diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 227eb209b..081724cfe 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -186,7 +186,7 @@ let makefu tv ]; - ciko.mail = "wieczorek.stefan@gmail.com"; + ciko.mail = "ciko@slash16.net"; in { "anmeldung@eloop.org" = eloop-ml; "cfp@eloop.org" = eloop-ml; diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index c9677fd24..a17ec0883 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -47,9 +47,7 @@ let type = mkOptionType { # TODO admit symbolic mode name = "octal mode"; - check = x: - isString x && - match "[0-7][0-7][0-7][0-7]" x != null; + check = test "[0-7][0-7][0-7][0-7]"; merge = mergeOneOption; }; }; diff --git a/krebs/5pkgs/simple/bling/default.nix b/krebs/5pkgs/simple/bling/default.nix new file mode 100644 index 000000000..8d6207f65 --- /dev/null +++ b/krebs/5pkgs/simple/bling/default.nix @@ -0,0 +1,56 @@ +{ imagemagick, runCommand, ... }: + +with import ; + +let + krebs-v2 = [ + " " + " " + " x x x x" + "xx x xx xx xx x" + "xx x xx xx xx x" + " xxx x x xxx" + " xxx xxxxx xxx" + " x xxxxxxx x " + " xxxxxxxxxxxxx " + " xxxxxxx " + " xxxxxxxxxxx " + " x xxx x " + " x x x x x x " + " x x x x x x " + " x xx x x xx x " + " " + ]; + + chars-per-pixel = 1; + colors = 2; + columns = foldl' max 0 (map stringLength krebs-v2); + rows = length krebs-v2; + + png-geometry = "1692x1692"; + + txt = concatMapStrings (s: "${s}\n") krebs-v2; + + xpm = '' + static char *krebs_v2[] = { + ${toC (toString [columns rows colors chars-per-pixel])}, + " c None", + "x c #E4002B", + ${concatMapStringsSep ",\n " toC krebs-v2} + }; + ''; +in + +runCommand "bling" + { + inherit xpm; + passAsFile = ["xpm"]; + } + '' + mkdir -p $out + cd $out + + cp $xpmPath krebs-v2.xpm + ${imagemagick}/bin/convert krebs-v2.xpm krebs-v2.ico + ${imagemagick}/bin/convert krebs-v2.xpm -scale ${png-geometry} krebs-v2.png + '' diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix index 4017b873b..1930c7f14 100644 --- a/krebs/5pkgs/simple/git-hooks/default.nix +++ b/krebs/5pkgs/simple/git-hooks/default.nix @@ -5,7 +5,15 @@ with import ; { # TODO irc-announce should return a derivation # but it cannot because krebs.git.repos.*.hooks :: attrsOf str - irc-announce = { nick, channel, server, port ? 6667, verbose ? false, branches ? [] }: '' + irc-announce = + { branches ? [] + , cgit_endpoint ? "http://cgit.${nick}.r" + , channel + , nick + , port ? 6667 + , server + , verbose ? false + }: /* sh */ '' #! /bin/sh set -euf @@ -34,7 +42,6 @@ with import ; port=${toString port} host=$nick - cgit_endpoint=http://cgit.$host.r empty=0000000000000000000000000000000000000000 @@ -66,22 +73,27 @@ with import ; if [ $newrev = $empty ]; then id=$empty_tree; fi if [ $oldrev = $empty ]; then id2=$empty_tree; fi - case $receive_mode in - create) - link="$cgit_endpoint/$GIT_SSH_REPO/?h=$h" - ;; - delete) - link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)" - ;; - fast-forward|non-fast-forward) - link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2" - ;; - esac + ${if cgit_endpoint != null then /* sh */ '' + cgit_endpoint=${escapeShellArg cgit_endpoint} + case $receive_mode in + create) + link="$cgit_endpoint/$GIT_SSH_REPO/?h=$h" + ;; + delete) + link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)" + ;; + fast-forward|non-fast-forward) + link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2" + ;; + esac + '' else /* sh */ '' + link="$GIT_SSH_REPO $h" + ''} #$host $GIT_SSH_REPO $ref $link add_message $(pink push) $link $(gray "($receive_mode)") - ${optionalString verbose '' + ${optionalString verbose /* sh */ '' add_message "$( git log \ --format="$(orange %h) %s $(gray '(%ar)')" \ diff --git a/krebs/5pkgs/simple/krebs-pages/default.nix b/krebs/5pkgs/simple/krebs-pages/default.nix new file mode 100644 index 000000000..c4ecb2603 --- /dev/null +++ b/krebs/5pkgs/simple/krebs-pages/default.nix @@ -0,0 +1,8 @@ +{ bling, runCommand, ... }: + +runCommand "krebs-pages-0" {} '' + mkdir $out + cp ${./fixtures}/* $out/ + ln -s ${bling}/krebs-v2.ico $out/favicon.ico + ln -s ${bling}/krebs-v2.png $out/ +'' diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/index.html b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html new file mode 100644 index 000000000..e6b7034b3 --- /dev/null +++ b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html @@ -0,0 +1,42 @@ + +krebscode + + + +

