aports/DEPLOYMENT-NOTES

54 lines
1.7 KiB
Plaintext
Raw Normal View History

2020-11-20 16:31:49 +00:00
Some services need some preparation or configuration to work. Not all can work out of the box.
General:
- Every database-backed service needs manual user creation and db creation
- Every service needs to be started and enabled manually via openrc (custom services end in .redxen)
- Every service that needs ports needs entries in /etc/iptables/rx-rules{4,6}
2020-12-22 23:20:15 +00:00
- Every service that needs data storage needs a volume to back it
ifupdown-ng:
2020-12-13 01:33:40 +00:00
- Public networks should be configured manually since RAs aren't usually configured
``` HETZNER EXAMPLE
auto eth0
iface eth0 inet static
address
netmask 255.255.255.255
gateway 172.31.1.1
pointopoint 172.31.1.1
iface eth0 inet6 static
address
netmask 64
gateway fe80::1
```
- Private networks need this workaround for routing to work properly
```
auto eth1
iface eth1 inet dhcp
up ip route add 10.0.0.0/16 via 10.0.0.1 dev eth1
post-up ip route del default via 10.0.0.1 dev eth1
```
Yggdrasil:
- Yggdrasil needs manual configuration for peers and whitelisting
Unbound:
- Set `RESOLV_CONF=no` in /etc/udhcpc/udhcpc.conf to prevent automatic DNS configuration
2020-11-20 16:31:49 +00:00
OpenSSH SFTP Chroot (part of seedbox):
- Bind mounts from location of chroot to /sftp-chroot
NOTE: Usually `mount -o bind /seedbox /sftp-chroot`
- seedbox user needs to be manually appended to /etc/ssh/sshd_config
Pleroma:
- Migration might be needed between upgrades (/pleroma/bin/pleroma_ctl migrate)
2020-12-13 01:33:40 +00:00
Wireguard:
- Requires the following iptables rules other than the port opening
```
*filter
-A FORWARD -i rxmain -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o rxmain -j ACCEPT
*nat
-A POSTROUTING -o eth0 -j MASQUERADE
```