summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.github/workflows/repo-sync.yml1
-rw-r--r--krebs/3modules/external/mic92.nix29
-rw-r--r--krebs/3modules/lass/default.nix3
-rw-r--r--krebs/5pkgs/override/default.nix3
-rw-r--r--krebs/5pkgs/simple/cyberlocker-tools/default.nix19
-rw-r--r--krebs/5pkgs/simple/htgen-cyberlocker/default.nix29
-rw-r--r--krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker79
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
-rw-r--r--lass/1systems/prism/config.nix57
-rw-r--r--lass/1systems/yellow/config.nix2
-rw-r--r--lass/2configs/paste.nix42
12 files changed, 269 insertions, 11 deletions
diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml
index 4284463f9..b4c91299f 100644
--- a/.github/workflows/repo-sync.yml
+++ b/.github/workflows/repo-sync.yml
@@ -5,6 +5,7 @@ on:
jobs:
repo-sync:
+ if: github.repository_owner == 'Mic92'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index bbefb8ed8..3ef693290 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -334,6 +334,26 @@ in {
'';
};
};
+ yasmin = {
+ owner = config.krebs.users.mic92;
+ nets.retiolum = {
+ ip4.addr = "10.243.29.197";
+ aliases = [
+ "yasmin.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAnQ6HGgUPVQbDIsLZAawZu4vK9yHF02aDrIWU9SdzpAddhM8yqWeC
+ f55W6zyjZuoQ2w4UNthDl6gjQM6A9B+nEMRNz3Rnhp57Lyi0a6HZHF2Eok9vJBiu
+ IRbVUxPpPKOGE09w0m5cLOfDfaZVdAT+80lQYoaasDr2VlRJNa2/arzaq847/SVg
+ vaf4gOmE+iIK+4ZDHqLcTn1WD6jy+aMChZU/zI31vZ8vM4oPuGh1xbcB3wKP3Vf3
+ OTqpGN86CdrdBahJkzNJzIXYsPsRaZ2+8dWTH9gJjI0z+yywQQCrrh9K/oJtDUHF
+ BwmNc150BoSLqwduSWLtBonCa9p2/y/TDQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ Ed25519PublicKey = ZQt/OcrDlQZvtJyMEFcS6FKjtumBA9gBWr7VqGdbJBP
+ '';
+ };
+ };
martha = {
owner = config.krebs.users.mic92;
nets = rec {
@@ -389,6 +409,7 @@ in {
nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR
/vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
-----END RSA PUBLIC KEY-----
+ Ed25519PublicKey = 1wPa2cmQ4FUFw9289d0KdG1DcDuMNIYMWzIUnVVHu2P
'';
};
};
@@ -426,11 +447,12 @@ in {
owner = config.krebs.users.mic92;
nets = rec {
internet = {
- ip4.addr = "131.159.38.191";
- ip6.addr = "2a09:80c0:38::191";
+ ip4.addr = "131.159.102.1";
+ ip6.addr = "2a09:80c0:102::1";
aliases = [ "bill.i" ];
};
retiolum = {
+ via = internet;
addrs = [
config.krebs.hosts.bill.nets.retiolum.ip4.addr
config.krebs.hosts.bill.nets.retiolum.ip6.addr
@@ -465,6 +487,7 @@ in {
aliases = [ "nardole.i" ];
};
retiolum = {
+ via = internet;
addrs = [
config.krebs.hosts.nardole.nets.retiolum.ip4.addr
config.krebs.hosts.nardole.nets.retiolum.ip6.addr
@@ -618,6 +641,7 @@ in {
FK5qRrQFMRFB8KGV+n3+cx3XCM2q0ZPTNf06N+Usx6vTKLASa/4GaTcbBx+9Dndm
mFVWq9JjLa8e65tojzj8PhmgxqaNCf8aKwIDAQAB
-----END RSA PUBLIC KEY-----
+ Ed25519PublicKey = oRGc9V9G9GFsY1bZIaJamoDEAZU2kphlpxXOMBxI2GN
'';
};
};
@@ -640,6 +664,7 @@ in {
jb+EGlT/vq3+oGNFJ7Shy/VsR5GLDoZ5KCsT45DM87lOjGB7m+bOdizZQtWmJtC/
/btEPWJPAD9lIY2iGtPrmeMWDNTW9c0iCwIDAQAB
-----END RSA PUBLIC KEY-----
