more stuff
This commit is contained in:
parent
bbb68f01ba
commit
216abaa354
GPG Key ID:
E5AE8A47B8EFC7ED
|
|
@ -5,6 +5,20 @@ General:
|
|||
- Every service needs to be started and enabled manually via openrc (custom services end in .redxen)
|
||||
|
||||
ifupdown-ng:
|
||||
- Public networks should be configured manually since RAs aren't usually configured
|
||||
``` HETZNER EXAMPLE
|
||||
auto eth0
|
||||
iface eth0 inet static
|
||||
address
|
||||
netmask 255.255.255.255
|
||||
gateway 172.31.1.1
|
||||
pointopoint 172.31.1.1
|
||||
|
||||
iface eth0 inet6 static
|
||||
address
|
||||
netmask 64
|
||||
gateway fe80::1
|
||||
```
|
||||
- Private networks need this workaround for routing to work properly
|
||||
```
|
||||
auto eth1
|
||||
|
|
@ -31,3 +45,6 @@ OpenSSH SFTP Chroot (part of seedbox):
|
|||
|
||||
Pleroma:
|
||||
- Migration might be needed between upgrades (/pleroma/bin/pleroma_ctl migrate)
|
||||
|
||||
NGINX:
|
||||
- It has to be added to the groups for the /http contents
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=data-redxen-haproxy-errorpages
|
||||
pkgver=1
|
||||
pkgver=2020.10.12
|
||||
pkgrel=0
|
||||
_commit="d2eafb66f5d082f0d492e21cc07bb6636767ff7c"
|
||||
pkgdesc="Errorpages for HAProxy"
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=data-redxen-homepage
|
||||
pkgver=6
|
||||
pkgver=2020.10.12
|
||||
pkgrel=0
|
||||
_commit="ccffc104aeb298b8192b6d3174d4f8d9cccd3f3c"
|
||||
pkgdesc="Homepage files"
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=pleroma-redxen-lxc
|
||||
pkgver=1
|
||||
pkgver=2020.10.12
|
||||
pkgrel=0
|
||||
pkgdesc="Pleroma LXC configuration files"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
|
|
|
|||
|
|
@ -1,13 +1,13 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=darkhttpd-redxen-openrc
|
||||
pkgver=2020.12.7
|
||||
pkgrel=1
|
||||
pkgver=2020.12.10
|
||||
pkgrel=2
|
||||
pkgdesc="DarkHTTPD service files"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
license="none"
|
||||
depends="openrc"
|
||||
depends="openrc darkhttpd"
|
||||
options="!check"
|
||||
source="
|
||||
runfile
|
||||
|
|
@ -21,4 +21,4 @@ package() {
|
|||
}
|
||||
|
||||
sha512sums="dd792892588e03cef4a36bb8e81297990884298d8a2bc1c14ae2d8986a0a17af8d15bf3fb4e1830d22b154dc00591d884e20da915f51fd8ecf3b05b6c92dc7d4 runfile
|
||||
094af8b7d1707ec9e85a614821262685dbdfc96538da6449970c231c3b8ecc0d9ac80002ed945d93c3a161321c9d85e51d5ef0ad44a03aaee547956a6bdad95b conffile"
|
||||
33e9e16a4565ba821ca53615145465a6bc2d4d659c267ca5fb2dbbdaf24965d5474ef2b751b3e92f95f23dd19834351449494de4f40a1befd7114c4d11a4b281 conffile"
|
||||
|
|
|
|||
|
|
@ -1,12 +1,11 @@
|
|||
# darkhttpd web server config
|
||||
|
||||
document_root="/http"
|
||||
logdir="/var/log/\$SVCNAME"
|
||||
addr=0.0.0.0
|
||||
logdir="/var/log/$SVCNAME"
|
||||
port=7574
|
||||
run_as_user=darkhttpd
|
||||
run_as_group=www-data
|
||||
run_in_chroot=yes
|
||||
|
||||
# extra arguments
|
||||
# darkhttpd_args=""
|
||||
darkhttpd_args="--ipv6"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,21 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=dovecot-redxen-openrc
|
||||
pkgver=2020.12.7
|
||||
pkgrel=1
|
||||
pkgdesc="Dovecot OpenRC service files"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
license="none"
|
||||
depends="openrc dovecot-openrc dovecot-redxen-config"
|
||||
options="!check"
|
||||
source="
|
||||
conffile
|
||||
"
|
||||
builddir="$srcdir"
|
||||
|
||||
package() {
|
||||
mkdir -p "$pkgdir"/etc/init.d
|
||||
ln -s dovecot "$pkgdir"/etc/init.d/dovecot.redxen
|
||||
install -Dm644 conffile "$pkgdir"/etc/conf.d/dovecot.redxen
|
||||
}
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=lighttpd-redxen-openrc
|
||||
pkgver=2020.12.11
|
||||
pkgrel=0
|
||||
pkgdesc="LigHTTPd service files"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
license="none"
|
||||
depends="openrc lighttpd-openrc lighttpd-redxen-config"
|
||||
options="!check"
|
||||
source="
|
||||
conffile
|
||||
"
|
||||
builddir="$srcdir"
|
||||
|
||||
package() {
|
||||
mkdir -p "$pkgdir"/etc/init.d
|
||||
ln -s lighttpd "$pkgdir"/etc/init.d/lighttpd.redxen
|
||||
install -Dm644 conffile "$pkgdir"/etc/conf.d/lighttpd.redxen
|
||||
}
|
||||
|
||||
sha512sums="6a618a3d00df5cfc5e31b2f5f66edfbde4d6514c04df51f89162a42b8f1ad3ef3d06827a4cd46bee54e8ba91316354b510c49ebd873fb727e96b1c756895df7b conffile"
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
# /etc/conf.d/lighttpd
|
||||
|
||||
# Location of a shell used by the 'include_shell' directive
|
||||
# in the lighttpd's configuration file
|
||||
#export SHELL="/bin/bash"
|
||||
|
||||
# Location of the lighttpd configuration file
|
||||
LIGHTTPD_CONF="/etc/lighttpd/redxen/main.conf"
|
||||
|
||||
# Location of the lighttpd pid file
|
||||
LIGHTTPD_PID="/run/lighttpd.pid"
|
||||
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=murmur-redxen-openrc
|
||||
