diff options
| -rw-r--r-- | krebs/1systems/hotdog/config.nix | 17 | ||||
| -rw-r--r-- | krebs/1systems/hotdog/source.nix | 3 | ||||
| -rw-r--r-- | krebs/1systems/puyak/config.nix | 6 | ||||
| -rw-r--r-- | krebs/1systems/wolf/config.nix | 2 | ||||
| -rw-r--r-- | krebs/2configs/hw/x220.nix | 29 | ||||
| -rw-r--r-- | krebs/2configs/stats/puyak-client.nix | 64 | ||||
| -rw-r--r-- | krebs/2configs/stats/wolf-client.nix (renamed from krebs/2configs/central-stats-client.nix) | 0 | ||||
| -rw-r--r-- | krebs/3modules/krebs/default.nix | 24 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 15 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/repo-sync/default.nix | 12 | ||||
| -rw-r--r-- | lass/1systems/icarus/config.nix | 33 | ||||
| -rw-r--r-- | lass/1systems/mors/config.nix | 33 | ||||
| -rw-r--r-- | lass/1systems/shodan/config.nix | 57 | ||||
| -rw-r--r-- | lass/2configs/boot/coreboot.nix | 10 | ||||
| -rw-r--r-- | lass/2configs/hw/tp-x220.nix | 61 | ||||
| -rw-r--r-- | lass/2configs/hw/x220.nix | 32 | ||||
| -rw-r--r-- | lass/2configs/mouse.nix | 19 | ||||
| -rw-r--r-- | makefu/2configs/git/brain-retiolum.nix | 3 | ||||
| -rw-r--r-- | makefu/2configs/zsh-user.nix | 46 |
19 files changed, 282 insertions, 184 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix new file mode 100644 index 000000000..18c8a86cd --- /dev/null +++ b/krebs/1systems/hotdog/config.nix @@ -0,0 +1,17 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/krebs> + <stockholm/krebs/2configs> + ]; + + krebs.build.host = config.krebs.hosts.hotdog; + + boot.isContainer = true; + networking.useDHCP = false; +} diff --git a/krebs/1systems/hotdog/source.nix b/krebs/1systems/hotdog/source.nix new file mode 100644 index 000000000..0fa61b20f --- /dev/null +++ b/krebs/1systems/hotdog/source.nix @@ -0,0 +1,3 @@ +import <stockholm/krebs/source.nix> { + name = "hotdog"; +} diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index bcf63dc4b..19ee2343d 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -5,9 +5,11 @@ <stockholm/krebs> <stockholm/krebs/2configs> <stockholm/krebs/2configs/secret-passwords.nix> + <stockholm/krebs/2configs/hw/x220.nix> <stockholm/krebs/2configs/repo-sync.nix> <stockholm/krebs/2configs/shared-buildbot.nix> + <stockholm/krebs/2configs/stats/puyak-client.nix> ]; krebs.build.host = config.krebs.hosts.puyak; @@ -47,10 +49,6 @@ }; }; - hardware.enableAllFirmware = true; - networking.wireless.enable = true; - nixpkgs.config.allowUnfree = true; - services.logind.extraConfig = '' HandleLidSwitch=ignore ''; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 32e7bd49d..0deb01f0a 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -8,7 +8,7 @@ in <stockholm/krebs/2configs> <nixpkgs/nixos/modules/profiles/qemu-guest.nix> <stockholm/krebs/2configs/collectd-base.nix> - <stockholm/krebs/2configs/central-stats-client.nix> + <stockholm/krebs/2configs/stats/wolf-client.nix> <stockholm/krebs/2configs/save-diskspace.nix> <stockholm/krebs/2configs/graphite.nix> diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix new file mode 100644 index 000000000..c85bac0d4 --- /dev/null +++ b/krebs/2configs/hw/x220.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +{ + networking.wireless.enable = lib.mkDefault true; + + hardware.enableRedistributableFirmware = true; + + hardware.cpu.intel.updateMicrocode = true; + + services.tlp.enable = true; + + boot = { + kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; + extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + kernelParams = [ "acpi_backlight=none" ]; + }; + + hardware.opengl.extraPackages = [ + pkgs.vaapiIntel + pkgs.vaapiVdpau + ]; + + security.rngd.enable = true; + + services.xserver = { + videoDriver = "intel"; + }; +} diff --git a/krebs/2configs/stats/puyak-client.nix b/krebs/2configs/stats/puyak-client.nix new file mode 100644 index 000000000..6ff88e4bc --- /dev/null +++ b/krebs/2configs/stats/puyak-client.nix @@ -0,0 +1,64 @@ +{pkgs, config, ...