From 1df762657baf7d0c27a178113e613c94e6b12aa3 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Dec 2022 16:17:24 +0100 Subject: k pkgs.ukrepl: init --- krebs/5pkgs/simple/ukrepl.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 krebs/5pkgs/simple/ukrepl.nix (limited to 'krebs') diff --git a/krebs/5pkgs/simple/ukrepl.nix b/krebs/5pkgs/simple/ukrepl.nix new file mode 100644 index 000000000..bdea4181f --- /dev/null +++ b/krebs/5pkgs/simple/ukrepl.nix @@ -0,0 +1,11 @@ +{ lib, pkgs,stdenv }: +let + src = pkgs.fetchFromGitHub { + owner = "makefu"; + repo = "ukrepl"; + rev = "0baa5cc4d5c3c17af704b69a800dd1f520ded8e3"; + hash = "sha256:1lnhkf02f18fvf3l2fcszvs4x115lql17akabd5ph9ff9z33k8rv"; + }; +in + pkgs.writers.writePython3Bin "ukrepl" {} (builtins.readFile (src + "/ukrepl")) + -- cgit v1.2.3 From ee44d27ef7df359ac82cfb4c0fbdf99714b06988 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 9 Dec 2022 15:04:18 +0100 Subject: krebs-pages: import current krebscode.github.com From https://github.com/krebscode/krebscode.github.com Commit 4676108df07c2a058c4b98f6b0c3ace36fe861b2 --- krebs/5pkgs/simple/krebs-pages/fixtures/index.html | 21 +--- .../simple/krebs-pages/fixtures/thesauron.html | 133 --------------------- 2 files changed, 6 insertions(+), 148 deletions(-) delete mode 100644 krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html (limited to 'krebs') diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/index.html b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html index e6b7034b3..68b2cbad6 100644 --- a/krebs/5pkgs/simple/krebs-pages/fixtures/index.html +++ b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html @@ -24,19 +24,10 @@ } -

- - Linuxtag Heckenkrebs Presentation - -

-

- - CTF Writeups - -

-

- - Thesauron - -

+

krops

+

Thesauron

+

Project: The new NixOS wiki

+

Go through this amazon affiliate link and generate krebsgold

+

Go through this aliexpress affiliate link and generate krebsgold

+ diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html b/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html deleted file mode 100644 index bcf1c5d48..000000000 --- a/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html +++ /dev/null @@ -1,133 +0,0 @@ -

Cholerab n. -[de] -- Kunstwort aus Kollaboration und Cholera. Beschreibt den Zustand, dass - Zusammenarbeit niemals gut, einfach und ohne Schmerzen funktioniert. -- Teamwork-Plattform für Krebscode.

- -

eigentlich adv. -[de] -- Hinweis darauf, dass der Inhalt eines Satzes eine Soll-Realität beschreibt, - die nicht der Fall ist. -Antonym: tatsaechlich

- -

ghost n. -[de] -- Host im Darknet welcher evtl. irgendwie noch da ist (als dd image auf anderen - Festplatten) aber wohl nie wieder kommen wird. -Siehe: Wiederbelebung

- -

KD;RP abbr. (pronounciation: kah-derp) -[en] -- Short for Krebs Darknet / Retiolum Prefix.

- -

krebs -[de] -- krebs ist ein soziales Experiment, eine Organisation, das zweit aelteste - Softwareprojekt im Shack und viel verteilte infrastruktur.

- -

kremium -[en] -- coinage derived from the words premium and krebs -see: broken -usage: Reaktor ircbot has unfixed broken behavior since ever->“Kremium Software”

- -

KRI abbr. (pronounciation: [en] cry) -[en] -- Short for Krebs Request for Implementation. - Derived from Scheme Requests for Implementation (SRFI).

- -

litterate programming n. -[en] -- any code that has not been proved mathematically.

- -

Nahziel n. -[de] -- Ziel mit höchst möglicher Priorität.

- -

Nahzielerfahrung n. -[de] -- das Erlebnis der (endgültigen) Nichterreichung eines Nahziels (obwohl - nur noch wenig ((quasi-) infinitesimal viel) nötig gewesen wäre).

