From 8df9fdc4ab777134bbb7e51883bac837b58c8fe9 Mon Sep 17 00:00:00 2001 From: Alex Denes Date: Tue, 1 Jun 2021 23:17:41 +0000 Subject: [PATCH] Reorganization, automation and more - More templating and inheritance - New commands + rx_replace + rx_install + rx_cpkgdir - More transparency with secrets being sourced as variables and replaced - Modularization of configs + telegraf + nginx (partial) + fastd + wireguard + unbound - Split of unbound configurations and bind zones - Bumping of key versions (rolling keys) + ZSK/KSK + OpenDKIM - Relaxed permission defaults and other smaller tweaks... --- .gitignore | 20 +-- APKBUILD.template | 48 +++++++ HOST-SPLIT | 28 ++++ PORT-ALLOCATION | 5 +- config/APKBUILD-config.common | 27 ---- config/APKBUILD-config.template | 6 + config/babeld/APKBUILD | 11 -- config/babeld/redxen.conf | 24 ---- config/bird/APKBUILD | 9 +- config/dovecot/APKBUILD | 46 +++++-- config/dovecot/dovecot.conf | 8 +- config/dovecot/pgsql.conf | 6 + .../dovecot/redxen-config-dovecot.pre-install | 5 - config/fastd/APKBUILD | 36 ++++-- config/fastd/fastd.conf | 16 +-- config/fastd/peers/deavmi | 2 + config/gitea/APKBUILD | 29 +++-- config/gitea/redxen.ini | 8 +- config/grafana/APKBUILD | 32 ++++- config/grafana/main.ini | 67 ++++++++++ config/haproxy/APKBUILD | 20 +-- config/haproxy/main.cfg | 51 ++++---- config/hitch/APKBUILD | 16 --- config/hitch/main.conf | 6 - config/influxdb/APKBUILD | 15 ++- config/ipset/APKBUILD | 14 +- config/iptables/APKBUILD | 13 +- config/lighttpd/APKBUILD | 23 ---- config/lighttpd/main.conf | 28 ---- config/minetest/APKBUILD | 9 +- config/minetest/redxen.conf | 48 ++----- config/monerod/APKBUILD | 17 ++- config/murmur/APKBUILD | 33 +++-- config/murmur/murmur.ini | 32 +++++ .../murmur/redxen-config-murmur.pre-install | 5 - config/nginx/APKBUILD | 31 ++--- config/nginx/main.conf | 10 +- config/nginx/module/alpine.conf | 18 +++ config/nginx/module/homepage.conf | 16 +++ config/nginx/module/seedbox.conf | 12 ++ config/nginx/modules/alpine.conf | 11 -- config/nginx/modules/homepage.conf | 7 - config/nginx/modules/seedbox.conf | 7 - config/opendkim/APKBUILD | 17 +-- config/opendkim/opendkim.conf | 6 +- config/openssh-sftp-seedbox/APKBUILD | 23 ---- config/openssh-sftp-seedbox/allowed_keys | 1 - config/openssh-sftp-seedbox/seedbox-conf | 7 - config/postfix/APKBUILD | 51 ++++++-- config/postfix/main.cf | 15 ++- config/postfix/pgsql-aliases.cf | 5 + config/postfix/pgsql-users.cf | 5 + .../postfix/redxen-config-postfix.pre-install | 5 - config/postgresql/APKBUILD | 18 +-- config/redis/APKBUILD | 15 ++- config/redis/redxen.conf | 4 +- config/rspamd/APKBUILD | 22 ++-- config/rspamd/groups.conf | 2 +- config/rspamd/modules/redis.conf | 2 +- config/sysctl/APKBUILD | 15 ++- config/telegraf/APKBUILD | 72 +++++++++-- config/telegraf/base.conf | 21 +++ config/telegraf/haproxy.conf | 3 + config/telegraf/main.conf | 42 ++---- config/telegraf/monerod.conf | 12 ++ config/telegraf/redis.conf | 2 + config/telegraf/rspamd.conf | 8 ++ config/telegraf/unbound.conf | 2 + config/telegraf/wireguard.conf | 2 + config/transmission-daemon/APKBUILD | 18 --- config/transmission/APKBUILD | 35 +++++ config/transmission/settings.json | 70 ++++++++++ config/unbound/APKBUILD | 122 ++++++------------ .../{auth-crxn.conf => auth_crxn.conf} | 2 +- config/unbound/auth_internal.conf | 6 + .../{auth-redxen.conf => auth_redxen.conf} | 2 +- config/unbound/base.conf | 2 + config/unbound/includes.conf | 6 - config/unbound/internal.conf | 36 ------ config/varnish/APKBUILD | 11 -- config/varnish/main.vcl | 73 ----------- config/wireguard/APKBUILD | 53 ++++++-- config/wireguard/main.conf | 4 + config/xonotic/APKBUILD | 12 +- config/yggdrasil/APKBUILD | 12 -- config/yggdrasil/redxen.conf | 10 -- cron/APKBUILD-cron.common | 8 -- cron/APKBUILD-cron.template | 14 ++ cron/dovecot/APKBUILD | 17 --- cron/gitea/APKBUILD | 17 --- cron/influxdb/APKBUILD | 17 --- cron/postgresql/APKBUILD | 17 --- cron/redis/APKBUILD | 17 --- cron/snapshot-dovecot/APKBUILD | 13 ++ .../cron-daily => snapshot-dovecot/daily} | 0 cron/snapshot-gitea/APKBUILD | 13 ++ .../cron-daily => snapshot-gitea/daily} | 0 cron/snapshot-influxdb/APKBUILD | 13 ++ .../cron-daily => snapshot-influxdb/daily} | 0 cron/snapshot-postgresql/APKBUILD | 13 ++ .../cron-daily => snapshot-postgresql/daily} | 0 cron/snapshot-redis/APKBUILD | 13 ++ .../cron-daily => snapshot-redis/daily} | 0 data/APKBUILD-data.template | 6 + data/bindzone/APKBUILD | 70 ++++++++++ {config/unbound/zones => data/bindzone}/crxn | 0 data/bindzone/internal | 41 ++++++ .../unbound/zones => data/bindzone}/redxen.eu | 59 +++++---- data/cherry-gmod/APKBUILD | 23 ++-- data/gitea-theme/APKBUILD | 42 +++--- data/haproxy-errorpages/APKBUILD | 26 ++-- data/homepage/APKBUILD | 24 ++-- data/pgpkeys/APKBUILD | 25 ++-- data/seedbox-blocklist/APKBUILD | 21 ++- data/signkey/APKBUILD | 24 ++-- ...ubkey => caskd@redxen.eu-5f4953be.rsa.pub} | 0 openrc/APKBUILD-openrc.common | 39 ------ openrc/APKBUILD-openrc.template | 34 +++++ openrc/babeld/APKBUILD | 12 -- openrc/babeld/conffile | 5 - openrc/babeld/runfile | 7 - openrc/bird/APKBUILD | 15 ++- openrc/bird/conffile | 2 +- openrc/darkhttpd/APKBUILD | 13 -- openrc/darkhttpd/conffile | 11 -- openrc/darkhttpd/runfile | 31 ----- openrc/dovecot/APKBUILD | 15 ++- openrc/dovecot/conffile | 2 +- openrc/fastd/APKBUILD | 13 +- openrc/fastd/conffile | 2 +- openrc/gitea/APKBUILD | 15 ++- openrc/gitea/conffile | 2 +- openrc/grafana/APKBUILD | 15 ++- openrc/grafana/conffile | 2 +- openrc/haproxy/APKBUILD | 21 +-- openrc/haproxy/conffile | 2 +- openrc/influxdb/APKBUILD | 15 ++- openrc/influxdb/conffile | 2 +- openrc/ipset/APKBUILD | 13 +- openrc/ipset/conffile | 2 +- openrc/iptables/APKBUILD | 29 +++-- openrc/iptables/conffile-4 | 2 +- openrc/iptables/conffile-6 | 2 +- openrc/iptables/runfile | 21 +-- openrc/lighttpd/APKBUILD | 19 --- openrc/lighttpd/conffile | 12 -- openrc/minetest/APKBUILD | 21 +-- openrc/minetest/conffile | 2 +- openrc/monerod/APKBUILD | 15 ++- openrc/monerod/conffile | 2 +- openrc/murmur/APKBUILD | 15 ++- openrc/murmur/conffile | 2 +- openrc/nginx/APKBUILD | 21 +-- openrc/nginx/conffile | 2 +- openrc/opendkim/APKBUILD | 15 ++- openrc/opendkim/conffile | 2 +- openrc/postfix/APKBUILD | 15 ++- openrc/postfix/conffile | 2 +- openrc/postgresql/APKBUILD | 21 +-- openrc/postgresql/conffile | 2 +- openrc/redis/APKBUILD | 21 +-- openrc/redis/conffile | 2 +- openrc/rspamd/APKBUILD | 21 +-- openrc/rspamd/conffile | 2 +- openrc/telegraf/APKBUILD | 15 ++- openrc/telegraf/conffile | 4 +- openrc/telegraf/runfile | 9 +- openrc/transmission-daemon/APKBUILD | 12 -- openrc/transmission-daemon/conffile | 2 - openrc/transmission/APKBUILD | 13 ++ openrc/transmission/conffile | 2 + .../runfile | 0 openrc/unbound/APKBUILD | 21 +-- openrc/unbound/conffile | 2 +- openrc/wireguard/APKBUILD | 17 +-- openrc/wireguard/runfile | 8 +- openrc/xonotic/APKBUILD | 17 +-- openrc/xonotic/conffile | 1 + openrc/xonotic/runfile | 2 +- openrc/yggdrasil/APKBUILD | 19 --- openrc/yggdrasil/conffile | 4 - secret/APKBUILD-secret.template | 6 + secret/alpinepkg-httpauth/APKBUILD | 28 ++++ secret/dnssec/APKBUILD | 21 ++- secret/fastd-peerkey/APKBUILD | 16 +++ secret/letsencrypt/APKBUILD | 32 +++-- secret/letsencrypt/public.pem | 30 +++++ ...redxen-secret-letsencrypt-full.pre-install | 1 - ...xen-secret-letsencrypt-private.pre-install | 1 - .../redxen-secret-letsencrypt.pre-install | 5 - secret/opendkim/APKBUILD | 20 +-- secret/selfsigned/APKBUILD | 21 ++- ...en-secret-selfsigned-fullchain.pre-install | 1 - ...dxen-secret-selfsigned-private.pre-install | 1 - .../redxen-secret-selfsigned.pre-install | 5 - 195 files changed, 1672 insertions(+), 1481 deletions(-) create mode 100644 APKBUILD.template create mode 100644 HOST-SPLIT delete mode 100644 config/APKBUILD-config.common create mode 100644 config/APKBUILD-config.template delete mode 100644 config/babeld/APKBUILD delete mode 100644 config/babeld/redxen.conf create mode 100644 config/dovecot/pgsql.conf delete mode 100644 config/dovecot/redxen-config-dovecot.pre-install create mode 100644 config/fastd/peers/deavmi create mode 100644 config/grafana/main.ini delete mode 100644 config/hitch/APKBUILD delete mode 100644 config/hitch/main.conf delete mode 100644 config/lighttpd/APKBUILD delete mode 100644 config/lighttpd/main.conf create mode 100644 config/murmur/murmur.ini delete mode 100644 config/murmur/redxen-config-murmur.pre-install create mode 100644 config/nginx/module/alpine.conf create mode 100644 config/nginx/module/homepage.conf create mode 100644 config/nginx/module/seedbox.conf delete mode 100644 config/nginx/modules/alpine.conf delete mode 100644 config/nginx/modules/homepage.conf delete mode 100644 config/nginx/modules/seedbox.conf delete mode 100644 config/openssh-sftp-seedbox/APKBUILD delete mode 100644 config/openssh-sftp-seedbox/allowed_keys delete mode 100644 config/openssh-sftp-seedbox/seedbox-conf create mode 100644 config/postfix/pgsql-aliases.cf create mode 100644 config/postfix/pgsql-users.cf delete mode 100644 config/postfix/redxen-config-postfix.pre-install create mode 100644 config/telegraf/base.conf create mode 100644 config/telegraf/haproxy.conf create mode 100644 config/telegraf/monerod.conf create mode 100644 config/telegraf/redis.conf create mode 100644 config/telegraf/rspamd.conf create mode 100644 config/telegraf/unbound.conf create mode 100644 config/telegraf/wireguard.conf delete mode 100644 config/transmission-daemon/APKBUILD create mode 100644 config/transmission/APKBUILD create mode 100644 config/transmission/settings.json rename config/unbound/{auth-crxn.conf => auth_crxn.conf} (68%) create mode 100644 config/unbound/auth_internal.conf rename config/unbound/{auth-redxen.conf => auth_redxen.conf} (67%) delete mode 100644 config/unbound/includes.conf delete mode 100644 config/unbound/internal.conf delete mode 100644 config/varnish/APKBUILD delete mode 100644 config/varnish/main.vcl create mode 100644 config/wireguard/main.conf delete mode 100644 config/yggdrasil/APKBUILD delete mode 100644 config/yggdrasil/redxen.conf delete mode 100644 cron/APKBUILD-cron.common create mode 100644 cron/APKBUILD-cron.template delete mode 100644 cron/dovecot/APKBUILD delete mode 100644 cron/gitea/APKBUILD delete mode 100644 cron/influxdb/APKBUILD delete mode 100644 cron/postgresql/APKBUILD delete mode 100644 cron/redis/APKBUILD create mode 100644 cron/snapshot-dovecot/APKBUILD rename cron/{dovecot/cron-daily => snapshot-dovecot/daily} (100%) create mode 100644 cron/snapshot-gitea/APKBUILD rename cron/{gitea/cron-daily => snapshot-gitea/daily} (100%) create mode 100644 cron/snapshot-influxdb/APKBUILD rename cron/{influxdb/cron-daily => snapshot-influxdb/daily} (100%) create mode 100644 cron/snapshot-postgresql/APKBUILD rename cron/{postgresql/cron-daily => snapshot-postgresql/daily} (100%) create mode 100644 cron/snapshot-redis/APKBUILD rename cron/{redis/cron-daily => snapshot-redis/daily} (100%) create mode 100644 data/APKBUILD-data.template create mode 100644 data/bindzone/APKBUILD rename {config/unbound/zones => data/bindzone}/crxn (100%) create mode 100644 data/bindzone/internal rename {config/unbound/zones => data/bindzone}/redxen.eu (61%) rename data/signkey/{pubkey => caskd@redxen.eu-5f4953be.rsa.pub} (100%) delete mode 100644 openrc/APKBUILD-openrc.common create mode 100644 openrc/APKBUILD-openrc.template delete mode 100644 openrc/babeld/APKBUILD delete mode 100644 openrc/babeld/conffile delete mode 100644 openrc/babeld/runfile delete mode 100644 openrc/darkhttpd/APKBUILD delete mode 100644 openrc/darkhttpd/conffile delete mode 100644 openrc/darkhttpd/runfile delete mode 100644 openrc/lighttpd/APKBUILD delete mode 100644 openrc/lighttpd/conffile delete mode 100644 openrc/transmission-daemon/APKBUILD delete mode 100644 openrc/transmission-daemon/conffile create mode 100644 openrc/transmission/APKBUILD create mode 100644 openrc/transmission/conffile rename openrc/{transmission-daemon => transmission}/runfile (100%) delete mode 100644 openrc/yggdrasil/APKBUILD delete mode 100644 openrc/yggdrasil/conffile create mode 100644 secret/APKBUILD-secret.template create mode 100644 secret/alpinepkg-httpauth/APKBUILD create mode 100644 secret/fastd-peerkey/APKBUILD create mode 100644 secret/letsencrypt/public.pem delete mode 120000 secret/letsencrypt/redxen-secret-letsencrypt-full.pre-install delete mode 120000 secret/letsencrypt/redxen-secret-letsencrypt-private.pre-install delete mode 100644 secret/letsencrypt/redxen-secret-letsencrypt.pre-install delete mode 120000 secret/selfsigned/redxen-secret-selfsigned-fullchain.pre-install delete mode 120000 secret/selfsigned/redxen-secret-selfsigned-private.pre-install delete mode 100644 secret/selfsigned/redxen-secret-selfsigned.pre-install diff --git a/.gitignore b/.gitignore index a8b5b32..7900c3b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,14 +1,14 @@ src/ pkg/ -secrets .rootbld-repositories -secret/nginx-httpauth + +secret/alpinepkg-httpauth/secret secret/letsencrypt/private.key -secret/letsencrypt/public.pem -config/murmur/murmur.ini -config/transmission-daemon/settings.json -config/wireguard/main.conf -config/grafana/main.ini -config/dovecot/pgsql.conf -config/postfix/pgsql-aliases.cf -config/postfix/pgsql-users.cf + +config/grafana/secret +config/wireguard/secret +config/murmur/secret +config/dovecot/secret +config/postfix/secret +config/transmission/secret +config/gitea/secret diff --git a/APKBUILD.template b/APKBUILD.template new file mode 100644 index 0000000..77c31c6 --- /dev/null +++ b/APKBUILD.template @@ -0,0 +1,48 @@ +pkgname=redxen # Prefix +pkgver="$(date +'%Y.%m.%d')" # Use current date as fallback +url="https://git.redxen.eu/RedXen/aports" # Upstream for all configs +arch="noarch" # Most things aren't arch specific +license="none" # Can you even license configs? +options="!check" # Usually software doesn't provide tests +builddir="$srcdir" # This should be a default, sadly isn't +_rx_pkgname="${startdir##*/}" # Usually the package name is the same as the directory +_rx_installdir="/etc/redxen/$_rx_pkgname" # The install dir follows this pattern + +rx_replace() { + sed -i -- "s/$1/$(printf "%s" "$2" | sed 's/[&/\]/\\&/g')/g" "$3" +} + +rx_cpkgdir() { + echo "${subpkgdir:-${pkgdir}}" +} + +rx_install() { + _SRC="$1" + if [ ! -f "$_SRC" ]; then + if [ -f "$pkgdir/$_SRC" ]; then + _SRC="$pkgdir/$_SRC" + elif [ -f "$builddir/$_SRC" ]; then + _SRC="$builddir/$_SRC" + elif [ -f "$srcdir/$_SRC" ]; then + _SRC="$srcdir/$_SRC" + else + die "Install source $_SRC wasn't found" + return 1 + fi + fi + install -D -m "${_rx_fperm:-444}" -- "$_SRC" "$(rx_cpkgdir)/${_rx_installdir}/${2:-${1##*/}}" +} + +# Defaults + +rx_source_installall() { + for i in $source; do + rx_install "$i" + done +} + +# Install every source file in a directory +package() { + rx_source_installall +} + diff --git a/HOST-SPLIT b/HOST-SPLIT new file mode 100644 index 0000000..450f301 --- /dev/null +++ b/HOST-SPLIT @@ -0,0 +1,28 @@ +- Database host (rein) + - PostgreSQL + - Redis + - InfluxDB + - MoneroD +- Communications host (chisa) + - Dovecot + - Postfix + - RSpamD + - OpenDKIM + - Murmur +- Routing host (karu, lin) + - HAProxy + - Unbound + - FastD + - BIRD + - Wireguard +- Game host (taro) + - Terraria + - Xonotic + - Minetest + - Minecraft +- Misc host (masami) + - Packages + - Homepage + - Gitea + - Seedbox + - Grafana diff --git a/PORT-ALLOCATION b/PORT-ALLOCATION index 0dc580f..5aef8c1 100644 --- a/PORT-ALLOCATION +++ b/PORT-ALLOCATION @@ -24,7 +24,10 @@ Internal ports: 7500-7600 SSH: 7571 Transmission: 7572 Mumble: 7573 - NGINX: 7574 + NGINX: + Packages: 7574 + Homepage: 7575 + Seedbox: 7576 Grafana: 7577 Monerod: RPC: 7579 diff --git a/config/APKBUILD-config.common b/config/APKBUILD-config.common deleted file mode 100644 index 450843b..0000000 --- a/config/APKBUILD-config.common +++ /dev/null @@ -1,27 +0,0 @@ -pkgname=redxen-config-$_svcname -pkgver="$(date +'%Y.%m.%d')" -url="https://git.redxen.eu/RedXen/aports" -arch="noarch" -license="none" -pkgdesc="RedXen service config for $_svcname" -options="!check" -builddir="$srcdir" -_cfgpath="${_configpath:-/etc/${_svcname}}" - -package_copy_configs() { - for i in ${1:-$source}; do - package_copy_cfg - done -} - -package_copy_cfg() { - install -Dm"${COPYCFG_MASK:-${_cfgumask:-644}}" "${COPYCFG_SRC:-$i}" "${COPYCFG_DEST:-${pkgdir}/${_cfgpath}/${COPYCFG_FNAME_DEST:-$i}}" -} - -package() { - package_copy_configs -} - -replace_in_file() { - sed -i -- "s/$1/$(echo "$2" | sed 's/[&/\]/\\&/g')/g" "$3" -} diff --git a/config/APKBUILD-config.template b/config/APKBUILD-config.template new file mode 100644 index 0000000..ea102d1 --- /dev/null +++ b/config/APKBUILD-config.template @@ -0,0 +1,6 @@ +. ../../APKBUILD.template + +: ${pkgname:?"No package prefix provided"} + +pkgname="$pkgname-config-$_rx_pkgname" +pkgdesc="RedXen configuration: $_rx_pkgname" diff --git a/config/babeld/APKBUILD b/config/babeld/APKBUILD deleted file mode 100644 index b175adb..0000000 --- a/config/babeld/APKBUILD +++ /dev/null @@ -1,11 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_svcname=babeld - -. ../APKBUILD-config.common - -pkgver=2021.02.25 -pkgrel=0 -source="redxen.conf" - -sha512sums="965149d9b246ec9d41ed1fb9edd9d7eaa72f284af5590b1897ba17babc71da3b293953d52555fd1b3acbfe8a9c9131e1873c494fbbe72866e82b6d2c84539517 redxen.conf" diff --git a/config/babeld/redxen.conf b/config/babeld/redxen.conf deleted file mode 100644 index 6655064..0000000 --- a/config/babeld/redxen.conf +++ /dev/null @@ -1,24 +0,0 @@ -diversity true -interface crxn0 enable-timestamps true link-quality true - -# -# Redistributions -# - -redistribute local deny - -# Only learn CRXN routes -in ip 10.0.0.0/8 ge 8 allow -in ip 0.0.0.0/0 ge 0 deny - -in ip fd8a:6111:3b1a::/48 ge 48 allow -in ip ::/0 ge 0 deny - -# Disable IPv4, range already taken by private network -install ip 10.0.0.0/8 ge 8 deny - -# Redistribute all CRXN -redistribute ip fd8a:6111:3b1a::/48 ge 48 - -# Redistribute Freeloaders CRXN -redistribute ip 2a04:5b81:2050::/44 ge 44 diff --git a/config/bird/APKBUILD b/config/bird/APKBUILD index 399da28..98f1da3 100644 --- a/config/bird/APKBUILD +++ b/config/bird/APKBUILD @@ -1,11 +1,12 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=bird -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.05.12 +pkgver=2021.06.01.03 pkgrel=0 source="redxen.conf" -sha512sums="063c456c53d547ca5c96a2f89870e9e7e7569c04fad166fa9f3c7d589252cba1e3f801c14b367e106ee7b119bb3abb1d44c1059996d3704352023aefd4ed1184 redxen.conf" +sha512sums=" +063c456c53d547ca5c96a2f89870e9e7e7569c04fad166fa9f3c7d589252cba1e3f801c14b367e106ee7b119bb3abb1d44c1059996d3704352023aefd4ed1184 redxen.conf +" diff --git a/config/dovecot/APKBUILD b/config/dovecot/APKBUILD index c6d33ac..cc21da3 100644 --- a/config/dovecot/APKBUILD +++ b/config/dovecot/APKBUILD @@ -1,23 +1,45 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=dovecot -_configpath="/etc/dovecot/redxen" -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.01.17 -pkgrel=2 +pkgver=2021.06.01.03 +pkgrel=0 depends="dovecot-lmtpd dovecot-pgsql redxen-secret-letsencrypt-chain redxen-secret-letsencrypt-private" -install="$pkgname.pre-install" -source=" +_rx_dovecot_base_src=" dovecot.conf +" +_rx_dovecot_pgsql_src=" pgsql.conf " +source=" + $_rx_dovecot_base_src + secret + $_rx_dovecot_pgsql_src +" -package() { - package_copy_configs - mkdir -p "$pkgdir"/var/mail +build() { + . secret + : "${POSTGRESQL_PASSWORD:?'PostgreSQL database access password missing'}" + + for i in $_rx_dovecot_pgsql_src; do + cp "$i" "$i".private + rx_replace "POSTGRESQL_PASSWORD" "$POSTGRESQL_PASSWORD" "$i".private + done } -sha512sums="3ba2d75d7f548afe6b55ea1c97a0cbca46ef95de727c2ac919485d75f1724551b190897a718308af9f8dde8e8c8dda0d177325a66d297bcb914015e71042c85d dovecot.conf -d4646d31915b6fc0df7cc9c06d66c369f6a622f2f0c783fd9463a05a53d1b3b3ba2ebcbe32b2391f0e44fe2a67c6eeeef3b00d3067325152054e184ac67ff745 pgsql.conf" +package() { + for i in $_rx_dovecot_base_src; do + rx_install "$i" + done + for i in $_rx_dovecot_pgsql_src; do + rx_install "$i".private "$i" + done + install -dm700 "$(rx_cpkgdir)"/var/mail +} + +sha512sums=" +fdd1fa6072c77e297766582ef119da55b8d0bea435bfe7c890ca1ea2853a43936edd05ae0a08f001a335930276dcc0f7e160aa8d31ff3d8f4872e36cba37b48b dovecot.conf +3b28fdfdafaffe19e038b8fd3d3dfdeea51b68c68a148054a1daf618a5ed6e18bdfc58154f9fd32ce982eae9d03e50b3a63ea3a21f9a358e26e4d77164530151 secret +5ed93cd8326a1fe604a91acb38da6864ee002877a069fa8f5b67fa10b7213d21966d7500b460cb14cedc063470b346002daf3031fc6be0d25d3bd864ff4b2f2f pgsql.conf +" diff --git a/config/dovecot/dovecot.conf b/config/dovecot/dovecot.conf index f49f397..3f3b3df 100644 --- a/config/dovecot/dovecot.conf +++ b/config/dovecot/dovecot.conf @@ -10,8 +10,8 @@ protocols = imap lmtp # TLS stuff ssl = yes -ssl_cert = # Maintainer: Alex Denes -_svcname=fastd -_configpath="/etc/fastd/redxen" -_cfgumask=600 -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.02.09 -pkgrel=3 -source="fastd.conf" +pkgver=2021.06.01.04 +pkgrel=0 +source=" + fastd.conf +" +_peers=" + deavmi +" +depends="redxen-secret-fastd-peerkey" -sha512sums="8743f56c32dd827b76c27ff5f2c634e7a76b59e275891ee7850109b6b08a3c26cfa6f789e5659e6f1148a55857c992511195b337c5773b9480fac5e116232fe2 fastd.conf" +for i in $_peers; do + subpackages="$subpackages $pkgname-peer-$i:_peer" + source="$source peers/$i" +done + +package() { + rx_install fastd.conf +} + +_peer() { + _peername="${subpkgname##*-peer-}" + _rx_installdir="$_rx_installdir/peers" rx_install "$_peername" +} + +sha512sums=" +9ff7544ac46576897400eff389b1a458755482b44f5771adc0c04fae1c8b25311ea5ecfe78ecc23c83b89580ccdfa239506da273705880f1afa0c0c7f3109114 fastd.conf +4d9291172657f4871dc77296f8e902facd00ddbea226fe8091ff860530fb9be1d8f5476e6b51bab745af2a62a492e2ddf7a562482d6c09cb468a67ca0082492f deavmi +" diff --git a/config/fastd/fastd.conf b/config/fastd/fastd.conf index 62492f2..338b239 100644 --- a/config/fastd/fastd.conf +++ b/config/fastd/fastd.conf @@ -1,16 +1,14 @@ -interface "crxn0"; +interface "tunptp0"; method "salsa2012+umac"; bind any:2190; -secret ""; +log to syslog level info; +# TODO: Find a better way to define this (per-host /etc/network/interfaces?) on up " -ip -6 addr add fd8a:6111:3b1a:dddd::X/64 scope global dev $INTERFACE -ip -6 route add fd8a:6111:3b1a:dddd::X/64 dev $INTERFACE protocol static +ip -6 addr add fd8a:6111:3b1a:dddd::1/64 scope global dev $INTERFACE +ip -6 route add fd8a:6111:3b1a:dddd::1/64 dev $INTERFACE protocol static ip link set $INTERFACE up "; -peer "peer0" -{ - remote ipv6 "" port 2190; - key ""; -} +include "/etc/redxen/fastd-peerkey/secret.conf"; +include peers from "peers"; diff --git a/config/fastd/peers/deavmi b/config/fastd/peers/deavmi new file mode 100644 index 0000000..9970175 --- /dev/null +++ b/config/fastd/peers/deavmi @@ -0,0 +1,2 @@ +remote ipv6 "2a04:5b80:300:3:0:c0ff:fe91:bf87" port 2190; +key "5c717c5c7569a06f35beb617bb56a38d3aa0071bdcca3fda56a9b42db1e89804"; diff --git a/config/gitea/APKBUILD b/config/gitea/APKBUILD index a3e732b..05c9ea2 100644 --- a/config/gitea/APKBUILD +++ b/config/gitea/APKBUILD @@ -1,32 +1,33 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=gitea -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.05.08 +pkgver=2021.06.01.03 pkgrel=0 depends="redxen-data-gitea-theme" source=" redxen.ini - secrets + secret " prepare() { default_prepare install -D "redxen.ini" "redxen-mod.ini" - . secrets - replace_in_file "POSTGRESQL_GITEA_PASSWORD" "$POSTGRESQL_GITEA_PASSWORD" "redxen-mod.ini" - replace_in_file "GITEA_SECRET_KEY" "$GITEA_SECRET_KEY" "redxen-mod.ini" - replace_in_file "GITEA_INTERNAL_TOKEN" "$GITEA_INTERNAL_TOKEN" "redxen-mod.ini" - replace_in_file "GITEA_MAILER_PASSWD" "$GITEA_MAILER_PASSWD" "redxen-mod.ini" - replace_in_file "GITEA_OAUTH_JWT_TOKEN" "$GITEA_OAUTH_JWT_TOKEN" "redxen-mod.ini" + . secret + rx_replace "POSTGRESQL_GITEA_PASSWORD" "$POSTGRESQL_GITEA_PASSWORD" "redxen-mod.ini" + rx_replace "GITEA_SECRET_KEY" "$GITEA_SECRET_KEY" "redxen-mod.ini" + rx_replace "GITEA_INTERNAL_TOKEN" "$GITEA_INTERNAL_TOKEN" "redxen-mod.ini" + rx_replace "GITEA_MAILER_PASSWD" "$GITEA_MAILER_PASSWD" "redxen-mod.ini" + rx_replace "GITEA_OAUTH_JWT_TOKEN" "$GITEA_OAUTH_JWT_TOKEN" "redxen-mod.ini" } package() { - COPYCFG_SRC="redxen-mod.ini" COPYCFG_FNAME_DEST="redxen.ini" package_copy_cfg - mkdir -p "$pkgdir"/var/lib/gitea + rx_install redxen-mod.ini redxen.ini + install -dm700 "$(rx_cpkgdir)"/var/lib/gitea } -sha512sums="f530ec63e352f2daac6c66325f8ffc679c9fd3959750ccbc6f2f3e2456a0f8a8abe12ec14cdaa05507a6785f166d5d60c016f8b6a9751749c62223a9c0d8d436 redxen.ini -012d489c5d71864cda4b99ec16b3d6edbf83d18ea14d2104afe70e320937f4dd223572e384fba040cb3d43ced8ca7267e434756e4a1cd8bd41bb6f9092ad4b9d secrets" +sha512sums=" +e220ce0d91065f7ff4e4705f2a632147aad844bd71898d2d4ccbfc16638521a4980d204a3bcf09baf4174ffa6eab88fbd39d37458098e098ceb8dc4ed472d675 redxen.ini +012d489c5d71864cda4b99ec16b3d6edbf83d18ea14d2104afe70e320937f4dd223572e384fba040cb3d43ced8ca7267e434756e4a1cd8bd41bb6f9092ad4b9d secret +" diff --git a/config/gitea/redxen.ini b/config/gitea/redxen.ini index 7b1bed7..3357e29 100644 --- a/config/gitea/redxen.ini +++ b/config/gitea/redxen.ini @@ -31,7 +31,7 @@ CONTENT_PATH = lfs [database] DB_TYPE = postgres -HOST = postgresql.routinginfo.redxen.localhost:7550 +HOST = postgresql.routinginfo.internal:7550 NAME = gitea USER = gitea PASSWD = POSTGRESQL_GITEA_PASSWORD @@ -51,11 +51,11 @@ REPO_INDEXER_TYPE = bleve [queue.issue_indexer] TYPE = redis -CONN_STR = redis://redis.routinginfo.redxen.localhost:7551/?db=7&pool_size=100&idle_timeout=180s +CONN_STR = redis://redis.routinginfo.internal:7551/?db=7&pool_size=100&idle_timeout=180s [session] PROVIDER = redis -PROVIDER_CONFIG = redis://redis.routinginfo.redxen.localhost:7551/?db=6&pool_size=100&idle_timeout=180s +PROVIDER_CONFIG = redis://redis.routinginfo.internal:7551/?db=6&pool_size=100&idle_timeout=180s COOKIE_SECURE = true [picture] @@ -94,7 +94,7 @@ MODE = console [cache] ADAPTER = redis -HOST = redis://redis.routinginfo.redxen.localhost:7551/?db=5&pool_size=100&idle_timeout=180s +HOST = redis://redis.routinginfo.internal:7551/?db=5&pool_size=100&idle_timeout=180s ITEM_TTL = 10m [oauth2] diff --git a/config/grafana/APKBUILD b/config/grafana/APKBUILD index e930f0d..d60e1b7 100644 --- a/config/grafana/APKBUILD +++ b/config/grafana/APKBUILD @@ -1,12 +1,30 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=grafana -_cfgumask=400 -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.01.13 -pkgrel=4 -source="main.ini" +pkgver=2021.06.01.03 +pkgrel=0 +source=" + secret + main.ini +" -sha512sums="90d7ac741be339613b325886ef485091c3f2662fc32e98a723935ef27838547ceea89ae4800d780b51411334264d5678c3431c3e4b3c34cfedd5373cba72ab62 main.ini" +build() { + . secret + : "${POSTGRESQL_PASSWORD:?'PostgreSQL password is missing'}" + : "${SMTP_AUTH_PASSWORD:?'SMTP authentication password is missing'}" + + cp "main.ini" "main.ini.private" + rx_replace "POSTGRESQL_PASSWORD" "$POSTGRESQL_PASSWORD" "main.ini.private" + rx_replace "SMTP_AUTH_PASSWORD" "$SMTP_AUTH_PASSWORD" "main.ini.private" +} + +package() { + rx_install "main.ini.private" "main.ini" +} + +sha512sums=" +9a0dee0934034685c2aba7ebb21283ee73fd240c4cee2aa1cfcec66ba5afc3ed3759b2c79e1facba3e3e0a38fe75f11a7f382d968798ba212c36072238c59190 secret +8206984e9fb01cef0b06b366bd6af1cc74227d07404c68d50b0d59fadf409b2868fece46cf7931c78f2315d47385b85f4741cfb9eb397be8fbf4f0c75cb94242 main.ini +" diff --git a/config/grafana/main.ini b/config/grafana/main.ini new file mode 100644 index 0000000..03195b0 --- /dev/null +++ b/config/grafana/main.ini @@ -0,0 +1,67 @@ +## Server +[server] +protocol = 'http' +http_addr = '0.0.0.0' +http_port = '7577' +domain = 'stats.redxen.eu' +root_url = 'https://stats.redxen.eu' +enable_gzip = 'false' + +## Database +[database] +type = 'postgres' +host = 'postgresql.routinginfo.internal:7550' +name = 'grafana' +user = 'grafana' +ssl_mode = "disable" +password = "POSTGRESQL_PASSWORD" + +## Remote cache +[remote_cache] +type = 'database' + +## Security +[security] +cookie_secure = 'true' +cookie_samesite = 'strict' + +## Users +[users] +allow_sign_up = 'false' + +## Anonymous auth +[auth] +disable_login_form = 'false' +oauth_auto_login = 'false' + +[auth.anonymous] +enabled = 'true' +org_name = 'RedXen' +org_role = 'Viewer' + +## LDAP Auth +# [auth.ldap] +# enabled = true +# config_file = /etc/grafana/ldap.toml +# allow_sign_up = true + +## Session (legacy) +# session_provider = 'redis' +# session_provider_config = 'addr=db_redis:6379,pool_size=100,db=grafana' +# session_cookie_secure = 'true' + +## Snapshots +[snapshots] +external_enabled = 'false' + +## Alpha panels +[panels] +enable_alpha = 'true' + +[smtp] +enabled = 'true' +host = 'mail.redxen.eu:465' +user = 'grafana' +password = 'SMTP_AUTH_PASSWORD' +from_address = 'grafana@redxen.eu' +startTLS_policy = 'MandatoryStartTLS' diff --git a/config/haproxy/APKBUILD b/config/haproxy/APKBUILD index c49e746..a056a2b 100644 --- a/config/haproxy/APKBUILD +++ b/config/haproxy/APKBUILD @@ -1,17 +1,19 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=haproxy -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.03.20 -pkgrel=4 +pkgver=2021.06.01.03 +pkgrel=0 depends="redxen-secret-letsencrypt-full redxen-data-haproxy-errorpages" -#checkdepends="haproxy" +checkdepends="haproxy" source="main.cfg" +options="" -#check() { -# haproxy -c -f main.cfg # Certificates aren't readable by the building user -#} +check() { + haproxy -c -f main.cfg +} -sha512sums="dba35422a8a599a2c8d96899cdd57108f71af700b965a609953b079418efa0bb84b1955cc548e9802bda585a3bec16fd6d0d2e6f49214ee96f978fae0a19afdb main.cfg" +sha512sums=" +f61be8fa279ef56e7609c26fe9031a8d369563524925a419adde8e3367ceb1857dc1b407327fe9c2c80ff886e1ab2bc0b73e8be31bc5237c78c1f229f0a5932d main.cfg +" diff --git a/config/haproxy/main.cfg b/config/haproxy/main.cfg index c21846d..ba7cffd 100644 --- a/config/haproxy/main.cfg +++ b/config/haproxy/main.cfg @@ -21,13 +21,13 @@ defaults timeout http-keep-alive 240s default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check - errorfile 400 /etc/haproxy/errorpages/400.http - errorfile 403 /etc/haproxy/errorpages/403.http - errorfile 408 /etc/haproxy/errorpages/408.http - errorfile 500 /etc/haproxy/errorpages/500.http - errorfile 502 /etc/haproxy/errorpages/502.http - errorfile 503 /etc/haproxy/errorpages/503.http - errorfile 504 /etc/haproxy/errorpages/504.http + errorfile 400 /etc/redxen/haproxy/errorpages/400.http + errorfile 403 /etc/redxen/haproxy/errorpages/403.http + errorfile 408 /etc/redxen/haproxy/errorpages/408.http + errorfile 500 /etc/redxen/haproxy/errorpages/500.http + errorfile 502 /etc/redxen/haproxy/errorpages/502.http + errorfile 503 /etc/redxen/haproxy/errorpages/503.http + errorfile 504 /etc/redxen/haproxy/errorpages/504.http resolvers local nameserver unbound 127.0.0.1:53 @@ -43,19 +43,26 @@ listen git-gitea mode tcp bind ipv4@*:2442,ipv6@*:2442 option tcp-check - server-template gitssh 1 _gitssh._tcp.routinginfo.redxen.localhost + server-template gitssh 1 _gitssh._tcp.routinginfo.internal frontend http mode http - bind ipv4@:443,ipv6@:443 ssl crt /etc/ssl/redxen/letsencrypt/full.crt alpn h2,http/1.1 + bind ipv4@:443,ipv6@:443 ssl crt /etc/redxen/letsencrypt/full.crt alpn h2,http/1.1 bind ipv4@:80,ipv6@:80 acl root path / - acl seedbox hdr_beg(host) -i seed.redxen - use_backend backend-transmission if seedbox + redirect prefix /web code 302 if seedbox root + http-response set-header X-Forwarded-Proto https + http-response set-header X-XSS-Protection 1;\ mode=block + http-response set-header X-Content-Type-Options nosniff + http-response set-header Referrer-Policy no-referrer-when-downgrade + http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload + + use_backend backend-transmission if seedbox + use_backend backend-root if { hdr_beg(host) -i redxen } use_backend backend-grafana if { hdr_beg(host) -i stats.redxen } # use_backend backend-pleroma if { hdr_beg(host) -i social.redxen } @@ -64,46 +71,40 @@ frontend http use_backend backend-packages if { hdr_beg(host) -i packages.redxen } use_backend backend-monerod if { hdr_beg(host) -i monerod.redxen } - http-response set-header X-Forwarded-Proto https - http-response set-header X-XSS-Protection 1;\ mode=block - http-response set-header X-Content-Type-Options nosniff - http-response set-header Referrer-Policy no-referrer-when-downgrade - http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload - backend backend-root - server-template root 1 _root._tcp.routinginfo.redxen.localhost + server-template root 1 _root._tcp.routinginfo.internal option httpchk HEAD / HTTP/1.1 http-check send hdr Host redxen.eu backend backend-transmission - server-template transmission 1 _transmission._tcp.routinginfo.redxen.localhost + server-template transmission 1 _transmission._tcp.routinginfo.internal backend backend-grafana - server-template grafana 1 _grafana._tcp.routinginfo.redxen.localhost + server-template grafana 1 _grafana._tcp.routinginfo.internal option httpchk HEAD / HTTP/1.1 http-check send hdr Host stats.redxen.eu backend backend-seedown - server-template seedown 1 _seedown._tcp.routinginfo.redxen.localhost + server-template seedown 1 _seedown._tcp.routinginfo.internal option httpchk HEAD / HTTP/1.1 http-check send hdr Host sd.redxen.eu backend backend-packages - server-template packages 1 _packages._tcp.routinginfo.redxen.localhost + server-template packages 1 _packages._tcp.routinginfo.internal option httpchk HEAD / HTTP/1.1 http-check send hdr Host packages.redxen.eu # backend backend-pleroma -# server-template pleroma 1 _pleroma._tcp.routinginfo.redxen.localhost +# server-template pleroma 1 _pleroma._tcp.routinginfo.internal # option httpchk HEAD / HTTP/1.1 # http-check send hdr Host social.redxen.eu backend backend-gitea - server-template gitea 1 _gitea._tcp.routinginfo.redxen.localhost + server-template gitea 1 _gitea._tcp.routinginfo.internal option httpchk HEAD / HTTP/1.1 http-check send hdr Host gitea.redxen.eu backend backend-monerod - server-template monerod 1 _monerod._tcp.routinginfo.redxen.localhost + server-template monerod 1 _monerod._tcp.routinginfo.internal option httpchk POST /json_rpc HTTP/1.1 http-check send body \{\"method\"\:\"get_version\"\} hdr Content-Type application/json diff --git a/config/hitch/APKBUILD b/config/hitch/APKBUILD deleted file mode 100644 index 74586f3..0000000 --- a/config/hitch/APKBUILD +++ /dev/null @@ -1,16 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_svcname=hitch - -. ../APKBUILD-config.common - -pkgver=2020.12.07 -pkgrel=0 -source="main.conf" -#checkdepends="hitch" - -#check() { -# hitch -t --config main.conf # Certificate not readable by the building user -#} - -sha512sums="b830c09953bd4908fd9d69c5e386b0f314b87d44bf2c19dcfa2bb5f790a842d617888e4c47802eaab8bea676bd1d060bae47965ac0946bbb9b5dc95ca990d01d main.conf" diff --git a/config/hitch/main.conf b/config/hitch/main.conf deleted file mode 100644 index e778942..0000000 --- a/config/hitch/main.conf +++ /dev/null @@ -1,6 +0,0 @@ -alpn-protos = "h2,http/1.1" -tls-protos = TLSv1.1 TLSv1.2 -ciphers = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH" -pem-file = "/cert.pem" -workers = 2 -write-proxy-v2 = on diff --git a/config/influxdb/APKBUILD b/config/influxdb/APKBUILD index a9a8bb7..1dbeb91 100644 --- a/config/influxdb/APKBUILD +++ b/config/influxdb/APKBUILD @@ -1,16 +1,17 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=influxdb -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2020.12.29 -pkgrel=2 +pkgver=2021.06.01.03 +pkgrel=0 source="redxen.conf" package() { - package_copy_configs - install -dm700 "$pkgdir"/var/lib/influxdb + rx_source_installall + install -dm700 "$(rx_cpkgdir)"/var/lib/influxdb } -sha512sums="e251c8e25fb0d4a258f17425d277553d65a0b4b078c60ceec973bb421fdda42130d0e9cb38a70a85f5258407b02219ce9f79e551908a9f8e593a00852f5f81b4 redxen.conf" +sha512sums=" +e251c8e25fb0d4a258f17425d277553d65a0b4b078c60ceec973bb421fdda42130d0e9cb38a70a85f5258407b02219ce9f79e551908a9f8e593a00852f5f81b4 redxen.conf +" diff --git a/config/ipset/APKBUILD b/config/ipset/APKBUILD index bbcd7b1..b28f0de 100644 --- a/config/ipset/APKBUILD +++ b/config/ipset/APKBUILD @@ -1,16 +1,16 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=ipset -_configpath="/etc/ipset.d/redxen" -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.01.28 -pkgrel=3 +pkgver=2021.06.01.03 +pkgrel=0 source=" netwide4 netwide6 " -sha512sums="0c70b7b82c481ebcd755d4cf9a3c8d3490d1ea022158e32d1a4cf26152e9482858aeb09d7b68600e3d60312eba6d938a82bfa8012f2a19216dec69f05db4a250 netwide4 -dccd10b2fe5960bcf6466b27fabfbc5c80df40d33e744e84bd013c4b12e2fbb9fe4555568debb3cbbe851ff88f7b733ff19706073f2f29295d336a36efca4d07 netwide6" +sha512sums=" +0c70b7b82c481ebcd755d4cf9a3c8d3490d1ea022158e32d1a4cf26152e9482858aeb09d7b68600e3d60312eba6d938a82bfa8012f2a19216dec69f05db4a250 netwide4 +dccd10b2fe5960bcf6466b27fabfbc5c80df40d33e744e84bd013c4b12e2fbb9fe4555568debb3cbbe851ff88f7b733ff19706073f2f29295d336a36efca4d07 netwide6 +" diff --git a/config/iptables/APKBUILD b/config/iptables/APKBUILD index c48471f..0fbb399 100644 --- a/config/iptables/APKBUILD +++ b/config/iptables/APKBUILD @@ -1,16 +1,17 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=iptables -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.01.28 -pkgrel=4 +pkgver=2021.06.01.03 +pkgrel=0 depends="redxen-config-ipset" source=" rx-rules4 rx-rules6 " -sha512sums="c29f7f22fcabdd90fb3cd63f1e67ce340145be9a832c0ce23fadfd2a83e477c90373c052c6d750d3136dfeb951098c2bc7d05e1bfd6b7cb8f886a2e632587094 rx-rules4 -92b3c7dad3bcf9583ae9af4ba111b35ac5d0eae3ca50969be2941efc72270dd423689cceb93d55fe0286949a7b4a124a0e59bb170a99776bf99c835884da060c rx-rules6" +sha512sums=" +c29f7f22fcabdd90fb3cd63f1e67ce340145be9a832c0ce23fadfd2a83e477c90373c052c6d750d3136dfeb951098c2bc7d05e1bfd6b7cb8f886a2e632587094 rx-rules4 +92b3c7dad3bcf9583ae9af4ba111b35ac5d0eae3ca50969be2941efc72270dd423689cceb93d55fe0286949a7b4a124a0e59bb170a99776bf99c835884da060c rx-rules6 +" diff --git a/config/lighttpd/APKBUILD b/config/lighttpd/APKBUILD deleted file mode 100644 index 017b9e3..0000000 --- a/config/lighttpd/APKBUILD +++ /dev/null @@ -1,23 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_svcname=lighttpd -_configpath="/etc/lighttpd/redxen" - -. ../APKBUILD-config.common - -pkgver=2020.12.11 -pkgrel=2 -source="main.conf" -options="" # Default options -checkdepends="lighttpd" - -package() { - package_copy_configs - mkdir -p "$pkgdir"/http -} - -check() { - lighttpd -f main.conf -t -} - -sha512sums="c6157585741c20022f7cd520db0c1066aae9e6d59be165d49bfd9d3b57fdc1abed681ba067470d01f2b4f22c8c99da466976e4bf28d9d881811aac2d04494cca main.conf" diff --git a/config/lighttpd/main.conf b/config/lighttpd/main.conf deleted file mode 100644 index ae619fe..0000000 --- a/config/lighttpd/main.conf +++ /dev/null @@ -1,28 +0,0 @@ -var.basedir = "/http" -var.logdir = "/var/log/lighttpd" -var.statedir = "/run/lighttpd" - -include "/etc/lighttpd/mime-types.conf" - -server.bind = "[::]" -server.modules = ( "mod_access", "mod_deflate", "mod_webdav", "mod_dirlisting" ) -server.username = "lighttpd" -server.groupname = "lighttpd" -server.document-root = var.basedir -server.pid-file = "/run/lighttpd.pid" -server.indexfiles = ("index.html") -server.follow-symlink = "disable" -server.event-handler = "linux-sysepoll" -server.chroot = var.basedir -server.port = 7574 -server.upload-dirs = ("") -server.use-ipv6 = "enable" - -dir-listing.activate = "enable" - -url.access-deny = ("~") - -deflate.filetypes = ("text/", "application/javascript") - -webdav.activate = "enable" -webdav.is-readonly = "enable" diff --git a/config/minetest/APKBUILD b/config/minetest/APKBUILD index e2ac479..c1e1861 100644 --- a/config/minetest/APKBUILD +++ b/config/minetest/APKBUILD @@ -1,12 +1,13 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=minetest -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.04.02 +pkgver=2021.06.01.03 pkgrel=0 source="redxen.conf" depends="$depends minetest-mineclone2" -sha512sums="89477b45e3ee62e1eee1c7e3d0a4e9e4f69684c5b8d55fa9c109e890e94ca63acbc2ae2430ccca67a2c24d22c101c0aa29b1f0e4d3dba98d58b418fd006a7ff2 redxen.conf" +sha512sums=" +c98321d2da35fdd58c5c4e8f493c34a0cfd87991e34d0cbd6d89000696bb9e16d76912d42a83c31367c48d2acc1c7b70b8a33cb447b76b1e46f76ecd1107deea redxen.conf +" diff --git a/config/minetest/redxen.conf b/config/minetest/redxen.conf index e106ce9..45b9068 100644 --- a/config/minetest/redxen.conf +++ b/config/minetest/redxen.conf @@ -61,34 +61,6 @@ strict_protocol_version_checking = false # type: bool ipv6_server = true -### Advanced - -# Maximum number of blocks that are simultaneously sent per client. -# The maximum total count is calculated dynamically: -# max_total = ceil((#clients + max_users) * per_client / 4) -# type: int -max_simultaneous_block_sends_per_client = 10 -max_simultaneous_block_sends_server_total = 50 - -# To reduce lag, block transfers are slowed down when a player is building something. -# This determines how long they are slowed down after placing or removing a node. -# type: float -# full_block_send_enable_min_time_from_building = 2.0 - -# Maximum number of packets sent per send step, if you have a slow connection -# try reducing it, but don't reduce it to a number below double of targeted -# client number. -# type: int -max_packets_per_iteration = 8192 - -# ZLib compression level to use when sending mapblocks to the client. -# -1 - Zlib's default compression level -# 0 - no compresson, fastest -# 9 - best compression, slowest -# (levels 1-3 use Zlib's "fast" method, 4-9 use the normal method) -# type: int min: -1 max: 9 -# map_compression_level_net = -1 - ## Game # Default game when creating a new world. @@ -103,7 +75,7 @@ motd = Welcome! # Maximum number of players that can be connected simultaneously. # type: int - max_users = 100 +max_users = 100 # World directory (everything in the world is stored here). # Not needed if starting from the main menu. @@ -199,7 +171,7 @@ kick_msg_crash = This server has experienced an internal error. You will now be # ask_reconnect_on_crash = false # From how far clients know about objects, stated in mapblocks (16 nodes). -# +# # Setting this larger than active_block_range will also cause the server # to maintain active objects up to this distance in the direction the # player is looking. (This can avoid mobs suddenly disappearing from view) @@ -212,11 +184,11 @@ kick_msg_crash = This server has experienced an internal error. You will now be # This is also the minimum range in which active objects (mobs) are maintained. # This should be configured together with active_object_send_range_blocks. # type: int -active_block_range = 2 +# active_block_range = 2 # From how far blocks are sent to clients, stated in mapblocks (16 nodes). # type: int -max_block_send_distance = 8 +# max_block_send_distance = 8 # Maximum number of forceloaded mapblocks. # type: int @@ -267,7 +239,7 @@ movement_acceleration_air = 1.2 # Horizontal and vertical acceleration in fast mode, # in nodes per second per second. # type: float - movement_acceleration_fast = 10 +movement_acceleration_fast = 10 # Walking and flying speed, in nodes per second. # type: float @@ -328,7 +300,7 @@ movement_gravity = 10.4 # Maximum number of statically stored objects in a block. # type: int -max_objects_per_block = 4096 +# max_objects_per_block = 4096 # See https://www.sqlite.org/pragma.html#pragma_synchronous # type: enum values: 0, 1, 2 @@ -345,7 +317,7 @@ max_objects_per_block = 4096 # Length of a server tick and the interval at which objects are generally updated over # network. # type: float -dedicated_server_step = 0.001 +# dedicated_server_step = 0.001 # Length of time between active block management cycles # type: float @@ -353,12 +325,12 @@ dedicated_server_step = 0.001 # Length of time between Active Block Modifier (ABM) execution cycles # type: float -abm_interval = 0.25 +# abm_interval = 0.25 # The time budget allowed for ABMs to execute on each step # (as a fraction of the ABM Interval) # type: float min: 0.1 max: 0.9 -abm_time_budget = 0.2 +# abm_time_budget = 0.2 # Length of time between NodeTimer execution cycles # type: float @@ -392,7 +364,7 @@ abm_time_budget = 0.2 # optimization. # Stated in mapblocks (16 nodes). # type: int min: 2 -block_send_optimize_distance = 4 +# block_send_optimize_distance = 4 # If enabled the server will perform map block occlusion culling based on # on the eye position of the player. This can reduce the number of blocks diff --git a/config/monerod/APKBUILD b/config/monerod/APKBUILD index 6ee4fbb..e624564 100644 --- a/config/monerod/APKBUILD +++ b/config/monerod/APKBUILD @@ -1,18 +1,17 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=monerod -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.04.05 +pkgver=2021.06.01.03 pkgrel=0 -source=" - redxen.conf -" +source="redxen.conf" package() { - package_copy_configs - mkdir -p "$pkgdir"/var/lib/monerod + rx_source_installall + install -dm700 "$(rx_cpkgdir)"/var/lib/monerod } -sha512sums="18a7fcff61513bc092c4d0cd358774684f519b9f2f106718a8d15d83100b660ac6ea9ee4c178a7e2cd60a5aae585b27e78d6e2bc45c5e1189a86985612f4aedf redxen.conf" +sha512sums=" +18a7fcff61513bc092c4d0cd358774684f519b9f2f106718a8d15d83100b660ac6ea9ee4c178a7e2cd60a5aae585b27e78d6e2bc45c5e1189a86985612f4aedf redxen.conf +" diff --git a/config/murmur/APKBUILD b/config/murmur/APKBUILD index 3cbf315..dd9322c 100644 --- a/config/murmur/APKBUILD +++ b/config/murmur/APKBUILD @@ -1,14 +1,31 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=murmur -_cfgumask=400 -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.01.30 -pkgrel=2 +pkgver=2021.06.01.03 +pkgrel=0 depends="qt5-qtbase-postgresql redxen-secret-selfsigned-public redxen-secret-selfsigned-private" -source="murmur.ini" -install="$pkgname.pre-install" +source=" + secret + murmur.ini +" -sha512sums="9cbed968233867662e46ca116dcc7a271496a869b88f7826fbf16b2f9034344495f0f7326f2c852cdc743496b9d93148d66379d952b6bd119147e371db1c4426 murmur.ini" +build() { + . secret + : "${MUMBLE_DATABASE_PASS:?'Database password is missing'}" + : "${MUMBLE_REGISTER_PASS:?'Registration password is missing'}" + + cp murmur.ini murmur.ini.private + rx_replace "MUMBLE_DATABASE_PASS" "$MUMBLE_DATABASE_PASS" murmur.ini.private + rx_replace "MUMBLE_REGISTER_PASS" "$MUMBLE_REGISTER_PASS" murmur.ini.private +} + +package() { + rx_install murmur.ini.private murmur.ini +} + +sha512sums=" +5b754d97a9e6df9228c1ba96c959f3879c4e105af2785ce2fe5edf431a975e5f5bceb23cfa0c2b55dfc706d348d394a335cda32f6b5f66de1cac279f244426dc secret +dff6e85a191dc90aec33a18c71dcf6fa78c22b3a1543bb187a864ada3b057ebd890746d9f0ba2d23c3ddef2d6fecff1290b85e617b7da636709d3b9f29ccc384 murmur.ini +" diff --git a/config/murmur/murmur.ini b/config/murmur/murmur.ini new file mode 100644 index 0000000..5a5a289 --- /dev/null +++ b/config/murmur/murmur.ini @@ -0,0 +1,32 @@ +database=murmur +dbDriver=QPSQL +dbUsername=murmur +dbPassword=MUMBLE_DATABASE_PASS +dbHost=postgresql.routinginfo.internal +dbPort=7550 +registerName="[RedXen] No mumble no talk!" +registerPassword=MUMBLE_REGISTER_PASS +registerUrl=https://redxen.eu/ +registerHostname=redxen.eu +registerLocation=DE +host= +uname=murmur +pidfile=/run/murmur/murmur.pid +opusthreshold=10 +bandwidth=130000 +sslCert=/etc/redxen/selfsigned/public.pem +sslKey=/etc/redxen/selfsigned/private.key +port=64738 +timeout=10 +users=500 +defaultchannel=1 +welcometext=" +

+

RedXen Community


+[ Homepage ] [ Telegram ] [ Git ] [ Support us! ]
+Enjoy your stay!
