Merge branch 'master' of https://github.com/krebscode/painload

author: root <root@flap> 2014-05-06 10:00:33 -0400
committer: root <root@flap> 2014-05-06 10:00:33 -0400
commit: 4d8016064edd5e5dc1d194ea5ec0fce4f07b8f2a (patch)
tree: d8ecba8651604e51d6f887449641ac627844ae63
parent: f44c8529e6d04b557d93cc862599b956ed21f0de (diff)
parent: d0367082a5c1296cefed641b4eda736b29a3ad69 (diff)
237 files changed, 4534 insertions, 937 deletions
diff --git a/.gitmodules b/.gitmodules
index 336b225d..23652084 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -25,6 +25,9 @@
 [submodule "Reaktor/repos/whatweb"]
 	path = Reaktor/repos/whatweb
 	url = https://github.com/urbanadventurer/WhatWeb.git
+[submodule "Reaktor/repos/view-website"]
+	path = Reaktor/repos/view-website
+	url = https://github.com/makefu/view-website.git
 [submodule "minikrebs"]
 	path = Cancer/minikrebs
 	url = https://github.com/krebscode/minikrebs.git
diff --git a/git/git-clone-into b/.graveyard/git/git-clone-into
index 67e820e6..67e820e6 100755
--- a/git/git-clone-into
+++ b/.graveyard/git/git-clone-into
diff --git a/git/git-eternal-move b/.graveyard/git/git-eternal-move
index 50361e7b..50361e7b 100755
--- a/git/git-eternal-move
+++ b/.graveyard/git/git-eternal-move
diff --git a/Reaktor/IRC/getconf.py b/Reaktor/IRC/getconf.py
index f9cd4404..168c908c 100644
--- a/Reaktor/IRC/getconf.py
+++ b/Reaktor/IRC/getconf.py
@@ -9,14 +9,17 @@ import os
 def make_getconf(filename):
 
 
-    def getconf(prop):
+    def getconf(prop, default_value=None):
         prop_split = prop.split('.')
         string = ''
         config = load_config(filename)
         #imp.reload(config)
         tmp = config.__dict__
         for pr in prop_split:
-            tmp = tmp[pr]
+            if pr in tmp:
+                tmp = tmp[pr]
+            else:
+                return default_value
         return tmp
 
     return getconf
diff --git a/Reaktor/IRC/ircasy.py b/Reaktor/IRC/ircasy.py
index 7821305f..9a7f44f3 100644
--- a/Reaktor/IRC/ircasy.py
+++ b/Reaktor/IRC/ircasy.py
@@ -22,10 +22,10 @@ class asybot(asychat):
     asychat.__init__(self)
     #logger magic
     self.log = logging.getLogger('asybot_' + nickname)
-    hdlr = logging.handlers.SysLogHandler(facility=logging.handlers.SysLogHandler.LOG_DAEMON)
-    formatter = logging.Formatter( '%(filename)s: %(levelname)s: %(message)s')
-    hdlr.setFormatter(formatter)
-    self.log.addHandler(hdlr)
+    #hdlr = logging.handlers.SysLogHandler(facility=logging.handlers.SysLogHandler.LOG_DAEMON)
+    #formatter = logging.Formatter( '%(filename)s: %(levelname)s: %(message)s')
+    #hdlr.setFormatter(formatter)
+    #self.log.addHandler(hdlr)
     logging.basicConfig(level = loglevel)
 
     self.nickname = nickname
@@ -45,7 +45,7 @@ class asybot(asychat):
     else:
       self.hostname = nickname
 
-    self.retry = False
+    self.retry = True
     self.server = server
     self.port = port
     self.channels = channels
@@ -85,7 +85,10 @@ class asybot(asychat):
       alarm(self.hammer_interval)
 
   def collect_incoming_data(self, data):
-    self.data += data.decode()
+    try:
+      self.data += data.decode()
+    except Exception as e:
+      print('error decoding message: ' + str(e));
 
   def found_terminator(self):
     self.log.debug('<< %s' % self.data)
@@ -107,13 +110,15 @@ class asybot(asychat):
     elif command == 'INVITE':
       self.on_invite(prefix, command, params, rest)
 
+    elif command == 'KICK':
+      self.on_kick(prefix, command, params, rest)
+
+    elif command == 'JOIN':
+      self.on_join(prefix, command, params, rest)
+
     elif command == '433':
       # ERR_NICKNAMEINUSE, retry with another name
-      _, nickname, int, _ = split('^.*[^0-9]([0-9]+)$', self.nickname) \
-          if search('[0-9]$', self.nickname) \
-          else ['', self.nickname, 0, '']
-      self.nickname = nickname + str(int + 1)
-      self.handle_connect()
+      self.on_nickinuse(prefix, command, params, rest)
 
     elif command == '376':
       self.on_welcome(prefix, command, params, rest)
@@ -158,11 +163,29 @@ class asybot(asychat):
   def ME(self, target, text):
     self.PRIVMSG(target, ('ACTION ' + text + ''))
 
-  def on_privmsg(self, prefix, command, params, rest):
-    pass
-
   def on_welcome(self, prefix, command, params, rest):
     self.push('JOIN %s' % ','.join(self.channels))
 
+  def on_kick(self, prefix, command, params, rest):
+    self.log.debug(params)
+    if params[-1] == self.nickname:
+      for chan in params[:-1]:
+        self.channels.remove(chan)
+
+  def on_join(self, prefix, command, params, rest):
+    pass
+
+  def on_privmsg(self, prefix, command, params, rest):
+    pass
+
   def on_invite(self, prefix, command, params, rest):
     pass
+
+  def on_nickinuse(self, prefix, command, params, rest):
+    regex = search('(\d+)$', self.nickname)
+    if regex:
+      theint = int(regex.group(0))
+      self.nickname = self.nickname.strip(str(theint)) + str(theint + 1)
+    else:
+      self.nickname = self.nickname + '0'
+    self.handle_connect()
diff --git a/Reaktor/IRC/reaktor.py b/Reaktor/IRC/reaktor.py
index 990d47e5..f9f25e57 100644..100755
--- a/Reaktor/IRC/reaktor.py
+++ b/Reaktor/IRC/reaktor.py
@@ -1,3 +1,4 @@
+#!/usr/bin/env python3
 import os
 from ircasy import asybot
 from asyncore import loop
@@ -5,29 +6,53 @@ from translate_colors import translate_colors
 import shlex
 from re import split, search, match
 
-config_filename = './config.py'
+default_config = './config.py'
 from getconf import make_getconf
-getconf = make_getconf(config_filename)
+getconf = None
 
 import logging,logging.handlers
 log = logging.getLogger('asybot')
-hdlr = logging.handlers.SysLogHandler(facility=logging.handlers.SysLogHandler.LOG_DAEMON)
-formatter = logging.Formatter( '%(filename)s: %(levelname)s: %(message)s')
-hdlr.setFormatter(formatter)
-log.addHandler(hdlr)
-logging.basicConfig(level = logging.DEBUG if getconf('debug') else logging.INFO)
+#hdlr = logging.handlers.SysLogHandler(address='/dev/log', facility=logging.handlers.SysLogHandler.LOG_DAEMON)
+#formatter = logging.Formatter( '%(filename)s: %(levelname)s: %(message)s')
+#hdlr.setFormatter(formatter)
+#log.addHandler(hdlr)
+
 
 
 class Reaktor(asybot):
-  def __init__(self):
+  def __init__(self,config=default_config):
+    self.config = config
+    log.info("using config file %s"%(config))
     asybot.__init__(self, getconf('irc_server'), getconf('irc_port'), getconf('irc_nickname'), getconf('irc_channels'), hammer_interval=getconf('irc_hammer_interval'), alarm_timeout=getconf('irc_alarm_timeout'), kill_timeout=getconf('irc_kill_timeout'))
 
+  def is_admin(self,prefix):
+    try:
+      with open(getconf('auth_file')) as f:
+        for line in f:
+          if line.strip() == prefix:
+            return True
+    except Exception as e:
+      log.info(e)
+    return False
+
+  def on_join(self, prefix, command, params, rest):
+    for command in getconf('on_join', []):
+      self.execute_command(command, None, prefix, params)
+
   def on_privmsg(self, prefix, command, params, rest):
     for command in getconf('commands'):
       y = match(command['pattern'], rest)
       if y:
-        self.execute_command(command, y, prefix, params)
-        break
+        if not self.is_admin(prefix):
+          self.PRIVMSG(params,'unauthorized!')
+        else:
+          return self.execute_command(command, y, prefix, params)
+
+    for command in getconf('public_commands'):
+      y = match(command['pattern'], rest)
+      if y:
+        return self.execute_command(command, y, prefix, params)
+
 
   def execute_command(self, command, match, prefix, target):
     from os.path import realpath, dirname, join
@@ -37,16 +62,33 @@ class Reaktor(asybot):
     #TODO: allow only commands below ./commands/
     exe = join(dirname(realpath(dirname(__file__))), command['argv'][0])
     myargv = [exe] + command['argv'][1:]
-    if match.groupdict().get('args',None):
-      myargv += shlex.split(match.groupdict()['args'])
+    try:
+      if match and match.groupdict().get('args', None):
+        myargv += shlex.split(match.groupdict()['args'])
+    except:
+        log.info("cannot parse args!")
 
-    env = {}
+    cwd = getconf('workdir')
+    if not os.access(cwd,os.W_OK):
+        log.error("Workdir '%s' is not Writable! Falling back to root dir"%cwd)
+        cwd = "/"
+
+    env = command.get('env', {})
+    env['_prefix'] = prefix
     env['_from'] = prefix.split('!', 1)[0]
-    env['config_filename'] = os.path.abspath(config_filename)
+
+    log.debug('self:' +self.nickname)
+    # when receiving /query, answer to the user, not to self
+    if self.nickname in target:
+      target.remove(self.nickname)
+      target.append(env['_from'])
+    log.debug('target:' +str(target))
+
     start = time()
     try:
-      p = popen(myargv, bufsize=1, stdout=PIPE, stderr=PIPE, env=env)
-    except (OSError, Exception) as error:
+      print(myargv)
+      p = popen(myargv, bufsize=1, stdout=PIPE, stderr=PIPE, env=env, cwd=cwd)
+    except Exception as error:
       self.ME(target, 'brain damaged')
       log.error('OSError@%s: %s' % (myargv, error))
       return
@@ -67,5 +109,9 @@ class Reaktor(asybot):
       self.ME(target, 'mimimi')
 
 if __name__ == "__main__":
-  Reaktor()
+  import sys
+  conf = sys.argv[1] if len(sys.argv) == 2 else default_config
+  getconf = make_getconf(conf)
+  logging.basicConfig(level = logging.DEBUG if getconf('debug') else logging.INFO)
+  Reaktor(conf)
   loop()
diff --git a/Reaktor/auth.lst b/Reaktor/auth.lst
new file mode 100755
index 00000000..8b137891
--- /dev/null
+++ b/Reaktor/auth.lst
@@ -0,0 +1 @@
+
diff --git a/Reaktor/commands/caps b/Reaktor/commands/caps
index c47319f5..ac8cc66d 100755
--- a/Reaktor/commands/caps
+++ b/Reaktor/commands/caps
@@ -1,4 +1,4 @@
-#! /usr/bin/env python
+#! /usr/bin/env python3
 import imp
 import os
 
@@ -9,4 +9,5 @@ def load_config(filename):
   return imp.load_module(modname, file, pathname, description)
 
 config = load_config(os.environ['config_filename'])
-print(' '.join(filter(None,[ x.get('capname',None) for x in config.commands])))
+print('Private: '+' '.join(filter(None,[ x.get('capname',None) for x in config.commands])))
+print('Public: '+' '.join(filter(None,[ x.get('capname',None) for x in config.public_commands])))
diff --git a/Reaktor/commands/identify b/Reaktor/commands/identify
new file mode 100755
index 00000000..c2fb2c58
--- /dev/null
+++ b/Reaktor/commands/identify
@@ -0,0 +1,22 @@
+#!/usr/bin/env python
+import imp
+import os,sys
+
+def load_config(filename):
+  dirname = os.path.dirname(filename)
+  modname, ext = os.path.splitext(os.path.basename(filename))
+  file, pathname, description = imp.find_module(modname, [ dirname ])
+  return imp.load_module(modname, file, pathname, description)
+
+config = load_config(os.environ['config_filename'])
+
+with open(config.admin_file) as f:
+  for line in f:
+    nick,secret = line.split()
+    if sys.argv[1] == secret:
+      print("identified you as %s!"%nick)
+      with open(config.auth_file,'a+') as g:
+        g.write(os.environ['_prefix'] +"\n")
+      sys.exit(0)
+
+print("unable to identify you, sorry")
diff --git a/Reaktor/commands/tell-on_join b/Reaktor/commands/tell-on_join
new file mode 100755
index 00000000..2dbff41a
--- /dev/null
+++ b/Reaktor/commands/tell-on_join
@@ -0,0 +1,19 @@
+#! /bin/sh
+set -euf
+
+# require flock from util-linux
+if test "${FLOCK-}" != "$state_file"; then
+  exec env FLOCK="$state_file" flock "$state_file" "$0" "$@"
+fi
+
+to="$_from"
+
+# print messages
+sed -n '/^'"$to"' /{
+  s/^\([^ ]\+\) \([^ ]\+\) <\([^>]\+\)> \(.*\)/\1: \4 2-- \2, \3/p
+}' "$state_file"
+
+# delete messages
+sed -i '/^'"$to"' /{
+  d
+}' "$state_file"
diff --git a/Reaktor/commands/tell-on_privmsg b/Reaktor/commands/tell-on_privmsg
new file mode 100755
index 00000000..5d0aff41
--- /dev/null
+++ b/Reaktor/commands/tell-on_privmsg
@@ -0,0 +1,17 @@
+#! /bin/sh
+set -euf
+
+# require flock from util-linux
+if test "${FLOCK-}" != "$state_file"; then
+  exec env FLOCK="$state_file" flock "$state_file" "$0" "$@"
+fi
+
+from="$_prefix"
+to="$1"; shift
+msg="$*"
+date=$(date)
+
+# TODO tell now, if already joined
+printf '%s %s <%s> %s\n' "$to" "$from" "$date" "$msg" >> "$state_file"
+
+echo 'Consider it noted.' # that's what lambdabot says...
diff --git a/Reaktor/commands/visit-page b/Reaktor/commands/visit-page
new file mode 120000
index 00000000..8723336b
--- /dev/null
+++ b/Reaktor/commands/visit-page
@@ -0,0 +1 @@
+../repos/view-website/runner.sh
+\ No newline at end of file
diff --git a/Reaktor/commands/whatweb b/Reaktor/commands/whatweb
index afe20360..68f8aa38 100755
--- a/Reaktor/commands/whatweb
+++ b/Reaktor/commands/whatweb
@@ -4,4 +4,4 @@ here=$(dirname `readlink -f $0`)
 whatweb_bin="$here/../repos/whatweb/whatweb"
 [ ! -e "$whatweb_bin" ] &&  echo "!! Whatweb app does not exist" && exit 1 
 [ -z "${1:-}" ] &&  echo "!! no host given" && exit 1
-exec $whatweb_bin -a 3 "$1" 2>&1
+exec $whatweb_bin --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0" -a 3 "$1" 2>&1
diff --git a/Reaktor/config.py b/Reaktor/config.py
index 2dd6ac2f..b1158271 100644
--- a/Reaktor/config.py
+++ b/Reaktor/config.py
@@ -1,37 +1,82 @@
+from os.path import abspath, expanduser
+import re
 
-debug = True
+debug = False
 
-# CAVEAT name should not contains regex magic
 name = 'crabmanner'
 
+#workdir = expanduser('~') + '/state'
+workdir = '/home/reaktor/state'
+
 irc_alarm_timeout = 300
 irc_hammer_interval = 10
 irc_kill_timeout = 360
 irc_nickname = name
 irc_server = 'irc.freenode.org'
 irc_port = 6667
+irc_restart_timeout = 5
 irc_channels = [
   '#krebs'
 ]
+admin_file=workdir+'/admin.lst'
+auth_file=workdir+'/auth.lst'
+
+config_filename = abspath(__file__)
+
+# me is used, so name cannot kill our patterns below
+me = '\\b' + re.escape(name) + '\\b'
+me_or_us = '(?:' + me + '|\\*)'
 
-def default_command(cmd):
+def default_command(cap, cmd=None, env=None):
+  if not env: env = {}
+  if cmd == None: cmd=cap
   return {
-    'capname': cmd,
-    'pattern': '^(?:' + name + '|\\*):\\s*' + cmd + '\\s*(?:\\s+(?P<args>.*))?$',
-    'argv': [ 'commands/' + cmd ] }
+    'capname': cap,
+    'pattern': '^' + me_or_us + ':\\s*' + cap + '\\s*(?:\\s+(?P<args>.*))?$',
+    'argv': [ 'commands/' + cmd ],
+    'env': env
+  }
 
-commands = [
-  default_command('caps'),
+def simple_command(cap, cmd=None, env={}):
+  if cmd == None: cmd=cap
+  return {
+    'capname': cap,
+    'pattern': '^' + cap + '\\s*(?:\\s+(?P<args>.*))?$',
+    'argv' : [ 'commands/' + cmd ],
+    'env': env
+  }
+
+public_commands = [
+  default_command('caps', env={
+    'config_filename': config_filename
+  }),
   default_command('hello'),
-  default_command('reload'),
   default_command('badcommand'),
   default_command('rev'),
   default_command('uptime'),
   default_command('nocommand'),
+  default_command('tell', cmd='tell-on_privmsg', env={
+    'state_file': workdir + '/tell.txt'
+  }),
   # command not found
-  { 'pattern': '^(?:' + name + '|\\*):.*',
+  { 'pattern': '^' + me_or_us + ':.*',
     'argv': [ 'commands/respond','You are made of stupid!'] },
   # "highlight"
-  { 'pattern': '.*\\b' + name + '\\b.*',
-    'argv': [ 'commands/say', 'I\'m famous' ] }
+  { 'pattern': '.*' + me + '.*',
+    'argv': [ 'commands/say', 'I\'m famous' ] },
+  # identify via direct connect
+  simple_command('identify', env={
+    'config_filename': config_filename
+  })
+]
+commands = [
+  default_command('reload')
+]
+
+on_join = [
+  {
+    'capname': 'tell',
+    'argv': [ 'commands/tell-on_join' ],
+    'env': { 'state_file': workdir + '/tell.txt' }
+  }
 ]
diff --git a/Reaktor/startup/conf.d/reaktor b/Reaktor/etc/conf.d/reaktor
index a4f3f8e1..a4f3f8e1 100644
--- a/Reaktor/startup/conf.d/reaktor
+++ b/Reaktor/etc/conf.d/reaktor
diff --git a/Reaktor/startup/init.d/reaktor-debian b/Reaktor/etc/init.d/reaktor-debian
index a94384f4..a94384f4 100755
--- a/Reaktor/startup/init.d/reaktor-debian
+++ b/Reaktor/etc/init.d/reaktor-debian
diff --git a/Reaktor/startup/supervisor/Reaktor.conf b/Reaktor/etc/supervisor/Reaktor.conf
index 497066e9..497066e9 100644
--- a/Reaktor/startup/supervisor/Reaktor.conf
+++ b/Reaktor/etc/supervisor/Reaktor.conf
diff --git a/Reaktor/etc/systemd/system/Reaktor.service b/Reaktor/etc/systemd/system/Reaktor.service
new file mode 100644
index 00000000..6bb3e550
--- /dev/null
+++ b/Reaktor/etc/systemd/system/Reaktor.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Reaktor for user %i
+After=network.target nss-lookup.target
+
+[Service]
+Type=normal
+#TODO - make reaktor path variable
+User=reaktor
+ExecStart=/krebs/painload/Reaktor/index
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=multi-user.target
diff --git a/Reaktor/index b/Reaktor/index
index ac647ca3..fc59cd73 100755
--- a/Reaktor/index
+++ b/Reaktor/index
@@ -4,4 +4,4 @@ set -euf
 # cd //Reaktor
 cd $(dirname $(readlink -f $0))
 
-exec IRC/index
+exec IRC/index "$@"
diff --git a/Reaktor/repos/view-website b/Reaktor/repos/view-website
new file mode 160000
+Subproject a3892837aabd5d95e997c0fd2526096f685669f
diff --git a/Reaktor/repos/whatweb b/Reaktor/repos/whatweb
-Subproject 0918a0d9b75df77f9c3e9eb360b6b22824582a2
+Subproject 362145cf80ccd82d4c32e15b37eeff745e0ba66
diff --git a/Reaktor/titlebot/commands/clear b/Reaktor/titlebot/commands/clear
new file mode 100755
index 00000000..e3558194
--- /dev/null
+++ b/Reaktor/titlebot/commands/clear
@@ -0,0 +1,12 @@
+#!/usr/bin/env python3
+import json
+from os import environ
+import sys
+import os
+# krebs polling
+import poll
+
+f = 'suggestions.json'
+title=" ".join(sys.argv[1:])
+db = poll.save_db(f,[])
+print("cleared database")
diff --git a/Reaktor/titlebot/commands/down b/Reaktor/titlebot/commands/down
new file mode 100755
index 00000000..8964382d
--- /dev/null
+++ b/Reaktor/titlebot/commands/down
@@ -0,0 +1,2 @@
+#!/bin/sh
+echo "not implemented"
diff --git a/Reaktor/titlebot/commands/help b/Reaktor/titlebot/commands/help
new file mode 100755
index 00000000..f04e43b7
--- /dev/null
+++ b/Reaktor/titlebot/commands/help
@@ -0,0 +1,11 @@
+#!/bin/sh
+cat <<EOF
+BGT Title Poll Bot:
+  .new TITLE              - suggest a new title
+  .list <(age|votes)>     - list all suggestions
+  .highest <NUM>          - lists the NUM highest voted suggestions
+  .up NUM (NUM ...)       - upvote one or more suggestions from .list
+  .undo NUM (NUM ...)     - undo an upvote
+  .clear                  - clear the poll (auth required)
+EOF
+
diff --git a/Reaktor/titlebot/commands/highest b/Reaktor/titlebot/commands/highest
new file mode 100755
index 00000000..d0408ac0
--- /dev/null
+++ b/Reaktor/titlebot/commands/highest
@@ -0,0 +1,30 @@
+#!/usr/bin/env python3
+import json
+from os import environ
+import sys
+import os
+import poll
+
+f = 'suggestions.json'
+title=" ".join(sys.argv[1:])
+db = poll.load_db(f)
+# only print the last N values (default 1)
+limit = int(sys.argv[1]) if len(sys.argv) > 1 else 1
+num =  0
+last_vote = 9001
+# stolen from http://stackoverflow.com/questions/9647202/ordinal-numbers-replacement
+suffixes = ["th", "st", "nd", "rd", ] + ["th"] * 16
+
+for entry in poll.sort_by_votes(db):
+    # if two entries have the same number of upvotes, do not increment the rank
+    current_vote = sum(entry['votes'].values())
+    if current_vote < last_vote:
+        num = num + 1
+    last_vote = current_vote
+    # exit if we are above the limit
+    if num > limit:
+        sys.exit(0)
+    
+    suffixed_num = str(num) + suffixes[num % 100]
+    print("%s: '%s' (%d votes)" %
+            (suffixed_num,entry['title'],sum(entry['votes'].values())))
diff --git a/Reaktor/titlebot/commands/list b/Reaktor/titlebot/commands/list
new file mode 100755
index 00000000..cee4b8a8
--- /dev/null
+++ b/Reaktor/titlebot/commands/list
@@ -0,0 +1,27 @@
+#!/usr/bin/env python3
+import json
+from os import environ
+import sys
+import os
+import poll
+
+f = 'suggestions.json'
+title=" ".join(sys.argv[1:])
+db = poll.load_db(f)
+if len(sys.argv) > 1 and ("-h" in sys.argv[1]  or "usage" == sys.argv[1]):
+    print("""usage: list <(age|votes)>
+    sort by age or by votes (default: age)
+""")
+    sys.exit(0)
+
+if len(sys.argv) > 1 and ("votes" in sys.argv[1]):
+    use = poll.sort_by_votes(db)
+elif len(sys.argv) > 1 and ("age" in sys.argv[1]) or len(sys.argv) == 1:
+    use = db
+else:
+    print("unknown sorting method")
+    sys.exit(1)
+
+for entry in use:
+    print("#%d %s (votes: %d)" %
+            (db.index(entry),entry['title'],sum(entry['votes'].values())))
diff --git a/Reaktor/titlebot/commands/new b/Reaktor/titlebot/commands/new
new file mode 100755
index 00000000..7246a2b2
--- /dev/null
+++ b/Reaktor/titlebot/commands/new
@@ -0,0 +1,19 @@
+#!/usr/bin/env python3
+import json
+from os import environ
+import sys
+import os
+# krebs polling
+import poll
+
+f = 'suggestions.json'
+title=" ".join(sys.argv[1:])
+db = poll.load_db(f)
+
+suggester = environ['_from']
+if not poll.title_in_db(title,db):
+    db.append( { 'by': suggester,
+                  'votes':{},'title': title})
+    print("Thank you for your suggestion '%s'!"%environ["_from"])
+    print("To vote type '.up %d'"%(len(db)-1))
+poll.save_db(f,db)
diff --git a/Reaktor/titlebot/commands/poll.py b/Reaktor/titlebot/commands/poll.py
new file mode 100644
index 00000000..595ab269
--- /dev/null
+++ b/Reaktor/titlebot/commands/poll.py
@@ -0,0 +1,23 @@
+#!/usr/bin/env python
+import json
+def load_db(f):
+    try:
+        with open(f) as fl:
+            return json.load(fl)
+    except:
+        #default db is []
+        return []
+
+def title_in_db(t,d):
+    for index,entry in enumerate(d):
+        if t == entry['title']:
+            print("Title is already in list.")
+            print("To vote for this type '.up %d'" %index)
+            return True
+    return False
+def save_db(f,db):
+    with open(f,"w") as x:
+        json.dump(db,x)
+
+def sort_by_votes(db):
+    return sorted(db,key=lambda entry:sum(entry['votes'].values()),reverse=True)
diff --git a/Reaktor/titlebot/commands/undo b/Reaktor/titlebot/commands/undo
new file mode 100755
index 00000000..a66de67f
--- /dev/null
+++ b/Reaktor/titlebot/commands/undo
@@ -0,0 +1,31 @@
+#!/usr/bin/env python3
+import json
+from os import environ
+import sys
+import os
+# krebs polling
+import poll
+
+f = 'suggestions.json'
+db = poll.load_db(f)
+votes = []
+try:
+    votes = sys.argv[1:]
+except:
+    print("""usage: undo number (...)
+    undos vote of one or more entries based on .list""")
+    sys.exit(1)
+voter = environ['_prefix']
+voter_name = environ['_from']
+for vote in votes:
+    try:
+        vote = int(vote)
+        if not voter in db[vote]['votes']:
+            print("%s, you never voted for '%s'!"%(voter_name,db[vote]['title']))
+        else:
+            del(db[vote]['votes'][voter] )
+            print("%s undid vote for '%s'" %(voter_name,db[vote]['title'] ))
+    except:
+        print("%s undo voting for #%d failed" %(voter_name,vote))
+
+poll.save_db(f,db)
diff --git a/Reaktor/titlebot/commands/up b/Reaktor/titlebot/commands/up
new file mode 100755
index 00000000..0a48bdb0
--- /dev/null
+++ b/Reaktor/titlebot/commands/up
@@ -0,0 +1,33 @@
+#!/usr/bin/env python3
+import json
+from os import environ
+import sys
+import os
+# krebs polling
+import poll
+
+f = 'suggestions.json'
+db = poll.load_db(f)
+votes = []
+votes = sys.argv[1:]
+if not votes:
+    print("""usage: up number (...)
+    upvotes one or more entries based on .list""")
+    sys.exit(1)
+
+voter = environ['_prefix']
+voter_name =environ['_from']
+for vote in votes:
+    try:
+        vote = int(vote)
+        if vote < 0:
+            raise Exception()
+        if voter in db[vote]['votes']:
+            print("%s, you already have voted for '%s'"%(voter_name,db[vote]['title']) )
+        else:
+            db[vote]['votes'][voter] = 1
+            print("%s voted for '%s'"%(voter_name,db[vote]['title']))
+    except:
+        print("%s, voting for #%s failed" %(voter_name,vote))
+
+poll.save_db(f,db)
diff --git a/Reaktor/titlebot/titlebot.py b/Reaktor/titlebot/titlebot.py
new file mode 100644
index 00000000..c1eac3b0
--- /dev/null
+++ b/Reaktor/titlebot/titlebot.py
@@ -0,0 +1,77 @@
+from os import environ,mkdir
+from os.path import abspath, expanduser
+import re
+debug = False
+
+# CAVEAT name should not contains regex magic
+name = 'bgt_titlebot'
+
+workdir = '/tmp/state'
+
+try:
+  mkdir(workdir)
+except: pass
+
+irc_alarm_timeout = 300
+irc_hammer_interval = 10
+irc_kill_timeout = 360
+irc_nickname = name
+irc_server = 'irc.freenode.org'
+irc_port = 6667
+irc_restart_timeout = 5
+irc_channels = [
+  '#binaergewitter'
+]
+admin_file=workdir+'/admin.lst'
+auth_file=workdir+'/auth.lst'
+
+config_filename = abspath(__file__)
+
+try: 
+    with open(admin_file,"x"): pass
+except: pass
+
+# me is used, so name cannot kill our patterns below
+me = '\\b' + re.escape(name) + '\\b'
+me_or_us = '(?:' + me + '|\\*)'
+
+def default_command(cmd, env=None):
+  if not env: env = {}
+  return {
+    'capname': cmd,
+    'pattern': '^' + me_or_us + ':\\s*' + cmd + '\\s*(?:\\s+(?P<args>.*))?$',
+    'argv': [ 'commands/' + cmd ],
+    'env': env
+  }
+def titlebot_cmd(cmd):
+  return {
+    'capname': cmd,
+    'pattern': '^\\.' + cmd + '\\s*(?:\\s+(?P<args>.*))?$',
+    'argv': [ 'titlebot/commands/' + cmd ] }
+
+public_commands = [
+  default_command('caps', env={
+    'config_filename': config_filename
+  }),
+  default_command('hello'),
+  default_command('badcommand'),
+  default_command('rev'),
+  default_command('uptime'),
+  default_command('nocommand'),
+  titlebot_cmd('list'),
+  titlebot_cmd('help'),
+  titlebot_cmd('highest'),
+  titlebot_cmd('up'),
+  titlebot_cmd('new'),
+  titlebot_cmd('undo'),
+  titlebot_cmd('down'),
+  # identify via direct connect
+  { 'capname': 'identify',
+    'pattern': '^identify' + '\\s*(?:\\s+(?P<args>.*))?$',
+    'argv' : [ 'commands/identify' ]}
+]
+commands = [
+  default_command('reload'),
+  titlebot_cmd('clear')
+]
+
diff --git a/cholerab/bling/filehooker_grub_splash.xcf b/cholerab/bling/filehooker_grub_splash.xcf
new file mode 100644
index 00000000..7be0f1f9
--- /dev/null
+++ b/cholerab/bling/filehooker_grub_splash.xcf
diff --git a/cholerab/bling/krebs_lcd.png b/cholerab/bling/krebs_lcd.png
new file mode 100644
index 00000000..046ba90f
--- /dev/null
+++ b/cholerab/bling/krebs_lcd.png
diff --git a/cholerab/bling/krebs_plain.svg b/cholerab/bling/krebs_plain.svg
index 59e21f60..349d7e6e 100644
--- a/cholerab/bling/krebs_plain.svg
+++ b/cholerab/bling/krebs_plain.svg
@@ -68,36 +68,25 @@
      inkscape:groupmode="layer"
      id="layer1"
      transform="translate(0,-1036.3622)">
-    <a
-       id="a4396">
       <path
          id="rect4446"
          style="fill:#e4002b;fill-opacity:1"
          d="m 2,1038.3619 0,3 1,0 0,-3 1,0 0,5 -1,0 0,1 2,0 0,-1 1,0 0,-1 1,0 0,-1 -1,0 0,-2 2,0 0,3 2,0 0,-1 -1,0 0,-2 2,0 0,3 0,1 1,0 0,1 2,0 0,-1 -1,0 0,-2 -1,0 0,-2 1,0 0,-1 1,0 0,3 1,0 0,-3 1,0 0,4.9553 -1,0.045 0,2 -3,0 0,1 2,0 0,2 1,0 0,3 -1,0 0,-3 -0.983435,0 -0.01656,-1 -3,0 0,4 -1,0 0,-3 -1,0 0,3 -1,0 0,-4 -3,0 0,1 -1,0 0,3 -1,0 0,-3 1,0 0,-2 2,0 0,-1 -3,0 0,-2 -1,0 0,-2 -1,0 0,-2 1,0 0,-1 z"
          inkscape:connector-curvature="0"
          sodipodi:nodetypes="cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc" />
-      <a
-         id="a4960"
-         transform="translate(5e-6,1)">
         <path
-           transform="translate(0,1036.3622)"
+           transform="translate(5e-6,1037.3622)"
            style="fill:#e4002b;fill-opacity:1"
            d="m 5,11 1,0 0,3 -2,0 0,-1 1,0 z"
            id="rect5009"
            inkscape:connector-curvature="0"
            sodipodi:nodetypes="ccccccc" />
-      </a>
-      <a
-         transform="translate(7.000005,1)"
-         id="a4960-3">
         <path
-           transform="translate(0,1036.3622)"
+           transform="translate(7.000005,1037.3622)"
            style="fill:#e4002b;fill-opacity:1"
            d="m 4,11 1,0 0,2 1,0 0,1 -2,0 z"
            id="rect5009-9"
            inkscape:connector-curvature="0"
            sodipodi:nodetypes="ccccccc" />
-      </a>
-    </a>
   </g>
 </svg>
diff --git a/cholerab/filebitch/stuff_people_want b/cholerab/filebitch/stuff_people_want
new file mode 100644
index 00000000..993fc203
--- /dev/null
+++ b/cholerab/filebitch/stuff_people_want
@@ -0,0 +1,6 @@
+- All Mame Games
+- All SNES Roms
+- All GBA Roms
+- flac sorted by genre?
+- leaked DBs
+- Huge Wordlists
diff --git a/cholerab/tahoe/brick_installation b/cholerab/tahoe/brick_installation
index c8a10cd0..77353fa2 100644
--- a/cholerab/tahoe/brick_installation
+++ b/cholerab/tahoe/brick_installation
@@ -1,5 +1,9 @@
 #? /bin/sh
 
+## tahoe brick installation (ubuntu1304)
+sudo apt-get install python-dev python-pip gcc libssl-dev
+
+
 ## Tahoe Brick Installation (Arch Linux)
 pacman -S python2 python2-pip net-tools
 pip2 install pyasn1 zfec pycrypto zbase32 pycryptopp twisted
diff --git a/cholerab/thesauron b/cholerab/thesauron
index 36bea15c..e8ce358a 100644
--- a/cholerab/thesauron
+++ b/cholerab/thesauron
@@ -12,6 +12,12 @@ eigentlich adv.
   die nicht der Fall ist.
 Antonym: tatsaechlich
 
