Commits

Pierre Bourdon committed 0059cd7

Break everything by restructuring the repository. Things will get unbroken when we'll have tests

  • Participants
  • Parent commits 257875e
  • Branches cluster_asyncio, dhcp_hostname 4
    1. everything_wsgi
    2. fix_2014_install
    3. new_rpc
    4. prologin2015

Comments (0)

Files changed (285)

File dhcp/dhcpd.conf

-# -*- encoding: utf-8 -*-
-# Copyright (c) 2013 Pierre Bourdon <pierre.bourdon@prologin.org>
-# Copyright (c) 2013 Association Prologin <info@prologin.org>
-#
-# Prologin-SADM is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Prologin-SADM is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Prologin-SADM.  If not, see <http://www.gnu.org/licenses/>.
-
-default-lease-time 30;
-max-lease-time 30;
-
-authoritative;
-
-# iPXE options
-option space ipxe;
-option ipxe-encap-opts code 175 = encapsulate ipxe;
-option ipxe.priority code 1 = signed integer 8;
-option ipxe.keep-san code 8 = unsigned integer 8;
-option ipxe.skip-san-boot code 9 = unsigned integer 8;
-option ipxe.syslogs code 85 = string;
-option ipxe.cert code 91 = string;
-option ipxe.privkey code 92 = string;
-option ipxe.crosscert code 93 = string;
-option ipxe.no-pxedhcp code 176 = unsigned integer 8;
-option ipxe.bus-id code 177 = string;
-option ipxe.bios-drive code 189 = unsigned integer 8;
-option ipxe.username code 190 = string;
-option ipxe.password code 191 = string;
-option ipxe.reverse-username code 192 = string;
-option ipxe.reverse-password code 193 = string;
-option ipxe.version code 235 = string;
-option iscsi-initiator-iqn code 203 = string;
-option ipxe.pxeext code 16 = unsigned integer 8;
-option ipxe.iscsi code 17 = unsigned integer 8;
-option ipxe.aoe code 18 = unsigned integer 8;
-option ipxe.http code 19 = unsigned integer 8;
-option ipxe.https code 20 = unsigned integer 8;
-option ipxe.tftp code 21 = unsigned integer 8;
-option ipxe.ftp code 22 = unsigned integer 8;
-option ipxe.dns code 23 = unsigned integer 8;
-option ipxe.bzimage code 24 = unsigned integer 8;
-option ipxe.multiboot code 25 = unsigned integer 8;
-option ipxe.slam code 26 = unsigned integer 8;
-option ipxe.srp code 27 = unsigned integer 8;
-option ipxe.nbi code 32 = unsigned integer 8;
-option ipxe.pxe code 33 = unsigned integer 8;
-option ipxe.elf code 34 = unsigned integer 8;
-option ipxe.comboot code 35 = unsigned integer 8;
-option ipxe.efi code 36 = unsigned integer 8;
-option ipxe.fcoe code 37 = unsigned integer 8;
-option ipxe.scriptlet code 81 = string;
-
-shared-network prolo-lan {
-    # Speeds up boot.
-    option ipxe.no-pxedhcp 1;
-
-    # DNS search domain
-    option domain-name prolo;
-
-    # User and services subnet.
-    subnet 192.168.0.0 netmask 255.255.254.0 {
-        option routers 192.168.1.254;
-        option domain-name-servers 192.168.1.254;
-
-        next-server 192.168.1.254;
-        filename "prologin.kpxe";
-
-        deny unknown-clients;
-    }
-
-    # Alien subnet. Everyone who does not have a static allocation will be
-    # put in this subnet.
-    subnet 192.168.250.0 netmask 255.255.255.0 {
-        range 192.168.250.1 192.168.250.200;
-
-        option ipxe.scriptlet "alien";
-        option domain-name-servers 192.168.250.254;
-
-        next-server 192.168.250.254;
-        filename "prologin.kpxe";
-
-        allow unknown-clients;
-    }
-}
-
-# Cluster subnet is handled on the cluster gateway.
-
-# Include the generated host configuration.
-include "/etc/dhcpd/generated.conf";

File dhcp/mdbdhcp.py

-# -*- encoding: utf-8 -*-
-# Copyright (c) 2013 Pierre Bourdon <pierre.bourdon@prologin.org>
-# Copyright (c) 2013 Association Prologin <info@prologin.org>
-#
-# Prologin-SADM is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Prologin-SADM is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Prologin-SADM.  If not, see <http://www.gnu.org/licenses/>.
-
-"""MDBSync client regenerating the DHCP configuration at each MDB update.
-"""
-
-import logging
-import os
-import prologin.log
-import prologin.mdbsync
-
-
-def update_dhcp_config(machines, metadata):
-    logging.warning("Received update, regenerating DHCP config")
-    fragments = []
-    for m in machines.values():
-        fragment = (
-            'host %(hostname)s {\n'
-            '\thardware ethernet %(mac)s;\n'
-            '\tfixed-address %(ip)s;\n'
-            '}\n'
-        )
-        fragments.append(fragment % m)
-
-    with open('/etc/dhcpd/generated.conf', 'w') as fp:
-        fp.write('\n'.join(fragments))
-
-    logging.warning("Reloading DHCP config")
-    os.system('systemctl restart dhcpd4')
-
-if __name__ == '__main__':
-    prologin.log.setup_logging('mdbdhcp')
-    prologin.mdbsync.connect().poll_updates(update_dhcp_config)

