split services by directory

show git aliases
add note about webhooks for soft serve
2024-12-06 22:30:54 +01:00 · 2024-12-06 22:29:42 +01:00 · 2024-12-06 22:23:16 +01:00 · 2024-12-05 17:12:10 +01:00 · 2024-12-05 17:06:07 +01:00 · 2024-12-05 16:33:38 +01:00
107 changed files with 748 additions and 68 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-map.txt
+*.txt
--- a/55
+++ b/55
@@ -1,3 +1,52 @@
-output: map.txt
-map.txt: map.md
-	cat map.md | graph-easy --boxart > map.txt
+.PHONY: help
+
+help: ## Print the help message
+	@awk 'BEGIN {FS = ":.*?## "} /^[0-9a-zA-Z._-]+:.*?## / {printf "\033[36m%s\033[0m : %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \
+		sort | \
+		column -s ':' -t
+
+map.txt: map.ge ## Making map.txt
+	grep -v '# unimportant' $< | graph-easy --boxart > $@
+	cat $@
+
+full_map.txt: map.ge ## Generating full_map.txt with graph-easy
+	graph-easy --boxart < $< > $@
+	cat $@
+
+########## Man Pages ##########
+
+mandir = $(HOME)/.local/man/man6
+
+kralizec_docs != grep -rl "^section:" kralizec 
+kralmans = $(kralizec_docs:kralizec/%/README.md=$(mandir)/%.6)
+
+$(mandir)/%.6: kralizec/%/README.md
+	lowdown -stman $< > $@
+
+krov_docs != grep -rl "^section:" krov 
+krovmans = $(krov_docs:krov/%/README.md=$(mandir)/%.6)
+
+$(mandir)/%.6: krov/%/README.md
+	lowdown -stman $< > $@
+
+setup_docs != grep -rl "^section:" setup 
+setupmans = $(setup_docs:setup/%.md=$(mandir)/%.6)
+
+$(mandir)/%.6: setup/%.md
+	lowdown -stman $< > $@
+
+$(mandir):
+	mkdir -p $@
+
+$(kralmans) $(krovmans) $(setupmans) :| $(mandir)
+
+.PHONY: pages
+pages: $(kralmans) $(krovmans) $(setupmans)
+	$(info $(kralmans))
+	@test ! $(command -v mandb) || mandb --user-db
+	$(info Open DMZ's man pages with 'man 6 <tab>')
+
+##########
+
+clean:
+	$(RM) $(kralmans) $(krovmans)
--- a/README.md
+++ b/README.md
@@ -13,5 +13,5 @@ These setup files provide the text-only configurations for DMZ.
    - Idempotency.
 - All secrets stored elsewhere (probably in the `dmzadmin` repo)
 - Any maintenance scripts.
- Configurations should reside in shadow-directories, e.g. a backup of `/etc/soft/config` should reside in this repo under `etc/soft/config`.
+- Configurations should reside in shadow-directories, e.g. a backup `soft-serve`'s `config.yaml` should reside in this repo under `splint.rs/soft-serve/etc/soft/config.yaml`.

