diff options
Diffstat (limited to 'krebs')
| -rw-r--r-- | krebs/3modules/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/hidden-ssh.nix | 53 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 12 | ||||
| -rw-r--r-- | krebs/3modules/realwallpaper.nix | 8 | ||||
| -rw-r--r-- | krebs/3modules/shared/default.nix | 1 | ||||
| -rw-r--r-- | krebs/5pkgs/irc-announce/default.nix | 2 | ||||
| -rw-r--r-- | krebs/5pkgs/krebspaste/default.nix | 2 | ||||
| -rw-r--r-- | krebs/5pkgs/realwallpaper/default.nix | 8 | ||||
| -rw-r--r-- | krebs/5pkgs/tinc_graphs/default.nix | 6 |
9 files changed, 72 insertions, 21 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 605ed28b5..d539d4166 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -20,6 +20,7 @@ let ./github-hosts-sync.nix ./git.nix ./go.nix + ./hidden-ssh.nix ./htgen.nix ./iptables.nix ./kapacitor.nix diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix new file mode 100644 index 000000000..3930dbf42 --- /dev/null +++ b/krebs/3modules/hidden-ssh.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + cfg = config.krebs.hidden-ssh; + + out = { + options.krebs.hidden-ssh = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "hidden SSH announce"; + }; + + imp = let + torDirectory = "/var/lib/tor"; # from tor.nix + hiddenServiceDir = torDirectory + "/ssh-announce-service"; + in { + services.tor = { + enable = true; + extraConfig = '' + HiddenServiceDir ${hiddenServiceDir} + HiddenServicePort 22 127.0.0.1:22 + ''; + client.enable = true; + }; + systemd.services.hidden-ssh-announce = { + description = "irc announce hidden ssh"; + after = [ "tor.service" "network-online.target" ]; + wants = [ "tor.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + # ${pkgs.tor}/bin/torify + ExecStart = pkgs.writeDash "irc-announce-ssh" '' + set -efu + until test -e ${hiddenServiceDir}/hostname; do + echo "still waiting for ${hiddenServiceDir}/hostname" + sleep 1 + done + ${pkgs.irc-announce}/bin/irc-announce \ + irc.freenode.org 6667 ${config.krebs.build.host.name}-ssh \ + \#krebs-announce \ + "SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)" + ''; + PrivateTmp = "true"; + User = "tor"; + Type = "oneshot"; + }; + }; + }; +in +out diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 56df451b7..cef6a4fd6 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -33,7 +33,7 @@ with import <stockholm/lib>; nets = { retiolum = { ip4.addr = "10.243.113.98"; - ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; + # ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; aliases = [ "fileleech.r" ]; @@ -247,7 +247,6 @@ with import <stockholm/lib>; "krebsco.de" = '' euer IN MX 1 aspmx.l.google.com. nixos.unstable IN CNAME krebscode.github.io. - pigstarter IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} boot IN A ${nets.internet.ip4.addr} ''; @@ -301,7 +300,7 @@ with import <stockholm/lib>; ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad"; aliases = [ "wry.r" - "graphs.wry.r" + "graph.wry.r" "paste.wry.r" ]; tinc.pubkey = '' @@ -436,12 +435,13 @@ with import <stockholm/lib>; mattermost.euer IN A ${nets.internet.ip4.addr} git.euer IN A ${nets.internet.ip4.addr} gum IN A ${nets.internet.ip4.addr} + pigstarter IN A ${nets.internet.ip4.addr} cgit.euer IN A ${nets.internet.ip4.addr} o.euer IN A ${nets.internet.ip4.addr} dl.euer IN A ${nets.internet.ip4.addr} euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} - graphs IN A ${nets.internet.ip4.addr} + graph IN A ${nets.internet.ip4.addr} ''; }; nets = rec { @@ -461,7 +461,7 @@ with import <stockholm/lib>; "o.gum.r" "tracker.makefu.r" - "graphs.r" + "graph.r" "wiki.makefu.r" "wiki.gum.r" "blog.makefu.r" @@ -491,7 +491,7 @@ with import <stockholm/lib>; ip4.prefix = "10.8.10.0/24"; aliases = [ "shoney.siem" - "graphs.siem" + "graph.siem" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index f9eae8c92..044811c7d 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -32,9 +32,9 @@ let default = "http://xplanetclouds.com/free/local/clouds_2048.jpg"; }; - outFile = mkOption { + marker = mkOption { type = types.str; - default = "/tmp/wallpaper.png"; + default = "http://graph.r/marker.json"; }; timerConfig = mkOption { @@ -43,7 +43,6 @@ let OnCalendar = "*:0/15"; }; }; - }; imp = { @@ -63,6 +62,7 @@ let imagemagick curl file + jq ]; environment = { @@ -70,7 +70,7 @@ let nightmap_url = cfg.nightmap; daymap_url = cfg.daymap; cloudmap_url = cfg.cloudmap; - out_file = cfg.outFile; + marker_url = cfg.marker; }; restartIfChanged = true; diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix index 5e4935e3a..17179a39f 100644 --- a/krebs/3modules/shared/default.nix +++ b/krebs/3modules/shared/default.nix @@ -47,6 +47,7 @@ in { ip6.addr = "42:0:0:0:0:0:77:1"; aliases = [ "wolf.r" + "build.wolf.r" "cgit.wolf.r" ]; tinc.pubkey = '' diff --git a/krebs/5pkgs/irc-announce/default.nix b/krebs/5pkgs/irc-announce/default.nix index e1f4919d5..6eb725b71 100644 --- a/krebs/5pkgs/irc-announce/default.nix +++ b/krebs/5pkgs/irc-announce/default.nix @@ -24,7 +24,7 @@ pkgs.writeDashBin "irc-announce" '' # echo2 and cat2 are used output to both, stdout and stderr # This is used to see what we send to the irc server. (debug output) echo2() { echo "$*"; echo "$*" >&2; } - cat2() { tee /dev/stderr; } + cat2() { awk '{print;print > "/dev/stderr"}'; } # privmsg_cat transforms stdin to a privmsg privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix index 8c6676d0e..31ad12780 100644 --- a/krebs/5pkgs/krebspaste/default.nix +++ b/krebs/5pkgs/krebspaste/default.nix @@ -2,5 +2,5 @@ # TODO use `execve` instead? writeDashBin "krebspaste" '' - exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" + exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" | sed '$ s/$/\/+inline/g' '' diff --git a/krebs/5pkgs/realwallpaper/default.nix b/krebs/5pkgs/realwallpaper/default.nix index 4fea977ec..dec2dada4 100644 --- a/krebs/5pkgs/realwallpaper/default.nix +++ b/krebs/5pkgs/realwallpaper/default.nix @@ -5,8 +5,8 @@ stdenv.mkDerivation { src = fetchgit { url = https://github.com/Lassulus/realwallpaper; - rev = "c2778c3c235fc32edc8115d533a0d0853ab101c5"; - sha256 = "0yhbjz19zk8sj5dsvccm6skkqq2vardn1yi70qmd5li7qvp17mvs"; + rev = "b8408cfb295b6ce5b965309b30358ca6c6409efd"; + sha256 = "0yyl8hhqshw9bx04xs8glvir3c0qzvfrwzmbvyg318mnz5xalcl0"; }; phases = [ @@ -15,10 +15,6 @@ stdenv.mkDerivation { ]; buildInputs = [ - xplanet - imagemagick - curl - file ]; installPhase = '' diff --git a/krebs/5pkgs/tinc_graphs/default.nix b/krebs/5pkgs/tinc_graphs/default.nix index e5f1e40e8..20bbc53ba 100644 --- a/krebs/5pkgs/tinc_graphs/default.nix +++ b/krebs/5pkgs/tinc_graphs/default.nix @@ -2,14 +2,14 @@ python3Packages.buildPythonPackage rec { name = "tinc_graphs-${version}"; - version = "0.3.9"; + version = "0.3.10"; propagatedBuildInputs = with pkgs;[ python3Packages.pygeoip ## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat ]; src = fetchurl { - url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz"; - sha256 = "0hjmkiclvyjb3707285x4b8mk5aqjcvh383hvkad1h7p1n61qrfx"; + url = "mirror://pypi/t/tinc_graphs/${name}.tar.gz"; + sha256 = "0f4cvb9424fhfmc0hbzmynzh9528fyhx00ayq1nbpgd1p89yw7mc"; }; preFixup = with pkgs;'' wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin" |