diff options
Diffstat (limited to 'makefu')
| -rw-r--r-- | makefu/1systems/omo/config.nix | 2 | ||||
| -rw-r--r-- | makefu/1systems/x/config.nix | 5 | ||||
| -rw-r--r-- | makefu/2configs/git/cgit-retiolum.nix | 3 | ||||
| -rw-r--r-- | makefu/2configs/hw/stk1160.nix | 3 | ||||
| -rw-r--r-- | makefu/2configs/printer.nix | 25 | ||||
| -rw-r--r-- | makefu/2configs/stats/nodisk-client.nix | 60 | ||||
| -rw-r--r-- | makefu/2configs/stats/server.nix | 2 | ||||
| -rw-r--r-- | makefu/2configs/tools/all.nix | 1 | ||||
| -rw-r--r-- | makefu/2configs/tools/android-pentest.nix | 14 | ||||
| -rw-r--r-- | makefu/2configs/vpn/openvpn-server.nix | 111 | ||||
| -rw-r--r-- | makefu/2configs/vpn/vpngate.nix (renamed from makefu/2configs/openvpn/vpngate.nix) | 0 | ||||
| -rw-r--r-- | makefu/3modules/awesome-extra.nix | 9 | ||||
| -rw-r--r-- | makefu/3modules/default.nix | 1 | ||||
| -rw-r--r-- | makefu/3modules/sane-extra.nix | 45 | ||||
| -rw-r--r-- | makefu/5pkgs/awesomecfg/default.nix | 2 | ||||
| -rw-r--r-- | makefu/5pkgs/awesomecfg/full.cfg | 15 | ||||
| -rw-r--r-- | makefu/5pkgs/dex2jar/default.nix | 48 | ||||
| -rw-r--r-- | makefu/5pkgs/drozer/default.nix | 32 | ||||
| -rw-r--r-- | makefu/5pkgs/jd-gui/default.nix | 36 | ||||
| -rw-r--r-- | makefu/source.nix | 3 |
20 files changed, 395 insertions, 22 deletions
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index e43b203b4..0df2ba6e6 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -57,7 +57,7 @@ in { # Logging #influx + grafana <stockholm/makefu/2configs/stats/server.nix> - <stockholm/makefu/2configs/stats/client.nix> + <stockholm/makefu/2configs/stats/nodisk-client.nix> # logs to influx <stockholm/makefu/2configs/stats/external/aralast.nix> diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 969e78bee..368655575 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -54,7 +54,7 @@ with import <stockholm/lib>; <stockholm/makefu/2configs/hw/rtl8812au.nix> <stockholm/makefu/2configs/hw/exfat-nofuse.nix> <stockholm/makefu/2configs/hw/wwan.nix> - # <stockholm/makefu/2configs/hw/stk1160.nix> + <stockholm/makefu/2configs/hw/stk1160.nix> # <stockholm/makefu/2configs/rad1o.nix> # Filesystem @@ -62,6 +62,9 @@ with import <stockholm/lib>; # Security <stockholm/makefu/2configs/sshd-totp.nix> + { + programs.adb.enable = true; + } ]; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 96b6c303d..b89bfadfd 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -12,6 +12,9 @@ let stockholm = { cgit.desc = "Make all the systems into 1systems!"; }; + stockholm-issues = { + cgit.desc = "Issue tracker"; + }; tinc_graphs = { cgit.desc = "Tinc Advanced Graph Generation"; }; diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix index e73741e26..b3a9e1a5a 100644 --- a/makefu/2configs/hw/stk1160.nix +++ b/makefu/2configs/hw/stk1160.nix @@ -1,8 +1,9 @@ { pkgs, ... }: { # TODO: un-pin linuxPackages somehow + boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages; nixpkgs.config.packageOverrides = pkgs: { - linux_latest = pkgs.linux_latest.override { + linux_4_9 = pkgs.linux_4_9.override { extraConfig = '' MEDIA_ANALOG_TV_SUPPORT y VIDEO_STK1160_COMMON m diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 509ed512d..0865a0841 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -1,15 +1,30 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: -{ +let + mainUser = config.krebs.build.user.name; +in { services.printing = { enable = true; drivers = [ pkgs.samsungUnifiedLinuxDriver - pkgs.cups-dymo + pkgs.cups-dymo # dymo labelwriter + pkgs.foo2zjs # magicolor 1690mf ]; }; # scanners are printers just in reverse anyway - hardware.sane.enable = true; - hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ]; + services.saned.enable = true; + users.users."