summaryrefslogtreecommitdiffstats
path: root/mb/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'mb/2configs')
-rw-r--r--mb/2configs/default.nix222
-rw-r--r--mb/2configs/google-compute-config.nix231
-rw-r--r--mb/2configs/headless.nix25
-rw-r--r--mb/2configs/neovimrc446
-rw-r--r--mb/2configs/nvim.nix70
-rw-r--r--mb/2configs/qemu-guest.nix19
-rw-r--r--mb/2configs/retiolum.nix33
-rw-r--r--mb/2configs/tests/dummy-secrets/retiolum.rsa4
8 files changed, 0 insertions, 1050 deletions
diff --git a/mb/2configs/default.nix b/mb/2configs/default.nix
deleted file mode 100644
index 3066d1c36..000000000
--- a/mb/2configs/default.nix
+++ /dev/null
@@ -1,222 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }:
-{
- imports = [
- {
- users.users = {
- root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.mb.pubkey
- ];
- };
- mb = {
- name = "mb";
- uid = 1337;
- home = "/home/mb";
- group = "users";
- createHome = true;
- shell = "/run/current-system/sw/bin/fish";
- extraGroups = [
- "audio"
- "video"
- "fuse"
- "wheel"
- "kvm"
- "qemu-libvirtd"
- "libvirtd"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.mb.pubkey
- ];
- };
- xo = {
- name = "xo";
- uid = 2323;
- home = "/home/xo";
- group = "users";
- createHome = true;
- shell = "/run/current-system/sw/bin/fish";
- extraGroups = [
- "audio"
- "video"
- "fuse"
- "wheel"
- "kvm"
- "qemu-libvirtd"
- "libvirtd"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.mb.pubkey
- ];
- };
- };
- }
- {
- environment.variables = {
- NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
- };
- }
- (let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in {
- environment.variables = {
- CURL_CA_BUNDLE = ca-bundle;
- GIT_SSL_CAINFO = ca-bundle;
- SSL_CERT_FILE = ca-bundle;
- };
- })
- ];
-
- networking.hostName = config.krebs.build.host.name;
-
- krebs = {
- enable = true;
- build.user = config.krebs.users.mb;
- };
-
- users.mutableUsers = true;
-
- services.timesyncd.enable = mkForce true;
-
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -"
- ];
-
- # multiple-definition-problem when defining environment.variables.EDITOR
- environment.extraInit = ''
- EDITOR=vim
- '';
-
- nixpkgs.config.allowUnfree = true;
-
- environment.systemPackages = with pkgs; [
- #stockholm
- git
- git-preview
- gnumake
- jq
- parallel
- proot
- populate
-
- #style
- most
- rxvt_unicode.terminfo
-
- #monitoring tools
- htop
- iotop
-
- #network
- iptables
- iftop
- tcpdump
-
- #stuff for dl
- aria2
-
- #neat utils
- fish
- file
- kpaste
- krebspaste
- mosh
- pciutils
- psmisc
- tmux
- untilport
- usbutils
-
- #unpack stuff
- p7zip
-
- (pkgs.writeDashBin "sshn" ''
- ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
- '')
- ];
-
- services.openssh = {
- enable = true;
- permitRootLogin = "yes";
- passwordAuthentication = false;
- hostKeys = [
- # XXX bits here make no science
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
- krebs.iptables = {
- enable = true;
- tables = {
- nat.PREROUTING.rules = [
- { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
- { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
- ];
- nat.OUTPUT.rules = [
- { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
- ];
- filter.INPUT.policy = "DROP";
- filter.FORWARD.policy = "DROP";
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
- { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
- { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
- { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
- { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
- { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
- { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
- ];
- };
- };
-}
diff --git a/mb/2configs/google-compute-config.nix b/mb/2configs/google-compute-config.nix
deleted file mode 100644
index b201bd4b8..000000000
--- a/mb/2configs/google-compute-config.nix
+++ /dev/null
@@ -1,231 +0,0 @@
-{ config, lib, pkgs, ... }:
-with lib;
-let
- gce = pkgs.google-compute-engine;
-in
-{
- imports = [
- ./headless.nix
- ./qemu-guest.nix
- ];
-
- fileSystems."/" = {
- device = "/dev/disk/by-label/nixos";
- autoResize = true;
- };
-
- boot.growPartition = true;
- boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
- boot.initrd.kernelModules = [ "virtio_scsi" ];
- boot.kernelModules = [ "virtio_pci" "virtio_net" ];
-
- # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd.
