2020-11-20 16:31:49 +00:00
|
|
|
Some services need some preparation or configuration to work. Not all can work out of the box.
|
|
|
|
|
2020-12-07 15:46:31 +00:00
|
|
|
General:
|
|
|
|
- Every database-backed service needs manual user creation and db creation
|
|
|
|
- Every service needs to be started and enabled manually via openrc (custom services end in .redxen)
|
2020-12-18 20:50:42 +00:00
|
|
|
- Every service that needs ports needs entries in /etc/iptables/rx-rules{4,6}
|
2020-12-22 23:20:15 +00:00
|
|
|
- Every service that needs data storage needs a volume to back it
|
2020-12-07 15:46:31 +00:00
|
|
|
|
|
|
|
ifupdown-ng:
|
2020-12-13 01:33:40 +00:00
|
|
|
- Public networks should be configured manually since RAs aren't usually configured
|
|
|
|
``` HETZNER EXAMPLE
|
|
|
|
auto eth0
|
|
|
|
iface eth0 inet static
|
|
|
|
address
|
|
|
|
netmask 255.255.255.255
|
|
|
|
gateway 172.31.1.1
|
|
|
|
pointopoint 172.31.1.1
|
|
|
|
|
|
|
|
iface eth0 inet6 static
|
|
|
|
address
|
|
|
|
netmask 64
|
|
|
|
gateway fe80::1
|
|
|
|
```
|
2020-12-07 15:46:31 +00:00
|
|
|
- Private networks need this workaround for routing to work properly
|
|
|
|
```
|
|
|
|
auto eth1
|
|
|
|
iface eth1 inet dhcp
|
|
|
|
up ip route add 10.0.0.0/16 via 10.0.0.1 dev eth1
|
2020-12-18 20:50:42 +00:00
|
|
|
post-up ip route del default via 10.0.0.1 dev eth1
|
2020-12-07 15:46:31 +00:00
|
|
|
```
|
|
|
|
Yggdrasil:
|
|
|
|
- Yggdrasil needs manual configuration for peers and whitelisting
|
|
|
|
|
2020-11-27 09:15:40 +00:00
|
|
|
Unbound:
|
|
|
|
- Set `RESOLV_CONF=no` in /etc/udhcpc/udhcpc.conf to prevent automatic DNS configuration
|
|
|
|
|
2020-11-20 16:31:49 +00:00
|
|
|
OpenSSH SFTP Chroot (part of seedbox):
|
|
|
|
- Bind mounts from location of chroot to /sftp-chroot
|
|
|
|
NOTE: Usually `mount -o bind /seedbox /sftp-chroot`
|
|
|
|
- seedbox user needs to be manually appended to /etc/ssh/sshd_config
|
|
|
|
|
|
|
|
Pleroma:
|
2020-11-27 09:15:40 +00:00
|
|
|
- Migration might be needed between upgrades (/pleroma/bin/pleroma_ctl migrate)
|
2020-12-13 01:33:40 +00:00
|
|
|
|
2020-12-18 20:50:42 +00:00
|
|
|
Wireguard:
|
|
|
|
- Requires the following iptables rules other than the port opening
|
|
|
|
```
|
|
|
|
*filter
|
|
|
|
-A FORWARD -i rxmain -o eth0 -j ACCEPT
|
|
|
|
-A FORWARD -i eth0 -o rxmain -j ACCEPT
|
|
|
|
*nat
|
|
|
|
-A POSTROUTING -o eth0 -j MASQUERADE
|
|
|
|
```
|