split services by directory

- markdown formatting
- turn soft-serve.md into soft-serve/README.md

.gitignore

@@ -1 +1 @@
-map.txt
+*.txt

Makefile

@@ -1,3 +1,52 @@
-output: map.txt
+.PHONY: help
-map.txt: map.md
+
-	cat map.md | graph-easy --boxart > map.txt
+help: ## Print the help message
+	@awk 'BEGIN {FS = ":.*?## "} /^[0-9a-zA-Z._-]+:.*?## / {printf "\033[36m%s\033[0m : %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \
+		sort | \
+		column -s ':' -t
+
+map.txt: map.ge ## Making map.txt
+	grep -v '# unimportant' $< | graph-easy --boxart > $@
+	cat $@
+
+full_map.txt: map.ge ## Generating full_map.txt with graph-easy
+	graph-easy --boxart < $< > $@
+	cat $@
+
+########## Man Pages ##########
+
+mandir = $(HOME)/.local/man/man6
+
+kralizec_docs != grep -rl "^section:" kralizec 
+kralmans = $(kralizec_docs:kralizec/%/README.md=$(mandir)/%.6)
+
+$(mandir)/%.6: kralizec/%/README.md
+	lowdown -stman $< > $@
+
+krov_docs != grep -rl "^section:" krov 
+krovmans = $(krov_docs:krov/%/README.md=$(mandir)/%.6)
+
+$(mandir)/%.6: krov/%/README.md
+	lowdown -stman $< > $@
+
+setup_docs != grep -rl "^section:" setup 
+setupmans = $(setup_docs:setup/%.md=$(mandir)/%.6)
+
+$(mandir)/%.6: setup/%.md
+	lowdown -stman $< > $@
+
+$(mandir):
+	mkdir -p $@
+
+$(kralmans) $(krovmans) $(setupmans) :| $(mandir)
+
+.PHONY: pages
+pages: $(kralmans) $(krovmans) $(setupmans)
+	$(info $(kralmans))
+	@test ! $(command -v mandb) || mandb --user-db
+	$(info Open DMZ's man pages with 'man 6 <tab>')
+
+##########
+
+clean:
+	$(RM) $(kralmans) $(krovmans)

README.md

@@ -13,5 +13,5 @@ These setup files provide the text-only configurations for DMZ.
     - Idempotency.
 - All secrets stored elsewhere (probably in the `dmzadmin` repo)
 - Any maintenance scripts.
-- Configurations should reside in shadow-directories, e.g. a backup of `/etc/soft/config` should reside in this repo under `etc/soft/config`.
+- Configurations should reside in shadow-directories, e.g. a backup `soft-serve`'s `config.yaml` should reside in this repo under `splint.rs/soft-serve/etc/soft/config.yaml`.
 

docs/dmzrs/README.md

@@ -1,26 +0,0 @@
-Add this configuration to ~/.ssh/config file
-
-Host dmzkrovdmzrs12
-  Hostname veyxphzuqnooc7wb7utfza3joaoopgqgwp6l6d4en5yfmyr7kxvminqd.onion
-  User root 
-  IdentityFile ~/.ssh/id_rsa
-  PasswordAuthentication no
-
-Now you can log in by typing:
-torsocks ssh dmzkrovdmzrs12
-
-Install all needed packages
-apt install rsync git nginx
-git clone https://gitea.dmz.rs/Decentrala/website
-
-Run updatewebsite.sh script every minute using crontab (run "crontab -e")
-This fill automaticlly pull from git repo and regenerate events page
-
-Add nginx-dmz.rs.conf to /etc/nginx/sites-available/dmz.rs and create a symlink
-from /etc/nginx/sites-enabled/dmz.rs to that file
-You can do this by running:
-ln -s /etc/nginx/sites-available/dmz.rs /etc/nginx/sites-enabled/dmz.rs
-
-Increase server_names_hash_bucket_size to 256 in /etc/nginx/nginx.conf in order to support onion addresses.
-
-In the nginx configuration /account/ is redirected to luser (https://gitea.dmz.rs/fram3d/luser) instance running at 192.168.1.211

docs/slapd/generateacl.sh

@@ -1,9 +0,0 @@
-#!/bin/bash
-
-READUSERS=""
-for i in $(cat servicesaccounts.txt); do READUSERS="$READUSERS by dn=\"$i\" read" ; done
-
-sed 's/READUSERS/$READUSERS/g' acladd-template.ldif > acladd.ldif
-
-for i in $(cat list) ; do printf "%s\n" $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2 ; genpass) | gpg -e -r fram3d@dmz.rs -r sienna@dmz.rs --output $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2).gpg ; done
-