${mainUser}".extraGroups = [ "scanner" ]; + + hardware.sane = { + enable = true; + extraBackends = [ pkgs.samsungUnifiedLinuxDriver ]; + + # $ scanimage -p --format=jpg --mode=Gray --source="Automatic Document Feeder" -v --batch="lol%d.jpg" --resolution=150 + + # requires 'sane-extra', scan via: + extraConfig."magicolor" = '' + net 10.42.20.30 0x2098 + ''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf + }; } diff --git a/makefu/2configs/stats/nodisk-client.nix b/makefu/2configs/stats/nodisk-client.nix new file mode 100644 index 000000000..fc8a268ce --- /dev/null +++ b/makefu/2configs/stats/nodisk-client.nix @@ -0,0 +1,60 @@ +{pkgs, config, ...}: +{ + # disk module wakes up parked disks + services.collectd = { + enable = true; + autoLoadPlugin = true; + extraConfig = '' + Hostname ${config.krebs.build.host.name} + LoadPlugin load + LoadPlugin disk + LoadPlugin memory + Interval 30.0 + + LoadPlugin interface + <Plugin "interface"> + Interface "*Link" + Interface "lo" + Interface "vboxnet*" + Interface "virbr*" + IgnoreSelected true + </Plugin> + + # LoadPlugin df + #<Plugin "df"> + # MountPoint "/nix/store" + # # MountPoint "/run*" + # # MountPoint "/sys*" + # # MountPoint "/dev" + # # MountPoint "/dev/shm" + # # MountPoint "/tmp" + # FSType "tmpfs" + # FSType "binfmt_misc" + # FSType "debugfs" + # FSType "mqueue" + # FSType "hugetlbfs" + # FSType "systemd-1" + # FSType "cgroup" + # FSType "securityfs" + # FSType "ramfs" + # FSType "proc" + # FSType "devpts" + # FSType "devtmpfs" + # MountPoint "/var/lib/docker/devicemapper" + # IgnoreSelected true + #</Plugin> + + LoadPlugin cpu + <Plugin cpu> + ReportByCpu true + ReportByState true + ValuesPercentage true + </Plugin> + + LoadPlugin network + <Plugin "network"> + Server "${config.makefu.stats-server}" "25826" + </Plugin> + ''; + }; +} diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix index 602fcc6d0..8f9935658 100644 --- a/makefu/2configs/stats/server.nix +++ b/makefu/2configs/stats/server.nix @@ -29,7 +29,7 @@ in { enabled = true; typesdb = "${pkgs.collectd}/share/collectd/types.db"; database = db; - port = collectd-port; + bind-address = ":${toString collectd-port}"; }]; }; krebs.kapacitor = diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index e64e216e0..31c959d47 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -1,5 +1,6 @@ { imports = [ + ./android-pentest.nix ./core.nix ./core-gui.nix ./dev.nix diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix new file mode 100644 index 000000000..3f65424cc --- /dev/null +++ b/makefu/2configs/tools/android-pentest.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +{ + users.users.makefu.packages = with pkgs; [ + mitmproxy + nmap + msf + drozer + dex2jar + apktool + jd-gui + android-studio + ]; +} diff --git a/makefu/2configs/vpn/openvpn-server.nix b/makefu/2configs/vpn/openvpn-server.nix new file mode 100644 index 000000000..1e7edbf78 --- /dev/null +++ b/makefu/2configs/vpn/openvpn-server.nix @@ -0,0 +1,111 @@ +{ config, pkgs, ... }: +let + out-itf = config.makefu.server.primary-itf; + # generate via openvpn --genkey --secret static.key + client-key = (toString <secrets>) + "/openvpn-laptop.key"; + # domain = "vpn.euer.krebsco.de"; + domain = "gum.krebsco.de"; + dev = "tun0"; + port = 1194; + tcp-port = 3306; +in { + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + networking.nat = { + enable = true; + externalInterface = out-itf; + internalInterfaces = [ dev ]; + }; + networking.firewall.trustedInterfaces = [ dev ]; + networking.firewall.allowedUDPPorts = [ port ]; + environment.systemPackages = [ pkgs.openvpn ]; + services.openvpn.servers.smartphone.config = '' + #user nobody + #group nobody + + dev ${dev} + proto udp + ifconfig 10.8.0.1 10.8.0.2 + secret ${client-key} + port ${toString port} + cipher AES-256-CBC + comp-lzo + + keepalive 10 60 + ping-timer-rem + persist-tun + persist-key + ''; + + environment.etc."openvpn/smartphone-client.ovpn" = { + text = '' + client + dev tun + remote "${domain}" + ifconfig 10.8.0.1 10.8.0.2 + port ${toString port} + + cipher AES-256-CBC + comp-lzo + keepalive 10 60 + resolv-retry infinite + nobind + persist-key + persist-tun + + secret [inline] + + ''; + mode = "700"; + }; + system.activationScripts.openvpn-addkey = '' + f="/etc/openvpn/smartphone-client.ovpn" + if ! grep -q '<secret>' $f; then + echo "appending secret key" + echo "<secret>" >> $f + cat ${client-key} >> $f + echo "</secret>" >> $f + fi + ''; + #smartphone-tcp.config = '' + # user nobody + # group nobody + + # dev ${dev} + # proto tcp + # ifconfig 10.8.0.1 10.8.0.3 + # secret ${client-key} + # port tcp-port + # comp-lzo + + # keepalive 10 60 + # ping-timer-rem + # persist-tun + # persist-key + #''; + # TODO: forward via 443 + # stream { + # + # map $ssl_preread_server_name $name { + # vpn1.app.com vpn1_backend; + # vpn2.app.com vpn2_backend; + # https.app.com https_backend; + # } + # + # upstream vpn1_backend { + # server 10.0.0.3:443; + # } + # + # upstream vpn2_backend { + # server 10.0.0.4:443; + # } + # + # upstream https_backend { + # server 10.0.0.5:443; + # + # server { + # listen 10.0.0.1:443; + # proxy_pass $name; + # ssl_preread on; + # } + # } +} diff --git a/makefu/2configs/openvpn/vpngate.nix b/makefu/2configs/vpn/vpngate.nix index bf3101b19..bf3101b19 100644 --- a/makefu/2configs/openvpn/vpngate.nix +++ b/makefu/2configs/vpn/vpngate.nix diff --git a/makefu/3modules/awesome-extra.nix b/makefu/3modules/awesome-extra.nix index 81c42cba7..0561c15a8 100644 --- a/makefu/3modules/awesome-extra.nix +++ b/makefu/3modules/awesome-extra.nix @@ -28,10 +28,15 @@ let # TODO: configure display manager as well nixpkgs.config.packageOverrides = pkgs: rec { awesome = pkgs.stdenv.lib.overrideDerivation pkgs.awesome (oldAttrs : { - postFixup = let + postFixup = let rclua = pkgs.substituteAll { src = cfg.baseConfig; - inherit (cfg) modkey; + modkey = cfg.modkey; + # inherit (cfg) modkey; + amixer = "${pkgs.alsaUtils}/bin/amixer"; + xlock = "${pkgs.xlockmore}/bin/xlock"; + xbacklight = "${pkgs.xorg.xbacklight}/bin/xbacklight"; + }; in "cp ${rclua} $out/etc/xdg/awesome/rc.lua"; }); diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 2981e0fa3..00df56bee 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -9,6 +9,7 @@ _: ./opentracker.nix ./ps3netsrv.nix ./logging-config.nix + ./sane-extra.nix ./server-config.nix ./snapraid.nix ./torrent.nix diff --git a/makefu/3modules/sane-extra.nix b/makefu/3modules/sane-extra.nix new file mode 100644 index 000000000..2e0ce8f2f --- /dev/null +++ b/makefu/3modules/sane-extra.nix @@ -0,0 +1,45 @@ +{ config, lib, pkgs, ... }: +# https://github.com/michalrus/dotfiles/blob/d943be3089aa436e07cea5f22d829402936a9229/.nixos-config.symlink/modules/sane-extra-config.nix +# via https://github.com/NixOS/nixpkgs/issues/17411 +# via https://unix.stackexchange.com/questions/321954/install-epson-v39-on-nixos +with lib; + +let + + cfg = config.hardware.sane; + + pkg = if cfg.snapshot + then pkgs.sane-backends-git + else pkgs.sane-backends; + + backends = [ pkg ] ++ cfg.extraBackends; + + saneConfig = pkgs.mkSaneConfig { paths = backends; }; + + saneExtraConfig = pkgs.runCommand "sane-extra-config" {} '' + cp -Lr '${pkgs.mkSaneConfig { paths = [ pkgs.sane-backends ]; }}'/etc/sane.d $out + chmod +w $out + ${concatMapStrings (c: '' + f="$out/${c.name}.conf" + [ ! -e "$f" ] || chmod +w "$f" + cat ${builtins.toFile "" (c.value + "\n")} >>"$f" + chmod -w "$f" + '') (mapAttrsToList nameValuePair cfg.extraConfig)} + chmod -w $out + ''; + +in + +{ + options = { + hardware.sane.extraConfig = mkOption { + type = types.attrsOf types.lines; + default = {}; + example = { "some-backend" = "# some lines to add to its .conf"; }; + }; + }; + + config = mkIf (cfg.enable && cfg.extraConfig != {}) { + hardware.sane.configDir = saneExtraConfig.outPath; + }; +} diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix index b94b6fa54..3c9340692 100644 --- a/makefu/5pkgs/awesomecfg/default.nix +++ b/makefu/5pkgs/awesomecfg/default.nix @@ -1,7 +1,7 @@ _: { - # TODO: requires in path: amixer, xlock, xbacklight + # replace: @amixer@ @xlock@ @xbacklight@ full = ./full.cfg; kiosk = ./kiosk.lua; } diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index 73ff42e9f..993942771 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -365,23 +365,22 @@ globalkeys = awful.util.table.join( {description = "restore minimized", group = "client"}), awful.key({ }, "XF86MonBrightnessUp", function () - awful.util.spawn("xbacklight -inc 5", false) end), + awful.util.spawn("@xbacklight@ -inc 5", false) end), awful.key({ }, "XF86MonBrightnessDown", function () - awful.util.spawn("xbacklight -dec 5", false) end), + awful.util.spawn("@xbacklight@ -dec 5", false) end), awful.key({ }, "XF86AudioRaiseVolume", function () - awful.util.spawn("amixer set Master 5%+", false) end), + awful.util.spawn("@amixer@ set Master 5%+", false) end), awful.key({ }, "XF86AudioLowerVolume", function () - awful.util.spawn("amixer set Master 5%-", false) end), + awful.util.spawn("@amixer@ set Master 5%-", false) end), awful.key({ }, "XF86AudioMute", function () - awful.util.spawn("amixer -q -D default sset Master toggle", false) end), + awful.util.spawn("@amixer@ -q -D default sset Master toggle", false) end), -- Prompt awful.key({ modkey }, "r", function () awful.screen.focused().mypromptbox:run() end, {description = "run prompt", group = "launcher"}), - -- awful.key({ modkey }, "r", function () awful.util.spawn( "dmenu_run" ) end ), - awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("xlock -mode blank") end), - awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("xlock -mode blank") end), + awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@xlock@ -mode blank") end), + awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@xlock@ -mode blank") end), awful.key({ modkey }, "x", function () diff --git a/makefu/5pkgs/dex2jar/default.nix b/makefu/5pkgs/dex2jar/default.nix new file mode 100644 index 000000000..76557ce67 --- /dev/null +++ b/makefu/5pkgs/dex2jar/default.nix @@ -0,0 +1,48 @@ +{ stdenv, lib, pkgs, fetchurl, jre, makeWrapper, unzip }: +stdenv.mkDerivation rec { + name = "${packageName}-${version}"; + packageName = "dex2jar"; + version = "2.0"; + + src = fetchurl { + url = "mirror://sourceforge/${packageName}/${name}.zip"; + sha256 = "1g3mrbyl8sdw1nhp17z23qbfzqpa0w2yxrywgphvd04jdr6yn1vr"; + }; + + nativeBuildInputs = [ makeWrapper unzip ]; + + unpackPhase = '' + unzip $src + cd ${name} + ''; + + configurePhase = ":"; + + buildPhase = '' + rm *.bat + chmod +x *.sh + ''; + + installPhase = '' + f=$out/lib/dex2jar/ + bin=$out/bin + + mkdir -p $f $bin + + # fixup path to java + sed -i 's#^java#${pkgs.jre}/bin/java#' d2j_invoke.sh + + mv * $f + for i in $f/*.sh; do + n=$(basename ''${i%.sh}) + makeWrapper $i $bin/$n + done + ''; + fixupPhase = ":"; + + meta = { + homepage = https://sourceforge.net/projects/dex2jar/; + description = "Tools to work with android .dex and java .class files"; + license = lib.licenses.asl20; + }; +} diff --git a/makefu/5pkgs/drozer/default.nix b/makefu/5pkgs/drozer/default.nix new file mode 100644 index 000000000..c63f1d0d8 --- /dev/null +++ b/makefu/5pkgs/drozer/default.nix @@ -0,0 +1,32 @@ +{ pkgs, lib, fetchFromGitHub, pythonPackages, jre7, jdk7, ... }: + +pythonPackages.buildPythonApplication rec { + name = "drozer-${version}"; + version = "2.4.3"; + buildInputs = [ jdk7 ]; + propagatedBuildInputs = with pythonPackages; [ + protobuf + pyopenssl + pyyaml + jre7 + twisted + ]; + src = fetchFromGitHub { + owner = "mwrlabs"; + repo = "drozer"; + rev = version; + sha256 = "1z437y7rr53dhpi95yc2c3x8g4aix90y7zf52avcdsvhlp4iip3q"; + }; + prePatch = '' + sed -i 's#^exec java #exec ${jre7}/bin/java #' ./src/drozer/lib/dx + patchShebangs ./src/drozer/lib/dx + patchelf $(cat $NIX_CC/nix-support/dynamic-linker) ./src/drozer/lib/aapt + echo starting build + ''; + + meta = { + homepage = https://github.com/mwrlabs/drozer/; + description = "The Leading Security Assessment Framework for Android"; + license = lib.licenses.bsd2; + }; +} diff --git a/makefu/5pkgs/jd-gui/default.nix b/makefu/5pkgs/jd-gui/default.nix new file mode 100644 index 000000000..adefd80dd --- /dev/null +++ b/makefu/5pkgs/jd-gui/default.nix @@ -0,0 +1,36 @@ +{ stdenv, lib, pkgs, fetchurl, jre, makeWrapper, unzip }: +stdenv.mkDerivation rec { + name = "${packageName}-${version}"; + packageName = "jd-gui"; + version = "1.4.0"; + + src = fetchurl { + url = "https://github.com/java-decompiler/jd-gui/releases/download/v${version}/${name}.jar"; + sha256 = "0rvbplkhafb6s9aiwgcq4ffz4bvzyp7q511pd46hx4ahhzfg7lmx"; + }; + + nativeBuildInputs = [ makeWrapper unzip ]; + + phases = [ "installPhase" ]; + + installPhase = '' + f=$out/lib/jd-gui/ + bin=$out/bin + name=$(basename $src) + mkdir -p $f $bin + + # fixup path to java + cp $src $f + cat > $bin/jd-gui <<EOF + #!/bin/sh + exec ${pkgs.jre}/bin/java -jar $f/$name \$@ + EOF + chmod +x $bin/jd-gui + ''; + + meta = { + homepage = https://github.com/java-decompiler/jd-gui; + description = "A standalone Java Decompiler GUI"; + license = lib.licenses.gpl3; + }; +} diff --git a/makefu/source.nix b/makefu/source.nix index 1183f4f08..0c74585b2 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,7 +11,7 @@ let then "buildbot" else "makefu"; _file = <stockholm> + "/makefu/1systems/${name}/source.nix"; - ref = "1e478271"; # unstable @ 2017-07-31 + graceful requests2 (a772c3aa) + libpurple bitlbee ( ce6fe1a, 65e38b7 ) + ref = "1e47827"; # unstable @ 2017-07-31 + graceful requests2 (a772c3aa) + libpurple bitlbee ( ce6fe1a, 65e38b7 ) in evalSource (toString _file) [ @@ -24,7 +24,6 @@ in inherit ref; }; } else { - # TODO use http, once it is implemented # right now it is simply extracted revision folder ## prepare so we do not have to wait for rsync: |