2024-03-17 18:48:49 +00:00
|
|
|
{
|
|
|
|
lib,
|
|
|
|
pkgs,
|
|
|
|
modulesPath,
|
|
|
|
...
|
|
|
|
}:
|
|
|
|
{
|
2024-04-07 19:07:02 +00:00
|
|
|
############################################
|
|
|
|
# #
|
|
|
|
# For install image debugging execute: #
|
|
|
|
# $ qemu-kvm result/stick.raw -snapshot #
|
|
|
|
# #
|
|
|
|
############################################
|
2024-03-17 18:48:49 +00:00
|
|
|
systemd.tmpfiles.rules = [ "d /var/shared 0777 root root - -" ];
|
2023-07-28 14:37:10 +00:00
|
|
|
imports = [
|
|
|
|
(modulesPath + "/profiles/installation-device.nix")
|
|
|
|
(modulesPath + "/profiles/all-hardware.nix")
|
|
|
|
(modulesPath + "/profiles/base.nix")
|
2024-04-12 13:54:04 +00:00
|
|
|
(modulesPath + "/installer/cd-dvd/iso-image.nix")
|
2023-07-28 14:37:10 +00:00
|
|
|
];
|
2023-07-07 13:55:13 +00:00
|
|
|
services.openssh.settings.PermitRootLogin = "yes";
|
|
|
|
system.activationScripts.root-password = ''
|
2023-07-24 09:31:52 +00:00
|
|
|
mkdir -p /var/shared
|
2023-07-07 13:55:13 +00:00
|
|
|
${pkgs.pwgen}/bin/pwgen -s 16 1 > /var/shared/root-password
|
|
|
|
echo "root:$(cat /var/shared/root-password)" | chpasswd
|
|
|
|
'';
|
2023-07-24 10:09:11 +00:00
|
|
|
hidden-ssh-announce = {
|
2023-07-07 13:55:13 +00:00
|
|
|
enable = true;
|
2023-10-27 14:56:54 +00:00
|
|
|
script = pkgs.writeShellScript "write-hostname" ''
|
2023-07-28 16:17:10 +00:00
|
|
|
set -efu
|
2024-03-17 18:48:49 +00:00
|
|
|
export PATH=${
|
|
|
|
lib.makeBinPath (
|
|
|
|
with pkgs;
|
|
|
|
[
|
|
|
|
iproute2
|
|
|
|
coreutils
|
|
|
|
jq
|
|
|
|
qrencode
|
|
|
|
]
|
|
|
|
)
|
|
|
|
}
|
2023-10-27 14:56:54 +00:00
|
|
|
|
2023-07-24 09:31:52 +00:00
|
|
|
mkdir -p /var/shared
|
2023-07-07 13:55:13 +00:00
|
|
|
echo "$1" > /var/shared/onion-hostname
|
2023-10-27 14:56:54 +00:00
|
|
|
local_addrs=$(ip -json addr | jq '[map(.addr_info) | flatten | .[] | select(.scope == "global") | .local]')
|
|
|
|
jq -nc \
|
2023-07-24 10:09:11 +00:00
|
|
|
--arg password "$(cat /var/shared/root-password)" \
|
2023-10-27 14:56:54 +00:00
|
|
|
--arg onion_address "$(cat /var/shared/onion-hostname)" \
|
|
|
|
--argjson local_addrs "$local_addrs" \
|
2024-04-22 19:04:41 +00:00
|
|
|
'{ pass: $password, onion_address: $onion_address, addrs: $local_addrs }' \
|
2023-10-27 14:56:54 +00:00
|
|
|
> /var/shared/login.json
|
|
|
|
cat /var/shared/login.json | qrencode -t utf8 -o /var/shared/qrcode.utf8
|
2023-07-07 13:55:13 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
services.getty.autologinUser = lib.mkForce "root";
|
|
|
|
programs.bash.interactiveShellInit = ''
|
2024-03-17 18:14:24 +00:00
|
|
|
if [[ "$(tty)" =~ /dev/(tty1|hvc0|ttyS0)$ ]]; then
|
2023-10-27 14:56:54 +00:00
|
|
|
echo -n 'waiting for tor to generate the hidden service'
|
|
|
|
until test -e /var/shared/qrcode.utf8; do echo -n .; sleep 1; done
|
|
|
|
echo
|
|
|
|
echo "Root password: $(cat /var/shared/root-password)"
|
|
|
|
echo "Onion address: $(cat /var/shared/onion-hostname)"
|
|
|
|
echo "Local network addresses:"
|
|
|
|
${pkgs.iproute}/bin/ip -brief -color addr | grep -v 127.0.0.1
|
2023-07-24 10:09:11 +00:00
|
|
|
cat /var/shared/qrcode.utf8
|
2023-07-07 13:55:13 +00:00
|
|
|
fi
|
|
|
|
'';
|
2024-04-12 13:54:04 +00:00
|
|
|
isoImage.squashfsCompression = "zstd";
|
2023-07-07 13:55:13 +00:00
|
|
|
}
|