diff options
Diffstat (limited to 'elchos/root-image')
61 files changed, 1349 insertions, 0 deletions
diff --git a/elchos/root-image/etc/collectd.conf b/elchos/root-image/etc/collectd.conf new file mode 100644 index 00000000..30480f2e --- /dev/null +++ b/elchos/root-image/etc/collectd.conf @@ -0,0 +1,84 @@ +#Hostname "elch_<macid>" +Interval 10 + +LoadPlugin syslog +<Plugin syslog> + LogLevel info +</Plugin> + +LoadPlugin md +LoadPlugin cpu +LoadPlugin df +LoadPlugin disk +#LoadPlugin ping +LoadPlugin hddtemp +LoadPlugin interface +LoadPlugin load +LoadPlugin memory +LoadPlugin network +LoadPlugin uptime +LoadPlugin users +LoadPlugin write_graphite + +<Plugin df> +# Device "/dev/sda1" +# Device "192.168.0.2:/mnt/nfs" + FSType "ext2" + FSType "ext3" + FSType "ext4" + FSType "btrfs" + FSType "ntfs" + FSType "ntfs-3g" + FSType "vfat" + + IgnoreSelected false +</Plugin> + +<Plugin disk> + Disk "/[vsh]d[abcdefg][12345678]/" + IgnoreSelected false +</Plugin> + +<Plugin hddtemp> + Host "127.0.0.1" + Port 7634 + #TranslateDevicename false +</Plugin> + +<Plugin interface> + Interface "lo" + IgnoreSelected true +</Plugin> + + +#<Plugin ping> + #Host "elchhub.krebsco.de" + #Host "elchstats.krebsco.de" + #Interval 1.0 + #Timeout 0.9 +# TTL 255 +# SourceAddress "1.2.3.4" +# Device "eth0" +# MaxMissed -1 +#</Plugin> + + +#<Plugin sensors> +# Sensor "it8712-isa-0290/temperature-temp1" +# Sensor "it8712-isa-0290/fanspeed-fan3" +# Sensor "it8712-isa-0290/voltage-in8" +# IgnoreSelected false +#</Plugin> + + +<Plugin "write_graphite"> + <Carbon> + Host "elchstats.nsupdate.info" + Port "2003" + Prefix "elch." + #Postfix "" + EscapeCharacter "_" + StoreRates false + AlwaysAppendDS false + </Carbon> +</Plugin> diff --git a/elchos/root-image/etc/fstab b/elchos/root-image/etc/fstab new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/elchos/root-image/etc/fstab diff --git a/elchos/root-image/etc/hostname b/elchos/root-image/etc/hostname new file mode 100644 index 00000000..ef8963cd --- /dev/null +++ b/elchos/root-image/etc/hostname @@ -0,0 +1 @@ +filebitch diff --git a/elchos/root-image/etc/locale.conf b/elchos/root-image/etc/locale.conf new file mode 100644 index 00000000..01ec548f --- /dev/null +++ b/elchos/root-image/etc/locale.conf @@ -0,0 +1 @@ +LANG=en_US.UTF-8 diff --git a/elchos/root-image/etc/pam.d/su b/elchos/root-image/etc/pam.d/su new file mode 100644 index 00000000..a2910423 --- /dev/null +++ b/elchos/root-image/etc/pam.d/su @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth sufficient pam_wheel.so trust use_uid +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so diff --git a/elchos/root-image/etc/sudoers.d/g_wheel b/elchos/root-image/etc/sudoers.d/g_wheel new file mode 100644 index 00000000..8c45359f --- /dev/null +++ b/elchos/root-image/etc/sudoers.d/g_wheel @@ -0,0 +1 @@ +%wheel ALL=(ALL) NOPASSWD: ALL diff --git a/elchos/root-image/etc/systemd/scripts/choose-mirror b/elchos/root-image/etc/systemd/scripts/choose-mirror new file mode 100755 index 00000000..0ae08067 --- /dev/null +++ b/elchos/root-image/etc/systemd/scripts/choose-mirror @@ -0,0 +1,26 @@ +#!