diff options
| -rw-r--r-- | krebs/3modules/mb/default.nix | 26 | ||||
| -rw-r--r-- | mb/1systems/gr33n/configuration.nix | 14 | ||||
| -rw-r--r-- | mb/1systems/orange/configuration.nix | 7 | ||||
| -rw-r--r-- | mb/1systems/p1nk/configuration.nix | 4 | ||||
| -rw-r--r-- | mb/1systems/rofl/configuration.nix | 103 | ||||
| -rw-r--r-- | mb/1systems/sunsh1n3/configuration.nix | 181 | ||||
| -rw-r--r-- | mb/1systems/sunsh1n3/hardware-configuration.nix | 29 | ||||
| -rw-r--r-- | mb/2configs/default.nix | 23 | ||||
| -rw-r--r-- | mb/2configs/google-compute-config.nix | 231 | ||||
| -rw-r--r-- | mb/2configs/headless.nix | 25 | ||||
| -rw-r--r-- | mb/2configs/neovimrc | 446 | ||||
| -rw-r--r-- | mb/2configs/nvim.nix | 70 | ||||
| -rw-r--r-- | mb/2configs/qemu-guest.nix | 19 |
13 files changed, 1176 insertions, 2 deletions
diff --git a/krebs/3modules/mb/default.nix b/krebs/3modules/mb/default.nix index e77811f08..31e01c4ab 100644 --- a/krebs/3modules/mb/default.nix +++ b/krebs/3modules/mb/default.nix @@ -36,6 +36,32 @@ in { }; }; }; + rofl = { + nets = { + retiolum = { + ip4.addr = "10.243.42.43"; + aliases = [ + "rofl.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnysdVVwxkmSroNUleYZm + xdaIB9EdZYCo2xj3WyhsD2lWMpj51FzSH6Y052Vy1V1TCuIXIwjidpmMohBvflG8 + txKCaBGQOZbVqRgzyCDXsNisbr05ayYuHcRrXTpn5ask4HN0Vtx2uJOn8YmOxA0D + VhyEnf8xWu+vi8dwDqRVR17QnPBYqgenzIBmAuRngvNqg6WZg+E9X2e1Dco/PMzb + VW0AgC2+zFCl4+G7dEW7uhsI6IJLy4LsJuEN4TlvWAf7tfdFEnBzTfODW8quGdts + 1Yzah4svPNNt9F1ZhOR/1bDsfVoOjI76BgB0G+ZZPQAGV1zxgn8DXSKi/tJTLNu1 + vj/n9sUJfXMYQdTAOkABghCyEDFUspPKCffQqUXUcJbLKY9fNssGGBeanMsobUQC + Ch9z7kIJ52JDcP/D58z9Yf62P5ENqXzeVPCcodIOey1EizOu/FH3jVo52we1M5sp + 1iM4hMc3ZINUBI9AA1nLWWlB3lBnErAXrhmMMHjcO4nO7/M0YU+EalkDB5eIhqiH + QJx7VnOE2UZYU9Y0vVNSWfYocU12aABK98T7lr5Tde4dI1J81sk2MUZcbNHger3f + NxpvNzOBpeC5xvq/ENCRR7MDf/59xWW5P5N7PbGprLQAi8cfdSoIEhSPz17Taq1f + 3aAAePgBsZvRQozxXZfqp58CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; p1nk = { nets = { retiolum = { diff --git a/mb/1systems/gr33n/configuration.nix b/mb/1systems/gr33n/configuration.nix index 4342ba0e2..dcf987791 100644 --- a/mb/1systems/gr33n/configuration.nix +++ b/mb/1systems/gr33n/configuration.nix @@ -62,6 +62,7 @@ in { wcalc wget xz + zbackup ]; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; @@ -71,6 +72,19 @@ in { services.openssh.enable = true; services.openssh.passwordAuthentication = false; + services.codimd = { + enable = true; + workDir = "/storage/codimd"; + configuration = { + port = 1337; + host = "0.0.0.0"; + db = { + dialect = "sqlite"; + storage = "/storage/codimd/db.codimd.sqlite"; + }; + }; + }; + networking.wireless.enable = false; networking.networkmanager.enable = false; krebs.iptables.enable = true; diff --git a/mb/1systems/orange/configuration.nix b/mb/1systems/orange/configuration.nix index 3e90f89a2..b43bd8a0f 100644 --- a/mb/1systems/orange/configuration.nix +++ b/mb/1systems/orange/configuration.nix @@ -5,6 +5,7 @@ in { [ # Include the results of the hardware scan. ./hardware-configuration.nix <stockholm/mb> + <stockholm/mb/2configs/nvim.nix> ]; krebs.build.host = config.krebs.hosts.orange; @@ -124,15 +125,19 @@ in { unstable.ponyc unstable.sublime3 unstable.youtube-dl - vim virt-viewer virtmanager vulnix wcalc wget xz + zbackup ]; + environment.variables = { + EDITOR = ["nvim"]; + }; + environment.shellAliases = { ll = "ls -alh"; ls = "ls --color=tty"; diff --git a/mb/1systems/p1nk/configuration.nix b/mb/1systems/p1nk/configuration.nix index 905630e78..19efc75b0 100644 --- a/mb/1systems/p1nk/configuration.nix +++ b/mb/1systems/p1nk/configuration.nix @@ -5,6 +5,7 @@ in { [ # Include the results of the hardware scan. ./hardware-configuration.nix <stockholm/mb> + <stockholm/mb/2configs/nvim.nix> ]; krebs.build.host = config.krebs.hosts.p1nk; @@ -118,13 +119,13 @@ in { unstable.ponyc unstable.sublime3 youtube-dl - vim virt-viewer virtmanager vulnix wcalc wget xz + zbackup ]; environment.shellAliases = { @@ -159,6 +160,7 @@ in { }; }; windowManager.ratpoison.enable = true; + windowManager.pekwm.enable = true; }; services.openssh.enable = true; diff --git a/mb/1systems/rofl/configuration.nix b/mb/1systems/rofl/configuration.nix new file mode 100644 index 000000000..3c5c56c84 --- /dev/null +++ b/mb/1systems/rofl/configuration.nix @@ -0,0 +1,103 @@ +{ config, pkgs, callPackage, ... }: let + unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; +in { + imports = + [ # Include the results of the hardware scan. + <stockholm/mb/2configs/google-compute-config.nix> + <stockholm/mb> + ]; + + krebs.build.host = config.krebs.hosts.rofl; + + i18n = { + consoleFont = "Lat2-Terminus16"; + consoleKeyMap = "de"; + defaultLocale = "en_US.UTF-8"; + }; + + time.timeZone = "Europe/Berlin"; + + nixpkgs.config.allowUnfree = true; + + environment.shellAliases = { + ll = "ls -alh"; + ls = "ls --color=tty"; + }; + + environment.systemPackages = with pkgs; [ + curl + fish + git + htop + nmap + ranger + tcpdump + tmux + traceroute + tree + vim + xz + zbackup + ]; + + sound.enable = false; + + services.openssh.enable = true; + services.openssh.passwordAuthentication = false; + + networking.wireless.enable = false; + networking.networkmanager.enable = false; + krebs.iptables.enable = true; + networking.enableIPv6 = false; + + programs.fish = { + enable = true; + shellInit = '' + function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' + if begin + set -q SSH_AGENT_PID + and kill -0 $SSH_AGENT_PID + and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline + end + echo "ssh-agent running on pid $SSH_AGENT_PID" + else + eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') + end + set -l identity $HOME/.ssh/id_rsa + set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') + ssh-add -l | grep -q $fingerprint + or ssh-add $identity + end + ''; + promptInit = '' + function fish_prompt --description 'Write out the prompt' + set -l color_cwd + set -l suffix + set -l nix_shell_info ( + if test "$IN_NIX_SHELL" != "" + echo -n " <nix-shell>" + end + ) + switch "$USER" + case root toor + if set -q fish_color_cwd_root + set color_cwd $fish_color_cwd_root + else + set color_cwd $fish_color_cwd + end + set suffix '#' + case '*' + set color_cwd $fish_color_cwd + set suffix '>' + end + + echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " + end + ''; + }; + + system.autoUpgrade.enable = false; + system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03"; + system.stateVersion = "19.03"; + +} diff --git a/mb/1systems/sunsh1n3/configuration.nix b/mb/1systems/sunsh1n3/configuration.nix new file mode 100644 index 000000000..633d122ea --- /dev/null +++ b/mb/1systems/sunsh1n3/configuration.nix @@ -0,0 +1,181 @@ + +{ config, pkgs, ... }: let + unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; +in { + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + <stockholm/mb> + ]; + + krebs.build.host = config.krebs.hosts.sunsh1n3; + + boot.kernelPackages = pkgs.linuxPackages_latest; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; + + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/disk/by-uuid/5354ba31-c7de-4b55-8f86-a2a437dfbb21"; + preLVM = true; + allowDiscards = true; + } + ]; + + i18n = { + consoleFont = "Lat2-Terminus16"; + consoleKeyMap = "de"; + defaultLocale = "en_US.UTF-8"; + }; + + time.timeZone = "Europe/Berlin"; + + nixpkgs.config.packageOverrides = super : { + openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = true ; }; + }; + + nixpkgs.config.allowUnfree = true; + + fonts = { + enableCoreFonts = true; + enableGhostscriptFonts = true; + fonts = with pkgs; [ + anonymousPro + corefonts + dejavu_fonts + envypn-font + fira + gentium + gohufont + inconsolata + liberation_ttf + powerline-fonts + source-code-pro + terminus_font + ttf_bitstream_vera + ubuntu_font_family + unifont + unstable.cherry + xorg.fontbitstream100dpi + xorg.fontbitstream75dpi + xorg.fontbitstreamtype1 + ]; + }; + + environment.systemPackages = with pkgs; [ + wget vim git curl fish + ag + chromium + firefox + gimp + p7zip + htop + mpv + mpvc + nmap + ntfs3g + keepassx2 + sshfs + #unstable.skrooge + skrooge + unstable.alacritty + tmux + tree + wcalc + virtmanager + virt-viewer + (wine.override { wineBuild = "wineWow"; }) + xz + zbackup + ]; + + virtualisation.libvirtd.enable = true; + virtualisation.kvmgt.enable = true; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + + programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + programs.dconf.enable = true; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.passwordAuthentication = false; + + krebs.iptables.enable = true; + #networking.wireless.enable = true; + networking.networkmanager.enable = true; + networking.enableIPv6 = false; + + # Enable sound. + sound.enable = true; + hardware.pulseaudio.enable = true; + hardware.pulseaudio.support32Bit = true; + nixpkgs.config.pulseaudio = true; + + services.xserver.enable = true; + services.xserver.layout = "de"; + services.xserver.xkbOptions = "nodeadkeys"; + services.xserver.libinput.enable = true; + + # Enable the KDE Desktop Environment. + services.xserver.displayManager.sddm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + + programs.fish = { + enable = true; + shellInit = '' + function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' + if begin + set -q SSH_AGENT_PID + and kill -0 $SSH_AGENT_PID + and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline + end + echo "ssh-agent running on pid $SSH_AGENT_PID" + else + eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') + end + set -l identity $HOME/.ssh/id_rsa + set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') + ssh-add -l | grep -q $fingerprint + or ssh-add $identity + end + ''; + promptInit = '' + function fish_prompt --description 'Write out the prompt' + set -l color_cwd + set -l suffix + set -l nix_shell_info ( + if test "$IN_NIX_SHELL" != "" + echo -n " <nix-shell>" + end + ) + switch "$USER" + case root toor + if set -q fish_color_cwd_root + set color_cwd $fish_color_cwd_root + else + set color_cwd $fish_color_cwd + end + set suffix '#' + case '*' + set color_cwd $fish_color_cwd + set suffix '>' + end + + echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " + end + ''; + }; + + nix.buildCores = 4; + + system.stateVersion = "19.09"; + +} diff --git a/mb/1systems/sunsh1n3/hardware-configuration.nix b/mb/1systems/sunsh1n3/hardware-configuration.nix new file mode 100644 index 000000000..2beee7c4f --- /dev/null +++ b/mb/1systems/sunsh1n3/hardware-configuration.nix @@ -0,0 +1,29 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/a3257922-d2d4-45ae-87cc-cc38d32e0774"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/60A6-4DAB"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/mb/2configs/default.nix b/mb/2configs/default.nix index ab11495c8..3066d1c36 100644 --- a/mb/2configs/default.nix +++ b/mb/2configs/default.nix @@ -21,6 +21,29 @@ with import <stockholm/lib>; "video" "fuse" "wheel" + "kvm" + "qemu-libvirtd" + "libvirtd" + ]; + openssh.authorizedKeys.keys = [ + config.krebs.users.mb.pubkey + ]; + }; + xo = { + name = "xo"; + uid = 2323; + home = "/home/xo"; + group = "users"; + createHome = true; + shell = "/run/current-system/sw/bin/fish"; + extraGroups = [ + "audio" + "video" + "fuse" + "wheel" + "kvm" + "qemu-libvirtd" + "libvirtd" ]; openssh.authorizedKeys.keys = [ config.krebs.users.mb.pubkey diff --git a/mb/2configs/google-compute-config.nix b/mb/2configs/google-compute-config.nix new file mode 100644 index 000000000..b201bd4b8 --- /dev/null +++ b/mb/2configs/google-compute-config.nix @@ -0,0 +1,231 @@ +{ config, lib, pkgs, ... }: +with lib; +let + gce = pkgs.google-compute-engine; +in +{ + imports = [ + ./headless.nix + ./qemu-guest.nix + ]; + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + autoResize = true; + }; + + boot.growPartition = true; + boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ]; + boot.initrd.kernelModules = [ "virtio_scsi" ]; + boot.kernelModules = [ "virtio_pci" "virtio_net" ]; + + # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. + boot.loader.grub.device = "/dev/sda"; + boot.loader.timeout = 0; + + # Don't put old configurations in the GRUB menu. The user has no + # way to select them anyway. + boot.loader.grub.configurationLimit = 0; + + # Allow root logins only using the SSH key that the user specified + # at instance creation time. + #services.openssh.enable = true; + #services.openssh.permitRootLogin = "prohibit-password"; + #services.openssh.passwordAuthentication = mkDefault false; + + # Use GCE udev rules for dynamic disk volumes + services.udev.packages = [ gce ]; + + # Force getting the hostname from Google Compute. + networking.hostName = mkDefault ""; + + # Always include