+ Ed25519PublicKey = dzjT09UeUGJCbUFrBo+FtbnXrsxFQnmqmJw7tjpJQJL
'';
};
};
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index cb68cff18..b19e2e6fc 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -21,6 +21,7 @@ in {
"krebsco.de" = ''
cache IN A ${nets.internet.ip4.addr}
p IN A ${nets.internet.ip4.addr}
+ c IN A ${nets.internet.ip4.addr}
paste IN A ${nets.internet.ip4.addr}
prism IN A ${nets.internet.ip4.addr}
'';
@@ -65,7 +66,9 @@ in {
"prism.r"
"cache.prism.r"
"cgit.prism.r"
+ "flix.r"
"paste.r"
+ "c.r"
"p.r"
"search.r"
];
diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix
index 4cb6a1cb4..c2149ae55 100644
--- a/krebs/5pkgs/override/default.nix
+++ b/krebs/5pkgs/override/default.nix
@@ -18,6 +18,9 @@ self: super: {
"0.9.0" = [
./flameshot/flameshot_imgur_0.9.0.patch
];
+ "0.10.1" = [
+ ./flameshot/flameshot_imgur_0.9.0.patch
+ ];
}.${old.version};
});
diff --git a/krebs/5pkgs/simple/cyberlocker-tools/default.nix b/krebs/5pkgs/simple/cyberlocker-tools/default.nix
new file mode 100644
index 000000000..80593bcae
--- /dev/null
+++ b/krebs/5pkgs/simple/cyberlocker-tools/default.nix
@@ -0,0 +1,19 @@
+{ pkgs }:
+pkgs.symlinkJoin {
+ name = "cyberlocker-tools";
+ paths = [
+ (pkgs.writers.writeDashBin "cput" ''
+ set -efu
+ path=''${1:-$(hostname)}
+
+ ${pkgs.curl}/bin/curl -Ss --data-binary @- "http://c.r/$path"
+ echo "http://c.r/$path"
+ '')
+ (pkgs.writers.writeDashBin "cdel" ''
+ set -efu
+ path=$1
+
+ ${pkgs.curl}/bin/curl -X DELETE "http://c.r/$path"
+ '')
+ ];
+}
diff --git a/krebs/5pkgs/simple/htgen-cyberlocker/default.nix b/krebs/5pkgs/simple/htgen-cyberlocker/default.nix
new file mode 100644
index 000000000..515ea3cf9
--- /dev/null
+++ b/krebs/5pkgs/simple/htgen-cyberlocker/default.nix
@@ -0,0 +1,29 @@
+with import <stockholm/lib>;
+{ pkgs, stdenv }:
+stdenv.mkDerivation rec {
+ pname = "htgen-cyberlocker";
+ version = "1.0.0";
+
+ src = ./src;
+
+ buildPhase = ''
+ (
+ exec > htgen-cyberlocker
+ echo PATH=${makeBinPath [
+ pkgs.coreutils
+ pkgs.file
+ pkgs.findutils
+ pkgs.gnugrep
+ pkgs.jq
+ pkgs.nix
+ pkgs.utillinux
+ ]}
+ echo STATEDIR=${shell.escape "\${STATEDIR-$HOME}"}
+ cat $src/htgen-cyberlocker
+ )
+ '';
+
+ installPhase = ''
+ install -D htgen-cyberlocker $out/bin/htgen-cyberlocker
+ '';
+}
diff --git a/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker b/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker
new file mode 100644
index 000000000..6c3ed6552
--- /dev/null
+++ b/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker
@@ -0,0 +1,79 @@
+delete_response() {
+ jq -n -r \
+ --arg server "$Server" \
+ '
+ [ "HTTP/1.1 204 OK\r"
+ , "Connection: close\r"
+ , "Server: \($server)\r"
+ , "\r"
+ ][]
+ '
+}
+
+file_response() {(
+ type=$(file -ib "$1")
+ size=$(wc -c < "$1")
+ jq -n -r \
+ --arg type "$type" \
+ --arg size "$size" \
+ --arg server "$Server" \
+ '
+ [ "HTTP/1.1 200 OK\r"
+ , "Connection: close\r"
+ , "Content-Length: \($size)\r"
+ , "Content-Type: \($type)\r"
+ , "Server: \($server)\r"
+ , "\r"