- boot.loader.grub.device = "/dev/sda";
- boot.loader.timeout = 0;
-
- # Don't put old configurations in the GRUB menu. The user has no
- # way to select them anyway.
- boot.loader.grub.configurationLimit = 0;
-
- # Allow root logins only using the SSH key that the user specified
- # at instance creation time.
- #services.openssh.enable = true;
- #services.openssh.permitRootLogin = "prohibit-password";
- #services.openssh.passwordAuthentication = mkDefault false;
-
- # Use GCE udev rules for dynamic disk volumes
- services.udev.packages = [ gce ];
-
- # Force getting the hostname from Google Compute.
- networking.hostName = mkDefault "";
-
- # Always include cryptsetup so that NixOps can use it.
- environment.systemPackages = [ pkgs.cryptsetup ];
-
- # Make sure GCE image does not replace host key that NixOps sets
- environment.etc."default/instance_configs.cfg".text = lib.mkDefault ''
- [InstanceSetup]
- set_host_keys = false
- '';
-
- # Rely on GCP's firewall instead
- networking.firewall.enable = mkDefault false;
-
- # Configure default metadata hostnames
- networking.extraHosts = ''
- 169.254.169.254 metadata.google.internal metadata
- '';
-
- networking.timeServers = [ "metadata.google.internal" ];
-
- networking.usePredictableInterfaceNames = false;
-
- # GC has 1460 MTU
- networking.interfaces.eth0.mtu = 1460;
-
- security.googleOsLogin.enable = true;
-
- systemd.services.google-clock-skew-daemon = {
- description = "Google Compute Engine Clock Skew Daemon";
- after = [
- "network.target"
- "google-instance-setup.service"
- "google-network-setup.service"
- ];
- requires = ["network.target"];
- wantedBy = ["multi-user.target"];
- serviceConfig = {
- Type = "simple";
- ExecStart = "${gce}/bin/google_clock_skew_daemon --debug";
- };
- };
-
- systemd.services.google-instance-setup = {
- description = "Google Compute Engine Instance Setup";
- after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"];
- before = ["sshd.service"];
- wants = ["local-fs.target" "network-online.target" "network.target"];
- wantedBy = [ "sshd.service" "multi-user.target" ];
- path = with pkgs; [ ethtool openssh ];
- serviceConfig = {
- ExecStart = "${gce}/bin/google_instance_setup --debug";
- Type = "oneshot";
- };
- };
-
- systemd.services.google-network-daemon = {
- description = "Google Compute Engine Network Daemon";
- after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"];
- wants = ["local-fs.target" "network-online.target" "network.target"];
- requires = ["network.target"];
- partOf = ["network.target"];
- wantedBy = [ "multi-user.target" ];
- path = with pkgs; [ iproute ];
- serviceConfig = {
- ExecStart = "${gce}/bin/google_network_daemon --debug";
- };
- };
-
- systemd.services.google-shutdown-scripts = {
- description = "Google Compute Engine Shutdown Scripts";
- after = [
- "local-fs.target"
- "network-online.target"
- "network.target"
- "rsyslog.service"
- "systemd-resolved.service"
- "google-instance-setup.service"
- "google-network-daemon.service"
- ];
- wants = [ "local-fs.target" "network-online.target" "network.target"];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- ExecStart = "${pkgs.coreutils}/bin/true";
- ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown";
- Type = "oneshot";
- RemainAfterExit = true;
- TimeoutStopSec = "infinity";
- };
- };
-
- systemd.services.google-startup-scripts = {
- description = "Google Compute Engine Startup Scripts";
- after = [
- "local-fs.target"
- "network-online.target"
- "network.target"
- "rsyslog.service"
- "google-instance-setup.service"
- "google-network-daemon.service"
- ];
- wants = ["local-fs.target" "network-online.target" "network.target"];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup";
- KillMode = "process";
- Type = "oneshot";
- };
- };
-
-
- # Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
- boot.kernel.sysctl = {
- # Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
- # of TCP functionality/features under normal conditions. When flood
- # protections kick in under high unanswered-SYN load, the system
- # should remain more stable, with a trade off of some loss of TCP
- # functionality/features (e.g. TCP Window scaling).
