03"; - system.stateVersion = "19.03"; - -} diff --git a/mb/1systems/gr33n/hardware-configuration.nix b/mb/1systems/gr33n/hardware-configuration.nix deleted file mode 100644 index 1d13b8dc..00000000 --- a/mb/1systems/gr33n/hardware-configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - boot.initrd.mdadmConf = '' - ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 name=gr33n:0 UUID=5b715fd9:0be6bfa6:19f07db4:c16836d6 - devices=/dev/sda1,/dev/sdb1,/dev/sdc1,/dev/sdd1 - ''; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/a9f2c19b-f60f-450c-87f1-146a54c4198b"; - fsType = "ext4"; - }; - fileSystems."/storage" = - { device = "/dev/disk/by-label/storage"; - fsType = "ext4"; - }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/93EB-BCA3"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/mb/1systems/orange/configuration.nix b/mb/1systems/orange/configuration.nix deleted file mode 100644 index b43bd8a0..00000000 --- a/mb/1systems/orange/configuration.nix +++ /dev/null @@ -1,238 +0,0 @@ -{ config, pkgs, callPackage, ... }: let - unstable = import { config = { allowUnfree = true; }; }; -in { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - - - ]; - - krebs.build.host = config.krebs.hosts.orange; - - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-uuid/09a36f91-a713-4b82-8b41-4e7a6acc4acf"; - preLVM = true; - allowDiscards = true; - } - ]; - - fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; - fileSystems."/mnt/public" = { - device = "//192.168.0.4/public"; - fsType = "cifs"; - options = let - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ]; - }; - - - # Select internationalisation properties. - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "de"; - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "Europe/Berlin"; - - nixpkgs.config.packageOverrides = super: { - openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; }; - }; - - nixpkgs.config.allowUnfree = true; - - fonts = { - enableCoreFonts = true; - enableGhostscriptFonts = true; - fonts = with pkgs; [ - anonymousPro - corefonts - dejavu_fonts - envypn-font - fira - gentium - gohufont - inconsolata - liberation_ttf - powerline-fonts - source-code-pro - terminus_font - ttf_bitstream_vera - ubuntu_font_family - unifont - unstable.cherry - xorg.fontbitstream100dpi - xorg.fontbitstream75dpi - xorg.fontbitstreamtype1 - ]; - }; - - environment.systemPackages = with pkgs; [ - adapta-gtk-theme - aircrackng - ag - arandr - binutils - chromium - cifs-utils - curl - evince - exfat - feh - file - firefox - freetype - gimp - git - gnupg - graphite2 - hicolor_icon_theme - htop - i3lock - jq - keepassx2 - kvm - lxappearance - man-pages - moc - mpv - mpvc - mupdf - ncdu - nmap - openvpn - pass - p7zip - powertop - ranger - rofi - sshfs - tcpdump - tmux - traceroute - tree - unstable.alacritty - unstable.ponyc - unstable.sublime3 - unstable.youtube-dl - virt-viewer - virtmanager - vulnix - wcalc - wget - xz - zbackup - ]; - - environment.variables = { - EDITOR = ["nvim"]; - }; - - environment.shellAliases = { - ll = "ls -alh"; - ls = "ls --color=tty"; - }; - - virtualisation.libvirtd.enable = true; - #virtualisation.kvmgt.enable = true; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - sound.enable = true; - hardware.pulseaudio.enable = true; - hardware.pulseaudio.support32Bit = true; - nixpkgs.config.pulseaudio = true; - - services.xserver = { - enable = true; - layout = "de"; - xkbVariant = "nodeadkeys"; - libinput.enable = true; - desktopManager = { - default = "xfce"; - xterm.enable = false; - xfce = { - enable = true; - noDesktop = true; - enableXfwm = false; - }; - }; - windowManager.ratpoison.enable = true; - }; - - services.openssh.enable = true; - #services.openssh.permitRootLogin = "yes"; - services.openssh.passwordAuthentication = false; - - networking.wireless.enable = false; - networking.networkmanager.enable = false; - krebs.iptables.enable = true; - #networking.nameservers = [ "8.8.8.8" "141.1.1.1" ]; - networking.enableIPv6 = false; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " " - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - nix.maxJobs = 4; - nix.buildCores = 4; - system.autoUpgrade.enable = false; - system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03"; - system.stateVersion = "19.03"; - -} diff --git a/mb/1systems/orange/hardware-configuration.nix b/mb/1systems/orange/hardware-configuration.nix deleted file mode 100644 index 8aa19126..00000000 --- a/mb/1systems/orange/hardware-configuration.nix +++ /dev/null @@ -1,28 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/b1d32c54-35f8-4bf1-9fd2-82adc760af01"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/BF9B-03A2"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; -} diff --git a/mb/1systems/p1nk/configuration.nix b/mb/1systems/p1nk/configuration.nix deleted file mode 100644 index 19efc75b..00000000 --- a/mb/1systems/p1nk/configuration.nix +++ /dev/null @@ -1,227 +0,0 @@ -{ config, pkgs, callPackage, ... }: let - unstable = import { config = { allowUnfree = true; }; }; -in { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - - - ]; - - krebs.build.host = config.krebs.hosts.p1nk; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-uuid/0392257b-f6cf-484d-8c46-e20aab4fddb7"; - preLVM = true; - allowDiscards = true; - } - ]; - fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; - fileSystems."/mnt/public" = { - device = "//192.168.0.4/public"; - fsType = "cifs"; - options = let - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ]; - }; - - - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "de"; - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "Europe/Berlin"; - - fonts = { - enableCoreFonts = true; - enableGhostscriptFonts = true; - fonts = with pkgs; [ - anonymousPro - corefonts - dejavu_fonts - envypn-font - fira - gentium - gohufont - inconsolata - liberation_ttf - powerline-fonts - source-code-pro - terminus_font - ttf_bitstream_vera - ubuntu_font_family - unifont - unstable.cherry - xorg.fontbitstream100dpi - xorg.fontbitstream75dpi - xorg.fontbitstreamtype1 - ]; - }; - - nixpkgs.config.packageOverrides = super: { - openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; }; - }; - - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = with pkgs; [ - adapta-gtk-theme - aircrackng - ag - arandr - binutils - chromium - cifs-utils - curl - evince - exfat - feh - file - firefox - freetype - gimp - git - gnupg - graphite2 - hicolor_icon_theme - htop - i3lock - jq - keepassx2 - kvm - lxappearance - man-pages - moc - mpv - mpvc - mupdf - ncdu - nmap - openvpn - pass - p7zip - powertop - ranger - rofi - sshfs - tcpdump - tmux - traceroute - tree - unstable.alacritty - unstable.ponyc - unstable.sublime3 - youtube-dl - virt-viewer - virtmanager - vulnix - wcalc - wget - xz - zbackup - ]; - - environment.shellAliases = { - ll = "ls -alh"; - ls = "ls --color=tty"; - }; - - virtualisation.libvirtd.enable = true; - virtualisation.kvmgt.enable = true; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - sound.enable = true; - hardware.pulseaudio.enable = true; - hardware.pulseaudio.support32Bit = true; - - services.xserver = { - enable = true; - layout = "de"; - xkbOptions = "nodeadkeys"; - libinput.enable = true; - desktopManager = { - default = "xfce"; - xterm.enable = false; - xfce = { - enable = true; - noDesktop = true; - enableXfwm = false; - }; - }; - windowManager.ratpoison.enable = true; - windowManager.pekwm.enable = true; - }; - - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - krebs.iptables.enable = true; - networking.networkmanager.enable = false; - networking.wireless.enable = true; - networking.nameservers = [ "8.8.8.8" "141.1.1.1" ]; - networking.enableIPv6 = false; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " " - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color magenta) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - nix.maxJobs = 4; - nix.buildCores = 4; - system.autoUpgrade.enable = false; - system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03"; - system.stateVersion = "19.03"; - -} diff --git a/mb/1systems/p1nk/hardware-configuration.nix b/mb/1systems/p1nk/hardware-configuration.nix deleted file mode 100644 index ab5b6e20..00000000 --- a/mb/1systems/p1nk/hardware-configuration.nix +++ /dev/null @@ -1,29 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/4cc2add6-ed19-4685-bbd9-b992bd8d51fb"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/9F87-AEAA"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/mb/1systems/rofl/configuration.nix b/mb/1systems/rofl/configuration.nix deleted file mode 100644 index 3c5c56c8..00000000 --- a/mb/1systems/rofl/configuration.nix +++ /dev/null @@ -1,103 +0,0 @@ -{ config, pkgs, callPackage, ... }: let - unstable = import { config = { allowUnfree = true; }; }; -in { - imports = - [ # Include the results of the hardware scan. - - - ]; - - krebs.build.host = config.krebs.hosts.rofl; - - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "de"; - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "Europe/Berlin"; - - nixpkgs.config.allowUnfree = true; - - environment.shellAliases = { - ll = "ls -alh"; - ls = "ls --color=tty"; - }; - - environment.systemPackages = with pkgs; [ - curl - fish - git - htop - nmap - ranger - tcpdump - tmux - traceroute - tree - vim - xz - zbackup - ]; - - sound.enable = false; - - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - networking.wireless.enable = false; - networking.networkmanager.enable = false; - krebs.iptables.enable = true; - networking.enableIPv6 = false; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " " - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - system.autoUpgrade.enable = false; - system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03"; - system.stateVersion = "19.03"; - -} diff --git a/mb/1systems/sunsh1n3/configuration.nix b/mb/1systems/sunsh1n3/configuration.nix deleted file mode 100644 index 633d122e..00000000 --- a/mb/1systems/sunsh1n3/configuration.nix +++ /dev/null @@ -1,181 +0,0 @@ - -{ config, pkgs, ... }: let - unstable = import { config = { allowUnfree = true; }; }; -in { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - - ]; - - krebs.build.host = config.krebs.hosts.sunsh1n3; - - boot.kernelPackages = pkgs.linuxPackages_latest; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; - - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-uuid/5354ba31-c7de-4b55-8f86-a2a437dfbb21"; - preLVM = true; - allowDiscards = true; - } - ]; - - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "de"; - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "Europe/Berlin"; - - nixpkgs.config.packageOverrides = super : { - openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = true ; }; - }; - - nixpkgs.config.allowUnfree = true; - - fonts = { - enableCoreFonts = true; - enableGhostscriptFonts = true; - fonts = with pkgs; [ - anonymousPro - corefonts - dejavu_fonts - envypn-font - fira - gentium - gohufont - inconsolata - liberation_ttf - powerline-fonts - source-code-pro - terminus_font - ttf_bitstream_vera - ubuntu_font_family - unifont - unstable.cherry - xorg.fontbitstream100dpi - xorg.fontbitstream75dpi - xorg.fontbitstreamtype1 - ]; - }; - - environment.systemPackages = with pkgs; [ - wget vim git curl fish - ag - chromium - firefox - gimp - p7zip - htop - mpv - mpvc - nmap - ntfs3g - keepassx2 - sshfs - #unstable.skrooge - skrooge - unstable.alacritty - tmux - tree - wcalc - virtmanager - virt-viewer - (wine.override { wineBuild = "wineWow"; }) - xz - zbackup - ]; - - virtualisation.libvirtd.enable = true; - virtualisation.kvmgt.enable = true; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - - programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - programs.dconf.enable = true; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - krebs.iptables.enable = true; - #networking.wireless.enable = true; - networking.networkmanager.enable = true; - networking.enableIPv6 = false; - - # Enable sound. - sound.enable = true; - hardware.pulseaudio.enable = true; - hardware.pulseaudio.support32Bit = true; - nixpkgs.config.pulseaudio = true; - - services.xserver.enable = true; - services.xserver.layout = "de"; - services.xserver.xkbOptions = "nodeadkeys"; - services.xserver.libinput.enable = true; - - # Enable the KDE Desktop Environment. - services.xserver.displayManager.sddm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " " - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - nix.buildCores = 4; - - system.stateVersion = "19.09"; - -} diff --git a/mb/1systems/sunsh1n3/hardware-configuration.nix b/mb/1systems/sunsh1n3/hardware-configuration.nix deleted file mode 100644 index 2beee7c4..00000000 --- a/mb/1systems/sunsh1n3/hardware-configuration.nix +++ /dev/null @@ -1,29 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/a3257922-d2d4-45ae-87cc-cc38d32e0774"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/60A6-4DAB"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/mb/2configs/default.nix b/mb/2configs/default.nix deleted file mode 100644 index 3066d1c3..00000000 --- a/mb/2configs/default.nix +++ /dev/null @@ -1,222 +0,0 @@ -with import ; -{ config, pkgs, ... }: -{ - imports = [ - { - users.users = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.mb.pubkey - ]; - }; - mb = { - name = "mb"; - uid = 1337; - home = "/home/mb"; - group = "users"; - createHome = true; - shell = "/run/current-system/sw/bin/fish"; - extraGroups = [ - "audio" - "video" - "fuse" - "wheel" - "kvm" - "qemu-libvirtd" - "libvirtd" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.mb.pubkey - ]; - }; - xo = { - name = "xo"; - uid = 2323; - home = "/home/xo"; - group = "users"; - createHome = true; - shell = "/run/current-system/sw/bin/fish"; - extraGroups = [ - "audio" - "video" - "fuse" - "wheel" - "kvm" - "qemu-libvirtd" - "libvirtd" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.mb.pubkey - ]; - }; - }; - } - { - environment.variables = { - NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; - }; - } - (let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in { - environment.variables = { - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; - }) - ]; - - networking.hostName = config.krebs.build.host.name; - - krebs = { - enable = true; - build.user = config.krebs.users.mb; - }; - - users.mutableUsers = true; - - services.timesyncd.enable = mkForce true; - - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; - - # multiple-definition-problem when defining environment.variables.EDITOR - environment.extraInit = '' - EDITOR=vim - ''; - - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = with pkgs; [ - #stockholm - git - git-preview - gnumake - jq - parallel - proot - populate - - #style - most - rxvt_unicode.terminfo - - #monitoring tools - htop - iotop - - #network - iptables - iftop - tcpdump - - #stuff for dl - aria2 - - #neat utils - fish - file - kpaste - krebspaste - mosh - pciutils - psmisc - tmux - untilport - usbutils - - #unpack stuff - p7zip - - (pkgs.writeDashBin "sshn" '' - ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" - '') - ]; - - services.openssh = { - enable = true; - permitRootLogin = "yes"; - passwordAuthentication = false; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " " - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - krebs.iptables = { - enable = true; - tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } - { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } - { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } - ]; - }; - }; -} diff --git a/mb/2configs/google-compute-config.nix b/mb/2configs/google-compute-config.nix deleted file mode 100644 index b201bd4b..00000000 --- a/mb/2configs/google-compute-config.nix +++ /dev/null @@ -1,231 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -let - gce = pkgs.google-compute-engine; -in -{ - imports = [ - ./headless.nix - ./qemu-guest.nix - ]; - - fileSystems."