From 1fa15dd59e7dc58f4331305b9f401d3aabfa53cd Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 17 Mar 2014 07:51:03 +0100
Subject: filehooker: initial commit

using archiso magic scripts
---
 filehooker/root-image/etc/fstab                    |   0
 filehooker/root-image/etc/hostname                 |   1 +
 filehooker/root-image/etc/locale.conf              |   1 +
 filehooker/root-image/etc/pam.d/su                 |   6 ++
 filehooker/root-image/etc/sudoers.d/g_wheel        |   1 +
 .../root-image/etc/systemd/scripts/choose-mirror   |  26 +++++
 .../etc/systemd/system/choose-mirror.service       |  10 ++
 .../etc/systemd/system/etc-pacman.d-gnupg.mount    |   8 ++
 .../etc/systemd/system/filehooker-hostname.service |  11 ++
 .../system/getty@tty1.service.d/autologin.conf     |   3 +
 .../etc/systemd/system/pacman-init.service         |  15 +++
 .../etc/systemd/system/tor-announce.service        |  11 ++
 .../root-image/etc/udev/rules.d/81-dhcpcd.rules    |   1 +
 .../krebs/bin/filehooker_configure_ncdc.ship       |  15 +++
 .../krebs/bin/filehooker_configure_netshare.ship   |   7 ++
 .../krebs/bin/filehooker_set_hostname.sh           |   5 +
 filehooker/root-image/krebs/bin/tor_announce.ship  |  17 +++
 .../root-image/krebs/bin/tor_publish_ssh.ship      |  12 +++
 filehooker/root-image/krebs/etc/authorized_keys    |   5 +
 filehooker/root-image/krebs/lib/_punani_db         |  57 ++++++++++
 filehooker/root-image/krebs/lib/color              |   7 ++
 filehooker/root-image/krebs/lib/core               |  80 ++++++++++++++
 filehooker/root-image/krebs/lib/filehooker         | 119 +++++++++++++++++++++
 filehooker/root-image/krebs/lib/iso                |   7 ++
 filehooker/root-image/krebs/lib/krebs              |  16 +++
 filehooker/root-image/krebs/lib/network            | 100 +++++++++++++++++
 filehooker/root-image/krebs/lib/punani             |  99 +++++++++++++++++
 filehooker/root-image/krebs/lib/retiolum           |  99 +++++++++++++++++
 filehooker/root-image/krebs/lib/tahoe              |  34 ++++++
 filehooker/root-image/krebs/lib/tor                |  19 ++++
 filehooker/root-image/krebs/lib/vim                |  40 +++++++
 filehooker/root-image/root/.automated_script.sh    |  34 ++++++
 filehooker/root-image/root/.zlogin                 |   1 +
 filehooker/root-image/root/customize_root_image.sh |  36 +++++++
 filehooker/root-image/usr/bin/ncdc                 | Bin 0 -> 4242384 bytes
 35 files changed, 903 insertions(+)
 create mode 100644 filehooker/root-image/etc/fstab
 create mode 100644 filehooker/root-image/etc/hostname
 create mode 100644 filehooker/root-image/etc/locale.conf
 create mode 100644 filehooker/root-image/etc/pam.d/su
 create mode 100644 filehooker/root-image/etc/sudoers.d/g_wheel
 create mode 100755 filehooker/root-image/etc/systemd/scripts/choose-mirror
 create mode 100644 filehooker/root-image/etc/systemd/system/choose-mirror.service
 create mode 100644 filehooker/root-image/etc/systemd/system/etc-pacman.d-gnupg.mount
 create mode 100644 filehooker/root-image/etc/systemd/system/filehooker-hostname.service
 create mode 100644 filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf
 create mode 100644 filehooker/root-image/etc/systemd/system/pacman-init.service
 create mode 100644 filehooker/root-image/etc/systemd/system/tor-announce.service
 create mode 100644 filehooker/root-image/etc/udev/rules.d/81-dhcpcd.rules
 create mode 100755 filehooker/root-image/krebs/bin/filehooker_configure_ncdc.ship
 create mode 100755 filehooker/root-image/krebs/bin/filehooker_configure_netshare.ship
 create mode 100755 filehooker/root-image/krebs/bin/filehooker_set_hostname.sh
 create mode 100755 filehooker/root-image/krebs/bin/tor_announce.ship
 create mode 100755 filehooker/root-image/krebs/bin/tor_publish_ssh.ship
 create mode 100644 filehooker/root-image/krebs/etc/authorized_keys
 create mode 100644 filehooker/root-image/krebs/lib/_punani_db
 create mode 100644 filehooker/root-image/krebs/lib/color
 create mode 100644 filehooker/root-image/krebs/lib/core
 create mode 100644 filehooker/root-image/krebs/lib/filehooker
 create mode 100644 filehooker/root-image/krebs/lib/iso
 create mode 100644 filehooker/root-image/krebs/lib/krebs
 create mode 100644 filehooker/root-image/krebs/lib/network
 create mode 100644 filehooker/root-image/krebs/lib/punani
 create mode 100644 filehooker/root-image/krebs/lib/retiolum
 create mode 100644 filehooker/root-image/krebs/lib/tahoe
 create mode 100644 filehooker/root-image/krebs/lib/tor
 create mode 100644 filehooker/root-image/krebs/lib/vim
 create mode 100755 filehooker/root-image/root/.automated_script.sh
 create mode 100644 filehooker/root-image/root/.zlogin
 create mode 100755 filehooker/root-image/root/customize_root_image.sh
