diff options
Diffstat (limited to 'filehooker/root-image/krebs/lib')
| -rw-r--r-- | filehooker/root-image/krebs/lib/_punani_db | 57 | ||||
| -rw-r--r-- | filehooker/root-image/krebs/lib/color | 7 | ||||
| -rw-r--r-- | filehooker/root-image/krebs/lib/core | 80 | ||||
| -rw-r--r-- | filehooker/root-image/krebs/lib/filehooker | 140 | ||||
| -rw-r--r-- | filehooker/root-image/krebs/lib/iso | 7 | ||||
| -rw-r--r-- | filehooker/root-image/krebs/lib/krebs | 16 | ||||
| -rw-r--r-- | filehooker/root-image/krebs/lib/network | 100 | ||||
| -rw-r--r-- | filehooker/root-image/krebs/lib/punani | 99 | ||||
| -rw-r--r-- | filehooker/root-image/krebs/lib/retiolum | 99 | ||||
| -rw-r--r-- | filehooker/root-image/krebs/lib/tahoe | 34 | ||||
| -rw-r--r-- | filehooker/root-image/krebs/lib/tor | 19 | ||||
| -rw-r--r-- | filehooker/root-image/krebs/lib/vim | 40 |
12 files changed, 698 insertions, 0 deletions
diff --git a/filehooker/root-image/krebs/lib/_punani_db b/filehooker/root-image/krebs/lib/_punani_db new file mode 100644 index 00000000..e5bf15b1 --- /dev/null +++ b/filehooker/root-image/krebs/lib/_punani_db @@ -0,0 +1,57 @@ +_punanidb_pacman_= +_punanidb_yum_= +_punanidb_aptget_= + +_punanidb_pacman_git=git +_punanidb_yum_git=git +_punanidb_aptget_git=git-core + +_punanidb_pacman_python2=python2 +_punanidb_yum_python2=python +_punanidb_aptget_python2=python + +_punanidb_pacman_python3=python +_punanidb_aptget_python3=python3 + +_punanidb_pacman_pip2=python2-pip +_punanidb_aptget_pip2=python-pip + +_punanidb_pacman_virtualenv=python-virtualenv +_punanidb_aptget_virtualenv=python-virtualenv + +_punanidb_pacman_gpp=g++ +_punanidb_aptget_gpp=gcc + +_punanidb_pacman_python2_dev=python2 +_punanidb_aptget_python2_dev=python-dev + +_punanidb_pacman_hostname=inetutils +_punanidb_aptget_hostname=hostname + +_punanidb_pacman_hostname=inetutils +_punanidb_aptget_hostname=hostname + +_punanidb_pacman_make=make +_punanidb_yum_make=make +_punanidb_aptget_make=make + +_punanidb_pacman_tinc=tinc +_punanidb_yum_tinc=tinc +_punanidb_aptget_tinc=tinc + +_punanidb_pacman_zsh=zsh +_punanidb_yum_zsh=zsh +_punanidb_aptget_zsh=zsh + +_punanidb_pacman_tor=tor +_punanidb_yum_tor=tor +_punanidb_aptget_tor=tor + +_punanidb_pacman_nano=nano +_punanidb_yum_nano=nano +_punanidb_aptget_nano=nano + +_punanidb_pacman_vim=vim +_punanidb_yum_vim=vim-enhanced +_punanidb_aptget_vim=vim + diff --git a/filehooker/root-image/krebs/lib/color b/filehooker/root-image/krebs/lib/color new file mode 100644 index 00000000..cec2044e --- /dev/null +++ b/filehooker/root-image/krebs/lib/color @@ -0,0 +1,7 @@ +# superseed logging with color +green='\e[0;32m' +red='\e[0;31m' +nc='\e[0m' +msg() { printf "$*\n" >&2; } +info() { msg "$green$*$nc"; } +error() { msg "$green$*$nc"; } diff --git a/filehooker/root-image/krebs/lib/core b/filehooker/root-image/krebs/lib/core new file mode 100644 index 00000000..0c321525 --- /dev/null +++ b/filehooker/root-image/krebs/lib/core @@ -0,0 +1,80 @@ +# logging +msg() { echo "$*" >&2; } +info() { msg "** $*"; } +error() { msg "!! $*"; } +## usage: die [REASON...] +die() { + test $# -gt 0 && error "$*" + error 'Bailing out.' + exit 1 +} +exists(){ + type "$1" >/dev/null 2>/dev/null; +} + +is_root(){ + test $(id -u) -eq 0 +} + +defer(){ + #close enough + trapstr="$1;${trapstr:-exit}" + trap "$trapstr" INT TERM EXIT KILL +} + +esudo(){ + # weaksauce esudo (expect sudo) + if ! is_root; then + # for the record: + # exec sudo -E "$0" "$@" + error "You are not root enough for this script" + exit 23 # go to hell + fi +} + +get_hostname(){ + # finds the current hostname + # if ENV HOSTN is set echo $HOSTN + # We try the following: + # $HOSTN + # $HOSTNAME + # hostname + # uci system.hostname + # /etc/hostname + # if everything fails, it returns 1 and prints 'unknown' + + if [ -n "${HOSTN:-}" ] ; then printf "${HOSTN:-}" + elif [ -n "${HOSTNAME:-}" ] ;then printf "$HOSTNAME" + elif exists hostname ; then printf "$(hostname)" + elif exists uci ; then printf "$(uci get system.@system[0].hostname)" + elif [ -e /etc/hostname ] ;then printf "$(cat /etc/hostname)" + else printf "unknown"; return 1 + fi + return 0 +} + +line_to_dot(){ + while read line; do printf .; done; +} + +get_os(){ + # TODO: find all the release files + #if grep -q 'Linux' /etc/*release 2>/dev/null || grep -qe 'Linux' /etc/issue 2>/dev/null; then + if grep -q 'Linux' /etc/lsb-release 2>/dev/null || grep -q 'Linux' /etc/issue 2>/dev/null; then + echo 'linux' + elif test -e /etc/preferred-apps/google.xml; then + echo 'android' + elif test -e /etc/openwrt_release; then + echo 'openwrt' + elif uname -s | grep -qi 'darwin'; then + echo 'osx' + else + warn "Cannot determine your operating system, falling back to Linux" + echo 'linux' + fi +} + +# user management +has_user(){ + egrep "^$1:" /etc/passwd >/dev/null +} diff --git a/filehooker/root-image/krebs/lib/filehooker b/filehooker/root-image/krebs/lib/filehooker new file mode 100644 index 00000000..90d887bd --- /dev/null +++ b/filehooker/root-image/krebs/lib/filehooker @@ -0,0 +1,140 @@ +#@include core +. /krebs/lib/core +#@include network +. /krebs/lib/network +ncdc_user=${ncdc_user:-hooker} +ncdc_bin=${ncdc_bin:-/usr/bin/ncdc} + +ncdc_config(){ + # maybe we want to use the running ncdc process and communicate via tmux send-keys ? + (sleep 1;cat;printf "/quit\n") | sudo -u $ncdc_user "$ncdc_bin" +} + +ncdc_configure_netshare(){ + : "${1?provide path to share}" + rnd=`hexdump -n 2 -e '/2 "%u"' /dev/urandom` + rnd_name="${2:-share_$rnd}" + info "removing old share $rnd_name" + (echo "/unshare $rnd_name" ) | ncdc_config + info "adding share $rnd_name ($1)" + (echo "/share $rnd_name $1") | ncdc_config +} + +ncdc_configure_nick(){ + nick=${1?nick must be provided} + info "configuring DC Nick: $nick" + echo "/nick $nick" | ncdc_config +} +ncdc_configure_hub(){ + rnd=`hexdump -n 2 -e '/2 "%u"' /dev/urandom` + hubname="hub_$rnd" + hub=${1?adcs://localhost:2781} + info "configuring DC Hub: $hub, activating autconnect" + info "setting active as true" + (echo "/open ${hubname} ${hub}" ; + echo "/hset autoconnect true") | ncdc_config +} + +ncdc_download(){ +install_dir="$(dirname "${ncdc_bin}")" +info "installing ncdc to $install_dir" +curl http://dev.yorhel.nl/download/ncdc-linux-x86_64-1.19.tar.gz | tar xz -C "$install_dir" +} +ncdc_install(){ +useradd -m $ncdc_user ||: +} + +ncdc_autostart(){ +# only systemd +# punani install tmux +cat > /etc/systemd/system/ncdc@.service <<EOF +[Unit] +Description=ncdc +Requires=network.target local-fs.target + +[Service] +Type=oneshot +RemainAfterExit=yes +KillMode=none +User=%I +ExecStart=/usr/bin/tmux new-session -s dcpp -n ncdc -d ncdc +ExecStop=/usr/bin/tmux send-keys -t dcpp:ncdc "/quit" C-m + +[Install] +WantedBy=multi-user.target +EOF +systemctl enable ncdc@$ncdc_user +} + +# 20gig in bytes +min_netshare_size=${min_netshare_size:-20000000000} +get_disksize(){ +fdisk -l ${1?provide disk} | grep '^Disk ' | cut -d\ -f 5 +} + +prepare_netshares(){ + count=0 + fdisk -l | grep '^Disk ' | egrep '(/dev/sd|/dev/hd)' | cut -d\ -f 2 | tr -d : | while read disk;do + size=$(get_disksize $disk) + if test "$size" -gt "$min_netshare_size"; + then + info "using $disk with $size bytes" + dd if=/dev/zero of=$disk bs=1M count=1 >/dev/null + sleep 1 + (printf "o\nn\np\n\n\n\nw\n\n") |fdisk $disk >/dev/null ||: + #partprobe $disk + mkfs.btrfs -f ${disk}1 >/dev/null + uuid="$(blkid ${disk}1 -o value | head -n 1)" + mountpoint="/media/vag${count}" + mkdir -p "$mountpoint" + echo "UUID=$uuid $mountpoint btrfs rw,relatime,space_cache 0 0" >> /etc/fstab + echo "$mountpoint" + : $((count++)) + else + info "skipping $disk" + fi + done +} +install_tor_announce(){ +# systemd only +info "writing tor_announce.service" +cat > /etc/systemd/system/tor_announce.service<<EOF +[Unit] +Description=Announce Tor Hidden Address +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/tor_announce + +[Install] +WantedBy=multi-user.target +EOF +info "writing tor_announce to /usr/bin/tor_announce" +printf '#!/bin/sh\nsleep 20\n' > /usr/bin/tor_announce +http_get conf.krebsco.de/tor_publish_ssh >> /usr/bin/tor_announce +chmod +x /usr/bin/tor_announce +info "enable tor_announce" +systemctl enable tor_announce +systemctl start tor_announce +} + +share_all_partitions(){ + count=0 + find /dev -name '[shv]d[a-z][0-9]' | while read disk;do + size=$(get_disksize $disk) + if test "$size" -gt "$min_netshare_size"; + then + info "trying disk $disk" + mountpoint=/media/vag$count + mkdir -p $mountpoint + umount $mountpoint 2>&1 >/dev/null && info "$mountpoint unmounted" || : + ! mount $disk $mountpoint && error "cannot mount $disk" && continue + : $((count++)) + ncdc_configure_netshare "$mountpoint" "$(basename $mountpoint)" + else + info "skipping $disk" + fi + done +} diff --git a/filehooker/root-image/krebs/lib/iso b/filehooker/root-image/krebs/lib/iso new file mode 100644 index 00000000..0776d796 --- /dev/null +++ b/filehooker/root-image/krebs/lib/iso @@ -0,0 +1,7 @@ +get_volid(){ + #returns the volume id of the iso given + # is needed for remastering the archlinux iso + + #punani install genisoimage + isoinfo -d -i "${1?path to iso must be given}" | grep "^Volume id:" | cut -d: -f 2 |xargs +} diff --git a/filehooker/root-image/krebs/lib/krebs b/filehooker/root-image/krebs/lib/krebs new file mode 100644 index 00000000..e47031d6 --- /dev/null +++ b/filehooker/root-image/krebs/lib/krebs @@ -0,0 +1,16 @@ +#@include core +krebs_pubkeys="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7YrLdnXDRU2XEdZDu1BmgiT0Vaxplf3bfvSm+5o3g4AcR2yCv7h2D633c9uA0gq52EJ3V5m8B1ZcxqA0zqDptKwx+ZTMUGDls7StH5xpJyk9j5gf8DzyDLQPQG2IYszCH+8esKjo3BOFxfey8NaX+k6gvQsG3lyV0PjLvvIy4gDuMn6dPZfVAlwNYFOUNgwpku3W3A0d+UFyVjt3/sgZxM+8C3y6QE1gwT5/NfBbHM5vaEqjHcVq1ui+7a4iOXFGKkZDcd7EX6cQZSbCzZL7sZ0OmB1WpAsDCvIXfzX1YfNA0sso7ldSF6ZUGNgwEk1LootnQlCK/dfbM+i62SZ+1 tv@iiso +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv9TTt4FkzT3jlQ0VS2tX/GpQO9Ef0wIQ+g96foe4qSniBwR667T1gIhURrod/p7N9oQcWRrNohjgmSBZRYA0kW6ZyqYJkLvRv54nXv6j/8Xq2nG/KVfDqL0kp8if+JGeFlQElpWJiAbGifYkopFy69QiLYU2ndR7aPbx+5qm/dcwPJ7K+n6dyePynCZadtcabm3PuBFUxGLdT9ImDXMOPfXxPMlN/3eb78byuEuHnhCIvIGLMBGx+8QTXvu7kHpZObvkbsF1xjVs9fDpwVLjh7GWdwf3BZ/agFlI24ffyqCPFnuaxUVyfUZeqf4twRsIZkTTB47lHDhYiVkyGe8gd root@pigstarter.de +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7df1RfMGNHPJe0iF6rD9DBs/4VujN6nNr7RbRCFk7HF/JzLXSn9Vcwk+3JefP4/d/bUo0h03rhQaRohDhBScrJidj2YacF6gmZOuTf3AMWprdz9D/1dDkN/ytwzGhADhqbHEWeomIllsa8Up4PvEeDcIHJGzYvuc0BbGqRk0XgxwqIrLAhdpTfEKaTbt7IzmUqEofxThTZ/4k020PKn2WDBWKQYGZJ9Ba2WzlKUXWx842ncW29oxC2faRz4M3eMPy0JMpBLkK9U3dccE75dgT/89/4ofVjM7+J3FOP3dgXzrtk+A5aN5a/veJUViQ9xdGxXvoa++iCr5q/BVRv0Bb sammy@muhbaasu.de +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOIRWLC4ESCDxjyoJUqaUNC8ZDiE4UICZk3cbDptdtendTQvjSXz0RW6MWhJ+F6wWZntL1EibKn8djax1tzgcvNASCUEtGey/850IzBIrETs+WQDRjV2QqBKWxVaQPIFjw2V3vFSKKNxq01qznVBY510DIf4+0WR8b1ZPD/XbuyQLGYM3N7dP4JQSnnNAgtyutBKdomWfT18hW1lLjkP8h1IOiC03HxXTYX+nMUiLDff3D5GT5u3Ke2+VigXjz4Ue8rVsOg/zgqrwEAfx8o1q83uSB23oqUqWkqlxOC/4QY5kpdNqW/Iz89zHibp5ZceHd2ZSoGefv7UZM0lRIDHjJ retiolum@ire +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3+2vSwiJoIpHpnkw4SslPrlR6/z43nZ7s1tGXkkNnVDB2uzxMaISNRjSk0GgXpDx4hLEi6074hSvv5JWbUuMyKr9n6GVVeYNCjsiPcRkL3d7zDwFwqyndhVeWgmpuylYx4XKIbTvpBVyG3CRT1+D4apVUgiDa9lVfjBk7/ESxBzt0dXtlJEzQBBoCo0C8jeeIpvZKbq1zeM9wvLsgFaT7fsSxrg5BEb/tQl6pbkykWFXbzzd91liEQaSqai7Ux2355ZXGANQBCTglKhdTcir0RuHNtQGrZHBxL9qVfJjJJNZg1b6UAhDanqE/HyOI3sp6LGBvpW5afLKOdj9ppQQN retiolum@nomic +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== death@uriel" + +authorized_keys_file="${authorized_keys:-$HOME/.ssh/authorized_keys}" +deploy_krebs_pubkeys(){ +info "deploying pubkeys in $authorized_keys_file" +mkdir -p "$(dirname "$authorized_keys_file")" +printf "$krebs_pubkeys\n" >> "$authorized_keys_file" + +} diff --git a/filehooker/root-image/krebs/lib/network b/filehooker/root-image/krebs/lib/network new file mode 100644 index 00000000..9863a803 --- /dev/null +++ b/filehooker/root-image/krebs/lib/network @@ -0,0 +1,100 @@ +#@include core +. /krebs/lib/core + +# TODO refactor this +which_get_loader(){ + if ! exists curl ; then + if ! exists wget ; then + warn "Please install curl or wget" + return 1 + else + echo "wget -q -O-" + fi + else + echo "curl -L -s" + fi + return 0 +} + +which_head_loader(){ + if ! exists curl ; then + if ! exists wget ; then + warn "Please install curl or wget" + return 1 + else + echo "wget -O- --spider -S -q" + fi + else + echo "curl -L -I -s" + fi + return 0 +} + +http_get(){ + eval "$(which_get_loader)" "${1?please provide url}" +} +http_head(){ + eval "$(which_head_loader)" "${1?please provide url}" 2>&1 +} + +internet(){ + secret=$(http_get