update site

Signed-off-by: Marek Küthe <m.k@mk16.de>

docs/additional/dns.md

@@ -0,0 +1,126 @@
+# Servers
+
+HINT: This is currently a work in progress by @mark22k
+
+## Rekursiv
+
+| DNS | IP address |
+| --- | --- |
+| recur1.bandura.crxn | fd92:58b6:2b2::5353 |
+
+## Authoritiv
+
+# Resolve CRXN domains only
+
+Advantage:
+- Very simple configuration
+
+Disadvantage:
+- No more access to Clearnet domains
+- Dependence on one server
+
+You can enter a recursive CRXN server as your DNS server in the operating system.
+
+The configuration of this differs depending on the operating system. For example, in Debian without NetworkManager, you can add the following to `/etc/resolv.conf`:
+```
+nameserver fd92:58b6:2b2::5353
+```
+
+# Run your own forwarder
+
+Advantage:
+- Simple configuration
+
+Disadvantage:
+- Dependence on one server
+
+With this method, you run a small DNS server of your own, which receives and forwards requests. This is suitable for one computer or very small networks.
+
+There are several software you can use for this.
+
+## Coredns
+
+This guide is for Debian based systems.
+First you need to download Coredns. You can find the software at https://coredns.io/. As a download package you get a compressed file. Extract it and make the file `coredns` executable and copy it into the directory `/usr/local/bin`.
+```
+$tar xvf coredns_1.10.0_linux_amd64.tgz
+$chmod +x coredns
+$sudo cp coredns /usr/local/bin/
+```
+
+To start Coredns automatically you can create a Systemd unit:
+```
+$ editor /etc/systemd/system/coredns.service
+```
+
+Paste the following:
+```
+[Unit]
+Description=CoreDNS DNS server
+Documentation=https://coredns.io/
+After=network.target
+After=alfis.service
+After=meshnamed.service
+
+[Service]
+PermissionsStartOnly=true
+LimitNOFILE=1048576
+LimitNPROC=512
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
+User=coredns
+ExecStart=/usr/local/bin/coredns -conf=/etc/coredns/Corefile
+ExecReload=/bin/kill -SIGUSR1 $MAINPID
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+```
+
+After that reload systemd:
+```
+$sudo systemctl daemon-reload
+```
+
+To isolate Coredns, you create a new user:
+```
+$sudo adduser --home /etc/coredns/ --disabled-password --disabled-login coredns
+```
+
+After that you can create and edit the Coredns configuration file `Corefile`:
+```
+editor /etc/coredns/Corefile
+```
+
+Paste the following:
+```
+crxn., d.f.ip6.arpa. {
+  loop
+  bind 127.0.0.1 ::1
+  forward . fd92:58b6:2b2::5353
+}
+```
+Replace `fd92:58b6:2b2::5353` with your preferred recursive server.
+With `bind 127.0.0.1 ::1` you bind Coredns to your local machine only, so no one else can access it. If you want to create a network forwarder, you have to remove this line. If you want to restrict the forwarder access only to a specific network, you can use the [ACL Plugin](https://coredns.io/plugins/acl/).
+
+To resolve Clearnet domains, insert the following:
+```
+. {
+    loop
+    bind 127.0.0.1 ::1
+    forward . tls://1.1.1.1 tls://1.0.0.1 tls://2606:4700:4700::1111 tls://2606:4700:4700::1001 {
+      tls_servername 1dot1dot1dot1.cloudflare-dns.com
+    }
+}
+
+```
+
+
+
+
+
+
+
+
+

docs/additional/otg/index.md

@@ -5,4 +5,4 @@ CRXN _On-the-go_ are a collection of services run by a few people on CRXN that h
 
 So far we have two people offering such services:
 
