diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 059e22866..1d73fade2 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -109,29 +109,6 @@ in { }; }; }; - idontcare = { - owner = config.krebs.users.Mic92; - nets = rec { - retiolum = { - addrs = [ - config.krebs.hosts.idontcare.nets.retiolum.ip4.addr - config.krebs.hosts.idontcare.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.177"; - aliases = [ "idontcare.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAxmmbQLVXcnCU9Vg9TCoJxfq/RyNfzaTj8XJsn4Kpo3CvQOwFzL6O - qZnbG55WjPjPumuFgtUdHA/G8mgtrTVaIRbVE9ck2l2wWFzMWxORzuvDbMh5xP8A - OW2Z2qjlH6O9GTBCzpYyHuyBWCjtiN4x9zEqxkIsBARKOylAoy3zQIiiQF0d72An - lqKFi9vYUU90zo9rP8BTzx2ZsEWb28xhHUlwf1+vgaOHI1jI99gnr12dVYl/i/Hb - O28gDUogfpP/5pWFAHJ+53ZscHo8/Y7imjiKgGXmOHywoXOsKQ67M6ROEU/0xPnw - jKmq2p7zTJk2mDhphjePi5idd5yKNX5Q3wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; jongepad = { owner = config.krebs.users.jonge; nets = { @@ -201,30 +178,6 @@ in { wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ="; }; }; - rock = { - owner = config.krebs.users.Mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.171"; - aliases = [ "rock.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM - DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 - HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh - mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf - Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M - Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD - 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 - fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv - 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav - ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q - cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; scardanelli = { owner = config.krebs.users.kmein; nets = { diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 6b409aa7b..a748b1454 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -66,6 +66,27 @@ in { }; }; }; + dimitrios = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.183"; + aliases = [ + "dimitrios.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAutdjBACUieeP6hPqLazSo/MG5HiueUu3WZ1qPwpiPfJpPT59GckD + SI+TfCzaaZrifh1sRP30QhOH9+ca5DPPNQuk3ZPVAS2dqSmea0RBnYgq1J9EJ2Ty + EMzAYWjKIT8sJiEh4znnq7DDsd/JF5nIbhwgpkytxqAH8us5ABB940RkRMwDUS9M + tWB1NCbS7q1JWEoCHguAbh4B5qv4gxwDqzj3UwTR1Fd+SO3o9/giKhvpk0iQfsDO + DGXgxnpXybr7HGdRH2u3uAKXlwzwOpLHlohdLRC5txK8Osl0zVNqiiiV9SpuS0W1 + OrHcbfEuPbuuI4pOXKMoZxbaehQ4SmEVBwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; donna = { owner = config.krebs.users.Mic92; nets = rec { @@ -123,6 +144,29 @@ in { }; }; }; + idontcare = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.idontcare.nets.retiolum.ip4.addr + config.krebs.hosts.idontcare.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.177"; + aliases = [ "idontcare.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAxmmbQLVXcnCU9Vg9TCoJxfq/RyNfzaTj8XJsn4Kpo3CvQOwFzL6O + qZnbG55WjPjPumuFgtUdHA/G8mgtrTVaIRbVE9ck2l2wWFzMWxORzuvDbMh5xP8A + OW2Z2qjlH6O9GTBCzpYyHuyBWCjtiN4x9zEqxkIsBARKOylAoy3zQIiiQF0d72An + lqKFi9vYUU90zo9rP8BTzx2ZsEWb28xhHUlwf1+vgaOHI1jI99gnr12dVYl/i/Hb + O28gDUogfpP/5pWFAHJ+53ZscHo8/Y7imjiKgGXmOHywoXOsKQ67M6ROEU/0xPnw + jKmq2p7zTJk2mDhphjePi5idd5yKNX5Q3wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; inspector = { owner = config.krebs.users.Mic92; nets = rec { @@ -282,6 +326,30 @@ in { }; }; }; + rock = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.171"; + aliases = [ "rock.