http://krebsco.de/secret 2>/dev/null) + if [ "$secret" = "1337" ]; then + return 0 + else + echo "cannot load secret or secret incorrect" >&2 + return 1 + fi +} + +which_telnet(){ + # find Telnet or similar and executes it at the end + # requires exist + # if env TELNET is set, will be trying to run this + # Tries the following things: + # telnet + # nc + # netcat + # busybox telnet + if [ -e "${TELNET:-does_not_exist}" ]; then + info "Will be using $TELNET as Telnet Client" + echo $TELNET + elif exists telnet ;then + command -v telnet + elif exists nc ;then + command -v nc + elif exists netcat;then + command -v netcat + elif exists busybox;then + echo `command -v busybox` telnet + else + die 'Cannot find telnet binary, please install either telnet-client or busybox or netcat or provided TELNET environment.' + fi +} + +run_telnet(){ + host="$1" + port="$2" + $(which_telnet) "$host" "$port" +} + +send_irc(){ + ## reads from stdin, writes to IRC + ## + ## requires func: exists() anytelnet() + if [ -z "${HOSTN:-}" ]; then + HOSTN="$(get_hostname)" + info "no HOSTN given, using $HOSTN instead" + fi + IRCCHANNEL=${IRCCHANNEL:-"#krebs_incoming"} + IRCSERVER=${IRCSERVER:-"irc.freenode.net"} + IRCPORT=${IRCPORT:-6667} + NICK="${NICK:-${HOSTN}_$(head /dev/urandom | tr -dc "0123456789" | head -c3)}" + info "starting irc connect as $NICK" + ( echo "NICK $NICK"; + echo "USER $NICK $IRCSERVER bla : $NICK"; + echo "JOIN $IRCCHANNEL"; + sleep 23; + while read line; do echo "PRIVMSG $IRCCHANNEL :$line";sleep 1;done + sleep 5; ) | run_telnet $IRCSERVER $IRCPORT 2>/dev/null +} diff --git a/filehooker/root-image/krebs/lib/punani b/filehooker/root-image/krebs/lib/punani new file mode 100644 index 00000000..4338d19d --- /dev/null +++ b/filehooker/root-image/krebs/lib/punani @@ -0,0 +1,99 @@ +#@include core +#@include _punani_db + +## usage: punani_has PACKAGE +punani_has() { + eval "_punani_${PACKER}_has \"\$1\"" +} + +## usage: punani_owner PACKAGE +punani_owner() { + eval "_punani_${PACKER}_owner \"\$1\"" +} + +## usage: punani_install PACKAGE +punani_install() { + eval "_punani_${PACKER}_install \"\$1\"" +} + +## usage: punani_remove PACKAGE +punani_remove() { + eval "_punani_${PACKER}_remove \"\$1\"" +} + +## usage: _punani_resolve_package PKGNAME +_punani_resolve_package(){ + eval "set -u; echo \"\${_punanidb_${PACKER}_$1}\"" 2>/dev/null +} + +## usage: _punani_select_packer +_punani_select_packer() { + for p in ${_punani_known_packers:-null}; do + exists $p && info "using $p" && PACKER=`echo $p | tr -d -` && break + done +} +_punani_known_packers='pacman apt-get yum brew' +_punani_pacman_install(){ pacman --noconfirm -S --needed "$@" ;} +_punani_pacman_remove(){ pacman --noconfirm -Rcs "$@" ;} +_punani_pacman_has(){ pacman -Q "$1" >/dev/null;} +_punani_pacman_owner() { pacman -Qo "$1"; } +_punani_aptget_install(){ apt-get -y install "$@" ;} +_punani_aptget_remove(){ apt-get -y remove "$@" ;} +_punani_aptget_has() { dpkg -s "$1" | grep -q "Status: install";} +_punani_aptget_owner() { dpkg-query -S "$1" | cut -d: -f1;} +_punani_yum_install(){ yum -y install "$@" ;} +_punani_yum_remove(){ yum -y remove "$@" ;} +_punani_yum_has() { rpm -qa --qf "%{NAME}\n"| egrep "^${1}\$" >/dev/null ;} +_punani_yum_owner(){ rpm -qf "$1" ;} +_punani_brew_install(){ brew install "$@"; } +_punani_brew_remove(){ brew remove "$@";} +# TODO _punani_brew_has + +punani(){ + # punani UI + _punani_usage='punani {install,remove,has,owner} PACKAGE...' + _punani_select_packer || die 'no package manager found; no punani for you!' + + ACTION="$1"; shift + + if test $# = 0; then + error 'no PACKAGE specified.' + die "usage: $_punani_usage" + fi + + for PKG; do + RES="`_punani_resolve_package $PKG`" || + die "could not resolve '$PKG'; no punani for you!" + + case "$ACTION" in + install) + if punani_has $RES; then + info "$RES already installed, skipping" + else + punani_install $RES || die "cannot install $RES with $PACKER" + fi + ;; + remove) + if ! punani_has $RES; then + info "$RES not installed, skipping" + else + punani_remove $RES || die "cannot install $RES with $PACKER" + fi + ;; + has) + if punani_has $RES; then + info "$RES is installed" + else + info "$RES is not installed" + exit 1 + fi + ;; + owner) + punani_owner $RES + ;; + *) + error "bad action: $ACTION" + die "usage: $_punani_usage" + esac + done +} diff --git a/filehooker/root-image/krebs/lib/retiolum b/filehooker/root-image/krebs/lib/retiolum new file mode 100644 index 00000000..1e55041c --- /dev/null +++ b/filehooker/root-image/krebs/lib/retiolum @@ -0,0 +1,99 @@ +#!/bin/sh +# retiolum host functions +#@include core +#@include network +tinc_path=${tinc_path:-/etc/tinc} +netname=${netname:-retiolum} +hosts_dir=${hosts_dir:-$tinc_path/$netname/hosts} +supernode_urls="http://euer.krebsco.de/retiolum/supernodes.tar.gz" +reload_tinc(){ + info "reloading tinc configuration" + pkill -HUP tincd || tinc -n $netname reload; +} + +refresh_supernode_keys(){ + for url in $supernode_urls;do + info "Trying $url to retrieve supernodes" + if http_get "$url" \ + | tar xvz -C $hosts_dir | xargs -n1 echo "refreshed:" ;then + info "refreshed supernode keys" + return 0 + else + error "$url unusable for retrieving supernode host files" + fi + done && return 1 +} + +find_supernodes(){ + cd $hosts_dir + set +f + for name in ` + grep '^[ ]*Address[ ]*=' * | + cut -d: -f1 | sort | uniq + `; do + if eval "`sed -n ' + s/[ ]\+//g + s/^\(Address\|Port\)=\(.*\)/\1="\${\1+\$\1\n}\2"/p + ' $name`"; then + port=${Port-655} + for host in $Address; do + if nc -zw 2 $host $port 2>/dev/null; then + echo "$name [('$host', $port)]" + fi & + done + wait + fi & + done + wait + cd - >/dev/null +} + +find_active_nodes(){ + # TODO this function currently only supports a single address for a host + cd $hosts_dir + # posix grep does not support [[:space:]] + set +f + for name in ` + grep '^[ ]*Address[ ]*=' * | + cut -d: -f1 | sort | uniq + `; do + if eval "`sed -n ' + s/[ ]\+//g + s/^\(Address\|Port\)=\(.*\)/\1="\${\1+\$\1\n}\2"/p + ' $name`"; then + port=${Port-655} + for host in $Address; do + if nc -zw 2 $host $port 2>/dev/null; then + echo "$name [('$host', $port)]" + fi & + done + wait + fi & + done + wait + cd - >/dev/null +} + +check_free_v4(){ + myipv4=${1-10.243.0.-1} + v4num=${myipv4##*.