diff options
Diffstat (limited to 'ship/src')
| -rwxr-xr-x | ship/src/arch_autoinstall | 164 | ||||
| -rwxr-xr-x | ship/src/bootstrap_env_makefu | 171 | ||||
| -rw-r--r-- | ship/src/deploy-ssh-keys | 15 | ||||
| -rw-r--r-- | ship/src/filehooker_configure_ncdc | 15 | ||||
| -rw-r--r-- | ship/src/filehooker_configure_netshare | 7 | ||||
| -rwxr-xr-x | ship/src/filehooker_install | 143 | ||||
| -rw-r--r-- | ship/src/find-supers-tinc | 6 | ||||
| -rwxr-xr-x | ship/src/fix_dircolors | 13 | ||||
| -rw-r--r-- | ship/src/get_repo | 22 | ||||
| -rw-r--r-- | ship/src/install_tor_announce | 5 | ||||
| -rwxr-xr-x | ship/src/punani | 4 | ||||
| -rw-r--r-- | ship/src/refresh-super-keys | 5 | ||||
| -rw-r--r-- | ship/src/refresh-supers | 35 | ||||
| -rwxr-xr-x | ship/src/remaster_arch_shack_installstick | 104 | ||||
| -rwxr-xr-x | ship/src/retiolum | 292 | ||||
| -rw-r--r-- | ship/src/tahoe_install | 15 | ||||
| -rwxr-xr-x | ship/src/tor_publish_ssh | 14 | ||||
| -rw-r--r-- | ship/src/vim_sane_defaults | 11 |
18 files changed, 1041 insertions, 0 deletions
diff --git a/ship/src/arch_autoinstall b/ship/src/arch_autoinstall new file mode 100755 index 00000000..c9b6c4d4 --- /dev/null +++ b/ship/src/arch_autoinstall @@ -0,0 +1,164 @@ +#/bin/sh +#@strict +#@include core +#@include color +#@include network +#@include tor +pass=shackit +shack_printer_ip=10.42.0.135 +extra_pkg="xorg vim xfce4 feh chromium zsh sudo git flashplugin alsa-oss alsa-lib alsa-utils grub-bios slim ntp tor network-manager-applet networkmanager openssh cups cups-filters" + +info "writing stdout to /tmp/install.log" +defer 'pkill tail' + +installer_disk(){ + find /dev/disk/by-label/ -name ARCH_\* 2>/dev/null | xargs readlink +} + +find_rootdisk(){ + for i in sd vd hd;do + for j in a b;do + dsk="/dev/$i$j" + test "$(installer_disk)" == "$dsk" && continue + test -e "$dsk" && echo "$dsk" && return + done + done +} + +rootdisk=$(find_rootdisk) +test "$rootdisk" || die "cannot find your root disk" + +info "Your rootdisk is $rootdisk" +sleep 3 + +umount /mnt/boot ||: +umount /mnt ||: +info "starting partitioning" +(printf "o\nn\np\n\n\n+256M\n\a\nn\np\n\n\n\nw\n\n") |fdisk $rootdisk||: +info "done partitioning" +sleep 1 +info "generating filesystem on /boot" +mkfs.ext2 ${rootdisk}1 +info "Done" +sleep 1 +info "starting LVM magic" +vgchange -an ||: +vgremove -f pool0 ||: +pvcreate ${rootdisk}2 +vgcreate -ff pool0 ${rootdisk}2 +lvcreate -l 100%free -n root pool0 +info "finished creating LVM" +sleep 1 +info "generating filesystems on the LVM" +mkfs.ext4 /dev/mapper/pool0-root +info "finished generating filesystems" +sleep 1 +info "mounting" +mount /dev/mapper/pool0-root /mnt +mkdir /mnt/boot +mount ${rootdisk}1 /mnt/boot + +info "finished mounting!" +sleep 1 +info "installing!" + +info "Setting http proxy" +if http_head heidi.shack:3142 &>/dev/null; then + http_proxy=heidi.shack:3142 + info "Heidi is reachable, will use this box as proxy" +else + http_proxy='' + info "Will not use any proxy" +fi +info "Installing the following packages: $extra_pkg" +if [ -n "${user_pkg:-}" ] ;then + info "User chooses additional packages: $user_pkg" +else + info "No additional packages set by user (\$user_pkg unset)" +fi +http_proxy=${http_proxy} pacstrap /mnt base base-devel $extra_pkg ${user_pkg:-} +info "installation done" +sleep 1 +info "generating configs" +genfstab -U -p /mnt > /mnt/etc/fstab + +info "beginning chroot!" +arch-chroot /mnt << EOF + +msg() { printf "\$*\n" >&2; } +info() { msg "$green\$*$nc"; } +error() { msg "$green\$*$nc"; } + +info "generating locales" +ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime +echo "LANG=en_US.UTF-8" >> /etc/locale.conf +echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen +locale-gen +echo "shackbook$RANDOM" > /etc/hostname +sed -i 's/block/& lvm2/g' /etc/mkinitcpio.conf +info "Done! " +mkinitcpio -p linux +info "setting root password" +printf "${pass}\n${pass}\n" | (passwd ) +info "adding user" +useradd -d /home/shack -m -G audio,video,wheel -s /usr/bin/zsh shack +printf "${pass}\n${pass}\n" | (passwd shack) + +info "editing sudoers" +printf "root ALL=(ALL) ALL\n%s ALL=(ALL) ALL\n" %wheel >> /etc/sudoers +info "configuring slim" +printf "default_user\tshack\nfocus_password\tyes\nauto_login\tyes\n" >> /etc/slim.conf +info "configuring .xinitrc" +printf "exec startxfce4\n" >> /home/shack/.xinitrc + +for i in slim NetworkManager ntpd tor cups; do + info "enabling \$i" + systemctl enable \$i +done + +### CUPS +mkdir -p /etc/cups +cat >>/etc/cups/printers.conf<<EOT +<Printer HP_LaserJet_5000_Series> +Info Shack Printer HP 5000 +Location lounge +MakeModel HP LaserJet Series PCL 6 CUPS +DeviceURI socket://$shack_printer_ip +State Idle +StateTime 1387400063 +Type 8400964 +Accepting Yes +Shared No +JobSheets none none +QuotaPeriod 0 +PageLimit 0 +KLimit 0 +OpPolicy default +ErrorPolicy stop-printer +</Printer> +EOT + +info "installing grub" +grub-install ${rootdisk} 2>/dev/null +echo "GRUB_DISABLE_LINUX_UUID=true" >> /etc/default/grub +grub-mkconfig > /boot/grub/grub.cfg 2>/dev/null + +info "installing oh-my-zsh" +curl -L https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh | sudo -u shack sh +sed -i 's/robbyrussell/afowler/g' /home/shack/.zshrc +info "fixing chrome for incognito use" +sed -i 's/Exec=chromium/Exec=chromium --incognito/g' /usr/share/applications/chromium.desktop +exit +EOF + +info "configuring tor" +torrc=/mnt/etc/tor/torrc +hidden_service_dir=/var/lib/tor/hidden_service/ +configure_hidden_service +#TODO publish tor address after reboot +#info "publishing hidden service address" +#cat $hidden_service_dir/hostname | send_irc + + +info "We're all done, simply reboot!" +reboot diff --git a/ship/src/bootstrap_env_makefu b/ship/src/bootstrap_env_makefu new file mode 100755 index 00000000..e61f4e99 --- /dev/null +++ b/ship/src/bootstrap_env_makefu @@ -0,0 +1,171 @@ +#!/bin/sh +# TODO: modularize zsh configuration and vim configuration +#@info +#@strict +#@include core +#@include punani +#@include vim + +# vim +python +_punanidb_pacman_vim_python=gvim +_punanidb_yum_vim_python=vim-enhanced +_punanidb_aptget_vim_python=vim + +# TODO pull out youcompleteme into a vim function +# cmake ,make,g++,python-dev for youcompleteme +_punanidb_pacman_cmake=cmake +_punanidb_yum_cmake=cmake +_punanidb_aptget_cmake=cmake +#@mainifyme + +info "Configuring environment for $(id -un)" +cd $(readlink -f $(dirname $0)) +info "Using punani to install git vim and zsh" +punani install git vim_python zsh gpp cmake make python2_dev || die "cannot install some shit" + +info "writing dotfiles" +# deploying zshrc +# TODO modularize zshrc +cat > $HOME/.zshrc <<EOF +# Path to your oh-my-zsh configuration. +export ZSH=\$HOME/.oh-my-zsh + +# Look in ~/.oh-my-zsh/themes/ +export ZSH_THEME="gallifrey" + +# Comment this out to disable weekly auto-update checks +export DISABLE_AUTO_UPDATE="true" + +plugins=(git ssh-agent) +. \$ZSH/oh-my-zsh.sh +test -e \$HOME/.aliases && source \$HOME/.aliases + +# Customize to your needs... +export PATH=/usr/sbin:/krebs/bin:\$HOME/bin:\$PATH:/sbin +HISTFILE=~/.histfile +HISTSIZE=9000001 +SAVEHIST=9000001 + +export EDITOR=vim + +export JAVA_HOME=\$JAVA_HOME:/opt/java/jre + +GREP_COLOR="1;33" +alias grep='grep --color=auto' +alias vi=vim + +export MANPATH=\$MANPATH:\$HOME/man + +if [ -f "\$HOME/.dircolors" ] ; then + eval \$(dircolors -b "\$HOME/.dircolors") + export LS_COLORS +fi + +which fortune >/dev/null && fortune -a +which task >/dev/null && task +echo "--" +test -r ~/TODO && cat ~/TODO + +setopt menu_complete +unsetopt correct_all +export PYTHONSTARTUP=~/.pythonrc +EOF +info 'deploying pythonrc' +cat > $HOME/.pythonrc <<EOF +import rlcompleter, readline +readline.parse_and_bind('tab:complete') +EOF +info "deploying vim config" +if [ -e $HOME/.vim ] ; then + oldvim=$HOME/.vim.`date +%Y%M%d` + info "Backing up old vim folder to $oldvim" + mv -v $HOME/.vim $oldvim +fi + +mkdir -p $HOME/.vim + +# TODO modilarize vimconfig + +cat > $HOME/.vim/vimrc <<EOF +filetype off +set rtp+=~/.vim/bundle/vundle +call vundle#rc() +" TODO refactor this +Bundle 'gmarik/vundle' +Bundle 'SudoEdit.vim' +Bundle 'snipMate' +Bundle 'tpope/vim-fugitive' +Bundle 'Valloric/YouCompleteMe' +Bundle 'scrooloose/syntastic' +Bundle 'sjl/gundo.vim' + +nnoremap <F5> :GundoToggle<CR> +set undodir=~/.vim/undo +set undofile +"maximum number of changes that can be undone +set undolevels=1000000 +"maximum number lines to save for undo on a buffer reload +set undoreload=10000000 + +set pastetoggle=<F2> +set showmode +filetype plugin indent on + + +filetype plugin indent on + +let g:snips_author = 'Bob Ross <root@syntax-fehler.de>' +let g:makefu_author = 'makefu' + +" pasting +nnoremap <F2> :set invpaste paste?<CR> +set pastetoggle=<F2> +set showmode + +" save on focus lost +au FocusLost * :wa + +set spelllang=en + +set textwidth=9001 +autocmd BufRead *.json set filetype=json +EOF +if [ -e $HOME/.vimrc ] ; then + oldvim=$HOME/.vimrc.`date +%Y%M%d` + info "Backing up old vimrc file to $oldvim" + mv -v $HOME/.vimrc $oldvim +fi +info "Symlinking .vimrc to .vim/vimrc" +ln -vs $HOME/.vim/vimrc $HOME/.vimrc +vim_conf_sane_defaults + +#install all the vim stuff with the help of vundle +cd $HOME/.vim +mkdir -p bundle undo backup +info "Fetching vim-vundle" +git clone https://github.com/gmarik/vundle.git bundle/vundle > /dev/null && \ + info "Vim Vundle deployed" +info "Installing Vundle Bundles" +vim "+:BundleInstall" "+:qall" + +info "building youcompleteme libs" +cd $HOME/.vim/bundle/YouCompleteMe +./install.sh +cd - + +info "configuring zsh" +if exists zsh; then + if [ "$SHELL" != "`which zsh`" ] ;then + info "setting zsh as new shell,please enter your user password" + chsh -s `which zsh` + else + info "zsh already set as default shell" + fi + if [ ! -d ~/.oh-my-zsh ] ; then + git clone https://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh > /dev/null && info "oh-my-zsh deployed" + else + info "oh-my-zsh already installed" + fi +else + error "cannot find zsh :(" +fi diff --git a/ship/src/deploy-ssh-keys b/ship/src/deploy-ssh-keys new file mode 100644 index 00000000..7eedb2cb --- /dev/null +++ b/ship/src/deploy-ssh-keys @@ -0,0 +1,15 @@ +#!/bin/sh +#@info +#@strict +#@include core +cd $(dirname $0) +U="${1:-$(id -u -n)}" +H="$(grep "^$U" /etc/passwd | cut -d : -f 6)" +krebsdir=${krebsdir:-/krebs} + +info "deploying for user $U to $H/.ssh" +mkdir -p $H/.ssh + +cp -vr $krebsdir/infest/skel/home/.ssh/authorized_keys $H/.ssh +chown $U $H +chown -R $U $H/.ssh diff --git a/ship/src/filehooker_configure_ncdc b/ship/src/filehooker_configure_ncdc new file mode 100644 index 00000000..c980ebf2 --- /dev/null +++ b/ship/src/filehooker_configure_ncdc @@ -0,0 +1,15 @@ +#!