From 3d29ecb8767d923f79b82566fd57b08db76b8fc5 Mon Sep 17 00:00:00 2001 From: Silvino Silva Date: Sat, 15 Oct 2016 01:31:34 +0100 Subject: tools revision --- tools/conf/etc/ssh/sshd_config | 141 ++++++++++++++++++++++++++++++++++++++ tools/gitolite.html | 102 ++++++++++++++------------- tools/index.html | 5 +- tools/openssh.html | 36 ++++++---- tools/qemu.html | 29 ++++---- tools/scripts/config-install.sh | 4 -- tools/scripts/install-nginx.sh | 24 ------- tools/scripts/install-php.sh | 7 -- tools/scripts/install-postgres.sh | 16 ----- tools/scripts/setup-gitolite.sh | 43 ++++++++++++ tools/scripts/setup-nginx.sh | 24 +++++++ tools/scripts/setup-openssh.sh | 43 ++++++++++++ tools/scripts/setup-php.sh | 7 ++ tools/scripts/setup-postgresql.sh | 87 +++++++++++++++++++++++ tools/scripts/system-iptables.sh | 6 +- tools/scripts/system-qemu.sh | 65 +++++++++++++++--- 16 files changed, 491 insertions(+), 148 deletions(-) create mode 100644 tools/conf/etc/ssh/sshd_config delete mode 100644 tools/scripts/config-install.sh delete mode 100644 tools/scripts/install-nginx.sh delete mode 100644 tools/scripts/install-php.sh delete mode 100644 tools/scripts/install-postgres.sh create mode 100644 tools/scripts/setup-gitolite.sh create mode 100644 tools/scripts/setup-nginx.sh create mode 100644 tools/scripts/setup-openssh.sh create mode 100644 tools/scripts/setup-php.sh create mode 100644 tools/scripts/setup-postgresql.sh (limited to 'tools') diff --git a/tools/conf/etc/ssh/sshd_config b/tools/conf/etc/ssh/sshd_config new file mode 100644 index 0000000..5e07530 --- /dev/null +++ b/tools/conf/etc/ssh/sshd_config @@ -0,0 +1,141 @@ +# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Port 2222 +#AddressFamily any +AddressFamily inet +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Ciphers and keying +#RekeyLimit default none + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO +LogLevel VERBOSE + +# Authentication: + +LoginGraceTime 1m +#PermitRootLogin prohibit-password +PermitRootLogin no +#StrictModes yes +#MaxAuthTries 6 +MaxAuthTries 3 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes + +AllowGroups admin users gitolite + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +UsePrivilegeSeparation sandbox +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +Banner /etc/issues + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/tools/gitolite.html b/tools/gitolite.html index 8616798..58d6d96 100644 --- a/tools/gitolite.html +++ b/tools/gitolite.html @@ -2,33 +2,28 @@ - 1. Gitolite + Gitolite Tools Index -

1. Gitolite

+

Gitolite

-

1.1. Install Gitolite

+

1. Install Gitolite

Install Gitolite port first;

+ 
         $ prt-get depinst gitolite
-

This setup is based on documentation from - Arch Wiki. Mount point;

- - 
-        # mkdir -p /srv/gitolite
-        # mount /srv/gitolite
-
+

2. Configure Gitolite

-

Create user;

+

Create user and home directory;

+        # mkdir -p /srv/gitolite
         # useradd -U -d /srv/gitolite gitolite
-        # passwd gitolite
         # chown gitolite:gitolite /srv/gitolite
@@ -36,10 +31,14 @@ locked and can login via ssh. This password will not be used.

-

1.2. Configure Gitolite

+ 
+        # passwd gitolite
+
-

You need to copy a public key, read ssh - how to create one.

+

Copy public key that will be used for + authenticating gitolite administrator, read + ssh how to + create one.

         $ sudo install -o gitolite -g gitolite /home/bob/.ssh/gitolite.pub /srv/gitolite/gitolite.pub
@@ -66,7 +65,7 @@
         $ ssh -v -i ~/.ssh/gitulite_rsa gitolite@localhost -p 2222
-

1.3. Gitolite Administration

+

3. Gitolite Administration

Read how to setup ssh identities, gitolite documentation. @@ -76,7 +75,7 @@ $ git clone gitolite:gitolite-admin -

1.3.1. Recover Admin Account

+

3.1. Recover Admin Account

First copy the key to remote server, in this example key is on same server;

@@ -97,13 +96,13 @@ $ exit -

1.3.2. Users

+

3.2. Users

Gitolite helps add and remove users from authorized_keys by allowing add or remove keys from keydir directory in clone.