-1. [Deavmi's OTG](deavmi.md)
+1. [Deavmi's OTG](deavmi)

docs/dns/dns.md

@@ -1,19 +0,0 @@
-CRXN DNS
-========
-
-![](dns/dns.png)
-
-**CRXN DNS** offers users the ability to map their CRXN IP address to human-readable names to make life easier.
-The way DNS is managed on CRXN is via the [RecordDB](http://codeberg.org/CRXN/zones/src/branch/master/all) whereby
-you make a pull request to add your entries and it gets approved by one of the network administrators. The time for
-the new records to reflect is dependent on which root nameserver your choose to use.
-
-## Root nameservers
-
-1. **Deavmi's root nameserver**:`fd08:8441:e254::4` (`dns1.crxn`)
-	1. This server updates records every 10 minutes
-	2. Provides clearnet name resolution as well
-	
-## Setting up your own root
-
-A tutorial on how to do so is currently in the works.

docs/dns/home.md

@@ -0,0 +1,124 @@
+# Servers
+
+## Rekursiv
+
+| DNS | IP address |
+| --- | --- |
+| recur1.bandura.crxn | fd92:58b6:2b2::5353 |
+
+## Authoritiv
+
+# Resolve CRXN domains only
+
+Advantage:
+- Very simple configuration
+
+Disadvantage:
+- No more access to Clearnet domains
+- Dependence on one server
+
+You can enter a recursive CRXN server as your DNS server in the operating system.
+
+The configuration of this differs depending on the operating system. For example, in Debian without NetworkManager, you can add the following to `/etc/resolv.conf`:
+```
+nameserver fd92:58b6:2b2::5353
+```
+
+# Run your own forwarder
+
+Advantage:
+- Simple configuration
+
+Disadvantage:
+- Dependence on one server
+
+With this method, you run a small DNS server of your own, which receives and forwards requests. This is suitable for one computer or very small networks.
+
+There are several software you can use for this.
+
+## Coredns
+
+This guide is for Debian based systems.
+First you need to download Coredns. You can find the software at https://coredns.io/. As a download package you get a compressed file. Extract it and make the file `coredns` executable and copy it into the directory `/usr/local/bin`.
+```
+$tar xvf coredns_1.10.0_linux_amd64.tgz
+$chmod +x coredns
+$sudo cp coredns /usr/local/bin/
+```
+
+To start Coredns automatically you can create a Systemd unit:
+```
+$ editor /etc/systemd/system/coredns.service
+```
+
+Paste the following:
+```
+[Unit]
+Description=CoreDNS DNS server
+Documentation=https://coredns.io/
+After=network.target
+After=alfis.service
+After=meshnamed.service
+
+[Service]
+PermissionsStartOnly=true
+LimitNOFILE=1048576
+LimitNPROC=512
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
+User=coredns
+ExecStart=/usr/local/bin/coredns -conf=/etc/coredns/Corefile
+ExecReload=/bin/kill -SIGUSR1 $MAINPID
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+```
+
+After that reload systemd:
+```
+$sudo systemctl daemon-reload
+```
+
+To isolate Coredns, you create a new user:
+```
+$sudo adduser --home /etc/coredns/ --disabled-password --disabled-login coredns
+```
+
+After that you can create and edit the Coredns configuration file `Corefile`:
+```
+editor /etc/coredns/Corefile
+```
+
+Paste the following:
+```
+crxn., d.f.ip6.arpa. {
+  loop
+  bind 127.0.0.1 ::1
+  forward . fd92:58b6:2b2::5353
+}
+```
+Replace `fd92:58b6:2b2::5353` with your preferred recursive server.
+With `bind 127.0.0.1 ::1` you bind Coredns to your local machine only, so no one else can access it. If you want to create a network forwarder, you have to remove this line. If you want to restrict the forwarder access only to a specific network, you can use the [ACL Plugin](https://coredns.io/plugins/acl/).
+
+To resolve Clearnet domains, insert the following:
+```
+. {
+    loop
+    bind 127.0.0.1 ::1
+    forward . tls://1.1.1.1 tls://1.0.0.1 tls://2606:4700:4700::1111 tls://2606:4700:4700::1001 {
+      tls_servername 1dot1dot1dot1.cloudflare-dns.com
+    }
+}
+
+```
+
+
+
+
+
+
+
+
+