 create mode 100755 filehooker/root-image/usr/bin/ncdc

(limited to 'filehooker/root-image')

diff --git a/filehooker/root-image/etc/fstab b/filehooker/root-image/etc/fstab
new file mode 100644
index 00000000..e69de29b
diff --git a/filehooker/root-image/etc/hostname b/filehooker/root-image/etc/hostname
new file mode 100644
index 00000000..ef8963cd
--- /dev/null
+++ b/filehooker/root-image/etc/hostname
@@ -0,0 +1 @@
+filebitch
diff --git a/filehooker/root-image/etc/locale.conf b/filehooker/root-image/etc/locale.conf
new file mode 100644
index 00000000..01ec548f
--- /dev/null
+++ b/filehooker/root-image/etc/locale.conf
@@ -0,0 +1 @@
+LANG=en_US.UTF-8
diff --git a/filehooker/root-image/etc/pam.d/su b/filehooker/root-image/etc/pam.d/su
new file mode 100644
index 00000000..a2910423
--- /dev/null
+++ b/filehooker/root-image/etc/pam.d/su
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+auth		sufficient	pam_wheel.so trust use_uid
+auth		required	pam_unix.so
+account		required	pam_unix.so
+session		required	pam_unix.so
diff --git a/filehooker/root-image/etc/sudoers.d/g_wheel b/filehooker/root-image/etc/sudoers.d/g_wheel
new file mode 100644
index 00000000..8c45359f
--- /dev/null
+++ b/filehooker/root-image/etc/sudoers.d/g_wheel
@@ -0,0 +1 @@
+%wheel  ALL=(ALL) NOPASSWD: ALL
diff --git a/filehooker/root-image/etc/systemd/scripts/choose-mirror b/filehooker/root-image/etc/systemd/scripts/choose-mirror
new file mode 100755
index 00000000..0ae08067
--- /dev/null
+++ b/filehooker/root-image/etc/systemd/scripts/choose-mirror
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+get_cmdline() {
+    local param
+    for param in $(< /proc/cmdline); do
+        case "${param}" in
+            $1=*) echo "${param##*=}";
+            return 0
+            ;;
+        esac
+    done
+}
+
+mirror=$(get_cmdline mirror)
+[[ $mirror = auto ]] && mirror=$(get_cmdline archiso_http_srv)
+[[ $mirror ]] || exit 0
+
+mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
+cat >/etc/pacman.d/mirrorlist << EOF
+#
+# Arch Linux repository mirrorlist
+# Generated by archiso
+#
+
+Server = ${mirror%%/}/\$repo/os/\$arch
+EOF
diff --git a/filehooker/root-image/etc/systemd/system/choose-mirror.service b/filehooker/root-image/etc/systemd/system/choose-mirror.service
new file mode 100644
index 00000000..1e4d771d
--- /dev/null
+++ b/filehooker/root-image/etc/systemd/system/choose-mirror.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Choose mirror from the kernel command line
+ConditionKernelCommandLine=mirror
+
+[Service]
+Type=oneshot
+ExecStart=/etc/systemd/scripts/choose-mirror
+
+[Install]
+WantedBy=multi-user.target
diff --git a/filehooker/root-image/etc/systemd/system/etc-pacman.d-gnupg.mount b/filehooker/root-image/etc/systemd/system/etc-pacman.d-gnupg.mount
new file mode 100644
index 00000000..4eab5513
--- /dev/null
+++ b/filehooker/root-image/etc/systemd/system/etc-pacman.d-gnupg.mount
@@ -0,0 +1,8 @@
+[Unit]
+Description=Temporary /etc/pacman.d/gnupg directory
+
+[Mount]
+What=tmpfs
+Where=/etc/pacman.d/gnupg
+Type=tmpfs
+Options=mode=0755
diff --git a/filehooker/root-image/etc/systemd/system/filehooker-hostname.service b/filehooker/root-image/etc/systemd/system/filehooker-hostname.service
new file mode 100644
index 00000000..67879d82
--- /dev/null
+++ b/filehooker/root-image/etc/systemd/system/filehooker-hostname.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=change filehooker hostname
+Before=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/krebs/bin/filehooker_set_hostname.sh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf b/filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf
new file mode 100644
index 00000000..d1d8474c
--- /dev/null
+++ b/filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf
@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux
diff --git a/filehooker/root-image/etc/systemd/system/pacman-init.service b/filehooker/root-image/etc/systemd/system/pacman-init.service
new file mode 100644
index 00000000..23b81445
--- /dev/null
+++ b/filehooker/root-image/etc/systemd/system/pacman-init.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Initializes Pacman keyring
+Wants=haveged.service
+After=haveged.service
+Requires=etc-pacman.d-gnupg.mount
+After=etc-pacman.d-gnupg.mount
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/pacman-key --init
+ExecStart=/usr/bin/pacman-key --populate archlinux
+
+[Install]
+WantedBy=multi-user.target
diff --git a/filehooker/root-image/etc/systemd/system/tor-announce.service b/filehooker/root-image/etc/systemd/system/tor-announce.service
new file mode 100644
index 00000000..818a5c4c
--- /dev/null
+++ b/filehooker/root-image/etc/systemd/system/tor-announce.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Announce Tor Hidden Address
