Merge remote-tracking branch 'lass/master'
This commit is contained in:
commit
3299706b01
1
.github/workflows/repo-sync.yml
vendored
1
.github/workflows/repo-sync.yml
vendored
@ -5,6 +5,7 @@ on:
|
||||
|
||||
jobs:
|
||||
repo-sync:
|
||||
if: github.repository_owner == 'Mic92'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
2
krebs/3modules/external/default.nix
vendored
2
krebs/3modules/external/default.nix
vendored
@ -639,7 +639,7 @@ in {
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.13.12";
|
||||
aliases = [ "catalonia.r" ];
|
||||
aliases = [ "catalonia.r" "aleph.r" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y
|
||||
|
29
krebs/3modules/external/mic92.nix
vendored
29
krebs/3modules/external/mic92.nix
vendored
@ -334,6 +334,26 @@ in {
|
||||
'';
|
||||
};
|
||||
};
|
||||
yasmin = {
|
||||
owner = config.krebs.users.mic92;
|
||||
nets.retiolum = {
|
||||
ip4.addr = "10.243.29.197";
|
||||
aliases = [
|
||||
"yasmin.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAnQ6HGgUPVQbDIsLZAawZu4vK9yHF02aDrIWU9SdzpAddhM8yqWeC
|
||||
f55W6zyjZuoQ2w4UNthDl6gjQM6A9B+nEMRNz3Rnhp57Lyi0a6HZHF2Eok9vJBiu
|
||||
IRbVUxPpPKOGE09w0m5cLOfDfaZVdAT+80lQYoaasDr2VlRJNa2/arzaq847/SVg
|
||||
vaf4gOmE+iIK+4ZDHqLcTn1WD6jy+aMChZU/zI31vZ8vM4oPuGh1xbcB3wKP3Vf3
|
||||
OTqpGN86CdrdBahJkzNJzIXYsPsRaZ2+8dWTH9gJjI0z+yywQQCrrh9K/oJtDUHF
|
||||
BwmNc150BoSLqwduSWLtBonCa9p2/y/TDQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
Ed25519PublicKey = ZQt/OcrDlQZvtJyMEFcS6FKjtumBA9gBWr7VqGdbJBP
|
||||
'';
|
||||
};
|
||||
};
|
||||
martha = {
|
||||
owner = config.krebs.users.mic92;
|
||||
nets = rec {
|
||||
@ -389,6 +409,7 @@ in {
|
||||
nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR
|
||||
/vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
Ed25519PublicKey = 1wPa2cmQ4FUFw9289d0KdG1DcDuMNIYMWzIUnVVHu2P
|
||||
'';
|
||||
};
|
||||
};
|
||||
@ -426,11 +447,12 @@ in {
|
||||
owner = config.krebs.users.mic92;
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "131.159.38.191";
|
||||
ip6.addr = "2a09:80c0:38::191";
|
||||
ip4.addr = "131.159.102.1";
|
||||
ip6.addr = "2a09:80c0:102::1";
|
||||
aliases = [ "bill.i" ];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs = [
|
||||
config.krebs.hosts.bill.nets.retiolum.ip4.addr
|
||||
config.krebs.hosts.bill.nets.retiolum.ip6.addr
|
||||
@ -465,6 +487,7 @@ in {
|
||||
aliases = [ "nardole.i" ];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs = [
|
||||
config.krebs.hosts.nardole.nets.retiolum.ip4.addr
|
||||
config.krebs.hosts.nardole.nets.retiolum.ip6.addr
|
||||
@ -618,6 +641,7 @@ in {
|
||||
FK5qRrQFMRFB8KGV+n3+cx3XCM2q0ZPTNf06N+Usx6vTKLASa/4GaTcbBx+9Dndm
|
||||
mFVWq9JjLa8e65tojzj8PhmgxqaNCf8aKwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
Ed25519PublicKey = oRGc9V9G9GFsY1bZIaJamoDEAZU2kphlpxXOMBxI2GN
|
||||
'';
|
||||
};
|
||||
};
|
||||
@ -640,6 +664,7 @@ in {
|
||||
jb+EGlT/vq3+oGNFJ7Shy/VsR5GLDoZ5KCsT45DM87lOjGB7m+bOdizZQtWmJtC/
|
||||
/btEPWJPAD9lIY2iGtPrmeMWDNTW9c0iCwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
Ed25519PublicKey = dzjT09UeUGJCbUFrBo+FtbnXrsxFQnmqmJw7tjpJQJL
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
@ -21,6 +21,7 @@ in {
|
||||
"krebsco.de" = ''
|
||||
