Add some new pwn services configsHEADmain

3 files changed, 204 insertions, 0 deletions

diff --git a/disposable/system-dsp.scm b/disposable/system-dsp.scm
new file mode 100644
index 0000000..d5ec979
--- /dev/null
+++ b/disposable/system-dsp.scm
@@ -0,0 +1,141 @@
+;; Modules to import to access variables used.
+(define-module (corpo system)
+  #:use-module (gnu)
+  #:use-module (gnu services guix)
+  #:use-module (nongnu packages linux)
+  #:use-module (nongnu system linux-initrd)
+  #:use-module (nongnu packages nvidia)
+  #:use-module (nongnu services nvidia)
+  #:use-module (corpo home))
+
+(use-service-modules linux guix desktop pm audio virtualization 
+		     networking dbus xorg avahi spice)
+(use-package-modules linux audio libusb wm fonts
+		     freedesktop vim security-token cryptsetup)
+
+(operating-system
+  (locale "en_GB.utf8")
+  (timezone "Europe/London")
+  (keyboard-layout (keyboard-layout "gb"))
+  (host-name "disposable")
+
+  ;; Users ('root' is implicit).
+  (users (cons* (user-account
+                  (name "trash")
+                  (comment "disposable machine")
+		  (password (crypt "trash" "$6$abc"))
+                  (group "users")
+                  (home-directory "/home/trash")
+                  (supplementary-groups '("wheel" "plugdev" "netdev" "audio" "video")))
+                %base-user-accounts))
+
+  (bootloader (bootloader-configuration
+                (bootloader grub-bootloader)
+                (targets '("/dev/vda"))
+                (terminal-outputs '(console))))
+
+  (file-systems (cons (file-system
+                        (mount-point "/")
+                        (device "/dev/vda1")
+                        (type "ext4"))
+                      %base-file-systems))
+
+  ;; Non-free
+  (kernel linux)
+  (kernel-arguments '("modprobe.blacklist=nouveau"
+		      ;"nvidia_drm.modeset=1"
+		      "quiet"))
+  (firmware (list linux-firmware))
+  (initrd microcode-initrd)
+
+  ;; Services (system-wide)
+  (services (append
+	      (modify-services %base-services
+			       (delete login-service-type)
+			       (delete mingetty-service-type)
+			       (delete console-font-service-type)
+			       ;; Add non-free substitutes
+			       (guix-service-type
+				 config =>
+				 (guix-configuration
+				   (inherit config)
+				   (substitute-urls
+				     (append (list "https://substitutes.nonguix.org")
+					     %default-substitute-urls))
+				     (authorized-keys
+				       (append (list (local-file "files/nonguix-signing-key.pub"))
+					       %default-authorized-guix-keys)))))
+	      (list 
+	      ;; NVIDIA
+	      ;(service nvidia-service-type)
+	      
+	      ;; systemd dependencies
+	      (service elogind-service-type)
+
+	      ;; Spice and Qemu for VMs
+	      (service spice-vdagent-service-type)
+	      (service qemu-guest-agent-service-type)
+
+	      ;; PAM and login
+	      (service greetd-service-type
+		       (greetd-configuration
+			 (greeter-supplementary-groups (list "video" "input"))
+                         (terminals
+			   (list
+			     (greetd-terminal-configuration
+			       (terminal-vt "1")
+			       (terminal-switch #t))
+			     (greetd-terminal-configuration (terminal-vt "2"))
+			     (greetd-terminal-configuration (terminal-vt "3"))))))
+
+	      (service console-font-service-type
+		       (map (lambda (tty)
+			    (cons tty (file-append
+					font-terminus
+					"/share/consolefonts/ter-132n")))
+			    '("tty1" "tty2" "tty3")))
+
+	      (service screen-locker-service-type
+		       (screen-locker-configuration
+			 (name "swaylock")
+			 (program (file-append swaylock "/bin/swaylock"))
+			 (using-pam? #t)
+			 (using-setuid? #t)))
+
+	      ;; Networking
+	      (service network-manager-service-type)
+	      (service wpa-supplicant-service-type)
+	      
+	      ;; dbus
+	      (service avahi-service-type)