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/krebs/bin/tor_announce.ship
+
+[Install]
+WantedBy=multi-user.target
diff --git a/filehooker/root-image/etc/udev/rules.d/81-dhcpcd.rules b/filehooker/root-image/etc/udev/rules.d/81-dhcpcd.rules
new file mode 100644
index 00000000..1c4053c0
--- /dev/null
+++ b/filehooker/root-image/etc/udev/rules.d/81-dhcpcd.rules
@@ -0,0 +1 @@
+ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="en*|eth*", ENV{SYSTEMD_WANTS}="dhcpcd@$name.service"
diff --git a/filehooker/root-image/krebs/bin/filehooker_configure_ncdc.ship b/filehooker/root-image/krebs/bin/filehooker_configure_ncdc.ship
new file mode 100755
index 00000000..62d3b4f7
--- /dev/null
+++ b/filehooker/root-image/krebs/bin/filehooker_configure_ncdc.ship
@@ -0,0 +1,15 @@
+#!/usr/bin/env ship
+#TODO waiting for ship2
+#@info
+#@strict
+set -euf
+#@include filehooker
+. /krebs/lib/filehooker
+
+dc_hub="adcs://elch.nsupdate.info:2781"
+nick="$(cat /etc/hostname)"
+
+ncdc_install
+
+ncdc_configure_nick "$nick"
+ncdc_configure_hub "$dc_hub"
diff --git a/filehooker/root-image/krebs/bin/filehooker_configure_netshare.ship b/filehooker/root-image/krebs/bin/filehooker_configure_netshare.ship
new file mode 100755
index 00000000..f45ffeac
--- /dev/null
+++ b/filehooker/root-image/krebs/bin/filehooker_configure_netshare.ship
@@ -0,0 +1,7 @@
+#!/bin/sh
+#@info
+#@strict
+#@include filehooker
+#for i in $(prepare_netshares) ;do
+   #ncdc_configure_netshare "$i"  "${i##*/}"
+#done
diff --git a/filehooker/root-image/krebs/bin/filehooker_set_hostname.sh b/filehooker/root-image/krebs/bin/filehooker_set_hostname.sh
new file mode 100755
index 00000000..cb9b0170
--- /dev/null
+++ b/filehooker/root-image/krebs/bin/filehooker_set_hostname.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/bash
+hostn="filehooker$RANDOM"
+echo "$hostn" > /etc/hostname
+hostname $hostn
+
diff --git a/filehooker/root-image/krebs/bin/tor_announce.ship b/filehooker/root-image/krebs/bin/tor_announce.ship
new file mode 100755
index 00000000..bf9d58dc
--- /dev/null
+++ b/filehooker/root-image/krebs/bin/tor_announce.ship
@@ -0,0 +1,17 @@
+#!/bin/sh
+#@include core
+. /krebs/lib/core
+#@include network
+. /krebs/lib/network
+#@include tor
+. /krebs/lib/tor
+
+test -w "$torrc" || ( error "$torrc is not writable!"; exit 1 ) || exit 1
+
+configure_hidden_service
+test ! -e $hidden_service_dir/hostname && \
+  info "hidden service file does not exist, restarting tor" && \
+  systemctl restart tor && \
+  sleep 1
+
+cat $hidden_service_dir/hostname | send_irc
diff --git a/filehooker/root-image/krebs/bin/tor_publish_ssh.ship b/filehooker/root-image/krebs/bin/tor_publish_ssh.ship
new file mode 100755
index 00000000..2ecee9fb
--- /dev/null
+++ b/filehooker/root-image/krebs/bin/tor_publish_ssh.ship
@@ -0,0 +1,12 @@
+#!/usr/bin/env ship
+#@include core
+. /krebs/lib/core
+#@include network
+. /krebs/lib/network
+#@include tor
+. /krebs/lib/tor
+
+test -w "$torrc" || ( error "$torrc is not writable!"; exit 1 ) || exit 1
+
+configure_hidden_service
+cat $hidden_service_dir/hostname | send_irc
diff --git a/filehooker/root-image/krebs/etc/authorized_keys b/filehooker/root-image/krebs/etc/authorized_keys
new file mode 100644
index 00000000..f7458157
--- /dev/null
+++ b/filehooker/root-image/krebs/etc/authorized_keys
@@ -0,0 +1,5 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7YrLdnXDRU2XEdZDu1BmgiT0Vaxplf3bfvSm+5o3g4AcR2yCv7h2D633c9uA0gq52EJ3V5m8B1ZcxqA0zqDptKwx+ZTMUGDls7StH5xpJyk9j5gf8DzyDLQPQG2IYszCH+8esKjo3BOFxfey8NaX+k6gvQsG3lyV0PjLvvIy4gDuMn6dPZfVAlwNYFOUNgwpku3W3A0d+UFyVjt3/sgZxM+8C3y6QE1gwT5/NfBbHM5vaEqjHcVq1ui+7a4iOXFGKkZDcd7EX6cQZSbCzZL7sZ0OmB1WpAsDCvIXfzX1YfNA0sso7ldSF6ZUGNgwEk1LootnQlCK/dfbM+i62SZ+1 tv@iiso
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv9TTt4FkzT3jlQ0VS2tX/GpQO9Ef0wIQ+g96foe4qSniBwR667T1gIhURrod/p7N9oQcWRrNohjgmSBZRYA0kW6ZyqYJkLvRv54nXv6j/8Xq2nG/KVfDqL0kp8if+JGeFlQElpWJiAbGifYkopFy69QiLYU2ndR7aPbx+5qm/dcwPJ7K+n6dyePynCZadtcabm3PuBFUxGLdT9ImDXMOPfXxPMlN/3eb78byuEuHnhCIvIGLMBGx+8QTXvu7kHpZObvkbsF1xjVs9fDpwVLjh7GWdwf3BZ/agFlI24ffyqCPFnuaxUVyfUZeqf4twRsIZkTTB47lHDhYiVkyGe8gd root@pigstarter.de
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== death@uriel
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/mUvSqIroFofp8a+nL6TBgAVvIk8IvFeOsHnRQsvhZX8ddk1+JICipsGwqsT2wRAk9rhcnLU/OdF+PXvykztNa1x4XxNACKnLfWBMk/VGadUkCwsdIwuu80nQfaEz5vNrjgNLfCaNoUa6sg0A2eyyuWH/vruPyfPJNDXA/ZQdXxJCSSfZUnIFW4qjAf4hZ+TK1CY7xECZQ3r+aqhJmSFe3T+ul5ZQLl6fmHP4oTf7sFNV4/fHY8RMxCPMztdyUJc3HB5MhI94VytjXuTSBDAgi5567bH1j1aBco4mAezfgHZy2eqeNVzYmFM/cVGEqyRIjokGYa72ZuGZ5Y58HjVDL8olweUVqOm11ref8+tBovyrHzjNKn6YiiMPYb0j03vBecqZYDA6n24s2WgEniL5WALhi5Y1NgUo1W9WDefhA2xC7p9xSy8kxs1UJH6g9U8SuHY2geJ/dYf3jixB3q/PwAfntejPkX1Pwy+rBVirA1vYIYgOWeifUyq6tYHxVo/kVEbyYkE1B6pBGwRdsWDwT3y02DO3OZFq9QX/0zkJtv2lkMR0LDk8WjZjilfqs1UivDCNY3ZQF+SOvUzeAkQFWSSU+yKlZOGPWcqNUVw8SQCw5/doIKjIclekWJ9KSD1VjTImx2oqYNqOa0kfvX+4cU+ECI1daCR6cjYiuizBIQ== pedro
