Some services need some preparation or configuration to work. Not all can work out of the box. General: - Every database-backed service needs manual user creation and db creation - Every runlevel that is wanted needs to be stacked on default (services are added to their specific runlevel automatically) - Every service that needs ports needs entries in /etc/iptables/rx-rules{4,6} - Every service that needs data storage needs a volume to back it ifupdown-ng: - Public networks should be configured manually since RAs aren't usually configured, private ones also shouldn't rely on the rather unstable DHCP ``` HETZNER EXAMPLE auto eth0 iface eth0 inet static address netmask 255.255.255.255 gateway 172.31.1.1 pointopoint 172.31.1.1 iface eth0 inet6 static address netmask 64 gateway fe80::1 ``` ``` auto eth1 iface eth1 inet static address 10.0.X.X netmask 255.255.255.255 mtu 1450 pointopoint 10.0.0.1 post-up ip route add 10.0.0.0/16 via 10.0.0.1 dev eth1 ``` Yggdrasil: - Yggdrasil needs manual configuration for peers and whitelisting Unbound: - Set `RESOLV_CONF=no` in /etc/udhcpc/udhcpc.conf to prevent automatic DNS configuration OpenSSH SFTP Chroot (part of seedbox): - Bind mounts from location of chroot to /sftp-chroot NOTE: Usually `mount -o bind /seedbox /sftp-chroot` - seedbox user needs to be manually appended to /etc/ssh/sshd_config Pleroma: - Migration might be needed between upgrades (/pleroma/bin/pleroma_ctl migrate) Wireguard: - Requires the following iptables rules other than the port opening ``` *filter -A FORWARD -i rxmain -o eth0 -j ACCEPT -A FORWARD -i eth0 -o rxmain -j ACCEPT *nat -A POSTROUTING -o eth0 -j MASQUERADE ```