+Have a group that you want to represent or a question? Contact me at caskd@redxen.eu
+This server is powered by Alpine Linux
+
+ +" diff --git a/config/murmur/redxen-config-murmur.pre-install b/config/murmur/redxen-config-murmur.pre-install deleted file mode 100644 index d6de9e9..0000000 --- a/config/murmur/redxen-config-murmur.pre-install +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -adduser murmur rxselfsig - -return 0 diff --git a/config/nginx/APKBUILD b/config/nginx/APKBUILD index beca4f4..49dd570 100644 --- a/config/nginx/APKBUILD +++ b/config/nginx/APKBUILD @@ -1,45 +1,46 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=nginx -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.05.03 +pkgver=2021.06.01.07 pkgrel=0 depends="nginx-mod-http-zip" checkdepends="nginx" subpackages="$pkgname-seedbox $pkgname-alpine $pkgname-homepage" source=" main.conf - modules/seedbox.conf - modules/alpine.conf - modules/homepage.conf + module/seedbox.conf + module/alpine.conf + module/homepage.conf " package() { - install -Dm400 main.conf "$pkgdir"/etc/nginx/redxen.conf + rx_install "main.conf" } seedbox() { install_if="redxen-config-transmission-daemon" - install -Dm400 "$srcdir"/seedbox.conf "$subpkgdir"/etc/nginx/http.d/redxen/seedbox.conf + _rx_installdir="$_rx_installdir/module" rx_install seedbox.conf } alpine() { - install_if="redxen-secret-nginx-httpauth-alpine" - install -Dm400 "$srcdir"/alpine.conf "$subpkgdir"/etc/nginx/http.d/redxen/alpine.conf + install_if="redxen-secret-alpinepkg-httpauth" + _rx_installdir="$_rx_installdir/module" rx_install alpine.conf } homepage() { install_if="redxen-data-homepage" - install -Dm400 "$srcdir"/homepage.conf "$subpkgdir"/etc/nginx/http.d/redxen/homepage.conf + _rx_installdir="$_rx_installdir/module" rx_install homepage.conf } check() { nginx -p / -c main.conf -t } -sha512sums="032fcb53d7c7fa848c67398e26d1b9d643c795c2c0c6061e58d79abc5168f6e2482172b14966a01513e5ea183a92150fdc6c0fcb581ad04668fd32e3409ef1ed main.conf -abba14b4ed423455d9a6993b48f44c3464e37dc6a05119b3084d0519bbc62c7551cee721c25f0543b67ed80425c71dbe0ef5d3f8c9436faf7706d6d18414b149 seedbox.conf -a8e85e18ae1f8c7f6f35fe27d879cc8642133cc63a3a44c6fd8b875eb3a3f2ccc9e3de1d95691bee574d4ead375ef096585b807dd301bc02b2fad312bc74cf24 alpine.conf -0b5e7a0bb935ee0aa20c72ab1e7eb4ff4dcce22564fb7b354d28574e15e23bc7661414936d23be47afc9d465f44b3e2a55f14f1bb14d009286196e8615c6f729 homepage.conf" +sha512sums=" +15708a8662984cbfc3d78c3337aa35a0e82586e2e7ba1430c2b99b5b584468e63899b40b5c15f29d892af2901135d9dc5dfdf2ea7469dd7382e7f25a797253e2 main.conf +1a330386c6119487a338d78a23a4e116983c333f82373faaa527e22518d71959a0f330968da764ca884dd4dea227c3cf4d2f6252b1dd7f3488ef08543712788d seedbox.conf +5ae68165edab56f41e51ad5b608a29121db878aed0309882927207d4ea9ec5e505a78b194bc8df8f943259130300edd4aa49b2e23a4ee705fa9ea761533fd133 alpine.conf +2657b0bdfc001f94159a8cddc928e666cb20055b3df42dd0ec48146c6952c3c7b3957af52612d35d38199fde76ee0c96cb0ea39ed38e13bcc608088c88dc3a88 homepage.conf +" diff --git a/config/nginx/main.conf b/config/nginx/main.conf index c93e6d6..6e5b100 100644 --- a/config/nginx/main.conf +++ b/config/nginx/main.conf @@ -13,13 +13,5 @@ http { keepalive_timeout 300; include /etc/nginx/mime.types; default_type application/octet-stream; - server { - listen *:7574 reuseport so_keepalive=on; - listen [::]:7574 reuseport so_keepalive=on; - include http.d/redxen/*.conf; - - location = /telegram { - return 302 https://t.me/joinchat/RSK4t6hPtkJDLYBO; - } - } + include module/*.conf; } diff --git a/config/nginx/module/alpine.conf b/config/nginx/module/alpine.conf new file mode 100644 index 0000000..487b927 --- /dev/null +++ b/config/nginx/module/alpine.conf @@ -0,0 +1,18 @@ +server { + listen *:7574 so_keepalive=on; + listen [::]:7574 so_keepalive=on; + + location / { + root /var/lib/alpine-packages; + autoindex on; + + limit_except GET HEAD { + deny all; + } + + location /redxen { + auth_basic "RedXen Alpine Package Archive"; + auth_basic_user_file /etc/redxen/alpinepkg-httpauth/passwdfile; + } + } +} diff --git a/config/nginx/module/homepage.conf b/config/nginx/module/homepage.conf new file mode 100644 index 0000000..51f15f2 --- /dev/null +++ b/config/nginx/module/homepage.conf @@ -0,0 +1,16 @@ +server { + listen *:7575 so_keepalive=on; + listen [::]:7575 so_keepalive=on; + + location / { + root /usr/share/redxen/homepage; + autoindex on; + limit_except GET HEAD { + deny all; + } + } + + location = /telegram { + return 302 https://t.me/joinchat/RSK4t6hPtkJDLYBO; + } +} diff --git a/config/nginx/module/seedbox.conf b/config/nginx/module/seedbox.conf new file mode 100644 index 0000000..076bb39 --- /dev/null +++ b/config/nginx/module/seedbox.conf @@ -0,0 +1,12 @@ +server { + listen *:7576 so_keepalive=on; + listen [::]:7576 so_keepalive=on; + + location / { + root /seedbox; + autoindex on; + limit_except GET HEAD { + deny all; + } + } +} diff --git a/config/nginx/modules/alpine.conf b/config/nginx/modules/alpine.conf deleted file mode 100644 index 0b0bcdf..0000000 --- a/config/nginx/modules/alpine.conf +++ /dev/null @@ -1,11 +0,0 @@ -location / { - root /var/lib/alpine-packages; - autoindex on; - limit_except GET HEAD { - deny all; - } - location /redxen { - auth_basic "RedXen Alpine Package Archive"; - auth_basic_user_file /etc/nginx/httpauth-alpine; - } -} diff --git a/config/nginx/modules/homepage.conf b/config/nginx/modules/homepage.conf deleted file mode 100644 index 836d494..0000000 --- a/config/nginx/modules/homepage.conf +++ /dev/null @@ -1,7 +0,0 @@ -location / { - root /usr/share/redxen/homepage; - autoindex on; - limit_except GET HEAD { - deny all; - } -} diff --git a/config/nginx/modules/seedbox.conf b/config/nginx/modules/seedbox.conf deleted file mode 100644 index c484ec1..0000000 --- a/config/nginx/modules/seedbox.conf +++ /dev/null @@ -1,7 +0,0 @@ -location / { - root /seedbox; - autoindex on; - limit_except GET HEAD { - deny all; - } -} diff --git a/config/opendkim/APKBUILD b/config/opendkim/APKBUILD index 801f12f..1e2e808 100644 --- a/config/opendkim/APKBUILD +++ b/config/opendkim/APKBUILD @@ -1,11 +1,10 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=opendkim -. ../APKBUILD-config.common +. ../APKBUILD-config.template -_dkim_date="2021.03.28" -pkgver=2021.03.28 +_dkim_date=2021.05.31.01 +pkgver=2021.06.01.03 pkgrel=0 depends="redxen-secret-opendkim~$_dkim_date" makedepends="opendkim-utils" @@ -17,15 +16,17 @@ source=" build() { _selector="$_dkim_date-mail" echo "*@redxen.eu $_selector._domainkey.redxen.eu" > signing_table - echo "$_selector._domainkey.redxen.eu redxen.eu:$_selector:/etc/opendkim/redxen/$_selector.private" > key_table + echo "$_selector._domainkey.redxen.eu redxen.eu:$_selector:$_rx_installdir/$_selector.private" > key_table } package() { _files="$source signing_table key_table" for i in $_files; do - install -Dm444 "$i" "$pkgdir"/etc/opendkim/redxen/"$i" + rx_install "$i" done } -sha512sums="6f23dfc823517db661cbe50b3f1f494a1b67e0c9928893f27a3fc5a8b74f0d1304933c79d1a8584be0f61ed0a40aa470fd524561a6b578ae0644bd9f05339952 trusted_hosts -08be7b116306a86fac7cacd4771fa900a6e67ff2b8e33cf839ceecd24c8781763ee3b7b73b5a85da8758c17c62af3615cd0e570b161167c6a0fb13d83a1a90bc opendkim.conf" +sha512sums=" +6f23dfc823517db661cbe50b3f1f494a1b67e0c9928893f27a3fc5a8b74f0d1304933c79d1a8584be0f61ed0a40aa470fd524561a6b578ae0644bd9f05339952 trusted_hosts +6cf9bbd8957f7ccd65ac2af63f68fc22578f23cc25e3c4279be1b76ba0f0b28d03b785726a9e1702fc4e467b87caf6273ca366b437646934d86f3c165fade0c4 opendkim.conf +" diff --git a/config/opendkim/opendkim.conf b/config/opendkim/opendkim.conf index 7a835ae..3cc8f39 100644 --- a/config/opendkim/opendkim.conf +++ b/config/opendkim/opendkim.conf @@ -3,9 +3,9 @@ UMask 002 Canonicalization relaxed/simple -InternalHosts refile:/etc/opendkim/redxen/trusted_hosts -KeyTable refile:/etc/opendkim/redxen/key_table -SigningTable refile:/etc/opendkim/redxen/signing_table +InternalHosts refile:/etc/redxen/opendkim/trusted_hosts +KeyTable refile:/etc/redxen/opendkim/key_table +SigningTable refile:/etc/redxen/opendkim/signing_table Mode s PidFile /run/opendkim/opendkim.pid diff --git a/config/openssh-sftp-seedbox/APKBUILD b/config/openssh-sftp-seedbox/APKBUILD deleted file mode 100644 index eef1ed8..0000000 --- a/config/openssh-sftp-seedbox/APKBUILD +++ /dev/null @@ -1,23 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_svcname=openssh-sftp-seedbox - -. ../APKBUILD-config.common - -pkgver=2020.12.07 -pkgrel=1 -source=" - seedbox-conf - allowed_keys -" - -package() { - install -dm755 -o root -g root "$pkgdir"/sftp-chroot - install -Dm644 allowed_keys "$pkgdir"/etc/ssh/authorized_keys/seedbox - # NOTE: Inclusion of this file doesn't work in openssh - # It has to be appended manually to /etc/ssh/sshd_config - install -Dm644 seedbox-conf "$pkgdir"/etc/ssh/sshd.conf.d/redxen/seedbox -} - -sha512sums="29d0bc0a52bd87d7544ce1d369d676ac38dcc4c18dac24b43b6bb649b7097617d53747935b0b4304dfce161158f5e8f008436bf036899b4e857b64f3c7c11a58 seedbox-conf -f87e66868b1315cb63e89a9d7f47e7ffb889b9ec19bcd82e307774169446c546e6d3d51a977df7bffd70b83889979151a557575dc13a9f1d3c08d158e1a5a8cc allowed_keys" diff --git a/config/openssh-sftp-seedbox/allowed_keys b/config/openssh-sftp-seedbox/allowed_keys deleted file mode 100644 index 2b4ee2b..0000000 --- a/config/openssh-sftp-seedbox/allowed_keys +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsD58tySBudDE7dw4aDttDv7rLWCqZ2c6N+GnrbSzqAxTcMxxn3GZeozXuz4pkl8NrGEKFk22AlB1hUl0gqnpAr0roL72mXE1WmjVc4EvEVYXLdHnm+rEi/FqvEK8D5mj1vs/ALGqtKGmY1363a8JRR7jSlBa45HkdC7IyJP0stpIkcriPS4kj/lEW0+J5KZ4NuKocjTbyVDoX67fLwBeu/YG4pz0ETKKU1/5xfBN+AxeD8brWvMMwrQzqJoAoRfLKCuD2yTSTPxek/Oa3lbNLUBF6o114gyxsc7zAWMpyNCPvstZoLCdQYqZ0sqVvcFGt0vmlrCtcQozkDVChz1E3 none diff --git a/config/openssh-sftp-seedbox/seedbox-conf b/config/openssh-sftp-seedbox/seedbox-conf deleted file mode 100644 index 79e6919..0000000 --- a/config/openssh-sftp-seedbox/seedbox-conf +++ /dev/null @@ -1,7 +0,0 @@ -Match User seedbox -AuthorizedKeysFile /etc/ssh/authorized_keys/seedbox -ChrootDirectory /sftp-chroot -ForceCommand internal-sftp -AllowTcpForwarding no -X11Forwarding no -PasswordAuthentication no diff --git a/config/postfix/APKBUILD b/config/postfix/APKBUILD index 984c4bd..3f9cf17 100644 --- a/config/postfix/APKBUILD +++ b/config/postfix/APKBUILD @@ -1,22 +1,49 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=postfix -_configpath="/etc/postfix/redxen" -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.03.09 +pkgver=2021.06.01.03 pkgrel=0 depends="postfix-pgsql redxen-secret-letsencrypt-chain redxen-secret-letsencrypt-private" -install="$pkgname.pre-install" -source=" - master.cf - main.cf + +_rx_postfix_pgsql_source=" pgsql-aliases.cf pgsql-users.cf " +_rx_postfix_base_source=" + master.cf + main.cf +" +source=" + $_rx_postfix_base_source + secret + $_rx_postfix_pgsql_source +" -sha512sums="b43313dc2b00848bfbc6b14bdcee2c7a024aeeae5d2a46b6aaf370d55f58ac9f9a4cf992b7d75a8acf35b75fd00d04144626169ef153614b223de87677bfda21 master.cf -a0fe63a10948fc5b83aa66779ec79eaff31eadd2d6791fc6f531719677692dbc1c24d9d20ddb5637a942f30cd47c6c47f53f0cbe840c56b17346cc9b7b82844c main.cf -a1778901dbc12de543d9d5897b9d50ee5ebe47b7ef6ed87a0087249657f146ff8493de455d32016660cca3c8d669592e0ea9fbe9b6696d92cac6f014277f29e5 pgsql-aliases.cf -72c50fe20b4d1a7ea2e60fb2cac0164814ab41011eb7f0d67a8a5715a0cc43d3ad573f198a7933eb130f68ec5c25c558fad791300e5bb25e020ca76a4303db4c pgsql-users.cf" +build() { + . secret + : "${POSTGRESQL_PASSWORD:?'PostgreSQL database access password missing'}" + + for i in $_rx_postfix_pgsql_source; do + cp "$i" "$i".private + rx_replace "POSTGRESQL_PASSWORD" "$POSTGRESQL_PASSWORD" "$i".private + done +} + +package() { + for i in $_rx_postfix_base_source; do + rx_install "$i" + done + for i in $_rx_postfix_pgsql_source; do + rx_install "$i".private "$i" + done +} + +sha512sums=" +b43313dc2b00848bfbc6b14bdcee2c7a024aeeae5d2a46b6aaf370d55f58ac9f9a4cf992b7d75a8acf35b75fd00d04144626169ef153614b223de87677bfda21 master.cf +88b704d0cc54bf9f09a0f027d1b39677086cdb2be4c91132f5cb3c0717156e692f5a5241c77a2aad2b4e1c4e8b08e4098365a613605486809ccefbb1fc114f27 main.cf +e2e2073b064a921a9eeed028e17617bcd2d1235517d908b4daadef45eb4cbb8686023c532d7938a779021cdd9548afe97f59d4c3232e7e01dca229e37e8c63ff secret +9c3ae0c3448710cb13e27cfd67864d27d364a3893ce70033df25ecd21cb0cc28a36f7d8aa9fe0cbdd0dc3516e78f34a5645a727387870d74ed8643078ec7e062 pgsql-aliases.cf +939677c0733348509a26a9ee654bc57be6cf4ce760c40cac7d1cc802afc0f7ec4b53c3752f60e9482b78290f6e36c5c8eca98645b54b34ffbb51dfbf4080d916 pgsql-users.cf +" diff --git a/config/postfix/main.cf b/config/postfix/main.cf index 153c7fe..d15854f 100644 --- a/config/postfix/main.cf +++ b/config/postfix/main.cf @@ -1,3 +1,5 @@ +compatibility_level = 3.6 + # General smtpd_banner = $myhostname ESMTP RedXen Mail. DO NOT MESS WITH US OR WE WILL CUT YOUR BALLS OFF! mail_name = RedXen Mail Postfix @@ -15,15 +17,14 @@ relayhost = relay_domains = $mydestination local_transport = local -alias_maps = proxy:pgsql:/etc/postfix/redxen/pgsql-aliases.cf -smtpd_sender_login_maps = proxy:pgsql:/etc/postfix/redxen/pgsql-users.cf +alias_maps = proxy:pgsql:/etc/redxen/postfix/pgsql-aliases.cf +smtpd_sender_login_maps = proxy:pgsql:/etc/redxen/postfix/pgsql-users.cf local_recipient_maps = $smtpd_sender_login_maps $alias_maps biff = no append_dot_mydomain = no delay_warning_time = 1h readme_directory = no -compatibility_level = 2 mailbox_size_limit = 0 recipient_delimiter = + notify_classes = resource, software, bounce @@ -36,8 +37,8 @@ smtp_tls_security_level = may smtp_tls_note_starttls_offer = yes smtpd_use_tls = yes -smtpd_tls_cert_file = /etc/ssl/redxen/letsencrypt/chain.crt -smtpd_tls_key_file = /etc/ssl/redxen/letsencrypt/private.key +smtpd_tls_cert_file = /etc/redxen/letsencrypt/chain.crt +smtpd_tls_key_file = /etc/redxen/letsencrypt/private.key smtpd_tls_security_level = may smtpd_tls_protocols = !SSLv2, !SSLv3 @@ -70,5 +71,5 @@ milter_protocol = 6 milter_default_action = tempfail internal_mail_filter_classes = bounce, notify -non_smtpd_milters = inet:rspamd.routinginfo.redxen.localhost:7510 -smtpd_milters = inet:opendkim.routinginfo.redxen.localhost:7514 $non_smtpd_milters +non_smtpd_milters = inet:rspamd.routinginfo.internal:7510 +smtpd_milters = inet:opendkim.routinginfo.internal:7514 $non_smtpd_milters diff --git a/config/postfix/pgsql-aliases.cf b/config/postfix/pgsql-aliases.cf new file mode 100644 index 0000000..ef97854 --- /dev/null +++ b/config/postfix/pgsql-aliases.cf @@ -0,0 +1,5 @@ +hosts = postgresql.routinginfo.internal:7550 +dbname = mail +user = postfix +password = POSTGRESQL_PASSWORD +query = SELECT target FROM aliases WHERE alias = '%u' AND active = '1' diff --git a/config/postfix/pgsql-users.cf b/config/postfix/pgsql-users.cf new file mode 100644 index 0000000..6ea8f79 --- /dev/null +++ b/config/postfix/pgsql-users.cf @@ -0,0 +1,5 @@ +hosts = postgresql.routinginfo.internal:7550 +dbname = mail +user = postfix +password = POSTGRESQL_PASSWORD +query = SELECT userid FROM users WHERE userid = '%u' AND active = '1' diff --git a/config/postfix/redxen-config-postfix.pre-install b/config/postfix/redxen-config-postfix.pre-install deleted file mode 100644 index 293c066..0000000 --- a/config/postfix/redxen-config-postfix.pre-install +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -adduser dovecot rxletsenc - -return 0 diff --git a/config/postgresql/APKBUILD b/config/postgresql/APKBUILD index 72356dc..98a8409 100644 --- a/config/postgresql/APKBUILD +++ b/config/postgresql/APKBUILD @@ -1,12 +1,10 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=postgresql -_configpath="/etc/postgresql/redxen" -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.01.13 -pkgrel=2 +pkgver=2021.06.01.03 +pkgrel=0 depends="postgresql-contrib" source=" postgresql.conf @@ -15,10 +13,12 @@ source=" " package() { - package_copy_configs - mkdir -p "$pkgdir"/var/lib/postgresql + rx_source_installall + install -dm700 "$(rx_cpkgdir)"/var/lib/postgresql } -sha512sums="ee33ef1dd1e2afaea8336e94fd754c3ed5eff7d312de233fbbbf8371d736b1bec03d8c436d8b9360e04048b4548c3d3d488ca940c63b8e5645d143298b9fce18 postgresql.conf +sha512sums=" +ee33ef1dd1e2afaea8336e94fd754c3ed5eff7d312de233fbbbf8371d736b1bec03d8c436d8b9360e04048b4548c3d3d488ca940c63b8e5645d143298b9fce18 postgresql.conf fc4faccaf8d8a7e0a683e20b959a0ca1c6aa8b190ab1e5f1568deb9483329e82a43264ff676845eeafd4f6c8d812ce2648702ba3ea52de4eadff8dbafece274b pg_hba.conf -cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e pg_ident.conf" +cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e pg_ident.conf +" diff --git a/config/redis/APKBUILD b/config/redis/APKBUILD index a251f84..6414e87 100644 --- a/config/redis/APKBUILD +++ b/config/redis/APKBUILD @@ -1,16 +1,17 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=redis -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2020.12.29 -pkgrel=2 +pkgver=2021.06.01.03 +pkgrel=0 source="redxen.conf" package() { - package_copy_configs - install -dm700 "$pkgdir"/var/lib/redis + rx_source_installall + install -dm700 "$(rx_cpkgdir)"/var/lib/redis } -sha512sums="85b83fdec29dfe075aa2b4e79829b47ae42171a62878b3c69ca300a007d60e80634a92d62e646eb432aab5397c51c1f3ce406cfad3208d1e16cc5151711c4271 redxen.conf" +sha512sums=" +35f292d3de4c7dfc9340ded312c4550431599c2704b5f036e62a758bd0a11bd8d3f5bad38680b0b7f54ccba725d3749232821d3c08cd954529ae1b2c2fccbd61 redxen.conf +" diff --git a/config/redis/redxen.conf b/config/redis/redxen.conf index 79f5099..5bef003 100644 --- a/config/redis/redxen.conf +++ b/config/redis/redxen.conf @@ -6,8 +6,8 @@ timeout 0 tcp-keepalive 300 #tls-port 7551 -#tls-cert-file /etc/ssl/redxen/selfsigned/public.pem -#tls-key-file /etc/ssl/redxen/selfsigned/private.key +#tls-cert-file /etc/redxen/selfsigned/public.pem +#tls-key-file /etc/redxen/selfsigned/private.key #tls-ca-cert-dir /etc/ssl/certs # tls-auth-clients optional # tls-protocols "TLSv1.2 TLSv1.3" diff --git a/config/rspamd/APKBUILD b/config/rspamd/APKBUILD index 734e1ef..9b92ae4 100644 --- a/config/rspamd/APKBUILD +++ b/config/rspamd/APKBUILD @@ -1,11 +1,9 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=rspamd -_configpath="/etc/rspamd/redxen" -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.04.13 +pkgver=2021.06.01.03 pkgrel=0 _baseconf=" rspamd.conf @@ -43,18 +41,21 @@ for i in $_modules; do done package() { - package_copy_configs "$_baseconf" + for i in $_baseconf; do + rx_install "$i" + done } _module() { local module=${subpkgname##$pkgname-} depends="" - install -Dm644 "$srcdir"/"$module".conf "$subpkgdir"/etc/rspamd/redxen/modules/"$module".conf + _rx_fperm=400 _rx_installdir="$_rx_installdir/modules" rx_install "$module".conf } -sha512sums="99985993e5d7c525280020e7dc30106b3efbaa8ae2830a5069ad4270a8336d33efca74ed26103e1d2f5f341a0cffc4e0f77a2757fdeab27e3b492aa99ae7f977 spf.conf +sha512sums=" +99985993e5d7c525280020e7dc30106b3efbaa8ae2830a5069ad4270a8336d33efca74ed26103e1d2f5f341a0cffc4e0f77a2757fdeab27e3b492aa99ae7f977 spf.conf 96bb78e91c29a9d0e120e18b00ffe2a4d4b613b24e7da02f43994b1d150da00875339feda963f6e87c16002a6fc44e99462bde0070fec3026a2e2c7079be8ccc spamtrap.conf -d42a74d17771497960477878eedda2a00a434cbc1e994b015c21b4f631e24836cb6a7b14a24a2cb42ed15425b7758dc307a6cf602a770cfb0cc20b6f90064af9 redis.conf +82554e0d5c955bf658f5093ed038eb66824eea0e6d0477a8e17600016a95da15bc9360b651c97c1345202a2164b0b6728323e64ea165d79a3acd6776d8d79d5b redis.conf 914c9800ae6195726fdbb8fe7fc403fdd346f082f77a0f6663e112518f2b19ab276371089d968e36340e50f8a52317606c598985fdf9318b2384e8e887005150 rbl.conf a753d136a21206cdc28a1554a38f51ad55e2eec842a31dbe1d151198bb8d9bb090e0f49b6b50cbc44e5011efb2ebeb2d2657a54df2f1a0c89ce3134fbd55220c ratelimit.conf 6ca83b91e70e43eff6de380065fc5591c6669a27497a47d74e5e096df68afea6269cfad41be982bb144f2dfb92fd5765a600cf9c4067c4612bd1aa1bf5e6ebfd phishing.conf @@ -69,8 +70,9 @@ dcec5c53bd29c345ed5c47727af9a8d11328cc8f69ae61064ba3b053ee306baa79b747067097b235 eacbbe96fdfea9112b633bdf5471fcf8b2c297513685397759d588ad47905cf225dae3e4262dacb14477a2f52e6d3bf93b57abaf205719481f11a9ec8552fe07 arc.conf edcbb00d62662ec412adf8adc24fedb88a7b694ea1ac39c07539f84560c2f0c210fb7b8be1e2c041f9eadb4278a4a9a9cf80dea59e05c97233204c6f41b16597 rspamd.conf 13b794a6eb95e672345b260e6a46d9ec95efd11159279af86c3ab3a9fea33e02807d67afad0d006597bf9b913927e6bff0cfc6d2cf6a5bd0bc993560cafb0951 composites.conf -f88d7b2c78b8aa011cf7fd81214745b5c6af10f44482c6164b3001dd366d7bedcb96f7ab0e5b33839c1b82458e1e14ab04b75594856928bac6037698e2c82f7e groups.conf +91cdd4f25cd29b7524827683caa79efd37e1ef78698f7f0ce8c185773bd0e1fdf624215838b26165cb52151fe435b41a76714c9f0aa0ee341a473b468d4f5436 groups.conf 78df39cbc6e09cdc5e01d27e123d82aa677a70a6f5d59ba0be8d0ce6af012c5311e4a2527e4fbc586f9cdd8da033e9f05e2371970fa23db60eaa8c16c8e85f05 logging.conf d5b99a03a86f35cb5b25cf0a1cf8be25a5a9158bc7f3a6362b35d6dc8e799613d03ade65b2673378fb1e2b5de67d48eb5e64a956551be9ef39c5d5d2ab2a3b36 statistic.conf 301315c98f2816a9542a410352bf3eb7f025a57f8ccc37666f51a3371580cba06344197c2f2a4049d402472ba7c9a542a21e6938ac022030e95a472e8bba33b6 workers.conf -2adbbed7442b2efad0c78aa735e562da68c992114b8b1b12258d39234cda66d198dddeaa5246f0b897b6174fc7b52430fada1bd1cd5870142b72d935c4f6e12f spamtrap.map" +2adbbed7442b2efad0c78aa735e562da68c992114b8b1b12258d39234cda66d198dddeaa5246f0b897b6174fc7b52430fada1bd1cd5870142b72d935c4f6e12f spamtrap.map +" diff --git a/config/rspamd/groups.conf b/config/rspamd/groups.conf index 2300bab..43943d4 100644 --- a/config/rspamd/groups.conf +++ b/config/rspamd/groups.conf @@ -274,7 +274,7 @@ group "rbl" { group "statistics" { symbols = { "BAYES_SPAM" { - weight = 5.1; + weight = 10; description = "Message probably spam, probability: "; } "BAYES_HAM" { diff --git a/config/rspamd/modules/redis.conf b/config/rspamd/modules/redis.conf index 37807fa..758d135 100644 --- a/config/rspamd/modules/redis.conf +++ b/config/rspamd/modules/redis.conf @@ -1,4 +1,4 @@ redis { - servers = "redis.routinginfo.redxen.localhost:7551"; + servers = "redis.routinginfo.internal:7551"; db = 1; } diff --git