/bin/bash + +get_cmdline() { + local param + for param in $(< /proc/cmdline); do + case "${param}" in + $1=*) echo "${param##*=}"; + return 0 + ;; + esac + done +} + +mirror=$(get_cmdline mirror) +[[ $mirror = auto ]] && mirror=$(get_cmdline archiso_http_srv) +[[ $mirror ]] || exit 0 + +mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig +cat >/etc/pacman.d/mirrorlist << EOF +# +# Arch Linux repository mirrorlist +# Generated by archiso +# + +Server = ${mirror%%/}/\$repo/os/\$arch +EOF diff --git a/elchos/root-image/etc/systemd/system/choose-mirror.service b/elchos/root-image/etc/systemd/system/choose-mirror.service new file mode 100644 index 00000000..1e4d771d --- /dev/null +++ b/elchos/root-image/etc/systemd/system/choose-mirror.service @@ -0,0 +1,10 @@ +[Unit] +Description=Choose mirror from the kernel command line +ConditionKernelCommandLine=mirror + +[Service] +Type=oneshot +ExecStart=/etc/systemd/scripts/choose-mirror + +[Install] +WantedBy=multi-user.target diff --git a/elchos/root-image/etc/systemd/system/collectd.service.d/wait.conf b/elchos/root-image/etc/systemd/system/collectd.service.d/wait.conf new file mode 100644 index 00000000..05d8b43c --- /dev/null +++ b/elchos/root-image/etc/systemd/system/collectd.service.d/wait.conf @@ -0,0 +1,2 @@ +[Service] +ExecStartPre=/usr/bin/sleep 20 diff --git a/elchos/root-image/etc/systemd/system/dhcpcd.service.d/force-reboot.conf b/elchos/root-image/etc/systemd/system/dhcpcd.service.d/force-reboot.conf new file mode 100644 index 00000000..5b506341 --- /dev/null +++ b/elchos/root-image/etc/systemd/system/dhcpcd.service.d/force-reboot.conf @@ -0,0 +1,2 @@ +[Service] +StartLimitAction=reboot-force diff --git a/elchos/root-image/etc/systemd/system/elch-hostname.service b/elchos/root-image/etc/systemd/system/elch-hostname.service new file mode 100644 index 00000000..bcee7964 --- /dev/null +++ b/elchos/root-image/etc/systemd/system/elch-hostname.service @@ -0,0 +1,11 @@ +[Unit] +Description=change filehooker hostname +Before=network.target nss-lookup.target multi-user.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/krebs/bin/set-hostname.sh + +[Install] +WantedBy=multi-user.target diff --git a/elchos/root-image/etc/systemd/system/etc-pacman.d-gnupg.mount b/elchos/root-image/etc/systemd/system/etc-pacman.d-gnupg.mount new file mode 100644 index 00000000..4eab5513 --- /dev/null +++ b/elchos/root-image/etc/systemd/system/etc-pacman.d-gnupg.mount @@ -0,0 +1,8 @@ +[Unit] +Description=Temporary /etc/pacman.d/gnupg directory + +[Mount] +What=tmpfs +Where=/etc/pacman.d/gnupg +Type=tmpfs +Options=mode=0755 diff --git a/elchos/root-image/etc/systemd/system/getty@tty1.service.d/run_krebs_secret.conf b/elchos/root-image/etc/systemd/system/getty@tty1.service.d/run_krebs_secret.conf new file mode 100644 index 00000000..29e5be5f --- /dev/null +++ b/elchos/root-image/etc/systemd/system/getty@tty1.service.d/run_krebs_secret.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=-/usr/bin/agetty --autologin reaktor --noclear %I 38400 linux diff --git a/elchos/root-image/etc/systemd/system/hddtemp.service.d/monitor_all_disks.conf b/elchos/root-image/etc/systemd/system/hddtemp.service.d/monitor_all_disks.conf new file mode 100644 index 00000000..e6b8fcda --- /dev/null +++ b/elchos/root-image/etc/systemd/system/hddtemp.service.d/monitor_all_disks.