summaryrefslogtreecommitdiffstats
path: root/tv
diff options
context:
space:
mode:
Diffstat (limited to 'tv')
-rw-r--r--tv/1systems/caxi.nix25
-rw-r--r--tv/1systems/cd.nix64
-rw-r--r--tv/1systems/mkdir.nix76
-rw-r--r--tv/1systems/mu.nix7
-rw-r--r--tv/1systems/nomic.nix1
-rw-r--r--tv/1systems/rmdir.nix76
-rw-r--r--tv/1systems/wu.nix10
-rw-r--r--tv/1systems/xu.nix10
-rw-r--r--tv/1systems/zu.nix229
-rw-r--r--tv/2configs/audit.nix9
-rw-r--r--tv/2configs/default.nix13
-rw-r--r--tv/2configs/exim-retiolum.nix2
-rw-r--r--tv/2configs/exim-smarthost.nix2
-rw-r--r--tv/2configs/nginx/default.nix2
-rw-r--r--tv/2configs/nginx/public_html.nix2
-rw-r--r--tv/2configs/retiolum.nix6
-rw-r--r--tv/2configs/vim.nix365
-rw-r--r--tv/3modules/iptables.nix24
-rw-r--r--tv/5pkgs/default.nix4
19 files changed, 571 insertions, 356 deletions
diff --git a/tv/1systems/caxi.nix b/tv/1systems/caxi.nix
new file mode 100644
index 000000000..5bfacd992
--- /dev/null
+++ b/tv/1systems/caxi.nix
@@ -0,0 +1,25 @@
+{ config, ... }:
+
+with config.krebs.lib;
+
+{
+ krebs.build.host = config.krebs.hosts.caxi;
+
+ imports = [
+ ../.
+ ../2configs/hw/CAC-Developer-1.nix
+ ../2configs/fs/CAC-CentOS-7-64bit.nix
+ ../2configs/retiolum.nix
+ ];
+
+ networking = let
+ inherit (config.krebs.build.host.nets.internet) ip4;
+ in {
+ interfaces.enp2s1.ip4 = singleton {
+ address = ip4.addr;
+ prefixLength = fromJSON (head (match ".*/([0-9]+)" ip4.prefix));
+ };
+ defaultGateway = head (match "([^/]*)\.0/[0-9]+" ip4.prefix) + ".1";
+ nameservers = ["8.8.8.8"];
+ };
+}
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 32d956b8a..2ad4a1505 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -18,7 +18,7 @@ with config.krebs.lib;
enable = true;
ssl_cert = ../Zcerts/charybdis_cd.crt.pem;
};
- tv.iptables.input-retiolum-accept-new-tcp = [
+ tv.iptables.input-retiolum-accept-tcp = [
config.tv.charybdis.port
config.tv.charybdis.sslport
];
@@ -28,14 +28,14 @@ with config.krebs.lib;
enable = true;
hosts = [ "jabber.viljetic.de" ];
};
- tv.iptables.input-internet-accept-new-tcp = [
+ tv.iptables.input-internet-accept-tcp = [
"xmpp-client"
"xmpp-server"
];
}
{
krebs.github-hosts-sync.enable = true;
- tv.iptables.input-internet-accept-new-tcp =
+ tv.iptables.input-internet-accept-tcp =
singleton config.krebs.github-hosts-sync.port;
}
{
@@ -44,20 +44,50 @@ with config.krebs.lib;
"cgit.cd.viljetic.de"
];
# TODO make public_html also available to cd, cd.retiolum (AKA default)
- krebs.nginx.servers.public_html = {
- server-names = singleton "cd.viljetic.de";
- locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '');
+ krebs.nginx.servers."https://viljetic.de" = {
+ server-names = singleton "viljetic.de";
+ listen = mkForce []; # disable default
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/viljetic.de/fullchain.pem";
+ certificate_key = "/var/lib/acme/viljetic.de/key.pem";
+ };
+ locations = [
+ (nameValuePair "/" ''
+ root ${pkgs.viljetic-pages};
+ '')
+ (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
+ alias /home/$1/public_html$2;
+ '')
+ ];
};
- krebs.nginx.servers.viljetic = {
+ krebs.nginx.servers."http://viljetic.de" = {
server-names = singleton "viljetic.de";