docs/slapd/generatecreds.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-
-GENPASS=$( echo $(shuf ../../scripts/shared/english.txt | head) | sed "s/ //g")
-
-for i in $(cat servicesaccounts.txt) ; do printf "%s\n" $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2 ; $(GENPASS)) | gpg -e -r fram3d@dmz.rs -r sienna@dmz.rs --output $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2).gpg ; done
-

hosts/krov/slapd12/root/setup.sh

@@ -1,4 +0,0 @@
-#!/bin/bash
-
-ldapmodify -H ldapi:/// -Y EXTERNAL -f ldifs/tls.ldif
-./aclupdate.sh

kralizec/README.md

@@ -0,0 +1,27 @@
+# List of containers
+
+VMID Name  
+101  tor11  
+102  xmppmirror11  
+104  http11  
+105  postgresql11  
+106  ejabberd11  
+108  nginx  
+109  flaskldap11  
+111  dynamicdns11  
+112  sshfs11  
+113  postfix11  
+114  ssh11  
+115  cgit11  
+116  radionice11  
+117  gitea11  
+118  dmzrsflask11  
+119  elinearch  
+120  wiki11  
+121  krovhttp11  
+122  dmzrs12  
+123  roundcube12  
+124  donationcalc12  
+125  webring12  
+126  cryptpad-deb-12  
+127  openldap12  

kralizec/cgit11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 115
+---

kralizec/cryptpad-deb-12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 126
+---

kralizec/dmzrs/README.md

@@ -0,0 +1,40 @@
+Add this configuration to `~/.ssh/config` file
+
+```
+Host dmzkrovdmzrs12
+  Hostname veyxphzuqnooc7wb7utfza3joaoopgqgwp6l6d4en5yfmyr7kxvminqd.onion
+  User root 
+  IdentityFile ~/.ssh/id_rsa
+  PasswordAuthentication no
+
+```
+
+Now you can log in by typing:
+
+
+```bash
+torsocks ssh dmzkrovdmzrs12
+```
+
+Install all needed packages:
+
+
+```bash
+apt install rsync git nginx
+git clone https://gitea.dmz.rs/Decentrala/website
+```
+
+Run `updatewebsite.sh` script every minute using `crontab` (run "`crontab -e`")
+This fill automatically pull from git repo and regenerate events page
+
+Add `nginx-dmz.rs.conf` to `/etc/nginx/sites-available/dmz.rs` and create a symlink
+from `/etc/nginx/sites-enabled/dmz.rs` to that file.
+You can do this by running:
+
+```bash
+ln -s /etc/nginx/sites-available/dmz.rs /etc/nginx/sites-enabled/dmz.rs
+```
+
+Increase `server_names_hash_bucket_size` to 256 in `/etc/nginx/nginx.conf` in order to support onion addresses.
+
+In the `nginx` configuration /account/ is redirected to the `luser` [instance](https://gitea.dmz.rs/fram3d/luser)  running at `192.168.1.211`.

kralizec/dmzrs12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 122
+---

kralizec/dmzrsflask11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 118
+---

kralizec/donationcalc12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 124
+---

kralizec/dynamicdns11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 111
+---

kralizec/ejabberd/README.md

@@ -1,3 +1,9 @@
+---
+title: ejabberd configurations
+section: 6
+source: Decentrala
+---
+
 #On your PC
 Add this configuration to ~/.ssh/config
 

kralizec/ejabberd11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 106
+---

kralizec/elinearch/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 119
+---

kralizec/flaskldap11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 109
+---

kralizec/gitea11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 117
+---

kralizec/http11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 104
+---

kralizec/krovhttp11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 121
+---

kralizec/nginx/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 108
+---

kralizec/openldap12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 127
+---

kralizec/postfix11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 113
+---

kralizec/postgresql11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 105
+---

kralizec/radionice11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 116
+---

kralizec/roundcube12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 123
+---

kralizec/slapd/.gitignore

@@ -0,0 +1,2 @@
+acladd.ldif
+*gpg

kralizec/slapd/generateacl.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+READUSERS=""
+for i in $(cat servicesaccounts.txt); do READUSERS="$READUSERS by dn=\"$i\" read" ; done
+
+sed 's/READUSERS/'"$READUSERS"'/g' acladd-template.ldif > acladd.ldif
+

