fix: darwin, feat: work vm auto connect

2026-04-15 11:01:58 -04:00
parent c72759d426
commit d5224d79ac
4 changed files with 56 additions and 2 deletions
--- a/homes/aarch64-darwin/evanreichard@mac-va-mbp-work/default.nix
+++ b/homes/aarch64-darwin/evanreichard@mac-va-mbp-work/default.nix
@@ -24,6 +24,7 @@ in
      terminal = {
        bash = {
          enable = true;
+          customProfile = builtins.readFile ./vm-init.sh;
          customFastFetchLogo = ./prophet.txt;
        };
        aws = enabled;
@@ -48,7 +49,7 @@ in
  programs.jq = enabled;
  programs.pandoc = enabled;
  home.packages = with pkgs; [
-    colima
+    # colima
    docker
    keycastr
    _1password-cli
--- a/homes/aarch64-darwin/evanreichard@mac-va-mbp-work/vm-init.sh
+++ b/homes/aarch64-darwin/evanreichard@mac-va-mbp-work/vm-init.sh
@@ -0,0 +1,39 @@
+echo "
+ ██████╗██████╗  ██████╗ ██╗    ██╗██████╗ ███████╗████████╗██████╗ ██╗██╗  ██╗███████╗
+██╔════╝██╔══██╗██╔═══██╗██║    ██║██╔══██╗██╔════╝╚══██╔══╝██╔══██╗██║██║ ██╔╝██╔════╝
+██║     ██████╔╝██║   ██║██║ █╗ ██║██║  ██║███████╗   ██║   ██████╔╝██║█████╔╝ █████╗  
+██║     ██╔══██╗██║   ██║██║███╗██║██║  ██║╚════██║   ██║   ██╔══██╗██║██╔═██╗ ██╔══╝  
+╚██████╗██║  ██║╚██████╔╝╚███╔███╔╝██████╔╝███████║   ██║   ██║  ██║██║██║  ██╗███████╗
+ ╚═════╝╚═╝  ╚═╝ ╚═════╝  ╚══╝╚══╝ ╚═════╝ ╚══════╝   ╚═╝   ╚═╝  ╚═╝╚═╝╚═╝  ╚═╝╚══════╝
+         EVASION SYSTEM  -  Because IT can't handle Nix 
+"
+
+# Start VM
+utmctl=/Applications/UTM.app/Contents/MacOS/utmctl
+vm="lin-va-mbp-work-vm"
+
+if ! "$utmctl" status "$vm" | grep -q "started"; then
+    echo "  [*] CrowdStrike Evasion VM Starting..."
+    "$utmctl" start "$vm"
+fi
+
+# Wait for VM & Start Tunnel
+if ! pgrep -f "ssh -N -D 1080 adios-cs" > /dev/null; then
+    echo "  [*] VM Starting..."
+    until nc -z -w 2 192.168.64.3 22 &> /dev/null; do
+        sleep 2
+    done
+    echo "  [✓] VM Started"
+
+    echo "  [*] VM SOCKS Proxy Starting..."
+    ssh -N -D 1080 adios-cs &> /dev/null &
+    disown
+    echo "  [✓] VM SOCKS Proxy Started"
+else
+    echo "  [✓] VM SOCKS Proxy Already Running"
+fi
+
+echo -e "  [*] Connecting..."
+
+# Connect to VM
+mosh --ssh="ssh -q" adios-cs -- tmux new-session -A -s main
--- a/modules/home/programs/terminal/bash/default.nix
+++ b/modules/home/programs/terminal/bash/default.nix
@@ -14,6 +14,7 @@ in
 {
  options.${namespace}.programs.terminal.bash = with lib.types; {
    enable = mkEnableOption "bash";
+    customProfile = mkOpt str "" "custom profile";
    customFastFetchLogo = mkOpt (nullOr path) null "custom fast fetch logo path";
  };

@@ -49,7 +50,8 @@ in
        [[ -f ~/.bash_custom ]] && . ~/.bash_custom

        source ${./config/hey-intern.sh}
-      '';
+      ''
+      + cfg.customProfile;
    };

    programs.powerline-go = {
--- a/overlays/fish/default.nix
+++ b/overlays/fish/default.nix
@@ -0,0 +1,12 @@
+# Workaround for aarch64-darwin codesigning bug (nixpkgs#208951 / #507531):
+# fish binaries from the binary cache occasionally have invalid ad-hoc
+# signatures on Apple Silicon. Forcing a local rebuild ensures codesigning
+# is applied on this machine with a valid signature.
+{ inputs, ... }:
+final: prev: {
+  fish = prev.fish.overrideAttrs (_old: {
+    # Bust the cache key so fish is always built locally rather than
+    # substituted from the binary cache where the signature may be stale.
+    NIX_FORCE_LOCAL_REBUILD = "darwin-codesign-fix";
+  });
+}