diff options
Diffstat (limited to 'mb/2configs')
-rw-r--r-- | mb/2configs/default.nix | 222 | ||||
-rw-r--r-- | mb/2configs/google-compute-config.nix | 231 | ||||
-rw-r--r-- | mb/2configs/headless.nix | 25 | ||||
-rw-r--r-- | mb/2configs/neovimrc | 446 | ||||
-rw-r--r-- | mb/2configs/nvim.nix | 70 | ||||
-rw-r--r-- | mb/2configs/qemu-guest.nix | 19 | ||||
-rw-r--r-- | mb/2configs/retiolum.nix | 33 | ||||
-rw-r--r-- | mb/2configs/tests/dummy-secrets/retiolum.rsa | 4 |
8 files changed, 0 insertions, 1050 deletions
diff --git a/mb/2configs/default.nix b/mb/2configs/default.nix deleted file mode 100644 index 3066d1c36..000000000 --- a/mb/2configs/default.nix +++ /dev/null @@ -1,222 +0,0 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: -{ - imports = [ - { - users.users = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.mb.pubkey - ]; - }; - mb = { - name = "mb"; - uid = 1337; - home = "/home/mb"; - group = "users"; - createHome = true; - shell = "/run/current-system/sw/bin/fish"; - extraGroups = [ - "audio" - "video" - "fuse" - "wheel" - "kvm" - "qemu-libvirtd" - "libvirtd" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.mb.pubkey - ]; - }; - xo = { - name = "xo"; - uid = 2323; - home = "/home/xo"; - group = "users"; - createHome = true; - shell = "/run/current-system/sw/bin/fish"; - extraGroups = [ - "audio" - "video" - "fuse" - "wheel" - "kvm" - "qemu-libvirtd" - "libvirtd" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.mb.pubkey - ]; - }; - }; - } - { - environment.variables = { - NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; - }; - } - (let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in { - environment.variables = { - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; - }) - ]; - - networking.hostName = config.krebs.build.host.name; - - krebs = { - enable = true; - build.user = config.krebs.users.mb; - }; - - users.mutableUsers = true; - - services.timesyncd.enable = mkForce true; - - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; - - # multiple-definition-problem when defining environment.variables.EDITOR - environment.extraInit = '' - EDITOR=vim - ''; - - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = with pkgs; [ - #stockholm - git - git-preview - gnumake - jq - parallel - proot - populate - - #style - most - rxvt_unicode.terminfo - - #monitoring tools - htop - iotop - - #network - iptables - iftop - tcpdump - - #stuff for dl - aria2 - - #neat utils - fish - file - kpaste - krebspaste - mosh - pciutils - psmisc - tmux - untilport - usbutils - - #unpack stuff - p7zip - - (pkgs.writeDashBin "sshn" '' - ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" - '') - ]; - - services.openssh = { - enable = true; - permitRootLogin = "yes"; - passwordAuthentication = false; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " <nix-shell>" - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - krebs.iptables = { - enable = true; - tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } - { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } - { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } - ]; - }; - }; -} diff --git a/mb/2configs/google-compute-config.nix b/mb/2configs/google-compute-config.nix deleted file mode 100644 index b201bd4b8..000000000 --- a/mb/2configs/google-compute-config.nix +++ /dev/null @@ -1,231 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -let - gce = pkgs.google-compute-engine; -in -{ - imports = [ - ./headless.nix - ./qemu-guest.nix - ]; - - fileSystems."