diff --git a/error b/error new file mode 100644 index 0000000..240dd5c --- /dev/null +++ b/error @@ -0,0 +1,14 @@ +○ yubikey-touch-detector.service - yubikey-touch-detector + Loaded: loaded (/home/moth/.config/systemd/user/yubikey-touch-detector.service; enabled; preset: enabled) + Active: inactive (dead) + +Jul 15 20:29:36 pcLexell systemd[1672]: /nix/store/7kckxc8g79h8qgdp5b1ixrwq8qcy02q0-yubikey-touch-detector.service/yubikey-touch-detector.service:2: Unknown key name 'After' in section 'Install', ignoring. +Jul 15 20:29:36 pcLexell systemd[1672]: /nix/store/7kckxc8g79h8qgdp5b1ixrwq8qcy02q0-yubikey-touch-detector.service/yubikey-touch-detector.service:4: Unknown key name 'Wants' in section 'Install', ignoring. +Jul 15 20:29:36 pcLexell systemd[1672]: /nix/store/7kckxc8g79h8qgdp5b1ixrwq8qcy02q0-yubikey-touch-detector.service/yubikey-touch-detector.service:5: Unknown key name 'Wants' in section 'Install', ignoring. +Jul 15 20:41:01 pcLexell systemd[1672]: /home/moth/.config/systemd/user/yubikey-touch-detector.service:2: Unknown key name 'After' in section 'Install', ignoring. +Jul 15 20:41:01 pcLexell systemd[1672]: /home/moth/.config/systemd/user/yubikey-touch-detector.service:4: Unknown key name 'Wants' in section 'Install', ignoring. +Jul 15 20:41:01 pcLexell systemd[1672]: /home/moth/.config/systemd/user/yubikey-touch-detector.service:5: Unknown key name 'Wants' in section 'Install', ignoring. +Jul 15 20:41:01 pcLexell systemd[1672]: /home/moth/.config/systemd/user/yubikey-touch-detector.service:3: Unknown key name 'Wants' in section 'Install', ignoring. +Jul 15 20:41:01 pcLexell systemd[1672]: /home/moth/.config/systemd/user/yubikey-touch-detector.service:4: Unknown key name 'Wants' in section 'Install', ignoring. +Jul 15 20:41:01 pcLexell systemd[1672]: /nix/store/0c6k4bslwfghs6gqk7h76jw51v2y0dgs-yubikey-touch-detector.service/yubikey-touch-detector.service:3: Unknown key name 'Wants' in section 'Install', ignoring. +Jul 15 20:41:01 pcLexell systemd[1672]: /nix/store/0c6k4bslwfghs6gqk7h76jw51v2y0dgs-yubikey-touch-detector.service/yubikey-touch-detector.service:4: Unknown key name 'Wants' in section 'Install', ignoring. diff --git a/machines/pcLexell/awesome/default.nix b/machines/pcLexell/awesome/default.nix index c778a67..eae4979 100644 --- a/machines/pcLexell/awesome/default.nix +++ b/machines/pcLexell/awesome/default.nix @@ -17,7 +17,7 @@ }; home-manager.users.moth = {pkgs, ...}: { - #home.file.".config/awesome".source = ./awesome; + home.file.".config/awesome".source = ./awesome; xsession.windowManager.command = '' export AWESOME_THEMES_PATH="/home/moth/.config/awesome/themes" # See init.fish oncecall function diff --git a/machines/pcLexell/initrd.backup.nix b/machines/pcLexell/initrd.backup.nix new file mode 100644 index 0000000..3461347 --- /dev/null +++ b/machines/pcLexell/initrd.backup.nix @@ -0,0 +1,92 @@ +# Infrastructure config by DomesticMoth +# +# To the extent possible under law, the person who associated CC0 with +# this work has waived all copyright and related or neighboring rights +# to it. +# +# You should have received a copy of the CC0 legalcode along with this +# work. If not, see . +{ + config, + pkgs, + lib, + inputs, + ... +}: { + environment.systemPackages = with pkgs; [ + tree + b3sum + openssl + ]; + + #services.getty.autologinUser = "root"; + + boot.initrd = { + extraUtilsCommands = '' + copy_bin_and_libs ${pkgs.bash}/bin/bash + copy_bin_and_libs ${pkgs.b3sum}/bin/b3sum + copy_bin_and_libs ${pkgs.util-linux}/bin/lsblk + copy_bin_and_libs ${pkgs.tree}/bin/tree + copy_bin_and_libs ${pkgs.openssl}/bin/openssl + ''; + kernelModules = [ + "uas" + "usbcore" + "usb_storage" + "vfat" + "nls_cp437" + "nls_iso8859_1" + ]; + availableKernelModules = [ + # For better luks encryption performance + "aesni_intel" + "cryptd" + ]; + # TODO Add