cryptsetup so that NixOps can use it. + environment.systemPackages = [ pkgs.cryptsetup ]; + + # Make sure GCE image does not replace host key that NixOps sets + environment.etc."default/instance_configs.cfg".text = lib.mkDefault '' + [InstanceSetup] + set_host_keys = false + ''; + + # Rely on GCP's firewall instead + networking.firewall.enable = mkDefault false; + + # Configure default metadata hostnames + networking.extraHosts = '' + 169.254.169.254 metadata.google.internal metadata + ''; + + networking.timeServers = [ "metadata.google.internal" ]; + + networking.usePredictableInterfaceNames = false; + + # GC has 1460 MTU + networking.interfaces.eth0.mtu = 1460; + + security.googleOsLogin.enable = true; + + systemd.services.google-clock-skew-daemon = { + description = "Google Compute Engine Clock Skew Daemon"; + after = [ + "network.target" + "google-instance-setup.service" + "google-network-setup.service" + ]; + requires = ["network.target"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + Type = "simple"; + ExecStart = "${gce}/bin/google_clock_skew_daemon --debug"; + }; + }; + + systemd.services.google-instance-setup = { + description = "Google Compute Engine Instance Setup"; + after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"]; + before = ["sshd.service"]; + wants = ["local-fs.target" "network-online.target" "network.target"]; + wantedBy = [ "sshd.service" "multi-user.target" ]; + path = with pkgs; [ ethtool openssh ]; + serviceConfig = { + ExecStart = "${gce}/bin/google_instance_setup --debug"; + Type = "oneshot"; + }; + }; + + systemd.services.google-network-daemon = { + description = "Google Compute Engine Network Daemon"; + after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"]; + wants = ["local-fs.target" "network-online.target" "network.target"]; + requires = ["network.target"]; + partOf = ["network.target"]; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ iproute ]; + serviceConfig = { + ExecStart = "${gce}/bin/google_network_daemon --debug"; + }; + }; + + systemd.services.google-shutdown-scripts = { + description = "Google Compute Engine Shutdown Scripts"; + after = [ + "local-fs.target" + "network-online.target" + "network.target" + "rsyslog.service" + "systemd-resolved.service" + "google-instance-setup.service" + "google-network-daemon.service" + ]; + wants = [ "local-fs.target" "network-online.target" "network.target"]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.coreutils}/bin/true"; + ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown"; + Type = "oneshot"; + RemainAfterExit = true; + TimeoutStopSec = "infinity"; + }; + }; + + systemd.services.google-startup-scripts = { + description = "Google Compute Engine Startup Scripts"; + after = [ + "local-fs.target" + "network-online.target" + "network.target" + "rsyslog.service" + "google-instance-setup.service" + "google-network-daemon.service" + ]; + wants = ["local-fs.target" "network-online.target" "network.target"]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup"; + KillMode = "process"; + Type = "oneshot"; + }; + }; + + + # Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf + boot.kernel.sysctl = { + # Turn on SYN-flood protections. Starting with 2.6.26, there is no loss + # of TCP functionality/features under normal conditions. When flood + # protections kick in under high unanswered-SYN load, the system + # should remain more stable, with a trade off of some loss of TCP + # functionality/features (e.g. TCP Window scaling). + "net.ipv4.tcp_syncookies" = mkDefault "1"; + + # ignores source-routed packets + "net.ipv4.conf.all.accept_source_route" = mkDefault "0"; + + # ignores source-routed packets + "net.ipv4.conf.default.accept_source_route" = mkDefault "0"; + + # ignores ICMP redirects + "net.ipv4.conf.all.accept_redirects" = mkDefault "0"; + + # ignores ICMP redirects + "net.ipv4.conf.default.accept_redirects" = mkDefault "0"; + + # ignores ICMP redirects from non-GW hosts + "net.ipv4.conf.all.secure_redirects" = mkDefault "1"; + + # ignores ICMP redirects from non-GW hosts + "net.ipv4.conf.default.secure_redirects" = mkDefault "1"; + + # don't allow traffic between networks or act as a router + "net.ipv4.ip_forward" = mkDefault "0"; + + # don't