From faf453da0b479551304123f154ac2c84f995e745 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 15 Jul 2022 10:27:30 +0200 Subject: openssh known hosts: ignore hosts without aliases --- krebs/3modules/default.nix | 81 +++++++++++++++++++++++++++------------------- 1 file changed, 47 insertions(+), 34 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 8ea727dc..7f007048 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -138,41 +138,54 @@ let let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) [privkey]; - # TODO use imports for merging services.openssh.knownHosts = - (let inherit (config.krebs.build.host.ssh) pubkey; in - optionalAttrs (pubkey != null) { - localhost = { - hostNames = ["localhost" "127.0.0.1" "::1"]; - publicKey = pubkey; - }; - }) - // - mapAttrs - (name: host: { - hostNames = - concatLists - (mapAttrsToList - (net-name: net: - let - longs = net.aliases; - shorts = - optionals - (cfg.dns.search-domain != null) - (map (removeSuffix ".${cfg.dns.search-domain}") - (filter (hasSuffix ".${cfg.dns.search-domain}") - longs)); - add-port = a: - if net.ssh.port != 22 - then "[${a}]:${toString net.ssh.port}" - else a; - in - map add-port (shorts ++ longs ++ net.addrs)) - host.nets); - - publicKey = host.ssh.pubkey; - }) - (filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts); + filterAttrs + (knownHostName: knownHost: + knownHost.publicKey != null && + knownHost.hostNames != [] + ) + (mapAttrs + (hostName: host: { + hostNames = + concatLists + (mapAttrsToList + (netName: net: + let + aliases = + concatLists [ + shortAliases + net.aliases + net.addrs + ]; + shortAliases = + optionals + (cfg.dns.search-domain != null) + (map (removeSuffix ".${cfg.dns.search-domain}") + (filter (hasSuffix ".${cfg.dns.search-domain}") + net.aliases)); + addPort = alias: + if net.ssh.port != 22 + then "[${alias}]:${toString net.ssh.port}" + else alias; + in + map addPort aliases + ) + host.nets); + publicKey = host.ssh.pubkey; + }) + (foldl' mergeAttrs {} [ + cfg.hosts + { + localhost = { + nets.local = { + addrs = [ "127.0.0.1" "::1" ]; + aliases = [ "localhost" ]; + ssh.port = 22; + }; + ssh.pubkey = config.krebs.build.host.ssh.pubkey; + }; + } + ])); programs.ssh.extraConfig = concatMapStrings (net: '' -- cgit v1.2.3 From 4c075ee6ffc9202cf7ba5426e83c49b83254949e Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 15 Sep 2022 20:29:07 +0200 Subject: nix-serve-ng: init at 1.0.0 --- krebs/5pkgs/haskell/nix-serve-ng.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 krebs/5pkgs/haskell/nix-serve-ng.nix (limited to 'krebs') diff --git a/krebs/5pkgs/haskell/nix-serve-ng.nix b/krebs/5pkgs/haskell/nix-serve-ng.nix new file mode 100644 index 00000000..8866b205 --- /dev/null +++ b/krebs/5pkgs/haskell/nix-serve-ng.nix @@ -0,0 +1,30 @@ +{ mkDerivation, async, base, base16, base32, bytestring, charset +, fetchgit, http-client, http-types, lib, managed, megaparsec, mtl +, network, nix, optparse-applicative, tasty-bench, temporary, text +, turtle, vector, wai, wai-extra, warp, warp-tls +, boost +}: +mkDerivation { + pname = "nix-serve-ng"; + version = "1.0.0"; + src = fetchgit { + url = "https://github.com/aristanetworks/nix-serve-ng"; + sha256 = "0mqp67z5mi8rsjahdh395n7ppf0b65k8rd3pvnl281g02rbr69y2"; + rev = "433f70f4daae156b84853f5aaa11987aa5ce7277"; + fetchSubmodules = true; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + base base16 base32 bytestring charset http-types managed megaparsec + mtl network optparse-applicative vector wai wai-extra warp warp-tls + ]; + executablePkgconfigDepends = [ nix ]; + executableSystemDepends = [ boost.dev ]; + benchmarkHaskellDepends = [ + async base bytestring http-client tasty-bench temporary text turtle + vector + ]; + description = "A drop-in replacement for nix-serve that's faster and more stable"; + license = lib.licenses.bsd3; +} -- cgit v1.2.3