Browse Source

some mac spoofing to make device tracking much harder

master
parent
commit
783fb5a6af
Signed by: govanify GPG Key ID: DE62E1E2A6145556
8 changed files with 79 additions and 62 deletions
  1. +4
    -2
      common/default.nix
  2. +3
    -1
      common/graphical.nix
  3. +44
    -0
      common/mac.nix
  4. +9
    -0
      common/xdg.nix
  5. +11
    -57
      dotfiles/graphical/sway/config
  6. +6
    -0
      machines/xanadu/default.nix
  7. +1
    -1
      machines/xanadu/hardware.nix
  8. +1
    -1
      pkgs/tmux.nix

+ 4
- 2
common/default.nix View File

@ -6,7 +6,7 @@
./locale.nix
./xdg.nix
./sandboxing.nix
(import "${builtins.fetchTarball https://github.com/rycee/home-manager/archive/release-19.09.tar.gz}/nixos")
(import "${builtins.fetchTarball https://github.com/rycee/home-manager/archive/master.tar.gz}/nixos")
./../secrets/deployment.nix
./../pkgs/vim.nix
./../pkgs/zsh.nix
@ -17,7 +17,7 @@
# basic set of tools & ssh
environment.systemPackages = with pkgs; [
wget neovim tmux git git-crypt
rsync imagemagick mosh gnupg
rsync imagemagick mosh gnupg macchanger
];
programs.mosh.enable = true;
@ -59,5 +59,7 @@
"en.wikipedia.org" "google.com" "govanify.com" "lkml.org" "www.apache.org"
"www.duckduckgo.com" "www.kernel.org" "www.mozilla.org" "www.xkcd.com"];
}

+ 3
- 1
common/graphical.nix View File

@ -16,6 +16,8 @@
wofi grim wl-clipboard slurp
# multimedia
mpv imv
# reading
calibre okular
# web browsers
# standard firefox is used for basically everything and is "impossible" to
# fingerprint with my configuration, but i do login on websites sometimes.
@ -25,7 +27,7 @@
# art
blender krita kdenlive ardour
# stem
freecad kicad wireshark
freecad kicad wireshark android-studio
#ghidra in the future when it is actually updated
# themes
breeze-gtk breeze-qt5 breeze-icons

+ 44
- 0
common/mac.nix View File

@ -0,0 +1,44 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.services.macspoofer;
in {
options.services.macspoofer = {
enable = mkEnableOption "Mac Spoofer service";
interface = mkOption {
type = types.str;
default = "";
};
};
# we do not spoof the OUI part of the MAC address in this case. The reason is
# twofold: since all connection is wired through tor, hopefully, your traffic
# could be automatically identified and your MAC address assumed to be
# spoofed, since Tails does spoof it. With that said, Tails do not spoof the
# OUI part of the MAC address and as such breaking the OUI stamdard would make
# you stand out compared to Tails user, which makes you somewhat stand out as
# using a different technology.
# Morale of the day: use common network cards or add to macchanger an OUI list
# support. Also you might still be able to be tracked down against a truly
# global adversary: 1. list people using tor in their network 2. list people
# using your OUI (a small subset I'd assume) OR list people breaking the OUI
# standard (basically only you by this point).
# The more people use tor, the better our security will be.
config = lib.mkIf cfg.enable {
systemd.services.macspoofer = {
wantedBy = [ "multi-user.target" ];
description = "Mac Spoofer service";
wants = [ "network-pre.target" ];
before = [ "network-pre.target" ];
bindsTo = [ "sys-subsystem-net-devices-${cfg.interface}.device" ];
after = [ "sys-subsystem-net-devices-${cfg.interface}.device" ];
serviceConfig = {
Type = "oneshot";
ExecStart = ''
${pkgs.macchanger}/bin/macchanger -e ${cfg.interface}
'';
};
};
};
}

+ 9
- 0
common/xdg.nix View File

@ -65,6 +65,15 @@
#sed -i 's/"~\/\.w3m"/"~\/\.config\/w3m"/' $(grep -Rl '"~\/\.w3m"')
#'';
#});
# fuck this dev, contains config+cache hence data
# https://github.com/baldurk/renderdoc/pull/1741
renderdoc = super.renderdoc.overrideAttrs (oldAttrs: rec {
postPatch = ''
sed -i 's/"\.renderdoc"/"\.local\/share\/renderdoc"/' $(grep -Rl '"\.renderdoc"')
'';
});
};
};

