diff options
Diffstat (limited to 'tv')
-rw-r--r-- | tv/1systems/caxi.nix | 25 | ||||
-rw-r--r-- | tv/1systems/cd.nix | 64 | ||||
-rw-r--r-- | tv/1systems/mkdir.nix | 76 | ||||
-rw-r--r-- | tv/1systems/mu.nix | 7 | ||||
-rw-r--r-- | tv/1systems/nomic.nix | 1 | ||||
-rw-r--r-- | tv/1systems/rmdir.nix | 76 | ||||
-rw-r--r-- | tv/1systems/wu.nix | 10 | ||||
-rw-r--r-- | tv/1systems/xu.nix | 10 | ||||
-rw-r--r-- | tv/1systems/zu.nix | 229 | ||||
-rw-r--r-- | tv/2configs/audit.nix | 9 | ||||
-rw-r--r-- | tv/2configs/default.nix | 13 | ||||
-rw-r--r-- | tv/2configs/exim-retiolum.nix | 2 | ||||
-rw-r--r-- | tv/2configs/exim-smarthost.nix | 2 | ||||
-rw-r--r-- | tv/2configs/nginx/default.nix | 2 | ||||
-rw-r--r-- | tv/2configs/nginx/public_html.nix | 2 | ||||
-rw-r--r-- | tv/2configs/retiolum.nix | 6 | ||||
-rw-r--r-- | tv/2configs/vim.nix | 365 | ||||
-rw-r--r-- | tv/3modules/iptables.nix | 24 | ||||
-rw-r--r-- | tv/5pkgs/default.nix | 4 |
19 files changed, 571 insertions, 356 deletions
diff --git a/tv/1systems/caxi.nix b/tv/1systems/caxi.nix new file mode 100644 index 000000000..5bfacd992 --- /dev/null +++ b/tv/1systems/caxi.nix @@ -0,0 +1,25 @@ +{ config, ... }: + +with config.krebs.lib; + +{ + krebs.build.host = config.krebs.hosts.caxi; + + imports = [ + ../. + ../2configs/hw/CAC-Developer-1.nix + ../2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/retiolum.nix + ]; + + networking = let + inherit (config.krebs.build.host.nets.internet) ip4; + in { + interfaces.enp2s1.ip4 = singleton { + address = ip4.addr; + prefixLength = fromJSON (head (match ".*/([0-9]+)" ip4.prefix)); + }; + defaultGateway = head (match "([^/]*)\.0/[0-9]+" ip4.prefix) + ".1"; + nameservers = ["8.8.8.8"]; + }; +} diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 32d956b8a..2ad4a1505 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -18,7 +18,7 @@ with config.krebs.lib; enable = true; ssl_cert = ../Zcerts/charybdis_cd.crt.pem; }; - tv.iptables.input-retiolum-accept-new-tcp = [ + tv.iptables.input-retiolum-accept-tcp = [ config.tv.charybdis.port config.tv.charybdis.sslport ]; @@ -28,14 +28,14 @@ with config.krebs.lib; enable = true; hosts = [ "jabber.viljetic.de" ]; }; - tv.iptables.input-internet-accept-new-tcp = [ + tv.iptables.input-internet-accept-tcp = [ "xmpp-client" "xmpp-server" ]; } { krebs.github-hosts-sync.enable = true; - tv.iptables.input-internet-accept-new-tcp = + tv.iptables.input-internet-accept-tcp = singleton config.krebs.github-hosts-sync.port; } { @@ -44,20 +44,50 @@ with config.krebs.lib; "cgit.cd.viljetic.de" ]; # TODO make public_html also available to cd, cd.retiolum (AKA default) - krebs.nginx.servers.public_html = { - server-names = singleton "cd.viljetic.de"; - locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - ''); + krebs.nginx.servers."https://viljetic.de" = { + server-names = singleton "viljetic.de"; + listen = mkForce []; # disable default + ssl = { + enable = true; + certificate = "/var/lib/acme/viljetic.de/fullchain.pem"; + certificate_key = "/var/lib/acme/viljetic.de/key.pem"; + }; + locations = [ + (nameValuePair "/" '' + root ${pkgs.viljetic-pages}; + '') + (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' + alias /home/$1/public_html$2; + '') + ]; }; - krebs.nginx.servers.viljetic = { + krebs.nginx.servers."http://viljetic.de" = { server-names = singleton "viljetic.de"; - # TODO directly set root (instead via location) - locations = singleton (nameValuePair "/" '' - root ${pkgs.viljetic-pages}; - ''); + locations = [ + (nameValuePair "/.well-known/acme-challenge/" '' + root /var/lib/acme/challenges/viljetic.de/; + '') + (nameValuePair "/" '' + return 301 https://viljetic.de$request_uri; + '') + ]; + }; + security.acme = { + certs."viljetic.de" = { + email = "tomislav@viljetic.de"; + webroot = "/var/lib/acme/challenges/viljetic.de"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + ]; + user = "nginx"; + }; }; - tv.iptables.input-internet-accept-new-tcp = singleton "http"; + tv.iptables.input-internet-accept-tcp = [ + "http" + "https" + ]; } ]; @@ -78,13 +108,7 @@ with config.krebs.lib; iotop iptables nethogs - ntp # ntpate rxvt_unicode.terminfo tcpdump ]; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; } diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix deleted file mode 100644 index f46ed9547..000000000 --- a/tv/1systems/mkdir.