pkgver=2020.12.7
|
||||
pkgrel=1
|
||||
pkgver=2020.12.12
|
||||
pkgrel=0
|
||||
pkgdesc="Murmur OpenRC service files"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,23 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=nginx-redxen-openrc
|
||||
pkgver=2020.12.11
|
||||
pkgrel=0
|
||||
pkgdesc="NGINX service files"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
license="none"
|
||||
depends="openrc nginx-openrc nginx-redxen-config"
|
||||
options="!check"
|
||||
source="
|
||||
conffile
|
||||
"
|
||||
builddir="$srcdir"
|
||||
|
||||
package() {
|
||||
mkdir -p "$pkgdir"/etc/init.d
|
||||
ln -s nginx "$pkgdir"/etc/init.d/nginx.redxen
|
||||
install -Dm644 conffile "$pkgdir"/etc/conf.d/nginx.redxen
|
||||
}
|
||||
|
||||
sha512sums="41b11e1be914b9a3c87fb1e98016ddd70e4fd5c6f80205f011cda44f5ca00359f14bdb40fc7225f8502ac6cd99e18578ae81ea4970fb53bd9b22403248b2d353 conffile"
|
||||
|
|
@ -0,0 +1 @@
|
|||
cfgfile="/etc/nginx/redxen.conf"
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=postfix-redxen-openrc
|
||||
pkgver=2020.12.10
|
||||
pkgrel=0
|
||||
pkgdesc="Postfix OpenRC service files"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
license="none"
|
||||
depends="openrc postfix-openrc postfix-redxen-config"
|
||||
options="!check"
|
||||
source="
|
||||
conffile
|
||||
"
|
||||
builddir="$srcdir"
|
||||
|
||||
package() {
|
||||
mkdir -p "$pkgdir"/etc/init.d
|
||||
ln -s postfix "$pkgdir"/etc/init.d/postfix.redxen
|
||||
install -Dm644 conffile "$pkgdir"/etc/conf.d/postfix.redxen
|
||||
}
|
||||
sha512sums="cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e conffile"
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=postgresql-redxen-openrc
|
||||
pkgver=2020.12.07
|
||||
pkgrel=1
|
||||
pkgver=2020.12.7
|
||||
pkgrel=0
|
||||
pkgdesc="PostgreSQL service files"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,22 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=unbound-redxen-openrc
|
||||
pkgver=2020.12.7
|
||||
pkgrel=1
|
||||
pkgdesc="Unbound OpenRC service files"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
license="none"
|
||||
depends="openrc unbound-openrc unbound-redxen-config"
|
||||
options="!check"
|
||||
source="
|
||||
conffile
|
||||
"
|
||||
builddir="$srcdir"
|
||||
|
||||
package() {
|
||||
mkdir -p "$pkgdir"/etc/init.d
|
||||
ln -s unbound "$pkgdir"/etc/init.d/unbound.redxen
|
||||
install -Dm644 conffile "$pkgdir"/etc/conf.d/unbound.redxen
|
||||
}
|
||||
sha512sums="27434e5134d39b74de08938b31a4b4b1672c058b0f48e9cbf3b03df6c890c476e664853b1b5e9173b04ec6859f36446d2a2bf0bfabcb4ed630f826db122ca07b conffile"
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
# Configuration file to start with
|
||||
cfgfile="/etc/unbound/main.conf"
|
||||
command_args="-c $cfgfile"
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=telegraf-redxen-openrc
|
||||
pkgver=2020.12.7
|
||||
pkgrel=1
|
||||
pkgver=2020.12.10
|
||||
pkgrel=0
|
||||
pkgdesc="Telegraf service files"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
|
|
@ -10,14 +10,15 @@ license="none"
|
|||
depends="openrc telegraf-openrc telegraf-redxen-config"
|
||||
options="!check"
|
||||
source="
|
||||
runfile
|
||||
conffile
|
||||
"
|
||||
builddir="$srcdir"
|
||||
|
||||
package() {
|
||||
mkdir -p "$pkgdir"/etc/init.d
|
||||
ln -s telegraf "$pkgdir"/etc/init.d/telegraf.redxen
|
||||
install -Dm755 runfile "$pkgdir"/etc/init.d/telegraf.redxen
|
||||
install -Dm644 conffile "$pkgdir"/etc/conf.d/telegraf.redxen
|
||||
}
|
||||
|
||||
sha512sums="9bf080e445c9dbb1a8cab493dbf5d344be1cfe38164eb5fa84c8541f38a5506cddc797829dc51478215e06694c815b1174b134542116283e8bdaf07fa137466c conffile"
|
||||
sha512sums="109a1cb53ba0d654efdb596b994010ac437d8c5fb172cb21f9c6ee53a84332d237909e4ab3e80018567b8abfd6dbdd0dd9fed5f25b550105df3626d13c5dd93e runfile
|
||||
a7950b7fa3c5c8303c387a743591afb5d3b6a4d25c88e5d7522667b8cfdd8cdbad55251152efec352241ffd3d78ce56a5d3b6fbef03a2b02d0b23833547649c7 conffile"
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
TELEGRAF_OPTS="-config /etc/telegraf/main.conf"
|
||||
TELEGRAF_CONFIG="/etc/telegraf/main.conf"
|
||||
TELEGRAF_OPTS="-config $TELEGRAF_CONFIG"
|
||||
|
||||
# Uncomment to enable logging to syslog.
|
||||
error_logger="logger -t $RC_SVCNAME"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,23 @@
|
|||
#!/sbin/openrc-run
|
||||
|
||||
command="/usr/bin/telegraf"
|
||||
command_args="$TELEGRAF_OPTS"
|
||||
command_background=yes
|
||||
command_user=telegraf:telegraf
|
||||
pidfile="/run/$RC_SVCNAME.pid"
|
||||
extra_started_commands="reload"
|
||||
|
||||
depend() {
|
||||
need net
|
||||
after firewall
|
||||
}
|
||||
|
||||
start_pre() {
|
||||
checkpath -f -o $command_user -m 640 ${TELEGRAF_CONFIG:-/etc/telegraf.conf}
|
||||
}
|
||||
|
||||
reload() {
|
||||
ebegin "Reloading ${RC_SVCNAME}"
|
||||
start-stop-daemon --signal HUP --pidfile "${pidfile}"
|
||||
eend $?