File django/homepage/manage.py

+#!/usr/bin/env python
+import os
+import sys
+
+if __name__ == "__main__":
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "homepage.settings")
+
+    from django.core.management import execute_from_command_line
+
+    execute_from_command_line(sys.argv)

File django/mdb/fixtures/initial_data.yaml

+- fields: {last: 0, mtype: user, network: 192.168.0.0/24}
+  model: mdbapi.ippool
+  pk: 1
+- fields: {last: 0, mtype: cluster, network: 192.168.2.0/24}
+  model: mdbapi.ippool
+  pk: 2
+- fields: {key: allow_self_registration, value_bool: false, value_int: null, value_str: ''}
+  model: mdbapi.volatilesetting
+  pk: 1
+- fields:
+    name: root
+    permissions: [19, 20, 21, 4, 5, 6, 1, 2, 3, 7, 8, 9, 10, 11, 12, 25, 26, 27, 22,
+      23, 24, 28, 29, 30, 13, 14, 15, 16, 17, 18]
+  model: auth.group
+  pk: 1

File django/mdb/manage.py

+#!/usr/bin/env python
+import os
+import sys
+
+if __name__ == "__main__":
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "mdb.settings")
+
+    from django.core.management import execute_from_command_line
+
+    execute_from_command_line(sys.argv)

File django/udb/fixtures/initial_data.yaml

+- fields:
+    name: Organizer
+    permissions: [23]
+  model: auth.group
+  pk: 1
+- fields:
+    name: root
+    permissions: [19, 20, 21, 4, 5, 6, 1, 2, 3, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
+      17, 18, 22, 23, 24]
+  model: auth.group
+  pk: 2

File django/udb/manage.py

+#!/usr/bin/env python
+import os
+import sys
+
+if __name__ == "__main__":
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "udb.settings")
+
+    from django.core.management import execute_from_command_line
+
+    execute_from_command_line(sys.argv)

File dns/mdbdns.py

-# -*- encoding: utf-8 -*-
-# Copyright (c) 2013 Pierre Bourdon <pierre.bourdon@prologin.org>
-# Copyright (c) 2013 Association Prologin <info@prologin.org>
-#
-# Prologin-SADM is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Prologin-SADM is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Prologin-SADM.  If not, see <http://www.gnu.org/licenses/>.
-
-"""MDBSync client regenerating the DNS configuration at each MDB update.
-"""
-
-import logging
-import os.path
-import prologin.log
-import prologin.mdbsync
-
-
-def build_zone(name, records):
-    logging.info('Building zone file for %r' % name)
-    path = os.path.join('/etc/named', 'generated_%s.zone' % name)
-    if not os.path.exists(path):
-        serial = 1
-    else:
-        # Find the current serial. It is on a line formatted like this:
-        # \t\t\t1 ; @@SERIAL@@
-        with open(path) as fp:
-            text = fp.read()
-            comment_pos = text.index('@@SERIAL@@')
-            serial_pos = text.rindex('\t', 0, comment_pos) + 1
-            serial_end_pos = text.index(' ', serial_pos, comment_pos)
-            serial = int(text[serial_pos:serial_end_pos]) + 1
-
-    ZONE_HEADER = (
-        '; THIS IS A GENERATED FILE\n'
-        '; Do not modify it manually - see mdbdns.py\n'
-        '$TTL\t10\n'
-        '@\tIN\tSOA\tns.prolo.\thostmaster.ns.prolo.\t(\n'
-        '\t\t\t%(serial)s ; @@SERIAL@@\n'
-        '\t\t\t1200 ; Refresh\n'
-        '\t\t\t60 ; Retry\n'
-        '\t\t\t360000 ; Expire\n'
-        '\t\t\t10 ); Negative TTL\n'
-        '\t\tNS\tns.prolo.\n'
-        '\n'
-        '; Auto-generated zone\n'
-    )
-
-    zone = ZONE_HEADER % { 'serial': serial }
-    zone += '\n'.join('\t'.join(record) for record in records)
-    zone += '\n'
-
-    with open(path, 'w') as fp:
-        fp.write(zone)
-
-
-def build_alien_revdns_zone():
-    """Build the reverse DNS zone for the alien IP range.
-
-    It is fully static and could in theory be only built once, but meh.
-    """
-    records = [
-        (str(i), 'IN', 'PTR', 'unknown-%d.alien.prolo.' % i)
-        for i in range(1, 254)
-    ]
-    records.append(('254', 'IN', 'PTR', 'gw.alien.prolo.'))
-    build_zone('250.168.192.in-addr.arpa', records)
-
-
-def build_machines_revdns_zone(machines, mtype, ip):
-    machines = [m for m in machines if m['mtype'] in mtype]
-
-    records = [
-        (m['ip'].split('.')[-1], 'IN', 'PTR', '%s.prolo.' % m['hostname'])
-        for m in machines
-    ]
-    build_zone(ip + '.in-addr.arpa', records)
-
-
-def build_alien_prolo_zone():
-    """Alien machines just need to be able to access netboot.
-    """
-
-    build_zone('prolo_alien', [('netboot', 'IN', 'A', '192.168.250.254'),
-                               ('ns', 'IN', 'A', '192.168.250.254')])
-
-
-def build_normal_prolo_zone(machines):
-    records = []
-    for m in machines:
-        names = [m['hostname']] + [s.strip() for s in m['aliases'].split(',')
-                                             if s.strip()]
-        for n in names:
-            records.append((n, 'IN', 'A', m['ip']))
-    build_zone('prolo_normal', records)
-
-
-def reload_zones():
-    os.system('rndc reload')
-
-
-def update_dns_config(machines_map, metadata):
-    machines = machines_map.values()
-
-    logging.warning("MDB update received, generating zones")
-    build_alien_revdns_zone()
-    build_machines_revdns_zone(machines, {'user', 'orga'}, '0.168.192')
-    build_machines_revdns_zone(machines, {'service'}, '1.168.192')
-    build_machines_revdns_zone(machines, {'cluster'}, '2.168.192')
-    build_alien_prolo_zone()
-    build_normal_prolo_zone(machines)
-
-    logging.warning("Reloading zones")
-    reload_zones()
-
-if __name__ == '__main__':
-    prologin.log.setup_logging('mdbdns')
-    prologin.mdbsync.connect().poll_updates(update_dns_config)