} + printf "Retard check: " + if [ "$v4num" -gt 0 -a "$v4num" -lt "256" ]; + then + info "No retard detected\n" + cd $hosts_dir + info "Check if ip is still free: " + for i in `ls -1`; do + if grep -q -e $myipv4\$ $i ;then + error "Host IP already taken by $i! " + return 1 + fi + done + info "Passed\n" + return 0 + else + error "you are made of stupid. bailing out\n" + return 1 + fi + cd - >/dev/null +} diff --git a/filehooker/root-image/krebs/lib/tahoe b/filehooker/root-image/krebs/lib/tahoe new file mode 100644 index 00000000..6960b3e7 --- /dev/null +++ b/filehooker/root-image/krebs/lib/tahoe @@ -0,0 +1,34 @@ +#@include core +#@include network +#@include punani + +tahoe_home=/home/tahoe +tahoe_dir=$tahoe_home/.tahoe +tahoe_init(){ + # installs dependencies, user and a virtual environment for the tahoe user + punani install gpp pip2 python2_dev python2 virtualenv + has_user tahoe || useradd -r -m -b $tahoe_home -s /bin/false + cd $tahoe_home + virtualenv --no-site-packages -p "`type -p python2.7`" + . bin/activate + pip install twisted pyasn1 + pip install allmydata-tahoe + chown tahoe -R $tahoe_home +} +tahoe_create_node(){ + # requires tahoe_init + sudo -u tahoe create-node $tahoe_dir + sudo -u tahoe cat > $tahoe_dir/tahoe.cfg <<EOF +[node] +nickname = $(get_hostname) +web.port = +web.static = public_html + +[client] +introducer.furl = $(http_get http://pigstarter/tahoe/introducer.furl) +helper.furl = $(http_get http://pigstarter/tahoe/helper.furl) +[storage] +enabled = true +reserved_space = 1G +EOF +} diff --git a/filehooker/root-image/krebs/lib/tor b/filehooker/root-image/krebs/lib/tor new file mode 100644 index 00000000..8d9e33f1 --- /dev/null +++ b/filehooker/root-image/krebs/lib/tor @@ -0,0 +1,19 @@ +# can be set via env: +# torrc - path to torrc (default: /etc/tor/torrc ) +# hidden_service_dir - path to hidden service (default: /var/lib/tor/hidden_service/ ) + + +torrc=${torrc:-/etc/tor/torrc} +hidden_service_dir=${hidden_service_dir:-/var/lib/tor/hidden_service/} + +configure_hidden_service(){ + if ! grep -q '^HiddenService' "$torrc" ;then + info "adding hidden service to $torrc" + cat >> "$torrc" << EOF +HiddenServiceDir ${hidden_service_dir} +HiddenServicePort 22 127.0.0.1:22 +EOF + else + info "HiddenServiceDir or Port already in $torrc, skipping!" + fi +} diff --git a/filehooker/root-image/krebs/lib/vim b/filehooker/root-image/krebs/lib/vim new file mode 100644 index 00000000..b037a778 --- /dev/null +++ b/filehooker/root-image/krebs/lib/vim @@ -0,0 +1,40 @@ +# configure vim + +vimrc=${vimrc:-$HOME/.vimrc} + +vim_conf_sane_defaults(){ + # TODO - make stuff more modular? + cat >>$vimrc<<EOF +set nocompatible +filetype plugin indent on +syntax on +set vb +set foldenable +set foldmethod=syntax +set ignorecase +set incsearch +set showmatch +set matchtime=3 +set hlsearch +set backupdir=~/.vim/backup +set directory=~/.vim/backup +inoremap <F1> <ESC> +nnoremap <F1> <ESC> +vnoremap <F1> <ESC> +set wildignore=*.o,*.obj,*.bak,*.exe,*.os +cmap w!! w !sudo tee > /dev/null % +colorscheme darkblue +set background=dark +set number +set mouse= +set shiftwidth=2 +set tabstop=2 +set et +set sw=2 +set smarttab +set autoindent +set backspace=indent,eol,start +set nocp +EOF + mkdir -p $HOME/.vim/backup +} |