summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/hidden-ssh.nix
diff options
context:
space:
mode:
authorlassulus <lass@lassul.us>2017-04-15 18:20:05 +0200
committerlassulus <lass@lassul.us>2017-04-15 18:20:05 +0200
commitcc68f1feac69be06d2586b20ac50e0b1eb1f03b8 (patch)
tree8ba2bc2cfdd88a58ded49ef5cbe96887227a969e /krebs/3modules/hidden-ssh.nix
parentfbc29e63da7fca719dc20df13d31402a8d9c449b (diff)
parent4feb0e8e91d228bf4754d130e7d134f41047dc32 (diff)
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'krebs/3modules/hidden-ssh.nix')
-rw-r--r--krebs/3modules/hidden-ssh.nix53
1 files changed, 53 insertions, 0 deletions
diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix
new file mode 100644
index 000000000..2f75ded9b
--- /dev/null
+++ b/krebs/3modules/hidden-ssh.nix
@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ cfg = config.krebs.hidden-ssh;
+
+ out = {
+ options.krebs.hidden-ssh = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "hidden SSH announce";
+ };
+
+ imp = let
+ torDirectory = "/var/lib/tor"; # from tor.nix
+ hiddenServiceDir = torDirectory + "/ssh-announce-service";
+ in {
+ services.tor = {
+ enable = true;
+ extraConfig = ''
+ HiddenServiceDir ${hiddenServiceDir}
+ HiddenServicePort 22 127.0.0.1:22
+ '';
+ client.enable = true;
+ };
+ systemd.services.hidden-ssh-announce = {
+ description = "irc announce hidden ssh";
+ after = [ "tor.service" ];
+ wants = [ "tor.service" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ # ${pkgs.tor}/bin/torify
+ ExecStart = pkgs.writeDash "irc-announce-ssh" ''
+ set -efu
+ until test -e ${hiddenServiceDir}/hostname; do
+ echo "still waiting for ${hiddenServiceDir}/hostname"
+ sleep 1
+ done
+ ${pkgs.irc-announce}/bin/irc-announce \
+ irc.freenode.org 6667 ${config.krebs.build.host.name}-ssh \
+ \#krebs-announce \
+ "SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)"
+ '';
+ PrivateTmp = "true";
+ User = "tor";
+ Type = "oneshot";
+ };
+ };
+ };
+in
+out