File dns/named.conf

-// 
-// /etc/named.conf
-//
-
-options {
-    directory "/etc/named";
-    pid-file "/run/named/named.pid";
-    auth-nxdomain yes;
-    datasize default;
-
-    allow-recursion { 127.0.0.1; 192.168.0.0/16; };
-
-    allow-transfer { none; };
-    allow-update { none; };
-    version none;
-    hostname none;
-    server-id none;
-};
-
-logging {
-    channel xfer-log {
-        file "/var/log/named.log";
-        print-category yes;
-        print-severity yes;
-        print-time yes;
-        severity info;
-    };
-    category xfer-in { xfer-log; };
-    category xfer-out { xfer-log; };
-    category notify { xfer-log; };
-};
-
-// These machines need to resolve netboot differently so we don't have to
-// route their requests.
-acl "alien_hosts" {
-    192.168.250.0/24;
-};
-
-view "alien" {
-    match-clients { alien_hosts; };
-
-    zone "prolo" IN {
-        type master;
-        file "generated_prolo_alien.zone";
-    };
-};
-
-view "normal" {
-    match-clients { any; };
-
-    // Root DNS zone
-    zone "." IN {
-        type hint;
-        file "root.hint";
-    };
-
-    // localhost, 127/8, 0/8, 255/8
-    zone "localhost" IN {
-        type master;
-        file "localhost.zone";
-    };
-    zone "0.in-addr.arpa" IN {
-        type master;
-        file "0.in-addr.arpa.zone";
-    };
-    zone "127.in-addr.arpa" IN {
-        type master;
-        file "127.in-addr.arpa.zone";
-    };
-    zone "255.in-addr.arpa" IN {
-        type master;
-        file "255.in-addr.arpa.zone";
-    };
-
-    // Reverse DNS zones
-    zone "0.168.192.in-addr.arpa" IN {
-        type master;
-        file "generated_0.168.192.in-addr.arpa.zone";
-    };
-    zone "1.168.192.in-addr.arpa" IN {
-        type master;
-        file "generated_1.168.192.in-addr.arpa.zone";
-    };
-    zone "2.168.192.in-addr.arpa" IN {
-        type master;
-        file "generated_2.168.192.in-addr.arpa.zone";
-    };
-    zone "250.168.192.in-addr.arpa" IN {
-        type master;
-        file "generated_250.168.192.in-addr.arpa.zone";
-    };
-
-    zone "prolo" IN {
-        type master;
-        file "generated_prolo_normal.zone";
-    };
-};

File dns/named/0.in-addr.arpa.zone

-$TTL	604800
-@	IN	SOA	localhost. root.localhost. (
-			1         ; Serial
-			604800         ; Refresh
-			86400         ; Retry
-			2419200         ; Expire
-			604800 )       ; Negative Cache TTL
-		NS      localhost.

File dns/named/127.in-addr.arpa.zone

-$TTL	604800
-@	IN	SOA	localhost. root.localhost. (
-			1         ; Serial
-			604800         ; Refresh
-			86400         ; Retry
-			2419200         ; Expire
-			604800 )       ; Negative Cache TTL
-		NS      localhost.
-1.0.0	IN	PTR	localhost.