cache IN A ${nets.internet.ip4.addr}
|
||||
p IN A ${nets.internet.ip4.addr}
|
||||
c IN A ${nets.internet.ip4.addr}
|
||||
paste IN A ${nets.internet.ip4.addr}
|
||||
prism IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
@ -65,7 +66,9 @@ in {
|
||||
"prism.r"
|
||||
"cache.prism.r"
|
||||
"cgit.prism.r"
|
||||
"flix.r"
|
||||
"paste.r"
|
||||
"c.r"
|
||||
"p.r"
|
||||
"search.r"
|
||||
];
|
||||
|
@ -18,6 +18,9 @@ self: super: {
|
||||
"0.9.0" = [
|
||||
./flameshot/flameshot_imgur_0.9.0.patch
|
||||
];
|
||||
"0.10.1" = [
|
||||
./flameshot/flameshot_imgur_0.9.0.patch
|
||||
];
|
||||
}.${old.version};
|
||||
});
|
||||
|
||||
|
23
krebs/5pkgs/simple/cyberlocker-tools/default.nix
Normal file
23
krebs/5pkgs/simple/cyberlocker-tools/default.nix
Normal file
@ -0,0 +1,23 @@
|
||||
{ pkgs }:
|
||||
pkgs.symlinkJoin {
|
||||
name = "cyberlocker-tools";
|
||||
paths = [
|
||||
(pkgs.writers.writeDashBin "cput" ''
|
||||
set -efu
|
||||
path=''${1:-$(hostname)}
|
||||
path=$(echo "/$path" | sed -E 's:/+:/:')
|
||||
url=http://c.r$path
|
||||
|
||||
${pkgs.curl}/bin/curl -fSs --data-binary @- "$url"
|
||||
echo "$url"
|
||||
'')
|
||||
(pkgs.writers.writeDashBin "cdel" ''
|
||||
set -efu
|
||||
path=$1
|
||||
path=$(echo "/$path" | sed -E 's:/+:/:')
|
||||
url=http://c.r$path
|
||||
|
||||
${pkgs.curl}/bin/curl -f -X DELETE "$url"
|
||||
'')
|
||||
];
|
||||
}
|
29
krebs/5pkgs/simple/htgen-cyberlocker/default.nix
Normal file
29
krebs/5pkgs/simple/htgen-cyberlocker/default.nix
Normal file
@ -0,0 +1,29 @@
|
||||
with import <stockholm/lib>;
|
||||
{ pkgs, stdenv }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "htgen-cyberlocker";
|
||||
version = "1.0.0";
|
||||
|
||||
src = ./src;
|
||||
|
||||
buildPhase = ''
|
||||
(
|
||||
exec > htgen-cyberlocker
|
||||
echo PATH=${makeBinPath [
|
||||
pkgs.coreutils
|
||||
pkgs.file
|
||||
pkgs.findutils
|
||||
pkgs.gnugrep
|
||||
pkgs.jq
|
||||
pkgs.nix
|
||||
pkgs.utillinux
|
||||
]}
|
||||
echo STATEDIR=${shell.escape "\${STATEDIR-$HOME}"}
|
||||
cat $src/htgen-cyberlocker
|
||||
)
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
install -D htgen-cyberlocker $out/bin/htgen-cyberlocker
|
||||
'';
|
||||
}
|
76
krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker
Normal file
76
krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker
Normal file
@ -0,0 +1,76 @@
|
||||
delete_response() {
|
||||
jq -n -r \
|
||||
--arg server "$Server" \
|
||||
'
|
||||
[ "HTTP/1.1 204 OK\r"
|
||||
, "Connection: close\r"
|
||||
, "Server: \($server)\r"
|
||||
, "\r"
|
||||
][]
|
||||
'
|
||||
}
|
||||
|
||||
file_response() {(
|
||||
type=$(file -ib "$1")
|
||||
size=$(wc -c < "$1")
|
||||
jq -n -r \
|
||||
--arg type "$type" \
|
||||
--arg size "$size" \
|
||||
--arg server "$Server" \
|
||||
'
|
||||
[ "HTTP/1.1 200 OK\r"
|
||||
, "Connection: close\r"
|
||||
, "Content-Length: \($size)\r"
|
||||
, "Content-Type: \($type)\r"
|
||||
, "Server: \($server)\r"
|
||||
, "\r"
|
||||
][]
|
||||
'
|
||||
cat "$1"
|
||||
)}
|
||||
|
||||
read_uri() {
|
||||
jq -cn --arg uri "$1" '
|
||||
$uri |
|
||||
capture("^((?<scheme>[^:]*):)?(//(?<authority>[^/]*))?(?<path>[^?#]*)([?](?<query>[^#]*))?([#](?<fragment>.*))?$") |
|
||||
. + {
|