/" = { - device = "/dev/disk/by-label/nixos"; - autoResize = true; - }; - - boot.growPartition = true; - boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ]; - boot.initrd.kernelModules = [ "virtio_scsi" ]; - boot.kernelModules = [ "virtio_pci" "virtio_net" ]; - - # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. - boot.loader.grub.device = "/dev/sda"; - boot.loader.timeout = 0; - - # Don't put old configurations in the GRUB menu. The user has no - # way to select them anyway. - boot.loader.grub.configurationLimit = 0; - - # Allow root logins only using the SSH key that the user specified - # at instance creation time. - #services.openssh.enable = true; - #services.openssh.permitRootLogin = "prohibit-password"; - #services.openssh.passwordAuthentication = mkDefault false; - - # Use GCE udev rules for dynamic disk volumes - services.udev.packages = [ gce ]; - - # Force getting the hostname from Google Compute. - networking.hostName = mkDefault ""; - - # Always include cryptsetup so that NixOps can use it. - environment.systemPackages = [ pkgs.cryptsetup ]; - - # Make sure GCE image does not replace host key that NixOps sets - environment.etc."default/instance_configs.cfg".text = lib.mkDefault '' - [InstanceSetup] - set_host_keys = false - ''; - - # Rely on GCP's firewall instead - networking.firewall.enable = mkDefault false; - - # Configure default metadata hostnames - networking.extraHosts = '' - 169.254.169.254 metadata.google.internal metadata - ''; - - networking.timeServers = [ "metadata.google.internal" ]; - - networking.usePredictableInterfaceNames = false; - - # GC has 1460 MTU - networking.interfaces.eth0.mtu = 1460; - - security.googleOsLogin.enable = true; - - systemd.services.google-clock-skew-daemon = { - description = "Google Compute Engine Clock Skew Daemon"; - after = [ - "network.target" - "google-instance-setup.service" - "google-network-setup.service" - ]; - requires = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - Type = "simple"; - ExecStart = "${gce}/bin/google_clock_skew_daemon --debug"; - }; - }; - - systemd.services.google-instance-setup = { - description = "Google Compute Engine Instance Setup"; - after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"]; - before = ["sshd.service"]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "sshd.service" "multi-user.target" ]; - path = with pkgs; [ ethtool openssh ]; - serviceConfig = { - ExecStart = "${gce}/bin/google_instance_setup --debug"; - Type = "oneshot"; - }; - }; - - systemd.services.google-network-daemon = { - description = "Google Compute Engine Network Daemon"; - after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - requires = ["network.target"]; - partOf = ["network.target"]; - wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ iproute ]; - serviceConfig = { - ExecStart = "${gce}/bin/google_network_daemon --debug"; - }; - }; - - systemd.services.google-shutdown-scripts = { - description = "Google Compute Engine Shutdown Scripts"; - after = [ - "local-fs.target" - "network-online.target" - "network.target" - "rsyslog.service" - "systemd-resolved.service" - "google-instance-setup.service" - "google-network-daemon.service" - ]; - wants = [ "local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkgs.coreutils}/bin/true"; - ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown"; - Type = "oneshot"; - RemainAfterExit = true; - TimeoutStopSec = "infinity"; - }; - }; - - systemd.services.google-startup-scripts = { - description = "Google Compute Engine Startup Scripts"; - after = [ - "local-fs.target" - "network-online.target" - "network.target" - "rsyslog.service" - "google-instance-setup.service" - "google-network-daemon.service" - ]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup"; - KillMode = "process"; - Type = "oneshot"; - }; - }; - - - # Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf - boot.kernel.sysctl = { - # Turn on SYN-flood protections. Starting with 2.6.26, there is no loss - # of TCP functionality/features under normal conditions. When flood - # protections kick in under high unanswered-SYN load, the system - # should remain more stable, with a trade off of some loss of TCP - # functionality/features (e.g. TCP Window scaling). - "net.ipv4.tcp_syncookies" = mkDefault "1"; - - # ignores source-routed packets - "net.ipv4.conf.all.accept_source_route" = mkDefault "0"; - - # ignores source-routed packets - "net.ipv4.conf.default.accept_source_route" = mkDefault "0"; - - # ignores ICMP redirects - "net.ipv4.conf.all.accept_redirects" = mkDefault "0"; - - # ignores ICMP redirects - "net.ipv4.conf.default.accept_redirects" = mkDefault "0"; - - # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.all.secure_redirects" = mkDefault "1"; - - # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.default.secure_redirects" = mkDefault "1"; - - # don't allow traffic between networks or act as a router - "net.ipv4.ip_forward" = mkDefault "0"; - - # don't allow traffic between networks or act as a router - "net.ipv4.conf.all.send_redirects" = mkDefault "0"; - - # don't allow traffic between networks or act as a router - "net.ipv4.conf.default.send_redirects" = mkDefault "0"; - - # reverse path filtering - IP spoofing protection - "net.ipv4.conf.all.rp_filter" = mkDefault "1"; - - # reverse path filtering - IP spoofing protection - "net.ipv4.conf.default.rp_filter" = mkDefault "1"; - - # ignores ICMP broadcasts to avoid participating in Smurf attacks - "net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1"; - - # ignores bad ICMP errors - "net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1"; - - # logs spoofed, source-routed, and redirect packets - "net.ipv4.conf.all.log_martians" = mkDefault "1"; - - # log spoofed, source-routed, and redirect packets - "net.ipv4.conf.default.log_martians" = mkDefault "1"; - - # implements RFC 1337 fix - "net.ipv4.tcp_rfc1337" = mkDefault "1"; - - # randomizes addresses of mmap base, heap, stack and VDSO page - "kernel.randomize_va_space" = mkDefault "2"; - - # Reboot the machine soon after a kernel panic. - "kernel.panic" = mkDefault "10"; - - ## Not part of the original config - - # provides protection from ToCToU races - "fs.protected_hardlinks" = mkDefault "1"; - - # provides protection from ToCToU races - "fs.protected_symlinks" = mkDefault "1"; - - # makes locating kernel addresses more difficult - "kernel.kptr_restrict" = mkDefault "1"; - - # set ptrace protections - "kernel.yama.ptrace_scope" = mkOverride 500 "1"; - - # set perf only available to root - "kernel.perf_event_paranoid" = mkDefault "2"; - }; -} diff --git a/mb/2configs/headless.nix b/mb/2configs/headless.nix deleted file mode 100644 index 46a9b6a7..00000000 --- a/mb/2configs/headless.nix +++ /dev/null @@ -1,25 +0,0 @@ -# Common configuration for headless machines (e.g., Amazon EC2 -# instances). - -{ lib, ... }: - -with lib; - -{ - boot.vesa = false; - - # Don't start a tty on the serial consoles. - systemd.services."serial-getty@ttyS0".enable = false; - systemd.services."serial-getty@hvc0".enable = false; - systemd.services."getty@tty1".enable = false; - systemd.services."autovt@".enable = false; - - # Since we can't manually respond to a panic, just reboot. - boot.kernelParams = [ "panic=1" "boot.panic_on_fail" ]; - - # Don't allow emergency mode, because we don't have a console. - systemd.enableEmergencyMode = false; - - # Being headless, we don't need a GRUB splash image. - boot.loader.grub.splashImage = null; -} diff --git a/mb/2configs/neovimrc b/mb/2configs/neovimrc deleted file mode 100644 index 8dbeaec7..00000000 --- a/mb/2configs/neovimrc +++ /dev/null @@ -1,446 +0,0 @@ - -"***************************************************************************** -"" Functions -"***************************************************************************** - -function! GetBufferList() - redir =>buflist - silent! ls! - redir END - return buflist -endfunction - -function! ToggleList(bufname, pfx) - let buflist = GetBufferList() - for bufnum in map(filter(split(buflist, '\n'), 'v:val =~ "'.a:bufname.'"'), 'str2nr(matchstr(v:val, "\\d\\+"))') - if bufwinnr(bufnum) != -1 - exec(a:pfx.'close') - return - endif - endfor - if a:pfx == 'l' && len(getloclist(0)) == 0 - echohl ErrorMsg - echo "Location List is Empty." - return - endif - let winnr = winnr() - exec(a:pfx.'open') - if winnr() != winnr - wincmd p - endif -endfunction - - -"***************************************************************************** -"" Basic Setup -"*****************************************************************************" -" General -let no_buffers_menu=1 -syntax on -set ruler -set number -set mousemodel=popup -set t_Co=256 -set guioptions=egmrti -set gfn=Monospace\ 10 - -" TODO: Testing if this works against automatically setting paste mode -" Issue: https://github.com/neovim/neovim/issues/7994 -au InsertLeave * set nopaste - - -" undofile - This allows you to use undos after exiting and restarting -" This, like swap and backups, uses .vim-undo first, then ~/.vim/undo -" :help undo-persistence -if exists("+undofile") - if isdirectory($HOME . '/.vim/undo') == 0 - :silent !mkdir -p ~/.vim/undo > /dev/null 2>&1 - endif - set undodir=./.vim-undo// - set undodir+=~/.vim/undo// - set undofile -endif - -" Encoding -set encoding=utf-8 -set fileencoding=utf-8 -set fileencodings=utf-8 -set bomb -set binary - -" Fix backspace indent -set backspace=indent,eol,start - -" Tabs. May be overriten by autocmd rules -set tabstop=4 -set softtabstop=0 -set shiftwidth=4 -set expandtab - -" Map leader to , -let mapleader=',' - -" Enable hidden buffers -set hidden - -" Searching -set hlsearch -set incsearch -set ignorecase -set smartcase - -" Directories for swp files -set nobackup -set noswapfile - -set fileformats=unix,dos,mac - -" File overview -set wildmode=list:longest,list:full -set wildignore+=*.o,*.obj,.git,*.rbc,*.pyc,__pycache__ - -" Shell to emulate -if exists('$SHELL') - set shell=$SHELL -else - set shell=/bin/bash -endif - -" Set color scheme -colorscheme molokai - -"Show always Status bar -set laststatus=2 - -" Use modeline overrides -set modeline -set modelines=10 - -" Set terminal title -set title -set titleold="Terminal" -set titlestring=%F - -" search will center on the line it's found in. -nnoremap n nzzzv -nnoremap N Nzzzv - - - -"***************************************************************************** -"" Abbreviations -"***************************************************************************** -" no one is really happy until you have this shortcuts -cnoreabbrev W! w! -cnoreabbrev Q! q! -cnoreabbrev Qall! qall! -cnoreabbrev Wq wq -cnoreabbrev Wa wa -cnoreabbrev wQ wq -cnoreabbrev WQ wq -cnoreabbrev W w -cnoreabbrev Q q -cnoreabbrev Qall qall - -" NERDTree configuration -let g:NERDTreeChDirMode=2 -let g:NERDTreeIgnore=['\.rbc$', '\~$', '\.pyc$', '\.db$', '\.sqlite$', '__pycache__'] -let g:NERDTreeSortOrder=['^__\.py$', '\/$', '*', '\.swp$', '\.bak$', '\~$'] -let g:NERDTreeShowBookmarks=1 -let g:nerdtree_tabs_focus_on_files=1 -let g:NERDTreeMapOpenInTabSilent = '' -let g:NERDTreeWinSize = 50 -set wildignore+=*/tmp/*,*.so,*.swp,*.zip,*.pyc,*.db,*.sqlite -nnoremap :NERDTreeFind -nnoremap :NERDTreeToggle - -" open terminal emulation -nnoremap sh :terminal:startinsert - -"***************************************************************************** -"" Autocmd Rules -"***************************************************************************** -"" The PC is fast enough, do syntax highlight syncing from start unless 200 lines -augroup vimrc-sync-fromstart - autocmd! - autocmd BufEnter * :syntax sync maxlines=200 -augroup END - -" Nasm filetype -augroup nasm - autocmd! - autocmd BufRead,BufNewFile *.nasm set ft=nasm -augroup END - -" Binary filetype -augroup Binary - au! - au BufReadPre *.bin,*.exe,*.elf let &bin=1 - au BufReadPost *.bin,*.exe,*.elf if &bin | %!xxd - au BufReadPost *.bin,*.exe,*.elf set ft=xxd | endif - au BufWritePre *.bin,*.exe,*.elf if &bin | %!xxd -r - au BufWritePre *.bin,*.exe,*.elf endif - au BufWritePost *.bin,*.exe,*.elf if &bin | %!xxd - au BufWritePost *.bin,*.exe,*.elf set nomod | endif -augroup END - -" Binary filetype -augroup fasm - au! - au BufReadPost *.fasm set ft=fasm -augroup END - -augroup deoplete-update - autocmd! - autocmd VimEnter * UpdateRemotePlugin -augroup END - -"" Remember cursor position -augroup vimrc-remember-cursor-position - autocmd! - autocmd BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif -augroup END - -"" txt -" augroup vimrc-wrapping -" autocmd! -" autocmd BufRead,BufNewFile *.txt call s:setupWrapping() -" augroup END - -"" make/cmake -augroup vimrc-make-cmake - autocmd! - autocmd FileType make setlocal noexpandtab - autocmd BufNewFile,BufRead CMakeLists.txt setlocal filetype=cmake -augroup END - -set autoread - -"***************************************************************************** -"" Mappings -"***************************************************************************** - -" Split -noremap h :split -noremap v :vsplit - -" Git -noremap ga :Gwrite -noremap gc :Gcommit -noremap gsh :Gpush -noremap gll :Gpull -noremap gs :Gstatus -noremap gb :Gblame -noremap gd :Gvdiff -noremap gr :Gremove - -" Tabs -nnoremap gt -nnoremap gT -nnoremap :tabnew - -" Set working directory -nnoremap . :lcd %:p:h - -" Opens an edit command with the path of the currently edited file filled in -noremap e :e =expand("%:p:h") . "/" - -" Opens a tab edit command with the path of the currently edited file filled -noremap te :tabe =expand("%:p:h") . "/" - -" Tagbar -nmap :TagbarToggle -let g:tagbar_autofocus = 1 - -" Copy/Paste/Cut -set clipboard^=unnamed,unnamedplus - -noremap YY "+y -noremap p "+gP -noremap XX "+x - -" Enable mouse for vim -set mouse=a - -" Buffer nav -noremap z :bp -noremap q :bp -noremap x :bn -noremap w :bn - -" Close buffer -noremap c :bd - -" Clean search (highlight) -nnoremap :noh - -" Switching windows -noremap j -noremap k -noremap l -noremap h - -" Vmap for maintain Visual Mode after shifting > and < -vmap < >gv - -" Move visual block -vnoremap J :m '>+1gv=gv -vnoremap K :m '<-2gv=gv - -" Open current line on GitHub -nnoremap o :.Gbrowse - - -" Save on strg+s if not in paste mode -nmap :w -vmap gv -imap - -" Quit on strg+q in normal mode -nnoremap :q - -" Strg+d to replace word under cursor -nnoremap :%s/\<\>//g - -" Strg+f ro find word under cursor -nnoremap :/ - -" Remove unneccessary spaces -nnoremap :let _s=@/ :%s/\s\+$//e :let @/=_s :nohl :unlet _s - -" Reindent whole file with F6 -map mzgg=G`z - -" Toggle location list -nmap :call ToggleList("Quickfix List", 'c') - -" Replacing text in visual mode doesn't copy it anymore -xmap p ReplaceWithRegisterVisual -xmap ReplaceWithRegisterVisual - -" ALE mappings -nmap i (ale_hover) -nmap d (ale_go_to_definition_in_tab) -nmap rf (ale_find_references) -nmap (ale_fix) - -" Vim-Go mappings -au FileType go nmap i :GoDoc -au FileType go nmap d :GoDef -au FileType go nmap rf :GoReferrers - - -"" Opens an edit command with the path of the currently edited file filled in -noremap e :e =expand("%:p:h") . "/" - -" Use tab for navigatin in autocompletion window -inoremap pumvisible() ? "\" : "\" -inoremap pumvisible() ? "\" : "\" - - -"***************************************************************************** -"" Plugin settings -"***************************************************************************** - -" vim-airline -set statusline+=%{fugitive#statusline()} -let g:airline_theme = 'powerlineish' -let g:airline#extensions#syntastic#enabled = 1 -let g:airline#extensions#branch#enabled = 1 -let g:airline#extensions#tabline#enabled = 1 -let g:airline#extensions#tagbar#enabled = 1 -let g:airline_skip_empty_sections = 1 -let g:airline#extensions#ale#enabled = 1 - -" show indent lines -let g:indent_guides_enable_on_vim_startup = 1 -let g:indent_guides_auto_colors = 0 -hi IndentGuidesOdd ctermbg=235 -hi IndentGuidesEven ctermbg=235 -let g:indent_guides_guide_size = 1 -let g:indent_guides_start_level = 2 - -" Enable autocompletion -let g:deoplete#enable_at_startup = 1 -set completeopt-=preview - -" Ale no preview on hover -let g:ale_close_preview_on_insert = 0 -let g:ale_cursor_detail = 0 - -" Ale skip if file size over 2G -let g:ale_maximum_file_size = "2147483648" - -" Ale to loclist a