From 36603ca13794ecb9ce05b78c2df69831f7bd36a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 25 Jun 2021 09:37:20 +0200 Subject: mic92: add matchbox ed25519 key --- krebs/3modules/external/mic92.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index bbefb8ed8..4bde2ac2b 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -389,6 +389,7 @@ in { nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = 1wPa2cmQ4FUFw9289d0KdG1DcDuMNIYMWzIUnVVHu2P ''; }; }; -- cgit v1.2.3 From 5f38a5d722caa7f9f42332e5d6ff4af6c997aaae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 12 Jul 2021 13:50:29 +0200 Subject: mic92: add redha ed25519 keys --- krebs/3modules/external/mic92.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 4bde2ac2b..2fcf9180d 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -619,6 +619,7 @@ in { FK5qRrQFMRFB8KGV+n3+cx3XCM2q0ZPTNf06N+Usx6vTKLASa/4GaTcbBx+9Dndm mFVWq9JjLa8e65tojzj8PhmgxqaNCf8aKwIDAQAB -----END RSA PUBLIC KEY----- + Ed25519PublicKey = oRGc9V9G9GFsY1bZIaJamoDEAZU2kphlpxXOMBxI2GN ''; }; }; -- cgit v1.2.3 From 1d29774766b46fb37350c44da5d98c49c39b66b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 12 Jul 2021 14:26:06 +0200 Subject: mic92: update bills ip address --- krebs/3modules/external/mic92.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 2fcf9180d..d5eb47630 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -427,8 +427,8 @@ in { owner = config.krebs.users.mic92; nets = rec { internet = { - ip4.addr = "131.159.38.191"; - ip6.addr = "2a09:80c0:38::191"; + ip4.addr = "131.159.102.1"; + ip6.addr = "2a09:80c0:102::1"; aliases = [ "bill.i" ]; }; retiolum = { -- cgit v1.2.3 From d1059dccf55b7aaf5c7d7cf15d71c513080c5711 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 12 Jul 2021 14:34:02 +0200 Subject: mic92: connect to tinc via internet for bill/nardole --- krebs/3modules/external/mic92.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index d5eb47630..ea8623702 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -432,6 +432,7 @@ in { aliases = [ "bill.i" ]; }; retiolum = { + via = internet; addrs = [ config.krebs.hosts.bill.nets.retiolum.ip4.addr config.krebs.hosts.bill.nets.retiolum.ip6.addr @@ -466,6 +467,7 @@ in { aliases = [ "nardole.i" ]; }; retiolum = { + via = internet; addrs = [ config.krebs.hosts.nardole.nets.retiolum.ip4.addr config.krebs.hosts.nardole.nets.retiolum.ip6.addr -- cgit v1.2.3 From 6763b4475fb6c1f49f2cc49218d8a3b03afc19b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 13 Jul 2021 16:09:48 +0200 Subject: mic92: add ed25519 for grandalf --- krebs/3modules/external/mic92.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index ea8623702..7bd5a2290 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -644,6 +644,7 @@ in { jb+EGlT/vq3+oGNFJ7Shy/VsR5GLDoZ5KCsT45DM87lOjGB7m+bOdizZQtWmJtC/ /btEPWJPAD9lIY2iGtPrmeMWDNTW9c0iCwIDAQAB -----END RSA PUBLIC KEY----- + Ed25519PublicKey = dzjT09UeUGJCbUFrBo+FtbnXrsxFQnmqmJw7tjpJQJL ''; }; }; -- cgit v1.2.3 From 483c3d608d61a8bf0c3463071675075f051830b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 21 Jul 2021 08:03:35 +0200 Subject: mic92: add paulheidekrueger --- krebs/3modules/external/mic92.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 7bd5a2290..e3d0a9a79 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -334,6 +334,25 @@ in { ''; }; }; + paulheidekrueger = { + owner = config.krebs.users.mic92; + nets.retiolum = { + ip4.addr = "10.243.29.197"; + aliases = [ + "paulheidekrueger.