mirror of
https://github.com/elitak/nixos-infect
synced 2024-11-26 05:00:21 +00:00
commit
a025094b20
1 changed files with 24 additions and 22 deletions
46
nixos-infect
46
nixos-infect
|
@ -21,7 +21,7 @@ makeConf() {
|
||||||
networking.hostName = "$(hostname)";
|
networking.hostName = "$(hostname)";
|
||||||
networking.firewall.allowPing = true;
|
networking.firewall.allowPing = true;
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
users.users.root.openssh.authorizedKeys.keys = [$(for key in ${keys[@]}; do echo -n "
|
users.users.root.openssh.authorizedKeys.keys = [$(for key in "${keys[@]}"; do echo -n "
|
||||||
\"$key\""; done)
|
\"$key\""; done)
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
@ -39,23 +39,23 @@ EOF
|
||||||
# XXX It'd be better if we used procfs for all this...
|
# XXX It'd be better if we used procfs for all this...
|
||||||
local IFS=$'\n'
|
local IFS=$'\n'
|
||||||
eth0_name=$(ip address show | grep '^2:' | awk -F': ' '{print $2}')
|
eth0_name=$(ip address show | grep '^2:' | awk -F': ' '{print $2}')
|
||||||
eth0_ip4s=($(ip address show dev $eth0_name | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|'))
|
eth0_ip4s=$(ip address show dev "$eth0_name" | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|')
|
||||||
eth0_ip6s=($(ip address show dev $eth0_name | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || ''))
|
eth0_ip6s=$(ip address show dev "$eth0_name" | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || '')
|
||||||
gateway=($(ip route show dev $eth0_name | grep default | sed -r 's|default via ([0-9.]+).*|\1|'))
|
gateway=$(ip route show dev "$eth0_name" | grep default | sed -r 's|default via ([0-9.]+).*|\1|')
|
||||||
ether0=($(ip address show dev $eth0_name | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|'))
|
ether0=$(ip address show dev "$eth0_name" | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|')
|
||||||
|
|
||||||
eth1_name=$(ip address show | grep '^3:' | awk -F': ' '{print $2}')||true
|
eth1_name=$(ip address show | grep '^3:' | awk -F': ' '{print $2}')||true
|
||||||
if [ -n "$eth1_name" ];then
|
if [ -n "$eth1_name" ];then
|
||||||
eth1_ip4s=($(ip address show dev $eth1_name | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|'))
|
eth1_ip4s=$(ip address show dev "$eth1_name" | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|')
|
||||||
eth1_ip6s=($(ip address show dev $eth1_name | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || ''))
|
eth1_ip6s=$(ip address show dev "$eth1_name" | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || '')
|
||||||
ether1=($(ip address show dev $eth1_name | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|'))
|
ether1=$(ip address show dev "$eth1_name" | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|')
|
||||||
gateway6=($(ip -6 route show dev $eth1_name | grep default | sed -r 's|default via ([0-9a-f:]+).*|\1|' || true))
|
gateway6=$(ip -6 route show dev "$eth1_name" | grep default | sed -r 's|default via ([0-9a-f:]+).*|\1|' || true)
|
||||||
interfaces1=<< EOF
|
interfaces1=<< EOF
|
||||||
$eth1_name = {
|
$eth1_name = {
|
||||||
ip4 = [$(for a in ${eth1_ip4s[@]}; do echo -n "
|
ip4 = [$(for a in "${eth1_ip4s[@]}"; do echo -n "
|
||||||
$a"; done)
|
$a"; done)
|
||||||
];
|
];
|
||||||
ip6 = [$(for a in ${eth1_ip6s[@]}; do echo -n "
|
ip6 = [$(for a in "${eth1_ip6s[@]}"; do echo -n "
|
||||||
$a"; done)
|
$a"; done)
|
||||||
];
|
];
