more stuff

DEPLOYMENT-NOTES

@@ -5,6 +5,20 @@ General:
 	- Every service needs to be started and enabled manually via openrc (custom services end in .redxen)
 
 ifupdown-ng:
+	- Public networks should be configured manually since RAs aren't usually configured
+		``` HETZNER EXAMPLE
+		auto eth0
+		iface eth0 inet static
+			address 
+			netmask 255.255.255.255
+			gateway 172.31.1.1
+			pointopoint 172.31.1.1
+
+		iface eth0 inet6 static
+			address 
+			netmask 64
+			gateway fe80::1
+		```
 	- Private networks need this workaround for routing to work properly
 		```
 		auto eth1
@@ -31,3 +45,6 @@ OpenSSH SFTP Chroot (part of seedbox):
 
 Pleroma:
 	- Migration might be needed between upgrades (/pleroma/bin/pleroma_ctl migrate)
+
+NGINX:
+	- It has to be added to the groups for the /http contents

data-packages/data-redxen-haproxy-errorpages/APKBUILD

@@ -1,7 +1,7 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=data-redxen-haproxy-errorpages
-pkgver=1
+pkgver=2020.10.12
 pkgrel=0
 _commit="d2eafb66f5d082f0d492e21cc07bb6636767ff7c"
 pkgdesc="Errorpages for HAProxy"

data-packages/data-redxen-homepage/APKBUILD

@@ -1,7 +1,7 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=data-redxen-homepage
-pkgver=6
+pkgver=2020.10.12
 pkgrel=0
 _commit="ccffc104aeb298b8192b6d3174d4f8d9cccd3f3c"
 pkgdesc="Homepage files"

lxc-configs/pleroma-redxen-lxc/APKBUILD

@@ -1,7 +1,7 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=pleroma-redxen-lxc
-pkgver=1
+pkgver=2020.10.12
 pkgrel=0
 pkgdesc="Pleroma LXC configuration files"
 url="https://git.redxen.eu/RedXen"

openrc-configs/darkhttpd-redxen-openrc/APKBUILD

@@ -1,13 +1,13 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=darkhttpd-redxen-openrc
-pkgver=2020.12.7
-pkgrel=1
+pkgver=2020.12.10
+pkgrel=2
 pkgdesc="DarkHTTPD service files"
 url="https://git.redxen.eu/RedXen"
 arch="noarch"
 license="none"
-depends="openrc"
+depends="openrc darkhttpd"
 options="!check"
 source="
 	runfile
@@ -21,4 +21,4 @@ package() {
 }
 
 sha512sums="dd792892588e03cef4a36bb8e81297990884298d8a2bc1c14ae2d8986a0a17af8d15bf3fb4e1830d22b154dc00591d884e20da915f51fd8ecf3b05b6c92dc7d4  runfile
-094af8b7d1707ec9e85a614821262685dbdfc96538da6449970c231c3b8ecc0d9ac80002ed945d93c3a161321c9d85e51d5ef0ad44a03aaee547956a6bdad95b  conffile"
+33e9e16a4565ba821ca53615145465a6bc2d4d659c267ca5fb2dbbdaf24965d5474ef2b751b3e92f95f23dd19834351449494de4f40a1befd7114c4d11a4b281  conffile"

openrc-configs/darkhttpd-redxen-openrc/conffile

@@ -1,12 +1,11 @@
 # darkhttpd web server config
 
 document_root="/http"
-logdir="/var/log/\$SVCNAME"
-addr=0.0.0.0
+logdir="/var/log/$SVCNAME"
 port=7574
 run_as_user=darkhttpd
 run_as_group=www-data
 run_in_chroot=yes
 
 # extra arguments
-# darkhttpd_args=""
+darkhttpd_args="--ipv6"

openrc-configs/dovecot-redxen-openrc/APKBUILD

@@ -0,0 +1,21 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=dovecot-redxen-openrc
+pkgver=2020.12.7
+pkgrel=1
+pkgdesc="Dovecot OpenRC service files"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="openrc dovecot-openrc dovecot-redxen-config"
+options="!check"
+source="
+	conffile
+"
+builddir="$srcdir"
