summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/github/known-hosts.nix3
-rwxr-xr-xkrebs/3modules/github/update15
-rw-r--r--krebs/5pkgs/simple/syncthing-device-id.nix5
3 files changed, 19 insertions, 4 deletions
diff --git a/krebs/3modules/github/known-hosts.nix b/krebs/3modules/github/known-hosts.nix
index f2705caa4..c0d0b588a 100644
--- a/krebs/3modules/github/known-hosts.nix
+++ b/krebs/3modules/github/known-hosts.nix
@@ -3,8 +3,7 @@
hostNames =
["github.com"]
++
- # List generated with (IPv6 addresses are currently ignored):
- # curl -sS https://api.github.com/meta | jq -r .git[] | grep -v : | nix-shell -p cidr2glob --run cidr2glob | jq -Rs 'split("\n")|map(select(.!=""))' > known-hosts.json
+ # update known-hosts.json using ./update
lib.importJSON ./known-hosts.json
;
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
diff --git a/krebs/3modules/github/update b/krebs/3modules/github/update
new file mode 100755
index 000000000..3952dabae
--- /dev/null
+++ b/krebs/3modules/github/update
@@ -0,0 +1,15 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -i bash -p cidr2glob curl git jq
+
+# update known-hosts.json
+#
+# usage: ./update
+
+set -efu
+
+# XXX IPv6 addresses are currently ignored
+curl -sS https://api.github.com/meta | jq -r .git[] | grep -v : | cidr2glob | jq -Rs 'split("\n")|map(select(.!=""))' > known-hosts.json
+
+if git diff --exit-code known-hosts.json; then
+ echo known-hosts.json is up to date: nothing to do >&2
+fi
diff --git a/krebs/5pkgs/simple/syncthing-device-id.nix b/krebs/5pkgs/simple/syncthing-device-id.nix
index 9533800fd..74983fc18 100644
--- a/krebs/5pkgs/simple/syncthing-device-id.nix
+++ b/krebs/5pkgs/simple/syncthing-device-id.nix
@@ -1,12 +1,13 @@
-{ openssl, writePython2Bin }:
+{ openssl, writePython3Bin }:
-writePython2Bin "syncthing-device-id" {
+writePython3Bin "syncthing-device-id" {
flakeIgnore = [
"E226"
"E302"
"E305"
"E501"
"F401"
+ "W504"
];
} /* python */ ''
import base64