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM + DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 + HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh + mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf + Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M + Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD + 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 + fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv + 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav + ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q + cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; rose = { owner = config.krebs.users.Mic92; nets = rec { diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 4ab0e86d4..769bacbe0 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "eb65d1dae626f4b149566c4cbccdad7ec24af189", - "date": "2020-01-13T10:34:45+00:00", - "sha256": "0zl4zakmw2s7gnkc2bmnjl71xg55n0kqrcm834kjq49lwwmdk225", + "rev": "c49da6435f314e04fc58ca29807221817ac2ac6b", + "date": "2020-02-07T12:52:16+01:00", + "sha256": "17zsqhaf098bvcfarnq0h9601z6smkfd1kz1px6xfg6xqfmr80r7", "fetchSubmodules": false } diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix index 470dd3aff..7a506591b 100644 --- a/lass/1systems/hilum/config.nix +++ b/lass/1systems/hilum/config.nix @@ -21,7 +21,14 @@ source /grub/autoiso.cfg } ''; - extraFiles."/grub/autoiso.cfg" = "${pkgs.grub2.src}/docs/autoiso.cfg"; + extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation { + name = "autoiso.cfg"; + src = pkgs.grub2.src; + phases = [ "unpackPhase" "installPhase" ]; + installPhase = '' + cp docs/autoiso.cfg $out + ''; + }); }; services.logind.lidSwitch = "ignore"; diff --git a/lass/1systems/iso/default.nix b/lass/1systems/wizard/config.nix similarity index 52% rename from lass/1systems/iso/default.nix rename to lass/1systems/wizard/config.nix index a77a74fbe..8f9db7d3c 100644 --- a/lass/1systems/iso/default.nix +++ b/lass/1systems/wizard/config.nix @@ -1,42 +1,118 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: with import ; let - wizard = pkgs.writers.writeBash "wizard" '' - shopt -s extglob + icon = pkgs.writeText "icon" '' + // + // + _ // + .' . // '. + '_ '_\/_' `_ + . . \\ . . + .==. ` \\' .' + .\| //bd\\ \, + \_'`._\\__//_.'`.; + `.__ __,' \\ + | | \\ + | | ` + | | + | | + |____| + l42 ==' '== + ''; - echo -n ' + messenger = pkgs.writeText "message" '' + . + | \/| + (\ _ ) )|/| + (/ _----. /.'.' + .-._________.. .' @ _\ .' + '.._______. '. / (_| .') + '._____. / '-/ | _.' + '.______ ( ) ) \ + '..____ '._ ) ) + .' __.--\ , , // (( + '.' mrf| \/ (_.'( + ' \ .' + \ ( + \ '. + \ \ '.) + '-'-' + ''; + + waiting = pkgs.writeText "waiting" '' + Z + Z + z + z + * ' + / \ + /___\ + ( - - ) + ) L ( .--------------. + __()(-)()__ | \ | + .~~ )()()() ~. | . : + / )()() ` | `-.__________) + | )() ~ | : : + | ) | : | + | _ | | [ ## : + \ ~~-. | , oo_______.' + `_ ( \) _____/~~~~ `--___ + | ~`-) ) `-. `--- ( - a:f - + | '///` | `-. + | | | | `-. + | | | | `-. + | | |\ | + | | | \| + `-. | | | + `-| ' + ''; + + wizard = pkgs.writers.writeDash "wizard" '' + cat ${icon} + + echo -n '${'' welcome to the computer wizard first we will check for internet connectivity - (press enter to continue) - ' - read -n 1 -s - if ! ping -c1 lassul.us; then - echo 'no internet detectio, you will have to provide credentials' - read -n 1 -s - nmtui - fi - # ping -c1 lassuls.us || ${pkgs.writeDash "nm-dmenu" '' - # set -x - # export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin - # exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@" - # ''} + ''}' - mode=$(echo -n ' - 1. help of the wizard - 2. let the wizard watch and help if needed - 3. I will do it alone - ' | ${pkgs.fzf}/bin/fzf --reverse) + read -p '(press enter to continue...)' key + until ping -c1 8.8.8.8; do + ${pkgs.nm-dmenu}/bin/nm-dmenu + done + + mode=$(echo -n '${'' + 1. Help of the wizard + 2. Install NixOS + 3. I know what I need to do + ''}' | ${pkgs.fzf}/bin/fzf --reverse) case "$mode" in 1*) echo 'mode_1' > /tmp/mode + clear + echo 'waiting for the messenger to reach the wizard' + cat ${messenger} + + # get pubkeys + mkdir -p /root/.ssh/ + touch /root/.ssh/authorized_keys + curl -Ss 'https://lassul.us/mors.pub' >> /root/.ssh/authorized_keys + curl -Ss 'https://lassul.us/blue.pub' >> /root/.ssh/authorized_keys + curl -Ss 'https://lassul.us/yubi.pub' >> /root/.ssh/authorized_keys + + # write via irc systemctl start hidden-ssh-announce.service - tmux new -s help + tmux new-session -s help ${pkgs.writers.writeDash "waiting" '' + cat ${waiting} + read -p 'waiting for the wizard to wake up' key + ${pkgs.bashInteractive}/bin/bash + ''} ;; 2*) echo 'mode_2' > /tmp/mode + ${pkgs.nixos-installer}/bin/nixos-installer ;; 3*) echo 'mode_3' > /tmp/mode @@ -52,6 +128,7 @@ in { + # { nixpkgs.config.packageOverrides = import pkgs; krebs.enable = true; @@ -86,14 +163,14 @@ in { networking.hostName = "wizard"; nixpkgs.config.allowUnfree = true; - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - config.krebs.users.lass-mors.pubkey - ]; - }; - }; + # users.extraUsers = { + # root = { + # openssh.authorizedKeys.keys = [ + # config.krebs.users.lass.pubkey + # config.krebs.users.lass-mors.pubkey + # ]; + # }; + # }; environment.systemPackages = with pkgs; [ #stockholm @@ -120,16 +197,12 @@ in { aria2 #neat utils - dmenu + chntpw hashPassword krebspaste pciutils - pop psmisc - q - rs tmux - untilport usbutils #unpack stuff @@ -141,6 +214,8 @@ in { ddrescue ntfs3g dosfstools + + nixos-installer ]; environment.extraInit = '' @@ -193,10 +268,10 @@ in { krebs.hidden-ssh = { enable = true; channel = "##lassulus-wizard"; - + message = "lassulus: torify sshn root@"; }; systemd.services.hidden-ssh-announce.wantedBy = mkForce []; - services.mingetty.autologinUser = "root"; + services.mingetty.autologinUser = lib.mkForce "root"; nixpkgs.config.packageOverrides = super: { dmenu = pkgs.writeDashBin "dmenu" '' diff --git a/lass/1systems/iso/generate-iso.sh b/lass/1systems/wizard/generate-iso.sh similarity index 55% rename from lass/1systems/iso/generate-iso.sh rename to lass/1systems/wizard/generate-iso.sh index 3179b31c1..6c8f1532e 100755 --- a/lass/1systems/iso/generate-iso.sh +++ b/lass/1systems/wizard/generate-iso.sh @@ -4,4 +4,4 @@ set -xefu WD=$(dirname "$0") -nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/default.nix -f install-iso +nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/config.nix -f install-iso diff --git a/lass/1systems/wizard/test.nix b/lass/1systems/wizard/test.nix new file mode 100644 index 000000000..c7a27102a --- /dev/null +++ b/lass/1systems/wizard/test.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: +{ + imports = [ + ./default.nix + ]; + virtualisation.emptyDiskImages = [ + 8000 + ]; + virtualisation.memorySize = 1024; +}