Merge remote-tracking branch 'ni/master'
This commit is contained in:
commit
2913830578
@ -83,6 +83,7 @@ let
|
|||||||
rsync
|
rsync
|
||||||
utillinux
|
utillinux
|
||||||
];
|
];
|
||||||
|
restartIfChanged = false;
|
||||||
serviceConfig = rec {
|
serviceConfig = rec {
|
||||||
ExecStart = start plan;
|
ExecStart = start plan;
|
||||||
SyslogIdentifier = ExecStart.name;
|
SyslogIdentifier = ExecStart.name;
|
||||||
|
@ -225,21 +225,26 @@ let
|
|||||||
};
|
};
|
||||||
})
|
})
|
||||||
//
|
//
|
||||||
# GitHub's IPv4 address range is 192.30.252.0/22
|
{
|
||||||
# Refs https://help.github.com/articles/github-s-ip-addresses/
|
github = {
|
||||||
# 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses)
|
hostNames = [
|
||||||
# Because line length is limited by OPENSSH_LINE_MAX (= 8192),
|
"github.com"
|
||||||
# we split each /24 into its own entry.
|
# List generated with
|
||||||
listToAttrs (map
|
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
|
||||||
(c: {
|
"192.30.253.*"
|
||||||
name = "github${toString c}";
|
"192.30.254.*"
|
||||||
value = {
|
"192.30.255.*"
|
||||||
hostNames = ["github.com"] ++
|
"185.199.108.*"
|
||||||
map (d: "192.30.${toString c}.${toString d}") (range 0 255);
|
"185.199.109.*"
|
||||||
|
"185.199.110.*"
|
||||||
|
"185.199.111.*"
|
||||||
|
"18.195.85.27"
|
||||||
|
"18.194.104.89"
|
||||||
|
"35.159.8.160"
|
||||||
|
];
|
||||||
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
|
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
|
||||||
};
|
};
|
||||||
})
|
}
|
||||||
(range 252 255))
|
|
||||||
//
|
//
|
||||||
mapAttrs
|
mapAttrs
|
||||||
(name: host: {
|
(name: host: {
|
||||||
|
30
krebs/5pkgs/simple/cidr2glob.nix
Normal file
30
krebs/5pkgs/simple/cidr2glob.nix
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
{ python, writeScriptBin, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
pythonEnv = python.withPackages (ps: [ ps.netaddr ]);
|
||||||
|
in
|
||||||
|
writeScriptBin "cidr2glob" ''
|
||||||
|
#! ${pythonEnv}/bin/python
|
||||||
|
|
||||||
|
import netaddr
|
||||||
|
import re
|
||||||
|
import sys
|
||||||
|
|
||||||
|
def cidr2glob(cidr):
|
||||||
|
net = netaddr.IPNetwork(cidr)
|
||||||
|
|
||||||
|
if net.prefixlen <= 8:
|
||||||
|
return map(lambda subnet: re.sub(r'\.0\.0\.0$', '.*', str(subnet.ip)), net.subnet(8))
|
||||||
|
elif net.prefixlen <= 16:
|
||||||
|
return map(lambda subnet: re.sub(r'\.0\.0$', '.*', str(subnet.ip)), net.subnet(16))
|
||||||
|
elif net.prefixlen <= 24:
|
||||||
|
return map(lambda subnet: re.sub(r'\.0$', '.*', str(subnet.ip)), net.subnet(24))
|
||||||
|
else:
|
||||||
|
return map(lambda ip: str(ip), list(net))
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
for cidr in sys.stdin:
|
||||||
|
for glob in cidr2glob(cidr):
|
||||||
|
print glob
|
||||||
|
|
||||||
|
''
|
@ -47,7 +47,7 @@ with import <stockholm/lib>;
|
|||||||
#http://hackage.haskell.org/package/web-page
|
#http://hackage.haskell.org/package/web-page
|
||||||
|
|
||||||
# ref <stockholm/krebs/3modules>, services.openssh.knownHosts.github*
|
# ref <stockholm/krebs/3modules>, services.openssh.knownHosts.github*
|
||||||
https://help.github.com/articles/github-s-ip-addresses/
|
https://api.github.com/meta
|
||||||
|
|
||||||
# <stockholm/tv/2configs/xserver/xserver.conf.nix>
|
# <stockholm/tv/2configs/xserver/xserver.conf.nix>
|
||||||
# is derived from `configFile` in:
|
# is derived from `configFile` in:
|
||||||
|
Loading…
Reference in New Issue
Block a user