+ghost n.
+[de]
+- Host im Darknet welcher evtl. irgendwie noch da ist (als dd image auf anderen
+  Festplatten) aber wohl nie wieder kommen wird. 
+Siehe: Wiederbelebung
+
 KD;RP abbr. (pronounciation: kah-derp)
 [en]
 - Short for Krebs Darknet / Retiolum Prefix.
@@ -77,3 +83,8 @@ Verkrebsung n.
 [de]
 - Synonym fuer die Installation von Krebs (oder eine einzelnen Krebs 
   Komponente) auf einem beliebigem System.
+
+Wiederbelebung n.
+[de]
+- Ein ghost wird im Darknet wieder erreichbar
+Siehe: ghost
diff --git a/elchos/.gitignore b/elchos/.gitignore
new file mode 100644
index 00000000..6b6e109e
--- /dev/null
+++ b/elchos/.gitignore
@@ -0,0 +1,4 @@
+work/
+out/
+arch/
+root-image/usr/bin/ncdc
diff --git a/elchos/README.md b/elchos/README.md
new file mode 100644
index 00000000..4209db7c
--- /dev/null
+++ b/elchos/README.md
@@ -0,0 +1,23 @@
+# Elch
+This builds the elch sharing distribution.
+
+# Usage 
+
+    # create a new iso
+    ./refresh
+    # creates:
+    #   out/elchos.iso 
+
+# Requirements
+Both development environment and Final Distro are based on a heavily remastered
+version of the Arch Linux Install Stick. On Arch you need archiso to build the
+distro.
+
+    pacman -Sy archiso
+
+# Configured URLs
+- elchstats.nsupdate.info -> the graphite stats receiver
+- elchirc.nsupdate.info   -> the irc to be used 
+                               irc.freenode.net currently hardcoded 
+                               in root-image/krebs/etc/Reaktor/config.py
+- elchhub.nsupdate.info   -> the dcpp hub to be used
diff --git a/elchos/TODO b/elchos/TODO
new file mode 100644
index 00000000..5c25e8d3
--- /dev/null
+++ b/elchos/TODO
@@ -0,0 +1 @@
+- migrate root-image/krebs/lib and /bin to new ship version
diff --git a/elchos/aitab b/elchos/aitab
new file mode 100644
index 00000000..b7e9a17a
--- /dev/null
+++ b/elchos/aitab
@@ -0,0 +1,3 @@
+# <img>         <mnt>                 <arch>   <sfs_comp>  <fs_type>  <fs_size>
+root-image      /                     i686     xz          ext4       50%
+root-image      /                     x86_64   xz          ext4       50%
diff --git a/elchos/build.sh b/elchos/build.sh
new file mode 100755
index 00000000..671b15b5
--- /dev/null
+++ b/elchos/build.sh
@@ -0,0 +1,265 @@
+#!/bin/bash
+
+set -e -u
+
+iso_name=archlinux
+iso_label="ARCH_$(date +%Y%m)"
+iso_version=$(date +%Y.%m.%d)
+install_dir=arch
+work_dir=work
+out_dir=out
+
+arch=$(uname -m)
+verbose=""
+pacman_conf=${work_dir}/pacman.conf
+script_path=$(readlink -f ${0%/*})
+
+_usage ()
+{
+    echo "usage ${0} [options]"
+    echo
+    echo " General options:"
+    echo "    -N <iso_name>      Set an iso filename (prefix)"
+    echo "                        Default: ${iso_name}"
+    echo "    -V <iso_version>   Set an iso version (in filename)"
+    echo "                        Default: ${iso_version}"
+    echo "    -L <iso_label>     Set an iso label (disk label)"
+    echo "                        Default: ${iso_label}"
+    echo "    -D <install_dir>   Set an install_dir (directory inside iso)"
+    echo "                        Default: ${install_dir}"
+    echo "    -w <work_dir>      Set the working directory"
+    echo "                        Default: ${work_dir}"
+    echo "    -o <out_dir>       Set the output directory"
+    echo "                        Default: ${out_dir}"
+    echo "    -v                 Enable verbose output"
+    echo "    -h                 This help message"
+    exit ${1}
+}
+
+# Helper function to run make_*() only one time per architecture.
+run_once() {
+    if [[ ! -e ${work_dir}/build.${1}_${arch} ]]; then
+        $1
+        touch ${work_dir}/build.${1}_${arch}
+    fi
+}
+
+# Setup custom pacman.conf with current cache directories.
+make_pacman_conf() {
+    local _cache_dirs
+    _cache_dirs=($(pacman -v 2>&1 | grep '^Cache Dirs:' | sed 's/Cache Dirs:\s*//g'))
+    sed -r "s|^#?\\s*CacheDir.+|CacheDir = $(echo -n ${_cache_dirs[@]})|g" ${script_path}/pacman.conf > ${pacman_conf}
+}
+
+# Base installation, plus needed packages (root-image)
+make_basefs() {
+    setarch ${arch} mkarchiso ${verbose} -w "${work_dir}/${arch}" -C "${pacman_conf}" -D "${install_dir}" init
+    setarch ${arch} mkarchiso ${verbose} -w "${work_dir}/${arch}" -C "${pacman_conf}" -D "${install_dir}" -p "memtest86+ mkinitcpio-nfs-utils nbd" install
+}
+
+# Additional packages (root-image)
+make_packages() {
+    setarch ${arch} mkarchiso ${verbose} -w "${work_dir}/${arch}" -C "${pacman_conf}" -D "${install_dir}" -p "$(grep -h -v ^# ${script_path}/packages.{both,${arch}})" install
+}
+
+# Copy mkinitcpio archiso hooks and build initramfs (root-image)
+make_setup_mkinitcpio() {
+    local _hook
+    for _hook in archiso archiso_shutdown archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs archiso_loop_mnt; do
+        cp /usr/lib/initcpio/hooks/${_hook} ${work_dir}/${arch}/root-image/usr/lib/initcpio/hooks
+        cp /usr/lib/initcpio/install/${_hook} ${work_dir}/${arch}/root-image/usr/lib/initcpio/install
+    done
+    cp /usr/lib/initcpio/install/archiso_kms ${work_dir}/${arch}/root-image/usr/lib/initcpio/install
+    cp /usr/lib/initcpio/archiso_shutdown ${work_dir}/${arch}/root-image/usr/lib/initcpio
+    cp ${script_path}/mkinitcpio.conf ${work_dir}/${arch}/root-image/etc/mkinitcpio-archiso.conf
+    setarch ${arch} mkarchiso ${verbose} -w "${work_dir}/${arch}" -C "${pacman_conf}" -D "${install_dir}" -r 'mkinitcpio -c /etc/mkinitcpio-archiso.conf -k /boot/vmlinuz-linux -g /boot/archiso.img' run
+}
+
+# Customize installation (root-image)
+make_customize_root_image() {
+    cp -af ${script_path}/root-image ${work_dir}/${arch}
+    
+    # we do not need no new mirrorlist!
+    #curl -o ${work_dir}/${arch}/root-image/etc/pacman.d/mirrorlist 'https://www.archlinux.org/mirrorlist/?country=all&protocol=http&use_mirror_status=on'
+    
+    #we do not need no bloody documentation
+    #lynx -dump -nolist 'https://wiki.archlinux.org/index.php/Installation_Guide?action=render' >> ${work_dir}/${arch}/root-image/root/install.txt
+
+    setarch ${arch} mkarchiso ${verbose} -w "${work_dir}/${arch}" -C "${pacman_conf}" -D "${install_dir}" -r '/root/customize_root_image.sh' run
+    rm ${work_dir}/${arch}/root-image/root/customize_root_image.sh
+}
+
+# Prepare kernel/initramfs ${install_dir}/boot/
+make_boot() {
+    mkdir -p ${work_dir}/iso/${install_dir}/boot/${arch}
+    cp ${work_dir}/${arch}/root-image/boot/archiso.img ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img
+    cp ${work_dir}/${arch}/root-image/boot/vmlinuz-linux ${work_dir}/iso/${install_dir}/boot/${arch}/vmlinuz
+}
+
+# Add other aditional/extra files to ${install_dir}/boot/
+make_boot_extra() {
+    cp ${work_dir}/${arch}/root-image/boot/memtest86+/memtest.bin ${work_dir}/iso/${install_dir}/boot/memtest
+    cp ${work_dir}/${arch}/root-image/usr/share/licenses/common/GPL2/license.txt ${work_dir}/iso/${install_dir}/boot/memtest.COPYING
+}
+
+# Prepare /${install_dir}/boot/syslinux
+make_syslinux() {
+    mkdir -p ${work_dir}/iso/${install_dir}/boot/syslinux
+    for _cfg in ${script_path}/syslinux/*.cfg; do
+        sed "s|%ARCHISO_LABEL%|${iso_label}|g;
+             s|%INSTALL_DIR%|${install_dir}|g" ${_cfg} > ${work_dir}/iso/${install_dir}/boot/syslinux/${_cfg##*/}
+    done
+    cp ${script_path}/syslinux/splash.png ${work_dir}/iso/${install_dir}/boot/syslinux
+    cp ${work_dir}/${arch}/root-image/usr/lib/syslinux/bios/*.c32 ${work_dir}/iso/${install_dir}/boot/syslinux
+    cp ${work_dir}/${arch}/root-image/usr/lib/syslinux/bios/lpxelinux.0 ${work_dir}/iso/${install_dir}/boot/syslinux
+    cp ${work_dir}/${arch}/root-image/usr/lib/syslinux/bios/memdisk ${work_dir}/iso/${install_dir}/boot/syslinux
+    mkdir -p ${work_dir}/iso/${install_dir}/boot/syslinux/hdt
+    gzip -c -9 ${work_dir}/${arch}/root-image/usr/share/hwdata/pci.ids > ${work_dir}/iso/${install_dir}/boot/syslinux/hdt/pciids.gz
+    gzip -c -9 ${work_dir}/${arch}/root-image/usr/lib/modules/*-ARCH/modules.alias > ${work_dir}/iso/${install_dir}/boot/syslinux/hdt/modalias.gz
+}
+
+# Prepare /isolinux
+make_isolinux() {
+    mkdir -p ${work_dir}/iso/isolinux
+    sed "s|%INSTALL_DIR%|${install_dir}|g" ${script_path}/isolinux/isolinux.cfg > ${work_dir}/iso/isolinux/isolinux.cfg
+    cp ${work_dir}/${arch}/root-image/usr/lib/syslinux/bios/isolinux.bin ${work_dir}/iso/isolinux/
+    cp ${work_dir}/${arch}/root-image/usr/lib/syslinux/bios/isohdpfx.bin ${work_dir}/iso/isolinux/
+    cp ${work_dir}/${arch}/root-image/usr/lib/syslinux/bios/ldlinux.c32 ${work_dir}/iso/isolinux/
+}
+
+# Prepare /EFI
+make_efi() {
+    mkdir -p ${work_dir}/iso/EFI/boot
+    cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/PreLoader.efi ${work_dir}/iso/EFI/boot/bootx64.efi
+    cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/HashTool.efi ${work_dir}/iso/EFI/boot/
+
+    cp ${work_dir}/x86_64/root-image/usr/lib/gummiboot/gummibootx64.efi ${work_dir}/iso/EFI/boot/loader.efi
+
+    mkdir -p ${work_dir}/iso/loader/entries
+    cp ${script_path}/efiboot/loader/loader.conf ${work_dir}/iso/loader/
+    cp ${script_path}/efiboot/loader/entries/uefi-shell-v2-x86_64.conf ${work_dir}/iso/loader/entries/
+    cp ${script_path}/efiboot/loader/entries/uefi-shell-v1-x86_64.conf ${work_dir}/iso/loader/entries/
+
+    sed "s|%ARCHISO_LABEL%|${iso_label}|g;
+         s|%INSTALL_DIR%|${install_dir}|g" \
+        ${script_path}/efiboot/loader/entries/archiso-x86_64-usb.conf > ${work_dir}/iso/loader/entries/archiso-x86_64.conf
+    
+    # TODO no uefi shell
+    # EFI Shell 2.0 for UEFI 2.3+ ( http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=UEFI_Shell )
+    # curl -o ${work_dir}/iso/EFI/shellx64_v2.efi https://svn.code.sf.net/p/edk2/code/trunk/edk2/ShellBinPkg/UefiShell/X64/Shell.efi
+    # EFI Shell 1.0 for non UEFI 2.3+ ( http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Efi-shell )
+    # curl -o ${work_dir}/iso/EFI/shellx64_v1.efi https://svn.code.sf.net/p/edk2/code/trunk/edk2/EdkShellBinPkg/FullShell/X64/Shell_Full.efi
+}
+
+# Prepare efiboot.img::/EFI for "El Torito" EFI boot mode
+make_efiboot() {
+    mkdir -p ${work_dir}/iso/EFI/archiso
+    truncate -s 31M ${work_dir}/iso/EFI/archiso/efiboot.img
+    mkfs.vfat -n ARCHISO_EFI ${work_dir}/iso/EFI/archiso/efiboot.img
+
+    mkdir -p ${work_dir}/efiboot
+    mount ${work_dir}/iso/EFI/archiso/efiboot.img ${work_dir}/efiboot
+
+    mkdir -p ${work_dir}/efiboot/EFI/archiso
+    cp ${work_dir}/iso/${install_dir}/boot/x86_64/vmlinuz ${work_dir}/efiboot/EFI/archiso/vmlinuz.efi
+    cp ${work_dir}/iso/${install_dir}/boot/x86_64/archiso.img ${work_dir}/efiboot/EFI/archiso/archiso.img
+
+    mkdir -p ${work_dir}/efiboot/EFI/boot
+    cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/PreLoader.efi ${work_dir}/efiboot/EFI/boot/bootx64.efi
+    cp ${work_dir}/x86_64/root-image/usr/lib/prebootloader/HashTool.efi ${work_dir}/efiboot/EFI/boot/
+
+    cp ${work_dir}/x86_64/root-image/usr/lib/gummiboot/gummibootx64.efi ${work_dir}/efiboot/EFI/boot/loader.efi
+
+    mkdir -p ${work_dir}/efiboot/loader/entries
+    cp ${script_path}/efiboot/loader/loader.conf ${work_dir}/efiboot/loader/
+    cp ${script_path}/efiboot/loader/entries/uefi-shell-v2-x86_64.conf ${work_dir}/efiboot/loader/entries/
+    cp ${script_path}/efiboot/loader/entries/uefi-shell-v1-x86_64.conf ${work_dir}/efiboot/loader/entries/
+
+    sed "s|%ARCHISO_LABEL%|${iso_label}|g;
+         s|%INSTALL_DIR%|${install_dir}|g" \
+        ${script_path}/efiboot/loader/entries/archiso-x86_64-cd.conf > ${work_dir}/efiboot/loader/entries/archiso-x86_64.conf
+
+    #cp ${work_dir}/iso/EFI/shellx64_v2.efi ${work_dir}/efiboot/EFI/
+    #cp ${work_dir}/iso/EFI/shellx64_v1.efi ${work_dir}/efiboot/EFI/
+
+    umount ${work_dir}/efiboot
+}
+
+# Copy aitab
+make_aitab() {
+    mkdir -p ${work_dir}/iso/${install_dir}
+    cp ${script_path}/aitab ${work_dir}/iso/${install_dir}/aitab
+}
+
+# Build all filesystem images specified in aitab (.fs.sfs .sfs)
+make_prepare() {
+    cp -a -l -f ${work_dir}/${arch}/root-image ${work_dir}
+    setarch ${arch} mkarchiso ${verbose} -w "${work_dir}" -D "${install_dir}" pkglist
+    setarch ${arch} mkarchiso ${verbose} -w "${work_dir}" -D "${install_dir}" prepare
+    rm -rf ${work_dir}/root-image
+    # rm -rf ${work_dir}/${arch}/root-image (if low space, this helps)
+}
+
+# Build ISO
+make_iso() {
+    mkarchiso ${verbose} -w "${work_dir}" -D "${install_dir}" checksum
+    mkarchiso ${verbose} -w "${work_dir}" -D "${install_dir}" -L "${iso_label}" -o "${out_dir}" iso "${iso_name}.iso"
+}
+
+if [[ ${EUID} -ne 0 ]]; then
+    echo "This script must be run as root."
+    _usage 1
+fi
+
+if [[ ${arch} != x86_64 ]]; then
+    echo "This script needs to be run on x86_64"
+    _usage 1
+fi
+
+while getopts 'N:V:L:D:w:o:vh' arg; do
+    case "${arg}" in
+        N) iso_name="${OPTARG}" ;;
+        V) iso_version="${OPTARG}" ;;
+        L) iso_label="${OPTARG}" ;;
+        D) install_dir="${OPTARG}" ;;
+        w) work_dir="${OPTARG}" ;;
+        o) out_dir="${OPTARG}" ;;
+        v) verbose="-v" ;;
+        h) _usage 0 ;;
+        *)
+           echo "Invalid argument '${arg}'"
+           _usage 1
+           ;;
+    esac
+done
+
+mkdir -p ${work_dir}
+
+run_once make_pacman_conf
+
+# Do all stuff for each root-image
+for arch in x86_64; do
+    run_once make_basefs
+    run_once make_packages
+    run_once make_setup_mkinitcpio
+    run_once make_customize_root_image
+done
+
+for arch in x86_64; do
+    run_once make_boot
+done
+
+# Do all stuff for "iso"
+run_once make_boot_extra
+run_once make_syslinux
+run_once make_isolinux
+run_once make_efi
+run_once make_efiboot
+
+run_once make_aitab
+
+for arch in x86_64; do
+    run_once make_prepare
+done
+
+run_once make_iso
diff --git a/elchos/efiboot/loader/entries/archiso-x86_64-cd.conf b/elchos/efiboot/loader/entries/archiso-x86_64-cd.conf
new file mode 100644
index 00000000..9892c591
--- /dev/null
+++ b/elchos/efiboot/loader/entries/archiso-x86_64-cd.conf
@@ -0,0 +1,4 @@
+title   Arch Linux archiso x86_64 UEFI CD
+linux   /EFI/archiso/vmlinuz.efi
+initrd  /EFI/archiso/archiso.img
+options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL%
diff --git a/elchos/efiboot/loader/entries/archiso-x86_64-usb.conf b/elchos/efiboot/loader/entries/archiso-x86_64-usb.conf
new file mode 100644
index 00000000..f61c5323
--- /dev/null
+++ b/elchos/efiboot/loader/entries/archiso-x86_64-usb.conf
@@ -0,0 +1,4 @@
+title   Arch Linux archiso x86_64 UEFI USB
+linux   /%INSTALL_DIR%/boot/x86_64/vmlinuz
+initrd  /%INSTALL_DIR%/boot/x86_64/archiso.img
+options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL%
diff --git a/elchos/efiboot/loader/entries/uefi-shell-v1-x86_64.conf b/elchos/efiboot/loader/entries/uefi-shell-v1-x86_64.conf
new file mode 100644
index 00000000..9597ff2f
--- /dev/null
+++ b/elchos/efiboot/loader/entries/uefi-shell-v1-x86_64.conf
@@ -0,0 +1,2 @@
+title  UEFI Shell x86_64 v1
+efi    /EFI/shellx64_v1.efi
diff --git a/elchos/efiboot/loader/entries/uefi-shell-v2-x86_64.conf b/elchos/efiboot/loader/entries/uefi-shell-v2-x86_64.conf
new file mode 100644
index 00000000..0dde77ab
--- /dev/null
+++ b/elchos/efiboot/loader/entries/uefi-shell-v2-x86_64.conf
@@ -0,0 +1,2 @@
+title  UEFI Shell x86_64 v2
+efi    /EFI/shellx64_v2.efi
diff --git a/elchos/efiboot/loader/loader.conf b/elchos/efiboot/loader/loader.conf
new file mode 100644
index 00000000..62c4a839
--- /dev/null
+++ b/elchos/efiboot/loader/loader.conf
@@ -0,0 +1,2 @@
+timeout 3
+default archiso-x86_64
diff --git a/elchos/html/index.html b/elchos/html/index.html
new file mode 100644
index 00000000..83ec141c
--- /dev/null
+++ b/elchos/html/index.html
@@ -0,0 +1,42 @@
+<!Doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css">
+    <title>ElchOS Main Page</title>
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+  </head>
+  <body>
+      <div class="navbar navbar-inverse navbar-fixed-top" role="navigation">
+              <div class="container">
+        <div class="navbar-header">
+          <a class="navbar-brand" href="#">ElchOS</a>
+        </div>
+              </div>
+            </div>
+  <div class="container">
+  <h2>What is ElchOS</h2>
+  <p>
+  ElchOS is a distribution created for simple and fast file sharing on big events through the power of distributed networks. </p>
+  <p>
+  The idea ist to plug in and boot any computer via USB-Stick and have the OS share all attached large disks via a number of different sharing protocols,namely Advanced Direct Connect (ADC) and good ol' FTP (and possibly more in the future)</p>
+  <p>
+Besides that the system will provide bonus features via a preconfigured IRC Bot and send stats to a graphite Host. 
+It also starts up a tor hidden service in order to find boxes hidden behind weird installations.</p>
+<h2>Quit that jibber-jabber, where is the iso?</h2>
+<a href="/out/elchos.iso">Current ElchOS ISO</a>
+<h2>What magic variables are important?</h2>
+ElchOS uses DNS for finding the relevant Hosts in the network, namely the IRC Server, the ADC-Hub and the Graphite Stats Receiver.<br/>
+These are the magic hosts to be resolved:
+<ul>
+  <li>adcs://elchhub.nsupdate.info:2781</li>
+  <li>carbon://elchstats.nsupdate.info:2003</li>
+  <li>irc://elchirc.nsupdate.info:6667 (planned)</li>
+</ul>
+</div>
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
+<script src="//netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js"></script>
+
+  </body>
+</html>
diff --git a/elchos/html/out b/elchos/html/out
new file mode 120000
index 00000000..9e7e3878
--- /dev/null
+++ b/elchos/html/out
@@ -0,0 +1 @@
+../out/
+\ No newline at end of file
diff --git a/elchos/isolinux/isolinux.cfg b/elchos/isolinux/isolinux.cfg
new file mode 100644
index 00000000..10fd2852
--- /dev/null
+++ b/elchos/isolinux/isolinux.cfg
@@ -0,0 +1,6 @@
+PATH /%INSTALL_DIR%/boot/syslinux/
+DEFAULT loadconfig
+
+LABEL loadconfig
+  CONFIG /%INSTALL_DIR%/boot/syslinux/archiso.cfg
+  APPEND /%INSTALL_DIR%/
diff --git a/elchos/mkinitcpio.conf b/elchos/mkinitcpio.conf
new file mode 100644
index 00000000..2f46da49
--- /dev/null
+++ b/elchos/mkinitcpio.conf
@@ -0,0 +1,2 @@
+HOOKS="base udev memdisk archiso_shutdown archiso archiso_loop_mnt archiso_pxe_common archiso_pxe_nbd archiso_pxe_http archiso_pxe_nfs archiso_kms block pcmcia filesystems keyboard"
+COMPRESSION="xz"
diff --git a/elchos/packages.both b/elchos/packages.both
new file mode 100644
index 00000000..5eaef4e5
--- /dev/null
+++ b/elchos/packages.both
@@ -0,0 +1,49 @@
+arch-install-scripts
+python
+hddtemp
+mlocate
+collectd
+sysstat
+vsftpd
+btrfs-progs
+lftp
+haveged
+crda
+dhclient
+dialog
+dmraid
+dnsmasq
+dnsutils
+dosfstools
+ethtool
+f2fs-tools
+fsarchiver
+gnu-netcat
+gpm
+gptfdisk
+grml-zsh-config
+hdparm
+lftp
+linux-atm
+mtools
+nfs-utils
+nilfs-utils
+ntfs-3g
+ntp
+openconnect
+openssh
+partimage
+rfkill
+rsync
+sudo
+tcpdump
+wget
+wireless_tools
+wpa_actiond
+zsh
+vim
+tor
+tmux
+pacman-mirrorlist
+avahi
+nss-mdns
diff --git a/elchos/packages.i686 b/elchos/packages.i686
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/elchos/packages.i686
diff --git a/elchos/packages.x86_64 b/elchos/packages.x86_64
new file mode 100644
index 00000000..407ead28
--- /dev/null
+++ b/elchos/packages.x86_64
@@ -0,0 +1,3 @@
+gummiboot
+prebootloader
+refind-efi
diff --git a/elchos/pacman.conf b/elchos/pacman.conf
new file mode 100644
index 00000000..45fe03dc
--- /dev/null
+++ b/elchos/pacman.conf
@@ -0,0 +1,92 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+#CacheDir    = /var/cache/pacman/pkg/
+#LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+HoldPkg     = pacman glibc
+#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+#UseDelta    = 0.7
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg   =
+#IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+#UseSyslog
+#Color
+#TotalDownload
+# We cannot check disk space from within a chroot environment
+#CheckSpace
+#VerbosePkgLists
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+#   - can be defined here or included from another file
+#   - pacman will search repositories in the order defined here
+#   - local/custom mirrors can be added here or in separate files
+#   - repositories listed first will take precedence when packages
+#     have identical names, regardless of version number
+#   - URLs will have $repo replaced by the name of the current repo
+#   - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+#       [repo-name]
+#       Server = ServerName
+#       Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+#[testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+#[community-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository.  See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs
+
diff --git a/elchos/refresh.sh b/elchos/refresh.sh
new file mode 100755
index 00000000..e707fab7
--- /dev/null
+++ b/elchos/refresh.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+set -eu
+cd "$(dirname "$(readlink -f "$0")")"
+rm -rvf  out/ work
+./build.sh -N elchos -v
+cp -v out/elchos* /home/makefu/isos
+# TODO internal
+virsh reset vm1 ||:
diff --git a/elchos/root-image/etc/collectd.conf b/elchos/root-image/etc/collectd.conf
new file mode 100644
index 00000000..30480f2e
--- /dev/null
+++ b/elchos/root-image/etc/collectd.conf
@@ -0,0 +1,84 @@
+#Hostname "elch_<macid>"
+Interval 10
+
+LoadPlugin syslog
+<Plugin syslog>
+	LogLevel info
+</Plugin>
+
+LoadPlugin md
+LoadPlugin cpu
+LoadPlugin df
+LoadPlugin disk
+#LoadPlugin ping
+LoadPlugin hddtemp
+LoadPlugin interface
+LoadPlugin load
+LoadPlugin memory
+LoadPlugin network
+LoadPlugin uptime
+LoadPlugin users
+LoadPlugin write_graphite
+
+<Plugin df>
+#	Device "/dev/sda1"
+#	Device "192.168.0.2:/mnt/nfs"
+  FSType "ext2"
+  FSType "ext3"
+  FSType "ext4"
+  FSType "btrfs"
+  FSType "ntfs"
+  FSType "ntfs-3g"
+  FSType "vfat"
+
+	IgnoreSelected false
+</Plugin>
+
+<Plugin disk>
+	Disk "/[vsh]d[abcdefg][12345678]/"
+	IgnoreSelected false
+</Plugin>
+
+<Plugin hddtemp>
+	Host "127.0.0.1"
+	Port 7634
+	#TranslateDevicename false
+</Plugin>
+
+<Plugin interface>
+	Interface "lo"
+  IgnoreSelected true
+</Plugin>
+
+
+#<Plugin ping>
+	#Host "elchhub.krebsco.de"
+	#Host "elchstats.krebsco.de"
+	#Interval 1.0
+	#Timeout 0.9
+#	TTL 255
+#	SourceAddress "1.2.3.4"
+#	Device "eth0"
+#	MaxMissed -1
+#</Plugin>
+
+
+#<Plugin sensors>
+#	Sensor "it8712-isa-0290/temperature-temp1"
+#	Sensor "it8712-isa-0290/fanspeed-fan3"
+#	Sensor "it8712-isa-0290/voltage-in8"
+#	IgnoreSelected false
+#</Plugin>
+
+
+<Plugin "write_graphite">
+ <Carbon>
+   Host "elchstats.nsupdate.info"
+   Port "2003"
+   Prefix "elch."
+   #Postfix ""
+   EscapeCharacter "_"
+   StoreRates false
+   AlwaysAppendDS false
+ </Carbon>
+</Plugin>
diff --git a/elchos/root-image/etc/fstab b/elchos/root-image/etc/fstab
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/elchos/root-image/etc/fstab
diff --git a/elchos/root-image/etc/hostname b/elchos/root-image/etc/hostname
new file mode 100644
index 00000000..ef8963cd
--- /dev/null
+++ b/elchos/root-image/etc/hostname
@@ -0,0 +1 @@
+filebitch
diff --git a/elchos/root-image/etc/locale.conf b/elchos/root-image/etc/locale.conf
new file mode 100644
index 00000000..01ec548f
--- /dev/null
+++ b/elchos/root-image/etc/locale.conf
@@ -0,0 +1 @@
+LANG=en_US.UTF-8
diff --git a/elchos/root-image/etc/pam.d/su b/elchos/root-image/etc/pam.d/su
new file mode 100644
index 00000000..a2910423
--- /dev/null
+++ b/elchos/root-image/etc/pam.d/su
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+auth		sufficient	pam_wheel.so trust use_uid
+auth		required	pam_unix.so
+account		required	pam_unix.so
+session		required	pam_unix.so
diff --git a/elchos/root-image/etc/sudoers.d/g_wheel b/elchos/root-image/etc/sudoers.d/g_wheel
new file mode 100644
index 00000000..8c45359f
--- /dev/null
+++ b/elchos/root-image/etc/sudoers.d/g_wheel
@@ -0,0 +1 @@
+%wheel  ALL=(ALL) NOPASSWD: ALL
diff --git a/elchos/root-image/etc/systemd/scripts/choose-mirror b/elchos/root-image/etc/systemd/scripts/choose-mirror
new file mode 100755
index 00000000..0ae08067
--- /dev/null
+++ b/elchos/root-image/etc/systemd/scripts/choose-mirror
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+get_cmdline() {
+    local param
+    for param in $(< /proc/cmdline); do
+        case "${param}" in
+            $1=*) echo "${param##*=}";
+            return 0
+            ;;
+        esac
+    done
+}
+
+mirror=$(get_cmdline mirror)
+[[ $mirror = auto ]] && mirror=$(get_cmdline archiso_http_srv)
+[[ $mirror ]] || exit 0
+
+mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
+cat >/etc/pacman.d/mirrorlist << EOF
+#
+# Arch Linux repository mirrorlist
+# Generated by archiso
+#
+
+Server = ${mirror%%/}/\$repo/os/\$arch
+EOF
diff --git a/elchos/root-image/etc/systemd/system/choose-mirror.service b/elchos/root-image/etc/systemd/system/choose-mirror.service
new file mode 100644
index 00000000..1e4d771d
--- /dev/null
+++ b/elchos/root-image/etc/systemd/system/choose-mirror.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Choose mirror from the kernel command line
+ConditionKernelCommandLine=mirror
+
+[Service]
+Type=oneshot
+ExecStart=/etc/systemd/scripts/choose-mirror
+
+[Install]
+WantedBy=multi-user.target
diff --git a/elchos/root-image/etc/systemd/system/collectd.service.d/wait.conf b/elchos/root-image/etc/systemd/system/collectd.service.d/wait.conf
new file mode 100644
index 00000000..05d8b43c
--- /dev/null
+++ b/elchos/root-image/etc/systemd/system/collectd.service.d/wait.conf
@@ -0,0 +1,2 @@
+[Service]
+ExecStartPre=/usr/bin/sleep 20
diff --git a/elchos/root-image/etc/systemd/system/dhcpcd.service.d/force-reboot.conf b/elchos/root-image/etc/systemd/system/dhcpcd.service.d/force-reboot.conf
new file mode 100644
index 00000000..5b506341
--- /dev/null
+++ b/elchos/root-image/etc/systemd/system/dhcpcd.service.d/force-reboot.conf
@@ -0,0 +1,2 @@
+[Service]
+StartLimitAction=reboot-force
diff --git a/elchos/root-image/etc/systemd/system/elch-hostname.service b/elchos/root-image/etc/systemd/system/elch-hostname.service
new file mode 100644
index 00000000..8af94772
--- /dev/null
+++ b/elchos/root-image/etc/systemd/system/elch-hostname.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=change elchOS hostname
+Before=network.target nss-lookup.target multi-user.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/krebs/bin/set-hostname.sh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/elchos/root-image/etc/systemd/system/etc-pacman.d-gnupg.mount b/elchos/root-image/etc/systemd/system/etc-pacman.d-gnupg.mount
new file mode 100644
index 00000000..4eab5513
--- /dev/null
+++ b/elchos/root-image/etc/systemd/system/etc-pacman.d-gnupg.mount
@@ -0,0 +1,8 @@
+[Unit]
+Description=Temporary /etc/pacman.d/gnupg directory
+
+[Mount]
+What=tmpfs
+Where=/etc/pacman.d/gnupg
+Type=tmpfs
+Options=mode=0755
diff --git a/elchos/root-image/etc/systemd/system/getty@tty1.service.d/run_krebs_secret.conf b/elchos/root-image/etc/systemd/system/getty@tty1.service.d/run_krebs_secret.conf
new file mode 100644
index 00000000..29e5be5f
--- /dev/null
+++ b/elchos/root-image/etc/systemd/system/getty@tty1.service.d/run_krebs_secret.conf
@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=-/usr/bin/agetty --autologin reaktor --noclear %I  38400 linux 
diff --git a/elchos/root-image/etc/systemd/system/hddtemp.service.d/monitor_all_disks.conf b/elchos/root-image/etc/systemd/system/hddtemp.service.d/monitor_all_disks.conf
new file mode 100644
index 00000000..e6b8fcda
--- /dev/null
+++ b/elchos/root-image/etc/systemd/system/hddtemp.service.d/monitor_all_disks.conf
@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/bin/bash -c "/usr/bin/hddtemp -dF hddtemp -d /dev/[vsh]d[a-z]"
diff --git a/elchos/root-image/etc/systemd/system/ntpdate.service.d/set_hwclock.conf b/elchos/root-image/etc/systemd/system/ntpdate.service.d/set_hwclock.conf
new file mode 100644
index 00000000..e57550c8
--- /dev/null
+++ b/elchos/root-image/etc/systemd/system/ntpdate.service.d/set_hwclock.conf
@@ -0,0 +1,2 @@
+[Service]
+ExecStart=/usr/bin/hwclock --systohc --utc -w
diff --git a/elchos/root-image/etc/systemd/system/pacman-init.service b/elchos/root-image/etc/systemd/system/pacman-init.service
new file mode 100644
index 00000000..23b81445
--- /dev/null
+++ b/elchos/root-image/etc/systemd/system/pacman-init.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Initializes Pacman keyring
+Wants=haveged.service
+After=haveged.service
+Requires=etc-pacman.d-gnupg.mount
+After=etc-pacman.d-gnupg.mount
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/pacman-key --init
+ExecStart=/usr/bin/pacman-key --populate archlinux
+
+[Install]
+WantedBy=multi-user.target
diff --git a/elchos/root-image/etc/systemd/system/start-ncdc@.service b/elchos/root-image/etc/systemd/system/start-ncdc@.service
new file mode 100644
index 00000000..7b5b1b8e
--- /dev/null
+++ b/elchos/root-image/etc/systemd/system/start-ncdc@.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=ncdc autoconfig and startup for %i
+After=network.target local-fs.target multi-user.target elch-hostname.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+#KillMode=none
+ExecStart=/usr/bin/tmux new-session -n startup -d "/bin/sh /krebs/bin/start-ncdc.ship"
+ExecStop=/usr/bin/sudo -u %i /usr/bin/tmux send-keys -t dcpp:ncdc "/quit" C-m
+
+[Install]
+WantedBy=multi-user.target
diff --git a/elchos/root-image/etc/systemd/system/tor-configure-hidden.service b/elchos/root-image/etc/systemd/system/tor-configure-hidden.service
new file mode 100644
index 00000000..c9b8f20f
--- /dev/null
+++ b/elchos/root-image/etc/systemd/system/tor-configure-hidden.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Announce Tor Hidden Address
+After=network.target nss-lookup.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/krebs/bin/tor_configure_hidden_service.ship
+
+[Install]
+WantedBy=multi-user.target
diff --git a/elchos/root-image/etc/udev/rules.d/81-dhcpcd.rules b/elchos/root-image/etc/udev/rules.d/81-dhcpcd.rules
new file mode 100644
index 00000000..1c4053c0
--- /dev/null
+++ b/elchos/root-image/etc/udev/rules.d/81-dhcpcd.rules
@@ -0,0 +1 @@
+ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="en*|eth*", ENV{SYSTEMD_WANTS}="dhcpcd@$name.service"
diff --git a/elchos/root-image/krebs/bin/add-reaktor-secret.sh b/elchos/root-image/krebs/bin/add-reaktor-secret.sh
new file mode 100755
index 00000000..92681449
--- /dev/null
+++ b/elchos/root-image/krebs/bin/add-reaktor-secret.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+set -euf
+green='\e[0;32m'
+red='\e[0;31m'
+nc='\e[0m'
+black='\e[0;30m'
+
+printf "${green}Add a Reaktor Secret ${nc}\n"
+printf "${red}(no spaces in input plox)${nc}\n"
+
+nick=${1:-}
+while test -z "${nick:-}" ;do
+  printf "provide Nick Name:\n"
+  read nick
+done
+
+secret=${2:-}
+while test -z "${secret:-}" ;do
+  printf "provide Secret:$black\n" 
+  read secret
+done
+
+echo "$nick $secret" >> /krebs/painload/Reaktor/admin.lst
+printf "${green}done${nc}"
diff --git a/elchos/root-image/krebs/bin/macid.sh b/elchos/root-image/krebs/bin/macid.sh
new file mode 100755
index 00000000..0fccc84b
--- /dev/null
+++ b/elchos/root-image/krebs/bin/macid.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+ip addr | grep ether | awk '{print $2}' | sort |md5sum | awk '{print $1}' | dd bs=1 count=6 2>/dev/null
diff --git a/elchos/root-image/krebs/bin/reaktor-shell.sh b/elchos/root-image/krebs/bin/reaktor-shell.sh
new file mode 100755
index 00000000..117c64f6
--- /dev/null
+++ b/elchos/root-image/krebs/bin/reaktor-shell.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+echo "IP Addresses:"
+/krebs/painload/Reaktor/commands/ips || echo "no IPs!"
+/krebs/bin/add-reaktor-secret.sh
diff --git a/elchos/root-image/krebs/bin/refresh-shares.ship b/elchos/root-image/krebs/bin/refresh-shares.ship
new file mode 100755
index 00000000..364d7758
--- /dev/null
+++ b/elchos/root-image/krebs/bin/refresh-shares.ship
@@ -0,0 +1,11 @@
+#!/bin/sh
+#TODO:
+#!/usr/bin/env ship
+set -euf
+#@include filehooker
+. /krebs/lib/filehooker
+ncdc_user="hooker"
+
+share_all_partitions
+systemctl restart hddtemp.service
+exit 0
diff --git a/elchos/root-image/krebs/bin/set-hostname.sh b/elchos/root-image/krebs/bin/set-hostname.sh
new file mode 100755
index 00000000..31101a18
--- /dev/null
+++ b/elchos/root-image/krebs/bin/set-hostname.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+hostn="elch_$(/krebs/bin/macid.sh)"
+hostnamectl set-hostname "$hostn"
+hostname $hostn
+echo "$hostn" > /etc/hostname
diff --git a/elchos/root-image/krebs/bin/start-ncdc.ship b/elchos/root-image/krebs/bin/start-ncdc.ship
new file mode 100755
index 00000000..1d47bcfb
--- /dev/null
+++ b/elchos/root-image/krebs/bin/start-ncdc.ship
@@ -0,0 +1,23 @@
+#!/usr/bin/env ship
+set -euf
+#@include filehooker
+. /krebs/lib/filehooker
+#@include network
+ncdc_user="hooker"
+
+useradd -m $ncdc_user ||:
+
+sudo -u $ncdc_user /usr/bin/tmux new-session -s dcpp -n ncdc -d ncdc 2>/dev/null || echo "ncdc is already running"
+
+nick=$(cat /etc/hostname)
+echo "using nick $nick"
+ncdc_configure_nick "$nick"
+sleep 1
+dc_hub="adcs://elchhub.nsupdate.info:2781"
+echo "connecting to $dc_hub"
+ncdc_configure_hub "$dc_hub" "elch"
+
+
+share_all_partitions
+
+exit 0
diff --git a/elchos/root-image/krebs/bin/tor-get-hidden-service.sh b/elchos/root-image/krebs/bin/tor-get-hidden-service.sh
new file mode 100755
index 00000000..c9946366
--- /dev/null
+++ b/elchos/root-image/krebs/bin/tor-get-hidden-service.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+cat /var/lib/tor/hidden_service/hostname
diff --git a/elchos/root-image/krebs/bin/tor_configure_hidden_service.ship b/elchos/root-image/krebs/bin/tor_configure_hidden_service.ship
new file mode 100755
index 00000000..1e026d26
--- /dev/null
+++ b/elchos/root-image/krebs/bin/tor_configure_hidden_service.ship
@@ -0,0 +1,16 @@
+#!/bin/sh
+#@include core
+. /krebs/lib/core
+#@include network
+. /krebs/lib/network
+#@include tor
+. /krebs/lib/tor
+
+sleep_time=5
+test -w "$torrc" || ( error "$torrc is not writable!"; exit 1 ) || exit 1
+
+configure_hidden_service
+test ! -e $hidden_service_dir/hostname && \
+  info "hidden service file does not exist, restarting tor" && \
+  systemctl restart tor && \
+  sleep 1
diff --git a/elchos/root-image/krebs/bin/tor_publish_ssh.ship b/elchos/root-image/krebs/bin/tor_publish_ssh.ship
new file mode 100755
index 00000000..2ecee9fb
--- /dev/null
+++ b/elchos/root-image/krebs/bin/tor_publish_ssh.ship
@@ -0,0 +1,12 @@
+#!/usr/bin/env ship
+#@include core
+. /krebs/lib/core
+#@include network
+. /krebs/lib/network
+#@include tor
+. /krebs/lib/tor
+
+test -w "$torrc" || ( error "$torrc is not writable!"; exit 1 ) || exit 1
+
+configure_hidden_service
+cat $hidden_service_dir/hostname | send_irc
diff --git a/elchos/root-image/krebs/bin/update-search.sh b/elchos/root-image/krebs/bin/update-search.sh
new file mode 100755
index 00000000..665f6543
--- /dev/null
+++ b/elchos/root-image/krebs/bin/update-search.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+for i in /media/vag*;do
+  updatedb  -l 0 -o "$i/mlocate.db" -U "$i"
+done
+echo "update complete"
diff --git a/elchos/root-image/krebs/bin/vim_sane_defaults.ship b/elchos/root-image/krebs/bin/vim_sane_defaults.ship
new file mode 100755
index 00000000..fcc7ffcf
--- /dev/null
+++ b/elchos/root-image/krebs/bin/vim_sane_defaults.ship
@@ -0,0 +1,10 @@
+#!/bin/sh
+#@strict
+#@include core
+. /krebs/lib/core
+#@include vim
+. /krebs/lib/vim
+#@mainifyme
+touch $vimrc
+info "configuring vim"
+vim_conf_sane_defaults
diff --git a/elchos/root-image/krebs/etc/Reaktor/admin.lst b/elchos/root-image/krebs/etc/Reaktor/admin.lst
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/elchos/root-image/krebs/etc/Reaktor/admin.lst
diff --git a/elchos/root-image/krebs/etc/Reaktor/auth.lst b/elchos/root-image/krebs/etc/Reaktor/auth.lst
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/elchos/root-image/krebs/etc/Reaktor/auth.lst
diff --git a/elchos/root-image/krebs/etc/Reaktor/commands/ftpget b/elchos/root-image/krebs/etc/Reaktor/commands/ftpget
new file mode 100755
index 00000000..74e76f8e
--- /dev/null
+++ b/elchos/root-image/krebs/etc/Reaktor/commands/ftpget
@@ -0,0 +1,58 @@
+#!/bin/sh
+# usage: $0 [-d] uri sharename[/subdirs]
+exec 2>&1
+set -euf
+ncdc_user=hooker
+usage(){
+  cat <<EOF
+usage: $0 [-d] uri share[/subdirs]
+  -d      --   uri is a directory to be mirrored
+  share   --   vag[0-n]
+
+EOF
+}
+examples(){
+  cat <<EOF
+examples: ftpget -d http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.8 vag0/firefox_releases
+              -> 0.8 directory is stored to /media/vag0/firefox_releases
+
+          ftpget -d http://speedtest.qsc.de/10MB.qsc vag0/
+              -> 10MB.qsc is stored to /media/vag0/10MB.qsc
+EOF
+}
+if test "${1:--h}" == '-h' -o "${1:-}" == '--help';then
+  usage
+  examples
+  exit 0
+fi
+if test ${1:-} == '-d' ;then
+  is_dir=true
+  shift
+fi
+
+target="${1:-}"
+if !( echo "$target" | egrep -q '^(ftps*://|https*://)' );then
+  exit 23
+fi
+
+share=$( printf "%s" "${2?provide share name}" |head -1 | sed 's#\.\./##')
+sharepath=/media/${share%%/*}
+realshare="/media/$share"
+test ! -e "$sharepath" && echo "$sharepath does not exist!" && exit 23
+
+sudo -u $ncdc_user /usr/bin/mkdir -p "$realshare"
+
+if test -z ${is_dir:-};then
+  cmd="lftpget \"$target\""
+else
+  cmd="lftp -e \"mirror;exit\" $target"
+fi
+
+  if ! sudo -u $ncdc_user /usr/bin/tmux has-session -t dl >/dev/null 2>&1 ;then
+    sudo -u $ncdc_user /usr/bin/tmux new-session -s dl -d  -c "$realshare" "$cmd"
+  else
+    sudo -u $ncdc_user /usr/bin/tmux new-window -t dl  -c "$realshare" "$cmd"
+  fi
+#sudo -u $ncdc_user /usr/bin/tmux new-window -t dl 
+#cd "$realshare" ;sudo -u hooker /usr/bin/lftpget "$target"
+echo "download started, check with 'list_downloads'"
diff --git a/elchos/root-image/krebs/etc/Reaktor/commands/identify b/elchos/root-image/krebs/etc/Reaktor/commands/identify
new file mode 100755
index 00000000..c2fb2c58
--- /dev/null
+++ b/elchos/root-image/krebs/etc/Reaktor/commands/identify
@@ -0,0 +1,22 @@
+#!/usr/bin/env python
+import imp
+import os,sys
+
+def load_config(filename):
+  dirname = os.path.dirname(filename)
+  modname, ext = os.path.splitext(os.path.basename(filename))
+  file, pathname, description = imp.find_module(modname, [ dirname ])
+  return imp.load_module(modname, file, pathname, description)
+
+config = load_config(os.environ['config_filename'])
+
+with open(config.admin_file) as f:
+  for line in f:
+    nick,secret = line.split()
+    if sys.argv[1] == secret:
+      print("identified you as %s!"%nick)
+      with open(config.auth_file,'a+') as g:
+        g.write(os.environ['_prefix'] +"\n")
+      sys.exit(0)
+
+print("unable to identify you, sorry")
diff --git a/elchos/root-image/krebs/etc/Reaktor/commands/io b/elchos/root-image/krebs/etc/Reaktor/commands/io
new file mode 100755
index 00000000..eb04ae9b
--- /dev/null
+++ b/elchos/root-image/krebs/etc/Reaktor/commands/io
@@ -0,0 +1,25 @@
+#!/usr/bin/zsh
+printf '%-10s %-7s %-7s %-7s %-7s\n'  IFACE rxkB/s txkB/s rxTotal txTotal
+sar -n DEV 1 3 | grep Average: | grep -v IFACE | grep -v ' lo ' | while read line;do
+  dev=$(echo $line | awk  '{print $2}')
+  rxkb=$(echo $line | awk '{print $5}')
+  txkb=$(echo $line | awk '{print $6}')
+  total_bytes_r=$(cat /proc/net/dev | grep ${dev}: | awk '{print $2}')
+  total_bytes_t=$(cat /proc/net/dev | grep ${dev}: | awk '{print $10}')
+ 
+  printf '%-10s %-7s %-7s %-7s %-7s\n'  $dev $rxkb $txkb $((total_bytes_r / (1024*1024))) $((total_bytes_t / (1024*1024)))
+done
+printf "%-10s %-7s %-7s\n" "DSK" "rxkB/s" "txkB/s"
+sar -p -d 1 3 | grep Average: | grep -v ' DEV ' |while read line;
+do
+  dsk=$(echo $line | awk '{print $2}')
+  rd_sec=$(echo $line | awk '{print $4}')
+  wr_sec=$(echo $line | awk '{print $5}')
+  if echo $dsk | egrep -q '(sd|hd|vd)';then
+    # TODO for some reason 0.00 can only be interpreted correctly as arithmetic
+    # expession by zsh
+    #
+    # rd is counted in blocks (which is 512 bytes)
+    printf "%-10s %-7.2f %-7.2f\n" "/dev/$dsk" "$((rd_sec*2))" "$((wr_sec*2))"
+  fi
+done
diff --git a/elchos/root-image/krebs/etc/Reaktor/commands/ips b/elchos/root-image/krebs/etc/Reaktor/commands/ips
new file mode 100755
index 00000000..17c39658
--- /dev/null
+++ b/elchos/root-image/krebs/etc/Reaktor/commands/ips
@@ -0,0 +1,2 @@
+#!/bin/sh
+ip addr | grep 'inet ' | awk '{print $2}' |  grep -v 127.0.0.1 | grep .
diff --git a/elchos/root-image/krebs/etc/Reaktor/commands/list_downloads b/elchos/root-image/krebs/etc/Reaktor/commands/list_downloads
new file mode 100755
index 00000000..f53067d8
--- /dev/null
+++ b/elchos/root-image/krebs/etc/Reaktor/commands/list_downloads
@@ -0,0 +1,8 @@
+#!/bin/sh
+ncdc_user=hooker
+count=$(sudo -u $ncdc_user /usr/bin/tmux list-windows -t dl 2>/dev/null| wc -l)
+
+test $count -eq 0 && echo "no downloads running" && exit 0
+for i in $(seq 0 $(($count-1)));do
+  sudo -u $ncdc_user /usr/bin/tmux capture-pane -t dl:$i -p | grep -v '^$' | tail -n 1
+done 
diff --git a/elchos/root-image/krebs/etc/Reaktor/commands/onion b/elchos/root-image/krebs/etc/Reaktor/commands/onion
new file mode 100755
index 00000000..1a202991
--- /dev/null
+++ b/elchos/root-image/krebs/etc/Reaktor/commands/onion
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+sudo -u tor /krebs/bin/tor-get-hidden-service.sh || echo "no hidden service configured"
diff --git a/elchos/root-image/krebs/etc/Reaktor/commands/reboot b/elchos/root-image/krebs/etc/Reaktor/commands/reboot
new file mode 100755
index 00000000..a264831a
--- /dev/null
+++ b/elchos/root-image/krebs/etc/Reaktor/commands/reboot
@@ -0,0 +1,3 @@
+#!/bin/sh
+echo "system is going down"
+sudo /usr/bin/reboot
diff --git a/elchos/root-image/krebs/etc/Reaktor/commands/refresh_shares b/elchos/root-image/krebs/etc/Reaktor/commands/refresh_shares
new file mode 100755
index 00000000..1005998b
--- /dev/null
+++ b/elchos/root-image/krebs/etc/Reaktor/commands/refresh_shares
@@ -0,0 +1,4 @@
+#!/bin/sh
+ncdc_user=hooker
+sudo /krebs/bin/refresh-shares.ship 2>&1
+sudo -u $ncdc_user /krebs/bin/update-search.sh 2>&1
diff --git a/elchos/root-image/krebs/etc/Reaktor/commands/shares b/elchos/root-image/krebs/etc/Reaktor/commands/shares
new file mode 100755
index 00000000..1601d584
--- /dev/null
+++ b/elchos/root-image/krebs/etc/Reaktor/commands/shares
@@ -0,0 +1,2 @@
+#!/bin/sh
+df -h | grep '/media/'
diff --git a/elchos/root-image/krebs/etc/Reaktor/commands/update-search b/elchos/root-image/krebs/etc/Reaktor/commands/update-search
new file mode 100755
index 00000000..1db1c1b2
--- /dev/null
+++ b/elchos/root-image/krebs/etc/Reaktor/commands/update-search
@@ -0,0 +1,3 @@
+#!/bin/sh
+ncdc_user=hooker
+sudo -u $ncdc_user /krebs/bin/update-search.sh
diff --git a/elchos/root-image/krebs/etc/Reaktor/config.py b/elchos/root-image/krebs/etc/Reaktor/config.py
new file mode 100644
index 00000000..58bc7180
--- /dev/null
+++ b/elchos/root-image/krebs/etc/Reaktor/config.py
@@ -0,0 +1,60 @@
+import socket
+
+debug = False
+
+name = socket.gethostname()
+
+irc_alarm_timeout = 300
+irc_hammer_interval = 10
+irc_kill_timeout = 360
+irc_nickname = name
+irc_server = 'elchirc.nsupdate.info'
+#irc_server = 'irc.freenode.net'
+irc_restart_timeout = 5
+irc_port = 6667
+irc_channels = [
+  '#elchOS'
+]
+
+admin_file='admin.lst'
+auth_file='auth.lst'
+
+def default_command(cmd):
+  return {
+    'capname': cmd,
+    'pattern': '^(?:' + name + '|\\*):\\s*' + cmd + '\\s*(?:\\s+(?P<args>.*))?$',
+    'argv': [ 'commands/' + cmd ] }
+
+public_commands = [
+  default_command('caps'),
+  default_command('hello'),
+  default_command('search'),
