summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile13
-rw-r--r--conf/dnsmasq.conf9
-rw-r--r--conf/interfaces.d_eth028
-rwxr-xr-xconf/network_if-up.d_samizdat5
-rw-r--r--conf/postfix_main.cf43
-rw-r--r--conf/torrc17
-rwxr-xr-xredo.sh6
-rwxr-xr-x[-rw-r--r--]src/publish-ip.sh0
-rwxr-xr-xsrc/samizdat-iptables.sh14
9 files changed, 133 insertions, 2 deletions
diff --git a/Makefile b/Makefile
index 7e3fde1..2389535 100644
--- a/Makefile
+++ b/Makefile
@@ -32,6 +32,19 @@ samizdat-paths.sh: src/samizdat-paths.in
32 @sed -e "s?PREFIX?$(prefix)?g" $< > $@ 32 @sed -e "s?PREFIX?$(prefix)?g" $< > $@
33include samizdat-paths.sh 33include samizdat-paths.sh
34 34
35install-configuration:
36ifndef instdir
37 $(error "You must specify instdir, for safety.")
38else
39 install -DT conf/dnsmasq.conf ${instdir}/etc/dnsmasq.conf
40 install -DT conf/interfaces.d_eth0 ${instdir}/etc/network/interfaces.d/eth0
41 install -DT conf/network_if-up.d_samizdat ${instdir}/etc/network/if-up.d/samizdat
42 install -DT conf/postfix_main.cf ${instdir}/etc/postfix/main.cf
43 install -DT conf/torrc ${instdir}/etc/tor/torrc
44 ln -sf /var/cache/kiki/config/tor/hostname ${instdir}/etc/mailname
45 ln -sf /var/cache/kiki/config/tor/hostname ${instdir}/etc/hostname
46endif
47
35install: ${bin_programs} samizdat-paths.sh ${compiled_programs} 48install: ${bin_programs} samizdat-paths.sh ${compiled_programs}
36 install ${bin_programs} ${instdir}${samizdat_bindir} 49 install ${bin_programs} ${instdir}${samizdat_bindir}
37 mkdir -p ${instdir}${samizdat_initrd_files_dir} 50 mkdir -p ${instdir}${samizdat_initrd_files_dir}
diff --git a/conf/dnsmasq.conf b/conf/dnsmasq.conf
new file mode 100644
index 0000000..2b523ec
--- /dev/null
+++ b/conf/dnsmasq.conf
@@ -0,0 +1,9 @@
1interface=br0
2domain=localdomain
3dhcp-range=192.168.10.10,192.168.10.253,255.255.255.0,1h
4dhcp-boot=pxelinux.0,pxeserver,192.168.10.1
5pxe-service=x86PC, "Samizdat", pxelinux
6enable-tftp
7tftp-root=/usr/local/lib/samizdat-rhizome/isolinux
8tftp-unique-root
9dhcp-script=/usr/local/bin/dnsmasq-dhcp-script.sh
diff --git a/conf/interfaces.d_eth0 b/conf/interfaces.d_eth0
new file mode 100644
index 0000000..5ec8666
--- /dev/null
+++ b/conf/interfaces.d_eth0
@@ -0,0 +1,28 @@
1# iface eth0 inet static
2# address 192.168.10.1
3# netmask 255.255.255.0
4# # post-up ipsec restart
5
6auto br0 eth0
7
8iface br0 inet static
9 address 192.168.10.1
10 netmask 255.255.255.0
11## These are useful for VMs:
12# pre-up for n in 0 1 2 3 4; do tunctl -t tap$n; done; true
13# pre-down for n in 0 1 2 3 4; do tunctl -d tap$n; done; true
14# bridge_ports eth0 tap0 tap1 tap2 tap3 tap4
15# bridge_maxwait 10
16
17## Enable "internet connection sharing"
18 up iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
19 up sysctl -w net.ipv4.ip_forward=1
20
21## Disable ipv6 auto-address.
22## This is needed sometimes, if ipv6 breaks ipv4.
23# pre-up echo 0 > /proc/sys/net/ipv6/conf/br0/accept_ra_pinfo
24
25# NB. 'ipsec reload' does not work very well
26 post-up ipsec restart
27
28iface eth0 inet manual
diff --git a/conf/network_if-up.d_samizdat b/conf/network_if-up.d_samizdat
new file mode 100755
index 0000000..4c02c93
--- /dev/null
+++ b/conf/network_if-up.d_samizdat
@@ -0,0 +1,5 @@
1#!/bin/sh
2RULE='OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040'
3iptables -t nat -D $RULE 2>/dev/null
4[ "$VERBOSITY" -gt 0 ] && set -x
5iptables -t nat -A $RULE
diff --git a/conf/postfix_main.cf b/conf/postfix_main.cf
new file mode 100644
index 0000000..7e11ff1
--- /dev/null
+++ b/conf/postfix_main.cf
@@ -0,0 +1,43 @@
1# See /usr/share/postfix/main.cf.dist for a commented, more complete version
2
3
4# Debian specific: Specifying a file name will cause the first
5# line of that file to be used as the name. The Debian default
6# is /etc/mailname.
