diff options
| author | Paul Buetow <paul@buetow.org> | 2022-04-19 09:53:16 +0100 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2022-04-19 09:53:16 +0100 |
| commit | 552cd62731031ef2167692dd51cdf36362aa022f (patch) | |
| tree | fdd33daf1f8ae8fefc5ebcf3f87da71036e7e138 /openbsd | |
| parent | 72c7a524a75766da168becbb20013e22e1817ec6 (diff) | |
move
Diffstat (limited to 'openbsd')
25 files changed, 0 insertions, 1089 deletions
diff --git a/openbsd/README.md b/openbsd/README.md deleted file mode 100644 index add877c..0000000 --- a/openbsd/README.md +++ /dev/null @@ -1,6 +0,0 @@ -Some config backups -=================== - -Some random config backups in here. Here is nothing secret in here (it's not by accident a public repo). So feel free to explore. - -I used to have all of these in Puppet, but that was a bit overkill for the few boxes I have. For now I am using Rexify: https://www.rexify.org/ diff --git a/openbsd/frontends/Rexfile b/openbsd/frontends/Rexfile deleted file mode 100644 index a58cc1d..0000000 --- a/openbsd/frontends/Rexfile +++ /dev/null @@ -1,286 +0,0 @@ -# How to use: -# -# rex commons nsd_master nsd_slaves -# -# Why use Rex to automate my servers? Because Rex is KISS, Puppet, SALT and Chef -# are not. So, why not use Ansible then? To use Ansible correctly you should also -# install Python on the target machines (not mandatory, though. But better). -# Rex is programmed in Perl and there is already Perl in the base system of OpenBSD. -# Also, I find Perl > Python (my personal opinion). - -use Rex -feature => ['1.4']; -use Rex::Logger; -use File::Slurp; - -# REX CONFIG SECTION - -group frontends => 'blowfish.buetow.org', 'twofish.buetow.org'; -group dnsmaster => 'blowfish.buetow.org'; -group dnsslaves => 'twofish.buetow.org'; - -user 'rex'; -sudo TRUE; - -parallelism 5; - -# CUSTOM (PERL-ish) CONFIG SECTION (what Rex can't do by itself) - -# Gather IPv6 addresses based on hostname. -our $ipv6address = sub { - my $hostname = shift; - return '2a01:4f8:c17:20f1::42' if $hostname eq 'blowfish'; - return '2401:c080:1000:45af:5400:3ff:fec6:ca1d' if $hostname eq 'twofish'; - Rex::Logger::info("Unable to determine IPv6 address for $hostname", 'error'); - return '::1'; -}; - -# Bootstrapping the FQDN based on the server IP as the hostname and domain -# facts aren't set yet due to the myname file in the first place. -our $fqdns = sub { - my $ipv4 = shift; - return 'blowfish.buetow.org' if $ipv4 eq '23.88.35.144'; - return 'twofish.buetow.org' if $ipv4 eq '108.160.134.135'; - Rex::Logger::info("Unable to determine hostname for $ipv4", 'error'); - return 'HOSTNAME-UNKNOWN.buetow.org'; -}; - -our @dns_zones = qw/buetow.org dtail.dev foo.surf foo.zone irregular.ninja sidewalk.ninja snonux.de snonux.me/; - -sub secret { - my $secret = shift; - read_file($ENV{HOME} . '/.rexsecrets/' . $secret); -} - -# UTILITY TASKS - -task 'id', group => 'frontends', sub { say run 'id' }; -task 'dump_info', group => 'frontends', sub { dump_system_information }; - -# OPENBSD TASKS SECTION - -desc 'Install base stuff'; -task 'base', group => 'frontends', - sub { - pkg 'rsync', ensure => present; - pkg 'sudo', ensure => present; - pkg 'tig', ensure => present; - pkg 'vger', ensure => present; - pkg 'zsh', ensure => present; - - append_if_no_such_line '/etc/rc.conf.local', 'pkg_scripts="uptimed httpd"'; - - file '/etc/myname', - content => template('./etc/myname.tpl', fqdns => $fqdns), - owner => 'root', - group => 'wheel', - mode => '644'; - }; - -desc 'Setup uptimed'; -task 'uptimed', group => 'frontends', - sub { - Rex::Logger::info('Setting up uptimed'); - pkg 'uptimed', ensure => present; - service 'uptimed', ensure => 'started'; - }; - -desc 'Setup httpd'; -task 'httpd', group => 'frontends', - sub { - append_if_no_such_line '/etc/rc.conf.local', 'httpd_flags='; - #delete_lines_according_to qr{httpd_flags}, '/etc/rc.conf.local'; - - file '/etc/httpd.conf', - source => './etc/httpd.conf', - owner => 'root', - group => 'wheel', - mode => '644', - on_change => sub { - service 'httpd' => 