From e3b72bb66e7c6bf410c8db81ff04e355a7b22116 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 12:03:51 +0200 Subject: 3: {tv -> krebs}.github-hosts-sync --- Zpkgs/krebs/default.nix | 11 +++++++++++ Zpkgs/krebs/github-hosts-sync.nix | 40 ++++++++++++++++++++++++++++++++++++++ Zpkgs/krebs/github-known_hosts.nix | 13 +++++++++++++ 3 files changed, 64 insertions(+) create mode 100644 Zpkgs/krebs/default.nix create mode 100644 Zpkgs/krebs/github-hosts-sync.nix create mode 100644 Zpkgs/krebs/github-known_hosts.nix (limited to 'Zpkgs/krebs') diff --git a/Zpkgs/krebs/default.nix b/Zpkgs/krebs/default.nix new file mode 100644 index 00000000..be8f7201 --- /dev/null +++ b/Zpkgs/krebs/default.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: + +let + inherit (pkgs) callPackage; +in + +pkgs // +{ + github-hosts-sync = callPackage ./github-hosts-sync.nix {}; + github-known_hosts = callPackage ./github-known_hosts.nix {}; +} diff --git a/Zpkgs/krebs/github-hosts-sync.nix b/Zpkgs/krebs/github-hosts-sync.nix new file mode 100644 index 00000000..d69b2b12 --- /dev/null +++ b/Zpkgs/krebs/github-hosts-sync.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchgit, pkgs, ... }: + +stdenv.mkDerivation { + name = "github-hosts-sync"; + + src = fetchgit { + url = https://github.com/krebscode/painload; + rev = "35ccac73d563ad30d2851b9aeed4cfef69ff74e3"; + sha256 = "1y1fs2p3xj2yrqpw0h5kd0f3c5p1y70xk1hjnw99sr33r67s9c35"; + }; + + phases = [ + "unpackPhase" + "installPhase" + ]; + + installPhase = + let + ca-bundle = "${pkgs.cacert}/etc/ca-bundle.crt"; + path = stdenv.lib.makeSearchPath "bin" (with pkgs; [ + coreutils + findutils + git + gnugrep + gnused + openssh + socat + ]); + in + '' + mkdir -p $out/bin + + sed \ + 's,^main() {$,&\n export PATH=${path} GIT_SSL_CAINFO=${ca-bundle},' \ + < ./retiolum/scripts/github_hosts_sync/hosts-sync \ + > $out/bin/github-hosts-sync + + chmod +x $out/bin/github-hosts-sync + ''; +} diff --git a/Zpkgs/krebs/github-known_hosts.nix b/Zpkgs/krebs/github-known_hosts.nix new file mode 100644 index 00000000..302fdd8d --- /dev/null +++ b/Zpkgs/krebs/github-known_hosts.nix @@ -0,0 +1,13 @@ +{ lib, ... }: + +with builtins; +with lib; + +let + github-pubkey = removeSuffix "\n" (readFile ../../Zpubkeys/github.ssh.pub); +in + +toFile "github-known_hosts" + (concatMapStrings + (i: "github.com,192.30.252.${toString i} ${github-pubkey}\n") + (range 0 255)) -- cgit v1.2.3 From 311e837c9135270e4031caf4f7764fc07a100454 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 23:16:48 +0200 Subject: Zpkgs krebs: add hashPassword --- Zpkgs/krebs/default.nix | 1 + Zpkgs/krebs/hashPassword.nix | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 Zpkgs/krebs/hashPassword.nix (limited to 'Zpkgs/krebs') diff --git a/Zpkgs/krebs/default.nix b/Zpkgs/krebs/default.nix index be8f7201..88389047 100644 --- a/Zpkgs/krebs/default.nix +++ b/Zpkgs/krebs/default.nix @@ -8,4 +8,5 @@ pkgs // { github-hosts-sync = callPackage ./github-hosts-sync.nix {}; github-known_hosts = callPackage ./github-known_hosts.nix {}; + hashPassword = callPackage ./hashPassword.nix {}; } diff --git a/Zpkgs/krebs/hashPassword.nix b/Zpkgs/krebs/hashPassword.nix new file mode 100644 index 