From 70b76d149ac2cca9913fc4b0c1eadef44c6b668f Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Sat, 19 Oct 2024 14:17:05 +0900 Subject: [PATCH] :fire: delete unused images --- images/lib/remote-access.nix | 148 ----------------------- images/machine-init-configuration.nix | 61 ---------- images/remote-install/README.md | 19 --- images/remote-install/config.nix | 35 ------ images/remote-install/remote-install.nix | 18 --- images/translate-setup/README.md | 34 ------ images/translate-setup/audio.nix | 22 ---- images/translate-setup/config.nix | 63 ---------- images/translate-setup/x11.nix | 60 --------- images/usb-init-configuration.nix | 58 --------- images/windows-rescue/README.md | 14 --- images/windows-rescue/config.nix | 51 -------- images/yubikey-image.nix | 75 ------------ 13 files changed, 658 deletions(-) delete mode 100644 images/lib/remote-access.nix delete mode 100644 images/machine-init-configuration.nix delete mode 100644 images/remote-install/README.md delete mode 100644 images/remote-install/config.nix delete mode 100644 images/remote-install/remote-install.nix delete mode 100644 images/translate-setup/README.md delete mode 100644 images/translate-setup/audio.nix delete mode 100644 images/translate-setup/config.nix delete mode 100644 images/translate-setup/x11.nix delete mode 100644 images/usb-init-configuration.nix delete mode 100644 images/windows-rescue/README.md delete mode 100644 images/windows-rescue/config.nix delete mode 100644 images/yubikey-image.nix diff --git a/images/lib/remote-access.nix b/images/lib/remote-access.nix deleted file mode 100644 index b8557a8..0000000 --- a/images/lib/remote-access.nix +++ /dev/null @@ -1,148 +0,0 @@ -{ - # cat ~/.ssh/id_rsa.pub - publicSshKey ? "", - # remote-install-get-hiddenReceiver - hiddenReceiver ? "", -}: -{ - config, - lib, - pkgs, - ... -}: -{ - - imports = [ - { - # system setup - networking.hostName = "liveos"; - - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ publicSshKey ]; - }; - }; - } - { - # installed packages - environment.systemPackages = with pkgs; [ - #style - most - rxvt_unicode.terminfo - - #monitoring tools - htop - iotop - - #network - iptables - iftop - nmap - - #stuff for dl - aria2 - - #neat utils - pciutils - psmisc - tmux - usbutils - git - - #unpack stuff - p7zip - unzip - unrar - - #data recovery - ddrescue - ntfs3g - dosfstools - ]; - } - { - # bash configuration - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - ''; - promptInit = '' - if test $UID = 0; then - PS1='\[\033[1;31m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' - elif test $UID = 1337; then - PS1='\[\033[1;32m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"' - else - PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' - fi - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"' - fi - ''; - }; - } - { - # ssh configuration - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; - } - { - # hidden ssh announce - config = - let - torDirectory = "/var/lib/tor"; - hiddenServiceDir = torDirectory + "/onion/hidden-ssh"; - in - { - services.tor = { - enable = true; - client.enable = true; - relay.onionServices.hidden-ssh = { - version = 3; - map = [ - { - port = 22; - target.port = 22; - } - ]; - }; - }; - systemd.services.hidden-ssh-announce = { - description = "irc announce hidden ssh"; - after = [ - "tor.service" - "network-online.target" - ]; - wants = [ "tor.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = pkgs.writers.writeDash "irc-announce-ssh" '' - set -efu - until test -e ${hiddenServiceDir}/hostname; do - echo "still waiting for ${hiddenServiceDir}/hostname" - sleep 1 - done - until ${pkgs.tor}/bin/torify ${pkgs.netcat-openbsd}/bin/nc -z ${hiddenReceiver} 1337; do sleep 1; done && \ - echo "torify ssh root@$(cat ${hiddenServiceDir}/hostname) -i ~/.ssh/id_rsa" | ${pkgs.tor}/bin/torify ${pkgs.nmap}/bin/ncat ${hiddenReceiver} 1337 - ''; - PrivateTmp = "true"; - User = "tor"; - Type = "oneshot"; - }; - }; - }; - } - ]; -} diff --git a/images/machine-init-configuration.nix b/images/machine-init-configuration.nix deleted file mode 100644 index c76da1a..0000000 --- a/images/machine-init-configuration.