summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--retiolum/hosts/UTART9
-rw-r--r--retiolum/hosts/pico11
-rw-r--r--retiolum/hosts/slowpoke14
-rw-r--r--retiolum/hosts/sokrates11
-rw-r--r--retiolum/scripts/github_hosts_sync/README26
-rwxr-xr-xretiolum/scripts/github_hosts_sync/hosts-sync64
-rw-r--r--retiolum/scripts/github_hosts_sync/systemd/hosts-sync.conf1
-rw-r--r--retiolum/scripts/github_hosts_sync/systemd/hosts-sync.service14
8 files changed, 116 insertions, 34 deletions
diff --git a/retiolum/hosts/UTART b/retiolum/hosts/UTART
deleted file mode 100644
index 3c8628cf..00000000
--- a/retiolum/hosts/UTART
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 42.227.239.205/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1tFgR6xxNZavtG44QEAEzKQixJqO9MuO5hUcklH87Sml+Mz+Ptz/
-r8Vhmvc1NhL0d8h1VJSrzjAyYuBR0LKSGRYxHby/M9AqBjUHUhDM83ogV/CbSifs
-TlBcKuvPkGVALN6LYcPXjzKzBI7X1ictqts9K3CoCWgjRld63noczvNnwVdHNawX
-ckQdjzxMAgwtJW0hWfDr1Uhq3sVEFnHLzFJuLsnc6gDzKvP/ETQ6KINv43B9UerS
-HzFK3ntViohW4K/p6i4gBNxFfYnuNLqnY+O/hc0/fFdKE36eLD8ngPURo3/As6Le
-KlPEMBwIIJQpS7GP4BIUK/qPE9J7McU6wQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/pico b/retiolum/hosts/pico
deleted file mode 100644
index b08b450d..00000000
--- a/retiolum/hosts/pico
+++ /dev/null
@@ -1,11 +0,0 @@
-Address = 78.111.78.33
-Subnet = 10.243.0.102/32
-Subnet = 42:b103:275c:1723:edc8:b24d:452b:352a/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAsbe4wzTOHHLyuPO/AsfDqQHyV41qgs3dqt6uWcDcdiEsUvbCK9Ch
-MQNkTktlrMRyvz6Qm/3DKptp80R648j0nWi/c3aLDkZq8weEnR9SFYfNaUp/GN4s
-+Qhb+836d8Hu2+3jZWlr5Zb/p8hyhcx3NUH/skuH6Hu+piWczlN1NGksf5f7N/bp
-ZBCXnCLLUYVM/0RIS8mcAIX44Zx8YFDXpByePUdyrzn+mRln6VFDnt5uGsmNw6G/
-Azn3grpidcyrW2cs3b7rysKsxOvyGBdu2zGXp+pquZq1l3f06IN+fzCtnyLTPL1K
-UUEJlQa1Gsl2pVi5+HPcAj3U2yp42WJYNwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/retiolum/hosts/slowpoke b/retiolum/hosts/slowpoke
deleted file mode 100644
index 27b1e57c..00000000
--- a/retiolum/hosts/slowpoke
+++ /dev/null
@@ -1,14 +0,0 @@
-Address = 62.113.241.235
-Subnet = 10.243.232.121
-Subnet = 42:7d8f:9e3a:dcc7:9b22:d1ca:7e28:fe9c
-Subnet = 172.22.0.0/15
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA9EtaOHLa0CyOGpX3rzMLqi9HqrjzVe3XdSfcb9QPYwcbxpPYNLLk
-/1+4vxOI/TEh1QCu0bzPLy8tAwKF2DwnCH72yae17I0jVMW29Ng3Fdjzb3SmWJbf
-C87X7c+Nx5+Yc7OIdvTi/BGPNpDEp7nJugubH1whSFfulCDbsGU3rX5IsDUiw4ha
-B+5wH1coQl+Yp+M1ws5+PoHgYQ/ApYPBKEn+H7JAdnOTLbo0eI3B1PuDUrsMakMq
-s4f74d2Z405xUGHhRRcerF0h5VD58TADxx7RSRd7oR06KlXM/RaqOkw9vzvA2vBq
-CC+LdtIV7wWxF3uRAnk6odeFvqZTHvR4WQIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/retiolum/hosts/sokrates b/retiolum/hosts/sokrates
new file mode 100644
index 00000000..97cf1b47
--- /dev/null
+++ b/retiolum/hosts/sokrates
@@ -0,0 +1,11 @@
+Subnet = 10.243.97.126
+Subnet = 42:28be:6907:ab4b:5c79:99f5:a4a1:2a25
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA0emA0JAong4wHSAEUrLrkh21n8I/+pLtpS4uGTcMHn9ZrS8Tg101
+S2poRE0jZUZu868mDeOwwxZRLmCE+bL0q1OrAUDY7+ricQSAz3CNQAAQB0Sjp7ju
+YXKqLZQEYyOV3M8IJOALS72q4g1VTv5jQrLhGzMsv9vzuRSZV0pEV8tZwb187wLi
+n27rwB6SPZv7uhC3R060x8Ze/pLmfmVfrxb9DwZS3d8X1PwygTrTjSAUTeMaDa69
+NSOzvKLx25fhZ0Gm3BA3pUQDEOiGOze3oT/0l3QJMvZ48TbG1KlSBOVwtL3+f5yM
+gJZLF/JoTsYL0aZM+zHL6NAUmciy9dNXEQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/retiolum/scripts/github_hosts_sync/README b/retiolum/scripts/github_hosts_sync/README
new file mode 100644
index 00000000..12aa8dfe
--- /dev/null
