diff options
| author | tv <tv@krebsco.de> | 2021-09-28 22:48:17 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2021-09-28 22:48:17 +0200 |
| commit | ed2c6bd9792afbc433ae4eb23f40e17b90420f99 (patch) | |
| tree | 289de32dd7f58f46accf7ad25ed184db5aa45198 /krebs/3modules/hidden-ssh.nix | |
| parent | 20e358043546482acfa8c6134f095c1a64ef144d (diff) | |
| parent | e151cfd3298120ec541987d4beb155e18335a0d8 (diff) | |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/3modules/hidden-ssh.nix')
| -rw-r--r-- | krebs/3modules/hidden-ssh.nix | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix index 1e56e62f9..acbe717d9 100644 --- a/krebs/3modules/hidden-ssh.nix +++ b/krebs/3modules/hidden-ssh.nix @@ -19,6 +19,14 @@ let type = types.str; default = "irc.hackint.org"; }; + port = mkOption { + type = types.int; + default = 6697; + }; + tls = mkOption { + type = types.bool; + default = true; + }; message = mkOption { type = types.str; default = "SSH Hidden Service at "; @@ -27,14 +35,17 @@ let imp = let torDirectory = "/var/lib/tor"; # from tor.nix - hiddenServiceDir = torDirectory + "/ssh-announce-service"; + hiddenServiceDir = torDirectory + "/onion/hidden-ssh"; in { services.tor = { enable = true; - extraConfig = '' - HiddenServiceDir ${hiddenServiceDir} - HiddenServicePort 22 127.0.0.1:22 - ''; + relay.onionServices.hidden-ssh = { + version = 3; + map = [{ + port = 22; + target.port = 22; + }]; + }; client.enable = true; }; systemd.services.hidden-ssh-announce = { @@ -50,10 +61,14 @@ let echo "still waiting for ${hiddenServiceDir}/hostname" sleep 1 done - ${pkgs.untilport}/bin/untilport ${cfg.server} 6667 && \ - ${pkgs.irc-announce}/bin/irc-announce \ - ${cfg.server} 6667 ${config.krebs.build.host.name}-ssh \ - \${cfg.channel} \ + ${pkgs.untilport}/bin/untilport ${escapeShellArg cfg.server} ${toString cfg.port} + + ${pkgs.irc-announce}/bin/irc-announce \ + ${escapeShellArg cfg.server} \ + ${toString cfg.port} \ + "${config.krebs.build.host.name}-ssh" \ + ${escapeShellArg cfg.channel} \ + ${escapeShellArg cfg.tls} \ "${cfg.message}$(cat ${hiddenServiceDir}/hostname)" ''; PrivateTmp = "true"; |