Merge branch 'master' of https://github.com/krebscode/painload

9 files changed, 213 insertions, 5 deletions

diff --git a/sites/buildbot.krebsco.de/INSTALLATION.md b/sites/buildbot.krebsco.de/INSTALLATION.md
index b31a3989..83ffc9c3 100644
--- a/sites/buildbot.krebsco.de/INSTALLATION.md
+++ b/sites/buildbot.krebsco.de/INSTALLATION.md
@@ -1,11 +1,12 @@
 #?/bin/sh
 # something like this
 
-useradd ci
-punani install python-virtualenv 
+useradd ci -m
+punani install python2-virtualenv 
 su ci
-virtualenv buildbot
-echo ". $HOME/buildbot/bin/activate" >~/.bashrc
+virtualenv2 buildbot
+echo ". $HOME/buildbot/bin/activate" >>~/.bashrc
+. ~/.bashrc
 pip install buildbot-slave buildbot
 buildbot create-master master
 # tahoe cp krebs:master.conf master/master.conf
diff --git a/sites/elchhub.nsupdate.info/install_adhpp b/sites/elchhub.nsupdate.info/install_adhpp
new file mode 100644
index 00000000..6f2986d5
--- /dev/null
+++ b/sites/elchhub.nsupdate.info/install_adhpp
@@ -0,0 +1,44 @@
+curl https://aur.archlinux.org/packages/ad/adchpp/adchpp.tar.gz > adchpp.tar.gz
+tar xf adchpp.tar.gz
+cd adchpp
+# install all the deps
+makepkg 
+pacman -U adchpp-*-x86_64.pkg.tar.xz
+vi /etc/adchpp/adchpp.xml
+# change description etc
+# add to servers:
+#    <Server Port="2781" TLS="1" Certificate="/etc/adchpp/certs/cacert.pem" 
+#                                PrivateKey="/etc/adchpp/certs/privkey.pem" 
+#                                TrustedPath="/etc/adchpp/certs/trusted/" 
+#                                DHParams="/etc/adchpp/certs/dhparam.pem"/>
+
+
+mkdir /etc/adchpp/certs
+cd /etc/adchpp/certs
+openssl genrsa -out privkey.pem 4096
+openssl req -new -x509 -key privkey.pem -out cacert.pem
+openssl dhparam -outform PEM -out dhparam.pem 1024
+
+cat > /var/lib/adchpp/motd.txt <<EOF
+Welcome  to  the  Elch Hub
+  xx  xx                  xx  xx
+xxxx  xx    xxxx  xxxx  xxxx  xx
+xxxx  xx    xxxx  xxxx  xxxx  xx
+  xxxxxx      xx    xx    xxxxxx
+  xxxxxx    xxxxxxxxxx    xxxxxx
+    xx    xxxxxxxxxxxxxx    xx  
+    xxxxxxxxxxxxxxxxxxxxxxxxxx  
+          xxxxxxxxxxxxxx        
+      xxxxxxxxxxxxxxxxxxxxxx    
+      xx      xxxxxx      xx    
+    xx    xx  xx  xx  xx    xx  
+    xx    xx  xx  xx  xx    xx  
+    xx  xxxx  xx  xx  xxxx  xx  
+
+[!]  SSL  is  at  port  2781  
+        connect  via  adcs://elchhub.nsupdate.info:2781/
+        better  start  using  it
+EOF
+
+systemctl enable adchpp
+systemctl start adchpp
diff --git a/sites/elchirc.nsupdate.info/install_unrealircd b/sites/elchirc.nsupdate.info/install_unrealircd
new file mode 100644
index 00000000..6778a7ac
--- /dev/null
+++ b/sites/elchirc.nsupdate.info/install_unrealircd
@@ -0,0 +1,19 @@
+pacman -S unrealircd
+# in /etc/unrealircd/unrealircd.conf
+#  uncomment where it says FOR *NIX
+# remove the src/ from the start path as they are in /etc/unrealircd
+
+# uncomment motd ircd.motd
+# fix passwords for restart
+# comment in the .fr stuff
+# fix cloak-keys
+#
+
+# configure me,admin,class
+# curl unreal.x-tab.org/makecert.sh > makecert.sh
+# ./makecert.sh new -k server.key.pem -c server.cert.pem -r server.req.pem -b 2048 -d 9001
+#
+# cp /krebs/cholerab/bling/krebs-v2.txt ircd.motd
+#
+# systemctl enable unrealircd
+# systemctl start unrealircd
diff --git a/sites/elchstats.nsupdate.info/carbon.service b/sites/elchstats.nsupdate.info/carbon.service
new file mode 100644
index 00000000..d7087d41
--- /dev/null
+++ b/sites/elchstats.nsupdate.info/carbon.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Graphite Carbon
+After=network.target
+
+[Service]
+Type=forking
+User=graphite
+Group=graphite
+RemainAfterExit=yes
+PIDFile=/opt/graphite/storage/carbon-cache-a.pid
+ExecStart=/opt/graphite/bin/carbon-cache.py start
+ExecStop=/opt/graphite/bin/carbon-cache.py stop
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sites/elchstats.nsupdate.info/graphite-web.service b/sites/elchstats.nsupdate.info/graphite-web.service
new file mode 100644
index 00000000..798f82ba
--- /dev/null
+++ b/sites/elchstats.nsupdate.info/graphite-web.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Graphite Web
+After=network.target
+
+[Service]
+Type=simple
+User=graphite
+Group=graphite
+#RemainAfterExit=yes
+Environment=PYTHONPATH=/opt/graphite/webapp
+ExecStart=/usr/bin/django-admin.py runserver 0.0.0.0:8080 --settings=graphite.settings
+TimeoutSec=45s
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sites/elchstats.nsupdate.info/graphite.journal.txt b/sites/elchstats.nsupdate.info/graphite.journal.txt
new file mode 100644
index 00000000..777f4650
--- /dev/null
+++ b/sites/elchstats.nsupdate.info/graphite.journal.txt
@@ -0,0 +1,37 @@
+#?/bin/sh
+set -euf
+# from http://graphite.wikidot.com/installation
+
+git clone https://github.com/graphite-project/graphite-web.git
+git clone https://github.com/graphite-project/carbon.git
+git clone https://github.com/graphite-project/whisper.git
+
+pacman -S python2 gcc pkg-config cairo python2-pip
+for i in whisper carbon graphite-web;do
+  cd $i
+  pip2 install -r requirements.txt||:
+  python2 setup.py install
+  cd -
+done
+cd /opt/graphite/conf
+cp carbon.conf.example carbon.conf
+# edit carbon.conf, fix max writes per second, max adds per minute
+cp storage-schemas.conf.example storage-schemas.conf
+
+# edit storage-schemas.conf, fix storage time
+cd /opt/graphite/webapp/graphite
+cp local_settings.py.example local_settings.py
+# change SECRET_KEY
+PYTHONPATH=/opt/graphite/webapp django-admin.py syncdb --settings=graphite.settings
+# push in the texts
+
+useradd -m graphite -d /opt/graphite -r
+chown -R graphite /opt/graphite
+cd  _here_
+cp carbon.service /opt/systemd/system/
+systemctl enable carbon
+systemctl start carbon
+cp graphite-web.service /opt/systemd/system/
+systemctl enable graphite-web
+systemctl start graphite-web
+
diff --git a/sites/omo/torrent.md b/sites/omo/torrent.md
new file mode 100644
index 00000000..61feea94
--- /dev/null
+++ b/sites/omo/torrent.md
@@ -0,0 +1,25 @@
+# Running torrents through socks
+## Prereqs:
+- qBittorrent
+- winswitch (xpra) or qbittorrent-nox
+
+## Install
+### Winswitch
+see http://winswitch.org/downloads/debian-repository.html
+
+## Autostart (xpra)
+
+    # in startup script:
+    export DISPLAY=:11
+    xpra start $DISPLAY
+    tmux start-server
+    tmux new-window -t tools:1  'ssh -q -D1234 <remote-host>'
+    tmux new-window -t tools:2 'qbittorrent'
+    # attach to it:
+    xpra attach ssh:omo:11
+
+## Autostart (nox)
+see https://github.com/qbittorrent/qBittorrent/wiki/Running-qBittorrent-without-X-server
+
+## Lessons learned
+- transmission sucks (no proxy support
diff --git a/sites/tahoe.retiolum/README.md b/sites/tahoe.retiolum/README.md
index 01e8ed03..2d3b3e12 100644
--- a/sites/tahoe.retiolum/README.md
+++ b/sites/tahoe.retiolum/README.md
@@ -5,6 +5,17 @@ introducer and a number of tahoe bricks.
 # Adding new bricks & clients
 see //cholerab/tahoe/{brick,client}\_installation
 
