diff options
Diffstat (limited to 'sites')
-rw-r--r-- | sites/buildbot.krebsco.de/INSTALLATION.md | 9 | ||||
-rw-r--r-- | sites/elchhub.nsupdate.info/install_adhpp | 44 | ||||
-rw-r--r-- | sites/elchirc.nsupdate.info/install_unrealircd | 19 | ||||
-rw-r--r-- | sites/elchstats.nsupdate.info/carbon.service | 15 | ||||
-rw-r--r-- | sites/elchstats.nsupdate.info/graphite-web.service | 16 | ||||
-rw-r--r-- | sites/elchstats.nsupdate.info/graphite.journal.txt | 37 | ||||
-rw-r--r-- | sites/omo/torrent.md | 25 | ||||
-rw-r--r-- | sites/tahoe.retiolum/README.md | 13 | ||||
-rw-r--r-- | sites/task.krebsco.de/README.md | 40 |
9 files changed, 213 insertions, 5 deletions
diff --git a/sites/buildbot.krebsco.de/INSTALLATION.md b/sites/buildbot.krebsco.de/INSTALLATION.md index b31a3989..83ffc9c3 100644 --- a/sites/buildbot.krebsco.de/INSTALLATION.md +++ b/sites/buildbot.krebsco.de/INSTALLATION.md @@ -1,11 +1,12 @@ #?/bin/sh # something like this -useradd ci -punani install python-virtualenv +useradd ci -m +punani install python2-virtualenv su ci -virtualenv buildbot -echo ". $HOME/buildbot/bin/activate" >~/.bashrc +virtualenv2 buildbot +echo ". $HOME/buildbot/bin/activate" >>~/.bashrc +. ~/.bashrc pip install buildbot-slave buildbot buildbot create-master master # tahoe cp krebs:master.conf master/master.conf diff --git a/sites/elchhub.nsupdate.info/install_adhpp b/sites/elchhub.nsupdate.info/install_adhpp new file mode 100644 index 00000000..6f2986d5 --- /dev/null +++ b/sites/elchhub.nsupdate.info/install_adhpp @@ -0,0 +1,44 @@ +curl https://aur.archlinux.org/packages/ad/adchpp/adchpp.tar.gz > adchpp.tar.gz +tar xf adchpp.tar.gz +cd adchpp +# install all the deps +makepkg +pacman -U adchpp-*-x86_64.pkg.tar.xz +vi /etc/adchpp/adchpp.xml +# change description etc +# add to servers: +# <Server Port="2781" TLS="1" Certificate="/etc/adchpp/certs/cacert.pem" +# PrivateKey="/etc/adchpp/certs/privkey.pem" +# TrustedPath="/etc/adchpp/certs/trusted/" +# DHParams="/etc/adchpp/certs/dhparam.pem"/> + + +mkdir /etc/adchpp/certs +cd /etc/adchpp/certs +openssl genrsa -out privkey.pem 4096 +openssl req -new -x509 -key privkey.pem -out cacert.pem +openssl dhparam -outform PEM -out dhparam.pem 1024 + +cat > /var/lib/adchpp/motd.txt <<EOF +Welcome to the Elch Hub + xx xx xx xx +xxxx xx xxxx xxxx xxxx xx +xxxx xx xxxx xxxx xxxx xx + xxxxxx xx xx xxxxxx + xxxxxx xxxxxxxxxx xxxxxx + xx xxxxxxxxxxxxxx xx + xxxxxxxxxxxxxxxxxxxxxxxxxx + xxxxxxxxxxxxxx + xxxxxxxxxxxxxxxxxxxxxx + xx xxxxxx xx + xx xx xx xx xx xx + xx xx xx xx xx xx + xx xxxx xx xx xxxx xx + +[!] SSL is at port 2781 + connect via adcs://elchhub.nsupdate.info:2781/ + better start using it +EOF + +systemctl enable adchpp +systemctl start adchpp diff --git a/sites/elchirc.nsupdate.info/install_unrealircd b/sites/elchirc.nsupdate.info/install_unrealircd new file mode 100644 index 00000000..6778a7ac --- /dev/null +++ b/sites/elchirc.nsupdate.info/install_unrealircd @@ -0,0 +1,19 @@ +pacman -S unrealircd +# in /etc/unrealircd/unrealircd.conf +# uncomment where it says FOR *NIX +# remove the src/ from the start path as they are in /etc/unrealircd + +# uncomment motd ircd.motd +# fix passwords for restart +# comment in the .fr stuff +# fix cloak-keys +# + +# configure me,admin,class +# curl unreal.x-tab.org/makecert.sh > makecert.sh +# ./makecert.sh new -k server.key.pem -c server.cert.pem -r server.req.pem -b 2048 -d 9001 +# +# cp /krebs/cholerab/bling/krebs-v2.txt ircd.motd +# +# systemctl enable unrealircd +# systemctl start unrealircd diff --git a/sites/elchstats.nsupdate.info/carbon.service b/sites/elchstats.nsupdate.info/carbon.service new file mode 100644 index 00000000..d7087d41 --- /dev/null +++ b/sites/elchstats.nsupdate.info/carbon.service @@ -0,0 +1,15 @@ +[Unit] +Description=Graphite Carbon +After=network.target + +[Service] +Type=forking +User=graphite +Group=graphite +RemainAfterExit=yes +PIDFile=/opt/graphite/storage/carbon-cache-a.pid +ExecStart=/opt/graphite/bin/carbon-cache.py start +ExecStop=/opt/graphite/bin/carbon-cache.py stop + +[Install] +WantedBy=multi-user.target diff --git a/sites/elchstats.nsupdate.info/graphite-web.service b/sites/elchstats.nsupdate.info/graphite-web.service new file mode 100644 index 00000000..798f82ba --- /dev/null +++ b/sites/elchstats.nsupdate.info/graphite-web.service @@ -0,0 +1,16 @@ +[Unit] +Description=Graphite Web +After=network.target + +[Service] +Type=simple +User=graphite +Group=graphite +#RemainAfterExit=yes +Environment=PYTHONPATH=/opt/graphite/webapp +ExecStart=/usr/bin/django-admin.py runserver 0.0.0.0:8080 --settings=graphite.settings +TimeoutSec=45s +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/sites/elchstats.nsupdate.info/graphite.journal.txt b/sites/elchstats.nsupdate.info/graphite.journal.txt new file mode 100644 index 00000000..777f4650 --- /dev/null +++ b/sites/elchstats.nsupdate.info/graphite.journal.txt @@ -0,0 +1,37 @@ +#?