commit 9c1cefa45475ffcedd56ef5d2e673d720fb03dfe
parent b36a6daa00a5804eb1adec708f15ca1f99c5a820
author: nathanael <nathanael@dalliard.ch>
date: Sun, 19 Oct 2025 13:15:23 +0000
s0: rm s3
diffstat:
22 files changed, 1 insertion(+), 247 deletions(-)
diff --git a/s0/dnsfiles/nsd.zone b/s0/dnsfiles/nsd.zone
@@ -2,7 +2,7 @@ $ORIGIN dalliard.ch.
$TTL 75600
@ SOA ns1.dalliard.ch. hostmaster.dalliard.ch. (
- 2025101800 ; serial
+ 2025101900 ; serial
14400 ; refresh
3600 ; retry
605800 ; expire
@@ -26,8 +26,6 @@ s1 A 46.23.90.207
s1 AAAA 2a03:6000:6f64:604::207
s2 A 152.53.196.107
s2 AAAA 2a03:4000:0:170d::1
-s3 A 199.180.255.82
-s3 AAAA 2605:8900:3000:1001:a:0:22c:3
go CNAME s1
tmp CNAME s1
diff --git a/s0/dotfiles/shrc.local b/s0/dotfiles/shrc.local
@@ -28,7 +28,6 @@ yout() { w3m "http://localhost/idiotbox?o=relevance&q=$*"; }
alias s1='ssh s1'
alias s2='ssh s2'
-alias s3='ssh s3'
alias s8='ssh s8'
alias t1='ssh t1'
alias w1='ssh w1'
diff --git a/s1/cronjobs/user b/s1/cronjobs/user
@@ -1,3 +1,2 @@
~/5 * * * * bin/hp https://s1.dalliard.ch s1.dalliard.ch log/s1.log
~/5 * * * * bin/hp https://s2.dalliard.ch s2.dalliard.ch log/s2.log
-~/5 * * * * bin/hp https://s3.dalliard.ch s3.dalliard.ch log/s3.log
diff --git a/s2/cronjobs/user b/s2/cronjobs/user
@@ -1,3 +1,2 @@
~/5 * * * * bin/hp https://s1.dalliard.ch s1.dalliard.ch log/s1.log
~/5 * * * * bin/hp https://s2.dalliard.ch s2.dalliard.ch log/s2.log
-~/5 * * * * bin/hp https://s3.dalliard.ch s3.dalliard.ch log/s3.log
diff --git a/s3/cronjobs/user b/s3/cronjobs/user
@@ -1,3 +0,0 @@
-~/5 * * * * bin/hp https://s1.dalliard.ch s1.dalliard.ch log/s1.log
-~/5 * * * * bin/hp https://s2.dalliard.ch s2.dalliard.ch log/s2.log
-~/5 * * * * bin/hp https://s3.dalliard.ch s3.dalliard.ch log/s3.log
diff --git a/s3/dotfiles/bin/hp b/s3/dotfiles/bin/hp
@@ -1 +0,0 @@
-/home/nathanael/src/src/s1/dotfiles/bin/hp
-\ No newline at end of file
diff --git a/s3/dotfiles/profile.local b/s3/dotfiles/profile.local
@@ -1 +0,0 @@
-export PATH="$HOME/bin:$PATH"
diff --git a/s3/dotfiles/shrc.local b/s3/dotfiles/shrc.local
@@ -1 +0,0 @@
-h() { tmux new -DAs s3; }
diff --git a/s3/makefile b/s3/makefile
@@ -1,19 +0,0 @@
-HOST != hostname
-EXP = s3.dalliard.ch
-
-deploy: dots sys cron pkg
-
-host:
- @[ "$(HOST)" = "$(EXP)" ]
-
-dots: host
- @./scripts/dotfiles.sh
-
-sys: host
- @./scripts/sysfiles.sh
-
-cron: host
- @./scripts/cronjobs.sh
-
-pkg: host
- @doas pkg_add -l packages >/dev/null
diff --git a/s3/packages b/s3/packages
@@ -1,3 +0,0 @@
-git--
-got--
-sysclean--
diff --git a/s3/scripts/cronjobs.sh b/s3/scripts/cronjobs.sh
@@ -1,4 +0,0 @@
-#!/bin/sh
-
-if [ ! -d "$HOME/log/" ]; then mkdir "$HOME/log/"; fi
-crontab "$HOME/src/src/s3/cronjobs/user"
diff --git a/s3/scripts/dotfiles.sh b/s3/scripts/dotfiles.sh
@@ -1,15 +0,0 @@
-#!/bin/sh
-src="$HOME/src/src"
-
-ln -fsh "$HOME/prv/ssh" "$HOME/.ssh"
-ln -fsh "$src/s3/dotfiles/bin" "$HOME/bin"
-
-ln -fs "$src/s0/dotfiles/exrc" "$HOME/.exrc"
-ln -fs "$src/s0/dotfiles/profile" "$HOME/.profile"
-ln -fs "$src/s0/dotfiles/shrc" "$HOME/.shrc"
-ln -fs "$src/s1/dotfiles/bin/hp" "$src/s3/dotfiles/bin/hp"
-ln -fs "$src/s1/dotfiles/exrc.local" "$HOME/.exrc.local"
-ln -fs "$src/s1/dotfiles/hushlogin" "$HOME/.hushlogin"
-ln -fs "$src/s1/dotfiles/tmux.conf" "$HOME/.tmux.conf"
-ln -fs "$src/s3/dotfiles/profile.local" "$HOME/.profile.local"