||||
query: (.query | if . != null then
|
||||
split("&") |
|
||||
map(split("=") | {key:.[0],value:.[1]}) |
|
||||
from_entries
|
||||
else . end)
|
||||
}
|
||||
'
|
||||
}
|
||||
|
||||
uri=$(read_uri "$Request_URI")
|
||||
path=$(jq -nr --argjson uri "$uri" '$uri.path')
|
||||
|
||||
case "$Method $path" in
|
||||
'POST /'*|'PUT /'*)
|
||||
content=$(mktemp -t htgen.$$.content.XXXXXXXX)
|
||||
trap "rm $content >&2" EXIT
|
||||
|
||||
head -c $req_content_length > $content
|
||||
|
||||
item=$STATEDIR/items/$(echo "$path" | jq -rR @uri)
|
||||
|
||||
mkdir -v -p $STATEDIR/items >&2
|
||||
cp -v $content $item >&2
|
||||
exit
|
||||
;;
|
||||
'GET /'*)
|
||||
item=$STATEDIR/items/$(echo "$path" | jq -rR @uri)
|
||||
if [ -e "$item" ]; then
|
||||
file_response "$item"
|
||||
exit
|
||||
fi
|
||||
;;
|
||||
'DELETE /'*)
|
||||
item=$STATEDIR/items/$(echo "$path" | jq -rR @uri)
|
||||
if [ -e "$item" ]; then
|
||||
rm "$item"
|
||||
delete_response
|
||||
exit
|
||||
fi
|
||||
esac
|
@ -1,9 +1,9 @@
|
||||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs",
|
||||
"rev": "dd14e5d78e90a2ccd6007e569820de9b4861a6c2",
|
||||
"date": "2021-07-24T08:14:16-04:00",
|
||||
"path": "/nix/store/0z5nrrjzmjcicjhhdrqb9vgm56zxysk3-nixpkgs",
|
||||
"sha256": "1zmhwx1qqgl1wrrb9mjkck508887rldrnragvximhd7jrh1ya3fb",
|
||||
"rev": "8d8a28b47b7c41aeb4ad01a2bd8b7d26986c3512",
|
||||
"date": "2021-08-29T22:49:37+08:00",
|
||||
"path": "/nix/store/vg29bg0awqam80djwz68ym0awvasrw6i-nixpkgs",
|
||||
"sha256": "1s29nc3ppsjdq8kgbh8pc26xislkv01yph58xv2vjklkvsmz5pzm",
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
"leaveDotGit": false
|
||||
|
@ -1,9 +1,9 @@
|
||||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs",
|
||||
"rev": "91903ceb294dbe63a696759bfba3d23ee667f2dc",
|
||||
"date": "2021-07-26T09:21:28+02:00",
|
||||
"path": "/nix/store/2v649741xdh1crybi2dm879bl60zrkhf-nixpkgs",
|
||||
"sha256": "1hmpwi27r4q0lnspg7ylfzxakwz2fhl3r07vjvq5yalcdqwiain3",
|
||||
"rev": "74d017edb6717ad76d38edc02ad3210d4ad66b96",
|
||||
"date": "2021-08-27T16:58:49+02:00",
|
||||
"path": "/nix/store/82jg1p0rlf7mkryjpdn0z6b95q4i9lnq-nixpkgs",
|
||||
"sha256": "0wvz41izp4djzzr0a6x54hcm3xjr51nlj8vqghfgyrjpk8plyk4s",
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
"leaveDotGit": false
|
||||
|
@ -305,6 +305,12 @@ with import <stockholm/lib>;
|
||||
localAddress = "10.233.2.14";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."flix.r" = {
|
||||
locations."/".extraConfig = ''
|
||||
proxy_pass http://10.233.2.14:80/;
|
||||
proxy_set_header Accept-Encoding "";
|
||||
'';
|
||||
};
|
||||
services.nginx.virtualHosts."lassul.us" = {
|
||||
locations."^~ /flix/".extraConfig = ''
|
||||
if ($scheme != "https") {
|
||||
@ -379,7 +385,58 @@ with import <stockholm/lib>;
|
||||
mountdPort = 4002;
|
||||
statdPort = 4000;
|
||||
};
|
||||
|
||||
services.samba = {
|
||||
enable = true;
|
||||
enableNmbd = false;
|
||||
extraConfig = ''
|
||||
workgroup = WORKGROUP
|
||||
netbios name = PRISM
|
||||
server string = ${config.networking.hostName}
|
||||
# only allow retiolum addresses
|
||||
hosts allow = 42::/16 10.243.0.0/16
|
||||
|
||||
# Use sendfile() for performance gain
|
||||
use sendfile = true