-

Add User

+

3.2.1. Add User

         $ mv bob.pub keydir/
@@ -112,7 +111,7 @@
         $ git push
-

Remove User

+

3.2.2. Remove User

         $ git rm keydir/bob.pub
@@ -120,9 +119,9 @@
         $ git push
-

1.3.3. Repositories

+

3.3. Repositories

-

Add Repository

+

3.3.1. Add Repository

Add repository atom and user bob to devteam group, edit conf/gitolite.conf;

@@ -169,8 +168,7 @@ $ git push -

-

Rename Repository

+

3.3.2 Rename Repository

Rename rep void to sysdoc, on remote host;

@@ -193,12 +191,12 @@ $ git push -

1.4. Gitolite Hooks

+

4. Gitolite Hooks

Example from Cookbook how to apply hooks only to certain repos. Uncomment or add - this line on /srv/gitolite/.gitolite.rc, within the %RC block;

+ this line on /srv/gitolite/.gitolite.rc, within the %RC block;

         LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local",
@@ -234,7 +232,7 @@
         git "standard" names (pre-receive, post-receive, post-update),
         you use descriptive names (e.g. "deploy", "RSS-post", etc).

 
-        
1.4.1. Deploy Hook

+        
4.1. Deploy Hook

 
         
This manual create two users; one gitolite that handle git
         central server and system www for web servers. To avoid permission
@@ -242,9 +240,9 @@
         we have permission to use chown, this way files end up with right
         www user ownership and permissions.

 
-		
This hook allows to select wich branch is deployed and if exists,
-		calls a script inside project folder with user www. This allows to
-		do post deploy (checkout) tasks such as composer update.

+        
This hook allows to select wich branch is deployed and if exists,
+        calls a script inside project folder with user www. This allows to
+        do post deploy (checkout) tasks such as composer update.

 
         
Create deployweb
         in gitolite-admin/local/hooks/repo-specific;

@@ -254,29 +252,29 @@
         
-	#!/bin/bash
+        #!/bin/bash
 
-	######################################################################
-	#
-	# Put this file in your gitolite-admin;
-	# ~/gitolite-admin/local/hooks/repo-specific/deployweb
-	#
-	while read oldrev newrev refname
-	do
-		BRANCH=$(git rev-parse --symbolic --abbrev-ref $refname)
-		echo "Commit was for branch $BRANCH"
+        ######################################################################
+        #
+        # Put this file in your gitolite-admin;
+        # ~/gitolite-admin/local/hooks/repo-specific/deployweb
+        #
+        while read oldrev newrev refname
+        do
+                BRANCH=$(git rev-parse --symbolic --abbrev-ref $refname)
+                echo "Commit was for branch $BRANCH"
 
-		if [[ "$BRANCH" == "master" ]];then
+                if [[ "$BRANCH" == "master" ]];then
 
-			# Get project name from current directory (without .git)
-			PROJECT=$(basename "$PWD")
-			PROJECT=${PROJECT%.git}
+                        # Get project name from current directory (without .git)
+                        PROJECT=$(basename "$PWD")
+                        PROJECT=${PROJECT%.git}
 
-			echo "Project $PROJECT added to deploy list."
-			echo $PWD > /srv/gitolite/deploy/$PROJECT
-		fi
+                        echo "Project $PROJECT added to deploy list."
+                        echo $PWD > /srv/gitolite/deploy/$PROJECT
+                fi
 
-	done
+        done

Create deploy directory on remote;

@@ -422,10 +420,10 @@ Tools Index

This is part of the c9-doc Manual. - Copyright (C) 2016 - c9 team. - See the file Gnu Free Documentation License - for copying conditions.

+ Copyright (C) 2016 + c9 team. + See the file Gnu Free Documentation License + for copying conditions.

diff --git a/tools/index.html b/tools/index.html index d20ccfa..c6fbae7 100644 --- a/tools/index.html +++ b/tools/index.html @@ -127,9 +127,8 @@ OpenSSH
  • Gitolite diff --git a/tools/openssh.html b/tools/openssh.html index 3fe72e3..d0a549c 100644 --- a/tools/openssh.html +++ b/tools/openssh.html @@ -2,11 +2,11 @@ - 1. OpenSSH + OpenSSH Tools Index -

    1. OpenSSH

    +

    OpenSSH

    OpenBSD Secure Shell, is a suite of security-related network-level utilities based on the SSH protocol, @@ -14,7 +14,7 @@ encryption of network traffic over multiple authentication methods and by providing secure tunneling capabilities.