--- a/docs/dmzrs/README.md
+++ b/docs/dmzrs/README.md
@@ -1,26 +0,0 @@
-Add this configuration to ~/.ssh/config file
-
-Host dmzkrovdmzrs12
-  Hostname veyxphzuqnooc7wb7utfza3joaoopgqgwp6l6d4en5yfmyr7kxvminqd.onion
-  User root 
-  IdentityFile ~/.ssh/id_rsa
-  PasswordAuthentication no
-
-Now you can log in by typing:
-torsocks ssh dmzkrovdmzrs12
-
-Install all needed packages
-apt install rsync git nginx
-git clone https://gitea.dmz.rs/Decentrala/website
-
-Run updatewebsite.sh script every minute using crontab (run "crontab -e")
-This fill automaticlly pull from git repo and regenerate events page
-
-Add nginx-dmz.rs.conf to /etc/nginx/sites-available/dmz.rs and create a symlink
-from /etc/nginx/sites-enabled/dmz.rs to that file
-You can do this by running:
-ln -s /etc/nginx/sites-available/dmz.rs /etc/nginx/sites-enabled/dmz.rs
-
-Increase server_names_hash_bucket_size to 256 in /etc/nginx/nginx.conf in order to support onion addresses.
-
-In the nginx configuration /account/ is redirected to luser (https://gitea.dmz.rs/fram3d/luser) instance running at 192.168.1.211
--- a/docs/slapd/generateacl.sh
+++ b/docs/slapd/generateacl.sh
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-READUSERS=""
-for i in $(cat servicesaccounts.txt); do READUSERS="$READUSERS by dn=\"$i\" read" ; done
-
-sed 's/READUSERS/$READUSERS/g' acladd-template.ldif > acladd.ldif
-
-for i in $(cat list) ; do printf "%s\n" $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2 ; genpass) | gpg -e -r fram3d@dmz.rs -r sienna@dmz.rs --output $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2).gpg ; done
-
--- a/docs/slapd/generatecreds.sh
+++ b/docs/slapd/generatecreds.sh
@@ -1,6 +0,0 @@
-#!/bin/bash
-
-GENPASS=$( echo $(shuf ../../scripts/shared/english.txt | head) | sed "s/ //g")
-
-for i in $(cat servicesaccounts.txt) ; do printf "%s\n" $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2 ; $(GENPASS)) | gpg -e -r fram3d@dmz.rs -r sienna@dmz.rs --output $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2).gpg ; done
-
--- a/hosts/krov/slapd12/root/setup.sh
+++ b/hosts/krov/slapd12/root/setup.sh
@@ -1,4 +0,0 @@
-#!/bin/bash
-
-ldapmodify -H ldapi:/// -Y EXTERNAL -f ldifs/tls.ldif
-./aclupdate.sh
--- a/kralizec/README.md
+++ b/kralizec/README.md
@@ -0,0 +1,27 @@
+# List of containers
+
+VMID Name  
+101  tor11  
+102  xmppmirror11  
+104  http11  
+105  postgresql11  
+106  ejabberd11  
+108  nginx  
+109  flaskldap11  
+111  dynamicdns11  
+112  sshfs11  
+113  postfix11  
+114  ssh11  
+115  cgit11  
+116  radionice11  
+117  gitea11  
+118  dmzrsflask11  
+119  elinearch  
+120  wiki11  
+121  krovhttp11  
+122  dmzrs12  
+123  roundcube12  
+124  donationcalc12  
+125  webring12  
+126  cryptpad-deb-12  
+127  openldap12  
--- a/kralizec/cgit11/README.md
+++ b/kralizec/cgit11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 115
+---
--- a/kralizec/cryptpad-deb-12/README.md
+++ b/kralizec/cryptpad-deb-12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 126
+---
--- a/kralizec/dmzrs/README.md
+++ b/kralizec/dmzrs/README.md
@@ -0,0 +1,40 @@
+Add this configuration to `~/.ssh/config` file
+
+```
+Host dmzkrovdmzrs12
+  Hostname veyxphzuqnooc7wb7utfza3joaoopgqgwp6l6d4en5yfmyr7kxvminqd.onion
+  User root 
+  IdentityFile ~/.ssh/id_rsa
+  PasswordAuthentication no
+
+```
+
+Now you can log in by typing:
+
+
+```bash
+torsocks ssh dmzkrovdmzrs12
+```
+
+Install all needed packages:
+
+
+```bash
+apt install rsync git nginx
+git clone https://gitea.dmz.rs/Decentrala/website
+```
+
+Run `updatewebsite.sh` script every minute using `crontab` (run "`crontab -e`")
+This fill automatically pull from git repo and regenerate events page
+
+Add `nginx-dmz.rs.conf` to `/etc/nginx/sites-available/dmz.rs` and create a symlink
+from `/etc/nginx/sites-enabled/dmz.rs` to that file.
+You can do this by running:
+
+```bash
+ln -s /etc/nginx/sites-available/dmz.rs /etc/nginx/sites-enabled/dmz.rs
+```
+
+Increase `server_names_hash_bucket_size` to 256 in `/etc/nginx/nginx.conf` in order to support onion addresses.
+
+In the `nginx` configuration /account/ is redirected to the `luser` [instance](https://gitea.dmz.rs/fram3d/luser)  running at `192.168.1.211`.
--- a/kralizec/dmzrs/nginx-dmz.rs.conf
+++ b/kralizec/dmzrs/nginx-dmz.rs.conf
--- a/kralizec/dmzrs/updatewebsite.sh
+++ b/kralizec/dmzrs/updatewebsite.sh
--- a/kralizec/dmzrs12/README.md
+++ b/kralizec/dmzrs12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 122
+---
--- a/kralizec/dmzrsaccount/README.md
+++ b/kralizec/dmzrsaccount/README.md
--- a/kralizec/dmzrsaccount/listuserskralizec.py
+++ b/kralizec/dmzrsaccount/listuserskralizec.py
--- a/kralizec/dmzrsaccount/listuserskrov.py
+++ b/kralizec/dmzrsaccount/listuserskrov.py
--- a/kralizec/dmzrsaccount/prepare.py
+++ b/kralizec/dmzrsaccount/prepare.py
--- a/kralizec/dmzrsaccount/testanon.py
+++ b/kralizec/dmzrsaccount/testanon.py
--- a/kralizec/dmzrsaccount/testuser.py
+++ b/kralizec/dmzrsaccount/testuser.py
--- a/kralizec/dmzrsflask11/README.md
+++ b/kralizec/dmzrsflask11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 118
+---
--- a/kralizec/donationcalc12/README.md
+++ b/kralizec/donationcalc12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 124
+---
--- a/kralizec/dynamicdns11/README.md
+++ b/kralizec/dynamicdns11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 111
+---
--- a/kralizec/ejabberd/README.md
+++ b/kralizec/ejabberd/README.md
@@ -1,3 +1,9 @@
+---
+title: ejabberd configurations
+section: 6
+source: Decentrala
+---
+
 #On your PC
 Add this configuration to ~/.ssh/config