'restart'; - }; - service 'httpd', ensure => 'started'; - }; - -desc 'Setup inetd'; -task 'inetd', group => 'frontends', - sub { - append_if_no_such_line '/etc/rc.conf.local', 'inetd_flags='; - - file '/etc/inetd.conf', - source => './etc/inetd.conf', - owner => 'root', - group => 'wheel', - mode => '644', - on_change => sub { - service 'inetd' => 'restart'; - }; - service 'inetd', ensure => 'started'; - }; - -desc 'Setup relayd'; -task 'relayd', group => 'frontends', - sub { - append_if_no_such_line '/etc/rc.conf.local', 'relayd_flags='; - - file '/etc/relayd.conf', - content => template('./etc/relayd.conf.tpl', ipv6address => $ipv6address), - owner => 'root', - group => 'wheel', - mode => '600', - on_change => sub { - service 'relayd' => 'restart'; - }; - service 'relayd', ensure => 'started'; - }; - -desc 'Setup OpenSMTPD'; -task 'smtpd', group => 'frontends', - sub { - file '/etc/mail/aliases', - source => './etc/mail/aliases', - owner => 'root', - group => 'wheel', - mode => '644', - on_change => sub { - say run 'newaliases'; - }; - - file '/etc/mail/virtualdomains', - source => './etc/mail/virtualdomains', - owner => 'root', - group => 'wheel', - mode => '644', - on_change => sub { - service 'smtpd' => 'restart'; - }; - - file '/etc/mail/virtualusers', - source => './etc/mail/virtualusers', - owner => 'root', - group => 'wheel', - mode => '644', - on_change => sub { - service 'smtpd' => 'restart'; - }; - - file '/etc/mail/smtpd.conf', - content => template('./etc/mail/smtpd.conf.tpl', mail_hostname => sub { - my $hostname = shift; - return 'buetow.org' if $hostname eq 'blowfish'; - return 'www.buetow.org' if $hostname eq 'twofish'; - return 'buetow.org'; - }), - owner => 'root', - group => 'wheel', - mode => '644', - on_change => sub { - service 'smtpd' => 'restart'; - }; - - service 'smtpd', ensure => 'started'; - }; - -desc 'Setup DNS server'; -task 'nsd_master', group => 'dnsmaster', - sub { - my $restart = FALSE; - append_if_no_such_line '/etc/rc.conf.local', 'nsd_flags='; - - file '/var/nsd/etc/key.conf', - content => template('./var/nsd/etc/key.conf.tpl', - nsd_secret => secret('nsd_secret')), - owner => 'root', - group => '_nsd', - mode => '640', - on_change => sub { - $restart = TRUE; - }; - - file '/var/nsd/etc/nsd.conf', - content => template('./var/nsd/etc/nsd.conf.master.tpl', - dns_zones => \@dns_zones), - owner => 'root', - group => '_nsd', - mode => '640', - on_change => sub { - $restart = TRUE; - }; - - for my $zone (@dns_zones) { - file "/var/nsd/zones/master/$zone.zone", - content => template("./var/nsd/zones/master/$zone.zone.tpl"), - owner => 'root', - group => 'wheel', - mode => '644', - on_change => sub { - $restart = TRUE; - }; - } - - service 'nsd' => 'restart' if $restart; - service 'nsd', ensure => 'started'; - }; - -desc 'Setup DNS slaves'; -task 'nsd_slaves', group => 'dnsslaves', - sub { - my $restart = FALSE; - - file '/var/nsd/etc/key.conf', - content => template('./var/nsd/etc/key.conf.tpl', - nsd_secret => secret('nsd_secret')), - owner => 'root', - group => '_nsd', - mode => '640', - on_change => sub { - $restart = TRUE; - }; - - file '/var/nsd/etc/nsd.conf', - content => template('./var/nsd/etc/nsd.conf.slave.tpl', - dns_zones => \@dns_zones), - owner => 'root', - group => '_nsd', - mode => '640', - on_change => sub { - $restart = TRUE; - }; - - service 'nsd' => 'restart' if $restart; - service 'nsd', ensure => 'started'; - }; - -desc 'Setup HA'; -task 'ha', group => 'frontends', - sub { - file '/usr/local/bin/ha.pl', - source => './usr/local/bin/ha.pl', - owner => 'root', - group => 'wheel', - mode => '755'; - - file '/var/run/ha.status', - content => '# Initial HA status file', - owner => 'www', - group => 'wheel', - mode => '644', - no_overwrite => TRUE; - }; - -# COMBINED TASKS SECTION - -desc 'Common configs of all hosts'; -task 'commons', group => 'frontends', - sub { - base(); - uptimed(); - httpd(); - inetd(); - relayd(); - smtpd(); - ha(); - }; - -1; - -# vim: syntax=perl diff --git a/openbsd/frontends/etc/httpd.conf