cleverca22/configuration2.nix Secret

## configuration2.nix
# nix-build -I nixpkgs=/home/clever/apps/nixpkgs/ '<nixpkgs/nixos>' -A config.system.build.kexec_script -I nixos-config=/home/clever/apps/nixpkgs/configuration2.nix

{ lib, pkgs, config, ... }:

with lib;

{
  imports = [ <nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix> ];
  system.build.kexec_script = pkgs.writeTextFile {
    executable = true;
    name = "kexec-nixos";
    text = ''
      #!${pkgs.stdenv.shell}
      export PATH=${pkgs.kexectools}/bin:$PATH
      kexec -l ${config.system.build.kernel}/bzImage --initrd=${config.system.build.netbootRamdisk}/initrd --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
      sync
      echo "executing kernel, filesystems will be improperly umounted"
      kexec -e
    '';
  };
  boot.loader.grub.enable = false;
  boot.kernelParams = [ "console=ttyS0,115200" ];
  systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
  networking.hostName = "kexec";
  users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC34wZQFEOGkA5b0Z6maE3aKy/ix1MiK1D0Qmg4E9skAA57yKtWYzjA23r5OCF4Nhlj1CuYd6P1sEI/fMnxf+KkqqgW3ZoZ0+pQu4Bd8Ymi3OkkQX9kiq2coD3AFI6JytC6uBi6FaZQT5fG59DbXhxO5YpZlym8ps1obyCBX0hyKntD18RgHNaNM+jkQOhQ5OoxKsBEobxQOEdjIowl2QeEHb99n45sFr53NFqk3UCz0Y7ZMf1hSFQPuuEC/wExzBBJ1Wl7E1LlNA4p9O3qJUSadGZS4e5nSLqMnbQWv2icQS/7J8IwY0M8r1MsL8mdnlXHUofPlG1r4mtovQ2myzOx clever@nixos" ];
}

## gistfile1.txt
[nix-shell:~/netboot]$ wget http://c2d.localnet/netboot/bzImage
[nix-shell:~/netboot]$ wget http://c2d.localnet/netboot/initrd
[root@nixos:~/netboot]# chvt 1
[root@nixos:~/nixpkgs]# ./result/bin/kexec -l ~/netboot/bzImage --append="init=/nix/store/9wd0czcp37kwrwn0i7ipvhmdp9i4s6ni-nixos-system-nixos-17.03pre56789.gfedcba/init loglevel=7" --initrd=/root/netboot/initrd

## gistfile2.patch
diff --git a/pkgs/os-specific/linux/kexectools/default.nix b/pkgs/os-specific/linux/kexectools/default.nix
index cb30de4..cb2fc09 100644
--- a/pkgs/os-specific/linux/kexectools/default.nix
+++ b/pkgs/os-specific/linux/kexectools/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
     sha256 = "03cj7w2l5fqn72xfhl4q6z0zbziwkp9bfn0gs7gaf9i44jv6gkhl";
   };

-  hardeningDisable = [ "format" ];
+  hardeningDisable = [ "all" ];

   buildInputs = [ zlib ];


## gistfile3.txt
[clever@amd-nixos:~/apps/nixpkgs]$ nix-build -I nixpkgs=/home/clever/apps/nixpkgs/ '<nixpkgs/nixos>' -A config.system.build.kexec_script -I nixos-config=/home/clever/apps/nixpkgs/configuration2.nix
[clever@amd-nixos:~/apps/nixpkgs]$ nix-copy-closure --to root@192.168.2.144 result
[clever@amd-nixos:~/apps/nixpkgs]$ ssh root@192.168.2.144 /nix/store/kd2yjpphdar7lk63vzxd6lm3ajwv8jd9-kexec-nixos
[clever@amd-nixos:~/apps/nixpkgs]$ ssh root@192.168.2.144
The authenticity of host '192.168.2.144 (192.168.2.144)' can't be established.
ED25519 key fingerprint is SHA256:0w0vUR2x7okVm18rc+TYDE9tYeweUSEhF/lg/Mfgnic.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.2.144' (ED25519) to the list of known hosts.
Last login: Fri Dec  2 04:17:41 2016