--- a/kralizec/ejabberd/ejabberd.yml
+++ b/kralizec/ejabberd/ejabberd.yml
--- a/kralizec/ejabberd11/README.md
+++ b/kralizec/ejabberd11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 106
+---
--- a/kralizec/elinearch/README.md
+++ b/kralizec/elinearch/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 119
+---
--- a/kralizec/flaskldap11/README.md
+++ b/kralizec/flaskldap11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 109
+---
--- a/kralizec/gitea11/README.md
+++ b/kralizec/gitea11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 117
+---
--- a/kralizec/http11/README.md
+++ b/kralizec/http11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 104
+---
--- a/kralizec/krovhttp11/README.md
+++ b/kralizec/krovhttp11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 121
+---
--- a/kralizec/nginx/README.md
+++ b/kralizec/nginx/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 108
+---
--- a/kralizec/openldap12/README.md
+++ b/kralizec/openldap12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 127
+---
--- a/kralizec/postfix11/README.md
+++ b/kralizec/postfix11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 113
+---
--- a/kralizec/postgresql11/README.md
+++ b/kralizec/postgresql11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 105
+---
--- a/kralizec/radionice11/README.md
+++ b/kralizec/radionice11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 116
+---
--- a/kralizec/roundcube12/README.md
+++ b/kralizec/roundcube12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 123
+---
--- a/kralizec/slapd/.gitignore
+++ b/kralizec/slapd/.gitignore
@@ -0,0 +1,2 @@
+acladd.ldif
+*gpg
--- a/kralizec/slapd/README.md
+++ b/kralizec/slapd/README.md
--- a/kralizec/slapd/acladd-template.ldif
+++ b/kralizec/slapd/acladd-template.ldif
--- a/kralizec/slapd/generateacl.sh
+++ b/kralizec/slapd/generateacl.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+READUSERS=""
+for i in $(cat servicesaccounts.txt); do READUSERS="$READUSERS by dn=\"$i\" read" ; done
+
+sed 's/READUSERS/'"$READUSERS"'/g' acladd-template.ldif > acladd.ldif
+
--- a/kralizec/slapd/generatecreds.sh
+++ b/kralizec/slapd/generatecreds.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+function genpass(){
+echo $(shuf ../../scripts/shared/english.txt | head) | sed "s/ //g"
+}
+
+for i in $(cat servicesaccounts.txt) ; do printf "%s\n" $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2 ; genpass) | gpg -e -r fram3d@dmz.rs -r sienna@dmz.rs --output creds/$(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2).gpg ; done
+
--- a/kralizec/slapd/servicesaccounts.txt
+++ b/kralizec/slapd/servicesaccounts.txt
--- a/kralizec/ssh11/README.md
+++ b/kralizec/ssh11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 114
+---
--- a/kralizec/sshfs11/README.md
+++ b/kralizec/sshfs11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 112
+---
--- a/kralizec/tor11/README.md
+++ b/kralizec/tor11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 101
+---
--- a/kralizec/webring12/README.md
+++ b/kralizec/webring12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 125
+---
--- a/kralizec/wiki11/README.md
+++ b/kralizec/wiki11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 120
+---
--- a/kralizec/xmppmirror11/README.md
+++ b/kralizec/xmppmirror11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 102
+---
--- a/krov/serverko/README.md
+++ b/krov/serverko/README.md
@@ -0,0 +1,19 @@
+# List of containers
+
+## serverko
+
+VMID Name  
+100  nginx12  
+101  ddns12  
+102  dmzrs12  
+103  tor12  
+104  slapd12  
+105  wireguard12  
+106  opensmptd12  
+107  ipv6tunnel12  
+108  postgres12  
+109  ejabberd12  
+110  dmzrsaccount  
+111  taskmanager12  
+112  stopreklamama12  
+
--- a/krov/serverko/ddns12/README.md
+++ b/krov/serverko/ddns12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 101
+---
--- a/krov/serverko/dmzrs12/README.md
+++ b/krov/serverko/dmzrs12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 102
+---
--- a/krov/serverko/dmzrsaccount/README.md
+++ b/krov/serverko/dmzrsaccount/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 110
+---
--- a/krov/serverko/ejabberd12/README.md
+++ b/krov/serverko/ejabberd12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 109
+---
--- a/krov/serverko/ipv6tunnel12/README.md
+++ b/krov/serverko/ipv6tunnel12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 107
+---
--- a/krov/serverko/ipv6tunnel12/etc/network/interfaces
+++ b/krov/serverko/ipv6tunnel12/etc/network/interfaces
--- a/krov/serverko/ipv6tunnel12/lib/systemd/system/ifuptunnel.service
+++ b/krov/serverko/ipv6tunnel12/lib/systemd/system/ifuptunnel.service
--- a/krov/serverko/ipv6tunnel12/root/scripts/netstart.sh
+++ b/krov/serverko/ipv6tunnel12/root/scripts/netstart.sh
--- a/krov/serverko/nginx12/README.md