00000000..a10340cc --- /dev/null +++ b/Zpkgs/krebs/hashPassword.nix @@ -0,0 +1,16 @@ +{ lib, pkgs, ... }: + +pkgs.writeScriptBin "hashPassword" '' + #! /bin/sh + # usage: hashPassword + set -euf + + export PATH=${lib.makeSearchPath "bin" (with pkgs; [ + coreutils + mkpasswd + openssl + ])} + + salt=$(openssl rand -base64 16 | tr -d '+=' | head -c 16) + exec mkpasswd -m sha-512 -S "$salt" +'' -- cgit v1.2.3 From 78c12a8adca9f55e8faa5c86f102050c8a557b64 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 23:19:49 +0200 Subject: Zpkgs {tv -> krebs} genid --- Zpkgs/krebs/default.nix | 1 + Zpkgs/krebs/genid.nix | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 Zpkgs/krebs/genid.nix (limited to 'Zpkgs/krebs') diff --git a/Zpkgs/krebs/default.nix b/Zpkgs/krebs/default.nix index 88389047..e07b96b5 100644 --- a/Zpkgs/krebs/default.nix +++ b/Zpkgs/krebs/default.nix @@ -6,6 +6,7 @@ in pkgs // { + genid = callPackage ./genid.nix {}; github-hosts-sync = callPackage ./github-hosts-sync.nix {}; github-known_hosts = callPackage ./github-known_hosts.nix {}; hashPassword = callPackage ./hashPassword.nix {}; diff --git a/Zpkgs/krebs/genid.nix b/Zpkgs/krebs/genid.nix new file mode 100644 index 00000000..c75bec31 --- /dev/null +++ b/Zpkgs/krebs/genid.nix @@ -0,0 +1,22 @@ +{ lib, pkgs, ... }: + +pkgs.writeScriptBin "genid" '' + #! /bin/sh + # usage: genid NAME + set -euf + + export PATH=${lib.makeSearchPath "bin" (with pkgs; [ + bc + coreutils + ])} + + name=$1 + hash=$(printf %s "$name" | sha1sum | cut -d\ -f1 | tr a-f A-F) + echo " + min=2^24 # bigger than nobody and nogroup, see + # and some spare for stuff like lxd. + max=2^32 # see 2^(8*sizeof(uid_t)) + ibase=16 + ($hash + min) % max + " | bc +'' -- cgit v1.2.3 From 99527e88aec089b4fea496248cf03f738bfed257 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 23:24:46 +0200 Subject: Zpkgs {tv -> krebs} dic --- Zpkgs/krebs/default.nix | 1 + Zpkgs/krebs/dic.nix | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 Zpkgs/krebs/dic.nix (limited to 'Zpkgs/krebs') diff --git a/Zpkgs/krebs/default.nix b/Zpkgs/krebs/default.nix index e07b96b5..231fda79 100644 --- a/Zpkgs/krebs/default.nix +++ b/Zpkgs/krebs/default.nix @@ -6,6 +6,7 @@ in pkgs // { + dic = callPackage ./dic.nix {}; genid = callPackage ./genid.nix {}; github-hosts-sync = callPackage ./github-hosts-sync.nix {}; github-known_hosts = callPackage ./github-known_hosts.nix {}; diff --git a/Zpkgs/krebs/dic.nix b/Zpkgs/krebs/dic.nix new file mode 100644 index 00000000..571773d2 --- /dev/null +++ b/Zpkgs/krebs/dic.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchgit, coreutils, curl, gnused, gnugrep, ... }: + +stdenv.mkDerivation { + name = "dic"; + + src = fetchgit { + url = https://github.com/krebscode/painload; + rev = "35ccac73d563ad30d2851b9aeed4cfef69ff74e3"; + sha256 = "1y1fs2p3xj2yrqpw0h5kd0f3c5p1y70xk1hjnw99sr33r67s9c35"; + }; + + phases = [ + "unpackPhase" + "installPhase" + ]; + + installPhase = + let + path = stdenv.lib.makeSearchPath "bin" [ + coreutils + curl + gnused + gnugrep + ]; + in + '' + mkdir -p $out/bin + + sed \ + 's,^main() {$,&\n PATH=${path}; export PATH,' \ + < ./util/bin/dic \ + > $out/bin/dic + + chmod +x $out/bin/dic + ''; +} -- cgit v1.2.3