+  default_command('list_downloads'),
+  default_command('badcommand'),
+  default_command('rev'),
+  default_command('io'),
+  default_command('ips'),
+  default_command('uptime'),
+  default_command('shares'),
+  default_command('onion'),
+  default_command('nocommand'),
+  # command not found
+  { 'pattern': '^(?:' + name + '|\\*):.*',
+    'argv': [ 'commands/respond','You are made of stupid!'] },
+  # "highlight"
+  { 'pattern': '.*\\b' + name + '\\b.*',
+    'argv': [ 'commands/say', 'I\'m famous' ] },
+  # identify via direct connect
+  { 'capname': 'identify',
+    'pattern': 'identify' +  '\\s*(?:\\s+(?P<args>.*))?$',
+    'argv' : [ 'commands/identify' ]}
+
+]
+
+commands = [
+  default_command('reload'),
+  default_command('update-search'),
+  default_command('refresh_shares'),
+  default_command('ftpget'),
+  default_command('reboot')
+]
diff --git a/elchos/root-image/krebs/etc/authorized_keys b/elchos/root-image/krebs/etc/authorized_keys
new file mode 100644
index 00000000..f9446825
--- /dev/null
+++ b/elchos/root-image/krebs/etc/authorized_keys
@@ -0,0 +1,6 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7YrLdnXDRU2XEdZDu1BmgiT0Vaxplf3bfvSm+5o3g4AcR2yCv7h2D633c9uA0gq52EJ3V5m8B1ZcxqA0zqDptKwx+ZTMUGDls7StH5xpJyk9j5gf8DzyDLQPQG2IYszCH+8esKjo3BOFxfey8NaX+k6gvQsG3lyV0PjLvvIy4gDuMn6dPZfVAlwNYFOUNgwpku3W3A0d+UFyVjt3/sgZxM+8C3y6QE1gwT5/NfBbHM5vaEqjHcVq1ui+7a4iOXFGKkZDcd7EX6cQZSbCzZL7sZ0OmB1WpAsDCvIXfzX1YfNA0sso7ldSF6ZUGNgwEk1LootnQlCK/dfbM+i62SZ+1 tv@iiso
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv9TTt4FkzT3jlQ0VS2tX/GpQO9Ef0wIQ+g96foe4qSniBwR667T1gIhURrod/p7N9oQcWRrNohjgmSBZRYA0kW6ZyqYJkLvRv54nXv6j/8Xq2nG/KVfDqL0kp8if+JGeFlQElpWJiAbGifYkopFy69QiLYU2ndR7aPbx+5qm/dcwPJ7K+n6dyePynCZadtcabm3PuBFUxGLdT9ImDXMOPfXxPMlN/3eb78byuEuHnhCIvIGLMBGx+8QTXvu7kHpZObvkbsF1xjVs9fDpwVLjh7GWdwf3BZ/agFlI24ffyqCPFnuaxUVyfUZeqf4twRsIZkTTB47lHDhYiVkyGe8gd root@pigstarter.de
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== death@uriel
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/mUvSqIroFofp8a+nL6TBgAVvIk8IvFeOsHnRQsvhZX8ddk1+JICipsGwqsT2wRAk9rhcnLU/OdF+PXvykztNa1x4XxNACKnLfWBMk/VGadUkCwsdIwuu80nQfaEz5vNrjgNLfCaNoUa6sg0A2eyyuWH/vruPyfPJNDXA/ZQdXxJCSSfZUnIFW4qjAf4hZ+TK1CY7xECZQ3r+aqhJmSFe3T+ul5ZQLl6fmHP4oTf7sFNV4/fHY8RMxCPMztdyUJc3HB5MhI94VytjXuTSBDAgi5567bH1j1aBco4mAezfgHZy2eqeNVzYmFM/cVGEqyRIjokGYa72ZuGZ5Y58HjVDL8olweUVqOm11ref8+tBovyrHzjNKn6YiiMPYb0j03vBecqZYDA6n24s2WgEniL5WALhi5Y1NgUo1W9WDefhA2xC7p9xSy8kxs1UJH6g9U8SuHY2geJ/dYf3jixB3q/PwAfntejPkX1Pwy+rBVirA1vYIYgOWeifUyq6tYHxVo/kVEbyYkE1B6pBGwRdsWDwT3y02DO3OZFq9QX/0zkJtv2lkMR0LDk8WjZjilfqs1UivDCNY3ZQF+SOvUzeAkQFWSSU+yKlZOGPWcqNUVw8SQCw5/doIKjIclekWJ9KSD1VjTImx2oqYNqOa0kfvX+4cU+ECI1daCR6cjYiuizBIQ== pedro
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr c1ko
diff --git a/elchos/root-image/krebs/etc/vsftpd.conf b/elchos/root-image/krebs/etc/vsftpd.conf
new file mode 100644
index 00000000..68e66fa1
--- /dev/null
+++ b/elchos/root-image/krebs/etc/vsftpd.conf
@@ -0,0 +1,12 @@
+anonymous_enable=YES
+dirmessage_enable=YES
+xferlog_enable=YES
+connect_from_port_20=YES
+ftpd_banner=Welcome to the Elch share, use dc++ if you can. This Instance has 10 slots
+listen=YES
+no_anon_password=YES
+anon_root=/media
+max_per_ip=2
+max_clients=10
+local_max_rate=1000000
+seccomp_sandbox=NO
diff --git a/elchos/root-image/krebs/lib/_punani_db b/elchos/root-image/krebs/lib/_punani_db
new file mode 100644
index 00000000..e5bf15b1
--- /dev/null
+++ b/elchos/root-image/krebs/lib/_punani_db
@@ -0,0 +1,57 @@
+_punanidb_pacman_=
+_punanidb_yum_=
+_punanidb_aptget_=
+
+_punanidb_pacman_git=git
+_punanidb_yum_git=git
+_punanidb_aptget_git=git-core
+
+_punanidb_pacman_python2=python2
+_punanidb_yum_python2=python
+_punanidb_aptget_python2=python
+
+_punanidb_pacman_python3=python
+_punanidb_aptget_python3=python3
+
+_punanidb_pacman_pip2=python2-pip
+_punanidb_aptget_pip2=python-pip
+
+_punanidb_pacman_virtualenv=python-virtualenv
+_punanidb_aptget_virtualenv=python-virtualenv
+
+_punanidb_pacman_gpp=g++
+_punanidb_aptget_gpp=gcc
+
+_punanidb_pacman_python2_dev=python2
+_punanidb_aptget_python2_dev=python-dev
+
+_punanidb_pacman_hostname=inetutils
+_punanidb_aptget_hostname=hostname
+
+_punanidb_pacman_hostname=inetutils
+_punanidb_aptget_hostname=hostname
+
+_punanidb_pacman_make=make
+_punanidb_yum_make=make
+_punanidb_aptget_make=make
+
+_punanidb_pacman_tinc=tinc
+_punanidb_yum_tinc=tinc
+_punanidb_aptget_tinc=tinc
+
+_punanidb_pacman_zsh=zsh
+_punanidb_yum_zsh=zsh
+_punanidb_aptget_zsh=zsh
+
+_punanidb_pacman_tor=tor
+_punanidb_yum_tor=tor
+_punanidb_aptget_tor=tor
+
+_punanidb_pacman_nano=nano
+_punanidb_yum_nano=nano
+_punanidb_aptget_nano=nano
+
+_punanidb_pacman_vim=vim
+_punanidb_yum_vim=vim-enhanced
+_punanidb_aptget_vim=vim
+
diff --git a/elchos/root-image/krebs/lib/color b/elchos/root-image/krebs/lib/color
new file mode 100644
index 00000000..cec2044e
--- /dev/null
+++ b/elchos/root-image/krebs/lib/color
@@ -0,0 +1,7 @@
+# superseed logging with color
+green='\e[0;32m'
+red='\e[0;31m'
+nc='\e[0m'
+msg() { printf "$*\n" >&2; }
+info()  { msg "$green$*$nc"; }
+error() { msg "$green$*$nc"; }
diff --git a/elchos/root-image/krebs/lib/core b/elchos/root-image/krebs/lib/core
new file mode 100644
index 00000000..0c321525
--- /dev/null
+++ b/elchos/root-image/krebs/lib/core
@@ -0,0 +1,80 @@
+# logging
+msg() { echo "$*" >&2; }
+info()  { msg "** $*"; }
+error() { msg "!! $*"; }
+## usage: die [REASON...]
+die() {
+  test $# -gt 0 && error "$*"
+  error 'Bailing out.'
+  exit 1
+}
+exists(){ 
+  type "$1" >/dev/null 2>/dev/null; 
+}
+
+is_root(){
+  test $(id -u) -eq 0
+}
+
+defer(){
+  #close enough
+  trapstr="$1;${trapstr:-exit}"
+  trap "$trapstr" INT TERM EXIT KILL
+}
+
+esudo(){
+  # weaksauce esudo (expect sudo)
+  if ! is_root; then
+    # for the record:
+    # exec sudo -E "$0" "$@"
+    error "You are not root enough for this script"
+    exit 23 # go to hell
+  fi
+}
+
+get_hostname(){
+  # finds the current hostname
+  #   if ENV HOSTN is set echo $HOSTN
+  #   We try the following:
+  #      $HOSTN
+  #      $HOSTNAME
+  #      hostname
+  #      uci system.hostname
+  #      /etc/hostname
+  #   if everything fails, it returns 1 and prints 'unknown'
+
+  if [ -n "${HOSTN:-}" ] ;     then printf "${HOSTN:-}" 
+  elif [ -n "${HOSTNAME:-}" ] ;then printf "$HOSTNAME"
+  elif exists hostname ;       then printf "$(hostname)"
+  elif exists uci    ;         then printf "$(uci get system.@system[0].hostname)"
+  elif [ -e /etc/hostname ]   ;then printf "$(cat /etc/hostname)"
+  else                              printf "unknown"; return 1
+  fi
+  return 0
+}
+
+line_to_dot(){ 
+  while read line; do printf .; done;
+}
+
+get_os(){
+  # TODO: find all the release files
+  #if grep -q 'Linux' /etc/*release 2>/dev/null || grep -qe 'Linux' /etc/issue 2>/dev/null; then
+  if grep -q 'Linux' /etc/lsb-release 2>/dev/null || grep -q 'Linux' /etc/issue 2>/dev/null; then
+    echo 'linux'
+  elif test -e /etc/preferred-apps/google.xml; then
+    echo 'android'
+  elif test -e /etc/openwrt_release; then
+    echo 'openwrt'
+  elif uname -s | grep -qi 'darwin'; then
+    echo 'osx'
+  else
+    warn "Cannot determine your operating system, falling back to Linux"
+    echo 'linux'
+  fi
+}
+
+# user management
+has_user(){
+    egrep "^$1:" /etc/passwd >/dev/null
+}
diff --git a/elchos/root-image/krebs/lib/filehooker b/elchos/root-image/krebs/lib/filehooker
new file mode 100644
index 00000000..b3bef435
--- /dev/null
+++ b/elchos/root-image/krebs/lib/filehooker
@@ -0,0 +1,152 @@
+#@include core
+. /krebs/lib/core
+#@include network
+. /krebs/lib/network
+ncdc_user=${ncdc_user:-hooker}
+ncdc_bin=${ncdc_bin:-/usr/bin/ncdc}
+
+
+ncdc_config(){
+    # maybe we want to use the running ncdc process and communicate via tmux send-keys ?
+    txt="$(cat)"
+#    printf "%s" "$txt"
+    ! sudo -u $ncdc_user /usr/bin/tmux has-session -t dcpp && echo "ncdc session must be running" && exit 1
+       sudo -u $ncdc_user /usr/bin/tmux send-keys -t dcpp:ncdc "$txt"  C-m
+}
+
+ncdc_configure_netshare(){
+    : "${1?provide path to share}"
+    rnd=`hexdump -n 2 -e '/2 "%u"' /dev/urandom`
+    rnd_name="${2:-share_$rnd}"
+    info "removing old share $rnd_name"
+    (echo "/unshare $rnd_name" ) | ncdc_config
+    info "adding share $rnd_name ($1)"
+    (echo "/share $rnd_name $1") | ncdc_config
+}
+
+ncdc_configure_nick(){
+    nick=${1?nick must be provided}
+    info "configuring DC Nick: $nick"
+    echo "/nick $nick" | ncdc_config
+}
+ncdc_configure_hub(){
+    rnd=`hexdump -n 2 -e '/2 "%u"' /dev/urandom`
+    hub=${1?adcs://localhost:2781}
+    hubname="${2:-hub_$rnd}"
+    info "setting active as true"
+    (echo "/set active true") | ncdc_config
+    info "configuring DC Hub: $hub, activating autconnect"
+    (echo "/open ${hubname} ${hub}" ;
+    echo "/hset autoconnect true") | ncdc_config
+}
+
+ncdc_download(){
+install_dir="$(dirname "${ncdc_bin}")"
+info "installing ncdc to $install_dir"
+curl http://dev.yorhel.nl/download/ncdc-linux-x86_64-1.19.tar.gz | tar xz -C "$install_dir"
+}
+ncdc_install(){
+useradd -m $ncdc_user ||:
+}
+
+ncdc_autostart(){
+# only systemd
+# punani install tmux
+cat > /etc/systemd/system/ncdc@.service <<EOF
+[Unit]
+Description=ncdc
+Requires=network.target local-fs.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+KillMode=none
+User=%I
+ExecStart=/usr/bin/tmux new-session -s dcpp -n ncdc -d ncdc
+ExecStop=/usr/bin/tmux send-keys -t dcpp:ncdc "/quit" C-m
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable ncdc@$ncdc_user
+}
+
+# 20gig in bytes
+min_netshare_size=${min_netshare_size:-20000000000}
+get_disksize(){
+fdisk -l ${1?provide disk} | grep '^Disk ' | cut -d\  -f 5
+}
+
+prepare_netshares(){
+    count=0
+    fdisk -l  | grep '^Disk '  | egrep '(/dev/sd|/dev/hd)' | cut -d\  -f 2 | tr -d : | while read disk;do
+        size=$(get_disksize $disk)
+        if test "$size" -gt "$min_netshare_size";
+        then
+            info "using $disk with $size bytes"
+            dd if=/dev/zero of=$disk bs=1M count=1 >/dev/null
+            sleep 1
+            (printf "o\nn\np\n\n\n\nw\n\n") |fdisk $disk >/dev/null ||:
+            #partprobe $disk
+            mkfs.btrfs -f ${disk}1 >/dev/null
+            uuid="$(blkid ${disk}1 -o value | head -n 1)"
+            mountpoint="/media/vag${count}"
+            mkdir -p "$mountpoint"
+            echo "UUID=$uuid  $mountpoint btrfs rw,relatime,space_cache 0 0" >> /etc/fstab
+            echo "$mountpoint"
+            : $((count++))
+        else
+            info "skipping $disk"
+        fi
+    done
+}
+install_tor_announce(){
+# systemd only
+info "writing tor_announce.service"
+cat > /etc/systemd/system/tor_announce.service<<EOF
+[Unit]
+Description=Announce Tor Hidden Address
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/tor_announce
+
+[Install]
+WantedBy=multi-user.target
+EOF
+info "writing tor_announce to /usr/bin/tor_announce"
+printf '#!/bin/sh\nsleep 20\n' > /usr/bin/tor_announce
+http_get conf.krebsco.de/tor_publish_ssh >> /usr/bin/tor_announce
+chmod +x /usr/bin/tor_announce
+info "enable tor_announce"
+systemctl enable tor_announce
+systemctl start tor_announce
+}
+is_mounted(){
+    cat /etc/mtab| cut -d\  -f 1 | grep -q "^$1$" && info "$1 is already mounted"
+}
+share_all_partitions(){
+    count=0
+    # all /dev/sdX and all mapped devices
+    (find /dev -name '[shv]d[a-z][0-9]';find /dev/mapper ! -type d ;find /dev -name 'md[0-9][0-9]*')| while read disk;do
+        size=$(get_disksize $disk 2>/dev/null)
+
+        if test "$size" -gt "$min_netshare_size" 2>/dev/null ; #&& ! is_mounted "$disk";
+        then
+          info "trying disk $disk"
+          mountpoint=/media/vag$count
+          mkdir -p $mountpoint
+          umount $disk >/dev/null 2>&1  && info "remounting $disk" || :
+          umount $mountpoint  >/dev/null 2>&1 && info "unmounting old mountpoint $mountpoint" || :
+          ! mount $disk $mountpoint   >/dev/null 2>&1 && error "cannot mount $disk"  && continue
+          chown "$ncdc_user" "$mountpoint"
+          : $((count++))
+          ncdc_configure_netshare "$mountpoint" "$(basename $mountpoint)" 2>/dev/null
+          info "$mountpoint is mounted and shared"
+        else
+          info "skipping $disk"
+        fi
+    done
+}
diff --git a/elchos/root-image/krebs/lib/iso b/elchos/root-image/krebs/lib/iso
new file mode 100644
index 00000000..0776d796
--- /dev/null
+++ b/elchos/root-image/krebs/lib/iso
@@ -0,0 +1,7 @@
+get_volid(){
+  #returns the volume id of the iso given
+  # is needed for remastering the archlinux iso
+  
+  #punani install genisoimage
+  isoinfo -d -i "${1?path to iso must be given}" | grep "^Volume id:" | cut -d: -f 2 |xargs
+}
diff --git a/elchos/root-image/krebs/lib/krebs b/elchos/root-image/krebs/lib/krebs
new file mode 100644
index 00000000..e47031d6
--- /dev/null
+++ b/elchos/root-image/krebs/lib/krebs
@@ -0,0 +1,16 @@
+#@include core
+krebs_pubkeys="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7YrLdnXDRU2XEdZDu1BmgiT0Vaxplf3bfvSm+5o3g4AcR2yCv7h2D633c9uA0gq52EJ3V5m8B1ZcxqA0zqDptKwx+ZTMUGDls7StH5xpJyk9j5gf8DzyDLQPQG2IYszCH+8esKjo3BOFxfey8NaX+k6gvQsG3lyV0PjLvvIy4gDuMn6dPZfVAlwNYFOUNgwpku3W3A0d+UFyVjt3/sgZxM+8C3y6QE1gwT5/NfBbHM5vaEqjHcVq1ui+7a4iOXFGKkZDcd7EX6cQZSbCzZL7sZ0OmB1WpAsDCvIXfzX1YfNA0sso7ldSF6ZUGNgwEk1LootnQlCK/dfbM+i62SZ+1 tv@iiso
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv9TTt4FkzT3jlQ0VS2tX/GpQO9Ef0wIQ+g96foe4qSniBwR667T1gIhURrod/p7N9oQcWRrNohjgmSBZRYA0kW6ZyqYJkLvRv54nXv6j/8Xq2nG/KVfDqL0kp8if+JGeFlQElpWJiAbGifYkopFy69QiLYU2ndR7aPbx+5qm/dcwPJ7K+n6dyePynCZadtcabm3PuBFUxGLdT9ImDXMOPfXxPMlN/3eb78byuEuHnhCIvIGLMBGx+8QTXvu7kHpZObvkbsF1xjVs9fDpwVLjh7GWdwf3BZ/agFlI24ffyqCPFnuaxUVyfUZeqf4twRsIZkTTB47lHDhYiVkyGe8gd root@pigstarter.de
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7df1RfMGNHPJe0iF6rD9DBs/4VujN6nNr7RbRCFk7HF/JzLXSn9Vcwk+3JefP4/d/bUo0h03rhQaRohDhBScrJidj2YacF6gmZOuTf3AMWprdz9D/1dDkN/ytwzGhADhqbHEWeomIllsa8Up4PvEeDcIHJGzYvuc0BbGqRk0XgxwqIrLAhdpTfEKaTbt7IzmUqEofxThTZ/4k020PKn2WDBWKQYGZJ9Ba2WzlKUXWx842ncW29oxC2faRz4M3eMPy0JMpBLkK9U3dccE75dgT/89/4ofVjM7+J3FOP3dgXzrtk+A5aN5a/veJUViQ9xdGxXvoa++iCr5q/BVRv0Bb sammy@muhbaasu.de
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOIRWLC4ESCDxjyoJUqaUNC8ZDiE4UICZk3cbDptdtendTQvjSXz0RW6MWhJ+F6wWZntL1EibKn8djax1tzgcvNASCUEtGey/850IzBIrETs+WQDRjV2QqBKWxVaQPIFjw2V3vFSKKNxq01qznVBY510DIf4+0WR8b1ZPD/XbuyQLGYM3N7dP4JQSnnNAgtyutBKdomWfT18hW1lLjkP8h1IOiC03HxXTYX+nMUiLDff3D5GT5u3Ke2+VigXjz4Ue8rVsOg/zgqrwEAfx8o1q83uSB23oqUqWkqlxOC/4QY5kpdNqW/Iz89zHibp5ZceHd2ZSoGefv7UZM0lRIDHjJ retiolum@ire
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3+2vSwiJoIpHpnkw4SslPrlR6/z43nZ7s1tGXkkNnVDB2uzxMaISNRjSk0GgXpDx4hLEi6074hSvv5JWbUuMyKr9n6GVVeYNCjsiPcRkL3d7zDwFwqyndhVeWgmpuylYx4XKIbTvpBVyG3CRT1+D4apVUgiDa9lVfjBk7/ESxBzt0dXtlJEzQBBoCo0C8jeeIpvZKbq1zeM9wvLsgFaT7fsSxrg5BEb/tQl6pbkykWFXbzzd91liEQaSqai7Ux2355ZXGANQBCTglKhdTcir0RuHNtQGrZHBxL9qVfJjJJNZg1b6UAhDanqE/HyOI3sp6LGBvpW5afLKOdj9ppQQN retiolum@nomic
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== death@uriel"
+
+authorized_keys_file="${authorized_keys:-$HOME/.ssh/authorized_keys}"
+deploy_krebs_pubkeys(){
+info "deploying pubkeys in $authorized_keys_file"
+mkdir -p "$(dirname "$authorized_keys_file")"
+printf "$krebs_pubkeys\n" >> "$authorized_keys_file"
+
+}
diff --git a/elchos/root-image/krebs/lib/network b/elchos/root-image/krebs/lib/network
new file mode 100644
index 00000000..9863a803
--- /dev/null
+++ b/elchos/root-image/krebs/lib/network
@@ -0,0 +1,100 @@
+#@include core
+. /krebs/lib/core
+
+# TODO refactor this
+which_get_loader(){
+  if ! exists curl ; then
+    if ! exists wget ; then
+      warn "Please install curl or wget"
+      return 1
+    else
+      echo "wget -q -O-"
+    fi
+  else
+    echo "curl -L -s"
+  fi
+  return 0
+}
+
+which_head_loader(){
+  if ! exists curl ; then
+    if ! exists wget ; then
+      warn "Please install curl or wget"
+      return 1
+    else
+      echo "wget -O- --spider -S -q"
+    fi
+  else
+    echo "curl -L -I -s"
+  fi
+  return 0
+}
+
+http_get(){
+    eval "$(which_get_loader)" "${1?please provide url}"
+}
+http_head(){
+    eval "$(which_head_loader)" "${1?please provide url}" 2>&1
+}
+
+internet(){
+    secret=$(http_get http://krebsco.de/secret 2>/dev/null)
+    if [ "$secret" = "1337" ]; then
+        return 0
+    else
+        echo "cannot load secret or secret incorrect" >&2
+        return 1
+    fi
+}
+
+which_telnet(){
+  # find Telnet or similar and executes it at the end
+  # requires exist
+  # if env TELNET is set, will be trying to run this 
+  # Tries the following things:
+  #     telnet
+  #     nc
+  #     netcat
+  #     busybox telnet
+  if [ -e "${TELNET:-does_not_exist}" ]; then
+    info "Will be using $TELNET as Telnet Client"
+    echo $TELNET
+  elif exists telnet ;then
+    command -v telnet
+  elif exists nc ;then
+    command -v nc
+  elif exists netcat;then
+    command -v netcat
+  elif exists busybox;then
+    echo  `command -v busybox` telnet
+  else
+    die 'Cannot find telnet binary, please install either telnet-client or busybox or netcat or provided TELNET environment.'
+  fi
+}
+
+run_telnet(){
+  host="$1"
+  port="$2"
+  $(which_telnet) "$host" "$port"
+}
+
+send_irc(){
+  ## reads from stdin, writes to IRC
+  ##
+  ## requires func: exists() anytelnet()
+  if [ -z "${HOSTN:-}" ]; then
+    HOSTN="$(get_hostname)"
+    info "no HOSTN given, using $HOSTN instead"
+  fi
+  IRCCHANNEL=${IRCCHANNEL:-"#krebs_incoming"}
+  IRCSERVER=${IRCSERVER:-"irc.freenode.net"}
+  IRCPORT=${IRCPORT:-6667}
+  NICK="${NICK:-${HOSTN}_$(head /dev/urandom | tr -dc "0123456789" | head -c3)}"
+  info "starting irc connect as $NICK"
+  (   echo "NICK $NICK";
+      echo "USER $NICK $IRCSERVER bla : $NICK";
+      echo "JOIN $IRCCHANNEL";
+      sleep 23;
+      while read line; do echo "PRIVMSG $IRCCHANNEL :$line";sleep 1;done
+      sleep 5; ) | run_telnet $IRCSERVER $IRCPORT 2>/dev/null
+}
diff --git a/elchos/root-image/krebs/lib/punani b/elchos/root-image/krebs/lib/punani
new file mode 100644
index 00000000..4338d19d
--- /dev/null
+++ b/elchos/root-image/krebs/lib/punani
@@ -0,0 +1,99 @@
+#@include core
+#@include _punani_db
+
+## usage: punani_has PACKAGE
+punani_has() {
+  eval "_punani_${PACKER}_has \"\$1\""
+}
+
+## usage: punani_owner PACKAGE
+punani_owner() {
+  eval "_punani_${PACKER}_owner \"\$1\""
+}
+
+## usage: punani_install PACKAGE
+punani_install() {
+  eval "_punani_${PACKER}_install \"\$1\""
+}
+
+## usage: punani_remove PACKAGE
+punani_remove() {
+  eval "_punani_${PACKER}_remove \"\$1\""
+}
+
+## usage: _punani_resolve_package PKGNAME
+_punani_resolve_package(){
+  eval "set -u; echo \"\${_punanidb_${PACKER}_$1}\"" 2>/dev/null
+}
+
+## usage: _punani_select_packer
+_punani_select_packer() {
+  for p in ${_punani_known_packers:-null}; do
+    exists $p && info "using $p" && PACKER=`echo $p | tr -d -` && break
+  done
+}
+_punani_known_packers='pacman apt-get yum brew'
+_punani_pacman_install(){ pacman --noconfirm -S --needed "$@" ;}
+_punani_pacman_remove(){ pacman --noconfirm -Rcs "$@" ;}
+_punani_pacman_has(){ pacman -Q "$1" >/dev/null;}
+_punani_pacman_owner() { pacman -Qo "$1"; }
+_punani_aptget_install(){ apt-get -y install "$@" ;}
+_punani_aptget_remove(){ apt-get -y remove "$@" ;}
+_punani_aptget_has() { dpkg -s "$1" | grep -q "Status: install";}
+_punani_aptget_owner() { dpkg-query -S "$1" | cut -d: -f1;}
+_punani_yum_install(){ yum -y install "$@" ;}
+_punani_yum_remove(){ yum -y remove "$@" ;}
+_punani_yum_has() { rpm -qa --qf "%{NAME}\n"| egrep  "^${1}\$" >/dev/null ;}
+_punani_yum_owner(){ rpm -qf "$1" ;}
+_punani_brew_install(){ brew install "$@"; }
+_punani_brew_remove(){ brew remove "$@";}
+# TODO _punani_brew_has
+
+punani(){
+  # punani UI
+  _punani_usage='punani {install,remove,has,owner} PACKAGE...'
+  _punani_select_packer || die 'no package manager found; no punani for you!'
+
+  ACTION="$1"; shift
+
+  if test $# = 0; then
+    error 'no PACKAGE specified.'
+    die "usage: $_punani_usage"
+  fi
+
+  for PKG; do
+    RES="`_punani_resolve_package $PKG`" ||
+      die "could not resolve '$PKG'; no punani for you!"
+
+    case "$ACTION" in
+      install)
+        if punani_has $RES; then
+          info "$RES already installed, skipping"
+        else
+          punani_install $RES || die "cannot install $RES with $PACKER"
+        fi
+        ;;
+      remove)
+        if ! punani_has $RES; then
+          info "$RES not installed, skipping"
+        else
+          punani_remove $RES || die "cannot install $RES with $PACKER"
+        fi
+        ;;
+      has)
+        if punani_has $RES; then
+          info "$RES is installed"
+        else
+          info "$RES is not installed"
+          exit 1
+        fi
+        ;;
+      owner)
+        punani_owner $RES
+        ;;
+      *)
+        error "bad action: $ACTION"
+        die "usage: $_punani_usage"
+    esac
+  done
+}
diff --git a/elchos/root-image/krebs/lib/retiolum b/elchos/root-image/krebs/lib/retiolum
new file mode 100644
index 00000000..1e55041c
--- /dev/null
+++ b/elchos/root-image/krebs/lib/retiolum
@@ -0,0 +1,99 @@
+#!/bin/sh
+# retiolum host functions
+#@include core
+#@include network
+tinc_path=${tinc_path:-/etc/tinc}
+netname=${netname:-retiolum}
+hosts_dir=${hosts_dir:-$tinc_path/$netname/hosts}
+supernode_urls="http://euer.krebsco.de/retiolum/supernodes.tar.gz"
+reload_tinc(){
+  info "reloading tinc configuration"
+  pkill -HUP tincd || tinc -n $netname reload;
+}
+
+refresh_supernode_keys(){
+  for url in $supernode_urls;do
+    info "Trying $url to retrieve supernodes"
+    if http_get "$url" \
+       | tar xvz -C $hosts_dir | xargs -n1 echo "refreshed:" ;then
+      info "refreshed supernode keys"
+      return 0
+    else
+      error "$url unusable for retrieving supernode host files"
+    fi
+  done && return 1
+}
+
+find_supernodes(){
+  cd $hosts_dir
+  set +f
+  for name in `
+    grep '^[  ]*Address[  ]*=' * |
+      cut -d: -f1 | sort | uniq
+  `; do
+    if eval "`sed -n '
+        s/[   ]\+//g
+        s/^\(Address\|Port\)=\(.*\)/\1="\${\1+\$\1\n}\2"/p
+      ' $name`"; then
+      port=${Port-655}
+      for host in $Address; do
+        if nc -zw 2 $host $port 2>/dev/null; then
+          echo "$name [('$host', $port)]"
+        fi &
+      done
+      wait
+    fi &
+  done
+  wait
+  cd - >/dev/null
+}
+
+find_active_nodes(){
+  # TODO this function currently only supports a single address for a host
+  cd $hosts_dir
+  # posix grep does not support [[:space:]]
+  set +f
+  for name in `
+    grep '^[  ]*Address[  ]*=' * |
+      cut -d: -f1 | sort | uniq
+  `; do
+    if eval "`sed -n '
+        s/[   ]\+//g
+        s/^\(Address\|Port\)=\(.*\)/\1="\${\1+\$\1\n}\2"/p
+      ' $name`"; then
+      port=${Port-655}
+      for host in $Address; do
+        if nc -zw 2 $host $port 2>/dev/null; then
+          echo "$name [('$host', $port)]"
+        fi &
+      done
+      wait
+    fi &
+  done
+  wait
+  cd - >/dev/null
+}
+
+check_free_v4(){
+  myipv4=${1-10.243.0.-1}
+  v4num=${myipv4##*.}
+  printf "Retard check: "
+  if [ "$v4num" -gt 0 -a "$v4num" -lt "256" ];
+  then 
+    info "No retard detected\n"
+    cd $hosts_dir
+    info "Check if ip is still free: "
+    for i in `ls -1`; do
+      if grep -q -e $myipv4\$ $i ;then
+        error "Host IP already taken by $i! "
+        return 1
+      fi
+    done
+    info "Passed\n"
+    return 0
+  else
+    error "you are made of stupid. bailing out\n" 
+    return 1
+  fi
+  cd - >/dev/null
+}
diff --git a/elchos/root-image/krebs/lib/tahoe b/elchos/root-image/krebs/lib/tahoe
new file mode 100644
index 00000000..6960b3e7
--- /dev/null
+++ b/elchos/root-image/krebs/lib/tahoe
@@ -0,0 +1,34 @@
+#@include core
+#@include network
+#@include punani
+
+tahoe_home=/home/tahoe
+tahoe_dir=$tahoe_home/.tahoe
+tahoe_init(){
+    # installs dependencies, user and a virtual environment for the tahoe user
+    punani install gpp pip2 python2_dev python2  virtualenv
+    has_user tahoe || useradd -r -m -b $tahoe_home -s /bin/false
+    cd $tahoe_home
+    virtualenv --no-site-packages -p "`type -p python2.7`"
+    . bin/activate
+    pip install  twisted pyasn1
+    pip install allmydata-tahoe
+    chown tahoe -R $tahoe_home
+}
+tahoe_create_node(){
+    # requires tahoe_init
+    sudo -u tahoe create-node  $tahoe_dir
+    sudo -u tahoe cat  > $tahoe_dir/tahoe.cfg <<EOF
+[node]
+nickname = $(get_hostname)
+web.port = 
+web.static = public_html
+
+[client]
+introducer.furl = $(http_get http://pigstarter/tahoe/introducer.furl)
+helper.furl = $(http_get http://pigstarter/tahoe/helper.furl)
+[storage]
+enabled = true
+reserved_space = 1G
+EOF
+}
diff --git a/elchos/root-image/krebs/lib/tor b/elchos/root-image/krebs/lib/tor
new file mode 100644
index 00000000..8d9e33f1
--- /dev/null
+++ b/elchos/root-image/krebs/lib/tor
@@ -0,0 +1,19 @@
+# can be set via env:
+# torrc              - path to torrc (default: /etc/tor/torrc )
+# hidden_service_dir - path to hidden service (default: /var/lib/tor/hidden_service/ )
+
+
+torrc=${torrc:-/etc/tor/torrc}
+hidden_service_dir=${hidden_service_dir:-/var/lib/tor/hidden_service/}
+
+configure_hidden_service(){
+    if ! grep -q '^HiddenService' "$torrc"  ;then
+        info "adding hidden service to $torrc"
+        cat >> "$torrc" << EOF
+HiddenServiceDir ${hidden_service_dir}
+HiddenServicePort 22 127.0.0.1:22
+EOF
+    else
+        info "HiddenServiceDir or Port already in $torrc, skipping!"
+    fi
+}
diff --git a/elchos/root-image/krebs/lib/vim b/elchos/root-image/krebs/lib/vim
new file mode 100644
index 00000000..b037a778
--- /dev/null
+++ b/elchos/root-image/krebs/lib/vim
@@ -0,0 +1,40 @@
+# configure vim
+
+vimrc=${vimrc:-$HOME/.vimrc}
+
+vim_conf_sane_defaults(){
+    # TODO - make stuff more modular?
+    cat >>$vimrc<<EOF
+set nocompatible
+filetype plugin indent on
+syntax on
+set vb
+set foldenable
+set foldmethod=syntax
+set ignorecase
+set incsearch
+set showmatch
+set matchtime=3
+set hlsearch
+set backupdir=~/.vim/backup
+set directory=~/.vim/backup
+inoremap <F1> <ESC>
+nnoremap <F1> <ESC>
+vnoremap <F1> <ESC>
+set wildignore=*.o,*.obj,*.bak,*.exe,*.os
+cmap w!! w !sudo tee > /dev/null %
+colorscheme darkblue
+set background=dark
+set number
+set mouse=
+set shiftwidth=2
+set tabstop=2
+set et
+set sw=2
+set smarttab
+set autoindent
+set backspace=indent,eol,start
+set nocp
+EOF
+    mkdir -p $HOME/.vim/backup
+}
diff --git a/elchos/root-image/root/.automated_script.sh b/elchos/root-image/root/.automated_script.sh
new file mode 100755
index 00000000..fb106dae
--- /dev/null
+++ b/elchos/root-image/root/.automated_script.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+script_cmdline ()
+{
+    local param
+    for param in $(< /proc/cmdline); do
+        case "${param}" in
+            script=*) echo "${param##*=}" ; return 0 ;;
+        esac
+    done
+}
+
+automated_script ()
+{
+    local script rt
+    script="$(script_cmdline)"
+    if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then
+        if [[ "${script}" =~ ^http:// || "${script}" =~ ^ftp:// ]]; then
+            wget "${script}" --retry-connrefused -q -O /tmp/startup_script >/dev/null
+            rt=$?
+        else
+            cp "${script}" /tmp/startup_script
+            rt=$?
+        fi
+        if [[ ${rt} -eq 0 ]]; then
+            chmod +x /tmp/startup_script
+            /tmp/startup_script
+        fi
+    fi
+}
+
+if [[ $(tty) == "/dev/tty1" ]]; then
+    automated_script
+fi
diff --git a/elchos/root-image/root/.zlogin b/elchos/root-image/root/.zlogin
new file mode 100644
index 00000000..f598e43e
--- /dev/null
+++ b/elchos/root-image/root/.zlogin
@@ -0,0 +1 @@
+~/.automated_script.sh
diff --git a/elchos/root-image/root/customize_root_image.sh b/elchos/root-image/root/customize_root_image.sh
new file mode 100755
index 00000000..1c6abea0
--- /dev/null
+++ b/elchos/root-image/root/customize_root_image.sh
@@ -0,0 +1,81 @@
+#!/bin/bash
+
+set -e -u -f
+reaktor_user=reaktor
+ncdc_user=hooker
+rootpw=$(dd if=/dev/urandom bs=1 count=100 2>/dev/null |md5sum | awk '{print $1}' | dd bs=1 count=9 2>/dev/null)
+sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen
+locale-gen
+
+ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
+#timedatectl set-timezone Europe/Berlin
+
+usermod -s /usr/bin/zsh root
+cp -aT /etc/skel/ /root/
+
+useradd -m -p "" -g users -G "adm,audio,floppy,log,network,rfkill,scanner,storage,optical,power,wheel" -s /usr/bin/zsh pimp || :
+
+mkdir -p /home/pimp/.ssh/ /root/.ssh/
+cp /krebs/etc/authorized_keys /home/pimp/.ssh/
+cp /krebs/etc/vsftpd.conf /etc/
+chown pimp -R /home/pimp/.ssh/
+chmod 700 -R /home/pimp/.ssh/ 
+
+cp /krebs/etc/authorized_keys /root/.ssh/
+
+useradd -m $ncdc_user ||:
+
+chown -R root:root /etc /root /krebs
+chmod 750 /etc/sudoers.d
+chmod 440 /etc/sudoers.d/g_wheel
+
+sed -i "s/#Server/Server/g" /etc/pacman.d/mirrorlist
+sed -i 's/#\(Storage=\)auto/\1volatile/' /etc/systemd/journald.conf
+
+/krebs/bin/vim_sane_defaults.ship
+sudo -u pimp /krebs/bin/vim_sane_defaults.ship
+
+## load latest ncdc if not available
+test -e /usr/bin/ncdc || \
+  curl http://dev.yorhel.nl/download/ncdc-linux-x86_64-1.19.tar.gz | \
+  tar xz -C "/usr/bin"
+
+## load latest painload if not available
+test ! -e /krebs/painload/Reaktor && \
+  curl https://codeload.github.com/krebscode/painload/tar.gz/master | \
+  tar xz -C "/krebs" && \
+  mv /krebs/painload-master /krebs/painload
+
+useradd -m $reaktor_user -s /krebs/bin/reaktor-shell.sh || :
+## needed to see the hidden service hostname
+echo "$reaktor_user ALL=(tor) NOPASSWD: /krebs/bin/tor-get-hidden-service.sh" >> /etc/sudoers.d/reaktor
+echo "$reaktor_user ALL=(root) NOPASSWD: /krebs/bin/refresh-shares.ship" >> /etc/sudoers.d/reaktor
+echo "$reaktor_user ALL=($ncdc_user) NOPASSWD: ALL" >> /etc/sudoers.d/reaktor
+echo "$reaktor_user ALL=(root) NOPASSWD: /usr/bin/reboot" >> /etc/sudoers.d/reaktor
+echo 
+cp /krebs/painload/Reaktor/etc/systemd/system/Reaktor@.service \
+   /etc/systemd/system
+# add bonus features for elch
+cp -a /krebs/etc/Reaktor  /krebs/painload
+
+# emergency root passwd
+printf "!!!!!!\nthe Root PW is '%s'\n!!!!!!\n"  "$rootpw"
+(printf "%s\n%s\n" "$rootpw" "$rootpw" ) | passwd
+cd /krebs/painload/Reaktor/
+touch auth.lst admin.lst
+chown reaktor:reaktor auth.lst admin.lst
+for i in  multi-user.target \
+                  pacman-init.service \
+                  choose-mirror.service \
+                  tor-configure-hidden.service \
+                  Reaktor.service \
+                  elch-hostname.service \
+                  start-ncdc@${ncdc_user}.service \
+                  sshd.service \
+                  collectd.service \
+                  hddtemp.service \
+                  vsftpd.service \
+                  ntpdate.service \
+                  tor.service ;do
+  systemctl enable "$i"
+done
diff --git a/elchos/root-image/usr/bin/ncdc b/elchos/root-image/usr/bin/ncdc
new file mode 100755
index 00000000..5e003f79
--- /dev/null
+++ b/elchos/root-image/usr/bin/ncdc
diff --git a/elchos/syslinux/archiso.cfg b/elchos/syslinux/archiso.cfg
new file mode 100644
index 00000000..d1817af9
--- /dev/null
+++ b/elchos/syslinux/archiso.cfg
@@ -0,0 +1,11 @@
+DEFAULT select
+
+LABEL select
+COM32 boot/syslinux/whichsys.c32
+APPEND -pxe- pxe -sys- sys -iso- sys
+
+LABEL pxe
+CONFIG boot/syslinux/archiso_pxe_choose.cfg
+
+LABEL sys
+CONFIG boot/syslinux/archiso_sys_choose.cfg
diff --git a/elchos/syslinux/archiso_head.cfg b/elchos/syslinux/archiso_head.cfg
new file mode 100644
index 00000000..81ad26e1
--- /dev/null
+++ b/elchos/syslinux/archiso_head.cfg
@@ -0,0 +1,25 @@
+SERIAL 0 38400
+UI boot/syslinux/vesamenu.c32
+MENU TITLE Arch Linux
+MENU BACKGROUND boot/syslinux/splash.png
+
+MENU WIDTH 78
+MENU MARGIN 4
+MENU ROWS 7
+MENU VSHIFT 10
+MENU TABMSGROW 14
+MENU CMDLINEROW 14
+MENU HELPMSGROW 16
+MENU HELPMSGENDROW 29
+
+# Refer to http://syslinux.zytor.com/wiki/index.php/Doc/menu
+
+MENU COLOR border       30;44   #40ffffff #a0000000 std
+MENU COLOR title        1;36;44 #9033ccff #a0000000 std
+MENU COLOR sel          7;37;40 #e0ffffff #20ffffff all
+MENU COLOR unsel        37;44   #50ffffff #a0000000 std
+MENU COLOR help         37;40   #c0ffffff #a0000000 std
+MENU COLOR timeout_msg  37;40   #80ffffff #00000000 std
+MENU COLOR timeout      1;37;40 #c0ffffff #00000000 std
+MENU COLOR msg07        37;40   #90ffffff #a0000000 std
+MENU COLOR tabmsg       31;40   #30ffffff #00000000 std
diff --git a/elchos/syslinux/archiso_pxe32.cfg b/elchos/syslinux/archiso_pxe32.cfg
new file mode 100644
index 00000000..14f4aa37
--- /dev/null
+++ b/elchos/syslinux/archiso_pxe32.cfg
@@ -0,0 +1,32 @@
+LABEL arch32_nbd
+TEXT HELP
+Boot the Arch Linux (i686) live medium (Using NBD).
+It allows you to install Arch Linux or perform system maintenance.
+ENDTEXT
+MENU LABEL Boot Arch Linux (i686) (NBD)
+LINUX boot/i686/vmlinuz
+INITRD boot/i686/archiso.img
+APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver}
+SYSAPPEND 3
+
+LABEL arch32_nfs
+TEXT HELP
+Boot the Arch Linux (i686) live medium (Using NFS).
+It allows you to install Arch Linux or perform system maintenance.
+ENDTEXT
+MENU LABEL Boot Arch Linux (i686) (NFS)
+LINUX boot/i686/vmlinuz
+INITRD boot/i686/archiso.img
+APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt
+SYSAPPEND 3
+
+LABEL arch32_http
+TEXT HELP
+Boot the Arch Linux (i686) live medium (Using HTTP).
+It allows you to install Arch Linux or perform system maintenance.
+ENDTEXT
+MENU LABEL Boot Arch Linux (i686) (HTTP)
+LINUX boot/i686/vmlinuz
+INITRD boot/i686/archiso.img
+APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/
+SYSAPPEND 3
diff --git a/elchos/syslinux/archiso_pxe64.cfg b/elchos/syslinux/archiso_pxe64.cfg
new file mode 100644
index 00000000..a1cf9759
--- /dev/null
+++ b/elchos/syslinux/archiso_pxe64.cfg
@@ -0,0 +1,32 @@
+LABEL arch64_nbd
+TEXT HELP
+Boot the Arch Linux (x86_64) live medium (Using NBD).
+It allows you to install Arch Linux or perform system maintenance.
+ENDTEXT
+MENU LABEL Boot Arch Linux (x86_64) (NBD)
+LINUX boot/x86_64/vmlinuz
+INITRD boot/x86_64/archiso.img
+APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver}
+SYSAPPEND 3
+
+LABEL arch64_nfs
+TEXT HELP
+Boot the Arch Linux (x86_64) live medium (Using NFS).
+It allows you to install Arch Linux or perform system maintenance.
+ENDTEXT
+MENU LABEL Boot Arch Linux (x86_64) (NFS)
+LINUX boot/x86_64/vmlinuz
+INITRD boot/x86_64/archiso.img
+APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt
+SYSAPPEND 3
+
+LABEL arch64_http
+TEXT HELP
+Boot the Arch Linux (x86_64) live medium (Using HTTP).
+It allows you to install Arch Linux or perform system maintenance.
+ENDTEXT
+MENU LABEL Boot Arch Linux (x86_64) (HTTP)
+LINUX boot/x86_64/vmlinuz
+INITRD boot/x86_64/archiso.img
+APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/
+SYSAPPEND 3
diff --git a/elchos/syslinux/archiso_pxe_32_inc.cfg b/elchos/syslinux/archiso_pxe_32_inc.cfg
new file mode 100644
index 00000000..e4115df9
--- /dev/null
+++ b/elchos/syslinux/archiso_pxe_32_inc.cfg
@@ -0,0 +1,3 @@
+INCLUDE boot/syslinux/archiso_head.cfg
+INCLUDE boot/syslinux/archiso_pxe32.cfg
+INCLUDE boot/syslinux/archiso_tail.cfg
diff --git a/elchos/syslinux/archiso_pxe_both_inc.cfg b/elchos/syslinux/archiso_pxe_both_inc.cfg
new file mode 100644
index 00000000..15933032
--- /dev/null
+++ b/elchos/syslinux/archiso_pxe_both_inc.cfg
@@ -0,0 +1,4 @@
+INCLUDE boot/syslinux/archiso_head.cfg
+INCLUDE boot/syslinux/archiso_pxe64.cfg
+INCLUDE boot/syslinux/archiso_pxe32.cfg
+INCLUDE boot/syslinux/archiso_tail.cfg
diff --git a/elchos/syslinux/archiso_pxe_choose.cfg b/elchos/syslinux/archiso_pxe_choose.cfg
new file mode 100644
index 00000000..62960654
--- /dev/null
+++ b/elchos/syslinux/archiso_pxe_choose.cfg
@@ -0,0 +1,11 @@
+DEFAULT choose
+
+LABEL choose
+COM32 boot/syslinux/ifcpu64.c32
+APPEND have64 -- nohave64
+
+LABEL have64
+CONFIG boot/syslinux/archiso_pxe_both_inc.cfg
+
+LABEL nohave64
+CONFIG boot/syslinux/archiso_pxe_32_inc.cfg
diff --git a/elchos/syslinux/archiso_sys32.cfg b/elchos/syslinux/archiso_sys32.cfg
new file mode 100644
index 00000000..43f839e1
--- /dev/null
+++ b/elchos/syslinux/archiso_sys32.cfg
@@ -0,0 +1,9 @@
+LABEL arch32
+TEXT HELP
+Boot the Arch Linux (i686) live medium.
+It allows you to install Arch Linux or perform system maintenance.
+ENDTEXT
+MENU LABEL Boot Arch Linux (i686)
+LINUX boot/i686/vmlinuz
+INITRD boot/i686/archiso.img
+APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL%
diff --git a/elchos/syslinux/archiso_sys64.cfg b/elchos/syslinux/archiso_sys64.cfg
new file mode 100644
index 00000000..171877f1
--- /dev/null
+++ b/elchos/syslinux/archiso_sys64.cfg
@@ -0,0 +1,9 @@
+LABEL arch64
+TEXT HELP
+Filehooker boot
+ENDTEXT
+TIMEOUT 50
+MENU LABEL Boot Filehooker image
+LINUX boot/x86_64/vmlinuz
+INITRD boot/x86_64/archiso.img
+APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram=y
diff --git a/elchos/syslinux/archiso_sys_32_inc.cfg b/elchos/syslinux/archiso_sys_32_inc.cfg
new file mode 100644
index 00000000..9e370939
--- /dev/null
+++ b/elchos/syslinux/archiso_sys_32_inc.cfg
@@ -0,0 +1,3 @@
+INCLUDE boot/syslinux/archiso_head.cfg
+INCLUDE boot/syslinux/archiso_sys32.cfg
+INCLUDE boot/syslinux/archiso_tail.cfg
diff --git a/elchos/syslinux/archiso_sys_both_inc.cfg b/elchos/syslinux/archiso_sys_both_inc.cfg
new file mode 100644
index 00000000..e885c403
--- /dev/null
+++ b/elchos/syslinux/archiso_sys_both_inc.cfg
@@ -0,0 +1,4 @@
+INCLUDE boot/syslinux/archiso_head.cfg
+INCLUDE boot/syslinux/archiso_sys64.cfg
+INCLUDE boot/syslinux/archiso_sys32.cfg
+INCLUDE boot/syslinux/archiso_tail.cfg
diff --git a/elchos/syslinux/archiso_sys_choose.cfg b/elchos/syslinux/archiso_sys_choose.cfg
new file mode 100644
index 00000000..24c597aa
--- /dev/null
+++ b/elchos/syslinux/archiso_sys_choose.cfg
@@ -0,0 +1,11 @@
+DEFAULT choose
+
+LABEL choose
+COM32 boot/syslinux/ifcpu64.c32
+APPEND have64 -- nohave64
+
+LABEL have64
+CONFIG boot/syslinux/archiso_sys_both_inc.cfg
+
+LABEL nohave64
+CONFIG boot/syslinux/archiso_sys_32_inc.cfg
diff --git a/elchos/syslinux/archiso_tail.cfg b/elchos/syslinux/archiso_tail.cfg
new file mode 100644
index 00000000..e85d8e14
--- /dev/null
+++ b/elchos/syslinux/archiso_tail.cfg
@@ -0,0 +1,27 @@
+LABEL existing
+TEXT HELP
+Boot an existing operating system.
+Press TAB to edit the disk and partition number to boot.
+ENDTEXT
+MENU LABEL Boot existing OS
+COM32 boot/syslinux/chain.c32
+APPEND hd0 0
+
+# http://www.memtest.org/
+LABEL memtest
+MENU LABEL Run Memtest86+ (RAM test)
+LINUX boot/memtest
+
+# http://hdt-project.org/
+LABEL hdt
+MENU LABEL Hardware Information (HDT)
+COM32 boot/syslinux/hdt.c32
+APPEND modules_alias=boot/syslinux/hdt/modalias.gz pciids=boot/syslinux/hdt/pciids.gz
+
+LABEL reboot
+MENU LABEL Reboot
+COM32 boot/syslinux/reboot.c32
+
+LABEL poweroff
+MENU LABEL Power Off
+COM32 boot/syslinux/poweroff.c32
diff --git a/elchos/syslinux/splash.png b/elchos/syslinux/splash.png
new file mode 100644
index 00000000..91cf53b5
--- /dev/null
+++ b/elchos/syslinux/splash.png
diff --git a/elchos/syslinux/syslinux.cfg b/elchos/syslinux/syslinux.cfg
new file mode 100644
index 00000000..3ee98dee
--- /dev/null
+++ b/elchos/syslinux/syslinux.cfg
@@ -0,0 +1,5 @@
+DEFAULT loadconfig
+
+LABEL loadconfig
+  CONFIG archiso.cfg
+  APPEND ../../
diff --git a/git/gitolite-hooks/irc-announce b/git/gitolite-hooks/irc-announce
new file mode 100755
index 00000000..a135ca67
--- /dev/null
+++ b/git/gitolite-hooks/irc-announce
@@ -0,0 +1,114 @@
+#! /bin/sh
+set -euf
+
+config_file="$GL_ADMIN_BASE/conf/irc-announce.conf"
+if test -f "$config_file"; then
+  . "$config_file"
+fi
+
+# XXX when changing IRC_CHANNEL or IRC_SERVER/_PORT, don't forget to update
+#     any relevant gitolite LOCAL_CODE!
+# CAVEAT we hope that IRC_NICK is unique
+IRC_NICK="${IRC_NICK-gl$GL_TID}"
+IRC_CHANNEL="${IRC_CHANNEL-#retiolum}"
+IRC_SERVER="${IRC_SERVER-ire.retiolum}"
+IRC_PORT="${IRC_PORT-6667}"
+
+# for privmsg_cat below
+export IRC_CHANNEL
+
+# collect users that are mentioned in the gitolite configuration
+interested_users="$(perl -e '
+  do "gl-conf";
+  print join(" ", keys%{ $one_repo{$ENV{"GL_REPO"}} });
+')"
+
+# CAVEAT beware of real TABs in grep pattern!
+# CAVEAT there will never be more than 42 relevant log entries!
+log="$(tail -n 42 "$GL_LOGFILE" | grep "^[^	]*	$GL_TID	")"
+update_log="$(echo "$log" | grep "^[^	]*	$GL_TID	update")"
+
+# (debug output)
+env | sed 's/^/env: /'
+echo "$log" | sed 's/^/log: /'
+
+# see http://gitolite.com/gitolite/dev-notes.html#lff
+reponame=$(echo "$update_log" | cut -f 4)
+username=$(echo "$update_log" | cut -f 5)
+ref_name=$(echo "$update_log" | cut -f 7 | sed 's|^refs/heads/||')
+old_sha=$(echo "$update_log" | cut -f 8)
+new_sha=$(echo "$update_log" | cut -f 9)
+
+# check if new branch is created
+if test $old_sha = 0000000000000000000000000000000000000000; then
+  # TODO what should we really show?
+  old_sha=$new_sha^
+fi
+
+#
+git_log="$(git log $old_sha..$new_sha --pretty=oneline --abbrev-commit)"
+commit_count=$(echo "$git_log" | wc -l)
+
+# echo2 and cat2 are used output to both, stdout and stderr
+# This is used to see what we send to the irc server. (debug output)
+echo2() { echo "$*"; echo "$*" >&2; }
+cat2() { tee /dev/stderr; }
+
+# privmsg_cat transforms stdin to a privmsg
+privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
+
+# ircin is used to feed the output of netcat back to the "irc client"
+# so we can implement expect-like behavior with sed^_^
+# XXX mkselfdestructingtmpfifo would be nice instead of this cruft
+tmpdir="$(mktemp -d irc-announce_XXXXXXXX)"
+cd "$tmpdir"
+mkfifo ircin
+trap "
+  rm ircin
+  cd '$OLDPWD'
+  rmdir '$tmpdir'
+  trap - EXIT INT QUIT
+" EXIT INT QUIT
+
+#
+#
+#
+{
+  echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)"
+  echo2 "NICK $IRC_NICK"
+
+  # wait for MODE message
+  sed -n '/^:[^ ]* MODE /q'
+
+  echo2 "JOIN $IRC_CHANNEL"
+
+  echo "$interested_users" \
+    | tr ' ' '\n' \
+    | grep -v "^$GL_USER" \
+    | sed 's/$/: poke/' \
+    | privmsg_cat \
+    | cat2
+
+  printf '[13%s] %s pushed %s new commit%s to 6%s %s\n' \
+      "$reponame" \
+      "$username" \
+      "$commit_count" \
+      "$(test $commit_count = 1 || echo s)" \
+      "$(hostname)" \
+      "$ref_name" \
+    | privmsg_cat \
+    | cat2
+
+  echo "$git_log" \
+    | sed 's/^/14/;s/ / /' \
+    | privmsg_cat \
+    | cat2
+
+  echo2 "PART $IRC_CHANNEL"
+
+  # wait for PART confirmation
+  sed -n '/:'"$IRC_NICK"'![^ ]* PART /q'
+
+  echo2 'QUIT :Gone to have lunch'
+} < ircin \
+  | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin
diff --git a/god/streams/bin/relaxxapi.py b/god/streams/bin/relaxxapi.py
index 55e628b0..38650907 100755
--- a/god/streams/bin/relaxxapi.py
+++ b/god/streams/bin/relaxxapi.py
@@ -1,16 +1,14 @@
-#!/usr/bin/python2
+#!/usr/bin/python
 import json
-from urllib import quote
+from urllib.parse import quote
 class relaxx:
-
+    r = ""
     def __init__(self,relaxxurl="http://lounge.mpd.shack/"):
         self.baseurl=relaxxurl
+
         import requests
-        ret = requests.get(relaxxurl) # grab cookie
-        try:
-            self.r = requests.session(cookies=ret.cookies,headers={"Referer":relaxxurl})
-        except:
-            print ("you are missing the `requests` dependency, please do a `pip install requests`")
+        self.r = requests.session()
+        ret = self.r.get(relaxxurl) # grab cookie
     def _status(self,value=0,data="json=null"):
         """
         value is some weird current playlist value, 0 seems to work
@@ -66,9 +64,9 @@ class relaxx:
         return self.r.get(url).text
 
