Merge remote-tracking branch 'ni/master'

This commit is contained in:
lassulus 2017-12-12 21:56:24 +01:00
commit 2913830578
4 changed files with 52 additions and 16 deletions

View file

@ -83,6 +83,7 @@ let
rsync
utillinux
];
restartIfChanged = false;
serviceConfig = rec {
ExecStart = start plan;
SyslogIdentifier = ExecStart.name;

View file

@ -225,21 +225,26 @@ let
};
})
//
# GitHub's IPv4 address range is 192.30.252.0/22
# Refs https://help.github.com/articles/github-s-ip-addresses/
# 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses)
# Because line length is limited by OPENSSH_LINE_MAX (= 8192),
# we split each /24 into its own entry.
listToAttrs (map
(c: {
name = "github${toString c}";
value = {
hostNames = ["github.com"] ++
map (d: "192.30.${toString c}.${toString d}") (range 0 255);
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
})
(range 252 255))
{
github = {
hostNames = [
"github.com"
# List generated with
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
"192.30.253.*"
"192.30.254.*"
"192.30.255.*"
"185.199.108.*"
"185.199.109.*"
"185.199.110.*"
"185.199.111.*"
"18.195.85.27"
"18.194.104.89"
"35.159.8.160"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
}
//
mapAttrs
(name: host: {

View file

@ -0,0 +1,30 @@
{ python, writeScriptBin, ... }:
let
pythonEnv = python.withPackages (ps: [ ps.netaddr ]);
in
writeScriptBin "cidr2glob" ''
#! ${pythonEnv}/bin/python
import netaddr
import re
import sys
def cidr2glob(cidr):
net = netaddr.IPNetwork(cidr)
if net.prefixlen <= 8:
return map(lambda subnet: re.sub(r'\.0\.0\.0$', '.*', str(subnet.ip)), net.subnet(8))
elif net.prefixlen <= 16:
return map(lambda subnet: re.sub(r'\.0\.0$', '.*', str(subnet.ip)), net.subnet(16))
elif net.prefixlen <= 24:
return map(lambda subnet: re.sub(r'\.0$', '.*', str(subnet.ip)), net.subnet(24))
else:
return map(lambda ip: str(ip), list(net))
if __name__ == "__main__":
for cidr in sys.stdin:
for glob in cidr2glob(cidr):
print glob
''

View file

@ -47,7 +47,7 @@ with import <stockholm/lib>;
#http://hackage.haskell.org/package/web-page
# ref <stockholm/krebs/3modules>, services.openssh.knownHosts.github*
https://help.github.com/articles/github-s-ip-addresses/
https://api.github.com/meta
# <stockholm/tv/2configs/xserver/xserver.conf.nix>
# is derived from `configFile` in: