commit c1045ce9a8e68e0ed113ae920dea221650c0f797 parent adf64a7fabf6fcea42ccd2d65a5f39e01ee0c425 Author: xfnw <xfnw@riseup.net> Date: Sat, 6 Mar 2021 02:45:15 +0000 first working version Diffstat:
| A | blix.nix | | | 89 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
1 file changed, 89 insertions(+), 0 deletions(-)
diff --git a/blix.nix b/blix.nix @@ -0,0 +1,89 @@ +# This module defines a small blix live enviorment + +{config, pkgs, lib, ...}: + +with lib; + +{ + imports = [ + <nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix> + <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix> + + <nixpkgs/nixos/modules/profiles/clone-config.nix> + <nixpkgs/nixos/modules/profiles/all-hardware.nix> + <nixpkgs/nixos/modules/profiles/base.nix> + ]; + + # ISO naming. + isoImage.isoName = "blix-${config.system.nixos.label}-${pkgs.stdenv.system}.iso"; + + isoImage.volumeID = substring 0 11 "BLIX_ISO"; + + # EFI booting + isoImage.makeEfiBootable = true; + + # USB booting + isoImage.makeUsbBootable = true; + + # Add Memtest86+ to the CD. + boot.loader.grub.memtest86.enable = true; + + networking.hostName = "blix"; + networking.wireless.enable = true; + networking.useDHCP = true; + + i18n.defaultLocale = "en_US.UTF-8"; + + + documentation.nixos.enable = true; + + services.getty.autologinUser = "u"; + + users.users.u = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" "video" "libvirt" "docker" ]; + + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1N +TE5AAAAIDBUk5IjB3+trnVO6pncivFbOetUL8BPTl3CwAtk4532 xfnw@raven" ]; + }; + security.sudo.wheelNeedsPassword = false; + + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ + wget vim tmux gnupg ncdu mosh + git curl rsync wireguard-tools + w3m lynx elinks + + # network analysis + nmap masscan termshark netsniff-ng argus bettercap + stress-ng multimon-ng aircrack-ng mfcuk pixiewps + hcxtools dirb sslyze sslsplit whsniff sniffglue + + # research + theharvester + + # disk analysis + testdisk squashfs-tools-ng ddrescue volatility + stegseek + + # exploit + doona metasploit twa wifite2 burpsuite wpscan wfuzz + sqlmap thc-hydra + #dsniff routersploit + + # crack + hashcat mfoc pyrit john + cowpatty bully deepsea reaverwps + + # security scan + lynis chkrootkit + ]; + + environment.variables.GC_INITIAL_HEAP_SIZE = "1M"; + boot.kernel.sysctl."vm.overcommit_memory" = "1"; + boot.consoleLogLevel = 7; + networking.firewall.logRefusedConnections = false; + system.extraDependencies = with pkgs; [ stdenv stdenvNoCC busybox jq ]; + + services.openssh.enable = true; +}