allow traffic between networks or act as a router + "net.ipv4.conf.all.send_redirects" = mkDefault "0"; + + # don't allow traffic between networks or act as a router + "net.ipv4.conf.default.send_redirects" = mkDefault "0"; + + # reverse path filtering - IP spoofing protection + "net.ipv4.conf.all.rp_filter" = mkDefault "1"; + + # reverse path filtering - IP spoofing protection + "net.ipv4.conf.default.rp_filter" = mkDefault "1"; + + # ignores ICMP broadcasts to avoid participating in Smurf attacks + "net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1"; + + # ignores bad ICMP errors + "net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1"; + + # logs spoofed, source-routed, and redirect packets + "net.ipv4.conf.all.log_martians" = mkDefault "1"; + + # log spoofed, source-routed, and redirect packets + "net.ipv4.conf.default.log_martians" = mkDefault "1"; + + # implements RFC 1337 fix + "net.ipv4.tcp_rfc1337" = mkDefault "1"; + + # randomizes addresses of mmap base, heap, stack and VDSO page + "kernel.randomize_va_space" = mkDefault "2"; + + # Reboot the machine soon after a kernel panic. + "kernel.panic" = mkDefault "10"; + + ## Not part of the original config + + # provides protection from ToCToU races + "fs.protected_hardlinks" = mkDefault "1"; + + # provides protection from ToCToU races + "fs.protected_symlinks" = mkDefault "1"; + + # makes locating kernel addresses more difficult + "kernel.kptr_restrict" = mkDefault "1"; + + # set ptrace protections + "kernel.yama.ptrace_scope" = mkOverride 500 "1"; + + # set perf only available to root + "kernel.perf_event_paranoid" = mkDefault "2"; + }; +} diff --git a/mb/2configs/headless.nix b/mb/2configs/headless.nix new file mode 100644 index 000000000..46a9b6a7d --- /dev/null +++ b/mb/2configs/headless.nix @@ -0,0 +1,25 @@ +# Common configuration for headless machines (e.g., Amazon EC2 +# instances). + +{ lib, ... }: + +with lib; + +{ + boot.vesa = false; + + # Don't start a tty on the serial consoles. + systemd.services."serial-getty@ttyS0".enable = false; + systemd.services."serial-getty@hvc0".enable = false; + systemd.services."getty@tty1".enable = false; + systemd.services."autovt@".enable = false; + + # Since we can't manually respond to a panic, just reboot. + boot.kernelParams = [ "panic=1" "boot.panic_on_fail" ]; + + # Don't allow emergency mode, because we don't have a console. + systemd.enableEmergencyMode = false; + + # Being headless, we don't need a GRUB splash image. + boot.loader.grub.splashImage = null; +} diff --git a/mb/2configs/neovimrc b/mb/2configs/neovimrc new file mode 100644 index 000000000..8dbeaec7b --- /dev/null +++ b/mb/2configs/neovimrc @@ -0,0 +1,446 @@ + +"***************************************************************************** +"" Functions +"***************************************************************************** + +function! GetBufferList() + redir =>buflist + silent! ls! + redir END + return buflist +endfunction + +function! ToggleList(bufname, pfx) + let buflist = GetBufferList() + for bufnum in map(filter(split(buflist, '\n'), 'v:val =~ "'.a:bufname.'"'), 'str2nr(matchstr(v:val, "\\d\\+"))') + if bufwinnr(bufnum) != -1 + exec(a:pfx.'close') + return + endif + endfor + if a:pfx == 'l' && len(getloclist(0)) == 0 + echohl ErrorMsg + echo "Location List is Empty." + return + endif + let winnr = winnr() + exec(a:pfx.'open') + if winnr() != winnr + wincmd p + endif +endfunction + + +"***************************************************************************** +"" Basic Setup +"*****************************************************************************" +" General +let no_buffers_menu=1 +syntax on +set ruler +set number +set mousemodel=popup +set t_Co=256 +set guioptions=egmrti +set gfn=Monospace\ 10 + +" TODO: Testing if this works against automatically setting paste mode +" Issue: https://github.com/neovim/neovim/issues/7994 +au InsertLeave * set nopaste + + +" undofile - This allows you to use undos after exiting and restarting +" This, like swap and backups, uses .vim-undo first, then ~/.vim/undo +" :help undo-persistence +if exists("+undofile") + if isdirectory($HOME . '/.vim/undo') == 0 + :silent !mkdir -p ~/.vim/undo > /dev/null 2>&1 + endif + set