- -

parentheses of fear -[en] -- unnecessary parentheses, usually used when order of precedence is unknown. - - Examples: 1 + (2 * 3)

- -

Protip n. -[en] -- (Probably vague) description how a task can be solved. - - Antonym: Spoiler - - Example: - - To defeat the Cyberdaemon, shoot at it until it dies. - - RTFM

- -

Punching Lemma n. -[de] -- Sozialer Druck zur Aufrechterhaltung der Ordnung in dem sozialen Geflaecht - von Krebs

- -

ref, n. -[en] -- A reference like an URI, ISBN, name of a person, etc.

- -

reftrace, n. -[en] -- A stacktrace-like representation of refs that lead to some (any kind of) - conclusion. Usually generated by a human. The conclusion can be either on - the top or on the bottom of the stack. If the order is ambiguous, then it - should be communicated explicitly. - - Example: (conclusion first) - - http://en.wikipedia.org/wiki/Stack_trace - - google “stacktrace” (first entry / 2014–12–05T12:13:58Z) - - think about some example [this could be omitted, as it’s obvious…]

- -

Retiolum n. -[en] -- The official darknet of Krebs which utilizes the Retiolum Prefix to - address individual nodes.

- -

Retiolum Prefix n. -[en] -- The universally accepted IPv6-prefix, 42::/16. Anyone can has a - /128-subnet and, if require, anything larger.

- -

Retiolum Realtime Map n. -[en] -- The network map of the public visible part of Retiolum.

- -

RRM [abbr.][en] -- Short for Retiolum Retiolum Map.

- -

Sanatorium n. -[en] -- The Krebs Control and Command Center. -- An Retiolum-based IRC-channel where all Reaktor-enabled nodes gather - and lurk for relevant input.

- -

Spoiler n. -[en] -- A subset of walkthrough, i.e. any individual steps may be omitted. - - Antonym: Protip

- -

tatsaechlich, adv. -[de] -- Hinweis darauf, dass der Inhalt eines Satzes exakt der Realität entspricht. -Antonym: eigentlich

- -

Verkrebsung n. -[de] -- Synonym fuer die Installation von Krebs (oder eine einzelnen Krebs - Komponente) auf einem beliebigem System.

- -

Walkthrough n. -[en] -- Description of the individual steps to complete a task. - - Examples: - - program code - - small-step semantics

- -

Wiederbelebung n. -[de] -- Ein ghost wird im Darknet wieder erreichbar -Siehe: ghost