+ 11
- 57
dotfiles/graphical/sway/config View File

@ -1,30 +1,18 @@
# Default config for sway
#
# Copy this to ~/.config/sway/config and edit it to your liking.
#
# Read `man 5 sway` for a complete reference.
### Variables
#
# Logo key. Use Mod1 for Alt.
set $mod Mod4
# Home row direction keys, like vim
set $left h
set $down j
set $up k
set $right l
set $lock "swaylock -i ~/Pictures/wallpaper.png -l -F --indicator-radius 100 --indicator-thickness 7 --ring-color bb00cc --key-hl-color 880033"
# auto lock
exec swayidle -w \
timeout 300 'swaylock -i ~/Pictures/wallpaper.png -l -F --indicator-radius 100 --indicator-thickness 7 --ring-color bb00cc --key-hl-color 880033' \
timeout 600 'swaymsg "output * dpms off"' \
resume 'swaymsg "output * dpms on"' \
before-sleep 'swaylock -i ~/Pictures/wallpaper.png -l -F --indicator-radius 100 --indicator-thickness 7 --ring-color bb00cc --key-hl-color 880033'
### Output configuration
#
# Default wallpaper (more resolutions are available in /usr/share/backgrounds/sway/)
# screen
output * bg ~/Pictures/wallpaper.png fill
output eDP-1 scale 2.0
@ -33,53 +21,19 @@ exec swaymsg "workspace 1; exec firefox"
exec swaymsg "workspace 1; exec ibus-daemon -dr"
exec swaymsg "workspace 2; exec termite -e tmux"
# ui chrome
default_border pixel 1
bindsym $mod+i exec /etc/sway/locale.sh
seat seat0 xcursor_theme breeze_cursors 48
#
#default_border none
#gaps outer 10
#gaps inner 20
#
# Example configuration:
#
# output HDMI-A-1 resolution 1920x1080 position 1920,0
#
# You can get the names of your outputs by running: swaymsg -t get_outputs
### Idle configuration
#
# Example configuration:
#
# exec swayidle -w \
# timeout 300 'swaylock -f -c 000000' \
# timeout 600 'swaymsg "output * dpms off"' \
# resume 'swaymsg "output * dpms on"' \
# before-sleep 'swaylock -f -c 000000'
#
# This will lock your screen after 300 seconds of inactivity, then turn off
# your displays after another 300 seconds, and turn your screens back on when
# resumed. It will also lock your screen before your computer goes to sleep.
# IME
bindsym $mod+i exec /etc/sway/locale.sh
### Input configuration
#
# Example configuration:
#
# input "2:14:SynPS/2_Synaptics_TouchPad" {
# dwt enabled
# tap enabled
# natural_scroll enabled
# middle_emulation enabled
# }
#
input "2:14:ETPS/2_Elantech_Touchpad" {
dwt enabled
tap enabled
middle_emulation enabled
}
# inputs
input "2:14:ETPS/2_Elantech_Touchpad" {
dwt enabled
tap enabled
middle_emulation enabled
}
#
# You can get the names of your inputs by running: swaymsg -t get_inputs
# Read `man 5 sway-input` for more information about this section.

+ 6
- 0
machines/xanadu/default.nix View File

@ -5,6 +5,7 @@
imports = [ ./hardware.nix
../../common/default.nix
../../common/tor.nix
../../common/mac.nix
../../common/laptop.nix
../../common/gaming.nix
];
@ -72,6 +73,11 @@
outputNic = "wlp1s0";
inputNic = "wlp1s0";
};
services.macspoofer = {
enable = true;
interface = "wlp1s0";
};
home-manager.users.govanify = {

+ 1
- 1
machines/xanadu/hardware.nix View File

@ -5,7 +5,7 @@
boot.initrd.availableKernelModules = [ "ahci" "nvme" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "i915" "kvm-intel" ];
boot.kernelModules = [ "i915" "kvm-intel" "vfat" ];
boot.extraModulePackages = [ ];
fileSystems."/" =

+ 1
- 1
pkgs/tmux.nix View File

@ -4,7 +4,7 @@
clock24 = true;
keyMode = "vi";
terminal = "tmux-256color";
extraTmuxConf = ''
extraConfig = ''
set -ga terminal-overrides ",*256col*:Tc"
set-window-option -g automatic-rename off
set -g @resurrect-processes ':all:'

Loading…
Cancel
Save