diff options
author | lassulus <lassulus@lassul.us> | 2017-12-12 21:56:24 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2017-12-12 21:56:24 +0100 |
commit | 29138305788cb2229b9d8e6c329c743c2d8a6711 (patch) | |
tree | b472612cd5051ccff6fe01a692353e3078785b70 | |
parent | 47f3d044e4d8e45168d54dc69368a598330b76ae (diff) | |
parent | 19fcba24f1ef050a8f8d553f09348adb2a007041 (diff) |
Merge remote-tracking branch 'ni/master'
-rw-r--r-- | krebs/3modules/backup.nix | 1 | ||||
-rw-r--r-- | krebs/3modules/default.nix | 35 | ||||
-rw-r--r-- | krebs/5pkgs/simple/cidr2glob.nix | 30 | ||||
-rw-r--r-- | tv/2configs/urlwatch.nix | 2 |
4 files changed, 52 insertions, 16 deletions
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 6f015d66b..c0b218c15 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -83,6 +83,7 @@ let rsync utillinux ]; + restartIfChanged = false; serviceConfig = rec { ExecStart = start plan; SyslogIdentifier = ExecStart.name; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 7cf02cd8b..caeef2885 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -225,21 +225,26 @@ let }; }) // - # GitHub's IPv4 address range is 192.30.252.0/22 - # Refs https://help.github.com/articles/github-s-ip-addresses/ - # 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses) - # Because line length is limited by OPENSSH_LINE_MAX (= 8192), - # we split each /24 into its own entry. - listToAttrs (map - (c: { - name = "github${toString c}"; - value = { - hostNames = ["github.com"] ++ - map (d: "192.30.${toString c}.${toString d}") (range 0 255); - publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; - }; - }) - (range 252 255)) + { + github = { + hostNames = [ + "github.com" + # List generated with + # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob + "192.30.253.*" + "192.30.254.*" + "192.30.255.*" + "185.199.108.*" + "185.199.109.*" + "185.199.110.*" + "185.199.111.*" + "18.195.85.27" + "18.194.104.89" + "35.159.8.160" + ]; + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; + }; + } // mapAttrs (name: host: { diff --git a/krebs/5pkgs/simple/cidr2glob.nix b/krebs/5pkgs/simple/cidr2glob.nix new file mode 100644 index 000000000..9b0b3f86b --- /dev/null +++ b/krebs/5pkgs/simple/cidr2glob.nix @@ -0,0 +1,30 @@ +{ python, writeScriptBin, ... }: + +let + pythonEnv = python.withPackages (ps: [ ps.netaddr ]); +in + writeScriptBin "cidr2glob" '' + #! ${pythonEnv}/bin/python + + import netaddr + import re + import sys + + def cidr2glob(cidr): + net = netaddr.IPNetwork(cidr) + + if net.prefixlen <= 8: + return map(lambda subnet: re.sub(r'\.0\.0\.0$', '.*', str(subnet.ip)), net.subnet(8)) + elif net.prefixlen <= 16: + return map(lambda subnet: re.sub(r'\.0\.0$', '.*', str(subnet.ip)), net.subnet(16)) + elif net.prefixlen <= 24: + return map(lambda subnet: re.sub(r'\.0$', '.*', str(subnet.ip)), net.subnet(24)) + else: + return map(lambda ip: str(ip), list(net)) + + if __name__ == "__main__": + for cidr in sys.stdin: + for glob in cidr2glob(cidr): + print glob + + '' diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index a35254345..b0e12625d 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -47,7 +47,7 @@ with import <stockholm/lib>; #http://hackage.haskell.org/package/web-page # ref <stockholm/krebs/3modules>, services.openssh.knownHosts.github* - https://help.github.com/articles/github-s-ip-addresses/ + https://api.github.com/meta # <stockholm/tv/2configs/xserver/xserver.conf.nix> # is derived from `configFile` in: |