- # TODO directly set root (instead via location)
- locations = singleton (nameValuePair "/" ''
- root ${pkgs.viljetic-pages};
- '');
+ locations = [
+ (nameValuePair "/.well-known/acme-challenge/" ''
+ root /var/lib/acme/challenges/viljetic.de/;
+ '')
+ (nameValuePair "/" ''
+ return 301 https://viljetic.de$request_uri;
+ '')
+ ];
+ };
+ security.acme = {
+ certs."viljetic.de" = {
+ email = "tomislav@viljetic.de";
+ webroot = "/var/lib/acme/challenges/viljetic.de";
+ plugins = [
+ "account_key.json"
+ "key.pem"
+ "fullchain.pem"
+ ];
+ user = "nginx";
+ };
};
- tv.iptables.input-internet-accept-new-tcp = singleton "http";
+ tv.iptables.input-internet-accept-tcp = [
+ "http"
+ "https"
+ ];
}
];
@@ -78,13 +108,7 @@ with config.krebs.lib;
iotop
iptables
nethogs
- ntp # ntpate
rxvt_unicode.terminfo
tcpdump
];
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
}
diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix
deleted file mode 100644
index f46ed9547..000000000
--- a/tv/1systems/mkdir.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-let
- # TODO merge with lass
- getDefaultGateway = ip:
- concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
-
- primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr;
-in
-
-{
- krebs.build.host = config.krebs.hosts.mkdir;
-
- imports = [
- ../.
- ../2configs/hw/CAC-Developer-1.nix
- ../2configs/fs/CAC-CentOS-7-64bit.nix
- ../2configs/exim-smarthost.nix
- ../2configs/git.nix
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "tinc"
- "smtp"
- ];
- input-retiolum-accept-new-tcp = [
- "http"
- ];
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "cd"
- "fastpoke"
- "pigstarter"
- "ire"
- ];
- };
- }
- ];
-
- networking.interfaces.enp2s1.ip4 = [
- {
- address = primary-addr4;
- prefixLength = 24;
- }
- ];
-
- # TODO define gateway in krebs/3modules/default.nix
- networking.defaultGateway = getDefaultGateway primary-addr4;
-
- networking.nameservers = [
- "8.8.8.8"
- ];
-
- environment.systemPackages = with pkgs; [
- htop
- iftop
- iotop
- iptables
- nethogs
- rxvt_unicode.terminfo
- tcpdump
- ];
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-}
diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix
index 06da15ecc..e7908e299 100644
--- a/tv/1systems/mu.nix
+++ b/tv/1systems/mu.nix
@@ -76,7 +76,7 @@ with config.krebs.lib;
environment.systemPackages = with pkgs; [
slock
- tinc
+ tinc_pre
iptables
vim
gimp
@@ -157,11 +157,6 @@ with config.krebs.lib;
];
};
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index 3696bcdfc..5415e50b1 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -60,7 +60,6 @@ with config.krebs.lib;
esac
'')
gnupg
- ntp # ntpate
rxvt_unicode.terminfo
tmux
];
diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix
deleted file mode 100644
index 25fae2c36..000000000
--- a/tv/1systems/rmdir.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-
-let
- # TODO merge with lass
- getDefaultGateway = ip:
- concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
-
- primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr;
-in
-
-{
- krebs.build.host = config.krebs.hosts.rmdir;
-
- imports = [
- ../.
