diff options
author | tv <tv@krebsco.de> | 2020-01-14 21:35:10 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2020-01-14 21:35:10 +0100 |
commit | 67cda2940f1228063efd09e08d39fad12fe9a0ef (patch) | |
tree | ac639d44c2e6378265621988b19c345d891c4909 /lass/1systems | |
parent | 525c955b5f955dd23ec4d060ebd1ef1e149760ce (diff) | |
parent | a01e3174e04fc946e7dfaf3569919aacf5a6763d (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/1systems')
-rw-r--r-- | lass/1systems/hilum/config.nix | 12 | ||||
-rw-r--r-- | lass/1systems/icarus/config.nix | 1 | ||||
-rw-r--r-- | lass/1systems/icarus/physical.nix | 47 | ||||
-rw-r--r-- | lass/1systems/iso.nix | 193 | ||||
-rw-r--r-- | lass/1systems/iso/default.nix | 211 | ||||
-rwxr-xr-x | lass/1systems/iso/generate-iso.sh | 7 | ||||
-rw-r--r-- | lass/1systems/shodan/config.nix | 1 | ||||
-rw-r--r-- | lass/1systems/xerxes/physical.nix | 17 | ||||
-rw-r--r-- | lass/1systems/yellow/config.nix | 13 |
9 files changed, 267 insertions, 235 deletions
diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix index d4a389a4a..470dd3aff 100644 --- a/lass/1systems/hilum/config.nix +++ b/lass/1systems/hilum/config.nix @@ -21,13 +21,9 @@ source /grub/autoiso.cfg } ''; - extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation { - name = "autoiso.cfg"; - src = pkgs.grub2.src; - phases = [ "unpackPhase" "installPhase" ]; - installPhase = '' - cp docs/autoiso.cfg $out - ''; - }); + extraFiles."/grub/autoiso.cfg" = "${pkgs.grub2.src}/docs/autoiso.cfg"; }; + + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; } diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 46f0892a2..5e16052ad 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -20,6 +20,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/nfs-dl.nix> #<stockholm/lass/2configs/prism-share.nix> <stockholm/lass/2configs/ssh-cryptsetup.nix> + <stockholm/lass/2configs/network-manager.nix> ]; #media center diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix index d764dabc1..861bd8b0b 100644 --- a/lass/1systems/icarus/physical.nix +++ b/lass/1systems/icarus/physical.nix @@ -1,22 +1,53 @@ +{ config, lib, pkgs, ... }: { imports = [ ./config.nix - <stockholm/lass/2configs/hw/x220.nix> - <stockholm/lass/2configs/boot/coreboot.nix> + #<stockholm/lass/2configs/hw/x220.nix> + #<stockholm/lass/2configs/boot/universal.nix> + <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + <stockholm/krebs/2configs/hw/x220.nix> ]; - fileSystems = { - "/bku" = { - device = "/dev/mapper/pool-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6"; + boot.initrd.luks.devices.ssd.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6-part3"; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/298eb635-8db2-4c15-a73d-2e0d6afa10e8"; + fsType = "xfs"; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/eec94bef-e745-4d95-ad17-4df728f5fd31"; + fsType = "xfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/D975-2CAB"; + fsType = "vfat"; }; + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; services.thinkfan.enable = true; + + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; + } diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix deleted file mode 100644 index a7b9f21b3..000000000 --- a/lass/1systems/iso.nix +++ /dev/null @@ -1,193 +0,0 @@ -{ config, pkgs, ... }: - -with import <stockholm/lib>; -{ - imports = [ - <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix> - <stockholm/krebs> - <stockholm/lass/3modules> - <stockholm/lass/2configs/mc.nix> - <stockholm/lass/2configs/vim.nix> - { - # /dev/stderr doesn't work. I don't know why - # /proc/self doesn't seem to work correctly - # /dev/pts is empty except for 1 file - # my life sucks - nixpkgs.config.packageOverrides = super: { - irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> { - pkgs = pkgs // { - coreutils = pkgs.symlinkJoin { - name = "coreutils-hack"; - paths = [ - (pkgs.writeDashBin "tee" '' - if test "$1" = /dev/stderr; then - while read -r line; do - echo "$line" - echo "$line" >&2 - done - else - ${super.coreutils}/bin/tee "$@" - fi - '') - pkgs.coreutils - ]; - }; - }; - }; - }; - boot.kernelParams = [ "copytoram" ]; - networking.hostName = "lass-iso"; - } - { - nixpkgs.config.packageOverrides = import <stockholm/lass/5pkgs> pkgs; - krebs.enable = true; - krebs.build.user = config.krebs.users.lass; - krebs.build.host = {}; - } - { - nixpkgs.config.allowUnfree = true; - } - { - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - }; - } - { - environment.extraInit = '' - EDITOR=vim - ''; - } - { - environment.systemPackages = with pkgs; [ - #stockholm - git - gnumake - jq - parallel - proot - populate - - #style - most - rxvt_unicode.terminfo - - #monitoring tools - htop - iotop - - #network - iptables - iftop - - #stuff for dl - aria2 - - #neat utils - hashPassword - krebspaste - pciutils - pop - psmisc - q - rs - tmux - untilport - usbutils - - #unpack stuff - p7zip - unzip - unrar - - #data recovery - ddrescue - ntfs3g - dosfstools - ]; - } - { - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - ''; - promptInit = '' - if test $UID = 0; then - PS1='\[\033[1;31m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' - elif test $UID = 1337; then - PS1='\[\033[1;32m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"' - else - PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' - fi - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"' - fi - ''; - }; - } - { - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ]; - } - { - networking.firewall = { - enable = true; - allowedTCPPorts = [ 22 ]; - }; - } - { - krebs.hidden-ssh.enable = true; - } - { - services.xserver = { - enable = true; - #videoDrivers = mkForce [ "ati_unfree" ]; - - desktopManager.xterm.enable = false; - desktopManager.default = "none"; - displayManager.lightdm.enable = true; - displayManager.lightdm.autoLogin = { - enable = true; - user = "lass"; - }; - windowManager.default = "xmonad"; - windowManager.session = let - xmonad-lass = pkgs.callPackage <stockholm/lass/5pkgs/custom/xmonad-lass> { inherit config; }; - in [{ - name = "xmonad"; - start = '' - ${pkgs.xorg.xhost}/bin/xhost +LOCAL: - ${xmonad-lass}/bin/xmonad & - waitPID=$! - ''; - }]; - - layout = "us"; - xkbModel = "evdev"; - xkbVariant = "altgr-intl"; - xkbOptions = "caps:backspace"; - }; - } - ]; -} diff --git a/lass/1systems/iso/default.nix b/lass/1systems/iso/default.nix new file mode 100644 index 000000000..a77a74fbe --- /dev/null +++ b/lass/1systems/iso/default.nix @@ -0,0 +1,211 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; + +let + + wizard = pkgs.writers.writeBash "wizard" '' + shopt -s extglob + + echo -n ' + welcome to the computer wizard + first we will check for internet connectivity + (press enter to continue) + ' + read -n 1 -s + if ! ping -c1 lassul.us; then + echo 'no internet detectio, you will have to provide credentials' + read -n 1 -s + nmtui + fi + + # ping -c1 lassuls.us || ${pkgs.writeDash "nm-dmenu" '' + # set -x + # export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin + # exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@" + # ''} + + mode=$(echo -n ' + 1. help of the wizard + 2. let the wizard watch and help if needed + 3. I will do it alone + ' | ${pkgs.fzf}/bin/fzf --reverse) + case "$mode" in + 1*) + echo 'mode_1' > /tmp/mode + systemctl start hidden-ssh-announce.service + tmux new -s help + ;; + 2*) + echo 'mode_2' > /tmp/mode + ;; + 3*) + echo 'mode_3' > /tmp/mode + ;; + *) + echo 'no mode selected' + ;; + esac + ''; + +in { + imports = [ + <stockholm/krebs> + <stockholm/lass/3modules> + <stockholm/lass/2configs/vim.nix> + { + nixpkgs.config.packageOverrides = import <stockholm/lass/5pkgs> pkgs; + krebs.enable = true; + krebs.build.user = config.krebs.users.lass; + krebs.build.host = {}; + } + # { + # systemd.services.wizard = { + # description = "Computer Wizard"; + # wantedBy = [ "multi-user.target" ]; + # serviceConfig = { + # ExecStart = pkgs.writers.writeDash "wizard" '' + # set -efu + # cat <<EOF + # welcome to the computer wizard + # you can choose between the following modes + # echo -n '1\n2\n3' | ${pkgs.fzf}/bin/fzf + # EOF + # ''; + # StandardInput = "tty"; + # StandardOutput = "tty"; + # # TTYPath = "/dev/tty1"; + # TTYPath = "/dev/ttyS0"; + # TTYReset = true; + # TTYVTDisallocate = true; + # Restart = "always"; + # }; + # }; + # } + ]; + + networking.hostName = "wizard"; + nixpkgs.config.allowUnfree = true; + + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + config.krebs.users.lass-mors.pubkey + ]; + }; + }; + + environment.systemPackages = with pkgs; [ + #stockholm + git + gnumake + jq + parallel + proot + populate + + #style + most + rxvt_unicode.terminfo + + #monitoring tools + htop + iotop + + #network + iptables + iftop + + #stuff for dl + aria2 + + #neat utils + dmenu + hashPassword + krebspaste + pciutils + pop + psmisc + q + rs + tmux + untilport + usbutils + + #unpack stuff + p7zip + unzip + unrar + + #data recovery + ddrescue + ntfs3g + dosfstools + ]; + + environment.extraInit = '' + EDITOR=vim + ''; + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=65536 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + ''; + promptInit = '' + if test $UID = 0; then + PS1='\[\033[1;31m\]\w\[\033[0m\] ' + PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' + elif test $UID = 1337; then + PS1='\[\033[1;32m\]\w\[\033[0m\] ' + PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"' + else + PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' + PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' + fi + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"' + fi + if ! test -e /tmp/mode; then + ${wizard} + fi + ''; + }; + + services.openssh.enable = true; + systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ]; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ 22 ]; + }; + networking.networkmanager.enable = true; + networking.wireless.enable = mkForce false; + + krebs.hidden-ssh = { + enable = true; + channel = "##lassulus-wizard"; + + }; + systemd.services.hidden-ssh-announce.wantedBy = mkForce []; + services.mingetty.autologinUser = "root"; + + nixpkgs.config.packageOverrides = super: { + dmenu = pkgs.writeDashBin "dmenu" '' + ${pkgs.fzf}/bin/fzf \ + --history=/dev/null \ + --print-query \ + --prompt=\"$PROMPT\" + ''; + }; + + boot.tmpOnTmpfs = true; +} diff --git a/lass/1systems/iso/generate-iso.sh b/lass/1systems/iso/generate-iso.sh new file mode 100755 index 000000000..3179b31c1 --- /dev/null +++ b/lass/1systems/iso/generate-iso.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nixos-generators + +set -xefu + +WD=$(dirname "$0") +nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/default.nix -f install-iso diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index b3de15837..9bb31191c 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -19,6 +19,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/ssh-cryptsetup.nix> <stockholm/lass/2configs/nfs-dl.nix> <stockholm/lass/2configs/gg23.nix> + <stockholm/lass/2configs/br.nix> ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix index 77cf2206b..5a6f07215 100644 --- a/lass/1systems/xerxes/physical.nix +++ b/lass/1systems/xerxes/physical.nix @@ -5,40 +5,32 @@ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ]; - boot.zfs.enableUnstable = true; boot.loader.grub = { enable = true; device = "/dev/sda"; efiSupport = true; + efiInstallAsRemovable = true; }; - boot.loader.efi.canTouchEfiVariables = true; boot.blacklistedKernelModules = [ "sdhci_pci" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; boot.initrd.luks.devices.crypted.device = "/dev/sda3"; boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; boot.kernelParams = [ "fbcon=rotate:1" "boot.shell_on_fail" ]; fileSystems."/" = { - device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "rpool/home"; - fsType = "zfs"; + device = "/dev/disk/by-uuid/8efd0c22-f712-46bf-baad-1fbf19d9ec25"; + fsType = "xfs"; }; fileSystems."/boot" = { - device = "/dev/disk/by-uuid/E749-784C"; + device = "/dev/disk/by-uuid/7F23-DDB4"; fsType = "vfat"; }; @@ -74,7 +66,6 @@ services.xserver = { videoDrivers = [ "intel" ]; displayManager.sessionCommands = '' - echo nonono > /tmp/xxyy (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right) (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1) ''; diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index d049bdee6..abbc0045b 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -47,17 +47,6 @@ with import <stockholm/lib>; }; virtualHosts.default = { default = true; - locations."=/Nginx-Fancyindex-Theme-dark" = { - extraConfig = '' - alias ${pkgs.fetchFromGitHub { - owner = "Naereen"; - repo = "Nginx-Fancyindex-Theme"; - rev = "e84f7d6a32085c2b6238f85f5fdebe9ceb710fc4"; - sha256 = "0wzl4ws2w8f0749vxfd1c8c21p3jw463wishgfcmaljbh4dwplg6"; - }}/Nginx-Fancyindex-Theme-dark; - autoindex on; - ''; - }; locations."/dl".extraConfig = '' return 301 /; ''; @@ -65,8 +54,6 @@ with import <stockholm/lib>; root = "/var/download/finished"; extraConfig = '' fancyindex on; - fancyindex_header "/Nginx-Fancyindex-Theme-dark/header.html"; - fancyindex_footer "/Nginx-Fancyindex-Theme-dark/footer.html"; dav_methods PUT DELETE MKCOL COPY MOVE; create_full_put_path on; |