-ln -fs "$src/s3/dotfiles/shrc.local" "$HOME/.shrc.local"
diff --git a/s3/scripts/sysfiles.sh b/s3/scripts/sysfiles.sh
@@ -1,12 +0,0 @@
-#!/bin/sh
-src="$HOME/src/src"
-
-doas install -o root -g wheel -m 600 "$src/s3/sysfiles/pf.conf" "/etc/pf.conf"
-doas install -o root -g wheel -m 600 "$src/s3/sysfiles/relayd.conf" "/etc/relayd.conf"
-doas install -o root -g wheel -m 640 "$src/s3/sysfiles/doas.conf" "/etc/doas.conf"
-doas install -o root -g wheel -m 644 "$src/s3/sysfiles/acme-client.conf" "/etc/acme-client.conf"
-doas install -o root -g wheel -m 644 "$src/s3/sysfiles/aliases" "/etc/mail/aliases"
-doas install -o root -g wheel -m 644 "$src/s3/sysfiles/httpd.conf" "/etc/httpd.conf"
-doas install -o root -g wheel -m 644 "$src/s3/sysfiles/sysclean" "/etc/sysclean.ignore"
-doas install -o root -g wheel -m 644 "$src/s3/sysfiles/weekly.local" "/etc/weekly.local"
-doas install -o root -g www -m 644 "$src/s3/sysfiles/index.html" "/var/www/htdocs/index.html"
diff --git a/s3/sysfiles/acme-client.conf b/s3/sysfiles/acme-client.conf
@@ -1,10 +0,0 @@
-authority letsencrypt {
- api url "https://acme-v02.api.letsencrypt.org/directory"
- account key "/etc/acme/letsencrypt-privkey.pem"
-}
-
-domain s3.dalliard.ch {
- domain key "/etc/ssl/private/s3.dalliard.ch.key"
- domain full chain certificate "/etc/ssl/s3.dalliard.ch.crt"
- sign with letsencrypt
-}
diff --git a/s3/sysfiles/aliases b/s3/sysfiles/aliases
@@ -1,101 +0,0 @@
-#
-# $OpenBSD: aliases,v 1.70 2022/06/28 18:46:01 claudio Exp $
-#
-# Aliases in this file will NOT be expanded in the header from
-# Mail, but WILL be visible over networks or from /usr/libexec/mail.local.
-#
-# >>>>>>>>>> The program "newaliases" must be run after
-# >> NOTE >> this file is updated for any changes to
-# >>>>>>>>>> show through to smtpd.
-#
-
-# Basic system aliases -- these MUST be present
-MAILER-DAEMON: postmaster
-postmaster: root
-
-# General redirections for important pseudo accounts
-daemon: root
-ftp-bugs: root
-operator: root
-www: root
-
-# Redirections for pseudo accounts that should not receive mail
-_bgpd: /dev/null
-_bgplgd: /dev/null
-_dhcp: /dev/null
-_dpb: /dev/null
-_dvmrpd: /dev/null
-_eigrpd: /dev/null
-_file: /dev/null
-_fingerd: /dev/null
-_ftp: /dev/null
-_hostapd: /dev/null
-_identd: /dev/null
-_iked: /dev/null
-_isakmpd: /dev/null
-_iscsid: /dev/null
-_ldapd: /dev/null
-_ldpd: /dev/null
-_mopd: /dev/null
-_nsd: /dev/null
-_ntp: /dev/null
-_ospfd: /dev/null
-_ospf6d: /dev/null
-_pbuild: /dev/null
-_pfetch: /dev/null
-_pflogd: /dev/null
-_ping: /dev/null
-_pkgfetch: /dev/null
-_pkguntar: /dev/null
-_portmap: /dev/null
-_ppp: /dev/null
-_rad: /dev/null
-_radiusd: /dev/null
-_rbootd: /dev/null
-_relayd: /dev/null
-_ripd: /dev/null
-_rstatd: /dev/null
-_rusersd: /dev/null
-_rwalld: /dev/null
-_smtpd: /dev/null
-_smtpq: /dev/null
-_sndio: /dev/null
-_snmpd: /dev/null
-_spamd: /dev/null
-_syslogd: /dev/null
-_tcpdump: /dev/null
-_traceroute: /dev/null
-_tftpd: /dev/null
-_unbound: /dev/null
-_unwind: /dev/null
-_vmd: /dev/null
-_x11: /dev/null
-_ypldap: /dev/null
-bin: /dev/null
-build: /dev/null
-nobody: /dev/null
-_tftp_proxy: /dev/null
-_ftp_proxy: /dev/null
-_sndiop: /dev/null
-_syspatch: /dev/null
-_slaacd: /dev/null
-sshd: /dev/null
-
-# Well-known aliases -- these should be filled in!