a/config/sysctl/APKBUILD b/config/sysctl/APKBUILD index 5f04ec0..eca0549 100644 --- a/config/sysctl/APKBUILD +++ b/config/sysctl/APKBUILD @@ -1,12 +1,11 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=sysctl -_configpath="/etc/sysctl.d" +_rx_installdir="/etc/sysctl.d" -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2020.12.10 -pkgrel=2 +pkgver=2021.06.01.03 +pkgrel=0 depends="busybox" source=" 10-memory.conf @@ -14,6 +13,8 @@ source=" 30-kernel.conf " -sha512sums="8043d419de52d0a8e75ed50643bd73ef3b3e2633d9064c6f6695b796834bc162f6b3c0e28082bb601e1a6c582e92ca90aa3dd626973c741c2ff0d3e1749521b1 10-memory.conf +sha512sums=" +8043d419de52d0a8e75ed50643bd73ef3b3e2633d9064c6f6695b796834bc162f6b3c0e28082bb601e1a6c582e92ca90aa3dd626973c741c2ff0d3e1749521b1 10-memory.conf 117648c1a0ee1a2d554eee2a0f8584097c66300dfda945a4ac0cb52f24160ae673abe3de964d419ddca4e0822a605c7b1d4f8d8e3f85d5f7c582b9803ffa21fc 20-network.conf -a67a62adddcc0389eef167f390d948ce69488f5755fbd19ca16d9d626511229e7dd7f03fcf0f4731fa867a45417e9554f65b5ccca7fcacc2e51f056d4152031a 30-kernel.conf" +a67a62adddcc0389eef167f390d948ce69488f5755fbd19ca16d9d626511229e7dd7f03fcf0f4731fa867a45417e9554f65b5ccca7fcacc2e51f056d4152031a 30-kernel.conf +" diff --git a/config/telegraf/APKBUILD b/config/telegraf/APKBUILD index 9404370..f1f0987 100644 --- a/config/telegraf/APKBUILD +++ b/config/telegraf/APKBUILD @@ -1,18 +1,72 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=telegraf -_cfgumask=400 -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2020.12.23 -pkgrel=2 -source="main.conf" -checkdepends="telegraf" +pkgver=2021.06.01.05 +pkgrel=0 options="" +checkdepends="telegraf" +source="main.conf" +_modules=" + base + unbound + redis + haproxy + rspamd + wireguard +" + +for i in $_modules; do + source="$source $i.conf" + subpackages="$subpackages $pkgname-$i" +done check() { - telegraf --config main.conf --test >/dev/null + telegraf --config main.conf --config base.conf --test >/dev/null } -sha512sums="3d342136225a8c060be6af63e0769da6fc870206471836cd4f414b9765c85930fe5a9fdb6b7a7acedb2d631264472849c53c2af7a4a387bd2c582bf1c1a0c97e main.conf" +package() { + rx_install main.conf +} + +base() { + install_if="$pkgname" + _rx_installdir="$_rx_installdir/module" rx_install base.conf +} + +unbound() { + install_if="$pkgname redxen-config-unbound-rctrl" + _rx_installdir="$_rx_installdir/module" rx_install unbound.conf +} + +redis() { + install_if="$pkgname redxen-config-redis" + _rx_installdir="$_rx_installdir/module" rx_install redis.conf +} + +haproxy() { + install_if="$pkgname redxen-config-haproxy" + _rx_installdir="$_rx_installdir/module" rx_install haproxy.conf +} + +rspamd() { + install_if="$pkgname redxen-config-rspamd" + _rx_installdir="$_rx_installdir/module" rx_install rspamd.conf +} + +wireguard() { + install_if="$pkgname redxen-config-wireguard" + _rx_installdir="$_rx_installdir/module" rx_install wireguard.conf +} + + +sha512sums=" +5a0f1dab5c4887700f7f29eeb0d1be28690737f1689a12e67861be4c0bb8276ece8fcb279983e6e3bc5484bd6aa932b663d6ff775c68e33c1190fcdbaa3b1889 main.conf +532d6b79eafb7629ef3f2a16f2f9323369d93357b301e44c111661eab8108a3d09dae1fd2c7f8a4c3d832c66285e2098fcd7713f37b545b5616d7c9a749a2684 base.conf +5a81b295f17189115fe93d1d68d94181aaab32dfcdd3e4d0480991c515d0cec57cb58bac354b893a5109a9e62d400a278489c9d64b997968ad8f326e02c7ddb1 unbound.conf +a4bc80850c94291d00b2ad56e50216ab36515bcc176b3c5678b24c3d5a3740b9de9006df8e37e42942a50227e6b27321d267e27decffbf6d9a37755d3224121e redis.conf +f219fcd9c1aeb4503e813f00c51cc2a2ccb8c297727f3542e614c784b977ef6a32d492de750b8d4338f95172dfdc0e388a72662e80c92a890e2bfc7d34e3396d haproxy.conf +0e5e8282a77553cf75b3184367486d37f4dd6e6ed5a216f2ca5b94f4fe7b151565eb5d9fc35f5eadc154da41aa39f0f7979ded054be9da94b981326ca13c6b8f rspamd.conf +3f6d05082d4e01fb7498c82fb92fb479c5766148c9dcfd118d248ceaf6838f4794b940a8fcff0ec6020000806c6418f93e5aa60cbf32fd826fa4f9870f925ba7 wireguard.conf +" diff --git a/config/telegraf/base.conf b/config/telegraf/base.conf new file mode 100644 index 0000000..dbbdb7f --- /dev/null +++ b/config/telegraf/base.conf @@ -0,0 +1,21 @@ +[[outputs.influxdb]] + urls = ["http://influxdb.routinginfo.internal:7552"] + database = "telegraf" + +[[inputs.cpu]] + percpu = true + totalcpu = true + collect_cpu_time = true + report_active = true + +[[inputs.disk]] + ignore_fs = ["tmpfs", "devtmpfs", "devfs", "overlay", "aufs", "squashfs"] + +[[inputs.diskio]] +[[inputs.kernel]] +[[inputs.kernel_vmstat]] +[[inputs.mem]] +[[inputs.processes]] +[[inputs.swap]] +[[inputs.system]] +[[inputs.net]] diff --git a/config/telegraf/haproxy.conf b/config/telegraf/haproxy.conf new file mode 100644 index 0000000..a3a857c --- /dev/null +++ b/config/telegraf/haproxy.conf @@ -0,0 +1,3 @@ +[[inputs.haproxy]] + servers = ["socket:/run/haproxy.sock"] + keep_field_names = true diff --git a/config/telegraf/main.conf b/config/telegraf/main.conf index 2d823ee..5f4fa00 100644 --- a/config/telegraf/main.conf +++ b/config/telegraf/main.conf @@ -1,33 +1,11 @@ [agent] - interval = "10s" - round_interval = true - metric_batch_size = 1000 - metric_buffer_limit = 10000 - flush_interval = "10s" - precision = "10s" - debug = false - quiet = false - logfile = "" - omit_hostname = false - -[[outputs.influxdb]] - urls = ["http://influxdb.routinginfo.redxen.localhost:7552"] - database = "telegraf" - -[[inputs.cpu]] - percpu = true - totalcpu = true - collect_cpu_time = true - report_active = true - -[[inputs.disk]] - ignore_fs = ["tmpfs", "devtmpfs", "devfs", "overlay", "aufs", "squashfs"] - -[[inputs.diskio]] -[[inputs.kernel]] -[[inputs.kernel_vmstat]] -[[inputs.mem]] -[[inputs.processes]] -[[inputs.swap]] -[[inputs.system]] -[[inputs.net]] + interval = "10s" + round_interval = true + metric_batch_size = 1000 + metric_buffer_limit = 10000 + flush_interval = "10s" + precision = "1s" + debug = false + quiet = false + logfile = "" + omit_hostname = false diff --git a/config/telegraf/monerod.conf b/config/telegraf/monerod.conf new file mode 100644 index 0000000..0c62249 --- /dev/null +++ b/config/telegraf/monerod.conf @@ -0,0 +1,12 @@ +[[inputs.http]] + urls = ["http://localhost:7579/json_rpc"] + method = "POST" + data_format = "json" + content_encoding = "identity" + body = '{"method":"get_info"}' + json_query = "result" + headers = { "Content-Type" = "application/json", "Transfer-Encoding" = "identity" } + tag_keys = [ + "nettype" + ] + name_override = "monerod" diff --git a/config/telegraf/redis.conf b/config/telegraf/redis.conf new file mode 100644 index 0000000..05042eb --- /dev/null +++ b/config/telegraf/redis.conf @@ -0,0 +1,2 @@ +[[inputs.redis]] + servers = ["tcp://localhost:7551"] diff --git a/config/telegraf/rspamd.conf b/config/telegraf/rspamd.conf new file mode 100644 index 0000000..8c2a4a7 --- /dev/null +++ b/config/telegraf/rspamd.conf @@ -0,0 +1,8 @@ +[[inputs.http]] + urls = ["http://localhost:7512/stat"] + data_format = "json" + tag_keys = [ + "config_id", + "version" + ] + name_override = "rspamd" diff --git a/config/telegraf/unbound.conf b/config/telegraf/unbound.conf new file mode 100644 index 0000000..022b831 --- /dev/null +++ b/config/telegraf/unbound.conf @@ -0,0 +1,2 @@ +[[inputs.unbound]] + server = "localhost:8953" diff --git a/config/telegraf/wireguard.conf b/config/telegraf/wireguard.conf new file mode 100644 index 0000000..245aba8 --- /dev/null +++ b/config/telegraf/wireguard.conf @@ -0,0 +1,2 @@ +[[inputs.wireguard]] + devices = ["rxmain"] diff --git a/config/transmission-daemon/APKBUILD b/config/transmission-daemon/APKBUILD deleted file mode 100644 index 7d15fbd..0000000 --- a/config/transmission-daemon/APKBUILD +++ /dev/null @@ -1,18 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_svcname="transmission-daemon" -_configpath="/etc/transmission" -_cfgumask=400 - -. ../APKBUILD-config.common - -pkgver=2021.01.26 -pkgrel=2 -source="settings.json" - -package() { - package_copy_configs - mkdir -p "$pkgdir"/etc/transmission/resume "$pkgdir"/seedbox -} - -sha512sums="6b6ca000655811ffdf1d51609cf0315f8516a7a7c0f602d97848071d6441bd13e053d896d9a56bc5c772b9c5ee600419480460db13dfdf03921e4d90a2a01887 settings.json" diff --git a/config/transmission/APKBUILD b/config/transmission/APKBUILD new file mode 100644 index 0000000..022c62f --- /dev/null +++ b/config/transmission/APKBUILD @@ -0,0 +1,35 @@ +# Contributor: Alex Denes +# Maintainer: Alex Denes + +. ../APKBUILD-config.template + +pkgver=2021.06.01.03 +pkgrel=0 +source=" + secret + settings.json +" +depends="transmission-daemon" + +build() { + . secret + : "${TRANSMISSION_USERNAME:?'Transmission username is missing'}" + : "${TRANSMISSION_PASSWORD:?'Transmission password is missing'}" + + cp "settings.json" "settings.json.private" + TRANSMISSION_PASS_SALT="$(cat /dev/urandom | tr -dc '[:alnum:]./' | head -c 8)" + TRANSMISSION_PASS_HASH="$(printf '%s%s' "$TRANSMISSION_PASSWORD" "$TRANSMISSION_PASS_SALT" | sha1sum)" + TRANSMISSION_PASS_SALTED="{${TRANSMISSION_PASS_HASH%% *}$TRANSMISSION_PASS_SALT" + rx_replace "TRANSMISSION_USERNAME" "$TRANSMISSION_USERNAME" settings.json.private + rx_replace "TRANSMISSION_PASSWORD" "$TRANSMISSION_PASS_SALTED" settings.json.private +} + +package() { + rx_install "settings.json.private" "settings.json" + install -dm700 "$(rx_cpkgdir)"/"$_rx_installdir"/resume "$(rx_cpkgdir)"/seedbox +} + +sha512sums=" +7435cdea2f9a63d09164c6c7cf6105e24a27316150bbebb7c2abda0a72c9ffcbd36632be1f9d77bccdc616fa8b84a9bfeaa4b5b32349d11a3d4f9c12ee884963 secret +900829893fa4cd61c7950d640f8a4b043f33de90abce9007b8c5d76d464df3542e0ca2630deb93344d4a896f999f0da4f2474ad77cb7d628247c34c78aec515b settings.json +" diff --git a/config/transmission/settings.json b/config/transmission/settings.json new file mode 100644 index 0000000..0af7f4b --- /dev/null +++ b/config/transmission/settings.json @@ -0,0 +1,70 @@ +{ + "alt-speed-down": 50, + "alt-speed-enabled": false, + "alt-speed-time-begin": 540, + "alt-speed-time-day": 127, + "alt-speed-time-enabled": false, + "alt-speed-time-end": 1020, + "alt-speed-up": 50, + "bind-address-ipv4": "0.0.0.0", + "bind-address-ipv6": "::", + "blocklist-enabled": true, + "blocklist-url": "https://github.com/sahsu/transmission-blocklist/releases/latest/download/blocklist.gz", + "cache-size-mb": 50, + "dht-enabled": true, + "download-dir": "/seedbox", + "download-queue-enabled": true, + "download-queue-size": 50, + "encryption": 2, + "idle-seeding-limit": 30, + "idle-seeding-limit-enabled": false, + "incomplete-dir": "/seedbox", + "incomplete-dir-enabled": true, + "lpd-enabled": false, + "message-level": 2, + "peer-congestion-algorithm": "", + "peer-id-ttl-hours": 1, + "peer-limit-global": 2000, + "peer-limit-per-torrent": 30, + "peer-port": 51413, + "peer-port-random-high": 65535, + "peer-port-random-low": 49152, + "peer-port-random-on-start": false, + "peer-socket-tos": "default", + "pex-enabled": true, + "port-forwarding-enabled": false, + "preallocation": 0, + "prefetch-enabled": true, + "queue-stalled-enabled": true, + "queue-stalled-minutes": 30, + "ratio-limit": 20, + "ratio-limit-enabled": false, + "rename-partial-files": true, + "rpc-authentication-required": true, + "rpc-bind-address": "0.0.0.0", + "rpc-enabled": true, + "rpc-host-whitelist": "127.0.0.1", + "rpc-host-whitelist-enabled": false, + "rpc-port": 7572, + "rpc-url": "/", + "rpc-username": "TRANSMISSION_USERNAME", + "rpc-password": "TRANSMISSION_PASSWORD", + "rpc-whitelist": "127.0.0.1", + "rpc-whitelist-enabled": false, + "scrape-paused-torrents-enabled": true, + "script-torrent-done-enabled": false, + "script-torrent-done-filename": "", + "seed-queue-enabled": false, + "seed-queue-size": 100, + "speed-limit-down": 100, + "speed-limit-down-enabled": false, + "speed-limit-up": 100, + "speed-limit-up-enabled": false, + "start-added-torrents": true, + "trash-original-torrent-files": false, + "umask": 18, + "upload-slots-per-torrent": 1000, + "utp-enabled": true, + "watch-dir": "/watch", + "watch-dir-enabled": false +} diff --git a/config/unbound/APKBUILD b/config/unbound/APKBUILD index a2ce040..691153f 100644 --- a/config/unbound/APKBUILD +++ b/config/unbound/APKBUILD @@ -1,102 +1,62 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=unbound -. ../APKBUILD-config.common +. ../APKBUILD-config.template -_dkim_date=2021.03.28 -_dnssec_date=2021.04.05 -pkgver=2021.04.29 -pkgrel=2 +pkgver=2021.06.01.04 +pkgrel=0 depends="alpine-baselayout ca-certificates-bundle dns-root-hints dnssec-root" -makedepends="redxen-secret-opendkim-dns~$_dkim_date bind-dnssec-tools redxen-secret-dnssec~$_dnssec_date" -checkdepends="bind-tools unbound" -subpackages="$pkgname-acl $pkgname-rctrl $pkgname-internal $pkgname-auth-rx:auth_rx $pkgname-auth-crxn:auth_crxn" -source=" - includes.conf - base.conf - acl.conf - rctrl.conf - internal.conf - - auth-redxen.conf - auth-crxn.conf - zones/redxen.eu - zones/crxn -" +checkdepends="unbound" options="checkroot" -builddir="$srcdir" +_modules=" + acl + rctrl + auth_redxen + auth_crxn + auth_internal +" +source=" + base.conf +" -prepare() { - default_prepare - # Add everything dynamic - cat redxen.eu /etc/opendkim/redxen/dns-record /etc/dns/redxen.eu/*.key > redxen.eu-cat -} - -# DNSSEC signing happens here -build() { - msg "Signing redxen.eu zone" - dnssec-signzone -K /etc/dns/redxen.eu -f redxen.eu-signed -e "+90d" -o redxen.eu -t redxen.eu-cat -} +for i in $_modules; do + _authname="${i##auth_}" + if [ "${i%%_*}" = "auth" ]; then + checkdepends="$checkdepends redxen-data-bindzone-$_authname" + fi + subpackages="$subpackages $pkgname-$i:_module_ins" + source="$source $i.conf" +done check() { msg "Checking configuration validity" /usr/sbin/unbound-checkconf base.conf - /usr/sbin/unbound-checkconf acl.conf - /usr/sbin/unbound-checkconf rctrl.conf - /usr/sbin/unbound-checkconf internal.conf - # Cannot be checked because it expects files in a read-only path, not crucial - #/usr/sbin/unbound-checkconf auth-zones.conf - /usr/sbin/named-checkzone redxen.eu ./redxen.eu-signed - /usr/sbin/named-checkzone crxn ./crxn + for i in $_modules; do + /usr/sbin/unbound-checkconf "$i".conf + done + } package() { - for i in includes.conf base.conf acl.conf rctrl.conf internal.conf auth-redxen.conf auth-crxn.conf; do - install -Dm644 "$i" "$pkgdir"/etc/unbound/"$i" - done - # Unsigned zones - for i in crxn; do - install -Dm644 "$i" "$pkgdir"/etc/unbound/zones/"$i" - done - # Signed zones - for i in redxen.eu; do - install -Dm644 "$i-signed" "$pkgdir"/etc/unbound/zones/"${i%%-signed}" - install -Dm644 "dsset-$i." "$pkgdir"/etc/dns/"$i"/"dsset-$i." - done + rx_install base.conf } -acl() { - amove etc/unbound/acl.conf +_module_ins() { + _modname="${subpkgname##${pkgname}-}" + _authname="${_modname##auth_}" + if [ "${_modname%%_*}" = "auth" ]; then + msg "Matched auth zone $_authname, adding depends to bindzone" + depends="$depends redxen-data-bindzone-$_authname" + fi + _rx_installdir="$_rx_installdir/module" rx_install "$_modname".conf } -rctrl() { - amove etc/unbound/rctrl.conf -} - -internal() { - amove etc/unbound/internal.conf -} - -auth_rx() { - amove etc/unbound/auth-redxen.conf - amove etc/unbound/zones/redxen.eu - # Zone is signed, include the DS key in the package - amove etc/dns/redxen.eu -} - -auth_crxn() { - amove etc/unbound/auth-crxn.conf - amove etc/unbound/zones/crxn -} - -sha512sums="428b251c4bdd8ca0cd6174b3c76d5fb6acf25734dc75325fd06ce5e867b2ba9c25ddd5d485f17562b7d8cdea62708e04bd44e854d028de9688298cb018b86d54 includes.conf -d3754ced9d8055ff7f1d364a93c403bba3f220a60ea519bceee5e9c43112d6a00d20d15cf659fdd6ad6834cf14afd6ecb5d9e1497ff2932572fd970750655749 base.conf +sha512sums=" +bcb4c8e66d185f56751cc8f44ced802622abbd91bad08bae38b549d0e38438cd876784ac432ddd30347c4f6e5f0c205aafb085beecb1a58224074b3ac2b8f817 base.conf 75709787e0872197c83def93b343550934f6b2e4903873aaf72f357fb8b4a1d7c5b8ba84913f052ad01aeca03f58ca589a22bf867c1c2e40e01f9588c7c580c4 acl.conf d94ad338e2ea43c3ecdc62c861eddc0bb706807b738dd985309bcdf0b5fb435d7260bf272e2bbe40a774ec5b8fa49cbf23624c2c5213eea94f4f14aa3720abfa rctrl.conf -1eb7833b06f158f13b7c52ee14cd4e455acd9a8de344d6410092a5de98b1f4a62e209ce1e744cfc1a8afd588d3f54c5ce35a59ca31e3dd0fc16d517975fc6aa1 internal.conf -28c917fe7f69643887097553312c4f1ffc747dffdbf150430e6c4b2e5833567922810716cb59a27887915664777ac3263be3c826956f504499f0ebdcc0b3aac5 auth-redxen.conf -91847e65c48e585f298bb766b2b20c43f5380686b594233da3b722962b03f2f4c858bf299b745027dadd184408a87b1e85ebf03b027196756455afea69f79cf9 auth-crxn.conf -44ffaafac7f0255218aaa1d32e496df3cfa051972b2817aaabe4db802aa1e209f6022546126f93d2b349d431e82380568cfb1f48f2610b9aae4cd047fa26e8d0 redxen.eu -7a487f4f350310c2f1d3f7bf422352264b8ebe3dec1b5892685c59912aed8542711e253638d30f87e2b9b97144a12222de10ebe23ce6bb54a958ec7e5b35743d crxn" +a013d162067027aabde0ce0810bfa9ac7e329ad77a52c93afed2faa56f92c73f5933327b70c2ba5e0ef663852462185653aef5138c62da8043c19179cb3e2607 auth_redxen.conf +e678f22aa89a9df3db35921a20225abd2b0408ff1e6815b12ec135a740d95bc8a0669aebae3d0945e29c3896f43a0da88375a1c241fabcd410a65e47466c1f6d auth_crxn.conf +b854e0d09875653676336ffc9e36690b2abe1a565f25fafd9cd0940cb5b6d8bb57e1d43a7a9b072c11fcadc9073e1dceceea9a517e4d55bee1d217fd1bd759e6 auth_internal.conf +" diff --git a/config/unbound/auth-crxn.conf b/config/unbound/auth_crxn.conf similarity index 68% rename from config/unbound/auth-crxn.conf rename to config/unbound/auth_crxn.conf index 244696b..087a6d9 100644 --- a/config/unbound/auth-crxn.conf +++ b/config/unbound/auth_crxn.conf @@ -3,4 +3,4 @@ auth-zone: fallback-enabled: no for-downstream: yes for-upstream: yes - zonefile: "/etc/unbound/zones/crxn" + zonefile: "/etc/redxen/bindzone/crxn" diff --git a/config/unbound/auth_internal.conf b/config/unbound/auth_internal.conf new file mode 100644 index 0000000..fdf0b59 --- /dev/null +++ b/config/unbound/auth_internal.conf @@ -0,0 +1,6 @@ +auth-zone: + name: internal + fallback-enabled: no + for-downstream: yes + for-upstream: yes + zonefile: "/etc/redxen/bindzone/internal" diff --git a/config/unbound/auth-redxen.conf b/config/unbound/auth_redxen.conf similarity index 67% rename from config/unbound/auth-redxen.conf rename to config/unbound/auth_redxen.conf index bf78ddb..58be3ca 100644 --- a/config/unbound/auth-redxen.conf +++ b/config/unbound/auth_redxen.conf @@ -3,4 +3,4 @@ auth-zone: fallback-enabled: no for-downstream: yes for-upstream: yes - zonefile: "/etc/unbound/zones/redxen.eu" + zonefile: "/etc/redxen/bindzone/redxen.eu" diff --git a/config/unbound/base.conf b/config/unbound/base.conf index ea26228..cd90be6 100644 --- a/config/unbound/base.conf +++ b/config/unbound/base.conf @@ -20,3 +20,5 @@ server: serve-expired: yes serve-expired-ttl: 86400 serve-expired-ttl-reset: yes + +include: "/etc/redxen/unbound/module/*.conf" diff --git a/config/unbound/includes.conf b/config/unbound/includes.conf deleted file mode 100644 index 2415a14..0000000 --- a/config/unbound/includes.conf +++ /dev/null @@ -1,6 +0,0 @@ -include: "/etc/unbound/base.conf" -#include: "/etc/unbound/acl.conf" -#include: "/etc/unbound/rctrl.conf" -#include: "/etc/unbound/internal.conf" -#include: "/etc/unbound/auth-redxen.conf" -#include: "/etc/unbound/auth-crxn.conf" diff --git a/config/unbound/internal.conf b/config/unbound/internal.conf deleted file mode 100644 index 61b7c3a..0000000 --- a/config/unbound/internal.conf +++ /dev/null @@ -1,36 +0,0 @@ -server: - local-zone: "redxen.localhost." static - - # Machines - local-data: "8101153.nbg1-dc3.hetzner.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805" - local-data: "8201371.fsn1-dc14.hetzner.redxen.localhost. 86400 IN AAAA 200:8656:aa4:dc68:888:d92c:914b:866b" - local-data: "9013723.fsn1-dc14.hetzner.redxen.localhost. 86400 IN AAAA 200:2749:8af:bdf9:f011:997e:7bbb:35f3" - local-data: "9227948.nbg1-dc3.hetzner.redxen.localhost. 86400 IN AAAA 201:3b84:3e03:9e0f:4885:fb55:45f6:ebbd" - local-data: "9804624.nbg1-dc3.hetzner.redxen.localhost. 86400 IN AAAA 205:bb23:5a95:218e:3943:a6e:254e:a347" - - # Familiar names - local-data: "lain.nurnberg.hetzner.redxen.localhost. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.localhost." - local-data: "arisu.falkenstein.hetzner.redxen.localhost. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.localhost." - local-data: "chisa.falkenstein.hetzner.redxen.localhost. 86400 IN CNAME 9013723.fsn1-dc14.hetzner.redxen.localhost." - local-data: "masami.nurnberg.hetzner.redxen.localhost. 86400 IN CNAME 9227948.nbg1-dc3.hetzner.redxen.localhost." - local-data: "taro.nurnberg.hetzner.redxen.localhost. 86400 IN CNAME 9804624.nbg1-dc3.hetzner.redxen.localhost." - - # Services - local-data: "_grafana._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7577 8201371.fsn1-dc14.hetzner.redxen.localhost." - local-data: "_transmission._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7572 9013723.fsn1-dc14.hetzner.redxen.localhost." - local-data: "_gitea._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7570 9227948.nbg1-dc3.hetzner.redxen.localhost." - local-data: "_gitssh._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7571 9227948.nbg1-dc3.hetzner.redxen.localhost." - local-data: "_monerod._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7579 9804624.nbg1-dc3.hetzner.redxen.localhost." - # local-data: "_pleroma._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 8088 6051167.nbg1-dc3.hetzner.redxen.localhost." - - # NGINX servers - local-data: "_root._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7574 8101153.nbg1-dc3.hetzner.redxen.localhost." - local-data: "_seedown._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7574 9013723.fsn1-dc14.hetzner.redxen.localhost." - local-data: "_packages._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7574 8201371.fsn1-dc14.hetzner.redxen.localhost." - - # Services (no CNAME/SRV support) - local-data: "postgresql.routinginfo.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805" - local-data: "redis.routinginfo.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805" - local-data: "influxdb.routinginfo.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805" - local-data: "rspamd.routinginfo.redxen.localhost. 