diff --git a/images/lib/remote-access.nix b/images/lib/remote-access.nix new file mode 100644 index 0000000..38abdb4 --- /dev/null +++ b/images/lib/remote-access.nix @@ -0,0 +1,131 @@ +{ + # cat ~/.ssh/id_rsa.pub + publicSshKey ? "", + # remote-install-get-hiddenReceiver + hiddenReceiver ? "", +}: +{ config, lib, pkgs, ... }: +{ + + imports = [ + { # system setup + networking.hostName = "liveos"; + + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = [ + publicSshKey + ]; + }; + }; + } + { # installed packages + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ + #style + most + rxvt_unicode.terminfo + + #monitoring tools + htop + iotop + + #network + iptables + iftop + nmap + + #stuff for dl + aria2 + + #neat utils + pciutils + psmisc + tmux + usbutils + git + + #unpack stuff + p7zip + unzip + unrar + + #data recovery + ddrescue + ntfs3g + dosfstools + ]; + } + { # bash configuration + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=65536 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + ''; + promptInit = '' + if test $UID = 0; then + PS1='\[\033[1;31m\]\w\[\033[0m\] ' + PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' + elif test $UID = 1337; then + PS1='\[\033[1;32m\]\w\[\033[0m\] ' + PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"' + else + PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' + PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' + fi + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"' + fi + ''; + }; + } + { # ssh configuration + services.openssh.enable = true; + services.openssh.passwordAuthentication = false; + systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; + } + { # hidden ssh announce + config = let + torDirectory = "/var/lib/tor"; + hiddenServiceDir = torDirectory + "/liveos"; + in { + services.tor = { + enable = true; + client.enable = true; + extraConfig = '' + HiddenServiceDir ${hiddenServiceDir} + HiddenServicePort 22 127.0.0.1:22 + ''; + }; + systemd.services.hidden-ssh-announce = { + description = "irc announce hidden ssh"; + after = [ "tor.service" "network-online.target" ]; + wants = [ "tor.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = pkgs.writers.writeDash "irc-announce-ssh" '' + set -efu + until test -e ${hiddenServiceDir}/hostname; do + echo "still waiting for ${hiddenServiceDir}/hostname" + sleep 1 + done + until ${pkgs.tor}/bin/torify ${pkgs.netcat-openbsd}/bin/nc -z ${hiddenReceiver} 1337; do sleep 1; done && \ + echo "torify ssh root@$(cat ${hiddenServiceDir}/hostname) -i ~/.ssh/id_rsa" | ${pkgs.tor}/bin/torify ${pkgs.nmap}/bin/ncat ${hiddenReceiver} 1337 + ''; + PrivateTmp = "true"; + User = "tor"; + Type = "oneshot"; + }; + }; + }; + } + ]; +} diff --git a/images/remote-install/config.nix b/images/remote-install/config.nix index 7b93672..1374bbb 100644 --- a/images/remote-install/config.nix +++ b/images/remote-install/config.nix @@ -1,142 +1,24 @@ -{ config, lib, pkgs, ... }: -let +{ pkgs, lib, ... }: let + remote-access = import ../lib/remote-access.nix { - # cat ~/.ssh/id_rsa.pub - publicSshKey = ""; - - # remote-install-get-hiddenReceiver - hiddenReceiver = ""; + # cat ~/.ssh/id_rsa.pub + publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="; + # remote-install-get-hiddenReceiver + hiddenReceiver = ""; + }; in { - imports = [ - { # system setup - networking.hostName = "liveos"; + imports = [ remote-access ]; - users.extraUsers = { - root = { - password = "lolhack"; - openssh.authorizedKeys.keys = [ - publicSshKey - ]; - }; - }; + # network configuration + networking.networkmanager.enable = true; + networking.wireless.enable = lib.mkForce false; - environment.extraInit = '' - EDITOR=vim - ''; - } - { # installed packages - nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ - #style - most - rxvt_unicode.terminfo - - #monitoring tools - htop - iotop - - #network - iptables - iftop - nmap - - #stuff for dl - aria2 - - #neat utils - pciutils - psmisc - tmux - usbutils - git - - #unpack stuff - p7zip - unzip - unrar - - #data recovery - ddrescue - ntfs3g - dosfstools - ]; - } - { # bash configuration - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - ''; - promptInit = '' - if test $UID = 0; then - PS1='\[\033[1;31m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' - elif test $UID = 1337; then - PS1='\[\033[1;32m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"' - else - PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' - fi - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"' - fi - ''; - }; - } - { # ssh configuration - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; - } - { # network configuration - networking.networkmanager.enable = true; - networking.wireless.enable = lib.mkForce false; - } - { # hidden ssh announce - config = let - torDirectory = "/var/lib/tor"; - hiddenServiceDir = torDirectory + "/liveos"; - in { - services.tor = { - enable = true; - client.enable = true; - extraConfig = '' - HiddenServiceDir ${hiddenServiceDir} - HiddenServicePort 22 127.0.0.1:22 - ''; - }; - systemd.services.hidden-ssh-announce = { - description = "irc announce hidden ssh"; - after = [ "tor.service" "network-online.target" ]; - wants = [ "tor.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = pkgs.writers.writeDash "irc-announce-ssh" '' - set -efu - until test -e ${hiddenServiceDir}/hostname; do - echo "still waiting for ${hiddenServiceDir}/hostname" - sleep 1 - done - until ${pkgs.tor}/bin/torify ${pkgs.netcat-openbsd}/bin/nc -z ${hiddenReceiver} 1337; do sleep 1; done && \ - echo "torify ssh root@$(cat ${hiddenServiceDir}/hostname) -i ~/.ssh/id_rsa" | ${pkgs.tor}/bin/torify ${pkgs.nmap}/bin/ncat ${hiddenReceiver} 1337 - ''; - PrivateTmp = "true"; - User = "tor"; - Type = "oneshot"; - }; - }; - }; - } - ]; + environment.extraInit = '' + # use vi shortcuts + # ---------------- + set -o vi + EDITOR=vim + ''; }