diff --git a/filehooker/root-image/krebs/lib/_punani_db b/filehooker/root-image/krebs/lib/_punani_db
new file mode 100644
index 00000000..e5bf15b1
--- /dev/null
+++ b/filehooker/root-image/krebs/lib/_punani_db
@@ -0,0 +1,57 @@
+_punanidb_pacman_=
+_punanidb_yum_=
+_punanidb_aptget_=
+
+_punanidb_pacman_git=git
+_punanidb_yum_git=git
+_punanidb_aptget_git=git-core
+
+_punanidb_pacman_python2=python2
+_punanidb_yum_python2=python
+_punanidb_aptget_python2=python
+
+_punanidb_pacman_python3=python
+_punanidb_aptget_python3=python3
+
+_punanidb_pacman_pip2=python2-pip
+_punanidb_aptget_pip2=python-pip
+
+_punanidb_pacman_virtualenv=python-virtualenv
+_punanidb_aptget_virtualenv=python-virtualenv
+
+_punanidb_pacman_gpp=g++
+_punanidb_aptget_gpp=gcc
+
+_punanidb_pacman_python2_dev=python2
+_punanidb_aptget_python2_dev=python-dev
+
+_punanidb_pacman_hostname=inetutils
+_punanidb_aptget_hostname=hostname
+
+_punanidb_pacman_hostname=inetutils
+_punanidb_aptget_hostname=hostname
+
+_punanidb_pacman_make=make
+_punanidb_yum_make=make
+_punanidb_aptget_make=make
+
+_punanidb_pacman_tinc=tinc
+_punanidb_yum_tinc=tinc
+_punanidb_aptget_tinc=tinc
+
+_punanidb_pacman_zsh=zsh
+_punanidb_yum_zsh=zsh
+_punanidb_aptget_zsh=zsh
+
+_punanidb_pacman_tor=tor
+_punanidb_yum_tor=tor
+_punanidb_aptget_tor=tor
+
+_punanidb_pacman_nano=nano
+_punanidb_yum_nano=nano
+_punanidb_aptget_nano=nano
+
+_punanidb_pacman_vim=vim
+_punanidb_yum_vim=vim-enhanced
+_punanidb_aptget_vim=vim
+
diff --git a/filehooker/root-image/krebs/lib/color b/filehooker/root-image/krebs/lib/color
new file mode 100644
index 00000000..cec2044e
--- /dev/null
+++ b/filehooker/root-image/krebs/lib/color
@@ -0,0 +1,7 @@
+# superseed logging with color
+green='\e[0;32m'
+red='\e[0;31m'
+nc='\e[0m'
+msg() { printf "$*\n" >&2; }
+info()  { msg "$green$*$nc"; }
+error() { msg "$green$*$nc"; }
diff --git a/filehooker/root-image/krebs/lib/core b/filehooker/root-image/krebs/lib/core
new file mode 100644
index 00000000..0c321525
--- /dev/null
+++ b/filehooker/root-image/krebs/lib/core
@@ -0,0 +1,80 @@
+# logging
+msg() { echo "$*" >&2; }
+info()  { msg "** $*"; }
+error() { msg "!! $*"; }
+## usage: die [REASON...]
+die() {
+  test $# -gt 0 && error "$*"
+  error 'Bailing out.'
+  exit 1
+}
+exists(){ 
+  type "$1" >/dev/null 2>/dev/null; 
+}
+
+is_root(){
+  test $(id -u) -eq 0
+}
+
+defer(){
+  #close enough
+  trapstr="$1;${trapstr:-exit}"
+  trap "$trapstr" INT TERM EXIT KILL
+}
+
+esudo(){
+  # weaksauce esudo (expect sudo)
+  if ! is_root; then
+    # for the record:
+    # exec sudo -E "$0" "$@"
+    error "You are not root enough for this script"
+    exit 23 # go to hell
+  fi
+}
+
+get_hostname(){
+  # finds the current hostname
+  #   if ENV HOSTN is set echo $HOSTN
+  #   We try the following:
+  #      $HOSTN
+  #      $HOSTNAME
+  #      hostname
+  #      uci system.hostname
+  #      /etc/hostname
+  #   if everything fails, it returns 1 and prints 'unknown'
+
+  if [ -n "${HOSTN:-}" ] ;     then printf "${HOSTN:-}" 
+  elif [ -n "${HOSTNAME:-}" ] ;then printf "$HOSTNAME"
+  elif exists hostname ;       then printf "$(hostname)"
+  elif exists uci    ;         then printf "$(uci get system.@system[0].hostname)"
+  elif [ -e /etc/hostname ]   ;then printf "$(cat /etc/hostname)"
+  else                              printf "unknown"; return 1
+  fi
+  return 0
+}
+
+line_to_dot(){ 
+  while read line; do printf .; done;
+}
+
+get_os(){
+  # TODO: find all the release files
+  #if grep -q 'Linux' /etc/*release 2>/dev/null || grep -qe 'Linux' /etc/issue 2>/dev/null; then
+  if grep -q 'Linux' /etc/lsb-release 2>/dev/null || grep -q 'Linux' /etc/issue 2>/dev/null; then
+    echo 'linux'
+  elif test -e /etc/preferred-apps/google.xml; then
+    echo 'android'
+  elif test -e /etc/openwrt_release; then
+    echo 'openwrt'
+  elif uname -s | grep -qi 'darwin'; then
+    echo 'osx'
+  else
+    warn "Cannot determine your operating system, falling back to Linux"
+    echo 'linux'
+  fi
+}
+
+# user management
+has_user(){
+    egrep "^$1:" /etc/passwd >/dev/null
+}
diff --git a/filehooker/root-image/krebs/lib/filehooker b/filehooker/root-image/krebs/lib/filehooker
new file mode 100644
index 00000000..18376465
--- /dev/null
+++ b/filehooker/root-image/krebs/lib/filehooker
@@ -0,0 +1,119 @@
+#@include core
+. /krebs/lib/core
+#@include network
+. /krebs/lib/network
+ncdc_user=${ncdc_user:-hooker}
+ncdc_bin=${ncdc_bin:-/usr/bin/ncdc}
+
+ncdc_config(){
+    # maybe we want to use the running ncdc process and communicate via tmux send-keys ?