86400 IN AAAA 200:2749:8af:bdf9:f011:997e:7bbb:35f3" - local-data: "opendkim.routinginfo.redxen.localhost. 86400 IN AAAA 201:3b84:3e03:9e0f:4885:fb55:45f6:ebbd" diff --git a/config/varnish/APKBUILD b/config/varnish/APKBUILD deleted file mode 100644 index 61e8eaa..0000000 --- a/config/varnish/APKBUILD +++ /dev/null @@ -1,11 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_svcname=varnish - -. ../APKBUILD-config.common - -pkgver=2020.12.07 -pkgrel=1 -source="main.vcl" - -sha512sums="6674a942017c0f1be2ff6eefb9f2a92a0f7d615e4ce367e880bceef0ec2646f3aac4180f2bb32557ac9ae8590b02882d05afbc7478bee9069a8138945e6835fc main.vcl" diff --git a/config/varnish/main.vcl b/config/varnish/main.vcl deleted file mode 100644 index 44b860e..0000000 --- a/config/varnish/main.vcl +++ /dev/null @@ -1,73 +0,0 @@ -vcl 4.1; -import std; - -backend default { - .host = "127.0.0.1"; - .port = "7500"; - .max_connections = 300; - .first_byte_timeout = 240s; - .connect_timeout = 10s; - .between_bytes_timeout = 2s; -} -sub vcl_recv { - unset req.http.user-agent; - if ( req.method != "GET" && - req.method != "HEAD" && - req.method != "PUT" && - req.method != "POST" && - req.method != "TRACE" && - req.method != "OPTIONS" && - req.method != "PATCH" && - req.method != "DELETE") { - return (pipe); - } - if (req.method == "GET" || req.method == "HEAD") { - return (hash); - } - return (pass); -} -sub vcl_hash { - hash_data(req.url); - hash_data(req.http.host); - if (req.http.cookie ~ "pleroma_key|gitea_incredible|grafana_session") { - hash_data(req.http.cookie); - } - if (req.http.authorization) { - hash_data(req.http.authorization); - } - return (lookup); -} -sub vcl_backend_response { - set beresp.do_stream = false; - set beresp.do_gzip = true; - if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) { - if (bereq.is_bgfetch){ - return (abandon); - } - set beresp.uncacheable = true; - return (deliver); - } - if (beresp.http.Set-Cookie || beresp.http.Cache-Control ~ "no-cache|no-store|private") { - set beresp.uncacheable = true; - return (deliver); - } - if (beresp.http.ETag || beresp.http.Last-Modified || bereq.http.If-Modified-Since) { - set beresp.grace = 1h; - set beresp.keep = 12h; - } - if (beresp.status == 301) { - set beresp.ttl = 24h; - } - return (deliver); -} -sub vcl_deliver { - if (req.proto ~ "HTTP/2.0" && resp.http.keep-alive) { - unset resp.http.keep-alive; - } - if (obj.hits > 0) { - set resp.http.X-Cache = "HIT"; - } else { - set resp.http.X-Cache = "MISS"; - } - return (deliver); -} diff --git a/config/wireguard/APKBUILD b/config/wireguard/APKBUILD index da0d6d7..2113c90 100644 --- a/config/wireguard/APKBUILD +++ b/config/wireguard/APKBUILD @@ -1,25 +1,62 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=wireguard -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.05.17 -pkgrel=2 +pkgver=2021.06.01.03 +pkgrel=0 subpackages="$pkgname-sysctl" source=" + secret main.conf sysctl.conf " +_users="" + +build() { + . secret + : "${WIREGUARD_PRIVATEKEY:?'Private key missing'}" + + cp main.conf main.conf.private + rx_replace "WIREGUARD_PRIVATEKEY" "$WIREGUARD_PRIVATEKEY" main.conf.private + for i in $_users; do + msg "Added ${i#*::} as :${i%::*}" + printf "[Peer]\nPublicKey = %s\nAllowedIPs = 172.22.12.%s/32, fd42:42:42::2:%s/128\n" "${i#*::}" "${i%::*}" "${i%::*}" >> main.conf.private + done +} package() { - install -Dm400 main.conf "$pkgdir"/etc/wireguard/rxmain.conf + rx_install main.conf.private rxmain.conf } sysctl() { install_if="redxen-config-wireguard" - install -Dm644 "$srcdir"/sysctl.conf "$subpkgdir"/etc/sysctl.d/90-wireguard.conf + _rx_installdir="/etc/sysctl.d" rx_install sysctl.conf 90-wireguard.conf } -sha512sums="e07fc910ad58d739066b05af3e7d7f0f0bfda3aeb06118d94a836a1cc122ded158e0fec6a9b68e256613aefba000e67e6435cf378e0bd88814273c4a7e5a07b2 main.conf -b79ffbc64f2e193dc9402f7506b56b66892aa5387d13ac209ae344f9ce0f17aec3fdc503bf6855650d413dba3b66ffa3f937dd803850028579f5f5ed747c56b0 sysctl.conf" +adduser() { + for i in $@; do + _users="$_users $i" + done +} + +adduser "2::Xb+ASR5NdnIB+dXWEA4H0V3d0LC0KocKeFeQDyqDqjk=" \ + "3::kz9vLMnPtfka11n1EJpzHb4966ieJSo4BU1P2joHLXo=" # caskd +adduser "12::2FRcncz/oSmqFQLrHqICi4fEkgxrCeS9P8TTv5gcfCw=" # cherry +adduser "16::d459SqKVWko+wBhoFrU+yrFVM4BqI8FSmPtdrWepkw0=" # viggi +adduser "18::Fb8sYfZghohEpznWpt46x1cmmkymt2ksQL7fEBI6qlc=" # MartijnTim +adduser "20::QHx0BCbRDKXX3OvdZwX9jYN2BMJPcPj4r/gYekkBTXY=" \ + "21::THwCjbASYrGxjOiw/gvmiiXoQJpQF1LzLXbaEW8FVU4=" # Nova +adduser "24::zPg/v+EVJUhrSe1a3+ayzJuXakWUbgvcTgv3j4T11ks=" \ + "25::ht/GLP/r7WWM2JP0Ya+vdA7+aigoy9tY8b4wOm2VAUg=" \ + "26::PrGVHgZAM6vSK4I70QgYurIinKZE3b2Rrq5NQ8RDqS8=" # Shokara +adduser "30::S/4jSds8CNsyk1SjI03AxWtB3E9lhtW49dia+x9hoVs=" \ + "31::SFPtaY7fn632wJXIkVYFtaPop7fGoX6pEkTkqZklHXM=" \ + "32::g9hn9jKFUwU7cijAuleeDUL2EqiAOD8shY/pTAk0qTA=" \ + "33::JlvGHLrhbce2yQAQEgbnIduXNwswTW9VIkDwvtOEiVQ=" # deavmi + +sha512sums=" +72d9999cd7a0be1f334cdf4690c56dac591f6149176a74e70dda7f239d3a82e4c62077efb487e4f59d10b50e24a9d18e3afe0735e7418bf2a4b41623dabdeb87 secret +77aafee9d5af31710cf3d85788b7e61883348a9e42cf13fde34b1c30a9f3c825e8180605647435cf59cf7de731c0b5d2c1d868dbf9011033fde53128e134d08e main.conf +b79ffbc64f2e193dc9402f7506b56b66892aa5387d13ac209ae344f9ce0f17aec3fdc503bf6855650d413dba3b66ffa3f937dd803850028579f5f5ed747c56b0 sysctl.conf +" diff --git a/config/wireguard/main.conf b/config/wireguard/main.conf new file mode 100644 index 0000000..145f7cc --- /dev/null +++ b/config/wireguard/main.conf @@ -0,0 +1,4 @@ +[Interface] +Address = 172.22.12.1/24, fd42:42:42::2:1/120 +ListenPort = 51820 +PrivateKey = WIREGUARD_PRIVATEKEY diff --git a/config/xonotic/APKBUILD b/config/xonotic/APKBUILD index 011dc23..eafd4d5 100644 --- a/config/xonotic/APKBUILD +++ b/config/xonotic/APKBUILD @@ -1,12 +1,12 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=xonotic -_configpath="/etc/xonotic-server/redxen/data" -. ../APKBUILD-config.common +. ../APKBUILD-config.template -pkgver=2021.01.30 -pkgrel=7 +pkgver=2021.06.01.03 +pkgrel=0 source="server.cfg" -sha512sums="f875dc170b46d25914e2a1a09b0b1867f43c5eeea105931e5dd209a248e1a562d36541fc9d7f844f856d98a3adfb4dd1c66ebe6911fb2f15d7f56b7f3553a08b server.cfg" +sha512sums=" +f875dc170b46d25914e2a1a09b0b1867f43c5eeea105931e5dd209a248e1a562d36541fc9d7f844f856d98a3adfb4dd1c66ebe6911fb2f15d7f56b7f3553a08b server.cfg +" diff --git a/config/yggdrasil/APKBUILD b/config/yggdrasil/APKBUILD deleted file mode 100644 index ef87424..0000000 --- a/config/yggdrasil/APKBUILD +++ /dev/null @@ -1,12 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_svcname=yggdrasil -_cfgumask=600 - -. ../APKBUILD-config.common - -pkgver=2020.12.10 -pkgrel=2 -source="redxen.conf" - -sha512sums="630d13a1256257b804c37e167a08fa96e622d393bca1b2ec2f8f6f60f286b00954fa3ff07cd215e5835b18ef7fc8bedfc1d881303af80625936302f5d72b6496 redxen.conf" diff --git a/config/yggdrasil/redxen.conf b/config/yggdrasil/redxen.conf deleted file mode 100644 index b57390d..0000000 --- a/config/yggdrasil/redxen.conf +++ /dev/null @@ -1,10 +0,0 @@ -{ - Peers: [ - ] - Listen: [ - tls://0.0.0.0:7521 - ] - MulticastInterfaces: [] - AllowedEncryptionPublicKeys: [ - ] -} diff --git a/cron/APKBUILD-cron.common b/cron/APKBUILD-cron.common deleted file mode 100644 index 4d08b1c..0000000 --- a/cron/APKBUILD-cron.common +++ /dev/null @@ -1,8 +0,0 @@ -pkgname="redxen-cron-$_cronname" -pkgdesc="Cronjob files for $_cronname" -url="https://git.redxen.eu/RedXen/aports" -arch="noarch" -license="none" -depends="dcron" -options="!check" -builddir="$srcdir" diff --git a/cron/APKBUILD-cron.template b/cron/APKBUILD-cron.template new file mode 100644 index 0000000..bd32b9e --- /dev/null +++ b/cron/APKBUILD-cron.template @@ -0,0 +1,14 @@ +. ../../APKBUILD.template + +: ${pkgname:?"No package prefix provided"} + +pkgname="$pkgname-cron-$_rx_pkgname" +pkgdesc="RedXen cronjobs: $_rx_pkgname" +depends="dcron" +_rx_fperm=544 + +package() { + for i in $source; do + _rx_installdir="/etc/periodic/$i" rx_install "$i" "$_rx_pkgname" + done +} diff --git a/cron/dovecot/APKBUILD b/cron/dovecot/APKBUILD deleted file mode 100644 index 04dee23..0000000 --- a/cron/dovecot/APKBUILD +++ /dev/null @@ -1,17 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_cronname=dovecot - -. ../APKBUILD-cron.common - -pkgver=2021.01.29 -pkgrel=0 -install_if="redxen-config-dovecot" -source="cron-daily" - -package() { - mkdir -p "$pkgdir"/var/mail/snapshots - install -Dm544 cron-daily "$pkgdir"/etc/periodic/daily/snapshot-mail -} - -sha512sums="f89295c25569d57bd5b52255d06036be3d5bd8e40c2f9eeb8f4d6468d2dd510e9c7382348936f47e075d64105888fba9c6a2245c419acea862cd20f6339b1d42 cron-daily" diff --git a/cron/gitea/APKBUILD b/cron/gitea/APKBUILD deleted file mode 100644 index 854575c..0000000 --- a/cron/gitea/APKBUILD +++ /dev/null @@ -1,17 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_cronname=gitea - -. ../APKBUILD-cron.common - -pkgver=2021.01.29 -pkgrel=0 -install_if="redxen-config-gitea" -source="cron-daily" - -package() { - install -dm700 "$pkgdir"/gitea/snapshots - install -Dm544 cron-daily "$pkgdir"/etc/periodic/daily/snapshot-gitea -} - -sha512sums="1628ddf15426b3f6aeb03d81e2f12d701925f943ddf77da2b9af0b44c10baaf5be6f1f8a9a2bff17d09242127dde54d9fdf06bdc3826fb8ff4e35ec28f3da644 cron-daily" diff --git a/cron/influxdb/APKBUILD b/cron/influxdb/APKBUILD deleted file mode 100644 index 70c1bcb..0000000 --- a/cron/influxdb/APKBUILD +++ /dev/null @@ -1,17 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_cronname=influxdb - -. ../APKBUILD-cron.common - -pkgver=2021.01.29 -pkgrel=0 -install_if="redxen-config-influxdb" -source="cron-daily" - -package() { - install -dm700 "$pkgdir"/var/lib/influxdb/snapshots - install -Dm544 cron-daily "$pkgdir"/etc/periodic/daily/snapshot-influxdb -} - -sha512sums="11069cdc37181ec5e131164fad9a6215278fd50954ec4dace0eac059a5b665fc514e5285823191c27a76ce2a3215dbc10158c8e5dfcd01b6a3b04b0d5b3f1907 cron-daily" diff --git a/cron/postgresql/APKBUILD b/cron/postgresql/APKBUILD deleted file mode 100644 index 52f335c..0000000 --- a/cron/postgresql/APKBUILD +++ /dev/null @@ -1,17 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_cronname=postgresql - -. ../APKBUILD-cron.common - -pkgver=2021.01.29 -pkgrel=0 -install_if="redxen-config-postgresql" -source="cron-daily" - -package() { - install -dm700 "$pkgdir"/var/lib/postgresql/redxen_snapshots - install -Dm544 cron-daily "$pkgdir"/etc/periodic/daily/snapshot-postgresql -} - -sha512sums="c6dfc277e98287d715651a3b54a9661c527dac4cc4be932a23888a5cfa659fc971ffa20982820c9a91064dad90968124b5764e9827a4ecf038b35b4cce5d430b cron-daily" diff --git a/cron/redis/APKBUILD b/cron/redis/APKBUILD deleted file mode 100644 index a05454c..0000000 --- a/cron/redis/APKBUILD +++ /dev/null @@ -1,17 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_cronname=redis - -. ../APKBUILD-cron.common - -pkgver=2021.01.29 -pkgrel=0 -install_if="redxen-config-redis" -source="cron-daily" - -package() { - install -dm700 "$pkgdir"/var/lib/redis/snapshots - install -Dm544 cron-daily "$pkgdir"/etc/periodic/daily/snapshot-redis -} - -sha512sums="216621fc0e36d2c86a808b3c855e04197c21a769b89f7d661eeee0661b2648a42cd453ac217f6f693a389f5bbfcee3dd990183c3b3a780977a83e97dfb836cd5 cron-daily" diff --git a/cron/snapshot-dovecot/APKBUILD b/cron/snapshot-dovecot/APKBUILD new file mode 100644 index 0000000..d3e209e --- /dev/null +++ b/cron/snapshot-dovecot/APKBUILD @@ -0,0 +1,13 @@ +# Contributor: Alex Denes +# Maintainer: Alex Denes + +. ../APKBUILD-cron.template + +pkgver=2021.06.01.03 +pkgrel=0 +install_if="redxen-config-dovecot" +source="daily" + +sha512sums=" +f89295c25569d57bd5b52255d06036be3d5bd8e40c2f9eeb8f4d6468d2dd510e9c7382348936f47e075d64105888fba9c6a2245c419acea862cd20f6339b1d42 daily +" diff --git a/cron/dovecot/cron-daily b/cron/snapshot-dovecot/daily similarity index 100% rename from cron/dovecot/cron-daily rename to cron/snapshot-dovecot/daily diff --git a/cron/snapshot-gitea/APKBUILD b/cron/snapshot-gitea/APKBUILD new file mode 100644 index 0000000..0e8d702 --- /dev/null +++ b/cron/snapshot-gitea/APKBUILD @@ -0,0 +1,13 @@ +# Contributor: Alex Denes +# Maintainer: Alex Denes + +. ../APKBUILD-cron.template + +pkgver=2021.06.01.03 +pkgrel=0 +install_if="redxen-config-gitea" +source="daily" + +sha512sums=" +1628ddf15426b3f6aeb03d81e2f12d701925f943ddf77da2b9af0b44c10baaf5be6f1f8a9a2bff17d09242127dde54d9fdf06bdc3826fb8ff4e35ec28f3da644 daily +" diff --git a/cron/gitea/cron-daily b/cron/snapshot-gitea/daily similarity index 100% rename from cron/gitea/cron-daily rename to cron/snapshot-gitea/daily diff --git a/cron/snapshot-influxdb/APKBUILD b/cron/snapshot-influxdb/APKBUILD new file mode 100644 index 0000000..fda0449 --- /dev/null +++ b/cron/snapshot-influxdb/APKBUILD @@ -0,0 +1,13 @@ +# Contributor: Alex Denes +# Maintainer: Alex Denes + +. ../APKBUILD-cron.template + +pkgver=2021.06.01.03 +pkgrel=0 +install_if="redxen-config-influxdb" +source="daily" + +sha512sums=" +11069cdc37181ec5e131164fad9a6215278fd50954ec4dace0eac059a5b665fc514e5285823191c27a76ce2a3215dbc10158c8e5dfcd01b6a3b04b0d5b3f1907 daily +" diff --git a/cron/influxdb/cron-daily b/cron/snapshot-influxdb/daily similarity index 100% rename from cron/influxdb/cron-daily rename to cron/snapshot-influxdb/daily diff --git a/cron/snapshot-postgresql/APKBUILD b/cron/snapshot-postgresql/APKBUILD new file mode 100644 index 0000000..78bb105 --- /dev/null +++ b/cron/snapshot-postgresql/APKBUILD @@ -0,0 +1,13 @@ +# Contributor: Alex Denes +# Maintainer: Alex Denes + +. ../APKBUILD-cron.template + +pkgver=2021.06.01.03 +pkgrel=0 +install_if="redxen-config-postgresql" +source="daily" + +sha512sums=" +c6dfc277e98287d715651a3b54a9661c527dac4cc4be932a23888a5cfa659fc971ffa20982820c9a91064dad90968124b5764e9827a4ecf038b35b4cce5d430b daily +" diff --git a/cron/postgresql/cron-daily b/cron/snapshot-postgresql/daily similarity index 100% rename from cron/postgresql/cron-daily rename to cron/snapshot-postgresql/daily diff --git a/cron/snapshot-redis/APKBUILD b/cron/snapshot-redis/APKBUILD new file mode 100644 index 0000000..7295dd5 --- /dev/null +++ b/cron/snapshot-redis/APKBUILD @@ -0,0 +1,13 @@ +# Contributor: Alex Denes +# Maintainer: Alex Denes + +. ../APKBUILD-cron.template + +pkgver=2021.06.01.03 +pkgrel=0 +install_if="redxen-config-redis" +source="daily" + +sha512sums=" +216621fc0e36d2c86a808b3c855e04197c21a769b89f7d661eeee0661b2648a42cd453ac217f6f693a389f5bbfcee3dd990183c3b3a780977a83e97dfb836cd5 daily +" diff --git a/cron/redis/cron-daily b/cron/snapshot-redis/daily similarity index 100% rename from cron/redis/cron-daily rename to cron/snapshot-redis/daily diff --git a/data/APKBUILD-data.template b/data/APKBUILD-data.template new file mode 100644 index 0000000..13cc396 --- /dev/null +++ b/data/APKBUILD-data.template @@ -0,0 +1,6 @@ +. ../../APKBUILD.template + +: ${pkgname:?"No package prefix provided"} + +pkgname="$pkgname-data-$_rx_pkgname" +pkgdesc="RedXen static data: $_rx_pkgname" diff --git a/data/bindzone/APKBUILD b/data/bindzone/APKBUILD new file mode 100644 index 0000000..c11cc70 --- /dev/null +++ b/data/bindzone/APKBUILD @@ -0,0 +1,70 @@ +# Contributor: Alex Denes +# Maintainer: Alex Denes + +. ../APKBUILD-data.template + +pkgver=2021.06.01.05 +pkgrel=0 +checkdepends="bind-tools" +makedepends=" + bind-dnssec-tools + redxen-secret-opendkim-dns~2021.05.31.01 + redxen-secret-dnssec~2021.05.31.01 +" +subpackages="$pkgname-redxen $pkgname-crxn $pkgname-internal" +options="" +source=" + redxen.eu + crxn + internal +" + +prepare() { + default_prepare + + # Create a copy for every zone + for i in $source; do + cp "$i" "$i"-mod + done +} + +check() { + msg "Checking zone validity" + for i in $source; do + /usr/sbin/named-checkzone "$i" ./"$i"-mod + done +} + +build() { + # Add OpenDKIM to redxen.eu + cat /etc/redxen/opendkim/dns-record >> redxen.eu-mod + + # Add KSK/ZSK keys to redxen.eu + cat /etc/redxen/dnssec/redxen.eu/*.key >> redxen.eu-mod + + # Sign redxen.eu zone + msg "Signing redxen.eu zone" + dnssec-signzone -K /etc/redxen/dnssec/redxen.eu -f redxen.eu-mod -e "+90d" -o redxen.eu -t redxen.eu-mod +} + +package() { + mkdir -p "$(rx_cpkgdir)" +} + +redxen() { + rx_install "redxen.eu-mod" "redxen.eu" +} + +crxn() { + rx_install "crxn-mod" "crxn" +} + +internal() { + rx_install "internal-mod" "internal" +} + +sha512sums=" +192e64510a78727130f1ed52e5c46741d585799c11c2140e5c29357f569f77143197f89833d9cbadaf6e5d62816db6f2551e54c39b690f8f8bffaa2c23aa07ee redxen.eu +7a487f4f350310c2f1d3f7bf422352264b8ebe3dec1b5892685c59912aed8542711e253638d30f87e2b9b97144a12222de10ebe23ce6bb54a958ec7e5b35743d crxn +6a01e20d7ae24b3afceddb9cdf4accc3374dedc6166b6ce4749c760d40d9eeb690952b4142e05995375d58e952948f0943958c4399c8e2a7121c1312597eaaa6 internal +" diff --git a/config/unbound/zones/crxn b/data/bindzone/crxn similarity index 100% rename from config/unbound/zones/crxn rename to data/bindzone/crxn diff --git a/data/bindzone/internal b/data/bindzone/internal new file mode 100644 index 0000000..22e7bc1 --- /dev/null +++ b/data/bindzone/internal @@ -0,0 +1,41 @@ +; +; .internal zonefile for internal RedXen usage +; + +@ IN SOA 12180625.nbg1-dc3.hetzner admin.redxen.eu. 2021060101 ( 1800 120 604800 3600 ) + +; NS records +@ IN NS @ +@ 86400 IN A 127.0.0.1 +@ 86400 IN AAAA ::1 + +; Machines +12180623.nbg1-dc3.hetzner 86400 IN A 10.10.0.2 +12180621.nbg1-dc3.hetzner 86400 IN A 10.10.0.3 +12180625.nbg1-dc3.hetzner 86400 IN A 10.10.0.4 +12180710.fsn1-dc14.hetzner 86400 IN A 10.10.0.5 +12180711.fsn1-dc14.hetzner 86400 IN A 10.10.0.6 + +; Familiar names +chisa.nurnberg.hetzner 86400 IN CNAME 12180623.nbg1-dc3.hetzner +karu.nurnberg.hetzner 86400 IN CNAME 12180621.nbg1-dc3.hetzner +rein.nurnberg.hetzner 86400 IN CNAME 12180625.nbg1-dc3.hetzner +masami.falkenstein.hetzner 86400 IN CNAME 12180710.fsn1-dc14.hetzner +lin.falkenstein.hetzner 86400 IN CNAME 12180711.fsn1-dc14.hetzner + +; Services +_grafana._tcp.routinginfo 60 IN SRV 0 5 7577 12180710.fsn1-dc14.hetzner +_gitea._tcp.routinginfo 60 IN SRV 0 5 7570 12180710.fsn1-dc14.hetzner +_gitssh._tcp.routinginfo 60 IN SRV 0 5 7571 12180710.fsn1-dc14.hetzner +_monerod._tcp.routinginfo 60 IN SRV 0 5 7579 12180625.nbg1-dc3.hetzner +_root._tcp.routinginfo 60 IN SRV 0 5 7575 12180710.fsn1-dc14.hetzner +_packages._tcp.routinginfo 60 IN SRV 0 5 7574 12180710.fsn1-dc14.hetzner + +postgresql.routinginfo 86400 IN CNAME 12180625.nbg1-dc3.hetzner +redis.routinginfo 86400 IN CNAME 12180625.nbg1-dc3.hetzner +influxdb.routinginfo 86400 IN CNAME 12180625.nbg1-dc3.hetzner +rspamd.routinginfo 86400 IN CNAME 12180623.nbg1-dc3.hetzner +opendkim.routinginfo 86400 IN CNAME 12180623.nbg1-dc3.hetzner +dovecot.routinginfo 86400 IN CNAME 12180623.nbg1-dc3.hetzner +postfix.routinginfo 86400 IN CNAME 12180623.nbg1-dc3.hetzner +murmur.routinginfo 86400 IN CNAME 12180623.nbg1-dc3.hetzner diff --git a/config/unbound/zones/redxen.eu b/data/bindzone/redxen.eu similarity index 61% rename from config/unbound/zones/redxen.eu rename to data/bindzone/redxen.eu index 73b66d3..d4dd609 100644 --- a/config/unbound/zones/redxen.eu +++ b/data/bindzone/redxen.eu @@ -2,7 +2,7 @@ ; redxen.eu zonefile ; -@ IN SOA 8101153.nbg1-dc3.hetzner admin 2021040501 ( 1800 +@ 86400 IN SOA 12180711.nbg1-dc3.hetzner admin 2021060101 ( 1800 120 604800 3600 ) @@ -10,8 +10,8 @@ ; ; Nameservers (NS) ; -@ 10800 IN NS 8101153.nbg1-dc3.hetzner -@ 10800 IN NS 8201371.fsn1-dc14.hetzner +@ 10800 IN NS 12180621.nbg1-dc3.hetzner +@ 10800 IN NS 12180711.fsn1-dc14.hetzner ; ; Machines (A/AAAA) @@ -28,25 +28,37 @@ 9804624.nbg1-dc3.hetzner 86400 IN A 78.47.105.82 9804624.nbg1-dc3.hetzner 86400 IN AAAA 2a01:4f8:c0c:a5ee::1 +; New servers +12180623.nbg1-dc3.hetzner 86400 IN A 157.90.22.104 +12180623.nbg1-dc3.hetzner 86400 IN AAAA 2a01:4f8:c2c:b2fc::1 +12180621.nbg1-dc3.hetzner 86400 IN A 157.90.160.106 +12180621.nbg1-dc3.hetzner 86400 IN AAAA 2a01:4f8:c2c:8d34::1 +12180625.nbg1-dc3.hetzner 86400 IN A 162.55.191.184 +12180625.nbg1-dc3.hetzner 86400 IN AAAA 2a01:4f8:1c1c:c412::1 +12180710.fsn1-dc14.hetzner 86400 IN A 162.55.167.227 +12180710.fsn1-dc14.hetzner 86400 IN AAAA 2a01:4f8:c010:91ff::1 +12180711.fsn1-dc14.hetzner 86400 IN A 162.55.167.240 +12180711.fsn1-dc14.hetzner 86400 IN AAAA 2a01:4f8:c010:920a::1 + ; ; Familiar records (CNAME) ; These can be duplicates if they somehow collide. ; -lain.nurnberg.hetzner 86400 IN CNAME 8101153.nbg1-dc3.hetzner -arisu.falkenstein.hetzner 86400 IN CNAME 8201371.fsn1-dc14.hetzner -chisa.falkenstein.hetzner 86400 IN CNAME 9013723.fsn1-dc14.hetzner -masami.nurnberg.hetzner 86400 IN CNAME 9227948.nbg1-dc3.hetzner -taro.nurnberg.hetzner 86400 IN CNAME 9804624.nbg1-dc3.hetzner +chisa.nurnberg.hetzner 86400 IN CNAME 12180623.nbg1-dc3.hetzner +karu.nurnberg.hetzner 86400 IN CNAME 12180621.nbg1-dc3.hetzner +rein.nurnberg.hetzner 86400 IN CNAME 12180625.nbg1-dc3.hetzner +masami.falkenstein.hetzner 86400 IN CNAME 12180710.fsn1-dc14.hetzner +lin.falkenstein.hetzner 86400 IN CNAME 12180711.fsn1-dc14.hetzner ; ; Servers ; ; Frontend -@ 10800 IN A 94.130.110.3 -@ 10800 IN A 78.46.207.237 -@ 10800 IN AAAA 2a01:4f8:c0c:9a10::1 -@ 10800 IN AAAA 2a01:4f8:c17:436e::1 +@ 10800 IN A 157.90.160.106 +@ 10800 IN AAAA 2a01:4f8:c2c:8d34::1 +@ 10800 IN A 162.55.167.240 +@ 10800 IN AAAA 2a01:4f8:c010:920a::1 ; ; Services @@ -62,36 +74,35 @@ seed 10800 IN CNAME @ monerod 10800 IN CNAME @ ; MoneroD RPC ; Wireguard -wireguard 10800 IN CNAME 9013723.fsn1-dc14.hetzner +wireguard 10800 IN CNAME 12180621.nbg1-dc3.hetzner ; Mumble -mumble 10800 IN CNAME 8201371.fsn1-dc14.hetzner +mumble 10800 IN CNAME 12180623.nbg1-dc3.hetzner ; Xonotic -xonotic 10800 IN CNAME 9804624.nbg1-dc3.hetzner +; xonotic 10800 IN CNAME 9804624.nbg1-dc3.hetzner ; Minetest -minetest 10800 IN CNAME 9804624.nbg1-dc3.hetzner +; minetest 10800 IN CNAME 9804624.nbg1-dc3.hetzner ; Mail @ 10800 IN MX 10 mail ; MX mustn't be a alias -mail 10800 IN A 168.119.232.42 -mail 10800 IN AAAA 2a01:4f8:1c0c:7ef6::1 +mail 10800 IN A 157.90.22.104 +mail 10800 IN AAAA 2a01:4f8:c2c:b2fc::1 -smtp 10800 IN CNAME 9227948.nbg1-dc3.hetzner -imap 10800 IN CNAME 