makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'ni/master' into HEAD

Browse source
This commit is contained in:
lassulus 2017-06-20 16:05:27 +02:00
parent bda14221cf 57c6b890f9
commit f0bcc6e1f1
19 changed files with 348 additions and 69 deletions

2
krebs/3modules/default.nix
View file

@ -186,7 +186,7 @@ let
makefu
tv
];
ciko.mail = "wieczorek.stefan@gmail.com";
ciko.mail = "ciko@slash16.net";
in {
"anmeldung@eloop.org" = eloop-ml;
"cfp@eloop.org" = eloop-ml;

4
krebs/3modules/setuid.nix
View file

@ -47,9 +47,7 @@ let
type = mkOptionType {
# TODO admit symbolic mode
name = "octal mode";
check = x:
isString x &&
match "[0-7][0-7][0-7][0-7]" x != null;
check = test "[0-7][0-7][0-7][0-7]";
merge = mergeOneOption;
};
};

56
krebs/5pkgs/simple/bling/default.nix Normal file
View file

@ -0,0 +1,56 @@
{ imagemagick, runCommand, ... }:
with import <stockholm/lib>;
let
krebs-v2 = [
" "
" "
" x x x x"
"xx x xx xx xx x"
"xx x xx xx xx x"
" xxx x x xxx"
" xxx xxxxx xxx"
" x xxxxxxx x "
" xxxxxxxxxxxxx "
" xxxxxxx "
" xxxxxxxxxxx "
" x xxx x "
" x x x x x x "
" x x x x x x "
" x xx x x xx x "
" "
];
chars-per-pixel = 1;
colors = 2;
columns = foldl' max 0 (map stringLength krebs-v2);
rows = length krebs-v2;
png-geometry = "1692x1692";
txt = concatMapStrings (s: "${s}\n") krebs-v2;
xpm = ''
static char *krebs_v2[] = {
${toC (toString [columns rows colors chars-per-pixel])},
" c None",
"x c #E4002B",
${concatMapStringsSep ",\n " toC krebs-v2}
};
'';
in
runCommand "bling"
{
inherit xpm;
passAsFile = ["xpm"];
}
''
mkdir -p $out
cd $out
cp $xpmPath krebs-v2.xpm
${imagemagick}/bin/convert krebs-v2.xpm krebs-v2.ico
${imagemagick}/bin/convert krebs-v2.xpm -scale ${png-geometry} krebs-v2.png
''

40
krebs/5pkgs/simple/git-hooks/default.nix
View file

@ -5,7 +5,15 @@ with import <stockholm/lib>;
{
# TODO irc-announce should return a derivation
# but it cannot because krebs.git.repos.*.hooks :: attrsOf str
irc-announce = { nick, channel, server, port ? 6667, verbose ? false, branches ? [] }: ''
irc-announce =
{ branches ? []
, cgit_endpoint ? "http://cgit.${nick}.r"
, channel
, nick
, port ? 6667
, server
, verbose ? false
}: /* sh */ ''
#! /bin/sh
set -euf
@ -34,7 +42,6 @@ with import <stockholm/lib>;
port=${toString port}
host=$nick
cgit_endpoint=http://cgit.$host.r
empty=0000000000000000000000000000000000000000
@ -66,22 +73,27 @@ with import <stockholm/lib>;
if [ $newrev = $empty ]; then id=$empty_tree; fi
if [ $oldrev = $empty ]; then id2=$empty_tree; fi
case $receive_mode in
create)
link="$cgit_endpoint/$GIT_SSH_REPO/?h=$h"
;;
delete)
link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)"
;;
fast-forward|non-fast-forward)
link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2"
;;
esac
${if cgit_endpoint != null then /* sh */ ''
cgit_endpoint=${escapeShellArg cgit_endpoint}
case $receive_mode in
create)
link="$cgit_endpoint/$GIT_SSH_REPO/?h=$h"
;;
delete)
link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)"
;;
fast-forward|non-fast-forward)
link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2"
;;
esac
'' else /* sh */ ''
link="$GIT_SSH_REPO $h"
''}
#$host $GIT_SSH_REPO $ref $link
add_message $(pink push) $link $(gray "($receive_mode)")
${optionalString verbose ''
${optionalString verbose /* sh */ ''
add_message "$(
git log \
--format="$(orange %h) %s $(gray '(%ar)')" \