- "net.ipv4.tcp_syncookies" = mkDefault "1";
-
- # ignores source-routed packets
- "net.ipv4.conf.all.accept_source_route" = mkDefault "0";
-
- # ignores source-routed packets
- "net.ipv4.conf.default.accept_source_route" = mkDefault "0";
-
- # ignores ICMP redirects
- "net.ipv4.conf.all.accept_redirects" = mkDefault "0";
-
- # ignores ICMP redirects
- "net.ipv4.conf.default.accept_redirects" = mkDefault "0";
-
- # ignores ICMP redirects from non-GW hosts
- "net.ipv4.conf.all.secure_redirects" = mkDefault "1";
-
- # ignores ICMP redirects from non-GW hosts
- "net.ipv4.conf.default.secure_redirects" = mkDefault "1";
-
- # don't allow traffic between networks or act as a router
- "net.ipv4.ip_forward" = mkDefault "0";
-
- # don't allow traffic between networks or act as a router
- "net.ipv4.conf.all.send_redirects" = mkDefault "0";
-
- # don't allow traffic between networks or act as a router
- "net.ipv4.conf.default.send_redirects" = mkDefault "0";
-
- # reverse path filtering - IP spoofing protection
- "net.ipv4.conf.all.rp_filter" = mkDefault "1";
-
- # reverse path filtering - IP spoofing protection
- "net.ipv4.conf.default.rp_filter" = mkDefault "1";
-
- # ignores ICMP broadcasts to avoid participating in Smurf attacks
- "net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1";
-
- # ignores bad ICMP errors
- "net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1";
-
- # logs spoofed, source-routed, and redirect packets
- "net.ipv4.conf.all.log_martians" = mkDefault "1";
-
- # log spoofed, source-routed, and redirect packets
- "net.ipv4.conf.default.log_martians" = mkDefault "1";
-
- # implements RFC 1337 fix
- "net.ipv4.tcp_rfc1337" = mkDefault "1";
-
- # randomizes addresses of mmap base, heap, stack and VDSO page
- "kernel.randomize_va_space" = mkDefault "2";
-
- # Reboot the machine soon after a kernel panic.
- "kernel.panic" = mkDefault "10";
-
- ## Not part of the original config
-
- # provides protection from ToCToU races
- "fs.protected_hardlinks" = mkDefault "1";
-
- # provides protection from ToCToU races
- "fs.protected_symlinks" = mkDefault "1";
-
- # makes locating kernel addresses more difficult
- "kernel.kptr_restrict" = mkDefault "1";
-
- # set ptrace protections
- "kernel.yama.ptrace_scope" = mkOverride 500 "1";
-
- # set perf only available to root
- "kernel.perf_event_paranoid" = mkDefault "2";
- };
-}
diff --git a/mb/2configs/headless.nix b/mb/2configs/headless.nix
deleted file mode 100644
index 46a9b6a7d..000000000
--- a/mb/2configs/headless.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-# Common configuration for headless machines (e.g., Amazon EC2
-# instances).
-
-{ lib, ... }:
-
-with lib;
-
-{
- boot.vesa = false;
-
- # Don't start a tty on the serial consoles.
- systemd.services."serial-getty@ttyS0".enable = false;
- systemd.services."serial-getty@hvc0".enable = false;
- systemd.services."getty@tty1".enable = false;
- systemd.services."autovt@".enable = false;
-
- # Since we can't manually respond to a panic, just reboot.
- boot.kernelParams = [ "panic=1" "boot.panic_on_fail" ];
-
- # Don't allow emergency mode, because we don't have a console.
- systemd.enableEmergencyMode = false;
-
- # Being headless, we don't need a GRUB splash image.
- boot.loader.grub.splashImage = null;
-}
diff --git a/mb/2configs/neovimrc b/mb/2configs/neovimrc
deleted file mode 100644
index 8dbeaec7b..000000000
--- a/mb/2configs/neovimrc
+++ /dev/null
@@ -1,446 +0,0 @@
-
-"*****************************************************************************
-"" Functions
-"*****************************************************************************
-
-function! GetBufferList()
- redir =>buflist
- silent! ls!
- redir END
- return buflist
-endfunction
-
-function! ToggleList(bufname, pfx)
- let buflist = GetBufferList()
- for bufnum in map(filter(split(buflist, '\n'), 'v:val =~ "'.a:bufname.'"'), 'str2nr(matchstr(v:val, "\\d\\+"))')
- if bufwinnr(bufnum) != -1
- exec(a:pfx.'close')
- return
- endif
- endfor
- if a:pfx == 'l' && len(getloclist(0)) == 0
- echohl ErrorMsg
- echo "Location List is Empty."