|
||||
}
|
||||
|
|
@ -1,23 +1,24 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=transmission-redxen-openrc
|
||||
pkgver=2020.12.7
|
||||
pkgrel=1
|
||||
pkgver=2020.12.10
|
||||
pkgrel=4
|
||||
pkgdesc="Transmission service files"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
license="none"
|
||||
depends="openrc transmission-redxen-openrc transmission-redxen-config"
|
||||
depends="openrc transmission-daemon transmission-redxen-config"
|
||||
options="!check"
|
||||
source="
|
||||
runfile
|
||||
conffile
|
||||
"
|
||||
builddir="$srcdir"
|
||||
|
||||
package() {
|
||||
mkdir -p "$pkgdir"/etc/init.d
|
||||
ln -s transmission-daemon "$pkgdir"/etc/init.d/transmission-daemon.redxen
|
||||
install -Dm755 runfile "$pkgdir"/etc/init.d/transmission-daemon.redxen
|
||||
install -Dm644 conffile "$pkgdir"/etc/conf.d/transmission-daemon.redxen
|
||||
}
|
||||
|
||||
sha512sums="c1df27bb036e28ea94c5fa18b40c99a96d9548c28ed8262ad753744a1737883c9fd75fbae2284ea9ad749bd9d4d5ee0b33a1876dccb3008e0ee327de29922ac7 conffile"
|
||||
sha512sums="22c65c1b3a719107a486c1d62fc6321e6e775f08a00ed07c98a0b847bd02d14420fa79424011175a8a6eed1acea0ca832fdee00321999b771e556ce7b58ba2b7 runfile
|
||||
c1df27bb036e28ea94c5fa18b40c99a96d9548c28ed8262ad753744a1737883c9fd75fbae2284ea9ad749bd9d4d5ee0b33a1876dccb3008e0ee327de29922ac7 conffile"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,49 @@
|
|||
#!/sbin/openrc-run
|
||||
# Copyright 1999-2011 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/net-p2p/transmission/files/transmission-daemon.initd.8,v 1.2 2011/12/04 10:35:07 swegener Exp $
|
||||
|
||||
extra_started_commands="reload"
|
||||
description="Transmission is a fast, easy and free bittorrent client"
|
||||
description_start="Start transmission-daemon server and web interface"
|
||||
description_stop="Stop transmission-daemon server and web interface"
|
||||
description_reload="Reload transmission-daemon settings"
|
||||
|
||||
config_dir="${config_dir:-/var/lib/transmission/config}"
|
||||
download_dir="${download_dir:-/var/lib/transmission/downloads}"
|
||||
logfile="${logfile:-/var/log/transmission/transmission.log}"
|
||||
rundir="${rundir:-/var/run/transmission}"
|
||||
|
||||
command="/usr/bin/transmission-daemon"
|
||||
command_user="${command_user:-transmission:transmission}"
|
||||
pidfile="${pidfile:-${rundir}/transmission.pid}"
|
||||
command_args="--pid-file ${pidfile}"
|
||||
|
||||
depend() {
|
||||
need net
|
||||
after firewall
|
||||
}
|
||||
|
||||
check_config() {
|
||||
command_args="${command_args} --config-dir ${config_dir}"
|
||||
if [ ! -f "${config_dir}/settings.json" ]; then
|
||||
command_args="${command_args} --download-dir ${download_dir}"
|
||||
fi
|
||||
if [ -n "${logfile}" ]; then
|
||||
command_args="${command_args} --logfile ${logfile}"
|
||||
fi
|
||||
}
|
||||
|
||||
start_pre() {
|
||||
check_config
|
||||
|
||||
checkpath -d -m 750 -o "$command_user" "$download_dir" "$config_dir" "$config_dir/resume" "$rundir"
|
||||
checkpath -f -m 440 -o "$command_user" "$config_dir"/settings.json
|
||||
}
|
||||
|
||||
reload() {
|
||||
ebegin "Reloading transmission configuration"
|
||||
start-stop-daemon --signal HUP --pidfile ${pidfile}
|
||||
eend $?
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=wireguard-redxen-openrc
|
||||
pkgver=2020.12.12
|
||||
pkgrel=0
|
||||
pkgdesc="Wireguard service files"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
license="none"
|
||||
depends="openrc wireguard-redxen-config wireguard-tools-wg-quick"
|
||||
options="!check"
|
||||
source="
|
||||
runfile
|
||||
conffile
|
||||
"
|
||||
builddir="$srcdir"
|
||||
|
||||
package() {
|
||||
install -Dm755 runfile "$pkgdir"/etc/init.d/wireguard.redxen
|
||||
install -Dm644 conffile "$pkgdir"/etc/conf.d/wireguard.redxen
|
||||
}
|
||||
|
||||
sha512sums="e93f2603eb9c393183a4619dc54f5a794775c68b010e82e5f511b4136c5750f105ec5742bcbfcd01e873d1ee8d67c89153d43e02635d86fde9c9043848d0b60e runfile
|
||||
543998954d42cc51677b37495d91436b3506dc4e92082a3eba6a0d3791d176ef98db52002bbb98022451b01f477c1dc36022697cd80f8d7a133e90736b624243 conffile"
|
||||
|
|
@ -0,0 +1 @@
|
|||
WIREGUARD_INTERFACE="rxmain"
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
#!/sbin/openrc-run
|
||||
|
||||
description="Control wg-quick connections"
|
||||
|
||||
check_interface() {
|
||||
if [ -d /sys/class/net/"${WIREGUARD_INTERFACE:-wg0}" ]; then
|
||||
mark_service_started
|
||||
return 0
|
||||
fi
|
||||
mark_service_stopped
|
||||
return 1
|
||||
}
|
||||
|
||||
start() {
|
||||
check_interface || /usr/bin/wg-quick up "${WIREGUARD_INTERFACE:-wg0}"
|
||||
/sbin/iptables -A INPUT -i eth0 -p udp --dport 51820 -j ACCEPT
|
||||
/sbin/iptables -A FORWARD -i "${WIREGUARD_INTERFACE:-wg0}" -o eth0 -j ACCEPT
|
||||
/sbin/iptables -A FORWARD -i eth0 -o "${WIREGUARD_INTERFACE:-wg0}" -j ACCEPT
|
||||
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
/sbin/ip6tables -A INPUT -i eth0 -p udp --dport 51820 -j ACCEPT
|
||||
/sbin/ip6tables -A FORWARD -i "${WIREGUARD_INTERFACE:-wg0}" -o eth0 -j ACCEPT
|
||||
/sbin/ip6tables -A FORWARD -i eth0 -o "${WIREGUARD_INTERFACE:-wg0}" -j ACCEPT
|
||||
/sbin/ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
}
|
||||
|
||||
stop() {
|
||||
check_interface && /usr/bin/wg-quick down "${WIREGUARD_INTERFACE:-wg0}"
|
||||
