summaryrefslogtreecommitdiffstats
path: root/krebs/5pkgs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/5pkgs')
-rw-r--r--krebs/5pkgs/default.nix14
-rw-r--r--krebs/5pkgs/dic.nix36
-rw-r--r--krebs/5pkgs/genid.nix22
-rw-r--r--krebs/5pkgs/github-hosts-sync.nix40
-rw-r--r--krebs/5pkgs/github-known_hosts.nix13
-rw-r--r--krebs/5pkgs/hashPassword.nix16
6 files changed, 141 insertions, 0 deletions
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
new file mode 100644
index 000000000..231fda797
--- /dev/null
+++ b/krebs/5pkgs/default.nix
@@ -0,0 +1,14 @@
+{ pkgs, ... }:
+
+let
+ inherit (pkgs) callPackage;
+in
+
+pkgs //
+{
+ dic = callPackage ./dic.nix {};
+ genid = callPackage ./genid.nix {};
+ github-hosts-sync = callPackage ./github-hosts-sync.nix {};
+ github-known_hosts = callPackage ./github-known_hosts.nix {};
+ hashPassword = callPackage ./hashPassword.nix {};
+}
diff --git a/krebs/5pkgs/dic.nix b/krebs/5pkgs/dic.nix
new file mode 100644
index 000000000..571773d22
--- /dev/null
+++ b/krebs/5pkgs/dic.nix
@@ -0,0 +1,36 @@
+{ stdenv, fetchgit, coreutils, curl, gnused, gnugrep, ... }:
+
+stdenv.mkDerivation {
+ name = "dic";
+
+ src = fetchgit {
+ url = https://github.com/krebscode/painload;
+ rev = "35ccac73d563ad30d2851b9aeed4cfef69ff74e3";
+ sha256 = "1y1fs2p3xj2yrqpw0h5kd0f3c5p1y70xk1hjnw99sr33r67s9c35";
+ };
+
+ phases = [
+ "unpackPhase"
+ "installPhase"
+ ];
+
+ installPhase =
+ let
+ path = stdenv.lib.makeSearchPath "bin" [
+ coreutils
+ curl
+ gnused
+ gnugrep
+ ];
+ in
+ ''
+ mkdir -p $out/bin
+
+ sed \
+ 's,^main() {$,&\n PATH=${path}; export PATH,' \
+ < ./util/bin/dic \
+ > $out/bin/dic
+
+ chmod +x $out/bin/dic
+ '';
+}
diff --git a/krebs/5pkgs/genid.nix b/krebs/5pkgs/genid.nix
new file mode 100644
index 000000000..c75bec317
--- /dev/null
+++ b/krebs/5pkgs/genid.nix
@@ -0,0 +1,22 @@
+{ lib, pkgs, ... }:
+
+pkgs.writeScriptBin "genid" ''
+ #! /bin/sh
+ # usage: genid NAME
+ set -euf
+
+ export PATH=${lib.makeSearchPath "bin" (with pkgs; [
+ bc
+ coreutils
+ ])}
+
+ name=$1
+ hash=$(printf %s "$name" | sha1sum | cut -d\ -f1 | tr a-f A-F)
+ echo "
+ min=2^24 # bigger than nobody and nogroup, see <nixos/modules/misc/ids.nix>
+ # and some spare for stuff like lxd.
+ max=2^32 # see 2^(8*sizeof(uid_t))
+ ibase=16
+ ($hash + min) % max
+ " | bc
+''
diff --git a/krebs/5pkgs/github-hosts-sync.nix b/krebs/5pkgs/github-hosts-sync.nix
new file mode 100644
index 000000000..d69b2b12b
--- /dev/null
+++ b/krebs/5pkgs/github-hosts-sync.nix
@@ -0,0 +1,40 @@
+{ stdenv, fetchgit, pkgs, ... }:
+
+stdenv.mkDerivation {
+ name = "github-hosts-sync";
+
+ src = fetchgit {
+ url = https://github.com/krebscode/painload;
+ rev = "35ccac73d563ad30d2851b9aeed4cfef69ff74e3";
+ sha256 = "1y1fs2p3xj2yrqpw0h5kd0f3c5p1y70xk1hjnw99sr33r67s9c35";
+ };
+
+ phases = [
+ "unpackPhase"
+ "installPhase"
+ ];
+
+ installPhase =
+ let
+ ca-bundle = "${pkgs.cacert}/etc/ca-bundle.crt";
+ path = stdenv.lib.makeSearchPath "bin" (with pkgs; [
+ coreutils
+ findutils
+ git
+ gnugrep
+ gnused
+ openssh
+ socat
+ ]);
+ in
+ ''
+ mkdir -p $out/bin
+
+ sed \
+ 's,^main() {$,&\n export PATH=${path} GIT_SSL_CAINFO=${ca-bundle},' \
+ < ./retiolum/scripts/github_hosts_sync/hosts-sync \
+ > $out/bin/github-hosts-sync
+
+ chmod +x $out/bin/github-hosts-sync
+ '';
+}
diff --git a/krebs/5pkgs/github-known_hosts.nix b/krebs/5pkgs/github-known_hosts.nix
new file mode 100644
index 000000000..302fdd8d5
--- /dev/null
+++ b/krebs/5pkgs/github-known_hosts.nix
@@ -0,0 +1,13 @@
+{ lib, ... }:
+
+with builtins;
+with lib;
+
+let
+ github-pubkey = removeSuffix "\n" (readFile ../../Zpubkeys/github.ssh.pub);
+in
+
+toFile "github-known_hosts"
+ (concatMapStrings
+ (i: "github.com,192.30.252.${toString i} ${github-pubkey}\n")
+ (range 0 255))
diff --git a/krebs/5pkgs/hashPassword.nix b/krebs/5pkgs/hashPassword.nix
new file mode 100644
index 000000000..a10340cc4
--- /dev/null
+++ b/krebs/5pkgs/hashPassword.nix
@@ -0,0 +1,16 @@
+{ lib, pkgs, ... }:
+
+pkgs.writeScriptBin "hashPassword" ''
+ #! /bin/sh
+ # usage: hashPassword
+ set -euf
+
+ export PATH=${lib.makeSearchPath "bin" (with pkgs; [
+ coreutils
+ mkpasswd
+ openssl
+ ])}
+
+ salt=$(openssl rand -base64 16 | tr -d '+=' | head -c 16)
+ exec mkpasswd -m sha-512 -S "$salt"
+''