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; - -let - # TODO merge with lass - getDefaultGateway = ip: - concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); - - primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr; -in - -{ - krebs.build.host = config.krebs.hosts.mkdir; - - imports = [ - ../. - ../2configs/hw/CAC-Developer-1.nix - ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/exim-smarthost.nix - ../2configs/git.nix - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "ssh" - "tinc" - "smtp" - ]; - input-retiolum-accept-new-tcp = [ - "http" - ]; - }; - } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "cd" - "fastpoke" - "pigstarter" - "ire" - ]; - }; - } - ]; - - networking.interfaces.enp2s1.ip4 = [ - { - address = primary-addr4; - prefixLength = 24; - } - ]; - - # TODO define gateway in krebs/3modules/default.nix - networking.defaultGateway = getDefaultGateway primary-addr4; - - networking.nameservers = [ - "8.8.8.8" - ]; - - environment.systemPackages = with pkgs; [ - htop - iftop - iotop - iptables - nethogs - rxvt_unicode.terminfo - tcpdump - ]; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; -} diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix index 06da15ecc..e7908e299 100644 --- a/tv/1systems/mu.nix +++ b/tv/1systems/mu.nix @@ -76,7 +76,7 @@ with config.krebs.lib; environment.systemPackages = with pkgs; [ slock - tinc + tinc_pre iptables vim gimp @@ -157,11 +157,6 @@ with config.krebs.lib; ]; }; - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - # see tmpfiles.d(5) systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" # does this work with mounted /tmp? diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 3696bcdfc..5415e50b1 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -60,7 +60,6 @@ with config.krebs.lib; esac '') gnupg - ntp # ntpate rxvt_unicode.terminfo tmux ]; diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix deleted file mode 100644 index 25fae2c36..000000000 --- a/tv/1systems/rmdir.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; - -let - # TODO merge with lass - getDefaultGateway = ip: - concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); - - primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr; -in - -{ - krebs.build.host = config.krebs.hosts.rmdir; - - imports = [ - ../. - ../2configs/hw/CAC-Developer-1.nix - ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/exim-smarthost.nix - ../2configs/git.nix - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "ssh" - "tinc" - "smtp" - ]; - input-retiolum-accept-new-tcp = [ - "http" - ]; - }; - } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "cd" - "mkdir" - "fastpoke" - "pigstarter" - "ire" - ]; - }; - } - ]; - - networking.interfaces.enp2s1.ip4 = [ - { - address = primary-addr4; - prefixLength = 24; - } - ]; - # TODO define gateway in krebs/3modules/default.nix - networking.defaultGateway = getDefaultGateway primary-addr4; - - networking.nameservers = [ - "8.8.8.8" - ]; - - environment.systemPackages = with pkgs; [ - htop - iftop - iotop - iptables - nethogs - rxvt_unicode.terminfo - tcpdump - ]; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; -} diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index cebd7c9e4..a2e113e18 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -29,7 +29,6 @@ with config.krebs.lib; # root cryptsetup - ntp # ntpate # tv bc @@ -38,7 +37,7 @@ with config.krebs.lib; dic file get - gnupg21 + gnupg1compat haskellPackages.hledger htop jq @@ -153,7 +152,7 @@ with config.krebs.lib; environment.systemPackages = with pkgs; [ ethtool - tinc + tinc_pre iptables #jack2 ]; @@ -164,11 +163,6 @@ with config.krebs.lib; services.printing.enable = true; - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - # see tmpfiles.d(5) systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" # does this work with mounted /tmp? diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 6ba7ab327..b832470d0 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -41,7 +41,6 @@ with config.krebs.lib; # root cryptsetup - ntp # ntpate # tv bc @@ -49,7 +48,7 @@ with