File dns/named/255.in-addr.arpa.zone

-$TTL	604800
-@	IN	SOA	localhost. root.localhost. (
-			1         ; Serial
-			604800         ; Refresh
-			86400         ; Retry
-			2419200         ; Expire
-			604800 )       ; Negative Cache TTL
-		NS      localhost.

File dns/named/localhost.zone

-$ORIGIN localhost.
-@	IN	SOA	@ root (
-			42		; serial (yyyymmdd##)
-			3H		; refresh
-			15M		; retry
-			1W		; expiry
-			604800 )	; minimum ttl
-			NS	@
-	IN 	A	127.0.0.1

File dns/named/root.hint

-;       This file holds the information on root name servers needed to
-;       initialize cache of Internet domain name servers
-;       (e.g. reference this file in the "cache  .  <file>"
-;       configuration file of BIND domain name servers).
-;
-;       This file is made available by InterNIC 
-;       under anonymous FTP as
-;           file                /domain/named.cache
-;           on server           FTP.INTERNIC.NET
-;       -OR-                    RS.INTERNIC.NET
-;
-;       last update:    Jan 3, 2013
-;       related version of root zone:   2013010300
-;
-; formerly NS.INTERNIC.NET
-;
-.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
-A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
-A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
-;
-; FORMERLY NS1.ISI.EDU
-;
-.                        3600000      NS    B.ROOT-SERVERS.NET.
-B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
-;
-; FORMERLY C.PSI.NET
-;
-.                        3600000      NS    C.ROOT-SERVERS.NET.
-C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
-;
-; FORMERLY TERP.UMD.EDU
-;
-.                        3600000      NS    D.ROOT-SERVERS.NET.
-D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
-D.ROOT-SERVERS.NET.	 3600000      AAAA  2001:500:2D::D
-;
-; FORMERLY NS.NASA.GOV
-;
-.                        3600000      NS    E.ROOT-SERVERS.NET.
-E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
-;
-; FORMERLY NS.ISC.ORG
-;
-.                        3600000      NS    F.ROOT-SERVERS.NET.
-F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
-F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F
-;
-; FORMERLY NS.NIC.DDN.MIL
-;
-.                        3600000      NS    G.ROOT-SERVERS.NET.
-G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
-;
-; FORMERLY AOS.ARL.ARMY.MIL
-;
-.                        3600000      NS    H.ROOT-SERVERS.NET.
-H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
-H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235
-;
-; FORMERLY NIC.NORDU.NET
-;
-.                        3600000      NS    I.ROOT-SERVERS.NET.
-I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
-I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FE::53
-;
-; OPERATED BY VERISIGN, INC.
-;
-.                        3600000      NS    J.ROOT-SERVERS.NET.
-J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
-J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
-;
-; OPERATED BY RIPE NCC
-;
-.                        3600000      NS    K.ROOT-SERVERS.NET.
-K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
-K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1
-;
-; OPERATED BY ICANN
-;
-.                        3600000      NS    L.ROOT-SERVERS.NET.
-L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
-L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
-;
-; OPERATED BY WIDE
-;
-.                        3600000      NS    M.ROOT-SERVERS.NET.
-M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
-M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35
-; End of File

File etc/dhcpd.conf

+# -*- encoding: utf-8 -*-
+# Copyright (c) 2013 Pierre Bourdon <pierre.bourdon@prologin.org>
+# Copyright (c) 2013 Association Prologin <info@prologin.org>
+#
+# Prologin-SADM is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Prologin-SADM is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Prologin-SADM.  If not, see <http://www.gnu.org/licenses/>.
+
+default-lease-time 30;
+max-lease-time 30;
+
+authoritative;
+
+# iPXE options
+option space ipxe;
+option ipxe-encap-opts code 175 = encapsulate ipxe;
+option ipxe.priority code 1 = signed integer 8;
+option ipxe.keep-san code 8 = unsigned integer 8;
+option ipxe.skip-san-boot code 9 = unsigned integer 8;
+option ipxe.syslogs code 85 = string;
+option ipxe.cert code 91 = string;
+option ipxe.privkey code 92 = string;
+option ipxe.crosscert code 93 = string;
+option ipxe.no-pxedhcp code 176 = unsigned integer 8;
+option ipxe.bus-id code 177 = string;
+option ipxe.bios-drive code 189 = unsigned integer 8;
+option ipxe.username code 190 = string;
+option ipxe.password code 191 = string;
+option ipxe.reverse-username code 192 = string;
+option ipxe.reverse-password code 193 = string;
+option ipxe.version code 235 = string;
+option iscsi-initiator-iqn code 203 = string;
+option ipxe.pxeext code 16 = unsigned integer 8;
+option ipxe.iscsi code 17 = unsigned integer 8;
+option ipxe.aoe code 18 = unsigned integer 8;
+option ipxe.http code 19 = unsigned integer 8;
+option ipxe.https code 20 = unsigned integer 8;
+option ipxe.tftp code 21 = unsigned integer 8;
+option ipxe.ftp code 22 = unsigned integer 8;
+option ipxe.dns code 23 = unsigned integer 8;
+option ipxe.bzimage code 24 = unsigned integer 8;
+option ipxe.multiboot code 25 = unsigned integer 8;
+option ipxe.slam code 26 = unsigned integer 8;
+option ipxe.srp code 27 = unsigned integer 8;
+option ipxe.nbi code 32 = unsigned integer 8;
+option ipxe.pxe code 33 = unsigned integer 8;
+option ipxe.elf code 34 = unsigned integer 8;
+option ipxe.comboot code 35 = unsigned integer 8;
+option ipxe.efi code 36 = unsigned integer 8;
+option ipxe.fcoe code 37 = unsigned integer 8;
+option ipxe.scriptlet code 81 = string;
+
+shared-network prolo-lan {
+    # Speeds up boot.
+    option ipxe.no-pxedhcp 1;
+
+    # DNS search domain
+    option domain-name prolo;
+
+    # User and services subnet.
+    subnet 192.168.0.0 netmask 255.255.254.0 {
+        option routers 192.168.1.254;
+        option domain-name-servers 192.168.1.254;
+
+        next-server 192.168.1.254;
+        filename "prologin.kpxe";
+
+        deny unknown-clients;
+    }
+
+    # Alien subnet. Everyone who does not have a static allocation will be
+    # put in this subnet.
+    subnet 192.168.250.0 netmask 255.255.255.0 {
+        range 192.168.250.1 192.168.250.200;
+
+        option ipxe.scriptlet "alien";
+        option domain-name-servers 192.168.250.254;
+
+        next-server 192.168.250.254;
+        filename "prologin.kpxe";
+
+        allow unknown-clients;
+    }
+}
+
+# Cluster subnet is handled on the cluster gateway.
+
+# Include the generated host configuration.
+include "/etc/dhcpd/generated.conf";