8
krebs/5pkgs/simple/krebs-pages/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ bling, runCommand, ... }:
runCommand "krebs-pages-0" {} ''
mkdir $out
cp ${./fixtures}/* $out/
ln -s ${bling}/krebs-v2.ico $out/favicon.ico
ln -s ${bling}/krebs-v2.png $out/
''

42
krebs/5pkgs/simple/krebs-pages/fixtures/index.html Normal file
View file

@ -0,0 +1,42 @@
<!doctype html>
<title>krebscode</title>
<style>
html {
background: black url(krebs-v2.png) fixed no-repeat 50% 0%;
background-size: 423px;
}
a:visited {
color: white;
}
a:link {
color: lightgrey;
}
</style>
<script>
var html;
window.onload = function () {
html = document.getElementsByTagName('html')[0];
window.onresize();
}
window.onresize = function () {
html.style.backgroundSize =
Math.min(document.height - 23, document.width - 23) + 'px';
}
</script>
<body>
<p>
<a href="http://krebscode.github.io/minikrebs/linuxtag">
Linuxtag Heckenkrebs Presentation
</a>
</p>
<p>
<a href="http://krebscode.github.io/writeups">
CTF Writeups
</a>
</p>
<p>
<a href="thesauron.html">
Thesauron
</a>
</p>
</body>

133
krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html Normal file
View file

@ -0,0 +1,133 @@
<p>Cholerab n.
[de]
- Kunstwort aus Kollaboration und Cholera. Beschreibt den Zustand, dass
Zusammenarbeit niemals gut, einfach und ohne Schmerzen funktioniert.
- Teamwork-Plattform für Krebscode.</p>
<p>eigentlich adv.
[de]
- Hinweis darauf, dass der Inhalt eines Satzes eine Soll-Realität beschreibt,
die nicht der Fall ist.
Antonym: tatsaechlich</p>
<p>ghost n.
[de]
- Host im Darknet welcher evtl. irgendwie noch da ist (als dd image auf anderen
Festplatten) aber wohl nie wieder kommen wird.
Siehe: Wiederbelebung</p>
<p>KD;RP abbr. (pronounciation: kah-derp)
[en]
- Short for Krebs Darknet / Retiolum Prefix.</p>
<p>krebs
[de]
- krebs ist ein soziales Experiment, eine Organisation, das zweit aelteste
Softwareprojekt im Shack und viel verteilte infrastruktur.</p>
<p>kremium
[en]
- coinage derived from the words premium and krebs
see: broken
usage: Reaktor ircbot has unfixed broken behavior since ever-&gt;&#8220;Kremium Software&#8221;</p>
<p>KRI abbr. (pronounciation: [en] cry)
[en]
- Short for Krebs Request for Implementation.
Derived from Scheme Requests for Implementation (SRFI).</p>
<p>litterate programming n.
[en]
- any code that has not been proved mathematically.</p>
<p>Nahziel n.
[de]
- Ziel mit höchst möglicher Priorität.</p>
<p>Nahzielerfahrung n.
[de]
- das Erlebnis der (endgültigen) Nichterreichung eines Nahziels (obwohl
nur noch wenig ((quasi-) infinitesimal viel) nötig gewesen wäre).</p>
<p>parentheses of fear
[en]
- unnecessary parentheses, usually used when order of precedence is unknown.
- Examples: 1 + (2 * 3)</p>
<p>Protip n.
[en]
- (Probably vague) description how a task can be solved.
- Antonym: Spoiler
- Example:
- To defeat the Cyberdaemon, shoot at it until it dies.
- RTFM</p>
<p>Punching Lemma n.
[de]
- Sozialer Druck zur Aufrechterhaltung der Ordnung in dem sozialen Geflaecht
von Krebs</p>
<p>ref, n.
[en]
- A reference like an URI, ISBN, name of a person, etc.</p>
<p>reftrace, n.
[en]
- A stacktrace-like representation of refs that lead to some (any kind of)
conclusion. Usually generated by a human. The conclusion can be either on
the top or on the bottom of the stack. If the order is ambiguous, then it
should be communicated explicitly.
- Example: (conclusion first)
- http://en.wikipedia.org/wiki/Stack_trace
- google &#8220;stacktrace&#8221; (first entry / 2014&#8211;12&#8211;05T12:13:58Z)
- think about some example [this could be omitted, as it&#8217;s obvious&#8230;]</p>
<p>Retiolum n.
[en]
- The official darknet of Krebs which utilizes the Retiolum Prefix to
address individual nodes.</p>
<p>Retiolum Prefix n.
[en]
- The universally accepted IPv6-prefix, 42::/16. Anyone can has a
/128-subnet and, if require, anything larger.</p>
<p>Retiolum Realtime Map n.
[en]
- The network map of the public visible part of Retiolum.</p>
<p>RRM [abbr.][en]
- Short for Retiolum Retiolum Map.</p>
<p>Sanatorium n.
[en]
- The Krebs Control and Command Center.
- An Retiolum-based IRC-channel where all Reaktor-enabled nodes gather
and lurk for relevant input.</p>
<p>Spoiler n.
[en]
- A subset of walkthrough, i.e. any individual steps may be omitted.
- Antonym: Protip</p>
<p>tatsaechlich, adv.
[de]
- Hinweis darauf, dass der Inhalt eines Satzes exakt der Realität entspricht.
Antonym: eigentlich</p>
<p>Verkrebsung n.
[de]
- Synonym fuer die Installation von Krebs (oder eine einzelnen Krebs
Komponente) auf einem beliebigem System.</p>
<p>Walkthrough n.
[en]
- Description of the individual steps to complete a task.
- Examples:
- program code
- small-step semantics</p>
<p>Wiederbelebung n.
[de]
- Ein ghost wird im Darknet wieder erreichbar
Siehe: ghost</p>