+   (sleep 1;cat;printf "/quit\n") | sudo -u $ncdc_user "$ncdc_bin"
+}
+
+ncdc_configure_netshare(){
+    : "${1?provide path to share}"
+    rnd=`hexdump -n 2 -e '/2 "%u"' /dev/urandom`
+    rnd_name="${2:-share_$rnd}"
+    info "adding share"
+    (echo "/share $rnd_name $1") | ncdc_config
+}
+
+ncdc_configure_nick(){
+    nick=${1?nick must be provided}
+    info "configuring DC Nick: $nick"
+    echo "/nick $nick" | ncdc_config
+}
+ncdc_configure_hub(){
+    rnd=`hexdump -n 2 -e '/2 "%u"' /dev/urandom`
+    hubname="hub_$rnd"
+    hub=${1?adcs://localhost:2781}
+    info "configuring DC Hub: $hub, activating autconnect"
+    info "setting active as true"
+    (echo "/open ${hubname} ${hub}" ;
+    echo "/hset autoconnect true") | ncdc_config
+}
+
+ncdc_download(){
+install_dir="$(dirname "${ncdc_bin}")"
+info "installing ncdc to $install_dir"
+curl http://dev.yorhel.nl/download/ncdc-linux-x86_64-1.19.tar.gz | tar xz -C "$install_dir"
+}
+ncdc_install(){
+useradd -m $ncdc_user ||:
+}
+
+ncdc_autostart(){
+# only systemd
+# punani install tmux
+cat > /etc/systemd/system/ncdc@.service <<EOF
+[Unit]
+Description=ncdc
+Requires=network.target local-fs.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+KillMode=none
+User=%I
+ExecStart=/usr/bin/tmux new-session -s dcpp -n ncdc -d ncdc
+ExecStop=/usr/bin/tmux send-keys -t dcpp:ncdc "/quit" C-m
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable ncdc@$ncdc_user
+}
+
+# 20gig in bytes
+min_netshare_size=${min_netshare_size:-20000000000}
+get_disksize(){
+fdisk -l ${1?provide disk} | grep '^Disk ' | cut -d\  -f 5
+}
+
+prepare_netshares(){
+    count=0
+    fdisk -l  | grep '^Disk '  | egrep '(/dev/sd|/dev/hd)' | cut -d\  -f 2 | tr -d : | while read disk;do
+        size=$(get_disksize $disk)
+        if test "$size" -gt "$min_netshare_size";
+        then
+            info "using $disk with $size bytes"
+            dd if=/dev/zero of=$disk bs=1M count=1 >/dev/null
+            sleep 1
+            (printf "o\nn\np\n\n\n\nw\n\n") |fdisk $disk >/dev/null ||:
+            #partprobe $disk
+            mkfs.btrfs -f ${disk}1 >/dev/null
+            uuid="$(blkid ${disk}1 -o value | head -n 1)"
+            mountpoint="/media/vag${count}"
+            mkdir -p "$mountpoint"
+            echo "UUID=$uuid  $mountpoint btrfs rw,relatime,space_cache 0 0" >> /etc/fstab
+            echo "$mountpoint"
+            : $((count++))
+        else
+            info "skipping $disk"
+        fi
+    done
+}
+install_tor_announce(){
+# systemd only
+info "writing tor_announce.service"
+cat > /etc/systemd/system/tor_announce.service<<EOF
+[Unit]
+Description=Announce Tor Hidden Address
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/tor_announce
+
+[Install]
+WantedBy=multi-user.target
+EOF
+info "writing tor_announce to /usr/bin/tor_announce"
+printf '#!/bin/sh\nsleep 20\n' > /usr/bin/tor_announce
+http_get conf.krebsco.de/tor_publish_ssh >> /usr/bin/tor_announce
+chmod +x /usr/bin/tor_announce
+info "enable tor_announce"
+systemctl enable tor_announce
+systemctl start tor_announce
+}
diff --git a/filehooker/root-image/krebs/lib/iso b/filehooker/root-image/krebs/lib/iso
new file mode 100644
index 00000000..0776d796
--- /dev/null
+++ b/filehooker/root-image/krebs/lib/iso
@@ -0,0 +1,7 @@
+get_volid(){
+  #returns the volume id of the iso given
+  # is needed for remastering the archlinux iso
+  
+  #punani install genisoimage
+  isoinfo -d -i "${1?path to iso must be given}" | grep "^Volume id:" | cut -d: -f 2 |xargs
+}
diff --git a/filehooker/root-image/krebs/lib/krebs b/filehooker/root-image/krebs/lib/krebs
new file mode 100644
index 00000000..e47031d6
--- /dev/null
+++ b/filehooker/root-image/krebs/lib/krebs
@@ -0,0 +1,16 @@
+#@include core
+krebs_pubkeys="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7YrLdnXDRU2XEdZDu1BmgiT0Vaxplf3bfvSm+5o3g4AcR2yCv7h2D633c9uA0gq52EJ3V5m8B1ZcxqA0zqDptKwx+ZTMUGDls7StH5xpJyk9j5gf8DzyDLQPQG2IYszCH+8esKjo3BOFxfey8NaX+k6gvQsG3lyV0PjLvvIy4gDuMn6dPZfVAlwNYFOUNgwpku3W3A0d+UFyVjt3/sgZxM+8C3y6QE1gwT5/NfBbHM5vaEqjHcVq1ui+7a4iOXFGKkZDcd7EX6cQZSbCzZL7sZ0OmB1WpAsDCvIXfzX1YfNA0sso7ldSF6ZUGNgwEk1LootnQlCK/dfbM+i62SZ+1 tv@iiso
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv9TTt4FkzT3jlQ0VS2tX/GpQO9Ef0wIQ+g96foe4qSniBwR667T1gIhURrod/p7N9oQcWRrNohjgmSBZRYA0kW6ZyqYJkLvRv54nXv6j/8Xq2nG/KVfDqL0kp8if+JGeFlQElpWJiAbGifYkopFy69QiLYU2ndR7aPbx+5qm/dcwPJ7K+n6dyePynCZadtcabm3PuBFUxGLdT9ImDXMOPfXxPMlN/3eb78byuEuHnhCIvIGLMBGx+8QTXvu7kHpZObvkbsF1xjVs9fDpwVLjh7GWdwf3BZ/agFlI24ffyqCPFnuaxUVyfUZeqf4twRsIZkTTB47lHDhYiVkyGe8gd root@pigstarter.de
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7df1RfMGNHPJe0iF6rD9DBs/4VujN6nNr7RbRCFk7HF/JzLXSn9Vcwk+3JefP4/d/bUo0h03rhQaRohDhBScrJidj2YacF6gmZOuTf3AMWprdz9D/1dDkN/ytwzGhADhqbHEWeomIllsa8Up4PvEeDcIHJGzYvuc0BbGqRk0XgxwqIrLAhdpTfEKaTbt7IzmUqEofxThTZ/4k020PKn2WDBWKQYGZJ9Ba2WzlKUXWx842ncW29oxC2faRz4M3eMPy0JMpBLkK9U3dccE75dgT/89/4ofVjM7+J3FOP3dgXzrtk+A5aN5a/veJUViQ9xdGxXvoa++iCr5q/BVRv0Bb sammy@muhbaasu.de
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOIRWLC4ESCDxjyoJUqaUNC8ZDiE4UICZk3cbDptdtendTQvjSXz0RW6MWhJ+F6wWZntL1EibKn8djax1tzgcvNASCUEtGey/850IzBIrETs+WQDRjV2QqBKWxVaQPIFjw2V3vFSKKNxq01qznVBY510DIf4+0WR8b1ZPD/XbuyQLGYM3N7dP4JQSnnNAgtyutBKdomWfT18hW1lLjkP8h1IOiC03HxXTYX+nMUiLDff3D5GT5u3Ke2+VigXjz4Ue8rVsOg/zgqrwEAfx8o1q83uSB23oqUqWkqlxOC/4QY5kpdNqW/Iz89zHibp5ZceHd2ZSoGefv7UZM0lRIDHjJ retiolum@ire