docs/dns/server.md

@@ -0,0 +1,124 @@
+# Servers
+
+## Rekursiv
+
+| DNS | IP address |
+| --- | --- |
+| recur1.bandura.crxn | fd92:58b6:2b2::5353 |
+
+## Authoritiv
+
+# Resolve CRXN domains only
+
+Advantage:
+- Very simple configuration
+
+Disadvantage:
+- No more access to Clearnet domains
+- Dependence on one server
+
+You can enter a recursive CRXN server as your DNS server in the operating system.
+
+The configuration of this differs depending on the operating system. For example, in Debian without NetworkManager, you can add the following to `/etc/resolv.conf`:
+```
+nameserver fd92:58b6:2b2::5353
+```
+
+# Run your own forwarder
+
+Advantage:
+- Simple configuration
+
+Disadvantage:
+- Dependence on one server
+
+With this method, you run a small DNS server of your own, which receives and forwards requests. This is suitable for one computer or very small networks.
+
+There are several software you can use for this.
+
+## Coredns
+
+This guide is for Debian based systems.
+First you need to download Coredns. You can find the software at https://coredns.io/. As a download package you get a compressed file. Extract it and make the file `coredns` executable and copy it into the directory `/usr/local/bin`.
+```
+$tar xvf coredns_1.10.0_linux_amd64.tgz
+$chmod +x coredns
+$sudo cp coredns /usr/local/bin/
+```
+
+To start Coredns automatically you can create a Systemd unit:
+```
+$ editor /etc/systemd/system/coredns.service
+```
+
+Paste the following:
+```
+[Unit]
+Description=CoreDNS DNS server
+Documentation=https://coredns.io/
+After=network.target
+After=alfis.service
+After=meshnamed.service
+
+[Service]
+PermissionsStartOnly=true
+LimitNOFILE=1048576
+LimitNPROC=512
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
+User=coredns
+ExecStart=/usr/local/bin/coredns -conf=/etc/coredns/Corefile
+ExecReload=/bin/kill -SIGUSR1 $MAINPID
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+```
+
+After that reload systemd:
+```
+$sudo systemctl daemon-reload
+```
+
+To isolate Coredns, you create a new user:
+```
+$sudo adduser --home /etc/coredns/ --disabled-password --disabled-login coredns
+```
+
+After that you can create and edit the Coredns configuration file `Corefile`:
+```
+editor /etc/coredns/Corefile
+```
+
+Paste the following:
+```
+crxn., d.f.ip6.arpa. {
+  loop
+  bind 127.0.0.1 ::1
+  forward . fd92:58b6:2b2::5353
+}
+```
+Replace `fd92:58b6:2b2::5353` with your preferred recursive server.
+With `bind 127.0.0.1 ::1` you bind Coredns to your local machine only, so no one else can access it. If you want to create a network forwarder, you have to remove this line. If you want to restrict the forwarder access only to a specific network, you can use the [ACL Plugin](https://coredns.io/plugins/acl/).
+
+To resolve Clearnet domains, insert the following:
+```
+. {
+    loop
+    bind 127.0.0.1 ::1
+    forward . tls://1.1.1.1 tls://1.0.0.1 tls://2606:4700:4700::1111 tls://2606:4700:4700::1001 {
+      tls_servername 1dot1dot1dot1.cloudflare-dns.com
+    }
+}
+
+```
+
+
+
+
+
+
+
+
+

docs/getting-started/index.md

@@ -1,5 +1,4 @@
-Getting started
-===============
+# Getting started
 
 Firstly we'd like to say that we're glad you'd like to join our network and
 greater community! This document will provide you with the directions you
@@ -11,24 +10,23 @@ Below you can follow the steps one-by-one to get yourself familiar with our
 practices and inner-workings and by the end you should have all the information
 and configuration details needed to get connected!
 
