cleanup

2026-01-14 16:55:00 +01:00 · 2025-08-03 16:37:18 +02:00 · 2025-08-03 16:37:18 +02:00 · a4e5e3720b
commit a4e5e3720b
parent beb86b7ea9
12 changed files with 134 additions and 176 deletions
--- a/nix/apps/does-it-build/default.nix
+++ b/nix/apps/does-it-build/default.nix
@ -1,7 +1,7 @@
-{ pkgs, lib, does-it-build, my-projects-versions, ... }:
+{ pkgs, lib, my-projects-versions, ... }:
 let
-  does-it-build-base = does-it-build { inherit pkgs; };
-  does-it-build-with-commit = does-it-build-base.overrideAttrs (finalAttrs: previousAttrs: {
+  does-it-build-base = (import (fetchTarball "https://github.com/Noratrieb/does-it-build/archive/${my-projects-versions.does-it-build}.tar.gz")) { inherit pkgs; };
+  does-it-build = does-it-build-base.overrideAttrs (finalAttrs: previousAttrs: {
    DOES_IT_BUILD_OVERRIDE_VERSION = my-projects-versions.does-it-build;
  });
 in
@ -15,7 +15,7 @@ in
    serviceConfig = {
      User = "does-it-build";
      Group = "does-it-build";
-      ExecStart = "${lib.getExe' (does-it-build-with-commit) "does-it-build" }";
+      ExecStart = "${lib.getExe' (does-it-build) "does-it-build" }";
      Environment = "DB_PATH=/var/lib/does-it-build/db.sqlite";
    };
  };
--- a/nix/apps/fakessh/default.nix
+++ b/nix/apps/fakessh/default.nix
@ -0,0 +1,29 @@
+{ lib, pkgs, my-projects-versions, ... }:
+let cluelessh = import (fetchTarball "https://github.com/Noratrieb/cluelessh/archive/${my-projects-versions.cluelessh}.tar.gz");
+in
+{
+  systemd.services.fakessh = {
+    description = "cluelessh-faked ssh honeypot";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    serviceConfig = {
+      Restart = "on-failure";
+      RestartSec = "5s";
+      ExecStart = "${lib.getExe' (cluelessh {inherit pkgs;}) "cluelessh-faked" }";
+
+      # i really don't trust this.
+      DynamicUser = true;
+      AmbientCapabilities = "CAP_NET_BIND_SERVICE";
+      MemoryHigh = "100M";
+      MemoryMax = "200M";
+
+      # config
+      Environment = [
+        "FAKESSH_LISTEN_ADDR=0.0.0.0:22"
+        "RUST_LOG=debug"
+        #"FAKESSH_JSON_LOGS=1"
+      ];
+    };
+  };
+  networking.firewall.allowedTCPPorts = [ 22 ];
+}
--- a/nix/apps/upload-files/default.nix
+++ b/nix/apps/upload-files/default.nix
@ -1,4 +1,6 @@
-{ upload-files, pkgs, lib, config, ... }: {
+{ my-projects-versions, pkgs, lib, config, ... }:
+let upload-files = import (fetchTarball "https://github.com/Noratrieb/upload.files.noratrieb.dev/archive/${my-projects-versions."upload.files.noratrieb.dev"}.tar.gz"); in
+{
  age.secrets.upload_files_s3_secret.file = ../../secrets/upload_files_s3_secret.age;

  systemd.services.upload-files = {