From 7050df8789e7e7bfff93dabdcb3897ec6611cb1a Mon Sep 17 00:00:00 2001 From: nin Date: Wed, 25 Sep 2019 19:42:41 +0200 Subject: Revert "remove nin" This reverts commit 6b08d5aa46adc80d8a1ab4ed1d3e320c61a19f01. --- lass/1systems/prism/config.nix | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 845cf943c..a586807ef 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -65,6 +65,13 @@ with import ; config.krebs.users.makefu.pubkey ]; }; + users.users.nin = { + uid = genid "nin"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; users.extraUsers.dritter = { uid = genid_uint31 "dritter"; isNormalUser = true; @@ -117,6 +124,26 @@ with import ; localAddress = "10.233.2.2"; }; } + { + #onondaga + systemd.services."container@onondaga".reloadIfChanged = mkForce false; + containers.onondaga = { + config = { ... }: { + imports = [ ]; + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + config.krebs.users.nin.pubkey + ]; + }; + autoStart = true; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.5"; + localAddress = "10.233.2.6"; + }; + } -- cgit v1.3.1 From 8c32788a5e875cf2c31f2fdfcd06eee8aba2144f Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 9 Oct 2019 22:44:18 +0200 Subject: l yellow.r: fix path traversal escalation --- lass/1systems/yellow/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index cda0d0a33..fd617518f 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -49,7 +49,7 @@ with import ; default = true; locations."/Nginx-Fancyindex-Theme-dark" = { extraConfig = '' - alias ${pkgs.fetchFromGitHub { + alias =${pkgs.fetchFromGitHub { owner = "Naereen"; repo = "Nginx-Fancyindex-Theme"; rev = "e84f7d6a32085c2b6238f85f5fdebe9ceb710fc4"; -- cgit v1.3.1 From 8aa191fa335db70f39d85b9c8167fdfaf7c60852 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 9 Oct 2019 22:46:45 +0200 Subject: l daedalus.r: remove altcoin category --- lass/1systems/daedalus/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index df8868034..2c1be473a 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -58,7 +58,7 @@ with import ; krebs.per-user.bitcoin.packages = [ pkgs.electrum pkgs.electron-cash - pkgs.altcoins.litecoin + pkgs.litecoin ]; users.extraUsers = { bitcoin = { -- cgit v1.3.1 From 0857d7bcc8d69780a01303e53159063989c912aa Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 9 Oct 2019 23:40:27 +0200 Subject: l yellow.r: fix nginx path traversal again --- lass/1systems/yellow/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index fd617518f..d049bdee6 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -47,9 +47,9 @@ with import ; }; virtualHosts.default = { default = true; - locations."/Nginx-Fancyindex-Theme-dark" = { + locations."=/Nginx-Fancyindex-Theme-dark" = { extraConfig = '' - alias =${pkgs.fetchFromGitHub { + alias ${pkgs.fetchFromGitHub { owner = "Naereen"; repo = "Nginx-Fancyindex-Theme"; rev = "e84f7d6a32085c2b6238f85f5fdebe9ceb710fc4"; -- cgit v1.3.1 From ee36de2973732362f1abdfb5b6b55db1f17b1316 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 10 Oct 2019 12:45:19 +0200 Subject: l prism.r: fix HTTP-Spliting vuln --- lass/1systems/prism/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a586807ef..853075744 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -379,7 +379,7 @@ with import ; services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' if ($scheme != "https") { - rewrite ^ https://$host$uri permanent; + rewrite ^ https://$host$request_uri permanent; } auth_basic "Restricted Content"; auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' -- cgit v1.3.1 From 7fb3248a6c9213f9e93a10e9fbefa6375eff161e Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 10 Oct 2019 14:27:52 +0200 Subject: l: fix nginx path traversal --- lass/1systems/prism/config.nix | 2 +- lass/2configs/radio.nix | 4 ++-- lass/2configs/websites/lassulus.nix | 13 ++++++++----- 3 files changed, 11 insertions(+), 8 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 853075744..13e865c6e 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -184,7 +184,7 @@ with import ; imports = [ ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' + services.nginx.virtualHosts."lassul.us".locations."= /wallpaper.png".extraConfig = '' alias /var/realwallpaper/realwallpaper.png; ''; } diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index b4efd42fc..7e1433fde 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -230,11 +230,11 @@ in { proxy_set_header X-Real-IP $remote_addr; proxy_pass http://localhost:8000; ''; - locations."/recent".extraConfig = '' + locations."= /recent".extraConfig = '' alias /tmp/played; ''; }; - virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let + virtualHosts."lassul.us".locations."= /the_playlist".extraConfig = let html = pkgs.writeText "index.html" '' diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 0f52d40b6..f04f312d0 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -37,30 +37,33 @@ in { locations."= /retiolum-hosts.tar.bz2".extraConfig = '' alias ${config.krebs.tinc.retiolum.hostsArchive}; ''; + locations."= /hosts".extraConfig = '' + alias ${pkgs.krebs-hosts_combined}; + ''; locations."= /retiolum.hosts".extraConfig = '' alias ${pkgs.krebs-hosts-retiolum}; ''; locations."= /wireguard-key".extraConfig = '' alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey}; ''; - locations."/tinc".extraConfig = '' + locations."/tinc/".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; - locations."/krebspage".extraConfig = '' + locations."= /krebspage".extraConfig = '' default_type "text/html"; alias ${pkgs.krebspage}/index.html; ''; - locations."/init".extraConfig = let + locations."= /init".extraConfig = let initscript = pkgs.init.override { pubkey = config.krebs.users.lass.pubkey; }; in '' alias ${initscript}; ''; - locations."/pub".extraConfig = '' + locations."= /pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; ''; - locations."/pub1".extraConfig = '' + locations."= /pub1".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey}; ''; }; -- cgit v1.3.1