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=/bin/bash -c "/usr/bin/hddtemp -dF hddtemp -d /dev/[vsh]d[a-z]" diff --git a/elchos/root-image/etc/systemd/system/ntpdate.service.d/set_hwclock.conf b/elchos/root-image/etc/systemd/system/ntpdate.service.d/set_hwclock.conf new file mode 100644 index 00000000..e57550c8 --- /dev/null +++ b/elchos/root-image/etc/systemd/system/ntpdate.service.d/set_hwclock.conf @@ -0,0 +1,2 @@ +[Service] +ExecStart=/usr/bin/hwclock --systohc --utc -w diff --git a/elchos/root-image/etc/systemd/system/pacman-init.service b/elchos/root-image/etc/systemd/system/pacman-init.service new file mode 100644 index 00000000..23b81445 --- /dev/null +++ b/elchos/root-image/etc/systemd/system/pacman-init.service @@ -0,0 +1,15 @@ +[Unit] +Description=Initializes Pacman keyring +Wants=haveged.service +After=haveged.service +Requires=etc-pacman.d-gnupg.mount +After=etc-pacman.d-gnupg.mount + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/pacman-key --init +ExecStart=/usr/bin/pacman-key --populate archlinux + +[Install] +WantedBy=multi-user.target diff --git a/elchos/root-image/etc/systemd/system/start-ncdc@.service b/elchos/root-image/etc/systemd/system/start-ncdc@.service new file mode 100644 index 00000000..7b5b1b8e --- /dev/null +++ b/elchos/root-image/etc/systemd/system/start-ncdc@.service @@ -0,0 +1,13 @@ +[Unit] +Description=ncdc autoconfig and startup for %i +After=network.target local-fs.target multi-user.target elch-hostname.service + +[Service] +Type=oneshot +RemainAfterExit=yes +#KillMode=none +ExecStart=/usr/bin/tmux new-session -n startup -d "/bin/sh /krebs/bin/start-ncdc.ship" +ExecStop=/usr/bin/sudo -u %i /usr/bin/tmux send-keys -t dcpp:ncdc "/quit" C-m + +[Install] +WantedBy=multi-user.target diff --git a/elchos/root-image/etc/systemd/system/tor-configure-hidden.service b/elchos/root-image/etc/systemd/system/tor-configure-hidden.service new file mode 100644 index 00000000..c9b8f20f --- /dev/null +++ b/elchos/root-image/etc/systemd/system/tor-configure-hidden.service @@ -0,0 +1,11 @@ +[Unit] +Description=Announce Tor Hidden Address +After=network.target nss-lookup.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/krebs/bin/tor_configure_hidden_service.ship + +[Install] +WantedBy=multi-user.target diff --git a/elchos/root-image/etc/udev/rules.d/81-dhcpcd.rules b/elchos/root-image/etc/udev/rules.d/81-dhcpcd.rules new file mode 100644 index 00000000..1c4053c0 --- /dev/null +++ b/elchos/root-image/etc/udev/rules.d/81-dhcpcd.rules @@ -0,0 +1 @@ +ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="en*|eth*", ENV{SYSTEMD_WANTS}="dhcpcd@$name.service" diff --git a/elchos/root-image/krebs/bin/add-reaktor-secret.sh b/elchos/root-image/krebs/bin/add-reaktor-secret.sh new file mode 100755 index 00000000..92681449 --- /dev/null +++ b/elchos/root-image/krebs/bin/add-reaktor-secret.sh @@ -0,0 +1,24 @@ +#!/bin/sh +set -euf +green='\e[0;32m' +red='\e[0;31m' +nc='\e[0m' +black='\e[0;30m' + +printf "${green}Add a Reaktor Secret ${nc}\n" +printf "${red}(no spaces in input plox)${nc}\n" + +nick=${1:-} +while test -z "${nick:-}" ;do + printf "provide Nick Name:\n" + read nick +done + +secret=${2:-} +while test -z "${secret:-}" ;do + printf "provide Secret:$black\n" + read secret +done + +echo "$nick $secret" >> /krebs/painload/Reaktor/admin.lst +printf "${green}done${nc}" diff --git a/elchos/root-image/krebs/bin/macid.sh b/elchos/root-image/krebs/bin/macid.sh new file mode 100755 index 00000000..0fccc84b --- /dev/null +++ b/elchos/root-image/krebs/bin/macid.sh @@ -0,0 +1,2 @@ +#!