kralizec/slapd/generatecreds.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+function genpass(){
+echo $(shuf ../../scripts/shared/english.txt | head) | sed "s/ //g"
+}
+
+for i in $(cat servicesaccounts.txt) ; do printf "%s\n" $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2 ; genpass) | gpg -e -r fram3d@dmz.rs -r sienna@dmz.rs --output creds/$(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2).gpg ; done
+

kralizec/ssh11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 114
+---

kralizec/sshfs11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 112
+---

kralizec/tor11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 101
+---

kralizec/webring12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 125
+---

kralizec/wiki11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 120
+---

kralizec/xmppmirror11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 102
+---

krov/serverko/README.md

@@ -0,0 +1,19 @@
+# List of containers
+
+## serverko
+
+VMID Name  
+100  nginx12  
+101  ddns12  
+102  dmzrs12  
+103  tor12  
+104  slapd12  
+105  wireguard12  
+106  opensmptd12  
+107  ipv6tunnel12  
+108  postgres12  
+109  ejabberd12  
+110  dmzrsaccount  
+111  taskmanager12  
+112  stopreklamama12  
+

krov/serverko/ddns12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 101
+---

krov/serverko/dmzrs12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 102
+---

krov/serverko/dmzrsaccount/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 110
+---

krov/serverko/ejabberd12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 109
+---

krov/serverko/ipv6tunnel12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 107
+---

krov/serverko/nginx12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 100
+---

krov/serverko/opensmptd12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 106
+---

krov/serverko/postgres12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 108
+---

krov/serverko/slapd12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 104
+---

krov/serverko/slapd12/root/setup.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+./modify.sh ldifs/tls.ldif
+./aclupdate.sh

krov/serverko/stopreklamama12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 112
+---

krov/serverko/taskmanager12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 111
+---

krov/serverko/tor12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 103
+---

krov/serverko/wireguard12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 105
+---

krov/srv1/README.md

@@ -0,0 +1,15 @@
+# List of containers
+
+## srv1
+
+VMID Name  
+102  tor12  
+103  dendrite  
+106  icecast12  
+107  mariadb12  
+108  mpd12  
+109  ympd  
+111  sshfs11
+113  ollama12  
+114  chatbot12  
+115  goodvibes12  

krov/srv1/chatbot12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 114
+---

krov/srv1/dendrite/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 103
+---

krov/srv1/goodvibes12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 115
+---

krov/srv1/icecast12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 106
+---

krov/srv1/mariadb12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 107
+---

krov/srv1/mpd12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 108
+---

krov/srv1/ollama12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 113
+---

krov/srv1/sshfs11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 111
+---

krov/srv1/tor12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 102
+---

krov/srv1/ympd/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 109
+---

map.ge

@@ -0,0 +1,39 @@
+# Network map of Decentrala.  Use with:
+# graph-easy --boxart < netmap.txt
+
+(Mox
+	[ m_router ]{label: router ;}
+	[ wireguard ] --> [ m_nginx ]{label: nginx-11 ;}
+	[ wiki ] --> [ m_nginx ]
+	[ gitea ] --> [ m_nginx ]
+	[ tor11 ] --> [ m_nginx ] --> [ m_router ]
+	[ smtp ]
+)
+
+(Serverko
+	[ s_nginx ]{label: nginx-12 ;}
+	[ s_router ]{label: router ;}
+	[ s_nginx ] --> [ nextcloud ]
+	[ s_nginx ] --> [ tor12 ]
+	[ s_nginx ] --> [ s_router ]
+)
+
+(splint.rs # unimportant
+	[ soft-serve ] # unimportant
+	[ mail-cache ]# unimportant
+) # unimportant
+
+[ tor12 ] <..> [ onions ] <..> [ tor11 ]
+[ m_router ] <..> [ BGP ] <..> [ madness ] <..> [ s_router ]
+[ smtp ] <..> [ madness ]
+[ madness ] <..> [  mail-cache ]# unimportant
+[ A ]{label: "" ;}
+[ B ]{label: "" ;}
+[ C ]{label: "" ;}
+[ D ]{label: "" ;}
+[ onions ] <..> [ A ]
+[ onions ] <..> [ B ]
+[ A ] <..> [ C ]
+[ B ] <..> [ D ]
+
+(Sharks! [ D ])

map.md

@@ -1,7 +0,0 @@
-### Network Map Generator ###
-# Used with graph-easy.
-# Install graph easy with `apt install perl-graph-easy`.
-
-[ gateway ] -- ssh-2222 --> [ gitea11 (192.168.1.36) ]
-[ gateway ] --> [ ssh11 (192.168.1.20) ]
-

scripts/addsubdomain/addsub.sh

@@ -5,6 +5,7 @@ DMZKEYFILE=$(echo -n ~)"/.ssh/dmz"
 
