diff options
| -rw-r--r-- | dom0/home.scm | 6 | ||||
| -rw-r--r-- | dom0/system.scm | 2 | ||||
| -rw-r--r-- | files/misc-config/dom0-sway-config (renamed from files/misc-config/sway-config) | 0 | ||||
| -rw-r--r-- | files/misc-config/pwn-sway-config | 246 | ||||
| -rw-r--r-- | pwn/home.scm | 107 | ||||
| -rw-r--r-- | pwn/packages.scm | 85 | ||||
| -rw-r--r-- | pwn/system-pwn.scm | 143 |
7 files changed, 545 insertions, 44 deletions
diff --git a/dom0/home.scm b/dom0/home.scm index d7bd9a7..a46d2f3 100644 --- a/dom0/home.scm +++ b/dom0/home.scm @@ -53,9 +53,9 @@ (service home-bash-service-type (home-bash-configuration - (bash-profile (list (local-file "files/scripts/sway-login") + (bash-profile (list (local-file "../files/scripts/sway-login") (plain-file "bash-profile" "flatpak -u remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo"))) - (bashrc (list (local-file "files/scripts/gpg-agent-tty"))))) + (bashrc (list (local-file "../files/scripts/gpg-agent-tty"))))) (simple-service 'xdg-user-directories-config-service home-xdg-user-directories-service-type @@ -63,7 +63,7 @@ (download "$HOME/Downloads"))) (service home-xdg-configuration-files-service-type - `(("sway/config" ,(local-file "./files/misc-config/sway-config")))) + `(("sway/config" ,(local-file "../files/misc-config/dom0-sway-config")))) (service home-gpg-agent-service-type (home-gpg-agent-configuration diff --git a/dom0/system.scm b/dom0/system.scm index 5892ef5..3757c0a 100644 --- a/dom0/system.scm +++ b/dom0/system.scm @@ -88,7 +88,7 @@ (append (list "https://substitutes.nonguix.org") %default-substitute-urls)) (authorized-keys - (append (list (local-file "files/nonguix-signing-key.pub")) + (append (list (local-file "..files/nonguix-signing-key.pub")) %default-authorized-guix-keys))))) (list ;; NVIDIA diff --git a/files/misc-config/sway-config b/files/misc-config/dom0-sway-config index 891de4c..891de4c 100644 --- a/files/misc-config/sway-config +++ b/files/misc-config/dom0-sway-config diff --git a/files/misc-config/pwn-sway-config b/files/misc-config/pwn-sway-config new file mode 100644 index 0000000..fb7c9ba --- /dev/null +++ b/files/misc-config/pwn-sway-config @@ -0,0 +1,246 @@ +# Default config for sway +# +# Copy this to ~/.config/sway/config and edit it to your liking. +# +# Read `man 5 sway` for a complete reference. + +### Variables +# +# Logo key. Use Mod1 for Alt. +set $mod Mod4 +# Home row direction keys, like vim +#set $left h +#set $down j +#set $up k +#set $right l +# Your preferred terminal emulator +set $term foot +# Your preferred application launcher +set $menu fuzzel + +### Output configuration +# +# Default wallpaper (more resolutions are available in /gnu/store/49nyzc50jn2svwb9i7k5739cvgaiac72-sway-1.10.1/share/backgrounds/sway/) +#output * bg $HOME/.gubes/files/wallpapers/taclnc.png fill + +# swaylock +#bindsym $mod+l exec swaylock -i $HOME/.gubes/files/wallpapers/taclnc.png + +# +# Example configuration: +# +# output HDMI-A-1 resolution 1920x1080 position 1920,0 +output * resolution 1920x1080 +exec dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY +# exec spice-vdagent +# You can get the names of your outputs by running: swaymsg -t get_outputs + +### Idle configuration +# +# Example configuration: +# +# exec swayidle -w \ +# timeout 300 'swaylock -f -c 000000' \ +# timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \ +# before-sleep 'swaylock -f -c 000000' +# +# This will lock your screen after 300 seconds of inactivity, then turn off +# your displays after another 300 seconds, and turn your screens back on when +# resumed. It will also lock your screen before your computer goes to sleep. + +### Input configuration + input * { + xkb_layout "gb" + } + + input <identifier> left_handed enabled +# Example configuration: +# +# input "2:14:SynPS/2_Synaptics_TouchPad" { +# dwt enabled +# tap enabled +# natural_scroll enabled +# middle_emulation enabled +# } +# +# You can get the names of your inputs by running: swaymsg -t get_inputs +# Read `man 5 sway-input` for more information about this section. + +### Key bindings +# +# Basics: +# + # Start a terminal + bindsym $mod+Return exec $term + + # Kill focused window + bindsym $mod+Shift+q kill + + # Start your launcher + bindsym $mod+d exec $menu + + # Drag floating windows by holding down $mod and left mouse button. + # Resize them with right mouse button + $mod. + # Despite the name, also works for non-floating windows. + # Change normal to inverse to use left mouse button for resizing and right + # mouse button for dragging. + floating_modifier $mod normal + + # Reload the configuration file + bindsym $mod+Shift+c reload + + # Exit sway (logs you out of your Wayland session) + bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' +# +# Moving around: +# + # Move your focus around + #bindsym $mod+$left focus left + #bindsym $mod+$down focus down + #bindsym $mod+$up focus up + #bindsym $mod+$right focus right + # Or use $mod+[up|down|left|right] + bindsym $mod+Left focus left + bindsym $mod+Down focus down + bindsym $mod+Up focus up + bindsym $mod+Right focus right + + # Move the focused window with the same, but add Shift + #bindsym $mod+Shift+$left move left + #bindsym $mod+Shift+$down move down + #bindsym $mod+Shift+$up move up + #bindsym $mod+Shift+$right move right + # Ditto, with arrow keys + bindsym $mod+Shift+Left move left + bindsym $mod+Shift+Down move down + bindsym $mod+Shift+Up move up + bindsym $mod+Shift+Right move right +# +# Workspaces: +# + # Switch to workspace + bindsym $mod+1 workspace number 1 + bindsym $mod+2 workspace number 2 + bindsym $mod+3 workspace number 3 + bindsym $mod+4 workspace number 4 + bindsym $mod+5 workspace number 5 + bindsym $mod+6 workspace number 6 + bindsym $mod+7 workspace number 7 + bindsym $mod+8 workspace number 8 + bindsym $mod+9 workspace number 9 + bindsym $mod+0 workspace number 10 + # Move focused container to workspace + bindsym $mod+Shift+1 move container to workspace number 1 + bindsym $mod+Shift+2 move container to workspace number 2 + bindsym $mod+Shift+3 move container to workspace number 3 + bindsym $mod+Shift+4 move container to workspace number 4 + bindsym $mod+Shift+5 move container to workspace number 5 + bindsym $mod+Shift+6 move container to workspace number 6 + bindsym $mod+Shift+7 move container to workspace number 7 + bindsym $mod+Shift+8 move container to workspace number 8 + bindsym $mod+Shift+9 move container to workspace number 9 + bindsym $mod+Shift+0 move container to workspace number 10 + # Note: workspaces can have any name you want, not just numbers. + # We just use 1-10 as the default. +# +# Layout stuff: +# + # You can "split" the current object of your focus with + # $mod+b or $mod+v, for horizontal and vertical splits + # respectively. + bindsym $mod+b splith + bindsym $mod+v splitv + + # Switch the current container between different layout styles + bindsym $mod+s layout stacking + bindsym $mod+w layout tabbed + bindsym $mod+e layout toggle split + + # Make the current focus fullscreen + bindsym $mod+f fullscreen + + # Toggle the current focus between tiling and floating mode + bindsym $mod+Shift+space floating toggle + + # Swap focus between the tiling area and the floating area + bindsym $mod+space focus mode_toggle + + # Move focus to the parent container + bindsym $mod+a focus parent +# +# Scratchpad: + + # Sway has a "scratchpad", which is a bag of holding for windows. + # You can send windows there and get them back later. + + # Move the currently focused window to the scratchpad + bindsym $mod+Shift+minus move scratchpad + + # Show the next scratchpad window or hide the focused scratchpad window. + # If there are multiple