diff options
| -rw-r--r-- | flake.lock | 24 | ||||
| -rw-r--r-- | kartei/lass/shodan.nix | 24 | ||||
| -rw-r--r-- | krebs/2configs/exim-smarthost.nix | 5 | ||||
| -rw-r--r-- | krebs/3modules/git.nix | 12 |
4 files changed, 35 insertions, 30 deletions
diff --git a/flake.lock b/flake.lock index b45c18511..39f3e4861 100644 --- a/flake.lock +++ b/flake.lock @@ -9,11 +9,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1725761443, - "narHash": "sha256-RX3qnLYaFxlvOAYL6WsM5nGjNnMZQIgKIpIxigPmiAU=", + "lastModified": 1727658705, + "narHash": "sha256-OEoMO7bvKyRFyoAR4DIGoWWEJ1OlWveUAICRHhWasTs=", "owner": "Mic92", "repo": "buildbot-nix", - "rev": "ade5f42d7e56c8298d729aa0e804c8062e7a77ac", + "rev": "d2dd93e4d12be7a05ef7640c7375c58739263d8d", "type": "github" }, "original": { @@ -30,11 +30,11 @@ ] }, "locked": { - "lastModified": 1725234343, - "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", "type": "github" }, "original": { @@ -61,11 +61,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1727802920, + "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "27e30d177e57d912d614c88c622dcfdb2e6e6515", "type": "github" }, "original": { @@ -90,11 +90,11 @@ ] }, "locked": { - "lastModified": 1725271838, - "narHash": "sha256-VcqxWT0O/gMaeWTTjf1r4MOyG49NaNxW4GHTO3xuThE=", + "lastModified": 1727431250, + "narHash": "sha256-uGRlRT47ecicF9iLD1G3g43jn2e+b5KaMptb59LHnvM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "9fb342d14b69aefdf46187f6bb80a4a0d97007cd", + "rev": "879b29ae9a0378904fbbefe0dadaed43c8905754", "type": "github" }, "original": { diff --git a/kartei/lass/shodan.nix b/kartei/lass/shodan.nix index 50ab86e6e..202fc9e70 100644 --- a/kartei/lass/shodan.nix +++ b/kartei/lass/shodan.nix @@ -10,15 +10,20 @@ tinc = { pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT - YYZgM2lBkYcDN3/LdGaFFKrQQSGiF90oXA2wFqPuIfycx+1+TENGCzF8pExwbTd7 - ROSVnISbghXYDgr3TqkjpPmnM+piFKymMDBGhxWuy1bw1AUfvRzhQwPAvtjB4VvF - 7AVN/Z9dAZ/LLmYfYq7fL8V7PzQNvR+f5DP6+Eubx0xCuyuo63bWuGgp3pqKupx4 - xsixtMQPuqMBvOUo0SBCCPa9a+6I8dSwqAmKWM5BhmNlNCRDi37mH/m96av7SIiZ - V29hwypVnmLoJEFiDzPMCdiH9wJNpHuHuQIDAQAB + MIICCgKCAgEAzttBobc7FsMm3ngFeOwnY0sB/lC9Y+JHHfLlh9j8kROjBhIzu+Ky + 3OVr5Zs3iAUw4yOtMVdEQX9kTkN993qcIUriBMsPBnnQPvPX9hlLvLJ80Mputqdq + xUmnjn29DYff56VEzAfOEYeaXX63XUovQmALIk4DvAWxzCL6yyth8IJKQDnsieHN + QmhAgQN4/rqHzaqkdN4pcnjff3Xw2dHZd0zhnQBA6pMKuBTmu0wV1HMKWHmjNUXG + lMtXKZ8rsJsNxo9NKKxYfMX5LNf497rZHC7iMDsNSGmMa8Rhw/By94Tax7MQ2++w + dGg0A8ON6eyM9qcLbFgNbkslEC9ustb3bWqHZJyHRyvTJ0CnTSYoeqyDtdzAL+tg + FBqiWbDrxUDYD4kdsIt6waPx2pmVjvO/z5njbiuLYSmrICpQkRlu3SOBXPbgouoG + 6DmwakOvpHA9pPlRUCa0koAkSM2iwaICsbsdk8KghfbjX5Kbu2b8oK1V7FKpYnKF + lLrRJk1G3tc3JV5slsbiaV/zL/JZ8IhNY1m6DYIyLeCGKLmc844o3ZoRVPqfMpDc + a4RSEoORv3oUAc4fWXPil+AjvTSxfRSRX6L/1STJ4HtUqSwuAinCZx4ecP/qqCv6 + KpVr4zMR/x+6o5DBCHNriW8uVnOEzuxaq1k9tIUDuawED3XodTzGKtECAwEAAQ== -----END RSA PUBLIC KEY----- ''; - pubkey_ed25519 = "Ptc5VuYkRd5+zHibZwNe3DEgGHHvAk0Ul00dW1YXsrC"; + pubkey_ed25519 = "v3VPuvfH/2JS5aUx2C9MtYoYoBU9J5LkvUdbyabKgrL"; }; }; wiregrill = { @@ -27,10 +32,9 @@ aliases = [ "shodan.w" ]; - wireguard.pubkey = "0rI/I8FYQ3Pba7fQ9oyvtP4a54GWsPa+3zAiGIuyV30="; + wireguard.pubkey = "J1RTYvWmWZrLe+IqOrmy+wYxGyc2j6sUjIGgM1No2AQ="; }; }; secure = true; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C"; - syncthing.id = "AU5RTWC-HXNMDRT-TN4ZHXY-JMQ6EQB-4ZPOZL7-AICZMCZ-LNS2XXQ-DGTI2Q6"; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGkp+Fw9S/Af31vUP+n24cQLzbteUYosVFmV+7RSJm18"; } diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix index 6445783f0..ceb11ca64 100644 --- a/krebs/2configs/exim-smarthost.nix +++ b/krebs/2configs/exim-smarthost.nix @@ -16,7 +16,9 @@ in { makefu tv ]; - eloop-ml = spam-ml; + eloop-ml = spam-ml ++ [ + { mail = "unreal@rtinf.net"; } + ]; krebstel-ml = [ config.krebs.users."0x4A6F" { mail = "krebstel-1rxz0mqa95nkmk298s1731ly0ii7vc36kkm36pnjj89hrq52pgn1@ni.r"; } @@ -32,6 +34,7 @@ in { in { "brain@krebsco.de" = brain-ml; "eloop2022@krebsco.de" = eloop-ml; + "2024@eloop.org" = eloop-ml; "root@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead "spam@eloop.org" = eloop-ml; "youtube@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 9f289fba7..6d666b6d6 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -392,13 +392,11 @@ let }; services.fcgiwrap.instances.cgit = { - enable = true; process.user = cfg.cgit.fcgiwrap.user.name; - socket.user = cfg.cgit.fcgiwrap.user.name; process.group = cfg.cgit.fcgiwrap.group.name; - socket.group = cfg.cgit.fcgiwrap.group.name; - socket.address = "/run/fcgiwrap.sock"; - # socket.type = "unix" (default) + socket.user = cfg.cgit.fcgiwrap.user.name; + socket.group = config.services.nginx.group; + socket.mode = "0660"; }; environment.etc."cgitrc".text = let @@ -462,7 +460,7 @@ let fastcgi_param PATH_INFO $uri; fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST $server_name; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; ''; # Smart HTTP transport. Regex based on. # https://github.com/git/git/blob/v2.27.0/http-backend.c#L708-L721 @@ -482,7 +480,7 @@ let }}; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; ''; locations."/static/".extraConfig = '' root ${pkgs.cgit}/cgit; |