From 10c523ab8944035b1635d419d3d18823834a2e07 Mon Sep 17 00:00:00 2001 From: NotAShelf Date: Tue, 9 Sep 2025 20:31:14 +0300 Subject: [PATCH 1/6] nix: bump inputs Signed-off-by: NotAShelf Change-Id: I704ac50f34324d22d6ea86329f709e9d6a6a6964 --- flake.lock | 6 +++--- flake.nix | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 8372b45..4ab3227 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1745930157, - "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=", + "lastModified": 1761672384, + "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae", + "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 9143653..471149d 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ self, nixpkgs, }: let - systems = ["x86_64-linux"]; + systems = ["x86_64-linux" "aarch64-linux"]; forEachSystem = nixpkgs.lib.genAttrs systems; pkgsForEach = nixpkgs.legacyPackages; in { From 150f632fb81daac3ff807cd7f0d19439ea398d81 Mon Sep 17 00:00:00 2001 From: NotAShelf Date: Fri, 31 Oct 2025 22:46:32 +0300 Subject: [PATCH 2/6] chore: bump dependencies Signed-off-by: NotAShelf Change-Id: Ia2537b41147373d94e08325e8540bf906a6a6964 --- Cargo.toml | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 2292db4..e619e0c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,21 +1,23 @@ [package] name = "eris" -version = "0.1.0" +description = "Sophisticated HTTP tarpit and honeypot stream" +authors = ["NotAShelf Date: Fri, 31 Oct 2025 22:55:30 +0300 Subject: [PATCH 3/6] nix: switch to crane for incramental builds Signed-off-by: NotAShelf Change-Id: Ia5ab2f512ffac20722966b605d7eaf156a6a6964 --- flake.lock | 16 ++++++++++++++++ flake.nix | 12 +++++++++--- nix/package.nix | 46 +++++++++++++++++++++++++--------------------- 3 files changed, 50 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 4ab3227..d1245af 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,20 @@ { "nodes": { + "crane": { + "locked": { + "lastModified": 1760924934, + "narHash": "sha256-tuuqY5aU7cUkR71sO2TraVKK2boYrdW3gCSXUkF4i44=", + "owner": "ipetkov", + "repo": "crane", + "rev": "c6b4d5308293d0d04fcfeee92705017537cad02f", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1761672384, @@ -18,6 +33,7 @@ }, "root": { "inputs": { + "crane": "crane", "nixpkgs": "nixpkgs" } } diff --git a/flake.nix b/flake.nix index 471149d..b5b8db7 100644 --- a/flake.nix +++ b/flake.nix @@ -1,9 +1,13 @@ { - inputs.nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable"; + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable"; + crane.url = "github:ipetkov/crane"; + }; outputs = { self, nixpkgs, + crane, }: let systems = ["x86_64-linux" "aarch64-linux"]; forEachSystem = nixpkgs.lib.genAttrs systems; @@ -14,8 +18,10 @@ default = self.nixosModules.eris; }; - packages = forEachSystem (system: { - eris = pkgsForEach.${system}.callPackage ./nix/package.nix {}; + packages = forEachSystem (system: let + craneLib = crane.mkLib pkgsForEach.${system}; + in { + eris = pkgsForEach.${system}.callPackage ./nix/package.nix {inherit craneLib;}; default = self.packages.${system}.eris; }); diff --git a/nix/package.nix b/nix/package.nix index b227e1a..7e790fa 100644 --- a/nix/package.nix +++ b/nix/package.nix @@ -1,28 +1,32 @@ { lib, - rustPlatform, + craneLib, }: let - fs = lib.fileset; + pname = "eris"; + inherit ((lib.importTOML ../Cargo.toml).package) version; + src = let + fs = lib.fileset; + s = ../.; + in + fs.toSource { + root = s; + fileset = fs.unions [ + (fs.fileFilter (file: builtins.any file.hasExt ["rs"]) (s + /src)) + (s + /Cargo.lock) + (s + /Cargo.toml) + ]; + }; - lockfile = ../Cargo.lock; - cargoToml = ../Cargo.toml; + cargoArtifacts = craneLib.buildDepsOnly { + name = "${pname}-deps"; + strictDeps = true; + inherit src; + }; in - rustPlatform.buildRustPackage { - pname = "eris"; - version = "0.0.1"; + craneLib.buildPackage { + inherit pname src version cargoArtifacts; - src = let - s = ../.; - in - fs.toSource { - root = s; - fileset = fs.unions [ - (fs.fileFilter (file: builtins.any file.hasExt ["rs"]) (s + /src)) - (s + /contrib) - lockfile - cargoToml - ]; - }; + strictDeps = true; postInstall = '' mkdir -p $out/share/contrib @@ -30,10 +34,10 @@ in cp -rv $src/contrib/lua $out/share/contrib ''; - cargoLock.lockFile = lockfile; - meta = { description = "Sophisticated HTTP tarpit and honeypot stream"; + homepage = "https://git.frzn.dev/NotAShelf/eris"; + maintainers = [lib.maintainers.NotAShelf]; mainProgram = "eris"; }; } From 8aa39cfb1a812ee3d269bc865166049d13382ead Mon Sep 17 00:00:00 2001 From: NotAShelf Date: Fri, 31 Oct 2025 22:55:45 +0300 Subject: [PATCH 4/6] eris: add more default scan paths to honeypot Signed-off-by: NotAShelf Change-Id: I10c0129340d517587905a97a034f01406a6a6964 --- src/main.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main.rs b/src/main.rs index 2471ced..2dc17d2 100644 --- a/src/main.rs +++ b/src/main.rs @@ -149,6 +149,8 @@ impl Default for Config { "/config".to_string(), "/api/".to_string(), "/actuator/".to_string(), + "/search/feedback".to_string(), + "/wp-json/v1/u".to_string(), ], whitelist_networks: vec![ "192.168.0.0/16".to_string(), From dd7e41eb64c9e5f6903f0ad58a413610344c89d1 Mon Sep 17 00:00:00 2001 From: NotAShelf Date: Fri, 31 Oct 2025 23:12:18 +0300 Subject: [PATCH 5/6] nix: clean up devshell Signed-off-by: NotAShelf Change-Id: Ia844e89f1450cce1625c57c9d81279706a6a6964 --- nix/shell.nix | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/nix/shell.nix b/nix/shell.nix index 5df9c82..9df0432 100644 --- a/nix/shell.nix +++ b/nix/shell.nix @@ -1,28 +1,26 @@ { mkShell, - rust-analyzer, + rustc, + cargo, rustfmt, clippy, - cargo, - gcc, - openssl, - pkg-config, - rustc, + taplo, + rust-analyzer-unwrapped, + rustPlatform, }: mkShell { - name = "eris"; + name = "rust"; + packages = [ - rust-analyzer - rustfmt + rustc + cargo + + (rustfmt.override {asNightly = true;}) clippy cargo - gcc - clippy - rustfmt - rustc - - # For TLS and friends - openssl - pkg-config + taplo + rust-analyzer-unwrapped ]; + + RUST_SRC_PATH = "${rustPlatform.rustLibSrc}"; } From 69917a9247475f2034f6ff285fec43e8c7cce746 Mon Sep 17 00:00:00 2001 From: NotAShelf Date: Fri, 31 Oct 2025 23:12:23 +0300 Subject: [PATCH 6/6] docs: use mermaidjs for visual graphs Signed-off-by: NotAShelf Change-Id: Ib7ae49f209214fc428f6e9bfc5c7d9176a6a6964 --- README.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 8209063..0f7b571 100644 --- a/README.md +++ b/README.md @@ -81,8 +81,10 @@ Pre-built binaries are not yet available. For static sites served by Nginx, the proper setup is to place Eris in front of Nginx. Here is a graph of how it's meant to be configured: -``` -Internet → [Eris (port 80)] → [Nginx (local port)] +```mermaid +graph LR + A[Internet] --> B[Eris (port 80)] + B --> C[Nginx (local port)] ``` You will want to configure Eris to listen on port 80 (or 443 for SSL) and @@ -132,8 +134,11 @@ eris --listen-addr 0.0.0.0:443 --backend-addr 127.0.0.1:8080 --ssl-cert /path/to ### Option 2: Use a separate SSL terminator -``` -Internet → [SSL Terminator (port 443)] → [Eris (local port)] → [Nginx (local port)] +```mermaid +graph LR + A[Internet] --> B[SSL Terminator (port 443)] + B --> C[Eris (local port)] + C --> D[Nginx (local port)] ``` You can use Nginx, HAProxy, or Caddy as the SSL terminator, forwarding decrypted