+
+package() {
+	mkdir -p "$pkgdir"/etc/init.d
+	ln -s dovecot "$pkgdir"/etc/init.d/dovecot.redxen
+	install -Dm644 conffile "$pkgdir"/etc/conf.d/dovecot.redxen
+}

openrc-configs/lighttpd-redxen-openrc/APKBUILD

@@ -0,0 +1,23 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=lighttpd-redxen-openrc
+pkgver=2020.12.11
+pkgrel=0
+pkgdesc="LigHTTPd service files"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="openrc lighttpd-openrc lighttpd-redxen-config"
+options="!check"
+source="
+	conffile
+"
+builddir="$srcdir"
+
+package() {
+	mkdir -p "$pkgdir"/etc/init.d
+	ln -s lighttpd "$pkgdir"/etc/init.d/lighttpd.redxen
+	install -Dm644 conffile "$pkgdir"/etc/conf.d/lighttpd.redxen
+}
+
+sha512sums="6a618a3d00df5cfc5e31b2f5f66edfbde4d6514c04df51f89162a42b8f1ad3ef3d06827a4cd46bee54e8ba91316354b510c49ebd873fb727e96b1c756895df7b  conffile"

openrc-configs/lighttpd-redxen-openrc/conffile

@@ -0,0 +1,12 @@
+# /etc/conf.d/lighttpd
+
+# Location of a shell used by the 'include_shell' directive
+# in the lighttpd's configuration file
+#export SHELL="/bin/bash"
+
+# Location of the lighttpd configuration file
+LIGHTTPD_CONF="/etc/lighttpd/redxen/main.conf"
+
+# Location of the lighttpd pid file
+LIGHTTPD_PID="/run/lighttpd.pid"
+

openrc-configs/murmur-redxen-openrc/APKBUILD

@@ -1,8 +1,8 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=murmur-redxen-openrc
-pkgver=2020.12.7
-pkgrel=1
+pkgver=2020.12.12
+pkgrel=0
 pkgdesc="Murmur OpenRC service files"
 url="https://git.redxen.eu/RedXen"
 arch="noarch"

openrc-configs/nginx-redxen-openrc/APKBUILD

@@ -0,0 +1,23 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=nginx-redxen-openrc
+pkgver=2020.12.11
+pkgrel=0
+pkgdesc="NGINX service files"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="openrc nginx-openrc nginx-redxen-config"
+options="!check"
+source="
+	conffile
+"
+builddir="$srcdir"
+
+package() {
+	mkdir -p "$pkgdir"/etc/init.d
+	ln -s nginx "$pkgdir"/etc/init.d/nginx.redxen
+	install -Dm644 conffile "$pkgdir"/etc/conf.d/nginx.redxen
+}
+
+sha512sums="41b11e1be914b9a3c87fb1e98016ddd70e4fd5c6f80205f011cda44f5ca00359f14bdb40fc7225f8502ac6cd99e18578ae81ea4970fb53bd9b22403248b2d353  conffile"

openrc-configs/nginx-redxen-openrc/conffile

@@ -0,0 +1 @@
+cfgfile="/etc/nginx/redxen.conf"

openrc-configs/postfix-redxen-openrc/APKBUILD

@@ -0,0 +1,22 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=postfix-redxen-openrc
+pkgver=2020.12.10
+pkgrel=0
+pkgdesc="Postfix OpenRC service files"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="openrc postfix-openrc postfix-redxen-config"
+options="!check"
+source="
+	conffile
+"
+builddir="$srcdir"
+
+package() {
+	mkdir -p "$pkgdir"/etc/init.d
+	ln -s postfix "$pkgdir"/etc/init.d/postfix.redxen
+	install -Dm644 conffile "$pkgdir"/etc/conf.d/postfix.redxen
+}
+sha512sums="cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e  conffile"

openrc-configs/postgresql-redxen-openrc/APKBUILD

@@ -1,8 +1,8 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=postgresql-redxen-openrc
-pkgver=2020.12.07
-pkgrel=1
+pkgver=2020.12.7
+pkgrel=0
 pkgdesc="PostgreSQL service files"