+++ b/krov/serverko/nginx12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 100
+---
--- a/krov/serverko/opensmptd12/README.md
+++ b/krov/serverko/opensmptd12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 106
+---
--- a/krov/serverko/opensmtpd12/crontab
+++ b/krov/serverko/opensmtpd12/crontab
--- a/krov/serverko/opensmtpd12/etc/mailname
+++ b/krov/serverko/opensmtpd12/etc/mailname
--- a/krov/serverko/opensmtpd12/etc/smtpd.conf
+++ b/krov/serverko/opensmtpd12/etc/smtpd.conf
--- a/krov/serverko/postgres12/README.md
+++ b/krov/serverko/postgres12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 108
+---
--- a/krov/serverko/slapd12/README.md
+++ b/krov/serverko/slapd12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 104
+---
--- a/krov/serverko/slapd12/etc/default/slapd
+++ b/krov/serverko/slapd12/etc/default/slapd
--- a/krov/serverko/slapd12/root/aclupdate.sh
+++ b/krov/serverko/slapd12/root/aclupdate.sh
--- a/krov/serverko/slapd12/root/ldifs/acladd.ldif
+++ b/krov/serverko/slapd12/root/ldifs/acladd.ldif
--- a/krov/serverko/slapd12/root/ldifs/acldel.ldif
+++ b/krov/serverko/slapd12/root/ldifs/acldel.ldif
--- a/krov/serverko/slapd12/root/ldifs/tls.ldif
+++ b/krov/serverko/slapd12/root/ldifs/tls.ldif
--- a/krov/serverko/slapd12/root/modify.sh
+++ b/krov/serverko/slapd12/root/modify.sh
--- a/krov/serverko/slapd12/root/setup.sh
+++ b/krov/serverko/slapd12/root/setup.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+./modify.sh ldifs/tls.ldif
+./aclupdate.sh
--- a/krov/serverko/stopreklamama12/README.md
+++ b/krov/serverko/stopreklamama12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 112
+---
--- a/krov/serverko/taskmanager12/README.md
+++ b/krov/serverko/taskmanager12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 111
+---
--- a/krov/serverko/tor12/README.md
+++ b/krov/serverko/tor12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 103
+---
--- a/krov/serverko/wireguard12/README.md
+++ b/krov/serverko/wireguard12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 105
+---
--- a/krov/srv1/README.md
+++ b/krov/srv1/README.md
@@ -0,0 +1,15 @@
+# List of containers
+
+## srv1
+
+VMID Name  
+102  tor12  
+103  dendrite  
+106  icecast12  
+107  mariadb12  
+108  mpd12  
+109  ympd  
+111  sshfs11
+113  ollama12  
+114  chatbot12  
+115  goodvibes12  
--- a/krov/srv1/chatbot12/README.md
+++ b/krov/srv1/chatbot12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 114
+---
--- a/krov/srv1/dendrite/README.md
+++ b/krov/srv1/dendrite/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 103
+---
--- a/krov/srv1/goodvibes12/README.md
+++ b/krov/srv1/goodvibes12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 115
+---
--- a/krov/srv1/icecast12/README.md
+++ b/krov/srv1/icecast12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 106
+---
--- a/krov/srv1/mariadb12/README.md
+++ b/krov/srv1/mariadb12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 107
+---
--- a/krov/srv1/mpd12/README.md
+++ b/krov/srv1/mpd12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 108
+---
--- a/krov/srv1/ollama12/README.md
+++ b/krov/srv1/ollama12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 113
+---
--- a/krov/srv1/sshfs11/README.md
+++ b/krov/srv1/sshfs11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 111
+---
--- a/krov/srv1/tor12/README.md
+++ b/krov/srv1/tor12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 102
+---
--- a/krov/srv1/ympd/README.md
+++ b/krov/srv1/ympd/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 109
+---
--- a/map.ge
+++ b/map.ge
@@ -0,0 +1,39 @@
+# Network map of Decentrala.  Use with:
+# graph-easy --boxart < netmap.txt
+
+(Mox
+	[ m_router ]{label: router ;}
+	[ wireguard ] --> [ m_nginx ]{label: nginx-11 ;}
+	[ wiki ] --> [ m_nginx ]
+	[ gitea ] --> [ m_nginx ]
+	[ tor11 ] --> [ m_nginx ] --> [ m_router ]
+	[ smtp ]
+)
+
+(Serverko
+	[ s_nginx ]{label: nginx-12 ;}
+	[ s_router ]{label: router ;}
+	[ s_nginx ] --> [ nextcloud ]
+	[ s_nginx ] --> [ tor12 ]
+	[ s_nginx ] --> [ s_router ]
+)
+
+(splint.rs # unimportant
+	[ soft-serve ] # unimportant
+	[ mail-cache ]# unimportant
+) # unimportant
+
+[ tor12 ] <..> [ onions ] <..> [ tor11 ]
+[ m_router ] <..> [ BGP ] <..> [ madness ] <..> [ s_router ]
+[ smtp ] <..> [ madness ]
+[ madness ] <..> [  mail-cache ]# unimportant
+[ A ]{label: "" ;}
+[ B ]{label: "" ;}
+[ C ]{label: "" ;}
+[ D ]{label: "" ;}
+[ onions ] <..> [ A ]
+[ onions ] <..> [ B ]
+[ A ] <..> [ C ]
+[ B ] <..> [ D ]
+
+(Sharks! [ D ])
--- a/map.md
+++ b/map.md
@@ -1,7 +0,0 @@
-### Network Map Generator ###
-# Used with graph-easy.
-# Install graph easy with `apt install perl-graph-easy`.
-
-[ gateway ] -- ssh-2222 --> [ gitea11 (192.168.1.36) ]
-[ gateway ] --> [ ssh11 (192.168.1.20) ]
-
--- a/scripts/addsubdomain/addsub.sh
+++ b/scripts/addsubdomain/addsub.sh
@@ -5,6 +5,7 @@ DMZKEYFILE=$(echo -n ~)"/.ssh/dmz"

