Merge remote-tracking branch 'ni/master'
This commit is contained in:
commit
2913830578
|
@ -83,6 +83,7 @@ let
|
|||
rsync
|
||||
utillinux
|
||||
];
|
||||
restartIfChanged = false;
|
||||
serviceConfig = rec {
|
||||
ExecStart = start plan;
|
||||
SyslogIdentifier = ExecStart.name;
|
||||
|
|
|
@ -225,21 +225,26 @@ let
|
|||
};
|
||||
})
|
||||
//
|
||||
# GitHub's IPv4 address range is 192.30.252.0/22
|
||||
# Refs https://help.github.com/articles/github-s-ip-addresses/
|
||||
# 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses)
|
||||
# Because line length is limited by OPENSSH_LINE_MAX (= 8192),
|
||||
# we split each /24 into its own entry.
|
||||
listToAttrs (map
|
||||
(c: {
|
||||
name = "github${toString c}";
|
||||
value = {
|
||||
hostNames = ["github.com"] ++
|
||||
map (d: "192.30.${toString c}.${toString d}") (range 0 255);
|
||||
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
|
||||
};
|
||||
})
|
||||
(range 252 255))
|
||||
{
|
||||
github = {
|
||||
hostNames = [
|
||||
"github.com"
|
||||
# List generated with
|
||||
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
|
||||
"192.30.253.*"
|
||||
"192.30.254.*"
|
||||
"192.30.255.*"
|
||||
"185.199.108.*"
|
||||
"185.199.109.*"
|
||||
"185.199.110.*"
|
||||
"185.199.111.*"
|
||||
"18.195.85.27"
|
||||
"18.194.104.89"
|
||||
"35.159.8.160"
|
||||
];
|
||||
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
|
||||
};
|
||||
}
|
||||
//
|
||||
mapAttrs
|
||||
(name: host: {
|
||||
|
|
30
krebs/5pkgs/simple/cidr2glob.nix
Normal file
30
krebs/5pkgs/simple/cidr2glob.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{ python, writeScriptBin, ... }:
|
||||
|
||||
let
|
||||
pythonEnv = python.withPackages (ps: [ ps.netaddr ]);
|
||||
in
|
||||
writeScriptBin "cidr2glob" ''
|
||||
#! ${pythonEnv}/bin/python
|
||||
|
||||
import netaddr
|
||||
import re
|
||||
import sys
|
||||
|
||||
def cidr2glob(cidr):
|
||||
net = netaddr.IPNetwork(cidr)
|
||||
|
||||
if net.prefixlen <= 8:
|
||||
return map(lambda subnet: re.sub(r'\.0\.0\.0$', '.*', str(subnet.ip)), net.subnet(8))
|
||||
elif net.prefixlen <= 16:
|
||||
return map(lambda subnet: re.sub(r'\.0\.0$', '.*', str(subnet.ip)), net.subnet(16))
|
||||
elif net.prefixlen <= 24:
|
||||
return map(lambda subnet: re.sub(r'\.0$', '.*', str(subnet.ip)), net.subnet(24))
|
||||
else:
|
||||
return map(lambda ip: str(ip), list(net))
|
||||
|
||||
if __name__ == "__main__":
|
||||
for cidr in sys.stdin:
|
||||
for glob in cidr2glob(cidr):
|
||||
print glob
|
||||
|
||||
''
|
|
@ -47,7 +47,7 @@ with import <stockholm/lib>;
|
|||
#http://hackage.haskell.org/package/web-page
|
||||
|
||||
# ref <stockholm/krebs/3modules>, services.openssh.knownHosts.github*
|
||||
https://help.github.com/articles/github-s-ip-addresses/
|
||||
https://api.github.com/meta
|
||||
|
||||
# <stockholm/tv/2configs/xserver/xserver.conf.nix>
|
||||
# is derived from `configFile` in:
|
||||
|
|
Loading…
Reference in a new issue