Use local port range for everything and fix some stuff

2021-01-27 20:13:07 +00:00 · 2021-01-27 20:13:07 +00:00 · bce2649ac0
parent 8ae4100f75
commit bce2649ac0
13 changed files with 74 additions and 28 deletions
--- a/47
+++ b/47
@ -0,0 +1,47 @@
+Internal ports: 7500-7600
+	# Milters (10-19)
+	Rspamd:
+	    Proxy:      7510
+	    Normal:     7511
+	    Fuzzy:      7513
+	OpenDKIM:       7514
+
+	# Networking (20-39)
+	Yggdrasil:      7521
+
+	# Games (40-49)
+	Minecraft:      7540
+	Terraria:       7541
+	Xonotic:        7542
+
+	# Databases (50-69)
+	PostgreSQL:     7550
+	Redis:          7551
+	InfluxDB:       7552
+
+	# Services (70-99)
+	Gitea:
+	    HTTP:       7570
+	    SSH:        7571
+	Transmission:   7572
+	Mumble:         7573
+	NGINX:          7574
+	Grafana:        7577
+
+Public ports:
+	SSH:            22
+	Unbound:        53
+	HAProxy:        80,443
+	Postfix:
+	    SMTP:       25
+	    +TLS:       465
+	    +STARTTLS:  587
+	Dovecot:
+	    IMAP:       143
+	    +TLS:       993
+	Transmission:   51413
+	Wireguard:      51820
+	(HA) Gitea SSH: 2442
+	(HA) Mumble:    64738
+
+(HA): Proxied by HAProxy
--- a/configs/gitea/APKBUILD
+++ b/configs/gitea/APKBUILD
@ -1,8 +1,8 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=redxen-config-gitea
-pkgver=2020.12.29
-pkgrel=4
+pkgver=2021.01.27
+pkgrel=0
 pkgdesc="Gitea configuration"
 url="https://git.redxen.eu/RedXen"
 arch="noarch"
@ -18,4 +18,4 @@ package() {
 	install -Dm644 gitea.ini "$pkgdir"/etc/gitea/redxen.ini
 }

-sha512sums="b38cfd3921f150572a41ad6806b68b6f9f9ae4c2ce0b80961fa7958eabcb0205f9cee348363e819574a488de7db6eaa9f7a6ab8a82744fd76adbd1e19635ed53  gitea.ini"
+sha512sums="41d387f28981777fa52581fe00549d15677bbafa232f82b504ed342ce188cdddabffbd9bb900ad7d0f5b73d7c4f78599715541f46b93b42b22f2f5077455c1eb  gitea.ini"
--- a/configs/opendkim/APKBUILD
+++ b/configs/opendkim/APKBUILD
@ -1,7 +1,7 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=redxen-config-opendkim
-pkgver=2021.01.13
+pkgver="$(date +'%Y.%m.%d')"
 pkgrel=0
 pkgdesc="OpenDKIM configuration"
 url="https://git.redxen.eu/RedXen"
--- a/configs/opendkim/opendkim.conf
+++ b/configs/opendkim/opendkim.conf
@ -13,4 +13,4 @@ SignatureAlgorithm      rsa-sha256

 UserID                  opendkim:opendkim

-Socket                  inet:12301@localhost
+Socket                  inet6:7514
--- a/configs/postfix/APKBUILD
+++ b/configs/postfix/APKBUILD
@ -1,8 +1,8 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=redxen-config-postfix
-pkgver=2021.01.13
-pkgrel=3
+pkgver=2021.01.27
+pkgrel=0
 pkgdesc="Postfix configuration files"
 url="https://git.redxen.eu/RedXen"
 arch="noarch"
@ -25,6 +25,6 @@ package() {
 }

 sha512sums="0c7bcc9e63762b12937938e31b25ed6a84508061fef2913625d7c89b1d6e4f27dfbe2065aca2f75e7c3a62d38cd613afc70af40526d7fd11c942bc4ba8b59515  master.cf
-5355729238194ca4951fceefa9a01e294a64d1762ae202434a5dadf87ad2b6731cced19b479a85278b35f1d861eaf3ac3d2b4dfe68c4132fdbf86e379021ca34  main.cf
+643f3f010b8b775082cd34d4853e8dd02a9101ed581103e2d10f9e973237ea2de7a45d2d1b1afb50cae52f594f0b9c051ddcd92e8cf7f77acfdc06bdcd0044b1  main.cf
 a1778901dbc12de543d9d5897b9d50ee5ebe47b7ef6ed87a0087249657f146ff8493de455d32016660cca3c8d669592e0ea9fbe9b6696d92cac6f014277f29e5  pgsql-aliases.cf
 72c50fe20b4d1a7ea2e60fb2cac0164814ab41011eb7f0d67a8a5715a0cc43d3ad573f198a7933eb130f68ec5c25c558fad791300e5bb25e020ca76a4303db4c  pgsql-users.cf"
--- a/configs/postfix/main.cf
+++ b/configs/postfix/main.cf
@ -66,5 +66,5 @@ milter_protocol = 6
 milter_default_action = tempfail
 internal_mail_filter_classes = bounce, notify