- return
- endif
- let winnr = winnr()
- exec(a:pfx.'open')
- if winnr() != winnr
- wincmd p
- endif
-endfunction
-
-
-"*****************************************************************************
-"" Basic Setup
-"*****************************************************************************"
-" General
-let no_buffers_menu=1
-syntax on
-set ruler
-set number
-set mousemodel=popup
-set t_Co=256
-set guioptions=egmrti
-set gfn=Monospace\ 10
-
-" TODO: Testing if this works against automatically setting paste mode
-" Issue: https://github.com/neovim/neovim/issues/7994
-au InsertLeave * set nopaste
-
-
-" undofile - This allows you to use undos after exiting and restarting
-" This, like swap and backups, uses .vim-undo first, then ~/.vim/undo
-" :help undo-persistence
-if exists("+undofile")
- if isdirectory($HOME . '/.vim/undo') == 0
- :silent !mkdir -p ~/.vim/undo > /dev/null 2>&1
- endif
- set undodir=./.vim-undo//
- set undodir+=~/.vim/undo//
- set undofile
-endif
-
-" Encoding
-set encoding=utf-8
-set fileencoding=utf-8
-set fileencodings=utf-8
-set bomb
-set binary
-
-" Fix backspace indent
-set backspace=indent,eol,start
-
-" Tabs. May be overriten by autocmd rules
-set tabstop=4
-set softtabstop=0
-set shiftwidth=4
-set expandtab
-
-" Map leader to ,
-let mapleader=','
-
-" Enable hidden buffers
-set hidden
-
-" Searching
-set hlsearch
-set incsearch
-set ignorecase
-set smartcase
-
-" Directories for swp files
-set nobackup
-set noswapfile
-
-set fileformats=unix,dos,mac
-
-" File overview
-set wildmode=list:longest,list:full
-set wildignore+=*.o,*.obj,.git,*.rbc,*.pyc,__pycache__
-
-" Shell to emulate
-if exists('$SHELL')
- set shell=$SHELL
-else
- set shell=/bin/bash
-endif
-
-" Set color scheme
-colorscheme molokai
-
-"Show always Status bar
-set laststatus=2
-
-" Use modeline overrides
-set modeline
-set modelines=10
-
-" Set terminal title
-set title
-set titleold="Terminal"
-set titlestring=%F
-
-" search will center on the line it's found in.
-nnoremap n nzzzv
-nnoremap N Nzzzv
-
-
-
-"*****************************************************************************
-"" Abbreviations
-"*****************************************************************************
-" no one is really happy until you have this shortcuts
-cnoreabbrev W! w!
-cnoreabbrev Q! q!
-cnoreabbrev Qall! qall!
-cnoreabbrev Wq wq
-cnoreabbrev Wa wa
-cnoreabbrev wQ wq
-cnoreabbrev WQ wq
-cnoreabbrev W w
-cnoreabbrev Q q
-cnoreabbrev Qall qall
-
-" NERDTree configuration
-let g:NERDTreeChDirMode=2
-let g:NERDTreeIgnore=['\.rbc$', '\~$', '\.pyc$', '\.db$', '\.sqlite$', '__pycache__']
-let g:NERDTreeSortOrder=['^__\.py$', '\/$', '*', '\.swp$', '\.bak$', '\~$']
-let g:NERDTreeShowBookmarks=1
-let g:nerdtree_tabs_focus_on_files=1
-let g:NERDTreeMapOpenInTabSilent = '<RightMouse>'
-let g:NERDTreeWinSize = 50
-set wildignore+=*/tmp/*,*.so,*.swp,*.zip,*.pyc,*.db,*.sqlite
-nnoremap <silent> <F1> :NERDTreeFind<CR>
-nnoremap <silent> <F2> :NERDTreeToggle<CR>
-
-" open terminal emulation
-nnoremap <silent> <leader>sh :terminal<CR>:startinsert<CR>
-
-"*****************************************************************************
-"" Autocmd Rules
-"*****************************************************************************
-"" The PC is fast enough, do syntax highlight syncing from start unless 200 lines
-augroup vimrc-sync-fromstart
- autocmd!
- autocmd BufEnter * :syntax sync maxlines=200
-augroup END
-
-" Nasm filetype
-augroup nasm
- autocmd!
