summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/hidden-ssh.nix
blob: 304049b4ec5e04b12ce43d81cbfedfaeaaf7dee2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
{ config, lib, pkgs, ... }:

with import <stockholm/lib>;
let
  cfg = config.krebs.hidden-ssh;

  out = {
    options.krebs.hidden-ssh = api;
    config = lib.mkIf cfg.enable imp;
  };

  api = {
    enable = mkEnableOption "hidden SSH announce";
  };

  imp = let
    torDirectory = "/var/lib/tor"; # from tor.nix
    hiddenServiceDir = torDirectory + "/ssh-announce-service";
  in {
    services.tor = {
      enable = true;
      extraConfig = ''
        HiddenServiceDir ${hiddenServiceDir}
        HiddenServicePort 22 127.0.0.1:22
      '';
      client.enable = true;
    };
    systemd.services.hidden-ssh-announce = {
      description = "irc announce hidden ssh";
      after = [ "tor.service" "network-online.target" ];
      wants = [ "tor.service" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        # ${pkgs.tor}/bin/torify
        ExecStart = pkgs.writeDash "irc-announce-ssh" ''
          set -efu
          until test -e ${hiddenServiceDir}/hostname; do
            echo "still waiting for ${hiddenServiceDir}/hostname"
            sleep 1
          done
          ${pkgs.untilport}/bin/untilport irc.freenode.org 6667 && \
            ${pkgs.irc-announce}/bin/irc-announce \
            irc.freenode.org 6667 ${config.krebs.build.host.name}-ssh \
            \#krebs-announce \
            "SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)"
        '';
        PrivateTmp = "true";
        User = "tor";
        Type = "oneshot";
      };
    };
  };
in
out