+ + Linuxtag Heckenkrebs Presentation + +

+

+ + CTF Writeups + +

+

+ + Thesauron + +

+ diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html b/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html new file mode 100644 index 000000000..bcf1c5d48 --- /dev/null +++ b/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html @@ -0,0 +1,133 @@ +

Cholerab n. +[de] +- Kunstwort aus Kollaboration und Cholera. Beschreibt den Zustand, dass + Zusammenarbeit niemals gut, einfach und ohne Schmerzen funktioniert. +- Teamwork-Plattform für Krebscode.

+ +

eigentlich adv. +[de] +- Hinweis darauf, dass der Inhalt eines Satzes eine Soll-Realität beschreibt, + die nicht der Fall ist. +Antonym: tatsaechlich

+ +

ghost n. +[de] +- Host im Darknet welcher evtl. irgendwie noch da ist (als dd image auf anderen + Festplatten) aber wohl nie wieder kommen wird. +Siehe: Wiederbelebung

+ +

KD;RP abbr. (pronounciation: kah-derp) +[en] +- Short for Krebs Darknet / Retiolum Prefix.

+ +

krebs +[de] +- krebs ist ein soziales Experiment, eine Organisation, das zweit aelteste + Softwareprojekt im Shack und viel verteilte infrastruktur.

+ +

kremium +[en] +- coinage derived from the words premium and krebs +see: broken +usage: Reaktor ircbot has unfixed broken behavior since ever->“Kremium Software”

+ +

KRI abbr. (pronounciation: [en] cry) +[en] +- Short for Krebs Request for Implementation. + Derived from Scheme Requests for Implementation (SRFI).

+ +

litterate programming n. +[en] +- any code that has not been proved mathematically.

+ +

Nahziel n. +[de] +- Ziel mit höchst möglicher Priorität.

+ +

Nahzielerfahrung n. +[de] +- das Erlebnis der (endgültigen) Nichterreichung eines Nahziels (obwohl + nur noch wenig ((quasi-) infinitesimal viel) nötig gewesen wäre).

+ +

parentheses of fear +[en] +- unnecessary parentheses, usually used when order of precedence is unknown. + - Examples: 1 + (2 * 3)

+ +

Protip n. +[en] +- (Probably vague) description how a task can be solved. + - Antonym: Spoiler + - Example: + - To defeat the Cyberdaemon, shoot at it until it dies. + - RTFM

+ +

Punching Lemma n. +[de] +- Sozialer Druck zur Aufrechterhaltung der Ordnung in dem sozialen Geflaecht + von Krebs

+ +

ref, n. +[en] +- A reference like an URI, ISBN, name of a person, etc.