/sbin/iptables -D INPUT -i eth0 -p udp --dport 51820 -j ACCEPT
|
||||
/sbin/iptables -D FORWARD -i "${WIREGUARD_INTERFACE:-wg0}" -o eth0 -j ACCEPT
|
||||
/sbin/iptables -D FORWARD -i eth0 -o "${WIREGUARD_INTERFACE:-wg0}" -j ACCEPT
|
||||
/sbin/iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||
/sbin/ip6tables -D INPUT -i eth0 -p udp --dport 51820 -j ACCEPT
|
||||
/sbin/ip6tables -D FORWARD -i "${WIREGUARD_INTERFACE:-wg0}" -o eth0 -j ACCEPT
|
||||
/sbin/ip6tables -D FORWARD -i eth0 -o "${WIREGUARD_INTERFACE:-wg0}" -j ACCEPT
|
||||
/sbin/ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
start
|
||||
}
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=yggdrasil-redxen-openrc
|
||||
pkgver=2020.12.10
|
||||
pkgrel=0
|
||||
pkgdesc="Yggdrasil service files"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
license="none"
|
||||
depends="openrc yggdrasil-openrc yggdrasil-redxen-config"
|
||||
options="!check"
|
||||
source="
|
||||
conffile
|
||||
"
|
||||
builddir="$srcdir"
|
||||
|
||||
package() {
|
||||
mkdir -p "$pkgdir"/etc/init.d
|
||||
ln -s yggdrasil "$pkgdir"/etc/init.d/yggdrasil.redxen
|
||||
install -Dm644 conffile "$pkgdir"/etc/conf.d/yggdrasil.redxen
|
||||
}
|
||||
|
||||
sha512sums="80efc154b8371a06f69d30f13e285e2dbff7227381920400b1b497eafef3cb096c7748f158e6e18ff692e13452da8fc07a5e4738a025989202323303c5e1c04d conffile"
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
yggdrasil_config_file=/etc/yggdrasil/redxen.conf
|
||||
|
||||
output_log=/var/log/yggdrasil.log
|
||||
error_log=/var/log/yggdrasil.log
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=haproxy-redxen-config
|
||||
pkgver=2020.12.7
|
||||
pkgrel=0
|
||||
pkgver=2020.12.12
|
||||
pkgrel=1
|
||||
pkgdesc="HAProxy frontend configuration"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
|
|
@ -21,4 +21,4 @@ check() {
|
|||
haproxy -c -f main.cfg
|
||||
}
|
||||
|
||||
sha512sums="a64fbfc6304ee0bbe9c840b4368f4d3e098ffa4c74b8c047a22b4cadc7b2d8e32cc17e144754134f98960cd95abaab79f498b620e977a1e68ae14f0c2014ce40 main.cfg"
|
||||
sha512sums="badcf29fb4647a1504e5f7c6e4aae21269cba6f85fe0953aa1cdf1a72efba77a5b0b84ce05feb1d30683b05f73367155fbf52067ec4489b8c431effdd87f4a1e main.cfg"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,8 @@
|
|||
global
|
||||
maxconn 2048
|
||||
maxconnrate 40
|
||||
stats socket /run/haproxy.sock mode 600 user telegraf
|
||||
stats timeout 2m
|
||||
|
||||
defaults
|
||||
mode http
|
||||
|
|
@ -47,21 +49,18 @@ frontend http
|
|||
bind ipv4@:443,ipv6@:443 ssl crt /etc/ssl/redxen/letsencrypt/fullchain.crt alpn h2,http/1.1
|
||||
bind ipv4@:80,ipv6@:80
|
||||
|
||||
acl root url /
|
||||
use_backend backend-root if { hdr(host) -i redxen.eu }
|
||||
acl root path /
|
||||
|
||||
redirect prefix /web code 302 if { hdr_beg(host) -i seed } root
|
||||
use_backend backend-transmission if { hdr_beg(host) -i seed }
|
||||
redirect prefix /web code 302 if { hdr_beg(host) -i seed } root
|
||||
|
||||
use_backend backend-root if { hdr(host) -i redxen.eu }
|
||||
use_backend backend-grafana if { hdr_beg(host) -i stats }
|
||||
|
||||
use_backend backend-pleroma if { hdr_beg(host) -i social }
|
||||
|
||||
use_backend backend-gitea if { hdr_beg(host) -i git }
|
||||
|
||||
use_backend backend-seedown if { hdr_beg(host) -i sd }
|
||||
|
||||
http-response add-header X-Forwarded-Proto https
|
||||
http-response set-header X-Forwarded-Proto https
|
||||
http-response set-header X-XSS-Protection 1;\ mode=block
|
||||
http-response set-header X-Content-Type-Options nosniff
|
||||
http-response set-header Referrer-Policy no-referrer-when-downgrade
|
||||
|
|
@ -73,20 +72,21 @@ frontend http
|
|||
|
||||
backend backend-transmission
|
||||
server-template transmission 1 _transmission._tcp.routinginfo.redxen.localhost
|
||||
option httpchk HEAD / HTTP/1.1
|
||||
|
||||
backend backend-grafana
|
||||
server-template grafana 5 _grafana._tcp.routinginfo.redxen.localhost
|
||||
server-template grafana 1 _grafana._tcp.routinginfo.redxen.localhost
|
||||
option httpchk HEAD / HTTP/1.1
|
||||
http-check send hdr Host stats.redxen.eu
|
||||
|
||||
backend backend-seedown
|
||||
server-template seedown 1 _seedown._tcp.routinginfo.redxen.localhost
|
||||
option httpchk HEAD / HTTP/1.1
|
||||
http-check send hdr Host sd.redxen.eu
|
||||
|
||||
backend backend-pleroma
|
||||
server-template pleroma 1 _pleroma._tcp.routinginfo.redxen.localhost
|
||||
option httpchk HEAD / HTTP/1.1
|
||||
http-check send hdr Host social.redxen.eu
|
||||
|
||||
backend backend-gitea
|
||||
server-template gitea 1 _gitea._tcp.routinginfo.redxen.localhost
|
||||
|
|
|
|||
|
|
@ -7,19 +7,11 @@
|
|||
-A INPUT -i lo -j ACCEPT
|
||||
-A INPUT -i tun0 -j ACCEPT
|
||||
-A INPUT -p icmp -j ACCEPT
|
||||
-A INPUT -i eth1 -p tcp -m tcp --dport 7521 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
|
||||
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
|
||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
-A INPUT -i eth1 -p tcp -m tcp --dport 7521 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
|
||||
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 2442 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 7777 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 25565 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 64738 -j ACCEPT
|
