diff options
Diffstat (limited to 'krebs/3modules')
-rw-r--r-- | krebs/3modules/default.nix | 1 | ||||
-rw-r--r-- | krebs/3modules/hidden-ssh.nix | 53 | ||||
-rw-r--r-- | krebs/3modules/makefu/default.nix | 12 |
3 files changed, 60 insertions, 6 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a46b8af15..37db5bfe7 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -20,6 +20,7 @@ let ./github-hosts-sync.nix ./git.nix ./go.nix + ./hidden-ssh.nix ./htgen.nix ./iptables.nix ./kapacitor.nix diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix new file mode 100644 index 000000000..2f75ded9b --- /dev/null +++ b/krebs/3modules/hidden-ssh.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + cfg = config.krebs.hidden-ssh; + + out = { + options.krebs.hidden-ssh = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "hidden SSH announce"; + }; + + imp = let + torDirectory = "/var/lib/tor"; # from tor.nix + hiddenServiceDir = torDirectory + "/ssh-announce-service"; + in { + services.tor = { + enable = true; + extraConfig = '' + HiddenServiceDir ${hiddenServiceDir} + HiddenServicePort 22 127.0.0.1:22 + ''; + client.enable = true; + }; + systemd.services.hidden-ssh-announce = { + description = "irc announce hidden ssh"; + after = [ "tor.service" ]; + wants = [ "tor.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + # ${pkgs.tor}/bin/torify + ExecStart = pkgs.writeDash "irc-announce-ssh" '' + set -efu + until test -e ${hiddenServiceDir}/hostname; do + echo "still waiting for ${hiddenServiceDir}/hostname" + sleep 1 + done + ${pkgs.irc-announce}/bin/irc-announce \ + irc.freenode.org 6667 ${config.krebs.build.host.name}-ssh \ + \#krebs-announce \ + "SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)" + ''; + PrivateTmp = "true"; + User = "tor"; + Type = "oneshot"; + }; + }; + }; +in +out diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 56df451b7..cef6a4fd6 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -33,7 +33,7 @@ with import <stockholm/lib>; nets = { retiolum = { ip4.addr = "10.243.113.98"; - ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; + # ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; aliases = [ "fileleech.r" ]; @@ -247,7 +247,6 @@ with import <stockholm/lib>; "krebsco.de" = '' euer IN MX 1 aspmx.l.google.com. nixos.unstable IN CNAME krebscode.github.io. - pigstarter IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} boot IN A ${nets.internet.ip4.addr} ''; @@ -301,7 +300,7 @@ with import <stockholm/lib>; ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad"; aliases = [ "wry.r" - "graphs.wry.r" + "graph.wry.r" "paste.wry.r" ]; tinc.pubkey = '' @@ -436,12 +435,13 @@ with import <stockholm/lib>; mattermost.euer IN A ${nets.internet.ip4.addr} git.euer IN A ${nets.internet.ip4.addr} gum IN A ${nets.internet.ip4.addr} + pigstarter IN A ${nets.internet.ip4.addr} cgit.euer IN A ${nets.internet.ip4.addr} o.euer IN A ${nets.internet.ip4.addr} dl.euer IN A ${nets.internet.ip4.addr} euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} - graphs IN A ${nets.internet.ip4.addr} + graph IN A ${nets.internet.ip4.addr} ''; }; nets = rec { @@ -461,7 +461,7 @@ with import <stockholm/lib>; "o.gum.r" "tracker.makefu.r" - "graphs.r" + "graph.r" "wiki.makefu.r" "wiki.gum.r" "blog.makefu.r" @@ -491,7 +491,7 @@ with import <stockholm/lib>; ip4.prefix = "10.8.10.0/24"; aliases = [ "shoney.siem" - "graphs.siem" + "graph.siem" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- |