diff options
author | tv <tv@krebsco.de> | 2021-01-25 11:28:26 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2021-01-25 11:28:26 +0100 |
commit | a0ca091cbf4e9ca41390ad9d54844c9eb2660406 (patch) | |
tree | aae89f223f953a81da400d6f7deac1d5ae5d240e /krebs/5pkgs/simple | |
parent | 1cd73df0c8694f491d40f93a796ea58f150e88dc (diff) | |
parent | 71206dc6a2852dd69664e85aa6dcb49676ec1f6e (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/5pkgs/simple')
-rw-r--r-- | krebs/5pkgs/simple/ecrypt/default.nix | 111 | ||||
-rw-r--r-- | krebs/5pkgs/simple/realwallpaper/default.nix | 46 |
2 files changed, 145 insertions, 12 deletions
diff --git a/krebs/5pkgs/simple/ecrypt/default.nix b/krebs/5pkgs/simple/ecrypt/default.nix new file mode 100644 index 000000000..f83f8cfe7 --- /dev/null +++ b/krebs/5pkgs/simple/ecrypt/default.nix @@ -0,0 +1,111 @@ +{ pkgs, lib }: + +#usage: ecrypt mount /var/crypted /var/unencrypted +pkgs.writers.writeDashBin "ecrypt" '' + set -euf + + PATH=${lib.makeBinPath (with pkgs; [ + coreutils + ecryptfs + gnused + gnugrep + jq + mount + keyutils + umount + ])} + + # turn echo back on if killed + trap 'stty echo' INT + + case "$1" in + init) + shift + mkdir -p "$1" "$2" + + # abort if src or dest are not empty + if [ -e "$1"/.cfg.json ]; then + echo 'source dir is already configured, aborting' + exit 1 + elif ls -1qA "$2" | grep -q .; then + echo 'destination dir is not empty, aborting' + exit 1 + else + # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails + echo 4 | ecryptfs-manager + stty -echo + printf "passphrase: " + read passphrase + stty echo + sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/') + mount -t ecryptfs \ + -o ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \ + "$1" "$2" + + # add sig to json state file + jq -n --arg sig "$sig" '{ "sig": $sig }' > "$1"/.cfg.json + fi + ;; + + mount) + shift + if ! [ -e "$1"/.cfg.json ]; then + echo '.cfg.json missing in src' + exit 1 + fi + old_sig=$(cat "$1"/.cfg.json | jq -r .sig) + + # check if key is already in keyring, otherwise add it + + if keyctl list @u | grep -q "$old_sig"; then + echo 'pw already saved' + else + # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails + echo 4 | ecryptfs-manager + stty -echo + printf "passphrase: " + read passphrase + stty echo + new_sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/') + + # check if passphrase matches sig + if [ "$old_sig" != "$new_sig" ]; then + echo 'passphrase does not match sig, bailing out' + new_keyid=$(keyctl list @u | grep "$new_sig" | sed 's/\([0-9]*\).*/\1/') + keyctl revoke "$new_keyid" + keyctl unlink "$new_keyid" + exit 1 + fi + fi + + sig=$old_sig + keyid=$(keyctl list @u | grep "$sig" | sed 's/\([0-9]*\).*/\1/') + if (ls -1qA "$2" | grep -q .); then + echo 'destination is not empty, bailing out' + exit 1 + else + mount -i -t ecryptfs \ + -o ecryptfs_passthrough=no,verbose=no,ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \ + "$1" "$2" + fi + ;; + + unmount) + shift + + sig=$(cat "$1"/.cfg.json | jq -r .sig) + keyid=$(keyctl list @u | grep "$sig" | sed 's/\s*\([0-9]*\).*/\1/') + + umount "$2" || : + keyctl revoke "$keyid" + keyctl unlink "$keyid" + ;; + + *) + echo 'usage: + ecrypt init /tmp/src/ /tmp/dst/ + ecrypt mount /tmp/src/ /tmp/dst/ + ecrypt unmount /tmp/src/ /tmp/dst/ + ' + esac +'' diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index 56a7dfb98..e55454a08 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -192,18 +192,15 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' fi # create marker file from json - if [ -s marker.json ]; then - jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude) image=krebs.png"' marker.json > marker_file - echo 'position=sun image=sun.png' >> marker_file - echo 'position=moon image=moon.png' >> marker_file - echo 'position=mercury image=mercury.png' >> marker_file - echo 'position=venus image=venus.png' >> marker_file - echo 'position=mars image=mars.png' >> marker_file - echo 'position=jupiter image=jupiter.png' >> marker_file - echo 'position=saturn image=saturn.png' >> marker_file - echo 'position=uranus image=uranus.png' >> marker_file - echo 'position=neptune image=neptune.png' >> marker_file - fi + echo 'position=sun image=sun.png' > marker_file + echo 'position=moon image=moon.png' >> marker_file + echo 'position=mercury image=mercury.png' >> marker_file + echo 'position=venus image=venus.png' >> marker_file + echo 'position=mars image=mars.png' >> marker_file + echo 'position=jupiter image=jupiter.png' >> marker_file + echo 'position=saturn image=saturn.png' >> marker_file + echo 'position=uranus image=uranus.png' >> marker_file + echo 'position=neptune image=neptune.png' >> marker_file # generate moon xplanet -body moon --num_times 1 -origin earth \ @@ -228,6 +225,24 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' ''} xplanet --num_times 1 --geometry $xplanet_out_size \ + --output xplanet-marker-output.png --projection merc \ + -config ${pkgs.writeText "xplanet-marker.config" '' + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds.png + cloud_threshold=1 + cloud_gamma=10 + marker_file=marker_file + shade=15 + ''} + + if [ -s marker.json ]; then + jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude) image=krebs.png"' marker.json >> marker_file + fi + + xplanet --num_times 1 --geometry $xplanet_out_size \ --output xplanet-krebs-output.png --projection merc \ -config ${pkgs.writeText "xplanet-krebs.config" '' [earth] @@ -248,6 +263,13 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' mv realwallpaper-tmp.png realwallpaper.png fi + # trim xplanet output + if needs_rebuild realwallpaper-marker.png xplanet-marker-output.png; then + convert xplanet-marker-output.png -crop $out_geometry \ + realwallpaper-marker-tmp.png + mv realwallpaper-marker-tmp.png realwallpaper-marker.png + fi + if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then convert xplanet-krebs-output.png -crop $out_geometry \ realwallpaper-krebs-tmp.png |