}: +let + stats-server = "stats.makefu.r"; # TODO: central krebs logging server +in{ + services.collectd = { + enable = true; + autoLoadPlugin = true; + extraConfig = '' + Hostname ${config.krebs.build.host.name} + LoadPlugin load + LoadPlugin disk + LoadPlugin memory + LoadPlugin df + Interval 30.0 + + LoadPlugin thermal + + LoadPlugin interface + <Plugin "interface"> + Interface "*Link" + Interface "lo" + Interface "vboxnet*" + Interface "virbr*" + IgnoreSelected true + </Plugin> + + LoadPlugin df + <Plugin "df"> + MountPoint "/nix/store" + # MountPoint "/run*" + # MountPoint "/sys*" + # MountPoint "/dev" + # MountPoint "/dev/shm" + # MountPoint "/tmp" + FSType "tmpfs" + FSType "binfmt_misc" + FSType "debugfs" + FSType "mqueue" + FSType "hugetlbfs" + FSType "systemd-1" + FSType "cgroup" + FSType "securityfs" + FSType "ramfs" + FSType "proc" + FSType "devpts" + FSType "devtmpfs" + MountPoint "/var/lib/docker/devicemapper" + IgnoreSelected true + </Plugin> + + LoadPlugin cpu + <Plugin cpu> + ReportByCpu true + ReportByState true + ValuesPercentage true + </Plugin> + + LoadPlugin network + <Plugin "network"> + Server "${stats-server}" "25826" + </Plugin> + ''; + }; +} diff --git a/krebs/2configs/central-stats-client.nix b/krebs/2configs/stats/wolf-client.nix index 0412eba9a..0412eba9a 100644 --- a/krebs/2configs/central-stats-client.nix +++ b/krebs/2configs/stats/wolf-client.nix diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index f751b4f9f..07543489a 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -30,6 +30,30 @@ let }); in { hosts = { + hotdog = { + owner = config.krebs.users.krebs; + nets = { + retiolum = { + ip4.addr = "10.243.77.3"; + ip6.addr = "42:0:0:0:0:0:77:3"; + aliases = [ + "hotdog.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAs9+Au3oj29C5ol/YnkG9GjfCH5z53wxjH2iy8UPike8C7GASZKqc + bZBrvxkIOyVs5oVtolPcaI0/nvtpIhSlmM6hg9qe1rZO6jXt53GVNvgdcUIfVHbX + mQmp4oVXOjPIeDqLn32Mc0O73Kp6i66zQGAXi8ejczuO0h6oSvAnjolT4wM9jugk + JBGCDlpl9mxAGDN5VOqbg2i0FxwtUk2UA9XghEaRcfBkVdsOrtW8sCwOg8YttQt9 + fs7JjezUtw7JBxN754ynaahSRODcjyJhwjE18tKx6P7wsNbgbmULFQz+7IxZ01/P + h5ZUzfd1r1pTzQ0nYD5aRtlDd7zP7y5tUwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp"; + }; puyak = { owner = config.krebs.users.krebs; nets = { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index f80c397ee..21ea7e23c 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -6,6 +6,7 @@ with import <stockholm/lib>; hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { drop = rec { cores = 1; + managed = true; nets = { retiolum = { ip4.addr = "10.243.177.9"; @@ -28,6 +29,7 @@ with import <stockholm/lib>; }; studio = rec { cores = 4; + managed = true; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio"; nets = { @@ -53,6 +55,7 @@ with import <stockholm/lib>; fileleech = rec { cores = 4; + managed = true; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech"; nets = { @@ -78,6 +81,7 @@ with import <stockholm/lib>; pnp = { cores = 1; + managed = true; nets = { retiolum = { ip4.addr = "10.243.0.210"; @@ -101,6 +105,7 @@ with import <stockholm/lib>; }; darth = { cores = 4; + managed = true; nets = { retiolum = { ip4.addr = "10.243.0.84"; @@ -171,6 +176,7 @@ with import <stockholm/lib>; }; }; tsp = { + managed = true; cores = 1; nets = { retiolum = { @@ -198,6 +204,7 @@ with import <stockholm/lib>; }; }; x = { + managed = true; cores = 4; nets = { retiolum = { @@ -243,6 +250,7 @@ with import <stockholm/lib>; vbob = { cores = 2; + managed = true; nets = { retiolum = { ip4.addr = "10.243.1.91"; @@ -305,6 +313,7 @@ with import <stockholm/lib>; }; wry = rec { cores = 1; + managed = true; extraZones = { "krebsco.de" = '' wry IN A ${nets.internet.ip4.addr} @@ -349,6 +358,7 @@ with import <stockholm/lib>; }; filepimp = rec { cores = 1; + managed = true; nets = { lan = { ip4.addr = "192.168.1.12"; @@ -378,6 +388,7 @@ with import <stockholm/lib>; omo = rec { cores = 2; + managed = true; nets = { lan = { @@ -411,6 +422,7 @@ with import <stockholm/lib>; }; wbob = rec { cores = 4; + managed = true; nets = { siem = { ip4.addr = "10.8.10.7"; @@ -452,6 +464,7 @@ with import <stockholm/lib>; gum = rec { cores = 2; + managed = true; extraZones = { "krebsco.de" = '' @@ -514,6 +527,7 @@ with import <stockholm/lib>; }; shoney = rec { cores = 1; + managed = true; nets = rec { siem = { via = internet; @@ -562,6 +576,7 @@ with import <stockholm/lib>; }; sdev = rec { cores = 1; + managed = true; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev"; nets = { diff --git a/krebs/5pkgs/simple/repo-sync/default.nix b/krebs/5pkgs/simple/repo-sync/default.nix index 7cba87b09..20326901d 100644 --- a/krebs/5pkgs/simple/repo-sync/default.nix +++ b/krebs/5pkgs/simple/repo-sync/default.nix @@ -1,17 +1,19 @@ -{ lib, pkgs, python3Packages, fetchurl, ... }: +{ lib, pkgs, python3Packages, fetchFromGitHub, ... }: with python3Packages; buildPythonPackage rec { name = "repo-sync-${version}"; - version = "0.2.6"; + version = "0.2.7"; disabled = isPy26 || isPy27; propagatedBuildInputs = [ docopt GitPython pkgs.git ]; - src = fetchurl { - url = "https://pypi.python.org/packages/source/r/repo-sync/repo-sync-${version}.tar.gz"; - sha256 = "1hqa9qw9qg7mxgniqzys9szycs05llg4yik8a9wz94a437zzarsk"; + src = fetchFromGitHub { + owner = "krebscode"; + repo = "repo-sync"; + rev = version; + sha256 = "1qjf1jmxf7xzwskybdys4vqncnwj9f3xwk1gv354zrla68s533cw"; }; meta = { homepage = http://github.com/makefu/repo-sync; diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 61837bf38..8afd97977 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -3,8 +3,11 @@ { imports = [ <stockholm/lass> + <stockholm/lass/2configs/hw/x220.nix> + <stockholm/lass/2configs/boot/coreboot.nix> + + <stockholm/lass/2configs/mouse.nix> <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/hw/tp-x220.nix> <stockholm/lass/2configs/git.nix> <stockholm/lass/2configs/exim-retiolum.nix> <stockholm/lass/2configs/baseX.nix> @@ -17,40 +20,12 @@ krebs.build.host = config.krebs.hosts.icarus; - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - loader.grub.efiSupport = true; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - }; fileSystems = { - "/" = { - device = "/dev/mapper/pool-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/boot" = { - device = "/dev/sda2"; - }; "/bku" = { device = "/dev/mapper/pool-bku"; fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; - "/home" = { - device = "/dev/mapper/pool-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; }; services.udev.extraRules = '' diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 29dacf8dc..2cb6a7519 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -4,8 +4,11 @@ with import <stockholm/lib>; { imports = [ <stockholm/lass> + <stockholm/lass/2configs/hw/x220.nix> + <stockholm/lass/2configs/boot/coreboot.nix> + + <stockholm/lass/2configs/mouse.nix> <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/hw/tp-x220.nix> <stockholm/lass/2configs/baseX.nix> <stockholm/lass/2configs/exim-retiolum.nix> <stockholm/lass/2configs/programs.nix> @@ -92,40 +95,12 @@ with import <stockholm/lib>; krebs.build.host = config.krebs.hosts.mors; - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - loader.grub.efiSupport = true; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - }; fileSystems = { - "/" = { - device = "/dev/mapper/pool-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/boot" = { - device = "/dev/sda2"; - }; "/bku" = { device = "/dev/mapper/pool-bku"; fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; - "/home" = { - device = "/dev/mapper/pool-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; }; services.udev.extraRules = '' diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index a68471aa0..00ea82671 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -4,8 +4,11 @@ with import <stockholm/lib>; { imports = [ <stockholm/lass> + #TODO reinstall with correct layout and use lass/hw/x220 + <stockholm/krebs/2configs/hw/x220.nix> + + <stockholm/lass/2configs/mouse.nix> <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/hw/tp-x220.nix> <stockholm/lass/2configs/baseX.nix> <stockholm/lass/2configs/git.nix> <stockholm/lass/2configs/exim-retiolum.nix> @@ -14,58 +17,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/backups.nix> <stockholm/lass/2configs/wine.nix> - #{ - # users.extraUsers = { - # root = { - # openssh.authorizedKeys.keys = map readFile [ - # ../../krebs/Zpubkeys/uriel.ssh.pub - # ]; - # }; - # }; - #} - { - users.users.sokratess = { - uid = genid "sokratess"; - home = "/home/sokratess"; - group = "users"; - createHome = true; - extraGroups = [ - "audio" - "networkmanager" - ]; - useDefaultShell = true; - password = "aidsballs"; - }; - krebs.per-user.sokratess.packages = [ - pkgs.firefox - pkgs.python27Packages.virtualenv - pkgs.python27Packages.ipython - pkgs.python27Packages.python - ]; - } - { - krebs.monit = let - echoToIrc = msg: - pkgs.writeDash "echo_irc" '' - set -euf - export LOGNAME=prism-alarm - ${pkgs.irc-announce}/bin/irc-announce \ - ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null - ''; - in { - enable = true; - http.enable = true; - alarms = { - hfos = { - test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'"; - alarm = echoToIrc "test hfos failed"; - }; - }; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; } - ]; - } ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/2configs/boot/coreboot.nix b/lass/2configs/boot/coreboot.nix new file mode 100644 index 000000000..1548cbc2d --- /dev/null +++ b/lass/2configs/boot/coreboot.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + loader.grub.efiSupport = true; + }; +} diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix deleted file mode 100644 index 9be0b6bd2..000000000 --- a/lass/2configs/hw/tp-x220.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -{ - imports = [ - ../smartd.nix - ]; - networking.wireless.enable = lib.mkDefault true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - hardware.cpu.intel.updateMicrocode = true; - - zramSwap.enable = true; - zramSwap.numDevices = 2; - - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - services.tlp.enable = true; - services.tlp.extraConfig = '' - # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery - #START_CHARGE_THRESH_BAT0=80 - STOP_CHARGE_THRESH_BAT0=95 - - CPU_SCALING_GOVERNOR_ON_AC=performance - CPU_SCALING_GOVERNOR_ON_BAT=ondemand - CPU_MIN_PERF_ON_AC=0 - CPU_MAX_PERF_ON_AC=100 - CPU_MIN_PERF_ON_BAT=0 - CPU_MAX_PERF_ON_BAT=30 - ''; - - boot = { - kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; - extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; - kernelParams = [ "acpi_backlight=none" ]; - }; - - hardware.opengl.extraPackages = [ - pkgs.vaapiIntel - pkgs.vaapiVdpau - ]; - - security.rngd.enable = true; - - services.xserver.synaptics = { - enable = true; - horizEdgeScroll = false; - horizontalScroll = false; - vertEdgeScroll = false; - maxSpeed = "0.1"; - minSpeed = "0.01"; - tapButtons = false; - }; -} diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix new file mode 100644 index 000000000..bf7decc40 --- /dev/null +++ b/lass/2configs/hw/x220.nix @@ -0,0 +1,32 @@ +{ ... }: +{ + imports = [ + <stockholm/krebs/2configs/hw/x220.nix> + ]; + + boot = { + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/pool-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda2"; + }; + "/home" = { + device = "/dev/mapper/pool-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; +} diff --git a/lass/2configs/mouse.nix b/lass/2configs/mouse.nix new file mode 100644 index 000000000..098809d62 --- /dev/null +++ b/lass/2configs/mouse.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 0; + emulateWheel = true; + }; + + services.xserver.synaptics = { + enable = true; + horizEdgeScroll = false; + horizontalScroll = false; + vertEdgeScroll = false; + maxSpeed = "0.1"; + minSpeed = "0.01"; + tapButtons = false; + }; +} diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix index 18275e3df..05754dc7f 100644 --- a/makefu/2configs/git/brain-retiolum.nix +++ b/makefu/2configs/git/brain-retiolum.nix @@ -8,6 +8,7 @@ let krebs-repos = mapAttrs make-krebs-repo { brain = { }; + krebs-secrets = { }; }; @@ -33,7 +34,7 @@ let set-owners repo [ config.krebs.users.makefu ] ++ set-ro-access repo krebsminister; set-ro-access = with git; repo: user: - optional repo.public { + singleton { inherit user; repo = [ repo ]; perm = fetch; diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 453bfbe80..7615f4c0c 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -8,6 +8,7 @@ in users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh"; programs.zsh= { enable = true; + enableCompletion = false ; #manually at the end interactiveShellInit = '' HISTSIZE=900001 HISTFILESIZE=$HISTSIZE @@ -29,7 +30,49 @@ in unset SSH_AGENT_PID export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" - ''; + + # fzf + __fsel_fzf() { + local cmd="''${FZF_CTRL_T_COMMAND:-"command find -L . -mindepth 1 \\( -path '*/\\.*' -o -fstype 'sysfs' -o -fstype 'devfs' -o -fstype 'devtmpfs' -o -fstype 'proc' \\) -prune \ + -o -type f -print \ + -o -type d -print \ + -o -type l -print 2> /dev/null | cut -b3-"}" + setopt localoptions pipefail 2> /dev/null + eval "$cmd" | FZF_DEFAULT_OPTS="--height ''${FZF_TMUX_HEIGHT:-40%} --reverse $FZF_DEFAULT_OPTS $FZF_CTRL_T_OPTS" $(__fzfcmd) -m "$@" | while read item; do + echo -n "''${(q)item} " + done + local ret=$? + echo + return $ret + } + + __fzf_use_tmux__() { + [ -n "$TMUX_PANE" ] && [ "''${FZF_TMUX:-0}" != 0 ] && [ ''${LINES:-40} -gt 15 ] + } + + __fzfcmd() { + __fzf_use_tmux__ && + echo "fzf-tmux -d''${FZF_TMUX_HEIGHT:-40%}" || echo "fzf" + } + + fzf-file-widget() { + LBUFFER="''${LBUFFER}$(__fsel_fzf)" + local ret=$? + zle redisplay + typeset -f zle-line-init >/dev/null && zle zle-line-init + return $ret + } + zle -N fzf-file-widget + bindkey '^T' fzf-file-widget + + # Auto-Completion + for p in ''${(z)NIX_PROFILES}; do + fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions) + done + autoload -U compinit && compinit + compdef _pass brain + zstyle ':completion::complete:brain::' prefix "$HOME/brain" + ''; promptInit = '' RPROMPT="" @@ -47,5 +90,6 @@ in krebs.per-user.${mainUser}.packages = [ pkgs.nix-zsh-completions + pkgs.fzf ]; } |