From 48502fb07e2f3c1adfe098179172d3d43fed3cba Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 24 May 2016 23:19:43 +0200 Subject: k 3 l: add fritz pubkey --- krebs/3modules/lass/default.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 03e067f3..65da85ac 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -311,5 +311,8 @@ with config.krebs.lib; pubkey = builtins.readFile ./ssh/shodan.rsa; pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp; }; + fritz = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; + }; }; } -- cgit v1.2.3 From cc938e61f8d86b2554509a748fc455f0157f9cf7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 May 2016 00:32:55 +0200 Subject: k 3 iptables: allow DNAT rules --- krebs/3modules/iptables.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index 4b99873a..bb06a938 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -124,7 +124,7 @@ let buildRule = tn: cn: rule: #target validation test: - assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target; + assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target || hasPrefix "DNAT" rule.target; #predicate validation test: #maybe use iptables-test -- cgit v1.2.3 From 806e592d3e67defff6d626ef3b48647d1a4c28cf Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 1 Jun 2016 00:07:14 +0200 Subject: k 3 nginx: unique server-names to silence nginx --- krebs/3modules/nginx.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index 6af93a57..fc7fcca6 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -119,7 +119,7 @@ let to-server = { server-names, listen, locations, extraConfig, ssl, ... }: '' server { - server_name ${toString server-names}; + server_name ${toString (unique server-names)}; ${concatMapStringsSep "\n" (x: indent "listen ${x};") listen} ${optionalString ssl.enable (indent '' listen 443 ssl; -- cgit v1.2.3