 NGINXHOST=$1
 SUBDOMAIN=$2
+CTIPADDRESS=$3

 if [[ -z "$NGINXHOST" ]]; then 
 	echo "Set Nginx Host"
@@ -16,10 +17,15 @@ if [[ -z "$SUBDOMAIN" ]]; then
        exit 1
 fi

+
 ssh-add -t 200 $DMZKEYFILE
 torsocks scp ./remotecmd $NGINXHOST:/root/remotecmd.sh
 torsocks scp ./subdomain.dmz.rs.http $NGINXHOST:/etc/nginx/sites-available/
 torsocks scp ./subdomain.dmz.rs.https $NGINXHOST:/etc/nginx/sites-available/

+if [[ -z "$CTIPADDRESS" ]]; then 
+	torsocks scp ./subdomain.dmz.rs.proxy $NGINXHOST:/etc/nginx/sites-available/
+fi
+
 torsocks ssh $NGINXHOST "chmod +x /root/remotecmd.sh; /root/remotecmd.sh $SUBDOMAIN"

--- a/scripts/addsubdomain/remotecmd
+++ b/scripts/addsubdomain/remotecmd
@@ -8,10 +8,17 @@ if [[ -z "$SUBDOMAIN" ]]; then
        exit 1
 fi

+if [[ -z "$CTIPADDRESS" ]]; then 
+	sed -i 's/CTIPADDRESS/'$CTIPADDRESS'/g' /etc/nginx/sites-available/subdomain.dmz.rs.proxy
+        mv /etc/nginx/sites-available/subdomain.dmz.rs.proxy /etc/nginx/sites-available/subdomain.dmz.rs.https
+fi
+
 sed -i 's/subdomain/'$SUBDOMAIN'/g' /etc/nginx/sites-available/subdomain.dmz.rs.http
 sed -i 's/subdomain/'$SUBDOMAIN'/g' /etc/nginx/sites-available/subdomain.dmz.rs.https
 sed -i 's/subnodot/'$SUBNODOT'/g' /etc/nginx/sites-available/subdomain.dmz.rs.http
 sed -i 's/subnodot/'$SUBNODOT'/g' /etc/nginx/sites-available/subdomain.dmz.rs.https
+
+
 mkdir /var/www/"$SUBNODOT"dmzrs/
 mv /etc/nginx/sites-available/subdomain.dmz.rs.http /etc/nginx/sites-available/"$SUBDOMAIN".dmz.rs.http
 mv /etc/nginx/sites-available/subdomain.dmz.rs.https /etc/nginx/sites-available/"$SUBDOMAIN".dmz.rs.https
--- a/scripts/addsubdomain/subdomain.dmz.rs.proxy
+++ b/scripts/addsubdomain/subdomain.dmz.rs.proxy
@@ -0,0 +1,29 @@
+server {
+	listen 443 ssl ;
+	listen [::]:443 ssl ;
+
+	index index.html index.htm index.nginx-debian.html;
+
+	server_name subdomain.dmz.rs subdomain.decentrala.org;
+
+	ssl_certificate /etc/letsencrypt/live/subdomain.dmz.rs/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/subdomain.dmz.rs/privkey.pem;
+	ssl_dhparam /etc/ssl/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_ciphers HIGH:!aNULL:!MD5;
+
+
+	location / {
+       		proxy_set_header Host subdomain.dmz.rs;
+       		proxy_set_header X-Real-IP $remote_addr;
