NotAShelf/Eris
1
1
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity

Compare commits

base: NotAShelf:69917a9247475f2034f6ff285fec43e8c7cce746
Branches Tags
NotAShelf:main
NotAShelf:multi-site-proxy
NotAShelf:v0.1.0
..
compare: NotAShelf:6c18427dc3d50f610f44451dc14c070e905269ba
Branches Tags
NotAShelf:main
NotAShelf:multi-site-proxy
NotAShelf:v0.1.0

No commits in common. "69917a9247475f2034f6ff285fec43e8c7cce746" and "6c18427dc3d50f610f44451dc14c070e905269ba" have entirely different histories.
69917a9247 ... 6c18427dc3

7 changed files with 59 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

22
Cargo.toml
View file

@ -1,23 +1,21 @@
[package]
name = "eris"
description = "Sophisticated HTTP tarpit and honeypot stream"
authors = ["NotAShelf <raf@notashelf.dev"]
version = "0.1.1"
version = "0.1.0"
edition = "2024"
[dependencies]
actix-web = "4.11.0"
clap = { version = "4.5.51", features = ["derive"] }
chrono = "0.4.42"
futures = "0.3.31"
actix-web = "4.3.1"
clap = { version = "4.3", features = ["derive"] }
chrono = "0.4.24"
futures = "0.3.28"
ipnetwork = "0.21.1"
lazy_static = "1.5.0"
lazy_static = "1.4.0"
prometheus = "0.14.0"
prometheus_exporter = "0.8.5"
rand = "0.9.2"
rand = "0.9.1"
rlua = "0.20.1"
serde = { version = "1.0.228", features = ["derive"] }
serde_json = "1.0.145"
serde = { version = "1.0.162", features = ["derive"] }
serde_json = "1.0.96"
tokio = { version = "1.28.0", features = ["full"] }
log = "0.4.28"
log = "0.4.27"
env_logger = "0.11.8"

13
README.md
View file

@ -81,10 +81,8 @@ Pre-built binaries are not yet available.
For static sites served by Nginx, the proper setup is to place Eris in front of
Nginx. Here is a graph of how it's meant to be configured:
```mermaid
graph LR
A[Internet] --> B[Eris (port 80)]
B --> C[Nginx (local port)]
```
Internet → [Eris (port 80)] → [Nginx (local port)]
```
You will want to configure Eris to listen on port 80 (or 443 for SSL) and
@ -134,11 +132,8 @@ eris --listen-addr 0.0.0.0:443 --backend-addr 127.0.0.1:8080 --ssl-cert /path/to
### Option 2: Use a separate SSL terminator
```mermaid
graph LR
A[Internet] --> B[SSL Terminator (port 443)]
B --> C[Eris (local port)]
C --> D[Nginx (local port)]
```
Internet → [SSL Terminator (port 443)] → [Eris (local port)] → [Nginx (local port)]
```
You can use Nginx, HAProxy, or Caddy as the SSL terminator, forwarding decrypted

22
flake.lock generated
View file

@ -1,27 +1,12 @@
{
"nodes": {
"crane": {
"locked": {
"lastModified": 1760924934,
"narHash": "sha256-tuuqY5aU7cUkR71sO2TraVKK2boYrdW3gCSXUkF4i44=",
"owner": "ipetkov",
"repo": "crane",
"rev": "c6b4d5308293d0d04fcfeee92705017537cad02f",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1761672384,
"narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=",
"lastModified": 1745930157,
"narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c",
"rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae",
"type": "github"
},
"original": {
@ -33,7 +18,6 @@
},
"root": {
"inputs": {
"crane": "crane",
"nixpkgs": "nixpkgs"
}
}

14
flake.nix
View file

@ -1,15 +1,11 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable";
crane.url = "github:ipetkov/crane";
};
inputs.nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable";
outputs = {
self,
nixpkgs,
crane,
}: let
systems = ["x86_64-linux" "aarch64-linux"];
systems = ["x86_64-linux"];
forEachSystem = nixpkgs.lib.genAttrs systems;
pkgsForEach = nixpkgs.legacyPackages;
in {
@ -18,10 +14,8 @@
default = self.nixosModules.eris;
};
packages = forEachSystem (system: let
craneLib = crane.mkLib pkgsForEach.${system};
in {
eris = pkgsForEach.${system}.callPackage ./nix/package.nix {inherit craneLib;};
packages = forEachSystem (system: {
eris = pkgsForEach.${system}.callPackage ./nix/package.nix {};
default = self.packages.${system}.eris;
});

46
nix/package.nix
View file

@ -1,32 +1,28 @@
{
lib,
craneLib,
rustPlatform,
}: let
pname = "eris";
inherit ((lib.importTOML ../Cargo.toml).package) version;
src = let
fs = lib.fileset;
s = ../.;
in
fs.toSource {
root = s;
fileset = fs.unions [
(fs.fileFilter (file: builtins.any file.hasExt ["rs"]) (s + /src))
(s + /Cargo.lock)
(s + /Cargo.toml)
];
};
fs = lib.fileset;
cargoArtifacts = craneLib.buildDepsOnly {
name = "${pname}-deps";
strictDeps = true;
inherit src;
};
lockfile = ../Cargo.lock;
cargoToml = ../Cargo.toml;
in
craneLib.buildPackage {
inherit pname src version cargoArtifacts;
rustPlatform.buildRustPackage {
pname = "eris";
version = "0.0.1";
strictDeps = true;
src = let
s = ../.;
in
fs.toSource {
root = s;
fileset = fs.unions [
(fs.fileFilter (file: builtins.any file.hasExt ["rs"]) (s + /src))
(s + /contrib)
lockfile
cargoToml
];
};
postInstall = ''
mkdir -p $out/share/contrib
@ -34,10 +30,10 @@ in
cp -rv $src/contrib/lua $out/share/contrib
'';
cargoLock.lockFile = lockfile;
meta = {
description = "Sophisticated HTTP tarpit and honeypot stream";
homepage = "https://git.frzn.dev/NotAShelf/eris";
maintainers = [lib.maintainers.NotAShelf];
mainProgram = "eris";
};
}

32
nix/shell.nix
View file

@ -1,26 +1,28 @@
{
mkShell,
rustc,
cargo,
rust-analyzer,
rustfmt,
clippy,
taplo,
rust-analyzer-unwrapped,
rustPlatform,
cargo,
gcc,
openssl,
pkg-config,
rustc,
}:
mkShell {
name = "rust";
name = "eris";
packages = [
rustc
cargo
(rustfmt.override {asNightly = true;})
rust-analyzer
rustfmt
clippy
cargo
taplo
rust-analyzer-unwrapped
];
gcc
clippy
rustfmt
rustc
RUST_SRC_PATH = "${rustPlatform.rustLibSrc}";
# For TLS and friends
openssl
pkg-config
];
}

2
src/main.rs
View file

@ -149,8 +149,6 @@ impl Default for Config {
"/config".to_string(),
"/api/".to_string(),
"/actuator/".to_string(),
"/search/feedback".to_string(),
"/wp-json/v1/u".to_string(),
],
whitelist_networks: vec![
"192.168.0.0/16".to_string(),