diff --git a/hamstercage.yaml b/hamstercage.yaml index b641233..e18a118 100644 --- a/hamstercage.yaml +++ b/hamstercage.yaml @@ -50,3 +50,28 @@ tags: mode: 0o755 owner: root type: file + /usr/local/etc/openvpn/openvpn_zs64.conf: + group: wheel + mode: 0o644 + owner: root + type: file + /usr/local/etc/openvpn/vvmau.gruenkohl.org.cert: + group: wheel + mode: 0o644 + owner: root + type: file + /usr/local/etc/openvpn/vvmau.gruenkohl.org.key: + group: wheel + mode: 0o644 + owner: root + type: file + /usr/local/etc/sudoers: + group: wheel + mode: 0o440 + owner: root + type: file + /usr/local/etc/telegraf.conf: + group: wheel + mode: 0o644 + owner: root + type: file diff --git a/tags/router.au/usr/local/etc/openvpn/openvpn_zs64.conf b/tags/router.au/usr/local/etc/openvpn/openvpn_zs64.conf new file mode 100644 index 0000000..d209082 --- /dev/null +++ b/tags/router.au/usr/local/etc/openvpn/openvpn_zs64.conf @@ -0,0 +1,35 @@ +# +# Verbindung zu zs64 +# + +client +verify-x509-name CN=openvpn.zs64.net + +dev tun1 + +remote openvpn.zs64.net 1194 +nobind + +ca cryptonomicore-ca-cert.pem +dh dh1024.pem + +cert /usr/local/etc/openvpn/vvmau.gruenkohl.org.cert +key /usr/local/etc/openvpn/vvmau.gruenkohl.org.key + +comp-lzo no + +log-append /var/log/openvpn_zs64.log +#script-security 3 +#ifconfig-noexec +#up /usr/local/etc/openvpn/openvpn_zs64.up + + +verb 3 +status /var/run/openvpn_zs64.status +management /var/run/openvpn_zs64.sock unix +management-client-user root +management-client-group wheel + +#fragment 1400 +#mssfix +#comp-lzo yes diff --git a/tags/router.au/usr/local/etc/openvpn/vvmau.gruenkohl.org.cert b/tags/router.au/usr/local/etc/openvpn/vvmau.gruenkohl.org.cert new file mode 100644 index 0000000..4e6baa0 --- /dev/null +++ b/tags/router.au/usr/local/etc/openvpn/vvmau.gruenkohl.org.cert @@ -0,0 +1,84 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 192 (0xc0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=DE, L=Hamburg, O=cryptonomicore.net, CN=Cryptonomicore CA/emailAddress=ca@cryptonomicore.net + Validity + Not Before: Mar 23 20:42:21 2021 GMT + Not After : Apr 16 20:42:21 2026 GMT + Subject: CN=vvmau.gruenkohl.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:38:69:4f:9d:22:f5:2d:e5:f9:41:35:d3:93: + 90:08:d7:4d:ab:67:95:19:12:87:af:b7:fd:16:d7: + 99:34:ad:c6:44:ec:ad:09:86:e5:2b:a3:76:38:f3: + 93:c3:ca:32:ef:c4:64:f5:32:a5:3f:5a:b0:7d:66: + da:ff:d2:95:f5:37:a2:9e:b9:33:16:0c:48:fa:85: + 4d:89:be:cc:0f:e1:86:38:b2:42:34:37:34:0e:18: + 10:f2:dd:e0:0e:b9:55:b4:50:95:cb:13:ad:58:fb: + c0:0b:7f:82:f6:4e:f3:c9:ac:83:48:00:e2:6e:9a: + db:b4:b5:4d:30:15:5e:22:9b:16:e3:e4:36:e1:5b: + 08:0d:3a:d9:6b:03:0d:0d:03:e2:20:5f:c8:19:eb: + 97:47:95:ea:e9:6f:83:6f:71:ba:21:2c:2f:11:b4: + fc:a2:93:c4:b3:0f:f5:24:57:b5:56:4b:e6:2b:19: + ed:47:bd:f0:43:bd:75:09:f2:ee:4a:24:ac:22:cb: + f1:3d:08:e8:52:46:76:53:2d:ea:e0:9a:51:c4:d0: + 21:c1:3e:fd:b8:ac:2c:f6:44:6d:6c:c6:c8:71:1b: + 05:96:f5:c9:9b:6b:a3:1d:86:4c:b6:1a:e1:1b:25: + 5b:08:0e:23:d5:61:f3:ba:70:56:9f:27:7a:a4:a4: + 6d:73 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 29:F1:E5:BD:A4:2A:67:57:02:3F:2E:90:65:34:44:38:D4:11:D0:23 + X509v3 Authority Key Identifier: + DirName:/C=DE/L=Hamburg/O=cryptonomicore.net/CN=Cryptonomicore CA/emailAddress=ca@cryptonomicore.net + serial:56 + + Netscape CA Revocation Url: + https://www.cryptonomicore.net/ca-crl.pem + Signature Algorithm: sha1WithRSAEncryption + 46:2f:47:fa:24:ad:17:8f:c8:fd:b1:09:91:ef:95:2a:e7:58: + d0:c3:93:72:ea:11:25:66:b3:da:49:25:3a:0d:99:96:fd:9c: + eb:ea:13:b3:c7:03:ff:05:c3:45:0c:64:a6:9a:e5:7a:89:9d: + d7:54:58:0a:9a:f8:c1:43:37:1f:9b:a6:58:fb:32:7d:f6:8b: + 68:ee:99:6c:78:a1:31:b3:cb:b9:3b:11:37:92:5f:86:ff:49: + 89:75:ce:51:07:24:66:64:d7:b9:d8:4b:72:fa:32:a8:62:67: + 69:b5:94:54:b7:c1:b3:91:e1:54:0a:79:26:01:0a:a6:2b:a8: + 13:f9:95:6a:24:f8:94:07:ad:8d:93:c7:2b:33:ba:69:fe:d6: + 0c:13:da:a8:4b:bc:60:f3:32:cb:73:14:cd:4c:12:71:04:e4: + c1:30:d0:1c:e2:e5:df:07:a8:eb:66:39:d5:c3:a6:b5:ff:7d: + 93:a5:a2:81:bb:74:5b:f4:0e:e6:97:39:51:b3:1e:f2:9b:ba: + 5b:3e:a4:df:3e:17:c6:ad:12:c6:b4:3b:4b:a0:47:41:5b:ba: + 4c:0c:65:1e:04:d8:d3:34:14:86:9f:f4:e8:cf:dd:bf:23:a5: + 10:ab:3e:e4:ae:81:f7:e3:ca:71:de:d2:47:2c:d4:4f:b6:e3: + 4f:c6:8f:f9 +-----BEGIN CERTIFICATE----- +MIIEFzCCAv+gAwIBAgICAMAwDQYJKoZIhvcNAQEFBQAwfjELMAkGA1UEBhMCREUx +EDAOBgNVBAcMB0hhbWJ1cmcxGzAZBgNVBAoMEmNyeXB0b25vbWljb3JlLm5ldDEa +MBgGA1UEAwwRQ3J5cHRvbm9taWNvcmUgQ0ExJDAiBgkqhkiG9w0BCQEWFWNhQGNy +eXB0b25vbWljb3JlLm5ldDAeFw0yMTAzMjMyMDQyMjFaFw0yNjA0MTYyMDQyMjFa +MB4xHDAaBgNVBAMTE3Z2bWF1LmdydWVua29obC5vcmcwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDDOGlPnSL1LeX5QTXTk5AI102rZ5UZEoevt/0W15k0 +rcZE7K0JhuUro3Y485PDyjLvxGT1MqU/WrB9Ztr/0pX1N6KeuTMWDEj6hU2JvswP +4YY4skI0NzQOGBDy3eAOuVW0UJXLE61Y+8ALf4L2TvPJrINIAOJumtu0tU0wFV4i +mxbj5DbhWwgNOtlrAw0NA+IgX8gZ65dHlerpb4NvcbohLC8RtPyik8SzD/UkV7VW +S+YrGe1HvfBDvXUJ8u5KJKwiy/E9COhSRnZTLergmlHE0CHBPv24rCz2RG1sxshx +GwWW9cmba6Mdhky2GuEbJVsIDiPVYfO6cFafJ3qkpG1zAgMBAAGjgf4wgfswCQYD +VR0TBAIwADAdBgNVHQ4EFgQUKfHlvaQqZ1cCPy6QZTREONQR0CMwgZQGA1UdIwSB +jDCBiaGBg6SBgDB+MQswCQYDVQQGEwJERTEQMA4GA1UEBwwHSGFtYnVyZzEbMBkG +A1UECgwSY3J5cHRvbm9taWNvcmUubmV0MRowGAYDVQQDDBFDcnlwdG9ub21pY29y +ZSBDQTEkMCIGCSqGSIb3DQEJARYVY2FAY3J5cHRvbm9taWNvcmUubmV0ggFWMDgG +CWCGSAGG+EIBBAQrFilodHRwczovL3d3dy5jcnlwdG9ub21pY29yZS5uZXQvY2Et +Y3JsLnBlbTANBgkqhkiG9w0BAQUFAAOCAQEARi9H+iStF4/I/bEJke+VKudY0MOT +cuoRJWaz2kklOg2Zlv2c6+oTs8cD/wXDRQxkpprleomd11RYCpr4wUM3H5umWPsy +ffaLaO6ZbHihMbPLuTsRN5Jfhv9JiXXOUQckZmTXudhLcvoyqGJnabWUVLfBs5Hh +VAp5JgEKpiuoE/mVaiT4lAetjZPHKzO6af7WDBPaqEu8YPMyy3MUzUwScQTkwTDQ +HOLl3weo62Y51cOmtf99k6Wigbt0W/QO5pc5UbMe8pu6Wz6k3z4Xxq0SxrQ7S6BH +QVu6TAxlHgTY0zQUhp/06M/dvyOlEKs+5K6B9+PKcd7SRyzUT7bjT8aP+Q== +-----END CERTIFICATE----- diff --git a/tags/router.au/usr/local/etc/openvpn/vvmau.gruenkohl.org.key b/tags/router.au/usr/local/etc/openvpn/vvmau.gruenkohl.org.key new file mode 100644 index 0000000..5921fc1 --- /dev/null +++ b/tags/router.au/usr/local/etc/openvpn/vvmau.gruenkohl.org.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDDOGlPnSL1LeX5 +QTXTk5AI102rZ5UZEoevt/0W15k0rcZE7K0JhuUro3Y485PDyjLvxGT1MqU/WrB9 +Ztr/0pX1N6KeuTMWDEj6hU2JvswP4YY4skI0NzQOGBDy3eAOuVW0UJXLE61Y+8AL +f4L2TvPJrINIAOJumtu0tU0wFV4imxbj5DbhWwgNOtlrAw0NA+IgX8gZ65dHlerp +b4NvcbohLC8RtPyik8SzD/UkV7VWS+YrGe1HvfBDvXUJ8u5KJKwiy/E9COhSRnZT +LergmlHE0CHBPv24rCz2RG1sxshxGwWW9cmba6Mdhky2GuEbJVsIDiPVYfO6cFaf +J3qkpG1zAgMBAAECggEBAJ5vdeiLGwfozC/SYKDprYe/VOW7FyJWC5DsvZaAO3Kp +ZbQicPy+YddcvmHSLSZFP7mfpl/pTntwWrQreakNe26cTHqMy40lQ0UuUpNsKajp +20jAQ0KlWrXlijvRHjpU592DWU6LFbCWAHJUdjD4Opp+S71wGlSxkYXDbnWLoe5q +ijx0X9QOamo8sfphiVbbb+EYOGYA9bk+fr7WaVSl9ZYKAxKkNUOUYVC83JKBBXCp +TjwREd7Vk/UCBvTOxiaj10kTCsmONpFyVowasfhFFvljPy+g7UJLB7WX3maBsbC2 +XPvnKUrDXxYumDV/4k+7rDE49oXQ9I2Fffwwt/8FDWECgYEA/LcJL+JJ6jQ5JD84 +tEqejhE5l56RJBdomoHKG5sbg2YPyhsX5nIgabCp5cD9OUi5oYA2lHAjH1TriEeP +ITNa4tocM+dtrbFAkoQghDxITOKh2kK4LHZAg0zRvVl4etaJcljhjFOC1/mBM0we +dw/EAU1f4EdRULZOyjpq9NP4bUUCgYEAxcIMsoO0nalhX0VhGEftWmQDeFJDFCqr +dM4LXaY/8nseHyuF2XLiCJp7jw3iVInyxFLyOElooXt8+6+DnHhA/P3cNqQrvMb8 +CFuDKITnpyGgTxDdMu5TDGegOEteW9bKQ/gdasPkW0bDNLG9Tjn7HssKLSakrUQK +FQA5vWXzT1cCgYBMPfxrkd2y5uaGZPx6iDilq9SwRYqMVPOeCaIsCfOXBOemld30 +DGJzAHWBd2PuMF6wtrnAtsQh48DbcJth7NhysFLp5dxVFrDggzQ8MOOvLoCeFJrz +7wkvk7GDasbKaIc3FFGXwGotNn0gOMrIKN19dxaB14JU02uZ3139VyYP8QKBgQC8 +G6g+Sh+M9OglWnZQRWLV31qZog4iabAr7C5Nh20+drQhTCIGxEuTiXbMjZVjetCM +xKWYuuMm77LkKYCUXqLaw5Mr+p+L8u8b+Ahbi4hapxa4/r6Zyq7+lreFtNNtonNF +kgZRX0KhPD9EqWj7txVSpino5uAv3A+HCG7j5M07AwKBgDG2z+3yok5S8dSb1nc2 +/n8ik0Bvs/lXG160B2HeCDrXF/InnN3AwMzYSSjjXkGVJYn4ThREoT7mflciA78s +ywvWMPFskBolxtCU6nZgO1UmmsX6q6XTmT/z9DbXxjPFIv4Pb0GJ6OryCGb71Vjv +ii7C7PD75gE0UMBjTxDq5BhU +-----END PRIVATE KEY----- diff --git a/tags/router.au/usr/local/etc/sudoers b/tags/router.au/usr/local/etc/sudoers new file mode 100644 index 0000000..d182d3e --- /dev/null +++ b/tags/router.au/usr/local/etc/sudoers @@ -0,0 +1,110 @@ +## sudoers file. +## +## This file MUST be edited with the 'visudo' command as root. +## Failure to use 'visudo' may result in syntax or file permission errors +## that prevent sudo from running. +## +## See the sudoers man page for the details