File etc/named.conf

+// 
+// /etc/named.conf
+//
+
+options {
+    directory "/etc/named";
+    pid-file "/run/named/named.pid";
+    auth-nxdomain yes;
+    datasize default;
+
+    allow-recursion { 127.0.0.1; 192.168.0.0/16; };
+
+    allow-transfer { none; };
+    allow-update { none; };
+    version none;
+    hostname none;
+    server-id none;
+};
+
+logging {
+    channel xfer-log {
+        file "/var/log/named.log";
+        print-category yes;
+        print-severity yes;
+        print-time yes;
+        severity info;
+    };
+    category xfer-in { xfer-log; };
+    category xfer-out { xfer-log; };
+    category notify { xfer-log; };
+};
+
+// These machines need to resolve netboot differently so we don't have to
+// route their requests.
+acl "alien_hosts" {
+    192.168.250.0/24;
+};
+
+view "alien" {
+    match-clients { alien_hosts; };
+
+    zone "prolo" IN {
+        type master;
+        file "generated_prolo_alien.zone";
+    };
+};
+
+view "normal" {
+    match-clients { any; };
+
+    // Root DNS zone
+    zone "." IN {
+        type hint;
+        file "root.hint";
+    };
+
+    // localhost, 127/8, 0/8, 255/8
+    zone "localhost" IN {
+        type master;
+        file "localhost.zone";
+    };
+    zone "0.in-addr.arpa" IN {
+        type master;
+        file "0.in-addr.arpa.zone";
+    };
+    zone "127.in-addr.arpa" IN {
+        type master;
+        file "127.in-addr.arpa.zone";
+    };
+    zone "255.in-addr.arpa" IN {
+        type master;
+        file "255.in-addr.arpa.zone";
+    };
+
+    // Reverse DNS zones
+    zone "0.168.192.in-addr.arpa" IN {
+        type master;
+        file "generated_0.168.192.in-addr.arpa.zone";
+    };
+    zone "1.168.192.in-addr.arpa" IN {
+        type master;
+        file "generated_1.168.192.in-addr.arpa.zone";
+    };
+    zone "2.168.192.in-addr.arpa" IN {
+        type master;
+        file "generated_2.168.192.in-addr.arpa.zone";
+    };
+    zone "250.168.192.in-addr.arpa" IN {
+        type master;
+        file "generated_250.168.192.in-addr.arpa.zone";
+    };
+
+    zone "prolo" IN {
+        type master;
+        file "generated_prolo_normal.zone";
+    };
+};

File etc/named/0.in-addr.arpa.zone

+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			1         ; Serial
+			604800         ; Refresh
+			86400         ; Retry
+			2419200         ; Expire
+			604800 )       ; Negative Cache TTL
+		NS      localhost.

File etc/named/127.in-addr.arpa.zone

+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			1         ; Serial
+			604800         ; Refresh
+			86400         ; Retry
+			2419200         ; Expire
+			604800 )       ; Negative Cache TTL
+		NS      localhost.
+1.0.0	IN	PTR	localhost.

File etc/named/255.in-addr.arpa.zone

+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			1         ; Serial
+			604800         ; Refresh
+			86400         ; Retry
+			2419200         ; Expire
+			604800 )       ; Negative Cache TTL
+		NS      localhost.