hello message with my contacts + postDeviceCommands = let + path_hash = "50e97458df1ecadddd93c088873054dae35bedf51530e98df80d9c2ad814520a"; + content_hash = "f1ac885c1f27071f89ff728d627fa7859f86e6526d9fd1ebd164a48d60515db1"; + in + lib.mkBefore '' + REF_PATH_HASH="${path_hash}" + REF_CONTENT_HASH="${content_hash}" + mkdir -p /key + mkdir -p /decrypt + echo "Waiting two seconds to make sure the USB key has been loaded" + sleep 2 + echo "Geting list of FAT32 partitions on all disks" + lsblk -f --raw | grep "vfat FAT32" | cut -f1 -d" " | while read partition + do + echo "Mount /dev/$partition to /key" + mount -n -t vfat -o ro /dev/$partition /key + echo "List files in /key" + tree /key -fxainF -L 3 --prune --noreport | grep -v '/$' | grep -v '>' | tr -d '*' | while read file + do + HASH=$(echo $file | b3sum | cut -f1 -d" ") + if [ "$REF_PATH_HASH" == "$HASH" ]; then + echo "file found: $file" + CONTENT_HASH=$(b3sum $file | cut -f1 -d" ") + if [ "$CONTENT_HASH" == "$REF_CONTENT_HASH" ]; then + echo "found key file: $file" + cp $file /decrypt/encrypted_key + return + fi + fi + done + echo "Unmount /key" + umount /key + done + # Decrypt /decrypt/encrypted_key with openssl to /decrypt/decrypted_key + clear + read -sp "Enter password:" PASSWORD + openssl enc -aes-256-cbc -d -pbkdf2 -in /decrypt/encrypted_key -out /decrypt/decrypted_key -k "$PASSWORD" + #cat /decrypt/decrypted_key + # Unlock luks partition with /decrypt/decrypted_key + #bash + ''; + luks.devices."crypted" = { + keyFile = "/decrypt/decrypted_key"; + preLVM = lib.mkForce false; + }; + }; +} diff --git a/service b/service new file mode 100644 index 0000000..7e0c2ff --- /dev/null +++ b/service @@ -0,0 +1,239 @@ +Type=simple +ExitType=main +Restart=no +NotifyAccess=none +RestartUSec=100ms +TimeoutStartUSec=1min 30s +TimeoutStopUSec=1min 30s +TimeoutAbortUSec=1min 30s +TimeoutStartFailureMode=terminate +TimeoutStopFailureMode=terminate +RuntimeMaxUSec=infinity +RuntimeRandomizedExtraUSec=0 +WatchdogUSec=infinity +WatchdogTimestampMonotonic=0 +RootDirectoryStartOnly=no +RemainAfterExit=no +GuessMainPID=yes +MainPID=0 +ControlPID=0 +FileDescriptorStoreMax=0 +NFileDescriptorStore=0 +StatusErrno=0 +Result=success +ReloadResult=success +CleanResult=success +UID=[not set] +GID=[not set] +NRestarts=0 +OOMPolicy=stop +ReloadSignal=1 +ExecMainStartTimestampMonotonic=0 +ExecMainExitTimestampMonotonic=0 +ExecMainPID=0 +ExecMainCode=0 +ExecMainStatus=0 +ExecStart={ path=/nix/store/skkl7yd7x0f3nlv2kphlx77mkc8mgxn0-yubikey-touch-detector ; argv[]=/nix/store/skkl7yd7x0f3nlv2kphlx77mkc8mgxn0-yubikey-touch-detector ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 } +ExecStartEx={ path=/nix/store/skkl7yd7x0f3nlv2kphlx77mkc8mgxn0-yubikey-touch-detector ; argv[]=/nix/store/skkl7yd7x0f3nlv2kphlx77mkc8mgxn0-yubikey-touch-detector ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 } +Slice=app.slice +ControlGroupId=0 +MemoryCurrent=[not set] +MemoryAvailable=infinity +CPUUsageNSec=[not set] +TasksCurrent=[not set] +IPIngressBytes=[no data] +IPIngressPackets=[no data] +IPEgressBytes=[no data] +IPEgressPackets=[no data] +IOReadBytes=18446744073709551615 +IOReadOperations=18446744073709551615 +IOWriteBytes=18446744073709551615 +IOWriteOperations=18446744073709551615 +Delegate=no +CPUAccounting=yes +CPUWeight=[not set] +StartupCPUWeight=[not set] +CPUShares=[not set] +StartupCPUShares=[not set] +CPUQuotaPerSecUSec=infinity +CPUQuotaPeriodUSec=infinity +IOAccounting=no +IOWeight=[not set] +StartupIOWeight=[not set] +BlockIOAccounting=no +BlockIOWeight=[not set] +StartupBlockIOWeight=[not set] +MemoryAccounting=yes +DefaultMemoryLow=0 +DefaultMemoryMin=0 +MemoryMin=0 +MemoryLow=0 +MemoryHigh=infinity +MemoryMax=infinity +MemorySwapMax=infinity +MemoryZSwapMax=infinity +MemoryLimit=infinity +DevicePolicy=auto +TasksAccounting=yes +TasksMax=76887 +IPAccounting=no +ManagedOOMSwap=auto +ManagedOOMMemoryPressure=auto +ManagedOOMMemoryPressureLimit=0 +ManagedOOMPreference=none +Environment=PATH=/nix/store/q3rdxplhag8f207xczrh59bybgb6chlm-gnupg-2.4.0/bin:/nix/store/vnpiazvywys7w82wvs5fa84214421msp-yubikey-touch-detector-1.10.1/bin +UMask=0022 +LimitCPU=infinity +LimitCPUSoft=infinity +LimitFSIZE=infinity +LimitFSIZESoft=infinity +LimitDATA=infinity +LimitDATASoft=infinity +LimitSTACK=infinity +LimitSTACKSoft=8388608 +LimitCORE=infinity +LimitCORESoft=infinity +LimitRSS=infinity +LimitRSSSoft=infinity +LimitNOFILE=524288 +LimitNOFILESoft=1024 +LimitAS=infinity +LimitASSoft=infinity +LimitNPROC=256290 +LimitNPROCSoft=256290 +LimitMEMLOCK=8388608 +LimitMEMLOCKSoft=8388608 +LimitLOCKS=infinity +LimitLOCKSSoft=infinity +LimitSIGPENDING=256290 +LimitSIGPENDINGSoft=256290 +LimitMSGQUEUE=819200 +LimitMSGQUEUESoft=819200 +LimitNICE=0 +LimitNICESoft=0 +LimitRTPRIO=0 +LimitRTPRIOSoft=0 +LimitRTTIME=infinity +LimitRTTIMESoft=infinity +WorkingDirectory=!/home/moth +OOMScoreAdjust=200 +CoredumpFilter=0x33 +Nice=0 +IOSchedulingClass=2 +IOSchedulingPriority=4 +CPUSchedulingPolicy=0 +CPUSchedulingPriority=0 +CPUAffinityFromNUMA=no +NUMAPolicy=n/a +TimerSlackNSec=50000 +CPUSchedulingResetOnFork=no +NonBlocking=no +StandardInput=null +StandardOutput=journal +StandardError=inherit +TTYReset=no +TTYVHangup=no +TTYVTDisallocate=no +SyslogPriority=30 +SyslogLevelPrefix=yes +SyslogLevel=6 +SyslogFacility=3 +LogLevelMax=-1 +LogRateLimitIntervalUSec=0 +LogRateLimitBurst=0 +SecureBits=0 +CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore +DynamicUser=no +RemoveIPC=no +PrivateTmp=no +PrivateDevices=no +ProtectClock=no +ProtectKernelTunables=no +ProtectKernelModules=no +ProtectKernelLogs=no +ProtectControlGroups=no +PrivateNetwork=no +PrivateUsers=no +PrivateMounts=no +PrivateIPC=no +ProtectHome=no +ProtectSystem=no +SameProcessGroup=no +UtmpMode=init +IgnoreSIGPIPE=yes +NoNewPrivileges=no +SystemCallErrorNumber=2147483646 +LockPersonality=no +RuntimeDirectoryPreserve=no +RuntimeDirectoryMode=0755 +StateDirectoryMode=0755 +CacheDirectoryMode=0755 +LogsDirectoryMode=0755 +ConfigurationDirectoryMode=0755 +TimeoutCleanUSec=infinity +MemoryDenyWriteExecute=no +RestrictRealtime=no +RestrictSUIDSGID=no +RestrictNamespaces=no +MountAPIVFS=no +KeyringMode=inherit +ProtectProc=default +ProcSubset=all +ProtectHostname=no +KillMode=control-group +KillSignal=15 +RestartKillSignal=15 +FinalKillSignal=9 +SendSIGKILL=yes +SendSIGHUP=no +WatchdogSignal=6 +Id=yubikey-touch-detector.service +Names=yubikey-touch-detector.service +Requires=basic.target app.slice +WantedBy=graphical-session.target +Conflicts=shutdown.target +Before=graphical-session.target shutdown.target +After=basic.target app.slice +Description=yubikey-touch-detector +LoadState=loaded +ActiveState=inactive +FreezerState=running +SubState=dead +FragmentPath=/home/moth/.config/systemd/user/yubikey-touch-detector.service +UnitFileState=enabled +UnitFilePreset=enabled +StateChangeTimestamp=Sat 2023-07-15 20:25:03 +04 +StateChangeTimestampMonotonic=1181387789 +InactiveExitTimestampMonotonic=0 +ActiveEnterTimestampMonotonic=0 +ActiveExitTimestampMonotonic=0 +InactiveEnterTimestampMonotonic=0 +CanStart=yes +CanStop=yes +CanReload=no +CanIsolate=no +CanFreeze=yes +StopWhenUnneeded=no +RefuseManualStart=no +RefuseManualStop=no +AllowIsolate=no +DefaultDependencies=yes +OnSuccessJobMode=fail +OnFailureJobMode=replace +IgnoreOnIsolate=no +NeedDaemonReload=no +JobTimeoutUSec=infinity +JobRunningTimeoutUSec=infinity +JobTimeoutAction=none +ConditionResult=no +AssertResult=no +ConditionTimestampMonotonic=0 +AssertTimestampMonotonic=0 +Transient=no +Perpetual=no +StartLimitIntervalUSec=10s +StartLimitBurst=5 +StartLimitAction=none +FailureAction=none +SuccessAction=none +CollectMode=inactive