/" = { - device = "/dev/disk/by-label/nixos"; - autoResize = true; - }; - - boot.growPartition = true; - boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ]; - boot.initrd.kernelModules = [ "virtio_scsi" ]; - boot.kernelModules = [ "virtio_pci" "virtio_net" ]; - - # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. - boot.loader.grub.device = "/dev/sda"; - boot.loader.timeout = 0; - - # Don't put old configurations in the GRUB menu. The user has no - # way to select them anyway. - boot.loader.grub.configurationLimit = 0; - - # Allow root logins only using the SSH key that the user specified - # at instance creation time. - #services.openssh.enable = true; - #services.openssh.permitRootLogin = "prohibit-password"; - #services.openssh.passwordAuthentication = mkDefault false; - - # Use GCE udev rules for dynamic disk volumes - services.udev.packages = [ gce ]; - - # Force getting the hostname from Google Compute. - networking.hostName = mkDefault ""; - - # Always include cryptsetup so that NixOps can use it. - environment.systemPackages = [ pkgs.cryptsetup ]; - - # Make sure GCE image does not replace host key that NixOps sets - environment.etc."default/instance_configs.cfg".text = lib.mkDefault '' - [InstanceSetup] - set_host_keys = false - ''; - - # Rely on GCP's firewall instead - networking.firewall.enable = mkDefault false; - - # Configure default metadata hostnames - networking.extraHosts = '' - 169.254.169.254 metadata.google.internal metadata - ''; - - networking.timeServers = [ "metadata.google.internal" ]; - - networking.usePredictableInterfaceNames = false; - - # GC has 1460 MTU - networking.interfaces.eth0.mtu = 1460; - - security.googleOsLogin.enable = true; - - systemd.services.google-clock-skew-daemon = { - description = "Google Compute Engine Clock Skew Daemon"; - after = [ - "network.target" - "google-instance-setup.service" - "google-network-setup.service" - ]; - requires = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - Type = "simple"; - ExecStart = "${gce}/bin/google_clock_skew_daemon --debug"; - }; - }; - - systemd.services.google-instance-setup = { - description = "Google Compute Engine Instance Setup"; - after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"]; - before = ["sshd.service"]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "sshd.service" "multi-user.target" ]; - path = with pkgs; [ ethtool openssh ]; - serviceConfig = { - ExecStart = "${gce}/bin/google_instance_setup --debug"; - Type = "oneshot"; - }; - }; - - systemd.services.google-network-daemon = { - description = "Google Compute Engine Network Daemon"; - after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - requires = ["network.target"]; - partOf = ["network.target"]; - wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ iproute ]; - serviceConfig = { - ExecStart = "${gce}/bin/google_network_daemon --debug"; - }; - }; - - systemd.services.google-shutdown-scripts = { - description = "Google Compute Engine Shutdown Scripts"; - after = [ - "local-fs.target" - "network-online.target" - "network.target" - "rsyslog.service" - "systemd-resolved.service" - "google-instance-setup.service" - "google-network-daemon.service" - ]; - wants = [ "local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkgs.coreutils}/bin/true"; - ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown"; - Type = "oneshot"; - RemainAfterExit = true; - TimeoutStopSec = "infinity"; - }; - }; - - systemd.services.google-startup-scripts = { - description = "Google Compute Engine Startup Scripts"; - after = [ - "local-fs.target" - "network-online.target" - "network.target" - "rsyslog.service" - "google-instance-setup.service" - "google-network-daemon.service" - ]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup"; - KillMode = "process"; - Type = "oneshot"; - }; - }; - - - # Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf - boot.kernel.sysctl = { - # Turn on SYN-flood