 NGINXHOST=$1
 SUBDOMAIN=$2
+CTIPADDRESS=$3
 
 if [[ -z "$NGINXHOST" ]]; then 
 	echo "Set Nginx Host"
@@ -16,10 +17,15 @@ if [[ -z "$SUBDOMAIN" ]]; then
         exit 1
 fi
 
+
 ssh-add -t 200 $DMZKEYFILE
 torsocks scp ./remotecmd $NGINXHOST:/root/remotecmd.sh
 torsocks scp ./subdomain.dmz.rs.http $NGINXHOST:/etc/nginx/sites-available/
 torsocks scp ./subdomain.dmz.rs.https $NGINXHOST:/etc/nginx/sites-available/
 
+if [[ -z "$CTIPADDRESS" ]]; then 
+	torsocks scp ./subdomain.dmz.rs.proxy $NGINXHOST:/etc/nginx/sites-available/
+fi
+
 torsocks ssh $NGINXHOST "chmod +x /root/remotecmd.sh; /root/remotecmd.sh $SUBDOMAIN"
 

scripts/addsubdomain/remotecmd

@@ -8,10 +8,17 @@ if [[ -z "$SUBDOMAIN" ]]; then
         exit 1
 fi
 
+if [[ -z "$CTIPADDRESS" ]]; then 
+	sed -i 's/CTIPADDRESS/'$CTIPADDRESS'/g' /etc/nginx/sites-available/subdomain.dmz.rs.proxy
+        mv /etc/nginx/sites-available/subdomain.dmz.rs.proxy /etc/nginx/sites-available/subdomain.dmz.rs.https
+fi
+
 sed -i 's/subdomain/'$SUBDOMAIN'/g' /etc/nginx/sites-available/subdomain.dmz.rs.http
 sed -i 's/subdomain/'$SUBDOMAIN'/g' /etc/nginx/sites-available/subdomain.dmz.rs.https
 sed -i 's/subnodot/'$SUBNODOT'/g' /etc/nginx/sites-available/subdomain.dmz.rs.http
 sed -i 's/subnodot/'$SUBNODOT'/g' /etc/nginx/sites-available/subdomain.dmz.rs.https
+
+
 mkdir /var/www/"$SUBNODOT"dmzrs/
 mv /etc/nginx/sites-available/subdomain.dmz.rs.http /etc/nginx/sites-available/"$SUBDOMAIN".dmz.rs.http
 mv /etc/nginx/sites-available/subdomain.dmz.rs.https /etc/nginx/sites-available/"$SUBDOMAIN".dmz.rs.https

scripts/addsubdomain/subdomain.dmz.rs.proxy

@@ -0,0 +1,29 @@
+server {
+	listen 443 ssl ;
+	listen [::]:443 ssl ;
+
+	index index.html index.htm index.nginx-debian.html;
+
+	server_name subdomain.dmz.rs subdomain.decentrala.org;
+
+	ssl_certificate /etc/letsencrypt/live/subdomain.dmz.rs/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/subdomain.dmz.rs/privkey.pem;
+	ssl_dhparam /etc/ssl/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_ciphers HIGH:!aNULL:!MD5;
+
+
+	location / {
+       		proxy_set_header Host subdomain.dmz.rs;
+       		proxy_set_header X-Real-IP $remote_addr;
+       		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+       		proxy_pass http://CTIPADDRESS$request_uri;
+       }
+
+	location /.well-known/acme-challenge/ {
+		root /var/www/subnodotdmzrs;
+	}
+
+	resolver 9.9.9.9;
+}

scripts/ctcreate/ctcreate.sh

@@ -2,6 +2,8 @@
 ## Create new Linux contanier at a proxmox host
 
 DMZKEYFILE=$(echo -n ~)"/.ssh/dmz"
+USER=$(cut -d" " -f3 $DMZKEYFILE.pub | cut -d "@" -f1)
+USEREMAIL=$(cut -d" " -f3 $DMZKEYFILE.pub)
 
 PROXMOXHOST=$1
 CTHOST=$2
@@ -23,25 +25,26 @@ if [[ -z "$GENPASS" ]]; then
         exit 1
 fi
 