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA45fCjKIgzLBbiHxHNH8ar4ERlF+oS4rKtsei7+fqUVj2zVbFB5Dd + OPm3kn3ZYi2WlhQBSPCphThEAGP6MrLuY2liiPyECfYNrr0+iDXaBl3Eq+fEu0Rm + 6rXa+paL49L86Lbe+ituS+9Q77rHcxixEir/2NBv4qENlgHJos9gZFn3kS8fLzly + kVkK8VRKvWgkW7sAfEKa2uQSXh+Ea08JCrTeGC0H19rYVIFZIIRSR7uXZygDHvOO + 5Gbnqp9Ya2yP6I00VTDVmJRJuzQjUciufa5XC5b7J1JP7Wo23sa0wV5eYZ0ZPFF4 + qJXjhuLtfSvaPrQTsIwrt7Z1s3tlXDlh8QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; martha = { owner = config.krebs.users.mic92; nets = rec { -- cgit v1.2.3 From 98437c4641ec1c18f7e98f431f781065291b6875 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 29 Jul 2021 14:37:31 +0200 Subject: mic92: remove paulheidekrueger; add yasmin --- krebs/3modules/external/mic92.nix | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index e3d0a9a79..3ef693290 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -334,22 +334,23 @@ in { ''; }; }; - paulheidekrueger = { + yasmin = { owner = config.krebs.users.mic92; nets.retiolum = { ip4.addr = "10.243.29.197"; aliases = [ - "paulheidekrueger.r" + "yasmin.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA45fCjKIgzLBbiHxHNH8ar4ERlF+oS4rKtsei7+fqUVj2zVbFB5Dd - OPm3kn3ZYi2WlhQBSPCphThEAGP6MrLuY2liiPyECfYNrr0+iDXaBl3Eq+fEu0Rm - 6rXa+paL49L86Lbe+ituS+9Q77rHcxixEir/2NBv4qENlgHJos9gZFn3kS8fLzly - kVkK8VRKvWgkW7sAfEKa2uQSXh+Ea08JCrTeGC0H19rYVIFZIIRSR7uXZygDHvOO - 5Gbnqp9Ya2yP6I00VTDVmJRJuzQjUciufa5XC5b7J1JP7Wo23sa0wV5eYZ0ZPFF4 - qJXjhuLtfSvaPrQTsIwrt7Z1s3tlXDlh8QIDAQAB + MIIBCgKCAQEAnQ6HGgUPVQbDIsLZAawZu4vK9yHF02aDrIWU9SdzpAddhM8yqWeC + f55W6zyjZuoQ2w4UNthDl6gjQM6A9B+nEMRNz3Rnhp57Lyi0a6HZHF2Eok9vJBiu + IRbVUxPpPKOGE09w0m5cLOfDfaZVdAT+80lQYoaasDr2VlRJNa2/arzaq847/SVg + vaf4gOmE+iIK+4ZDHqLcTn1WD6jy+aMChZU/zI31vZ8vM4oPuGh1xbcB3wKP3Vf3 + OTqpGN86CdrdBahJkzNJzIXYsPsRaZ2+8dWTH9gJjI0z+yywQQCrrh9K/oJtDUHF + BwmNc150BoSLqwduSWLtBonCa9p2/y/TDQIDAQAB -----END RSA PUBLIC KEY----- + Ed25519PublicKey = ZQt/OcrDlQZvtJyMEFcS6FKjtumBA9gBWr7VqGdbJBP ''; }; }; -- cgit v1.2.3 From 6184459a264bde37f85cc0cb236d57625023d7ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 5 Aug 2021 21:25:09 +0200 Subject: execute repo sync only for Mic92 --- .github/workflows/repo-sync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml index 4284463f9..b4c91299f 100644 --- a/.github/workflows/repo-sync.yml +++ b/.github/workflows/repo-sync.yml @@ -5,6 +5,7 @@ on: jobs: repo-sync: + if: github.repository_owner == 'Mic92' runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 -- cgit v1.2.3 From 7f3543a085b9561f490e93f48377a3d03408dacc Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Aug 2021 17:25:49 +0200 Subject: nixpkgs: 91903ce -> b09c989 --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 5086b8af3..07db3783f 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "91903ceb294dbe63a696759bfba3d23ee667f2dc", - "date": "2021-07-26T09:21:28+02:00", - "path": "/nix/store/2v649741xdh1crybi2dm879bl60zrkhf-nixpkgs", - "sha256": "1hmpwi27r4q0lnspg7ylfzxakwz2fhl3r07vjvq5yalcdqwiain3", + "rev": "b09c989b82f7a4f7319802a1dcf8bfe859d65362", + "date": "2021-08-09T08:34:54-07:00", + "path": "/nix/store/34dgmv9dz24n7cq836ciwibaqcdh69x4-nixpkgs", + "sha256": "0n68m06fsfgy3w6z844q5lxqdcmjlj9gx6p3zndwm6aijky0gjd8", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From 