File etc/named/localhost.zone

+$ORIGIN localhost.
+@	IN	SOA	@ root (
+			42		; serial (yyyymmdd##)
+			3H		; refresh
+			15M		; retry
+			1W		; expiry
+			604800 )	; minimum ttl
+			NS	@
+	IN 	A	127.0.0.1

File etc/named/root.hint

+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    Jan 3, 2013
+;       related version of root zone:   2013010300
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.	 3600000      AAAA  2001:500:2D::D
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FE::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35
+; End of File

File etc/nginx/nginx.conf

+user http;
+worker_processes 1;
+
+error_log  logs/error.log;
+
+events {
+    worker_connections 1024;
+}
+
+
+http {
+    include mime.types;
+    default_type application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    sendfile on;
+    tcp_nopush on;
+
+    keepalive_timeout 65;
+
+    charset utf-8;
+    include services/*.nginx;
+}
+

File etc/nginx/services/bugs.nginx

+upstream bugs {
+    server 127.0.0.1:20120 fail_timeout=0;
+    server 127.0.0.1:20121 fail_timeout=0;
+    server 127.0.0.1:20122 fail_timeout=0;
+    server 127.0.0.1:20123 fail_timeout=0;
+}
+
+server {
+    listen 80;
+    server_name bugs;
+
+    access_log logs/bugs.access.log main;
+
+    location / {
+        root /var/prologin/bugs/public;
+        proxy_pass http://bugs;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_redirect off;
+    }
+}

File etc/nginx/services/docs.nginx

+server {
+    listen 80;
+    server_name docs;
+
+    access_log logs/docs.access.log main;
+
+    location / {
+        root /var/prologin/webservices/docs;
+    }
+}

File etc/nginx/services/homepage.nginx

+server {
+    listen 80;
+    server_name home;
+
+    access_log logs/homepage.access.log main;
+
+    location / {
+        proxy_pass http://localhost:20110;
+    }
+}

File etc/nginx/services/mdb.nginx

+server {
+    listen 80;
+    server_name mdb;
+
+    access_log logs/mdb.access.log main;
+
+    location / {
+        proxy_pass http://localhost:20000;
+    }
+}

File etc/nginx/services/mdbsync.nginx

+server {
+    listen 80;
+    server_name mdbsync;
+
+    access_log logs/mdbsync.access.log main;
+
+    location / {
+        proxy_pass http://localhost:20010;
+        proxy_buffering off;
+        proxy_read_timeout 3600000;
+        proxy_send_timeout 3600000;
+    }
+}

File etc/nginx/services/minecraft-skins.nginx

+server {
+    listen 80;
+    server_name minecraft-skins;
+
+    access_log logs/minecraft.access.log main;
+
+    location /MinecraftSkins/ {
+        log_not_found off;
+    	alias /var/prologin/minecraft/skins/;
+    }
+
+	location ~ ^/MinecraftCloaks/(.*\.png)$ {
+        log_not_found off;
+        try_files /var/prologin/minecraft/static/default_cape.png;
+    }
+}

File etc/nginx/services/minecraft.nginx

+server {
+    listen 80;
+    server_name minecraft;
+
+    access_log logs/minecraft.access.log main;
+
+    location / {
+        proxy_pass http://localhost:20052;
+    }
+}

File etc/nginx/services/netboot.nginx

+server {
+    listen 80;
+    server_name netboot;
+
+    access_log logs/netboot.access.log main;
+
+    location / {
+        proxy_pass http://localhost:20020;
+    }
+}

File etc/nginx/services/paste.nginx

+server {
+    listen 80;
+    server_name paste;
+
+    access_log logs/paste.access.log main;
+
+    location ~ ^(.*)/(.*).css {
+        root /var/prologin/webservices/paste/;
+    }
+
+    location ~ ^(.*)/(.*).png {
+        root /var/prologin/webservices/paste/;
+    }
+
+    location / {
+        rewrite ^/$ / break;
+        rewrite ^/user/([^/]+)$ /?user=$1 break;
+        rewrite ^/user/([^/]+)/([^&]+)?&(.*)$ /?id=$1/$2&$3 break;
+        rewrite ^/([^&]+)&(.*)$ /?id=$1&$2 break;
+        rewrite ^/(.*)$ /?id=$1 break;
+
+        proxy_pass http://localhost:20050;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}

File etc/nginx/services/presencesync.nginx

+server {
+    listen 80;
+    server_name presencesync;
+
+    access_log logs/presencesync.access.log main;
+
+    location / {
+        proxy_pass http://localhost:20060;
+        proxy_buffering off;
+        proxy_read_timeout 3600000;
+        proxy_send_timeout 3600000;
+    }
+}

File etc/nginx/services/udb.nginx

+server {
+    listen 80;
+    server_name udb;
+
+    access_log logs/udb.access.log main;
+
+    location / {
+        proxy_pass http://localhost:20080;
+    }
+}