9227948.nbg1-dc3.hetzner +smtp 10800 IN CNAME 12180623.nbg1-dc3.hetzner +imap 10800 IN CNAME 12180623.nbg1-dc3.hetzner @ 10800 IN TXT "v=spf1 mx -all" _DMARC 10800 IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@redxen.eu; ruf=mailto:postmaster@redxen.eu; fo=1; pct=100" ; Mumble -_mumble._tcp 10800 IN SRV 0 5 64738 8101153.nbg1-dc3.hetzner -_mumble._tcp 10800 IN SRV 0 5 64738 8201371.fsn1-dc14.hetzner +_mumble._tcp 10800 IN SRV 0 5 64738 12180623.nbg1-dc3.hetzner ; ACME -_acme-challenge 300 IN TXT "---" -_acme-challenge 300 IN TXT "---" +; _acme-challenge 300 IN TXT "---" +; _acme-challenge 300 IN TXT "---" ; Build-time records and custom ones diff --git a/data/cherry-gmod/APKBUILD b/data/cherry-gmod/APKBUILD index 07b1eb5..1541c7c 100644 --- a/data/cherry-gmod/APKBUILD +++ b/data/cherry-gmod/APKBUILD @@ -1,19 +1,15 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -pkgname=redxen-data-cherry-gmod -pkgver=2020.12.29 + +. ../APKBUILD-data.template + +pkgver=2021.06.01.03 pkgrel=0 _commit="ae7a7a01579178da91bb176e744d3d90d9b2e484" -pkgdesc="Cherry's loading screen files" url="https://git.redxen.eu/IPTG/GMOD-Loadscreen" -arch="noarch" -license="none" depends="redxen-config-nginx-homepage" makedepends="nodejs-less" -options="!check" # No checks possible -source=" - https://git.redxen.eu/IPTG/GMOD-Loadscreen/archive/$_commit.tar.gz -" +source="https://git.redxen.eu/IPTG/GMOD-Loadscreen/archive/$_commit.tar.gz" builddir="$srcdir/gmod-loadscreen" build() { @@ -21,10 +17,11 @@ build() { } package() { - mkdir -p "$pkgdir"/usr/share/redxen/homepage/pub - mv "$builddir" "$pkgdir"/usr/share/redxen/homepage/pub/cherry - chown -Rv root:www-data "$pkgdir"/usr/share/redxen/homepage + mkdir -p "$(rx_cpkgdir)"/usr/share/redxen/homepage/pub + mv "$builddir" "$(rx_cpkgdir)"/usr/share/redxen/homepage/pub/cherry } -sha512sums="e1ef7fcc271766493f2011aaeb614db55019015d1274552ec7f326c209bcf57f47f704a2f0149fdc43c6c1926717fadceed4b1ff5228c3598280ba485ce342f3 ae7a7a01579178da91bb176e744d3d90d9b2e484.tar.gz" +sha512sums=" +e1ef7fcc271766493f2011aaeb614db55019015d1274552ec7f326c209bcf57f47f704a2f0149fdc43c6c1926717fadceed4b1ff5228c3598280ba485ce342f3 ae7a7a01579178da91bb176e744d3d90d9b2e484.tar.gz +" diff --git a/data/gitea-theme/APKBUILD b/data/gitea-theme/APKBUILD index 3b5feb4..600e9ca 100644 --- a/data/gitea-theme/APKBUILD +++ b/data/gitea-theme/APKBUILD @@ -1,19 +1,15 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -pkgname=redxen-data-gitea-theme -pkgver=2021.04.30 + +. ../APKBUILD-data.template + +pkgver=2021.06.01.03 pkgrel=0 -pkgdesc="Gitea customization files" -url="https://git.redxen.eu/RedXen" -arch="noarch" -license="none" makedepends="imagemagick" -options="!check" # No checks possible -source=" - logo.svg -" -builddir="$srcdir" -_customroot="usr/share/gitea/custom" +source="logo.svg" +_customroot="/usr/share/gitea/custom" +_rx_installdir="$_customroot/public/img" +_rx_fperm=444 # Public, static resources build() { sizes="120 180 192 512 880" @@ -24,16 +20,18 @@ build() { } package() { - install -Dm644 logo-120.png "$pkgdir"/"$_customroot"/public/img/gitea-sm.png - install -Dm644 logo-180.png "$pkgdir"/"$_customroot"/public/img/favicon.png - install -Dm644 logo-180.png "$pkgdir"/"$_customroot"/public/img/apple-touch-icon.png - install -Dm644 logo-192.png "$pkgdir"/"$_customroot"/public/img/gitea-192.png - install -Dm644 logo-512.png "$pkgdir"/"$_customroot"/public/img/gitea-512.png - install -Dm644 logo-880.png "$pkgdir"/"$_customroot"/public/img/gitea-lg.png + rx_install logo-120.png gitea-sm.png + rx_install logo-180.png favicon.png + rx_install logo-180.png apple-touch-icon.png + rx_install logo-192.png gitea-192.png + rx_install logo-512.png gitea-512.png + rx_install logo-880.png gitea-lg.png - install -Dm644 logo.svg "$pkgdir"/"$_customroot"/public/img/logo.svg - install -Dm644 logo.svg "$pkgdir"/"$_customroot"/public/img/favicon.svg - install -Dm644 logo.svg "$pkgdir"/"$_customroot"/public/img/gitea-safari.svg + rx_install logo.svg logo.svg + rx_install logo.svg favicon.svg + rx_install logo.svg gitea-safari.svg } -sha512sums="d706ce4edaeccf6fbcea779a55046a20af136a3b9235e35f84c41e6f0aa7ddcae8fa3568d87e8d2f8be4f799c7cfd9f8b4b0ac653c0b4687d498eda25fc3864b logo.svg" +sha512sums=" +d706ce4edaeccf6fbcea779a55046a20af136a3b9235e35f84c41e6f0aa7ddcae8fa3568d87e8d2f8be4f799c7cfd9f8b4b0ac653c0b4687d498eda25fc3864b logo.svg +" diff --git a/data/haproxy-errorpages/APKBUILD b/data/haproxy-errorpages/APKBUILD index 39e3267..99ae167 100644 --- a/data/haproxy-errorpages/APKBUILD +++ b/data/haproxy-errorpages/APKBUILD @@ -1,22 +1,22 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -pkgname=redxen-data-haproxy-errorpages -pkgver=2020.10.12 + +. ../APKBUILD-data.template + +pkgver=2021.06.01.03 pkgrel=0 _commit="d2eafb66f5d082f0d492e21cc07bb6636767ff7c" -pkgdesc="Errorpages for HAProxy" -url="https://git.redxen.eu/RedXen/Homepage" -arch="noarch" -license="none" -options="!check" # No checks possible -source=" - https://git.redxen.eu/RedXen/haproxy-errpages/archive/$_commit.tar.gz -" +source="https://git.redxen.eu/RedXen/haproxy-errpages/archive/$_commit.tar.gz" builddir="$srcdir/haproxy-errpages" +_rx_installdir="/etc/redxen/haproxy/errorpages" +_rx_fperm=444 # Public, static resources package() { - install -d "$pkgdir"/etc/haproxy/errorpages - install -Dm444 *.http "$pkgdir"/etc/haproxy/errorpages + for i in *.http; do + rx_install "$i" + done } -sha512sums="3b1f8e8273d25bae611715476806011191d4bf85c86149dd279d950b48c0da70ddd838cbb8ffb79513a9b75cbc493e9ab4128edc66ead50c354201f99b7f6d45 d2eafb66f5d082f0d492e21cc07bb6636767ff7c.tar.gz" +sha512sums=" +3b1f8e8273d25bae611715476806011191d4bf85c86149dd279d950b48c0da70ddd838cbb8ffb79513a9b75cbc493e9ab4128edc66ead50c354201f99b7f6d45 d2eafb66f5d082f0d492e21cc07bb6636767ff7c.tar.gz +" diff --git a/data/homepage/APKBUILD b/data/homepage/APKBUILD index d4090cd..aefcfd5 100644 --- a/data/homepage/APKBUILD +++ b/data/homepage/APKBUILD @@ -1,29 +1,27 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -pkgname=redxen-data-homepage -pkgver=2021.05.03 + +. ../APKBUILD-data.template + +pkgver=2021.06.01.03 pkgrel=0 _commit="8dcae275e38e3e5a6ca3394234e1c8ec4e202f43" -pkgdesc="Homepage files" url="https://git.redxen.eu/RedXen/Homepage" -arch="noarch" -license="none" makedepends="nodejs-less" -options="!check" # No checks possible -source=" - https://git.redxen.eu/RedXen/Homepage/archive/$_commit.tar.gz -" +source="https://git.redxen.eu/RedXen/Homepage/archive/$_commit.tar.gz" builddir="$srcdir/homepage" +_rx_fperm=444 # Public, static resources build() { lessc css/main.less > css/main.css } package() { - mkdir -p "$pkgdir"/usr/share/redxen - mv "$builddir" "$pkgdir"/usr/share/redxen/homepage - chown -Rv root:www-data "$pkgdir"/usr/share/redxen/homepage + mkdir -p "$(rx_cpkgdir)"/usr/share/redxen + mv "$builddir" "$(rx_cpkgdir)"/usr/share/redxen/homepage } -sha512sums="89a67718320180faf2ae332eca4e0fd0810efb01799e20b4ae563d98eeee35ee3a64035ab4a9f13a296cb5bfd0e087e9368294400a5350da9bae3a70914ee469 8dcae275e38e3e5a6ca3394234e1c8ec4e202f43.tar.gz" +sha512sums=" +89a67718320180faf2ae332eca4e0fd0810efb01799e20b4ae563d98eeee35ee3a64035ab4a9f13a296cb5bfd0e087e9368294400a5350da9bae3a70914ee469 8dcae275e38e3e5a6ca3394234e1c8ec4e202f43.tar.gz +" diff --git a/data/pgpkeys/APKBUILD b/data/pgpkeys/APKBUILD index 85c463a..6ac2697 100644 --- a/data/pgpkeys/APKBUILD +++ b/data/pgpkeys/APKBUILD @@ -1,23 +1,18 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -pkgname=redxen-data-pgpkeys -pkgver=2021.05.08 -pkgrel=1 + +. ../APKBUILD-data.template + +pkgver=2021.06.01.03 +pkgrel=0 pkgdesc="PGP keys hosted on redxen.eu/pub/pgp" -url="https://git.redxen.eu/RedXen" -arch="noarch" -license="none" depends="redxen-config-nginx-homepage" source=" caskd.gpg " -options="!check" -builddir="$srcdir" +_rx_installdir="/usr/share/redxen/homepage/pub/pgp" +_rx_fperm=444 # Public, static resources -package() { - for i in $source; do - install -Dm644 $i "$pkgdir"/usr/share/redxen/homepage/pub/pgp/$i - done -} - -sha512sums="3f0a24b75d6df750eb0cab30787719e4f17bb3238072a0eb19acbbd34e5bc1767b9bb411e464a1b1539c38a5573688997ed55a23a82bfe980277547bcf0f3a9e caskd.gpg" +sha512sums=" +3f0a24b75d6df750eb0cab30787719e4f17bb3238072a0eb19acbbd34e5bc1767b9bb411e464a1b1539c38a5573688997ed55a23a82bfe980277547bcf0f3a9e caskd.gpg +" diff --git a/data/seedbox-blocklist/APKBUILD b/data/seedbox-blocklist/APKBUILD index c80524f..2fbdebe 100644 --- a/data/seedbox-blocklist/APKBUILD +++ b/data/seedbox-blocklist/APKBUILD @@ -1,20 +1,17 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -pkgname=redxen-data-seedbox-blocklist -pkgver="$(date +'%Y.%m.%d')" + +. ../APKBUILD-data.template + pkgrel=0 -pkgdesc="Blocklist creation" -url="https://git.redxen.eu/RedXen" -arch="noarch" -license="none" -options="!check" # No checks possible source=" level1.gz::http://list.iblocklist.com/?list=ydxerpxkpcfqjaybcssw&fileformat=p2p&archiveformat=gz level2.gz::http://list.iblocklist.com/?list=gyisgnzbhppbvsphucsw&fileformat=p2p&archiveformat=gz level3.gz::http://list.iblocklist.com/?list=uwnukjqktoggdknzrhgh&fileformat=p2p&archiveformat=gz badpeers.gz::http://list.iblocklist.com/?list=cwworuawihqvocglcoss&fileformat=p2p&archiveformat=gz " -builddir="$srcdir" +_rx_installdir="/etc/redxen/transmission/blocklists" +_rx_fperm=444 # Public, static resources package() { gzip -d > level1 < level1.gz @@ -22,11 +19,13 @@ package() { gzip -d > level3 < level3.gz gzip -d > badpeers < badpeers.gz cat level1 level2 level3 badpeers > blocklist - install -Dm644 blocklist "$pkgdir"/etc/transmission/blocklists/blocklist + rx_install blocklist } -sha512sums="06ba5454e48b303b6d33197f1fba6407fe2ec75cf710fce5f7319a52d72e0ff97fba7340f36ac8e6f0a2160bceef58c977c7a6311b33c7ada0e726355bd68d8f level1.gz +sha512sums=" +06ba5454e48b303b6d33197f1fba6407fe2ec75cf710fce5f7319a52d72e0ff97fba7340f36ac8e6f0a2160bceef58c977c7a6311b33c7ada0e726355bd68d8f level1.gz 409a70275f3b270e24307cf90df92494869cedd4f5094444fd3ac4e2b2182798f8a483516ae6c3da08ee034eaf3e4d0f850855295e7d0a0b08118ce48684ed49 level2.gz ea9f3c62353ee307f9a0d7aacd0c9ef8cdfda61a98ebc62e78a8f6753796faf675ceb2a924d432c442546ca501d4e181efecc0315de9cf62349cccdf4aa4e3e1 level3.gz -f8afc36ed30a42d88b4a11ab7c2cfcf2dcd63a2727166578258820b2e6629612f809e33f1635a9c7d2374ada1f724bc44802e296efd60831df5b9802e846360d badpeers.gz" +f8afc36ed30a42d88b4a11ab7c2cfcf2dcd63a2727166578258820b2e6629612f809e33f1635a9c7d2374ada1f724bc44802e296efd60831df5b9802e846360d badpeers.gz +" diff --git a/data/signkey/APKBUILD b/data/signkey/APKBUILD index 6bad6a7..44b9f23 100644 --- a/data/signkey/APKBUILD +++ b/data/signkey/APKBUILD @@ -1,21 +1,17 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -pkgname=redxen-data-signkey -pkgver=2020.10.18 + +. ../APKBUILD-data.template + +pkgver=2021.06.01.03 pkgrel=0 pkgdesc="Signing key for packages" -url="https://git.redxen.eu/RedXen" -arch="noarch" -license="none" -options="!check" # No checks possible source=" - pubkey + caskd@redxen.eu-5f4953be.rsa.pub " -builddir="$srcdir" +_rx_installdir="/etc/apk/keys" +_rx_fperm=444 # Public, static key -package() { - install -Dm644 pubkey "$pkgdir"/etc/apk/keys/caskd@redxen.eu-5f4953be.rsa.pub -} - - -sha512sums="4b8be794e11012c7730513766fcc1b279212d4b08895b828b29e7b0f568ea526c7e64f6552e3dd67c3a2041d2cfbcf289e9ff3fa140b6c5dd15a10fc11b0930c pubkey" +sha512sums=" +4b8be794e11012c7730513766fcc1b279212d4b08895b828b29e7b0f568ea526c7e64f6552e3dd67c3a2041d2cfbcf289e9ff3fa140b6c5dd15a10fc11b0930c caskd@redxen.eu-5f4953be.rsa.pub +" diff --git a/data/signkey/pubkey b/data/signkey/caskd@redxen.eu-5f4953be.rsa.pub similarity index 100% rename from data/signkey/pubkey rename to data/signkey/caskd@redxen.eu-5f4953be.rsa.pub diff --git a/openrc/APKBUILD-openrc.common b/openrc/APKBUILD-openrc.common deleted file mode 100644 index 94ec496..0000000 --- a/openrc/APKBUILD-openrc.common +++ /dev/null @@ -1,39 +0,0 @@ -pkgname=redxen-openrc-$_svcname -url="https://git.redxen.eu/RedXen/aports" -arch="noarch" -license="none" -depends="openrc $_svcname redxen-config-$_svcname" -pkgdesc="RedXen service config for $_svcname" -source="runfile conffile" -options="!check" -builddir="$srcdir" - -openrc_rx_add_to_runlevel() { - mkdir -p "${1:-$pkgdir}"/etc/runlevels/"${3:-$_grpname}" - ln -s /etc/init.d/"${2:-${_svcname}.redxen}" "${1:-$pkgdir}"/etc/runlevels/${3:-$_grpname} -} - -openrc_rx_install_runfile() { - install -Dm755 "${2:-runfile}" "${1:-$pkgdir}"/etc/init.d/"${3:-${_svcname}.redxen}" -} - -openrc_rx_install_conffile() { - install -Dm644 "${2:-conffile}" "${1:-$pkgdir}"/etc/conf.d/"${3:-${_svcname}.redxen}" -} - -openrc_rx_link_original() { - mkdir -p "${1:-$pkgdir}"/etc/init.d - ln -s "${2:-$_svcname}" "${1:-$pkgdir}"/etc/init.d/"${3:-${_svcname}.redxen}" -} - -openrc_rx_link_instance() { - mkdir -p "${1:-$pkgdir}"/etc/init.d - ln -s "${2:-$_svcname}".redxen "${1:-$pkgdir}"/etc/init.d/"$3" -} - -package() { - openrc_rx_add_to_runlevel - openrc_rx_install_runfile - openrc_rx_install_conffile -} - diff --git a/openrc/APKBUILD-openrc.template b/openrc/APKBUILD-openrc.template new file mode 100644 index 0000000..916b89b --- /dev/null +++ b/openrc/APKBUILD-openrc.template @@ -0,0 +1,34 @@ +. ../../APKBUILD.template + +: ${pkgname:?"No package prefix provided"} +: ${_rx_openrc_svcname:="redxen.$_rx_pkgname"} + +pkgname="$pkgname-openrc-$_rx_pkgname" +pkgdesc="RedXen openrc configuration: $_rx_pkgname" +depends="openrc $_rx_pkgname redxen-config-$_rx_pkgname" +source="runfile conffile" + +rx_openrc_runfile_link() { + mkdir -p "$(rx_cpkgdir)"/etc/init.d + ln -s "${1:-$_rx_pkgname}" "$(rx_cpkgdir)"/etc/init.d/"${2:-$_rx_openrc_svcname}" +} + +rx_openrc_runfile_install() { + _rx_fperm="755" _rx_installdir="/etc/init.d" rx_install "${1:-runfile}" "${2:-$_rx_openrc_svcname}" +} + +rx_openrc_conffile_install() { + _rx_fperm="644" _rx_installdir="/etc/conf.d" rx_install "${1:-conffile}" "${2:-$_rx_openrc_svcname}" +} + +rx_openrc_runlevel_add() { + mkdir -p "$(rx_cpkgdir)"/etc/runlevels/"${2:-$_rx_openrc_grpname}" + ln -s /etc/init.d/"${1:-$_rx_openrc_svcname}" "$(rx_cpkgdir)"/etc/runlevels/"${2:-$_rx_openrc_grpname}" +} + +# Override default to install runfile and conffile +package() { + rx_openrc_runlevel_add + rx_openrc_runfile_install + rx_openrc_conffile_install +} diff --git a/openrc/babeld/APKBUILD b/openrc/babeld/APKBUILD deleted file mode 100644 index d9a38e3..0000000 --- a/openrc/babeld/APKBUILD +++ /dev/null @@ -1,12 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_svcname=babeld -_grpname=network - -. ../APKBUILD-openrc.common - -pkgver=2021.02.08 -pkgrel=1 - -sha512sums="3a77457b76f95a75e33d40f59dd32f464e834d207200cf3e84b82fe78dde74156fb642daaab8bb92fa6bed96ca48d1d0dd41983efcde87ac0e3fcfe5aa7eea25 runfile -fd128c27307877871989e026c382cb0c1d486d30f7b4928616bde1cbabe24ab4fc3aa83f33dbe42f2321318807c8d9f913b1fea089c1a38f3a3200214682b9b8 conffile" diff --git a/openrc/babeld/conffile b/openrc/babeld/conffile deleted file mode 100644 index 79927cf..0000000 --- a/openrc/babeld/conffile +++ /dev/null @@ -1,5 +0,0 @@ -BABELD_CONF="/etc/babeld/redxen.conf" -depend() { - need net - after firewall syslog yggdrasil.redxen fastd.crxnrouter.redxen fastd.crxnclient.redxen -} diff --git a/openrc/babeld/runfile b/openrc/babeld/runfile deleted file mode 100644 index 844128c..0000000 --- a/openrc/babeld/runfile +++ /dev/null @@ -1,7 +0,0 @@ -#!/sbin/openrc-run - -: ${BABELD_CONF:=/etc/babeld.conf} - -pidfile="/run/${RC_SVCNAME}.pid" -command=/usr/bin/babeld -: ${command_args:=-r -I $pidfile -D -c ${BABELD_CONF}} diff --git a/openrc/bird/APKBUILD b/openrc/bird/APKBUILD index a35845f..dd39a4e 100644 --- a/openrc/bird/APKBUILD +++ b/openrc/bird/APKBUILD @@ -1,12 +1,13 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=bird -_grpname=network +_rx_openrc_grpname=network -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.05.12 -pkgrel=1 +pkgver=2021.06.01.03 +pkgrel=0 -sha512sums="4f96de2677c1495af058e3ace9882c6b45437763a5aa22d57997a463fe5ba8be4f2e40234a86633555b665dccc3d897007aa5074b95e8ae954989d2ad8d970df runfile -e10326b72cf5fc4ff32b27b6524e1d56c5bf0410a6a4e321ffa6f155eac6645b22b37c1fd024ced631800d1a69d4fa9395f6534d55f111a0c4b5c85d5037b97b conffile" +sha512sums=" +4f96de2677c1495af058e3ace9882c6b45437763a5aa22d57997a463fe5ba8be4f2e40234a86633555b665dccc3d897007aa5074b95e8ae954989d2ad8d970df runfile +58f288c2d149315e2c8eacb82ff33a7cd6aab819d818281991cd347cd5fbb19fc24182a1497104da2304a93b7a6a8a95c60f25fce5fda8abb011f3db40e8061f conffile +" diff --git a/openrc/bird/conffile b/openrc/bird/conffile index 474ff1a..e37173f 100644 --- a/openrc/bird/conffile +++ b/openrc/bird/conffile @@ -1 +1 @@ -CONF_FILE="/etc/bird/redxen.conf" +CONF_FILE="/etc/redxen/bird/redxen.conf" diff --git a/openrc/darkhttpd/APKBUILD b/openrc/darkhttpd/APKBUILD deleted file mode 100644 index 8ba2547..0000000 --- a/openrc/darkhttpd/APKBUILD +++ /dev/null @@ -1,13 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_svcname=darkhttpd -_grpname=http - -. ../APKBUILD-openrc.common - -pkgver=2021.01.26 -pkgrel=1 -depends="openrc darkhttpd" - -sha512sums="dd792892588e03cef4a36bb8e81297990884298d8a2bc1c14ae2d8986a0a17af8d15bf3fb4e1830d22b154dc00591d884e20da915f51fd8ecf3b05b6c92dc7d4 runfile -33e9e16a4565ba821ca53615145465a6bc2d4d659c267ca5fb2dbbdaf24965d5474ef2b751b3e92f95f23dd19834351449494de4f40a1befd7114c4d11a4b281 conffile" diff --git a/openrc/darkhttpd/conffile b/openrc/darkhttpd/conffile deleted file mode 100644 index d88bb2b..0000000 --- a/openrc/darkhttpd/conffile +++ /dev/null @@ -1,11 +0,0 @@ -# darkhttpd web server config - -document_root="/http" -logdir="/var/log/$SVCNAME" -port=7574 -run_as_user=darkhttpd -run_as_group=www-data -run_in_chroot=yes - -# extra arguments -darkhttpd_args="--ipv6" diff --git a/openrc/darkhttpd/runfile b/openrc/darkhttpd/runfile deleted file mode 100644 index 2b3e099..0000000 --- a/openrc/darkhttpd/runfile +++ /dev/null @@ -1,31 +0,0 @@ -#! /sbin/openrc-run - -supervisor=supervise-daemon - -name="darkhttpd web server" -description="Simple, single-threaded, static content webserver" - -command="/usr/bin/darkhttpd" -command_args="${document_root:-/var/www/localhost/htdocs} ${darkhttpd_args}" - -optional_arg() { - if [ -n "$2" ]; then - command_args="$command_args $1 $2" - fi -} - -start_pre() { - if [ -n "$logdir" ]; then - checkpath --directory --owner darkhttpd "${logdir}" - command_args="$command_args --log ${logdir}/access.log" - fi - optional_arg --addr "$addr" - optional_arg --port "$port" - optional_arg --uid "$run_as_user" - optional_arg --gid "$run_as_group" - optional_arg --mimetypes "$mimetypes" - if yesno "${run_in_chroot:-no}"; then - command_args="${command_args} --chroot" - fi -} - diff --git a/openrc/dovecot/APKBUILD b/openrc/dovecot/APKBUILD index 0cf8b39..f50a872 100644 --- a/openrc/dovecot/APKBUILD +++ b/openrc/dovecot/APKBUILD @@ -1,12 +1,13 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=dovecot -_grpname=mail +_rx_openrc_grpname=mail -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.01.26 -pkgrel=2 +pkgver=2021.06.01.03 +pkgrel=0 -sha512sums="04efce688cf54ab643cbf29dafe264c70f3a2c6f2e7fe9030d1e7f3e4d30656c718796fb55d3d9c02422e2298172475efd91b31b4ca6108508a636f2ff242963 runfile -612aecfe0c233264ab2cdc4e4545dd0e89500672057ffb86f8798141f3a767ed64bae375a55defa202353588d89757b3b3224d63e827a006210a87540888970f conffile" +sha512sums=" +04efce688cf54ab643cbf29dafe264c70f3a2c6f2e7fe9030d1e7f3e4d30656c718796fb55d3d9c02422e2298172475efd91b31b4ca6108508a636f2ff242963 runfile +2f7a57baa200307075414b70d91b63266cd845525899d3d7d39c91410241ce1f9bfd985d63990345e49465133496659f5d6450183cb8a0b1eafc16193c105794 conffile +" diff --git a/openrc/dovecot/conffile b/openrc/dovecot/conffile index b4c7b32..694cc82 100644 --- a/openrc/dovecot/conffile +++ b/openrc/dovecot/conffile @@ -1,2 +1,2 @@ -cfgfile="/etc/dovecot/redxen/dovecot.conf" +cfgfile="/etc/redxen/dovecot/dovecot.conf" maildir="/var/mail" diff --git a/openrc/fastd/APKBUILD b/openrc/fastd/APKBUILD index 5c80e84..98082b8 100644 --- a/openrc/fastd/APKBUILD +++ b/openrc/fastd/APKBUILD @@ -1,12 +1,13 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=fastd -_grpname=network +_rx_openrc_grpname=network -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.02.17 +pkgver=2021.06.01.03 pkgrel=0 -sha512sums="68699b730ca24994227c4487f5046e433ba82e475b9f586755e525f9b6c7da7346f6ac04bb17d370bfed7121bb660f11a8e243169e25af391f6d1e87928d9d77 runfile -3f4756f813548b734110bf5460c1d9d386feb410438380340d4dcbb71d4092534bb6f715246e73c5a61dc8efbddf200b7608442d165d52ce47192af6df8b7082 conffile" +sha512sums=" +68699b730ca24994227c4487f5046e433ba82e475b9f586755e525f9b6c7da7346f6ac04bb17d370bfed7121bb660f11a8e243169e25af391f6d1e87928d9d77 runfile +0d2a8aeda01d59394ea24e6ba97047ddc2c3829f8d5b703354be4a1012a6697ac217ad75e60153e3e479ea1724431f135bc09af7135d17f1b1ac00579920ad9c conffile +" diff --git a/openrc/fastd/conffile b/openrc/fastd/conffile index 5c133b8..ff3c4f4 100644 --- a/openrc/fastd/conffile +++ b/openrc/fastd/conffile @@ -1 +1 @@ -FASTD_CONF="/etc/fastd/redxen/fastd.conf" +FASTD_CONF="/etc/redxen/fastd/fastd.conf" diff --git a/openrc/gitea/APKBUILD b/openrc/gitea/APKBUILD index 50e62ae..51bceb7 100644 --- a/openrc/gitea/APKBUILD +++ b/openrc/gitea/APKBUILD @@ -1,12 +1,13 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=gitea -_grpname=git +_rx_openrc_grpname=git -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.02.09 -pkgrel=1 +pkgver=2021.06.01.03 +pkgrel=0 -sha512sums="c4059235e41d79d0d3d84d84acfbe1c2a461f67dc261dff7973991b67e3ceab9bfcbfb8f10185590b63b85b4739ec841c41bfbb8904c110c425d159c56cb956a runfile -c24a89bf6775328d40c9b9b4a589210cfab7e8c77cfd271b15e94ba8e56d805095b0f6b676de3d40d1d946e298916e2c2a69cd290a0d1f213b37f636f39e2b0d conffile" +sha512sums=" +c4059235e41d79d0d3d84d84acfbe1c2a461f67dc261dff7973991b67e3ceab9bfcbfb8f10185590b63b85b4739ec841c41bfbb8904c110c425d159c56cb956a runfile +fb7e65b6ecbca2dd67aacf2becab067ee235ec3565fbd68c855d3d842a778a03d34cf05ed584c562489d10c8020416d6138888867f0d8869c193d6cb971120ae