||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
COMMIT
|
||||
# Mangle
|
||||
*mangle
|
||||
|
|
|
|||
|
|
@ -10,16 +10,8 @@
|
|||
-A INPUT -i eth1 -p tcp -m tcp --dport 7521 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
|
||||
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
|
||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
|
||||
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 2442 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 7777 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 25565 -j ACCEPT
|
||||
-A INPUT -p tcp -m tcp --dport 64738 -j ACCEPT
|
||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
COMMIT
|
||||
# Mangle
|
||||
*mangle
|
||||
|
|
|
|||
|
|
@ -0,0 +1,24 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=lighttpd-redxen-config
|
||||
pkgver=2020.12.11
|
||||
pkgrel=0
|
||||
pkgdesc="LigHTTPd configuration"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
license="none"
|
||||
depends="lighttpd"
|
||||
source="
|
||||
main.conf
|
||||
"
|
||||
|
||||
package() {
|
||||
install -dm755 "$pkgdir"/http
|
||||
install -Dm440 main.conf "$pkgdir"/etc/lighttpd/redxen/main.conf
|
||||
}
|
||||
|
||||
check() {
|
||||
lighttpd -f main.conf -t
|
||||
}
|
||||
|
||||
sha512sums="c6157585741c20022f7cd520db0c1066aae9e6d59be165d49bfd9d3b57fdc1abed681ba067470d01f2b4f22c8c99da466976e4bf28d9d881811aac2d04494cca main.conf"
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
var.basedir = "/http"
|
||||
var.logdir = "/var/log/lighttpd"
|
||||
var.statedir = "/run/lighttpd"
|
||||
|
||||
include "/etc/lighttpd/mime-types.conf"
|
||||
|
||||
server.bind = "[::]"
|
||||
server.modules = ( "mod_access", "mod_deflate", "mod_webdav", "mod_dirlisting" )
|
||||
server.username = "lighttpd"
|
||||
server.groupname = "lighttpd"
|
||||
server.document-root = var.basedir
|
||||
server.pid-file = "/run/lighttpd.pid"
|
||||
server.indexfiles = ("index.html")
|
||||
server.follow-symlink = "disable"
|
||||
server.event-handler = "linux-sysepoll"
|
||||
server.chroot = var.basedir
|
||||
server.port = 7574
|
||||
server.upload-dirs = ("")
|
||||
server.use-ipv6 = "enable"
|
||||
|
||||
dir-listing.activate = "enable"
|
||||
|
||||
url.access-deny = ("~")
|
||||
|
||||
deflate.filetypes = ("text/", "application/javascript")
|
||||
|
||||
webdav.activate = "enable"
|
||||
webdav.is-readonly = "enable"
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=murmur-redxen-config
|
||||
pkgver=2020.12.7
|
||||
pkgver=2020.12.12
|
||||
pkgrel=0
|
||||
pkgdesc="Murmur configuration files"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
|
|
@ -18,4 +18,4 @@ package() {
|
|||
}
|
||||
|
||||
|
||||
sha512sums="43a8ca7f16b0b39f08e35aebe77e7dd9ca5a779733d0e981c07db81c15785b74d3e60baf4b7ea87313e678bfcfbed1329436dcf1df9404b6f4b835a26235e53e murmur.ini"
|
||||
sha512sums="0bc394f306a4ece3115bc0c5948fec251d763b8ef166ce26fbd6b44f8ca906c608ac5c0d3cd79fffdb42146b1ab374092ef92db46e4e453782acc046b21925ba murmur.ini"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,26 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=nginx-redxen-config
|
||||
pkgver=2020.12.11
|
||||
pkgrel=0
|
||||
pkgdesc="NGINX configuration"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
license="none"
|
||||
depends="nginx nginx-mod-http-zip"
|
||||
source="
|
||||
main.conf
|
||||
"
|
||||
options="!check"
|
||||
|
||||
package() {
|
||||
|
||||
install -dm755 "$pkgdir"/http
|
||||
install -Dm400 main.conf "$pkgdir"/etc/nginx/redxen.conf
|
||||
}
|
||||
|
||||
check() {
|
||||
nginx -p / -c main.conf -t
|
||||
}
|
||||
|
||||
sha512sums="acb7c066a734e040c876985ee74de473918194d87e2a6d565238ef4a9894ad8ab9bf2c35d79c3ef2445131731efdb7a999f834f16c34e445a5c899ef689f393a main.conf"
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
user nginx www-data;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 300;
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
root /http;
|
||||
server {
|
||||
listen *:7574 reuseport so_keepalive=on;
|
||||
listen [::]:7574 reuseport so_keepalive=on;
|
||||
location / {
|
||||
autoindex on;
|
||||
limit_except GET HEAD {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,13 +1,13 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=postgresql-redxen-config
|
||||
pkgver=2020.12.7
|
||||
pkgrel=0
|
||||
pkgver=2020.12.12
|
||||
pkgrel=1
|
||||
pkgdesc="PostgreSQL configuration files"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
license="none"
|
||||
depends="postgresql"
|
||||
depends="postgresql postgresql-contrib"
|
||||
options="!check" # PostgreSQL doesn't have configuration checks
|
||||
source="
|
||||
postgresql.conf
|
||||
|
|
@ -22,6 +22,6 @@ package() {
|
|||
install -Dm644 pg_ident.conf "$pkgdir"/etc/postgresql/redxen/pg_ident.conf
|
||||
}
|
||||
|
||||
sha512sums="4888ad8feb31f9957935753cff19c1ba801b297cb1f214ddd02ba5a4a116fafe544f7fcd5553c754c333adfabcf121f8134dd129e6d9d8d378247fae0d23ca9c postgresql.conf
|
||||
914d64b5c4876b38633aef6a8eca968dbb789ec36ea5592c731f526f2f2530d9be8d724cf238ca8f966584abfbb6047ce739b9180b3ce2d60e984af5e7788d8b pg_hba.conf
|
||||
sha512sums="f48d721b03a7dd483fc7f0c016a75a13d121e3d105b0874fc21e7cf5fdec11b5deeb2d0607e258499f303c2a4974d3ead17a25b51594c509c86ce5ef016d2cee postgresql.conf
|
||||
