Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2021-09-05 18:22:38 +02:00
commit 3299706b01
No known key found for this signature in database
GPG key ID: 36F7711F3FC0F225
13 changed files with 271 additions and 12 deletions

View file

@ -5,6 +5,7 @@ on:
jobs:
repo-sync:
if: github.repository_owner == 'Mic92'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2

View file

@ -639,7 +639,7 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.13.12";
aliases = [ "catalonia.r" ];
aliases = [ "catalonia.r" "aleph.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y

View file

@ -334,6 +334,26 @@ in {
'';
};
};
yasmin = {
owner = config.krebs.users.mic92;
nets.retiolum = {
ip4.addr = "10.243.29.197";
aliases = [
"yasmin.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAnQ6HGgUPVQbDIsLZAawZu4vK9yHF02aDrIWU9SdzpAddhM8yqWeC
f55W6zyjZuoQ2w4UNthDl6gjQM6A9B+nEMRNz3Rnhp57Lyi0a6HZHF2Eok9vJBiu
IRbVUxPpPKOGE09w0m5cLOfDfaZVdAT+80lQYoaasDr2VlRJNa2/arzaq847/SVg
vaf4gOmE+iIK+4ZDHqLcTn1WD6jy+aMChZU/zI31vZ8vM4oPuGh1xbcB3wKP3Vf3
OTqpGN86CdrdBahJkzNJzIXYsPsRaZ2+8dWTH9gJjI0z+yywQQCrrh9K/oJtDUHF
BwmNc150BoSLqwduSWLtBonCa9p2/y/TDQIDAQAB
-----END RSA PUBLIC KEY-----
Ed25519PublicKey = ZQt/OcrDlQZvtJyMEFcS6FKjtumBA9gBWr7VqGdbJBP
'';
};
};
martha = {
owner = config.krebs.users.mic92;
nets = rec {
@ -389,6 +409,7 @@ in {
nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR
/vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
-----END RSA PUBLIC KEY-----
Ed25519PublicKey = 1wPa2cmQ4FUFw9289d0KdG1DcDuMNIYMWzIUnVVHu2P
'';
};
};
@ -426,11 +447,12 @@ in {
owner = config.krebs.users.mic92;
nets = rec {
internet = {
ip4.addr = "131.159.38.191";
ip6.addr = "2a09:80c0:38::191";
ip4.addr = "131.159.102.1";
ip6.addr = "2a09:80c0:102::1";
aliases = [ "bill.i" ];
};
retiolum = {
via = internet;
addrs = [
config.krebs.hosts.bill.nets.retiolum.ip4.addr
config.krebs.hosts.bill.nets.retiolum.ip6.addr
@ -465,6 +487,7 @@ in {
aliases = [ "nardole.i" ];
};
retiolum = {
via = internet;
addrs = [
config.krebs.hosts.nardole.nets.retiolum.ip4.addr
config.krebs.hosts.nardole.nets.retiolum.ip6.addr
@ -618,6 +641,7 @@ in {
FK5qRrQFMRFB8KGV+n3+cx3XCM2q0ZPTNf06N+Usx6vTKLASa/4GaTcbBx+9Dndm
mFVWq9JjLa8e65tojzj8PhmgxqaNCf8aKwIDAQAB
-----END RSA PUBLIC KEY-----
Ed25519PublicKey = oRGc9V9G9GFsY1bZIaJamoDEAZU2kphlpxXOMBxI2GN
'';
};
};
@ -640,6 +664,7 @@ in {
jb+EGlT/vq3+oGNFJ7Shy/VsR5GLDoZ5KCsT45DM87lOjGB7m+bOdizZQtWmJtC/
/btEPWJPAD9lIY2iGtPrmeMWDNTW9c0iCwIDAQAB
-----END RSA PUBLIC KEY-----
Ed25519PublicKey = dzjT09UeUGJCbUFrBo+FtbnXrsxFQnmqmJw7tjpJQJL
'';
};
};

View file

@ -21,6 +21,7 @@ in {
"krebsco.de" = ''
cache IN A ${nets.internet.ip4.addr}
p IN A ${nets.internet.ip4.addr}
c IN A ${nets.internet.ip4.addr}
paste IN A ${nets.internet.ip4.addr}
prism IN A ${nets.internet.ip4.addr}
'';
@ -65,7 +66,9 @@ in {
"prism.r"
"cache.prism.r"
"cgit.prism.r"
"flix.r"
"paste.r"
"c.r"
"p.r"
"search.r"
];