+       		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+       		proxy_pass http://CTIPADDRESS$request_uri;
+       }
+
+	location /.well-known/acme-challenge/ {
+		root /var/www/subnodotdmzrs;
+	}
+
+	resolver 9.9.9.9;
+}
--- a/scripts/ctcreate/ctcreate.sh
+++ b/scripts/ctcreate/ctcreate.sh
@@ -2,6 +2,8 @@
 ## Create new Linux contanier at a proxmox host

 DMZKEYFILE=$(echo -n ~)"/.ssh/dmz"
+USER=$(cut -d" " -f3 $DMZKEYFILE.pub | cut -d "@" -f1)
+USEREMAIL=$(cut -d" " -f3 $DMZKEYFILE.pub)

 PROXMOXHOST=$1
 CTHOST=$2
@@ -23,25 +25,26 @@ if [[ -z "$GENPASS" ]]; then
        exit 1
 fi

-ssh-add -t 200 $DMZKEYFILE
+ssh-add -t 600 $DMZKEYFILE
 torsocks scp ./remotecmd $PROXMOXHOST:/root/ctcreate.sh
+torsocks scp $DMZKEYFILE.pub $PROXMOXHOST:/root/.ssh/$USER.pub

-torsocks ssh $PROXMOXHOST "chmod +x /root/ctcreate.sh; /root/ctcreate.sh $CTHOST $GENPASS" >> cmdoutput.txt
+torsocks ssh $PROXMOXHOST "chmod +x /root/ctcreate.sh; /root/ctcreate.sh $CTHOST $GENPASS $USER" >> cmdoutput.txt

 CREDS=$( tail -3 cmdoutput.txt)

 rm cmdoutput.txt

-printf "$CREDS\n" | gpg -e -r fram3d@dmz.rs -r sienna@dmz.rs --output ~/src/dmzadmin/credentials/krov/$CTHOST.gpg
+printf "$CREDS\n" | gpg -e -r $USEREMAIL --output $CTHOST.gpg

 CTIP=$(printf "$CREDS" | head -1 | cut -d'@' -f 2)

-echo Host dmzkrov$CTHOST >> ~/.ssh/autoconfig
-echo "  Hostname" $CTIP >> ~/.ssh/autoconfig
-echo "  ProxyJump" dmzkrovtor12 >> ~/.ssh/autoconfig
-echo "  User" root >> ~/.ssh/autoconfig
-echo "  IdentityFile" /home/anon/.ssh/krov/tor11 >> ~/.ssh/autoconfig
-echo "  PasswordAuthentication" no >> ~/.ssh/autoconfig
+echo "Host dmzkrov"$CTHOST >> ~/.ssh/autoconfig
+echo "  Hostname "$CTIP >> ~/.ssh/autoconfig
+echo "  ProxyJump dmzkrovtor12" >> ~/.ssh/autoconfig
+echo "  User root" >> ~/.ssh/autoconfig
+echo "  IdentityFile "$DMZKEYFILE >> ~/.ssh/autoconfig
+echo "  PasswordAuthentication no" >> ~/.ssh/autoconfig

 ssh -R $CTIP
 torsocks scp ./newct dmzkrov$CTHOST:/root/newct.sh
--- a/scripts/ctcreate/newct
+++ b/scripts/ctcreate/newct
@@ -1,5 +1,5 @@
 #!/bin/bash
 apt update
 apt -y dist-upgrade 
-apt install unattended-upgrades 
+apt -y install unattended-upgrades 
 dpkg-reconfigure unattended-upgrades 
--- a/scripts/ctcreate/remotecmd
+++ b/scripts/ctcreate/remotecmd
@@ -1,6 +1,7 @@
 #!/bin/bash
 CTHOSTNAME=$1
 CTPASS=$2
+USER=$3

 echo Creating $CTHOSTNAME ...