/bin/sh +#@info +#@strict +#@include filehooker + +dc_hub="adcs://elch.nsupdate.info:2781" +rnd=`hexdump -n 2 -e '/2 "%u"' /dev/urandom` +nick="filehooker_$rnd" + + +ncdc_install +ncdc_autostart + +ncdc_configure_nick "$nick" +ncdc_configure_hub "$dc_hub" diff --git a/ship/src/filehooker_configure_netshare b/ship/src/filehooker_configure_netshare new file mode 100644 index 00000000..438ac133 --- /dev/null +++ b/ship/src/filehooker_configure_netshare @@ -0,0 +1,7 @@ +#!/bin/sh +#@info +#@strict +#@include filehooker +for i in $(prepare_netshares) ;do + ncdc_configure_netshare "$i" "${i##*/}" +done diff --git a/ship/src/filehooker_install b/ship/src/filehooker_install new file mode 100755 index 00000000..eb2d5fd1 --- /dev/null +++ b/ship/src/filehooker_install @@ -0,0 +1,143 @@ +#/bin/sh +#@info +#@strict +#@include core +## colored logging +#@include color +#@include network + +## for tor hidden service +#@include tor + +## for ncdc +#@include filehooker +pass=lolwut.aidsballs +# 20gig +#min_netshare_size=20000000000 +admin=pimp +extra_pkg="vim sudo grub-bios ntp tor openssh btrfs-progs tmux" + +info "writing stdout to /tmp/install.log" + + +installer_disk(){ + find /dev/disk/by-label/ -name ARCH_\* 2>/dev/null | xargs readlink +} + +find_rootdisk(){ + for i in sd vd hd;do + for j in a b c;do + dsk="/dev/$i$j" + test ! -e "$dsk" && continue + test "$(installer_disk)" == "$dsk" && continue + test "$(get_disksize $dsk)" -gt "$min_netshare_size" && info "not using $dsk as it is too big" && continue + echo "$dsk" && return + done + done +} + +rootdisk=$(find_rootdisk) +test "$rootdisk" || die "cannot find your root disk" + +info "Your rootdisk is $rootdisk" +sleep 3 + +umount /mnt/boot ||: +umount /mnt ||: +info "overwriting partitioning" +dd if=/dev/zero of=$rootdisk bs=2k count=10 +info "starting partitioning" +(printf "o\nn\np\n\n\n+128M\n\a\nn\np\n\n\n\nw\n\n") |fdisk $rootdisk ||: +partprobe $rootdisk +info "done partitioning" +sleep 1 +info "generating filesystem on /boot" +mkfs.ext2 ${rootdisk}1 +info "Done" +sleep 3 +sync +vgchange -an +info "generating filesystems" +mkfs.btrfs -f ${rootdisk}2 +sleep 1 +info "finished generating filesystems" +sleep 1 +info "mounting" +mount ${rootdisk}2 /mnt +mkdir /mnt/boot +mount ${rootdisk}1 /mnt/boot + +info "finished mounting!" +sleep 1 +info "installing!" + +info "Setting http proxy" + +info "Installing the following packages: $extra_pkg" +if [ -n "${user_pkg:-}" ] ;then + info "User chooses additional packages: $user_pkg" +else + info "No additional packages set by user (\$user_pkg unset)" +fi +pacstrap /mnt base $extra_pkg ${user_pkg:-} +info "installation done" +sleep 1 +info "generating configs" +genfstab -U -p /mnt > /mnt/etc/fstab + +info "beginning chroot!" +########### BEGIN CHROOT ##### +arch-chroot /mnt << EOF +#@strict +msg() { printf "\$*\n" >&2; } +info() { msg "$green\$*$nc"; } +error() { msg "$green\$*$nc"; } + +info "generating locales" +ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime +echo "LANG=en_US.UTF-8" >> /etc/locale.conf +echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen +locale-gen +echo "filehooker$RANDOM" > /etc/hostname +info "Done! " +mkinitcpio -p linux || +info "setting root password" +printf "${pass}\n${pass}\n" | (passwd ) +info "adding user" +useradd -m -G audio,video,wheel $admin +printf "${pass}\n${pass}\n" | (passwd $admin) + +info "editing sudoers" +printf "root ALL=(ALL) ALL\n%s ALL=(ALL)NOPASSWD: ALL\n" %wheel >> /etc/sudoers +for i in dhcpcd ntpd tor sshd ; do + info "enabling \$i" + systemctl enable \$i +done + +info "installing grub" +grub-install ${rootdisk} 2>/dev/null +#echo "GRUB_DISABLE_LINUX_UUID=true" >> /etc/default/grub +grub-mkconfig > /boot/grub/grub.cfg 2>/dev/null +# prepare ncdc +useradd -m hooker +exit +EOF +######## END CHROOT ########## +sync + +info "configuring tor" +torrc=/mnt/etc/tor/torrc +hidden_service_dir=/var/lib/tor/hidden_service/ +configure_hidden_service +#info "publishing hidden service address" +#cat $hidden_service_dir/hostname | send_irc +info "configure ncdc" +curl conf.krebsco.de/filehooker_configure_ncdc | arch-chroot /mnt +info "configuring netshares" +( curl conf.krebsco.de/filehooker_configure_netshare )| arch-chroot /mnt +info "configuring tor announce" +curl conf.krebsco.de/install_tor_announce | arch-chroot /mnt +info "We're all done, rebooting!" +sync +sleep 5 +reboot diff --git a/ship/src/find-supers-tinc b/ship/src/find-supers-tinc new file mode 100644 index 00000000..3ea53d35 --- /dev/null +++ b/ship/src/find-supers-tinc @@ -0,0 +1,6 @@ +#!/bin/sh +#@info +#@include core +#@include retiolum + +find_supernodes diff --git a/ship/src/fix_dircolors b/ship/src/fix_dircolors new file mode 100755 index 00000000..d427563f --- /dev/null +++ b/ship/src/fix_dircolors @@ -0,0 +1,13 @@ +#!/bin/sh +#@info +#@strict +#@include core +exists dircolors || die "no dircolors in PATH, bailing out" + +info "fixing dircolors for $(id -un)" +dircolors -p > $HOME/.dircolors +sed -i 's/\(DIR \).*/\101;36/' $HOME/.dircolors +! grep -q 'dircolors' $HOME/.profile && \ + info "adding dircolors line to $HOME/.profile" && \ + echo 'eval `dircolors -b $HOME/.dircolors`' >> $HOME/.profile +info "done" diff --git a/ship/src/get_repo b/ship/src/get_repo new file mode 100644 index 00000000..5476e650 --- /dev/null +++ b/ship/src/get_repo @@ -0,0 +1,22 @@ +#!/bin/sh +#@info +#@strict +#@include punani +# Can be overwritten before install + +KREBSDIR=${KREBSDIR:-/krebs} +( is_root || ! test "$KREBSDIR" = "/krebs" ) || die "not running as root, stuff may not work. change KREBSDIR env to bootstrap somewhere else!"; + +info "installing git to clone repo" +punani install git + +[ -e "$KREBSDIR" ] && die "krebs dir already exists" + +git clone --depth 1 https://github.com/krebscode/painload.git "$KREBSDIR" || die "cloning failed :(" + +cd $KREBSDIR || die "cannot change into $KREBSDIR folder:(" ; + +info "installing make" +punani install make + +info "have a nice day" diff --git a/ship/src/install_tor_announce b/ship/src/install_tor_announce new file mode 100644 index 00000000..b7b3662e --- /dev/null +++ b/ship/src/install_tor_announce @@ -0,0 +1,5 @@ +#!/bin/sh +#@strict +#@include filehooker + +install_tor_announce diff --git a/ship/src/punani b/ship/src/punani new file mode 100755 index 00000000..ceabd667 --- /dev/null +++ b/ship/src/punani @@ -0,0 +1,4 @@ +#! /bin/sh +#@info +#@include punani +punani "$@" diff --git a/ship/src/refresh-super-keys b/ship/src/refresh-super-keys new file mode 100644 index 00000000..dddbe846 --- /dev/null +++ b/ship/src/refresh-super-keys @@ -0,0 +1,5 @@ +#!/bin/sh +#@info +#@include retiolum +#@mainifyme +refresh_supernode_keys diff --git a/ship/src/refresh-supers b/ship/src/refresh-supers new file mode 100644 index 00000000..6dc6e8ab --- /dev/null +++ b/ship/src/refresh-supers @@ -0,0 +1,35 @@ +#!