+++ b/retiolum/scripts/github_hosts_sync/README
@@ -0,0 +1,26 @@
+#? /bin/sh
+
+useradd -m hosts-sync
+cp systemd/hosts-sync.service /etc/systemd/system/
+cp systemd/hosts-sync.conf /etc/conf.d/
+
+sudo -u hosts-sync -i ssh-keygen
+add /home/hosts-sync/.ssh/id_rsa.pub as github/krebscode/hosts deploy key
+sudo -u hosts-sync -i git clone git@github.com:krebscode/hosts.git ~hosts-sync/hosts # to accept the remote key (and have an initial copy)
+
+sudo -u hosts-sync -i git config --global user.email hosts-sync@ire.retiolum
+sudo -u hosts-sync -i git config --global user.name hosts-sync
+sudo -u hosts-sync -i git config --global push.default simple
+
+systemctl start hosts-sync
+systemctl enable hosts-sync
+
+TODO firewall setup
+
+#? /bin/sh (update service)
+git pull
+cp retiolum/scripts/github_hosts_sync/systemd/hosts-sync.service /etc/systemd/system/
+systemctl daemon-reload
+systemctl restart hosts-sync
+
+
diff --git a/retiolum/scripts/github_hosts_sync/hosts-sync b/retiolum/scripts/github_hosts_sync/hosts-sync
new file mode 100755
index 00000000..53c96efd
--- /dev/null
+++ b/retiolum/scripts/github_hosts_sync/hosts-sync
@@ -0,0 +1,64 @@
+#! /bin/sh
+# TODO do_work should retry until success
+set -euf
+
+port=${port-1028}
+local_painload=$HOME/painload
+remote_painload="https://github.com/krebscode/painload"
+local_hosts=$HOME/hosts
+remote_hosts="git@github.com:krebscode/hosts.git"
+
+main() {
+ ensure_local_painload
+ ensure_local_hosts
+ is_worker && do_work || become_server
+}
+
+ensure_local_painload() {
+ test -d "$local_painload" || git clone "$remote_painload" "$local_painload"
+}
+
+ensure_local_hosts() {
+ test -d "$local_hosts" || git clone "$remote_hosts" "$local_hosts"
+}
+
+become_server() {
+ exec socat "TCP-LISTEN:$port,reuseaddr,fork" "EXEC:$0"
+}
+
+is_worker() {
+ test "${SOCAT_SOCKPORT-}" = "$port"
+}
+
+do_work() {
+ # read request
+ req_line="$(read line && echo "$line")"
+ req_hdrs="$(sed -n '/^\r$/q;p')"
+
+ set -x
+
+ cd "$local_hosts"
+ git pull >&2
+
+ cd "$local_hosts"
+ find . -name .git -prune -o -type f -exec git rm \{\} \; >/dev/null
+
+ cd "$local_painload"
+ git pull >&2
+
+ find "$local_painload/retiolum/hosts" -type f -exec cp \{\} "$local_hosts" \;
+
+ cd "$local_hosts"
+ find . -name .git -prune -o -type f -exec git add \{\} \; >&2
+ if git status --porcelain | grep -q .; then
+ git commit -m bump >&2
+ git push >&2
+ fi
+
+ echo "HTTP/1.1 200 OK"
+ echo
+ echo "https://github.com/krebscode/hosts/archive/master.tar.gz"
+ echo "https://github.com/krebscode/hosts/archive/master.zip"
+}
+
+main "$@"
diff --git a/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.conf b/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.conf
new file mode 100644
index 00000000..606f17b4
--- /dev/null
+++ b/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.conf
@@ -0,0 +1 @@
+port=1028
diff --git a/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.service b/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.service
new file mode 100644
index 00000000..5fb9ed41
--- /dev/null
+++ b/retiolum/scripts/github_hosts_sync/systemd/hosts-sync.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=retiolum github hosts sync
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/conf.d/hosts-sync.conf
+ExecStart=/krebs/retiolum/scripts/github_hosts_sync/hosts-sync
+KillMode=process
+User=hosts-sync
+Group=hosts-sync
+
+[Install]
+WantedBy=multi-user.target
+