on how to write a sudoers file. +## + +## +## Host alias specification +## +## Groups of machines. These may include host names (optionally with wildcards), +## IP addresses, network numbers or netgroups. +# Host_Alias WEBSERVERS = www1, www2, www3 + +## +## User alias specification +## +## Groups of users. These may consist of user names, uids, Unix groups, +## or netgroups. +# User_Alias ADMINS = millert, dowdy, mikef + +## +## Cmnd alias specification +## +## Groups of commands. Often used to group related commands together. +# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ +# /usr/bin/pkill, /usr/bin/top +# Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff + +## +## Defaults specification +## +## Uncomment if needed to preserve environmental variables related to the +## FreeBSD pkg utility and fetch. +# Defaults env_keep += "PKG_CACHEDIR PKG_DBDIR FTP_PASSIVE_MODE" +## +## Additionally uncomment if needed to preserve environmental variables +## related to portupgrade +# Defaults env_keep += "PORTSDIR PORTS_INDEX PORTS_DBDIR PACKAGES PKGTOOLS_CONF" +## +## You may wish to keep some of the following environment variables +## when running commands via sudo. +## +## Locale settings +# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +## +## Run X applications through sudo; HOME is used to find the +## .Xauthority file. Note that other programs use HOME to find +## configuration files and this may lead to privilege escalation! +# Defaults env_keep += "HOME" +## +## X11 resource path settings +# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" +## +## Desktop path settings +# Defaults env_keep += "QTDIR KDEDIR" +## +## Allow sudo-run commands to inherit the callers' ConsoleKit session +# Defaults env_keep += "XDG_SESSION_COOKIE" +## +## Uncomment to enable special input methods. Care should be taken as +## this may allow users to subvert the command being run via sudo. +# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" +## +## Uncomment to use a hard-coded PATH instead of the user's to find commands +# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +## +## Uncomment to send mail if the user does not enter the correct password. +# Defaults mail_badpass +## +## Uncomment to enable logging of a command's output, except for +## sudoreplay and reboot. Use sudoreplay to play back logged sessions. +# Defaults log_output +# Defaults!/usr/bin/sudoreplay !log_output +# Defaults!