From 42c116bff814facbae106b4b1927a77657e6ea05 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 19 Mar 2014 20:22:14 +0100
Subject: filehooker: add onion name recovery

---
 .../root-image/krebs/bin/tor-get-hidden-service.sh |  2 ++
 filehooker/root-image/root/customize_root_image.sh | 31 +++++++++++++++++++---
 2 files changed, 29 insertions(+), 4 deletions(-)
 create mode 100755 filehooker/root-image/krebs/bin/tor-get-hidden-service.sh

diff --git a/filehooker/root-image/krebs/bin/tor-get-hidden-service.sh b/filehooker/root-image/krebs/bin/tor-get-hidden-service.sh
new file mode 100755
index 00000000..c9946366
--- /dev/null
+++ b/filehooker/root-image/krebs/bin/tor-get-hidden-service.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+cat /var/lib/tor/hidden_service/hostname
diff --git a/filehooker/root-image/root/customize_root_image.sh b/filehooker/root-image/root/customize_root_image.sh
index 2f5579d9..185cb733 100755
--- a/filehooker/root-image/root/customize_root_image.sh
+++ b/filehooker/root-image/root/customize_root_image.sh
@@ -1,6 +1,8 @@
 #!/bin/bash
 
 set -e -u -f -x
+reaktor_user=reaktor
+ncdc_user=hooker
 
 sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen
 locale-gen
@@ -19,6 +21,8 @@ chmod 700 -R /home/pimp/.ssh/
 
 cp /krebs/etc/authorized_keys /root/.ssh/
 
+useradd -m hooker ||:
+
 chown -R root:root /etc /root /krebs /usr/bin 
 chmod 750 /etc/sudoers.d
 chmod 440 /etc/sudoers.d/g_wheel
@@ -29,15 +33,34 @@ sed -i 's/#\(Storage=\)auto/\1volatile/' /etc/systemd/journald.conf
 /krebs/bin/vim_sane_defaults.ship
 sudo -u pimp /krebs/bin/vim_sane_defaults.ship
 
+## load latest ncdc if not available
 test -e /usr/bin/ncdc || \
   curl http://dev.yorhel.nl/download/ncdc-linux-x86_64-1.19.tar.gz | \
   tar xz -C "/usr/bin"
 
-systemctl enable  multi-user.target \
+## load latest painload if not available
+test ! -e /krebs/painload/Reaktor && \
+  curl https://codeload.github.com/krebscode/painload/tar.gz/master | \
+  tar xz -C "/krebs" && \
+  mv /krebs/painload-master /krebs/painload
+
+useradd $reaktor_user || :
+## needed to see the hidden service hostname
+echo "$reaktor_user ALL=(tor) NOPASSWD: /krebs/bin/tor-get-hidden-service.sh" >> /etc/sudoers.d/get_root
+
+cp /krebs/painload/Reaktor/etc/systemd/system/Reaktor@.service \
+   /etc/systemd/system
+# add bonus features for filehooker
+cp -a /krebs/etc/Reaktor  /krebs/painload
+  
+for i in  multi-user.target \
                   pacman-init.service \
                   choose-mirror.service \
-                  tor-announce.service \
+                  tor-configure-hidden.service \
+                  Reaktor@${reaktor_user}.service \
                   filehooker-hostname.service \
-                  start-ncdc.service \
+                  start-ncdc@${ncdc_user}.service \
                   sshd.service \
-                  tor.service
+                  tor.service ;do
+  systemctl enable "$i"
+done
-- 
cgit v1.2.3