diff options
| -rw-r--r-- | krebs/3modules/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/hidden-ssh.nix | 53 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 12 | ||||
| -rw-r--r-- | krebs/5pkgs/krebspaste/default.nix | 2 | ||||
| -rw-r--r-- | makefu/2configs/deployment/graphs.nix | 4 |
5 files changed, 63 insertions, 9 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a46b8af15..37db5bfe7 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -20,6 +20,7 @@ let ./github-hosts-sync.nix ./git.nix ./go.nix + ./hidden-ssh.nix ./htgen.nix ./iptables.nix ./kapacitor.nix diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix new file mode 100644 index 000000000..2f75ded9b --- /dev/null +++ b/krebs/3modules/hidden-ssh.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + cfg = config.krebs.hidden-ssh; + + out = { + options.krebs.hidden-ssh = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "hidden SSH announce"; + }; + + imp = let + torDirectory = "/var/lib/tor"; # from tor.nix + hiddenServiceDir = torDirectory + "/ssh-announce-service"; + in { + services.tor = { + enable = true; + extraConfig = '' + HiddenServiceDir ${hiddenServiceDir} + HiddenServicePort 22 127.0.0.1:22 + ''; + client.enable = true; + }; + systemd.services.hidden-ssh-announce = { + description = "irc announce hidden ssh"; + after = [ "tor.service" ]; + wants = [ "tor.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + # ${pkgs.tor}/bin/torify + ExecStart = pkgs.writeDash "irc-announce-ssh" '' + set -efu + until test -e ${hiddenServiceDir}/hostname; do + echo "still waiting for ${hiddenServiceDir}/hostname" + sleep 1 + done + ${pkgs.irc-announce}/bin/irc-announce \ + irc.freenode.org 6667 ${config.krebs.build.host.name}-ssh \ + \#krebs-announce \ + "SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)" + ''; + PrivateTmp = "true"; + User = "tor"; + Type = "oneshot"; + }; + }; + }; +in +out diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 56df451b7..cef6a4fd6 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -33,7 +33,7 @@ with import <stockholm/lib>; nets = { retiolum = { ip4.addr = "10.243.113.98"; - ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; + # ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; aliases = [ "fileleech.r" ]; @@ -247,7 +247,6 @@ with import <stockholm/lib>; "krebsco.de" = '' euer IN MX 1 aspmx.l.google.com. nixos.unstable IN CNAME krebscode.github.io. - pigstarter IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} boot IN A ${nets.internet.ip4.addr} ''; @@ -301,7 +300,7 @@ with import <stockholm/lib>; ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad"; aliases = [ "wry.r" - "graphs.wry.r" + "graph.wry.r" "paste.wry.r" ]; tinc.pubkey = '' @@ -436,12 +435,13 @@ with import <stockholm/lib>; mattermost.euer IN A ${nets.internet.ip4.addr} git.euer IN A ${nets.internet.ip4.addr} gum IN A ${nets.internet.ip4.addr} + pigstarter IN A ${nets.internet.ip4.addr} cgit.euer IN A ${nets.internet.ip4.addr} o.euer IN A ${nets.internet.ip4.addr} dl.euer IN A ${nets.internet.ip4.addr} euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} - graphs IN A ${nets.internet.ip4.addr} + graph IN A ${nets.internet.ip4.addr} ''; }; nets = rec { @@ -461,7 +461,7 @@ with import <stockholm/lib>; "o.gum.r" "tracker.makefu.r" - "graphs.r" + "graph.r" "wiki.makefu.r" "wiki.gum.r" "blog.makefu.r" @@ -491,7 +491,7 @@ with import <stockholm/lib>; ip4.prefix = "10.8.10.0/24"; aliases = [ "shoney.siem" - "graphs.siem" + "graph.siem" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix index 8c6676d0e..31ad12780 100644 --- a/krebs/5pkgs/krebspaste/default.nix +++ b/krebs/5pkgs/krebspaste/default.nix @@ -2,5 +2,5 @@ # TODO use `execve` instead? writeDashBin "krebspaste" '' - exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" + exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" | sed '$ s/$/\/+inline/g' '' diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix index 35a724f6a..b33ddece0 100644 --- a/makefu/2configs/deployment/graphs.nix +++ b/makefu/2configs/deployment/graphs.nix @@ -23,8 +23,8 @@ in { } ''; serverAliases = [ - "graphs.r" "graphs.retiolum" - "graphs.${hn}" "graphs.${hn}.retiolum" + "graph.r" + "graph.${hn}" "graph.${hn}.r" ]; }; anonymous = { |