-1. [Rules](rules.md)
+1. [Rules](rules)
 	* We have **few** but **strict** rules nonetheless
 	* Zero-tolerance for breaking them
-2. [Requirements](requirements.md)
-3. Registration
-	* [Adding your prefix to EntityDB](registration/entitydb.md)
+2. [Requirements](requirements)
+3. [Registration](registration)
 4. Setting up routing
-	1. [Forwarding](routing/bird/forwarding.md)
-	2. [Setting up Bird](routing/bird/bird.md)
+	1. [Forwarding](routing/bird/forwarding)
+	2. [Setting up Bird](routing/bird/bird)
 5. Tunneling
-	* [Fastd tunneling](tunneling/fastd.md)
+	* [Fastd tunneling](tunneling/fastd)
 6. Setting up your home network
 	* Configuring your hosts
 		1. Automatically with SLAAC and radv
-			1. [Setting up radv (router)](radv/index.md)
-			2. [Setting up SLAAC (hosts)](slaac/slaac.md)
-	* [CRXN DNS](dns/dns.md)
+			1. [Setting up radv (router)](radv/index)
+			2. [Setting up SLAAC (hosts)](slaac/slaac)
+	* [DNS](dns/home)
 
 ## What's next?
 
-Once you're connected there are various things you can do on the network, take a look at [some of he things](services/) you can do.
+Once you're connected there are various things you can do on the network, take a look at [some of the things](services/) you can do.

docs/getting-started/registration.md

@@ -1,5 +1,4 @@
-Prefix allocation and registration
-==================================
+# Prefix allocation and registration
 
 To simply forward IPv6 traffic on CRXN one only needs an IPv6 link-local address which is always guaranteed to be assigned (most of the time), however normally people join CRXN so that they can _also_ host services (and access others) on the inter-network. Therefore, one needs to allocate a prefix and register it to be able to make use of the network in such a manner.
 
@@ -15,4 +14,4 @@ You can generate your ULA you would like to use for CRXN using a tool such as [U
 
 Once you have your prefix generated you then are required to register the prefix. This entails adding your prefix to a database known as _EntityDB_ which holds all such entries. This is done in order to ensure there are no clashes with addresses and also doubles as a source of truth in terms of what networks _should_ be available on CRXN along with some information about available services.
 
-To register your prefix on EntityDB please visit the repository [here](https://codeberg.org/CRXN/entitydb), fork the repository, then follow the [`README.md`](https://codeberg.org/CRXN/entitydb/src/branch/master/README.md) on how to format your entry, create a pull request and wait for approval from a network administrator. Only then will you be allowed to continue with this tutorial.
+To register your prefix on EntityDB please visit the repository [here](https://codeberg.org/CRXN/entitydb), fork the repository, then follow the [`README.md`](https://codeberg.org/CRXN/entitydb/src/branch/master/README.md) on how to format your entry, create a pull request and wait for approval from a network administrator. Only then will you be allowed to continue with this tutorial.

docs/getting-started/rules.md

@@ -31,4 +31,4 @@ We really don't want the scum of internet degeneracy on here (see first subpoint
 
 You break the rules, you're going to get removed. We don't take shit here.
 
-**You will be reported to the authorities**
+**You will be reported to the authorities**

docs/home_network/dns.md

@@ -0,0 +1,3 @@
+# DNS
+
+TODO: Add documentation @mark22k

docs/home_network/index.md

@@ -0,0 +1,3 @@
+
+- [Setting up radv (router)](radv.html)
+- [Setting up SLAAC (hosts)](slaac.html)

docs/home_network/slaac.md

@@ -9,36 +9,36 @@ Configuring your hosts for automatic IP network and address assignment, DNS and
 
 For NetworkManager-based systems do the following. Open up `nm-connection-editor` and you should have a screen appear like this:
 
-![](nm-connection-editor.png)
+![](../img/slaac/nm-connection-editor.png)
 
 Then double click on the wifi or ethernet connection you have active of which connects you to the same LAN as your router and you should see a window like this popup:
 
-![](nm-connection-window.png)
+![](../img/slaac/nm-connection-window.png)
 
 Then go to the `IPv6` tab and you should see this:
 
-![](ipv6-nm-connection.png)
+![](../img/slaac/ipv6-nm-connection.png)
 
 Now make sure that this part is set to `Automatic`:
 
-![](address_acquisition_automatic.png)
+![](../img/slaac/address_acquisition_automatic.png)
 