b/openbsd/frontends/etc/httpd.conf deleted file mode 100644 index 41cde32..0000000 --- a/openbsd/frontends/etc/httpd.conf +++ /dev/null @@ -1,158 +0,0 @@ -server "foo.zone" { - listen on * port 80 - block return 302 "https://foo.zone" -} - -server "www.foo.zone" { - listen on * port 80 - block return 302 "https://www.foo.zone" -} - -server "foo.zone" { - alias "www.foo.zone" - listen on * tls port 443 - tls { - certificate "/etc/ssl/foo.zone.fullchain.pem" - key "/etc/ssl/private/foo.zone.key" - } - location "/*" { - root "/htdocs/gemtexter/foo.zone" - directory auto index - } -} - -server "irregular.ninja" { - listen on * port 80 - block return 302 "https://irregular.ninja" -} - -server "www.irregular.ninja" { - listen on * port 80 - block return 302 "https://www.irregular.ninja" -} - -server "irregular.ninja" { - alias "www.irregular.ninja" - listen on * tls port 443 - tls { - certificate "/etc/ssl/irregular.ninja.fullchain.pem" - key "/etc/ssl/private/irregular.ninja.key" - } - location "/*" { - root "/htdocs/irregular.ninja" - directory auto index - } -} - -server "snonux.de" { - alias "www.snonux.de" - listen on * port 80 - block return 302 "https://foo.zone$REQUEST_URI" -} - -server "snonux.de" { - alias "www.snonux.de" - listen on * tls port 443 - tls { - certificate "/etc/ssl/snonux.de.fullchain.pem" - key "/etc/ssl/private/snonux.de.key" - } - block return 302 "https://foo.zone$REQUEST_URI" -} - -server "foo.surf" { - alias "www.foo.surf" - listen on * port 80 - block return 302 "https://foo.zone$REQUEST_URI" -} - -server "foo.surf" { - alias "www.foo.surf" - listen on * tls port 443 - tls { - certificate "/etc/ssl/foo.surf.fullchain.pem" - key "/etc/ssl/private/foo.surf.key" - } - block return 302 "https://foo.zone$REQUEST_URI" -} - -server "sidewalk.ninja" { - alias "www.sidewalk.ninja" - listen on * port 80 - block return 302 "https://irregular.ninja$REQUEST_URI" -} - -server "sidewalk.ninja" { - alias "www.sidewalk.ninja" - listen on * tls port 443 - tls { - certificate "/etc/ssl/sidewalk.ninja.fullchain.pem" - key "/etc/ssl/private/sidewalk.ninja.key" - } - block return 302 "https://irregular.ninja$REQUEST_URI" -} - -server "buetow.org" { - alias "www.buetow.org" - listen on * port 80 - block return 302 "https://foo.zone$REQUEST_URI" -} - -server "paul.buetow.org" { - alias "contact.buetow.org" - listen on * port 80 - block return 302 "https://foo.zone/contact-information.html" -} - -server "tmp.buetow.org" { - listen on * port 80 - block return 302 "https://buetow.org/tmp/" -} - -server "buetow.org" { - alias "www.buetow.org" - listen on * tls port 443 - tls { - certificate "/etc/ssl/buetow.org.fullchain.pem" - key "/etc/ssl/private/buetow.org.key" - } - root "/htdocs/buetow.org" - location match "/tmp/.*" { - directory auto index - } - location match "/.*" { - block return 302 "https://foo.zone$REQUEST_URI" - } -} - -server "dtail.dev" { - alias "www.dtail.dev" - listen on * port 80 - block return 302 "https://dail.dev" -} - -server "dtail.dev" { - alias "www.dtail.dev" - listen on * tls port 443 - tls { - certificate "/etc/ssl/dtail.dev.fullchain.pem" - key "/etc/ssl/private/dtail.dev.key" - } - location * { - block return 302 "https://github.dtail.dev" - } -} - -server "default" { - listen on * port 80 - block return 302 "https://foo.zone$REQUEST_URI" -} - -server "default" { - listen on * tls port 443 - tls { - certificate "/etc/ssl/foo.zone.fullchain.pem" - key "/etc/ssl/private/foo.zone.key" - } - block return 302 "https://foo.zone$REQUEST_URI" -} diff --git a/openbsd/frontends/etc/inetd.conf b/openbsd/frontends/etc/inetd.conf deleted file mode 100644 index 7176af4..0000000 --- a/openbsd/frontends/etc/inetd.conf +++ /dev/null @@ -1,2 +0,0 @@ -127.0.0.1:11965 stream tcp nowait www /usr/local/bin/vger vger -v -*:4242 stream tcp nowait www /bin/cat cat /var/run/ha.status diff --git a/openbsd/frontends/etc/mail/aliases b/openbsd/frontends/etc/mail/aliases deleted file mode 100644 index 91bf1d0..0000000 --- a/openbsd/frontends/etc/mail/aliases +++ /dev/null @@ -1,103 +0,0 @@ -# -# $OpenBSD: aliases,v 1.68 2020/01/24 06:17:37 tedu Exp $ -# -# Aliases in this file will NOT be expanded in the header from -# Mail, but WILL be visible over networks or from /usr/libexec/mail.local. -# -# >>>>>>>>>> The program "newaliases" must be run after -# >> NOTE >> this file is updated for any changes to -# >>>>>>>>>> show through to smtpd. -# - -# Basic system aliases -- these MUST be present -MAILER-DAEMON: postmaster -postmaster: root - -# General redirections for important pseudo accounts -daemon: root -ftp-bugs: root -operator: root -www: root -admin: root - -# Redirections for pseudo accounts that should not receive mail -_bgpd: /dev/null -_dhcp: /dev/null -_dpb: /dev/null -_dvmrpd: /dev/null -_eigrpd: /dev/null -_file: /dev/null -_fingerd: /dev/null -_ftp: /dev/null -_hostapd: /dev/null -_identd: /dev/null -_iked: /dev/null -_isakmpd: /dev/null -_iscsid: /dev/null -_ldapd: /dev/null -_ldpd: /dev/null -_mopd: /dev/null -_nsd: /dev/null -_ntp: /dev/null -_ospfd: /dev/null -_ospf6d: /dev/null -_pbuild: /dev/null -_pfetch: /dev/null -_pflogd: /dev/null -_ping: /dev/null -_pkgfetch: /dev/null -_pkguntar: /dev/null -_portmap: /dev/null -_ppp: /dev/null -_rad: /dev/null -_radiusd: /dev/null -_rbootd: /dev/null -_relayd: /dev/null -_ripd: /dev/null -_rstatd: /dev/null -_rusersd: /dev/null -_rwalld: /dev/null -_smtpd: /dev/null -_smtpq: /dev/null -_sndio: /dev/null -_snmpd: /dev/null -_spamd: /dev/null -_switchd: /dev/null -_syslogd: /dev/null -_tcpdump: /dev/null -_traceroute: /dev/null -_tftpd: /dev/null -_unbound: /dev/null -_unwind: /dev/null -_vmd: /dev/null -_x11: /dev/null -_ypldap: /dev/null -bin: /dev/null -build: /dev/null -nobody: /dev/null -_tftp_proxy: /dev/null -_ftp_proxy: /dev/null -_sndiop: /dev/null -_syspatch: /dev/null -_slaacd: /dev/null -sshd: /dev/null - -# Well-known aliases -- these should be filled in! -root: paul -manager: root -dumper: root - -# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES -abuse: root -noc: root -security: root - -# RFC 2142: SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES -hostmaster: root -# usenet: root -# news: usenet -webmaster: root -# ftp: root - -paul: paul.buetow@protonmail.com -albena: albena.buetow@protonmail.com diff --git a/openbsd/frontends/etc/mail/smtpd.conf.tpl b/openbsd/frontends/etc/mail/smtpd.conf.tpl deleted file mode 100644 index 2fb68e3..0000000 --- a/openbsd/frontends/etc/mail/smtpd.conf.tpl +++ /dev/null @@ -1,23 +0,0 @@ -# This is the smtpd server system-wide configuration file. -# See smtpd.conf(5) for more information. - -# I used https://www.checktls.com/TestReceiver for testing. - -pki "buetow_org_tls" cert "/etc/ssl/buetow.org.fullchain.pem" -pki "buetow_org_tls" key "/etc/ssl/private/buetow.org.key" - -table aliases file:/etc/mail/aliases -table virtualdomains file:/etc/mail/virtualdomains -table virtualusers file:/etc/mail/virtualusers - -listen on socket -listen on all tls pki "buetow_org_tls" hostname "<%= $mail_hostname->($hostname) %>" -#listen on all - -action localmail mbox alias <aliases> -action receive mbox virtual <virtualusers> -action outbound relay - -match from any for domain <virtualdomains> action receive -match from local for local action localmail -match from local for any action outbound diff --git a/openbsd/frontends/etc/mail/virtualdomains b/openbsd/frontends/etc/mail/virtualdomains deleted file mode 100644 index 9bdd68a..0000000 --- a/openbsd/frontends/etc/mail/virtualdomains +++ /dev/null @@ -1,11 +0,0 @@ -buetow.org -paul.buetow.org -mx.buetow.org -de.buetow.org -bg.buetow.org -uk.buetow.org -us.buetow.org -es.buetow.org -dev.buetow.org -snonux.de -dtail.dev diff --git a/openbsd/frontends/etc/mail/virtualusers b/openbsd/frontends/etc/mail/virtualusers deleted file mode 100644 index 5ae0b24..0000000 --- a/openbsd/frontends/etc/mail/virtualusers +++ /dev/null @@ -1,2 +0,0 @@ -albena@buetow.org albena.buetow@protonmail.com -@ paul.buetow@protonmail.com diff --git a/openbsd/frontends/etc/myname.tpl b/openbsd/frontends/etc/myname.tpl