|
||||
|
||||
# No NetBIOS is needed
|
||||
disable netbios = true
|
||||
|
||||
# Only mangle non-valid NTFS names, don't care about DOS support
|
||||
mangled names = illegal
|
||||
|
||||
# Performance optimizations
|
||||
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
|
||||
|
||||
# Disable all printing
|
||||
load printers = false
|
||||
disable spoolss = true
|
||||
printcap name = /dev/null
|
||||
|
||||
map to guest = Bad User
|
||||
max log size = 50
|
||||
dns proxy = no
|
||||
security = user
|
||||
|
||||
[global]
|
||||
syslog only = yes
|
||||
'';
|
||||
shares.public = {
|
||||
comment = "Warez";
|
||||
path = "/export";
|
||||
public = "yes";
|
||||
"only guest" = "yes";
|
||||
"create mask" = "0644";
|
||||
"directory mask" = "2777";
|
||||
writable = "no";
|
||||
printable = "no";
|
||||
};
|
||||
};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
# smbd
|
||||
{ predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; }
|
||||
|
||||
{ predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
|
||||
|
@ -164,7 +164,7 @@ with import <stockholm/lib>;
|
||||
client
|
||||
dev tun
|
||||
proto udp
|
||||
remote 91.207.172.77 1194
|
||||
remote 196.240.57.43 1194
|
||||
resolv-retry infinite
|
||||
remote-random
|
||||
nobind
|
||||
|
@ -2,6 +2,18 @@
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
services.nginx.virtualHosts.cyberlocker = {
|
||||
serverAliases = [ "c.r" ];
|
||||
locations."/".extraConfig = ''
|
||||
client_max_body_size 4G;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port};
|
||||
'';
|
||||
extraConfig = ''
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
'';
|
||||
};
|
||||
services.nginx.virtualHosts.paste = {
|
||||
serverAliases = [ "p.r" ];
|
||||
locations."/".extraConfig = ''
|
||||
@ -19,6 +31,26 @@ with import <stockholm/lib>;
|
||||
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
|
||||
proxy_pass_header Server;
|
||||
'';
|
||||
extraConfig = ''
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
'';
|
||||
};
|
||||
services.nginx.virtualHosts."c.krebsco.de" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
serverAliases = [ "c.krebsco.de" ];
|
||||
locations."/".extraConfig = ''
|
||||
if ($request_method != GET) {
|
||||
return 403;
|
||||
}
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.cyberlocker.port};
|
||||
'';
|
||||
extraConfig = ''
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
'';
|
||||
};
|
||||
services.nginx.virtualHosts."p.krebsco.de" = {
|
||||
enableACME = true;
|
||||
@ -39,6 +71,10 @@ with import <stockholm/lib>;
|
||||
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
|
||||
proxy_pass_header Server;
|
||||
'';
|
||||
extraConfig = ''
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
'';
|
||||
};
|
||||
|
||||
krebs.htgen.paste = {
|
||||
@ -58,6 +94,12 @@ with import <stockholm/lib>;
|
||||
(. ${pkgs.htgen-imgur}/bin/htgen-imgur)
|
||||
'';
|
||||
};
|
||||
krebs.htgen.cyberlocker = {
|
||||
port = 7772;
|
||||
script = /* sh */ ''
|
||||
(. ${pkgs.htgen-cyberlocker}/bin/htgen-cyberlocker)
|
||||
'';
|
||||
};
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";}
|
||||
];
|
||||
|
Loading…
Reference in New Issue
Block a user