diff options
28 files changed, 530 insertions, 235 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index cf72e0d73..916073375 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -12,8 +12,8 @@ <stockholm/krebs/2configs/buildbot-stockholm.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/ircd.nix> - <stockholm/krebs/2configs/reaktor-retiolum.nix> - <stockholm/krebs/2configs/reaktor-krebs.nix> + <stockholm/krebs/2configs/nscd-fix.nix> + <stockholm/krebs/2configs/reaktor2.nix> <stockholm/krebs/2configs/repo-sync.nix> ]; diff --git a/krebs/2configs/nscd-fix.nix b/krebs/2configs/nscd-fix.nix new file mode 100644 index 000000000..8e5909e72 --- /dev/null +++ b/krebs/2configs/nscd-fix.nix @@ -0,0 +1,24 @@ +with import <stockholm/lib>; +{ pkgs, ... }: let + + enable = versionOlderThan "19.03"; + + versionOlderThan = v: + compareVersions + (versions.majorMinor version) + (versions.majorMinor v) + == -1; + + warning = '' + Using custom services.nscd.config because + https://github.com/NixOS/nixpkgs/pull/50316 + ''; + +in + optionalAttrs enable (trace warning { + services.nscd.enable = mkForce true; + services.nscd.config = mkForce (readFile (pkgs.fetchurl { + url = https://raw.githubusercontent.com/arianvp/nixpkgs/1d5f4cb/nixos/modules/services/system/nscd.conf; + sha256 = "1jlddk38lyynjn51zx3xi1nc29ahajyh0qg48qbq6dqlsrn3wxqs"; + })); + }) diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix deleted file mode 100644 index 862c9b991..000000000 --- a/krebs/2configs/reaktor-krebs.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; - -{ - krebs.Reaktor.krebs = { - nickname = "Reaktor|krebs"; - channels = [ - "#krebs" - "#nixos-wiki" - ]; - extraEnviron = { - REAKTOR_HOST = "irc.freenode.org"; - REAKTOR_NICKSERV_PASSWORD = "/var/lib/Reaktor/reaktor_nickserv_password"; - }; - plugins = with pkgs.ReaktorPlugins; [ - sed-plugin - ] ++ - (attrValues (task "agenda")) - ; - }; - krebs.secret.files.nix-serve-key = { - path = "/var/lib/Reaktor/reaktor_nickserv_password"; - owner.name = "Reaktor"; - source-path = toString <secrets> + "/reaktor_nickserv_password"; - }; -} diff --git a/krebs/2configs/reaktor-retiolum.nix b/krebs/2configs/reaktor-retiolum.nix deleted file mode 100644 index 69fc4b202..000000000 --- a/krebs/2configs/reaktor-retiolum.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; - -{ - krebs.Reaktor.retiolum = { - nickname = "Reaktor|lass"; - channels = [ "#noise" "#xxx" ]; - extraEnviron = { - REAKTOR_HOST = "irc.r"; - }; - plugins = with pkgs.ReaktorPlugins; [ - sed-plugin - ] ++ - (attrValues (task "agenda")) - ; - }; -} diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix new file mode 100644 index 000000000..ff6b539ba --- /dev/null +++ b/krebs/2configs/reaktor2.nix @@ -0,0 +1,152 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: + +let + #for shared state directory + stateDir = config.krebs.reaktor2.r.stateDir; + + generators = pkgs.reaktor2-plugins.generators; + hooks = pkgs.reaktor2-plugins.hooks; + commands = pkgs.reaktor2-plugins.commands; + + task = name: let + rcFile = builtins.toFile "taskrc" '' + confirmation=no + ''; + in { + pattern = "^${name}-([a-z]+)(?::\\s*(.*))?"; + activate = "match"; + command = 1; + arguments = [2]; + env.TASKDATA = "${stateDir}/${name}"; + commands = { + add.filename = pkgs.writeDash "${name}-task-add" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$1" + ''; + list.filename = pkgs.writeDash "${name}-task-list" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} export \ + | ${pkgs.jq}/bin/jq -r ' + .