conffile +" diff --git a/openrc/gitea/conffile b/openrc/gitea/conffile index ef1a07f..11eacdf 100644 --- a/openrc/gitea/conffile +++ b/openrc/gitea/conffile @@ -1,4 +1,4 @@ -GITEA_CONF=/etc/gitea/redxen.ini +GITEA_CONF=/etc/redxen/gitea/redxen.ini GITEA_WORK_DIR=/var/lib/gitea GITEA_CUSTOM=/usr/share/gitea/custom error_logger="logger -t $RC_SVCNAME" diff --git a/openrc/grafana/APKBUILD b/openrc/grafana/APKBUILD index 9b9c074..418d891 100644 --- a/openrc/grafana/APKBUILD +++ b/openrc/grafana/APKBUILD @@ -1,12 +1,13 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=grafana -_grpname=monitoring +_rx_openrc_grpname=monitoring -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.01.26 -pkgrel=2 +pkgver=2021.06.01.03 +pkgrel=0 -sha512sums="ff2ff799efbe2aa46610206fd51f487f079ebde4f63653937d7c438fd1e77d0549cd13598b6c37b65d1fad1fdba175fefb4de3712782967a3d73ce5581159c30 runfile -830c14991b818e7ab121dfdf2e0fea4434e4c464bb03784312f421fc752811e22e9412e893217eae482d6a8f956118832e5129441c5fc814c4f7b4c85ec51e29 conffile" +sha512sums=" +ff2ff799efbe2aa46610206fd51f487f079ebde4f63653937d7c438fd1e77d0549cd13598b6c37b65d1fad1fdba175fefb4de3712782967a3d73ce5581159c30 runfile +491f11448673d650da69b43a98a5f56cb76d454e7a692aa585249fe95866107ebb5c32e210e2577ff42ae7bf38d41969d329f316e788e7443618eab1d1dce34e conffile +" diff --git a/openrc/grafana/conffile b/openrc/grafana/conffile index 2cce0e2..04748b2 100644 --- a/openrc/grafana/conffile +++ b/openrc/grafana/conffile @@ -1,5 +1,5 @@ GRAFANA_HOME=/var/lib/grafana -GRAFANA_CONFIG=/etc/grafana/main.ini +GRAFANA_CONFIG=/etc/redxen/grafana/main.ini GRAFANA_OPTS="-config $GRAFANA_CONFIG -homepath /usr/share/grafana cfg:default.paths.data=$GRAFANA_HOME/data cfg:default.paths.plugins=$GRAFANA_HOME/plugins cfg:default.paths.provisioning=$GRAFANA_HOME/provisioning cfg:log.mode=syslog" rc_need=logger diff --git a/openrc/haproxy/APKBUILD b/openrc/haproxy/APKBUILD index 51ac1c6..e68eaad 100644 --- a/openrc/haproxy/APKBUILD +++ b/openrc/haproxy/APKBUILD @@ -1,19 +1,20 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=haproxy -_grpname=http +_rx_openrc_grpname=http -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.01.26 -pkgrel=2 -depends="$depends $_svcname-openrc" +pkgver=2021.06.01.03 +pkgrel=0 +depends="$depends $_rx_pkgname-openrc" source="conffile" package() { - openrc_rx_add_to_runlevel - openrc_rx_link_original - openrc_rx_install_conffile + rx_openrc_runlevel_add + rx_openrc_runfile_link + rx_openrc_conffile_install } -sha512sums="e859523acf4444958744bd235b0d08a7dae0058290fa9fd9b12c29dec192bc25cf1bebba3e8c56ff2df305ee3878349871af70c475bcc8f545dbccbd9b7b338b conffile" +sha512sums=" +7bbbf041af650be8a9e33d36cbd722713b62f231d3effb60eb70d82587c407b21121e44806473875cf19180bbfc92e925085c5c2a53b3d959c1ccb75af52c935 conffile +" diff --git a/openrc/haproxy/conffile b/openrc/haproxy/conffile index 3b229ba..4d8c3e7 100644 --- a/openrc/haproxy/conffile +++ b/openrc/haproxy/conffile @@ -1 +1 @@ -HAPROXY_CONF="/etc/haproxy/main.cfg" +HAPROXY_CONF="/etc/redxen/haproxy/main.cfg" diff --git a/openrc/influxdb/APKBUILD b/openrc/influxdb/APKBUILD index b6ec5fd..b4a8769 100644 --- a/openrc/influxdb/APKBUILD +++ b/openrc/influxdb/APKBUILD @@ -1,12 +1,13 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=influxdb -_grpname=database +_rx_openrc_grpname=database -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.01.26 -pkgrel=2 +pkgver=2021.06.01.03 +pkgrel=0 -sha512sums="bc850c5a53510801435ee700a80d204a084d773b94bbb6f3aa39744d3a88f3b189596dc8d4c618c4d9c97cb8d26ec50608bfaa6a78550c5b86c146c96e744460 runfile -fff28c21ece16bce375ffe7790655de498f067e71ffdbc880e6b3b0adc28707cac167a5a53dd4aab73e5a5664300d165a6e9d2718a4b49482bbfc52e42d67594 conffile" +sha512sums=" +bc850c5a53510801435ee700a80d204a084d773b94bbb6f3aa39744d3a88f3b189596dc8d4c618c4d9c97cb8d26ec50608bfaa6a78550c5b86c146c96e744460 runfile +914a98f368df9545e64373c8b1afde7713066bd5cdbefc5bf4dbf252565cf17d54cb6a6064d4ef45f6285676ea277bc511134f002ccc8db2fd49d43072291be0 conffile +" diff --git a/openrc/influxdb/conffile b/openrc/influxdb/conffile index 06587ec..5b54a4b 100644 --- a/openrc/influxdb/conffile +++ b/openrc/influxdb/conffile @@ -1,2 +1,2 @@ data_path=/var/lib/influxdb -INFLUXDB_OPTS="-config /etc/influxdb/redxen.conf" +INFLUXDB_OPTS="-config /etc/redxen/influxdb/redxen.conf" diff --git a/openrc/ipset/APKBUILD b/openrc/ipset/APKBUILD index 2d78452..0b709b5 100644 --- a/openrc/ipset/APKBUILD +++ b/openrc/ipset/APKBUILD @@ -1,12 +1,13 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=ipset -_grpname=firewall +_rx_openrc_grpname=firewall -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.02.14 +pkgver=2021.06.01.03 pkgrel=0 -sha512sums="5d48fbdb78197344eb43d89d302f5ae558ff736a29cbf63a1723837662dafd6dcd2071015f9d2c2c979b9b4d383476972049f1d5f04d7d810e522a8697686e07 runfile -da4d6b72a8e7114d44903a46455642f69ac44a51e0bf0b7bafc8b469398419128bba830c1e5c0759618784f301d07c220be98fa01eb1d3ffe72bc36768aa3472 conffile" +sha512sums=" +5d48fbdb78197344eb43d89d302f5ae558ff736a29cbf63a1723837662dafd6dcd2071015f9d2c2c979b9b4d383476972049f1d5f04d7d810e522a8697686e07 runfile +77199d662d88615e3a5268200292a1424d28961e2dbef21e00cd32cf48a9f7f6754d7ed952e5e3dc7e298eef8435e1263e9e8122a08838b31e591140ec8fd774 conffile +" diff --git a/openrc/ipset/conffile b/openrc/ipset/conffile index f0867c1..d52df10 100644 --- a/openrc/ipset/conffile +++ b/openrc/ipset/conffile @@ -1 +1 @@ -DIR="/etc/ipset.d/redxen" +DIR="/etc/redxen/ipset" diff --git a/openrc/iptables/APKBUILD b/openrc/iptables/APKBUILD index 6f4437c..1620206 100644 --- a/openrc/iptables/APKBUILD +++ b/openrc/iptables/APKBUILD @@ -1,29 +1,30 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=iptables -_grpname=firewall +_rx_openrc_grpname=firewall -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.02.14 +pkgver=2021.06.01.03 pkgrel=0 source=" runfile conffile-4 conffile-6 " -depends="iptables ip6tables redxen-config-$_svcname openrc" +depends="iptables ip6tables redxen-config-$_rx_pkgname openrc" package() { - openrc_rx_add_to_runlevel "$pkgdir" "iptables.redxen" - openrc_rx_add_to_runlevel "$pkgdir" "ip6tables.redxen" + rx_openrc_runlevel_add "redxen.iptables" + rx_openrc_runlevel_add "redxen.ip6tables" - openrc_rx_install_runfile "$pkgdir" "runfile" "iptables.redxen" - openrc_rx_install_runfile "$pkgdir" "runfile" "ip6tables.redxen" - openrc_rx_install_conffile "$pkgdir" "conffile-4" "iptables.redxen" - openrc_rx_install_conffile "$pkgdir" "conffile-6" "ip6tables.redxen" + rx_openrc_runfile_install "runfile" "redxen.iptables" + rx_openrc_runfile_link "redxen.iptables" "redxen.ip6tables" + rx_openrc_conffile_install "conffile-4" "redxen.iptables" + rx_openrc_conffile_install "conffile-6" "redxen.ip6tables" } -sha512sums="06942c49589a810bf6418ea718d6775e9400899fb52c4097df4590cf2764252de6230710b3682157c1ff15d781919265772869d33cd45234a1b4649ac29343fb runfile -9673f6611a4bfdc27fd4f6759331ce6696d688950c98cc8017ac396e9c26b2036c46108c2ea7f5d631d0dd67f79552e3713b973a752f2c47c8e4178f3d16da9a conffile-4 -02ce6849b1f9723f97bba57682ad3f3aebe9e80ee89cf0f324c69bc753654a8e6693804c4462b848945f0b50752378b4c3b7c4a95c1ce81406b37288968aaa1b conffile-6" +sha512sums=" +77318f8a563c1b9d96b80022176f03e3cfb2d90a139b8d793c46680c468f5319971813ef94e90753d022911780927d13143b35a1a2f5767e3cd159ebcd4ee31a runfile +121e869e27a1cfc96f48dbe699aa67c77233b2427b109220b2dcadcfaf279107f794549dc4c0158a71d66278fe34edcbf35833680a5c5e5e066a8baa87c30531 conffile-4 +aec2e09db55dd43feaf13eb1a13d8d8fe6f15973e2076e4af3a60a869828156ac3ef938f1b2c2a057c282e00a9bb4a47d2c47c8195947b3a634a043393ab91eb conffile-6 +" diff --git a/openrc/iptables/conffile-4 b/openrc/iptables/conffile-4 index 86f4691..3827809 100644 --- a/openrc/iptables/conffile-4 +++ b/openrc/iptables/conffile-4 @@ -2,7 +2,7 @@ # Location in which iptables initscript will save set rules on # service shutdown -IPTABLES_SAVE="/etc/iptables/rx-rules4" +IPTABLES_SAVE="/etc/redxen/iptables/rx-rules4" # Options to pass to iptables-save and iptables-restore SAVE_RESTORE_OPTIONS="-c" diff --git a/openrc/iptables/conffile-6 b/openrc/iptables/conffile-6 index 91d1133..5a3f7ff 100644 --- a/openrc/iptables/conffile-6 +++ b/openrc/iptables/conffile-6 @@ -2,7 +2,7 @@ # Location in which ip6tables initscript will save set rules on # service shutdown -IP6TABLES_SAVE="/etc/iptables/rx-rules6" +IPTABLES_SAVE="/etc/redxen/iptables/rx-rules6" # Options to pass to ip6tables-save and ip6tables-restore SAVE_RESTORE_OPTIONS="-c" diff --git a/openrc/iptables/runfile b/openrc/iptables/runfile index 2b92f4d..cc1e4f2 100644 --- a/openrc/iptables/runfile +++ b/openrc/iptables/runfile @@ -11,7 +11,10 @@ description_reload="Reload configuration" extra_commands="save panic" extra_started_commands="reload" -iptables_name="${SVCNAME%%.*}" +iptables_name=${SVCNAME##*.} +if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then + iptables_name="iptables" +fi iptables_bin="/sbin/${iptables_name}" case ${iptables_name} in @@ -25,7 +28,7 @@ esac depend() { before net - after sysctl ipset.redxen + after sysctl use logger provide firewall } @@ -40,7 +43,7 @@ set_table_policy() { esac local chain for chain in ${chains} ; do - ${iptables_bin} -t ${table} -P ${chain} ${policy} + ${iptables_bin} -w 5 -t ${table} -P ${chain} ${policy} done } @@ -88,8 +91,8 @@ stop() { for a in $(cat ${iptables_proc}) ; do set_table_policy $a ACCEPT - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a + ${iptables_bin} -w 5 -F -t $a + ${iptables_bin} -w 5 -X -t $a done eend $? } @@ -99,8 +102,8 @@ reload() { ebegin "Flushing firewall" local a for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a + ${iptables_bin} -w 5 -F -t $a + ${iptables_bin} -w 5 -X -t $a done eend $? @@ -123,8 +126,8 @@ panic() { local a ebegin "Dropping all packets" for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a + ${iptables_bin} -w 5 -F -t $a + ${iptables_bin} -w 5 -X -t $a set_table_policy $a DROP done diff --git a/openrc/lighttpd/APKBUILD b/openrc/lighttpd/APKBUILD deleted file mode 100644 index 36a7df8..0000000 --- a/openrc/lighttpd/APKBUILD +++ /dev/null @@ -1,19 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_svcname=lighttpd -_grpname=http - -. ../APKBUILD-openrc.common - -pkgver=2021.01.26 -pkgrel=2 -depends="$depends $_svcname-openrc" -source="conffile" - -package() { - openrc_rx_add_to_runlevel - openrc_rx_link_original - openrc_rx_install_conffile -} - -sha512sums="6a618a3d00df5cfc5e31b2f5f66edfbde4d6514c04df51f89162a42b8f1ad3ef3d06827a4cd46bee54e8ba91316354b510c49ebd873fb727e96b1c756895df7b conffile" diff --git a/openrc/lighttpd/conffile b/openrc/lighttpd/conffile deleted file mode 100644 index 74bfa41..0000000 --- a/openrc/lighttpd/conffile +++ /dev/null @@ -1,12 +0,0 @@ -# /etc/conf.d/lighttpd - -# Location of a shell used by the 'include_shell' directive -# in the lighttpd's configuration file -#export SHELL="/bin/bash" - -# Location of the lighttpd configuration file -LIGHTTPD_CONF="/etc/lighttpd/redxen/main.conf" - -# Location of the lighttpd pid file -LIGHTTPD_PID="/run/lighttpd.pid" - diff --git a/openrc/minetest/APKBUILD b/openrc/minetest/APKBUILD index 0e1a9d5..2f0af4f 100644 --- a/openrc/minetest/APKBUILD +++ b/openrc/minetest/APKBUILD @@ -1,19 +1,20 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=minetest -_grpname=games +_rx_openrc_grpname=games -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.03.28 -pkgrel=1 -depends="openrc $_svcname-server $_svcname-server-openrc" +pkgver=2021.06.01.03 +pkgrel=0 +depends="openrc $_rx_pkgname-server $_rx_pkgname-server-openrc" source="conffile" package() { - openrc_rx_add_to_runlevel - openrc_rx_link_original "$pkgdir" "$_svcname-server" - openrc_rx_install_conffile + rx_openrc_runlevel_add + rx_openrc_runfile_link "$_rx_pkgname-server" + rx_openrc_conffile_install } -sha512sums="f752a19223b8065bff2d052fb5f5947c23eee8bb9470ca41378f91fe5243b4153cea8cc881d81d01193288092ddd0848aceb4838536b5227e458ae534649811e conffile" +sha512sums=" +0500b85ebe075b5642ad0921479d5b5978ac8c43ae78e5bffd8a3d35cfad1fc79f923fb9855dcdfe80515c7fc8137cff17a59484b996f20cf3b1ce971589beb4 conffile +" diff --git a/openrc/minetest/conffile b/openrc/minetest/conffile index 40f9a7d..48c8e4f 100644 --- a/openrc/minetest/conffile +++ b/openrc/minetest/conffile @@ -1 +1 @@ -CONFIG="/etc/minetest/redxen.conf" +CONFIG="/etc/redxen/minetest/redxen.conf" diff --git a/openrc/monerod/APKBUILD b/openrc/monerod/APKBUILD index d642719..f976244 100644 --- a/openrc/monerod/APKBUILD +++ b/openrc/monerod/APKBUILD @@ -1,13 +1,14 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=monerod -_grpname=blockchain +_rx_openrc_grpname=blockchain -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.04.01 +pkgver=2021.06.01.03 pkgrel=0 -depends="openrc redxen-config-$_svcname monero" +depends="openrc redxen-config-$_rx_pkgname monero" -sha512sums="ad6f8d26237fc0100cfd150f14ed79e8f16647b070cd3ec2692e55766cda0535b863f49f0646e348883db3c59c53c3354bc6c895b0f31f268b02519703e6110a runfile -31e7973b8a580d04d4a0fa40357914fecbc46b42799620480a2d158bdc38159c13a54a82549972a56de8fd163a61e057ea65bc3899857c44de705c87ff2181ce conffile" +sha512sums=" +ad6f8d26237fc0100cfd150f14ed79e8f16647b070cd3ec2692e55766cda0535b863f49f0646e348883db3c59c53c3354bc6c895b0f31f268b02519703e6110a runfile +9d5fbf2fac22832da0a69e703181d9a4dc08b808673a2d0b8daf7ad3d44ac179899eca2eee7337297e0ea79d4c18693bc5053f4efef27dd07dfe7a541dd0d843 conffile +" diff --git a/openrc/monerod/conffile b/openrc/monerod/conffile index 136bdcd..324ca10 100644 --- a/openrc/monerod/conffile +++ b/openrc/monerod/conffile @@ -1 +1 @@ -MONEROD_CONF="/etc/monerod/redxen.conf" +MONEROD_CONF="/etc/redxen/monerod/redxen.conf" diff --git a/openrc/murmur/APKBUILD b/openrc/murmur/APKBUILD index c30edc8..ed9c212 100644 --- a/openrc/murmur/APKBUILD +++ b/openrc/murmur/APKBUILD @@ -1,12 +1,13 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=murmur -_grpname=social +_rx_openrc_grpname=social -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.01.26 -pkgrel=2 +pkgver=2021.06.01.03 +pkgrel=0 -sha512sums="0bca5004e9422e1e4cb87741d81ee32e7e7b939ea8e948d6496cf200a94b471f78219302d55f0419bd3361d9b62af5db3b36bdd9c173eafe20c44c21bfa42463 runfile -a413a468528c615c283be6012e4d77d6dfb3db42279bd065e2eba17eca8892624d8815483e7f6e7e9583928702bb50c7cad394959d39637560f690f92738b849 conffile" +sha512sums=" +0bca5004e9422e1e4cb87741d81ee32e7e7b939ea8e948d6496cf200a94b471f78219302d55f0419bd3361d9b62af5db3b36bdd9c173eafe20c44c21bfa42463 runfile +67e434dac815540034890933fde5d9593c6ea52994e1d46b465329923a87204bcc2f22cefbe7f62fdf7a4d3615181bc383ee677d40c8695422fd3fdb357689f8 conffile +" diff --git a/openrc/murmur/conffile b/openrc/murmur/conffile index 817a1ba..3dfdc0a 100644 --- a/openrc/murmur/conffile +++ b/openrc/murmur/conffile @@ -1,2 +1,2 @@ # Configuration file to start with -INI_CONFIG="/etc/murmur/murmur.ini" +INI_CONFIG="/etc/redxen/murmur/murmur.ini" diff --git a/openrc/nginx/APKBUILD b/openrc/nginx/APKBUILD index a82f155..b85b6bd 100644 --- a/openrc/nginx/APKBUILD +++ b/openrc/nginx/APKBUILD @@ -1,19 +1,20 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=nginx -_grpname=http +_rx_openrc_grpname=http -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.01.26 -pkgrel=2 -depends="$depends $_svcname-openrc" +pkgver=2021.06.01.03 +pkgrel=0 +depends="$depends $_rx_pkgname-openrc" source="conffile" package() { - openrc_rx_add_to_runlevel - openrc_rx_link_original - openrc_rx_install_conffile + rx_openrc_runlevel_add + rx_openrc_runfile_link + rx_openrc_conffile_install } -sha512sums="41b11e1be914b9a3c87fb1e98016ddd70e4fd5c6f80205f011cda44f5ca00359f14bdb40fc7225f8502ac6cd99e18578ae81ea4970fb53bd9b22403248b2d353 conffile" +sha512sums=" +f0025e5c945acce85b558804463c86dd5afbc5d83bcf18bd91c4fe064fa6ef39ccef906683ca549c5042e83f63a00776804c837e26272a68d71305d0796c2774 conffile +" diff --git a/openrc/nginx/conffile b/openrc/nginx/conffile index f3dbe39..ff7a3a1 100644 --- a/openrc/nginx/conffile +++ b/openrc/nginx/conffile @@ -1 +1 @@ -cfgfile="/etc/nginx/redxen.conf" +cfgfile="/etc/redxen/nginx/main.conf" diff --git a/openrc/opendkim/APKBUILD b/openrc/opendkim/APKBUILD index 3f7a025..cbf0619 100644 --- a/openrc/opendkim/APKBUILD +++ b/openrc/opendkim/APKBUILD @@ -1,12 +1,13 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=opendkim -_grpname=mail +_rx_openrc_grpname=mail -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.02.08 -pkgrel=4 +pkgver=2021.06.01.03 +pkgrel=0 -sha512sums="2d506bfb74cdc9fe70c96ae4a9db4ee8a4347ce6e268d267cf35892c2d4979afe3fb4e6258c86bdfa29043918e663efea71e94dee932bf763f25250c22738e65 runfile -c6fa8c88593350419ab536423ee3f5e556b9ba54439cc123ad0a3ddb52335349951eb06b5903a0b923d8c24f8b220087abae275b4cbada14e3d6f1af61aa5813 conffile" +sha512sums=" +2d506bfb74cdc9fe70c96ae4a9db4ee8a4347ce6e268d267cf35892c2d4979afe3fb4e6258c86bdfa29043918e663efea71e94dee932bf763f25250c22738e65 runfile +cdb90e83c2bfab2bba52719bf2dfb06ead64b451bce42efc9b5ce442c042469f2b63d1e8ca089c6210909f7454b237e64b35120d19d64400e84501549d1a685c conffile +" diff --git a/openrc/opendkim/conffile b/openrc/opendkim/conffile index a41f835..ddaba75 100644 --- a/openrc/opendkim/conffile +++ b/openrc/opendkim/conffile @@ -1 +1 @@ -OPENDKIM_CONFPATH="/etc/opendkim/redxen" +OPENDKIM_CONFPATH="/etc/redxen/opendkim" diff --git a/openrc/postfix/APKBUILD b/openrc/postfix/APKBUILD index bbeee3f..00cfc5f 100644 --- a/openrc/postfix/APKBUILD +++ b/openrc/postfix/APKBUILD @@ -1,12 +1,13 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=postfix -_grpname=mail +_rx_openrc_grpname=mail -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.01.26 -pkgrel=2 +pkgver=2021.06.01.03 +pkgrel=0 -sha512sums="f810dcb32530c60c48f813a5a6741763bbf34b4d1cac961cdab9eb3e072174a982040a93319aef08b3dc74de209ed2b082228a39757742f0077cacb7eba3c906 runfile -9da3af881cc36690434b9a0809edad205478f4e4e2cba5c5a2d04de701141d38ac16c0942c1cdf242d5a81bf9a580bdd8166e74fa31b51227bbaf6fa8afd8cb9 conffile" +sha512sums=" +f810dcb32530c60c48f813a5a6741763bbf34b4d1cac961cdab9eb3e072174a982040a93319aef08b3dc74de209ed2b082228a39757742f0077cacb7eba3c906 runfile +5ff3e0f4102ceac629896d7efad489934587b8986bfb4d29c5ed60a31b0a3b157832cb98ad34a8ff06a1e6bd3b657c0576289b2dd863df1ec2ef274b062d7923 conffile +" diff --git a/openrc/postfix/conffile b/openrc/postfix/conffile index 5fca680..f7aae00 100644 --- a/openrc/postfix/conffile +++ b/openrc/postfix/conffile @@ -1 +1 @@ -CONF_DIR="/etc/postfix/redxen" +CONF_DIR="/etc/redxen/postfix" diff --git a/openrc/postgresql/APKBUILD b/openrc/postgresql/APKBUILD index a9a5c35..c04f55d 100644 --- a/openrc/postgresql/APKBUILD +++ b/openrc/postgresql/APKBUILD @@ -1,19 +1,20 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=postgresql -_grpname=database +_rx_openrc_grpname=database -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.01.26 -pkgrel=2 -depends="$depends $_svcname-openrc" +pkgver=2021.06.01.03 +pkgrel=0 +depends="$depends $_rx_pkgname-openrc" source="conffile" package() { - openrc_rx_add_to_runlevel - openrc_rx_link_original - openrc_rx_install_conffile + rx_openrc_runlevel_add + rx_openrc_runfile_link + rx_openrc_conffile_install } -sha512sums="9c4c494aead2906bf7da75a38385f1a096c99fb3d836da5c151e5969e56845baf359c3a8ccd7e4c857cb179be22f1c1179b953e2b1a55ea47b467643938ed375 conffile" +sha512sums=" +b4cbcd6e89927ed66df571d1b7c29cffe50b242b99057b318f17be50fad26b1d84a1e17d2b268a3ff3a0a9d8336d2f8e12e214ce2489b96cdca50ec6fdea1244 conffile +" diff --git a/openrc/postgresql/conffile b/openrc/postgresql/conffile index 7507e2c..600e762 100644 --- a/openrc/postgresql/conffile +++ b/openrc/postgresql/conffile @@ -10,5 +10,5 @@ logfile="/var/log/postgresql/postmaster.log" #auto_setup="yes" data_dir="/var/lib/postgresql" -conf_dir="/etc/postgresql/redxen" +conf_dir="/etc/redxen/postgresql" #initdb_opts="--locale=en_US.UTF-8" diff --git a/openrc/redis/APKBUILD b/openrc/redis/APKBUILD index a0c1f04..657e6e5 100644 --- a/openrc/redis/APKBUILD +++ b/openrc/redis/APKBUILD @@ -1,19 +1,20 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=redis -_grpname=database +_rx_openrc_grpname=database -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.01.26 -pkgrel=2 -depends="$depends $_svcname-openrc" +pkgver=2021.06.01.03 +pkgrel=0 +depends="$depends $_rx_pkgname-openrc" source="conffile" package() { - openrc_rx_add_to_runlevel - openrc_rx_link_original - openrc_rx_install_conffile + rx_openrc_runlevel_add + rx_openrc_runfile_link + rx_openrc_conffile_install } -sha512sums="5c51ea29e77cc2f4be8ccb4a00aa78d690a45896861492550702070b8406150ee09c9690f7a490598ab5e33e06b8466b901e7fbbb3e8f732e78f551c4b391279 conffile" +sha512sums=" +c5bcddc9b8c3883e2e01d2116036ca2a81a17d549ae04464d2c1cdbad765bb76b28886ff2385e3ee63300cfda204837dadd99da9e173c63de45b85425254c84d conffile +" diff --git a/openrc/redis/conffile b/openrc/redis/conffile index a373ab3..9712444 100644 --- a/openrc/redis/conffile +++ b/openrc/redis/conffile @@ -4,4 +4,4 @@ #command_user="redis:redis" # Redis configuration file. -cfgfile="/etc/redis/redxen.conf" +cfgfile="/etc/redxen/redis/redxen.conf" diff --git a/openrc/rspamd/APKBUILD b/openrc/rspamd/APKBUILD index e6c0e99..540d7d8 100644 --- a/openrc/rspamd/APKBUILD +++ b/openrc/rspamd/APKBUILD @@ -1,19 +1,20 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=rspamd -_grpname=mail +_rx_openrc_grpname=mail -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.01.26 -pkgrel=2 -depends="$depends $_svcname-openrc" +pkgver=2021.06.01.03 +pkgrel=0 +depends="$depends $_rx_pkgname-openrc" source="conffile" package() { - openrc_rx_add_to_runlevel - openrc_rx_link_original - openrc_rx_install_conffile + rx_openrc_runlevel_add + rx_openrc_runfile_link + rx_openrc_conffile_install } -sha512sums="917a359a4aa48d36b62838db6e21c7e55df5d5394366511c49bb8d9f3c61e682eee6d76d9482ce8d572d96aeeb704dd460ab95d14ad7384c5f31cd869146dced conffile" +sha512sums=" +56543be784e4448cc6ed2b8994c8436ff133c7402069eb348caa22a4b4995f195cff3169696278c7b86e76df38398a78e80752d7fa9183520efd8df322dfa411 conffile +" diff --git a/openrc/rspamd/conffile b/openrc/rspamd/conffile index 97b50cf..facc493 100644 --- a/openrc/rspamd/conffile +++ b/openrc/rspamd/conffile @@ -4,7 +4,7 @@ #command_user="rspamd:rspamd" # Path of the main configuration file. -cfgfile="/etc/rspamd/redxen/rspamd.conf" +cfgfile="/etc/redxen/rspamd/rspamd.conf" # Where to log startup configuration checking: # - /dev/null - silent if check pass (default) diff --git a/openrc/telegraf/APKBUILD b/openrc/telegraf/APKBUILD index 8ee653f..02b90da 100644 --- a/openrc/telegraf/APKBUILD +++ b/openrc/telegraf/APKBUILD @@ -1,12 +1,13 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=telegraf -_grpname=monitoring +_rx_openrc_grpname=monitoring -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.01.26 -pkgrel=2 +pkgver=2021.06.01.04 +pkgrel=0 -sha512sums="63b5accc922c617632940fdb35c813f43199dc2d19c89b079dbbd1502ef771aef9e5261ecebc57d5335d6c567a18889474c21b5498690b1ad690719da0a9a93e runfile -a7950b7fa3c5c8303c387a743591afb5d3b6a4d25c88e5d7522667b8cfdd8cdbad55251152efec352241ffd3d78ce56a5d3b6fbef03a2b02d0b23833547649c7 conffile" +sha512sums=" +1d0e2e797f165f95e66fd1ec332082e2f63954af94b50815e61513ac597efee1790241d7158f4cad1ad7849397111d2827f13b260d97bdc62e19dad0f8063b66 runfile +71eac12d5ee68a2f4370f6e7e6fb1bc7166deb6dcc073994890e2bbe3bab6587112112f25f9ea4c810df3b4c3037a2b217517b04b5cc41a92b6ede150b62136e conffile +" diff --git a/openrc/telegraf/conffile b/openrc/telegraf/conffile index 6892244..9b0cb32 100644 --- a/openrc/telegraf/conffile +++ b/openrc/telegraf/conffile @@ -1,5 +1,5 @@ -TELEGRAF_CONFIG="/etc/telegraf/main.conf" -TELEGRAF_OPTS="-config $TELEGRAF_CONFIG" +TELEGRAF_CONFIG="/etc/redxen/telegraf/main.conf" +TELEGRAF_CONFIG_DIR="/etc/redxen/telegraf/module" # Uncomment to enable logging to syslog. error_logger="logger -t $RC_SVCNAME" diff --git a/openrc/telegraf/runfile b/openrc/telegraf/runfile index bdf4c4e..2052fd2 100644 --- a/openrc/telegraf/runfile +++ b/openrc/telegraf/runfile @@ -1,7 +1,10 @@ #!