- ../2configs/hw/CAC-Developer-1.nix
- ../2configs/fs/CAC-CentOS-7-64bit.nix
- ../2configs/exim-smarthost.nix
- ../2configs/git.nix
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "tinc"
- "smtp"
- ];
- input-retiolum-accept-new-tcp = [
- "http"
- ];
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "cd"
- "mkdir"
- "fastpoke"
- "pigstarter"
- "ire"
- ];
- };
- }
- ];
-
- networking.interfaces.enp2s1.ip4 = [
- {
- address = primary-addr4;
- prefixLength = 24;
- }
- ];
- # TODO define gateway in krebs/3modules/default.nix
- networking.defaultGateway = getDefaultGateway primary-addr4;
-
- networking.nameservers = [
- "8.8.8.8"
- ];
-
- environment.systemPackages = with pkgs; [
- htop
- iftop
- iotop
- iptables
- nethogs
- rxvt_unicode.terminfo
- tcpdump
- ];
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-}
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index cebd7c9e4..a2e113e18 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -29,7 +29,6 @@ with config.krebs.lib;
# root
cryptsetup
- ntp # ntpate
# tv
bc
@@ -38,7 +37,7 @@ with config.krebs.lib;
dic
file
get
- gnupg21
+ gnupg1compat
haskellPackages.hledger
htop
jq
@@ -153,7 +152,7 @@ with config.krebs.lib;
environment.systemPackages = with pkgs; [
ethtool
- tinc
+ tinc_pre
iptables
#jack2
];
@@ -164,11 +163,6 @@ with config.krebs.lib;
services.printing.enable = true;
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 6ba7ab327..b832470d0 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -41,7 +41,6 @@ with config.krebs.lib;
# root
cryptsetup
- ntp # ntpate
# tv
bc
@@ -49,7 +48,7 @@ with config.krebs.lib;
cac-api
dic
file
- gnupg21
+ gnupg1compat
haskellPackages.hledger
htop
jq
@@ -163,7 +162,7 @@ with config.krebs.lib;
environment.systemPackages = with pkgs; [
ethtool
- tinc
+ tinc_pre
iptables
#jack2
@@ -176,11 +175,6 @@ with config.krebs.lib;
services.printing.enable = true;
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix
new file mode 100644
index 000000000..bfc018cc3
--- /dev/null
+++ b/tv/1systems/zu.nix
@@ -0,0 +1,229 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+{
+ krebs.build.host = config.krebs.hosts.zu;
+
+ imports = [
+ {
+ options.tv.test.sercret-file = mkOption {
+ type = types.secret-file;
+ default = {};
+ };
+ }
+ ../.
+ ../2configs/hw/x220.nix
+ ../2configs/exim-retiolum.nix
+ ../2configs/git.nix
+ ../2configs/mail-client.nix
+ ../2configs/man.nix
+ ../2configs/nginx/public_html.nix
+ ../2configs/pulse.nix
+ ../2configs/retiolum.nix
+ ../2configs/wu-binary-cache/client.nix
+ ../2configs/xserver
+ {
+ environment.systemPackages = with pkgs; [
+
+ # stockholm
+ gnumake
+ hashPassword
+ haskellPackages.lentil
+ parallel
+ (pkgs.writeBashBin "im" ''
+ export PATH=${makeSearchPath "bin" (with pkgs; [
+ tmux
+ gnugrep
+ weechat
+ ])}
+ if tmux list-sessions -F\#S | grep -q '^im''$'; then
+ exec tmux attach -t im
+ else
+ exec tmux new -s im weechat
+ fi
+ '')
+
+ # root
+ cryptsetup
+
+ # tv
+ bc
+ bind # dig
+ cac-api
+ dic
+ file
+ gnupg1compat
+ haskellPackages.hledger
+ htop
+ jq
+ mkpasswd
+ netcat
+ nix-repl
+ nmap
+ p7zip
+ pass
+ q
+ qrencode
+ # XXX fails at systemd.services.dbus.unitConfig
+ #texlive
+ tmux
+
+ #ack
+ #apache-httpd
+ #ascii
+ #emacs
+ #es
+ #esniper
+ #gcc
+ #gptfdisk
+ #graphviz
+ #haskellPackages.cabal2nix
+ #haskellPackages.ghc
+ #haskellPackages.shake
+ #hdparm
+ #i7z
+ #iftop
+ #imagemagick
+ #inotifyTools
+ #iodine
+ #iotop
+ #lshw
+ #lsof
+ #minicom
+ #mtools
+ #ncmpc
+ #nethogs
+ #nix-prefetch-scripts #cvs bug
+ #openssl
+ #openswan
+ #parted
+ #perl
+ #powertop
+ #ppp
+ #proot
+ #pythonPackages.arandr
+ #pythonPackages.youtube-dl
+ #racket
+ #rxvt_unicode-with-plugins
+ #scrot
+ #sec
+ #silver-searcher
+ #sloccount
+ #smartmontools
+ #socat
+ #sshpass
+ #strongswan
+ #sysdig
+ #sysstat
+ #tcpdump
+ #tlsdate
+ #unetbootin
+ #utillinuxCurses
+ #wvdial
+ #xdotool
+ #xkill
+ #xl2tpd
+ #xsel
+
+ unison
+ ];
+ }
+ ];
+
+ boot.initrd.luks = {
+ cryptoModules = [ "aes" "sha512" "xts" ];
+ devices = [
+ { name = "zuca"; device = "/dev/sda2"; }
+ ];
+ };
+
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/zuvga-root";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/home" = {
+ device = "/dev/mapper/zuvga-home";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/boot" = {
+ device = "/dev/sda1";
+ };
+ "/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = ["nosuid" "nodev" "noatime"];
+ };
+ };
+
+ nixpkgs.config.chromium.enablePepperFlash = true;
+
+ #hardware.bumblebee.enable = true;
+ #hardware.bumblebee.group = "video";
+ hardware.enableAllFirmware = true;
+ #hardware.opengl.driSupport32Bit = true;
+
+ environment.systemPackages = with pkgs; [
+ ethtool
+ tinc_pre
+ iptables
+ #jack2
+
+ gptfdisk
+ ];
+
+ security.setuidPrograms = [
+ "sendmail" # for cron
+ ];
+
+ services.printing.enable = true;
+
+ # see tmpfiles.d(5)
+ systemd.tmpfiles.rules = [
+ "d /tmp 1777 root root - -" # does this work with mounted /tmp?