80d124caa61e258adece48568ab04a6980df4684 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Aug 2021 17:26:09 +0200 Subject: nixpkgs-unstable: dd14e5d -> 6ef4f52 --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 967f0b426..17b0619ed 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "dd14e5d78e90a2ccd6007e569820de9b4861a6c2", - "date": "2021-07-24T08:14:16-04:00", - "path": "/nix/store/0z5nrrjzmjcicjhhdrqb9vgm56zxysk3-nixpkgs", - "sha256": "1zmhwx1qqgl1wrrb9mjkck508887rldrnragvximhd7jrh1ya3fb", + "rev": "6ef4f522d63f22b40004319778761040d3197390", + "date": "2021-08-08T17:34:03-06:00", + "path": "/nix/store/81sh4z8lwwz5z5dw3wpp715x23jis8db-nixpkgs", + "sha256": "0cz02l0mdjr5vnv0kfkiabdjc3mv26lva414ksaf3xpan3sp08s1", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From 00fa5aa042e254914371398b2ce30eabca1194eb Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 10 Aug 2021 19:57:00 +0200 Subject: flameshot: add imgur patch 0.10.1 Also 21.05 --- krebs/5pkgs/override/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix index 4cb6a1cb4..c2149ae55 100644 --- a/krebs/5pkgs/override/default.nix +++ b/krebs/5pkgs/override/default.nix @@ -18,6 +18,9 @@ self: super: { "0.9.0" = [ ./flameshot/flameshot_imgur_0.9.0.patch ]; + "0.10.1" = [ + ./flameshot/flameshot_imgur_0.9.0.patch + ]; }.${old.version}; }); -- cgit v1.2.3 From 1320d41152289b2a8dc1e931604844116b7cc503 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 15 Aug 2021 17:54:47 +0200 Subject: l yellow.r: rotate ovpn --- lass/1systems/yellow/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 178a5adf1..dc3b4b566 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -164,7 +164,7 @@ with import ; client dev tun proto udp - remote 91.207.172.77 1194 + remote 196.240.57.43 1194 resolv-retry infinite remote-random nobind -- cgit v1.2.3 From 0d84e80619bee56591ac96ca1891169d4cbcd8a1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 15 Aug 2021 18:49:23 +0200 Subject: l: add flix.r alias --- krebs/3modules/lass/default.nix | 1 + lass/1systems/prism/config.nix | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index cb68cff18..9491f6a3f 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -65,6 +65,7 @@ in { "prism.r" "cache.prism.r" "cgit.prism.r" + "flix.r" "paste.r" "p.r" "search.r" diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 89a386139..bc3807545 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -305,6 +305,12 @@ with import ; localAddress = "10.233.2.14"; }; + services.nginx.virtualHosts."flix.r" = { + locations."/".extraConfig = '' + proxy_pass http://10.233.2.14:80/; + proxy_set_header Accept-Encoding ""; + ''; + }; services.nginx.virtualHosts."lassul.us" = { locations."^~ /flix/".extraConfig = '' if ($scheme != "https") { -- cgit v1.2.3 From 8f6dec66dcc7a9b7e88c8604653a61783d91d632 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 19 Aug 2021 22:49:09 +0200 Subject: mic92: add samba to prism --- lass/1systems/prism/config.nix | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index bc3807545..1ef4637e3 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -385,7 +385,44 @@ with import ; mountdPort = 4002; statdPort = 4000; }; + + services.samba = { + enable = true; + extraConfig = '' + workgroup = WORKGROUP + netbios name = PRISM + server string = PRISM + hosts allow = 42::/16 + map to guest = Bad User + max log size = 50 + dns proxy = no + security = user + + [global] + syslog only = yes + ''; + shares.public = { + comment = "Warez"; + path = "/export"; + public = "yes"; + "only guest" = "yes"; + "create mask" = "0644"; + "directory mask" = "2777"; + writable = "no"; + printable = "no"; + }; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + # netbios + { predicate = "-i retiolum -p tcp --dport 139"; target = "ACCEPT"; } + # smbd + { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } + # netbios-ns + { predicate = "-i retiolum -p udp --dport 137"; target = "ACCEPT"; } + # nmbd + { predicate = "-i retiolum -p udp --dport 138"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } -- cgit v1.2.3 From f01a67acc19215f6f779ce9a78b86912f7f07f76 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 25 Aug 2021 12:04:38 +0200 Subject: htgen-cyberlocker: init at 1.0.0 --- krebs/5pkgs/simple/htgen-cyberlocker/default.nix | 29 ++++++++ .../simple/htgen-cyberlocker/src/htgen-cyberlocker | 79 ++++++++++++++++++++++ 2 files changed, 108 insertions(+) create mode 100644 krebs/5pkgs/simple/htgen-cyberlocker/default.nix create mode 100644 krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker diff --git a/krebs/5pkgs/simple/htgen-cyberlocker/default.nix b/krebs/5pkgs/simple/htgen-cyberlocker/default.nix new file mode 100644 index 000000000..515ea3cf9 --- /dev/null +++ b/krebs/5pkgs/simple/htgen-cyberlocker/default.nix @@ -0,0 +1,29 @@ +with import ; +{ pkgs, stdenv }: +stdenv.mkDerivation rec { + pname = "htgen-cyberlocker"; + version = "1.0.0"; + + src = ./src; + + buildPhase = '' + ( + exec > htgen-cyberlocker + echo PATH=${makeBinPath [ + pkgs.coreutils + pkgs.file + pkgs.findutils + pkgs.gnugrep + pkgs.jq + pkgs.nix + pkgs.utillinux + ]} + echo STATEDIR=${shell.escape "\${STATEDIR-$HOME}"} + cat $src/htgen-cyberlocker + ) + ''; + + installPhase = '' + install -D htgen-cyberlocker $out/bin/htgen-cyberlocker + ''; +} diff --git a/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker b/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker new file mode 100644 index 000000000..6c3ed6552 --- /dev/null +++ b/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker @@ -0,0 +1,79 @@ +delete_response() { + jq -n -r \ + --arg server "$Server" \ + ' + [ "HTTP/1.1 204 OK\r" + , "Connection: close\r" + , "Server: \($server)\r" + , "\r" + ][] + ' +} + +file_response() {( + type=$(file -ib "$1") + size=$(wc -c < "$1") + jq -n -r \ + --arg type "$type" \ + --arg size "$size" \ + --arg server "$Server" \ + ' + [ "HTTP/1.1 200 OK\r" + , "Connection: close\r" + , "Content-Length: \($size)\r" + , "Content-Type: \($type)\r" + , "Server: \($server)\r" + , "\r" + ][] + ' + cat "$1" +)} + +read_uri() { + jq -cn --arg uri "$1" ' + $uri | + capture("^((?[^:]*):)?(//(?[^/]*))?(?[^?#]*)([?](?[^#]*))?([#](?.*))?$") | + . + { + query: (.query | if . != null then + split("&") | + map(split("=") | {key:.[0],value:.[1]}) | + from_entries + else . end) + } + ' +} + +uri=$(read_uri "$Request_URI") +path=$(jq -nr --argjson uri "$uri" '$uri.path') + +case "$Method $path" in + 'POST /'*|'PUT /'*) + content=$(mktemp -t htgen.