+ ][]
+ '
+ cat "$1"
+)}
+
+read_uri() {
+ jq -cn --arg uri "$1" '
+ $uri |
+ capture("^((?<scheme>[^:]*):)?(//(?<authority>[^/]*))?(?<path>[^?#]*)([?](?<query>[^#]*))?([#](?<fragment>.*))?$") |
+ . + {
+ query: (.query | if . != null then
+ split("&") |
+ map(split("=") | {key:.[0],value:.[1]}) |
+ from_entries
+ else . end)
+ }
+ '
+}
+
+uri=$(read_uri "$Request_URI")
+path=$(jq -nr --argjson uri "$uri" '$uri.path')
+
+case "$Method $path" in
+ 'POST /'*|'PUT /'*)
+ content=$(mktemp -t htgen.$$.content.XXXXXXXX)
+ trap "rm $content >&2" EXIT
+
+ head -c $req_content_length > $content
+
+ item=$STATEDIR/items/$(echo "$path" | jq -rR @uri)
+
+ mkdir -v -p $STATEDIR/items >&2
+ cp -v $content $item >&2
+
+ scheme=${req_x_forwarded_proto-http}
+ link=$scheme://$req_host/$path
+
+ ;;
+ 'GET /'*)
+ item=$STATEDIR/items/$(echo "$path" | jq -rR @uri)
+ if [ -e "$item" ]; then
+ file_response "$item"
+ exit
+ fi
+ ;;
+ 'DELETE /'*)
+ item=$STATEDIR/items/$(echo "$path" | jq -rR @uri)
+ if [ -e "$item" ]; then
+ rm "$item"
+ delete_response
+ exit
+ fi
+esac
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 967f0b426..d0d3cd82d 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "dd14e5d78e90a2ccd6007e569820de9b4861a6c2",
- "date": "2021-07-24T08:14:16-04:00",
- "path": "/nix/store/0z5nrrjzmjcicjhhdrqb9vgm56zxysk3-nixpkgs",
- "sha256": "1zmhwx1qqgl1wrrb9mjkck508887rldrnragvximhd7jrh1ya3fb",
+ "rev": "8d8a28b47b7c41aeb4ad01a2bd8b7d26986c3512",
+ "date": "2021-08-29T22:49:37+08:00",
+ "path": "/nix/store/vg29bg0awqam80djwz68ym0awvasrw6i-nixpkgs",
+ "sha256": "1s29nc3ppsjdq8kgbh8pc26xislkv01yph58xv2vjklkvsmz5pzm",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 5086b8af3..92ce9aa90 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "91903ceb294dbe63a696759bfba3d23ee667f2dc",
- "date": "2021-07-26T09:21:28+02:00",
- "path": "/nix/store/2v649741xdh1crybi2dm879bl60zrkhf-nixpkgs",
- "sha256": "1hmpwi27r4q0lnspg7ylfzxakwz2fhl3r07vjvq5yalcdqwiain3",
+ "rev": "74d017edb6717ad76d38edc02ad3210d4ad66b96",
+ "date": "2021-08-27T16:58:49+02:00",
+ "path": "/nix/store/82jg1p0rlf7mkryjpdn0z6b95q4i9lnq-nixpkgs",
+ "sha256": "0wvz41izp4djzzr0a6x54hcm3xjr51nlj8vqghfgyrjpk8plyk4s",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 89a386139..421afab2a 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -305,6 +305,12 @@ with import <stockholm/lib>;
localAddress = "10.233.2.14";
};
+ services.nginx.virtualHosts."flix.r" = {
+ locations."/".extraConfig = ''
+ proxy_pass http://10.233.2.14:80/;
+ proxy_set_header Accept-Encoding "";
+ '';
+ };
services.nginx.virtualHosts."lassul.us" = {
locations."^~ /flix/".extraConfig = ''
if ($scheme != "https") {
@@ -379,7 +385,58 @@ with import <stockholm/lib>;
mountdPort = 4002;
statdPort = 4000;
};
+
+ services.samba = {
+ enable = true;
+ enableNmbd = false;
+ extraConfig = ''
+ workgroup = WORKGROUP
+ netbios name = PRISM
+ server string = ${config.networking.hostName}
+ # only allow retiolum addresses