View file

@ -18,6 +18,9 @@ self: super: {
"0.9.0" = [
./flameshot/flameshot_imgur_0.9.0.patch
];
"0.10.1" = [
./flameshot/flameshot_imgur_0.9.0.patch
];
}.${old.version};
});

View file

@ -0,0 +1,23 @@
{ pkgs }:
pkgs.symlinkJoin {
name = "cyberlocker-tools";
paths = [
(pkgs.writers.writeDashBin "cput" ''
set -efu
path=''${1:-$(hostname)}
path=$(echo "/$path" | sed -E 's:/+:/:')
url=http://c.r$path
${pkgs.curl}/bin/curl -fSs --data-binary @- "$url"
echo "$url"
'')
(pkgs.writers.writeDashBin "cdel" ''
set -efu
path=$1
path=$(echo "/$path" | sed -E 's:/+:/:')
url=http://c.r$path
${pkgs.curl}/bin/curl -f -X DELETE "$url"
'')
];
}

View file

@ -0,0 +1,29 @@
with import <stockholm/lib>;
{ pkgs, stdenv }:
stdenv.mkDerivation rec {
pname = "htgen-cyberlocker";
version = "1.0.0";
src = ./src;
buildPhase = ''
(
exec > htgen-cyberlocker
echo PATH=${makeBinPath [
pkgs.coreutils
pkgs.file
pkgs.findutils
pkgs.gnugrep
pkgs.jq
pkgs.nix
pkgs.utillinux
]}
echo STATEDIR=${shell.escape "\${STATEDIR-$HOME}"}
cat $src/htgen-cyberlocker
)
'';
installPhase = ''
install -D htgen-cyberlocker $out/bin/htgen-cyberlocker
'';
}

View file

@ -0,0 +1,76 @@
delete_response() {
jq -n -r \
--arg server "$Server" \
'
[ "HTTP/1.1 204 OK\r"
, "Connection: close\r"
, "Server: \($server)\r"
, "\r"
][]
'
}
file_response() {(
type=$(file -ib "$1")
size=$(wc -c < "$1")
jq -n -r \
--arg type "$type" \
--arg size "$size" \
--arg server "$Server" \
'
[ "HTTP/1.1 200 OK\r"
, "Connection: close\r"
, "Content-Length: \($size)\r"
, "Content-Type: \($type)\r"
, "Server: \($server)\r"
, "\r"
][]
'
cat "$1"
)}
read_uri() {
jq -cn --arg uri "$1" '
$uri |
capture("^((?<scheme>[^:]*):)?(//(?<authority>[^/]*))?(?<path>[^?#]*)([?](?<query>[^#]*))?([#](?<fragment>.*))?$") |
. + {
query: (.query | if . != null then
split("&") |
map(split("=") | {key:.[0],value:.[1]}) |
from_entries
else . end)
}
'
}
uri=$(read_uri "$Request_URI")
path=$(jq -nr --argjson uri "$uri" '$uri.path')
case "$Method $path" in
'POST /'*|'PUT /'*)
content=$(mktemp -t htgen.$$.content.XXXXXXXX)
trap "rm $content >&2" EXIT
head -c $req_content_length > $content
item=$STATEDIR/items/$(echo "$path" | jq -rR @uri)
mkdir -v -p $STATEDIR/items >&2
cp -v $content $item >&2
exit
;;
'GET /'*)
item=$STATEDIR/items/$(echo "$path" | jq -rR @uri)
if [ -e "$item" ]; then
file_response "$item"
exit
fi
;;
'DELETE /'*)
item=$STATEDIR/items/$(echo "$path" | jq -rR @uri)
if [ -e "$item" ]; then
rm "$item"
delete_response
exit
fi
esac

View file

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "dd14e5d78e90a2ccd6007e569820de9b4861a6c2",
"date": "2021-07-24T08:14:16-04:00",
"path": "/nix/store/0z5nrrjzmjcicjhhdrqb9vgm56zxysk3-nixpkgs",
"sha256": "1zmhwx1qqgl1wrrb9mjkck508887rldrnragvximhd7jrh1ya3fb",
"rev": "8d8a28b47b7c41aeb4ad01a2bd8b7d26986c3512",
"date": "2021-08-29T22:49:37+08:00",
"path": "/nix/store/vg29bg0awqam80djwz68ym0awvasrw6i-nixpkgs",
"sha256": "1s29nc3ppsjdq8kgbh8pc26xislkv01yph58xv2vjklkvsmz5pzm",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false