$$.content.XXXXXXXX) + trap "rm $content >&2" EXIT + + head -c $req_content_length > $content + + item=$STATEDIR/items/$(echo "$path" | jq -rR @uri) + + mkdir -v -p $STATEDIR/items >&2 + cp -v $content $item >&2 + + scheme=${req_x_forwarded_proto-http} + link=$scheme://$req_host/$path + + ;; + 'GET /'*) + item=$STATEDIR/items/$(echo "$path" | jq -rR @uri) + if [ -e "$item" ]; then + file_response "$item" + exit + fi + ;; + 'DELETE /'*) + item=$STATEDIR/items/$(echo "$path" | jq -rR @uri) + if [ -e "$item" ]; then + rm "$item" + delete_response + exit + fi +esac -- cgit v1.2.3 From bb846b5ca921aa07ab85ef0a6258be96d475c78b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 25 Aug 2021 12:05:18 +0200 Subject: l prism.r: add c.r cyberlocker --- krebs/3modules/lass/default.nix | 1 + lass/2configs/paste.nix | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 9491f6a3f..05be3ca3e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -67,6 +67,7 @@ in { "cgit.prism.r" "flix.r" "paste.r" + "c.r" "p.r" "search.r" ]; diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index 0cf62ec0b..f0847f02a 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -2,6 +2,18 @@ with import ; { + services.nginx.virtualHosts.cyberlocker = { + serverAliases = [ "c.r" ]; + locations."/".extraConfig = '' + client_max_body_size 4G; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port}; + ''; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + ''; + }; services.nginx.virtualHosts.paste = { serverAliases = [ "p.r" ]; locations."/".extraConfig = '' @@ -58,6 +70,12 @@ with import ; (. ${pkgs.htgen-imgur}/bin/htgen-imgur) ''; }; + krebs.htgen.cyberlocker = { + port = 7772; + script = /* sh */ '' + (. ${pkgs.htgen-cyberlocker}/bin/htgen-cyberlocker) + ''; + }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";} ]; -- cgit v1.2.3 From 33714185ea1331c2fb82a831eaa9900076028c2a Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 25 Aug 2021 12:05:35 +0200 Subject: l paste: allow CORS --- lass/2configs/paste.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index f0847f02a..98ba7c731 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -31,6 +31,10 @@ with import ; proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port}; proxy_pass_header Server; ''; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + ''; }; services.nginx.virtualHosts."p.krebsco.de" = { enableACME = true; @@ -51,6 +55,10 @@ with import ; proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port}; proxy_pass_header Server; ''; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + ''; }; krebs.htgen.paste = { -- cgit v1.2.3 From 6db453c84d00b515abb36a784b0ba1f1e75011e0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 26 Aug 2021 09:58:42 +0200 Subject: l paste: add c.krebsco.de --- krebs/3modules/lass/default.nix | 1 + lass/2configs/paste.nix | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 05be3ca3e..b19e2e6fc 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -21,6 +21,7 @@ in { "krebsco.de" = '' cache IN A ${nets.internet.ip4.addr} p IN A ${nets.internet.ip4.addr} + c IN A ${nets.internet.ip4.addr} paste IN A ${nets.internet.ip4.addr} prism IN A ${nets.internet.ip4.addr} ''; diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index 98ba7c731..68a55c71c 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -36,6 +36,22 @@ with import ; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; ''; }; + services.nginx.virtualHosts."c.krebsco.de" = { + enableACME = true; + addSSL = true; + serverAliases = [ "c.krebsco.de" ]; + locations."