/bin/sh +ip addr | grep ether | awk '{print $2}' | sort |md5sum | awk '{print $1}' | dd bs=1 count=6 2>/dev/null diff --git a/elchos/root-image/krebs/bin/reaktor-shell.sh b/elchos/root-image/krebs/bin/reaktor-shell.sh new file mode 100755 index 00000000..117c64f6 --- /dev/null +++ b/elchos/root-image/krebs/bin/reaktor-shell.sh @@ -0,0 +1,4 @@ +#!/bin/sh +echo "IP Addresses:" +/krebs/painload/Reaktor/commands/ips || echo "no IPs!" +/krebs/bin/add-reaktor-secret.sh diff --git a/elchos/root-image/krebs/bin/refresh-shares.ship b/elchos/root-image/krebs/bin/refresh-shares.ship new file mode 100755 index 00000000..364d7758 --- /dev/null +++ b/elchos/root-image/krebs/bin/refresh-shares.ship @@ -0,0 +1,11 @@ +#!/bin/sh +#TODO: +#!/usr/bin/env ship +set -euf +#@include filehooker +. /krebs/lib/filehooker +ncdc_user="hooker" + +share_all_partitions +systemctl restart hddtemp.service +exit 0 diff --git a/elchos/root-image/krebs/bin/set-hostname.sh b/elchos/root-image/krebs/bin/set-hostname.sh new file mode 100755 index 00000000..31101a18 --- /dev/null +++ b/elchos/root-image/krebs/bin/set-hostname.sh @@ -0,0 +1,5 @@ +#!/bin/sh +hostn="elch_$(/krebs/bin/macid.sh)" +hostnamectl set-hostname "$hostn" +hostname $hostn +echo "$hostn" > /etc/hostname diff --git a/elchos/root-image/krebs/bin/start-ncdc.ship b/elchos/root-image/krebs/bin/start-ncdc.ship new file mode 100755 index 00000000..1d47bcfb --- /dev/null +++ b/elchos/root-image/krebs/bin/start-ncdc.ship @@ -0,0 +1,23 @@ +#!/usr/bin/env ship +set -euf +#@include filehooker +. /krebs/lib/filehooker +#@include network +ncdc_user="hooker" + +useradd -m $ncdc_user ||: + +sudo -u $ncdc_user /usr/bin/tmux new-session -s dcpp -n ncdc -d ncdc 2>/dev/null || echo "ncdc is already running" + +nick=$(cat /etc/hostname) +echo "using nick $nick" +ncdc_configure_nick "$nick" +sleep 1 +dc_hub="adcs://elchhub.nsupdate.info:2781" +echo "connecting to $dc_hub" +ncdc_configure_hub "$dc_hub" "elch" + + +share_all_partitions + +exit 0 diff --git a/elchos/root-image/krebs/bin/tor-get-hidden-service.sh b/elchos/root-image/krebs/bin/tor-get-hidden-service.sh new file mode 100755 index 00000000..c9946366 --- /dev/null +++ b/elchos/root-image/krebs/bin/tor-get-hidden-service.sh @@ -0,0 +1,2 @@ +#!/bin/sh +cat /var/lib/tor/hidden_service/hostname diff --git a/elchos/root-image/krebs/bin/tor_configure_hidden_service.ship b/elchos/root-image/krebs/bin/tor_configure_hidden_service.ship new file mode 100755 index 00000000..1e026d26 --- /dev/null +++ b/elchos/root-image/krebs/bin/tor_configure_hidden_service.ship @@ -0,0 +1,16 @@ +#!/bin/sh +#@include core +. /krebs/lib/core +#@include network +. /krebs/lib/network +#@include tor +. /krebs/lib/tor + +sleep_time=5 +test -w "$torrc" || ( error "$torrc is not writable!"; exit 1 ) || exit 1 + +configure_hidden_service +test ! -e $hidden_service_dir/hostname && \ + info "hidden service file does not exist, restarting tor" && \ + systemctl restart tor && \ + sleep 1 diff --git a/elchos/root-image/krebs/bin/tor_publish_ssh.ship b/elchos/root-image/krebs/bin/tor_publish_ssh.ship new file mode 100755 index 00000000..2ecee9fb --- /dev/null +++ b/elchos/root-image/krebs/bin/tor_publish_ssh.ship @@ -0,0 +1,12 @@ +#!