From d4445947aeacf9f133eaad375106cd1cfad84e25 Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Tue, 21 Feb 2017 14:30:21 +0100
Subject: l 1 shodan: setup hfos monitoring

---
 lass/1systems/shodan.nix | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'lass/1systems/shodan.nix')

diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 232e91d90..82622d154 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -42,6 +42,26 @@ with import <stockholm/lib>;
         pkgs.python27Packages.python
       ];
     }
+    {
+      krebs.monit = let
+        echoToIrc = msg:
+          pkgs.writeDash "echo_irc" ''
+            set -euf
+            export LOGNAME=prism-alarm
+            ${pkgs.irc-announce}/bin/irc-announce \
+              ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
+          '';
+      in {
+        enable = true;
+        http.enable = true;
+        alarms = {
+          hfos = {
+            test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'";
+            alarm = echoToIrc "test hfos failed";
+          };
+        };
+      };
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.shodan;
-- 
cgit v1.2.3


From cf64d51cc5e9b06a6fef68b2f60738b15a522e2e Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Wed, 22 Feb 2017 18:20:30 +0100
Subject: l 1 shodan: open monit port

---
 lass/1systems/shodan.nix | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lass/1systems/shodan.nix')

diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 82622d154..dca616936 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -61,6 +61,9 @@ with import <stockholm/lib>;
           };
         };
       };
+      krebs.iptables.tables.filter.INPUT.rules = [
+        { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
+      ];
     }
   ];
 
-- 
cgit v1.2.3