8
krebs/5pkgs/simple/urlwatch/default.nix
View file

@ -1,16 +1,17 @@
{ stdenv, fetchurl, python3Packages }:
python3Packages.buildPythonPackage rec {
name = "urlwatch-2.5";
name = "urlwatch-${meta.version}";
src = fetchurl {
url = "https://thp.io/2008/urlwatch/${name}.tar.gz";
sha256 = "0qirpymdmpsx0klmhbx3icmiwpm6fx4wjma646gl9m90pifs8430";
url = "https://github.com/thp/urlwatch/archive/${meta.version}.tar.gz";
sha256 = "09bn31gn03swi7yr3s1ql8x07hx96gap1ka77kk44kk0lvfxn55b";
};
propagatedBuildInputs = with python3Packages; [
keyring
minidb
pycodestyle
pyyaml
requests2
];
@ -20,5 +21,6 @@ python3Packages.buildPythonPackage rec {
homepage = https://thp.io/2008/urlwatch/;
license = stdenv.lib.licenses.bsd3;
maintainers = [ stdenv.lib.maintainers.tv ];
version = "2.6";
};
}

36
krebs/5pkgs/simple/whatsupnix/whatsupnix.bash
View file

@ -1,26 +1,33 @@
#!/usr/bin/env bash
#
# Prints build logs for failed derivations in quiet build mode (-Q).
# See https://github.com/NixOS/nix/issues/443
#
# Usage:
#
# set -o pipefail
# nix-build ... -Q ... | whatsupnix [user@target[:port]]
# nix-build ... -Q ... 2>&1 | whatsupnix [user@target[:port]]
#
# Exit Codes:
#
# 0 No failed derivations could be found. This either means there where
# no build errors, or stdin wasn't nix-build output.
#
# 1 Usage error; arguments couldn't be parsed.
#
# 2 Build error; at least one failed derivation could be found.
#
GAWK=${GAWK:-gawk}
NIX_STORE=${NIX_STORE:-nix-store}
broken=$(mktemp)
trap 'rm -f -- "$broken"' EXIT
failed_drvs=$(mktemp --tmpdir whatsupnix.XXXXXXXX)
trap 'rm -f -- "$failed_drvs"' EXIT
exec >&2
$GAWK -v broken="$broken" '
$GAWK -v failed_drvs="$failed_drvs" '
match($0, /^builder for (\/nix\/store\/[^]+\.drv) failed/, m) {
print m[1] >> broken
print m[1] >> failed_drvs
}
{ print $0 }
'
@ -28,7 +35,7 @@ $GAWK -v broken="$broken" '
case $# in
0)
print_log() {
$NIX_STORE -l "$1"
NIX_PAGER= $NIX_STORE -l "$1"
}
;;
1)
@ -47,7 +54,7 @@ case $# in
remote_host=$1
print_log() {
ssh "$remote_user@$remote_host" -p "$remote_port" \
nix-store -l "$1"
env NIX_PAGER= nix-store -l "$1"
}
;;
*)
@ -55,7 +62,6 @@ case $# in
exit 1
esac
export NIX_PAGER='' # for nix-store
while read -r drv; do
title="** FAILED $drv LOG **"
frame=${title//?/*}
@ -68,6 +74,10 @@ while read -r drv; do
print_log "$drv"
echo
done < "$broken"
done < "$failed_drvs"
exit 0
if test -s "$failed_drvs"; then
exit 2
else
exit 0
fi

4
lib/default.nix
View file

