diff options
Diffstat (limited to 'retiolum')
84 files changed, 1399 insertions, 170 deletions
diff --git a/retiolum/Makefile b/retiolum/Makefile index 0d99ee70..cd0a543c 100644 --- a/retiolum/Makefile +++ b/retiolum/Makefile @@ -1,15 +1,29 @@ -.phony: update it all so install +.PHONY: update all install hosts -all: select-target +EXES := update_tinc_hosts fillxx update-retiolum-hosts -it: so -so: it +all: update links -/etc/tinc/retiolum/hosts: - cd $(dir $@) && git clone https://github.com/krebscode/hosts +links: + for x in $(EXES); do ln -vsnf ../retiolum/bin/$$x ../bin; done -update: /etc/tinc/retiolum/hosts - cd $< && git pull -install: +install: upgrade + ../punani/bin/punani tinc python scripts/tinc_setup/install.sh + cp scripts/tinc_setup/tinc-up /etc/tinc/retiolum/tinc-up + scripts/autostart/create-startup.sh + +upgrade: update + if ! diff -u scripts/tinc_setup/tinc-up /etc/tinc/retiolum/tinc-up; then \ + sudo cp scripts/tinc_setup/tinc-up /etc/tinc/retiolum/tinc-up; \ + sudo bin/restart-tincd; \ + fi + +update: hosts + bin/update_tinc_hosts "create magic" || true + bin/update_tinc_hosts restart + sudo pkill -HUP tincd || :; + +hosts: + bin/update-retiolum-hosts || true diff --git a/retiolum/bin/check-free-retiolum-v4 b/retiolum/bin/check-free-retiolum-v4 new file mode 100755 index 00000000..3f0dbdf8 --- /dev/null +++ b/retiolum/bin/check-free-retiolum-v4 @@ -0,0 +1,21 @@ +#! /bin/sh +netname=retiolum +myipv4=${1-10.7.7.-1} +v4num=${myipv4##*.} +printf "Retard check: " +if [ "$v4num" -gt 0 -a "$v4num" -lt "256" ]; +then + printf "No retard detected\n" + cd /etc/tinc/$netname/hosts + printf "Check if ip is still free: " + for i in `ls -1`; do + if grep -q -e $myipv4\$ $i ;then + echo "Host IP already taken by $i! " + exit 1 + fi + done + printf "Passed\n" +else + printf "you are made of stupid. bailing out\n" + exit 1 +fi diff --git a/retiolum/bin/check-free-retiolum-v6 b/retiolum/bin/check-free-retiolum-v6 new file mode 100755 index 00000000..20f87efe --- /dev/null +++ b/retiolum/bin/check-free-retiolum-v6 @@ -0,0 +1,2 @@ +#! /bin/sh +exit 0 diff --git a/retiolum/bin/get-tinc-dir b/retiolum/bin/get-tinc-dir new file mode 100755 index 00000000..3f48b2cd --- /dev/null +++ b/retiolum/bin/get-tinc-dir @@ -0,0 +1,9 @@ +#!/bin/ksh +case `uname -a` in + Linux*|CYGWIN*|MING*) echo "/etc/tinc" + ;; + SunOS*|Darwin*) echo "/usr/local/etc/tinc" + ;; + *) echo "/etc/tinc" + ;; +esac diff --git a/retiolum/bin/hosts b/retiolum/bin/hosts index 6939f52c..4856d494 100755 --- a/retiolum/bin/hosts +++ b/retiolum/bin/hosts @@ -6,6 +6,8 @@ netname=${1-retiolum} cd /etc/tinc/$netname/hosts for i in `ls`; do - sed -rn 's|^ *Subnet *= *([^ /]*)(/[0-9]*)? *$|\1\t'$i' '$i'.'$netname'|p' $i + sed -n ' + s|^ *Subnet *= *\([^ /]*\)\(/[0-9]*\)\? *$|\1\t'$i'.'$netname' '$i'|p + ' $i done | sort diff --git a/retiolum/bin/ipv6 b/retiolum/bin/ipv6 index 65a1eaa1..34c6de71 100755 --- a/retiolum/bin/ipv6 +++ b/retiolum/bin/ipv6 @@ -13,7 +13,7 @@ if test `id -u` != 0; then fi file=/etc/tinc/retiolum/hosts/`hostname` -addr=`sed -rn 's|^Subnet *= *(42:[0-9A-Fa-f:]*/128)|\1|p' $file` +addr=`sed -n 's|^Subnet *= *\(42:[0-9A-Fa-f:]*/128\)|\1|p' $file` route=42::/16 start() { diff --git a/retiolum/bin/my-ip b/retiolum/bin/my-ip new file mode 100755 index 00000000..fcfbba05 --- /dev/null +++ b/retiolum/bin/my-ip @@ -0,0 +1,2 @@ +#!