diff options
| author | makefu <github@syntax-fehler.de> | 2017-04-15 18:04:19 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2017-04-15 18:04:19 +0200 |
| commit | 4feb0e8e91d228bf4754d130e7d134f41047dc32 (patch) | |
| tree | 5d432360310739fdd6445d016bb6488a2df0fa9e | |
| parent | c45cd788d2df7d14175de59d31506d970eb72382 (diff) | |
k 3 hidden-ssh: init
| -rw-r--r-- | krebs/3modules/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/hidden-ssh.nix | 53 |
2 files changed, 54 insertions, 0 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index d24cea1a2..0364792b5 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -20,6 +20,7 @@ let ./github-hosts-sync.nix ./git.nix ./go.nix + ./hidden-ssh.nix ./htgen.nix ./iptables.nix ./kapacitor.nix diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix new file mode 100644 index 000000000..2f75ded9b --- /dev/null +++ b/krebs/3modules/hidden-ssh.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + cfg = config.krebs.hidden-ssh; + + out = { + options.krebs.hidden-ssh = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "hidden SSH announce"; + }; + + imp = let + torDirectory = "/var/lib/tor"; # from tor.nix + hiddenServiceDir = torDirectory + "/ssh-announce-service"; + in { + services.tor = { + enable = true; + extraConfig = '' + HiddenServiceDir ${hiddenServiceDir} + HiddenServicePort 22 127.0.0.1:22 + ''; + client.enable = true; + }; + systemd.services.hidden-ssh-announce = { + description = "irc announce hidden ssh"; + after = [ "tor.service" ]; + wants = [ "tor.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + # ${pkgs.tor}/bin/torify + ExecStart = pkgs.writeDash "irc-announce-ssh" '' + set -efu + until test -e ${hiddenServiceDir}/hostname; do + echo "still waiting for ${hiddenServiceDir}/hostname" + sleep 1 + done + ${pkgs.irc-announce}/bin/irc-announce \ + irc.freenode.org 6667 ${config.krebs.build.host.name}-ssh \ + \#krebs-announce \ + "SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)" + ''; + PrivateTmp = "true"; + User = "tor"; + Type = "oneshot"; + }; + }; + }; +in +out |