-ssh-add -t 200 $DMZKEYFILE
+ssh-add -t 600 $DMZKEYFILE
 torsocks scp ./remotecmd $PROXMOXHOST:/root/ctcreate.sh
+torsocks scp $DMZKEYFILE.pub $PROXMOXHOST:/root/.ssh/$USER.pub
 
-torsocks ssh $PROXMOXHOST "chmod +x /root/ctcreate.sh; /root/ctcreate.sh $CTHOST $GENPASS" >> cmdoutput.txt
+torsocks ssh $PROXMOXHOST "chmod +x /root/ctcreate.sh; /root/ctcreate.sh $CTHOST $GENPASS $USER" >> cmdoutput.txt
 
 CREDS=$( tail -3 cmdoutput.txt)
 
 rm cmdoutput.txt
 
-printf "$CREDS\n" | gpg -e -r fram3d@dmz.rs -r sienna@dmz.rs --output ~/src/dmzadmin/credentials/krov/$CTHOST.gpg
+printf "$CREDS\n" | gpg -e -r $USEREMAIL --output $CTHOST.gpg
 
 CTIP=$(printf "$CREDS" | head -1 | cut -d'@' -f 2)
 
-echo Host dmzkrov$CTHOST >> ~/.ssh/autoconfig
+echo "Host dmzkrov"$CTHOST >> ~/.ssh/autoconfig
-echo "  Hostname" $CTIP >> ~/.ssh/autoconfig
+echo "  Hostname "$CTIP >> ~/.ssh/autoconfig
-echo "  ProxyJump" dmzkrovtor12 >> ~/.ssh/autoconfig
+echo "  ProxyJump dmzkrovtor12" >> ~/.ssh/autoconfig
-echo "  User" root >> ~/.ssh/autoconfig
+echo "  User root" >> ~/.ssh/autoconfig
-echo "  IdentityFile" /home/anon/.ssh/krov/tor11 >> ~/.ssh/autoconfig
+echo "  IdentityFile "$DMZKEYFILE >> ~/.ssh/autoconfig
-echo "  PasswordAuthentication" no >> ~/.ssh/autoconfig
+echo "  PasswordAuthentication no" >> ~/.ssh/autoconfig
 
 ssh -R $CTIP
 torsocks scp ./newct dmzkrov$CTHOST:/root/newct.sh

scripts/ctcreate/newct

@@ -1,5 +1,5 @@
 #!/bin/bash
 apt update
 apt -y dist-upgrade 
-apt install unattended-upgrades 
+apt -y install unattended-upgrades 
 dpkg-reconfigure unattended-upgrades 

scripts/ctcreate/remotecmd

@@ -1,6 +1,7 @@
 #!/bin/bash
 CTHOSTNAME=$1
 CTPASS=$2
+USER=$3
 
 echo Creating $CTHOSTNAME ...
 
@@ -17,6 +18,11 @@ if [[ -z "$CTPASS" ]]; then
         exit 1
 fi
 
+if [[ -z "$USER" ]]; then 
+	echo "USER not set"
+        exit 1
+fi
+
 if [[ -z "$LASTID" ]]; then 
 	LASTID=99
 fi

scripts/onionadd/cmdoutput.txt

@@ -0,0 +1 @@
+j3kztfnedlfhikhr7uro7uxzf35xbrtcu4omzbl2bqb6ygakipcw62yd.onion

scripts/onionadd/onionadd.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+## Create new Linux contanier at a proxmox host
+
+DMZKEYFILE=$(echo -n ~)"/.ssh/dmz"
+
+TORHOST=$1
+CTHOST=$2
+CTIP=$3
+
+if [[ -z "$TORHOST" ]]; then 
+	echo "Set Tor Host"
+        exit 1
+fi
+
+if [[ -z "$CTHOST" ]]; then 
+	echo "Set CT hostname"
+        exit 1
+fi
+
+if [[ -z "$CTIP" ]]; then 
+	CTIP=$(grep -C 1 $CTHOST ~/.ssh/autoconfig | tail -1 | cut -d" " -f4)
+fi
+
+ssh-add -t 600 $DMZKEYFILE
+torsocks scp ./remotecmd $TORHOST:/root/onionadd.sh
+
+torsocks ssh $TORHOST "chmod +x /root/onionadd.sh; /root/onionadd.sh $CTHOST $CTIP" >> cmdoutput.txt
+torsocks ssh $TORHOST "rm /root/onionadd.sh"
+
+HOSTNAME=$(tail -1 cmdoutput.txt)
+
+echo "Host "$CTHOST"onion" >> ~/.ssh/autoconfig
+echo "  Hostname "$HOSTNAME >> ~/.ssh/autoconfig
+echo "  User root" >> ~/.ssh/autoconfig
+echo "  IdentityFile "$DMZKEYFILE >> ~/.ssh/autoconfig
+echo "  PasswordAuthentication no" >> ~/.ssh/autoconfig