/bin/sh +set -euf +# from http://graphite.wikidot.com/installation + +git clone https://github.com/graphite-project/graphite-web.git +git clone https://github.com/graphite-project/carbon.git +git clone https://github.com/graphite-project/whisper.git + +pacman -S python2 gcc pkg-config cairo python2-pip +for i in whisper carbon graphite-web;do + cd $i + pip2 install -r requirements.txt||: + python2 setup.py install + cd - +done +cd /opt/graphite/conf +cp carbon.conf.example carbon.conf +# edit carbon.conf, fix max writes per second, max adds per minute +cp storage-schemas.conf.example storage-schemas.conf + +# edit storage-schemas.conf, fix storage time +cd /opt/graphite/webapp/graphite +cp local_settings.py.example local_settings.py +# change SECRET_KEY +PYTHONPATH=/opt/graphite/webapp django-admin.py syncdb --settings=graphite.settings +# push in the texts + +useradd -m graphite -d /opt/graphite -r +chown -R graphite /opt/graphite +cd _here_ +cp carbon.service /opt/systemd/system/ +systemctl enable carbon +systemctl start carbon +cp graphite-web.service /opt/systemd/system/ +systemctl enable graphite-web +systemctl start graphite-web + diff --git a/sites/omo/torrent.md b/sites/omo/torrent.md new file mode 100644 index 00000000..61feea94 --- /dev/null +++ b/sites/omo/torrent.md @@ -0,0 +1,25 @@ +# Running torrents through socks +## Prereqs: +- qBittorrent +- winswitch (xpra) or qbittorrent-nox + +## Install +### Winswitch +see http://winswitch.org/downloads/debian-repository.html + +## Autostart (xpra) + + # in startup script: + export DISPLAY=:11 + xpra start $DISPLAY + tmux start-server + tmux new-window -t tools:1 'ssh -q -D1234 <remote-host>' + tmux new-window -t tools:2 'qbittorrent' + # attach to it: + xpra attach ssh:omo:11 + +## Autostart (nox) +see https://github.com/qbittorrent/qBittorrent/wiki/Running-qBittorrent-without-X-server + +## Lessons learned +- transmission sucks (no proxy support diff --git a/sites/tahoe.retiolum/README.md b/sites/tahoe.retiolum/README.md index 01e8ed03..2d3b3e12 100644 --- a/sites/tahoe.retiolum/README.md +++ b/sites/tahoe.retiolum/README.md @@ -5,6 +5,17 @@ introducer and a number of tahoe bricks. # Adding new bricks & clients see //cholerab/tahoe/{brick,client}\_installation + +# Migration of the Introducer +At some point it is necessary to migrate the tahoe introducer. +To keep everything running just take the tahoe introducer configuration from +the old host or from krebs:tahoe/introducer AND the original tinc configuration +of the tahoe host. +After that, set the tahoe.krebsco.de ip in the krebs zone. + + +If you need to re + # Replacing the introducer if the introducer may die off, all crypto material is saved in krebs:tahoe/introducer. There will be a backup somewhere, but bootstrapping @@ -13,4 +24,4 @@ always sucks. Follow the generic brick installation, use the configuration file at conf/tahoe.cfg and copy the crypto material in the private folder of the installation. -autostart that shit +autostart that shit. diff --git a/sites/task.krebsco.de/README.md b/sites/task.krebsco.de/README.md new file mode 100644 index 00000000..c6fd2b0f --- /dev/null +++ b/sites/task.krebsco.de/README.md @@ -0,0 +1,40 @@ +# task.krebsco.de +a taskd server deployment + +# Installation + + yaourt -S taskd + cp /usr/share/taskd/pki/generate.client /var/lib/taskd + +# configuration +taskd uses pki for login + + systemctl enable taskd + systemctl start taskd + export TASKDDATA=/var/lib/taskd + taskd add org Krebs + taskd config --force pid.file $TASKDDIR/taskd.pid + taskd config --force log $TASKDDIR/taskd.log + taskd config --force client.allow '^task [2-9],^taskd,^libtaskd' + +# add new client +for a new client we need to create certificates: + + # on server + cd /var/lib/taskd + ./generate.client username + # give new certs to user + curl -F'p=username.cert.pem' http://paste + curl -F'p=username.key.pem' http://paste + curl -F'p=ca.cert.pem' http://paste + taskd add user krebs username + # outputs <uid> + + # on client + mkdir ~/.task + curl http://paste/abcde > username.cert.pem + curl http://paste/efghi > username.key.pem + curl http://paste/jklmn > ca.cert.pem + task config taskd.server task.krebsco.de:53589 + task config taskd.credentials 'krebs/makefu/<uid>' + task sync init |