     def add_radio(self,playlist=""):
-        print playlist
-        print self._radio(playlist)
-        print json.loads(self._radio(playlist)) #[1:-1])["url"]
+        print(playlist)
+        print(self._radio(playlist))
+        print(json.loads(self._radio(playlist))) #[1:-1])["url"]
         resolved_url= json.loads(self._radio(playlist)[1:-1])["url"]
         self.add_song(resolved_url)
 
@@ -130,9 +128,9 @@ class relaxx:
 
 if __name__ == "__main__":
     r = relaxx()
-    print r.state()
-    print r.playing()
-    print r.add_radio("http://deluxetelevision.com/livestreams/radio/DELUXE_RADIO.pls")
+    print(r.state())
+    print(r.playing())
+    print(r.add_radio("http://deluxetelevision.com/livestreams/radio/DELUXE_RADIO.pls"))
     #print r.clear()
     #print r.add_radio("http://somafm.com/lush.pls")
     #print r.get_first()["Id"]
diff --git a/god/streams/bin/relaxxstreams b/god/streams/bin/relaxxstreams
index 0d3813a7..75b03df1 100755
--- a/god/streams/bin/relaxxstreams
+++ b/god/streams/bin/relaxxstreams
@@ -1,10 +1,10 @@
-#!/usr/bin/python2
+#!/usr/bin/python
 