scripts/onionadd/remotecmd

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+CTHOST=$1
+CTIP=$2
+
+if [[ -z "$CTHOST" ]]; then 
+	echo "Set CT hostname"
+        exit 1
+fi
+
+if [[ -z "$CTIP" ]]; then 
+	echo "Set CT IP"
+        exit 1
+fi
+
+echo "" >> /etc/tor/onions/dmz
+echo "HiddenServiceDir /var/lib/tor/"$CTHOST"/" >> /etc/tor/onions/dmz
+echo "HiddenServicePort 22 "$CTIP":22" >> /etc/tor/onions/dmz
+
+service tor reload
+sleep 30
+
+cat "/var/lib/tor/"$CTHOST"/hostname"

scripts/showpass.sh

@@ -0,0 +1,62 @@
+#!/bin/sh
+
+# If you want to add these passwords to the `pass` program, you can
+# symlink all the passwords which you can open, then open the
+# passwords with a script like this.
+
+pass_store=~/.password-store
+
+# THIS_PLACE="$PWD"
+# mkdir $pass_store/dmz
+# cd !$
+# find  "$THIS_PLACE" -type f -name "*.gpg" | \ 
+#     sed "s#/home/ghost#../..#" | \ 
+#     while read -r line; do
+#         gpg -d "$line" && ln -sf "$line" .
+#     done
+ 
+
+sanity_check(){
+    command -v $1 >/dev/null || (
+        echo "You must install $1"
+        exit 1
+    )
+}
+
+set_selector_if_program_exists(){
+    command -v "$1" > /dev/null  && selector="$1 $2"
+}
+
+if [ -z "$DISPLAY" ]; then
+    set_selector_if_program_exists sk || \
+        set_selector_if_program_exists fzy || \
+        set_selector_if_program_exists fzf
+    fail_sender='echo'
+else
+    set_selector_if_program_exists "rofi" 'rofi -dmenu "$@"' || \
+        set_selector_if_program_exists dmenu || \
+        (
+            echo "Cannot find anything to select a key. Install dmenu." 
+            exit 1
+        )
+    fail_sender='notify-send'
+fi
+
+list_keys(){
+    find -L . -mindepth 1 -type f -name "*.gpg" | \
+        sed 's/\.\///' | \
+        sed 's/.gpg//'
+}
+
+####################
+
+set -e
+
+sanity_check pass
+
+cd "$pass_store"
+
+password="$(list_keys | $selector)"
+
+pass -c "$password" || $fail_sender 'Cannot decrypt'
+

scripts/sshfsshared/sshfsshared.sh

@@ -1,6 +1,8 @@
 #!/bin/bash
 ## Add accounts and shared folder for two users given as two arguments $1 and $2
 
+DMZKEYFILE=$(echo -n ~)"/.ssh/dmz"
+
 USER1=$1
 USER2=$2
 HOST="$3"
@@ -19,4 +21,5 @@ if [[ -z "$HOST" ]]; then
 	HOST="dmzkrovsshfs12"
 fi
 
-torsocks ssh $HOST "adduser $USER1 ; adduser $USER2 ; groupadd $USER1$USER2 ; adduser $USER2 $USER1$USER2 ; adduser $USER1 $USER1$USER2 ; mkdir /var/shareddirs/$USER1$USER2 ; chown $USER1:$USER1$USER2 /var/shareddirs/$USER1$USER2 ; chmod 2770 /var/shareddirs/$USER1$USER2 "
+ssh-add -t 100 $DMZKEYFILE
+torsocks ssh $HOST "adduser $USER1 ; adduser $USER2 ; groupadd $USER1$USER2 ; adduser $USER2 $USER1$USER2 ; adduser $USER1 $USER1$USER2 ; mkdir -p /var/shareddirs/$USER1$USER2 ; chown $USER1:$USER1$USER2 /var/shareddirs/$USER1$USER2 ; chmod 2770 /var/shareddirs/$USER1$USER2 "