2af9c5acacaa2f82e15931d676bac4b89ade6ff91503e09583a35da36d69d0370a314db1de78665ba5cdb8f98cc7f09684efe9c97caa9385541159d170254cd6 pg_hba.conf
|
||||
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e pg_ident.conf"
|
||||
|
|
|
|||
|
|
@ -1,3 +1,5 @@
|
|||
local all postgres trust
|
||||
host murmur murmur 0200::/7 md5
|
||||
host grafana grafana 0200::/7 md5
|
||||
host all telegraf 127.0.0.1/32 md5
|
||||
host all telegraf ::1/128 md5
|
||||
|
|
|
|||
|
|
@ -25,6 +25,24 @@ ssl = off
|
|||
shared_buffers = 128MB
|
||||
dynamic_shared_memory_type = posix
|
||||
|
||||
vacuum_cost_delay = 0
|
||||
vacuum_cost_page_hit = 1
|
||||
vacuum_cost_page_miss = 10
|
||||
vacuum_cost_page_dirty = 20
|
||||
vacuum_cost_limit = 200
|
||||
|
||||
bgwriter_delay = 200ms
|
||||
bgwriter_lru_maxpages = 100
|
||||
bgwriter_lru_multiplier = 2.0
|
||||
bgwriter_flush_after = 512kB
|
||||
|
||||
effective_io_concurrency = 1
|
||||
max_worker_processes = 8
|
||||
max_parallel_maintenance_workers = 2
|
||||
max_parallel_workers_per_gather = 2
|
||||
parallel_leader_participation = on
|
||||
max_parallel_workers = 8
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# WRITE-AHEAD LOG
|
||||
#------------------------------------------------------------------------------
|
||||
|
|
@ -57,12 +75,20 @@ cluster_name = 'redxen-main'
|
|||
# STATISTICS
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
stats_temp_directory = '/run/postgresql/12-main.pg_stat_tmp'
|
||||
track_activities = on
|
||||
track_counts = on
|
||||
track_io_timing = on
|
||||
track_functions = all
|
||||
track_activity_query_size = 1024
|
||||
stats_temp_directory = '/run/postgresql/main.pg_stat_tmp'
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# AUTOVACUUM
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
autovacuum = on
|
||||
autovacuum_naptime = 1min
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# CLIENT CONNECTION DEFAULTS
|
||||
#------------------------------------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -0,0 +1,7 @@
|
|||
vm.overcommit_memory = 2
|
||||
vm.overcommit_ratio = 95
|
||||
|
||||
vm.zone_reclaim_mode = 3
|
||||
|
||||
vm.dirty_ratio = 10
|
||||
vm.dirty_background_ratio = 5
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
# IPV4
|
||||
net.ipv4.icmp_echo_ignore_broadcasts = 1
|
||||
|
||||
net.ipv4.conf.all.log_martians = 1
|
||||
net.ipv4.conf.all.rp_filter = 1
|
||||
net.ipv4.conf.default.rp_filter = 1
|
||||
|
||||
# TCP Tweaks
|
||||
net.ipv4.tcp_ecn = 1
|
||||
net.ipv4.tcp_tw_reuse = 1
|
||||
net.ipv4.tcp_mtu_probing = 1
|
||||
net.ipv4.tcp_slow_start_after_idle = 1
|
||||
|
||||
net.ipv4.tcp_syncookies = 1
|
||||
net.ipv4.tcp_synack_retries = 5
|
||||
|
||||
net.ipv4.tcp_keepalive_time = 60
|
||||
net.ipv4.tcp_keepalive_intvl = 10
|
||||
net.ipv4.tcp_keepalive_probes = 6
|
||||
|
||||
net.ipv4.tcp_rfc1337 = 1
|
||||
|
||||
# UDP Tweaks
|
||||
net.ipv4.udp_rmem_min = 8192
|
||||
net.ipv4.udp_wmem_min = 8192
|
||||
|
||||
# Misc
|
||||
net.core.netdev_max_backlog = 16384
|
||||
net.core.somaxconn = 8192
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
kernel.sysrq = 0
|
||||
|
||||
# Memory execution prevention
|
||||
#kernel.exec-shield = 2
|
||||
kernel.randomize_va_space=2
|
||||
|
||||
kernel.dmesg_restrict = 1
|
||||
kernel.kptr_restrict = 2
|
||||
|
||||
#kernel.kexec_load_disabled = 1
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=sysctl-redxen-config
|
||||
pkgver=2020.12.10
|
||||
pkgrel=0
|
||||
pkgdesc="sysctl settings for servers"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
arch="noarch"
|
||||
license="none"
|
||||
depends="openrc"
|
||||
source="
|
||||
10-memory.conf
|
||||
20-network.conf
|
||||
30-kernel.conf
|
||||
"
|
||||
options="!check"
|
||||
|
||||
package() {
|
||||
install -Dm644 10-memory.conf "$pkgdir"/etc/sysctl.d/10-memory.conf
|
||||
install -Dm644 20-network.conf "$pkgdir"/etc/sysctl.d/20-network.conf
|
||||
install -Dm644 30-kernel.conf "$pkgdir"/etc/sysctl.d/30-kernel.conf
|
||||
}
|
||||
|
||||
sha512sums="8043d419de52d0a8e75ed50643bd73ef3b3e2633d9064c6f6695b796834bc162f6b3c0e28082bb601e1a6c582e92ca90aa3dd626973c741c2ff0d3e1749521b1 10-memory.conf
|
||||
117648c1a0ee1a2d554eee2a0f8584097c66300dfda945a4ac0cb52f24160ae673abe3de964d419ddca4e0822a605c7b1d4f8d8e3f85d5f7c582b9803ffa21fc 20-network.conf
|
||||
a67a62adddcc0389eef167f390d948ce69488f5755fbd19ca16d9d626511229e7dd7f03fcf0f4731fa867a45417e9554f65b5ccca7fcacc2e51f056d4152031a 30-kernel.conf"
|
||||
|
|
@ -21,4 +21,4 @@ check() {
|
|||
telegraf --config main.conf --test >/dev/null
|
||||
}
|
||||
|
||||
sha512sums="7f5c6d5fb4b3fa9e44fff7bf5fd600abad615ce00bd7e77977042f4a5f9729da0b5118b9d30e4ee1629c060ceef298a45c9dfa0ab503380599d0d77b77374804 main.conf"
|
||||
sha512sums="9a50d6b90693fe991be5a99dc3d31f34137894620cf1023a00ee8d8ad3bd1e8c71c4b136d40d42dc663c8719f4f8ee8bd44b51ba3a5fc5d781d6b956ddb03d0c main.conf"
|
||||
|
|
|
|||
|
|
@ -3,9 +3,7 @@
|
|||
round_interval = true
|
||||
metric_batch_size = 1000
|
||||
metric_buffer_limit = 10000
|
||||
collection_jitter = "5s"
|
||||
flush_interval = "30s"
|
||||
flush_jitter = "0s"
|
||||
precision = ""
|
||||
debug = false
|
||||
quiet = false
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=unbound-redxen-config
|
||||
pkgver=2020.12.7
|
||||
pkgver=2020.12.12
|
||||
pkgrel=0
|
||||
pkgdesc="Unbound configurations and some other stuff."