 And then for the bottom two parts you can choose whatever option you want in these dropdowns:
 
-![](whatever_you_want.png)
+![](../img/slaac/whatever_you_want.png)
 
 Once you have configured that, then hit save and close all those windows:
 
-![](save_connection.png)
+![](../img/slaac/save_connection.png)
 
 What you want to do now is to open `nmtui` (in your terminal) and reactivate that connection, first go to _Activate a connection_:
 
-![](nmtui_main_menu.png)
+![](../img/slaac/nmtui_main_menu.png)
 
 Now reactivate the connection. You can do this by deactivating it and activating it again (unplugging and replugging won't reactivate it - it doesn't reload the profile).
 
-![](connection_reactivate.png)
+![](../img/slaac/connection_reactivate.png)
 
 ---
 
-And that is it, now you should be connected to CRXN on your laptop via your router.
+And that is it, now you should be connected to CRXN on your laptop via your router.

docs/index.md

@@ -1,16 +1,7 @@
-<center>
-	<img src="logo.png" width="300">
-</center>
 
-<br>
+# What is it?
 
-<center>
-	<h1>CRXN</h1>
-</center>
-
-## What is it?
-
-<img src="map.png" width=30% height=30% style="float:right;gap;margin-left:20px">
+<img src="./img/map.png" class="pic_right">
 
 CRXN stands for **C**ommunity **R**un e**X**pansive **N**etwork. It's a computer network _run by the community for the community_.
 We provide an IPv6 (that's the freshest Internet Protocol out there to date) and on CRXN anything that can speak IPv6
@@ -19,6 +10,8 @@ on the "end-to-end" principal of IP - that is to say that if you want to run som
 you won't have to worry about NAT-traversal, port forwarding, lack of raw IP support and all the other non-sense that IPv4
 created (due to lack of addresses).
 
+<img src="./img/logo.png" class="crxn_logo pic_left">
+
 Compared to the clearnet (normal Internet) there isn't much fuss involved around getting
 a network ID assigned to you and so forth, we truly are for the community and all our members take some of their own time
 to work on their network and the greater CRXN inter-network as a whole.
@@ -110,4 +103,4 @@ Some important links to remember.
 
 * The CRXN homepage is: [http://deavmi.assigned.network/projects/crxn](http://deavmi.assigned.network/projects/crxn)
 * The **EntityDB** repository is: [https://codeberg.org/CRXN/entitydb](https://codeberg.org/CRXN/entitydb)
-* This documentation is at: [https://github.com/Community-Run-eXperimental-Network/docs](https://github.com/Community-Run-eXperimental-Network/docs)
+* This documentation is at: [https://github.com/Community-Run-eXperimental-Network/docs](https://github.com/Community-Run-eXperimental-Network/docs)

docs/network/setup.md

@@ -1,36 +0,0 @@
-Network configuration
-=====================
-
-Before we start configuring tunnels and routing we first need to make sure the network of the machine you wish to configure as a CRXN router is configured correctly.
-
-## Assigning addresses and a subnet
-
-TODO: Add subnet assignment
-
-## Enabling forwarding
-
-We will be setting up the machine that runs bird as a router so therefore
-we need to make your Linux kernel's network stack not drop IPv6 packets
-that it receives (addressed to it via Ethernet) but are not addressed to
-it via IPv6 address - in other words it must try do something with these packets,
-namely attempt to forward them one hop closer to their initial destination.
-
-Enabling forwarding on all interfaces can be achieved as follows (you will need
-to be root):
-
-```bash
-echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
-```
-
-However, after reboot it won't be saved and will go back to its defaults. Therefore
-what you need to do is to enable forwarding on boot-up, this can be done by
-adding an additional line to your `/etc/sysctl.conf` (which holds a bunch of
-these statements), it should look like this:
-
-```bash
-net.ipv6.conf.all.forwarding=1
-```
-
-TODO: Weird experience with me, only doing `all` made it work
-
-TODO: Forwarding settings should be placed here

docs/people.md

@@ -1,11 +1,10 @@
-People
-======
+# People
 
 Get to know some familiar faces!
 