/bin/sh +#@info +# usage: [DEBUG=1] [tincconf=/not/tinc/retiolum/tinc.conf] $0 +# This is the implementation of the proposal how to update tinc supernode +# connections + +#@include core +#@include retiolum + # using find_supernodes + # tinc_path + # netname + +#@strict +#@mainifyme + +refresh_supernode_keys + +max_connect_to=${max_connect_to:-5} +tincconf=${tincconf:-$tinc_path/$netname/tinc.conf} +tmp_tincconf=$(mktemp) +defer "rm -f $tmp_tincconf" + +sed '/^[ ]*ConnectTo/d' "$tincconf" > "$tmp_tincconf" + + +# TODO find_supernodes requires netcat +find_supernodes | cut -d\ -f 1 | shuf \ + | head -n "${max_connect_to}" \ + | xargs -n1 printf "ConnectTo=%s\n" >> "$tmp_tincconf" + +info "replacing old tinc.conf with one" +test "${DEBUG:-}" && diff "$tincconf" "$tmp_tincconf" +mv "$tmp_tincconf" "$tincconf" + +reload_tinc diff --git a/ship/src/remaster_arch_shack_installstick b/ship/src/remaster_arch_shack_installstick new file mode 100755 index 00000000..3ad985af --- /dev/null +++ b/ship/src/remaster_arch_shack_installstick @@ -0,0 +1,104 @@ +#!/bin/sh +#@include core +#@include iso +#@mainifyme + +## TODO: provide a parameter which defines what to be done in the new iso root +set -efu +isofile=${1:-archlinux-2013.06.01-dual.iso} +outfile=$(basename ${isofile%.iso}.krebs.iso) +info "outfile will be at $outfile" +bdir=${bdir:-$HOME/build/arch} +isodir=$bdir/iso +isomnt=$bdir/isomount +rootdir=$bdir/root +outdir=$bdir/out +auto_url=${2:-conf.krebsco.de/arch_autoinstall} +info "bdir is at $bdir" +[ ! -e "$isofile" ] && die "$isofile does not exist." +esudo "$@" +arch_label="$(get_volid "$isofile")" +info "Arch iso label is ${arch_label}" +info "auto_url is $auto_url" + +info "cleanup root dir" +rm -rf $bdir +mkdir -p $isomnt $rootdir +info "mounting isofile ($isofile)" +if is_root;then + mount -t iso9660 -o loop,ro $isofile $isomnt +else + die 'we are not root enough to mount the iso.' +fi +defer "info 'unmounting $isomnt';umount $isomnt" + +info "copying from '$isomnt' to '$isodir'" +cp -a "$isomnt" "$isodir" +defer "info 'removing $isodir';rm -rf $isodir" +info "extracting root-image squashfs" +# we will not touch the kernel ... yet + +for arch in x86_64 i686;do + info "unpacking $isomnt/arch/$arch/root-image.fs.sfs" + mkdir -p "$outdir/$arch" + defer "info 'removing $outdir/$arch';rm -rf $outdir/$arch" + mkdir -p "$rootdir/$arch" + defer "info 'removing $rootdir/$arch';rm -rf $rootdir/$arch" + unsquashfs -f -d "$outdir/$arch" "$isodir/arch/$arch/root-image.fs.sfs" + + mount "$outdir/$arch/root-image.fs" "$rootdir/$arch" + defer "info 'unmounting $rootdir/$arch';umount $rootdir/$arch||info 'not mounted'" + + info "Starting of the rootdir verkrepelung" + # do the magic here + arch-chroot $rootdir/$arch <<EOF + cat >> /root/.zshrc<<EOL +cat << EOD +This is the Krebs Autoinstaller, we will do all the right things. +Just Wait until everything finished. + +- Make sure that RJ45 is connected +- you can bail out of the progress at any time with CTRL-C + /krebs/autoinstall (args) +EOD +/krebs/autoinstall +EOL + + mkdir /krebs + cat > /krebs/autoinstall <<EOL +internet() { ping -w 1 google.de >/dev/null 2>&1; } +while ! internet;do + echo "no Internet yet, waiting ..." + sleep 3 +done + +echo "Grabbing current version of install-script from $auto_url" +echo +echo "AGENTS ARE GOOOOOOOOOOO!" +curl "$auto_url" 2>/dev/null | sh -s "\\\$@" +EOL +chmod 755 /krebs/autoinstall +EOF + info "deleting old squashfs" + rm "$isodir/arch/$arch/root-image.fs.sfs" + info "creating squashfs at $isodir/arch/$arch/root-image.fs.sfs" + umount "$rootdir/$arch" + mksquashfs "$outdir/$arch/root-image.fs" "$isodir/arch/$arch/root-image.fs.sfs" +done + +info "creating Iso Image" +rm -f "${outdir}/${outfile}" +xorriso -as mkisofs \ + -iso-level 3 \ + -full-iso9660-filenames \ + -volid "${arch_label}" \ + -appid "Shackspace Krebs Installer" \ + -publisher "Shackspace/Krebs" \ + -preparer "prepared by krebs" \ + -eltorito-boot isolinux/isolinux.bin \ + -eltorito-catalog isolinux/boot.cat \ + -no-emul-boot -boot-load-size 4 -boot-info-table \ + -isohybrid-mbr ${isomnt}/isolinux/isohdpfx.bin \ + -output "${outdir}/${outfile}" \ + "$isodir" + diff --git a/ship/src/retiolum b/ship/src/retiolum new file mode 100755 index 00000000..ede1fd6a --- /dev/null +++ b/ship/src/retiolum @@ -0,0 +1,292 @@ +#!/bin/sh +#@include core +#@include network +main(){ + + set -euf + get_root + + SUBNET4=${SUBNET4:-10.243} + # TODO: some retard servers may not support ipv6 + SUBNET6=${SUBNET6:-42} + TEMPDIR=${TEMPDIR:-auto} + TINCDIR=${TINCDIR:-auto} + + + #overwrite `found` hostname + HOSTN="`get_hostname`" + NETNAME=${NETNAME:-retiolum} + MASK4=${MASK4:-16} + MASK6=${MASK6:-16} + RMASK=${RMASK:-255.255.0.0} + URL=${URL:-http://euer.krebsco.de/retiolum/hosts.tar.gz} + SURL=${SURL:-http://euer.krebsco.de/retiolum/supernodes.tar.gz} + + IRCCHANNEL=${IRCCHANNEL:-"#krebs_incoming"} + IRCSERVER=${IRCSERVER:-"irc.freenode.net"} + IRCPORT=${IRCPORT:-6667} + + OS=$(get_os) + + IP4=${IP4:-0} + IP6=${IP6:-0} + + RAND4=1 + RAND6=1 + + + if [ $IP4 -eq 0 ]; then + RAND4=1 + elif ! check_ip_valid4 $IP4; then + die 'ip4 is invalid' + fi + if [ $IP6 -eq 0 ]; then + RAND6=1 + elif ! check_ip_valid6 $IP6; then + die 'ip6 is invalid' + fi + + #check if everything is installed + if ! exists awk ; then + die 'Please install awk' + fi + + + if ! http_head $SURL >/dev/null 2>/dev/null ;then + die 'Cannot find supernode package, check if your internet is working' + fi + + #check if everything is installed + if [ $OS = 'android' ]; then + if ! test -e /data/data/org.poirsouille.tinc_gui/files/tincd; then + die 'Please install tinc-gui' + else + TINCBIN=/data/data/org.poirsouille.tinc_gui/files/tincd + DEV="/dev/tun" + if [ $TINCDIR = 'auto' ]; then TINCDIR="/usr/local/etc/tinc" ;fi + if [ $TEMPDIR = 'auto' ]; then TEMPDIR="/storage/sdcard0/tinc-fu" ;fi + mount -o remount,rw / + mount -o remount,rw /system + fi + elif [ $OS = 'osx' ]; then + if ! exists tincd >/dev/null; then + die 'Please install tinc' + else + TINCBIN=tincd + DEV="/dev/net/tun" + if [ $TINCDIR = 'auto' ]; then TINCDIR="/usr/local/etc/tinc" ;fi + if [ $TEMPDIR = 'auto' ]; then TEMPDIR="/tmp/tinc-install-fu" ;fi + fi + else + if ! exists tincd >/dev/null; then + die 'Please install tinc' + else + TINCBIN=tincd + DEV="/dev/net/tun" + if [ $TINCDIR = 'auto' ]; then TINCDIR="/etc/tinc" ;fi + if [ $TEMPDIR = 'auto' ]; then TEMPDIR="/tmp/tinc-install-fu" ;fi + fi + fi + + #generate full subnet information for v4 + + #test if tinc directory already exists + if test -e $TINCDIR/$NETNAME; then + die "tinc config directory $TINCDIR/$NETNAME does already exist. (backup and) delete config directory and restart" + fi + + #get tinc-hostfiles + mkdir -p $TEMPDIR/hosts + http_get $URL | tar zx -C $TEMPDIR/hosts/ + + #check for free ip + #version 4 + until check_ip_taken $IP4; do + if [ $RAND4 -eq 1 ]; then + IP4="$SUBNET4.$(( $(head /dev/urandom | tr -dc "123456789" | head -c3) %255)).