+
+# Migration of the Introducer
+At some point it is necessary to migrate the tahoe introducer.
+To keep everything running just take the tahoe introducer configuration from
+the old host or from krebs:tahoe/introducer AND the original tinc configuration
+of the tahoe host. 
+After that, set the tahoe.krebsco.de ip in the krebs zone.
+
+
+If you need to re
+
 # Replacing the introducer
 if the introducer may die off, all crypto material is saved in 
 krebs:tahoe/introducer. There will be a backup somewhere, but bootstrapping
@@ -13,4 +24,4 @@ always sucks.
 Follow the generic brick installation,
 use the configuration file at conf/tahoe.cfg and copy the crypto material in
 the private folder of the installation. 
-autostart that shit
+autostart that shit.
diff --git a/sites/task.krebsco.de/README.md b/sites/task.krebsco.de/README.md
new file mode 100644
index 00000000..c6fd2b0f
--- /dev/null
+++ b/sites/task.krebsco.de/README.md
@@ -0,0 +1,40 @@
+# task.krebsco.de
+a taskd server deployment
+
+# Installation
+
+  yaourt -S taskd
+  cp /usr/share/taskd/pki/generate.client /var/lib/taskd
+
+# configuration
+taskd uses pki for login
+
+    systemctl enable taskd
+    systemctl start taskd
+    export TASKDDATA=/var/lib/taskd
+    taskd add org Krebs
+    taskd config --force pid.file $TASKDDIR/taskd.pid
+    taskd config --force log $TASKDDIR/taskd.log
+    taskd config --force client.allow '^task [2-9],^taskd,^libtaskd'
+
+# add new client
+for a new client we need to create certificates:
+    
+    # on server
+    cd /var/lib/taskd
+    ./generate.client username
+    # give new certs to user
+    curl -F'p=username.cert.pem' http://paste
+    curl -F'p=username.key.pem' http://paste
+    curl -F'p=ca.cert.pem' http://paste
+    taskd add user krebs username
+    # outputs <uid>
+
+    # on client
+    mkdir ~/.task
+    curl http://paste/abcde > username.cert.pem
+    curl http://paste/efghi > username.key.pem
+    curl http://paste/jklmn > ca.cert.pem
+    task config taskd.server task.krebsco.de:53589
+    task config taskd.credentials 'krebs/makefu/<uid>'
+    task sync init