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -{ - - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - - "${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix" - (import ./disko-config.nix { }) - ]; - - networking.hostName = "nixos"; - - boot.supportedFilesystems = [ "zfs" ]; - # head -c4 /dev/urandom | od -A none -t x4 - networking.hostId = "4750e4b8"; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.tmpOnTmpfs = true; # make /tmp a tmpfs (performance!) - - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - environment.systemPackages = with pkgs; [ - vim - wget - htop - silver-searcher - ]; - - environment.extraInit = '' - # use vi shortcuts - # ---------------- - set -o vi - EDITOR=vim - ''; - - services.openssh.enable = true; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" - ]; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.11"; # Did you read the comment? - -} diff --git a/images/remote-install/README.md b/images/remote-install/README.md deleted file mode 100644 index d1dc6f1..0000000 --- a/images/remote-install/README.md +++ /dev/null @@ -1,19 +0,0 @@ -# remote installation iso - -- `./config.nix` : to generate the installation image -- `./remote-service.nix` : tor configuration you have to start on your machine. - -## Steps - -- import `./remote-service.nix` in your `/etc/nixos/configuration.nix` -- `nixos-rebuild switch` -- run `remote-install-get-hiddenReceiver` and enter the result in `./config.nix` - as `hiddenReceiver` -- set the public key in `./config.nix` -- run `nixos-generate -f install-iso -c ./config.nix` -- prepare the usb stick : `sudo if= of=/dev/ bs=4096` -- boot the usb-stick at the new machine -- run `remote-install-start-service` -- after some time you will see a you can use to login to the new machine. - -Now you can do the normal installations procedure. diff --git a/images/remote-install/config.nix b/images/remote-install/config.nix deleted file mode 100644 index a64382d..0000000 --- a/images/remote-install/config.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ pkgs, lib, ... }: -let - - remote-access = import ../lib/remote-access.nix { - - # cat ~/.ssh/id_rsa.pub - publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="; - - # remote-install-get-hiddenReceiver - hiddenReceiver = ""; - - }; -in -{ - - imports = [ remote-access ]; - - # network configuration - # --------------------- - - # no wifi - #networking.networkmanager.enable = true; - - # wifi - networking.wireless.enable = true; - networking.wireless.networks."ssid".psk = "password"; - - # configuration - environment.extraInit = '' - # use vi shortcuts - # ---------------- - set -o vi - EDITOR=vim - ''; -} diff --git a/images/remote-install/remote-install.nix b/images/remote-install/remote-install.nix deleted file mode 100644 index 2930f16..0000000 --- a/images/remote-install/remote-install.nix +++ /dev/null @@ -1,18 +0,0 @@ -# installs scripts and tor to provide an announcement service for nixos-remote installation. -{ - services.tor = { - enable = true; - client.enable = true; - relay.onionServices.liveos.map = [ { port = 1337; } ]; - }; - - environment.systemPackages = [ - (pkgs.writeShellScriptBin "remote-install-start-service" '' - echo "starting announcment server to receive remote-install iso onion id" - ${pkgs.nmap}/bin/ncat -k -l -p 1337 - '') - (pkgs.writeShellScriptBin "remote-install-get-hiddenReceiver" '' - sudo cat /var/lib/tor/onion/liveos/hostname - '') - ]; -} diff --git a/images/translate-setup/README.md b/images/translate-setup/README.md deleted file mode 100644 index 57943f2..0000000 --- a/images/translate-setup/README.md +++ /dev/null @@ -1,34 +0,0 @@ -# Create a easy to use Image for translation - -using [nixos-generators](https://github.com/nix-community/nixos-generators). - -## generate easy to use iso - -``` -nixos-generate -f install-iso -c config.nix -``` - -## generate vmware image - -``` -nixos-generate -f vmware -c config.nix -``` - -## run locally using qcow - -``` -nixos-generate --run -c config.nix -``` - -## how to install nixos-generators - -``` -nix-shell -I nixpkgs=channel:nixos-unstable -p nixos-generators -``` - -## how to start download service - -``` -iptables -F # kill firewall -python -m http.server 80 # nix-shell -p python3Full -``` diff --git a/images/translate-setup/audio.nix b/images/translate-setup/audio.nix deleted file mode 100644 index a5188c6..0000000 --- a/images/translate-setup/audio.