config.krebs.lib; cac-api dic file - gnupg21 + gnupg1compat haskellPackages.hledger htop jq @@ -163,7 +162,7 @@ with config.krebs.lib; environment.systemPackages = with pkgs; [ ethtool - tinc + tinc_pre iptables #jack2 @@ -176,11 +175,6 @@ with config.krebs.lib; services.printing.enable = true; - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - # see tmpfiles.d(5) systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" # does this work with mounted /tmp? diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix new file mode 100644 index 000000000..bfc018cc3 --- /dev/null +++ b/tv/1systems/zu.nix @@ -0,0 +1,229 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +{ + krebs.build.host = config.krebs.hosts.zu; + + imports = [ + { + options.tv.test.sercret-file = mkOption { + type = types.secret-file; + default = {}; + }; + } + ../. + ../2configs/hw/x220.nix + ../2configs/exim-retiolum.nix + ../2configs/git.nix + ../2configs/mail-client.nix + ../2configs/man.nix + ../2configs/nginx/public_html.nix + ../2configs/pulse.nix + ../2configs/retiolum.nix + ../2configs/wu-binary-cache/client.nix + ../2configs/xserver + { + environment.systemPackages = with pkgs; [ + + # stockholm + gnumake + hashPassword + haskellPackages.lentil + parallel + (pkgs.writeBashBin "im" '' + export PATH=${makeSearchPath "bin" (with pkgs; [ + tmux + gnugrep + weechat + ])} + if tmux list-sessions -F\#S | grep -q '^im''$'; then + exec tmux attach -t im + else + exec tmux new -s im weechat + fi + '') + + # root + cryptsetup + + # tv + bc + bind # dig + cac-api + dic + file + gnupg1compat + haskellPackages.hledger + htop + jq + mkpasswd + netcat + nix-repl + nmap + p7zip + pass + q + qrencode + # XXX fails at systemd.services.dbus.unitConfig + #texlive + tmux + + #ack + #apache-httpd + #ascii + #emacs + #es + #esniper + #gcc + #gptfdisk + #graphviz + #haskellPackages.cabal2nix + #haskellPackages.ghc + #haskellPackages.shake + #hdparm + #i7z + #iftop + #imagemagick + #inotifyTools + #iodine + #iotop + #lshw + #lsof + #minicom + #mtools + #ncmpc + #nethogs + #nix-prefetch-scripts #cvs bug + #openssl + #openswan + #parted + #perl + #powertop + #ppp + #proot + #pythonPackages.arandr + #pythonPackages.youtube-dl + #racket + #rxvt_unicode-with-plugins + #scrot + #sec + #silver-searcher + #sloccount + #smartmontools + #socat + #sshpass + #strongswan + #sysdig + #sysstat + #tcpdump + #tlsdate + #unetbootin + #utillinuxCurses + #wvdial + #xdotool + #xkill + #xl2tpd + #xsel + + unison + ]; + } + ]; + + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices = [ + { name = "zuca"; device = "/dev/sda2"; } + ]; + }; + + fileSystems = { + "/" = { + device = "/dev/mapper/zuvga-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home" = { + device = "/dev/mapper/zuvga-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + nixpkgs.config.chromium.enablePepperFlash = true; + + #hardware.bumblebee.enable = true; + #hardware.bumblebee.group = "video"; + hardware.enableAllFirmware = true; + #hardware.opengl.driSupport32Bit = true; + + environment.systemPackages = with pkgs; [ + ethtool + tinc_pre + iptables + #jack2 + + gptfdisk + ]; + + security.setuidPrograms = [ + "sendmail" # for cron + ]; + + services.printing.enable = true; + + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" # does this work with mounted /tmp? + ]; + + #services.bitlbee.enable = true; + #services.tor.client.enable = true; + #services.tor.enable = true; + #services.virtualboxHost.enable = true; + + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "15.09"; + +#/* +#{ host api.doraemon.sg.zalora.net | awk '{print$4" api.zalora.sg"}'; +# host bob.live.sg.zalora.net | awk '{print$4" bob.zalora.sg"}'; +# host www.live.sg.zalora.net | awk '{print$4" www.zalora.sg costa.zalora.sg"}'; } +#*/ +# networking.extraHosts = optionalString (1 == 1) '' +#54.255.133.72 api.zalora.sg +#52.77.12.194 bob.zalora.sg +#52.74.232.49 www.zalora.sg costa.zalora.sg +# ''; + + + #services.elasticsearch.enable = true; + #services.kibana.enable = true; + #services.logstash.enable = true; + + environment.etc."ssh/ssh_config".text = mkForce '' + AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} + + ${optionalString config.programs.ssh.setXAuthLocation '' + XAuthLocation ${pkgs.xorg.xauth}/bin/xauth + ''} + + ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"} + + # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) + #PubkeyAcceptedKeyTypes +ssh-dss + + ${config.programs.ssh.extraConfig} + ''; + +} diff --git a/tv/2configs/audit.nix b/tv/2configs/audit.nix new file mode 100644 index 000000000..644741a5b --- /dev/null +++ b/tv/2configs/audit.