+	      (service udisks-service-type)
+	      (service accountsservice-service-type)
+	      (service colord-service-type)
+	      (service polkit-service-type)
+	      (service dbus-root-service-type)
+
+	      ;; Cleanup stale font cache
+              fontconfig-file-system-service
+
+	      ;; Power and thermals
+	      (service thermald-service-type)
+	      (service power-profiles-daemon-service-type)
+
+	      ;; Xwayland
+	      (service x11-socket-directory-service-type)
+
+	      ;; Time
+	      (service ntp-service-type)
+
+	      ;; udev including yubikey
+	      (udev-rules-service 'pipewire-add-udev-rules pipewire)
+	      (udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))
+	      ;; corpo home
+	      (service guix-home-service-type
+		       `(("worker" ,corpo-home-environment))))))
+
+  ;; Packages (system-wide) 
+  (packages (cons* vim
+		   cryptsetup
+		   strace
+		   %base-packages)))
diff --git a/pwn/packages/python-bloodhound.scm b/pwn/packages/python-bloodhound.scm
new file mode 100644
index 0000000..c786771
--- /dev/null
+++ b/pwn/packages/python-bloodhound.scm
@@ -0,0 +1,32 @@
+(define-module (pwn packages python-bloodhound)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix gexp)
+  #:use-module (guix build-system python)
+  #:use-module (gnu packages python-crypto)
+  #:use-module (gnu packages python-web)
+  #:use-module (gnu packages python-xyz)
+  #:use-module (gnu packages python-build)
+  #:use-module (pwn packages impacket)
+  #:use-module (guix licenses))
+
+(define-public python-bloodhound
+	       (package
+		 (name "Bloodhound.py")
+		 (version "1.0.1")
+		 (source (origin
+			   (method url-fetch)
+			   (uri (string-append "https://github.com/dirkjanm/BloodHound.py/archive/refs/tags/v" version  ".tar.gz"))
+			   (sha256
+			     (base32
+			       "0d3744zbkgilb1zv83kcqsyzb5wraphvbjpn7wc8hkj717mg1vcg"))))
+		 (build-system python-build-system)
+		 (arguments 
+		   (list #:tests? #f))
+		 (native-inputs (list python-wheel python-future))
+		 (propagated-inputs (list impacket python-dnspython python-ldap3 python-pyasn1 python-pycryptodome))
+		 (synopsis "Python based ingestor for BloodHound, based on Impacket.")
+		 (description "Bloodhound is an Attack Path Management solution that continuously maps and quantifies Active Directory attack paths. It helps eliminate millions—even billions—of attack paths within your existing architecture, removing the attacker’s easiest, most reliable, and most attractive techniques. Originally written by Dirk-jan Mollema, Edwin van Vliet and Matthijs Gielen from Fox-IT (NCC Group), BloodHound.py is currently maintained by Dirk-jan Mollema from Outsider Security. The implementation and data model is based on the original tool from SpecterOps. ")
+		 (home-page "https://github.com/dirkjanm/BloodHound.py")
+		 (license expat)))
+python-bloodhound
diff --git a/pwn/services.scm b/pwn/services.scm
new file mode 100644
index 0000000..f4f33de
--- /dev/null
+++ b/pwn/services.scm
@@ -0,0 +1,31 @@
+(define-module (pwn services)
+#:use-module(gnu)
+#:use-module(pwn packages)
+#:export (pwn-services)
+
+;; Define the shepherd actions for the one-shot service to use
+(shepherd-action
+  (name 'nix-service-setup)
+  (documentation "Initial nix package manager setup")
+  (procedure #~(lambda '(ln -s "/nix/var/nix/profiles/per-user/$USER/profile" ~/.nix-profile
+			 ))))
+
+(shepherd-action
+  (name 'nix-pkgs)
+  (documentation "Command to install list of Nix packages")
+  (procedure #~(lambda '(
+			 ))))
+
+(shepherd-action
+  (name 'pipx-pkgs)
+  (documentation "Command to install list of pipx packages")
+  (procedure #~(lambda '(
+			 ))))
+
+(services (list 
+	    (shepherd-service
+	      (documentation "Install nix packages")
+	      (provision '(nix))
+	      (requirement '(user-processes))
+	      (one-shot? #t)
+	      (actions (list nix-pkgs pipx-pkgs ))))))