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -{ - users.users.mainUser.extraGroups = [ - "audio" - "pipewire" - ]; - - hardware.pulseaudio = { - enable = true; - package = pkgs.pulseaudioFull; - }; - - environment.systemPackages = with pkgs; [ - alsaUtils - pavucontrol - ]; -} diff --git a/images/translate-setup/config.nix b/images/translate-setup/config.nix deleted file mode 100644 index 3416dd0..0000000 --- a/images/translate-setup/config.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -{ - - imports = [ - ./x11.nix - ./audio.nix - ]; - - #networking.networkmanager.enable = true; - #networking.wireless.enable = false; - - # configuration - environment.extraInit = '' - # use vi shortcuts - # ---------------- - set -o vi - EDITOR=vim - ''; - - services.xserver.displayManager.sessionCommands = '' - ${pkgs.mumble}/bin/mumble mumble://name@lassul.us/party/hard & - ${pkgs.vlc}/bin/vlc & - ${pkgs.pavucontrol}/bin/pavucontrol & - ''; - - networking.hostName = "translate"; - - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - ''; - promptInit = '' - if test $UID = 0; then - PS1='\[\033[1;31m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' - elif test $UID = 1337; then - PS1='\[\033[1;32m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"' - else - PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' - fi - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"' - fi - ''; - }; - -} diff --git a/images/translate-setup/x11.nix b/images/translate-setup/x11.nix deleted file mode 100644 index 49ce6b9..0000000 --- a/images/translate-setup/x11.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: -{ - - services.xserver = { - enable = true; - desktopManager = { - xterm.enable = false; - xfce.enable = true; - }; - displayManager = { - defaultSession = "xfce"; - sddm = { - enable = true; - autoLogin = { - enable = true; - relogin = true; - user = config.users.users.mainUser.name; - }; - }; - sessionCommands = '' - ${pkgs.mumble}/bin/mumble & - ${pkgs.vlc}/bin/vlc & - ${pkgs.pavucontrol}/bin/pavucontrol & - ''; - }; - - # mouse/touchpad - # -------------- - libinput = { - enable = true; - disableWhileTyping = true; - tapping = true; - scrollMethod = "twofinger"; - accelSpeed = "2"; - }; - - }; - - users.users.mainUser = { - isNormalUser = true; - name = "translator"; - uid = 1001; - initialPassword = "translate"; - }; - - # Packages - # -------- - environment.systemPackages = with pkgs; [ - flameshot - pavucontrol - mumble - vlc - ]; - -} diff --git a/images/usb-init-configuration.nix b/images/usb-init-configuration.nix deleted file mode 100644 index b89661f..0000000 --- a/images/usb-init-configuration.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -{ - - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - networking.hostName = "nixos"; - - # grub configuraton - # ----------------- - boot.loader.grub.enable = true; - boot.loader.grub.efiSupport = true; - boot.loader.grub.device = "/dev/sdb"; - boot.loader.grub.efiInstallAsRemovable = true; - boot.tmpOnTmpfs = true; - - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - environment.systemPackages = with pkgs; [ - vim - wget - htop - silver-searcher - ]; - - environment.extraInit = '' - # use vi shortcuts - # ---------------- - set -o vi - EDITOR=vim - ''; - - services.openssh.enable = true; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" - ]; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.11"; # Did you read the comment? - -} diff --git a/images/windows-rescue/README.md b/images/windows-rescue/README.md