$(( $(head /dev/urandom | tr -dc "123456789" | head -c3) %255))" + else + printf 'choose new ip: ' + read IP4 + while ! check_ip_valid4 $IP4; do + printf 'the ip is invalid, retard, choose a valid ip: ' + read IP4 + done + fi + done + + #version 6 + + until check_ip_taken $IP6; do + if [ $RAND6 -eq 1 ]; then + NETLENGTH=$(expr $(expr 128 - $MASK6) / 4) + IP6="$SUBNET6$(head /dev/urandom | tr -dc "0123456789abcdef" | head -c$NETLENGTH | sed 's/..../:&/g')" #todo: generate ip length from hostmask + else + printf 'ip taken, choose new ip: ' + + read IP6 + while ! check_ip_valid6 $IP6; do + printf 'the ip is invalid, retard, choose a valid ip: ' + read IP6 + done + fi + done + + + #check for free hostname + get_hostname $HOSTN + + + #create the configs + mkdir -p $TINCDIR/$NETNAME + cd $TINCDIR/$NETNAME + + if [ $OS = 'openwrt' ]; then + mkdir hosts + http_get $SURL | tar xz -C hosts/ + else + mv $TEMPDIR/hosts ./ + fi + + rm -r $TEMPDIR || echo "$TEMPDIR does not exist, skipping removal" + + echo "Subnet = $IP4" > hosts/$HOSTN + echo "Subnet = $IP6" >> hosts/$HOSTN + + cat>tinc.conf<<EOF +Name = $HOSTN +Device = $DEV + +#newer tinc features +LocalDiscovery = yes +AutoConnect = 3 + +#ConnectTos +ConnectTo = slowpoke +ConnectTo = pigstarter +ConnectTo = pico +EOF + + host2subnet $MASK4 + + #check if ip is installed + if exists ip >/dev/null; then + echo 'dirname="`dirname "$0"`"' > tinc-up + echo '' >> tinc-up + echo 'conf=$dirname/tinc.conf' >> tinc-up + echo '' >> tinc-up + echo 'name=$(sed -n "s|^ *Name *= *\([^ ]*\) *$|\\1|p" $conf)' >> tinc-up + echo '' >> tinc-up + echo 'host=$dirname/hosts/$name' >> tinc-up + echo '' >> tinc-up + echo 'ip link set $INTERFACE up' >> tinc-up + echo '' >> tinc-up + echo "addr4=\$(sed -n \"s|^ *Subnet *= *\\($SUBNET4[.][^ ]*\\) *\$|\\\\1|p\" \$host)" >> tinc-up + echo 'ip -4 addr add $addr4 dev $INTERFACE' >> tinc-up + echo "ip -4 route add $FULLSUBNET/$MASK4 dev \$INTERFACE" >> tinc-up + echo '' >> tinc-up + echo "addr6=\$(sed -n \"s|^ *Subnet *= *\\($SUBNET6[:][^ ]*\\) *\$|\\\\1|p\" \$host)" >> tinc-up + echo 'ip -6 addr add $addr6 dev $INTERFACE' >> tinc-up + echo "ip -6 route add $SUBNET6::/$MASK6 dev \$INTERFACE" >> tinc-up + else + echo 'dirname="`dirname "$0"`"' > tinc-up + echo '' >> tinc-up + echo 'conf=$dirname/tinc.conf' >> tinc-up + echo '' >> tinc-up + echo 'name=$(sed -n "s|^ *Name *= *\([^ ]*\) *$|\\1|p" $conf)' >> tinc-up + echo '' >> tinc-up + echo 'host=$dirname/hosts/$name' >> tinc-up + echo '' >> tinc-up + echo "addr4=\$(sed -n \"s|^ *Subnet *= *\\($SUBNET4[.][^ ]*\\) *$|\\\\1|p\" \$host)" >> tinc-up + echo 'ifconfig $INTERFACE $addr4' >> tinc-up + echo "route add -net $FULLSUBNET netmask $RMASK dev \$INTERFACE " >> tinc-up + fi + + #fix permissions + chmod +x tinc-up + chown -R 0:0 . + + #generate keys with tinc + if exists tinc ; then + yes | tinc -n $NETNAME generate-keys + else + yes | $TINCBIN -n $NETNAME -K + fi + + if [ $OS = 'android' ]; then + mkdir /etc/tinc + cd / + mv $TINCDIR/$NETNAME /etc/tinc/ + cd /etc/tinc/$NETNAME + fi + + (echo "This is $HOSTN";cat "hosts/$HOSTN" ) | send_irc + + # finish what you have begun! + tincd -n $NETNAME +} + + +#convert hostmask to subnetmask only version 4 +host2subnet() +{ + NEEDDOTSINSUB=$(expr 3 - $( echo $SUBNET4 | tr -C -d . | wc -c)) + case $NEEDDOTSINSUB in + 3) FULLSUBNET=$SUBNET4.0.0.0 ;; + 2) FULLSUBNET=$SUBNET4.0.0 ;; + 1) FULLSUBNET=$SUBNET4.0 ;; + 0) FULLSUBNET=$SUBNET4 ;; + *) die 'cannot read subnet';; + esac +} + +#check if ip is valid ipv4 function +check_ip_valid4() +{ + if [ "$(echo $1 | awk -F"\." ' $0 ~ /^([0-9]{1,3}\.){3}[0-9]{1,3}$/ && $1 <=255 && $2 <= 255 && $3 <= 255 && $4 <= 255 ' 2>/dev/null)" == "$1" ] && [ ${1:0:${#SUBNET4}} == $SUBNET4 ] + then + return 0 + else + return 1 + fi +} |