summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/hidden-ssh.nix53
-rw-r--r--krebs/3modules/makefu/default.nix12
-rw-r--r--krebs/3modules/realwallpaper.nix8
-rw-r--r--krebs/3modules/shared/default.nix1
-rw-r--r--krebs/5pkgs/irc-announce/default.nix2
-rw-r--r--krebs/5pkgs/krebspaste/default.nix2
-rw-r--r--krebs/5pkgs/realwallpaper/default.nix8
-rw-r--r--krebs/5pkgs/tinc_graphs/default.nix6
9 files changed, 72 insertions, 21 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 605ed28b5..d539d4166 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -20,6 +20,7 @@ let
./github-hosts-sync.nix
./git.nix
./go.nix
+ ./hidden-ssh.nix
./htgen.nix
./iptables.nix
./kapacitor.nix
diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix
new file mode 100644
index 000000000..3930dbf42
--- /dev/null
+++ b/krebs/3modules/hidden-ssh.nix
@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ cfg = config.krebs.hidden-ssh;
+
+ out = {
+ options.krebs.hidden-ssh = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "hidden SSH announce";
+ };
+
+ imp = let
+ torDirectory = "/var/lib/tor"; # from tor.nix
+ hiddenServiceDir = torDirectory + "/ssh-announce-service";
+ in {
+ services.tor = {
+ enable = true;
+ extraConfig = ''
+ HiddenServiceDir ${hiddenServiceDir}
+ HiddenServicePort 22 127.0.0.1:22
+ '';
+ client.enable = true;
+ };
+ systemd.services.hidden-ssh-announce = {
+ description = "irc announce hidden ssh";
+ after = [ "tor.service" "network-online.target" ];
+ wants = [ "tor.service" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ # ${pkgs.tor}/bin/torify
+ ExecStart = pkgs.writeDash "irc-announce-ssh" ''
+ set -efu
+ until test -e ${hiddenServiceDir}/hostname; do
+ echo "still waiting for ${hiddenServiceDir}/hostname"
+ sleep 1
+ done
+ ${pkgs.irc-announce}/bin/irc-announce \
+ irc.freenode.org 6667 ${config.krebs.build.host.name}-ssh \
+ \#krebs-announce \
+ "SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)"
+ '';
+ PrivateTmp = "true";
+ User = "tor";
+ Type = "oneshot";
+ };
+ };
+ };
+in
+out
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 56df451b7..cef6a4fd6 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -33,7 +33,7 @@ with import <stockholm/lib>;
nets = {
retiolum = {
ip4.addr = "10.243.113.98";
- ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
+ # ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
aliases = [
"fileleech.r"
];
@@ -247,7 +247,6 @@ with import <stockholm/lib>;
"krebsco.de" = ''
euer IN MX 1 aspmx.l.google.com.
nixos.unstable IN CNAME krebscode.github.io.
- pigstarter IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr}
boot IN A ${nets.internet.ip4.addr}
'';
@@ -301,7 +300,7 @@ with import <stockholm/lib>;
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
aliases = [
"wry.r"
- "graphs.wry.r"
+ "graph.wry.r"
"paste.wry.r"
];
tinc.pubkey = ''
@@ -436,12 +435,13 @@ with import <stockholm/lib>;
mattermost.euer IN A ${nets.internet.ip4.addr}
git.euer IN A ${nets.internet.ip4.addr}
gum IN A ${nets.internet.ip4.addr}
+ pigstarter IN A ${nets.internet.ip4.addr}
cgit.euer IN A ${nets.internet.ip4.addr}
o.euer IN A ${nets.internet.ip4.addr}
dl.euer IN A ${nets.internet.ip4.addr}
euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
- graphs IN A ${nets.internet.ip4.addr}
+ graph IN A ${nets.internet.ip4.addr}
'';
};
nets = rec {
@@ -461,7 +461,7 @@ with import <stockholm/lib>;
"o.gum.r"
"tracker.makefu.r"
- "graphs.r"
+ "graph.r"
"wiki.makefu.r"
"wiki.gum.r"
"blog.makefu.r"
@@ -491,7 +491,7 @@ with import <stockholm/lib>;
ip4.prefix = "10.8.10.0/24";
