diff --git a/hosts/dev.nix b/hosts/dev.nix index b248570e..ab5305c2 100644 --- a/hosts/dev.nix +++ b/hosts/dev.nix @@ -72,6 +72,7 @@ monero-cli yubikey-personalization opensc + sbctl ]; dev = [ @@ -214,7 +215,6 @@ cmd = [ metasploit # linuxKernel.packages.linux_latest_libre.cpupower - clean-home just typst cosmic-term diff --git a/misc.nix b/misc.nix index 7b0188e0..9be6dd21 100755 --- a/misc.nix +++ b/misc.nix @@ -188,28 +188,35 @@ environment.etc = { "NIXOS".text = ""; "machine-id".text = "b08dfa6083e7567a1921a715000001fb\n"; - "sbctl/sbctl.conf".text = '' - keydir: /var/lib/sbctl/keys - guid: /var/lib/sbctl/GUID - files_db: /var/lib/sbctl/files.json - bundles_db: /var/lib/sbctl/bundles.json - landlock: true - db_additions: - - microsoft - keys: - pk: - privkey: /var/lib/sbctl/keys/PK/PK.key - pubkey: /var/lib/sbctl/keys/PK/PK.pem - type: file - kek: - privkey: /var/lib/sbctl/keys/KEK/KEK.key - pubkey: /var/lib/sbctl/keys/KEK/KEK.pem - type: file - db: - privkey: /var/lib/sbctl/keys/db/db.key - pubkey: /var/lib/sbctl/keys/db/db.pem - type: file - ''; + "sbctl/sbctl.conf".source = + let + sbctlVar = "/var/lib/sbctl"; + in + (pkgs.formats.yaml { }).generate "sbctl.conf" { + bundles_db = "${sbctlVar}/bundles.json"; + db_additions = [ "microsoft" ]; + files_db = "${sbctlVar}/files.json"; + guid = "${sbctlVar}/GUID"; + keydir = "${sbctlVar}/keys"; + keys = { + db = { + privkey = "${sbctlVar}/keys/db/db.key"; + pubkey = "${sbctlVar}/keys/db/db.pem"; + type = "file"; + }; + kek = { + privkey = "${sbctlVar}/keys/KEK/KEK.key"; + pubkey = "${sbctlVar}/keys/KEK/KEK.pem"; + type = "file"; + }; + pk = { + privkey = "${sbctlVar}/keys/PK/PK.key"; + pubkey = "${sbctlVar}/keys/PK/PK.pem"; + type = "file"; + }; + }; + landlock = true; + }; }; programs = { bash = { diff --git a/overlays.nix b/overlays.nix index 2116c681..c1b6cf3d 100755 --- a/overlays.nix +++ b/overlays.nix @@ -1,4 +1,6 @@ { inputs', inputs }: +# Go: https://github.com/NixOS/nixpkgs/issues/86349#issuecomment-624489806 +# Rust: [ ( final: prev: @@ -22,6 +24,43 @@ # }) # factorio-headless-experimental # ; + sbctl = ( + prev.callPackage "${prev.path}/pkgs/by-name/sb/sbctl/package.nix" { + buildGoModule = + args: + prev.buildGoModule ( + args + // ( + let + version = + let + myVersion = "0.16"; + inherit (prev.lib) versionOlder; + in + (if (versionOlder myVersion prev.pkgs.sbctl.version) then throw "Newer in nixpkgs" else myVersion); + in + { + inherit version; + + src = prev.fetchFromGitHub { + owner = "Foxboron"; + repo = "sbctl"; + rev = version; + hash = "sha256-BLSvjo6GCqpECJPJtQ6C2zEz1p03uyvxTYa+DoxZ78s="; + }; + ldflags = [ + "-s" + "-w" + "-X github.com/foxboron/sbctl.Version=${version}" + ]; + patches = [ ]; + vendorHash = "sha256-srfZ+TD93szabegwtzLTjB+uo8aj8mB4ecQ9m8er00A="; + doCheck = false; + } + ) + ); + } + ); inherit (inputs'.browser-previews.packages) google-chrome-beta; @@ -75,92 +114,6 @@ sha256 = "sha256-daLb7ebMVeL+f8WydH4DONkUA+0D6d+v+pohJb2qjOo="; }; }); - phantomsocks = - with prev; - buildGoModule rec { - pname = "phantomsocks"; - version = "unstable-2023-11-30"; - - src = fetchFromGitHub { - owner = "macronut"; - repo = pname; - rev = "b1b13c5b88cf3bac54f39c37c0ffcb0b46e31049"; - hash = "sha256-ptCzd2/8dNHjAkhwA2xpZH8Ki/9DnblHI2gAIpgM+8E="; - }; - - vendorHash = "sha256-0MJlz7HAhRThn8O42yhvU3p5HgTG8AkPM0ksSjWYAC4="; - - ldflags = [ - "-s" - "-w" - ]; - buildInputs = [ libpcap ]; - tags = [ "pcap" ]; - }; - - dae-unstable = prev.buildGoModule rec { - pname = "dae"; - version = "unstable"; - - src = prev.fetchFromGitHub { - owner = "daeuniverse"; - repo = "dae"; - rev = "16dfabc93596d4036c0c8418789a7b114bf61619"; - hash = "sha256-Ya/M0/bx8O50kqdHO14mPz56FfW4xXDu7rYLjlB3OZc="; - fetchSubmodules = true; - }; - - vendorHash = "sha256-/r118MbfHxXHt7sKN8DOGj+SmBqSZ+ttjYywnqOIPuY="; - - proxyVendor = true; - - nativeBuildInputs = [ prev.clang ]; - - ldflags = [ - "-s" - "-w" - "-X github.com/daeuniverse/dae/cmd.Version=${version}" - "-X github.com/daeuniverse/dae/common/consts.MaxMatchSetLen_=64" - ]; - - preBuild = '' - make CFLAGS="-D__REMOVE_BPF_PRINTK -fno-stack-protector -Wno-unused-command-line-argument" \ - NOSTRIP=y \ - ebpf - ''; - - # network required - doCheck = false; - - postInstall = '' - install -Dm444 install/dae.service $out/lib/systemd/system/dae.service - substituteInPlace $out/lib/systemd/system/dae.service \ - --replace /usr/bin/dae $out/bin/dae - ''; - meta.mainProgram = "dae"; - }; - - record-status = prev.writeShellScriptBin "record-status" '' - pid=`pgrep wf-recorder` - status=$? - if [ $status != 0 ] - then - echo ''; - else - echo ''; - fi; - ''; - - screen-recorder-toggle = prev.writeShellScriptBin "screen-recorder-toggle" '' - pid=`${prev.procps}/bin/pgrep wl-screenrec` - status=$? - if [ $status != 0 ] - then - ${prev.wl-screenrec}/bin/wl-screenrec -g "$(${prev.slurp}/bin/slurp)" -f $HOME/Videos/record/$(date +'recording_%Y-%m-%d-%H%M%S.mp4'); - else - ${prev.procps}/bin/pkill --signal SIGINT wl-screenrec - fi; - ''; save-clipboard-to = prev.writeShellScriptBin "save-clipboard-to" '' wl-paste > $HOME/Pictures/Screenshots/$(date +'shot_%Y-%m-%d-%H%M%S.png') @@ -176,14 +129,6 @@ ''; }; - clean-home = final.nuenv.writeScriptBin { - name = "clean-home"; - script = '' - cd /home/riro/ - ls | each {|i| findmnt $i.name | if $in == "" { rm -rf $i.name}} - cd - - ''; - }; systemd-run-app = prev.writeShellApplication { name = "systemd-run-app"; text = '' diff --git a/pkgs/sbctl.nix b/pkgs/sbctl.nix new file mode 100644 index 00000000..09af74ed --- /dev/null +++ b/pkgs/sbctl.nix @@ -0,0 +1,65 @@ +{ + lib, + buildGoModule, + fetchFromGitHub, + installShellFiles, + asciidoc, + nix-update-script, +}: + +buildGoModule rec { + pname = "sbctl"; + version = "0.16"; + + src = fetchFromGitHub { + owner = "Foxboron"; + repo = pname; + rev = version; + hash = "sha256-BLSvjo6GCqpECJPJtQ6C2zEz1p03uyvxTYa+DoxZ78s="; + }; + + vendorHash = "sha256-srfZ+TD93szabegwtzLTjB+uo8aj8mB4ecQ9m8er00A="; + + ldflags = [ + "-s" + "-w" + "-X github.com/foxboron/sbctl.Version=${version}" + ]; + + nativeBuildInputs = [ + installShellFiles + asciidoc + ]; + + postBuild = '' + make docs/sbctl.8 + ''; + + postInstall = '' + installManPage docs/sbctl.8 + + installShellCompletion --cmd sbctl \ + --bash <($out/bin/sbctl completion bash) \ + --fish <($out/bin/sbctl completion fish) \ + --zsh <($out/bin/sbctl completion zsh) + ''; + + # TODO: Test of github.com/google/go-tpm-tools/simulator/internal are broken? + doCheck = false; + + passthru.updateScript = nix-update-script { }; + + meta = with lib; { + description = "Secure Boot key manager"; + mainProgram = "sbctl"; + homepage = "https://github.com/Foxboron/sbctl"; + license = licenses.mit; + maintainers = with maintainers; [ + raitobezarius + Scrumplex + ]; + # go-uefi do not support darwin at the moment: + # see upstream on https://github.com/Foxboron/go-uefi/issues/13 + platforms = platforms.linux; + }; +} diff --git a/userPkgs.nix b/userPkgs.nix index 1eba8b12..da35fff3 100644 --- a/userPkgs.nix +++ b/userPkgs.nix @@ -65,7 +65,7 @@ with pkgs; # wpsoffice-cn - sbctl + # sbctl qbittorrent protonmail-bridge @@ -114,7 +114,7 @@ with pkgs; # social # discord - materialgram + # materialgram element-desktop-wayland # thunderbird # fluffychat @@ -161,7 +161,6 @@ with pkgs; # texlive.combined.scheme-full vlc bluedevil - julia-bin prismlauncher ] ++ (with pkgs; [ fluent-icon-theme ])