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
|
|
@ -29,6 +29,6 @@ package() {
|
|||
|
||||
|
||||
sha512sums="0741bc9c6e94a656f35ae452288f0212a2a2df9eda3688a2d3f04012d686adee5f03e3e9f4c72685626f672baaacbd00be71ee0d8699989f47abfd34b72b2b3d main.conf
|
||||
598ad87d4dfed44d9711fb8164610306907454a3aea3333dc16a098839d9217e86d65075d9a4c3b0ca03d283059d05e99cbd7e9fba9a61b706f99ed356fffb08 base.conf
|
||||
14eaa203361d5b5c25c21796ca0ace6aaa89d6cdae464d51dc6896868c27c0e973d346c027f501b407157ebec247752cf3287e3cbd53c8b1cc6eaf11335d4a57 internal.conf
|
||||
9d4ee8a276c6b16f0a034cb0ff989b3f2589eef4c59f14f2f431a9a3e3136e9d648506547cee13f97cdd2d92d4bb84b0098b72511fc851f700c2e2a0208884f3 redxen-dns.conf"
|
||||
d7b03d004ddfe4d7ee1b1c4a6d6200635ee385f68034b3ff10c624d3e6fc1fc9e906efddd20ba0bd54638534f17d7800ff49b4c0c8ddea4564cc4e936851b692 base.conf
|
||||
b812d66a3682f56bd5ec38f56ebf1b9abbf6b3019ab2f867e5177ded0bf1540c49f88462cff7c17e8293f5ec4324405b0268e7f748d89612ddd9866a04d6e0ba internal.conf
|
||||
b1c40b398877571861edbef8b3c236034f0a19d53485df276318738a53949dfa3b9e7428bd6d13b96cd228a0a76fb467dc44395ef064638c0eaf90b359e33e59 redxen-dns.conf"
|
||||
|
|
|
|||
|
|
@ -1,9 +1,8 @@
|
|||
server:
|
||||
access-control: 0.0.0.0/0 refuse_non_local
|
||||
access-control: ::/0 refuse_non_local
|
||||
|
||||
# Local Host
|
||||
access-control: 127.0.0.0/8 allow
|
||||
access-control: ::/128 allow
|
||||
#log-replies: yes
|
||||
interface: 0.0.0.0
|
||||
interface: ::0
|
||||
|
|
@ -28,7 +27,7 @@ server:
|
|||
remote-control:
|
||||
control-enable: yes
|
||||
control-use-cert: no
|
||||
control-interface: 127.0.0.1
|
||||
control-interface: ::1
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
|
|
|
|||
|
|
@ -4,16 +4,19 @@ server:
|
|||
# Machines
|
||||
local-data: "8101153.nbg1-dc3.hetzner.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805"
|
||||
local-data: "8201371.fsn1-dc14.hetzner.redxen.localhost. 86400 IN AAAA 200:8656:aa4:dc68:888:d92c:914b:866b"
|
||||
local-data: "9013723.fsn1-dc14.hetzner.redxen.localhost. 86400 IN AAAA 200:2749:8af:bdf9:f011:997e:7bbb:35f3"
|
||||
|
||||
# Familiar names
|
||||
local-data: "lain.nurnberg.redxen.localhost. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.localhost."
|
||||
local-data: "arisu.falkenstein.redxen.localhost. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.localhost."
|
||||
local-data: "lain.nurnberg.hetzner.redxen.localhost. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.localhost."
|
||||
local-data: "arisu.falkenstein.hetzner.redxen.localhost. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.localhost."
|
||||
local-data: "chisa.falkenstein.hetzner.redxen.localhost. 86400 IN CNAME 9013723.fsn1-dc14.hetzner.redxen.localhost."
|
||||
|
||||
# Services
|
||||
local-data: "_murmur._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7573 8201371.fsn1-dc14.hetzner.redxen.localhost."
|
||||
local-data: "_root._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7574 8201371.fsn1-dc14.hetzner.redxen.localhost."
|
||||
local-data: "_transmission._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7572 8201371.fsn1-dc14.hetzner.redxen.localhost."
|
||||
local-data: "_grafana._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7577 8201371.fsn1-dc14.hetzner.redxen.localhost."
|
||||
local-data: "_transmission._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7572 9013723.fsn1-dc14.hetzner.redxen.localhost."
|
||||
local-data: "_root._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7574 9013723.fsn1-dc14.hetzner.redxen.localhost."
|
||||
local-data: "_seedown._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7574 9013723.fsn1-dc14.hetzner.redxen.localhost."
|
||||
|
||||
# Services (no CNAME/SRV support)
|
||||
local-data: "postgresql.routinginfo.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805"
|
||||
|
|
|
|||
|
|
@ -11,22 +11,42 @@ server:
|
|||
local-data: "8101153.nbg1-dc3.hetzner.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:9a10::1"
|
||||
local-data: "8201371.fsn1-dc14.hetzner.redxen.eu. 86400 IN A 78.46.207.237"
|
||||
local-data: "8201371.fsn1-dc14.hetzner.redxen.eu. 86400 IN AAAA 2a01:4f8:c17:436e::1"
|
||||
local-data: "9013723.fsn1-dc14.hetzner.redxen.eu. 86400 IN A 168.119.99.213"
|
||||
local-data: "9013723.fsn1-dc14.hetzner.redxen.eu. 86400 IN AAAA 2a01:4f8:c17:fd5e::1"
|
||||
|
||||
# Familiar records
|
||||
local-data: "lain.nurnberg.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
|
||||
local-data: "arisu.falkenstein.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
|
||||
local-data: "lain.nurnberg.hetzner.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
|
||||
local-data: "arisu.falkenstein.hetzner.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
|
||||
local-data: "chisa.falkenstein.hetzner.redxen.eu. 86400 IN CNAME 9013723.fsn1-dc14.hetzner.redxen.eu."