|
||||||
EOF
|
EOF
|
||||||
|
@ -72,17 +72,17 @@ EOF
|
||||||
# This file was populated at runtime with the networking
|
# This file was populated at runtime with the networking
|
||||||
# details gathered from the active system.
|
# details gathered from the active system.
|
||||||
networking = {
|
networking = {
|
||||||
nameservers = [$(for a in ${nameservers[@]}; do echo -n "
|
nameservers = [$(for a in "${nameservers[@]}"; do echo -n "
|
||||||
\"$a\""; done)
|
\"$a\""; done)
|
||||||
];
|
];
|
||||||
defaultGateway = "${gateway}";
|
defaultGateway = "${gateway}";
|
||||||
defaultGateway6 = "${gateway6}";
|
defaultGateway6 = "${gateway6}";
|
||||||
interfaces = {
|
interfaces = {
|
||||||
$eth0_name = {
|
$eth0_name = {
|
||||||
ip4 = [$(for a in ${eth0_ip4s[@]}; do echo -n "
|
ip4 = [$(for a in "${eth0_ip4s[@]}"; do echo -n "
|
||||||
$a"; done)
|
$a"; done)
|
||||||
];
|
];
|
||||||
ip6 = [$(for a in ${eth0_ip6s[@]}; do echo -n "
|
ip6 = [$(for a in "${eth0_ip6s[@]}"; do echo -n "
|
||||||
$a"; done)
|
$a"; done)
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -112,18 +112,18 @@ EOF
|
||||||
|
|
||||||
makeSwap() {
|
makeSwap() {
|
||||||
# TODO check currently available swapspace first
|
# TODO check currently available swapspace first
|
||||||
swapFile=`mktemp /tmp/nixos-infect.XXXXX.swp`
|
swapFile=$(mktemp /tmp/nixos-infect.XXXXX.swp)
|
||||||
dd if=/dev/zero of=$swapFile bs=1M count=$((1*1024))
|
dd if=/dev/zero "of=$swapFile" bs=1M count=$((1*1024))
|
||||||
chmod 0600 $swapFile
|
chmod 0600 "$swapFile"
|
||||||
mkswap $swapFile
|
mkswap "$swapFile"
|
||||||
swapon -v $swapFile
|
swapon -v "$swapFile"
|
||||||
}
|
}
|
||||||
|
|
||||||
removeSwap() {
|
removeSwap() {
|
||||||
for swapFile in /tmp/nixos-infect.*.swp
|
for swapFile in /tmp/nixos-infect.*.swp
|
||||||
do
|
do
|
||||||
swapoff -v $swapFile
|
swapoff -v "$swapFile"
|
||||||
rm -vf $swapFile
|
rm -vf "$swapFile"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -163,6 +163,7 @@ prepareEnv() {
|
||||||
|
|
||||||
# Nix installer tries to use sudo regardless of whether we're already uid 0
|
# Nix installer tries to use sudo regardless of whether we're already uid 0
|
||||||
#which sudo || { sudo() { eval "$@"; }; export -f sudo; }
|
#which sudo || { sudo() { eval "$@"; }; export -f sudo; }
|
||||||
|
# shellcheck disable=SC2174
|
||||||
mkdir -p -m 0755 /nix
|
mkdir -p -m 0755 /nix
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -192,13 +193,14 @@ infect() {
|
||||||
# Add nix build users
|
# Add nix build users
|
||||||
# FIXME run only if necessary, rather than defaulting true
|
# FIXME run only if necessary, rather than defaulting true
|
||||||
groupadd nixbld -g 30000 || true
|
groupadd nixbld -g 30000 || true
|
||||||
for i in {1..10}; do useradd -c "Nix build user $i" -d /var/empty -g nixbld -G nixbld -M -N -r -s $(which nologin) nixbld$i || true; done
|
for i in {1..10}; do useradd -c "Nix build user $i" -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" nixbld$i || true; done
|
||||||
# TODO use addgroup and adduser as fallbacks
|
# TODO use addgroup and adduser as fallbacks
|
||||||
#addgroup nixbld -g 30000 || true
|
#addgroup nixbld -g 30000 || true
|
||||||
#for i in {1..10}; do adduser -DH -G nixbld nixbld$i || true; done
|
#for i in {1..10}; do adduser -DH -G nixbld nixbld$i || true; done
|
||||||
|
|
||||||
curl https://nixos.org/nix/install | $SHELL
|
curl https://nixos.org/nix/install | $SHELL
|
||||||
|
|
||||||
|
# shellcheck disable=SC1090
|
||||||
source ~/.nix-profile/etc/profile.d/nix.sh
|
source ~/.nix-profile/etc/profile.d/nix.sh
|
||||||
|
|
||||||
[[ -z "$NIX_CHANNEL" ]] && NIX_CHANNEL="nixos-17.03"
|
[[ -z "$NIX_CHANNEL" ]] && NIX_CHANNEL="nixos-17.03"
|
||||||
|
|
Loading…
Reference in a new issue