-root: nathanael
-# manager:
-# dumper:
-
-# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES
-abuse: root
-# noc: root
-security: root
-
-# RFC 2142: SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
-# hostmaster: root
-# usenet: root
-# news: usenet
-# webmaster: root
-# ftp: root
-
-nathanael: nathanael@dalliard.ch
diff --git a/s3/sysfiles/doas.conf b/s3/sysfiles/doas.conf
@@ -1 +0,0 @@
-permit nopass :wheel
diff --git a/s3/sysfiles/httpd.conf b/s3/sysfiles/httpd.conf
@@ -1,16 +0,0 @@
-server "http" {
- listen on egress port http
- location "/.well-known/acme-challenge/*" {
- root "/acme"
- request strip 2
- }
- location * {
- block return 301 "https://$HTTP_HOST$REQUEST_URI"
- }
- no log
-}
-server "https" {
- listen on lo port https
- gzip-static
- no log
-}
diff --git a/s3/sysfiles/index.html b/s3/sysfiles/index.html
@@ -1,16 +0,0 @@
-<!doctype html>
-<html lang="en">
-<link rel="icon" href="data:,">
-<meta charset="utf-8">
-<meta name="color-scheme" content="dark light">
-<meta name="viewport" content="width=device-width,initial-scale=1">
-<title>s3.dalliard.ch</title>
-<pre>
- ________
- _____\_____ \
- / ___/ _(__ <
- \___ \ / \
-/____ >______ /
- \/ \/
- <a href="https://dalliard.ch">dalliard.ch</a>
-</pre>
diff --git a/s3/sysfiles/pf.conf b/s3/sysfiles/pf.conf
@@ -1,7 +0,0 @@
-if="em0"
-set skip on lo
-block
-pass out on $if
-pass in on $if proto icmp
-pass in on $if inet6 proto icmp6
-pass in on $if proto tcp to port { 22, 80, 443 }
diff --git a/s3/sysfiles/relayd.conf b/s3/sysfiles/relayd.conf
@@ -1,25 +0,0 @@
-ipv4="199.180.255.82"
-ipv6="2605:8900:3000:1001:a:0:22c:3"
-table <httpd> { 127.0.0.1 }
-http protocol https {
- tls { no tlsv1.0, tlsv1.1, ciphers "ECDHE+AESGCM:ECDHE+CHACHA20:!aNULL:!MD5:!DSS" }
- tls keypair "s3.dalliard.ch"
-
- match response header set "Strict-Transport-Security" \
- value "max-age=63072000; includeSubDomains"
- match response header set "X-Content-Type-Options" value "nosniff"
- match response header set "X-Frame-Options" value "deny"
- match response header set "Referrer-Policy" value "no-referrer"
- match response header set "Content-Security-Policy" value \
- "default-src 'self'; base-uri 'none'; img-src 'self' data:; form-action 'none'; frame-ancestors 'none'; style-src 'unsafe-inline'"
-}
-relay wwwtls4 {
- listen on $ipv4 port https tls
- protocol https
- forward to <httpd> port https
-}
-relay wwwtls6 {
- listen on $ipv6 port https tls
- protocol https
- forward to <httpd> port https
-}
diff --git a/s3/sysfiles/sysclean b/s3/sysfiles/sysclean
@@ -1,4 +0,0 @@
-/etc/ssl/private/s3.dalliard.ch.key
-/etc/ssl/s3.dalliard.ch.crt
-/etc/ssl/s3.dalliard.ch.crt.1
-/var/got
diff --git a/s3/sysfiles/weekly.local b/s3/sysfiles/weekly.local
@@ -1 +0,0 @@
-/usr/sbin/acme-client s3.dalliard.ch && /usr/sbin/rcctl reload relayd >/dev/null