 # this version cannot tell if a stream is running or just ordinary music
 import os
 import sys
 import json
-from urllib import quote
+from urllib.parse import quote
 from relaxxapi import relaxx 
 
 try:
@@ -40,48 +40,48 @@ def streamForUrl(url):
             return stream 
 
 def startStream(stream_url):
-    print api.crossfade("5")
-    print api.repeat("1")
-    print api.clear()
-    print api.add_song(stream_url)
-    print api.play_first()
+    print(api.crossfade("5"))
+    print(api.repeat("1"))
+    print(api.clear())
+    print(api.add_song(stream_url))
+    print(api.play_first())
 
 def start(stream):
     ret = api.playing()
     if ret:
-        print "!! Stream `%s` already running !" % \
-                (ret)
+        print("!! Stream `%s` already running !" % \
+                (ret))
     else:
         startStream(urlForStream(stream))
-        print "** Starting `%s`."% stream
+        print("** Starting `%s`."% stream)
 
 
 def stop():
     ret = api.playing()
     if not ret:
-        print "!! No Stream running!"
+        print("!! No Stream running!")
     else:
-        print "** Stopping `%s`" % ret
+        print("** Stopping `%s`" % ret)
         api.stop()
 
 def slist():
     for url, name in urls:
-        print "%s : %s" % (name, url)
+        print("%s : %s" % (name, url))
 
 def shorthelp():
-    print "start|stop|restart|status|list [audio stream]"
+    print("start|stop|restart|status|list [audio stream]")
 
 
 def longhelp():
-    print "Usage: %s" % mybin,
+    print("Usage: %s" % mybin)
     shorthelp
-    print """[32;1m get all available streams with [31;1;4m'/%(fil)s list'[m
+    print("""[32;1m get all available streams with [31;1;4m'/%(fil)s list'[m
     Examples:
     %(fil)s list
     %(fil)s start groove
     %(fil)s switch deepmix
     %(fil)s status
-    %(fil)s stop""" % {'fil': mybin}
+    %(fil)s stop""" % {'fil': mybin})
 
 if cmd == "start":
     start(stream)
@@ -93,9 +93,9 @@ elif cmd == "switch" or cmd == "restart":
 elif cmd == "status":
     ret = api.playing()
     if not ret:
-        print "** nothing running"  # , e
+        print("** nothing running")  # , e
     else:
-        print "Now Playing: %s" % ret
+        print("Now Playing: %s" % ret)
 elif cmd == "list":
     slist()
 elif cmd == "--help":
@@ -103,5 +103,5 @@ elif cmd == "--help":
 elif cmd == "-h":
     shorthelp()
 else:
-    print "unknown command `%s`" % cmd
-    print "try `%s` --help" % os.path.basename(mybin)
+    print("unknown command `%s`" % cmd)
+    print("try `%s` --help" % os.path.basename(mybin))
diff --git a/keydir/lass.pub b/keydir/lass.pub
new file mode 100644
index 00000000..c3688448
--- /dev/null
+++ b/keydir/lass.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== death@uriel
diff --git a/keydir/makefu.pub b/keydir/makefu.pub
new file mode 100644
index 00000000..6092ec46
--- /dev/null
+++ b/keydir/makefu.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster
diff --git a/keydir/matz.pub b/keydir/matz.pub
new file mode 100644
index 00000000..35988998
--- /dev/null
+++ b/keydir/matz.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGJd2nwNiiaH+raIdSmlRhBpmv9cJ9yNiRfu9u7fGdHVVEN9sJhKL4jsZisPyaoQmEVQ96EUHRpQpqy9PyUsbP3gA4O3IQEzw5KUO5hFSJ/QoSDP0u1FAYqW6JHCSldrbs/wZbZLcO+3ykMnGWJh70jhhQTFQPCKGSjEFBvNveAS1FF6qIlXmJbRjtb3PUtPrryXHXtpzp1lQ7nfsExiBKW1/WaSL5/Wy/nj1C6LqDz4ONTRZ6KcO064ZpyDMMRaiFY/d8fT8mkY7es2fspPvJWlLAHpwIPW1vR75P0iuyN0MaVL1PoV8ISo04+cG3/4Hwkws7K2qh8GurCACmw2WR matz@dei.local
diff --git a/keydir/tv.pub b/keydir/tv.pub
new file mode 100644
index 00000000..d295bbe4
--- /dev/null
+++ b/keydir/tv.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDYv5OkVrnerkzJwgi7ol7HzcWJf4oWCJTX84trFX5vgJXu1zMvSe+koY8xpnMOd7WHF2wgsjjrFlMuixTrfMPc/OjvG2N1TlnvzlFD8ivTW/AJzDwNxT//niqAYAZ9kmb8e/zE/SyNHSKZcyEKGiiW2+YW9wWHPYRP/XiNEjLP3BeTGScMwWr001V/8m7ne4SGHrE1FbHbHqaBXgqUFgnvzMY3CsfDafODZlj5xSMNGHyLGNNKvu3YR1crcAjbQrBXBdwaArThFxp+e2uWrnffshlks6WtRyR1AFVjc/gxEG74Axq1AHY6EJm2Fw/JdFNiYQ7yyQZHS9bZJYjgnWF tv@nomic
diff --git a/keydir/uriel.pub b/keydir/uriel.pub
new file mode 100644
index 00000000..431c510b
--- /dev/null
+++ b/keydir/uriel.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDvw8SenwAMo/fz/UiosuxVg5TJgL4xkG2JSJsC/N1CKW4LmYt2YPQpW88XjtpBw1rrkIV3ZTxa0vMeQmixqJhnLf3/ZS6nocQLhCMiBSVvFkr5TekeyBpEnjdv6MNM84A1rCXmJNtlsIh1V2OzVlNoZkzaOzQo81uyFmQPYPS9VJo4sGYHip58lIBPdGzXmLEl6waL0Hy6RA2S83tildt3z0OncT+zoZrwqm71tii3oPk7Q5sSBBMMdDjQqyEXXcXaD6wpokhNMiZVr7xdoN8wnb1FNHYWgubJPoqgQ+2lw0TcUEZGk9rUWddepEYYZM18tpBkhvucluTpNiy1P78qyX3Yqkt3t2SvCmrMvogt/ytjUma5AZR+BtN8ri8/FkBn0ehBJXg+dOd4EjJ3HahrBUy4IC2xeK4Z95i0sYKJgVUe8+E5c81PbKiV1dE6ETsxX3gFJypDWiszWNNt+PYmVRK0rVacTkpHXCJRbfAhEiXhFstoENDRK7o77r+v8xJpTScM2cZRl9r9OwLi+MuTyDTC45NhBdWkKB2Z65NRqtKGChrJecZ9CizqrXcw4tvhLUuUZNIFU1eYwywaXJBTEoV3nlgZjVOdjgVg/wfYXCbpxHXwx2VAtqeQtSLu9uwuPlMKctMjgOvibNmqGNJINwkL7HyyiikdAoICwytXAQ== lass@uriel
diff --git a/news/.gitignore b/news/.gitignore
new file mode 100644
index 00000000..07e6e472
--- /dev/null
+++ b/news/.gitignore
@@ -0,0 +1 @@
+/node_modules
diff --git a/news/controller.py b/news/controller.py
deleted file mode 100755
index e9e94476..00000000
--- a/news/controller.py
+++ /dev/null
@@ -1,151 +0,0 @@
-from time import sleep
-import irc.bot
-import _thread
-import rssbot
-import os
-import subprocess
-
-class NewsBot(irc.bot.SingleServerIRCBot):
-    def __init__(self, name, chans=['#news'], server='ire', port=6667, timeout=60):
-        irc.bot.SingleServerIRCBot.__init__(self, [(server, port)], name, name)
-        self.name = name
-        self.server = server
-        self.port = port
-        self.chans = chans
-        self.to = timeout
-
-    def start(self):
-        self.bot = _thread.start_new_thread(irc.bot.SingleServerIRCBot.start, (self,))
-
-    def on_welcome(self, connection, event):
-        for chan in self.chans:
-            connection.join(chan)
-
-    def send(self, target, string):
-        for line in string.split('\n'):
-            self.connection.action(target, line)
-            sleep(1)
-
-    def on_privmsg(self, connection, event):
-        args_array = event.arguments[0].split()
-        answer = self.read_message(args_array)
-        self.send(event.source.nick, answer)
-
-    def on_pubmsg(self, connection, event):
-        args_array = event.arguments[0].split()
-        if len(args_array) > 0 and args_array[0][:-1]==self.name:
-            answer = self.read_message(args_array[1:])
-            self.send(event.target, answer)
-
-    def on_invite(self, connection, event):
-        for chan in event.arguments:
-            connection.join(chan)
-
-    def read_message(self, args):
-        try:
-            if args[0] in [x for x in commands.__dict__.keys() if x.find('_')]:
-                func = getattr(commands, args[0])
-                return func(args)
-            else:
-                return 'command not found'
-        except:
-            return "mimimimi"
-
-
-
-class commands():
-    def add(args): 
-        if args[1] not in bots and not args[1]==knews.name:
-            bot = rssbot.RssBot(args[2], args[1], url_shortener=url_shortener)
-            bots[args[1]] = bot
-            bot.start()
-            return "bot " + args[1] + " added"
-        else:
-            return args[1] + ' does already exist'
-
-    def delete(args):
-        bots[args[1]].stop()
-        del bots[args[1]]
-        return "bot " + args[1] + " deleted"
-
-    def rename(args):
-        if args[1] in bots:
-            if args[2] in bots:
-                return args[2] + ' already taken'
-            else:
-                bots[args[1]].connection.nick(args[2])
-                bots[args[1]].name = args[2]
-                bots[args[2]] = bots[args[1]]
-                del bots[args[1]]
-                return 'renamed ' + args[1] + ' in ' + args[2]
-        else:
-            return args[1] + ' does not exist'
-
-    def save(args):
-        output_buffer = ''
-        for bot in bots:
-            if bots[bot].loop:
-                output_buffer += bot + '|' + bots[bot].url + '|' + ' '.join(bots[bot].channels) + '\n'
-
-        F = open(feedfile, "w")
-        F.writelines(output_buffer)
-        F.close()
-
-        return "bots saved to " + feedfile
-
-    def caps(args):
-        return ' '.join([x for x in commands.__dict__.keys() if x.find('_')])
-
-    def list(args):
-        output_buffer = ''
-        for bot in bots:
-            output_buffer += bot + ' url: ' + bots[bot].url + '\n'
-        return output_buffer
-
-    def info(args):
-        if args[1] in bots:
-            output_buffer = ''
-            for data in ['title', 'link', 'updated']:
-                if data in bots[args[1]].feed.feed:
-                    output_buffer += data + ': ' + bots[args[1]].feed.feed[data] + '\n'
-            output_buffer += 'lastnew: ' + bots[args[1]].lastnew.isoformat() + '\n'
-            output_buffer += 'rssurl: ' + bots[args[1]].url
-            return output_buffer
-        else:
-            return 'bot not found'
-
-    def search(args):
-        output = subprocess.check_output(['./GfindFeeds4bot', args[1]]).decode()
-        return output
-
-    def uptime(args):
-        output = subprocess.check_output(['uptime']).decode()
-        return output
-
-feedfile = 'new_feeds'
-url_shortener = 'http://wall'
-init_channels = ['#news']
-
-if 'FEEDFILE' in os.environ:
-    feedfile = os.environ['FEEDFILE']
-
-if 'URLSHORT' in os.environ:
-    url_shortener = os.environ['URLSHORT']
-
-bots = {}
-knews = NewsBot('knews')
-
-#config file reading
-F = open(feedfile, "r")
-lines = F.readlines()
-F.close()
-
-for line in lines:
-    line = line.strip('\n')
-    linear = line.split('|')
-    bot = rssbot.RssBot(linear[1], linear[0], init_channels + linear[2].split(), url_shortener)
-    bot.start()
-    bots[linear[0]] = bot
-
-knews.start()
-
diff --git a/news/new_feeds b/news/new_feeds
index 97f2f762..a5de8d72 100644
--- a/news/new_feeds
+++ b/news/new_feeds
@@ -1,110 +1,183 @@
-faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#news
+aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#news
+aktuelle_themen|http://bundestag.de/service/rss/Bundestag_Aktuelle_Themen.rss|#news #bundestag
+allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#news
+anon|http://anoninsiders.net/feed/|#news
+antirez|http://antirez.com/rss|#news
+arbor|http://feeds2.feedburner.com/asert/|#news
+archlinux|http://www.archlinux.org/feeds/news/|#news
+ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news
+asiaone_asia|http://news.asiaone.com/rss/asia|#news
+asiaone_business|http://business.asiaone.com/rss.xml|#news
+asiaone_sci|http://news.asiaone.com/rss/science-and-tech|#news
+asiaone_world|http://news.asiaone.com/rss/world|#news
+augustl|http://augustl.com/atom.xml|#news
+bbc|http://feeds.bbci.co.uk/news/rss.xml|#news
+bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag
+bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#news #bundestag
+bdt_pressemitteilungen|http://bundestag.de/service/rss/Bundestag_Presse.rss|#news #bundestag
+bdt_wd|http://bundestag.de/service/rss/Bundestag_WD.rss|#news #bundestag
+bitcoinboard|http://bitcoinboard.net/feed/|#news #financial
+bitcoinpakistan|https://bitcoinspakistan.com/feed/|#news #financial
+businessweek|http://www.businessweek.com/feeds/homepage.rss|#news
+cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news
+carta|http://feeds2.feedburner.com/carta-standard-rss|#news
 catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#news
-lisp|http://planet.lisp.org/rss20.xml|#news
-sciencemag|http://news.sciencemag.org/rss/current.xml|#news
-weechat|http://dev.weechat.org/feed/atom|#news
-nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#news
+cbc_busi|http://rss.cbc.ca/lineup/business.xml|#news
+cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#news
+cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#news
+cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#news
+cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#news
 ccc|http://www.ccc.de/rss/updates.rdf|#news
+chan_b|http://boards.4chan.org/b/index.rss|#brainfuck
+chan_biz|http://boards.4chan.org/biz/index.rss|#news #brainfuck
+chan_g|http://boards.4chan.org/g/index.rss|#news #brainfuck
+chan_int|http://boards.4chan.org/int/index.rss|#news #brainfuck
+cna|http://www.channelnewsasia.com/starterkit/servlet/cna/rss/home.xml|#news
+cryptanalysis|https://cryptanalys.is/rss.php|#news
+coindesk|http://feeds.feedburner.com/CoinDesk?format=xml|#news #financial
+coinspotting|http://coinspotting.com/rss|#news #financial
+cryptoarticles|http://www.cryptoarticles.com/crypto-news?format=rss|#news
+cryptocoinsnews|http://www.cryptocoinsnews.com/feed/|#news #financial
+cryptogon|http://www.cryptogon.com/?feed=rss2|#news
+csm|http://rss.csmonitor.com/feeds/csm|#news
+csm_world|http://rss.csmonitor.com/feeds/world|#news
+cyberguerrilla|https://www.cyberguerrilla.org/a/2012/?feed=rss2|#news
 danisch|http://www.danisch.de/blog/feed/|#news
-tinc|http://tinc-vpn.org/news/index.rss|#news
-ft_india|http://www.ft.com/rss/home/india|#news
-nasa_news|http://www.nasa-usa.de/rss/dyn/breaking_news.rss|#news
-GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#news
-un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#news
-shz_news|http://www.shz.de/nachrichten/newsticker/rss|#news
-wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#news
-fbi_nat_press|http://www.fbi.gov/news/rss|#news
 dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news
-faz_politik|http://www.faz.net/rss/aktuell/politik/|#news
-spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#news
-presseportal|http://www.presseportal.de/rss/presseportal.rss2|#news
-telegraph_uk|http://www.telegraph.co.uk/news/uknews/rss|#news
-LtU|http://lambda-the-ultimate.org/rss.xml|#news
-vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
-schallurauch|http://feeds.feedburner.com/SchallUndRauch|#news
-add|kernel|#news
-anon|http://anoninsiders.net/feed/|#news
-4chan_status|http://status.4chan.org/feeds/posts/default?alt=rss|
-nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news
-bbc|http://feeds.bbci.co.uk/news/rss.xml|#news
-bild|http://rss.bild.de/bild.xml|#news
-reddit_world|http://www.reddit.com/r/worldnews/.rss|#news
-fbi|http://www.fbi.gov/homepage/RSS|#news
-reddit_sci|http://www.reddit.com/r/science/.rss|#news
-geheimorganisation|http://geheimorganisation.org/feed/|#news
+ecat|http://ecat.com/feed|#news
 eia_press|http://www.eia.gov/rss/press_rss.xml|#news
-nsa|http://www.nsa.gov/rss.shtml|#news
-travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#news
-tigsource|http://www.tigsource.com/feed/|#news
-un_top|http://www.un.org/apps/news/rss/rss_top.asp|#news
-archlinux|http://www.archlinux.org/feeds/news/|#news
-sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#news
-coinspotting|http://coinspotting.com/rss|#news
-fefe|http://blog.fefe.de/rss.xml|#news
+eia_today|http://www.eia.gov/rss/todayinenergy.xml|#news
 embargowatch|https://embargowatch.wordpress.com/feed/|#news
-spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#news
-aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#news
-gulli|http://ticker.gulli.com/rss/|#news
-us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#news
-tagesschau|http://www.tagesschau.de/newsticker.rdf|#news
+ethereum-comments|http://blog.ethereum.org/comments/feed|#news
+ethereum|http://blog.ethereum.org/feed|#news
+europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#news
+eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#news
+exploitdb|http://www.exploit-db.com/rss.xml|#news
+fars|http://www.farsnews.com/rss.php|#news #test
+faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#news
+faz_politik|http://www.faz.net/rss/aktuell/politik/|#news
+faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#news #financial
+fbi|http://www.fbi.gov/homepage/RSS|#news #bullerei
 fbi_news|http://www.fbi.gov/news/news_blog/rss.xml|#news
-bmj|http://www.bmj.com/rss|#news
-ft_me|http://www.ft.com/rss/home/middleeast|#news
-fbi_stories|http://www.fbi.gov/news/stories/all-stories/rss.xml|#news
-sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#news
-arbor|http://feeds2.feedburner.com/asert/|#news
-reddit_tech|http://www.reddit.com/r/technology/.rss|#news
+fbi_press|http://www.fbi.gov/news/current/rss.xml|#news #bullerei
+fbi_stories|http://www.fbi.gov/news/stories/all-stories/rss.xml|#news #bullerei
+fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#news #financial
+fefe|http://blog.fefe.de/rss.xml|#news
+forbes|http://www.forbes.com/forbes/feed2/|#news
+forbes_realtime|http://www.forbes.com/real-time/feed2/|#news
+fox|http://feeds.foxnews.com/foxnews/latest|#news
+fvwm|http://freecode.com/projects/fvwm/releases.atom|#news
+geheimorganisation|http://geheimorganisation.org/feed/|#news
+GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#news
+gmanet|http://www.gmanetwork.com/news/rss/news|#news
 golem|http://www.golem.de/rss.php?feed=RSS1.0|#news
+google|http://news.google.com/?output=rss|#news
+guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#news
+gulli|http://ticker.gulli.com/rss/|#news
+handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news #financial
 heise|http://heise.de.feedsportal.com/c/35207/f/653902/index.rss|#news
-fbi_press|http://www.fbi.gov/news/current/rss.xml|#news
-ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news
-cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news
-un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#news
-europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#news
-fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#news
-exploitdb|http://www.exploit-db.com/rss.xml|#news
-xkcd|https://xkcd.com/rss.xml|#news
-reddit_prog|http://reddit.com/r/programming/|#news
+hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial
+hindu|http://www.thehindu.com/?service=rss|#news
+hintergrund|http://www.hintergrund.de/index.php?option=com_bca-rss-syndicator&feed_id=8|#news
 HN|http://news.ycombinator.com/rss|#news
-sz_wissen|http://suche.sueddeutsche.de/rss/Wissen|#news
+ign|http://feeds.ign.com/ign/all|#news
+independent|http://www.independent.com/rss/headlines/|#news
+indymedia|http://de.indymedia.org/RSS/newswire.xml|#news
+info_libera|http://www.informationliberation.com/rss.xml|#news
+klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#news
+korea_herald|http://www.koreaherald.com/rss_xml.php|#news
+linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#news
+lisp|http://planet.lisp.org/rss20.xml|#news
+liveleak|http://www.liveleak.com/rss|#news
+lolmythesis|http://lolmythesis.com/rss|#news
+LtU|http://lambda-the-ultimate.org/rss.xml|#news
+lukepalmer|http://lukepalmer.wordpress.com/feed/|#news
+mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#news
+mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news
+nds|http://www.nachdenkseiten.de/?feed=atom|#news
+netzpolitik|https://netzpolitik.org/feed/|#news
+newsbtc|http://newsbtc.com/feed/|#news #financial
+nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#news
+npr_busi|http://www.npr.org/rss/rss.php?id=1006|#news
+npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news
+npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news
+npr_world|http://www.npr.org/rss/rss.php?id=1004|#news
+nsa|http://www.nsa.gov/rss.shtml|#news #bullerei
+nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news
+phys|http://phys.org/rss-feed/|#news
+piraten|https://www.piratenpartei.de/feed/|#news
+polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#news #bullerei
+presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#news #bullerei
+presseportal|http://www.presseportal.de/rss/presseportal.rss2|#news
+prisonplanet|http://prisonplanet.com/feed.rss|#news
+proofmarket|https://proofmarket.org/feed_problem|#news
+rawstory|http://www.rawstory.com/rs/feed/|#news
+reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#news #brainfuck
+reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#news
+reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#news #financial
+reddit_consp|http://reddit.com/r/conspiracy/.rss|#news
+reddit_sci|http://www.reddit.com/r/science/.rss|#news
+reddit_tech|http://www.reddit.com/r/technology/.rss|#news
+reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#news #tpp
+reddit_world|http://www.reddit.com/r/worldnews/.rss|#news
+r-ethereum|http://www.reddit.com/r/ethereum/.rss|#news
+reuters|http://feeds.reuters.com/Reuters/worldNews|#news
+reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#news
+rt|http://rt.com/rss/news/|#news
+schallurauch|http://feeds.feedburner.com/SchallUndRauch|#news
+sciencemag|http://news.sciencemag.org/rss/current.xml|#news
 scmp|http://www.scmp.com/rss/91/feed|#news
+sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#news
 shackspace|http://shackspace.de/?feed=rss2|#news
-greenpeace|http://www.greenpeace.de/nachrichten/feed/rss2/|#news
-rt|http://rt.com/rss/news/|#news
-nasa_iotd|http://www.nasa-usa.de/rss/dyn/lg_image_of_the_day.rss|#news
-z0r|https://www.facebook.com/feeds/page.php?format=atom10&id=278857186139|#news
-stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#news
-reuters|http://feeds.reuters.com/Reuters/worldNews|#news
-gmanet|http://www.gmanetwork.com/news/rss/news|#news
-un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#news
+shz_news|http://www.shz.de/nachrichten/newsticker/rss|#news
+sky_busi|http://news.sky.com/feeds/rss/business.xml|#news
+sky_pol|http://news.sky.com/feeds/rss/politics.xml|#news
+sky_strange|http://news.sky.com/feeds/rss/strange.xml|#news
+sky_tech|http://news.sky.com/feeds/rss/technology.xml|#news
+sky_world|http://news.sky.com/feeds/rss/world.xml|#news
 slashdot|http://rss.slashdot.org/Slashdot/slashdot|#news
-antirez|http://antirez.com/rss|#news
+slate|http://feeds.slate.com/slate|#news
+spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#news
+spiegelfechter|http://feeds.feedburner.com/DerSpiegelfechter?format=xml|#news
+spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#news
+standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#news
+stern|http://www.stern.de/feed/standard/all/|#news
+stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#news
+sz_politik|http://rss.sueddeutsche.de/rss/Politik|#news
+sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#news #financial
+sz_wissen|http://suche.sueddeutsche.de/rss/Wissen|#news
+tagesschau|http://www.tagesschau.de/newsticker.rdf|#news
+taz|http://taz.de/Themen-des-Tages/!p15;rss/|#news
+telegraph_finance|http://www.telegraph.co.uk/finance/rss|#news #financial
+telegraph_pol|http://www.telegraph.co.uk/news/politics/rss|#news
+telegraph_uk|http://www.telegraph.co.uk/news/uknews/rss|#news
 telegraph_world|http://www.telegraph.co.uk/news/worldnews/rss|#news
-fvwm|http://freecode.com/projects/fvwm/releases.atom|#news
-eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#news
-eia_today|http://www.eia.gov/rss/todayinenergy.xml|#news
-reddit_consp|http://reddit.com/r/conspiracy/.rss|#news
-ft_uk|http://www.ft.com/rss/home/uk|#news
+telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news
+the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news
+tigsource|http://www.tigsource.com/feed/|#news
 times|http://www.thetimes.co.uk/tto/news/rss|#news
-phys|http://phys.org/rss-feed/|#news
-stern|http://www.stern.de/feed/standard/all/|#news
-zdnet|http://www.zdnet.com/news/rss.xml|#news
-presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#news
+tinc|http://tinc-vpn.org/news/index.rss|#news
+topix_b|http://www.topix.com/rss/wire/de/berlin|#news
+torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news
+torrentfreak|http://feeds.feedburner.com/Torrentfreak|#news
 torr_news|http://feed.torrentfreak.com/Torrentfreak/|#news
-faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#news
-telegraph_finance|http://www.telegraph.co.uk/finance/rss|#news
-linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#news
-telegraph_pol|http://www.telegraph.co.uk/news/politics/rss|#news
-lolmythesis|http://lolmythesis.com/rss|#news
-taz|http://taz.de/Themen-des-Tages/!p15;rss/|#news
+travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#news
+truther|http://truthernews.wordpress.com/feed/|#news
 un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#news
-ft_us|http://www.ft.com/rss/home/us|#news
-telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news
-ft_europe|http://www.ft.com/rss/home/europe|#news
-handelblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news
-rawstory|http://www.rawstory.com/rs/feed/|#news
-sz_politik|http://rss.sueddeutsche.de/rss/Politik|#news
+un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#news
+un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#news
+un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#news
 un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#news
-torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news
-ign|http://feeds.ign.com/ign/all|#news
-ft_asia|http://www.ft.com/rss/home/asia|#news
+un_top|http://www.un.org/apps/news/rss/rss_top.asp|#news
+us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#news
+vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
+weechat|http://dev.weechat.org/feed/atom|#news
+wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#news
+xkcd|https://xkcd.com/rss.xml|#news
+yahoo|http://news.yahoo.com/rss/|#news
+zdnet|http://www.zdnet.com/news/rss.xml|#news
+reddit_prog|http://www.reddit.com/r/programming/new/.rss|#news
+bmj|[object Object]|#news
+dod|http://www.defense.gov/news/afps2.xml|#news
+greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#news
+painload|https://github.com/krebscode/painload/commits/master.atom|#news
diff --git a/news/newsbot.js b/news/newsbot.js
new file mode 100644
index 00000000..18b5f780
--- /dev/null
+++ b/news/newsbot.js
@@ -0,0 +1,272 @@
+var IRC = require('irc')
+var FeedParser = require('feedparser')
+var Request = require('request')
+var Parse = require('shell-quote').parse
+var FS = require('fs')
+var HTTP = require('http')
+var FormData = require('form-data')
+var URL = require('url')
+
+var irc_server = 'ire.retiolum'
+var master_nick = 'knews'
+var news_channel = '#news'
+var feeds_file = 'new_feeds'
+var feedbot_loop_delay = 60 * 1000 // [ms]
+var feedbot_create_delay = 200 // [ms]
+var url_shortener_host = 'go'
+
+var slaves = {}
+
+function main () {
+  var master = new IRC.Client(irc_server, master_nick, {
+    channels: [ news_channel ],
+  })
+
+  master.on('message' + news_channel, function (nick, text, message) {
+    if (is_talking_to(master_nick, text)) {
+      var request = parse_request(text)
+      if (request) {
+        return run_command(request.method, request.params, function (error, result) {
+          if (error) {
+            return master.say(news_channel, '4' + error)
+          } else {
+            return master.say(news_channel, result)
+          }
+        })
+      }
+    }
+  })
+
+  master.once('registered', function () {
+    // read feeds file and create a feedbot for each entry
+    FS
+      .readFileSync(feeds_file)
+      .toString()
+      .split('\n')
+      //.filter((function () {
+      //  var n = 2;
+      //  return function () {
+      //    return n-- > 0
+      //  }
+      //})())
+      .filter(function (line) {
+        return line.length > 0
+      })
+      .forEach(function (line, i) {
+        var parts = line.split('|')
+        if (parts.length !== 3) {
+          console.log('bad new_feeds line ' + lines + ': ' + line)
+          return
+        }
+
+        var nick = parts[0]
+        var uri = parts[1]
+        var channels = parts[2].split(' ')
+
+        setTimeout(function () {
+          return create_feedbot(nick, uri, channels)
+        }, i*feedbot_create_delay)
+      })
+  })
+}
+
+function create_feedbot (nick, uri, channels) {
+  var client = new IRC.Client(irc_server, nick, {
+    channels: channels,
+    autoRejoin: false,
+  })
+
+  slaves[nick] = {
+    client: client,
+    nick: nick,
+    uri: uri,
+  }
+
+  // say text in every joined channel
+  function broadcast (text) {
+    Object.keys(client.chans).forEach(function (channel) {
+      client.say(channel, text)
+    })
+  }
+
+  function broadcast_new_item (item) {
+    return getShortLink(item.link, function (error, shortlink) {
+      return broadcast(item.title + ' ' + shortlink)
+    })
+  }
+  
+  client.once('registered', loop_feedparser)
+  client.once('registered', deaf_myself)
+
+  client.on('invite', function (channel, from, message) {
+    client.join(channel, null)
+  })
+
+  client.on('error', function (error) {
+    console.log('Error:', error)
+  })
+
+  // TODO stopping criteria
+  function loop_feedparser () {
+    try {
+      var request = Request(uri)
+      var feedparser = new FeedParser()
+    } catch (error) {
+      return broadcast('4' + error)
+    }
+
+    request.on('error', function (error) {
+      broadcast('4request ' + error)
+    })
+    request.on('response', function (response) {
+      if (response.statusCode !== 200) {
+        return this.emit('error', new Error('Bad status code'))
+      }
+      var output = response
+      switch (response.headers['content-encoding']) {
+        case 'gzip':
+          output = zlib.createGunzip()
+          response.pipe(output)
+          break
+        case 'deflate':
+          output = zlib.createInflate()
+          response.pipe(output)
+          break
+      }
+      this.pipe(feedparser)
+    })
+
+    var items = []
+
+    feedparser.on('error', function (error) {
+      broadcast('4feedparser ' + error)
+      return continue_loop()
+    })
+    feedparser.on('readable', function () {
+      for (var item; item = this.read(); ) {
+        items.push(item)
+      }
+    })
+    feedparser.on('end', function () {
+
+      if (client.lastItems) {
+        items.forEach(function (item) {
+          if (!client.lastItems.hasOwnProperty(item.title)) {
+            broadcast_new_item(item)
+          }
+        })
+      }
+
+      client.lastItems = {}
+      items.forEach(function (item) {
+        client.lastItems[item.title] = true
+      })
+
+      return continue_loop()
+    })
+
+    function continue_loop () {
+      setTimeout(loop_feedparser, feedbot_loop_delay)
+    }
+  }
+  function deaf_myself () {
+    client.send('mode', nick, '+D')
+  }
+}
+
+// return true if text "is talking to" my_nick
+function is_talking_to (my_nick, text) {
+  return text.slice(0, my_nick.length) === my_nick
+      && text[my_nick.length] === ':'
+}
+
+function parse_request (text) {
+  var parse = Parse(text)
+  return {
+    method: parse[1],
+    params: parse.slice(2),
+  }
+}
+
+function run_command (methodname, params, callback) {
+  var method = methods[methodname]
+  if (method) {
+    return method(params, callback)
+  } else {
+    return callback(new Error('dunno what ' + methodname + ' is'));
+  }
+}
+
+function getShortLink (link, callback) {
+  var form = new FormData()
+  try {
+    form.append('uri', link)
+  } catch (err) {
+    console.log('link:', link)
+    throw err
+  }
+
+  var request = HTTP.request({
+    method: 'post',
+    host: url_shortener_host,
+    path: '/',
+    headers: form.getHeaders(),
+  })
+  form.pipe(request)
+
+  request.on('response', function (response) {
+    var data = ''
+    response.on('data', function (chunk) {
+      data += chunk
+    })
+    response.on('end', function () {
+      callback(null, data.replace(/\r\n$/,'') + '#' + URL.parse(link).host)
+    })
+  })
+}
+
+var methods = {}
+methods.add = function (params, callback) {
+  if (slaves.hasOwnProperty(params[0])) {
+    return callback(new Error('name already taken'))
+  } else {
+    create_feedbot(params[0], params[1], [news_channel])
+    return callback(null)
+  }
+}
+methods.del = function (params, callback) {
+  var nick = params[0]
+  if (slaves.hasOwnProperty(nick)) {
+    var slave = slaves[nick]
+    slave.client.disconnect()
+    delete slaves[nick]
+    return callback(null)
+  } else {
+    return callback(new Error('botname not found'))
+  }
+}
+methods.save = function (params, callback) {
+  var feeds = Object.keys(slaves)
+    .map(function (nick) {
+      return slaves[nick]
+    })
+    .map(function (slave) {
+      return [
+        slave.nick,
+        slave.uri,
+        Object.keys(slave.client.chans).join(' '),
+      ].join('|')
+    }).join('\n') + '\n'
+  return FS.writeFile(feeds_file, feeds, function (error) {
+    if (error) {
+      return callback(error)
+    } else {
+      return callback(null, 'Feeds saved')
+    }
+  })
+}
+
+
+if (require.main === module) {
+  main()
+}
diff --git a/news/newsbot.py b/news/newsbot.py
index 5850e4e9..2f8bf635 100644
--- a/news/newsbot.py
+++ b/news/newsbot.py
@@ -17,7 +17,7 @@ from time import sleep
 
 ## Newsbot Controller Class
 class NewsBot(asybot):
-    def __init__(self, name, channels=['#test'], server='ire', port=6667, timeout=60, loglevel=logging.ERROR, url_shortener='http://wall'):
+    def __init__(self, name, channels=['#test'], server='ire', port=6667, timeout=60, loglevel=logging.ERROR, url_shortener='http://localhost'):
         asybot.__init__(self, server, port, name, channels, loglevel=loglevel)
         self.to = timeout
         self.url_shortener = url_shortener
@@ -39,6 +39,7 @@ class NewsBot(asybot):
     def on_invite(self, prefix, command, params, rest):
         for chan in rest.split():
             self.push('JOIN ' + chan)
+            self.channels.append(chan)
 
     def read_message(self, args):
         try:
@@ -138,6 +139,10 @@ class RssBot(asybot):
         self.loop = True
         self.lastnew = datetime.now()
         self.url_shortener = url_shortener
+        self.retry = True
+
+    def on_nickinuse(*bla):
+        pass
 
     def start_rss(self):
         self.upd_loop = threading.Thread(target=self.updateloop)
@@ -174,8 +179,8 @@ class RssBot(asybot):
                         self.sendall(entry.title + ' ' + shorturl)
                         self.oldnews.append(entry.link)
                         self.lastnew = datetime.now()
-            except:
-                print(self.nickname + ': rss timeout occured')
+            except Exception as e:
+                print(str(datetime.now().hour) + ':' + str(datetime.now().minute) + ' ' + self.nickname + ': ' + str(e))
             sleep(self.to)
 
     def shortenurl(self, url):
@@ -192,36 +197,44 @@ class RssBot(asybot):
             self.send_msg(target, feed.title + ' ' + self.shortenurl(feed.link))
 
     def sendall(self, string):
-        self.send_msg(self.channels, string)
+        try:
+            self.send_msg(self.channels, string)
+        except Exception as e:
+            print(self.nickname + ': failed sending all to ' + str(self.channels) + ' because of ' + str(e));
 
     def send_msg(self, target, string):
         if self.connected:
             for line in string.split('\n'):
-                if len(line) < 450:
-                    self.PRIVMSG(target, line)
-                else:
-                    space = 0
-                    for x in range(math.ceil(len(line)/400)):
-                        oldspace = space
-                        space = line.find(" ", (x+1)*400, (x+1)*400+50)
-                        self.PRIVMSG(target, line[oldspace:space])
+                while len(line)>0:
+                    if len(line) < 450:
+                        self.PRIVMSG(target, line)
+                        line = ''
+                    else:
+                        space = line.rfind(" ", 1, 450)
+                        self.PRIVMSG(target, line[:space])
+                        line=line[space:]
         else:
             self.reconnect()
             while not self.connected:
-               sleep(3)
-               print('waiting for reconnect')
-            self.send_msg(string)
+               print(self.nickname + ' waiting for reconnect')
+               sleep(10)
+            self.send_msg(target, string)
 
     def on_invite(self, prefix, command, params, rest):
         for chan in rest.split():
             self.push('JOIN ' + chan)
+            self.channels.append(chan)
+
+    def on_welcome(self, prefix, command, params, rest):
+        asybot.on_welcome(self, prefix, command, params, rest)
+        self.push('MODE ' + self.nickname + ' +D')
 
 feedfile = 'new_feeds'
-url_shortener = 'http://wall'
+url_shortener = 'http://go'
 init_channels = ['#news']
 
 bots = {}
-knews = NewsBot('knews')
+knews = NewsBot('knews', init_channels, url_shortener=url_shortener)
 
 #config file reading
 F = open(feedfile, "r")
@@ -231,9 +244,16 @@ F.close()
 for line in lines:
     line = line.strip('\n')
     linear = line.split('|')
-    bot = RssBot(linear[1], linear[0], init_channels + linear[2].split(), url_shortener=url_shortener)
+    bot = RssBot(linear[1], linear[0], linear[2].split(), url_shortener=url_shortener)
     bot.start_rss()
     bots[linear[0]] = bot
 
