diff options
| author | c0co.channel <c0co.channel@braincrime.com> | 2025-09-20 23:19:33 +0100 |
|---|---|---|
| committer | c0co.channel <c0co.channel@braincrime.com> | 2025-09-20 23:19:33 +0100 |
| commit | 441ee5792c71c0f021b9e90a7f609fef2cdb5e7e (patch) | |
| tree | ef74b88a51be5712d77bb789992376b07650fa93 /pwn | |
| parent | e9ae23f145af5dad17175d73d9095860ec0a4c07 (diff) | |
Add basic pwn system and home configs
Diffstat (limited to 'pwn')
| -rw-r--r-- | pwn/home.scm | 107 | ||||
| -rw-r--r-- | pwn/packages.scm | 85 | ||||
| -rw-r--r-- | pwn/system-pwn.scm | 143 |
3 files changed, 295 insertions, 40 deletions
diff --git a/pwn/home.scm b/pwn/home.scm new file mode 100644 index 0000000..86656b1 --- /dev/null +++ b/pwn/home.scm @@ -0,0 +1,107 @@ +(define-module (pwn home) + #:use-module (gnu) + #:use-module (gnu packages gnupg) + #:use-module (gnu services) + #:use-module (gnu home) + #:use-module (gnu home services) + #:use-module (gnu home services pm) + #:use-module (gnu home services sound) + #:use-module (gnu home services shells) + #:use-module (gnu home services desktop) + #:use-module (gnu home services gnupg) + #:use-module (gnu home services xdg) + #:use-module (nongnu packages nvidia) + #:use-module (nongnu services nvidia) + #:use-module (guix gexp) + #:use-module (nonguix transformations) + #:use-module (pwn packages) + #:export (pwn-home-environment)) + + (use-package-modules compression gnome gnome-xyz music video fonts freedesktop + linux package-management pulseaudio ssh + terminals xdisorg xorg glib virtualization + wm messaging gstreamer) + + (define pwn-home-environment + (home-environment + (services + (list + (simple-service 'profile-env-vars-service + home-environment-variables-service-type + '(;; Sort dot files first in ls + ("LC_COLLATE" . "C") + + ;; vim instead of nano + ("VISUAL" . "vim") + ("EDITOR" . "vim") + + ;; Wayland + ("XDG_CURRENT_DESKTOP" . "sway") + ("XDG_SESSION_TYPE" . "wayland") + ("RTC_USE_PIPEWIRE" . "true") + ("SDL_VIDEODRIVER" . "wayland") + ("MOZ_ENABLE_WAYLAND" . "1") + ("CLUTTER_BACKEND" . "wayland") + ("ELM_ENGINE" . "wayland_egl") + ("ECORE_EVAS_ENGINE" . "wayland-egl") + ("QT_QPA_PLATFORM" . "wayland-egl") + + ;; JAVA + ("_JAVA_AWT_WM_NONREPARENTING" . #t) + + ;; env-vars for Flatpak visibility + ("XDG_DATA_DIRS" . "$XDG_DATA_DIRS:$HOME/.local/share/flatpak/exports/share"))) + + (service home-bash-service-type + (home-bash-configuration + (bash-profile (list (local-file "../files/scripts/sway-login") + (plain-file "bash-profile" "flatpak -u remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo"))) + (bashrc (list (local-file "../files/scripts/gpg-agent-tty"))))) + + (simple-service 'xdg-user-directories-config-service + home-xdg-user-directories-service-type + (home-xdg-user-directories-configuration + (download "$HOME/Downloads"))) + + (simple-service 'add-nix-channels + home-files-service-type + `((".nix-channels" + ,(plain-file "nix-channels" + (string-append + "nixpkgs https://www.nixos.org/channels/nixpkgs-unstable \n" + "nixos https://www.nixos.org/channels/nixos-unstable"))))) + + (service home-xdg-configuration-files-service-type + `(("sway/config" ,(local-file "../files/misc-config/pwn-sway-config")))) + + (service home-gpg-agent-service-type + (home-gpg-agent-configuration + (pinentry-program + (file-append pinentry "/bin/pinentry")) + (ssh-support? #t))) + + (service home-dbus-service-type) + (service home-pipewire-service-type))) + + (packages (append ( + list xorg-server-xwayland flatpak sway + swayidle swaylock fuzzel foot + grimshot wl-clipboard network-manager-applet + + ;; XDG and Flatpak dependency + (list glib "bin") + xdg-desktop-portal xdg-desktop-portal-gtk + xdg-desktop-portal-wlr xdg-utils xdg-dbus-proxy + shared-mime-info + + ;; virt-man + virt-manager + ;; Audio + alsa-utils pavucontrol + ;; gstreamer + gstreamer gst-plugins-base gst-plugins-good + gst-plugins-bad gst-plugins-ugly gst-libav + ;; General + openssh zip unzip) + pwn-packages)))) + diff --git a/pwn/packages.scm b/pwn/packages.scm index 50980c7..f1fbeef 100644 --- a/pwn/packages.scm +++ b/pwn/packages.scm @@ -1,40 +1,45 @@ -(define pwn packages -#:use-module: (gnu) -#:use-module: (gnu packages networking) -#:use-module: (gnu packages databases) -#:use-module: (gnu packages rdesktop) -#:use-module: (gnu packages vnc) -#:use-module: (gnu packages password-utils) -#:use-module: (gnu packages python-web) -#:use-module: (gnu packages package-management) -export (pwn-packages)) - -(packages list (;; guix channel packages - ;; basic packages from (gnu) - curl rsync rlogin - samba ; provides smbclient - - ;; from (admin) - nmap tcpdump - - ;; from (networking) - socat fping - - ;; from (password-utils) - john-the-ripper-jumbo - hashcat thc-hydra - - ; from (databases) - mysql - - ; from (rdesktop) - freerdp ; provides xfreerdp client - - ; from (vnc) - remmina - - ; from (python-web) - python-scrapy - - ; from (package-management) - nix pipx)) +(define-module (pwn packages) +#:use-module (gnu) +#:use-module (gnu packages dns) +#:use-module (gnu packages networking) +#:use-module (gnu packages databases) +#:use-module (gnu packages rdesktop) +#:use-module (gnu packages vnc) +#:use-module (gnu packages admin) +#:use-module (gnu packages password-utils) +#:use-module (gnu packages python-web) +#:use-module (gnu packages package-management) +#:export (pwn-packages)) + +(use-package-modules curl rsync samba dns) + +(define pwn-packages (list + ;; guix channel packages + ;; basic packages from (gnu) + curl rsync (list isc-bind "utils") + samba ; provides smbclient + + ;; from (admin) + nmap tcpdump + + ;; from (networking) + socat fping + + ;; from (password-utils) + john-the-ripper-jumbo + hashcat hydra + + ;; from (databases) + mysql + + ;; from (rdesktop) + freerdp ; provides xfreerdp client + + ;; from (vnc) + remmina + + ;; from (python-web) + python-scrapy + + ;; from (package-management) + nix pipx)) diff --git a/pwn/system-pwn.scm b/pwn/system-pwn.scm new file mode 100644 index 0000000..e1a080c --- /dev/null +++ b/pwn/system-pwn.scm @@ -0,0 +1,143 @@ +;; Modules to import to access variables used. +(define-module (pwn system) + #:use-module (gnu) + #:use-module (gnu services guix) + #:use-module (guix transformations) + #:use-module (nongnu packages linux) + #:use-module (nongnu system linux-initrd) + #:use-module (pwn home)) + +(use-service-modules linux guix desktop pm audio virtualization + networking dbus xorg avahi spice nix) +(use-package-modules linux audio libusb wm fonts virtualization + freedesktop vim security-token cryptsetup version-control package-management) + +(define patch-libvirt + (options->transformation + '((with-patch . "libvirt=patches/libvirt-qemu-caps.patch")))) + +(operating-system + (locale "en_GB.utf8") + (timezone "Europe/London") + (keyboard-layout (keyboard-layout "gb")) + (host-name "pwn") + + ;; Users ('root' is implicit). + (users (cons* (user-account + (name "ET") + (comment "disposable machine") + (password (crypt "ET" "$6$abc")) + (group "users") + (home-directory "/home/home") + (supplementary-groups '("wheel" "plugdev" "netdev" "audio" "video"))) + %base-user-accounts)) + + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (targets '("/dev/vda")) + (terminal-outputs '(console)))) + + (file-systems (cons (file-system + (mount-point "/") + (device "/dev/vda1") + (type "ext4")) + %base-file-systems)) + + ;; Non-free + (kernel linux) + (firmware (list linux-firmware)) + (initrd microcode-initrd) + + ;; Services (system-wide) + (services (append + (modify-services %base-services + (delete login-service-type) + (delete mingetty-service-type) + (delete console-font-service-type) + ;; Add non-free substitutes + (guix-service-type + config => + (guix-configuration + (inherit config) + (substitute-urls + (append (list "https://substitutes.nonguix.org") + %default-substitute-urls)) + (authorized-keys + (append (list (local-file "../files/nonguix-signing-key.pub")) + %default-authorized-guix-keys))))) + (list + ;; systemd dependencies + (service elogind-service-type) + + ;; Spice and Qemu for VMs + (service spice-vdagent-service-type) + (service qemu-guest-agent-service-type) + + ;; PAM and login + (service greetd-service-type + (greetd-configuration + (greeter-supplementary-groups (list "video" "input")) + (terminals + (list + (greetd-terminal-configuration + (terminal-vt "1") + (terminal-switch #t)) + (greetd-terminal-configuration (terminal-vt "2")) + (greetd-terminal-configuration (terminal-vt "3")))))) + + (service console-font-service-type + (map (lambda (tty) + (cons tty (file-append + font-terminus + "/share/consolefonts/ter-132n"))) + '("tty1" "tty2" "tty3"))) + + (service screen-locker-service-type + (screen-locker-configuration + (name "swaylock") + (program (file-append swaylock "/bin/swaylock")) + (using-pam? #t) + (using-setuid? #t))) + + ;; Networking + (service network-manager-service-type) + (service wpa-supplicant-service-type) + + ;; dbus + (service avahi-service-type) + (service udisks-service-type) + (service accountsservice-service-type) + (service colord-service-type) + (service polkit-service-type) + (service dbus-root-service-type) + + ;; Cleanup stale font cache + fontconfig-file-system-service + + ;; Xwayland + (service x11-socket-directory-service-type) + + ;; Time + (service ntp-service-type) + + ;; Virtualization + (service libvirt-service-type + (libvirt-configuration + (libvirt (patch-libvirt libvirt)))) + (service virtlog-service-type) + + ;; udev including yubikey + (udev-rules-service 'pipewire-add-udev-rules pipewire) + (udev-rules-service 'fido2 libfido2 #:groups '("plugdev")) + ;; pwn home + (service guix-home-service-type + `(("ET", pwn-home-environment))) + (service nix-service-type)))) + + ;; Packages (system-wide) + (packages (cons* vim + git + cryptsetup + strace + nix + %base-packages))) |