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + security.audit = { + rules = [ + "-a task,never" + ]; + }; +} diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 741955eee..a9ba1eadd 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with config.krebs.lib; stockholm = "/home/tv/stockholm"; nixpkgs = { url = https://github.com/NixOS/nixpkgs; - rev = "87fe38fd0e19ca83fc3ea338f8e0e7b12971d204"; + rev = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f"; }; } // optionalAttrs config.krebs.build.host.secure { secrets-master = "/home/tv/secrets/master"; @@ -25,6 +25,7 @@ with config.krebs.lib; imports = [ <secrets> + ./audit.nix ./backup.nix ./nginx ./vim.nix @@ -152,6 +153,7 @@ with config.krebs.lib; services.cron.enable = false; services.nscd.enable = false; services.ntp.enable = false; + services.timesyncd.enable = true; } { @@ -168,13 +170,20 @@ with config.krebs.lib; } { + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + } + + { services.openssh = { enable = true; hostKeys = [ { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } ]; }; - tv.iptables.input-internet-accept-new-tcp = singleton "ssh"; + tv.iptables.input-internet-accept-tcp = singleton "ssh"; } { diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix index 9197a3c30..ad355f8b4 100644 --- a/tv/2configs/exim-retiolum.nix +++ b/tv/2configs/exim-retiolum.nix @@ -4,5 +4,5 @@ with config.krebs.lib; { krebs.exim-retiolum.enable = true; - tv.iptables.input-retiolum-accept-new-tcp = singleton "smtp"; + tv.iptables.input-retiolum-accept-tcp = singleton "smtp"; } diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 3616a8f52..351b54da1 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -43,5 +43,5 @@ with config.krebs.lib; { from = "mirko"; to = "mv"; } ]; }; - tv.iptables.input-internet-accept-new-tcp = singleton "smtp"; + tv.iptables.input-internet-accept-tcp = singleton "smtp"; } diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix index 1fac65a31..d0d07d5ca 100644 --- a/tv/2configs/nginx/default.nix +++ b/tv/2configs/nginx/default.nix @@ -12,6 +12,6 @@ with config.krebs.lib; ]; }; tv.iptables = optionalAttrs config.krebs.nginx.enable { - input-retiolum-accept-new-tcp = singleton "http"; + input-retiolum-accept-tcp = singleton "http"; }; } diff --git a/tv/2configs/nginx/public_html.nix b/tv/2configs/nginx/public_html.nix index 15a3b5482..858f16563 100644 --- a/tv/2configs/nginx/public_html.nix +++ b/tv/2configs/nginx/public_html.nix @@ -11,5 +11,5 @@ with config.krebs.lib; '') ]; }; - tv.iptables.input-internet-accept-new-tcp = singleton "http"; + tv.iptables.input-internet-accept-tcp = singleton "http"; } diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix index e1598d792..f79454157 100644 --- a/tv/2configs/retiolum.nix +++ b/tv/2configs/retiolum.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: with config.krebs.lib; @@ -12,6 +12,8 @@ with config.krebs.lib; "cd" "ire" ]; + tincPackage = pkgs.tinc_pre; }; - tv.iptables.input-internet-accept-new-tcp = singleton "tinc"; + tv.iptables.input-internet-accept-tcp = singleton "tinc"; + tv.iptables.input-internet-accept-udp = singleton "tinc"; } diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 85045332f..86c5d05d6 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -14,8 +14,17 @@ let }; extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.ctrlp pkgs.vimPlugins.undotree (pkgs.vimUtils.buildVimPlugin { + name = "vim-syntax-jq"; + src = pkgs.fetchgit { + url = https://github.com/vito-c/jq.vim; + rev = "99d55a300047946a82ecdd7617323a751199ad2d"; + sha256 = "00mmwg4swwmllknzzx07af080lcy7y5i6341rc6c08i2vka48nv9"; + }; + }) + (pkgs.vimUtils.buildVimPlugin { name = "file-line-1.0"; src = pkgs.fetchgit { url = git://github.com/bogado/file-line; @@ -101,6 +110,176 @@ let command! -n=0 -bar ShowSyntax :call