protections. Starting with 2.6.26, there is no loss - # of TCP functionality/features under normal conditions. When flood - # protections kick in under high unanswered-SYN load, the system - # should remain more stable, with a trade off of some loss of TCP - # functionality/features (e.g. TCP Window scaling). - "net.ipv4.tcp_syncookies" = mkDefault "1"; - - # ignores source-routed packets - "net.ipv4.conf.all.accept_source_route" = mkDefault "0"; - - # ignores source-routed packets - "net.ipv4.conf.default.accept_source_route" = mkDefault "0"; - - # ignores ICMP redirects - "net.ipv4.conf.all.accept_redirects" = mkDefault "0"; - - # ignores ICMP redirects - "net.ipv4.conf.default.accept_redirects" = mkDefault "0"; - - # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.all.secure_redirects" = mkDefault "1"; - - # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.default.secure_redirects" = mkDefault "1"; - - # don't allow traffic between networks or act as a router - "net.ipv4.ip_forward" = mkDefault "0"; - - # don't allow traffic between networks or act as a router - "net.ipv4.conf.all.send_redirects" = mkDefault "0"; - - # don't allow traffic between networks or act as a router - "net.ipv4.conf.default.send_redirects" = mkDefault "0"; - - # reverse path filtering - IP spoofing protection - "net.ipv4.conf.all.rp_filter" = mkDefault "1"; - - # reverse path filtering - IP spoofing protection - "net.ipv4.conf.default.rp_filter" = mkDefault "1"; - - # ignores ICMP broadcasts to avoid participating in Smurf attacks - "net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1"; - - # ignores bad ICMP errors - "net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1"; - - # logs spoofed, source-routed, and redirect packets - "net.ipv4.conf.all.log_martians" = mkDefault "1"; - - # log spoofed, source-routed, and redirect packets - "net.ipv4.conf.default.log_martians" = mkDefault "1"; - - # implements RFC 1337 fix - "net.ipv4.tcp_rfc1337" = mkDefault "1"; - - # randomizes addresses of mmap base, heap, stack and VDSO page - "kernel.randomize_va_space" = mkDefault "2"; - - # Reboot the machine soon after a kernel panic. - "kernel.panic" = mkDefault "10"; - - ## Not part of the original config - - # provides protection from ToCToU races - "fs.protected_hardlinks" = mkDefault "1"; - - # provides protection from ToCToU races - "fs.protected_symlinks" = mkDefault "1"; - - # makes locating kernel addresses more difficult - "kernel.kptr_restrict" = mkDefault "1"; - - # set ptrace protections - "kernel.yama.ptrace_scope" = mkOverride 500 "1"; - - # set perf only available to root - "kernel.perf_event_paranoid" = mkDefault "2"; - }; -} diff --git a/mb/2configs/headless.nix b/mb/2configs/headless.nix deleted file mode 100644 index 46a9b6a7d..000000000 --- a/mb/2configs/headless.nix +++ /dev/null @@ -1,25 +0,0 @@ -# Common configuration for headless machines (e.g., Amazon EC2 -# instances). - -{ lib, ... }: - -with lib; - -{ - boot.vesa = false; - - # Don't start a tty on the serial consoles. - systemd.services."serial-getty@ttyS0".enable = false; - systemd.services."serial-getty@hvc0".enable = false; - systemd.services."getty@tty1".enable = false; - systemd.services."autovt@".enable = false; - - # Since we can't manually respond to a panic, just reboot. - boot.kernelParams = [ "panic=1" "boot.panic_on_fail" ]; - - # Don't allow emergency mode, because we don't have a console. - systemd.enableEmergencyMode = false; - - # Being headless, we don't need a GRUB splash image. - boot.loader.grub.splashImage = null; -} diff --git a/mb/2configs/neovimrc b/mb/2configs/neovimrc deleted file mode 100644 index 8dbeaec7b..000000000 --- a/mb/2configs/neovimrc +++ /dev/null @@ -1,446 +0,0 @@ - -"***************************************************************************** -"" Functions -"***************************************************************************** - -function! GetBufferList() - redir =>buflist - silent! ls! - redir END - return buflist -endfunction - -function! ToggleList(bufname, pfx) - let buflist = GetBufferList() - for bufnum in map(filter(split(buflist, '\n'), 'v:val =~ "'.a:bufname.'"'), 'str2nr(matchstr(v:val, "\\d\\+"))') - if bufwinnr(bufnum) != -1 - exec(a:pfx.'close') - return - endif - endfor - if a:pfx == 'l' && len(getloclist(0)) == 0 - echohl ErrorMsg - echo "Location List is Empty." - return - endif - let winnr = winnr() - exec(a:pfx.'open') - if winnr() != winnr - wincmd p - endif -endfunction - - -"***************************************************************************** -"" Basic Setup -"*****************************************************************************" -" General -let no_buffers_menu=1 -syntax on -set ruler -set number -set mousemodel=popup -set t_Co=256 -set guioptions=egmrti -set gfn=Monospace\ 10 - -" TODO: Testing if this works against automatically setting paste mode -" Issue: https://github.com/neovim/neovim/issues/7994 -au InsertLeave * set nopaste - - -" undofile - This allows you to use undos after exiting and restarting -" This, like swap and backups, uses .vim-undo first, then ~/.vim/undo -" :help undo-persistence -if exists("+undofile") - if isdirectory($HOME . '/.vim/undo') == 0 - :silent !mkdir -p ~/.vim/undo > /dev/null 2>&1 - endif - set undodir=./.vim-undo// - set undodir+=~/.vim/undo// - set undofile -endif - -" Encoding -set encoding=utf-8 -set fileencoding=utf-8 -set fileencodings=utf-8 -set bomb -set binary - -" Fix backspace indent -set backspace=indent,eol,start - -" Tabs. May be overriten by autocmd rules -set tabstop=4 -set softtabstop=0 -set shiftwidth=4 -set expandtab - -" Map leader to , -let mapleader=',' - -" Enable hidden buffers -set hidden - -" Searching -set hlsearch -set incsearch -set ignorecase -set smartcase - -" Directories for swp files -set nobackup -set noswapfile - -set fileformats=unix,dos,mac - -" File overview -set wildmode=list:longest,list:full -set wildignore+=*.o,*.obj,.git,*.rbc,*.pyc,__pycache__ - -" Shell to emulate -if exists('$SHELL') - set shell=$SHELL -else - set shell=/bin/bash -endif - -" Set color scheme -colorscheme molokai - -"Show always Status bar -set laststatus=2 - -" Use modeline overrides -set modeline -set modelines=10 - -" Set terminal title -set title -set titleold="Terminal" -set titlestring=%F - -" search will center on the line it's found in. -nnoremap n nzzzv -nnoremap N Nzzzv - - - -"***************************************************************************** -"" Abbreviations -"***************************************************************************** -" no one is really happy until you have this shortcuts -cnoreabbrev W! w! -cnoreabbrev Q! q! -cnoreabbrev Qall! qall! -cnoreabbrev Wq wq -cnoreabbrev Wa wa -cnoreabbrev wQ wq -cnoreabbrev WQ wq -cnoreabbrev W w -cnoreabbrev Q q -cnoreabbrev Qall qall - -" NERDTree configuration -let g:NERDTreeChDirMode=2 -let g:NERDTreeIgnore=['\.rbc$', '\~$', '\.pyc$', '\.db$', '\.sqlite$', '__pycache__'] -let g:NERDTreeSortOrder=['^__\.py$', '\/$', '*', '\.swp$', '\.bak$', '\~$'] -let g:NERDTreeShowBookmarks=1 -let g:nerdtree_tabs_focus_on_files=1 -let g:NERDTreeMapOpenInTabSilent = '<RightMouse>' -let g:NERDTreeWinSize = 50 -set wildignore+=*/tmp/*,*.so,*.swp,*.zip,*.pyc,*.db,*.sqlite -nnoremap <silent> <F1> :NERDTreeFind<CR> -nnoremap <silent> <F2> :NERDTreeToggle<CR> - -" open terminal emulation -nnoremap <silent> <leader>sh :terminal<CR>:startinsert<CR> - -"***************************************************************************** -"" Autocmd Rules -"***************************************************************************** -"" The PC is fast enough, do syntax highlight syncing from start unless 200 lines -augroup vimrc-sync-fromstart - autocmd! - autocmd BufEnter * :syntax sync maxlines=200 -augroup END - -" Nasm filetype -augroup nasm - autocmd! - autocmd BufRead,BufNewFile *.nasm set ft=nasm -augroup END - -" Binary filetype -augroup Binary - au! - au BufReadPre *.bin,*.exe,*.elf let &bin=1 - au BufReadPost *.bin,*.exe,*.elf if &bin | %!xxd - au BufReadPost *.bin,*.exe,*.elf set ft=xxd | endif - au BufWritePre *.bin,*.exe,*.elf if &bin | %!xxd -r - au BufWritePre *.bin,*.exe,*.elf endif - au BufWritePost *.bin,*.exe,*.elf if &bin | %!xxd - au BufWritePost *.bin,*.exe,*.elf set nomod | endif -augroup END - -" Binary filetype -augroup fasm - au! - au BufReadPost *.fasm set ft=fasm -augroup END - -augroup deoplete-update - autocmd! - autocmd VimEnter * UpdateRemotePlugin -augroup END - -"" Remember cursor position -augroup vimrc-remember-cursor-position - autocmd! - autocmd BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif -augroup END - -"" txt -" augroup vimrc-wrapping -" autocmd! -" autocmd BufRead,BufNewFile *.txt call s:setupWrapping() -" augroup END - -"" make/cmake -augroup vimrc-make-cmake - autocmd! - autocmd FileType make setlocal noexpandtab - autocmd BufNewFile,BufRead CMakeLists.txt setlocal filetype=cmake -augroup END - -set autoread - -"***************************************************************************** -"" Mappings -"***************************************************************************** - -" Split -noremap <Leader>h :<C-u>split<CR> -noremap <Leader>v :<C-u>vsplit<CR> - -" Git -noremap <Leader>ga :Gwrite<CR> -noremap <Leader>gc :Gcommit<CR> -noremap <Leader>gsh :Gpush<CR> -noremap <Leader>gll :Gpull<CR> -noremap <Leader>gs :Gstatus<CR> -noremap <Leader>gb :Gblame<CR> -noremap <Leader>gd :Gvdiff<CR> -noremap <Leader>gr :Gremove<CR> - -" Tabs -nnoremap <Tab> gt -nnoremap <S-Tab> gT -nnoremap <silent> <S-t> :tabnew<CR> - -" Set working directory -nnoremap <leader>. :lcd %:p:h<CR> - -" Opens an edit command with the path of the currently edited file filled in -noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR> - -" Opens a tab edit command with the path of the currently edited file filled -noremap <Leader>te :tabe <C-R>=expand("%:p:h") . "/" <CR> - -" Tagbar -nmap <silent> <F3> :TagbarToggle<CR> -let g:tagbar_autofocus = 1 - -" Copy/Paste/Cut -set clipboard^=unnamed,unnamedplus - -noremap YY "+y<CR> -noremap <leader>p "+gP<CR> -noremap XX "+x<CR> - -" Enable mouse for vim -set mouse=a - -" Buffer nav -noremap <leader>z :bp<CR> -noremap <leader>q :bp<CR> -noremap <leader>x :bn<CR> -noremap <leader>w :bn<CR> - -" Close buffer -noremap <leader>c :bd<CR> - -" Clean search (highlight) -nnoremap <silent> <leader><space> :noh<cr> - -" Switching windows -noremap <C-j> <C-w>j -noremap <C-k> <C-w>k -noremap <C-l> <C-w>l -noremap <C-h> <C-w>h - -" Vmap for maintain Visual Mode after shifting > and < -vmap < <gv -vmap > >gv - -" Move visual block -vnoremap J :m '>+1<CR>gv=gv -vnoremap K :m '<-2<CR>gv=gv - -" Open current line on GitHub -nnoremap <Leader>o :.Gbrowse<CR> - - -" Save on strg+s if not in paste mode -nmap <c-s> :w<CR> -vmap <c-s> <Esc><c-s>gv -imap <c-s> <Esc><c-s> - -" Quit on strg+q in normal mode -nnoremap <c-q> :q<cr> - -" Strg+d to replace word under cursor -nnoremap <c-d> :%s/\<<C-r><C-w>\>//g<Left><Left> - -" Strg+f ro find word under cursor -nnoremap <c-f> :/<C-r><C-w><Left><Left> - -" Remove unneccessary spaces -nnoremap <silent> <F5> :let _s=@/ <Bar> :%s/\s\+$//e <Bar> :let @/=_s <Bar> :nohl <Bar> :unlet _s <CR> - -" Reindent whole file with F6 -map <F6> mzgg=G`z - -" Toggle location list -nmap <silent> <F4> :call ToggleList("Quickfix List", 'c')<CR> - -" Replacing text in visual mode doesn't copy it anymore -xmap p <Plug>ReplaceWithRegisterVisual -xmap <MiddleMouse> <Plug>ReplaceWithRegisterVisual - -" ALE mappings -nmap <Leader>i <Plug>(ale_hover) -nmap <Leader>d <Plug>(ale_go_to_definition_in_tab) -nmap <Leader>rf <Plug>(ale_find_references) -nmap <silent><F7> <Plug>(ale_fix) - -" Vim-Go mappings -au FileType go nmap <Leader>i :GoDoc<cr> -au FileType go nmap <Leader>d :GoDef<cr> -au FileType go nmap <Leader>rf :GoReferrers<cr> - - -"" Opens an edit command with the path of the currently edited file filled in -noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR> - -" Use tab for navigatin in autocompletion window -inoremap <expr> <Tab> pumvisible() ? "\<C-n>" : "\<Tab>" -inoremap <expr> <S-Tab> pumvisible() ? "\<C-p>" : "\<S-Tab>" - - -"***************************************************************************** -"" Plugin settings -"***************************************************************************** - -" vim-airline -set statusline+=%{fugitive#statusline()} -let g:airline_theme = 'powerlineish' -let g:airline#extensions#syntastic#enabled = 1 -let g:airline#extensions#branch#enabled = 1 -let g:airline#extensions#tabline#enabled = 1 -let g:airline#extensions#tagbar#enabled = 1 -let g:airline_skip_empty_sections = 1 -let g:airline#extensions#ale#enabled = 1 - -" show indent lines -let g:indent_guides_enable_on_vim_startup = 1 -let g:indent_guides_auto_colors = 0 -hi IndentGuidesOdd ctermbg=235 -hi IndentGuidesEven ctermbg=235 -let g:indent_guides_guide_size = 1 -let g:indent_guides_start_level = 2 - -" Enable autocompletion -let g:deoplete#enable_at_startup = 1 -set completeopt-=preview - -" Ale no preview on hover -let g:ale_close_preview_on_insert = 0 -let g:ale_cursor_detail = 0 - -" Ale skip if file size over 2G -let g:ale_maximum_file_size = "2147483648" - -" Ale to loclist and quickfix -let g:ale_set_quickfix = 1 -" let g:ale_set_loclist = 1 - - -" Ale language server -let g:ale_linters = { - \ 'python': ['pyls'], - \ 'c': ['cquery'], - \ 'cpp': ['cquery'], - \ 'xml': ['xmllint'] - \ } - - -" ALE fixers -let g:ale_fixers = { '*': ['remove_trailing_lines', 'trim_whitespace'] } -let g:ale_fixers.python = ['black'] -let g:ale_fixers.go = ['gofmt'] -let g:ale_fixers.c = ['clang-format'] -let g:ale_fixers.cpp = ['clang-format'] -let g:ale_fixers.json = ['jq'] -let g:ale_fixers.xml = ['xmllint'] - -let g:ale_completion_enabled = 1 -let g:ale_sign_error = '⤫' -let g:ale_sign_warning = '⚠' -let g:ale_lint_on_insert_leave = 1 - -" Vim-Go Settings -let g:go_auto_sameids = 1 -let g:go_fmt_command = "goimports" -let g:go_auto_type_info = 1 - -" Disable syntastic for langserver supported languages -let g:syntastic_mode_map = { - \ "mode": "active", - \ "passive_filetypes": ["go", "python", "c", "cpp", "xml" ] - \ } -let g:syntastic_always_populate_loc_list = 1 -let g:syntastic_auto_loc_list = 2 -let g:syntastic_aggregate_errors = 1 -let g:syntastic_check_on_open = 1 -let g:syntastic_check_on_wq = 0 -let g:syntastic_error_symbol='✗' -let g:syntastic_warning_symbol='⚠' -let g:syntastic_style_error_symbol = '✗' -let g:syntastic_style_warning_symbol = '⚠' - -"***************************************************************************** -"" Shortcuts overview -"***************************************************************************** -" Shortcuts overview -" F1 --> Filetree find -" F2 --> Filetree toggle -" F3 --> Function overview -" F4 --> Toggle error bar - -" F5 --> Remove trailing whitespaces -" F6 --> Reindent whole file -" F7 --> Format and lint file -" ,i --> Information about function -" ,d --> Jump to definition -" ,r --> Rename in all occurences -" ,rf --> Find references of function/variable -" ,e --> Change current file -" ,te --> Open file in new tab -" strg+f --> Find current selected word -" strg+d --> Replace current selected word -" strg+s --> Save file -" strg+q --> Close current file -" space+, --> Stop highlighting words after search - diff --git a/mb/2configs/nvim.nix b/mb/2configs/nvim.nix deleted file mode 100644 index a8e4173e2..000000000 --- a/mb/2configs/nvim.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ pkgs, config, ... }: let - #unstable = import <nixos-unstable> { }; -in - -{ - environment.variables = { - EDITOR = ["nvim"]; - }; - - nixpkgs.config.packageOverrides = pkgs: with pkgs;{ - neovim_custom = neovim.override { - configure = { - customRC = builtins.readFile ./neovimrc; - - packages.myVimPackage = with pkgs.vimPlugins; - { - # loaded on launch - start = [ - nerdtree # file manager - commentary # comment stuff out based on language - fugitive # full git integration - vim-airline-themes # lean & mean status/tabline - vim-airline # status bar - gitgutter # git diff in the gutter (sign column) - vim-trailing-whitespace # trailing whitspaces in red - tagbar # F3 function overview - syntastic # Fallback to singlethreaded but huge syntax support - ReplaceWithRegister # For better copying/replacing - polyglot # Language pack - vim-indent-guides # for displaying indent levels - ale # threaded language client - vim-go # go linting - deoplete-go # go autocompletion completion - deoplete-nvim # general autocompletion - molokai # color scheme - ]; - - # manually loadable by calling `:packadd $plugin-name` - opt = []; - }; - }; - }; - }; - - environment.systemPackages = with pkgs; [ - ctags - neovim_custom - jq # For fixing json files - xxd # .bin files will be displayed with xxd - shellcheck # Shell linting - ansible-lint # Ansible linting - unzip # To vim into unzipped files - nodePackages.jsonlint # json linting - #python36Packages.python-language-server # python linting - #python36Packages.pyls-mypy # Python static type checker - #python36Packages.black # Python code formatter - #python37Packages.yamllint # For linting yaml files - #python37Packages.libxml2 # For fixing yaml files - cquery # C/C++ support - clang-tools # C++ fixer - ]; - - fonts = { - fonts = with pkgs; [ - font-awesome_5 - ]; - }; - -} - diff --git a/mb/2configs/qemu-guest.nix b/mb/2configs/qemu-guest.nix deleted file mode 100644 index 315d04093..000000000 --- a/mb/2configs/qemu-guest.nix +++ /dev/null @@ -1,19 +0,0 @@ -# Common configuration for virtual machines running under QEMU (using -# virtio). - -{ ... }: - -{ - boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ]; - boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ]; - - boot.initrd.postDeviceCommands = - '' - # Set the system time from the hardware clock to work around a - # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised - # to the *boot time* of the host). - hwclock -s - ''; - - security.rngd.enable = false; -} diff --git a/mb/2configs/retiolum.nix b/mb/2configs/retiolum.nix deleted file mode 100644 index 5a87d52af..000000000 --- a/mb/2configs/retiolum.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, pkgs, ... }: - -{ - - krebs.iptables = { - tables = { - filter.INPUT.rules = let - tincport = toString config.krebs.build.host.nets.retiolum.tinc.port; - in [ - { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; } - { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; } - ]; - }; - }; - - krebs.tinc.retiolum = { - enableLegacy = true; - enable = true; - connectTo = [ |