-th = threading.Thread(target=loop)
+def thread_handler():
+    while True:
+        try:
+            loop()
+        except Exception as e:
+            print('ohoh ' + e)
+
+th = threading.Thread(target=thread_handler)
 th.start()
diff --git a/news/package.json b/news/package.json
new file mode 100644
index 00000000..52c19177
--- /dev/null
+++ b/news/package.json
@@ -0,0 +1,32 @@
+{
+  "name": "news",
+  "version": "0.0.0",
+  "description": "",
+  "main": "newsbot.js",
+  "dependencies": {
+    "feedparser": "*",
+    "form-data": "*",
+    "irc": "*",
+    "request": "*",
+    "shell-quote": "*"
+  },
+  "devDependencies": {},
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/krebscode/painload"
+  },
+  "keywords": [
+    "irc",
+    "news",
+    "feed"
+  ],
+  "author": "krebs",
+  "license": "WTFPLv2",
+  "bugs": {
+    "url": "https://github.com/krebscode/painload/issues"
+  },
+  "homepage": "https://github.com/krebscode/painload"
+}
diff --git a/news/rssbot.py b/news/rssbot.py
deleted file mode 100755
index 87c58781..00000000
--- a/news/rssbot.py
+++ /dev/null
@@ -1,116 +0,0 @@
-#!/usr/bin/python
-import irc.bot
-from irc.client import IRC
-import feedparser
-import threading
-import math
-import re
-import subprocess
-from datetime import datetime
-from time import sleep
-
-class RssBot(irc.bot.SingleServerIRCBot):
-    def __init__(self, rss, name, chans=['#news'], url_shortener="http://localhost", server='ire', port=6667, timeout=60):
-        irc.bot.SingleServerIRCBot.__init__(self, [(server, port)], name, name)
-        self.url = rss
-        self.name = name
-        self.server = server
-        self.port = port
-        self.chans = chans
-        self.to = timeout
-        self.oldnews = []
-        self.sendqueue = []
-        self.loop = True
-        self.lastnew = datetime.now()
-        self.url_shortener = url_shortener
-
-        def better_loop(timeout=0.2):
-            while self.loop:
-                self.ircobj.process_once(timeout)
-        self.ircobj.process_forever = better_loop
-
-
-    def start(self):
-        self.upd_loop = threading.Thread(target=self.updateloop)
-        self.bot = threading.Thread(target=irc.bot.SingleServerIRCBot.start, args=(self,))
-        self.upd_loop.start()
-        self.bot.start()
-
-    def stop(self):
-        self.ircobj.disconnect_all()
-        self.loop = False
-        del self
-
-    def updateloop(self):
-        failcount=0
-        while True:
-          try:
-              self.feed = feedparser.parse(self.url)
-              for entry in self.feed.entries:
-                  self.oldnews.append(entry.link)
-              break
-          except:
-              print(self.name + ': rss timeout occured')
-              failcount+=1
-              if failcount>20:
-                  print(self.name + ' is broken, going to die')
-                  self.stop()
-                  return
-        while self.loop:
-            try:
-                self.feed = feedparser.parse(self.url)
-                for entry in self.feed.entries:
-                    if not entry.link in self.oldnews:
-                        #try:
-                        #    self.send(entry.title + " " + entry.link + " com: " + entry.comments)
-                        #except AttributeError:
-                        shorturl = self.shortenurl(entry.link)
-                        self.sendall(entry.title + ' ' + shorturl)
-                        self.oldnews.append(entry.link)
-                        self.lastnew = datetime.now()
-            except:
-                print(self.name + ': rss timeout occured')
-            sleep(self.to)
-
-    def shortenurl(self, url):
-      while True:
-          try:
-              shorturl = subprocess.check_output(["curl", "-sS", "-F", "uri=" + url, self.url_shortener]).decode().strip('\n').strip('\r') + '#' + url.partition('://')[2].partition('/')[0]
-              return shorturl
-          except:
-              print('url shortener error')
-              sleep(1)
-
-    def last(self, target, num):
-        for feed in [x for x in self.feed.entries][:num]:
-            self.send(target, feed.title + ' ' + self.shortenurl(feed.link))
-
-    def sendall(self, string):
-        for chan in self.channels:
-            self.send(chan, string)
-
-    def send(self, target, string):
-        if self.connection.connected:
-            for line in string.split('\n'):
-                if len(line) < 450:
-                    self.connection.privmsg(target, line)
-                    sleep(1)
-                else:
-                    space = 0
-                    for x in range(math.ceil(len(line)/400)):
-                        oldspace = space
-                        space = line.find(" ", (x+1)*400, (x+1)*400+50)
-                        self.connection.privmsg(target, line[oldspace:space])
-                        sleep(1)
-        else:
-            self.connection.reconnect()
-            sleep(1)
-            self.send(string)
-
-    def on_invite(self, connection, event):
-        for chan in event.arguments:
-            connection.join(chan)
-
-    def on_welcome(self, connection, event):
-        for chan in self.chans:
-            connection.join(chan)
diff --git a/retiolum/Makefile b/retiolum/Makefile
index 54683469..54683469 100755..100644
--- a/retiolum/Makefile
+++ b/retiolum/Makefile
diff --git a/retiolum/bin/hosts b/retiolum/bin/hosts
index 4856d494..44dbd88d 100755
--- a/retiolum/bin/hosts
+++ b/retiolum/bin/hosts
@@ -6,8 +6,8 @@ netname=${1-retiolum}
 cd /etc/tinc/$netname/hosts
 
 for i in `ls`; do
-  sed -n '
-    s|^ *Subnet *= *\([^ /]*\)\(/[0-9]*\)\? *$|\1\t'$i'.'$netname' '$i'|p
+  sed -En '
+    s|^ *Subnet *= *([^ /]*)(/[0-9]*)? *$|\1	'$i'.'$netname' '$i'|p
   ' $i
 done | sort
 
diff --git a/retiolum/bin/update-retiolum-hosts b/retiolum/bin/update-retiolum-hosts
index eb57af3f..0eae1c29 100755
--- a/retiolum/bin/update-retiolum-hosts
+++ b/retiolum/bin/update-retiolum-hosts
@@ -8,7 +8,7 @@ if test "${nosudo-false}" != true -a `id -u` != 0; then
 fi
 
 # cd //retiolum
-cd $(dirname $(readlink -f $0))/..
+cd -P "$(dirname "$0")/.."
 
 mkdir -p /etc/tinc/retiolum/hosts
 rsync -va -I --delete hosts/ /etc/tinc/retiolum/hosts/
diff --git a/retiolum/bin/update_tinc_hosts b/retiolum/bin/update_tinc_hosts
index ce1be497..46076cf2 100755
--- a/retiolum/bin/update_tinc_hosts
+++ b/retiolum/bin/update_tinc_hosts
@@ -7,11 +7,8 @@ if test "${nosudo-false}" != true -a `id -u` != 0; then
   exit 23 # go to hell
 fi
 
-list_hosts="$(
-  basename="`readlink -f "$0"`"
-  bindir="`dirname "$basename"`"
-  echo "$bindir/hosts"
-)"
+list_hosts=$(cd -P "$(dirname "$0")" && pwd -P)/hosts
+
 hosts() { "$list_hosts"; }
 
 hosts="${hosts-/etc/hosts}"
diff --git a/retiolum/hosts/Discordius b/retiolum/hosts/Discordius
deleted file mode 100644
index 561b28ca..00000000
--- a/retiolum/hosts/Discordius
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.144.246
-Subnet = 42:017a:4584:17e1:685a:3991:6533:067b
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAsOoWkyydyfW9ml7SBV8d+qXU8E1c4l0vEpdBnmOouZozo1bzzkH3
-bLn2DkZaOLCqVUC1twbeGi2a7tXHh4dLvkIcT38V3XbEwxHhMn7enpKr79GO/VFf
-Lu8t5dLbmPFFTOEeC54ke8X4MdlMrUMuXiGspnl/vc1NBSJIVECl6zdqvZt/UTWA
-vI7evk3F+Tf5dPATqSMdxE5506i2y/W6obwYwaXdPbyBsAQkgdTjfVUe2u0GKfld
-/THprmZYTwlBEZ3YAf12OdfO1aRsDpbogpZs/rcnebScDj7myzh7FkLHdH9nIfxg
-dfGxSBV7kRMwQmgfKjp/yETPjvRz0OMZoQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/UTART b/retiolum/hosts/UTART
deleted file mode 100644
index 3c8628cf..00000000
--- a/retiolum/hosts/UTART
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 42.227.239.205/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1tFgR6xxNZavtG44QEAEzKQixJqO9MuO5hUcklH87Sml+Mz+Ptz/
-r8Vhmvc1NhL0d8h1VJSrzjAyYuBR0LKSGRYxHby/M9AqBjUHUhDM83ogV/CbSifs
-TlBcKuvPkGVALN6LYcPXjzKzBI7X1ictqts9K3CoCWgjRld63noczvNnwVdHNawX
-ckQdjzxMAgwtJW0hWfDr1Uhq3sVEFnHLzFJuLsnc6gDzKvP/ETQ6KINv43B9UerS
-HzFK3ntViohW4K/p6i4gBNxFfYnuNLqnY+O/hc0/fFdKE36eLD8ngPURo3/As6Le
-KlPEMBwIIJQpS7GP4BIUK/qPE9J7McU6wQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/chinaman b/retiolum/hosts/chinaman
deleted file mode 100644
index 60ea744e..00000000
--- a/retiolum/hosts/chinaman
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.64.163
-Subnet = 42:d3ef:d47b:531c:4314:ca07:a226:4064
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAyVYuNcqYublIdsVS6DEnfCoxQONH8keQai2wyJn4fIvCHlOY/nH1
-l0IsGAa6zsBrg+EMfPUr+0Cw/+X6UcYLuHS8Zapv30Ye+BNrVUd16Vom0rCrcVKB
-qweYoQGQPIWPNR5abVXwbP1zBuygzmBmEUFBzmYHFaRIMihqOii5wgBU2E9qaSs3
-wjT3ujARHYVoDRO6ifyzIqZ/F3DJ91j+FQkNfsgk8G2sV4h9WX4I13niwdzxGFHr
-lUZIt1OKjhfgYGqBoULZ6g7Wk/aNwfbzETvesjiVr92fvR6I/QsjZK9A4v3mAyQ4
-p2yYCmOLU2IV/Q9mFhX0Y40lq0hpKksRkwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/dei b/retiolum/hosts/dei
new file mode 100644
index 00000000..0d401b01
--- /dev/null
+++ b/retiolum/hosts/dei
@@ -0,0 +1,11 @@
+Subnet = 10.243.247.164
+Subnet = 42:d702:e261:bf4d:2f5f:00e8:bf56:4d50
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAva8pJ7H+ebQFEpqLZhr6hE6OlCRhSlPQwEoWtQLHT/zsgmUEhXcw
+9045IAAgALc1Wf6lVWKwNEBNyLNULUgmkXzgjCG1OuLAn7jWtaNQZT+b6ZM/b2Qn
+hrGdHCcpvW1kpIfho3zMts4dVx28Z85JJlI4ZqfFZWwiuCj+x8OELdqtm2IYryiu
+6dHRR+4WkgEvqL+1YF2RRxXIcSW2wFdZOggjXYobzC2wl9zWkTBPC6lKQjlKlSrV
+ZZBKRwuHloHPt7HJTjWZTX28CbC/P+3l5NyMhfmqtFPZuhC4p7EAWwcXXDz1Gkxl
+w5EbcTz01pePFj5oVfK5aUoi1JFZ9GSZFQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/euer b/retiolum/hosts/euer
deleted file mode 100644
index d2240575..00000000
--- a/retiolum/hosts/euer
+++ /dev/null
@@ -1,12 +0,0 @@
-#Address = euer.krebsco.de
-Address = 84.23.67.119
-Subnet = 42:974a:3ecf:3c49:06c0:4cd1:3c6f:59d9/128
-Subnet = 10.243.0.95/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEArx2mZOPEfS8fvmQYSzWuMmNtfposJlctDfGVmhMVotaFIpIBcKuL
-dHZHI8BAStaM++DuqKv/QBjk9jF6BRAdZqHn98LHXR+VRJmFvgelEFe0uPvIRMe2
-IMzi9Ly0f0f5L90ulZBMkudl56nBcEPuG5ge9RLDINIX5nDVh0oQzvrwWaIiVuy/
-oKDFLaoxa3SSsCXbhnbP7ow37+xzvaVCFolu++yLHvinkCc5g3IUkBGwr3kXKHQ7
-J8oDuPgsDZ7d1kMPfzMtGI9xcq8GFeCmJsMAt86XsWD8t9ogQpVUi8NGjR4cbQSI
-TbE2iVBsdGLpxbGh833uy7fW5CCnK79DwwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/fastpoke b/retiolum/hosts/fastpoke
new file mode 100644
index 00000000..e3c0bf52
--- /dev/null
+++ b/retiolum/hosts/fastpoke
@@ -0,0 +1,12 @@
+Address = aidsballs.de
+Subnet = 10.243.253.152
+Subnet = 42:422a:194f:ff3b:e196:2f82:5cf5:bc00
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq
+DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O
+FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ
+ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB
+EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy
+rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/foobar b/retiolum/hosts/foobar
new file mode 100644
index 00000000..2c77b79c
--- /dev/null
+++ b/retiolum/hosts/foobar
@@ -0,0 +1,11 @@
+Subnet = 10.243.135.219
+Subnet = 42:edd1:d518:f7d8:ada3:1ce3:f4f5:a986
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAsCu6xC0OctUKu0UsscOWfyQlMtMrD0Pt/wB+IDOnkEgDKqcTYGXW
+h6VqMqE2cQhV3ThoxqeIPnQzwiMuVd0n2q3ZDexfYvHmqTZoaMrQZJlgY4rDx8jC
+USFqnvtkJbOxFBiS3c5yjOIybGSGDXrAaxmn80xewNIsdSqaY1/2FxKwx1Fn+Kf2
+hIQOEYkdLhwPso+HyNGUwVKjsRVCSWdJSzBHB38cPZRoPpcmRHOTs/Jtx0b4RXQr
+tVYW8i+Jq6hCt9sDLJexP9unPGl30Gn052noj1t4DRCPFpOYSLJFcGU4n/OzYbzY
+O8VB5DjgGK0eyEXvtByxvWYPnuRwSLaH3wIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/geisha b/retiolum/hosts/geisha
deleted file mode 100644
index 6a3a2788..00000000
--- a/retiolum/hosts/geisha
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.175.29
-Subnet = 42:b6aa:9052:fffc:807b:4829:8756:860c
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0kVV9ezFx/kZ6GvSALhXODkWlwHSjdA5hBJ90bdNcILeltVa3FIv
-K2E+L6EG/jsETWKutxOk08+B/Z3p1SONgEksTNBdXx/Crww5PZGN/ocVSKZj61/N
-lCej/Jcu88a4/R7JHIiSMdmqRCGHnwnxRA0iDQZIunriUH83NqMBQk6Drkphr/9a
-5U8PhlqC5oSzZrg0uReRuBK86KmU03vp9/DndaLn18G835dtWRBQ2aEfIrrlaTPJ
-ZKN/0xYZJU3v8YJYPi+UeRSymecSNgFQg36v95r3s4j3trk+yXVzVwT347AZRm4a
-d/AHdk0+blXyUr5CFBsjA71cJfzqIIJJrwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/wall b/retiolum/hosts/go
index 60dc6dc6..60dc6dc6 100644
--- a/retiolum/hosts/wall
+++ b/retiolum/hosts/go
diff --git a/retiolum/hosts/heidi b/retiolum/hosts/heidi
index 5ba59846..c8af51b0 100644
--- a/retiolum/hosts/heidi
+++ b/retiolum/hosts/heidi
@@ -1,10 +1,11 @@
-Subnet = 10.243.0.45
-Subnet = 42:7555:0ab6:6de2:e50a:a702:45b5:9fae/128
+Subnet = 10.243.124.21
+Subnet = 42:9898:a8be:ce56:0ee3:b99c:42c5:109e
+
 -----BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA3Mp0dxGooYuoh/f+V+gdfDoG3izloxsNIJT8jPxZUPR8GE+Sn/Yc
-bVfy7svy7AEyjQyxke5P58UpBB+D30XhO22Dr5mf9VGRcn6TYlM/u3FYxVNn+fhz
-iN5oHeRjvJg58z9pdH/kHOtAPnVVEmjOGZxVO786JZ1obtRJ5Mx4aOHEaab1aThR
-E7tcyT0xtPJfUARITVrLsFulGh0KaDb0bTADxBQiHSoRibCpraylOxF7tzbINqaX
-ogMfYooGLutlEQJfOYsbmoTJX0caSK+9Y4njqpwkAx14P2ME6hfdYPrp82TtpOS3
-kOY3HAVTnHEsTxM4wDS7et316S5/BuW5rQIDAQAB
+MIIBCgKCAQEAqRLnAJNZ1OoO1bTS58DQgxi1VKgITHIuTW0fVGDvbXnsjPUB3cgx
+1GEVtLc0LN6R9wrPKDaqHS6mkiRSDVScaW/FqkdFhTDaBJy8LfomL9ZmkU9DzkvQ
+jncDjr0WoR+49rJHYsUULp1fe98Ev+y3VwVdJOOH92pAj1CAAUdtfG7XcGyHznYY
+ZNLriGZe3l1AwsWMEflzHLeXcKQ/ZPOrjZ4EFVvfGfdQdJ24UUF3r4sBypYnasmA
+q8lCw9rCrFh1OS6mHLC9qsvGfal6X4x2/xKc5VxZD4MQ/Bp7pBi1kwfHpKoREFKo
+w/Jr3oG/uDxMGIzphGX185ObIkZ1wl/9DwIDAQAB
 -----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/irvis b/retiolum/hosts/irvis
new file mode 100644
index 00000000..923a0dd7
--- /dev/null
+++ b/retiolum/hosts/irvis
@@ -0,0 +1,11 @@
+Subnet = 10.243.159.20
+Subnet = 42:db9b:ea89:dca4:fc6e:309b:23f0:ec09
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAr9EwWsVkeNqkFIvMYt/QalEGhKYTpM1MxR4DCG7hhZJcXOpigSC0
+fsB61FM/LkvG32/OTt7vPXSRfPW8RnRL0lxedNbMnax3pjgzP4yl4BAvEQW7AW/A
+silSYFAr+4Br9ng99kQniXg+RJ9QHLq4Rg0V1/aOZWNWmSk4PmAzQfzINpTXZC3G
+dUidZRIWJPTE1lJQfEpML1OI0UfiaYIAOE7Jhx+3vpzsePLF9s6iiw66ANg8mfFC
+fb8OHP4zPrnoR/NSNLGjrhyXxiq2EMUmcG38xn769cMEvElzPd0pHYuEzTeYxlk5
+0YEqAsjMYIdaxVDMczRmP+BFH/+sdUcjAwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/k2 b/retiolum/hosts/k2
new file mode 100644
index 00000000..f0f17f7f
--- /dev/null
+++ b/retiolum/hosts/k2
@@ -0,0 +1,11 @@
+Subnet = 10.243.97.72
+Subnet = 42:717e:2a17:e7ff:eb6f:b760:5af4:7da9
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA4OFqfrNMvGfJDH+QyV/FLVfflaAgmyljJ3Sl0CIrC1Xiv0ha2PRu
+C6CNPk1qWHP6w4gfWtMh/Es7zonTON0AEfAt2LJXl85eArTS2dp1cO1KqfzagWtP
+KzkvuNIKZ8Zg4uJ8D4/G5CFHEE4oGKFSgcasAHZ8y1/adFf3xEM/9D+CKMD4o11e
+lMpnxTKFGMI6HbiSv2sKHmwc+kEUo1vWRJpXZn8mW4uwLT3PPEvCd3YEszVrEhhv
+qlSZqYU0L9idVDH8krQtJkn2ogIhfe+Xs4KaL7Lkv3XihcKYsgHpKJY0G6c/xtZO
+pj8MCpPVAY2dNFWFPUEXWwWyeO9tAyN6CQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/kaah b/retiolum/hosts/kaah
deleted file mode 100644
index d8971c56..00000000
--- a/retiolum/hosts/kaah
+++ /dev/null
@@ -1,10 +0,0 @@
-#Address = kaah.ath.cx
-Subnet = 42.220.181.17/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAtd9+R7NYs/5LmXoFakuoFzdO/8hy4MMeGjdDqbubKyJmIO/nvQWS
-TQns55znLgPIapUtCijxphoQrcTB5LijVXFj/2uipqiOJHVmhA80NiQgYhrFG++x
-9AQie2c04xqq+6Bptjs8vnQS6odLsBAiY1OJDpaEPZqzrpSMnYzEwPWqOAzzbVRd
-SFDokIhm62xmDK0+M4H8l3zmMnInnxdHd0fMhBJr5lXXqdzXJ3zluU6fZyHysF4c
-OnvFrGNrc3MPpgmzULVUUVg+Z4NeQYa5LuhXA9xia0R5d8ALCi34L4tAvCfSi1Lu
-RSUiJHeWDvNzwIy9+hxofqqcJqA05kyGLQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/kaepsele b/retiolum/hosts/kaepsele
new file mode 100644
index 00000000..fc8bf458
--- /dev/null
+++ b/retiolum/hosts/kaepsele
@@ -0,0 +1,11 @@
+Subnet = 10.243.166.2
+Subnet = 42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/
+Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo
+rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y
+y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu
+yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5
+FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/kiosk b/retiolum/hosts/kiosk
index b490e8cd..8f53a08f 100644
--- a/retiolum/hosts/kiosk
+++ b/retiolum/hosts/kiosk
@@ -1,3 +1,4 @@
+Address = 2003:6a:674e:1001:211:25ff:fe05:a54d/64
 Subnet = 10.243.232.122
 Subnet = 42:1ad1:b481:00f5:aab8:f8cc:51fe:4b87
 
diff --git a/retiolum/hosts/linuxatom b/retiolum/hosts/linuxatom
new file mode 100644
index 00000000..dfd09b51
--- /dev/null
+++ b/retiolum/hosts/linuxatom
@@ -0,0 +1,11 @@
+Subnet = 10.243.173.58
+Subnet = 42:1c07:1a24:1a26:c799:3b44:a8f5:59ea
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAvGy172meTuwHfGZLVHi04+7jb+GRumqNRowffrmMOxFAq6wiL1E6
+7NfJFSc2/wmLZdTCnAtScVicVFZ8UEK2Uv/WMdevJWP63LxUOXpSFtoxNAlpSk9e
+rzwxWj3VxHru7EZA6gu45ff4/seApy/jDy+hceOmOiG5z8VudoRYWe98IoO1ua0E
+rtz415WP0xN+Mb4mGU48JSLYZkOHVIvkf+VVF5jXFbbnH+w0kkTuRMMp6Z7ETvdZ
+RU9nKJ55sflkPhs1/ttU4cYkci55YPVGl7GCCr6Xw4oerIz/jHnzBGroh/wDpEXm
+6RxpsC6DnVQUW3zw0DXuSKoAy0UoQPYqQwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/makalu b/retiolum/hosts/makalu
new file mode 100644
index 00000000..3d080ca5
--- /dev/null
+++ b/retiolum/hosts/makalu
@@ -0,0 +1,11 @@
+Subnet = 10.243.90.132
+Subnet = 42:5ee8:8626:f03e:bdf1:562d:94d1:f395
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEArFuedyPX7kDeH2GwYD3UcRoFjGpTBJXjJzm3LoleyXOeYSdkZZ3d
+ljIeEq9alf6UtqEvYH2HfX8m9fEcHxwFMmJ1CPEwkDZI2IgbLOYV0x2MWLShEvtC
+vGeNyPt+TdiDqDhN8EyRvhB/KzEXdbCUZ79htf8lRonNLYPSRNh58CTZ18T/+3iF
+vy6igdpj4JiLGzdXEggO0KToW5ZVCRjuEaH65BlXdjkCM0dk28FJGh/oakv7hjlZ
+M6c3HJY5RAygO4uLWOyB37j38GDAseDYnNwnLt4jCk7gO48SnsS77efEghEMVVXK
+qnSKbX0KCSvVOJbrvVyP/16o2521eGl3MQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/miefda b/retiolum/hosts/miefda
deleted file mode 100644
index 1de261d9..00000000
--- a/retiolum/hosts/miefda
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.30
-Subnet = 42:59fd:1f99:d9b4:9fda:dd80:ff61:6497/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAtWySxln5f1ibnguV9FPOGvw15Xn+9HG5qRDv8buu30YGdJ8yaq6L
-LwjZjNJ+fbHx5lNkDcD+qZXGi/jBiIFPOnAlNZwcOSlBtlplLX6/2H2Ix3RTrhUm
-Dh2s0VLGBPZ+tNO4TtR/RyYJVfVYN6BrKhAWGkffeo0bHFIpiAOQyr1bmbFUMs6q
-0SzX987ey3STDVPdiTNHW7ogFS/18QwOcI4eYVoYK6jgPvutNYt5lpP5qRczgCpd
-Ra+cZk9Lx1mbS1jEAhCYDmqmEqlA2p2ceTOHibjOMzOPkkzEcIwntP4iU+26E4aW
-YS4snJDR9bMXk85rY5Huo9jq7z95T788WQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/miefda0 b/retiolum/hosts/miefda0
new file mode 100644
index 00000000..acf00124
--- /dev/null
+++ b/retiolum/hosts/miefda0
@@ -0,0 +1,10 @@
+Subnet = 10.243.8.1
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAqrYc7LfSPjKpgnbfENU3oeAoFIRnG1CKHi0r4Tvy34anMBRHA4yY
+olPC/IWiNoEadnCvlAEGtcFFh/xncNm+rW+BhO1WPLuo0wDe5fxJrkApuuhwP/lk
+DMNrKtPOH6PV18yuQTtWgmiLo9gT15rRTDs8SaEf9eyTEV6zWVRDFDiFqwuY77iJ
+GihKSlKGDYCUdT8TdaguUQ8akdAUhfXk0F33fAqTYwT25BDAXJdeldTLTb/5EADx
+UMhnY0CsWgDYz9fpL5UNUDe3Gu53GghFS5RWvApasbzmlbrCwCF7MFDfc/yJFCrE
+lF3Nm+GVqU6Uu6cNJ9VYHCu+uxk4PIU5GQIDAQAB
+-----END RSA PUBLIC KEY-----
+ECDSAPublicKey = DEwsTd8tdaQLx/o0EgIOl9l+d0MqDRLEVWnBT9imfRyuzXWatwgXotADc723HxhZ4NXlvuOu+er7PdWstif3nS9/qC
diff --git a/retiolum/hosts/monitor b/retiolum/hosts/monitor
new file mode 100644
index 00000000..8584f70b
--- /dev/null
+++ b/retiolum/hosts/monitor
@@ -0,0 +1,11 @@
+Subnet = 10.243.227.145
+Subnet = 42:2ae3:6ed3:a317:d0be:022f:6343:1de8
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAlNDrSskoSPInRiO8JW529o178D2kDdHbt3zZklM+jveFZuynDH2/
+WTfxr7wAIUd26jb12/6zLZ/gnEikLd3LpYiTA1J+ZL2c5SvXOoIqTU3Q3dwEecG2
+qwLcZ8UCjjOKiwWmjGHhNgEx/XUF7gpMwXb/m7fqzTGEiQozaCnQ3ZJA4t8GG00Z
+PZnDZHj8xYtXK3c3vOUa11xj9/dOwZb9e+VON0bXJxvxh+C7XkLO3NYTayyRX9qL
++OOdRLSkzINzoj94+juPepCEQtRusrIbOkSPwCl2u29rKRNfPBkqbAcN3zP1mfDC
+IXNqUobWP8xvSLyBZh5zglcbQbczxMkKiwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/monitoring b/retiolum/hosts/monitoring
deleted file mode 100644
index e51c309d..00000000
--- a/retiolum/hosts/monitoring
+++ /dev/null
@@ -1,7 +0,0 @@
-Subnet = 42:82cb:f60c:6f27:611a:42f8:906c:2c70/128
-Subnet = 10.243.97.250/32
------BEGIN RSA PUBLIC KEY-----
-MIGJAoGBAMjS8WxgbfJKVGRIFD0Bv+odQ7THNWDIcr1p4riVbOUPxtce+abasYGl
-DOwaejcHP5bF11EAOOvdEtrivZReIZqYbMz5oWHLO6GCJn7nOCZVCW4LnUuNP3u8
-KQEU5oKj7LsKrBEEOtwpfNoWuZFzuzF0A6A2n+YYoea/Ak+hEbSbAgMBAAE=
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/motor b/retiolum/hosts/motor
new file mode 100644
index 00000000..e53764c1
--- /dev/null
+++ b/retiolum/hosts/motor
@@ -0,0 +1,11 @@
+Subnet = 10.243.89.154
+Subnet = 42:1eb2:001a:5978:a723:9e64:5506:a52d
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAxaJjAI3uKsy6PSXcsUHogLCl3hpV1p28FJ80Fw7wFyt8SgP80tX5
+1VuTnYkLApJb3Kw7qq35nIMhBmeHxxFe00gGxnjA1htVonVlhYaRFztqxBV63RmH
+iVx4wkol6WF8v/vvyn5bVjobNBNIR+x/n5RonGmm0VrXDh0EjItF/acY3m5Wex/d
+RzGWUiXtoonTBfqbgnkNpks82cW6r94631syzuPHzNsdYV+bwBi9FGlJw6T8t30j
+rvLLdo9fl9R25h57RJeE2JOUo6yEiwpnLgmApclCv2vtvoHrEhkYF/PjTqFDn5bw
+5YSThBvoL07/hdYbuhns9V4VaLMUox/luQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/nfcgate_298dbf07 b/retiolum/hosts/nfcgate_298dbf07
deleted file mode 100644
index e3936b07..00000000
--- a/retiolum/hosts/nfcgate_298dbf07
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.32.21
-Subnet = 42:9ca7:c370:a9d9:ee1b:623b:7fe6:5146
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEApPJKpk2vFwG0GSjl/Sg2IMfala2bOYSnTDO13AHIuybfmNr3H3O7
-exJ/ALN5lqnVOU5pL9GyORnAEEeaVI+eGJmQJwTtQExoLo3o12YT+mDV8YFYVqo8
-ZYQqxLlNO1gNKNDHPlZoCmwtavmv8jqGyitjCT8ZHDHiGl/ugddNOwfFHcSM1a9c
-rAM4+D3Qu8YCIC3txcww77UtbFZVBQDG3UxkGbqNeD7Je1QHyZxPs0Oqj3aIYHLP
-MW4H4360dW8+3U12bwYU4viD/uyCflrFvI2nY47GzF2MakC7UeUEiVDw7U9627wq
-ra6GQebx7NRZjg/pTy77uxj7RFIHRFyIEQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/ohz b/retiolum/hosts/ohz
deleted file mode 100644
index e452743b..00000000
--- a/retiolum/hosts/ohz
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.118.171/32
-Subnet = 42:a06d:7412:809a:b74a:8052:daba:c99f/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA7vZFyHtBC9WbXTKcJ2mXxTsZnZqGrDzP7PVtkaBQfTT6J2Qtct5i
-0klA8yvXHUeVdt+hho7rISX4LJr+RDVdhU4ZgrcyJ3rR3moRGzLUV2VLroc1Mnbs
-kkK1mowNk/jZpf6XyRpGL+NFMCZexmfjTdMaMLhzoRbA6w/ffPSSuDZdbG2F5bMk
-BmF6biPcS9Z652ePXh9ViUUKBpLTHQvgK5/iZjI6ik/eit50jrjO6MapUVP/7qob
-VeXE7Zos3UuHLiKegN68VbFQp4qu7jNH4jRun3Pm/Zd/OaGCREIDnfyIyauDNkaT
-QUEL+h0zsM+t2rLT08Wo/sdNX16iMrs9FwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/pante_miner b/retiolum/hosts/pante_miner
deleted file mode 100644
index c363681f..00000000
--- a/retiolum/hosts/pante_miner
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.26.211
-Subnet = 42:b6c2:e63c:d178:a71d:e36b:8ef6:abde
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA65AhOXR3oOUcJi6qxnCWC7BduLyBth8SWsXhzKvyTLEqXBH8KcuL
-H9UOrSLnwcueE2wMeHh5Rz4S3J+dwUJkGvD6eMXyJDiuIoaB8B7Iqjo1beS3gf9D
-4nOv6YBjE0LsUwGKnZIR2E852MBcKUdZx4WdAYL8lB9ucFVBjKln8GxTZ1q4GEFx
-XiCJddvCY9HnjlUBhCRghmRUYlgbhkNJhp0zclS8qXhqCa4cjrc586NY6dZDiIhY
-AivuJayZEnrM/iEFobLcQnmq8n5o9iHCKbqRhemLeO2BAwn7SwSXnF1iTqbzK5df
-zaA/G/6esPKyLfjJ7rgNBtUSfEC0Ro8yFQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/pico b/retiolum/hosts/pico
deleted file mode 100644
index b08b450d..00000000
--- a/retiolum/hosts/pico
+++ /dev/null
@@ -1,11 +0,0 @@
-Address = 78.111.78.33
-Subnet = 10.243.0.102/32
-Subnet = 42:b103:275c:1723:edc8:b24d:452b:352a/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAsbe4wzTOHHLyuPO/AsfDqQHyV41qgs3dqt6uWcDcdiEsUvbCK9Ch
-MQNkTktlrMRyvz6Qm/3DKptp80R648j0nWi/c3aLDkZq8weEnR9SFYfNaUp/GN4s
-+Qhb+836d8Hu2+3jZWlr5Zb/p8hyhcx3NUH/skuH6Hu+piWczlN1NGksf5f7N/bp
-ZBCXnCLLUYVM/0RIS8mcAIX44Zx8YFDXpByePUdyrzn+mRln6VFDnt5uGsmNw6G/
-Azn3grpidcyrW2cs3b7rysKsxOvyGBdu2zGXp+pquZq1l3f06IN+fzCtnyLTPL1K
-UUEJlQa1Gsl2pVi5+HPcAj3U2yp42WJYNwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/pike b/retiolum/hosts/pike
new file mode 100644
index 00000000..1d47a614
--- /dev/null
+++ b/retiolum/hosts/pike
@@ -0,0 +1,11 @@
+Subnet = 10.243.97.232
+Subnet = 42:4d6d:8699:99c2:0de9:ea78:8d50:f53a
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA0CS28CMhqeUuJxY+JEISeEDzP2I5T5ILFn4/3loEagEtS90QAm/K
+rbMDbvJENrNCnaaOcHuOsG3vS8s31ffY9RM89Na2zjcV9l0QBhBkNebUr/Ol0nQp
+ONWXEgmXV2mCGfFnC4uOHhELkZhnkwJduWfR5kyGPPApjxlBVIbI8pkAV4GFqjoF
+WTTm9qp80G26sD4O2q+Ldv9eIKquPAHN/zMFk0TzhgmAylgQUcc84HdUDZ+g9n1Q
+Ap62VwM8lGcnRy+f03cBaPyWQEEdnA3hG2mMfaaAoVYw4eruBbAz8GGUPMT3UH/E
+rGGNmyVzzUQOKvnOjB4qvyseSI+/mPzGJQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/reimae b/retiolum/hosts/reimae
new file mode 100644
index 00000000..696c3442
--- /dev/null
+++ b/retiolum/hosts/reimae
@@ -0,0 +1,12 @@
+Address = reimae.de
+Subnet = 10.243.177.212
+Subnet = 42:5965:bb44:aed3:9d3d:29f6:201d:7adf
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA37lXlJpfT4pgxV1XB3VzUiALVjOexrHezJZ3YxgZTVUtTTxOnydl
+urN7S4WaRgFkRPlwATGrp+KzJ6fz5/zeryYwbBUY66kcTEfJBP3+zKgWu3NIqOll
+SCcnpjlEm46FcstJ5dnnuYqhpnp98z8QkTiXHZKMI4rB+yf5NdKnMetAUsSUe2wI
+bXSxJ9lNrSm/IFToaVZ3KPYZwQ0HgzUxSWb5grkCuK5iWtGhqdf0/pqEzMpI1Y1c
+QKepcJkRCUcd2InKb9AdpwT/xygNwbPkvjxIAKj7vK/4rr5LApJAOcFL+HJRz4CT
+lDrM5LDeGtsIr+mIUbSTR6R0onWCn543LQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/rockit b/retiolum/hosts/rockit
new file mode 100644
index 00000000..e67272c3
--- /dev/null
+++ b/retiolum/hosts/rockit
@@ -0,0 +1,11 @@
+Subnet = 10.243.199.33
+Subnet = 42:cec2:0a67:0ebb:7d97:8138:ac9a:8a58
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAnUtx3KPzNmS6/LxpYSolmhmF+Xqsum2po3lvmZszu2aIKdcAeIfb
+B6bwz08zC9UNQjnO+27px5LMTTH9zhzRxo5xP/mcco2mVQFl5V+/73qBW5NnUV+4
+nPvUDi0+IhuVixHc+KlkxiHhgIDLdCN2WvVTkUCgxT2xVlPoESXq1dhdE3/5vvJt
+0tphFUnP0sLCVzV25IYCocul+ELj8PAc/9mP4twifM4V0uwhh+J3AHR0+14QM61r
+9qRhEnNEEkGeToYQPsoromiKPWczerUPBpaQHOpjnjg08Coz4OyrrM7+DXyspPfT
+/862pAygKmeJMuzT2b52JbRlk3NMCxw5wQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/rtjure_ras b/retiolum/hosts/rtjure_ras
new file mode 100644
index 00000000..ba44cb02
--- /dev/null
+++ b/retiolum/hosts/rtjure_ras
@@ -0,0 +1,11 @@
+Subnet = 10.243.212.68
+Subnet = 42:627f:6f2a:b631:26f7:8d69:4c3a:23b0
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAvu1ZjElrPpJ/ery0BAYxWPtb/ZLio+PuhrsOy9BBq6b7/FHw/1yf
+GOCDa2fkdE1/pVLhI62KL+j/nDCgpHtVxzupVYKSyKOuZXnNGAS7vAHNM27jaYHp
+3DTI0Npu13v2r5rgraPOm6eGrd/D0u2gr3T9Zq8PRtg5JrXBWMU4Ugt+Kfv0V+xL
+v0lX21xZrUjvhtd0/vTcNkYLWZK5ftfU18/i3D6CimlG+AsKyeAnYe9Nkcmet84s
+65SbgQ6SBr2YyN5c7wC9j1/Ney3k+aTbxsvHqDyQ8bq8WnsDQR2B8JPZGPLd7VHD
+hdPGzus2PmJa84oB7smuUdt/5oAjzgghkQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/slowpoke b/retiolum/hosts/slowpoke
deleted file mode 100644
index 27b1e57c..00000000
--- a/retiolum/hosts/slowpoke
+++ /dev/null
@@ -1,14 +0,0 @@
-Address = 62.113.241.235
-Subnet = 10.243.232.121
-Subnet = 42:7d8f:9e3a:dcc7:9b22:d1ca:7e28:fe9c
-Subnet = 172.22.0.0/15
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA9EtaOHLa0CyOGpX3rzMLqi9HqrjzVe3XdSfcb9QPYwcbxpPYNLLk
-/1+4vxOI/TEh1QCu0bzPLy8tAwKF2DwnCH72yae17I0jVMW29Ng3Fdjzb3SmWJbf
-C87X7c+Nx5+Yc7OIdvTi/BGPNpDEp7nJugubH1whSFfulCDbsGU3rX5IsDUiw4ha
-B+5wH1coQl+Yp+M1ws5+PoHgYQ/ApYPBKEn+H7JAdnOTLbo0eI3B1PuDUrsMakMq
-s4f74d2Z405xUGHhRRcerF0h5VD58TADxx7RSRd7oR06KlXM/RaqOkw9vzvA2vBq
-CC+LdtIV7wWxF3uRAnk6odeFvqZTHvR4WQIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/retiolum/hosts/sokrates b/retiolum/hosts/sokrates
new file mode 100644
index 00000000..97cf1b47
--- /dev/null
+++ b/retiolum/hosts/sokrates
@@ -0,0 +1,11 @@
+Subnet = 10.243.97.126
+Subnet = 42:28be:6907:ab4b:5c79:99f5:a4a1:2a25
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA0emA0JAong4wHSAEUrLrkh21n8I/+pLtpS4uGTcMHn9ZrS8Tg101
+S2poRE0jZUZu868mDeOwwxZRLmCE+bL0q1OrAUDY7+ricQSAz3CNQAAQB0Sjp7ju
+YXKqLZQEYyOV3M8IJOALS72q4g1VTv5jQrLhGzMsv9vzuRSZV0pEV8tZwb187wLi
+n27rwB6SPZv7uhC3R060x8Ze/pLmfmVfrxb9DwZS3d8X1PwygTrTjSAUTeMaDa69
+NSOzvKLx25fhZ0Gm3BA3pUQDEOiGOze3oT/0l3QJMvZ48TbG1KlSBOVwtL3+f5yM
+gJZLF/JoTsYL0aZM+zHL6NAUmciy9dNXEQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/supernode b/retiolum/hosts/supernode
deleted file mode 100644
index 354beba0..00000000
--- a/retiolum/hosts/supernode
+++ /dev/null
@@ -1,13 +0,0 @@
-Address = 46.252.21.5
-Subnet = 42:0:0:0:0:0:0:255/128
-Subnet = 10.243.0.1/32
-Subnet = 0.0.0.0/0
-Compression = 9
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAr3DlBmQxP9UTBCkohK8FCYSk2td4Ov5lQYvC3Adx04lEWHfp+0nP
-sShYqqN9Aj3iCqj/DHx5jGuSqjyTmmFWIOMM9IwKMo2Oiz/PcBM56N6gzIHuR5wj
-+0bV0NRhePD2Tqo3zsEly9Hxw7xmz8azm5l4GcyOtgdRV7R1T3j/jB/9Kv2sj2Y7
-1zhSedCxjt/+NosiZZGE2JhLjzMgsCZSroAIKCZ3X/DP81mTTRxibjol82/Qn61I
-b7GbuuB7SwjtZ+9xjsExN1JX5+AFuw9a3AkYuKWLpP50YY16/OTPq7flmB/EtK+Z
-rrESIYKtX7pJbLc8Ywi0hBL5oPm07q+0BQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/ufo b/retiolum/hosts/ufo
new file mode 100644
index 00000000..8ccdb2c7
--- /dev/null
+++ b/retiolum/hosts/ufo
@@ -0,0 +1,11 @@
+Subnet = 10.243.191.183
+Subnet = 42:1349:b0ea:b4ca:a9ef:1086:5718:3ca2
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAmrDbqG+TzMsKLlaf7VzFmzPvR1d19r7O12ldEdgT29bJJ+bqYqaq
+3KMITOgK6gZVP416gR74/JqD+CRE1ZU6DjVoAoMIB4mzPVgy65SJwHabXOTMYknb
+qzAIhg6cN+6cfNrUTWynBT0kDX5241f2YHmJiRCV1WjzTS9DadGbLp7f6C7YruVo
+cKbC60uaESCm+gfL/fql/NlLKGxP4tAqwHqta8CkYWfUjXEAhzonxJ7zI8FZOvxj
+tLUBhKj4roWPN5CvzPwW+5ZRheAZezj+tmU3nCmlSufXLoFwu+2rqv60esTpZT4k
+DjCRbHhvHVb3/xwQHxLWp4emINcGV2k9SQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/uriel b/retiolum/hosts/uriel
new file mode 100644
index 00000000..76e43047
--- /dev/null
+++ b/retiolum/hosts/uriel
@@ -0,0 +1,11 @@
+Subnet = 10.243.81.176
+Subnet = 42:dc25:60cf:94ef:759b:d2b6:98a9:2e56
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAnj73pgX0RqQ3T6AIgWYpGS8FYLTQfj4BPOprWXBCi4msHKPv1NDP
+rjn7XqckThm/gKY+epfaCQWBMi3jh6Tq4MZe3EbTl9vXm2AZNQSIF9ycVoNDBaC0
+wpEbNAelDFeyAqXwR58v7FzayWkHKpEGNAivROEDohmJ3ZbR42K656A7j2hODC28
+uUuvHzUTat1B/tdX5TBV6qU96NueIKkACuV+QTP6vWl3M44SQhZkimzHEZniDwnH
+F2Kj3EWml5BUySzS3sDuCrg9xTbYxhrkpOOpr8ekWBNSj74qmwEIKj66+ZQ4M8JK
+U6D3iLCe2/W0NbbYU1Xdq5ANjBisOqUadwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/x2 b/retiolum/hosts/x2
new file mode 100644
index 00000000..bd099621
--- /dev/null
+++ b/retiolum/hosts/x2
@@ -0,0 +1,11 @@
+Subnet = 10.243.201.239
+Subnet = 42:9f63:ce4a:0803:7641:18de:c23e:920b
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEArHKsP/4mnxRaTS8PB5pXh+Nz+dWRft6aIeoAuvTb2ZKTWml9hJow
+VBEG/MB9DCCQI/Lf3b3YyHS3kL4BhC/whpgGtl26zfnoKamxXL+ZEvxWRt+O1PKW
+OegmFYaANKIW/FPGDS/Thl2nAbXCiJ6a29UyFuwfZYxLYIAh9sPvgV+Aps9PwbZL
+vwgdhekhRWQfXrKVS/B76dY0zTIbCf74kOOiAHM+xeOsBUCaI9govr1wNavyiM5P
+acJq2Q8X4pcCTnXsS3JOjyyK7idYyv0VLAokolyShrEGfYk0kCTugLiX+wawfxhK
+O0JvWo0+HrxSdYI1jhBQePlwx/FszJ907wIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/zombiecancer b/retiolum/hosts/zombiecancer
new file mode 100644
index 00000000..c073123f
--- /dev/null
+++ b/retiolum/hosts/zombiecancer
@@ -0,0 +1,11 @@
+Subnet = 10.243.226.40
+Subnet = 42:2cb2:77f2:86c1:ffcc:f9ff:fdcb:726f
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAwmIAhFzsJb6Pjy8TjAWMECwh8TRYIFaL0sAzGMtoibyAUnIpX6UU
+kYLYUjsd6Wo8HZUn38awjoa0tD1SE43UueyD45OAEk3zYY9/ku0BVBOgGYZahcWO
+cKMkO1BtIle7lI4/+gxyfoSrj+2/0pf56odFIZTIV+kyKtFg+97Mn/eb6o7b46oR
+edhU+Nz02YGLuSs4Pv663GAuIyCUj0OTxhX3F3lYWYyP6Hbj4FW5W8YJrlfw12x3
+f5OUceLLBz2JTk2thBSgd/bXW4hAOFgpuHTu8FWZ4sh7vKFiRmPyTTN0uE7NaVdX
+vSw7x+V9kSeonkW7uPp6A3ngl1ki2xc8AwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/scripts/adv_graphgen/tinc_stats/Supernodes.py b/retiolum/scripts/adv_graphgen/tinc_stats/Supernodes.py
index 7bb79708..7e1f4dae 100755
--- a/retiolum/scripts/adv_graphgen/tinc_stats/Supernodes.py
+++ b/retiolum/scripts/adv_graphgen/tinc_stats/Supernodes.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
 