View file

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "91903ceb294dbe63a696759bfba3d23ee667f2dc",
"date": "2021-07-26T09:21:28+02:00",
"path": "/nix/store/2v649741xdh1crybi2dm879bl60zrkhf-nixpkgs",
"sha256": "1hmpwi27r4q0lnspg7ylfzxakwz2fhl3r07vjvq5yalcdqwiain3",
"rev": "74d017edb6717ad76d38edc02ad3210d4ad66b96",
"date": "2021-08-27T16:58:49+02:00",
"path": "/nix/store/82jg1p0rlf7mkryjpdn0z6b95q4i9lnq-nixpkgs",
"sha256": "0wvz41izp4djzzr0a6x54hcm3xjr51nlj8vqghfgyrjpk8plyk4s",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false

View file

@ -305,6 +305,12 @@ with import <stockholm/lib>;
localAddress = "10.233.2.14";
};
services.nginx.virtualHosts."flix.r" = {
locations."/".extraConfig = ''
proxy_pass http://10.233.2.14:80/;
proxy_set_header Accept-Encoding "";
'';
};
services.nginx.virtualHosts."lassul.us" = {
locations."^~ /flix/".extraConfig = ''
if ($scheme != "https") {
@ -379,7 +385,58 @@ with import <stockholm/lib>;
mountdPort = 4002;
statdPort = 4000;
};
services.samba = {
enable = true;
enableNmbd = false;
extraConfig = ''
workgroup = WORKGROUP
netbios name = PRISM
server string = ${config.networking.hostName}
# only allow retiolum addresses
hosts allow = 42::/16 10.243.0.0/16
# Use sendfile() for performance gain
use sendfile = true
# No NetBIOS is needed
disable netbios = true
# Only mangle non-valid NTFS names, don't care about DOS support
mangled names = illegal
# Performance optimizations
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
# Disable all printing
load printers = false
disable spoolss = true
printcap name = /dev/null
map to guest = Bad User
max log size = 50
dns proxy = no
security = user
[global]
syslog only = yes
'';
shares.public = {
comment = "Warez";
path = "/export";
public = "yes";
"only guest" = "yes";
"create mask" = "0644";
"directory mask" = "2777";
writable = "no";
printable = "no";
};
};
krebs.iptables.tables.filter.INPUT.rules = [
# smbd
{ predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }

View file

@ -164,7 +164,7 @@ with import <stockholm/lib>;
client
dev tun
proto udp
remote 91.207.172.77 1194
remote 196.240.57.43 1194
resolv-retry infinite
remote-random
nobind

View file

@ -2,6 +2,18 @@
with import <stockholm/lib>;
{
services.nginx.virtualHosts.cyberlocker = {
serverAliases = [ "c.r" ];
locations."/".extraConfig = ''
client_max_body_size 4G;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port};
'';
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
'';
};
services.nginx.virtualHosts.paste = {
serverAliases = [ "p.r" ];
locations."/".extraConfig = ''
@ -19,6 +31,26 @@ with import <stockholm/lib>;
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
proxy_pass_header Server;
'';
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
'';
};
services.nginx.virtualHosts."c.krebsco.de" = {
enableACME = true;
addSSL = true;
serverAliases = [ "c.krebsco.de" ];
locations."/".extraConfig = ''
if ($request_method != GET) {
return 403;
}
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port};
'';
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
'';
};
services.nginx.virtualHosts."p.krebsco.de" = {
enableACME = true;
@ -39,6 +71,10 @@ with import <stockholm/lib>;
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
proxy_pass_header Server;
'';
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
'';
};
krebs.htgen.paste = {
@ -58,6 +94,12 @@ with import <stockholm/lib>;
(. ${pkgs.htgen-imgur}/bin/htgen-imgur)
'';
};
krebs.htgen.cyberlocker = {
port = 7772;
script = /* sh */ ''
(. ${pkgs.htgen-cyberlocker}/bin/htgen-cyberlocker)
'';
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";}
];