deleted file mode 100644 index dcd4ca0..0000000 --- a/openbsd/frontends/etc/myname.tpl +++ /dev/null @@ -1 +0,0 @@ -<%= $fqdns->($vio0_ip) %> diff --git a/openbsd/frontends/etc/rc.conf.local b/openbsd/frontends/etc/rc.conf.local deleted file mode 100644 index 842f16d..0000000 --- a/openbsd/frontends/etc/rc.conf.local +++ /dev/null @@ -1,5 +0,0 @@ -httpd_flags= -inetd_flags= -nsd_flags= -pkg_scripts="uptimed httpd" -relayd_flags= diff --git a/openbsd/frontends/etc/relayd.conf.tpl b/openbsd/frontends/etc/relayd.conf.tpl deleted file mode 100644 index d8553b2..0000000 --- a/openbsd/frontends/etc/relayd.conf.tpl +++ /dev/null @@ -1,20 +0,0 @@ -log connection - -tcp protocol "gemini" { - tls keypair buetow.org - tls keypair snonux.de - tls keypair foo.zone - tls keypair irregular.ninja -} - -relay "gemini4" { - listen on <%= $vio0_ip %> port 1965 tls - protocol "gemini" - forward to 127.0.0.1 port 11965 -} - -relay "gemini6" { - listen on <%= $ipv6address->($hostname) %> port 1965 tls - protocol "gemini" - forward to 127.0.0.1 port 11965 -} diff --git a/openbsd/frontends/etc/tmux.conf b/openbsd/frontends/etc/tmux.conf deleted file mode 100644 index 1449326..0000000 --- a/openbsd/frontends/etc/tmux.conf +++ /dev/null @@ -1,24 +0,0 @@ -set-option -g allow-rename off -set-option -g default-terminal "screen-256color" -set-option -g history-limit 100000 -set-option -g status-bg '#444444' -set-option -g status-fg '#ffa500' - -set-window-option -g mode-keys vi - -bind-key h select-pane -L -bind-key j select-pane -D -bind-key k select-pane -U -bind-key l select-pane -R - -bind-key H resize-pane -L 5 -bind-key J resize-pane -D 5 -bind-key K resize-pane -U 5 -bind-key L resize-pane -R 5 - -bind-key b break-pane -d -bind-key c new-window -c '#{pane_current_path}' -bind-key p setw synchronize-panes off -bind-key P setw synchronize-panes on -bind-key r source-file ~/.tmux.conf \; display-message "~/.tmux.conf reloaded" -bind-key T choose-tree diff --git a/openbsd/frontends/scripts/sitestats.sh b/openbsd/frontends/scripts/sitestats.sh deleted file mode 100755 index 62702c7..0000000 --- a/openbsd/frontends/scripts/sitestats.sh +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/sh - -# This is a quick and dirty script to get some stats for my site. -# Yes, this could be programmed cleaner, but I wanted to do something quick -# and dirty and this also with only tools available on the OpenBSD base install. - -STATSFILE=/tmp/sitestats.csv -BOTSFILE=/tmp/sitebots.txt -TOP=20 - -header () { - echo "proto,host,ip,day,month,time,path" -} - -http_stats () { - zgrep -h . /var/www/logs/access.log* | - perl -l -n -e 's/\.html/.suffix/; @s=split / +/; next if @s!=11; - $s[4]=~s|\[(\d\d)/(...)/\d{4}:(.*)|$1,$2,$3|; print "http,".join ",",@s[0,1,4,7];' -} - -gemini_stats () { - zgrep -h . /var/log/daemon* | - perl -l -n -e '@s=split / +/; @v=@s and next if $s[4] eq "vger:"; - next if !/relayd.*gemini/; ($path) = $v[-1] =~ m|gemini://.*?(/.*)|; - next if $path eq ""; $path =~ s/\.gmi/.suffix/; - print "gemini,".(split("/", $v[6]))[2].",$s[12],$s[1],$s[0],$s[2],$path"' -} - -parse_logs () { - header > $STATSFILE.tmp - http_stats >> $STATSFILE.tmp - gemini_stats >> $STATSFILE.tmp - mv $STATSFILE.tmp $STATSFILE -} - -filter () { - # Collect some 'you are a bot' scores. - # 1. You visit 2 sites within one single second - # 2. You try to call an odd file or path - cut -d, -f2,3,6,7 $STATSFILE | - perl -l -n -e '($k)=m/(.*?,.*?,.*?),/; $s{$k}++ if /\.suffix/; - $s{$k}+=1000 if /(?:target\.suffix|\.php|wordpress|\/wp|\.asp|\.\.|robots\.txt|\.env|\?|\+|%|\*|HNAP1|\/admin\/|\.git\/|microsoft\.exchange|\.lua|\/owa\/)/; - END { while (($k,$v) = each %s) { print $k =~ /.*?,(.