 def find_potential_super(path="/etc/tinc/retiolum/hosts"):
   import os
@@ -56,4 +56,4 @@ if __name__ == "__main__":
   usage
   """
   for host,addrs in check_all_the_super():
-    print(host,addrs)
+    print("%s %s" %(host,str(addrs)))
diff --git a/retiolum/scripts/github_hosts_sync/README b/retiolum/scripts/github_hosts_sync/README
new file mode 100644
index 00000000..12aa8dfe
--- /dev/null
+++ b/retiolum/scripts/github_hosts_sync/README
@@ -0,0 +1,26 @@
+#? /bin/sh
+
+useradd -m hosts-sync
+cp systemd/hosts-sync.service /etc/systemd/system/
+cp systemd/hosts-sync.conf /etc/conf.d/
+
+sudo -u hosts-sync -i ssh-keygen
+add /home/hosts-sync/.ssh/id_rsa.pub as github/krebscode/hosts deploy key
+sudo -u hosts-sync -i git clone git@github.com:krebscode/hosts.git ~hosts-sync/hosts # to accept the remote key (and have an initial copy)
+
+sudo -u hosts-sync -i git config --global user.email hosts-sync@ire.retiolum
+sudo -u hosts-sync -i git config --global user.name hosts-sync
+sudo -u hosts-sync -i git config --global push.default simple
+
+systemctl start hosts-sync
+systemctl enable hosts-sync
+
+TODO firewall setup
+
+#? /bin/sh (update service)
+git pull
+cp retiolum/scripts/github_hosts_sync/systemd/hosts-sync.service /etc/systemd/system/
+systemctl daemon-reload
+systemctl restart hosts-sync
+
+
diff --git a/retiolum/scripts/github_hosts_sync/hosts-sync b/retiolum/scripts/github_hosts_sync/hosts-sync
new file mode 100755
index 00000000..53c96efd
--- /dev/null
+++ b/retiolum/scripts/github_hosts_sync/hosts-sync
@@ -0,0 +1,64 @@
+#! /bin/sh
+# TODO do_work should retry until success
+set -euf
+
+port=${port-1028}
+local_painload=$HOME/painload
+remote_painload="https://github.com/krebscode/painload"
+local_hosts=$HOME/hosts
+remote_hosts="git@github.com:krebscode/hosts.git"
+
+main() {
+  ensure_local_painload
+  ensure_local_hosts
+  is_worker && do_work || become_server
+}
+
+ensure_local_painload() {
+  test -d "$local_painload" || git clone "$remote_painload" "$local_painload"
+}
+
+ensure_local_hosts() {
+  test -d "$local_hosts" || git clone "$remote_hosts" "$local_hosts"
+}
+
+become_server() {
+  exec socat "TCP-LISTEN:$port,reuseaddr,fork" "EXEC:$0"
+}
+
+is_worker() {
+  test "${SOCAT_SOCKPORT-}" = "$port"
+}
+
+do_work() {
+  # read request
+  req_line="$(read line && echo "$line")"
+  req_hdrs="$(sed -n '/^\r$/q;p')"
+
+  set -x
+
+  cd "$local_hosts"
+  git pull >&2
+
+  cd "$local_hosts"
+  find . -name .git -prune -o -type f -exec git rm \{\} \; >/dev/null
+
+  cd "$local_painload"
+  git pull >&2
+
+  find "$local_painload/retiolum/hosts" -type f -exec cp \{\} "$local_hosts" \;
+
+  cd "$local_hosts"
+  find . -name .git -prune -o -type f -exec git add \{\} \; >&2
+  if git status --porcelain | grep -q .; then
+    git commit -m bump >&2
+    git push >&2
+  fi
+
+  echo "HTTP/1.1 200 OK"
+  echo
+  echo "https://github.com/krebscode/hosts/archive/master.tar.gz"
+  echo "https://github.com/krebscode/hosts/archive/master.zip"
+}
+
+main "$@"
diff --git a/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.conf b/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.conf
new file mode 100644
index 00000000..606f17b4
--- /dev/null
+++ b/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.conf
@@ -0,0 +1 @@
+port=1028
diff --git a/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.service b/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.service
new file mode 100644
index 00000000..5fb9ed41
--- /dev/null
+++ b/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=retiolum github hosts sync
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/conf.d/hosts-sync.conf
+ExecStart=/krebs/retiolum/scripts/github_hosts_sync/hosts-sync
+KillMode=process
+User=hosts-sync
+Group=hosts-sync
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/retiolum/scripts/tinc_setup/README b/retiolum/scripts/tinc_setup/README
deleted file mode 100644
index 11d6f6e9..00000000
--- a/retiolum/scripts/tinc_setup/README
+++ /dev/null
@@ -1,18 +0,0 @@
-This directory contains the build and install scripts for shack-retiolum
-
-1. build_arch 
-    arch linux build script
-2. build_debian
-    debian build script
-3. build_debian_clean
-    debian script which builds a clean tinc daemon
-4. build_ec2
-    Amazon ec2 base instance build script
-5. install.sh
-    configures the tinc daemon 
-    $1 is the nickname
-    $2 is the ip-address
-    also writes a python file inside the tinc/retiolum folder which posts
-    the public key into the IRC:freenode/#tincspasm
-6. build_no.de
-    nonfunct no.de smartmachine build script
diff --git a/retiolum/scripts/tinc_setup/README.md b/retiolum/scripts/tinc_setup/README.md
new file mode 100644
index 00000000..c4892474
--- /dev/null
+++ b/retiolum/scripts/tinc_setup/README.md
@@ -0,0 +1,10 @@
+# Description
+new_install.sh is the script fur bootstrapping tinc.
+We use irc for the initial key exchange, specifically 
+irc.freenode.com#krebs_incoming . 
+
+# Usage
+
+    curl tinc.krebsco.de | HOSTN=bobkhan sh
+    # or
+    HOSTN=wrryyyyy ./new_install.sh
diff --git a/retiolum/scripts/tinc_setup/build_arch.sh b/retiolum/scripts/tinc_setup/build_arch.sh
deleted file mode 100755
index 5ef5d765..00000000
--- a/retiolum/scripts/tinc_setup/build_arch.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-set -e
-sudo pacman -S openssl gcc lzo
-curl http://www.tinc-vpn.org/packages/tinc-1.0.13.tar.gz | tar xz
-cd tinc-1.0.13
-./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
-make
-sudo make install
-cd ..
-
-echo "overwriting python to python2"
-sed 's/\/usr\/bin\/python/\/usr\/bin\/python2/g' install.sh >install2.sh
-mv install2.sh install.sh
-
diff --git a/retiolum/scripts/tinc_setup/build_debian.sh b/retiolum/scripts/tinc_setup/build_debian.sh
deleted file mode 100755
index 52e61390..00000000
--- a/retiolum/scripts/tinc_setup/build_debian.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/bash
-set -x
-if [ ! "$MYIP" ] 
-then
-  MYIP=10.0.7.7.55
-fi
-if [ ! "$MYHOSTNAME" ]
-then
-  MYHOSTNAME="penis"
-fi
-
-if [ "$MYHOSTNAME" = "penis" ];
-then 
-  read -n1 -p "name is penis, are u sure? [yN]" 
-  if [[ "$REPLY" != [yY] ]] 
-  then 
-    echo "then better RTFC"
-    echo "bailing out"  
-    exit 0
-  fi
-fi
-apt-get install tinc git curl python
-
-./install.sh "$MYHOSTNAME" "$MYIP"
-
-# for autostart
-sed -i '/retiolum/d' /etc/tinc/nets.boot
-echo "retiolum" >> /etc/tinc/nets.boot
-sed -i '/EXTRA/d' /etc/tinc/nets.boot
-echo "EXTRA=\"\"" >> /etc/default/tinc
-
-/etc/init.d/tinc start
diff --git a/retiolum/scripts/tinc_setup/build_debian_clean.sh b/retiolum/scripts/tinc_setup/build_debian_clean.sh
deleted file mode 100755
index a7332f4e..00000000
--- a/retiolum/scripts/tinc_setup/build_debian_clean.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-set -xe
-MYIP=10.0.7.7.55
-
-apt-get install tinc git curl gcc gcc-dev build-essential libssl-dev python
-
-git clone https://github.com/makefu/shack-retiolum.git
-
-mkdir build
-cd build
-curl http://www.oberhumer.com/opensource/lzo/download/lzo-2.04.tar.gz | tar
-xz
-cd lzo-2.04
-./configure --prefix=/usr
-make
-sudo make install
-cd ..
-curl http://www.tinc-vpn.org/packages/tinc-1.0.13.tar.gz | tar xz
-cd tinc-1.0.13
-./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
-make
-sudo make install
-cd ../..
-
-cd shack-retiolum
-./install.sh `hostname` $MYIP
-
-rm shack-retiolum
-# for autostart
-echo "retiolum" >> /etc/tinc/nets.boot
-echo "EXTRA=\"--user=tincd --chroot\"" >> /etc/default/tinc
diff --git a/retiolum/scripts/tinc_setup/build_ec2.sh b/retiolum/scripts/tinc_setup/build_ec2.sh
deleted file mode 100755
index 79f2af28..00000000
--- a/retiolum/scripts/tinc_setup/build_ec2.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-set -e
-sudo yum install -y gcc openssl-devel 
-mkdir build
-cd build
-curl http://www.oberhumer.com/opensource/lzo/download/lzo-2.04.tar.gz | tar xz
-cd lzo-2.04
-./configure --prefix=/usr
-make
-sudo make install
-cd ..
-curl http://www.tinc-vpn.org/packages/tinc-1.0.13.tar.gz | tar xz
-cd tinc-1.0.13
-./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
-make
-sudo make install
diff --git a/retiolum/scripts/tinc_setup/build_no.de.sh b/retiolum/scripts/tinc_setup/build_no.de.sh
deleted file mode 100644
index 2976d3a2..00000000
--- a/retiolum/scripts/tinc_setup/build_no.de.sh
+++ /dev/null
@@ -1 +0,0 @@
-pkgin in lzo gcc-tools gcc-compiler gcc34
diff --git a/retiolum/scripts/tinc_setup/install.sh b/retiolum/scripts/tinc_setup/install.sh
deleted file mode 100755
index 9efe863c..00000000
--- a/retiolum/scripts/tinc_setup/install.sh
+++ /dev/null
@@ -1,84 +0,0 @@
-#! /bin/sh
-# USE WITH GREAT CAUTION
-set -eu
-
-if test "${nosudo-false}" != true -a `id -u` != 0; then
-  echo "we're going sudo..." >&2
-  exec sudo "$0" "$@"
-  exit 23 # go to hell
-fi
-
-#make -C ../../ update
-set -e
-DIRNAME=`dirname $0`
-CURR=`readlink -f ${DIRNAME}`
-MYBIN=${CURR}/../../bin
-netname=retiolum
-# create configuration directory for $netname
-mkdir -p /etc/tinc/$netname/hosts
-cd /etc/tinc/$netname
-
-echo "added known hosts:"
-ls -1 hosts | LC_ALL=C sort
-echo "delete the nodes you do not trust!"
-
-hostname="${HOSTNAME-`cat /etc/hostname`}"
-myname="${1:-}"
-if [ ! "$myname" ] 
-then
-  printf "select node name [$hostname]: "
-  read myname
-  if test -z "$myname"; then
-    myname="$hostname"
-  fi
-fi
-if [ ! -e "hosts/$myname" ]
-then
-
-  # TODO eloop until we found a free IPv4
-  # myipv4=$(echo 42.$(for i in `seq 1 3`; do echo "ibase=16;`bin/fillxx xx|tr [a-f] [A-F]`" | bc; done)|tr \  .)/32
-
-  myipv4="${2:-}"
-  mynet4=10.243.0.0
-  
-  if [ ! "$myipv4" ] 
-  then
-    printf 'select v4 subnet ip (1-255): '
-    read v4num
-    until $MYBIN/check-free-retiolum-v4 10.243.0.$v4num; do
-      echo "your're an idiot!"
-      printf 'select unused v4 subnet ip (1-255): '
-      read v4num
-    done
-    myipv4="10.243.0.$v4num"
-  fi
-  echo "Subnet = $myipv4" > hosts/$myname
-
-  myipv6=`$MYBIN/fillxx 42:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx`/128
-  echo "Subnet = $myipv6" >> hosts/$myname
-else
-  echo "own host file already exists! will not write again!"
-fi
-
-cat>tinc.conf<<EOF
-Name = $myname
-ConnectTo = euer
-ConnectTo = albi10
-ConnectTo = pigstarter
-ConnectTo = slowpoke
-Device = /dev/net/tun
-EOF
-
-if [ ! -e rsa_key.priv ] 
-then
-  echo "creating new keys"
-  tincd -n $netname -K 
-  $MYBIN/announce_pubkey $myname || \
-  echo "cannot write public key to IRC, you are on your own. Good Luck"
-else
-  echo "key files already exist, skipping"
-  echo "if you know what you are doing, remove rsa_key.priv"
-fi
-# add user tincd
-# this is what the setup scripts for the distribution has to do
-#useradd tincd
diff --git a/retiolum/scripts/tinc_setup/new_install.sh b/retiolum/scripts/tinc_setup/new_install.sh
index b48649ec..25e7f04d 100755
--- a/retiolum/scripts/tinc_setup/new_install.sh
+++ b/retiolum/scripts/tinc_setup/new_install.sh
@@ -43,6 +43,11 @@ main(){
   RAND4=1
   RAND6=1
 
+  if $(echo $HOSTN | grep -q -); then
+    echo 'invalid hostname, - not allowed'
+    exit 1
+  fi
+
 
   if [ $IP4 -eq 0 ]; then
     RAND4=1
@@ -196,9 +201,9 @@ LocalDiscovery = yes
 AutoConnect = 3
 
 #ConnectTos
-ConnectTo = slowpoke
+ConnectTo = fastpoke
 ConnectTo = pigstarter
-ConnectTo = pico
+ConnectTo = kheurop
 EOF
 
   host2subnet $MASK4
diff --git a/services/bin/obsolete/copy-services b/services/bin/obsolete/copy-services
new file mode 100755
index 00000000..381d39a3
--- /dev/null
+++ b/services/bin/obsolete/copy-services
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -euf
+cd $(dirname $(readlink -f $0))
+usage(){
+    cat <<EOF 
+usage: $0 [pubkey-file] [bootstrap-file]
+    if pubkey-file is "" it will be skipped.
+
+    e.g.:
+        $0 "" ../path/to/other/bootstrap
+EOF
+    
+}
+pubfile=${1:-}
+bootfile=${2:-../etc/services/bootstrap}
+outdir=$PWD/out
+mkdir -p "$outdir"
+for i in `cat $bootfile`; do
+    # retard uriparsing but good enough for our use case
+    netloc=${i##*//}
+    host=${netloc%%:*}
+    port=${netloc##*:}
+    [ "$port" == "$host" ] && port=1337
+
+    pubarg="${pubfile:+-i $pubfile}"
+    #printf "[32m" 
+    cat >$outdir/$host <<EOF
+$(ssh ${pubarg} "services@$host" -p "$port"  -o PasswordAuthentication=no
+    2>/dev/null||: )
+EOF
+    #printf "[0m"
+done
+
diff --git a/services/bin/sync-host-to-services b/services/bin/sync-host-to-services
new file mode 100755
index 00000000..526bc569
--- /dev/null
+++ b/services/bin/sync-host-to-services
@@ -0,0 +1,15 @@
+#!/bin/sh
+green='\e[0;32m'
+red='\e[0;31m'
+nc='\e[0m'
+
+outdir=${1?please provide services-outdir}
+find  ../../retiolum/hosts -type f | while read hostfile;do
+  host=$(basename "$hostfile")
+  if test -e "$outdir/$host";then
+    printf "${green}$host already exists$nc\n"
+  else
+    printf "${red}$host missing, adding${nc}\n"
+    cat ../services.txt | sed "s#{{hostname}}#$host#" > $outdir/$host
+  fi
+done
diff --git a/services/lib/filter b/services/lib/filter
new file mode 100755
index 00000000..f69a5b0d
--- /dev/null
+++ b/services/lib/filter
@@ -0,0 +1,54 @@
+#! /bin/sh
+#
+# usage:
+#   export PATH="//services/lib:$PATH"
+#   cd services
+#   ls | filter owner == $LOGNAME | filter hasnt mail
+#
+set -euf
+
+main() {
+  case $# in
+    2) op1 "$@";;
+    3) op2 "$@";;
+    *) echo 'You are made of stupid!' >&2; exit 23;;
+  esac
+}
+
+# op1 OP SCHEMA
+op1() {
+  case "$1" in
+    has)
+      xargs grep -H "^$2:" \
+        | cut -d: -f1 
+      ;;
+    hasnt)
+      a=$(mktemp)
+      b=$(mktemp)
+      trap "rm $a $b; trap - EXIT INT QUIT" EXIT INT QUIT
+      cat > $a
+      cat $a | xargs grep -H "^$2:" | cut -d: -f1 > $b
+      diff -u $b $a | sed -n '/^++/d;s/^+\(.*\)/\1/p' | grep .
+  esac
+}
+
+# op2 SCHEMA OP RHS
+op2() {
+  case "$2" in
+    ==|is)
+      xargs grep -H "^$1:$3$" \
+        | cut -d: -f1
+      ;;
+    !=|isnt)
+      xargs grep -H "^$1:" \
+        | grep -v ":$1:$3" \
+        | cut -d: -f1
+      ;;
+    contains)
+      xargs grep -H "^$1:.*$3.*$" \
+        | cut -d: -f1
+      ;;
+  esac
+}
+
+main "$@"
diff --git a/services/services.txt b/services/services.txt
index 265e6d1c..ad9efde6 100644
--- a/services/services.txt
+++ b/services/services.txt
@@ -3,5 +3,4 @@ type:
 mail:
 expires:
 location:
-services://{{hostname}}:22
 tinc://{{hostname}}
diff --git a/ship/TODO b/ship/TODO
index e69de29b..7c2fe73f 100644
--- a/ship/TODO
+++ b/ship/TODO
@@ -0,0 +1,2 @@
+- refresh-supers: somehow test if a real tinc connection is possible to new
+  given supernodes
diff --git a/ship/build b/ship/build
index 3f96cfe1..0e8e1013 100755
--- a/ship/build
+++ b/ship/build
@@ -44,7 +44,7 @@ EOF
 build_strict_mode() { cat<<EOF
 $1a\\
 set -euf\\
-set -o posix || :
+(set -o posix 2>/dev/null) && set -o posix || :
 EOF
 }
 
diff --git a/ship/lib/_punani_db b/ship/lib/_punani_db
index 721b5fa2..6f89029f 100644
--- a/ship/lib/_punani_db
+++ b/ship/lib/_punani_db
@@ -19,7 +19,7 @@ _punanidb_aptget_pip2=python-pip
 _punanidb_pacman_virtualenv=python-virtualenv
 _punanidb_aptget_virtualenv=python-virtualenv
 
-_punanidb_pacman_gpp=g++
+_punanidb_pacman_gpp=gcc
 _punanidb_aptget_gpp=gcc
 
 _punanidb_pacman_python2_dev=python2
@@ -39,6 +39,10 @@ _punanidb_pacman_tinc=tinc
 _punanidb_yum_tinc=tinc
 _punanidb_aptget_tinc=tinc
 
+_punanidb_pacman_zsh=zsh
+_punanidb_yum_zsh=zsh
+_punanidb_aptget_zsh=zsh
+
 _punanidb_pacman_tor=tor
 _punanidb_yum_tor=tor
 _punanidb_aptget_tor=tor
@@ -50,3 +54,4 @@ _punanidb_aptget_nano=nano
 _punanidb_pacman_vim=vim
 _punanidb_yum_vim=vim-enhanced
 _punanidb_aptget_vim=vim
+
diff --git a/ship/lib/filehooker b/ship/lib/filehooker
new file mode 100644
index 00000000..72be751a
--- /dev/null
+++ b/ship/lib/filehooker
@@ -0,0 +1,117 @@
+#@include core
+#@include network
+ncdc_user=${ncdc_user:-hooker}
+ncdc_bin=${ncdc_bin:-/usr/bin/ncdc}
+
+ncdc_config(){
+    # maybe we want to use the running ncdc process and communicate via tmux send-keys ?
+   (sleep 1;cat;printf "/quit\n") | sudo -u $ncdc_user "$ncdc_bin"
+}
+
+ncdc_configure_netshare(){
+    : "${1?provide path to share}"
+    rnd=`hexdump -n 2 -e '/2 "%u"' /dev/urandom`
+    rnd_name="${2:-share_$rnd}"
+    info "adding share"
+    (echo "/share $rnd_name $1") | ncdc_config
+}
+
+ncdc_configure_nick(){
+    nick=${1?nick must be provided}
+    info "configuring DC Nick: $nick"
+    echo "/nick $nick" | ncdc_config
+}
+ncdc_configure_hub(){
+    rnd=`hexdump -n 2 -e '/2 "%u"' /dev/urandom`
+    hubname="hub_$rnd"
+    hub=${1?adcs://localhost:2781}
+    info "configuring DC Hub: $hub, activating autconnect"
+    info "setting active as true"
+    (echo "/open ${hubname} ${hub}" ;
+    echo "/hset autoconnect true") | ncdc_config
+}
+
+ncdc_download(){
+install_dir="$(dirname "${ncdc_bin}")"
+info "installing ncdc to $install_dir"
+curl http://dev.yorhel.nl/download/ncdc-linux-x86_64-1.19.tar.gz | tar xz -C "$install_dir"
+}
+ncdc_install(){
+useradd -m $ncdc_user ||:
+}
+
+ncdc_autostart(){
+# only systemd
+# punani install tmux
+cat > /etc/systemd/system/ncdc@.service <<EOF
+[Unit]
+Description=ncdc
+Requires=network.target local-fs.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+KillMode=none
+User=%I
+ExecStart=/usr/bin/tmux new-session -s dcpp -n ncdc -d ncdc
+ExecStop=/usr/bin/tmux send-keys -t dcpp:ncdc "/quit" C-m
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable ncdc@$ncdc_user
+}
+
+# 20gig in bytes
+min_netshare_size=${min_netshare_size:-20000000000}
+get_disksize(){
+fdisk -l ${1?provide disk} | grep '^Disk ' | cut -d\  -f 5
+}
+
+prepare_netshares(){
+    count=0
+    fdisk -l  | grep '^Disk '  | egrep '(/dev/sd|/dev/hd)' | cut -d\  -f 2 | tr -d : | while read disk;do
+        size=$(get_disksize $disk)
+        if test "$size" -gt "$min_netshare_size";
+        then
+            info "using $disk with $size bytes"
+            dd if=/dev/zero of=$disk bs=1M count=1 >/dev/null
+            sleep 1
+            (printf "o\nn\np\n\n\n\nw\n\n") |fdisk $disk >/dev/null ||:
+            #partprobe $disk
+            mkfs.btrfs -f ${disk}1 >/dev/null
+            uuid="$(blkid ${disk}1 -o value | head -n 1)"
+            mountpoint="/media/vag${count}"
+            mkdir -p "$mountpoint"
+            echo "UUID=$uuid  $mountpoint btrfs rw,relatime,space_cache 0 0" >> /etc/fstab
+            echo "$mountpoint"
+            : $((count++))
+        else
+            info "skipping $disk"
+        fi
+    done
+}
+install_tor_announce(){
+# systemd only
+info "writing tor_announce.service"
+cat > /etc/systemd/system/tor_announce.service<<EOF
+[Unit]
+Description=Announce Tor Hidden Address
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/tor_announce
+
+[Install]
+WantedBy=multi-user.target
+EOF
+info "writing tor_announce to /usr/bin/tor_announce"
+printf '#!/bin/sh\nsleep 20\n' > /usr/bin/tor_announce
+http_get conf.krebsco.de/tor_publish_ssh >> /usr/bin/tor_announce
+chmod +x /usr/bin/tor_announce
+info "enable tor_announce"
+systemctl enable tor_announce
+#systemctl start tor_announce
+}
diff --git a/ship/lib/iso b/ship/lib/iso
new file mode 100644
index 00000000..0776d796
--- /dev/null
+++ b/ship/lib/iso
@@ -0,0 +1,7 @@
+get_volid(){
+  #returns the volume id of the iso given
+  # is needed for remastering the archlinux iso
+  
+  #punani install genisoimage
+  isoinfo -d -i "${1?path to iso must be given}" | grep "^Volume id:" | cut -d: -f 2 |xargs
+}
diff --git a/ship/lib/krebs b/ship/lib/krebs
new file mode 100644
index 00000000..e47031d6
--- /dev/null
+++ b/ship/lib/krebs
@@ -0,0 +1,16 @@
+#@include core
+krebs_pubkeys="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7YrLdnXDRU2XEdZDu1BmgiT0Vaxplf3bfvSm+5o3g4AcR2yCv7h2D633c9uA0gq52EJ3V5m8B1ZcxqA0zqDptKwx+ZTMUGDls7StH5xpJyk9j5gf8DzyDLQPQG2IYszCH+8esKjo3BOFxfey8NaX+k6gvQsG3lyV0PjLvvIy4gDuMn6dPZfVAlwNYFOUNgwpku3W3A0d+UFyVjt3/sgZxM+8C3y6QE1gwT5/NfBbHM5vaEqjHcVq1ui+7a4iOXFGKkZDcd7EX6cQZSbCzZL7sZ0OmB1WpAsDCvIXfzX1YfNA0sso7ldSF6ZUGNgwEk1LootnQlCK/dfbM+i62SZ+1 tv@iiso
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv9TTt4FkzT3jlQ0VS2tX/GpQO9Ef0wIQ+g96foe4qSniBwR667T1gIhURrod/p7N9oQcWRrNohjgmSBZRYA0kW6ZyqYJkLvRv54nXv6j/8Xq2nG/KVfDqL0kp8if+JGeFlQElpWJiAbGifYkopFy69QiLYU2ndR7aPbx+5qm/dcwPJ7K+n6dyePynCZadtcabm3PuBFUxGLdT9ImDXMOPfXxPMlN/3eb78byuEuHnhCIvIGLMBGx+8QTXvu7kHpZObvkbsF1xjVs9fDpwVLjh7GWdwf3BZ/agFlI24ffyqCPFnuaxUVyfUZeqf4twRsIZkTTB47lHDhYiVkyGe8gd root@pigstarter.de
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7df1RfMGNHPJe0iF6rD9DBs/4VujN6nNr7RbRCFk7HF/JzLXSn9Vcwk+3JefP4/d/bUo0h03rhQaRohDhBScrJidj2YacF6gmZOuTf3AMWprdz9D/1dDkN/ytwzGhADhqbHEWeomIllsa8Up4PvEeDcIHJGzYvuc0BbGqRk0XgxwqIrLAhdpTfEKaTbt7IzmUqEofxThTZ/4k020PKn2WDBWKQYGZJ9Ba2WzlKUXWx842ncW29oxC2faRz4M3eMPy0JMpBLkK9U3dccE75dgT/89/4ofVjM7+J3FOP3dgXzrtk+A5aN5a/veJUViQ9xdGxXvoa++iCr5q/BVRv0Bb sammy@muhbaasu.de
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOIRWLC4ESCDxjyoJUqaUNC8ZDiE4UICZk3cbDptdtendTQvjSXz0RW6MWhJ+F6wWZntL1EibKn8djax1tzgcvNASCUEtGey/850IzBIrETs+WQDRjV2QqBKWxVaQPIFjw2V3vFSKKNxq01qznVBY510DIf4+0WR8b1ZPD/XbuyQLGYM3N7dP4JQSnnNAgtyutBKdomWfT18hW1lLjkP8h1IOiC03HxXTYX+nMUiLDff3D5GT5u3Ke2+VigXjz4Ue8rVsOg/zgqrwEAfx8o1q83uSB23oqUqWkqlxOC/4QY5kpdNqW/Iz89zHibp5ZceHd2ZSoGefv7UZM0lRIDHjJ retiolum@ire
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3+2vSwiJoIpHpnkw4SslPrlR6/z43nZ7s1tGXkkNnVDB2uzxMaISNRjSk0GgXpDx4hLEi6074hSvv5JWbUuMyKr9n6GVVeYNCjsiPcRkL3d7zDwFwqyndhVeWgmpuylYx4XKIbTvpBVyG3CRT1+D4apVUgiDa9lVfjBk7/ESxBzt0dXtlJEzQBBoCo0C8jeeIpvZKbq1zeM9wvLsgFaT7fsSxrg5BEb/tQl6pbkykWFXbzzd91liEQaSqai7Ux2355ZXGANQBCTglKhdTcir0RuHNtQGrZHBxL9qVfJjJJNZg1b6UAhDanqE/HyOI3sp6LGBvpW5afLKOdj9ppQQN retiolum@nomic
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== death@uriel"
+
+authorized_keys_file="${authorized_keys:-$HOME/.ssh/authorized_keys}"
+deploy_krebs_pubkeys(){
+info "deploying pubkeys in $authorized_keys_file"
+mkdir -p "$(dirname "$authorized_keys_file")"
+printf "$krebs_pubkeys\n" >> "$authorized_keys_file"
+
+}
diff --git a/ship/lib/network b/ship/lib/network
index 974fb282..6c8970a0 100644
--- a/ship/lib/network
+++ b/ship/lib/network
@@ -76,6 +76,17 @@ run_telnet(){
   port="$2"
   $(which_telnet) "$host" "$port"
 }
+port_open(){
+  # $1 - host
+  # $2 - port
+  #  nc -zw 2 $1 $2
+  echo | run_telnet "$1" "$2" & pid=$!
+  { sleep 5; kill $pid;} & wid=$!
+  wait $pid 
+  RET=$?
+  kill $wid >/dev/null 2>&1
+  return $RET
+}
 