    -

    1.1. Server

    +

    1. Server

    Crux openssh port install this files to etc;

    @@ -45,7 +45,7 @@ $ man sshd -

    1.1.1. Configure Server

    +

    1.1. Configure Server

    Read OpenSSH server Best Security Practices, @@ -68,7 +68,12 @@ #ListenAddress :: -

    Authentication settings;

    + 
    +        # The default requires explicit activation of protocol 1
+        Protocol 2
+
    + +

    Authentication settings;

             # Authentication:
@@ -114,9 +119,10 @@
         Banner /etc/issue
    +

    1.2. Configure iptables

    Iptables;

    -

    Example of iptable script

    +

    Example of system-iptables.sh

             $IPT -A INPUT  -i ${PUB_IF} -p tcp --dport 2222 --sport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
@@ -124,6 +130,8 @@
         $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
    +

    1.3. Configure Syslog-ng

    +

    Change SyslogFacility in accordance with syslog-ng configuration;

    @@ -154,7 +162,7 @@
         # ss -f inet -l -p | grep ssh
    -

    1.2. Client

    +

    2. Client

    To create new key;

    @@ -186,7 +194,7 @@ $ chmod 600 ~/.ssh/gitolite -

    1.2.1. Install Public Keys

    +

    2.1. Install Public Keys

    Send gitolite.pub public key to server. In this example bob (administrator of gitolite) is on same host, @@ -215,7 +223,7 @@ $ ssh -P 2222 bob@remote.org -

    1.2.2. Configure Identities

    +

    2.2. Configure Identities

    When you have multiple accounts/identities you can configure ssh client so you dont need to give @@ -270,7 +278,7 @@

    Logout just detach from session with ctrl + b d

    -

    1.3. Reverse connection

    +

    3. Reverse connection

    This information is inspired by Reverse SSH connections @@ -295,10 +303,10 @@ Tools Index

    This is part of the c9-doc Manual. -Copyright (C) 2016 -c9 team. -See the file Gnu Free Documentation License -for copying conditions.

    + Copyright (C) 2016 + c9 team. + See the file Gnu Free Documentation License + for copying conditions.

    diff --git a/tools/qemu.html b/tools/qemu.html index 272a26b..0079dfc 100644 --- a/tools/qemu.html +++ b/tools/qemu.html @@ -123,7 +123,7 @@ 
             # DEV="br0"
-        # TAP="tap5"
+        # TAP="tap1"
         
    @@ -135,12 +135,26 @@
         # ip link set ${TAP} master ${DEV}
    +

    2.2. Routing

    + +

    Create interface with correct permissions set for kvm group.

    + + 
    +        # sysctl -w net.ipv4.ip_forward=1
+        # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
+
    + +

    Guest System

    + +

    Start qemu with 512 of ram, mydisk.img as disk and boot from iso

    +

    See scripts/system-qemu.sh, as template. Run virtual machine that uses above tap device;

             $ ISO=~/crux-3.2.iso
         $ IMG=~/crux-img.qcow2
+        $ TAP="tap1"
 
         $ qemu-system-x86_64 \
             -enable-kvm \
@@ -151,19 +165,6 @@
             -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no
    -

    2.2. Routing

    - -

    Create interface with correct permissions set for kvm group.

    - - 
    -        # sysctl -w net.ipv4.ip_forward=1
-        # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
-
    - -

