Add scripts from aech

aech/dnssec-keys.sh

@@ -0,0 +1,279 @@
+#!/bin/sh
+# dnssec-keys: DNSSEC key management tool
+#
+# @home: https://github.com/northox/dnssec-reverb
+# @license: Simplified BSD
+# Copyright (c) 2019 Tobias Strobel <git@strobeltobias.de>.
+# Based on work by:
+# Copyright (c) 2017 Danny Fullerton <danny@mantor.org>. 
+# Copyright (c) 2009-2013 Kazunori Fujiwara <fujiwara@wide.ad.jp>.
+
+PROG=`basename $0`
+DIR=`dirname $0`
+
+KEYDIR="/var/cache/bind/keys"
+
+keygen="/usr/sbin/dnssec-keygen"
+settime="/usr/sbin/dnssec-settime"
+key2ds="/usr/sbin/dnssec-dsfromkey"
+control="/usr/sbin/rndc"
+RELOAD_COMMAND="$control loadkeys \$ZONE"
+KSK_PARAM="-n zone -a ECDSAP384SHA384 -f ksk"
+ZSK_PARAM="-n zone -a ECDSAP384SHA384"
+DNSRECORD_PARAM="-2"
+NOW=`date +%Y%m%d%H%M%S`
+DEFAULT_EXPIRE=33
+LOCKF=""
+
+Fatal()
+{
+	[ "$LOCKF" != "" ] && rm $LOCKF
+	echo $PROG: $1 >&2
+	exit 1
+}
+
+# defaults
+[ "$KEYDIR" = "" ] && Fatal "\$KEYDIR not set"
+[ -d "$KEYDIR" ] || Fatal "\$KEYDIR not a directory ($KEYDIR)"
+[ "$KEYBACKUPDIR" = "" ] && KEYBACKUPDIR="$KEYDIR/backup"
+[ "$DNSRECORDDIR" = "" ] && DNSRECORDDIR="$KEYDIR/dnsrecord"
+HEAD_ZSKNAME="zsk-"
+HEAD_KSKNAME="ksk-"
+HEAD_ZSSNAME="zss-"
+HEAD_ZSRNAME="zsr-" # Removed ZSK
+HEAD_KSSNAME="kss-"
+
+# setup
+[ ! -d $KEYBACKUPDIR ] && mkdir -p $KEYBACKUPDIR
+[ ! -d $DNSRECORDDIR ] && mkdir -p $DNSRECORDDIR
+
+cd $KEYDIR
+
+_check_file()
+{
+	while [ "$1" != "" ]; do
+		[ ! -s "$1" ] && Fatal "$1 does not exist."
+		shift
+	done
+}
+
+_check_nofile()
+{
+	while [ "$1" != "" ]; do
+		[ -f "$1" ] && Fatal "$1 exist."
+		shift
+	done
+}
+
+_usage()
+{
+	[ "$LOCKF" != "" ] && rm $LOCKF
+	cat <<EOF
+usage: $PROG keygen <zone>
+       $PROG rmkeys <zone>
+       $PROG [-s] ksk-add <zone>
+       $PROG [-s] ksk-roll <zone>
+       $PROG [-s] zsk-add <zone>
+       $PROG [-s] zsk-roll <zone>
+       $PROG [-s] zsk-rmold <zone>
+       $PROG sign <zone>
+       $PROG status <zone>
+EOF
+	exit 1
+}
+
+sign()
+{
+	chmod g+r *.*
+	eval $RELOAD_COMMAND
+}
+
+status()
+{
+	DNSRECORD_FILE_TMP="$DNSRECORD_FILE.tmp"
+	if [ -f $KSK_FILE ]; then
+		echo -n "$ZONE's KSK = "
+		cat $KSK_FILE;
+		tail -n1 `cat $KSK_FILE`.key | tee $DNSRECORD_FILE_TMP
+		$key2ds $_DNSRECORD_PARAM `cat $KSK_FILE`.key | tee -a $DNSRECORD_FILE_TMP
+	fi
+	if [ -f $KSK_S_FILE ]; then
+		echo -n "$ZONE's next KSK = "
+		cat $KSK_S_FILE;
+		tail -n1 `cat $KSK_S_FILE`.key | tee $DNSRECORD_FILE_TMP
+		$key2ds $_DNSRECORD_PARAM `cat $KSK_S_FILE`.key | tee -a $DNSRECORD_FILE_TMP
+	fi
+	if [ -f $ZSK_FILE ]; then
+		echo -n "$ZONE's ZSK = "
+		cat $ZSK_FILE;
+	fi
+	if [ -f $ZSK_S_FILE ]; then
+		echo -n "$ZONE's next ZSK = "
+		cat $ZSK_S_FILE;
+	fi
+	if [ -f $ZSK_R_FILE ]; then
+		echo -n "$ZONE's previous ZSK = "
+		cat $ZSK_R_FILE;
+	fi
+	mv -f $DNSRECORD_FILE_TMP $DNSRECORD_FILE
+}
+
+keygensub()
+{
+	echo "$keygen $1 $2"
+	newfile="$3"
+	tmpfile="$3.tmp"
+	_KEY=`$keygen $1 $2`
+	[ -f $_KEY.ds ] && rm $_KEY.ds
+	if [ ! -s $_KEY.key ]; then
+		rm $_KEY.key
+		Fatal "cannot write new key: $1 $2 $3"
+	fi