undodir=./.vim-undo// + set undodir+=~/.vim/undo// + set undofile +endif + +" Encoding +set encoding=utf-8 +set fileencoding=utf-8 +set fileencodings=utf-8 +set bomb +set binary + +" Fix backspace indent +set backspace=indent,eol,start + +" Tabs. May be overriten by autocmd rules +set tabstop=4 +set softtabstop=0 +set shiftwidth=4 +set expandtab + +" Map leader to , +let mapleader=',' + +" Enable hidden buffers +set hidden + +" Searching +set hlsearch +set incsearch +set ignorecase +set smartcase + +" Directories for swp files +set nobackup +set noswapfile + +set fileformats=unix,dos,mac + +" File overview +set wildmode=list:longest,list:full +set wildignore+=*.o,*.obj,.git,*.rbc,*.pyc,__pycache__ + +" Shell to emulate +if exists('$SHELL') + set shell=$SHELL +else + set shell=/bin/bash +endif + +" Set color scheme +colorscheme molokai + +"Show always Status bar +set laststatus=2 + +" Use modeline overrides +set modeline +set modelines=10 + +" Set terminal title +set title +set titleold="Terminal" +set titlestring=%F + +" search will center on the line it's found in. +nnoremap n nzzzv +nnoremap N Nzzzv + + + +"***************************************************************************** +"" Abbreviations +"***************************************************************************** +" no one is really happy until you have this shortcuts +cnoreabbrev W! w! +cnoreabbrev Q! q! +cnoreabbrev Qall! qall! +cnoreabbrev Wq wq +cnoreabbrev Wa wa +cnoreabbrev wQ wq +cnoreabbrev WQ wq +cnoreabbrev W w +cnoreabbrev Q q +cnoreabbrev Qall qall + +" NERDTree configuration +let g:NERDTreeChDirMode=2 +let g:NERDTreeIgnore=['\.rbc$', '\~$', '\.pyc$', '\.db$', '\.sqlite$', '__pycache__'] +let g:NERDTreeSortOrder=['^__\.py$', '\/$', '*', '\.swp$', '\.bak$', '\~$'] +let g:NERDTreeShowBookmarks=1 +let g:nerdtree_tabs_focus_on_files=1 +let g:NERDTreeMapOpenInTabSilent = '<RightMouse>' +let g:NERDTreeWinSize = 50 +set wildignore+=*/tmp/*,*.so,*.swp,*.zip,*.pyc,*.db,*.sqlite +nnoremap <silent> <F1> :NERDTreeFind<CR> +nnoremap <silent> <F2> :NERDTreeToggle<CR> + +" open terminal emulation +nnoremap <silent> <leader>sh :terminal<CR>:startinsert<CR> + +"***************************************************************************** +"" Autocmd Rules +"***************************************************************************** +"" The PC is fast enough, do syntax highlight syncing from start unless 200 lines +augroup vimrc-sync-fromstart + autocmd! + autocmd BufEnter * :syntax sync maxlines=200 +augroup END + +" Nasm filetype +augroup nasm + autocmd! + autocmd BufRead,BufNewFile *.nasm set ft=nasm +augroup END + +" Binary filetype +augroup Binary + au! + au BufReadPre *.bin,*.exe,*.elf let &bin=1 + au BufReadPost *.bin,*.exe,*.elf if &bin | %!xxd + au BufReadPost *.bin,*.exe,*.elf set ft=xxd | endif + au BufWritePre *.bin,*.exe,*.elf if &bin | %!xxd -r + au BufWritePre *.bin,*.exe,*.elf endif + au BufWritePost *.bin,*.exe,*.elf if &bin | %!xxd + au BufWritePost *.bin,*.exe,*.elf set nomod | endif +augroup END + +" Binary filetype +augroup fasm + au! + au BufReadPost *.fasm set ft=fasm +augroup END + +augroup deoplete-update + autocmd! + autocmd VimEnter * UpdateRemotePlugin +augroup END + +"" Remember cursor position +augroup vimrc-remember-cursor-position + autocmd! + autocmd BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif +augroup END + +"" txt +" augroup vimrc-wrapping +" autocmd! +" autocmd BufRead,BufNewFile *.txt call s:setupWrapping() +" augroup END + +"" make/cmake +augroup vimrc-make-cmake + autocmd! + autocmd FileType make setlocal noexpandtab + autocmd BufNewFile,BufRead CMakeLists.txt setlocal filetype=cmake +augroup END + +set autoread + +"***************************************************************************** +"" Mappings +"***************************************************************************** + +" Split +noremap <Leader>h :<C-u>split<CR> +noremap <Leader>v :<C-u>vsplit<CR> + +" Git +noremap <Leader>ga :Gwrite<CR> +noremap <Leader>gc :Gcommit<CR> +noremap <Leader>gsh :Gpush<CR> +noremap <Leader>gll :Gpull<CR> +noremap <Leader>gs :Gstatus<CR> +noremap <Leader>gb :Gblame<CR> +noremap <Leader>gd :Gvdiff<CR> +noremap <Leader>gr :Gremove<CR> + +" Tabs +nnoremap <Tab> gt +nnoremap <S-Tab> gT +nnoremap <silent> <S-t> :tabnew<CR> + +" Set working directory +nnoremap <leader>. :lcd %:p:h<CR> + +" Opens an edit command with the path of the currently edited file filled in +noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR> + +" Opens a tab edit command with the path of the currently edited file filled +noremap <Leader>te :tabe <C-R>=expand("%:p:h") . "/" <CR> + +" Tagbar +nmap <silent> <F3> :TagbarToggle<CR> +let g:tagbar_autofocus = 1 + +" Copy/Paste/Cut +set clipboard^=unnamed,unnamedplus + +noremap YY "+y<CR> +noremap <leader>p "+gP<CR> +noremap XX "+x<CR> + +" Enable mouse for vim +set mouse=a + +" Buffer nav +noremap <leader>z :bp<CR> +noremap <leader>q :bp<CR> +noremap <leader>x :bn<CR> +noremap <leader>w :bn<CR> + +" Close buffer +noremap <leader>c :bd<CR> + +" Clean search (highlight) +nnoremap <silent> <leader><space> :noh<cr> + +" Switching windows +noremap <C-j> <C-w>j +noremap <C-k> <C-w>k +noremap <C-l> <C-w>l +noremap <C-h> <C-w>h + +" Vmap for maintain Visual Mode after shifting > and < +vmap < <gv +vmap > >gv + +" Move visual block +vnoremap J :m '>+1<CR>gv=gv +vnoremap K :m '<-2<CR>gv=gv + +" Open current line on GitHub +nnoremap <Leader>o :.Gbrowse<CR> + + +" Save on strg+s if not in paste mode +nmap <c-s> :w<CR> +vmap <c-s> <Esc><c-s>gv +imap <c-s> <Esc><c-s> + +" Quit on strg+q in normal mode +nnoremap <c-q> :q<cr> + +" Strg+d to replace word under cursor +nnoremap <c-d> :%s/\<<C-r><C-w>\>//g<Left><Left> + +" Strg+f ro find word under cursor +nnoremap <c-f> :/<C-r><C-w><Left><Left> + +" Remove unneccessary spaces +nnoremap <silent> <F5> :let _s=@/ <Bar> :%s/\s\+$//e <Bar> :let @/=_s <Bar> :nohl <Bar> :unlet _s <CR> + +" Reindent whole file with F6 +map <F6> mzgg=G`z + +" Toggle location list +nmap <silent> <F4> :call ToggleList("Quickfix List", 'c')<CR> + +" Replacing text in visual mode doesn't copy it anymore +xmap p <Plug>ReplaceWithRegisterVisual +xmap <MiddleMouse> <Plug>ReplaceWithRegisterVisual + +" ALE mappings +nmap <Leader>i <Plug>(ale_hover) +nmap <Leader>d <Plug>(ale_go_to_definition_in_tab) +nmap <Leader>rf <Plug>(ale_find_references) +nmap <silent><F7> <Plug>(ale_fix) + +" Vim-Go mappings +au FileType go nmap <Leader>i :GoDoc<cr> +au FileType go nmap <Leader>d :GoDef<cr> +au FileType go nmap <Leader>rf :GoReferrers<cr> + + +"" Opens an edit command with the path of the currently edited file filled in +noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR> + +" Use tab for navigatin in autocompletion window +inoremap <expr> <Tab> pumvisible() ? "\<C-n>" : "\<Tab>" +inoremap <expr> <S-Tab> pumvisible() ? "\<C-p>" : "\<S-Tab>" + + +"***************************************************************************** +"" Plugin settings +"***************************************************************************** + +" vim-airline +set statusline+=%{fugitive#statusline()} +let g:airline_theme = 'powerlineish' +let g:airline#extensions#syntastic#enabled = 1 +let g:airline#extensions#branch#enabled = 1 +let g:airline#extensions#tabline#enabled = 1 +let g:airline#extensions#tagbar#enabled = 1 +let g:airline_skip_empty_sections = 1 +let g:airline#extensions#ale#enabled = 1 + +" show indent lines +let g:indent_guides_enable_on_vim_startup = 1 +let g:indent_guides_auto_colors = 0 +hi IndentGuidesOdd ctermbg=235 +hi IndentGuidesEven ctermbg=235 +let g:indent_guides_guide_size = 1 +let g:indent_guides_start_level = 2 + +" Enable autocompletion +let g:deoplete#enable_at_startup = 1 +set completeopt-=preview + +" Ale no preview on hover +let g:ale_close_preview_on_insert = 0 +let g:ale_cursor_detail = 0 + +" Ale skip if file size over 2G +let g:ale_maximum_file_size = "2147483648" + +" Ale to loclist and quickfix +let g:ale_set_quickfix = 1 +" let g:ale_set_loclist = 1 + + +" Ale language server +let g:ale_linters = { + \ 'python': ['pyls'], + \ 'c': ['cquery'], + \ 'cpp': ['cquery'], + \ 'xml': ['xmllint'] + \ } + + +" ALE fixers +let g:ale_fixers = { '*': ['remove_trailing_lines', 'trim_whitespace'] } +let g:ale_fixers.python = ['black'] +let g:ale_fixers.go = ['gofmt'] +let g:ale_fixers.c = ['clang-format'] +let g:ale_fixers.cpp = ['clang-format'] +let g:ale_fixers.json = ['jq'] +let g:ale_fixers.xml = ['xmllint'] + +let