[root@kexec:~]#
	# nix-build -I nixpkgs=/home/clever/apps/nixpkgs/ '<nixpkgs/nixos>' -A config.system.build.kexec_script -I nixos-config=/home/clever/apps/nixpkgs/configuration2.nix

	{ lib, pkgs, config, ... }:

	with lib;

	{
	imports = [ <nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix> ];
	system.build.kexec_script = pkgs.writeTextFile {
	executable = true;
	name = "kexec-nixos";
	text = ''
	#!${pkgs.stdenv.shell}
	export PATH=${pkgs.kexectools}/bin:$PATH
	kexec -l ${config.system.build.kernel}/bzImage --initrd=${config.system.build.netbootRamdisk}/initrd --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
	sync
	echo "executing kernel, filesystems will be improperly umounted"
	kexec -e
	'';
	};
	boot.loader.grub.enable = false;
	boot.kernelParams = [ "console=ttyS0,115200" ];
	systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
	networking.hostName = "kexec";
	users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC34wZQFEOGkA5b0Z6maE3aKy/ix1MiK1D0Qmg4E9skAA57yKtWYzjA23r5OCF4Nhlj1CuYd6P1sEI/fMnxf+KkqqgW3ZoZ0+pQu4Bd8Ymi3OkkQX9kiq2coD3AFI6JytC6uBi6FaZQT5fG59DbXhxO5YpZlym8ps1obyCBX0hyKntD18RgHNaNM+jkQOhQ5OoxKsBEobxQOEdjIowl2QeEHb99n45sFr53NFqk3UCz0Y7ZMf1hSFQPuuEC/wExzBBJ1Wl7E1LlNA4p9O3qJUSadGZS4e5nSLqMnbQWv2icQS/7J8IwY0M8r1MsL8mdnlXHUofPlG1r4mtovQ2myzOx clever@nixos" ];
	}
	[nix-shell:~/netboot]$ wget http://c2d.localnet/netboot/bzImage
	[nix-shell:~/netboot]$ wget http://c2d.localnet/netboot/initrd
	[root@nixos:~/netboot]# chvt 1
	[root@nixos:~/nixpkgs]# ./result/bin/kexec -l ~/netboot/bzImage --append="init=/nix/store/9wd0czcp37kwrwn0i7ipvhmdp9i4s6ni-nixos-system-nixos-17.03pre56789.gfedcba/init loglevel=7" --initrd=/root/netboot/initrd
	diff --git a/pkgs/os-specific/linux/kexectools/default.nix b/pkgs/os-specific/linux/kexectools/default.nix
	index cb30de4..cb2fc09 100644
	--- a/pkgs/os-specific/linux/kexectools/default.nix
	+++ b/pkgs/os-specific/linux/kexectools/default.nix
	@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
	sha256 = "03cj7w2l5fqn72xfhl4q6z0zbziwkp9bfn0gs7gaf9i44jv6gkhl";
	};

	- hardeningDisable = [ "format" ];
	+ hardeningDisable = [ "all" ];

	buildInputs = [ zlib ];
	[clever@amd-nixos:~/apps/nixpkgs]$ nix-build -I nixpkgs=/home/clever/apps/nixpkgs/ '<nixpkgs/nixos>' -A config.system.build.kexec_script -I nixos-config=/home/clever/apps/nixpkgs/configuration2.nix
	[clever@amd-nixos:~/apps/nixpkgs]$ nix-copy-closure --to root@192.168.2.144 result
	[clever@amd-nixos:~/apps/nixpkgs]$ ssh root@192.168.2.144 /nix/store/kd2yjpphdar7lk63vzxd6lm3ajwv8jd9-kexec-nixos
	[clever@amd-nixos:~/apps/nixpkgs]$ ssh root@192.168.2.144
	The authenticity of host '192.168.2.144 (192.168.2.144)' can't be established.
	ED25519 key fingerprint is SHA256:0w0vUR2x7okVm18rc+TYDE9tYeweUSEhF/lg/Mfgnic.
	Are you sure you want to continue connecting (yes/no)? yes
	Warning: Permanently added '192.168.2.144' (ED25519) to the list of known hosts.
	Last login: Fri Dec 2 04:17:41 2016

	[root@kexec:~]#