NotAShelf/Eris
1
1
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity

Compare commits

base: NotAShelf:69917a9247475f2034f6ff285fec43e8c7cce746
Branches Tags
NotAShelf:main
NotAShelf:multi-site-proxy
NotAShelf:v0.1.0
..
compare: NotAShelf:6c18427dc3d50f610f44451dc14c070e905269ba
Branches Tags
NotAShelf:main
NotAShelf:multi-site-proxy
NotAShelf:v0.1.0

No commits in common. "69917a9247475f2034f6ff285fec43e8c7cce746" and "6c18427dc3d50f610f44451dc14c070e905269ba" have entirely different histories.
69917a9247 ... 6c18427dc3

7 changed files with 59 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

22
Cargo.toml
View file

@ -1,23 +1,21 @@
[package] [package]
name = "eris" name = "eris"
description = "Sophisticated HTTP tarpit and honeypot stream" version = "0.1.0"
authors = ["NotAShelf <raf@notashelf.dev"]
version = "0.1.1"
edition = "2024" edition = "2024"
[dependencies] [dependencies]
actix-web = "4.11.0" actix-web = "4.3.1"
clap = { version = "4.5.51", features = ["derive"] } clap = { version = "4.3", features = ["derive"] }
chrono = "0.4.42" chrono = "0.4.24"
futures = "0.3.31" futures = "0.3.28"
ipnetwork = "0.21.1" ipnetwork = "0.21.1"
lazy_static = "1.5.0" lazy_static = "1.4.0"
prometheus = "0.14.0" prometheus = "0.14.0"
prometheus_exporter = "0.8.5" prometheus_exporter = "0.8.5"
rand = "0.9.2" rand = "0.9.1"
rlua = "0.20.1" rlua = "0.20.1"
serde = { version = "1.0.228", features = ["derive"] } serde = { version = "1.0.162", features = ["derive"] }
serde_json = "1.0.145" serde_json = "1.0.96"
tokio = { version = "1.28.0", features = ["full"] } tokio = { version = "1.28.0", features = ["full"] }
log = "0.4.28" log = "0.4.27"
env_logger = "0.11.8" env_logger = "0.11.8"

13
README.md
View file

@ -81,10 +81,8 @@ Pre-built binaries are not yet available.
For static sites served by Nginx, the proper setup is to place Eris in front of For static sites served by Nginx, the proper setup is to place Eris in front of
Nginx. Here is a graph of how it's meant to be configured: Nginx. Here is a graph of how it's meant to be configured:
```mermaid ```
graph LR Internet → [Eris (port 80)] → [Nginx (local port)]
A[Internet] --> B[Eris (port 80)]
B --> C[Nginx (local port)]
``` ```
You will want to configure Eris to listen on port 80 (or 443 for SSL) and You will want to configure Eris to listen on port 80 (or 443 for SSL) and
@ -134,11 +132,8 @@ eris --listen-addr 0.0.0.0:443 --backend-addr 127.0.0.1:8080 --ssl-cert /path/to
### Option 2: Use a separate SSL terminator ### Option 2: Use a separate SSL terminator
```mermaid ```
graph LR Internet → [SSL Terminator (port 443)] → [Eris (local port)] → [Nginx (local port)]
A[Internet] --> B[SSL Terminator (port 443)]
B --> C[Eris (local port)]
C --> D[Nginx (local port)]
``` ```
You can use Nginx, HAProxy, or Caddy as the SSL terminator, forwarding decrypted You can use Nginx, HAProxy, or Caddy as the SSL terminator, forwarding decrypted

22
flake.lock generated
View file

@ -1,27 +1,12 @@
{ {
"nodes": { "nodes": {
"crane": {
"locked": {
"lastModified": 1760924934,
"narHash": "sha256-tuuqY5aU7cUkR71sO2TraVKK2boYrdW3gCSXUkF4i44=",
"owner": "ipetkov",
"repo": "crane",
"rev": "c6b4d5308293d0d04fcfeee92705017537cad02f",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1761672384, "lastModified": 1745930157,
"narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=", "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c", "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -33,7 +18,6 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"crane": "crane",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
} }