    Guest System

    - -

    Start qemu with 512 of ram, mydisk.img as disk and boot from iso

    - 
             $ ISO=~/crux-3.2.iso
         $ IMG=~/crux-img.qcow2
diff --git a/tools/scripts/config-install.sh b/tools/scripts/config-install.sh
deleted file mode 100644
index 061081f..0000000
--- a/tools/scripts/config-install.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-
-CONF_DIR="$(dirname `dirname $0`)/conf"
-echo "CONF_DIR=$CONF_DIR\n"
diff --git a/tools/scripts/install-nginx.sh b/tools/scripts/install-nginx.sh
deleted file mode 100644
index decacc1..0000000
--- a/tools/scripts/install-nginx.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-. `dirname $0`/config-install.sh
-
-prt-get depinst nginx
-
-cp -R $CONF_DIR/etc/nginx/* /etc/nginx/
-
-mkdir /srv/www
-chown nginx:www /srv/www
-
-usermod -a -G www nginx
-usermod -m -d /srv/www nginx
-
-openssl genrsa -des3 -out /etc/ssl/keys/nginx.key 2048
-openssl req -new -key /etc/ssl/keys/nginx.key -out /etc/ssl/certs/nginx.csr
-openssl x509 -req -days 365 \
-            -in /etc/ssl/certs/nginx.csr \
-            -signkey /etc/ssl/keys/nginx.key \
-            -out /etc/ssl/certs/nginx.crt
-
-cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.pass
-openssl rsa -in /etc/ssl/keys/nginx.key.pass -out /etc/ssl/keys/nginx.key
-
diff --git a/tools/scripts/install-php.sh b/tools/scripts/install-php.sh
deleted file mode 100644
index 4c28173..0000000
--- a/tools/scripts/install-php.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-. `dirname $0`/config-install.sh
-
-prt-get depinst php php-fpm php-gd php-pdo-pgsql php-postgresql
-
-cp /etc/php/php.ini-development /etc/php/php.ini
diff --git a/tools/scripts/install-postgres.sh b/tools/scripts/install-postgres.sh
deleted file mode 100644
index 06666e0..0000000
--- a/tools/scripts/install-postgres.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-
-. `dirname $0`/config-install.sh
-
-prt-get depinst postgresql
-
-cp -R $CONF_DIR/etc/rc.d/postgresql /etc/rc.d/
-
-mkdir /srv/pgsql/
-touch /var/log/postgresql
-chown postgres:postgres /srv/pgsql /var/log/postgresql
-
-sudo -u postgres initdb -D /srv/pgsql/data
-
-cp $CONF_DIR/srv/pgsql/data/pg_hba.conf /srv/pgsql/data/
-chown postgres:postgres /srv/pgsql/data/pg_hba.conf
diff --git a/tools/scripts/setup-gitolite.sh b/tools/scripts/setup-gitolite.sh
new file mode 100644
index 0000000..c42db14
--- /dev/null
+++ b/tools/scripts/setup-gitolite.sh
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+# First we define the function
+ConfirmOrExit ()
+{
+    while true
+    do
+        echo -n "Please confirm (y or n) :"
+        read CONFIRM
+        case $CONFIRM in
+            y|Y|YES|yes|Yes) break ;;
+            n|N|no|NO|No)
+                echo "Aborting - you entered $CONFIRM"
+                exit
+                ;;
+            *) echo "Please enter only y or n"
+        esac
+    done
+    echo "You entered $CONFIRM. Continuing ..."
+}
+
+
+# Absolute path to this script, e.g. /home/user/bin/foo.sh
+SCRIPT=$(readlink -f "$0")
+# Absolute path this script is in, thus /home/user/bin
+SCRIPTPATH=$(dirname "$SCRIPT")
+
+DIR=$(dirname "$SCRIPTPATH");
+DIR_CONF=$DIR"/conf"
+
+echo "SCRIPT=$SCRIPT";
+echo "SCRIPTPATH=$SCRIPTPATH";
+echo "DIR=$DIR";
+echo "DIR_CONF=$DIR_CONF";
+ConfirmOrExit
+
+    prt-get depinst gitolite
+
+    mkdir -p /srv/gitolite
+    useradd -U -d /srv/gitolite gitolite
+    chown gitolite:gitolite /srv/gitolite
+
+exit 0;
diff --git a/tools/scripts/setup-nginx.sh b/tools/scripts/setup-nginx.sh
new file mode 100644
index 0000000..decacc1
--- /dev/null
+++ b/tools/scripts/setup-nginx.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+. `dirname $0`/config-install.sh
+
+prt-get depinst nginx
+
+cp -R $CONF_DIR/etc/nginx/* /etc/nginx/
+
+mkdir /srv/www
+chown nginx:www /srv/www
+
+usermod -a -G www nginx
+usermod -m -d /srv/www nginx
+
+openssl genrsa -des3 -out /etc/ssl/keys/nginx.key 2048
+openssl req -new -key /etc/ssl/keys/nginx.key -out /etc/ssl/certs/nginx.csr
+openssl x509 -req -days 365 \
+            -in /etc/ssl/certs/nginx.csr \
+            -signkey /etc/ssl/keys/nginx.key \
+            -out /etc/ssl/certs/nginx.crt
+
+cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.pass
+openssl rsa -in /etc/ssl/keys/nginx.key.pass -out /etc/ssl/keys/nginx.key
+
diff --git a/tools/scripts/setup-openssh.sh b/tools/scripts/setup-openssh.sh
new file mode 100644
index 0000000..14afe8b
--- /dev/null
+++ b/tools/scripts/setup-openssh.sh
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+# First we define the function