*?),/ if $v > 1 } }' | - sort -u > $BOTSFILE - - # Filte out all bot IPs, also only filter out all known file "types". - grep -F -v -f $BOTSFILE $STATSFILE > $STATSFILE.clean1 - grep -v -E '(proto,host|\.suffix|atom\.xml|\.gif|\.png|\.jpg|,,)' $STATSFILE.clean1 > $STATSFILE.dirt - #grep -E '(proto,host|\.suffix|atom\.xml|\.gif|\.png|\.jpg)' $STATSFILE.clean1 > $STATSFILE.clean2 - mv $STATSFILE.clean1 $STATSFILE -} - -stats () { - sed 1d $STATSFILE -} - -top_n () { - fields="$1" - descr="$2" - - echo "Top $TOP `head -n 1 $STATSFILE | cut -d, -f"$fields"`$descr:" - cut -d, -f"$fields" | sort | uniq -c | sort -nr | head -n $TOP | sed 's/^/ /' - echo -} - -ip_stats () { - for proto in http gemini; do - echo -n "Unique $proto IPv4 IPs:\t" - stats | grep "^$proto," | cut -d, -f3 | grep -F -v : | sort -u | wc -l - echo -n "Unique $proto IPv6 IPs:\t" - stats | grep "^$proto," | cut -d, -f3 | grep -F : | sort -u | wc -l - done -} - -ip_daily_stats () { - echo "Unique IPs by day" - for back in $(jot 14); do - now=$(date +%s) - date=$(date -r $(echo "$now - 86400 * $back" | bc) +%d,%b) - echo -n "\t $date:" - stats | grep $date | cut -d, -f3 | sort -u | wc -l - done -} - -ip_daily_subscribers () { - echo "Unique atom.xml subscribers by day" - for back in $(jot 14); do - now=$(date +%s) - date=$(date -r $(echo "$now - 86400 * $back" | bc) +%d,%b) - echo -n "\t $date:" - stats | grep $date | grep atom.xml | cut -d, -f3 | sort -u | wc -l - done -} - -main () { - date - echo - parse_logs - filter - stats | grep -F .suffix | top_n '1,2,4,5,7' ' (Only content)' - stats | top_n 2 - stats | top_n '4,5' - stats | top_n 7 - stats | grep -F .suffix | top_n 7 ' (Only content)' - stats | top_n '1,2,7' - ip_stats - ip_daily_stats - ip_daily_subscribers -} - -main | sed 's/\.suffix//' diff --git a/openbsd/frontends/usr/local/bin/ha.pl b/openbsd/frontends/usr/local/bin/ha.pl deleted file mode 100644 index 5aba2bb..0000000 --- a/openbsd/frontends/usr/local/bin/ha.pl +++ /dev/null @@ -1,133 +0,0 @@ -#!/usr/bin/env perl - -use strict; -use warnings; - -use HTTP::Tiny; -use IO::Socket::INET; -use Sys::Hostname; -use JSON::PP; -use File::Copy; -use Data::Dumper; - -use constant { - STATUS_FILE => '/var/run/ha.status', - TMP_STATUS_FILE => '/tmp/ha.status', - PARTICIPANTS => qw(blowfish.buetow.org twofish.buetow.org), - HA_STATUS_PORT => 4242, - MAX_STATUS_AGE => 60, -} - -sub update_ha_status { - my @status = @_; - my $json = JSON::PP->new->ascii; - - open my $fd, '>', TMP_STATUS_FILE or die $!; - print $fd $json->encode($_), "\n" for @status; - close $fd; - - copy TMP_STATUS_FILE, STATUS_FILE or die $!; - unlink TMP_STATUS_FILE; -} - -sub fetch_remote_ha_status { - my $peer = shift; - my $socket = new IO::Socket::INET ( - PeerHost => $peer, - PeerPort => HA_STATUS_PORT, - Proto => 'tcp', - ); - return undef unless $socket; - - my $response = ''; - $socket->recv($response, 4096); - $socket->close(); - return split /\n/, $response; -} - -sub check_http_status { - my $peer = shift; - my $response = HTTP::Tiny->new( max_redirect => 0)->get('http://' . $peer); - my $valid_response = $response->{'status'} >= 200 && - $response->{'status'} < 400; - return { - endpoint => 'http://' . $peer, - peer => $peer, - checked_from => hostname, - status => $valid_response ? 'OK' : 'ERROR', - message => $valid_response ? 'All fine' : 'Got unexpeced response', - epoch => time, - } -} - -sub check_gemini_status { - my $peer = shift; - my $socket = new IO::Socket::INET ( - PeerHost => $peer, - PeerPort => 1965, - Proto => 'tcp', - ); - - my $status = { - endpoint => 'gemini://' . $peer, - peer => $peer, - checked_from => hostname, - status => $socket ? 'OK' : 'ERROR', - message => $socket ? 'All fine' : $!, - epoch => time, - }; - - $socket->close() if $socket; - return $status; -} - -sub check_status { - my $peer = shift; - my @service_status; - - push @service_status, check_http_status $peer; - push @service_status, check_gemini_status $peer; - - update_ha_status @service_status; - return @service_status; -} - -sub scores { - my %scores; - - for my $status (@_) { - next if time - $status->{epoch} > MAX_STATUS_AGE; - if ($status->{status} eq 'OK') { - $scores{$status->{peer}}++; - } else { - $scores{$status->{peer}} |= 0; - } - } - - return - map { [$_, $scores{$_}] } - sort { $scores{$b} <=> $scores{$a} } - keys %scores; -} - -sub main { - my $json = JSON::PP->new->ascii; - my $hostname = hostname; - my @all; - - for my $partner (grep { $_ ne $hostname } PARTICIPANTS) { - for (check_status $partner) { - print $json->encode($_), "\n"; - push @all, $_; - } - for (fetch_remote_ha_status $partner) { - next if not defined or /^\s*#/; - print "$_\n"; - push @all, $json->decode($_); - } - } - - print Dumper scores @all; -} - -main; diff --git a/openbsd/frontends/var/nsd/etc/key.conf.tpl b/openbsd/frontends/var/nsd/etc/key.conf.tpl deleted file mode 100644 index 976661a..0000000 --- a/openbsd/frontends/var/nsd/etc/key.conf.tpl +++ /dev/null @@ -1,4 +0,0 @@ -key: - name: blowfish.buetow.org - algorithm: hmac-sha256 - secret: "<%= $nsd_secret %>" diff --git a/openbsd/frontends/var/nsd/etc/nsd.conf.master.tpl b/openbsd/frontends/var/nsd/etc/nsd.conf.master.tpl deleted file mode 100644 index 310550a..0000000 --- a/openbsd/frontends/var/nsd/etc/nsd.conf.master.tpl +++ /dev/null @@ -1,19 +0,0 @@ -include: "/var/nsd/etc/key.conf" - -server: - hide-version: yes - verbosity: 1 - database: "" # disable database - debug-mode: no - -remote-control: - control-enable: yes - control-interface: /var/run/nsd.sock - -<% for my $zone (@$dns_zones) { %> -zone: - name: "<%= $zone %>" - zonefile: "master/<%= $zone %>.zone" - notify: 108.160.134.135 blowfish.buetow.org - provide-xfr: 108.160.134.135 blowfish.buetow.org -<% } %> diff --git a/openbsd/frontends/var/nsd/etc/nsd.conf.slave.tpl b/openbsd/frontends/var/nsd/etc/nsd.conf.slave.tpl deleted file mode 100644 index d9d93fe..0000000 --- a/openbsd/frontends/var/nsd/etc/nsd.conf.slave.tpl +++ /dev/null @@ -1,17 +0,0 @@ -include: "/var/nsd/etc/key.conf" - -server: - hide-version: yes - verbosity: 1 - database: "" # disable database - -remote-control: - control-enable: yes - control-interface: /var/run/nsd.sock - -<% for my $zone (@$dns_zones) { %> -zone: - name: "<%= $zone %>" - allow-notify: 23.88.35.144 blowfish.buetow.org - request-xfr: 23.88.35.144 blowfish.buetow.org -<% } %> diff --git a/openbsd/frontends/var/nsd/zones/master/buetow.org.zone.tpl b/openbsd/frontends/var/nsd/zones/master/buetow.org.zone.tpl deleted file mode 100644 index 42bff2d..0000000 --- a/openbsd/frontends/var/nsd/zones/master/buetow.org.zone.tpl +++ /dev/null @@ -1,38 +0,0 @@ -$ORIGIN buetow.org. -$TTL 4h -@ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - <%= time() %> ; serial - 1h ; refresh - 30m ; retry - 7d ; expire - 1h ) ; negative - IN NS blowfish.buetow.org. - IN NS twofish.buetow.org. - - IN MX 10 buetow.org. - IN MX 20 www.buetow.org. - 86400 IN A 23.88.35.144 - 86400 IN AAAA 2a01:4f8:c17:20f1::42 - -* IN MX 10 buetow.org. -* IN MX 20 www.buetow.org. -* 86400 IN A 23.88.35.144 -* 86400 IN AAAA 2a01:4f8:c17:20f1::42 - -blowfish 86400 IN A 23.88.35.144 -blowfish 86400 IN AAAA 2a01:4f8:c17:20f1::42 -git1 3600 IN CNAME blowfish - -twofish 86400 IN A 108.160.134.135 -twofish 86400 IN AAAA 2401:c080:1000:45af:5400:3ff:fec6:ca1d -git2 3600 IN CNAME twofish -www 3600 IN CNAME twofish - -vulcan 86400 IN A 95.216.174.192 -vulcan 86400 IN AAAA 2a01:4f9:c010:250e::1 -vu 86400 IN CNAME vulcan -wolke7 3600 IN CNAME vulcan -edge 3600 IN CNAME vulcan - -sofia 86400 IN CNAME 79-100-3-54.ip.btc-net.bg. -www2 3600 IN CNAME snonux.codeberg.page. diff --git a/openbsd/frontends/var/nsd/zones/master/dtail.dev.zone.tpl b/openbsd/frontends/var/nsd/zones/master/dtail.dev.zone.tpl deleted file mode 100644 index 0d67272..0000000 --- a/openbsd/frontends/var/nsd/zones/master/dtail.dev.zone.tpl +++ /dev/null @@ -1,16 +0,0 @@ -$ORIGIN dtail.dev. -$TTL 4h -@ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - <%= time() %> ; serial - 1h ; refresh - 30m ; retry - 7d ; expire - 1h ) ; negative - IN NS blowfish.buetow.org. - IN NS twofish.buetow.org. - - 86400 IN A 23.88.35.144 - 86400 IN AAAA 2a01:4f8:c17:20f1::4 -* 86400 IN CNAME blowfish.buetow.org. -github 86400 IN CNAME mimecast.github.io. - diff --git a/openbsd/frontends/var/nsd/zones/master/foo.surf.zone.tpl b/openbsd/frontends/var/nsd/zones/master/foo.surf.zone.tpl deleted file mode 100644 index