+ ];
+
+ #services.bitlbee.enable = true;
+ #services.tor.client.enable = true;
+ #services.tor.enable = true;
+ #services.virtualboxHost.enable = true;
+
+
+ # The NixOS release to be compatible with for stateful data such as databases.
+ system.stateVersion = "15.09";
+
+#/*
+#{ host api.doraemon.sg.zalora.net | awk '{print$4" api.zalora.sg"}';
+# host bob.live.sg.zalora.net | awk '{print$4" bob.zalora.sg"}';
+# host www.live.sg.zalora.net | awk '{print$4" www.zalora.sg costa.zalora.sg"}'; }
+#*/
+# networking.extraHosts = optionalString (1 == 1) ''
+#54.255.133.72 api.zalora.sg
+#52.77.12.194 bob.zalora.sg
+#52.74.232.49 www.zalora.sg costa.zalora.sg
+# '';
+
+
+ #services.elasticsearch.enable = true;
+ #services.kibana.enable = true;
+ #services.logstash.enable = true;
+
+ environment.etc."ssh/ssh_config".text = mkForce ''
+ AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
+
+ ${optionalString config.programs.ssh.setXAuthLocation ''
+ XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
+ ''}
+
+ ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"}
+
+ # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
+ #PubkeyAcceptedKeyTypes +ssh-dss
+
+ ${config.programs.ssh.extraConfig}
+ '';
+
+}
diff --git a/tv/2configs/audit.nix b/tv/2configs/audit.nix
new file mode 100644
index 000000000..644741a5b
--- /dev/null
+++ b/tv/2configs/audit.nix
@@ -0,0 +1,9 @@
+{ ... }:
+
+{
+ security.audit = {
+ rules = [
+ "-a task,never"
+ ];
+ };
+}
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 741955eee..a9ba1eadd 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -14,7 +14,7 @@ with config.krebs.lib;
stockholm = "/home/tv/stockholm";
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
- rev = "87fe38fd0e19ca83fc3ea338f8e0e7b12971d204";
+ rev = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f";
};
} // optionalAttrs config.krebs.build.host.secure {
secrets-master = "/home/tv/secrets/master";
@@ -25,6 +25,7 @@ with config.krebs.lib;
imports = [
<secrets>
+ ./audit.nix
./backup.nix
./nginx
./vim.nix
@@ -152,6 +153,7 @@ with config.krebs.lib;
services.cron.enable = false;
services.nscd.enable = false;
services.ntp.enable = false;
+ services.timesyncd.enable = true;
}
{
@@ -168,13 +170,20 @@ with config.krebs.lib;
}
{
+ services.journald.extraConfig = ''
+ SystemMaxUse=1G
+ RuntimeMaxUse=128M
+ '';
+ }
+
+ {
services.openssh = {
enable = true;
hostKeys = [
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
- tv.iptables.input-internet-accept-new-tcp = singleton "ssh";
+ tv.iptables.input-internet-accept-tcp = singleton "ssh";
}
{
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
index 9197a3c30..ad355f8b4 100644
--- a/tv/2configs/exim-retiolum.nix
+++ b/tv/2configs/exim-retiolum.nix
@@ -4,5 +4,5 @@ with config.krebs.lib;
{
krebs.exim-retiolum.enable = true;
- tv.iptables.input-retiolum-accept-new-tcp = singleton "smtp";
+ tv.iptables.input-retiolum-accept-tcp = singleton "smtp";
}
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index 3616a8f52..351b54da1 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -43,5 +43,5 @@ with config.krebs.lib;
{ from = "mirko"; to = "mv"; }
];
};
- tv.iptables.input-internet-accept-new-tcp = singleton "smtp";
+ tv.iptables.input-internet-accept-tcp = singleton "smtp";
}
diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix
index 1fac65a31..d0d07d5ca 100644
--- a/tv/2configs/nginx/default.nix
+++ b/tv/2configs/nginx/default.nix
@@ -12,6 +12,6 @@ with config.krebs.lib;
];
};
tv.iptables = optionalAttrs config.krebs.nginx.enable {
- input-retiolum-accept-new-tcp = singleton "http";
+ input-retiolum-accept-tcp = singleton "http";
};
}
diff --git a/tv/2configs/nginx/public_html.nix b/tv/2configs/nginx/public_html.nix
index 15a3b5482..858f16563 100644
--- a/tv/2configs/nginx/public_html.nix
+++ b/tv/2configs/nginx/public_html.nix
@@ -11,5 +11,5 @@ with config.krebs.lib;
'')
];
};
- tv.iptables.input-internet-accept-new-tcp = singleton "http";
+ tv.iptables.input-internet-accept-tcp = singleton "http";
}
diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix
index e1598d792..f79454157 100644
--- a/tv/2configs/retiolum.nix
+++ b/tv/2configs/retiolum.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
with config.krebs.lib;
@@ -12,6 +12,8 @@ with config.krebs.lib;
"cd"
"ire"
];
+ tincPackage = pkgs.tinc_pre;
};
- tv.iptables.input-internet-accept-new-tcp = singleton "tinc";
+ tv.iptables.input-internet-accept-tcp = singleton "tinc";
+ tv.iptables.input-internet-accept-udp = singleton "tinc";
}
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 85045332f..86c5d05d6 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -14,8 +14,17 @@ let
};
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
+ pkgs.vimPlugins.ctrlp
pkgs.vimPlugins.undotree
(pkgs.vimUtils.buildVimPlugin {
+ name = "vim-syntax-jq";
+ src = pkgs.fetchgit {
+ url = https://github.com/vito-c/jq.vim;
+ rev = "99d55a300047946a82ecdd7617323a751199ad2d";
+ sha256 = "00mmwg4swwmllknzzx07af080lcy7y5i6341rc6c08i2vka48nv9";
+ };
+ })
+ (pkgs.vimUtils.buildVimPlugin {
name = "file-line-1.0";
src = pkgs.fetchgit {
url = git://github.com/bogado/file-line;
@@ -101,6 +110,176 @@ let
command! -n=0 -bar ShowSyntax :call ShowSyntax()
'';
})))
+ ((rtp: rtp // { inherit rtp; }) (pkgs.writeOut "vim-tv" {
+ "/syntax/haskell.vim".text = /* vim */ ''
+ syn region String start=+\[[[:alnum:]]*|+ end=+|]+
+
+ hi link ConId Identifier
+ hi link VarId Identifier
+ hi link hsDelimiter Delimiter
+ '';
+ "/syntax/nix.vim".text = /* vim */ ''
+ "" Quit when a (custom) syntax file was already loaded
+ "if exists("b:current_syntax")
+ " finish
+ "endif
+
+ "setf nix
+
+ " Ref <nix/src/libexpr/lexer.l>
+ syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
+ syn match NixINT /\<[0-9]\+\>/
+ syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
+ syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
+ syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
+ syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
+ syn region NixSTRING
+ \ matchgroup=NixSTRING
+ \ start='"'
+ \ skip='\\"'
+ \ end='"'
+ syn region NixIND_STRING
+ \ matchgroup=NixIND_STRING
+ \ start="'''"
+ \ skip="'''\('\|[$]\|\\[nrt]\)"
+ \ end="'''"
+
+ syn match NixOther /[-!+&<>|():/;=.,?\[\]*@]/
+
+ syn match NixCommentMatch /\(^\|\s\)#.*/
+ syn region NixCommentRegion start="/\*" end="\*/"
+
+ hi link NixCode Statement
+ hi link NixData Constant
+ hi link NixComment Comment
+
+ hi link NixCommentMatch NixComment
+ hi link NixCommentRegion NixComment
+ hi link NixID NixCode
+ hi link NixINT NixData
+ hi link NixPATH NixData