@ -29,6 +29,10 @@ let
setAttr = name: value: set: set // { ${name} = value; };
test = re: x: isString x && testString re x;
testString = re: x: match re x != null;
toC = x: let
type = typeOf x;
reject = throw "cannot convert ${type}";

2
lib/shell.nix
View file

@ -5,7 +5,7 @@ with lib;
rec {
escape =
let
isSafeChar = c: match "[-+./0-9:=A-Z_a-z]" c != null;
isSafeChar = testString "[-+./0-9:=A-Z_a-z]";
in
stringAsChars (c:
if isSafeChar c then c

22
lib/types.nix
View file

@ -2,10 +2,10 @@
let
inherit (lib)
all any concatMapStringsSep concatStringsSep const filter flip genid
hasSuffix head isInt isString length match mergeOneOption mkOption
all any concatMapStringsSep concatStringsSep const filter flip
genid hasSuffix head isInt isString length mergeOneOption mkOption
mkOptionType optional optionalAttrs optionals range splitString
stringLength substring typeOf;
stringLength substring test typeOf;
inherit (lib.types)
attrsOf bool either enum int listOf nullOr path str string submodule;
in
@ -338,7 +338,8 @@ rec {
check = let
IPv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in
concatMapStringsSep "." (const d) (range 1 4);
in x: isString x && match IPv4address x != null;
in
test IPv4address;
merge = mergeOneOption;
};
addr6 = mkOptionType {
@ -346,7 +347,8 @@ rec {
check = let
# TODO check IPv6 address harder
IPv6address = "[0-9a-f.:]+";
in x: isString x && match IPv6address x != null;
in
test IPv6address;
merge = mergeOneOption;
};
@ -396,14 +398,13 @@ rec {
file-mode = mkOptionType {
name = "file mode";
check = x: isString x && match "[0-7]{4}" x != null;
check = test "[0-7]{4}";
merge = mergeOneOption;
};
haskell.conid = mkOptionType {
name = "Haskell constructor identifier";
check = x:
isString x && match "[[:upper:]][[:lower:]_[:upper:]0-9']*" x != null;
check = test "[[:upper:]][[:lower:]_[:upper:]0-9']*";
merge = mergeOneOption;
};
@ -425,15 +426,14 @@ rec {
label = mkOptionType {
name = "label";
# TODO case-insensitive labels
check = x: isString x
&& match "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?" x != null;
check = test "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?";
merge = mergeOneOption;
};
# POSIX.12013, 3.278 Portable Filename Character Set
filename = mkOptionType {
name = "POSIX filename";
check = x: isString x && match "([0-9A-Za-z._])[0-9A-Za-z._-]*" x != null;
check = test "([0-9A-Za-z._])[0-9A-Za-z._-]*";
merge = mergeOneOption;
};