e92b881..0000000 --- a/openbsd/frontends/var/nsd/zones/master/foo.surf.zone.tpl +++ /dev/null @@ -1,17 +0,0 @@ -$ORIGIN foo.surf. -$TTL 4h -@ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - <%= time() %> ; serial - 1h ; refresh - 30m ; retry - 7d ; expire - 1h ) ; negative - IN NS blowfish.buetow.org. - IN NS twofish.buetow.org. - - IN MX 20 buetow.org. - IN MX 10 www.buetow.org. - - 86400 IN A 108.160.134.135 - 86400 IN AAAA 2401:c080:1000:45af:5400:3ff:fec6:ca1d -www 86400 IN CNAME blowfish.buetow.org. diff --git a/openbsd/frontends/var/nsd/zones/master/foo.zone.zone.tpl b/openbsd/frontends/var/nsd/zones/master/foo.zone.zone.tpl deleted file mode 100644 index 4efbf3d..0000000 --- a/openbsd/frontends/var/nsd/zones/master/foo.zone.zone.tpl +++ /dev/null @@ -1,19 +0,0 @@ -$ORIGIN foo.zone. -$TTL 4h -@ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - <%= time() %> ; serial - 1h ; refresh - 30m ; retry - 7d ; expire - 1h ) ; negative - IN NS blowfish.buetow.org. - IN NS twofish.buetow.org. - - IN MX 10 buetow.org. - IN MX 20 www.buetow.org. - - - 86400 IN A 23.88.35.144 - 86400 IN AAAA 2a01:4f8:c17:20f1::42 -* 86400 IN CNAME blowfish.buetow.org. -www 86400 IN CNAME twofish.buetow.org. diff --git a/openbsd/frontends/var/nsd/zones/master/irregular.ninja.zone.tpl b/openbsd/frontends/var/nsd/zones/master/irregular.ninja.zone.tpl deleted file mode 100644 index d3c55e5..0000000 --- a/openbsd/frontends/var/nsd/zones/master/irregular.ninja.zone.tpl +++ /dev/null @@ -1,18 +0,0 @@ -$ORIGIN irregular.ninja. -$TTL 4h -@ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - <%= time() %> ; serial - 1h ; refresh - 30m ; retry - 7d ; expire - 1h ) ; negative - IN NS blowfish.buetow.org. - IN NS twofish.buetow.org. - - IN MX 10 buetow.org. - IN MX 20 www.buetow.org. - - 86400 IN A 23.88.35.144 - 86400 IN AAAA 2a01:4f8:c17:20f1::42 -* 86400 IN CNAME blowfish.buetow.org. -www 86400 IN CNAME twofish.buetow.org. diff --git a/openbsd/frontends/var/nsd/zones/master/sidewalk.ninja.zone.tpl b/openbsd/frontends/var/nsd/zones/master/sidewalk.ninja.zone.tpl deleted file mode 100644 index 42b1db7..0000000 --- a/openbsd/frontends/var/nsd/zones/master/sidewalk.ninja.zone.tpl +++ /dev/null @@ -1,18 +0,0 @@ -$ORIGIN sidewalk.ninja. -$TTL 4h -@ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - <%= time() %> ; serial - 1h ; refresh - 30m ; retry - 7d ; expire - 1h ) ; negative - IN NS blowfish.buetow.org. - IN NS twofish.buetow.org. - - IN MX 10 buetow.org. - IN MX 20 www.buetow.org. - - 86400 IN A 23.88.35.144 - 86400 IN AAAA 2a01:4f8:c17:20f1::42 -* 86400 IN CNAME blowfish.buetow.org. -www 86400 IN CNAME twofish.buetow.org. diff --git a/openbsd/frontends/var/nsd/zones/master/snonux.de.zone.tpl b/openbsd/frontends/var/nsd/zones/master/snonux.de.zone.tpl deleted file mode 100644 index cc530b6..0000000 --- a/openbsd/frontends/var/nsd/zones/master/snonux.de.zone.tpl +++ /dev/null @@ -1,19 +0,0 @@ -$ORIGIN snonux.de. -$TTL 4h -@ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - <%= time() %> ; serial - 1h ; refresh - 30m ; retry - 7d ; expire - 1h ) ; negative - IN NS blowfish.buetow.org. - IN NS twofish.buetow.org. - - IN MX 10 buetow.org. - IN MX 20 www.buetow.org. - - - 86400 IN A 23.88.35.144 - 86400 IN AAAA 2a01:4f8:c17:20f1::42 -* 86400 IN CNAME blowfish.buetow.org. -www 86400 IN CNAME twofish.buetow.org. diff --git a/openbsd/frontends/var/nsd/zones/master/snonux.me.zone.tpl b/openbsd/frontends/var/nsd/zones/master/snonux.me.zone.tpl deleted file mode 100644 index e756998..0000000 --- a/openbsd/frontends/var/nsd/zones/master/snonux.me.zone.tpl +++ /dev/null @@ -1,19 +0,0 @@ -$ORIGIN snonux.me. -$TTL 4h -@ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - <%= time() %> ; serial - 1h ; refresh - 30m ; retry - 7d ; expire - 1h ) ; negative - IN NS blowfish.buetow.org. - IN NS twofish.buetow.org. - - IN MX 10 buetow.org. - IN MX 20 www.buetow.org. - - - 86400 IN A 23.88.35.144 - 86400 IN AAAA 2a01:4f8:c17:20f1::42 -* 86400 IN CNAME blowfish.buetow.org. -www 86400 IN CNAME twofish.buetow.org. |