diff options
Diffstat (limited to 'krebs/5pkgs')
-rw-r--r-- | krebs/5pkgs/default.nix | 14 | ||||
-rw-r--r-- | krebs/5pkgs/dic.nix | 36 | ||||
-rw-r--r-- | krebs/5pkgs/genid.nix | 22 | ||||
-rw-r--r-- | krebs/5pkgs/github-hosts-sync.nix | 40 | ||||
-rw-r--r-- | krebs/5pkgs/github-known_hosts.nix | 13 | ||||
-rw-r--r-- | krebs/5pkgs/hashPassword.nix | 16 |
6 files changed, 141 insertions, 0 deletions
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix new file mode 100644 index 000000000..231fda797 --- /dev/null +++ b/krebs/5pkgs/default.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +let + inherit (pkgs) callPackage; +in + +pkgs // +{ + dic = callPackage ./dic.nix {}; + genid = callPackage ./genid.nix {}; + github-hosts-sync = callPackage ./github-hosts-sync.nix {}; + github-known_hosts = callPackage ./github-known_hosts.nix {}; + hashPassword = callPackage ./hashPassword.nix {}; +} diff --git a/krebs/5pkgs/dic.nix b/krebs/5pkgs/dic.nix new file mode 100644 index 000000000..571773d22 --- /dev/null +++ b/krebs/5pkgs/dic.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchgit, coreutils, curl, gnused, gnugrep, ... }: + +stdenv.mkDerivation { + name = "dic"; + + src = fetchgit { + url = https://github.com/krebscode/painload; + rev = "35ccac73d563ad30d2851b9aeed4cfef69ff74e3"; + sha256 = "1y1fs2p3xj2yrqpw0h5kd0f3c5p1y70xk1hjnw99sr33r67s9c35"; + }; + + phases = [ + "unpackPhase" + "installPhase" + ]; + + installPhase = + let + path = stdenv.lib.makeSearchPath "bin" [ + coreutils + curl + gnused + gnugrep + ]; + in + '' + mkdir -p $out/bin + + sed \ + 's,^main() {$,&\n PATH=${path}; export PATH,' \ + < ./util/bin/dic \ + > $out/bin/dic + + chmod +x $out/bin/dic + ''; +} diff --git a/krebs/5pkgs/genid.nix b/krebs/5pkgs/genid.nix new file mode 100644 index 000000000..c75bec317 --- /dev/null +++ b/krebs/5pkgs/genid.nix @@ -0,0 +1,22 @@ +{ lib, pkgs, ... }: + +pkgs.writeScriptBin "genid" '' + #! /bin/sh + # usage: genid NAME + set -euf + + export PATH=${lib.makeSearchPath "bin" (with pkgs; [ + bc + coreutils + ])} + + name=$1 + hash=$(printf %s "$name" | sha1sum | cut -d\ -f1 | tr a-f A-F) + echo " + min=2^24 # bigger than nobody and nogroup, see <nixos/modules/misc/ids.nix> + # and some spare for stuff like lxd. + max=2^32 # see 2^(8*sizeof(uid_t)) + ibase=16 + ($hash + min) % max + " | bc +'' diff --git a/krebs/5pkgs/github-hosts-sync.nix b/krebs/5pkgs/github-hosts-sync.nix new file mode 100644 index 000000000..d69b2b12b --- /dev/null +++ b/krebs/5pkgs/github-hosts-sync.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchgit, pkgs, ... }: + +stdenv.mkDerivation { + name = "github-hosts-sync"; + + src = fetchgit { + url = https://github.com/krebscode/painload; + rev = "35ccac73d563ad30d2851b9aeed4cfef69ff74e3"; + sha256 = "1y1fs2p3xj2yrqpw0h5kd0f3c5p1y70xk1hjnw99sr33r67s9c35"; + }; + + phases = [ + "unpackPhase" + "installPhase" + ]; + + installPhase = + let + ca-bundle = "${pkgs.cacert}/etc/ca-bundle.crt"; + path = stdenv.lib.makeSearchPath "bin" (with pkgs; [ + coreutils + findutils + git + gnugrep + gnused + openssh + socat + ]); + in + '' + mkdir -p $out/bin + + sed \ + 's,^main() {$,&\n export PATH=${path} GIT_SSL_CAINFO=${ca-bundle},' \ + < ./retiolum/scripts/github_hosts_sync/hosts-sync \ + > $out/bin/github-hosts-sync + + chmod +x $out/bin/github-hosts-sync + ''; +} diff --git a/krebs/5pkgs/github-known_hosts.nix b/krebs/5pkgs/github-known_hosts.nix new file mode 100644 index 000000000..302fdd8d5 --- /dev/null +++ b/krebs/5pkgs/github-known_hosts.nix @@ -0,0 +1,13 @@ +{ lib, ... }: + +with builtins; +with lib; + +let + github-pubkey = removeSuffix "\n" (readFile ../../Zpubkeys/github.ssh.pub); +in + +toFile "github-known_hosts" + (concatMapStrings + (i: "github.com,192.30.252.${toString i} ${github-pubkey}\n") + (range 0 255)) diff --git a/krebs/5pkgs/hashPassword.nix b/krebs/5pkgs/hashPassword.nix new file mode 100644 index 000000000..a10340cc4 --- /dev/null +++ b/krebs/5pkgs/hashPassword.nix @@ -0,0 +1,16 @@ +{ lib, pkgs, ... }: + +pkgs.writeScriptBin "hashPassword" '' + #! /bin/sh + # usage: hashPassword + set -euf + + export PATH=${lib.makeSearchPath "bin" (with pkgs; [ + coreutils + mkpasswd + openssl + ])} + + salt=$(openssl rand -base64 16 | tr -d '+=' | head -c 16) + exec mkpasswd -m sha-512 -S "$salt" +'' |