Merge remote-tracking branch 'ni/master'

This commit is contained in:
lassulus 2017-12-12 21:56:24 +01:00
commit 2913830578
4 changed files with 52 additions and 16 deletions

View File

@ -83,6 +83,7 @@ let
rsync rsync
utillinux utillinux
]; ];
restartIfChanged = false;
serviceConfig = rec { serviceConfig = rec {
ExecStart = start plan; ExecStart = start plan;
SyslogIdentifier = ExecStart.name; SyslogIdentifier = ExecStart.name;

View File

@ -225,21 +225,26 @@ let
}; };
}) })
// //
# GitHub's IPv4 address range is 192.30.252.0/22 {
# Refs https://help.github.com/articles/github-s-ip-addresses/ github = {
# 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses) hostNames = [
# Because line length is limited by OPENSSH_LINE_MAX (= 8192), "github.com"
# we split each /24 into its own entry. # List generated with
listToAttrs (map # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
(c: { "192.30.253.*"
name = "github${toString c}"; "192.30.254.*"
value = { "192.30.255.*"
hostNames = ["github.com"] ++ "185.199.108.*"
map (d: "192.30.${toString c}.${toString d}") (range 0 255); "185.199.109.*"
"185.199.110.*"
"185.199.111.*"
"18.195.85.27"
"18.194.104.89"
"35.159.8.160"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
}; };
}) }
(range 252 255))
// //
mapAttrs mapAttrs
(name: host: { (name: host: {

View File

@ -0,0 +1,30 @@
{ python, writeScriptBin, ... }:
let
pythonEnv = python.withPackages (ps: [ ps.netaddr ]);
in
writeScriptBin "cidr2glob" ''
#! ${pythonEnv}/bin/python
import netaddr
import re
import sys
def cidr2glob(cidr):
net = netaddr.IPNetwork(cidr)
if net.prefixlen <= 8:
return map(lambda subnet: re.sub(r'\.0\.0\.0$', '.*', str(subnet.ip)), net.subnet(8))
elif net.prefixlen <= 16:
return map(lambda subnet: re.sub(r'\.0\.0$', '.*', str(subnet.ip)), net.subnet(16))
elif net.prefixlen <= 24:
return map(lambda subnet: re.sub(r'\.0$', '.*', str(subnet.ip)), net.subnet(24))
else:
return map(lambda ip: str(ip), list(net))
if __name__ == "__main__":
for cidr in sys.stdin:
for glob in cidr2glob(cidr):
print glob
''

View File

@ -47,7 +47,7 @@ with import <stockholm/lib>;
#http://hackage.haskell.org/package/web-page #http://hackage.haskell.org/package/web-page
# ref <stockholm/krebs/3modules>, services.openssh.knownHosts.github* # ref <stockholm/krebs/3modules>, services.openssh.knownHosts.github*
https://help.github.com/articles/github-s-ip-addresses/ https://api.github.com/meta
# <stockholm/tv/2configs/xserver/xserver.conf.nix> # <stockholm/tv/2configs/xserver/xserver.conf.nix>
# is derived from `configFile` in: # is derived from `configFile` in: