From ea9dbc8caf3111f80cc94de51eb6d6dace05e3c4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Dec 2022 12:20:42 +0100 Subject: types host: remove cores --- lass/5pkgs/l-gen-secrets/default.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/5pkgs') diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix index d999a4334..6cb60eaa1 100644 --- a/lass/5pkgs/l-gen-secrets/default.nix +++ b/lass/5pkgs/l-gen-secrets/default.nix @@ -25,7 +25,6 @@ pkgs.writeDashBin "l-gen-secrets" '' cat < Date: Tue, 27 Dec 2022 22:57:16 +0100 Subject: l l-gen-secrets: refactor, add tinc ed25519 & tor --- lass/5pkgs/l-gen-secrets/default.nix | 102 ++++++++++++++++++++++------------- 1 file changed, 64 insertions(+), 38 deletions(-) (limited to 'lass/5pkgs') diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix index 6cb60eaa1..b6e565245 100644 --- a/lass/5pkgs/l-gen-secrets/default.nix +++ b/lass/5pkgs/l-gen-secrets/default.nix @@ -1,56 +1,82 @@ { pkgs }: -pkgs.writeDashBin "l-gen-secrets" '' - HOSTNAME="$1" +pkgs.writers.writeDashBin "l-gen-secrets" '' + set -efu + HOSTNAME=$1 TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + if [ "''${DRYRUN-n}" = "n" ]; then + trap 'rm -rf $TMPDIR' EXIT + else + echo "$TMPDIR" + set -x + fi + mkdir -p $TMPDIR/out + PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1) HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null + # ssh ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null - ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null - ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null - ${pkgs.wireguard-tools}/bin/wg genkey > $TMPDIR/wiregrill.key - ${pkgs.coreutils}/bin/cat $TMPDIR/wiregrill.key | ${pkgs.wireguard-tools}/bin/wg pubkey > $TMPDIR/wiregrill.pub - cat < $TMPDIR/hashedPasswords.nix + ${pkgs.coreutils}/bin/mv $TMPDIR/ssh.id_ed25519 $TMPDIR/out/ + + # tor + ${pkgs.coreutils}/bin/timeout 1 ${pkgs.tor}/bin/tor --HiddenServiceDir $TMPDIR/tor --HiddenServicePort 1 --SocksPort 0 || : + ${pkgs.coreutils}/bin/mv $TMPDIR/tor/hs_ed25519_secret_key $TMPDIR/out/ssh-tor.priv + + # tinc + ${pkgs.coreutils}/bin/mkdir -p $TMPDIR/tinc + ${pkgs.tinc_pre}/bin/tinc --config $TMPDIR/tinc generate-keys 4096 $TMPDIR/out/wiregrill.key + ${pkgs.coreutils}/bin/cat $TMPDIR/out/wiregrill.key | ${pkgs.wireguard-tools}/bin/wg pubkey > $TMPDIR/wiregrill.pub + + # system passwords + cat < $TMPDIR/out/hashedPasswords.nix { root = "$HASHED_PASSWORD"; mainUser = "$HASHED_PASSWORD"; } EOF - cd $TMPDIR - for x in *; do - ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null - done - echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/pass > /dev/null + set +f + if [ "''${DRYRUN-n}" = "n" ]; then + cd $TMPDIR/out + for x in *; do + ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null + done + echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/pass > /dev/null + ${pkgs.coreutils}/bin/cat $TMPDIR/tor/hostname | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/torname > /dev/null + fi + set -f cat <; - ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; }; + ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; + } EOF - - rm -rf $TMPDIR '' - -- cgit v1.2.3 From 351667fe85202192fdc442ce22dd5e75aa844598 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Dec 2022 11:18:24 +0100 Subject: l-gen-secrets: fix key indent --- lass/5pkgs/l-gen-secrets/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/5pkgs') diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix index b6e565245..27e59bb96 100644 --- a/lass/5pkgs/l-gen-secrets/default.nix +++ b/lass/5pkgs/l-gen-secrets/default.nix @@ -19,7 +19,7 @@ pkgs.writers.writeDashBin "l-gen-secrets" '' ${pkgs.coreutils}/bin/mv $TMPDIR/ssh.id_ed25519 $TMPDIR/out/ # tor - ${pkgs.coreutils}/bin/timeout 1 ${pkgs.tor}/bin/tor --HiddenServiceDir $TMPDIR/tor --HiddenServicePort 1 --SocksPort 0 || : + ${pkgs.coreutils}/bin/timeout 1 ${pkgs.tor}/bin/tor --HiddenServiceDir $TMPDIR/tor --HiddenServicePort 1 --SocksPort 0 >/dev/null || : ${pkgs.coreutils}/bin/mv $TMPDIR/tor/hs_ed25519_secret_key $TMPDIR/out/ssh-tor.priv # tinc @@ -62,7 +62,7 @@ pkgs.writers.writeDashBin "l-gen-secrets" '' "$HOSTNAME.r" ]; tinc.pubkey = ${"''"} - $(cat $TMPDIR/tinc/rsa_key.pub | sed 's/^/ /') + $(cat $TMPDIR/tinc/rsa_key.pub | sed 's/^/ /') ${"''"}; tinc.pubkey_ed25519 = "$(cat $TMPDIR/tinc/ed25519_key.pub | ${pkgs.gnused}/bin/sed 's/.* = //')"; }; -- cgit v1.2.3 From 5c6815ff41d04a460e5e35cf34639fb34185e65f Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Dec 2022 11:19:37 +0100 Subject: l install-system: init helper script to install systems --- lass/5pkgs/install-system/default.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 lass/5pkgs/install-system/default.nix (limited to 'lass/5pkgs') diff --git a/lass/5pkgs/install-system/default.nix b/lass/5pkgs/install-system/default.nix new file mode 100644 index 000000000..9a392e669 --- /dev/null +++ b/lass/5pkgs/install-system/default.nix @@ -0,0 +1,26 @@ +{ pkgs }: +pkgs.writers.writeDashBin "install-system" '' + set -efux + SYSTEM=$1 + TARGET=$2 + # format + if ! (sshn "$TARGET" -- mountpoint /mnt); then + nix run github:numtide/nixos-remote -- --stop-after-disko --store-paths "$(nix-build --no-out-link -I stockholm="$HOME"/sync/stockholm -I nixos-config="$HOME"/sync/stockholm/lass/1systems/"$SYSTEM"/physical.nix '' -A config.system.build.diskoNoDeps)" /dev/null "$TARGET" + fi + + # install dependencies + sshn "$TARGET" << SSH + nix-channel --update + nix-env -iA nixos.git + SSH + + # populate + $(nix-build --no-out-link "$HOME"/sync/stockholm/lass/krops.nix -A populate --argstr name "$SYSTEM" --argstr target "$TARGET"/mnt/var/src --arg force true) + + # install + sshn "$TARGET" << SSH + ln -s /mnt/var/src /var/src + NIXOS_CONFIG=/var/src/nixos-config nixos-install --no-root-password -I /var/src + zpool export -fa + SSH +'' -- cgit v1.2.3 From cc29be2d206e1093e036ef619c08e6d536257760 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Wed, 28 Dec 2022 19:06:08 +0100 Subject: l yellow.r: move to new deno port --- lass/5pkgs/bruellwuerfel/default.nix | 26 -------------------------- 1 file changed, 26 deletions(-) delete mode 100644 lass/5pkgs/bruellwuerfel/default.nix (limited to 'lass/5pkgs') diff --git a/lass/5pkgs/bruellwuerfel/default.nix b/lass/5pkgs/bruellwuerfel/default.nix deleted file mode 100644 index cb8f08fa8..000000000 --- a/lass/5pkgs/bruellwuerfel/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ yarn2nix-moretea, fetchFromGitHub, nodePackages, nodejs }: let - #src = ~/src/bruellwuerfel; - src = fetchFromGitHub { - owner = "krebs"; - repo = "bruellwuerfel"; - rev = "57e20e630f732ce4e15b495ec5f9bf72a121b959"; - sha256 = "08zwwl24sq21r497a03lqpy2x10az8frrsh6d38xm92snd1yf85b"; - }; - -in yarn2nix-moretea.mkYarnModules rec { - pname = "bruellwuerfel"; - version = "1.0"; - name = "${pname}-${version}"; - packageJSON = "${src}/package.json"; - yarnLock = "${src}/yarn.lock"; - postBuild = '' - cp -r ${src}/{src,tsconfig.json} $out/ - cd $out - ${nodePackages.typescript}/bin/tsc || : - mkdir -p $out/bin - echo '#!/bin/sh' > $out/bin/bruellwuerfel - echo "export NODE_PATH=$out/dist" >> $out/bin/bruellwuerfel - echo "${nodejs}/bin/node $out/dist/index.js" >> $out/bin/bruellwuerfel - chmod +x $out/bin/bruellwuerfel - ''; -} -- cgit v1.2.3