+	echo $_KEY > $tmpfile
+	read _KEY2 < $tmpfile
+	if [ "$_KEY" != "$_KEY2" ]; then
+		rm $tmpfile
+		rm $_KEY.key
+		Fatal "cannot write $tmpfile"
+	fi
+	mv $tmpfile $newfile
+}
+
+removekeys_sub()
+{
+	if [ -f $1 ]; then
+		KEY=`head -1 $1`
+		if [ -f $KEY.key ]; then
+			mv $KEY.key $KEY.private $KEYBACKUPDIR/
+		fi
+	fi
+}
+
+remove_previouskey()
+{
+	if [ -f $ZSK_R_FILE ]; then
+		removekeys_sub $ZSK_R_FILE
+		mv $ZSK_R_FILE "$KEYBACKUPDIR/removed-ZSK-$NOW-$ZONE"
+	fi
+}
+
+if [ "$1" = "" -o "$1" = "-h" -o "$1" = "-?" -o "$1" = "--help" ]; then
+	_usage
+	exit 0
+elif [ "$1" = "-s" -o "$1" = "--sign" ];then
+        SIGN_OPT=1
+        shift
+fi
+
+CMD="$1"
+shift
+
+if [ "$1" = "" ]; then
+	Fatal "A zone must be provided."
+else
+	ZONELIST="$*"
+fi
+
+for ZONE in $ZONELIST
+do
+	LOCKF="$ZONE.lock"
+	TMPF="$ZONE.$$"
+	KSK_FILE="$HEAD_KSKNAME$ZONE"
+	ZSK_FILE="$HEAD_ZSKNAME$ZONE"
+	KSK_S_FILE="$HEAD_KSSNAME$ZONE"
+	ZSK_S_FILE="$HEAD_ZSSNAME$ZONE"
+	ZSK_R_FILE="$HEAD_ZSRNAME$ZONE"
+	DNSRECORD_FILE="$DNSRECORDDIR/$ZONE"
+	ZONE_=`echo $ZONE | tr .- __`
+	eval _KSK_PARAM=\${KSK_PARAM_$ZONE_:-$KSK_PARAM}
+	eval _ZSK_PARAM=\${ZSK_PARAM_$ZONE_:-$ZSK_PARAM}
+	eval _DNSRECORD_PARAM=\${DNSRECORD_PARAM_$ZONE_:-$DNSRECORD_PARAM}
+
+	echo "LOCK$$" > $TMPF
+	LOCKSTR=`cat $TMPF`
+	if [ ! -f $TMPF -o "LOCK$$" != "$LOCKSTR" ]; then
+		Fatal "cannot write lock file $TMPF"
+	fi
+	if ln $TMPF $LOCKF; then
+		:
+	else
+		rm $TMPF
+		echo "zone $ZONE locked"
+		continue
+	fi
+	rm $TMPF
+	case $CMD in
+	keygen)
+		_check_nofile $KSK_FILE $ZSK_FILE
+		keygensub "$_KSK_PARAM" $ZONE $KSK_FILE
+		keygensub "$_ZSK_PARAM" $ZONE $ZSK_FILE
+		status
+		;;
+	rmkeys)
+		removekeys_sub $KSK_FILE
+		removekeys_sub $ZSK_FILE
+		removekeys_sub $KSK_S_FILE
+		removekeys_sub $ZSK_S_FILE
+		rm $KSK_FILE $ZSK_FILE $KSK_S_FILE $ZSK_S_FILE
+		status
+		;;
+	ksk-add)
+		_check_nofile $KSK_S_FILE
+		keygensub "$_KSK_PARAM" $ZONE $KSK_S_FILE
+		status
+		;;
+	ksk-roll)
+		_check_file $KSK_FILE $KSK_S_FILE
+		KSK=`head -1 $KSK_FILE`
+		KSS=`head -1 $KSK_S_FILE`
+		_check_file $KSK.key $KSS.key $KSK.private $KSS.private
+		mv $KSK.key $KSK.private $KEYBACKUPDIR/
+		mv $KSK_S_FILE $KSK_FILE
+		OLDKSK="$KSK"
+		KSK="$KSS"
+		KSS=""
+		echo "$ZONE 's KSK: valid -> removed: $OLDKSK"
+		echo "$ZONE 's KSK: next  -> current: $KSK"
+		status
+		;;
+	zsk-add)
+		_check_nofile $ZSK_S_FILE
+		keygensub "$_ZSK_PARAM" $ZONE $ZSK_S_FILE
+		status
+		;;
+	zsk-roll)
+		_check_file $ZSK_FILE $ZSK_S_FILE
+		ZSK=`head -1 $ZSK_FILE`
+		ZSS=`head -1 $ZSK_S_FILE`
+		_check_file $ZSK.key $ZSS.key $ZSK.private $ZSS.private
+		remove_previouskey
+		mv $ZSK_FILE $ZSK_R_FILE
+		mv $ZSK_S_FILE $ZSK_FILE
+		OLDZSK="$ZSK"
+		ZSK="$ZSS"
+		ZSS=""
+		echo "$ZONE 's ZSK: valid -> previous: $OLDZSK"
+		echo "$ZONE 's ZSK: next -> current: $ZSK"
+		status
+		;;
+	zsk-rmold)
+		_check_file $ZSK_R_FILE
+		remove_previouskey
+		status
+		;;
+	sign)
+		sign
+		;;
+	status)
+		status
+		;;
+	*)
+		echo "unknown command: $CMD"
+		_usage
+		;;
+	esac
+	rm $LOCKF
+done
+
+[ "$SIGN_OPT" = 1 ] && sign
+exit 0