-non_smtpd_milters = inet:rspamd.routinginfo.redxen.localhost:11332
-smtpd_milters = inet:opendkim.routinginfo.redxen.localhost:11335 $non_smtpd_milters
+non_smtpd_milters = inet:rspamd.routinginfo.redxen.localhost:7510
+smtpd_milters = inet:opendkim.routinginfo.redxen.localhost:7514 $non_smtpd_milters
--- a/configs/rspamd/APKBUILD
+++ b/configs/rspamd/APKBUILD
@ -1,8 +1,8 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=redxen-config-rspamd
-pkgver=2021.01.13
-pkgrel=4
+pkgver=2021.01.27
+pkgrel=0
 pkgdesc="RSpamD configuration"
 url="https://git.redxen.eu/RedXen"
 arch="noarch"
@ -70,4 +70,4 @@ dcec5c53bd29c345ed5c47727af9a8d11328cc8f69ae61064ba3b053ee306baa79b747067097b235
 4ea651877607573126a731619801458798c1e8e4de3522462af4c71adc38141d09a0c75c2c83a33698e3c51095d0b7d364e1ceb3aa534a4157106370a7800e4a  groups.conf
 78df39cbc6e09cdc5e01d27e123d82aa677a70a6f5d59ba0be8d0ce6af012c5311e4a2527e4fbc586f9cdd8da033e9f05e2371970fa23db60eaa8c16c8e85f05  logging.conf
 2d27d5ac1800ee28948f8fcc276cc5c62c97a19d01dde2263eadf3ec4f8eb3bbb8417f4271324c5cfbf1ebd60759aa9047849ea803da96c8632c21966b794e6c  statistic.conf
-6d8cec7d31b7eeae5f62697f300c6dd2c85dd882240d11aa8db70e1870130607388b6823d3bfbebcfa2b8fc4c2f29650d9f53d3313b4a369f862576215ccb4cb  workers.conf"
+01771b426a7ca85fcd1bbc5a96a80d16d623ea6bfd9430d83ab9a83029233895c5d671ea68e8acd4480d012f29050449f53dcb262e31eb62d432f2ee223d5b18  workers.conf"
--- a/configs/rspamd/workers.conf
+++ b/configs/rspamd/workers.conf
@ -1,18 +1,18 @@
 worker "normal" {
 	count = 1;
-	bind_socket = "*:11333";
+	bind_socket = "*:7511";
 	mime = true;
 }

 worker "controller" {
 	enabled = false;
 	count = -1;
-	bind_socket = "*:11334";
+	bind_socket = "*:7512";
 }

 worker "rspamd_proxy" {
 	count = 1;
-	bind_socket = "*:11332";
+	bind_socket = "*:7510";
 	milter = yes;
 	timeout = 120s; # Needed for Milter usually
 	max_retries = 5;
@ -28,7 +28,7 @@ worker "rspamd_proxy" {