+ hi link NixHPATH NixData
+ hi link NixSPATH NixData
+ hi link NixURI NixData
+ hi link NixSTRING NixData
+ hi link NixIND_STRING NixData
+
+ hi link NixEnter NixCode
+ hi link NixOther NixCode
+ hi link NixQuote NixData
+
+ syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
+ syn cluster nix_ind_strings contains=NixIND_STRING
+ syn cluster nix_strings contains=NixSTRING
+
+ ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
+ startAlts = filter isString [
+ ''/\* ${lang} \*/''
+ extraStart
+ ];
+ sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
+ in /* vim */ ''
+ syn include @nix_${lang}_syntax syntax/${lang}.vim
+ if exists("b:current_syntax")
+ unlet b:current_syntax
+ endif
+
+ syn match nix_${lang}_sigil
+ \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
+ \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
+ \ transparent
+
+ syn region nix_${lang}_region_STRING
+ \ matchgroup=NixSTRING
+ \ start='"'
+ \ skip='\\"'
+ \ end='"'
+ \ contained
+ \ contains=@nix_${lang}_syntax
+ \ transparent
+
+ syn region nix_${lang}_region_IND_STRING
+ \ matchgroup=NixIND_STRING
+ \ start="'''"
+ \ skip="'''\('\|[$]\|\\[nrt]\)"
+ \ end="'''"
+ \ contained
+ \ contains=@nix_${lang}_syntax
+ \ transparent
+
+ syn cluster nix_ind_strings
+ \ add=nix_${lang}_region_IND_STRING
+
+ syn cluster nix_strings
+ \ add=nix_${lang}_region_STRING
+
+ " This is required because containedin isn't transitive.
+ syn cluster nix_has_dollar_curly
+ \ add=@nix_${lang}_syntax
+ '') {
+ c = {};
+ cabal = {};
+ diff = {};
+ haskell = {};
+ jq.extraStart = concatStringsSep ''\|'' [
+ ''writeJq.*''
+ ''write[^ \t\r\n]*[ \t\r\n]*"[^"]*\.jq"''
+ ];
+ lua = {};
+ sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
+ sh.extraStart = concatStringsSep ''\|'' [
+ ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''
+ ''[a-z]*Phase[ \t\r\n]*=''
+ ];
+ vim.extraStart =
+ ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
+ xdefaults = {};
+ })}
+
+ " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
+ syn clear shVarAssign
+
+ syn region nixINSIDE_DOLLAR_CURLY
+ \ matchgroup=NixEnter
+ \ start="[$]{"
+ \ end="}"
+ \ contains=TOP
+ \ containedin=@nix_has_dollar_curly
+ \ transparent
+
+ syn region nix_inside_curly
+ \ matchgroup=NixEnter
+ \ start="{"
+ \ end="}"
+ \ contains=TOP
+ \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
+ \ transparent
+
+ syn match NixQuote /'''\(''$\|\\.\)/he=s+2
+ \ containedin=@nix_ind_strings
+ \ contained
+
+ syn match NixQuote /'''\('\|\\.\)/he=s+1
+ \ containedin=@nix_ind_strings
+ \ contained
+
+ syn match NixQuote /\\./he=s+1
+ \ containedin=@nix_strings
+ \ contained
+
+ syn sync fromstart
+
+ let b:current_syntax = "nix"
+
+ set isk=@,48-57,_,192-255,-,'
+ '';
+ "/syntax/sed.vim".text = /* vim */ ''
+ syn region sedBranch
+ \ matchgroup=sedFunction start="T"
+ \ matchgroup=sedSemicolon end=";\|$"
+ \ contains=sedWhitespace
+ '';
+ }))
];
dirs = {
@@ -121,6 +300,9 @@ let
vim = pkgs.writeDashBin "vim" ''
set -efu
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
+ if test $# = 0 && test -e "$PWD/.ctrlpignore"; then
+ set -- +CtrlP
+ fi
exec ${pkgs.vim}/bin/vim "$@"
'';
@@ -137,7 +319,7 @@ let
set mouse=a
set noruler
set pastetoggle=<INS>
- set runtimepath=${extra-runtimepath},$VIMRUNTIME
+ set runtimepath=$VIMRUNTIME,${ex