@@ -17,6 +18,11 @@ if [[ -z "$CTPASS" ]]; then
        exit 1
 fi

+if [[ -z "$USER" ]]; then 
+	echo "USER not set"
+        exit 1
+fi
+
 if [[ -z "$LASTID" ]]; then 
 	LASTID=99
 fi
--- a/scripts/onionadd/cmdoutput.txt
+++ b/scripts/onionadd/cmdoutput.txt
@@ -0,0 +1 @@
+j3kztfnedlfhikhr7uro7uxzf35xbrtcu4omzbl2bqb6ygakipcw62yd.onion
--- a/scripts/onionadd/onionadd.sh
+++ b/scripts/onionadd/onionadd.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+## Create new Linux contanier at a proxmox host
+
+DMZKEYFILE=$(echo -n ~)"/.ssh/dmz"
+
+TORHOST=$1
+CTHOST=$2
+CTIP=$3
+
+if [[ -z "$TORHOST" ]]; then 
+	echo "Set Tor Host"
+        exit 1
+fi
+
+if [[ -z "$CTHOST" ]]; then 
+	echo "Set CT hostname"
+        exit 1
+fi
+
+if [[ -z "$CTIP" ]]; then 
+	CTIP=$(grep -C 1 $CTHOST ~/.ssh/autoconfig | tail -1 | cut -d" " -f4)
+fi
+
+ssh-add -t 600 $DMZKEYFILE
+torsocks scp ./remotecmd $TORHOST:/root/onionadd.sh
+
+torsocks ssh $TORHOST "chmod +x /root/onionadd.sh; /root/onionadd.sh $CTHOST $CTIP" >> cmdoutput.txt
+torsocks ssh $TORHOST "rm /root/onionadd.sh"
+
+HOSTNAME=$(tail -1 cmdoutput.txt)
+
+echo "Host "$CTHOST"onion" >> ~/.ssh/autoconfig
+echo "  Hostname "$HOSTNAME >> ~/.ssh/autoconfig
+echo "  User root" >> ~/.ssh/autoconfig
+echo "  IdentityFile "$DMZKEYFILE >> ~/.ssh/autoconfig
+echo "  PasswordAuthentication no" >> ~/.ssh/autoconfig
--- a/scripts/onionadd/remotecmd
+++ b/scripts/onionadd/remotecmd
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+CTHOST=$1
+CTIP=$2
+
+if [[ -z "$CTHOST" ]]; then 
+	echo "Set CT hostname"
+        exit 1
+fi
+
+if [[ -z "$CTIP" ]]; then 
+	echo "Set CT IP"
+        exit 1
+fi
+
+echo "" >> /etc/tor/onions/dmz
+echo "HiddenServiceDir /var/lib/tor/"$CTHOST"/" >> /etc/tor/onions/dmz
+echo "HiddenServicePort 22 "$CTIP":22" >> /etc/tor/onions/dmz
+
+service tor reload
+sleep 30
+
+cat "/var/lib/tor/"$CTHOST"/hostname"
--- a/scripts/showpass.sh
+++ b/scripts/showpass.sh
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+# If you want to add these passwords to the `pass` program, you can
+# symlink all the passwords which you can open, then open the
+# passwords with a script like this.
+
+pass_store=~/.password-store
+
+# THIS_PLACE="$PWD"
+# mkdir $pass_store/dmz
+# cd !$
+# find  "$THIS_PLACE" -type f -name "*.gpg" | \ 
+#     sed "s#/home/ghost#../..#" | \ 
+#     while read -r line; do
+#         gpg -d "$line" && ln -sf "$line" .
+#     done
+ 
+
+sanity_check(){
+    command -v $1 >/dev/null || (
+        echo "You must install $1"
+        exit 1
+    )
+}
+
+set_selector_if_program_exists(){
+    command -v "$1" > /dev/null  && selector="$1 $2"
+}
+
+if [ -z "$DISPLAY" ]; then
+    set_selector_if_program_exists sk || \
+        set_selector_if_program_exists fzy || \
+        set_selector_if_program_exists fzf
+    fail_sender='echo'
+else
+    set_selector_if_program_exists "rofi" 'rofi -dmenu "$@"' || \
+        set_selector_if_program_exists dmenu || \
+        (
+            echo "Cannot find anything to select a key. Install dmenu." 
+            exit 1
+        )
+    fail_sender='notify-send'
+fi
+
+list_keys(){
+    find -L . -mindepth 1 -type f -name "*.gpg" | \
+        sed 's/\.\///' | \
+        sed 's/.gpg//'
+}
+
+####################
+
+set -e
+
+sanity_check pass
+
+cd "$pass_store"
+
+password="$(list_keys | $selector)"
+
+pass -c "$password" || $fail_sender 'Cannot decrypt'
+
--- a/scripts/sshfsshared/sshfsshared.sh
+++ b/scripts/sshfsshared/sshfsshared.sh
@@ -1,6 +1,8 @@
 #!/bin/bash
 ## Add accounts and shared folder for two users given as two arguments $1 and $2