14
tv/1systems/xu.nix
View file

@ -28,6 +28,7 @@ with import <stockholm/lib>;
# tv
bc
bind # dig
brain
cac-api
dic
file
@ -35,6 +36,7 @@ with import <stockholm/lib>;
haskellPackages.hledger
htop
jq
krebszones
mkpasswd
netcat
netcup
@ -47,18 +49,6 @@ with import <stockholm/lib>;
texlive.combined.scheme-full
tmux
(pkgs.writeDashBin "krebszones" ''
set -efu
export OVH_ZONE_CONFIG=$HOME/.secrets/krebs/ovh-zone.conf
case $* in
import)
set -- import /etc/zones/krebsco.de krebsco.de
echo "+ krebszones $*" >&2
;;
esac
exec ${pkgs.krebszones}/bin/ovh-zone "$@"
'')
#ack
#apache-httpd
#ascii

8
tv/2configs/default.nix
View file

@ -9,12 +9,15 @@ with import <stockholm/lib>;
user = config.krebs.users.tv;
source = let inherit (config.krebs.build) host; in {
nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix";
secrets.file = "/home/tv/secrets/${host.name}";
secrets.file =
if getEnv "dummy_secrets" == "true"
then toString <stockholm/tv/dummy_secrets>
else "/home/tv/secrets/${host.name}";
secrets-common.file = "/home/tv/secrets/common";
stockholm.file = "/home/tv/stockholm";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "99dfb6dce37edcd1db7cb85c2db97089d9d5f442"; # nixos-17.03
ref = "412b0a17aa2975e092c7ab95a38561c5f82908d4"; # nixos-17.03
};
} // optionalAttrs host.secure {
secrets-master.file = "/home/tv/secrets/master";
@ -41,6 +44,7 @@ with import <stockholm/lib>;
gnumake
hashPassword
populate
whatsupnix
];
}
{

23
tv/2configs/gitrepos.nix
View file

@ -90,28 +90,33 @@ let {
{
brain = {
collaborators = with config.krebs.users; [ lass makefu ];
hooks.post-receive = irc-announce {
cgit_endpoint = null;
};
};
} //
# TODO don't put secrets/repos.nix into the store
import <secrets/repos.nix> { inherit config lib pkgs; }
);
irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate {
channel = "#retiolum";
# TODO make nick = config.krebs.build.host.name the default
nick = config.krebs.build.host.name;
server = "ni.r";
verbose = true;
} args);
make-public-repo = name: { cgit ? {}, ... }: {
inherit cgit name;
public = true;
hooks = optionalAttrs (config.krebs.build.host.name == "ni") {
post-receive = pkgs.git-hooks.irc-announce {
# TODO make nick = config.krebs.build.host.name the default
nick = config.krebs.build.host.name;
channel = "#retiolum";
server = "ni.r";
verbose = true;
};
post-receive = irc-announce {};
};
};
make-restricted-repo = name: { collaborators ? [], ... }: {
inherit collaborators name;
make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: {
inherit collaborators hooks name;
public = false;
};

8
tv/dummy_secrets/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, ... }:
{
users.users.root = {
openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
];
};
}

1
tv/dummy_secrets/repos.nix Normal file
View file

@ -0,0 +1 @@
_: {}

3
tv/dummy_secrets/ssh.id_ed25519 Normal file
View file

@ -0,0 +1,3 @@
-----BEGIN OPENSSH PRIVATE KEY-----
dummy
-----END OPENSSH PRIVATE KEY-----

3
tv/dummy_secrets/ssh.id_rsa Normal file
View file

@ -0,0 +1,3 @@
-----BEGIN RSA PRIVATE KEY-----
dummy
-----END RSA PRIVATE KEY-----