summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2017-04-15 18:04:19 +0200
committermakefu <github@syntax-fehler.de>2017-04-15 18:04:19 +0200
commit4feb0e8e91d228bf4754d130e7d134f41047dc32 (patch)
tree5d432360310739fdd6445d016bb6488a2df0fa9e /krebs
parentc45cd788d2df7d14175de59d31506d970eb72382 (diff)
k 3 hidden-ssh: init
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/hidden-ssh.nix53
2 files changed, 54 insertions, 0 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index d24cea1a2..0364792b5 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -20,6 +20,7 @@ let
./github-hosts-sync.nix
./git.nix
./go.nix
+ ./hidden-ssh.nix
./htgen.nix
./iptables.nix
./kapacitor.nix
diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix
new file mode 100644
index 000000000..2f75ded9b
--- /dev/null
+++ b/krebs/3modules/hidden-ssh.nix
@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ cfg = config.krebs.hidden-ssh;
+
+ out = {
+ options.krebs.hidden-ssh = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "hidden SSH announce";
+ };
+
+ imp = let
+ torDirectory = "/var/lib/tor"; # from tor.nix
+ hiddenServiceDir = torDirectory + "/ssh-announce-service";
+ in {
+ services.tor = {
+ enable = true;
+ extraConfig = ''
+ HiddenServiceDir ${hiddenServiceDir}
+ HiddenServicePort 22 127.0.0.1:22
+ '';
+ client.enable = true;
+ };
+ systemd.services.hidden-ssh-announce = {
+ description = "irc announce hidden ssh";
+ after = [ "tor.service" ];
+ wants = [ "tor.service" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ # ${pkgs.tor}/bin/torify
+ ExecStart = pkgs.writeDash "irc-announce-ssh" ''
+ set -efu
+ until test -e ${hiddenServiceDir}/hostname; do
+ echo "still waiting for ${hiddenServiceDir}/hostname"
+ sleep 1
+ done
+ ${pkgs.irc-announce}/bin/irc-announce \
+ irc.freenode.org 6667 ${config.krebs.build.host.name}-ssh \
+ \#krebs-announce \
+ "SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)"
+ '';
+ PrivateTmp = "true";
+ User = "tor";
+ Type = "oneshot";
+ };
+ };
+ };
+in
+out