+ConfirmOrExit ()
+{
+    while true
+    do
+        echo -n "Please confirm (y or n) :"
+        read CONFIRM
+        case $CONFIRM in
+            y|Y|YES|yes|Yes) break ;;
+            n|N|no|NO|No)
+                echo "Aborting - you entered $CONFIRM"
+                exit
+                ;;
+            *) echo "Please enter only y or n"
+        esac
+    done
+    echo "You entered $CONFIRM. Continuing ..."
+}
+
+
+# Absolute path to this script, e.g. /home/user/bin/foo.sh
+SCRIPT=$(readlink -f "$0")
+# Absolute path this script is in, thus /home/user/bin
+SCRIPTPATH=$(dirname "$SCRIPT")
+
+DIR=$(dirname "$SCRIPTPATH");
+DIR_CONF=$DIR"/conf"
+
+echo "SCRIPT=$SCRIPT";
+echo "SCRIPTPATH=$SCRIPTPATH";
+echo "DIR=$DIR";
+echo "DIR_CONF=$DIR_CONF";
+ConfirmOrExit
+
+
+    #installer overwrite system init script
+    cp -R $DIR_CONF/etc/ssh/sshd_config /etc/ssh/sshd_config
+
+    sh /etc/rc.d/sshd start
+
+exit 0;
diff --git a/tools/scripts/setup-php.sh b/tools/scripts/setup-php.sh
new file mode 100644
index 0000000..4c28173
--- /dev/null
+++ b/tools/scripts/setup-php.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+. `dirname $0`/config-install.sh
+
+prt-get depinst php php-fpm php-gd php-pdo-pgsql php-postgresql
+
+cp /etc/php/php.ini-development /etc/php/php.ini
diff --git a/tools/scripts/setup-postgresql.sh b/tools/scripts/setup-postgresql.sh
new file mode 100644
index 0000000..4e1ee3a
--- /dev/null
+++ b/tools/scripts/setup-postgresql.sh
@@ -0,0 +1,87 @@
+#!/bin/sh
+
+# First we define the function
+ConfirmOrExit ()
+{
+    while true
+    do
+        echo -n "Please confirm (y or n) :"
+        read CONFIRM
+        case $CONFIRM in
+            y|Y|YES|yes|Yes) break ;;
+            n|N|no|NO|No)
+                echo "Aborting - you entered $CONFIRM"
+                exit
+                ;;
+            *) echo "Please enter only y or n"
+        esac
+    done
+    echo "You entered $CONFIRM. Continuing ..."
+}
+
+
+# Absolute path to this script, e.g. /home/user/bin/foo.sh
+SCRIPT=$(readlink -f "$0")
+# Absolute path this script is in, thus /home/user/bin
+SCRIPTPATH=$(dirname "$SCRIPT")
+
+DIR=$(dirname "$SCRIPTPATH");
+DIR_CONF=$DIR"/conf"
+
+echo "SCRIPT=$SCRIPT";
+echo "SCRIPTPATH=$SCRIPTPATH";
+echo "DIR=$DIR";
+echo "DIR_CONF=$DIR_CONF";
+ConfirmOrExit
+
+IS_INSTALL=$(prt-get isinst postgresql);
+echo $IS_INSTALL;
+if [ "$IS_INSTALL" = "package postgresql is installed" ]
+then
+    echo "updating postgresql"
+    OLD_VERSION=$(prt-get current postgresql);
+    echo $OLD_VERSION;
+
+    sudo -u postgres pg_dumpall > /srv/pgsql/dump-$OLD_VERSION.sql
+
+    sh /etc/rc.d/postgresql stop
+
+    #extra backup, in case ...
+    tar --xattrs -zcpf /srv/pgsql/data-$OLD_VERSION.tar.gz \
+                    --directory=/srv/pgsql/data .
+
+    rm -R /srv/pgsql/data
+
+    prt-get update postgresql
+
+    NEW_VERSION=$(prt-get current postgresql);
+    echo $NEW_VERSION;
+
+    sudo -u postgres initdb -D /srv/pgsql/data
+
+    rejmerge
+    #installer overwrite system init script
+    cp -R $DIR_CONF/etc/rc.d/postgresql /etc/rc.d/
+
+    sh /etc/rc.d/postgresql start
+    sleep 5
+
+    sudo -u postgres psql -d postgres -f /srv/pgsql/dump-$OLD_VERSION.sql
+
+else
+    echo "install postgresql and dependencies"
+    prt-get depinst postgresql
+
+    cp -R $DIR_CONF/etc/rc.d/postgresql /etc/rc.d/
+
+    mkdir /srv/pgsql/
+    touch /var/log/postgresql
+    chown postgres:postgres /srv/pgsql /var/log/postgresql
+
+    sudo -u postgres initdb -D /srv/pgsql/data
+
+    cp $DIR_CONF/srv/pgsql/data/pg_hba.conf /srv/pgsql/data/
+    chown postgres:postgres /srv/pgsql/data/pg_hba.conf
+fi
+
+exit 0;
diff --git a/tools/scripts/system-iptables.sh b/tools/scripts/system-iptables.sh
index 4ec3b79..429efde 100644
--- a/tools/scripts/system-iptables.sh
+++ b/tools/scripts/system-iptables.sh
@@ -339,9 +339,9 @@ $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024:  -m state --
 # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 2100 -j ACCEPT
 # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 9990 -j ACCEPT
 #
-# echo "Allow wesnoth"
-# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 15000 -m state --state NEW -j ACCEPT
-# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 14998 -m state --state NEW -j ACCEPT
+ echo "Allow wesnoth"
+ $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 15000 -m state --state NEW -j ACCEPT
+ $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 14998 -m state --state NEW -j ACCEPT
 