/usr/bin/env ship +#@include core +. /krebs/lib/core +#@include network +. /krebs/lib/network +#@include tor +. /krebs/lib/tor + +test -w "$torrc" || ( error "$torrc is not writable!"; exit 1 ) || exit 1 + +configure_hidden_service +cat $hidden_service_dir/hostname | send_irc diff --git a/elchos/root-image/krebs/bin/update-search.sh b/elchos/root-image/krebs/bin/update-search.sh new file mode 100755 index 00000000..665f6543 --- /dev/null +++ b/elchos/root-image/krebs/bin/update-search.sh @@ -0,0 +1,5 @@ +#!/bin/sh +for i in /media/vag*;do + updatedb -l 0 -o "$i/mlocate.db" -U "$i" +done +echo "update complete" diff --git a/elchos/root-image/krebs/bin/vim_sane_defaults.ship b/elchos/root-image/krebs/bin/vim_sane_defaults.ship new file mode 100755 index 00000000..fcc7ffcf --- /dev/null +++ b/elchos/root-image/krebs/bin/vim_sane_defaults.ship @@ -0,0 +1,10 @@ +#!/bin/sh +#@strict +#@include core +. /krebs/lib/core +#@include vim +. /krebs/lib/vim +#@mainifyme +touch $vimrc +info "configuring vim" +vim_conf_sane_defaults diff --git a/elchos/root-image/krebs/etc/Reaktor/admin.lst b/elchos/root-image/krebs/etc/Reaktor/admin.lst new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/elchos/root-image/krebs/etc/Reaktor/admin.lst diff --git a/elchos/root-image/krebs/etc/Reaktor/auth.lst b/elchos/root-image/krebs/etc/Reaktor/auth.lst new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/elchos/root-image/krebs/etc/Reaktor/auth.lst diff --git a/elchos/root-image/krebs/etc/Reaktor/commands/ftpget b/elchos/root-image/krebs/etc/Reaktor/commands/ftpget new file mode 100755 index 00000000..74e76f8e --- /dev/null +++ b/elchos/root-image/krebs/etc/Reaktor/commands/ftpget @@ -0,0 +1,58 @@ +#!/bin/sh +# usage: $0 [-d] uri sharename[/subdirs] +exec 2>&1 +set -euf +ncdc_user=hooker +usage(){ + cat <<EOF +usage: $0 [-d] uri share[/subdirs] + -d -- uri is a directory to be mirrored + share -- vag[0-n] + +EOF +} +examples(){ + cat <<EOF +examples: ftpget -d http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.8 vag0/firefox_releases + -> 0.8 directory is stored to /media/vag0/firefox_releases + + ftpget -d http://speedtest.qsc.de/10MB.qsc vag0/ + -> 10MB.qsc is stored to /media/vag0/10MB.qsc +EOF +} +if test "${1:--h}" == '-h' -o "${1:-}" == '--help';then + usage + examples + exit 0 +fi +if test ${1:-} == '-d' ;then + is_dir=true + shift +fi + +target="${1:-}" +if !( echo "$target" | egrep -q '^(ftps*://|https*://)' );then + exit 23 +fi + +share=$( printf "%s" "${2?provide share name}" |head -1 | sed 's#\.\./##') +sharepath=/media/${share%%/*} +realshare="/media/$share" +test ! -e "$sharepath" && echo "$sharepath does not exist!" && exit 23 + +sudo -u $ncdc_user /usr/bin/mkdir -p "$realshare" + +if test -z ${is_dir:-};then + cmd="lftpget \"$target\"" +else + cmd="lftp -e \"mirror;exit\" $target" +fi + + if ! sudo -u $ncdc_user /usr/bin/tmux has-session -t dl >/dev/null 2>&1 ;then + sudo -u $ncdc_user /usr/bin/tmux new-session -s dl -d -c "$realshare" "$cmd" + else + sudo -u $ncdc_user /usr/bin/tmux new-window -t dl -c "$realshare" "$cmd" + fi +#sudo -u $ncdc_user /usr/bin/tmux new-window -t dl |