ShowSyntax() ''; }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeOut "vim-tv" { + "/syntax/haskell.vim".text = /* vim */ '' + syn region String start=+\[[[:alnum:]]*|+ end=+|]+ + + hi link ConId Identifier + hi link VarId Identifier + hi link hsDelimiter Delimiter + ''; + "/syntax/nix.vim".text = /* vim */ '' + "" Quit when a (custom) syntax file was already loaded + "if exists("b:current_syntax") + " finish + "endif + + "setf nix + + " Ref <nix/src/libexpr/lexer.l> + syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ + syn match NixINT /\<[0-9]\+\>/ + syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + syn region NixSTRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + syn region NixIND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + + syn match NixOther /[-!+&<>|():/;=.,?\[\]*@]/ + + syn match NixCommentMatch /\(^\|\s\)#.*/ + syn region NixCommentRegion start="/\*" end="\*/" + + hi link NixCode Statement + hi link NixData Constant + hi link NixComment Comment + + hi link NixCommentMatch NixComment + hi link NixCommentRegion NixComment + hi link NixID NixCode + hi link NixINT NixData + hi link NixPATH NixData + hi link NixHPATH NixData + hi link NixSPATH NixData + hi link NixURI NixData + hi link NixSTRING NixData + hi link NixIND_STRING NixData + + hi link NixEnter NixCode + hi link NixOther NixCode + hi link NixQuote NixData + + syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings + syn cluster nix_ind_strings contains=NixIND_STRING + syn cluster nix_strings contains=NixSTRING + + ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let + startAlts = filter isString [ + ''/\* ${lang} \*/'' + extraStart + ]; + sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; + in /* vim */ '' + syn include @nix_${lang}_syntax syntax/${lang}.vim + if exists("b:current_syntax") + unlet b:current_syntax + endif + + syn match nix_${lang}_sigil + \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X + \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING + \ transparent + + syn region nix_${lang}_region_STRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn region nix_${lang}_region_IND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn cluster nix_ind_strings + \ add=nix_${lang}_region_IND_STRING + + syn cluster nix_strings + \ add=nix_${lang}_region_STRING + + " This is required because containedin isn't transitive. + syn cluster nix_has_dollar_curly + \ add=@nix_${lang}_syntax + '') { + c = {}; + cabal = {}; + diff = {}; + haskell = {}; + jq.extraStart = concatStringsSep ''\|'' [ + ''writeJq.*'' + ''write[^ \t\r\n]*[ \t\r\n]*"[^"]*\.jq"'' + ]; + lua = {}; + sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; + sh.extraStart = concatStringsSep ''\|'' [ + ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'' + ''[a-z]*Phase[ \t\r\n]*='' + ]; + vim.extraStart = + ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; + xdefaults = {}; + })} + + " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. + syn clear shVarAssign + + syn region nixINSIDE_DOLLAR_CURLY + \ matchgroup=NixEnter + \ start="[$]{" + \ end="}" + \ contains=TOP + \ containedin=@nix_has_dollar_curly + \ transparent + + syn region nix_inside_curly + \ matchgroup=NixEnter + \ start="{" + \ end="}" + \ contains=TOP + \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly + \ transparent + + syn match NixQuote /'''\(''$\|\\.\)/he=s+2 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /'''\('\|\\.\)/he=s+1 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /\\./he=s+1 + \ containedin=@nix_strings + \ contained + + syn sync fromstart + + let b:current_syntax = "nix" + + set isk=@,48-57,_,192-255,-,' + ''; + "/syntax/sed.vim".text = /* vim */ '' + syn region sedBranch + \ matchgroup=sedFunction start="T" + \ matchgroup=sedSemicolon end=";\|$" + \ contains=sedWhitespace + ''; + })) ]; dirs = { @@ -121,6 +300,9 @@ let vim = pkgs.writeDashBin "vim" '' set -efu (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + if test $# = 0 && test -e "$PWD/.ctrlpignore"; then + set -- +CtrlP + fi exec ${pkgs.vim}/bin/vim "$@" ''; @@ -137,7 +319,7 @@ let set mouse=a set noruler set pastetoggle=<INS> - set runtimepath=${extra-runtimepath},$VIMRUNTIME + set runtimepath=$VIMRUNTIME,${ex |