+ +

reftrace, n. +[en] +- A stacktrace-like representation of refs that lead to some (any kind of) + conclusion. Usually generated by a human. The conclusion can be either on + the top or on the bottom of the stack. If the order is ambiguous, then it + should be communicated explicitly. + - Example: (conclusion first) + - http://en.wikipedia.org/wiki/Stack_trace + - google “stacktrace” (first entry / 2014–12–05T12:13:58Z) + - think about some example [this could be omitted, as it’s obvious…]

+ +

Retiolum n. +[en] +- The official darknet of Krebs which utilizes the Retiolum Prefix to + address individual nodes.

+ +

Retiolum Prefix n. +[en] +- The universally accepted IPv6-prefix, 42::/16. Anyone can has a + /128-subnet and, if require, anything larger.

+ +

Retiolum Realtime Map n. +[en] +- The network map of the public visible part of Retiolum.

+ +

RRM [abbr.][en] +- Short for Retiolum Retiolum Map.

+ +

Sanatorium n. +[en] +- The Krebs Control and Command Center. +- An Retiolum-based IRC-channel where all Reaktor-enabled nodes gather + and lurk for relevant input.

+ +

Spoiler n. +[en] +- A subset of walkthrough, i.e. any individual steps may be omitted. + - Antonym: Protip

+ +

tatsaechlich, adv. +[de] +- Hinweis darauf, dass der Inhalt eines Satzes exakt der Realität entspricht. +Antonym: eigentlich

+ +

Verkrebsung n. +[de] +- Synonym fuer die Installation von Krebs (oder eine einzelnen Krebs + Komponente) auf einem beliebigem System.

+ +

Walkthrough n. +[en] +- Description of the individual steps to complete a task. + - Examples: + - program code + - small-step semantics

+ +

Wiederbelebung n. +[de] +- Ein ghost wird im Darknet wieder erreichbar +Siehe: ghost

diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix index 7ffbd8870..509555669 100644 --- a/krebs/5pkgs/simple/urlwatch/default.nix +++ b/krebs/5pkgs/simple/urlwatch/default.nix @@ -1,16 +1,17 @@ { stdenv, fetchurl, python3Packages }: python3Packages.buildPythonPackage rec { - name = "urlwatch-2.5"; + name = "urlwatch-${meta.version}"; src = fetchurl { - url = "https://thp.io/2008/urlwatch/${name}.tar.gz"; - sha256 = "0qirpymdmpsx0klmhbx3icmiwpm6fx4wjma646gl9m90pifs8430"; + url = "https://github.com/thp/urlwatch/archive/${meta.version}.tar.gz"; + sha256 = "09bn31gn03swi7yr3s1ql8x07hx96gap1ka77kk44kk0lvfxn55b"; }; propagatedBuildInputs = with python3Packages; [ keyring minidb + pycodestyle pyyaml requests2 ]; @@ -20,5 +21,6 @@ python3Packages.buildPythonPackage rec { homepage = https://thp.io/2008/urlwatch/; license = stdenv.lib.licenses.bsd3; maintainers = [ stdenv.lib.maintainers.tv ]; + version = "2.6"; }; } diff --git a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash index eba44be1c..042763048 100644 --- a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash +++ b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash @@ -1,26 +1,33 @@ #!/usr/bin/env bash - +# # Prints build logs for failed derivations in quiet build mode (-Q). # See https://github.com/NixOS/nix/issues/443 # # Usage: # -# set -o pipefail -# nix-build ... -Q ... | whatsupnix [user@target[:port]] +# nix-build ... -Q ... 2>&1 | whatsupnix [user@target[:port]] +# +# Exit Codes: +# +# 0 No failed derivations could be found. This either means there where +# no build errors, or stdin wasn't nix-build output. +# +# 1 Usage error; arguments couldn't be parsed. +# +# 2 Build error; at least one failed derivation could be found. # - GAWK=${GAWK:-gawk} NIX_STORE=${NIX_STORE:-nix-store} -broken=$(mktemp) -trap 'rm -f -- "$broken"' EXIT +failed_drvs=$(mktemp --tmpdir whatsupnix.XXXXXXXX) +trap 'rm -f -- "$failed_drvs"' EXIT exec >&2 -$GAWK -v broken="$broken" ' +$GAWK -v failed_drvs="$failed_drvs" ' match($0, /^builder for ‘(\/nix\/store\/[^’]+\.drv)’ failed/, m) { - print m[1] >> broken + print m[1] >> failed_drvs } { print $0 } ' @@ -28,7 +35,7 @@ $GAWK -v broken="$broken" ' case $# in 0) print_log() { - $NIX_STORE -l "$1" + NIX_PAGER= $NIX_STORE -l "$1" } ;; 1) @@ -47,7 +54,7 @@ case $# in remote_host=$1 print_log() { ssh "$remote_user@$remote_host" -p "$remote_port" \ - nix-store -l "$1" + env NIX_PAGER= nix-store -l "$1" } ;; *) @@ -55,7 +62,6 @@ case $# in exit 1 esac -export NIX_PAGER='' # for nix-store while read -r drv; do title="** FAILED $drv LOG **" frame=${title//?/*} @@ -68,6 +74,10 @@ while read -r drv; do print_log "$drv" echo -done < "$broken" +done < "$failed_drvs" -exit 0 +if test -s "$failed_drvs"; then + exit 2 +else + exit 0 +fi diff --git a/lib/default.nix b/lib/default.nix index 9399a0107..803a614a1 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -29,6 +29,10 @@ let setAttr = name: value: set: set // { ${name} = value; }; + test = re: x: isString x && testString re x; + + testString = re: x: match re x != null; + toC = x: let type = typeOf x; reject = throw "cannot convert ${type}"; diff --git a/lib/shell.nix b/lib/shell.nix index a8ff5dbe0..f9779028e 100644 --- a/lib/shell.nix +++ b/lib/shell.nix @@ -5,7 +5,7 @@ with lib; rec { escape = let - isSafeChar = c: match "[-+./0-9:=A-Z_a-z]" c != null; + isSafeChar = testString "[-+./0-9:=A-Z_a-z]"; in stringAsChars (c: if isSafeChar c then c diff --git a/lib/types.nix b/lib/types.nix index 530cd1e69..f9ec7b1c3 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -2,10 +2,10 @@ let inherit (lib) - all any concatMapStringsSep concatStringsSep const filter flip genid - hasSuffix head isInt isString length match mergeOneOption mkOption + all any concatMapStringsSep concatStringsSep const filter flip + genid hasSuffix head isInt isString length mergeOneOption mkOption mkOptionType optional optionalAttrs optionals range splitString - stringLength substring typeOf; + stringLength substring test typeOf; inherit (lib.types) attrsOf bool either enum int listOf nullOr path str string submodule; in @@ -338,7 +338,8 @@ rec { check = let IPv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in concatMapStringsSep "." (const d) (range 1 4); - in x: isString x && match IPv4address x != null; + in + test IPv4address; merge = mergeOneOption; }; addr6 = mkOptionType { @@ -346,7 +347,8 @@ rec { check = let # TODO check IPv6 address harder IPv6address = "[0-9a-f.:]+"; - in x: isString x && match IPv6address x != null; + in + test IPv6address; merge = mergeOneOption; }; @@ -396,14 +398,13 @@ rec { file-mode = mkOptionType { name = "file