[] | select(.id != 0) | "\(.id) \(.description)" + ' + ''; + delete.filename = pkgs.writeDash "${name}-task-delete" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$1" + ''; + done.filename = pkgs.writeDash "${name}-task-done" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$1" + ''; + }; + }; + + systemPlugin = { + plugin = "system"; + config = { + workdir = stateDir; + hooks.JOIN = [ + { + activate = "always"; + command = { + filename = + "${pkgs.Reaktor.src}/reaktor/commands/tell-on_join"; + env = { + PATH = makeBinPath [ + pkgs.coreutils # XXX env, touch + pkgs.jq # XXX sed + pkgs.utillinux # XXX flock + ]; + state_file = "${stateDir}/tell.json"; + }; + }; + } + ]; + hooks.PRIVMSG = [ + { + pattern = "^bier bal(ance)*$"; + activate = "match"; + command = { + env = { + state_file = "${stateDir}/ledger"; + }; + filename = pkgs.writeDash "bier-balance" '' + ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \ + | ${pkgs.coreutils}/bin/tail +2 \ + | ${pkgs.miller}/bin/mlr --icsv --opprint cat + ''; + }; + } + { + pattern = ''^(\S+)\s+([+-][1-9][0-9]*)\s+(\S+)$''; + activate = "match"; + arguments = [1 2 3]; + command = { + env = { + # TODO; get state as argument + state_file = "${stateDir}/ledger"; + }; + filename = pkgs.writeDash "ledger-add" '' + set -x + tonick=$1 + amt=$2 + unit=$3 + printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file + ''; + }; + } + hooks.sed + (generators.command_hook { + inherit (commands) hello random-emoji nixos-version stockholm-issue; + tell = { + filename = + "${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg"; + env = { + PATH = makeBinPath [ + pkgs.coreutils # XXX date, env + pkgs.jq # XXX sed + pkgs.utillinux # XXX flock + ]; + state_file = "${stateDir}/tell.txt"; + }; + }; + }) + (task "agenda") + ]; + }; + }; + +in { + + krebs.reaktor2 = { + freenode = { + hostname = "irc.freenode.org"; + nick = "reaktor2|krebs"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#krebs" + ]; + }; + } + systemPlugin + ]; + username = "reaktor2"; + }; + r = { + nick = "reaktor2|krebs"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#noise" + "#xxx" + ]; + }; + } + systemPlugin + ]; + username = "reaktor2"; + }; + }; +} diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index 669483f3c..308c6d41d 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -113,10 +113,11 @@ let ''; in nameValuePair "Reaktor-${name}" { path = with pkgs; [ - utillinux #flock for tell_on-join git # for nag + jq # for tell python # for caps - ]; + utillinux # flock for tell + ]; description = "Reaktor IRC Bot"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index bb69bfad3..9303a81fb 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -42,6 +42,7 @@ let ./per-user.nix ./power-action.nix ./Reaktor.nix + ./reaktor2.nix ./realwallpaper.nix ./retiolum-bootstrap.nix ./retiolum-hosts.nix diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index b667bcc92..e3e6ddf4f 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -25,7 +25,7 @@ with import <stockholm/lib>; type = types.listOf types.attrs; }; stateDir = mkOption { - default = "/var/lib/${self.config.systemd-service-name}"; + default = "/var/lib/${self.config.username}"; readOnly = true; type = types.absolute-pathname; }; @@ -33,6 +33,14 @@ with import <stockholm/lib>; default = "reaktor2${optionalString (name != "default") "-${name}"}"; type = types.filename; }; + username = mkOption { + default = self.config.systemd-service-name; + type = types.username; + }; + useTLS = mkOption { + default = self.config.port == "6697"; + type = types.bool; + }; }; })); }; @@ -43,10 +51,10 @@ with import <stockholm/lib>; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { - User = cfg.systemd-service-name; + User = cfg.username; Group = "reaktor2"; DynamicUser = true; - StateDirectory = cfg.systemd-service-name; + StateDirectory = cfg.username; ExecStart = let configFile = pkgs.writeJSON configFileName configValue; configFileName = "${cfg.systemd-service-name}.config.json"; diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix index 19f8da19d..97e4a717c 100644 --- a/krebs/5pkgs/haskell/blessings.nix +++ b/krebs/5pkgs/haskell/blessings.nix @@ -7,8 +7,8 @@ with import <stockholm/lib>; sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1"; }; "18.09" = { - version = "1.3.0"; - sha256 = "1y9jhh9pchrr48zgfib2jip97x1fkm7qb1gnfx477rmmryjs500h"; + version = "2.1.0"; + sha256 = "0wc8v48bb0bkvypc0j6imvnf8xc8572hykk9sgjhzf2w0ggqxv5d"; }; }.