mirror of
https://github.com/elitak/nixos-infect.git
synced 2024-11-26 23:13:24 +03:00
commit
a025094b20
46
nixos-infect
46
nixos-infect
@ -21,7 +21,7 @@ makeConf() {
|
||||
networking.hostName = "$(hostname)";
|
||||
networking.firewall.allowPing = true;
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [$(for key in ${keys[@]}; do echo -n "
|
||||
users.users.root.openssh.authorizedKeys.keys = [$(for key in "${keys[@]}"; do echo -n "
|
||||
\"$key\""; done)
|
||||
];
|
||||
}
|
||||
@ -39,23 +39,23 @@ EOF
|
||||
# XXX It'd be better if we used procfs for all this...
|
||||
local IFS=$'\n'
|
||||
eth0_name=$(ip address show | grep '^2:' | awk -F': ' '{print $2}')
|
||||
eth0_ip4s=($(ip address show dev $eth0_name | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|'))
|
||||
eth0_ip6s=($(ip address show dev $eth0_name | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || ''))
|
||||
gateway=($(ip route show dev $eth0_name | grep default | sed -r 's|default via ([0-9.]+).*|\1|'))
|
||||
ether0=($(ip address show dev $eth0_name | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|'))
|
||||
eth0_ip4s=$(ip address show dev "$eth0_name" | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|')
|
||||
eth0_ip6s=$(ip address show dev "$eth0_name" | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || '')
|
||||
gateway=$(ip route show dev "$eth0_name" | grep default | sed -r 's|default via ([0-9.]+).*|\1|')
|
||||
ether0=$(ip address show dev "$eth0_name" | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|')
|
||||
|
||||
eth1_name=$(ip address show | grep '^3:' | awk -F': ' '{print $2}')||true
|
||||
if [ -n "$eth1_name" ];then
|
||||
eth1_ip4s=($(ip address show dev $eth1_name | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|'))
|
||||
eth1_ip6s=($(ip address show dev $eth1_name | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || ''))
|
||||
ether1=($(ip address show dev $eth1_name | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|'))
|
||||
gateway6=($(ip -6 route show dev $eth1_name | grep default | sed -r 's|default via ([0-9a-f:]+).*|\1|' || true))
|
||||
eth1_ip4s=$(ip address show dev "$eth1_name" | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|')
|
||||
eth1_ip6s=$(ip address show dev "$eth1_name" | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || '')
|
||||
ether1=$(ip address show dev "$eth1_name" | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|')
|
||||
gateway6=$(ip -6 route show dev "$eth1_name" | grep default | sed -r 's|default via ([0-9a-f:]+).*|\1|' || true)
|
||||
interfaces1=<< EOF
|
||||
$eth1_name = {
|
||||
ip4 = [$(for a in ${eth1_ip4s[@]}; do echo -n "
|
||||
ip4 = [$(for a in "${eth1_ip4s[@]}"; do echo -n "
|
||||
$a"; done)
|
||||
];
|
||||
ip6 = [$(for a in ${eth1_ip6s[@]}; do echo -n "
|
||||
ip6 = [$(for a in "${eth1_ip6s[@]}"; do echo -n "
|
||||
$a"; done)
|
||||
];
|
||||
EOF
|
||||
@ -72,17 +72,17 @@ EOF
|
||||
# This file was populated at runtime with the networking
|
||||
# details gathered from the active system.
|
||||
networking = {
|
||||
nameservers = [$(for a in ${nameservers[@]}; do echo -n "
|
||||
nameservers = [$(for a in "${nameservers[@]}"; do echo -n "
|
||||
\"$a\""; done)
|
||||
];
|
||||
defaultGateway = "${gateway}";
|
||||
defaultGateway6 = "${gateway6}";
|
||||
interfaces = {
|
||||
$eth0_name = {
|
||||
ip4 = [$(for a in ${eth0_ip4s[@]}; do echo -n "
|
||||
ip4 = [$(for a in "${eth0_ip4s[@]}"; do echo -n "
|
||||
$a"; done)
|
||||
];
|
||||
ip6 = [$(for a in ${eth0_ip6s[@]}; do echo -n "
|
||||
ip6 = [$(for a in "${eth0_ip6s[@]}"; do echo -n "
|
||||
$a"; done)
|
||||
];
|
||||
};
|
||||
@ -112,18 +112,18 @@ EOF
|
||||
|
||||
makeSwap() {
|
||||
# TODO check currently available swapspace first
|
||||
swapFile=`mktemp /tmp/nixos-infect.XXXXX.swp`
|
||||
dd if=/dev/zero of=$swapFile bs=1M count=$((1*1024))
|
||||
chmod 0600 $swapFile
|
||||
mkswap $swapFile
|
||||
swapon -v $swapFile
|
||||
swapFile=$(mktemp /tmp/nixos-infect.XXXXX.swp)
|
||||
dd if=/dev/zero "of=$swapFile" bs=1M count=$((1*1024))
|
||||
chmod 0600 "$swapFile"
|
||||
mkswap "$swapFile"
|
||||
swapon -v "$swapFile"
|
||||
}
|
||||
|
||||
removeSwap() {
|
||||
for swapFile in /tmp/nixos-infect.*.swp
|
||||
do
|
||||
swapoff -v $swapFile
|
||||
rm -vf $swapFile
|
||||
swapoff -v "$swapFile"
|
||||
rm -vf "$swapFile"
|
||||
done
|
||||
}
|
||||
|
||||
@ -163,6 +163,7 @@ prepareEnv() {
|
||||
|
||||
# Nix installer tries to use sudo regardless of whether we're already uid 0
|
||||
#which sudo || { sudo() { eval "$@"; }; export -f sudo; }
|
||||
# shellcheck disable=SC2174
|
||||
mkdir -p -m 0755 /nix
|
||||
}
|
||||
|
||||
@ -192,13 +193,14 @@ infect() {
|
||||
# Add nix build users
|
||||
# FIXME run only if necessary, rather than defaulting true
|
||||
groupadd nixbld -g 30000 || true
|
||||
for i in {1..10}; do useradd -c "Nix build user $i" -d /var/empty -g nixbld -G nixbld -M -N -r -s $(which nologin) nixbld$i || true; done
|
||||
for i in {1..10}; do useradd -c "Nix build user $i" -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" nixbld$i || true; done
|
||||
# TODO use addgroup and adduser as fallbacks
|
||||
#addgroup nixbld -g 30000 || true
|
||||
#for i in {1..10}; do adduser -DH -G nixbld nixbld$i || true; done
|
||||
|
||||
curl https://nixos.org/nix/install | $SHELL
|
||||
|
||||
# shellcheck disable=SC1090
|
||||
source ~/.nix-profile/etc/profile.d/nix.sh
|
||||
|
||||
[[ -z "$NIX_CHANNEL" ]] && NIX_CHANNEL="nixos-17.03"
|
||||
|
Loading…
Reference in New Issue
Block a user