mode"; - check = x: isString x && match "[0-7]{4}" x != null; + check = test "[0-7]{4}"; merge = mergeOneOption; }; haskell.conid = mkOptionType { name = "Haskell constructor identifier"; - check = x: - isString x && match "[[:upper:]][[:lower:]_[:upper:]0-9']*" x != null; + check = test "[[:upper:]][[:lower:]_[:upper:]0-9']*"; merge = mergeOneOption; }; @@ -425,15 +426,14 @@ rec { label = mkOptionType { name = "label"; # TODO case-insensitive labels - check = x: isString x - && match "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?" x != null; + check = test "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?"; merge = mergeOneOption; }; # POSIX.1‐2013, 3.278 Portable Filename Character Set filename = mkOptionType { name = "POSIX filename"; - check = x: isString x && match "([0-9A-Za-z._])[0-9A-Za-z._-]*" x != null; + check = test "([0-9A-Za-z._])[0-9A-Za-z._-]*"; merge = mergeOneOption; }; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index bfd59531a..3add01748 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -28,6 +28,7 @@ with import ; # tv bc bind # dig + brain cac-api dic file @@ -35,6 +36,7 @@ with import ; haskellPackages.hledger htop jq + krebszones mkpasswd netcat netcup @@ -47,18 +49,6 @@ with import ; texlive.combined.scheme-full tmux - (pkgs.writeDashBin "krebszones" '' - set -efu - export OVH_ZONE_CONFIG=$HOME/.secrets/krebs/ovh-zone.conf - case $* in - import) - set -- import /etc/zones/krebsco.de krebsco.de - echo "+ krebszones $*" >&2 - ;; - esac - exec ${pkgs.krebszones}/bin/ovh-zone "$@" - '') - #ack #apache-httpd #ascii diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index b1d739ef3..4a1247ef5 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -9,12 +9,15 @@ with import ; user = config.krebs.users.tv; source = let inherit (config.krebs.build) host; in { nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix"; - secrets.file = "/home/tv/secrets/${host.name}"; + secrets.file = + if getEnv "dummy_secrets" == "true" + then toString + else "/home/tv/secrets/${host.name}"; secrets-common.file = "/home/tv/secrets/common"; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "99dfb6dce37edcd1db7cb85c2db97089d9d5f442"; # nixos-17.03 + ref = "412b0a17aa2975e092c7ab95a38561c5f82908d4"; # nixos-17.03 }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; @@ -41,6 +44,7 @@ with import ; gnumake hashPassword populate + whatsupnix ]; } { diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 13b12986c..b6480f356 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -90,28 +90,33 @@ let { { brain = { collaborators = with config.krebs.users; [ lass makefu ]; + hooks.post-receive = irc-announce { + cgit_endpoint = null; + }; }; } // # TODO don't put secrets/repos.nix into the store import { inherit config lib pkgs; } ); + irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate { + channel = "#retiolum"; + # TODO make nick = config.krebs.build.host.name the default + nick = config.krebs.build.host.name; + server = "ni.r"; + verbose = true; + } args); + make-public-repo = name: { cgit ? {}, ... }: { inherit cgit name; public = true; hooks = optionalAttrs (config.krebs.build.host.name == "ni") { - post-receive = pkgs.git-hooks.irc-announce { - # TODO make nick = config.krebs.build.host.name the default - nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "ni.r"; - verbose = true; - }; + post-receive = irc-announce {}; }; }; - make-restricted-repo = name: { collaborators ? [], ... }: { - inherit collaborators name; + make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: { + inherit collaborators hooks name; public = false; }; diff --git a/tv/dummy_secrets/default.nix b/tv/dummy_secrets/default.nix new file mode 100644 index 000000000..ab90db55c --- /dev/null +++ b/tv/dummy_secrets/default.nix @@ -0,0 +1,8 @@ +{ config, ... }: +{ + users.users.root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.tv.pubkey + ]; + }; +} diff --git a/tv/dummy_secrets/repos.nix b/tv/dummy_secrets/repos.nix new file mode 100644 index 000000000..eed712458 --- /dev/null +++ b/tv/dummy_secrets/repos.nix @@ -0,0 +1 @@ +_: {} diff --git a/tv/dummy_secrets/ssh.id_ed25519 b/tv/dummy_secrets/ssh.id_ed25519 new file mode 100644 index 000000000..a7d2adab4 --- /dev/null +++ b/tv/dummy_secrets/ssh.id_ed25519 @@ -0,0 +1,3 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +dummy +-----END OPENSSH PRIVATE KEY----- diff --git a/tv/dummy_secrets/ssh.id_rsa b/tv/dummy_secrets/ssh.id_rsa new file mode 100644 index 000000000..dd7209c2e --- /dev/null +++ b/tv/dummy_secrets/ssh.id_rsa @@ -0,0 +1,3 @@ +-----BEGIN RSA PRIVATE KEY----- +dummy +-----END RSA PRIVATE KEY-----