 worker "fuzzy" {
 	count = 1;
-	bind_socket = "*:11335";
+	bind_socket = "*:7513";
 	backend = "redis";
 	expire = 90d;
 	allow_update = [];
--- a/configs/unbound/APKBUILD
+++ b/configs/unbound/APKBUILD
@ -1,9 +1,9 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=redxen-config-unbound
-pkgver=2021.01.16
-pkgrel=1
-pkgdesc="Unbound configurations and some other stuff."
+pkgver=2021.01.27
+pkgrel=0
+pkgdesc="Unbound configurations"
 url="https://git.redxen.eu/RedXen"
 arch="noarch"
 license="none"
@ -61,6 +61,6 @@ sha512sums="f402b87071a3059992242b7dbce0aaea2f20ec4e5fc4e855160d5ebc75be7dd3d4cb
 d3754ced9d8055ff7f1d364a93c403bba3f220a60ea519bceee5e9c43112d6a00d20d15cf659fdd6ad6834cf14afd6ecb5d9e1497ff2932572fd970750655749  base.conf
 75709787e0872197c83def93b343550934f6b2e4903873aaf72f357fb8b4a1d7c5b8ba84913f052ad01aeca03f58ca589a22bf867c1c2e40e01f9588c7c580c4  acl.conf
 d94ad338e2ea43c3ecdc62c861eddc0bb706807b738dd985309bcdf0b5fb435d7260bf272e2bbe40a774ec5b8fa49cbf23624c2c5213eea94f4f14aa3720abfa  rctrl.conf
-42a0d74bf678c85cf948d7d5177ba746015996baf14c7e013882b491f770522d439d7e6e7bc53c0c60588fdb01da74b97fb2724a61aef5bee427218835c10c3a  internal.conf
+0d6a9920ebf115ff8d63ed0d62dd3587531f8802ffd7ba3242b7e0169d393219eea3330fb60c7350efda0d803863b59f848515752353435c93d5865507f2c8f1  internal.conf
 28c917fe7f69643887097553312c4f1ffc747dffdbf150430e6c4b2e5833567922810716cb59a27887915664777ac3263be3c826956f504499f0ebdcc0b3aac5  auth-zones.conf
 e9548874e2497e28f7b9debf12e5f21bc89d1935cfc0f268461e6c3b03729ef98ac58c6bc63bceda830ce5b525a462546b41f78c27120180b4ff045e3ce491e9  redxen.eu"
--- a/configs/unbound/internal.conf
+++ b/configs/unbound/internal.conf
@ -18,7 +18,7 @@ server:
 	local-data: "_grafana._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7577 8201371.fsn1-dc14.hetzner.redxen.localhost."
 	local-data: "_transmission._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7572 9013723.fsn1-dc14.hetzner.redxen.localhost."
 	local-data: "_gitea._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7570 9227948.nbg1-dc3.hetzner.redxen.localhost."
-	local-data: "_gitssh._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7572 9227948.nbg1-dc3.hetzner.redxen.localhost."
+	local-data: "_gitssh._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7571 9227948.nbg1-dc3.hetzner.redxen.localhost."
 	# local-data: "_pleroma._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 8088 6051167.nbg1-dc3.hetzner.redxen.localhost."

 	# NGINX servers
--- a/openrc/opendkim/APKBUILD
+++ b/openrc/opendkim/APKBUILD
@ -5,8 +5,8 @@ _grpname=mail

 . ../APKBUILD-openrc.common

-pkgver=2021.01.26
-pkgrel=1
+pkgver=2021.01.27
+pkgrel=0

-sha512sums="3c70a6dd075f61cf4bf057ed5377907cfe29e27ab2034eed8b5aa5aec0ea7e0e8b99ef626a17d6967fc6cde3141d052e5876bec88b5eac75eaca081be47b77f0  runfile
-fcdadc942eb9c3135ddc79f8f07a5702bc5572de939d58ac70230dead5ee6f2f0f1d398567e8337f7321e1f0a0b4c77cabaeec69f502bc7d8c74c4832103f3c3  conffile"
+sha512sums="afcea7f32fc76faa23c094bc9e83db82e8b652dd8326140d432a91104f65d77b663c362587e72a96853a7b9bc6df1f06fc8b5e887a8b2522162c09b2cd9fc3da  runfile
+ab5ab3bfcafa6e3c919801162517a05b08352a7fe3686cb01603eb2acabb273ef2501f0c7c1d039200a5f045faaf3bacf70ca377f736700c67b65bacb0b0275a  conffile"
--- a/openrc/opendkim/conffile
+++ b/openrc/opendkim/conffile
@ -1,3 +1,2 @@
 OPENDKIM_CONF="/etc/opendkim/redxen/opendkim.conf"
 OPENDKIM_KEY="/etc/opendkim/redxen/mail.private"
-OPENDKIM_SOCKSPEC="inet6:11335"
--- a/openrc/opendkim/runfile
+++ b/openrc/opendkim/runfile
@ -2,7 +2,7 @@

 pidfile="${OPENDKIM_RUNTIME:-/run/opendkim}/${RC_SVCNAME}.pid"
 command=/usr/sbin/opendkim
-command_args="-l -p ${OPENDKIM_SOCKSPEC:-local:${OPENDKIM_RUNTIME:-/run/opendkim}/opendkim.sock} -P ${pidfile} -x ${OPENDKIM_CONF:-/etc/opendkim/opendkim.conf}"
+command_args="-l -P ${pidfile} -x ${OPENDKIM_CONF:-/etc/opendkim/opendkim.conf}"
 command_user="${command_user:-opendkim:opendkim}"

 depend() {