scratchpad windows, this command cycles through them. + bindsym $mod+minus scratchpad show +# +# Resizing containers: +# +mode "resize" { + # left will shrink the containers width + # right will grow the containers width + # up will shrink the containers height + # down will grow the containers height + #bindsym $left resize shrink width 10px + #bindsym $down resize grow height 10px + #bindsym $up resize shrink height 10px + #bindsym $right resize grow width 10px + + # Ditto, with arrow keys + bindsym Left resize shrink width 10px + bindsym Down resize grow height 10px + bindsym Up resize shrink height 10px + bindsym Right resize grow width 10px + + # Return to default mode + bindsym Return mode "default" + bindsym Escape mode "default" +} +bindsym $mod+r mode "resize" +# +# Utilities: +# + # Special keys to adjust volume via PulseAudio + bindsym --locked XF86AudioMute exec pactl set-sink-mute \@DEFAULT_SINK@ toggle + bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume \@DEFAULT_SINK@ -5% + bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume \@DEFAULT_SINK@ +5% + bindsym --locked XF86AudioMicMute exec pactl set-source-mute \@DEFAULT_SOURCE@ toggle + # Special keys to adjust brightness via brightnessctl + bindsym --locked XF86MonBrightnessDown exec brightnessctl set 5%- + bindsym --locked XF86MonBrightnessUp exec brightnessctl set 5%+ + # Special key to take a screenshot with grim + bindsym $mod+p exec grimshot copy area + # swaylock + #bindsym $mod+l exec swaylock -i /home/dom0/.config/gubes/files/wallpapers/taclnc.png + +# +# Status Bar: +# +# Read `man 5 sway-bar` for more information about this section. +bar { + position top + + # When the status_command prints a new line to stdout, swaybar updates. + # The default just shows the current date and time. + status_command while (echo "ET PWN HOME $(date +'%Y-%m-%d %X')"); do sleep 1; done + + colors { + statusline #ffffff + background #800080 + inactive_workspace #32323200 #32323200 #5c5c5c + } +} +set $opacity 0.96 +for_window [class=".*"] opacity $opacity +for_window [app_id="foot"] opacity $opacity + +client.focused #000000 #520C07 #ffffff +client.unfocused #000000 #363636 #ffffff + +include /gnu/store/49nyzc50jn2svwb9i7k5739cvgaiac72-sway-1.10.1/etc/sway/config.d/* diff --git a/pwn/home.scm b/pwn/home.scm new file mode 100644 index 0000000..86656b1 --- /dev/null +++ b/pwn/home.scm @@ -0,0 +1,107 @@ +(define-module (pwn home) + #:use-module (gnu) + #:use-module (gnu packages gnupg) + #:use-module (gnu services) + #:use-module (gnu home) + #:use-module (gnu home services) + #:use-module (gnu home services pm) + #:use-module (gnu home services sound) + #:use-module (gnu home services shells) + #:use-module (gnu home services desktop) + #:use-module (gnu home services gnupg) + #:use-module (gnu home services xdg) + #:use-module (nongnu packages nvidia) + #:use-module (nongnu services nvidia) + #:use-module (guix gexp) + #:use-module (nonguix transformations) + #:use-module (pwn packages) + #:export (pwn-home-environment)) + + (use-package-modules compression gnome gnome-xyz music video fonts freedesktop + linux package-management pulseaudio ssh + terminals xdisorg xorg glib virtualization + wm messaging gstreamer) + + (define pwn-home-environment + (home-environment + (services + (list + (simple-service 'profile-env-vars-service + home-environment-variables-service-type + '(;; Sort dot files first in ls + ("LC_COLLATE" . "C") + + ;; vim instead of nano + ("VISUAL" . "vim") + ("EDITOR" . "vim") + + ;; Wayland + ("XDG_CURRENT_DESKTOP" . "sway") + ("XDG_SESSION_TYPE" . "wayland") + ("RTC_USE_PIPEWIRE" . "true") + ("SDL_VIDEODRIVER" . "wayland") + ("MOZ_ENABLE_WAYLAND" . "1") + ("CLUTTER_BACKEND" . "wayland") + ("ELM_ENGINE" . "wayland_egl") + ("ECORE_EVAS_ENGINE" . "wayland-egl") + ("QT_QPA_PLATFORM" . "wayland-egl") + + ;; JAVA + ("_JAVA_AWT_WM_NONREPARENTING" . #t) + + ;; env-vars for Flatpak visibility + ("XDG_DATA_DIRS" . "$XDG_DATA_DIRS:$HOME/.local/share/flatpak/exports/share"))) + + (service home-bash-service-type + (home-bash-configuration + (bash-profile (list (local-file "../files/scripts/sway-login") + (plain-file "bash-profile" "flatpak -u remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo"))) + (bashrc (list (local-file "../files/scripts/gpg-agent-tty"))))) + + (simple-service 'xdg-user-directories-config-service + home-xdg-user-directories-service-type + (home-xdg-user-directories-configuration + (download "$HOME/Downloads"))) + + (simple-service 'add-nix-channels + home-files-service-type + `((".nix-channels" + ,(plain-file "nix-channels" + (string-append + "nixpkgs https://www.nixos.org/channels/nixpkgs-unstable \n" + "nixos https://www.nixos.org/channels/nixos-unstable"))))) + + (service home-xdg-configuration-files-service-type + `(("sway/config" ,(local-file "../files/misc-config/pwn-sway-config")))) + + (service home-gpg-agent-service-type + (home-gpg-agent-configuration + (pinentry-program + (file-append pinentry "/bin/pinentry")) + (ssh-support? #t))) + + (service home-dbus-service-type) + (service home-pipewire-service-type))) + + (packages (append ( + list xorg-server-xwayland flatpak sway + swayidle swaylock fuzzel foot + grimshot wl-clipboard network-manager-applet + + ;; XDG and Flatpak dependency + (list glib "bin") + xdg-desktop-portal xdg-desktop-portal-gtk + xdg-desktop-portal-wlr xdg-utils xdg-dbus-proxy + shared-mime-info + + ;; virt-man + virt-manager + ;; Audio + alsa-utils pavucontrol + ;; gstreamer + gstreamer gst-plugins-base gst-plugins-good + gst-plugins-bad gst-plugins-ugly gst-libav + ;; General + openssh zip unzip) + pwn-packages)))) + diff --git a/pwn/packages.scm b/pwn/packages.scm index 50980c7..f1fbeef 100644 --- a/pwn/packages.scm +++ b/pwn/packages.scm @@ -1,40 +1,45 @@ -(define pwn packages -#:use-module: (gnu) -#:use-module: (gnu packages networking) -#:use-module: (gnu packages databases) -#:use-module: (gnu packages rdesktop) -#:use-module: (gnu packages vnc) -#:use-module: (gnu packages password-utils) -#:use-module: (gnu packages python-web) -#:use-module: (gnu packages package-management) -export (pwn-packages)) - -(packages list (;; guix channel packages - ;; basic packages from (gnu) - curl rsync rlogin - samba ; provides smbclient - - ;; from (admin) - nmap tcpdump - - ;; from (networking) - socat fping - - ;; from (password-utils) - john-the-ripper-jumbo - hashcat thc-hydra - - ; from (databases) - mysql - - ; from (rdesktop) - freerdp ; provides xfreerdp client - - ; from (vnc) - remmina - - ; from (python-web) - python-scrapy - - ; from (package-management) - nix pipx)) +(define-module (pwn packages) +#:use-module (gnu) +#:use-module (gnu packages dns) +#:use-module (gnu packages networking) +#:use-module (gnu packages databases) +#:use-module (gnu packages rdesktop) +#:use-module (gnu packages vnc) +#:use-module (gnu packages admin) +#:use-module (gnu packages password-utils) +#:use-module (gnu packages python-web) +#:use-module (gnu packages package-management) +#:export (pwn-packages)) + +(use-package-modules curl rsync samba dns) + +(define pwn-packages (list + ;; guix channel packages + ;; basic packages from (gnu) + curl rsync (list isc-bind "utils") + samba ; provides smbclient + + ;; from (admin) + nmap tcpdump + + ;; from (networking) + socat fping + + ;; from (password-utils) + john-the-ripper-jumbo + hashcat hydra + + ;; from (databases) + mysql + + ;; from (rdesktop) + freerdp ; provides xfreerdp client + + ;; from (vnc) + remmina + + ;; from (python-web) + python-scrapy + + ;; from (package-management) + nix pipx)) diff --git a/pwn/system-pwn.scm b/pwn/system-pwn.scm new file mode 100644 index 0000000..e1a080c --- /dev/null +++ b/pwn/system-pwn.scm @@ -0,0 +1,143 @@ +;; Modules to import to access variables used. +(define-module (pwn system) + #:use-module (gnu) + #:use-module (gnu services guix) + #:use-module (guix transformations) + #:use-module (nongnu packages linux) + #:use-module (nongnu system linux-initrd) + #:use-module (pwn home)) + +(use-service-modules linux guix desktop pm audio virtualization + networking dbus xorg avahi spice nix) +(use-package-modules linux audio libusb wm fonts virtualization + freedesktop vim security-token cryptsetup version-control package-management) + +(define patch-libvirt + (options->transformation + '((with-patch . "libvirt=patches/libvirt-qemu-caps.patch")))) + +(operating-system + (locale "en_GB.utf8") + (timezone "Europe/London") + (keyboard-layout (keyboard-layout "gb")) + (host-name "pwn") + + ;; Users ('root' is implicit). + (users (cons* (user-account + (name "ET") + (comment "disposable machine") + (password (crypt "ET" "$6$abc")) + (group "users") + (home-directory "/home/home") + (supplementary-groups '("wheel" "plugdev" "netdev" "audio" "video"))) + %base-user-accounts)) + + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (targets '("/dev/vda")) + (terminal-outputs '(console)))) + + (file-systems (cons (file-system + (mount-point "/") + (device "/dev/vda1") + (type "ext4")) + %base-file-systems)) + + ;; Non-free + (kernel linux) + (firmware (list linux-firmware)) + (initrd microcode-initrd) + + ;; Services (system-wide) + (services (append + (modify-services %base-services + (delete login-service-type) + (delete mingetty-service-type) + (delete console-font-service-type) + ;; Add non-free substitutes + (guix-service-type + config => + (guix-configuration + (inherit config) + (substitute-urls + (append (list "https://substitutes.nonguix.org") + %default-substitute-urls)) + (authorized-keys + (append (list (local-file "../files/nonguix-signing-key.pub")) + %default-authorized-guix-keys))))) + (list + ;; systemd dependencies + (service elogind-service-type) + + ;; Spice and Qemu for VMs + (service spice-vdagent-service-type) + (service qemu-guest-agent-service-type) + + ;; PAM and login + (service greetd-service-type + (greetd-configuration + (greeter-supplementary-groups (list "video" "input")) + (terminals + (list + (greetd-terminal-configuration + (terminal-vt "1") + (terminal-switch #t)) + (greetd-terminal-configuration (terminal-vt "2")) + (greetd-terminal-configuration (terminal-vt "3")))))) + + (service console-font-service-type + (map (lambda (tty) + (cons tty (file-append + font-terminus + "/share/consolefonts/ter-132n"))) + '("tty1" "tty2" "tty3"))) + + (service screen-locker-service-type + (screen-locker-configuration + (name "swaylock") + (program (file-append swaylock "/bin/swaylock")) + (using-pam? #t) + (using-setuid? #t))) + + ;; Networking + (service network-manager-service-type) + (service wpa-supplicant-service-type) + + ;; dbus + (service avahi-service-type) + (service udisks-service-type) + (service accountsservice-service-type) + (service colord-service-type) + (service polkit-service-type) + (service dbus-root-service-type) + + ;; Cleanup stale font cache + fontconfig-file-system-service + + ;; Xwayland + (service x11-socket-directory-service-type) + + ;; Time + (service ntp-service-type) + + ;; Virtualization + (service libvirt-service-type + (libvirt-configuration + (libvirt (patch-libvirt libvirt)))) + (service virtlog-service-type) + + ;; udev including yubikey + (udev-rules-service 'pipewire-add-udev-rules pipewire) + (udev-rules-service 'fido2 libfido2 #:groups '("plugdev")) + ;; pwn home + (service guix-home-service-type + `(("ET", pwn-home-environment))) + (service nix-service-type)))) + + ;; Packages (system-wide) + (packages (cons* vim + git + cryptsetup + strace + nix + %base-packages))) |