/bin/sh +curl http://euer.krebsco.de/live/ip.php diff --git a/retiolum/bin/pgrep-retiolum-tincd-args b/retiolum/bin/pgrep-retiolum-tincd-args new file mode 100755 index 00000000..19c05fbe --- /dev/null +++ b/retiolum/bin/pgrep-retiolum-tincd-args @@ -0,0 +1,2 @@ +#! /bin/sh +ps -e -o args | grep -E '(^|[ /])tincd +([^ ].* )?(-n +|--net=)retiolum' diff --git a/retiolum/bin/restart-tincd b/retiolum/bin/restart-tincd new file mode 100755 index 00000000..17d939d9 --- /dev/null +++ b/retiolum/bin/restart-tincd @@ -0,0 +1,14 @@ +#! /bin/sh +set -xeuf + +PATH="$(dirname $(readlink -f "$0"))${PATH+:$PATH}" + +if args="`pgrep-retiolum-tincd-args`"; then + while $args --kill; do + sleep 1 + done + $args +else + echo "$0: there is no retiolum tincd process to restart" >&2 + exit 23 +fi diff --git a/retiolum/bin/supernode-update-hosts-and-hup b/retiolum/bin/supernode-update-hosts-and-hup new file mode 100755 index 00000000..b6b03c69 --- /dev/null +++ b/retiolum/bin/supernode-update-hosts-and-hup @@ -0,0 +1,44 @@ +#! /bin/sh +# +# @oxberg we do put this into crontab: +# * * * * * /supernode-update-hosts-and-hup +# +set -euf + +cd /etc/tinc/retiolum/hosts + +temp1="`mktemp`" +temp2="`mktemp`" +trap "rm -f $temp1 $temp2" EXIT INT TERM + +old_commit="`cat .commit 2>/dev/null || :`" + +_hrefs() { + sed -n 's/href="\([^"]\+\)"/\n&\n/gp' | + sed -n 's/^href="\([^"]\+\)"$/\1/p'; } + +if curl -fsS \ + "https://github.com/krebscode/painload/tree/master/retiolum/hosts" | + _hrefs | + grep '^/krebscode/painload/blob/' | + grep -v "/blob/$old_commit/" >$temp1 +then + + new_commit=`sed 's|^/krebscode/painload/blob/\([^/]*\)/.*|\1|;q' $temp1` + + sed ' + s|^/krebscode/painload/blob/[^/]*/retiolum/hosts/\([^/]*\)$|\1| + ' $temp1 > $temp2 + + xargs rm -v -f <$temp2 + + sed " + s|^.*$|https://raw.github.com/krebscode/painload/$new_commit/retiolum/hosts/&| + " $temp2 > $temp1 + + wget -qi- < $temp1 + + echo $new_commit > .commit + + pkill -HUP tincd +fi diff --git a/retiolum/bin/tinc_stats b/retiolum/bin/tinc_stats new file mode 120000 index 00000000..6a58af60 --- /dev/null +++ b/retiolum/bin/tinc_stats @@ -0,0 +1 @@ +/home/makefu/repos/krebs/retiolum/scripts/adv_graphgen/tinc_stats.py
\ No newline at end of file diff --git a/retiolum/bin/update-retiolum-hosts b/retiolum/bin/update-retiolum-hosts new file mode 100755 index 00000000..1fecfe15 --- /dev/null +++ b/retiolum/bin/update-retiolum-hosts @@ -0,0 +1,16 @@ +#! /bin/sh +set -eu + +if test "${nosudo-false}" != true -a `id -u` != 0; then + echo "we're going sudo..." >&2 + exec sudo "$0" "$@" + exit 23 # go to hell +fi + +# cd //retiolum +cd $(dirname $(readlink -f $0))/.. + +mkdir -v -p /etc/tinc/retiolum/hosts +cp -v -r hosts/* /etc/tinc/retiolum/hosts +pkill -HUP tincd +pkill -ALRM tincd diff --git a/retiolum/bin/update_tinc_hosts b/retiolum/bin/update_tinc_hosts index fe0785e3..b3529a7f 100755 --- a/retiolum/bin/update_tinc_hosts +++ b/retiolum/bin/update_tinc_hosts @@ -17,7 +17,7 @@ es='# END OF RETIOLUM' case "${*-I am made of stupid}" in (start|restart) - hosts | $0 replace magic + hosts | grep -P "^(10|42)" | $0 replace magic ;; (stop) $0 clear magic @@ -29,9 +29,13 @@ case "${*-I am made of stupid}" in ;; ('create magic') $0 has magic || $0 print magic >> $hosts < /dev/null + $0 start ;; ('destroy magic') - $0 has magic && sed -ie "/^$bs$/,/^$es$/d" $hosts + if $0 has magic; then + cache="`cat $hosts`" + echo "$cache" | sed "/^$bs$/,/^$es$/d" > $hosts + fi ;; ('has magic') grep -q "^$bs$" $hosts && grep -q "^$es$" $hosts