aliases = [
"shoney.siem"
- "graphs.siem"
+ "graph.siem"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix
index f9eae8c92..044811c7d 100644
--- a/krebs/3modules/realwallpaper.nix
+++ b/krebs/3modules/realwallpaper.nix
@@ -32,9 +32,9 @@ let
default = "http://xplanetclouds.com/free/local/clouds_2048.jpg";
};
- outFile = mkOption {
+ marker = mkOption {
type = types.str;
- default = "/tmp/wallpaper.png";
+ default = "http://graph.r/marker.json";
};
timerConfig = mkOption {
@@ -43,7 +43,6 @@ let
OnCalendar = "*:0/15";
};
};
-
};
imp = {
@@ -63,6 +62,7 @@ let
imagemagick
curl
file
+ jq
];
environment = {
@@ -70,7 +70,7 @@ let
nightmap_url = cfg.nightmap;
daymap_url = cfg.daymap;
cloudmap_url = cfg.cloudmap;
- out_file = cfg.outFile;
+ marker_url = cfg.marker;
};
restartIfChanged = true;
diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix
index 5e4935e3a..17179a39f 100644
--- a/krebs/3modules/shared/default.nix
+++ b/krebs/3modules/shared/default.nix
@@ -47,6 +47,7 @@ in {
ip6.addr = "42:0:0:0:0:0:77:1";
aliases = [
"wolf.r"
+ "build.wolf.r"
"cgit.wolf.r"
];
tinc.pubkey = ''
diff --git a/krebs/5pkgs/irc-announce/default.nix b/krebs/5pkgs/irc-announce/default.nix
index e1f4919d5..6eb725b71 100644
--- a/krebs/5pkgs/irc-announce/default.nix
+++ b/krebs/5pkgs/irc-announce/default.nix
@@ -24,7 +24,7 @@ pkgs.writeDashBin "irc-announce" ''
# echo2 and cat2 are used output to both, stdout and stderr
# This is used to see what we send to the irc server. (debug output)
echo2() { echo "$*"; echo "$*" >&2; }
- cat2() { tee /dev/stderr; }
+ cat2() { awk '{print;print > "/dev/stderr"}'; }
# privmsg_cat transforms stdin to a privmsg
privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix
index 8c6676d0e..31ad12780 100644
--- a/krebs/5pkgs/krebspaste/default.nix
+++ b/krebs/5pkgs/krebspaste/default.nix
@@ -2,5 +2,5 @@
# TODO use `execve` instead?
writeDashBin "krebspaste" ''
- exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@"
+ exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" | sed '$ s/$/\/+inline/g'
''
diff --git a/krebs/5pkgs/realwallpaper/default.nix b/krebs/5pkgs/realwallpaper/default.nix
index 4fea977ec..dec2dada4 100644
--- a/krebs/5pkgs/realwallpaper/default.nix
+++ b/krebs/5pkgs/realwallpaper/default.nix
@@ -5,8 +5,8 @@ stdenv.mkDerivation {
src = fetchgit {
url = https://github.com/Lassulus/realwallpaper;
- rev = "c2778c3c235fc32edc8115d533a0d0853ab101c5";
- sha256 = "0yhbjz19zk8sj5dsvccm6skkqq2vardn1yi70qmd5li7qvp17mvs";
+ rev = "b8408cfb295b6ce5b965309b30358ca6c6409efd";
+ sha256 = "0yyl8hhqshw9bx04xs8glvir3c0qzvfrwzmbvyg318mnz5xalcl0";
};
phases = [
@@ -15,10 +15,6 @@ stdenv.mkDerivation {
];
buildInputs = [
- xplanet
- imagemagick
- curl
- file
];
installPhase = ''
diff --git a/krebs/5pkgs/tinc_graphs/default.nix b/krebs/5pkgs/tinc_graphs/default.nix
index e5f1e40e8..20bbc53ba 100644
--- a/krebs/5pkgs/tinc_graphs/default.nix
+++ b/krebs/5pkgs/tinc_graphs/default.nix
@@ -2,14 +2,14 @@
python3Packages.buildPythonPackage rec {
name = "tinc_graphs-${version}";
- version = "0.3.9";
+ version = "0.3.10";
propagatedBuildInputs = with pkgs;[
python3Packages.pygeoip
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
];
src = fetchurl {
- url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz";
- sha256 = "0hjmkiclvyjb3707285x4b8mk5aqjcvh383hvkad1h7p1n61qrfx";
+ url = "mirror://pypi/t/tinc_graphs/${name}.tar.gz";
+ sha256 = "0f4cvb9424fhfmc0hbzmynzh9528fyhx00ayq1nbpgd1p89yw7mc";
};
preFixup = with pkgs;''
wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"