deleted file mode 100644 index b4aea67..0000000 --- a/images/windows-rescue/README.md +++ /dev/null @@ -1,14 +0,0 @@ -# To Fix Windows Issues - -## reset password - -- use `sfdisk -l` to list partitions -- find the partition which holds `Windows/System32/config` -- mount it `mkdir -p /media/sda2; mount /dev/sda2 /media/sda2` -- `cd /media/sda2/Windows/System32/config` -- list SAM database `chntpw -l SAM` -- edit SAM database `chntpw -i SAM` -- reboot - -more details -[here](https://opensource.com/article/18/3/how-reset-windows-password-linux). diff --git a/images/windows-rescue/config.nix b/images/windows-rescue/config.nix deleted file mode 100644 index 26c492b..0000000 --- a/images/windows-rescue/config.nix +++ /dev/null @@ -1,51 +0,0 @@ -# NixOS livesystem to reset windows passwords -# Step by step guide : https://opensource.com/article/18/3/how-reset-windows-password-linux -# $ nixos-generator -f iso -c config.nix -{ pkgs, ... }: -let - wifi = { - ssid = ""; - plainTextPassword = ""; - }; - remote-access = import ../lib/remote-access.nix { - publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="; - hiddenReceiver = ""; - }; -in -{ - - imports = [ remote-access ]; - - environment.systemPackages = [ - pkgs.chntpw - pkgs.ntfs3g - ]; - - networking.dhcpcd.enable = true; - networking.wireless = { - enable = true; - networks."${wifi.ssid}".psk = wifi.plainTextPassword; - }; - - environment.extraInit = '' - # use vi shortcuts - # ---------------- - set -o vi - EDITOR=vim - ''; - - services.xserver = { - enable = true; - displayManager.auto.enable = true; - - desktopManager = { - default = "xfce"; - xterm.enable = false; - xfce.enable = true; - xfce.extraSessionCommands = '' - ${pkgs.midori}/bin/midori https://opensource.com/article/18/3/how-reset-windows-password-linux & - ${pkgs.xfce.terminal}/bin/xfce4-terminal & - ''; - }; - }; -} diff --git a/images/yubikey-image.nix b/images/yubikey-image.nix deleted file mode 100644 index 29ddb48..0000000 --- a/images/yubikey-image.nix +++ /dev/null @@ -1,75 +0,0 @@ -# NixOS livesystem to generate yubikeys in an air-gapped manner -# screenshot: https://dl.thalheim.io/wmxIqucOEo2xuLk0Ut45fQ/yubikey-live-system.png -# $ nix-shell -p nixos-generate --run "nixos-generate -f iso -c yubikey-image.nix" -{ pkgs, ... }: -let - guide = pkgs.stdenv.mkDerivation { - name = "yubikey-guide-2019-01-21.html"; - src = pkgs.fetchFromGitHub { - owner = "drduh"; - repo = "YubiKey-Guide"; - rev = "035d98ebbed54a0218ccbf23905054d32f97508e"; - sha256 = "0rzy06a5xgfjpaklxdgrxml24d0vhk78lb577l3z4x7a2p32dbyq"; - }; - buildInputs = [ pkgs.pandoc ]; - installPhase = "pandoc --highlight-style pygments -s --toc README.md -o $out"; - }; -in -{ - environment.interactiveShellInit = '' - export GNUPGHOME=/run/user/$(id -u)/gnupghome - if [ ! -d $GNUPGHOME ]; then - mkdir $GNUPGHOME - fi - cp ${ - pkgs.fetchurl { - url = "https://raw.githubusercontent.com/drduh/config/662c16404eef04f506a6a208f1253fee2f4895d9/gpg.conf"; - sha256 = "118fmrsn28fz629y7wwwcx7r1wfn59h3mqz1snyhf8b5yh0sb8la"; - } - } "$GNUPGHOME/gpg.conf" - echo "\$GNUPGHOME has been set up for you. Generated keys will be in $GNUPGHOME." - ''; - - environment.systemPackages = with pkgs; [ - yubikey-personalization - yubikey-personalization-gui - yubikey-manager - yubikey-manager-qt - cryptsetup - pwgen - midori - paperkey - gnupg - ctmg - ]; - - services.udev.packages = with pkgs; [ yubikey-personalization ]; - services.pcscd.enable = true; - users.extraUsers.root.initialHashedPassword = ""; - - # make sure we are air-gapped - networking.wireless.enable = false; - networking.dhcpcd.enable = false; - - services.getty.helpLine = "The 'root' account has an empty password."; - - services.displayManager = { - defaultSession = "xfce"; - autoLogin = { - enable = true; - user = "root"; - }; - }; - services.xserver = { - enable = true; - desktopManager = { - xterm.enable = false; - xfce.enable = true; - }; - displayManager = { - sessionCommands = '' - ${pkgs.midori}/bin/midori ${guide} & - ''; - }; - }; -}