diff --git a/retiolum/doc/routing/ip-ranges b/retiolum/doc/routing/ip-ranges new file mode 100644 index 00000000..06f23e4e --- /dev/null +++ b/retiolum/doc/routing/ip-ranges @@ -0,0 +1,5 @@ +youtube + 209.85.0.0/16 + 208.65.0.0/16 + + diff --git a/retiolum/doc/routing/tun b/retiolum/doc/routing/tun new file mode 100644 index 00000000..a83ffc27 --- /dev/null +++ b/retiolum/doc/routing/tun @@ -0,0 +1,30 @@ +tunneling: +ovpn relevant fixes: + + -up /etc/openvpn/update-resolv-conf + -down /etc/openvpn/update-resolv-conf + +#up /etc/openvpn/update-resolv-conf + +#down /etc/openvpn/update-resolv-conf + + +route-nopull + -redirect-gateway $def1 + -dev tun + +dev $(your interfacename here) + +dev-type tun + + -auth-user-pass + +auth-user-pass $(your openvpn user_pass_file here) + +normal firewall stuff: + shorewall: + in /etc/shorewall/interfaces + +loc $(interfacename) detect tcpflags,nosmurfs,routefilter,logmartians + +ip+iptables + iptables --table nat -A POSTROUTING -o $(your interfacename here) -j MASQUERADE + ip route add table $(interfacename) via $(route -n | grep $(interfacename) | grep 0.0.0.0 | awk '{print $1}') dev $(interfacename) + ip rule add $(your rule spec here) table $(interfacename) + + + + diff --git a/retiolum/hosts/Lassulus b/retiolum/hosts/Lassulus new file mode 100644 index 00000000..98bd01e0 --- /dev/null +++ b/retiolum/hosts/Lassulus @@ -0,0 +1,11 @@ +Subnet = 42:0:0:0:0:0:0:dea7/128 +Subnet = 10.243.0.2/32 +Compression = 9 +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE +H0QwkiMmk3aZy1beq3quM6gX13aT+/wMfWnLyuvT11T5C9JEf/IS91STpM2BRN+R ++P/DhbuDcW4UsdEe6uwQDGEJbXRN5ZA7GI0bmcYcwHJ9SQmW5v7P9Z3oZ+09hMD+ +1cZ3HkPN7weSdMLMPpUpmzCsI92cXGW0xRC4iBEt1ZeBwjkLCRsBFBGcUMuKWwVa +9sovca0q3DUar+kikEKVrVy26rZUlGuBLobMetDGioSawWkRSxVlfZvTHjAK5JzU +O6y6hj0yQ1sp6W2JjU8ntDHf63aM71dB9QIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/retiolum/hosts/Shepherd b/retiolum/hosts/Shepherd new file mode 100644 index 00000000..4b6c5f42 --- /dev/null +++ b/retiolum/hosts/Shepherd @@ -0,0 +1,10 @@ +Subnet = 10.243.0.145/32 +Subnet = 42:0f19:8a1e:7865:721b:2378:beef:1158/128 +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAsW0Pbgvl+hATKqQR6H4yPg1kphMsxrXvh/CMQY8dXVVD2mDWBHaL +Y/yXCanDxyYRGu80SVwdIUWQIwjGD0SiESRGqABl2qPsD1uIbbqI5SlSwzb8UrJk ++oCszLxZrhD14HWTjAduQ5GcBNZ8Ht133rR07s+XRAYcKJOMauod3yD3g3IfZw6L +/MAQ8GSptSa+JPm5Kk1/QBZi8oH0aIseaVH9b6l8+P27LwxdwJG+S/82iKOUvszw +qocqNbKJ0iySs3ZPZTDpKa/MPAN9H/m/OqM66w6IG4iwIttqix5mET+kM2TUaH29 +tApWA1ChYy61aKBykdcT+IbJHl/0unOU6QIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/retiolum/hosts/Styx b/retiolum/hosts/Styx new file mode 100644 index 00000000..fad45316 --- /dev/null +++ b/retiolum/hosts/Styx @@ -0,0 +1,10 @@ +Subnet = 10.243.0.42/32 +Compression = 9 +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA4jbOi+HZIGOGNm4aBSwnq4m3Vg3IXHmYUbJx1AzP4a/yvEgswfk6 +MP5FXvoY/hZ0NQ0IRzbbJxGbcUdulz0WSjX1C+8uQUZstz+lvYZ4FeCXcdE5cuFM +ROKAbA4qxO3WOFhPAs4G+K6srDqswmmBSfgPAfOBexEZxHweoBQLOYKUPnBCWf5q +I1gKWgMVWv6KY/pgYxloarycb8gEd2GsNZcNwoNhRd2G/Tn6idh1qRBI96eaasbV +P24FEVkPVFVgIGrvFZCICCeQzA4g+Sn4TmgxnTWLQxG4hAHOZQX/ld8u7NHTU9Qm +PwmjESwfas9Z8UjknrbcaZvuqKrnMp7JwwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/retiolum/hosts/ThinkArmageddon b/retiolum/hosts/ThinkArmageddon new file mode 100644 index 00000000..e51e1c92 --- /dev/null +++ b/retiolum/hosts/ThinkArmageddon @@ -0,0 +1,9 @@ +Subnet = 10.243.0.137/32 +----- |