Merge pull request #140820 from VergeDX/kippo-remove

pyrox.dev / nixpkgs

fork atom

lol

fork atom

kippo: cleanup the corresponding broken module.

authored by

Bobby Rong and committed by

GitHub 4 years ago dd596307 8da58db5

+4 -120

4 changed files

expand all

unified split

nixos

modules

misc

ids.nix

module-list.nix

rename.nix

services

networking

kippo.nix

+2 -2

nixos/modules/misc/ids.nix

··· 144 144 dictd = 105; 145 145 couchdb = 106; 146 146 #searx = 107; # dynamically allocated as of 2020-10-27 147 - kippo = 108; 147 + #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04 148 148 jenkins = 109; 149 149 systemd-journal-gateway = 110; 150 150 #notbit = 111; # unused ··· 462 462 dictd = 105; 463 463 couchdb = 106; 464 464 #searx = 107; # dynamically allocated as of 2020-10-27 465 - kippo = 108; 465 + #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04 466 466 jenkins = 109; 467 467 systemd-journal-gateway = 110; 468 468 #notbit = 111; # unused

-1

nixos/modules/module-list.nix

··· 760 760 ./services/networking/kea.nix 761 761 ./services/networking/keepalived/default.nix 762 762 ./services/networking/keybase.nix 763 - ./services/networking/kippo.nix 764 763 ./services/networking/knot.nix 765 764 ./services/networking/kresd.nix 766 765 ./services/networking/lambdabot.nix

nixos/modules/rename.nix

··· 81 81 '') 82 82 (mkRemovedOptionModule ["services" "wakeonlan"] "This module was removed in favor of enabling it with networking.interfaces.<name>.wakeOnLan") 83 83 84 + (mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.") 85 + 84 86 # Do NOT add any option renames here, see top of the file 85 87 ]; 86 88 }

-117

nixos/modules/services/networking/kippo.nix

··· 1 - # NixOS module for kippo honeypot ssh server 2 - # See all the options for configuration details. 3 - # 4 - # Default port is 2222. Recommend using something like this for port redirection to default SSH port: 5 - # networking.firewall.extraCommands = '' 6 - # iptables -t nat -A PREROUTING -i IN_IFACE -p tcp --dport 22 -j REDIRECT --to-port 2222''; 7 - # 8 - # Lastly: use this service at your own risk. I am working on a way to run this inside a VM. 9 - { config, lib, pkgs, ... }: 10 - with lib; 11 - let 12 - cfg = config.services.kippo; 13 - in 14 - { 15 - options = { 16 - services.kippo = { 17 - enable = mkOption { 18 - default = false; 19 - type = types.bool; 20 - description = "Enable the kippo honeypot ssh server."; 21 - }; 22 - port = mkOption { 23 - default = 2222; 24 - type = types.int; 25 - description = "TCP port number for kippo to bind to."; 26 - }; 27 - hostname = mkOption { 28 - default = "nas3"; 29 - type = types.str; 30 - description = "Hostname for kippo to present to SSH login"; 31 - }; 32 - varPath = mkOption { 33 - default = "/var/lib/kippo"; 34 - type = types.path; 35 - description = "Path of read/write files needed for operation and configuration."; 36 - }; 37 - logPath = mkOption { 38 - default = "/var/log/kippo"; 39 - type = types.path; 40 - description = "Path of log files needed for operation and configuration."; 41 - }; 42 - pidPath = mkOption { 43 - default = "/run/kippo"; 44 - type = types.path; 45 - description = "Path of pid files needed for operation."; 46 - }; 47 - extraConfig = mkOption { 48 - default = ""; 49 - type = types.lines; 50 - description = "Extra verbatim configuration added to the end of kippo.cfg."; 51 - }; 52 - }; 53 - 54 - }; 55 - config = mkIf cfg.enable { 56 - environment.systemPackages = with pkgs.pythonPackages; [ 57 - python pkgs.kippo.twisted pycrypto pyasn1 ]; 58 - 59 - environment.etc."kippo.cfg".text = '' 60 - # Automatically generated by NixOS. 61 - # See ${pkgs.kippo}/src/kippo.cfg for details. 62 - [honeypot] 63 - log_path = ${cfg.logPath} 64 - download_path = ${cfg.logPath}/dl 65 - filesystem_file = ${cfg.varPath}/honeyfs 66 - filesystem_file = ${cfg.varPath}/fs.pickle 67 - data_path = ${cfg.varPath}/data 68 - txtcmds_path = ${cfg.varPath}/txtcmds 69 - public_key = ${cfg.varPath}/keys/public.key 70 - private_key = ${cfg.varPath}/keys/private.key 71 - ssh_port = ${toString cfg.port} 72 - hostname = ${cfg.hostname} 73 - ${cfg.extraConfig} 74 - ''; 75 - 76 - users.users.kippo = { 77 - description = "kippo web server privilege separation user"; 78 - uid = 108; # why does config.ids.uids.kippo give an error? 79 - }; 80 - users.groups.kippo.gid = 108; 81 - 82 - systemd.services.kippo = with pkgs; { 83 - description = "Kippo Web Server"; 84 - after = [ "network.target" ]; 85 - wantedBy = [ "multi-user.target" ]; 86 - environment.PYTHONPATH = "${pkgs.kippo}/src/:${pkgs.pythonPackages.pycrypto}/lib/python2.7/site-packages/:${pkgs.pythonPackages.pyasn1}/lib/python2.7/site-packages/:${pkgs.pythonPackages.python}/lib/python2.7/site-packages/:${pkgs.kippo.twisted}/lib/python2.7/site-packages/:."; 87 - preStart = '' 88 - if [ ! -d ${cfg.varPath}/ ] ; then 89 - mkdir -p ${cfg.logPath}/tty 90 - mkdir -p ${cfg.logPath}/dl 91 - mkdir -p ${cfg.varPath}/keys 92 - cp ${pkgs.kippo}/src/honeyfs ${cfg.varPath} -r 93 - cp ${pkgs.kippo}/src/fs.pickle ${cfg.varPath}/fs.pickle 94 - cp ${pkgs.kippo}/src/data ${cfg.varPath} -r 95 - cp ${pkgs.kippo}/src/txtcmds ${cfg.varPath} -r 96 - 97 - chmod u+rw ${cfg.varPath} -R 98 - chown kippo.kippo ${cfg.varPath} -R 99 - chown kippo.kippo ${cfg.logPath} -R 100 - chmod u+rw ${cfg.logPath} -R 101 - fi 102 - if [ ! -d ${cfg.pidPath}/ ] ; then 103 - mkdir -p ${cfg.pidPath} 104 - chmod u+rw ${cfg.pidPath} 105 - chown kippo.kippo ${cfg.pidPath} 106 - fi 107 - ''; 108 - 109 - serviceConfig.ExecStart = "${pkgs.kippo.twisted}/bin/twistd -y ${pkgs.kippo}/src/kippo.tac --syslog --rundir=${cfg.varPath}/ --pidfile=${cfg.pidPath}/kippo.pid --prefix=kippo -n"; 110 - serviceConfig.PermissionsStartOnly = true; 111 - serviceConfig.User = "kippo"; 112 - serviceConfig.Group = "kippo"; 113 - }; 114 - }; 115 - } 116 - 117 -