|
||||
|
||||
# Services
|
||||
local-data: "stats.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
|
||||
|
||||
# Grafana
|
||||
local-data: "stats.redxen.eu. 86400 IN A 94.130.110.3"
|
||||
local-data: "stats.redxen.eu. 86400 IN A 78.46.207.237"
|
||||
local-data: "stats.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
|
||||
local-data: "git.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
|
||||
local-data: "git.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
|
||||
local-data: "seed.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
|
||||
local-data: "seed.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
|
||||
local-data: "sd.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
|
||||
|
||||
local-data: "stats.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:9a10::1"
|
||||
local-data: "stats.redxen.eu. 86400 IN AAAA 2a01:4f8:c17:436e::1"
|
||||
local-data: "stats.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
|
||||
|
||||
# Seedbox HTTP
|
||||
local-data: "sd.redxen.eu. 86400 IN A 94.130.110.3"
|
||||
local-data: "sd.redxen.eu. 86400 IN A 78.46.207.237"
|
||||
local-data: "sd.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
|
||||
local-data: "social.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
|
||||
local-data: "social.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
|
||||
|
||||
local-data: "sd.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:9a10::1"
|
||||
local-data: "sd.redxen.eu. 86400 IN AAAA 2a01:4f8:c17:436e::1"
|
||||
local-data: "sd.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
|
||||
|
||||
# Transmission
|
||||
local-data: "seed.redxen.eu. 86400 IN A 94.130.110.3"
|
||||
local-data: "seed.redxen.eu. 86400 IN A 78.46.207.237"
|
||||
local-data: "seed.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
|
||||
|
||||
local-data: "seed.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:9a10::1"
|
||||
local-data: "seed.redxen.eu. 86400 IN AAAA 2a01:4f8:c17:436e::1"
|
||||
local-data: "seed.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
|
||||
|
||||
# Services SRV
|
||||
local-data: "_mumble._tcp.redxen.eu. 86400 IN SRV 0 5 64738 8101153.nbg1-dc3.hetzner.redxen.eu."
|
||||
|
|
@ -61,3 +81,36 @@ server:
|
|||
local-data: "n3.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8b23::1"
|
||||
local-data: "n4.redxen.eu. 86400 IN A 94.130.107.187"
|
||||
local-data: "n4.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8990::1"
|
||||
|
||||
local-data: "redxen.eu. 86400 IN A 78.46.197.89"
|
||||
local-data: "redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:6ed1::1"
|
||||
local-data: "redxen.eu. 86400 IN A 94.130.108.207"
|
||||
local-data: "redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8d8d::1"
|
||||
local-data: "redxen.eu. 86400 IN A 116.203.235.73"
|
||||
local-data: "redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:e8b9::1"
|
||||
local-data: "redxen.eu. 86400 IN A 94.130.108.81"
|
||||
local-data: "redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8b23::1"
|
||||
local-data: "redxen.eu. 86400 IN A 94.130.107.187"
|
||||
local-data: "redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8990::1"
|
||||
|
||||
local-data: "git.redxen.eu. 86400 IN A 78.46.197.89"
|
||||
local-data: "git.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:6ed1::1"
|
||||
local-data: "git.redxen.eu. 86400 IN A 94.130.108.207"
|
||||
local-data: "git.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8d8d::1"
|
||||
local-data: "git.redxen.eu. 86400 IN A 116.203.235.73"
|
||||
local-data: "git.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:e8b9::1"
|
||||
local-data: "git.redxen.eu. 86400 IN A 94.130.108.81"
|
||||
local-data: "git.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8b23::1"
|
||||
local-data: "git.redxen.eu. 86400 IN A 94.130.107.187"
|
||||
local-data: "git.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8990::1"
|
||||
|
||||
local-data: "social.redxen.eu. 86400 IN A 78.46.197.89"
|
||||
local-data: "social.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:6ed1::1"
|
||||
local-data: "social.redxen.eu. 86400 IN A 94.130.108.207"
|
||||
local-data: "social.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8d8d::1"
|
||||
local-data: "social.redxen.eu. 86400 IN A 116.203.235.73"
|
||||
local-data: "social.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:e8b9::1"
|
||||
local-data: "social.redxen.eu. 86400 IN A 94.130.108.81"
|
||||
local-data: "social.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8b23::1"
|
||||
local-data: "social.redxen.eu. 86400 IN A 94.130.107.187"
|
||||
local-data: "social.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8990::1"
|
||||
|
|
|
|||
|
|
@ -10,11 +10,14 @@ license="none"
|
|||
depends="wireguard-tools-wg wireguard-tools-wg-quick"
|
||||
source="
|
||||
main.conf
|
||||
sysctl.conf
|
||||
"
|
||||
options="!check"
|
||||
|
||||
package() {
|
||||
install -Dm400 main.conf "$pkgdir"/etc/wireguard/wg0.conf
|
||||
install -Dm400 main.conf "$pkgdir"/etc/wireguard/rxmain.conf
|
||||
install -Dm644 sysctl.conf "$pkgdir"/etc/sysctl.d/90-wireguard.conf
|
||||
}
|
||||
|
||||
sha512sums="46c6f9939e42f1f3f56df7780446738dae5c92798c9ee8f714c29cac192cb3799c818fe40a0c53d32b1513879b1a579db899988a26f5387c377925af2d2908c4 main.conf"
|
||||
sha512sums="658dcc9ae4e2e5e7b667d36952143d5986f267ceac3a4053493e92bbef8388cae2fb3f0db4ff2779d09caaae34b35a5712a7b791cb409be83975c084cdb839e8 main.conf
|
||||
b79ffbc64f2e193dc9402f7506b56b66892aa5387d13ac209ae344f9ce0f17aec3fdc503bf6855650d413dba3b66ffa3f937dd803850028579f5f5ed747c56b0 sysctl.conf"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
net.ipv4.ip_forward = 1
|
||||
net.ipv6.conf.all.forwarding = 1
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
pkgname=yggdrasil-redxen-config
|
||||
pkgver=2020.12.7
|
||||
pkgver=2020.12.10
|
||||
pkgrel=0
|
||||
pkgdesc="Yggdrasil tunnel configuration"
|
||||
url="https://git.redxen.eu/RedXen"
|
||||
|
|
@ -14,7 +14,7 @@ source="
|
|||
options="!check"
|
||||
|
||||
package() {
|
||||
install -Dm600 redxen.conf "$pkgdir"/etc/yggdrasil.conf
|
||||
install -Dm600 redxen.conf "$pkgdir"/etc/yggdrasil/redxen.conf
|
||||
}
|
||||
|
||||
sha512sums="84b36afbbdc68e595df65ab2321284ee615415ab7ce00c1fd81988a595959cebc1b18f5f0998876fb106f4220dce8ef8e2ffb9f822f2341e276f2d1643c4e7e0 redxen.conf"
|
||||
sha512sums="630d13a1256257b804c37e167a08fa96e622d393bca1b2ec2f8f6f60f286b00954fa3ff07cd215e5835b18ef7fc8bedfc1d881303af80625936302f5d72b6496 redxen.conf"
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
Peers: [
|
||||
]
|
||||
Listen: [
|
||||
tcp://0.0.0.0:7521
|
||||
tls://0.0.0.0:7521
|
||||
]
|
||||
MulticastInterfaces: []
|
||||
AllowedEncryptionPublicKeys: [
|
||||
|
|
|
|||
Loading…
Reference in New Issue