/sbin/openrc-run +: ${TELEGRAF_CONFIG:=/etc/telegraf.conf} +: ${TELEGRAF_CONFIG_DIR:=/etc/telegraf.d/} + command="/usr/bin/telegraf" -command_args="$TELEGRAF_OPTS" +command_args="${TELEGRAF_OPTS:---config $TELEGRAF_CONFIG --config-directory $TELEGRAF_CONFIG_DIR}" command_background=yes command_user="${command_user:-telegraf:telegraf}" pidfile="/run/$RC_SVCNAME.pid" @@ -12,10 +15,6 @@ depend() { after firewall } -start_pre() { - checkpath -f -o $command_user -m 640 ${TELEGRAF_CONFIG:-/etc/telegraf.conf} -} - reload() { ebegin "Reloading ${RC_SVCNAME}" start-stop-daemon --signal HUP --pidfile "${pidfile}" diff --git a/openrc/transmission-daemon/APKBUILD b/openrc/transmission-daemon/APKBUILD deleted file mode 100644 index d4cafa2..0000000 --- a/openrc/transmission-daemon/APKBUILD +++ /dev/null @@ -1,12 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_svcname=transmission-daemon -_grpname=seedbox - -. ../APKBUILD-openrc.common - -pkgver=2021.01.26 -pkgrel=2 - -sha512sums="22c65c1b3a719107a486c1d62fc6321e6e775f08a00ed07c98a0b847bd02d14420fa79424011175a8a6eed1acea0ca832fdee00321999b771e556ce7b58ba2b7 runfile -c1df27bb036e28ea94c5fa18b40c99a96d9548c28ed8262ad753744a1737883c9fd75fbae2284ea9ad749bd9d4d5ee0b33a1876dccb3008e0ee327de29922ac7 conffile" diff --git a/openrc/transmission-daemon/conffile b/openrc/transmission-daemon/conffile deleted file mode 100644 index bfbeb09..0000000 --- a/openrc/transmission-daemon/conffile +++ /dev/null @@ -1,2 +0,0 @@ -config_dir="/etc/transmission" -download_dir="/seedbox" diff --git a/openrc/transmission/APKBUILD b/openrc/transmission/APKBUILD new file mode 100644 index 0000000..341ff2f --- /dev/null +++ b/openrc/transmission/APKBUILD @@ -0,0 +1,13 @@ +# Contributor: Alex Denes +# Maintainer: Alex Denes +_rx_openrc_grpname=seedbox + +. ../APKBUILD-openrc.template + +pkgver=2021.06.01.03 +pkgrel=0 + +sha512sums=" +22c65c1b3a719107a486c1d62fc6321e6e775f08a00ed07c98a0b847bd02d14420fa79424011175a8a6eed1acea0ca832fdee00321999b771e556ce7b58ba2b7 runfile +0fce3848c1278f49a9d9d1f7803c29f454844da16e465b32f88bbb4795ac6d82ea391b01fddc293cdbb6971471818798f3d48d5a2eeea3365cfe8713b544e14d conffile +" diff --git a/openrc/transmission/conffile b/openrc/transmission/conffile new file mode 100644 index 0000000..b4a6774 --- /dev/null +++ b/openrc/transmission/conffile @@ -0,0 +1,2 @@ +config_dir="/etc/redxen/transmission" +download_dir="/seedbox" diff --git a/openrc/transmission-daemon/runfile b/openrc/transmission/runfile similarity index 100% rename from openrc/transmission-daemon/runfile rename to openrc/transmission/runfile diff --git a/openrc/unbound/APKBUILD b/openrc/unbound/APKBUILD index 8a9af73..4eaa345 100644 --- a/openrc/unbound/APKBUILD +++ b/openrc/unbound/APKBUILD @@ -1,19 +1,20 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=unbound -_grpname=dns +_rx_openrc_grpname=dns -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.01.26 -pkgrel=2 -depends="$depends $_svcname-openrc" +pkgver=2021.06.01.03 +pkgrel=0 +depends="$depends $_rx_pkgname-openrc" source="conffile" package() { - openrc_rx_add_to_runlevel - openrc_rx_link_original - openrc_rx_install_conffile + rx_openrc_runlevel_add + rx_openrc_runfile_link + rx_openrc_conffile_install } -sha512sums="5ced68e11951982004abddd64e5bd37dabf5eef379a7fabb0e37a95c33a1759ea2dba67233e4cba4d98f785a365aa38fc59d7c3d1ec5ffb8312bfde146d7de6c conffile" +sha512sums=" +3caab74b7640641965e4d485c105ebe71d0a527a9fc36799ca4181323b0e668599bc108f98e012f0a2ad18dd2ab977cf313f15a0ca029267d724c29d79e7855a conffile +" diff --git a/openrc/unbound/conffile b/openrc/unbound/conffile index fd8c407..0476cb6 100644 --- a/openrc/unbound/conffile +++ b/openrc/unbound/conffile @@ -1,3 +1,3 @@ # Configuration file to start with -cfgfile="/etc/unbound/includes.conf" +cfgfile="/etc/redxen/unbound/base.conf" command_args="-c $cfgfile" diff --git a/openrc/wireguard/APKBUILD b/openrc/wireguard/APKBUILD index da724a0..c1411e0 100644 --- a/openrc/wireguard/APKBUILD +++ b/openrc/wireguard/APKBUILD @@ -1,13 +1,14 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=wireguard -_grpname=network +_rx_openrc_grpname=network -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.01.26 -pkgrel=2 -depends="openrc redxen-config-$_svcname wireguard-tools-wg-quick wireguard-tools-wg" +pkgver=2021.06.01.03 +pkgrel=0 +depends="openrc redxen-config-$_rx_pkgname wireguard-tools-wg-quick wireguard-tools-wg" -sha512sums="efa8c4ce0e15d9184edfa8cf8940e1d63f19933df0034cc27e86eb659095d069f43174cb3d1bdb2b1361e1a31d0b871589906f30113019bced2537c9e3432bfc runfile -543998954d42cc51677b37495d91436b3506dc4e92082a3eba6a0d3791d176ef98db52002bbb98022451b01f477c1dc36022697cd80f8d7a133e90736b624243 conffile" +sha512sums=" +efa8c4ce0e15d9184edfa8cf8940e1d63f19933df0034cc27e86eb659095d069f43174cb3d1bdb2b1361e1a31d0b871589906f30113019bced2537c9e3432bfc runfile +543998954d42cc51677b37495d91436b3506dc4e92082a3eba6a0d3791d176ef98db52002bbb98022451b01f477c1dc36022697cd80f8d7a133e90736b624243 conffile +" diff --git a/openrc/wireguard/runfile b/openrc/wireguard/runfile index 43e615d..cad27af 100644 --- a/openrc/wireguard/runfile +++ b/openrc/wireguard/runfile @@ -2,8 +2,10 @@ description="Control wg-quick connections" +: ${WIREGUARD_INTERFACE:=wg0} + check_interface() { - if [ -d /sys/class/net/"${WIREGUARD_INTERFACE:-wg0}" ]; then + if [ -d /sys/class/net/"$WIREGUARD_INTERFACE" ]; then mark_service_started return 0 fi @@ -12,11 +14,11 @@ check_interface() { } start() { - check_interface || /usr/bin/wg-quick up "${WIREGUARD_INTERFACE:-wg0}" + check_interface || /usr/bin/wg-quick up "$WIREGUARD_INTERFACE" } stop() { - check_interface && /usr/bin/wg-quick down "${WIREGUARD_INTERFACE:-wg0}" + check_interface && /usr/bin/wg-quick down "$WIREGUARD_INTERFACE" } restart() { diff --git a/openrc/xonotic/APKBUILD b/openrc/xonotic/APKBUILD index bf43621..d5f5a7a 100644 --- a/openrc/xonotic/APKBUILD +++ b/openrc/xonotic/APKBUILD @@ -1,13 +1,14 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -_svcname=xonotic -_grpname=games +_rx_openrc_grpname=games -. ../APKBUILD-openrc.common +. ../APKBUILD-openrc.template -pkgver=2021.01.29 -pkgrel=1 -depends="openrc redxen-config-$_svcname xonotic-server" +pkgver=2021.06.01.03 +pkgrel=0 +depends="openrc redxen-config-$_rx_pkgname xonotic-server" -sha512sums="d5b3cb34992af61b25cd331e454b95eb1c3b69137afbe06faf08fc1eaf47dda373c97442a59d862b2a2ebb41aa365bcc0e2d21b83657cfdb3a72d9502856c632 runfile -cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e conffile" +sha512sums=" +e99a71c22273f91924c5f08aaf607dabaf38b5dc9bd790689a1ae83f74d0c246b0b8b0a2276c0afe66c191078b3ee0e4fab0cbbd132d20449a026a73aa1f549f runfile +e5644c990527b5ee20519694ad620c14517574484320741735fbe25520821bfd5c5672f1757bfac7743221abffad7174998e0a67636682092ee72777506ca6b1 conffile +" diff --git a/openrc/xonotic/conffile b/openrc/xonotic/conffile index e69de29..926ee19 100644 --- a/openrc/xonotic/conffile +++ b/openrc/xonotic/conffile @@ -0,0 +1 @@ +SERVER_ARGS="-userdir /etc/redxen/xonotic" diff --git a/openrc/xonotic/runfile b/openrc/xonotic/runfile index 1bfa4ec..a209989 100644 --- a/openrc/xonotic/runfile +++ b/openrc/xonotic/runfile @@ -4,7 +4,7 @@ description="Xonotic server" supervisor=supervise-daemon command="/usr/bin/xonotic-dedicated" -command_args="${SERVER_ARGS:--userdir /etc/xonotic-server/redxen}" +command_args="${SERVER_ARGS:--userdir /etc/xonotic}" pidfile="/run/${RC_SVCNAME}.pid" command_background=true diff --git a/openrc/yggdrasil/APKBUILD b/openrc/yggdrasil/APKBUILD deleted file mode 100644 index a45111a..0000000 --- a/openrc/yggdrasil/APKBUILD +++ /dev/null @@ -1,19 +0,0 @@ -# Contributor: Alex Denes -# Maintainer: Alex Denes -_svcname=yggdrasil -_grpname=network - -. ../APKBUILD-openrc.common - -pkgver=2021.01.26 -pkgrel=2 -depends="$depends $_svcname-openrc" -source="conffile" - -package() { - openrc_rx_add_to_runlevel - openrc_rx_link_original - openrc_rx_install_conffile -} - -sha512sums="80efc154b8371a06f69d30f13e285e2dbff7227381920400b1b497eafef3cb096c7748f158e6e18ff692e13452da8fc07a5e4738a025989202323303c5e1c04d conffile" diff --git a/openrc/yggdrasil/conffile b/openrc/yggdrasil/conffile deleted file mode 100644 index ba0fe16..0000000 --- a/openrc/yggdrasil/conffile +++ /dev/null @@ -1,4 +0,0 @@ -yggdrasil_config_file=/etc/yggdrasil/redxen.conf - -output_log=/var/log/yggdrasil.log -error_log=/var/log/yggdrasil.log diff --git a/secret/APKBUILD-secret.template b/secret/APKBUILD-secret.template new file mode 100644 index 0000000..498ddcf --- /dev/null +++ b/secret/APKBUILD-secret.template @@ -0,0 +1,6 @@ +. ../../APKBUILD.template + +: ${pkgname:?"No package prefix provided"} + +pkgname="$pkgname-secret-$_rx_pkgname" +pkgdesc="RedXen secret data: $_rx_pkgname" diff --git a/secret/alpinepkg-httpauth/APKBUILD b/secret/alpinepkg-httpauth/APKBUILD new file mode 100644 index 0000000..5d2289a --- /dev/null +++ b/secret/alpinepkg-httpauth/APKBUILD @@ -0,0 +1,28 @@ +# Contributor: Alex Denes +# Maintainer: Alex Denes + +. ../APKBUILD-secret.template + +pkgver=2021.06.01.03 +pkgrel=0 +makedepends="apache2-utils" +subpackages="$pkgname-alpine" +source="secret" + +build() { + . secret + htpasswd -bc passwdfile "$USER" "$PASSWD" +} + +package() { + mkdir -p "$(rx_cpkgdir)" +} + +alpine() { + install -dm400 "$(rx_cpkgdir)"/alpine-packages + rx_install passwdfile +} + +sha512sums=" +315113476e4e7db230c99f5d0d152e90f039935cc11d79283e6d5324a2326aa9970eb15468c0c55bf521fd91d012205bb68bdca174a7879df775916f2d534edc secret +" diff --git a/secret/dnssec/APKBUILD b/secret/dnssec/APKBUILD index 507c70a..a57a7e6 100644 --- a/secret/dnssec/APKBUILD +++ b/secret/dnssec/APKBUILD @@ -1,15 +1,11 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -pkgname=redxen-secret-dnssec -pkgver="$(date +'%Y.%m.%d')" + +. ../APKBUILD-secret.template + +pkgver="$pkgver.01" pkgrel=0 -pkgdesc="Generated DNSSEC keys" -url="https://git.redxen.eu/RedXen/aports" -arch="noarch" -license="none" makedepends="bind-dnssec-tools" -options="!check" -builddir="$srcdir" _dom=" redxen.eu " @@ -17,15 +13,18 @@ _dom=" build() { for dom in $_dom; do mkdir "$dom" + msg "Generating KSK" dnssec-keygen -K "$dom" -f KSK -a ECDSAP256SHA256 -n ZONE "$dom" + msg "Generating ZSK" dnssec-keygen -K "$dom" -a ECDSAP256SHA256 -n ZONE "$dom" - chmod +r "$dom"/*.private # Required for other builds, not to be installed alone (security risk) done } package() { - mkdir -p "$pkgdir/etc/dns" + mkdir -p "$(rx_cpkgdir)/$_rx_installdir" for dom in $_dom; do - mv "$dom" "$pkgdir/etc/dns/$dom" + for i in $dom/*.private $dom/*.key; do + _rx_installdir="$_rx_installdir/$dom" rx_install "$i" + done done } diff --git a/secret/fastd-peerkey/APKBUILD b/secret/fastd-peerkey/APKBUILD new file mode 100644 index 0000000..8f1abc2 --- /dev/null +++ b/secret/fastd-peerkey/APKBUILD @@ -0,0 +1,16 @@ +# Contributor: Alex Denes +# Maintainer: Alex Denes + +. ../APKBUILD-secret.template + +pkgver="$pkgver.01" +pkgrel=0 +makedepends="fastd" + +build() { + printf 'secret "%s";\n' "$(fastd --generate-key --machine-readable)" > secret.conf +} + +package() { + rx_install secret.conf +} diff --git a/secret/letsencrypt/APKBUILD b/secret/letsencrypt/APKBUILD index df4ad6b..11c28db 100644 --- a/secret/letsencrypt/APKBUILD +++ b/secret/letsencrypt/APKBUILD @@ -1,21 +1,17 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -pkgname=redxen-secret-letsencrypt -pkgver=2021.04.29 + +. ../APKBUILD-secret.template + +pkgver=2021.06.01.03 pkgrel=0 -pkgdesc="LetsEncrypt keys" -url="https://git.redxen.eu/RedXen" -arch="noarch" -license="none" subpackages="$pkgname-private $pkgname-public $pkgname-full $pkgname-ca $pkgname-chain" +checkdepends="openssl" source=" private.key public.pem ca.pem " -checkdepends="openssl" -install="$pkgname-private.pre-install $pkgname-full.pre-install" -builddir="$srcdir" build() { cat public.pem ca.pem > chain.crt @@ -23,7 +19,7 @@ build() { } package() { - mkdir -p $pkgdir + mkdir -p "$pkgdir" } check() { @@ -34,29 +30,31 @@ check() { private() { pkgdesc="Private key" - install -Dm640 -g 3005 "$srcdir"/private.key "$subpkgdir"/etc/ssl/redxen/letsencrypt/private.key + rx_install private.key } full() { pkgdesc="Complete certificate chain" - install -Dm640 -g 3005 "$builddir"/full.crt "$subpkgdir"/etc/ssl/redxen/letsencrypt/full.crt + rx_install full.crt } chain() { pkgdesc="Complete public certificate chain" - install -Dm640 -g 3005 "$builddir"/chain.crt "$subpkgdir"/etc/ssl/redxen/letsencrypt/chain.crt + rx_install chain.crt } public() { pkgdesc="Public key" - install -Dm644 -g 3005 "$srcdir"/public.pem "$subpkgdir"/etc/ssl/redxen/letsencrypt/public.pem + rx_install public.pem } ca() { pkgdesc="Certificate authority" - install -Dm644 -g 3005 "$srcdir"/ca.pem "$subpkgdir"/etc/ssl/redxen/letsencrypt/ca.pem + rx_install ca.pem } -sha512sums="11d85953a19bbc4ccea99370d0c7bc1fea78398173602b2b0b4b393704887d9686705456c2b1c8857242c1ced6efe0dd3aca1b202ba5d72549185bd4d1a5feaf private.key +sha512sums=" +11d85953a19bbc4ccea99370d0c7bc1fea78398173602b2b0b4b393704887d9686705456c2b1c8857242c1ced6efe0dd3aca1b202ba5d72549185bd4d1a5feaf private.key d3bb011441ba98d76943b4735ac948fdea520fb11ba7d3911509a0e56f0ecb194cacfb91e7f27a5f5f5a2df4aa48c9a4b05e8d661657c176f02e70fa780e12ed public.pem -aca83fbc7ecf8c225c1145aec21cf70fb1ecd5b37c983e81e313436f0d7f4d1dcb7b89edd2293cb4a648f13b3042438be28d712145f7cc5896c0ff6e0ffc8db9 ca.pem" +aca83fbc7ecf8c225c1145aec21cf70fb1ecd5b37c983e81e313436f0d7f4d1dcb7b89edd2293cb4a648f13b3042438be28d712145f7cc5896c0ff6e0ffc8db9 ca.pem +" diff --git a/secret/letsencrypt/public.pem b/secret/letsencrypt/public.pem new file mode 100644 index 0000000..b11500e --- /dev/null +++ b/secret/letsencrypt/public.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFJzCCBA+gAwIBAgISBByUlEzXIKPi3ybwCHjT6TeLMA0GCSqGSIb3DQEBCwUA +MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD +EwJSMzAeFw0yMTA0MjkxNTQyMjZaFw0yMTA3MjgxNTQyMjZaMBQxEjAQBgNVBAMT +CXJlZHhlbi5ldTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOrTPc1c +pt3FUXU+b5vivRy4cxVP61hS8z6GYSl/W/1yTncF8l0h5X1twEmDq5z2AxHRimAD +0Kxk3DvPhN3kz7oqeldqOcqcFnY3Azq7O3LIvBjkW9gu0uROqsEWIGJMLRjwddUX +sG+KK8P4osVO9rsPkF8VCXNu0AsTTnZkHrAU9IrDc7NsbpXYFO4bDPDExhP6FrX1 +ETXbTOwzyOWJfWWXE4VP/w7UVyBl2JNVDR/2Zd6pC4KyCBGqwsgLDbTsMXeOlAgY +jrWNbpVum2myC5YL2QV6l+xboKk8fk5ZxAp/1ocR+ZtlGN5yfEPGk+VjrJxHud4t +o2rPgSheVg7wEOcCAwEAAaOCAlMwggJPMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE +FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU +aawXuS5vALmot8SiZkXurzhFnrQwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+v +nYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5s +ZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wIQYD +VR0RBBowGIILKi5yZWR4ZW4uZXWCCXJlZHhlbi5ldTBMBgNVHSAERTBDMAgGBmeB +DAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxl +dHNlbmNyeXB0Lm9yZzCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3APZclC/RdzAi +FFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABeR6CnOwAAAQDAEgwRgIhAM3+dDQm +m064IB8XphI1y9wty2rzNMq4DxIyb9QpSiA4AiEAgAIEbNWksHDezUETHo6I2q4M +ld/SxnpmSeENkfrKci4AdwBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZ +EwAAAXkegp0kAAAEAwBIMEYCIQDqUH/fyH+372Gcrabuzkbotrp0cM++MIiSBzQ7 +n3O/QQIhAKOpzsMbdkAGTN4/hv8n7UIPKZDRkkcPX+plT+dhGcNsMA0GCSqGSIb3 +DQEBCwUAA4IBAQA8vKfw6s9r5sntEt5F2MkUlNQJfvZ30xQ0Yxk2eNRT1rtqeCQ1 +rIfjiieQkdhazVDlnd/GCkZEL5+TanAx3C2v82fVfcPxhsp3h7eXKRhn2pQbtsnw +r3gEUeSIIe4eNWA6umPrYgxxn1KarWPP+DIYG/FMdjzESN4VHbFWgLD1sX6v9N31 +KUXmDfdy2U0QE+PXu0GpeM49+i6u7j3e7q3XaGuKmREzlN4R0X0QSfvyuquwxV4d +jBXQdno80Q8/7ZSkgRO7g0a1HYVBtStfGOahgAHB38msfl0YEZAI0SBiCkvm/tOe +NlSvgvA0UoD/uQ1S6StV59Eac51kUY4NqPEY +-----END CERTIFICATE----- diff --git a/secret/letsencrypt/redxen-secret-letsencrypt-full.pre-install b/secret/letsencrypt/redxen-secret-letsencrypt-full.pre-install deleted file mode 120000 index e725812..0000000 --- a/secret/letsencrypt/redxen-secret-letsencrypt-full.pre-install +++ /dev/null @@ -1 +0,0 @@ -redxen-secret-letsencrypt.pre-install \ No newline at end of file diff --git a/secret/letsencrypt/redxen-secret-letsencrypt-private.pre-install b/secret/letsencrypt/redxen-secret-letsencrypt-private.pre-install deleted file mode 120000 index e725812..0000000 --- a/secret/letsencrypt/redxen-secret-letsencrypt-private.pre-install +++ /dev/null @@ -1 +0,0 @@ -redxen-secret-letsencrypt.pre-install \ No newline at end of file diff --git a/secret/letsencrypt/redxen-secret-letsencrypt.pre-install b/secret/letsencrypt/redxen-secret-letsencrypt.pre-install deleted file mode 100644 index 7fdf6d9..0000000 --- a/secret/letsencrypt/redxen-secret-letsencrypt.pre-install +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -addgroup -g 3005 -S rxletsenc 2>/dev/null - -return 0 diff --git a/secret/opendkim/APKBUILD b/secret/opendkim/APKBUILD index 107098e..24fe229 100644 --- a/secret/opendkim/APKBUILD +++ b/secret/opendkim/APKBUILD @@ -1,29 +1,23 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -pkgname=redxen-secret-opendkim -pkgver="$(date +'%Y.%m.%d')" + +. ../APKBUILD-secret.template + +pkgver="$pkgver.01" pkgrel=0 -pkgdesc="Generated OpenDKIM keys" -url="https://git.redxen.eu/RedXen/aports" -arch="noarch" -license="none" makedepends="opendkim-utils" subpackages="$pkgname-dns" -options="!check" -builddir="$srcdir" -source="" build() { + msg "Generating OpenDKIM signing key" opendkim-genkey -b 2048 -s "$pkgver-mail" -d redxen.eu - msg "Add this DNS TXT record" - cat "$pkgver-mail".txt } package() { - install -Dm400 "$pkgver-mail".private "$pkgdir"/etc/opendkim/redxen/"$pkgver-mail".private + rx_install "$pkgver-mail".private } dns() { - install -Dm644 "$builddir"/"$pkgver-mail".txt "$subpkgdir"/etc/opendkim/redxen/dns-record + rx_install "$pkgver-mail".txt dns-record } diff --git a/secret/selfsigned/APKBUILD b/secret/selfsigned/APKBUILD index f8563ca..1fcbb76 100644 --- a/secret/selfsigned/APKBUILD +++ b/secret/selfsigned/APKBUILD @@ -1,17 +1,12 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -pkgname=redxen-secret-selfsigned -pkgver="$(date +'%Y.%m.%d')" + +. ../APKBUILD-secret.template + +pkgver="$pkgver.01" pkgrel=0 -pkgdesc="Self-signed keys" -url="https://git.redxen.eu/RedXen" -arch="noarch" -license="none" -options="!check" makedepends="openssl" subpackages="$pkgname-private $pkgname-public $pkgname-fullchain" -install="$pkgname-private.pre-install $pkgname-fullchain.pre-install" -builddir="$srcdir" build() { openssl genrsa -out private.key 4096 @@ -20,18 +15,18 @@ build() { } package() { - mkdir -p $pkgdir + mkdir -p "$(rx_cpkgdir)" } private() { pkgdesc="Private key" - install -Dm440 -g 3000 "$builddir"/private.key "$subpkgdir"/etc/ssl/redxen/selfsigned/private.key + rx_install private.key } fullchain() { pkgdesc="Full chain of certificates (public and private)" - install -Dm440 -g 3000 "$builddir"/fullchain.crt "$subpkgdir"/etc/ssl/redxen/selfsigned/fullchain.crt + rx_install fullchain.crt } public() { pkgdesc="Public key" - install -Dm444 -g 3000 "$builddir"/public.pem "$subpkgdir"/etc/ssl/redxen/selfsigned/public.pem + rx_install public.pem } diff --git a/secret/selfsigned/redxen-secret-selfsigned-fullchain.pre-install b/secret/selfsigned/redxen-secret-selfsigned-fullchain.pre-install deleted file mode 120000 index cf8825b..0000000 --- a/secret/selfsigned/redxen-secret-selfsigned-fullchain.pre-install +++ /dev/null @@ -1 +0,0 @@ -redxen-secret-selfsigned.pre-install \ No newline at end of file diff --git a/secret/selfsigned/redxen-secret-selfsigned-private.pre-install b/secret/selfsigned/redxen-secret-selfsigned-private.pre-install deleted file mode 120000 index cf8825b..0000000 --- a/secret/selfsigned/redxen-secret-selfsigned-private.pre-install +++ /dev/null @@ -1 +0,0 @@ -redxen-secret-selfsigned.pre-install \ No newline at end of file diff --git a/secret/selfsigned/redxen-secret-selfsigned.pre-install b/secret/selfsigned/redxen-secret-selfsigned.pre-install deleted file mode 100644 index a16a871..0000000 --- a/secret/selfsigned/redxen-secret-selfsigned.pre-install +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -addgroup -g 3000 -S rxselfsig 2>/dev/null - -return 0