${versions.majorMinor nixpkgsVersion}; diff --git a/krebs/5pkgs/simple/much/cabal.nix b/krebs/5pkgs/haskell/much.nix index 09bc7b5df..db168f8a1 100644 --- a/krebs/5pkgs/simple/much/cabal.nix +++ b/krebs/5pkgs/haskell/much.nix @@ -8,11 +8,12 @@ }: mkDerivation { pname = "much"; - version = "1.1.0"; + version = "1.2.0"; src = fetchgit { - url = "http://cgit.ni.krebsco.de/much"; - sha256 = "1325554zymr1dd0clj8c5ygl70c791csvs0hz33jcfr6b8wysdrl"; - rev = "dfec37d848e11c00d9b7f03295af1fc7b0e83ef5"; + url = "https://cgit.krebsco.de/much"; + sha256 = "0gfvppi8acylz0q7xh8dkm3dj676d4sc1m1gxwp663bkn4748873"; + rev = "8fc4fbb5bb7781626da8f63cd8df8bb0f554cfe7"; + fetchSubmodules = true; }; isLibrary = false; isExecutable = true; diff --git a/krebs/5pkgs/haskell/reaktor2.nix b/krebs/5pkgs/haskell/reaktor2.nix index 447738425..40c628802 100644 --- a/krebs/5pkgs/haskell/reaktor2.nix +++ b/krebs/5pkgs/haskell/reaktor2.nix @@ -1,23 +1,27 @@ -{ mkDerivation, aeson, attoparsec, base, blessings, bytestring -, containers, fetchgit, filepath, network, network-simple -, network-simple-tls, pcre-heavy, pcre-light, process, random -, stdenv, text, time, transformers, unix, unordered-containers +{ mkDerivation, aeson, async, attoparsec, base, blessings +, bytestring, containers, data-default, fetchgit, filepath +, hashable, lens, lens-aeson, network, network-simple +, network-simple-tls, pcre-light, process, random, stdenv +, string-conversions, stringsearch, text, time, transformers +, unagi-chan, unix, unordered-containers, vector }: mkDerivation { pname = "reaktor2"; - version = "0.0.0"; + version = "0.2.1"; src = fetchgit { url = "https://cgit.krebsco.de/reaktor2"; - sha256 = "1q2rb78mzpyd8wxfmlbfdz7zq5smsrrvb4n874ap1p8f2bmmp0am"; - rev = "ce276eee82ec0b8c4106beb4c51d6f9eb77335c4"; + sha256 = "0wg76wlzfi893rl0lzhfs6bkpdcvwvgl6mpnz6w7r8f7znr4a9vr"; + rev = "0e199f7a357a4c5973e5837ec67699cf224ca69c"; fetchSubmodules = true; }; isLibrary = false; isExecutable = true; executableHaskellDepends = [ - aeson attoparsec base blessings bytestring containers filepath - network network-simple network-simple-tls pcre-heavy pcre-light - process random text time transformers unix unordered-containers + aeson async attoparsec base blessings bytestring containers + data-default filepath hashable lens lens-aeson network + network-simple network-simple-tls pcre-light process random + string-conversions stringsearch text time transformers unagi-chan + unix unordered-containers vector ]; license = stdenv.lib.licenses.mit; } diff --git a/krebs/5pkgs/simple/Reaktor/default.nix b/krebs/5pkgs/simple/Reaktor/default.nix index 3ef9ffb7d..a88db6379 100644 --- a/krebs/5pkgs/simple/Reaktor/default.nix +++ b/krebs/5pkgs/simple/Reaktor/default.nix @@ -2,7 +2,7 @@ python3Packages.buildPythonPackage rec { name = "Reaktor-${version}"; - version = "0.6.2"; + version = "0.7.0"; doCheck = false; @@ -13,8 +13,8 @@ python3Packages.buildPythonPackage rec { src = fetchFromGitHub { owner = "krebs"; repo = "Reaktor"; - rev = version; - sha256 = "0h8pj0x9b5fnxddwrc0f63rxd3275v5phmjc0fv4kiwlzvbcxj6m"; + rev = "v${version}"; + sha256 = "12yy06vk0smjs0rmahrn2kd4bcdh1yjw1fz6rifw6nmgx889d9hj"; }; meta = { homepage = http://krebsco.de/; diff --git a/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh b/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh index 386aa68b9..6f3dd4a3f 100644..100755 --- a/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh +++ b/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh @@ -1,5 +1,5 @@ #!/bin/sh -curl http://emojicons.com/random -s | \ +curl -sS http://emojicons.com/random | \ grep data-text | \ sed -n 's/.*>\(.*\)<\/textarea>/\1/p' | \ head -n 1 | \ diff --git a/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh b/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh index 5c47c6156..5c47c6156 100644..100755 --- a/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh +++ b/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh diff --git a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py index ecb03917b..4925b25bb 100644..100755 --- a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py +++ b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py @@ -46,7 +46,7 @@ if is_regex(line): print('to many lines, skipped') else: if last.strip() != ret.strip(): - print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) + print("\x02{}\x02 meant: {}".format(usr, ret.strip())) if ret: d[usr] = ret diff --git a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh index d500b3cb3..d500b3cb3 100644..100755 --- a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh +++ b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh diff --git a/krebs/5pkgs/simple/much/default.nix b/krebs/5pkgs/simple/much/default.nix deleted file mode 100644 index cf55eb537..000000000 --- a/krebs/5pkgs/simple/much/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ haskellPackages, ... }: - -haskellPackages.callPackage ./cabal.nix {} diff --git a/krebs/5pkgs/simple/reaktor2-plugins.nix b/krebs/5pkgs/simple/reaktor2-plugins.nix new file mode 100644 index 000000000..48464c0b6 --- /dev/null +++ b/krebs/5pkgs/simple/reaktor2-plugins.nix @@ -0,0 +1,106 @@ +with import <stockholm/lib>; +{ lib, pkgs, ... }: + +rec { + generators = { + command_hook = commands: { + pattern = + "^\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$"; + command = 1; + arguments = [2]; + commands = commands; + }; + }; + + commands = { + + hello = { + filename = "${pkgs.Reaktor.src}/reaktor/commands/hello"; + }; + + random-emoji = { + filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh>; + env = { + PATH = makeBinPath (with pkgs; [ coreutils gnused gnugrep xmlstarlet wget ]); + }; + }; + + nixos-version = { + filename = pkgs.writeDash "nixos-version" '' + . /etc/os-release + echo "$PRETTY_NAME" + ''; + }; + + stockholm-issue = { + filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh>; + env = { + PATH = makeBinPath (with pkgs; [ coreutils git gnused haskellPackages.lentil ]); + origin = "http://cgit.gum/stockholm"; + state_dir = "/tmp/stockholm-issue"; + }; + }; + + }; + + hooks = { + + sed = { + activate = "always"; + pattern = "^(.*)$"; + arguments = [1]; + command = { + env = { + PATH = makeBinPath (with pkgs; [ gnused ]); + state_dir = "/tmp"; + }; + filename = pkgs.writeDash "sed-plugin" '' + set -efu + exec ${pkgs.python3}/bin/python \ + ${<stockholm/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py>} "$@" + ''; + }; + }; + + shack-correct = { + activate = "match"; + pattern = "^(.*Shack.*)$"; + arguments = [1]; + command.filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh>; + }; + + + url-title = { + #pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$"; + pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$"; + activate = "match"; + arguments = [1]; + command = { + filename = pkgs.writePython3 "url-title" { deps = with pkgs.python3Packages; [ beautifulsoup4 lxml ]; } '' + import cgi + import sys + import urllib.request + from bs4 import BeautifulSoup + + try: + req = urllib.request.Request(sys.argv[1]) + req.add_header('user-agent', 'Reaktor-url-title') + resp = urllib.request.urlopen(req) + if resp.headers['content-type'].find('text/html') >= 0: + soup = BeautifulSoup(resp.read(16000), "lxml") + title = soup.find('title').string + + if len(title.split('\n')) > 5: + title = '\n'.join(title.split('\n')[:5]) + + print(title[:450]) + else: + cd_header = resp.headers['content-disposition'] + print(cgi.parse_header(cd_header)[1]['filename']) + except: # noqa: E722 + pass + ''; + }; + }; + }; +} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index df2778bef..23746d210 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -36,10 +36,10 @@ with import <stockholm/lib>; # TODO write function for proxy_pass (ssl/nonssl) krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; } + { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; } ]; } { @@ -379,6 +379,7 @@ with import <stockholm/lib>; name = "download"; home = "/var/download"; useDefaultShell = true; + uid = genid "download"; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-shodan.pubkey @@ -420,6 +421,16 @@ with import <stockholm/lib>; { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } ]; } + { + nix.trustedUsers = [ "Mic92" ]; + users.users.Mic92 = { + uid = genid_uint31 "Mic92"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.Mic92.pubkey + ]; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index a2b5efb29..9a84e9d63 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -63,9 +63,15 @@ defaultGateway = "95.216.1.129"; # Use google's public DNS server nameservers = [ "8.8.8.8" ]; - interfaces.eth0 = { - ipAddress = "95.216.1.150"; - prefixLength = 26; - }; + interfaces.eth0.ipv4.addresses = [ + { + address = "95.216.1.150"; + prefixLength = 26; + } + { + address = "95.216.1.130"; + prefixLength = 26; + } + ]; }; } diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 58fa564a1..9d8bcd7be 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -88,7 +88,7 @@ with import <stockholm/lib>; client dev tun proto udp - remote 82.102.16.229 1194 + remote 89.249.65.83 1194 resolv-retry infinite remote-random nobind @@ -103,13 +103,9 @@ with import <stockholm/lib>; reneg-sec 0 comp-lzo no - explicit-exit-notify 3 - remote-cert-tls server - #mute 10000 auth-user-pass ${toString <secrets/nordvpn.txt>} - verb 3 pull fast-io @@ -118,32 +114,33 @@ with import <stockholm/lib>; <ca> -----BEGIN CERTIFICATE----- - MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD - VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH - Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw - bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y - ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG - A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT - B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2 - cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v - cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG - UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny - mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X - +D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT - ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI - 583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA - VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT - Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh - MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ - MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy - Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW - EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG - SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ - e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW - //DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB - wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB - KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p - lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9 + MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ + MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2 + MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV + BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI + hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF + kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr + XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU + eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV + skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu + MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA + 37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR + hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s + Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy + WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6 + MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST + LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG + SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g + nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/ + k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S + DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/ + pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo + k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp + +RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd + NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa + wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC + VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S + PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA== -----END CERTIFICATE----- </ca> key-direction 1 @@ -152,23 +149,24 @@ with import <stockholm/lib>; # 2048 bit OpenVPN |