 send_irc(){
   ## reads from stdin, writes to IRC
@@ -95,5 +106,5 @@ send_irc(){
       echo "JOIN $IRCCHANNEL";
       sleep 23;
       while read line; do echo "PRIVMSG $IRCCHANNEL :$line";sleep 1;done
-      sleep 5; ) | run_telnet $IRCSERVER $IRCPORT 2>/dev/null | line_to_dot
+      sleep 5; ) | run_telnet $IRCSERVER $IRCPORT 2>/dev/null
 }
diff --git a/ship/lib/retiolum b/ship/lib/retiolum
new file mode 100644
index 00000000..eba2775e
--- /dev/null
+++ b/ship/lib/retiolum
@@ -0,0 +1,109 @@
+#!/bin/sh
+# retiolum host functions
+#@include core
+#@include network
+tinc_path=${tinc_path:-/etc/tinc}
+netname=${netname:-retiolum}
+hosts_dir=${hosts_dir:-$tinc_path/$netname/hosts}
+supernode_urls="http://euer.krebsco.de/retiolum/supernodes.tar.gz"
+reload_tinc(){
+  info "reloading tinc configuration"
+  pkill -HUP tincd || tinc -n $netname reload;
+}
+
+refresh_supernode_keys(){
+  for url in $supernode_urls;do
+    info "Trying $url to retrieve supernodes"
+    if http_get "$url" \
+       | tar xvz -C $hosts_dir | xargs -n1 echo "refreshed:" ;then
+      info "refreshed supernode keys"
+      return 0
+    else
+      error "$url unusable for retrieving supernode host files"
+    fi
+  done && return 1
+}
+port_open(){
+  # $1 - host
+  # $2 - port
+  #  nc -zw 2 $1 $2
+  echo | run_telnet "$1" "$2" & pid=$!
+  { sleep 5; kill $pid;} & wid=$!
+  wait $pid 
+  RET=$?
+  kill $wid >/dev/null 2>&1
+  return $RET
+}
+find_supernodes(){
+  cd $hosts_dir
+  set +f
+  for name in `
+    grep '^[  ]*Address[  ]*=' * |
+      cut -d: -f1 | sort | uniq
+  `; do
+    if eval "`sed -n '
+        s/[   ]\+//g
+        s/^\(Address\|Port\)=\(.*\)/\1="\${\1+\$\1\n}\2"/p
+      ' $name`"; then
+      port=${Port-655}
+      for host in $Address; do
+        if port_open $host $port 2>/dev/null; then
+          echo "$name [('$host', $port)]"
+        fi &
+      done
+      wait
+    fi &
+  done
+  wait
+  cd - >/dev/null
+}
+
+find_active_nodes(){
+  # TODO this function currently only supports a single address for a host
+  cd $hosts_dir
+  # posix grep does not support [[:space:]]
+  set +f
+  for name in `
+    grep '^[  ]*Address[  ]*=' * |
+      cut -d: -f1 | sort | uniq
+  `; do
+    if eval "`sed -n '
+        s/[   ]\+//g
+        s/^\(Address\|Port\)=\(.*\)/\1="\${\1+\$\1\n}\2"/p
+      ' $name`"; then
+      port=${Port-655}
+      for host in $Address; do
+        if port_open $host $port 2>/dev/null; then
+          echo "$name [('$host', $port)]"
+        fi &
+      done
+      wait
+    fi &
+  done
+  wait
+  cd - >/dev/null
+}
+
+check_free_v4(){
+  myipv4=${1-10.243.0.-1}
+  v4num=${myipv4##*.}
+  printf "Retard check: "
+  if [ "$v4num" -gt 0 -a "$v4num" -lt "256" ];
+  then 
+    info "No retard detected\n"
+    cd $hosts_dir
+    info "Check if ip is still free: "
+    for i in `ls -1`; do
+      if grep -q -e $myipv4\$ $i ;then
+        error "Host IP already taken by $i! "
+        return 1
+      fi
+    done
+    info "Passed\n"
+    return 0
+  else
+    error "you are made of stupid. bailing out\n" 
+    return 1
+  fi
+  cd - >/dev/null
+}
diff --git a/ship/lib/vim b/ship/lib/vim
new file mode 100644
index 00000000..f75f3d0e
--- /dev/null
+++ b/ship/lib/vim
@@ -0,0 +1,40 @@
+# configure vim
+
+vimrc=$HOME/.vimrc
+
+vim_conf_sane_defaults(){
+    # TODO - make stuff more modular?
+    cat >>$vimrc<<EOF
+set nocompatible
+filetype plugin indent on
+syntax on
+set vb
+set foldenable
+set foldmethod=syntax
+set ignorecase
+set incsearch
+set showmatch
+set matchtime=3
+set hlsearch
+set backupdir=~/.vim/backup
+set directory=~/.vim/backup
+inoremap <F1> <ESC>
+nnoremap <F1> <ESC>
+vnoremap <F1> <ESC>
+set wildignore=*.o,*.obj,*.bak,*.exe,*.os
+cmap w!! w !sudo tee > /dev/null %
+colorscheme darkblue
+set background=dark
+set number
+set mouse=
+set shiftwidth=2
+set tabstop=2
+set et
+set sw=2
+set smarttab
+set autoindent
+set backspace=indent,eol,start
+set nocp
+EOF
+    mkdir -p $HOME/.vim/backup
+}
diff --git a/ship/src/arch_autoinstall b/ship/src/arch_autoinstall
index baa9e2a0..c9b6c4d4 100755
--- a/ship/src/arch_autoinstall
+++ b/ship/src/arch_autoinstall
@@ -3,13 +3,12 @@
 #@include core
 #@include color
 #@include network
+#@include tor
 pass=shackit
 shack_printer_ip=10.42.0.135
 extra_pkg="xorg vim xfce4 feh chromium zsh sudo git flashplugin alsa-oss alsa-lib alsa-utils grub-bios slim ntp tor network-manager-applet networkmanager openssh cups cups-filters"
 
 info "writing stdout to /tmp/install.log"
-exec >> /tmp/install.log
-tail -f /tmp/install.log&
 defer 'pkill tail'
 
 installer_disk(){
@@ -35,7 +34,7 @@ sleep 3
 umount /mnt/boot ||:
 umount /mnt ||:
 info "starting partitioning"
-(printf "o\nn\np\n\n\n+256M\n\a\nn\np\n\n\n\nw\n\n") |fdisk $rootdisk
+(printf "o\nn\np\n\n\n+256M\n\a\nn\np\n\n\n\nw\n\n") |fdisk $rootdisk||:
 info "done partitioning"
 sleep 1
 info "generating filesystem on /boot"
@@ -84,7 +83,7 @@ info "generating configs"
 genfstab -U -p /mnt > /mnt/etc/fstab
 
 info "beginning chroot!"
-arch-chroot /mnt | tee -a /tmp/install.log  << EOF
+arch-chroot /mnt << EOF
 
 msg() { printf "\$*\n" >&2; }
 info()  { msg "$green\$*$nc"; }
@@ -119,7 +118,7 @@ done
 
 ### CUPS
 mkdir -p /etc/cups
-cat >>/etc/cups/printers.conf<<EOF
+cat >>/etc/cups/printers.conf<<EOT
 <Printer HP_LaserJet_5000_Series>
 Info Shack Printer HP 5000
 Location lounge
@@ -137,7 +136,7 @@ KLimit 0
 OpPolicy default
 ErrorPolicy stop-printer
 </Printer>
-EOF
+EOT
 
 info "installing grub"
 grub-install ${rootdisk} 2>/dev/null
@@ -155,7 +154,11 @@ EOF
 info "configuring tor"
 torrc=/mnt/etc/tor/torrc
 hidden_service_dir=/var/lib/tor/hidden_service/
-#@include tor
 configure_hidden_service
+#TODO publish tor address after reboot
+#info "publishing hidden service address"
+#cat $hidden_service_dir/hostname | send_irc
+
 
 info "We're all done, simply reboot!"
+reboot
diff --git a/ship/src/bootstrap_env_makefu b/ship/src/bootstrap_env_makefu
index 7ec59a79..e61f4e99 100755
--- a/ship/src/bootstrap_env_makefu
+++ b/ship/src/bootstrap_env_makefu
@@ -4,10 +4,24 @@
 #@strict
 #@include core
 #@include punani
+#@include vim
+
+# vim +python
+_punanidb_pacman_vim_python=gvim
+_punanidb_yum_vim_python=vim-enhanced
+_punanidb_aptget_vim_python=vim
+
+# TODO pull out youcompleteme into a vim function
+# cmake ,make,g++,python-dev for youcompleteme 
+_punanidb_pacman_cmake=cmake
+_punanidb_yum_cmake=cmake
+_punanidb_aptget_cmake=cmake
+#@mainifyme
+
 info "Configuring environment for $(id -un)"
 cd $(readlink -f $(dirname $0))
 info "Using punani to install git vim and zsh"
-punani install git vim zsh || error "cannot install some shit"
+punani install git vim_python zsh gpp cmake make python2_dev || die "cannot install some shit"
 
 info "writing dotfiles"
 # deploying zshrc
@@ -54,8 +68,13 @@ test -r ~/TODO  && cat ~/TODO
 
 setopt menu_complete
 unsetopt correct_all
+export PYTHONSTARTUP=~/.pythonrc
+EOF
+info 'deploying pythonrc'
+cat > $HOME/.pythonrc <<EOF
+import rlcompleter, readline
+readline.parse_and_bind('tab:complete')
 EOF
-
 info "deploying vim config"
 if [ -e $HOME/.vim ] ; then
   oldvim=$HOME/.vim.`date +%Y%M%d`
@@ -68,43 +87,36 @@ mkdir -p $HOME/.vim
 # TODO modilarize vimconfig
 
 cat > $HOME/.vim/vimrc <<EOF 
-set nocompatible
 filetype off
 set rtp+=~/.vim/bundle/vundle
 call vundle#rc()
-
 " TODO refactor this
 Bundle 'gmarik/vundle'
 Bundle 'SudoEdit.vim'
 Bundle 'snipMate'
 Bundle 'tpope/vim-fugitive'
-Bundle 'vim-scripts-iptables'
-Bundle 'pyflakes'
+Bundle 'Valloric/YouCompleteMe'
+Bundle 'scrooloose/syntastic'
+Bundle 'sjl/gundo.vim'
+
+nnoremap <F5> :GundoToggle<CR>
+set undodir=~/.vim/undo
+set undofile
+"maximum number of changes that can be undone
+set undolevels=1000000
+"maximum number lines to save for undo on a buffer reload
+set undoreload=10000000
+
+set pastetoggle=<F2>
+set showmode
+filetype plugin indent on
+
 
 filetype plugin indent on
-syntax on
 
-set vb
 let g:snips_author = 'Bob Ross <root@syntax-fehler.de>'
 let g:makefu_author = 'makefu'
 
-set foldenable
-set foldmethod=syntax
-" shows matching braches etc
-set showmatch
-set matchtime=3
-" highlight search
-set hlsearch
-
-" set noswapfile
-" set nobackup
-set backupdir=~/.vim/backup
-set directory=~/.vim/backup
-
-" turn off F1
-inoremap <F1> <ESC>
-nnoremap <F1> <ESC>
-vnoremap <F1> <ESC>
 " pasting
 nnoremap <F2> :set invpaste paste?<CR>
 set pastetoggle=<F2>
@@ -114,44 +126,31 @@ set showmode
 au FocusLost * :wa
 
 set spelllang=en
-" use set spell to enable spelling
-
-" press ttt to rot16 the whole file
-nmap ttt ggg?G
 
-colorscheme darkblue
-set background=dark
-
-set number
-set mouse=
 set textwidth=9001
-set ignorecase
-set incsearch
-set wildignore=*.o,*.obj,*.bak,*.exe,*.os
-
-set shiftwidth=2
-set tabstop=2
-set et
-set sw=2
-set smarttab
-set autoindent
-" end tabstop
-set backspace=indent,eol,start
-set nocp
 autocmd BufRead *.json set filetype=json
 EOF
-
+if [ -e $HOME/.vimrc ] ; then
+  oldvim=$HOME/.vimrc.`date +%Y%M%d`
+  info "Backing up old vimrc file to $oldvim"
+  mv -v $HOME/.vimrc $oldvim
+fi
+info "Symlinking .vimrc to .vim/vimrc"
 ln -vs $HOME/.vim/vimrc $HOME/.vimrc
+vim_conf_sane_defaults
 
 #install all the vim stuff with the help of vundle
 cd $HOME/.vim
-mkdir bundle
-mkdir backup
+mkdir -p bundle undo backup
 info "Fetching vim-vundle"
 git clone https://github.com/gmarik/vundle.git bundle/vundle > /dev/null && \
   info "Vim Vundle deployed"
 info "Installing Vundle Bundles"
 vim "+:BundleInstall" "+:qall"
+
+info "building youcompleteme libs"
+cd $HOME/.vim/bundle/YouCompleteMe
+./install.sh
 cd -
 
 info "configuring zsh"
diff --git a/ship/src/filehooker_configure_ncdc b/ship/src/filehooker_configure_ncdc
new file mode 100644
index 00000000..c980ebf2
--- /dev/null
+++ b/ship/src/filehooker_configure_ncdc
@@ -0,0 +1,15 @@
+#!/bin/sh
+#@info
+#@strict
+#@include filehooker
+
+dc_hub="adcs://elch.nsupdate.info:2781"
+rnd=`hexdump -n 2 -e '/2 "%u"' /dev/urandom`
+nick="filehooker_$rnd"
+
+
+ncdc_install
+ncdc_autostart
+
+ncdc_configure_nick "$nick"
+ncdc_configure_hub "$dc_hub"
diff --git a/ship/src/filehooker_configure_netshare b/ship/src/filehooker_configure_netshare
new file mode 100644
index 00000000..438ac133
--- /dev/null
+++ b/ship/src/filehooker_configure_netshare
@@ -0,0 +1,7 @@
+#!/bin/sh
+#@info
+#@strict
+#@include filehooker
+for i in $(prepare_netshares) ;do
+   ncdc_configure_netshare "$i"  "${i##*/}"
+done
diff --git a/ship/src/filehooker_install b/ship/src/filehooker_install
new file mode 100755
index 00000000..eb2d5fd1
--- /dev/null
+++ b/ship/src/filehooker_install
@@ -0,0 +1,143 @@
+#/bin/sh
+#@info
+#@strict
+#@include core
+## colored logging
+#@include color
+#@include network
+
+## for tor hidden service
+#@include tor
+
+## for ncdc
+#@include filehooker
+pass=lolwut.aidsballs
+# 20gig
+#min_netshare_size=20000000000
+admin=pimp
+extra_pkg="vim sudo grub-bios ntp tor openssh btrfs-progs tmux"
+
+info "writing stdout to /tmp/install.log"
+
+
+installer_disk(){
+    find /dev/disk/by-label/ -name ARCH_\* 2>/dev/null | xargs readlink
+}
+
+find_rootdisk(){
+    for i in sd vd hd;do
+        for j in a b c;do
+            dsk="/dev/$i$j"
+            test ! -e "$dsk" && continue
+            test "$(installer_disk)" == "$dsk" && continue
+            test "$(get_disksize $dsk)" -gt "$min_netshare_size" && info "not using $dsk as it is too big" && continue
+            echo "$dsk" && return
+        done
+    done
+}
+
+rootdisk=$(find_rootdisk)
+test "$rootdisk" || die "cannot find your root disk"
+
+info "Your rootdisk is $rootdisk"
+sleep 3
+
+umount /mnt/boot ||:
+umount /mnt ||:
+info "overwriting partitioning"
+dd if=/dev/zero of=$rootdisk bs=2k count=10
+info "starting partitioning"
+(printf "o\nn\np\n\n\n+128M\n\a\nn\np\n\n\n\nw\n\n") |fdisk $rootdisk ||:
+partprobe $rootdisk
+info "done partitioning"
+sleep 1
+info "generating filesystem on /boot"
+mkfs.ext2 ${rootdisk}1
+info "Done"
+sleep 3
+sync
+vgchange -an
+info "generating filesystems"
+mkfs.btrfs -f ${rootdisk}2
+sleep 1
+info "finished generating filesystems"
+sleep 1
+info "mounting"
+mount ${rootdisk}2 /mnt
+mkdir /mnt/boot
+mount ${rootdisk}1 /mnt/boot
+
+info "finished mounting!"
+sleep 1
+info "installing!"
+
+info "Setting http proxy"
+
+info "Installing the following packages: $extra_pkg"
+if [ -n "${user_pkg:-}" ] ;then
+  info "User chooses additional packages: $user_pkg"
+else
+  info "No additional packages set by user (\$user_pkg unset)"
+fi
+pacstrap /mnt base $extra_pkg ${user_pkg:-}
+info "installation done"
+sleep 1
+info "generating configs"
+genfstab -U -p /mnt > /mnt/etc/fstab
+
+info "beginning chroot!"
+########### BEGIN CHROOT #####
+arch-chroot /mnt << EOF
+#@strict
+msg() { printf "\$*\n" >&2; }
+info()  { msg "$green\$*$nc"; }
+error() { msg "$green\$*$nc"; }
+
+info "generating locales"
+ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
+echo "LANG=en_US.UTF-8"  >> /etc/locale.conf
+echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
+locale-gen
+echo "filehooker$RANDOM" > /etc/hostname
+info "Done! "
+mkinitcpio -p linux ||
+info "setting root password"
+printf "${pass}\n${pass}\n" | (passwd )
+info "adding user"
+useradd -m -G audio,video,wheel $admin
+printf "${pass}\n${pass}\n" | (passwd $admin)
+
+info "editing sudoers"
+printf "root ALL=(ALL) ALL\n%s ALL=(ALL)NOPASSWD: ALL\n" %wheel >> /etc/sudoers
+for i in dhcpcd ntpd tor sshd ; do
+    info "enabling \$i"
+    systemctl enable \$i
+done
+
+info "installing grub"
+grub-install ${rootdisk} 2>/dev/null
+#echo "GRUB_DISABLE_LINUX_UUID=true" >> /etc/default/grub
+grub-mkconfig > /boot/grub/grub.cfg 2>/dev/null
+# prepare ncdc
+useradd -m hooker
+exit
+EOF
+######## END CHROOT ##########
+sync
+
+info "configuring tor"
+torrc=/mnt/etc/tor/torrc
+hidden_service_dir=/var/lib/tor/hidden_service/
+configure_hidden_service
+#info "publishing hidden service address"
+#cat $hidden_service_dir/hostname | send_irc
+info "configure ncdc"
+curl conf.krebsco.de/filehooker_configure_ncdc | arch-chroot /mnt
+info "configuring netshares"
+( curl conf.krebsco.de/filehooker_configure_netshare )| arch-chroot /mnt
+info "configuring tor announce"
+curl conf.krebsco.de/install_tor_announce | arch-chroot /mnt
+info "We're all done, rebooting!"
+sync
+sleep 5
+reboot
diff --git a/ship/src/find-supers-tinc b/ship/src/find-supers-tinc
new file mode 100644
index 00000000..3ea53d35
--- /dev/null
+++ b/ship/src/find-supers-tinc
@@ -0,0 +1,6 @@
+#!/bin/sh
+#@info
+#@include core
+#@include retiolum
+
+find_supernodes
diff --git a/ship/src/fix_dircolors b/ship/src/fix_dircolors
index b2e2ffdb..d427563f 100755
--- a/ship/src/fix_dircolors
+++ b/ship/src/fix_dircolors
@@ -6,7 +6,7 @@ exists dircolors || die "no dircolors in PATH, bailing out"
 
 info "fixing dircolors for $(id -un)"
 dircolors -p > $HOME/.dircolors
-sed -i 's/\(DIR \).*/\101;35/' $HOME/.dircolors
+sed -i 's/\(DIR \).*/\101;36/' $HOME/.dircolors
 ! grep -q 'dircolors' $HOME/.profile && \
 	info "adding dircolors line to $HOME/.profile" && \
 	echo 'eval `dircolors -b $HOME/.dircolors`' >> $HOME/.profile
diff --git a/ship/src/install_tor_announce b/ship/src/install_tor_announce
new file mode 100644
index 00000000..b7b3662e
--- /dev/null
+++ b/ship/src/install_tor_announce
@@ -0,0 +1,5 @@
+#!/bin/sh
+#@strict
+#@include filehooker
+
+install_tor_announce
diff --git a/ship/src/refresh-super-keys b/ship/src/refresh-super-keys
new file mode 100644
index 00000000..dddbe846
--- /dev/null
+++ b/ship/src/refresh-super-keys
@@ -0,0 +1,5 @@
+#!/bin/sh
+#@info
+#@include retiolum
+#@mainifyme
+refresh_supernode_keys
diff --git a/ship/src/refresh-supers b/ship/src/refresh-supers
new file mode 100644
index 00000000..6dc6e8ab
--- /dev/null
+++ b/ship/src/refresh-supers
@@ -0,0 +1,35 @@
+#!/bin/sh
+#@info
+# usage: [DEBUG=1] [tincconf=/not/tinc/retiolum/tinc.conf] $0 
+# This is the implementation of the proposal how to update tinc supernode
+# connections 
+
+#@include core
+#@include retiolum
+  # using find_supernodes
+  #       tinc_path
+  #       netname
+
+#@strict
+#@mainifyme
+
+refresh_supernode_keys
+
+max_connect_to=${max_connect_to:-5}
+tincconf=${tincconf:-$tinc_path/$netname/tinc.conf}
+tmp_tincconf=$(mktemp)
+defer "rm -f $tmp_tincconf"
+
+sed '/^[  ]*ConnectTo/d' "$tincconf" > "$tmp_tincconf"
+
+
+# TODO find_supernodes requires netcat
+find_supernodes | cut -d\  -f 1 | shuf \
+  | head -n "${max_connect_to}" \
+  | xargs -n1 printf "ConnectTo=%s\n" >> "$tmp_tincconf"
+
+info "replacing old tinc.conf with one"
+test "${DEBUG:-}" && diff "$tincconf" "$tmp_tincconf"
+mv "$tmp_tincconf" "$tincconf"
+
+reload_tinc
diff --git a/ship/src/remaster_arch_iso b/ship/src/remaster_arch_shack_installstick
index 94a750c1..3ad985af 100755
--- a/ship/src/remaster_arch_iso
+++ b/ship/src/remaster_arch_shack_installstick
@@ -1,5 +1,6 @@
 #!/bin/sh
 #@include core
+#@include iso
 #@mainifyme
 
 ## TODO: provide a parameter which defines what to be done in the new iso root
@@ -12,14 +13,13 @@ isodir=$bdir/iso
 isomnt=$bdir/isomount
 rootdir=$bdir/root
 outdir=$bdir/out
-auto_url=euer.krebsco.de/autoinstall
+auto_url=${2:-conf.krebsco.de/arch_autoinstall}
 info "bdir is at $bdir"
 [ ! -e "$isofile" ] && die "$isofile does not exist."
 esudo "$@"
-
-
-#punani install genisoimage
-
+arch_label="$(get_volid "$isofile")"
+info "Arch iso label is ${arch_label}"
+info "auto_url is $auto_url"
 
 info "cleanup root dir"
 rm -rf $bdir
@@ -59,12 +59,11 @@ Just Wait until everything finished.
 
 - Make sure that RJ45 is connected
 - you can bail out of the progress at any time with CTRL-C
-- if anything went wrong,you can run the installer again at:
-    /krebs/autoinstall
-
+    /krebs/autoinstall (args)
 EOD
 /krebs/autoinstall
 EOL
+
     mkdir /krebs
     cat > /krebs/autoinstall <<EOL
 internet() { ping -w 1 google.de >/dev/null 2>&1; }
@@ -76,7 +75,7 @@ done
 echo "Grabbing current version of install-script from $auto_url"
 echo
 echo "AGENTS ARE GOOOOOOOOOOO!"
-curl $auto_url 2>/dev/null | sh
+curl "$auto_url" 2>/dev/null | sh -s "\\\$@"
 EOL
 chmod 755 /krebs/autoinstall
 EOF
@@ -84,19 +83,15 @@ EOF
     rm "$isodir/arch/$arch/root-image.fs.sfs"
     info "creating squashfs at $isodir/arch/$arch/root-image.fs.sfs"
     umount "$rootdir/$arch"
-    mksquashfs  "$outdir/$arch/root-image.fs" "$isodir/arch/$arch/root-image.fs.sfs" 
+    mksquashfs  "$outdir/$arch/root-image.fs" "$isodir/arch/$arch/root-image.fs.sfs"
 done
 
 info "creating Iso Image"
-#genisoimage -l -r -J -V "ARCH_$(date +%Y%m)" \
-#    -b isolinux/isolinux.bin -no-emul-boot \
-#    -boot-load-size 4 -boot-info-table -c isolinux/boot.cat \
-#    -o "$outdir/$outfile" "$isodir" 
 rm -f "${outdir}/${outfile}"
 xorriso -as mkisofs \
     -iso-level 3 \
     -full-iso9660-filenames \
-    -volid "ARCH_201311" \
+    -volid "${arch_label}" \
     -appid "Shackspace Krebs Installer" \
     -publisher "Shackspace/Krebs" \
     -preparer "prepared by krebs" \
diff --git a/ship/src/vim_sane_defaults b/ship/src/vim_sane_defaults
new file mode 100644
index 00000000..4c6f1b8f
--- /dev/null
+++ b/ship/src/vim_sane_defaults
@@ -0,0 +1,11 @@
+#!/bin/sh
+#@strict
+#@include core
+#@include vim
+#@include punani
+#@mainifyme
+info "installing punani"
+punani install vim
+touch $vimrc
+info "configuring vim"
+vim_conf_sane_defaults
diff --git a/sites/buildbot.krebsco.de/INSTALLATION.md b/sites/buildbot.krebsco.de/INSTALLATION.md
index b31a3989..83ffc9c3 100644
--- a/sites/buildbot.krebsco.de/INSTALLATION.md
+++ b/sites/buildbot.krebsco.de/INSTALLATION.md
@@ -1,11 +1,12 @@
 #?/bin/sh
 # something like this
 
-useradd ci
-punani install python-virtualenv 
+useradd ci -m
+punani install python2-virtualenv 
 su ci
-virtualenv buildbot
-echo ". $HOME/buildbot/bin/activate" >~/.bashrc
+virtualenv2 buildbot
+echo ". $HOME/buildbot/bin/activate" >>~/.bashrc
+. ~/.bashrc
 pip install buildbot-slave buildbot
 buildbot create-master master
 # tahoe cp krebs:master.conf master/master.conf
diff --git a/sites/elchhub.nsupdate.info/install_adhpp b/sites/elchhub.nsupdate.info/install_adhpp
new file mode 100644
index 00000000..6f2986d5
--- /dev/null
+++ b/sites/elchhub.nsupdate.info/install_adhpp
@@ -0,0 +1,44 @@
+curl https://aur.archlinux.org/packages/ad/adchpp/adchpp.tar.gz > adchpp.tar.gz
+tar xf adchpp.tar.gz
+cd adchpp
+# install all the deps
+makepkg 
+pacman -U adchpp-*-x86_64.pkg.tar.xz
+vi /etc/adchpp/adchpp.xml
+# change description etc
+# add to servers:
+#    <Server Port="2781" TLS="1" Certificate="/etc/adchpp/certs/cacert.pem" 
+#                                PrivateKey="/etc/adchpp/certs/privkey.pem" 
+#                                TrustedPath="/etc/adchpp/certs/trusted/" 
+#                                DHParams="/etc/adchpp/certs/dhparam.pem"/>
+
+
+mkdir /etc/adchpp/certs
+cd /etc/adchpp/certs
+openssl genrsa -out privkey.pem 4096
+openssl req -new -x509 -key privkey.pem -out cacert.pem
+openssl dhparam -outform PEM -out dhparam.pem 1024
+
+cat > /var/lib/adchpp/motd.txt <<EOF
+Welcome  to  the  Elch Hub
+  xx  xx                  xx  xx
+xxxx  xx    xxxx  xxxx  xxxx  xx
+xxxx  xx    xxxx  xxxx  xxxx  xx
+  xxxxxx      xx    xx    xxxxxx
+  xxxxxx    xxxxxxxxxx    xxxxxx
+    xx    xxxxxxxxxxxxxx    xx  
+    xxxxxxxxxxxxxxxxxxxxxxxxxx  
+          xxxxxxxxxxxxxx        
+      xxxxxxxxxxxxxxxxxxxxxx    
+      xx      xxxxxx      xx    
+    xx    xx  xx  xx  xx    xx  
+    xx    xx  xx  xx  xx    xx  
+    xx  xxxx  xx  xx  xxxx  xx  
+
+[!]  SSL  is  at  port  2781  
+        connect  via  adcs://elchhub.nsupdate.info:2781/
+        better  start  using  it
+EOF
+
+systemctl enable adchpp
+systemctl start adchpp
diff --git a/sites/elchirc.nsupdate.info/install_unrealircd b/sites/elchirc.nsupdate.info/install_unrealircd
new file mode 100644
index 00000000..6778a7ac
--- /dev/null
+++ b/sites/elchirc.nsupdate.info/install_unrealircd
@@ -0,0 +1,19 @@
+pacman -S unrealircd
+# in /etc/unrealircd/unrealircd.conf
+#  uncomment where it says FOR *NIX
+# remove the src/ from the start path as they are in /etc/unrealircd
+
+# uncomment motd ircd.motd
+# fix passwords for restart
+# comment in the .fr stuff
+# fix cloak-keys
+#
+
+# configure me,admin,class
+# curl unreal.x-tab.org/makecert.sh > makecert.sh
+# ./makecert.sh new -k server.key.pem -c server.cert.pem -r server.req.pem -b 2048 -d 9001
+#
+# cp /krebs/cholerab/bling/krebs-v2.txt ircd.motd
+#
+# systemctl enable unrealircd
+# systemctl start unrealircd
diff --git a/sites/elchstats.nsupdate.info/carbon.service b/sites/elchstats.nsupdate.info/carbon.service
new file mode 100644
index 00000000..d7087d41
--- /dev/null
+++ b/sites/elchstats.nsupdate.info/carbon.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Graphite Carbon
+After=network.target
+
+[Service]
+Type=forking
+User=graphite
+Group=graphite
+RemainAfterExit=yes
+PIDFile=/opt/graphite/storage/carbon-cache-a.pid
+ExecStart=/opt/graphite/bin/carbon-cache.py start
+ExecStop=/opt/graphite/bin/carbon-cache.py stop
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sites/elchstats.nsupdate.info/graphite-web.service b/sites/elchstats.nsupdate.info/graphite-web.service
new file mode 100644
index 00000000..798f82ba
--- /dev/null
+++ b/sites/elchstats.nsupdate.info/graphite-web.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Graphite Web
+After=network.target
+
+[Service]
+Type=simple
+User=graphite
+Group=graphite
+#RemainAfterExit=yes
+Environment=PYTHONPATH=/opt/graphite/webapp
+ExecStart=/usr/bin/django-admin.py runserver 0.0.0.0:8080 --settings=graphite.settings
+TimeoutSec=45s
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sites/elchstats.nsupdate.info/graphite.journal.txt b/sites/elchstats.nsupdate.info/graphite.journal.txt
new file mode 100644
index 00000000..777f4650
--- /dev/null
+++ b/sites/elchstats.nsupdate.info/graphite.journal.txt
@@ -0,0 +1,37 @@
+#?/bin/sh
+set -euf
+# from http://graphite.wikidot.com/installation
+
+git clone https://github.com/graphite-project/graphite-web.git
+git clone https://github.com/graphite-project/carbon.git
+git clone https://github.com/graphite-project/whisper.git
+
+pacman -S python2 gcc pkg-config cairo python2-pip
+for i in whisper carbon graphite-web;do
+  cd $i
+  pip2 install -r requirements.txt||:
+  python2 setup.py install
+  cd -
+done
+cd /opt/graphite/conf
+cp carbon.conf.example carbon.conf
+# edit carbon.conf, fix max writes per second, max adds per minute
+cp storage-schemas.conf.example storage-schemas.conf
+
+# edit storage-schemas.conf, fix storage time
+cd /opt/graphite/webapp/graphite
+cp local_settings.py.example local_settings.py
+# change SECRET_KEY
+PYTHONPATH=/opt/graphite/webapp django-admin.py syncdb --settings=graphite.settings
+# push in the texts
+
+useradd -m graphite -d /opt/graphite -r
+chown -R graphite /opt/graphite
+cd  _here_
+cp carbon.service /opt/systemd/system/
+systemctl enable carbon
+systemctl start carbon
+cp graphite-web.service /opt/systemd/system/
+systemctl enable graphite-web
+systemctl start graphite-web
+
diff --git a/sites/omo/torrent.md b/sites/omo/torrent.md
new file mode 100644
index 00000000..61feea94
--- /dev/null
+++ b/sites/omo/torrent.md
@@ -0,0 +1,25 @@
+# Running torrents through socks
+## Prereqs:
+- qBittorrent
+- winswitch (xpra) or qbittorrent-nox
+
+## Install
+### Winswitch
+see http://winswitch.org/downloads/debian-repository.html
+
+## Autostart (xpra)
+
+    # in startup script:
+    export DISPLAY=:11
+    xpra start $DISPLAY
+    tmux start-server
+    tmux new-window -t tools:1  'ssh -q -D1234 <remote-host>'
+    tmux new-window -t tools:2 'qbittorrent'
+    # attach to it:
+    xpra attach ssh:omo:11
+
+## Autostart (nox)
+see https://github.com/qbittorrent/qBittorrent/wiki/Running-qBittorrent-without-X-server
+
+## Lessons learned
+- transmission sucks (no proxy support
diff --git a/sites/tahoe.retiolum/README.md b/sites/tahoe.retiolum/README.md
index 01e8ed03..2d3b3e12 100644
--- a/sites/tahoe.retiolum/README.md
+++ b/sites/tahoe.retiolum/README.md
@@ -5,6 +5,17 @@ introducer and a number of tahoe bricks.
 # Adding new bricks & clients
 see //cholerab/tahoe/{brick,client}\_installation
 
+
+# Migration of the Introducer
+At some point it is necessary to migrate the tahoe introducer.
+To keep everything running just take the tahoe introducer configuration from
+the old host or from krebs:tahoe/introducer AND the original tinc configuration
+of the tahoe host. 
+After that, set the tahoe.krebsco.de ip in the krebs zone.
+
+
+If you need to re
+
 # Replacing the introducer
 if the introducer may die off, all crypto material is saved in 
 krebs:tahoe/introducer. There will be a backup somewhere, but bootstrapping
@@ -13,4 +24,4 @@ always sucks.
 Follow the generic brick installation,
 use the configuration file at conf/tahoe.cfg and copy the crypto material in
 the private folder of the installation. 
-autostart that shit
+autostart that shit.
diff --git a/sites/task.krebsco.de/README.md b/sites/task.krebsco.de/README.md
new file mode 100644
index 00000000..c6fd2b0f
--- /dev/null
+++ b/sites/task.krebsco.de/README.md
@@ -0,0 +1,40 @@
+# task.krebsco.de
+a taskd server deployment
+
+# Installation
+
+  yaourt -S taskd
+  cp /usr/share/taskd/pki/generate.client /var/lib/taskd
+
+# configuration
+taskd uses pki for login
+
+    systemctl enable taskd
+    systemctl start taskd
+    export TASKDDATA=/var/lib/taskd
+    taskd add org Krebs
+    taskd config --force pid.file $TASKDDIR/taskd.pid
+    taskd config --force log $TASKDDIR/taskd.log
+    taskd config --force client.allow '^task [2-9],^taskd,^libtaskd'
+
+# add new client
+for a new client we need to create certificates:
+    
+    # on server
+    cd /var/lib/taskd
+    ./generate.client username
+    # give new certs to user
+    curl -F'p=username.cert.pem' http://paste
+    curl -F'p=username.key.pem' http://paste
+    curl -F'p=ca.cert.pem' http://paste
+    taskd add user krebs username
+    # outputs <uid>
+
+    # on client
+    mkdir ~/.task
+    curl http://paste/abcde > username.cert.pem
+    curl http://paste/efghi > username.key.pem
+    curl http://paste/jklmn > ca.cert.pem
+    task config taskd.server task.krebsco.de:53589
+    task config taskd.credentials 'krebs/makefu/<uid>'
+    task sync init
diff --git a/util/Makefile b/util/Makefile
index 3c20f550..5096506b 100644
--- a/util/Makefile
+++ b/util/Makefile
@@ -4,22 +4,19 @@ test:
 	@export PATH="$(CURDIR)/bin:$(PATH)"; \
 		tests="`find t -type f -executable`"; \
 		i=1; \
-		pids="";\
 		n=`echo "$$tests" | wc -l`; \
 		echo $$i..$$n; \
 		for exe in $$tests; do \
-			{ \
-				./$$exe; \
-				ret=$$?; \
-				case $$ret in 0) result=ok;; *) result='not ok';; esac; \
-				echo $$result $$i - $$exe; \
-				exit $$ret;\
-			} & \
-			pids="$${pids} $$!" \
+			if ./$$exe; then \
+				echo ok $$i - $$exe; \
+			else \
+				echo not ok $$i - $$exe; \
+				touch .test-not-ok; \
+			fi & \
 			i=$$(( i+1 )); \
 		done; \
-		ret=0;\
-		for pid in $$pids; do \
-			wait $$pid || ret=23;\
-		done; \
-		exit $$ret;
+		wait; \
+		if test -e .test-not-ok; then \
+			rm .test-not-ok; \
+			exit 23; \
+		fi
author	root <root@flap>	2014-05-06 10:00:33 -0400
committer	root <root@flap>	2014-05-06 10:00:33 -0400
commit	4d8016064edd5e5dc1d194ea5ec0fce4f07b8f2a (patch)
tree	d8ecba8651604e51d6f887449641ac627844ae63
parent	f44c8529e6d04b557d93cc862599b956ed21f0de (diff)
parent	d0367082a5c1296cefed641b4eda736b29a3ad69 (diff)