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3+2vSwiJoIpHpnkw4SslPrlR6/z43nZ7s1tGXkkNnVDB2uzxMaISNRjSk0GgXpDx4hLEi6074hSvv5JWbUuMyKr9n6GVVeYNCjsiPcRkL3d7zDwFwqyndhVeWgmpuylYx4XKIbTvpBVyG3CRT1+D4apVUgiDa9lVfjBk7/ESxBzt0dXtlJEzQBBoCo0C8jeeIpvZKbq1zeM9wvLsgFaT7fsSxrg5BEb/tQl6pbkykWFXbzzd91liEQaSqai7Ux2355ZXGANQBCTglKhdTcir0RuHNtQGrZHBxL9qVfJjJJNZg1b6UAhDanqE/HyOI3sp6LGBvpW5afLKOdj9ppQQN retiolum@nomic
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== death@uriel"
+
+authorized_keys_file="${authorized_keys:-$HOME/.ssh/authorized_keys}"
+deploy_krebs_pubkeys(){
+info "deploying pubkeys in $authorized_keys_file"
+mkdir -p "$(dirname "$authorized_keys_file")"
+printf "$krebs_pubkeys\n" >> "$authorized_keys_file"
+
+}
diff --git a/filehooker/root-image/krebs/lib/network b/filehooker/root-image/krebs/lib/network
new file mode 100644
index 00000000..df2ae153
--- /dev/null
+++ b/filehooker/root-image/krebs/lib/network
@@ -0,0 +1,100 @@
+#@include core
+. /krebs/lib/core
+
+# TODO refactor this
+which_get_loader(){
+  if ! exists curl ; then
+    if ! exists wget ; then
+      warn "Please install curl or wget"
+      return 1
+    else
+      echo "wget -q -O-"
+    fi
+  else
+    echo "curl -L -s"
+  fi
+  return 0
+}
+
+which_head_loader(){
+  if ! exists curl ; then
+    if ! exists wget ; then
+      warn "Please install curl or wget"
+      return 1
+    else
+      echo "wget -O- --spider -S -q"
+    fi
+  else
+    echo "curl -L -I -s"
+  fi
+  return 0
+}
+
+http_get(){
+    eval "$(which_get_loader)" "${1?please provide url}"
+}
+http_head(){
+    eval "$(which_head_loader)" "${1?please provide url}" 2>&1
+}
+
+internet(){
+    secret=$(http_get http://krebsco.de/secret 2>/dev/null)
+    if [ "$secret" = "1337" ]; then
+        return 0
+    else
+        echo "cannot load secret or secret incorrect" >&2
+        return 1
+    fi
+}
+
+which_telnet(){
+  # find Telnet or similar and executes it at the end
+  # requires exist
+  # if env TELNET is set, will be trying to run this 
+  # Tries the following things:
+  #     telnet
+  #     nc
+  #     netcat
+  #     busybox telnet
+  if [ -e "${TELNET:-does_not_exist}" ]; then
+    info "Will be using $TELNET as Telnet Client"
+    echo $TELNET
+  elif exists telnet ;then
+    command -v telnet
+  elif exists nc ;then
+    command -v nc
+  elif exists netcat;then
+    command -v netcat
+  elif exists busybox;then
+    echo  `command -v busybox` telnet
+  else
+    die 'Cannot find telnet binary, please install either telnet-client or busybox or netcat or provided TELNET environment.'
+  fi
+}
+
+run_telnet(){
+  host="$1"
+  port="$2"
+  $(which_telnet) "$host" "$port"
+}
+
+send_irc(){
+  ## reads from stdin, writes to IRC
+  ##
+  ## requires func: exists() anytelnet()
+  if [ -z "${HOSTN:-}" ]; then
+    HOSTN="$(get_hostname)"
+    info "no HOSTN given, using $HOSTN instead"
+  fi
+  IRCCHANNEL=${IRCCHANNEL:-"#krebs_incoming"}
+  IRCSERVER=${IRCSERVER:-"irc.freenode.net"}
+  IRCPORT=${IRCPORT:-6667}
+  NICK="${HOSTN}_$(head /dev/urandom | tr -dc "0123456789" | head -c3)"
+  info "starting irc connect as $NICK"
+  (   echo "NICK $NICK";
+      echo "USER $NICK $IRCSERVER bla : $NICK";
+      echo "JOIN $IRCCHANNEL";
+      sleep 23;
+      while read line; do echo "PRIVMSG $IRCCHANNEL :$line";sleep 1;done
+      sleep 5; ) | run_telnet $IRCSERVER $IRCPORT 2>/dev/null
+}
diff --git a/filehooker/root-image/krebs/lib/punani b/filehooker/root-image/krebs/lib/punani
new file mode 100644
index 00000000..4338d19d
--- /dev/null
+++ b/filehooker/root-image/krebs/lib/punani
@@ -0,0 +1,99 @@
+#@include core
+#@include _punani_db
+
+## usage: punani_has PACKAGE
+punani_has() {
+  eval "_punani_${PACKER}_has \"\$1\""
+}
+
+## usage: punani_owner PACKAGE
+punani_owner() {
+  eval "_punani_${PACKER}_owner \"\$1\""
+}
+
+## usage: punani_install PACKAGE
+punani_install() {
+  eval "_punani_${PACKER}_install \"\$1\""
+}
+
+## usage: punani_remove PACKAGE
+punani_remove() {
+  eval "_punani_${PACKER}_remove \"\$1\""
+}
+
+## usage: _punani_resolve_package PKGNAME
+_punani_resolve_package(){
+  eval "set -u; echo \"\${_punanidb_${PACKER}_$1}\"" 2>/dev/null
+}
+
+## usage: _punani_select_packer
+_punani_select_packer() {
+  for p in ${_punani_known_packers:-null}; do
+    exists $p && info "using $p" && PACKER=`echo $p | tr -d -` && break
+  done
+}
+_punani_known_packers='pacman apt-get yum brew'
+_punani_pacman_install(){ pacman --noconfirm -S --needed "$@" ;}
+_punani_pacman_remove(){ pacman --noconfirm -Rcs "$@" ;}
+_punani_pacman_has(){ pacman -Q "$1" >/dev/null;}
+_punani_pacman_owner() { pacman -Qo "$1"; }
+_punani_aptget_install(){ apt-get -y install "$@" ;}
+_punani_aptget_remove(){ apt-get -y remove "$@" ;}
+_punani_aptget_has() { dpkg -s "$1" | grep -q "Status: install";}
+_punani_aptget_owner() { dpkg-query -S "$1" | cut -d: -f1;}
+_punani_yum_install(){ yum -y install "$@" ;}
+_punani_yum_remove(){ yum -y remove "$@" ;}
+_punani_yum_has() { rpm -qa --qf "%{NAME}\n"| egrep  "^${1}\$" >/dev/null ;}
+_punani_yum_owner(){ rpm -qf "$1" ;}
+_punani_brew_install(){ brew install "$@"; }
+_punani_brew_remove(){ brew remove "$@";}
+# TODO _punani_brew_has
+
+punani(){
+  # punani UI
+  _punani_usage='punani {install,remove,has,owner} PACKAGE...'