- autocmd BufRead,BufNewFile *.nasm set ft=nasm
-augroup END
-
-" Binary filetype
-augroup Binary
- au!
- au BufReadPre *.bin,*.exe,*.elf let &bin=1
- au BufReadPost *.bin,*.exe,*.elf if &bin | %!xxd
- au BufReadPost *.bin,*.exe,*.elf set ft=xxd | endif
- au BufWritePre *.bin,*.exe,*.elf if &bin | %!xxd -r
- au BufWritePre *.bin,*.exe,*.elf endif
- au BufWritePost *.bin,*.exe,*.elf if &bin | %!xxd
- au BufWritePost *.bin,*.exe,*.elf set nomod | endif
-augroup END
-
-" Binary filetype
-augroup fasm
- au!
- au BufReadPost *.fasm set ft=fasm
-augroup END
-
-augroup deoplete-update
- autocmd!
- autocmd VimEnter * UpdateRemotePlugin
-augroup END
-
-"" Remember cursor position
-augroup vimrc-remember-cursor-position
- autocmd!
- autocmd BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
-augroup END
-
-"" txt
-" augroup vimrc-wrapping
-" autocmd!
-" autocmd BufRead,BufNewFile *.txt call s:setupWrapping()
-" augroup END
-
-"" make/cmake
-augroup vimrc-make-cmake
- autocmd!
- autocmd FileType make setlocal noexpandtab
- autocmd BufNewFile,BufRead CMakeLists.txt setlocal filetype=cmake
-augroup END
-
-set autoread
-
-"*****************************************************************************
-"" Mappings
-"*****************************************************************************
-
-" Split
-noremap <Leader>h :<C-u>split<CR>
-noremap <Leader>v :<C-u>vsplit<CR>
-
-" Git
-noremap <Leader>ga :Gwrite<CR>
-noremap <Leader>gc :Gcommit<CR>
-noremap <Leader>gsh :Gpush<CR>
-noremap <Leader>gll :Gpull<CR>
-noremap <Leader>gs :Gstatus<CR>
-noremap <Leader>gb :Gblame<CR>
-noremap <Leader>gd :Gvdiff<CR>
-noremap <Leader>gr :Gremove<CR>
-
-" Tabs
-nnoremap <Tab> gt
-nnoremap <S-Tab> gT
-nnoremap <silent> <S-t> :tabnew<CR>
-
-" Set working directory
-nnoremap <leader>. :lcd %:p:h<CR>
-
-" Opens an edit command with the path of the currently edited file filled in
-noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR>
-
-" Opens a tab edit command with the path of the currently edited file filled
-noremap <Leader>te :tabe <C-R>=expand("%:p:h") . "/" <CR>
-
-" Tagbar
-nmap <silent> <F3> :TagbarToggle<CR>
-let g:tagbar_autofocus = 1
-
-" Copy/Paste/Cut
-set clipboard^=unnamed,unnamedplus
-
-noremap YY "+y<CR>
-noremap <leader>p "+gP<CR>
-noremap XX "+x<CR>
-
-" Enable mouse for vim
-set mouse=a
-
-" Buffer nav
-noremap <leader>z :bp<CR>
-noremap <leader>q :bp<CR>
-noremap <leader>x :bn<CR>
-noremap <leader>w :bn<CR>
-
-" Close buffer
-noremap <leader>c :bd<CR>
-
-" Clean search (highlight)
-nnoremap <silent> <leader><space> :noh<cr>
-
-" Switching windows
-noremap <C-j> <C-w>j
-noremap <C-k> <C-w>k
-noremap <C-l> <C-w>l
-noremap <C-h> <C-w>h
-
-" Vmap for maintain Visual Mode after shifting > and <
-vmap < <gv
-vmap > >gv
-
-" Move visual block
-vnoremap J :m '>+1<CR>gv=gv
-vnoremap K :m '<-2<CR>gv=gv
-
-" Open current line on GitHub
-nnoremap <Leader>o :.Gbrowse<CR>
-
-
-" Save on strg+s if not in paste mode
-nmap <c-s> :w<CR>
-vmap <c-s> <Esc><c-s>gv
-imap <c-s> <Esc><c-s>
-
-" Quit on strg+q in normal mode
-nnoremap <c-q> :q<cr>
-
-" Strg+d to replace word under cursor
-nnoremap <c-d> :%s/\<<C-r><C-w>\>//g<Left><Left>
-
-" Strg+f ro find word under cursor
-nnoremap <c-f> :/<C-r><C-w><Left><Left>
-
-" Remove unneccessary spaces
-nnoremap <silent> <F5> :let _s=@/ <Bar> :%s/\s\+$//e <Bar> :let @/=_s <Bar> :nohl <Bar> :unlet _s <CR>
-
-" Reindent whole file with F6
-map <F6> mzgg=G`z
-
-" Toggle location list
-nmap <silent> <F4> :call ToggleList("Quickfix List", 'c')<CR>
-
-" Replacing text in visual mode doesn't copy it anymore