7myorigin = /etc/mailname
8
9smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
10biff = yes
11
12# appending .domain is the MUA's job.
13append_dot_mydomain = no
14
15# It's 2013; we expect mail to be delivered quickly. Generate "delayed mail" warnings after 7 minutes.
16delay_warning_time = 7m
17
18readme_directory = no
19
20# TLS parameters
21smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
22smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
23smtpd_use_tls=yes
24smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
25smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
26
27# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
28# information on enabling SSL in the smtp client.
29
30alias_maps = hash:/etc/aliases
31alias_database = hash:/etc/aliases
32relayhost =
33mynetworks = 127.0.0.0/8 !127.84.111.114/32
34mailbox_size_limit = 0
35recipient_delimiter = +
36inet_interfaces = all
37
38# Samizdat: this is necessary for .onion URLs to resolve (until we implement DNSSEC).
39smtp_host_lookup = native
40# postfix versions before 2.11:
41disable_dns_lookups = yes
42# postfix versions 2.11 and later:
43#smtp_dns_support_level = disabled
diff --git a/conf/torrc b/conf/torrc
new file mode 100644
index 0000000..6e387ec
--- /dev/null
+++ b/conf/torrc
@@ -0,0 +1,17 @@
1SocksPort 9050 # what port to open for local application connections
2SocksListenAddress 127.0.0.1 # accept connections only from localhost
3
4HiddenServiceDir /var/lib/tor/samizdat/
5HiddenServicePort 80
6HiddenServicePort 22
7HiddenServicePort 25
8HiddenServicePort 11371
9
10HiddenServiceDir /var/lib/tor/tracker/
11HiddenServicePort 80 127.0.0.1:8070
12HiddenServicePort 2710 127.0.0.1:2710
13
14AutomapHostsOnResolve 1
15VirtualAddrNetwork 10.192.0.0/10
16DNSPort 553
17TransPort 9040
diff --git a/redo.sh b/redo.sh
index f618a79..703b830 100755
--- a/redo.sh
+++ b/redo.sh
@@ -1,7 +1,9 @@
1#!/bin/sh 1#!/bin/sh
2 2set -ex
3instdir=/home/d/sami/iso/debootstrap/jess
3sudo make install 4sudo make install
4(cd ~/sami; sudo make install instdir=/home/d/sami/iso/debootstrap/jess) 5(cd ~/sami && sudo make instdir=${instdir} install install-configuration)
6(cd ~/src/kiki && stack install && sudo cp ~/.local/bin/*kiki ${instdir}/usr/local/bin/)
5sudo touch /usr/local/lib/samizdat-rhizome/initramfs-tools/ 7sudo touch /usr/local/lib/samizdat-rhizome/initramfs-tools/
6sudo initrd.sh 8sudo initrd.sh
7sudo cp -a /usr/local/lib/samizdat-rhizome/isolinux/linux/* ~/sami/iso/debootstrap/jess/usr/local/lib/samizdat-rhizome/isolinux/linux/ 9sudo cp -a /usr/local/lib/samizdat-rhizome/isolinux/linux/* ~/sami/iso/debootstrap/jess/usr/local/lib/samizdat-rhizome/isolinux/linux/
diff --git a/src/publish-ip.sh b/src/publish-ip.sh
index 7da41b9..7da41b9 100644..100755
--- a/src/publish-ip.sh
+++ b/src/publish-ip.sh
diff --git a/src/samizdat-iptables.sh b/src/samizdat-iptables.sh
new file mode 100755
index 0000000..db5d039
--- /dev/null
+++ b/src/samizdat-iptables.sh
@@ -0,0 +1,14 @@
1#!/bin/sh
2iptables-restore -T nat <<END
3*nat
4:PREROUTING ACCEPT [1369:182220]
5:INPUT ACCEPT [2086:276956]
6:OUTPUT ACCEPT [134:22171]
7:POSTROUTING ACCEPT [144:22882]
8-A OUTPUT -p tcp -m tcp --dport 53 -m owner ! --uid-owner unbound -m owner ! --uid-owner pdns -j REDIRECT --to-ports 535
9-A OUTPUT -p udp -m udp --dport 53 -m owner ! --uid-owner unbound -m owner ! --uid-owner pdns -j REDIRECT --to-ports 535
10-A OUTPUT -d 10.192.0.0/10 -p tcp -j REDIRECT --to-ports 9040
11-A OUTPUT -d 10.64.0.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8118
12-A POSTROUTING -s 127.0.0.1/32 -m owner --uid-owner debian-tor -j SNAT --to-source 127.84.111.114
13COMMIT
14END