aech/motd.sh

@@ -0,0 +1,71 @@
+##!/bin/bash
+# MOTD script
+
+# Variables
+user=$USER
+path=$PWD
+home=$HOME
+
+# Calculate last login
+lastlog=$(lastlog -u $user | tail -n 1)
+ll[0]=$(echo $lastlog | awk '{print $4}')
+ll[1]=$(echo $lastlog | awk '{print $5}')
+ll[2]=$(echo $lastlog | awk '{print $6}')
+ll[3]=$(echo $lastlog | awk '{print $7}')
+ll[4]=$(echo $lastlog | awk '{print $3}')
+
+# Calculate current system uptime
+uptime=$(uptime -p|cut -c 4-)
+upsince=$(uptime -s)
+
+# Calculate usage of disk
+usage=$(df -h / | head -n 2 | tail -n 1 | awk '{print $3}')
+usageTotal=$(df -h / | head -n 2 | tail -n 1 | awk '{print $2}')
+
+# Calculate SSH logins
+logins=$(w -s|head -n1|awk '{print $6}')
+
+#  Calculate processes
+psa=$(($(ps -A h | wc -l)-2))
+
+#  Calculate current system load
+loadavg=$(cat /proc/loadavg)
+sysload[1]=$(echo $loadavg|awk '{print $1}')
+sysload[5]=$(echo $loadavg|awk '{print $2}')
+sysload[15]=$(echo $loadavg|awk '{print $3}')
+
+#  Calculate Memory
+memory=$(free -mh|head -n2|tail -n1)
+memT=$(echo $memory|awk '{print $2}')
+memU=$(echo $memory|awk '{print $3}')
+memF=$(echo $memory|awk '{print $4}')
+memC=$(echo $memory|awk '{print $6}')
+memory=$(free -mh|tail -n1)
+memS=$(echo $memory|awk '{print $3}')
+
+#  ASCII head
+head=$(cat <<EOF
+ 
+ ,                  ,
+ '"\_            ,/",
+  \.'\_        ,/ ,/                /) /) ,       /)      
+    \.'\_    ,/ ,/     _   __      // //   __   _(/ _____ 
+      \.'\__/ ,/      (_/_/ (_(_/_/(_/(__(_/ (_(_(_(_)/ (_
+        \{00}/       .-/     .-/ /) /)                    
+         \  /       (_/     (_/ (/ (/                     
+       +==""==+
+ 
+                <<< ${user}@$(hostname) >>>
+ 
+EOF
+)
+
+# Print Output
+echo -e "\033[01;32m$head\033[0m"
+echo -e "  \033[35mLast Login....:\033[0m \033[36m${ll[1]} ${ll[2]} ${ll[3]} from ${ll[4]}\033[0m \033[33m${ll[5]}\033[0m"
+echo -e "  \033[35mUptime........:\033[0m \033[36m$uptime (since $upsince)\033[0m"
+echo -e "  \033[35mLoad..........:\033[0m \033[36m${sysload[1]} (1minute) ${sysload[5]} (5minutes) ${sysload[15]} (15minutes)\033[0m"
+echo -e "  \033[35mMemory MB.....:\033[0m \033[36m$memT  Used: $memU  Free: $memF  Free Cached: $memC  Swap Used: $memS\033[0m"
+echo -e "  \033[35mDisk Usage....:\033[0m \033[36m$usage out of $usageTotal\033[0m"
+echo -e "  \033[35mSSH Logins....:\033[0m \033[36mThere are currently $logins active sessions\033[0m"
+echo -e "  \033[35mProcesses.....:\033[0m \033[36m$psa total running\033[0m\n"

aech/nsec3signing.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+rndc signing -nsec3param 1 0 10 auto strobeto.de
+rndc signing -nsec3param 1 0 10 auto strobeltobias.de

aech/update-nc-apps.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+# Fix: The input device is not a tty
+#export COMPOSE_INTERACTIVE_NO_CLI=1
+/usr/bin/docker exec --user 33 nextcloud-space php occ app:update --all

aech/upgrade-docker-compose.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+echo "Downloading latest version of docker-compose..."
+curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
+
+if [ $? -eq 0 ]; then
+  chmod +x /usr/local/bin/docker-compose
+else
+  echo "Upgrade failed!"
+fi
+