/".extraConfig = '' + if ($request_method != GET) { + return 403; + } + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port}; + ''; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + ''; + }; services.nginx.virtualHosts."p.krebsco.de" = { enableACME = true; addSSL = true; -- cgit v1.2.3 From d2026d3f433c409c8a479f31848cc6c51c8d54c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 26 Aug 2021 20:13:36 +0200 Subject: mic92: allow ipv4 on prism/samba --- lass/1systems/prism/config.nix | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 1ef4637e3..cbaf127c8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -391,8 +391,9 @@ with import ; extraConfig = '' workgroup = WORKGROUP netbios name = PRISM - server string = PRISM - hosts allow = 42::/16 + server string = prism + hosts allow = 42::/16 10.243.0.0/16 + interfaces = tinc.retiolum map to guest = Bad User max log size = 50 dns proxy = no @@ -414,14 +415,8 @@ with import ; }; krebs.iptables.tables.filter.INPUT.rules = [ - # netbios - { predicate = "-i retiolum -p tcp --dport 139"; target = "ACCEPT"; } # smbd { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } - # netbios-ns - { predicate = "-i retiolum -p udp --dport 137"; target = "ACCEPT"; } - # nmbd - { predicate = "-i retiolum -p udp --dport 138"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } -- cgit v1.2.3 From 9e9d5d26d9e8ebe2b7c6308184c25c9de133714e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 26 Aug 2021 21:21:48 +0200 Subject: mic92: samba perf options --- lass/1systems/prism/config.nix | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index cbaf127c8..e3dba69e4 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -388,12 +388,37 @@ with import ; services.samba = { enable = true; + enableNmbd = false; extraConfig = '' workgroup = WORKGROUP netbios name = PRISM - server string = prism + server string = ${config.networking.hostName} + # only allow retiolum addresses hosts allow = 42::/16 10.243.0.0/16 + # Don't bind to the legacy 143 port + smb ports = 445 + # Bind only to allowed interfaces + bind interfaces only = true + # only bind to retiolum network interfaces = tinc.retiolum + + # Use sendfile() for performance gain + use sendfile = true + + # No NetBIOS is needed + disable netbios = true + + # Only mangle non-valid NTFS names, don't care about DOS support + mangled names = illegal + + # Performance optimizations + socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 + + # Disable all printing + load printers = false + disable spoolss = true + printcap name = /dev/null + map to guest = Bad User max log size = 50 dns proxy = no @@ -401,7 +426,7 @@ with import ; [global] syslog only = yes - ''; + ''; shares.public = { comment = "Warez"; path = "/export"; -- cgit v1.2.3 From 1c0af4687cc3499b7cb8ce0799a662e1ce00ae22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 26 Aug 2021 21:38:53 +0200 Subject: mic92: remove breaking samba optoins --- lass/1systems/prism/config.