+  _punani_select_packer || die 'no package manager found; no punani for you!'
+
+  ACTION="$1"; shift
+
+  if test $# = 0; then
+    error 'no PACKAGE specified.'
+    die "usage: $_punani_usage"
+  fi
+
+  for PKG; do
+    RES="`_punani_resolve_package $PKG`" ||
+      die "could not resolve '$PKG'; no punani for you!"
+
+    case "$ACTION" in
+      install)
+        if punani_has $RES; then
+          info "$RES already installed, skipping"
+        else
+          punani_install $RES || die "cannot install $RES with $PACKER"
+        fi
+        ;;
+      remove)
+        if ! punani_has $RES; then
+          info "$RES not installed, skipping"
+        else
+          punani_remove $RES || die "cannot install $RES with $PACKER"
+        fi
+        ;;
+      has)
+        if punani_has $RES; then
+          info "$RES is installed"
+        else
+          info "$RES is not installed"
+          exit 1
+        fi
+        ;;
+      owner)
+        punani_owner $RES
+        ;;
+      *)
+        error "bad action: $ACTION"
+        die "usage: $_punani_usage"
+    esac
+  done
+}
diff --git a/filehooker/root-image/krebs/lib/retiolum b/filehooker/root-image/krebs/lib/retiolum
new file mode 100644
index 00000000..1e55041c
--- /dev/null
+++ b/filehooker/root-image/krebs/lib/retiolum
@@ -0,0 +1,99 @@
+#!/bin/sh
+# retiolum host functions
+#@include core
+#@include network
+tinc_path=${tinc_path:-/etc/tinc}
+netname=${netname:-retiolum}
+hosts_dir=${hosts_dir:-$tinc_path/$netname/hosts}
+supernode_urls="http://euer.krebsco.de/retiolum/supernodes.tar.gz"
+reload_tinc(){
+  info "reloading tinc configuration"
+  pkill -HUP tincd || tinc -n $netname reload;
+}
+
+refresh_supernode_keys(){
+  for url in $supernode_urls;do
+    info "Trying $url to retrieve supernodes"
+    if http_get "$url" \
+       | tar xvz -C $hosts_dir | xargs -n1 echo "refreshed:" ;then
+      info "refreshed supernode keys"
+      return 0
+    else
+      error "$url unusable for retrieving supernode host files"
+    fi
+  done && return 1
+}
+
+find_supernodes(){
+  cd $hosts_dir
+  set +f
+  for name in `
+    grep '^[  ]*Address[  ]*=' * |
+      cut -d: -f1 | sort | uniq
+  `; do
+    if eval "`sed -n '
+        s/[   ]\+//g
+        s/^\(Address\|Port\)=\(.*\)/\1="\${\1+\$\1\n}\2"/p
+      ' $name`"; then
+      port=${Port-655}
+      for host in $Address; do
+        if nc -zw 2 $host $port 2>/dev/null; then
+          echo "$name [('$host', $port)]"
+        fi &
+      done
+      wait
+    fi &
+  done
+  wait
+  cd - >/dev/null
+}
+
+find_active_nodes(){
+  # TODO this function currently only supports a single address for a host
+  cd $hosts_dir
+  # posix grep does not support [[:space:]]
+  set +f
+  for name in `
+    grep '^[  ]*Address[  ]*=' * |
+      cut -d: -f1 | sort | uniq
+  `; do
+    if eval "`sed -n '
+        s/[   ]\+//g
+        s/^\(Address\|Port\)=\(.*\)/\1="\${\1+\$\1\n}\2"/p
+      ' $name`"; then
+      port=${Port-655}
+      for host in $Address; do
+        if nc -zw 2 $host $port 2>/dev/null; then
+          echo "$name [('$host', $port)]"
+        fi &
+      done
+      wait
+    fi &
+  done
+  wait
+  cd - >/dev/null
+}
+
+check_free_v4(){
+  myipv4=${1-10.243.0.-1}
+  v4num=${myipv4##*.}
+  printf "Retard check: "
+  if [ "$v4num" -gt 0 -a "$v4num" -lt "256" ];
+  then 
+    info "No retard detected\n"
+    cd $hosts_dir
+    info "Check if ip is still free: "
+    for i in `ls -1`; do
+      if grep -q -e $myipv4\$ $i ;then
+        error "Host IP already taken by $i! "
+        return 1
+      fi
+    done
+    info "Passed\n"
+    return 0
+  else
+    error "you are made of stupid. bailing out\n" 
+    return 1
+  fi
+  cd - >/dev/null
+}
diff --git a/filehooker/root-image/krebs/lib/tahoe b/filehooker/root-image/krebs/lib/tahoe
new file mode 100644
index 00000000..6960b3e7
--- /dev/null
+++ b/filehooker/root-image/krebs/lib/tahoe
@@ -0,0 +1,34 @@
+#@include core
+#@include network
+#@include punani
+
+tahoe_home=/home/tahoe
+tahoe_dir=$tahoe_home/.tahoe
+tahoe_init(){
+    # installs dependencies, user and a virtual environment for the tahoe user
+    punani install gpp pip2 python2_dev python2  virtualenv
+    has_user tahoe || useradd -r -m -b $tahoe_home -s /bin/false
+    cd $tahoe_home
+    virtualenv --no-site-packages -p "`type -p python2.7`"
+    . bin/activate
+    pip install  twisted pyasn1
+    pip install allmydata-tahoe
+    chown tahoe -R $tahoe_home
+}
+tahoe_create_node(){
+    # requires tahoe_init
+    sudo -u tahoe create-node  $tahoe_dir
+    sudo -u tahoe cat  > $tahoe_dir/tahoe.cfg <<EOF
+[node]
+nickname = $(get_hostname)
+web.port = 
+web.static = public_html
+
+[client]
+introducer.furl = $(http_get http://pigstarter/tahoe/introducer.furl)
+helper.furl = $(http_get http://pigstarter/tahoe/helper.furl)
+[storage]
+enabled = true
+reserved_space = 1G
+EOF
+}
diff --git a/filehooker/root-image/krebs/lib/tor b/filehooker/root-image/krebs/lib/tor
new file mode 100644
index 00000000..8d9e33f1
--- /dev/null
+++ b/filehooker/root-image/krebs/lib/tor
@@ -0,0 +1,19 @@
+# can be set via env:
+# torrc              - path to torrc (default: /etc/tor/torrc )
+# hidden_service_dir - path to hidden service (default: /var/lib/tor/hidden_service/ )
+
+
+torrc=${torrc:-/etc/tor/torrc}
+hidden_service_dir=${hidden_service_dir:-/var/lib/tor/hidden_service/}
+
+configure_hidden_service(){
+    if ! grep -q '^HiddenService' "$torrc"  ;then
+        info "adding hidden service to $torrc"
+        cat >> "$torrc" << EOF
+HiddenServiceDir ${hidden_service_dir}
+HiddenServicePort 22 127.0.0.1:22
+EOF
+    else
+        info "HiddenServiceDir or Port already in $torrc, skipping!"
