From 78692d222db64e1a6cd80ee73cdcf5bca9a8bc5e Mon Sep 17 00:00:00 2001 From: Tristan Druyen Date: Sun, 24 Dec 2023 08:39:26 +0100 Subject: [PATCH] WIP: Update flakes, add internal ca cert, add xmrig --- ext/install-cert-to-moz.sh | 10 ++++++ ext/internal-ca.crt | 19 +++++++++++ flake.lock | 64 ++++++++++++++++++------------------- flake.nix | 3 +- home-mods/shell/default.nix | 1 + os-mods/common/default.nix | 3 ++ os-mods/xmr/default.nix | 3 +- 7 files changed, 69 insertions(+), 34 deletions(-) create mode 100755 ext/install-cert-to-moz.sh create mode 100644 ext/internal-ca.crt diff --git a/ext/install-cert-to-moz.sh b/ext/install-cert-to-moz.sh new file mode 100755 index 0000000..b53fde3 --- /dev/null +++ b/ext/install-cert-to-moz.sh @@ -0,0 +1,10 @@ +#/usr/bin/env bash +# +certificateFile="./internal-ca.crt" +certificateName="Ökonzept internal CA" +for certDB in $(find ~/.mozilla* ~/.thunderbird -name "cert9.db") +do + certDir=$(dirname ${certDB}); + echo "mozilla certificate" "install '${certificateName}' in ${certDir}" + certutil -A -n "${certificateName}" -t "TCu,Cuw,Tuw" -i ${certificateFile} -d ${certDir} +done diff --git a/ext/internal-ca.crt b/ext/internal-ca.crt new file mode 100644 index 0000000..d37df69 --- /dev/null +++ b/ext/internal-ca.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGTCCAnqgAwIBAgIBADAKBggqhkjOPQQDBDCBgTELMAkGA1UEBhMCREUxDDAK +BgNVBAgMA05SVzEVMBMGA1UEBwwMRMO8c3NlbGRvcmYgMRcwFQYDVQQKDA7Dlmtv +bnplcHQgR21iSDEeMBwGCSqGSIb3DQEJARYPdGRAb2Vrb256ZXB0LmRlMRQwEgYD +VQQDDAtpbnRlcm5hbC1jYTAeFw0yMzEyMjExNTQ5NDlaFw0yNjAzMjUxNTQ5NDla +MIGBMQswCQYDVQQGEwJERTEMMAoGA1UECAwDTlJXMRUwEwYDVQQHDAxEw7xzc2Vs +ZG9yZiAxFzAVBgNVBAoMDsOWa29uemVwdCBHbWJIMR4wHAYJKoZIhvcNAQkBFg90 +ZEBvZWtvbnplcHQuZGUxFDASBgNVBAMMC2ludGVybmFsLWNhMIGbMBAGByqGSM49 +AgEGBSuBBAAjA4GGAAQA3DJTMO9l/tX2BZMvaYT8UBKQZU0dks1VpirQby2S7Ve2 +YEQWVzpICigaKdNaJp/vfyMoTLWuPc72J7BoQWjdMBQAZLmMERta0FdeDWKRR1XC +QJudrNNu4NWTHvR1n49or7XXXZOVBQHMRIXK6sybZ4f7qrNgGvoHgnII34oLfLHA +mZijgZ0wgZowNwYJYIZIAYb4QgENBCoWKE9QTnNlbnNlIEdlbmVyYXRlZCBDZXJ0 +aWZpY2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFAvqn2SyuDp8a8g9isltriGYJ9Bz +MB8GA1UdIwQYMBaAFAvqn2SyuDp8a8g9isltriGYJ9BzMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMEA4GMADCBiAJCAIrXKSrGMv9c ++jxs7EYX6LFYQ5sB0H5Q9LdxFu8VU6zpFGjnj1OpivL+jkEYRddjlho3+LMdaBar ++vw5PbXZ0luQAkIBK4djE3TCTJZQJ7sfdDVE97/JwDVwW+L2SFAmhMy9aG9qQ+r2 +SiPOrOuAJTgxDCctlXSv9KqUxy8eg2lk7cgaYx4= +-----END CERTIFICATE----- diff --git a/flake.lock b/flake.lock index ec3f667..8c00f24 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "yafas": "yafas" }, "locked": { - "lastModified": 1702730787, - "narHash": "sha256-mEgoSmjoTQwQ8Q28p4PRaKdLJTmY51fU1+BttBktOqE=", + "lastModified": 1703336473, + "narHash": "sha256-3aBvTFbEplF4dBzTPQ7AXYtWHOdlKLd/K0faUtKQbyA=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "f01adca2fae49191974c397e11b293b025f0c7d3", + "rev": "69a7b82cbe4c3395230d6066989a28b7636d52f1", "type": "github" }, "original": { @@ -45,11 +45,11 @@ ] }, "locked": { - "lastModified": 1702569759, - "narHash": "sha256-Ze3AdEEsVZBRJ4wn13EZpV1Uubkzi59TkC4j2G9xoFI=", + "lastModified": 1703162528, + "narHash": "sha256-pQ41wN6JlStkZOhRTIHEpuwVywLdh+xzZQW1+FzdjVs=", "owner": "nix-community", "repo": "disko", - "rev": "98ab91109716871f50ea8cb0e0ac7cc1e1e14714", + "rev": "a050895e4eb06e0738680021a701ea05dc8dbfc9", "type": "github" }, "original": { @@ -252,11 +252,11 @@ ] }, "locked": { - "lastModified": 1702814678, - "narHash": "sha256-zDtO0jV2QLoddUJinLlTQrQqCUW3dPiIWOSYgg98T7E=", + "lastModified": 1703367386, + "narHash": "sha256-FMbm48UGrBfOWGt8+opuS+uLBLQlRfhiYXhHNcYMS5k=", "owner": "nix-community", "repo": "home-manager", - "rev": "1488651d02c1a7a15e284210f0d380a62d8d8cef", + "rev": "d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224", "type": "github" }, "original": { @@ -273,11 +273,11 @@ ] }, "locked": { - "lastModified": 1702782546, - "narHash": "sha256-Y/y9Xpd8W2CSFIAXJExAvg72J8STmGk7CP2Vv91t930=", + "lastModified": 