-xmap p <Plug>ReplaceWithRegisterVisual
-xmap <MiddleMouse> <Plug>ReplaceWithRegisterVisual
-
-" ALE mappings
-nmap <Leader>i <Plug>(ale_hover)
-nmap <Leader>d <Plug>(ale_go_to_definition_in_tab)
-nmap <Leader>rf <Plug>(ale_find_references)
-nmap <silent><F7> <Plug>(ale_fix)
-
-" Vim-Go mappings
-au FileType go nmap <Leader>i :GoDoc<cr>
-au FileType go nmap <Leader>d :GoDef<cr>
-au FileType go nmap <Leader>rf :GoReferrers<cr>
-
-
-"" Opens an edit command with the path of the currently edited file filled in
-noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR>
-
-" Use tab for navigatin in autocompletion window
-inoremap <expr> <Tab> pumvisible() ? "\<C-n>" : "\<Tab>"
-inoremap <expr> <S-Tab> pumvisible() ? "\<C-p>" : "\<S-Tab>"
-
-
-"*****************************************************************************
-"" Plugin settings
-"*****************************************************************************
-
-" vim-airline
-set statusline+=%{fugitive#statusline()}
-let g:airline_theme = 'powerlineish'
-let g:airline#extensions#syntastic#enabled = 1
-let g:airline#extensions#branch#enabled = 1
-let g:airline#extensions#tabline#enabled = 1
-let g:airline#extensions#tagbar#enabled = 1
-let g:airline_skip_empty_sections = 1
-let g:airline#extensions#ale#enabled = 1
-
-" show indent lines
-let g:indent_guides_enable_on_vim_startup = 1
-let g:indent_guides_auto_colors = 0
-hi IndentGuidesOdd ctermbg=235
-hi IndentGuidesEven ctermbg=235
-let g:indent_guides_guide_size = 1
-let g:indent_guides_start_level = 2
-
-" Enable autocompletion
-let g:deoplete#enable_at_startup = 1
-set completeopt-=preview
-
-" Ale no preview on hover
-let g:ale_close_preview_on_insert = 0
-let g:ale_cursor_detail = 0
-
-" Ale skip if file size over 2G
-let g:ale_maximum_file_size = "2147483648"
-
-" Ale to loclist and quickfix
-let g:ale_set_quickfix = 1
-" let g:ale_set_loclist = 1
-
-
-" Ale language server
-let g:ale_linters = {
- \ 'python': ['pyls'],
- \ 'c': ['cquery'],
- \ 'cpp': ['cquery'],
- \ 'xml': ['xmllint']
- \ }
-
-
-" ALE fixers
-let g:ale_fixers = { '*': ['remove_trailing_lines', 'trim_whitespace'] }
-let g:ale_fixers.python = ['black']
-let g:ale_fixers.go = ['gofmt']
-let g:ale_fixers.c = ['clang-format']
-let g:ale_fixers.cpp = ['clang-format']
-let g:ale_fixers.json = ['jq']
-let g:ale_fixers.xml = ['xmllint']
-
-let g:ale_completion_enabled = 1
-let g:ale_sign_error = '⤫'
-let g:ale_sign_warning = '⚠'
-let g:ale_lint_on_insert_leave = 1
-
-" Vim-Go Settings
-let g:go_auto_sameids = 1
-let g:go_fmt_command = "goimports"
-let g:go_auto_type_info = 1
-
-" Disable syntastic for langserver supported languages
-let g:syntastic_mode_map = {
- \ "mode": "active",
- \ "passive_filetypes": ["go", "python", "c", "cpp", "xml" ]
- \ }
-let g:syntastic_always_populate_loc_list = 1
-let g:syntastic_auto_loc_list = 2
-let g:syntastic_aggregate_errors = 1
-let g:syntastic_check_on_open = 1
-let g:syntastic_check_on_wq = 0
-let g:syntastic_error_symbol='✗'
-let g:syntastic_warning_symbol='⚠'
-let g:syntastic_style_error_symbol = '✗'
-let g:syntastic_style_warning_symbol = '⚠'
-
-"*****************************************************************************
-"" Shortcuts overview
-"*****************************************************************************
-" Shortcuts overview
-" F1 --> Filetree find
-" F2 --> Filetree toggle
-" F3 --> Function overview
-" F4 --> Toggle error bar
-
-" F5 --> Remove trailing whitespaces
-" F6 --> Reindent whole file
-" F7 --> Format and lint file
-" ,i --> Information about function