 ##### END your rules ############
 # Less log of known traffic
diff --git a/tools/scripts/system-qemu.sh b/tools/scripts/system-qemu.sh
index 8c68e70..489af5e 100644
--- a/tools/scripts/system-qemu.sh
+++ b/tools/scripts/system-qemu.sh
@@ -1,15 +1,58 @@
 #!/bin/sh
-ISO=~/crux-3.2.iso
-IMG=~/crux-img.qcow2
 
-TAP=$1
+# First we define the function
+ConfirmOrExit ()
+{
+    while true
+    do
+        echo -n "Please confirm (y or n) :"
+        read CONFIRM
+        case $CONFIRM in
+            y|Y|YES|yes|Yes) break ;;
+            n|N|no|NO|No)
+                echo "Aborting - you entered $CONFIRM"
+                exit
+                ;;
+            *) echo "Please enter only y or n"
+        esac
+    done
+    echo "You entered $CONFIRM. Continuing ..."
+}
 
-echo "TAP: $TAP"
+SCRIPT=$(readlink -f "$0")
+# Absolute path this script is in, thus /home/user/bin
+SCRIPTPATH=$(dirname "$SCRIPT")
 
-qemu-system-x86_64 \
-    -enable-kvm \
-    -m 1024 \
-    -boot d \
-    -cdrom ${ISO} \
-    -hda ${IMG} \
-    -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no
+DIR=$(dirname "$SCRIPTPATH");
+DIR_LOCAL="$(dirname $(dirname ${DIR}))/local";
+
+MEM=$1
+TAP=$2
+ISO_FILE="${DIR_LOCAL}/$3"
+IMG="${DIR_LOCAL}/$4"
+
+echo "MEM (512): $MEM"
+echo "TAP (tap1): $TAP"
+echo "ISO_FILE (crux-3.2.iso): $ISO_FILE"
+echo "IMG (crux-img.qcow2): $IMG"
+ConfirmOrExit
+
+if [ "$ISO_FILE" = "$DIR_LOCAL/" ]
+then
+    qemu-system-x86_64 \
+        -enable-kvm \
+        -m $MEM \
+        -boot c \
+        -hda ${IMG} \
+        -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no
+else
+    qemu-system-x86_64 \
+        -enable-kvm \
+        -m $MEM \
+        -boot d \
+        -cdrom ${ISO_FILE} \
+        -hda ${IMG} \
+        -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no
+fi
+
+exit 0;
-- 
cgit 1.4.1-2-gfad0