diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index b77ef42a1657..f392ca52566f 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -144,7 +144,7 @@ in dictd = 105; couchdb = 106; #searx = 107; # dynamically allocated as of 2020-10-27 - kippo = 108; + #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04 jenkins = 109; systemd-journal-gateway = 110; #notbit = 111; # unused @@ -462,7 +462,7 @@ in dictd = 105; couchdb = 106; #searx = 107; # dynamically allocated as of 2020-10-27 - kippo = 108; + #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04 jenkins = 109; systemd-journal-gateway = 110; #notbit = 111; # unused diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 36e2131f2d2f..e3bb78bb49b1 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -757,7 +757,6 @@ ./services/networking/kea.nix ./services/networking/keepalived/default.nix ./services/networking/keybase.nix - ./services/networking/kippo.nix ./services/networking/knot.nix ./services/networking/kresd.nix ./services/networking/lambdabot.nix diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 4db6efb75d82..a35a6fe14c7a 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -80,6 +80,8 @@ with lib; is broken when using cgroups-v2. '') + (mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.") + # Do NOT add any option renames here, see top of the file ]; } diff --git a/nixos/modules/services/networking/kippo.nix b/nixos/modules/services/networking/kippo.nix deleted file mode 100644 index 6fedb0a270f4..000000000000 --- a/nixos/modules/services/networking/kippo.nix +++ /dev/null @@ -1,117 +0,0 @@ -# NixOS module for kippo honeypot ssh server -# See all the options for configuration details. -# -# Default port is 2222. Recommend using something like this for port redirection to default SSH port: -# networking.firewall.extraCommands = '' -# iptables -t nat -A PREROUTING -i IN_IFACE -p tcp --dport 22 -j REDIRECT --to-port 2222''; -# -# Lastly: use this service at your own risk. I am working on a way to run this inside a VM. -{ config, lib, pkgs, ... }: -with lib; -let - cfg = config.services.kippo; -in -{ - options = { - services.kippo = { - enable = mkOption { - default = false; - type = types.bool; - description = "Enable the kippo honeypot ssh server."; - }; - port = mkOption { - default = 2222; - type = types.int; - description = "TCP port number for kippo to bind to."; - }; - hostname = mkOption { - default = "nas3"; - type = types.str; - description = "Hostname for kippo to present to SSH login"; - }; - varPath = mkOption { - default = "/var/lib/kippo"; - type = types.path; - description = "Path of read/write files needed for operation and configuration."; - }; - logPath = mkOption { - default = "/var/log/kippo"; - type = types.path; - description = "Path of log files needed for operation and configuration."; - }; - pidPath = mkOption { - default = "/run/kippo"; - type = types.path; - description = "Path of pid files needed for operation."; - }; - extraConfig = mkOption { - default = ""; - type = types.lines; - description = "Extra verbatim configuration added to the end of kippo.cfg."; - }; - }; - - }; - config = mkIf cfg.enable { - environment.systemPackages = with pkgs.pythonPackages; [ - python pkgs.kippo.twisted pycrypto pyasn1 ]; - - environment.etc."kippo.cfg".text = '' - # Automatically generated by NixOS. - # See ${pkgs.kippo}/src/kippo.cfg for details. - [honeypot] - log_path = ${cfg.logPath} - download_path = ${cfg.logPath}/dl - filesystem_file = ${cfg.varPath}/honeyfs - filesystem_file = ${cfg.varPath}/fs.pickle - data_path = ${cfg.varPath}/data - txtcmds_path = ${cfg.varPath}/txtcmds - public_key = ${cfg.varPath}/keys/public.key - private_key = ${cfg.varPath}/keys/private.key - ssh_port = ${toString cfg.port} - hostname = ${cfg.hostname} - ${cfg.extraConfig} - ''; - - users.users.kippo = { - description = "kippo web server privilege separation user"; - uid = 108; # why does config.ids.uids.kippo give an error? - }; - users.groups.kippo.gid = 108; - - systemd.services.kippo = with pkgs; { - description = "Kippo Web Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - environment.PYTHONPATH = "${pkgs.kippo}/src/:${pkgs.pythonPackages.pycrypto}/lib/python2.7/site-packages/:${pkgs.pythonPackages.pyasn1}/lib/python2.7/site-packages/:${pkgs.pythonPackages.python}/lib/python2.7/site-packages/:${pkgs.kippo.twisted}/lib/python2.7/site-packages/:."; - preStart = '' - if [ ! -d ${cfg.varPath}/ ] ; then - mkdir -p ${cfg.logPath}/tty - mkdir -p ${cfg.logPath}/dl - mkdir -p ${cfg.varPath}/keys - cp ${pkgs.kippo}/src/honeyfs ${cfg.varPath} -r - cp ${pkgs.kippo}/src/fs.pickle ${cfg.varPath}/fs.pickle - cp ${pkgs.kippo}/src/data ${cfg.varPath} -r - cp ${pkgs.kippo}/src/txtcmds ${cfg.varPath} -r - - chmod u+rw ${cfg.varPath} -R - chown kippo.kippo ${cfg.varPath} -R - chown kippo.kippo ${cfg.logPath} -R - chmod u+rw ${cfg.logPath} -R - fi - if [ ! -d ${cfg.pidPath}/ ] ; then - mkdir -p ${cfg.pidPath} - chmod u+rw ${cfg.pidPath} - chown kippo.kippo ${cfg.pidPath} - fi - ''; - - serviceConfig.ExecStart = "${pkgs.kippo.twisted}/bin/twistd -y ${pkgs.kippo}/src/kippo.tac --syslog --rundir=${cfg.varPath}/ --pidfile=${cfg.pidPath}/kippo.pid --prefix=kippo -n"; - serviceConfig.PermissionsStartOnly = true; - serviceConfig.User = "kippo"; - serviceConfig.Group = "kippo"; - }; -}; -} - -