File etc/nginx/services/udbsync.nginx

+server {
+    listen 80;
+    server_name udbsync;
+
+    access_log logs/udbsync.access.log main;
+
+    location / {
+        proxy_pass http://localhost:20090;
+        proxy_buffering off;
+        proxy_read_timeout 3600000;
+        proxy_send_timeout 3600000;
+    }
+}

File etc/nginx/services/wiki.nginx

+server {
+    listen 80;
+    server_name wiki;
+
+    access_log logs/wiki.access.log main;
+
+    location / {
+        proxy_pass http://localhost:20051;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}

File etc/ssh/sshd_config

+#	$OpenBSD: sshd_config,v 1.89 2013/02/06 00:20:42 dtucker Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# The default requires explicit activation of protocol 1
+#Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing, 
+# and session processing. If this is enabled, PAM authentication will 
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+PrintMotd no # pam does that
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+UsePrivilegeSeparation sandbox		# Default for new installations.
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+AllowUsers root
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/ssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	ForceCommand cvs server

File etc/systemd/system/bugs.service

+[Unit]
+Description = Bugs
+After=syslog.target
+After=network.target
+
+[Service]
+Type=simple
+User=webservices
+Group=webservices
+ExecStart=/usr/bin/unicorn -D -E production -c /etc/unicorn/redmine.ru /var/prologin/bugs/script/rails server webrick -e production
+
+TimeoutSec=300
+
+[Install]
+WantedBy=multi-user.target
+

File etc/systemd/system/hfs@.service

+[Unit]
+Description=HFS daemon for interface %i
+After=network.target
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/var/prologin/hfs
+ExecStart=/var/prologin/venv/bin/python hfs.py %i
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/homepage.service

+[Unit]
+Description = Homepage website
+After = network.target
+
+[Service]
+Type=simple
+User=homepage
+WorkingDirectory=/var/prologin/homepage
+ExecStart=/var/prologin/venv/bin/gunicorn -b 127.0.0.1:20110 homepage.wsgi
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/mdb.service

+[Unit]
+Description = Machine Database
+After = network.target
+
+[Service]
+Type=simple
+User=mdb
+WorkingDirectory=/var/prologin/mdb
+ExecStart=/var/prologin/venv/bin/gunicorn -b 127.0.0.1:20000 mdb.wsgi
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/mdbdhcp.service

+[Unit]
+Description = MDB DHCP synchronization daemon
+After = mdbsync.service
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/var/prologin/dhcp
+ExecStart=/var/prologin/venv/bin/python mdbdhcp.py
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/mdbdns.service

+[Unit]
+Description = MDB DNS synchronization daemon
+After = mdbsync.service
+
+[Service]
+Type=simple
+User=mdbdns
+WorkingDirectory=/var/prologin/dns
+ExecStart=/var/prologin/venv/bin/python mdbdns.py
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/mdbsync.service

+[Unit]
+Description = MDBSync pubsub service
+After = mdb.service
+
+[Service]
+Type=simple
+User=mdbsync
+WorkingDirectory=/var/prologin/mdbsync
+ExecStart=/var/prologin/venv/bin/python mdbsync.py 20010
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/minecraft-skins.service

+[Unit]
+Description = Minecraft Skin and Login
+After = network.target
+
+[Service]
+Type=simple
+User=minecraft
+WorkingDirectory=/var/prologin/minecraft/server
+ExecStart=/var/prologin/venv/bin/python webserver.py 20052
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/minecraft.service

+[Unit]
+Description = Minecraft Server
+After = minecraft-skins.service
+
+[Service]
+Type=simple
+User=minecraft
+WorkingDirectory=/var/prologin/minecraft/server
+ExecStart=/var/prologin/venv/bin/python run.py
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/netboot.service

+[Unit]
+Description = Netboot HTTP server
+After = mdb.service
+
+[Service]
+Type=simple
+User=netboot
+WorkingDirectory=/var/prologin/netboot
+ExecStart=/var/prologin/venv/bin/gunicorn -b 127.0.0.1:20020 netboot
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/paste.service

+[Unit]
+Description = Paste
+After = network.target
+
+[Service]
+Type=simple
+User=webservices
+WorkingDirectory=/var/prologin/webservices/paste
+ExecStart=/var/prologin/venv2/bin/python paste.py 20050
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/presenced.service

+[Unit]
+Description = Local Presencd daemon
+After = network.target
+
+[Service]
+Type=simple
+User=presenced
+WorkingDirectory=/var/prologin/presenced
+ExecStart=/var/prologin/venv/bin/python presenced.py 20070
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/presencesync.service

+[Unit]
+Description = PresenceSync pubsub service
+After = mdb.service
+
+[Service]
+Type=simple
+User=presencesync
+WorkingDirectory=/var/prologin/presencesync
+ExecStart=/var/prologin/venv/bin/python presencesync.py 20060
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/presencesync_usermap.service

+[Unit]
+Description = User map generation daemon
+
+[Service]
+Type=simple
+User=presencesync_usermap
+WorkingDirectory=/var/prologin/presencesync_usermap
+ExecStart=/var/prologin/venv/bin/python presencesync_usermap.py
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/rootssh-copy.service