-" ,d --> Jump to definition
-" ,r --> Rename in all occurences
-" ,rf --> Find references of function/variable
-" ,e --> Change current file
-" ,te --> Open file in new tab
-" strg+f --> Find current selected word
-" strg+d --> Replace current selected word
-" strg+s --> Save file
-" strg+q --> Close current file
-" space+, --> Stop highlighting words after search
-
diff --git a/mb/2configs/nvim.nix b/mb/2configs/nvim.nix
deleted file mode 100644
index a8e4173e2..000000000
--- a/mb/2configs/nvim.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-{ pkgs, config, ... }: let
- #unstable = import <nixos-unstable> { };
-in
-
-{
- environment.variables = {
- EDITOR = ["nvim"];
- };
-
- nixpkgs.config.packageOverrides = pkgs: with pkgs;{
- neovim_custom = neovim.override {
- configure = {
- customRC = builtins.readFile ./neovimrc;
-
- packages.myVimPackage = with pkgs.vimPlugins;
- {
- # loaded on launch
- start = [
- nerdtree # file manager
- commentary # comment stuff out based on language
- fugitive # full git integration
- vim-airline-themes # lean & mean status/tabline
- vim-airline # status bar
- gitgutter # git diff in the gutter (sign column)
- vim-trailing-whitespace # trailing whitspaces in red
- tagbar # F3 function overview
- syntastic # Fallback to singlethreaded but huge syntax support
- ReplaceWithRegister # For better copying/replacing
- polyglot # Language pack
- vim-indent-guides # for displaying indent levels
- ale # threaded language client
- vim-go # go linting
- deoplete-go # go autocompletion completion
- deoplete-nvim # general autocompletion
- molokai # color scheme
- ];
-
- # manually loadable by calling `:packadd $plugin-name`
- opt = [];
- };
- };
- };
- };
-
- environment.systemPackages = with pkgs; [
- ctags
- neovim_custom
- jq # For fixing json files
- xxd # .bin files will be displayed with xxd
- shellcheck # Shell linting
- ansible-lint # Ansible linting
- unzip # To vim into unzipped files
- nodePackages.jsonlint # json linting
- #python36Packages.python-language-server # python linting
- #python36Packages.pyls-mypy # Python static type checker
- #python36Packages.black # Python code formatter
- #python37Packages.yamllint # For linting yaml files
- #python37Packages.libxml2 # For fixing yaml files
- cquery # C/C++ support
- clang-tools # C++ fixer
- ];
-
- fonts = {
- fonts = with pkgs; [
- font-awesome_5
- ];
- };
-
-}
-
diff --git a/mb/2configs/qemu-guest.nix b/mb/2configs/qemu-guest.nix
deleted file mode 100644
index 315d04093..000000000
--- a/mb/2configs/qemu-guest.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-# Common configuration for virtual machines running under QEMU (using
-# virtio).
-
-{ ... }:
-
-{
- boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ];
- boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ];
-
- boot.initrd.postDeviceCommands =
- ''
- # Set the system time from the hardware clock to work around a
- # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
- # to the *boot time* of the host).
- hwclock -s
- '';
-
- security.rngd.enable = false;
-}
diff --git a/mb/2configs/retiolum.nix b/mb/2configs/retiolum.nix
deleted file mode 100644
index 5a87d52af..000000000
--- a/mb/2configs/retiolum.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = let
- tincport = toString config.krebs.build.host.nets.retiolum.tinc.port;
- in [
- { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; }
- { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; }
- ];
- };
- };
-
- krebs.tinc.retiolum = {
- enableLegacy = true;
- enable = true;
- connectTo = [