+ hosts allow = 42::/16 10.243.0.0/16
+
+ # Use sendfile() for performance gain
+ use sendfile = true
+
+ # No NetBIOS is needed
+ disable netbios = true
+
+ # Only mangle non-valid NTFS names, don't care about DOS support
+ mangled names = illegal
+
+ # Performance optimizations
+ socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
+
+ # Disable all printing
+ load printers = false
+ disable spoolss = true
+ printcap name = /dev/null
+
+ map to guest = Bad User
+ max log size = 50
+ dns proxy = no
+ security = user
+
+ [global]
+ syslog only = yes
+ '';
+ shares.public = {
+ comment = "Warez";
+ path = "/export";
+ public = "yes";
+ "only guest" = "yes";
+ "create mask" = "0644";
+ "directory mask" = "2777";
+ writable = "no";
+ printable = "no";
+ };
+ };
+
krebs.iptables.tables.filter.INPUT.rules = [
+ # smbd
+ { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; }
+
{ predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 178a5adf1..dc3b4b566 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -164,7 +164,7 @@ with import <stockholm/lib>;
client
dev tun
proto udp
- remote 91.207.172.77 1194
+ remote 196.240.57.43 1194
resolv-retry infinite
remote-random
nobind
diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix
index 0cf62ec0b..68a55c71c 100644
--- a/lass/2configs/paste.nix
+++ b/lass/2configs/paste.nix
@@ -2,6 +2,18 @@
with import <stockholm/lib>;
{
+ services.nginx.virtualHosts.cyberlocker = {
+ serverAliases = [ "c.r" ];
+ locations."/".extraConfig = ''
+ client_max_body_size 4G;
+ proxy_set_header Host $host;
+ proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port};
+ '';
+ extraConfig = ''
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+ '';
+ };
services.nginx.virtualHosts.paste = {
serverAliases = [ "p.r" ];
locations."/".extraConfig = ''
@@ -19,6 +31,26 @@ with import <stockholm/lib>;
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
proxy_pass_header Server;
'';
+ extraConfig = ''
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+ '';
+ };
+ services.nginx.virtualHosts."c.krebsco.de" = {
+ enableACME = true;
+ addSSL = true;
+ serverAliases = [ "c.krebsco.de" ];
+ locations."/".extraConfig = ''
+ if ($request_method != GET) {
+ return 403;
+ }
+ proxy_set_header Host $host;
+ proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port};
+ '';
+ extraConfig = ''
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+ '';
};
services.nginx.virtualHosts."p.krebsco.de" = {
enableACME = true;
@@ -39,6 +71,10 @@ with import <stockholm/lib>;
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
proxy_pass_header Server;
'';
+ extraConfig = ''
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+ '';
};
krebs.htgen.paste = {
@@ -58,6 +94,12 @@ with import <stockholm/lib>;
(. ${pkgs.htgen-imgur}/bin/htgen-imgur)
'';
};
+ krebs.htgen.cyberlocker = {
+ port = 7772;
+ script = /* sh */ ''
+ (. ${pkgs.htgen-cyberlocker}/bin/htgen-cyberlocker)
+ '';
+ };
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";}
];