+    fi
+}
diff --git a/filehooker/root-image/krebs/lib/vim b/filehooker/root-image/krebs/lib/vim
new file mode 100644
index 00000000..f75f3d0e
--- /dev/null
+++ b/filehooker/root-image/krebs/lib/vim
@@ -0,0 +1,40 @@
+# configure vim
+
+vimrc=$HOME/.vimrc
+
+vim_conf_sane_defaults(){
+    # TODO - make stuff more modular?
+    cat >>$vimrc<<EOF
+set nocompatible
+filetype plugin indent on
+syntax on
+set vb
+set foldenable
+set foldmethod=syntax
+set ignorecase
+set incsearch
+set showmatch
+set matchtime=3
+set hlsearch
+set backupdir=~/.vim/backup
+set directory=~/.vim/backup
+inoremap <F1> <ESC>
+nnoremap <F1> <ESC>
+vnoremap <F1> <ESC>
+set wildignore=*.o,*.obj,*.bak,*.exe,*.os
+cmap w!! w !sudo tee > /dev/null %
+colorscheme darkblue
+set background=dark
+set number
+set mouse=
+set shiftwidth=2
+set tabstop=2
+set et
+set sw=2
+set smarttab
+set autoindent
+set backspace=indent,eol,start
+set nocp
+EOF
+    mkdir -p $HOME/.vim/backup
+}
diff --git a/filehooker/root-image/root/.automated_script.sh b/filehooker/root-image/root/.automated_script.sh
new file mode 100755
index 00000000..fb106dae
--- /dev/null
+++ b/filehooker/root-image/root/.automated_script.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+script_cmdline ()
+{
+    local param
+    for param in $(< /proc/cmdline); do
+        case "${param}" in
+            script=*) echo "${param##*=}" ; return 0 ;;
+        esac
+    done
+}
+
+automated_script ()
+{
+    local script rt
+    script="$(script_cmdline)"
+    if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then
+        if [[ "${script}" =~ ^http:// || "${script}" =~ ^ftp:// ]]; then
+            wget "${script}" --retry-connrefused -q -O /tmp/startup_script >/dev/null
+            rt=$?
+        else
+            cp "${script}" /tmp/startup_script
+            rt=$?
+        fi
+        if [[ ${rt} -eq 0 ]]; then
+            chmod +x /tmp/startup_script
+            /tmp/startup_script
+        fi
+    fi
+}
+
+if [[ $(tty) == "/dev/tty1" ]]; then
+    automated_script
+fi
diff --git a/filehooker/root-image/root/.zlogin b/filehooker/root-image/root/.zlogin
new file mode 100644
index 00000000..f598e43e
--- /dev/null
+++ b/filehooker/root-image/root/.zlogin
@@ -0,0 +1 @@
+~/.automated_script.sh
diff --git a/filehooker/root-image/root/customize_root_image.sh b/filehooker/root-image/root/customize_root_image.sh
new file mode 100755
index 00000000..4aeb63cf
--- /dev/null
+++ b/filehooker/root-image/root/customize_root_image.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+set -e -u -f -x
+
+sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen
+locale-gen
+
+ln -sf /usr/share/zoneinfo/UTC /etc/localtime
+
+usermod -s /usr/bin/zsh root
+cp -aT /etc/skel/ /root/
+
+useradd -m -p "" -g users -G "adm,audio,floppy,log,network,rfkill,scanner,storage,optical,power,wheel" -s /usr/bin/zsh pimp || :
+
+mkdir -p /home/pimp/.ssh/
+cp /krebs/etc/authorized_keys /home/pimp/.ssh/
+chown pimp -R /home/pimp/.ssh/
+chmod 700 -R /home/pimp/.ssh/ 
+chown -R root:root /etc /root /krebs /usr/bin 
+chmod 750 /etc/sudoers.d
+chmod 440 /etc/sudoers.d/g_wheel
+
+sed -i "s/#Server/Server/g" /etc/pacman.d/mirrorlist
+sed -i 's/#\(Storage=\)auto/\1volatile/' /etc/systemd/journald.conf
+
+test -e /usr/bin/ncdc || \
+  curl http://dev.yorhel.nl/download/ncdc-linux-x86_64-1.19.tar.gz | \
+  tar xz -C "/usr/bin"
+
+systemctl enable  multi-user.target \
+                  pacman-init.service \
+                  choose-mirror.service \
+                  tor-announce.service \
+                  filehooker-hostname.service \
+                  sshd.service \
+                  tor.service
diff --git a/filehooker/root-image/usr/bin/ncdc b/filehooker/root-image/usr/bin/ncdc
new file mode 100755
index 00000000..5e003f79
Binary files /dev/null and b/filehooker/root-image/usr/bin/ncdc differ
-- 
cgit v1.2.3