g:ale_completion_enabled = 1 +let g:ale_sign_error = '⤫' +let g:ale_sign_warning = '⚠' +let g:ale_lint_on_insert_leave = 1 + +" Vim-Go Settings +let g:go_auto_sameids = 1 +let g:go_fmt_command = "goimports" +let g:go_auto_type_info = 1 + +" Disable syntastic for langserver supported languages +let g:syntastic_mode_map = { + \ "mode": "active", + \ "passive_filetypes": ["go", "python", "c", "cpp", "xml" ] + \ } +let g:syntastic_always_populate_loc_list = 1 +let g:syntastic_auto_loc_list = 2 +let g:syntastic_aggregate_errors = 1 +let g:syntastic_check_on_open = 1 +let g:syntastic_check_on_wq = 0 +let g:syntastic_error_symbol='✗' +let g:syntastic_warning_symbol='⚠' +let g:syntastic_style_error_symbol = '✗' +let g:syntastic_style_warning_symbol = '⚠' + +"***************************************************************************** +"" Shortcuts overview +"***************************************************************************** +" Shortcuts overview +" F1 --> Filetree find +" F2 --> Filetree toggle +" F3 --> Function overview +" F4 --> Toggle error bar + +" F5 --> Remove trailing whitespaces +" F6 --> Reindent whole file +" F7 --> Format and lint file +" ,i --> Information about function +" ,d --> Jump to definition +" ,r --> Rename in all occurences +" ,rf --> Find references of function/variable +" ,e --> Change current file +" ,te --> Open file in new tab +" strg+f --> Find current selected word +" strg+d --> Replace current selected word +" strg+s --> Save file +" strg+q --> Close current file +" space+, --> Stop highlighting words after search + diff --git a/mb/2configs/nvim.nix b/mb/2configs/nvim.nix new file mode 100644 index 000000000..a8e4173e2 --- /dev/null +++ b/mb/2configs/nvim.nix @@ -0,0 +1,70 @@ +{ pkgs, config, ... }: let + #unstable = import <nixos-unstable> { }; +in + +{ + environment.variables = { + EDITOR = ["nvim"]; + }; + + nixpkgs.config.packageOverrides = pkgs: with pkgs;{ + neovim_custom = neovim.override { + configure = { + customRC = builtins.readFile ./neovimrc; + + packages.myVimPackage = with pkgs.vimPlugins; + { + # loaded on launch + start = [ + nerdtree # file manager + commentary # comment stuff out based on language + fugitive # full git integration + vim-airline-themes # lean & mean status/tabline + vim-airline # status bar + gitgutter # git diff in the gutter (sign column) + vim-trailing-whitespace # trailing whitspaces in red + tagbar # F3 function overview + syntastic # Fallback to singlethreaded but huge syntax support + ReplaceWithRegister # For better copying/replacing + polyglot # Language pack + vim-indent-guides # for displaying indent levels + ale # threaded language client + vim-go # go linting + deoplete-go # go autocompletion completion + deoplete-nvim # general autocompletion + molokai # color scheme + ]; + + # manually loadable by calling `:packadd $plugin-name` + opt = []; + }; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + ctags + neovim_custom + jq # For fixing json files + xxd # .bin files will be displayed with xxd + shellcheck # Shell linting + ansible-lint # Ansible linting + unzip # To vim into unzipped files + nodePackages.jsonlint # json linting + #python36Packages.python-language-server # python linting + #python36Packages.pyls-mypy # Python static type checker + #python36Packages.black # Python code formatter + #python37Packages.yamllint # For linting yaml files + #python37Packages.libxml2 # For fixing yaml files + cquery # C/C++ support + clang-tools # C++ fixer + ]; + + fonts = { + fonts = with pkgs; [ + font-awesome_5 + ]; + }; + +} + diff --git a/mb/2configs/qemu-guest.nix b/mb/2configs/qemu-guest.nix new file mode 100644 index 000000000..315d04093 --- /dev/null +++ b/mb/2configs/qemu-guest.nix @@ -0,0 +1,19 @@ +# Common configuration for virtual machines running under QEMU (using +# virtio). + +{ ... }: + +{ + boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ]; + boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ]; + + boot.initrd.postDeviceCommands = + '' + # Set the system time from the hardware clock to work around a + # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised + # to the *boot time* of the host). + hwclock -s + ''; + + security.rngd.enable = false; +} |