diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix
index 76eb4b136..a40ae8cef 100644
--- a/krebs/3modules/announce-activation.nix
+++ b/krebs/3modules/announce-activation.nix
@@ -9,6 +9,7 @@ with import <stockholm/lib>;
${shell.escape (toString cfg.irc.port)} \
${shell.escape cfg.irc.nick} \
${shell.escape cfg.irc.channel} \
+ ${escapeShellArg cfg.irc.tls} \
"$message"
'';
default-get-message = pkgs.writeDash "announce-activation-get-message" ''
@@ -50,6 +51,10 @@ in {
default = "irc.r";
type = types.hostname;
};
+ tls = mkOption {
+ default = false;
+ type = types.bool;
+ };
};
};
config = mkIf cfg.enable {
diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix
index 4436a6167..acbe717d9 100644
--- a/krebs/3modules/hidden-ssh.nix
+++ b/krebs/3modules/hidden-ssh.nix
@@ -19,6 +19,14 @@ let
type = types.str;
default = "irc.hackint.org";
};
+ port = mkOption {
+ type = types.int;
+ default = 6697;
+ };
+ tls = mkOption {
+ type = types.bool;
+ default = true;
+ };
message = mkOption {
type = types.str;
default = "SSH Hidden Service at ";
@@ -53,10 +61,14 @@ let
echo "still waiting for ${hiddenServiceDir}/hostname"
sleep 1
done
- ${pkgs.untilport}/bin/untilport ${cfg.server} 6667 && \
- ${pkgs.irc-announce}/bin/irc-announce \
- ${cfg.server} 6667 ${config.krebs.build.host.name}-ssh \
- \${cfg.channel} \
+ ${pkgs.untilport}/bin/untilport ${escapeShellArg cfg.server} ${toString cfg.port}
+
+ ${pkgs.irc-announce}/bin/irc-announce \
+ ${escapeShellArg cfg.server} \
+ ${toString cfg.port} \
+ "${config.krebs.build.host.name}-ssh" \
+ ${escapeShellArg cfg.channel} \
+ ${escapeShellArg cfg.tls} \
"${cfg.message}$(cat ${hiddenServiceDir}/hostname)"
'';
PrivateTmp = "true";
diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix
index 0a2c84410..012c4ccf8 100644
--- a/krebs/5pkgs/simple/git-hooks/default.nix
+++ b/krebs/5pkgs/simple/git-hooks/default.nix
@@ -12,6 +12,7 @@ with import <stockholm/lib>;
, port ? 6667
, refs ? []
, server
+ , tls ? false
, verbose ? false
}: /* sh */ ''
#! /bin/sh
@@ -39,6 +40,7 @@ with import <stockholm/lib>;
nick=${escapeShellArg nick}
channel=${escapeShellArg channel}
server=${escapeShellArg server}
+ tls=${escapeShellArg tls}
port=${toString port}
host=$nick
@@ -114,6 +116,7 @@ with import <stockholm/lib>;
"$port" \
"$nick" \
"$channel" \
+ "tls" \
"$message"
fi
'';
diff --git a/krebs/5pkgs/simple/irc-announce/default.nix b/krebs/5pkgs/simple/irc-announce/default.nix
index 52cf12862..5797b3667 100644
--- a/krebs/5pkgs/simple/irc-announce/default.nix
+++ b/krebs/5pkgs/simple/irc-announce/default.nix
@@ -17,7 +17,8 @@ pkgs.writeDashBin "irc-announce" ''
IRC_PORT=$2
IRC_NICK=$3_$$
IRC_CHANNEL=$4
- message=$5
+ IRC_TLS=$5
+ message=$6
export IRC_CHANNEL # for privmsg_cat
@@ -34,6 +35,8 @@ pkgs.writeDashBin "irc-announce" ''
# privmsg_cat transforms stdin to a privmsg
privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
+ tls_flag() { if [ "$IRC_TLS" -eq 1 ]; then echo "-c"; fi }
+
# ircin is used to feed the output of netcat back to the "irc client"
# so we can implement expect-like behavior with sed^_^
# XXX mkselfdestructingtmpfifo would be nice instead of this cruft
@@ -51,6 +54,8 @@ pkgs.writeDashBin "irc-announce" ''
echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)"
echo2 "NICK $IRC_NICK"
+ awk 'match($0, /PING(.*)/, m) {print "PONG", m[1]; exit}'
+
# wait for MODE message
sed -n '/^:[^ ]* MODE /q'
@@ -67,5 +72,5 @@ pkgs.writeDashBin "irc-announce" ''
echo2 'QUIT :Gone to have lunch'
} < ircin \
- | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin
+ | nc $(tls_flag) "$IRC_SERVER" "$IRC_PORT" | tee -a ircin
''