-# Current administration
+## Current administration
 
-## Tristan B. Kildaire `~deavmi`
+### Tristan B. Kildaire `~deavmi`
 
 <!-- <img src="http://deavmi.assigned.network/profile_pic.jpg"> -->
 
@@ -19,14 +18,14 @@ E-mail: `deavmi@redxen.eu`
 BNET IRC: `deavmi` (preferred)
 Matrix: `deavmi@envs.net`
 
-## Christian Rühringer
+### Christian Rühringer
 
 Amazing German dude.
 
 Roles: Network services, Routing
 BNET IRC: `chris2001`
 
-## Ty3r0X `~ty3r0x`
+### Ty3r0X `~ty3r0x`
 
 > Follow The Eye!
 
@@ -37,7 +36,7 @@ Roles: Network services, Routing, CRXNxDN42 inter-connect maintenance
 E-mail: `ty3r0x@chaox.ro`
 BNET IRC: `ty3r0x`
 
-## Marek Küthe `~mark22k`
+### Marek Küthe `~mark22k`
 
 > The hero of CRXN
 
@@ -50,9 +49,9 @@ Hackint IRC: `mark22k`
 
 ---
 
-# Previous administration
+## Previous administration
 
-## Rany `~rany`
+### Rany `~rany`
 
 <!-- <img src="people/rany.png"> -->
 
@@ -64,7 +63,7 @@ E-mail: `ranycrxn@riseup.net`
 BNET IRC: `rany`
 Matrix: `@rany:fairydust.space`
 
-## Alex Denes `~caskd`
+### Alex Denes `~caskd`
 
 <!-- <img src="people/caskd.png"> -->
 
@@ -73,4 +72,4 @@ European CRXN adminstration, runs the CRXN DNS root name server.
 Roles: Network services, CRXN DNS
 
 E-mail: `caskd@redxen.eu`
-BNET IRC: `caskd`
+BNET IRC: `caskd`

docs/routing/forwarding.md

@@ -1,7 +1,4 @@
-IPv6 forwarding
-===============
-
-TODO: Move this to another page
+# IPv6 forwarding
 
 ## Enabling forwarding
 

docs/tunneling/fastd.md

@@ -1,5 +1,4 @@
-Fastd tunneling
-===============
+# Fastd tunneling
 
 This document will help you get peered over a layer-2 VPN using `fastd`.
 
@@ -28,23 +27,26 @@ Create a file with the template and instructions below in `/etc/fastd/crxn/fastd
 
 ```
 # The interface that will connect to the virtual ethernet network fastd connects us to
-interface "crxn%n";
 mode multitap;
 
 # The encryption method (don't change this unless you need to)
 method "salsa2012+umac";
 
 # Bind to and listen for incoming connections on this address and port
-bind <ip>:<port>;
+bind [::]:<port>;
 
 # Secret key (you generate this)
 secret "<secret key>";
 
+# Do not forward traffic for others
+forward no;
+
 # Setup a peer to allow incoming connections from or initiate a connection too
 peer "<peerName>"
 {
     remote <type> "<ip>" port <port>;
     key "<peer's public key>";
+    interface "<interface>";
 }
 
 ```
@@ -52,14 +54,14 @@ peer "<peerName>"
 If your system uses ifconfig append
 ```
 # On interface rise run
-on up "ifconfig $INTERFACE up";
-on down "ifconfig $INTERFACE down";
+on up "ifconfig <interface> up";
+on down "ifconfig <interface> down";
 ```
 
 If your system uses ip append
 ```
-on up "ip link set dev $INTERFACE up";
-on down "ip link set dev $INTERFACE down";
+on up "ip link set dev <interface> up";
+on down "ip link set dev <interface> down";
 ```
 
 The template needs to have the following filled in:

docs/tunneling/index.md

@@ -0,0 +1,3 @@
+
+- [fastd](fastd)
+- [WireGuard](wireguard)

docs/tunneling/wireguard.md

@@ -0,0 +1,3 @@
+# WireGuard
+
+TODO: Add documentation