1703387252, + "narHash": "sha256-XKJqGj0BaEn/zyctEnkgVIh6Ba1rgTRc+UBi9EU8Y54=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "27edc98a32959b003e4bcef9719ad6f24e312343", + "rev": "f4340c1a42c38d79293ba69bfd839fbd6268a538", "type": "github" }, "original": { @@ -328,11 +328,11 @@ }, "nixos-unstable": { "locked": { - "lastModified": 1702312524, - "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", + "lastModified": 1703255338, + "narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a9bf124c46ef298113270b1f84a164865987a91c", + "rev": "6df37dc6a77654682fe9f071c62b4242b5342e04", "type": "github" }, "original": { @@ -344,12 +344,12 @@ }, "nixpkgs": { "locked": { - "lastModified": 1702312524, - "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", - "rev": "a9bf124c46ef298113270b1f84a164865987a91c", - "revCount": 558881, + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "revCount": 561409, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.558881%2Brev-a9bf124c46ef298113270b1f84a164865987a91c/018c5fba-8d93-798c-8bda-4b11a431ccba/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.561409%2Brev-54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6/018c8732-ea5c-725f-a6c9-9ed48683aa5a/source.tar.gz" }, "original": { "type": "tarball", @@ -392,11 +392,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1702539185, - "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=", + "lastModified": 1703134684, + "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447", + "rev": "d6863cbcbbb80e71cecfc03356db1cda38919523", "type": "github" }, "original": { @@ -424,11 +424,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1702645756, - "narHash": "sha256-qKI6OR3TYJYQB3Q8mAZ+DG4o/BR9ptcv9UnRV2hzljc=", + "lastModified": 1703068421, + "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "40c3c94c241286dd2243ea34d3aef8a488f9e4d0", + "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f", "type": "github" }, "original": { @@ -493,11 +493,11 @@ }, "nur": { "locked": { - "lastModified": 1702849536, - "narHash": "sha256-kGYoCw+KyLx5PpsCI3p2LxgyOsWYJon6ghq8Iq0XU6c=", + "lastModified": 1703402894, + "narHash": "sha256-d2MGoEhaw3izYE/OWtdTPl+ZzHKnx7sle7r2BTXgzKs=", "owner": "nix-community", "repo": "NUR", - "rev": "452bdab51c4eebec9aa2db7b84da63340dacb52d", + "rev": "382e3d672e400c73e772e97472d10ac98e2e0be6", "type": "github" }, "original": { @@ -532,11 +532,11 @@ ] }, "locked": { - "lastModified": 1700267030, - "narHash": "sha256-1ke+7xrkCVOI13RJ1w6EjCGcJywkN3bbTKbLWAt4jaE=", + "lastModified": 1703264118, + "narHash": "sha256-YzwzOqSDNLFcG2HulMw0k5reDhBPysq9AT1D8Y0Rky8=", "owner": "pjones", "repo": "plasma-manager", - "rev": "019a8fd22a26c8d59f63aa9cc8a9c1729d6ffbda", + "rev": "8e8f0852a49f9f776cbaf2156ebe8b4a8d4bf720", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f97f840..a9833e3 100644 --- a/flake.nix +++ b/flake.nix @@ -58,6 +58,7 @@ , nixtheplanet , nixinate , home-manager + , plasma-manager , emacs-overlay , nur , nix-index-database @@ -96,7 +97,7 @@ hmModules = [ nix-index-database.hmModules.nix-index nur.hmModules.nur - inputs.plasma-manager.homeManagerModules.plasma-manager + plasma-manager.homeManagerModules.plasma-manager ]; osModules = [ disko.nixosModules.disko diff --git a/home-mods/shell/default.nix b/home-mods/shell/default.nix index ae079df..af87730 100644 --- a/home-mods/shell/default.nix +++ b/home-mods/shell/default.nix @@ -197,6 +197,7 @@ in cmake curl direnv + exercism filezilla fd gnutls diff --git a/os-mods/common/default.nix b/os-mods/common/default.nix index e6a2c74..97e4cda 100644 --- a/os-mods/common/default.nix +++ b/os-mods/common/default.nix @@ -20,6 +20,9 @@ ''; }; + security.pki.certificates = [ + (lib.readFile ../../ext/internal-ca.crt) + ]; home-manager.backupFileExtension = "bak"; # locale diff --git a/os-mods/xmr/default.nix b/os-mods/xmr/default.nix index c5fca42..d06b429 100644 --- a/os-mods/xmr/default.nix +++ b/os-mods/xmr/default.nix @@ -10,8 +10,9 @@ dataDir = "/media/SanDisk/monero"; # TODO make config option for this and set sensible default limits.upload = 1024; }; - environment.systemPackages = with pkgs; [ + environment.systemPackages = with pkgs.unstable-os; [ monero-gui monero-cli + xmrig ]; }