From a030e180bbc466e067f7b8a490fdcf41fdcb95ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 26 Dec 2016 13:15:34 +0100 Subject: k 3 l: make icarus secure --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 2d1819dee..6f79aea0e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -298,6 +298,7 @@ with import ; ''; }; }; + secure = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj"; }; -- cgit v1.2.3 From c37b42b702e38bbf2cc6dce150be6c8aa6aa6b25 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 26 Dec 2016 13:16:40 +0100 Subject: k 3 realwallpaper: daymap only available via https --- krebs/3modules/realwallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 1564bd94a..f9eae8c92 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -24,7 +24,7 @@ let daymap = mkOption { type = types.str; - default = "http://www.nnvl.noaa.gov/images/globaldata/SnowIceCover_Daily.png"; + default = "https://www.nnvl.noaa.gov/images/globaldata/SnowIceCover_Daily.png"; }; cloudmap = mkOption { -- cgit v1.2.3 From 3c5906dd62704f0a1cdc14ec7c5c6569d7625dbe Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Dec 2016 22:58:36 +0100 Subject: k 5: move irc-announce to seperate package --- krebs/5pkgs/git-hooks/default.nix | 64 +--------------------------------- krebs/5pkgs/irc-announce/default.nix | 66 ++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 63 deletions(-) create mode 100644 krebs/5pkgs/irc-announce/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/git-hooks/default.nix b/krebs/5pkgs/git-hooks/default.nix index 6f2cb8b6a..9355a878c 100644 --- a/krebs/5pkgs/git-hooks/default.nix +++ b/krebs/5pkgs/git-hooks/default.nix @@ -108,67 +108,5 @@ let fi ''; - irc-announce-script = pkgs.writeDash "irc-announce-script" '' - set -euf - - export PATH=${makeSearchPath "bin" (with pkgs; [ - coreutils - gawk - gnused - netcat - nettools - ])} - - IRC_SERVER=$1 - IRC_PORT=$2 - IRC_NICK=$3$$ - IRC_CHANNEL=$4 - message=$5 - - export IRC_CHANNEL # for privmsg_cat - - # echo2 and cat2 are used output to both, stdout and stderr - # This is used to see what we send to the irc server. (debug output) - echo2() { echo "$*"; echo "$*" >&2; } - cat2() { tee /dev/stderr; } - - # privmsg_cat transforms stdin to a privmsg - privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } - - # ircin is used to feed the output of netcat back to the "irc client" - # so we can implement expect-like behavior with sed^_^ - # XXX mkselfdestructingtmpfifo would be nice instead of this cruft - tmpdir="$(mktemp -d irc-announce_XXXXXXXX)" - cd "$tmpdir" - mkfifo ircin - trap " - rm ircin - cd '$OLDPWD' - rmdir '$tmpdir' - trap - EXIT INT QUIT - " EXIT INT QUIT - - { - echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)" - echo2 "NICK $IRC_NICK" - - # wait for MODE message - sed -n '/^:[^ ]* MODE /q' - - echo2 "JOIN $IRC_CHANNEL" - - printf '%s' "$message" \ - | privmsg_cat \ - | cat2 - - echo2 "PART $IRC_CHANNEL" - - # wait for PART confirmation - sed -n '/:'"$IRC_NICK"'![^ ]* PART /q' - - echo2 'QUIT :Gone to have lunch' - } < ircin \ - | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin - ''; - + irc-announce-script = "${pkgs.irc-announce}/bin/irc-announce"; in out diff --git a/krebs/5pkgs/irc-announce/default.nix b/krebs/5pkgs/irc-announce/default.nix new file mode 100644 index 000000000..f02cec3c6 --- /dev/null +++ b/krebs/5pkgs/irc-announce/default.nix @@ -0,0 +1,66 @@ +{ pkgs, lib, ... }: + +with lib; + +pkgs.writeDashBin "irc-announce" '' + set -euf + + export PATH=${makeSearchPath "bin" (with pkgs; [ + coreutils + gawk + gnused + netcat + nettools + ])} + + IRC_SERVER=$1 + IRC_PORT=$2 + IRC_NICK=$3$$ + IRC_CHANNEL=$4 + message=$5 + + export IRC_CHANNEL # for privmsg_cat + + # echo2 and cat2 are used output to both, stdout and stderr + # This is used to see what we send to the irc server. (debug output) + echo2() { echo "$*"; echo "$*" >&2; } + cat2() { tee /dev/stderr; } + + # privmsg_cat transforms stdin to a privmsg + privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } + + # ircin is used to feed the output of netcat back to the "irc client" + # so we can implement expect-like behavior with sed^_^ + # XXX mkselfdestructingtmpfifo would be nice instead of this cruft + tmpdir="$(mktemp -d irc-announce_XXXXXXXX)" + cd "$tmpdir" + mkfifo ircin + trap " + rm ircin + cd '$OLDPWD' + rmdir '$tmpdir' + trap - EXIT INT QUIT + " EXIT INT QUIT + + { + echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)" + echo2 "NICK $IRC_NICK" + + # wait for MODE message + sed -n '/^:[^ ]* MODE /q' + + echo2 "JOIN $IRC_CHANNEL" + + printf '%s' "$message" \ + | privmsg_cat \ + | cat2 + + echo2 "PART $IRC_CHANNEL" + + # wait for PART confirmation + sed -n '/:'"$IRC_NICK"'![^ ]* PART /q' + + echo2 'QUIT :Gone to have lunch' + } < ircin \ + | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin +'' -- cgit v1.2.3 From 3ecebca46f8924de9dd97bd79a1f0272f39d9ae6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Dec 2016 22:58:56 +0100 Subject: k 5 irc-announce: cd to /tmp --- krebs/5pkgs/irc-announce/default.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs') diff --git a/krebs/5pkgs/irc-announce/default.nix b/krebs/5pkgs/irc-announce/default.nix index f02cec3c6..af6b35ec6 100644 --- a/krebs/5pkgs/irc-announce/default.nix +++ b/krebs/5pkgs/irc-announce/default.nix @@ -29,6 +29,8 @@ pkgs.writeDashBin "irc-announce" '' # privmsg_cat transforms stdin to a privmsg privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } + # we cd to /tmp here to be able to create a tmpdir in the first place + cd /tmp # ircin is used to feed the output of netcat back to the "irc client" # so we can implement expect-like behavior with sed^_^ # XXX mkselfdestructingtmpfifo would be nice instead of this cruft -- cgit v1.2.3