+[Unit]
+Description=Copy ~root/.ssh/authorized_keys to NFS root
+
+[Service]
+Type=oneshot
+ExecStart=/bin/mkdir -p /export/nfsroot/root/.ssh
+ExecStart=/bin/cp /root/.ssh/authorized_keys /export/nfsroot/root/.ssh
+ExecStart=/bin/chmod -R go-rwx /export/nfsroot/root/.ssh

File etc/systemd/system/rootssh.path

+[Unit]
+Description=Copy ~root/.ssh/authorized_keys to NFS root
+
+[Path]
+PathChanged=/root/.ssh/authorized_keys
+Unit=rootssh-copy.service
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/udb.service

+[Unit]
+Description = User Database
+After = network.target
+
+[Service]
+Type=simple
+User=udb
+WorkingDirectory=/var/prologin/udb
+ExecStart=/var/prologin/venv/bin/gunicorn -b 127.0.0.1:20080 udb.wsgi
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/udbsync.service

+[Unit]
+Description = UDBSync pubsub service
+After = udb.service
+
+[Service]
+Type=simple
+User=udbsync
+WorkingDirectory=/var/prologin/udbsync
+ExecStart=/var/prologin/venv/bin/python udbsync.py 20090
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/udbsync_django@.service

+[Unit]
+Description=UDBSync daemon for Django app %i
+After=network.target
+
+[Service]
+Type=simple
+User=%i
+WorkingDirectory=/var/prologin/%i
+ExecStart=/var/prologin/venv/bin/python /var/prologin/udbsync_django/udbsync_django.py %i
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/udbsync_passwd.service

+[Unit]
+Description = /etc/{passwd,shadow,group} synchronisation daemon
+After = network.service
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/var/prologin/udbsync_passwd
+ExecStart=/var/prologin/venv/bin/python udbsync_passwd.py
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/udbsync_passwd_nfsroot.service

+[Unit]
+Description = /etc/{passwd,shadow,group} synchronisation daemon for nfsroot
+After = network.service
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/var/prologin/udbsync_passwd
+ExecStart=/var/prologin/venv/bin/python udbsync_passwd.py /export/nfsroot
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/udbsync_rootssh.service

+[Unit]
+Description = .ssh/authorized_keys synchronisation daemon
+After = network.service
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/var/prologin/ssh
+ExecStart=/var/prologin/venv/bin/python udbsync_rootssh.py
+
+[Install]
+WantedBy=multi-user.target

File etc/systemd/system/wiki.service

+[Unit]
+Description = Wiki
+After = network.target
+
+[Service]
+Type=simple
+User=webservices
+WorkingDirectory=/var/prologin/wiki
+ExecStart=/usr/bin/gunicorn -b 127.0.0.1:20051 moin
+
+[Install]
+WantedBy=multi-user.target

File hfs/create_nbd.sh

-#! /bin/sh
-# -*- encoding: utf-8 -*-
-# Copyright (c) 2013 Pierre Bourdon <pierre.bourdon@prologin.org>
-# Copyright (c) 2013 Association Prologin <info@prologin.org>
-#
-# Prologin-SADM is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Prologin-SADM is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Prologin-SADM.  If not, see <http://www.gnu.org/licenses/>.
-
-# Format the NBD file and copy the skeleton in it.
-
-filename="$1"
-username="$2"
-group="$3"
-skeleton="$4"
-
-mkfs.ext4 -F -m 0 "$filename"
-mnt=$(mktemp -d)
-mount -o loop "$filename" "$mnt"
-rsync -aHAX "$skeleton/" "$mnt"
-chown -R "$username:$group" "$mnt"
-umount "$mnt"
-rmdir "$mnt"

File hfs/hfs.py

-# -*- encoding: utf-8 -*-
-# Copyright (c) 2013 Pierre Bourdon <pierre.bourdon@prologin.org>
-# Copyright (c) 2013 Association Prologin <info@prologin.org>
-#
-# Prologin-SADM is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Prologin-SADM is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Prologin-SADM.  If not, see <http://www.gnu.org/licenses/>.
-
-"""Home Filesystem Server: handle creation and migration of filesystems for
-/home/<user>.
-
-Each user home directory is a separate filesystem served using NBD (Network
-Block Device). When a user logs in to a machine, the PAM session_start script
-is executed and will ask the HFS responsible for the machine for the port to
-connect to for NBD. Three things can happen on the HFS side:
-
-  * The user has currently no home directory: we create a new one, copy the
-    skeleton in it, serve it and return the port.
-  * The user has a home directory and it is on this server: serve it and return
-    the port.
-  * The user has a home directory on another server. We ask the remote HFS for
-    the data, then serve it and return the port.
-
-The user<->hfs association is stored in a shared database hosted on ``db``
-(PostgreSQL).
-
-We don't use Tornado for this service because it *sucks* at large file
-handling. tornado.iostream seems to buffer data when one side of the stream is
-too slow (read or write) instead of trying to throttle. When transfering 5GB
-files, buffering in RAM is just not a good idea.
-"""