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e3dba69e4..421afab2a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -395,12 +395,6 @@ with import ; server string = ${config.networking.hostName} # only allow retiolum addresses hosts allow = 42::/16 10.243.0.0/16 - # Don't bind to the legacy 143 port - smb ports = 445 - # Bind only to allowed interfaces - bind interfaces only = true - # only bind to retiolum network - interfaces = tinc.retiolum # Use sendfile() for performance gain use sendfile = true -- cgit v1.2.3 From 3c35eca7e892a43c1d2874311c504afc3dc6146e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 Aug 2021 14:00:18 +0200 Subject: cyberlocker-tools: init --- krebs/5pkgs/simple/cyberlocker-tools/default.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 krebs/5pkgs/simple/cyberlocker-tools/default.nix diff --git a/krebs/5pkgs/simple/cyberlocker-tools/default.nix b/krebs/5pkgs/simple/cyberlocker-tools/default.nix new file mode 100644 index 000000000..420acb192 --- /dev/null +++ b/krebs/5pkgs/simple/cyberlocker-tools/default.nix @@ -0,0 +1,19 @@ +{ pkgs }: +pkgs.symlinkJoin { + name = "cyberlocker-tools"; + paths = [ + (pkgs.writers.writeDashBin "cput" '' + set -efu + path=$1 + + ${pkgs.curl}/bin/curl -Ss --data-binary @- "http://c.r/$path" + echo "http://c.r/$path" + '') + (pkgs.writers.writeDashBin "cdel" '' + set -efu + path=$1 + + ${pkgs.curl}/bin/curl -X DELETE "http://c.r/$path" + '') + ]; +} -- cgit v1.2.3 From 0276209ad400c448525a9475701b89fcf14b5c56 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 29 Aug 2021 14:15:47 +0200 Subject: cyberlocker-tools: make path optional for upload --- krebs/5pkgs/simple/cyberlocker-tools/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/cyberlocker-tools/default.nix b/krebs/5pkgs/simple/cyberlocker-tools/default.nix index 420acb192..80593bcae 100644 --- a/krebs/5pkgs/simple/cyberlocker-tools/default.nix +++ b/krebs/5pkgs/simple/cyberlocker-tools/default.nix @@ -4,7 +4,7 @@ pkgs.symlinkJoin { paths = [ (pkgs.writers.writeDashBin "cput" '' set -efu - path=$1 + path=''${1:-$(hostname)} ${pkgs.curl}/bin/curl -Ss --data-binary @- "http://c.r/$path" echo "http://c.r/$path" -- cgit v1.2.3 From b09c87fc7111a865a29be0e99e446902ff4dd372 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 31 Aug 2021 15:37:33 +0200 Subject: nixpkgs: b09c989 -> 74d017e --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 07db3783f..92ce9aa90 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "b09c989b82f7a4f7319802a1dcf8bfe859d65362", - "date": "2021-08-09T08:34:54-07:00", - "path": "/nix/store/34dgmv9dz24n7cq836ciwibaqcdh69x4-nixpkgs", - "sha256": "0n68m06fsfgy3w6z844q5lxqdcmjlj9gx6p3zndwm6aijky0gjd8", + "rev": "74d017edb6717ad76d38edc02ad3210d4ad66b96", + "date": "2021-08-27T16:58:49+02:00", + "path": "/nix/store/82jg1p0rlf7mkryjpdn0z6b95q4i9lnq-nixpkgs", + "sha256": "0wvz41izp4djzzr0a6x54hcm3xjr51nlj8vqghfgyrjpk8plyk4s", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From f1fd0f15cd506cd263e43d94c6bcf933b693d0a2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 31 Aug 2021 15:37:49 +0200 Subject: nixpkgs-unstable: 6ef4f52 -> 8d8a28b --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 17b0619ed..d0d3cd82d 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "6ef4f522d63f22b40004319778761040d3197390", - "date": "2021-08-08T17:34:03-06:00", - "path": "/nix/store/81sh4z8lwwz5z5dw3wpp715x23jis8db-nixpkgs", - "sha256": "0cz02l0mdjr5vnv0kfkiabdjc3mv26lva414ksaf3xpan3sp08s1", + "rev": "8d8a28b47b7c41aeb4ad01a2bd8b7d26986c3512", + "date": "2021-08-29T22:49:37+08:00", + "path": "/nix/store/vg29bg0awqam80djwz68ym0awvasrw6i-nixpkgs", + "sha256": "1s29nc3ppsjdq8kgbh8pc26xislkv01yph58xv2vjklkvsmz5pzm", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From 