summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2016-06-02 11:17:18 +0200
committermakefu <github@syntax-fehler.de>2016-06-02 11:17:18 +0200
commit4f28d9a306c2989304b52889c07e22992e40da0b (patch)
treed07166696ed3bd97bb6a165418af8611b8f68571 /krebs/3modules
parentd5961aa09e399bb30f940eb5ac2cfe26dfa51d65 (diff)
parent7bd85d7bbbce68ba7317e16b805b1093ded3f1e2 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/iptables.nix2
-rw-r--r--krebs/3modules/lass/default.nix3
-rw-r--r--krebs/3modules/nginx.nix2
3 files changed, 5 insertions, 2 deletions
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index 4b99873a1..bb06a9388 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -124,7 +124,7 @@ let
buildRule = tn: cn: rule:
#target validation test:
- assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target;
+ assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target || hasPrefix "DNAT" rule.target;
#predicate validation test:
#maybe use iptables-test
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 03e067f35..65da85ac4 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -311,5 +311,8 @@ with config.krebs.lib;
pubkey = builtins.readFile ./ssh/shodan.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp;
};
+ fritz = {
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
+ };
};
}
diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix
index 6af93a570..fc7fcca6f 100644
--- a/krebs/3modules/nginx.nix
+++ b/krebs/3modules/nginx.nix
@@ -119,7 +119,7 @@ let
to-server = { server-names, listen, locations, extraConfig, ssl, ... }: ''
server {
- server_name ${toString server-names};
+ server_name ${toString (unique server-names)};
${concatMapStringsSep "\n" (x: indent "listen ${x};") listen}
${optionalString ssl.enable (indent ''
listen 443 ssl;