/usr/local/bin/sudoreplay !log_output +# Defaults!REBOOT !log_output + +## +## Runas alias specification +## + +## +## User privilege specification +## +root ALL=(ALL) ALL + +## Uncomment to allow members of group wheel to execute any command +# %wheel ALL=(ALL) ALL + +## Same thing without a password +%wheel ALL=(ALL) NOPASSWD: ALL + +## Uncomment to allow members of group sudo to execute any command +# %sudo ALL=(ALL) ALL +%sudo ALL=(ALL) NOPASSWD: ALL + +## Uncomment to allow any user to run sudo if they know the password +## of the user they are running the command as (root by default). +# Defaults targetpw # Ask for the password of the target user +# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' + +## Uncomment to show on password prompt which users' password is being expected +# Defaults passprompt="%p's password:" + +## Read drop-in files from /usr/local/etc/sudoers.d +## (the '#' here does not indicate a comment) +#includedir /usr/local/etc/sudoers.d +Defaults env_keep += "SSH_AUTH_SOCK" diff --git a/tags/router.au/usr/local/etc/telegraf.conf b/tags/router.au/usr/local/etc/telegraf.conf new file mode 100644 index 0000000..9683f27 --- /dev/null +++ b/tags/router.au/usr/local/etc/telegraf.conf @@ -0,0 +1,87 @@ +[global_tags] + location = "Aumuehle" + +[agent] + hostname = "router.lokschuppen-aumuehle.de" + interval = "10s" + round_interval = true + metric_batch_size = 1000 + metric_buffer_limit = 10000 + collection_jitter = "0s" + flush_interval = "10s" + flush_jitter = "0s" + precision = "" + # debug = false + # quiet = false + logtarget = "file" + logfile_rotation_interval = "0d" + logfile_rotation_max_size = "100MB" + logfile_rotation_max_archives = 5 + + +[[outputs.influxdb]] + urls = ["https://influxdb.vvm-museumsbahn.de"] + database = "telegraf" + username = "telegraf" + password = "ub74odVuK9QiiLHk7rhA" + + +[[inputs.cpu]] + percpu = true + totalcpu = true + collect_cpu_time = false + report_active = false + + +[[inputs.disk]] + mount_points = ["/"] + ignore_fs = ["tmpfs", "devfs", "fdescfs", "procfs"] + + +# Read metrics about memory usage +[[inputs.mem]] + # no configuration + + +# Get the number of processes and group them by status +[[inputs.processes]] + # no configuration + + +# Read metrics about swap memory usage +[[inputs.swap]] + # no configuration + + +# Read metrics about system load & uptime +[[inputs.system]] + ## Uncomment to remove deprecated metrics. + # fielddrop = ["uptime_format"] + + +[[inputs.dns_query]] + servers = ["127.0.0.1", "8.8.8.8"] + domains = ["www.vvm-museumsbahn.de"] + + +[[inputs.net]] + interfaces = ["ng0", "tun1", "igb0"] + + +[[inputs.snmp]] + agents = [ "udp://192.168.1.1:161" ] + version = 2 + community = "public" + + [[inputs.snmp.field]] + oid = "RFC1213-MIB::sysName.0" + name = "source" + is_tag = true + +[[inputs.snmp.field]] + oid = "ADSL-LINE-MIB::adslAtucChanCurrTxRate.4" + name = "rx" + +[[inputs.snmp.field]] + oid = "ADSL-LINE-MIB::adslAturChanCurrTxRate.4" + name = "tx"