1ac0608fc53214897703e4a163186a4586c73bb6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 31 Aug 2021 19:26:37 +0200 Subject: cyberlocker-tools: pass fail --- krebs/5pkgs/simple/cyberlocker-tools/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/cyberlocker-tools/default.nix b/krebs/5pkgs/simple/cyberlocker-tools/default.nix index 80593bcae..d43be1d69 100644 --- a/krebs/5pkgs/simple/cyberlocker-tools/default.nix +++ b/krebs/5pkgs/simple/cyberlocker-tools/default.nix @@ -6,14 +6,14 @@ pkgs.symlinkJoin { set -efu path=''${1:-$(hostname)} - ${pkgs.curl}/bin/curl -Ss --data-binary @- "http://c.r/$path" + ${pkgs.curl}/bin/curl -fSs --data-binary @- "http://c.r/$path" echo "http://c.r/$path" '') (pkgs.writers.writeDashBin "cdel" '' set -efu path=$1 - ${pkgs.curl}/bin/curl -X DELETE "http://c.r/$path" + ${pkgs.curl}/bin/curl -f -X DELETE "http://c.r/$path" '') ]; } -- cgit v1.2.3 From 34930b3db2d4386e4826ae782f0c24044e45b9c5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 31 Aug 2021 20:26:53 +0200 Subject: htgen-cyberlocker: remove crud, exit after success POST --- krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker b/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker index 6c3ed6552..ab9c4e8e3 100644 --- a/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker +++ b/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker @@ -57,10 +57,7 @@ case "$Method $path" in mkdir -v -p $STATEDIR/items >&2 cp -v $content $item >&2 - - scheme=${req_x_forwarded_proto-http} - link=$scheme://$req_host/$path - + exit ;; 'GET /'*) item=$STATEDIR/items/$(echo "$path" | jq -rR @uri) -- cgit v1.2.3 From e8dc3141ae6a7f109c6ce9e5852dd1a62c60d543 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 31 Aug 2021 22:44:27 +0200 Subject: cyberlocker-tools: normalize url --- krebs/5pkgs/simple/cyberlocker-tools/default.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/simple/cyberlocker-tools/default.nix b/krebs/5pkgs/simple/cyberlocker-tools/default.nix index d43be1d69..6e6563fb1 100644 --- a/krebs/5pkgs/simple/cyberlocker-tools/default.nix +++ b/krebs/5pkgs/simple/cyberlocker-tools/default.nix @@ -5,15 +5,19 @@ pkgs.symlinkJoin { (pkgs.writers.writeDashBin "cput" '' set -efu path=''${1:-$(hostname)} + path=$(echo "/$path" | sed -E 's:/+:/:') + url=http://c.r$path - ${pkgs.curl}/bin/curl -fSs --data-binary @- "http://c.r/$path" - echo "http://c.r/$path" + ${pkgs.curl}/bin/curl -fSs --data-binary @- "$url" + echo "$url" '') (pkgs.writers.writeDashBin "cdel" '' set -efu path=$1 + path=$(echo "/$path" | sed -E 's:/+:/:') + url=http://c.r$path - ${pkgs.curl}/bin/curl -f -X DELETE "http://c.r/$path" + ${pkgs.curl}/bin/curl -f -X DELETE "$url" '') ]; } -- cgit v1.2.3 From c7db9e13cde6ba34afd863d0f9e77410c194039c Mon Sep 17 00:00:00 2001 From: xkey Date: Sat, 4 Sep 2021 14:02:28 +0200 Subject: external: add aleph.r --- krebs/3modules/external/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 75be58326..29c0d34f0 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -639,7 +639,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.13.12"; - aliases = [ "catalonia.r" ]; + aliases = [ "catalonia.r" "aleph.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y -- cgit v1.2.3