summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/hidden-ssh.nix53
-rw-r--r--krebs/3modules/makefu/default.nix12
3 files changed, 60 insertions, 6 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index a46b8af15..37db5bfe7 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -20,6 +20,7 @@ let
./github-hosts-sync.nix
./git.nix
./go.nix
+ ./hidden-ssh.nix
./htgen.nix
./iptables.nix
./kapacitor.nix
diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix
new file mode 100644
index 000000000..2f75ded9b
--- /dev/null
+++ b/krebs/3modules/hidden-ssh.nix
@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ cfg = config.krebs.hidden-ssh;
+
+ out = {
+ options.krebs.hidden-ssh = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "hidden SSH announce";
+ };
+
+ imp = let
+ torDirectory = "/var/lib/tor"; # from tor.nix
+ hiddenServiceDir = torDirectory + "/ssh-announce-service";
+ in {
+ services.tor = {
+ enable = true;
+ extraConfig = ''
+ HiddenServiceDir ${hiddenServiceDir}
+ HiddenServicePort 22 127.0.0.1:22
+ '';
+ client.enable = true;
+ };
+ systemd.services.hidden-ssh-announce = {
+ description = "irc announce hidden ssh";
+ after = [ "tor.service" ];
+ wants = [ "tor.service" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ # ${pkgs.tor}/bin/torify
+ ExecStart = pkgs.writeDash "irc-announce-ssh" ''
+ set -efu
+ until test -e ${hiddenServiceDir}/hostname; do
+ echo "still waiting for ${hiddenServiceDir}/hostname"
+ sleep 1
+ done
+ ${pkgs.irc-announce}/bin/irc-announce \
+ irc.freenode.org 6667 ${config.krebs.build.host.name}-ssh \
+ \#krebs-announce \
+ "SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)"
+ '';
+ PrivateTmp = "true";
+ User = "tor";
+ Type = "oneshot";
+ };
+ };
+ };
+in
+out
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 56df451b7..cef6a4fd6 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -33,7 +33,7 @@ with import <stockholm/lib>;
nets = {
retiolum = {
ip4.addr = "10.243.113.98";
- ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
+ # ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
aliases = [
"fileleech.r"
];
@@ -247,7 +247,6 @@ with import <stockholm/lib>;
"krebsco.de" = ''
euer IN MX 1 aspmx.l.google.com.
nixos.unstable IN CNAME krebscode.github.io.
- pigstarter IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr}
boot IN A ${nets.internet.ip4.addr}
'';
@@ -301,7 +300,7 @@ with import <stockholm/lib>;
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
aliases = [
"wry.r"
- "graphs.wry.r"
+ "graph.wry.r"
"paste.wry.r"
];
tinc.pubkey = ''
@@ -436,12 +435,13 @@ with import <stockholm/lib>;
mattermost.euer IN A ${nets.internet.ip4.addr}
git.euer IN A ${nets.internet.ip4.addr}
gum IN A ${nets.internet.ip4.addr}
+ pigstarter IN A ${nets.internet.ip4.addr}
cgit.euer IN A ${nets.internet.ip4.addr}
o.euer IN A ${nets.internet.ip4.addr}
dl.euer IN A ${nets.internet.ip4.addr}
euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
- graphs IN A ${nets.internet.ip4.addr}
+ graph IN A ${nets.internet.ip4.addr}
'';
};
nets = rec {
@@ -461,7 +461,7 @@ with import <stockholm/lib>;
"o.gum.r"
"tracker.makefu.r"
- "graphs.r"
+ "graph.r"
"wiki.makefu.r"
"wiki.gum.r"
"blog.makefu.r"
@@ -491,7 +491,7 @@ with import <stockholm/lib>;
ip4.prefix = "10.8.10.0/24";
aliases = [
"shoney.siem"
- "graphs.siem"
+ "graph.siem"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----