-- cgit v1.2.3 From 69ddda1380d3d533ee24d8ec5d97e59e2b82b305 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 9 Dec 2022 15:50:25 +0100 Subject: krebs.pages: init --- krebs/3modules/default.nix | 1 + krebs/3modules/krebs-pages.nix | 44 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 krebs/3modules/krebs-pages.nix (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 0ac8cb743..b92190b5b 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -34,6 +34,7 @@ let ./iptables.nix ./kapacitor.nix ./konsens.nix + ./krebs-pages.nix ./monit.nix ./nixpkgs.nix ./on-failure.nix diff --git a/krebs/3modules/krebs-pages.nix b/krebs/3modules/krebs-pages.nix new file mode 100644 index 000000000..a2a5b723e --- /dev/null +++ b/krebs/3modules/krebs-pages.nix @@ -0,0 +1,44 @@ +{ config, modulesPath, pkgs, ... }: let + cfg = config.krebs.pages; + lib = import ../../lib; + extraTypes.nginx-vhost = lib.types.submodule ( + lib.recursiveUpdate + (import (modulesPath + "/services/web-servers/nginx/vhost-options.nix") + { inherit config lib; }) + {} + ); +in { + options.krebs.pages = { + enable = lib.mkEnableOption "krebs-pages"; + domain = lib.mkOption { + type = lib.types.hostname; + default = "krebsco.de"; + }; + nginx = lib.mkOption { + type = extraTypes.nginx-vhost; + default = {}; + example = lib.literalExpression /* nix */ '' + { + # To enable encryption and let let's encrypt take care of certificate + enableACME = true; + forceSSL = true; + } + ''; + description = lib.mkDoc '' + With this option, you can customize the nginx virtualHost settings. + ''; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.krebs-pages; + }; + }; + config = lib.mkIf cfg.enable { + services.nginx = { + enable = lib.mkDefault true; + virtualHosts.${cfg.domain} = lib.mkMerge [ cfg.nginx { + root = lib.mkForce cfg.package; + }]; + }; + }; +} -- cgit v1.2.3 From 0d19e5948545eeab67ba3cf052e396137e9cafd1 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 9 Dec 2022 14:52:14 +0100 Subject: krebsco.de: point apex to ni --- krebs/3modules/default.nix | 4 ---- 1 file changed, 4 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index b92190b5b..6babac72e 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -84,10 +84,6 @@ let @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400) IN NS ns19.ovh.net. IN NS dns19.ovh.net. - IN A 185.199.108.153 - IN A 185.199.109.153 - IN A 185.199.110.153 - IN A 185.199.111.153 ''; }; }; -- cgit v1.2.3 From f207532a0e34d6316ffc904e88097ee2c87b1505 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 9 Dec 2022 16:01:25 +0100 Subject: hotdog: enable krebs.pages --- krebs/1systems/hotdog/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index a34df4bdc..9849937d5 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -22,6 +22,7 @@ krebs.build.host = config.krebs.hosts.hotdog; krebs.github-hosts-sync.enable = true; + krebs.pages.enable = true; boot.isContainer = true; networking.useDHCP = false; -- cgit v1.2.3 From 54300dfe750340d1e61947400ea86f71dad877af Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 9 Dec 2022 17:00:03 +0100 Subject: ponte: enable krebs.pages --- krebs/1systems/ponte/config.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'krebs') diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix index 8250ebad9..de01b92ca 100644 --- a/krebs/1systems/ponte/config.nix +++ b/krebs/1systems/ponte/config.nix @@ -8,4 +8,11 @@ ]; krebs.build.host = config.krebs.hosts.ponte; + + krebs.pages.enable = true; + krebs.pages.nginx.addSSL = true; + krebs.pages.nginx.enableACME = true; + + security.acme.acceptTerms = true; + security.acme.certs.${config.krebs.pages.domain}.email = "spam@krebsco.de"; } -- cgit v1.2.3 From 8062bf67e3481214883f0d41a624c0ccfb1cf275 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 9 Dec 2022 17:11:30 +0100 Subject: ponte: open TCP 80 and 443 --- krebs/1systems/ponte/config.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs') diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix index de01b92ca..ba817692f 100644 --- a/krebs/1systems/ponte/config.nix +++ b/krebs/1systems/ponte/config.nix @@ -7,6 +7,8 @@ ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + krebs.build.host = config.krebs.hosts.ponte; krebs.pages.enable = true; -- cgit v1.2.3 From ea30ea8661dbc83f8d2f96f2c511aa04992d3ffe Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 9 Dec 2022 17:42:52 +0100 Subject: ponte firewall: disable logging --- krebs/1systems/ponte/config.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs') diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix index ba817692f..f896c507b 100644 --- a/krebs/1systems/ponte/config.nix +++ b/krebs/1systems/ponte/config.nix @@ -8,6 +8,8 @@ ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.logRefusedConnections = false; + networking.firewall.logRefusedUnicastsOnly = false; krebs.build.host = config.krebs.hosts.ponte; -- cgit v1.2.3 From b17cd6133b92b9f936ee83f86bb8ff8f54e9565d Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 9 Dec 2022 18:07:20 +0100 Subject: ponte: modify internet-facing SSH port --- krebs/1systems/ponte/config.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'krebs') diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix index f896c507b..2f55995cf 100644 --- a/krebs/1systems/ponte/config.nix +++ b/krebs/1systems/ponte/config.nix @@ -11,6 +11,21 @@ networking.firewall.logRefusedConnections = false; networking.firewall.logRefusedUnicastsOnly = false; + # Move Internet-facing SSH port to reduce logspam. + networking.firewall.extraCommands = let + host = config.krebs.build.host; + in /* sh */ '' + iptables -t nat -A OUTPUT -o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22 + iptables -t nat -A PREROUTING -p tcp --dport 11423 -j REDIRECT --to-ports 22 + iptables -t nat -A PREROUTING -d ${host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT + iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 0 + + ip6tables -t nat -A OUTPUT -o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22 + ip6tables -t nat -A PREROUTING -p tcp --dport 11423 -j REDIRECT --to-ports 22 + ip6tables -t nat -A PREROUTING -d ${host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT + ip6tables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 0 + ''; + krebs.build.host = config.krebs.hosts.ponte; krebs.pages.enable = true; -- cgit v1.2.3