14
flake.nix
View file

@ -1,15 +1,11 @@
{ {
inputs = { inputs.nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable";
nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable";
crane.url = "github:ipetkov/crane";
};
outputs = { outputs = {
self, self,
nixpkgs, nixpkgs,
crane,
}: let }: let
systems = ["x86_64-linux" "aarch64-linux"]; systems = ["x86_64-linux"];
forEachSystem = nixpkgs.lib.genAttrs systems; forEachSystem = nixpkgs.lib.genAttrs systems;
pkgsForEach = nixpkgs.legacyPackages; pkgsForEach = nixpkgs.legacyPackages;
in { in {
@ -18,10 +14,8 @@
default = self.nixosModules.eris; default = self.nixosModules.eris;
}; };
packages = forEachSystem (system: let packages = forEachSystem (system: {
craneLib = crane.mkLib pkgsForEach.${system}; eris = pkgsForEach.${system}.callPackage ./nix/package.nix {};
in {
eris = pkgsForEach.${system}.callPackage ./nix/package.nix {inherit craneLib;};
default = self.packages.${system}.eris; default = self.packages.${system}.eris;
}); });

34
nix/package.nix
View file

@ -1,43 +1,39 @@
{ {
lib, lib,
craneLib, rustPlatform,
}: let }: let
pname = "eris";
inherit ((lib.importTOML ../Cargo.toml).package) version;
src = let
fs = lib.fileset; fs = lib.fileset;
lockfile = ../Cargo.lock;
cargoToml = ../Cargo.toml;
in
rustPlatform.buildRustPackage {
pname = "eris";
version = "0.0.1";
src = let
s = ../.; s = ../.;
in in
fs.toSource { fs.toSource {
root = s; root = s;
fileset = fs.unions [ fileset = fs.unions [
(fs.fileFilter (file: builtins.any file.hasExt ["rs"]) (s + /src)) (fs.fileFilter (file: builtins.any file.hasExt ["rs"]) (s + /src))
(s + /Cargo.lock) (s + /contrib)
(s + /Cargo.toml) lockfile
cargoToml
]; ];
}; };
cargoArtifacts = craneLib.buildDepsOnly {
name = "${pname}-deps";
strictDeps = true;
inherit src;
};
in
craneLib.buildPackage {
inherit pname src version cargoArtifacts;
strictDeps = true;
postInstall = '' postInstall = ''
mkdir -p $out/share/contrib mkdir -p $out/share/contrib
cp -rv $src/contrib/corpus $out/share/contrib cp -rv $src/contrib/corpus $out/share/contrib
cp -rv $src/contrib/lua $out/share/contrib cp -rv $src/contrib/lua $out/share/contrib
''; '';
cargoLock.lockFile = lockfile;
meta = { meta = {
description = "Sophisticated HTTP tarpit and honeypot stream"; description = "Sophisticated HTTP tarpit and honeypot stream";
homepage = "https://git.frzn.dev/NotAShelf/eris";
maintainers = [lib.maintainers.NotAShelf];
mainProgram = "eris"; mainProgram = "eris";
}; };
} }

32
nix/shell.nix
View file

@ -1,26 +1,28 @@
{ {
mkShell, mkShell,
rustc, rust-analyzer,
cargo,
rustfmt, rustfmt,
clippy, clippy,
taplo, cargo,
rust-analyzer-unwrapped, gcc,
rustPlatform, openssl,
pkg-config,
rustc,
}: }:
mkShell { mkShell {
name = "rust"; name = "eris";
packages = [ packages = [
rustc rust-analyzer
cargo rustfmt
(rustfmt.override {asNightly = true;})
clippy clippy
cargo cargo
taplo gcc
rust-analyzer-unwrapped clippy
]; rustfmt
rustc
RUST_SRC_PATH = "${rustPlatform.rustLibSrc}"; # For TLS and friends
openssl
pkg-config
];
} }

2
src/main.rs
View file

@ -149,8 +149,6 @@ impl Default for Config {
"/config".to_string(), "/config".to_string(),
"/api/".to_string(), "/api/".to_string(),
"/actuator/".to_string(), "/actuator/".to_string(),
"/search/feedback".to_string(),
"/wp-json/v1/u".to_string(),
], ],
whitelist_networks: vec![ whitelist_networks: vec![
"192.168.0.0/16".to_string(), "192.168.0.0/16".to_string(),