+DMZKEYFILE=$(echo -n ~)"/.ssh/dmz"
+
 USER1=$1
 USER2=$2
 HOST="$3"
@@ -19,4 +21,5 @@ if [[ -z "$HOST" ]]; then
 	HOST="dmzkrovsshfs12"
 fi

-torsocks ssh $HOST "adduser $USER1 ; adduser $USER2 ; groupadd $USER1$USER2 ; adduser $USER2 $USER1$USER2 ; adduser $USER1 $USER1$USER2 ; mkdir /var/shareddirs/$USER1$USER2 ; chown $USER1:$USER1$USER2 /var/shareddirs/$USER1$USER2 ; chmod 2770 /var/shareddirs/$USER1$USER2 "
+ssh-add -t 100 $DMZKEYFILE
+torsocks ssh $HOST "adduser $USER1 ; adduser $USER2 ; groupadd $USER1$USER2 ; adduser $USER2 $USER1$USER2 ; adduser $USER1 $USER1$USER2 ; mkdir -p /var/shareddirs/$USER1$USER2 ; chown $USER1:$USER1$USER2 /var/shareddirs/$USER1$USER2 ; chmod 2770 /var/shareddirs/$USER1$USER2 "
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Malin Freeborn	bbea859ffe	split services by directory	2024-12-06 22:30:54 +01:00
Malin Freeborn	6882610a0e	show git aliases	2024-12-06 22:29:42 +01:00
Txrpe	a62ddf2408	add note about webhooks for soft serve	2024-12-06 22:23:16 +01:00
Malin Freeborn	83c40a44a1	remove UTF8 crap	2024-12-05 17:12:10 +01:00
Malin Freeborn	c7eb11f603	add setup ssh-FAQ	2024-12-05 17:06:07 +01:00
Malin Freeborn	7bcf9b3ac5	fix man section feedback	2024-12-05 16:33:38 +01:00
Malin Freeborn	2d9fa2ab9b	make man pages from readme files	2024-12-05 15:29:34 +01:00
Malin Freeborn	d1931d2e8b	note soft collaborators	2024-12-04 20:03:14 +01:00
Malin Freeborn	7c28e70eb4	new structure checks and fixes - markdown formatting - turn soft-serve.md into soft-serve/README.md	2024-12-04 15:42:21 +01:00
Malin Freeborn	eb5d3b018b	new structure This kicks off the basic tree structure, where the docs all mirror the reality, like an ascii penumbra.	2024-12-04 15:32:53 +01:00
Malin Freeborn	c3f34f9eea	reformat soft-serve docs	2024-12-04 13:01:12 +01:00
Malin Freeborn	0a899d933b	reorganize docs Each host gets a directory. Containers will soon also have their own directory.	2024-12-03 22:54:47 +01:00
wingaxe	52b7c1f3e0	Adding .gitignore	2024-12-02 21:58:12 -05:00
wingaxe	ff241e6757	Adding help option in makefile	2024-12-02 21:42:15 -05:00
Malin Freeborn	c8283e1d08	add ability to remove unimportant items	2024-12-03 20:05:31 +01:00
Malin Freeborn	54c560bb4f	add network map	2024-12-02 16:00:00 +01:00
Malin Freeborn	febce132d8	recognize password limits	2024-05-21 22:14:08 +02:00
Malin Freeborn	b86c84df60	add showpass.sh	2024-04-07 19:42:48 +02:00
fram3d	30efaeb4fa	fix readme formating in hosts folder	2024-02-17 03:39:38 +01:00
fram3d	8a7d630102	move list of ct to readmes	2024-02-17 03:33:52 +01:00
fram3d	889cf9db0f	add list of vms and update slapd script	2024-02-17 03:23:21 +01:00
fram3d	da563fd8be	add onionadd script	2024-02-13 03:08:27 +01:00
fram3d	4b272c2929	fix scripts	2024-02-13 01:36:11 +01:00
fram3d	2e62c1b33b	fix proxy host header in addsubdomain nginx config	2024-01-27 22:51:46 +01:00
fram3d	9cc158336b	support ip address as new argument in addsub.sh	2024-01-27 22:37:26 +01:00
fram3d	935cfc0979	fix slapd acl generation scripts	2024-01-22 18:56:17 +01:00
fram3d	080a546bfb	add support for mkdir when parent folders arent created	2024-01-22 18:40:10 +01:00
				`@@ -0,0 +1 @@`
				`j3kztfnedlfhikhr7uro7uxzf35xbrtcu4omzbl2bqb6ygakipcw62yd.onion`