 url="https://git.redxen.eu/RedXen"
 arch="noarch"

openrc-configs/rspamd-redxen-openrc/APKBUILD

@@ -0,0 +1,22 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=unbound-redxen-openrc
+pkgver=2020.12.7
+pkgrel=1
+pkgdesc="Unbound OpenRC service files"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="openrc unbound-openrc unbound-redxen-config"
+options="!check"
+source="
+	conffile
+"
+builddir="$srcdir"
+
+package() {
+	mkdir -p "$pkgdir"/etc/init.d
+	ln -s unbound "$pkgdir"/etc/init.d/unbound.redxen
+	install -Dm644 conffile "$pkgdir"/etc/conf.d/unbound.redxen
+}
+sha512sums="27434e5134d39b74de08938b31a4b4b1672c058b0f48e9cbf3b03df6c890c476e664853b1b5e9173b04ec6859f36446d2a2bf0bfabcb4ed630f826db122ca07b  conffile"

openrc-configs/rspamd-redxen-openrc/conffile

@@ -0,0 +1,3 @@
+# Configuration file to start with
+cfgfile="/etc/unbound/main.conf"
+command_args="-c $cfgfile"

openrc-configs/telegraf-redxen-openrc/APKBUILD

@@ -1,8 +1,8 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=telegraf-redxen-openrc
-pkgver=2020.12.7
-pkgrel=1
+pkgver=2020.12.10
+pkgrel=0
 pkgdesc="Telegraf service files"
 url="https://git.redxen.eu/RedXen"
 arch="noarch"
@@ -10,14 +10,15 @@ license="none"
 depends="openrc telegraf-openrc telegraf-redxen-config"
 options="!check"
 source="
+	runfile
 	conffile
 "
 builddir="$srcdir"
 
 package() {
-	mkdir -p "$pkgdir"/etc/init.d
-	ln -s telegraf "$pkgdir"/etc/init.d/telegraf.redxen
+	install -Dm755 runfile "$pkgdir"/etc/init.d/telegraf.redxen
 	install -Dm644 conffile "$pkgdir"/etc/conf.d/telegraf.redxen
 }
 
-sha512sums="9bf080e445c9dbb1a8cab493dbf5d344be1cfe38164eb5fa84c8541f38a5506cddc797829dc51478215e06694c815b1174b134542116283e8bdaf07fa137466c  conffile"
+sha512sums="109a1cb53ba0d654efdb596b994010ac437d8c5fb172cb21f9c6ee53a84332d237909e4ab3e80018567b8abfd6dbdd0dd9fed5f25b550105df3626d13c5dd93e  runfile
+a7950b7fa3c5c8303c387a743591afb5d3b6a4d25c88e5d7522667b8cfdd8cdbad55251152efec352241ffd3d78ce56a5d3b6fbef03a2b02d0b23833547649c7  conffile"

openrc-configs/telegraf-redxen-openrc/conffile

@@ -1,4 +1,5 @@
-TELEGRAF_OPTS="-config /etc/telegraf/main.conf"
+TELEGRAF_CONFIG="/etc/telegraf/main.conf"
+TELEGRAF_OPTS="-config $TELEGRAF_CONFIG"
 
 # Uncomment to enable logging to syslog.
 error_logger="logger -t $RC_SVCNAME"

openrc-configs/telegraf-redxen-openrc/runfile

@@ -0,0 +1,23 @@
+#!/sbin/openrc-run
+
+command="/usr/bin/telegraf"
+command_args="$TELEGRAF_OPTS"
+command_background=yes
+command_user=telegraf:telegraf
+pidfile="/run/$RC_SVCNAME.pid"
+extra_started_commands="reload"
+
+depend() {
+	need net
+	after firewall
+}
+
+start_pre() {
+	checkpath -f -o $command_user -m 640 ${TELEGRAF_CONFIG:-/etc/telegraf.conf}
+}
+
+reload() {
+	ebegin "Reloading ${RC_SVCNAME}"
+	start-stop-daemon --signal HUP --pidfile "${pidfile}"
+	eend $?
+}

openrc-configs/transmission-redxen-openrc/APKBUILD

@@ -1,23 +1,24 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=transmission-redxen-openrc
-pkgver=2020.12.7
-pkgrel=1
+pkgver=2020.12.10
+pkgrel=4
 pkgdesc="Transmission service files"
 url="https://git.redxen.eu/RedXen"
 arch="noarch"
 license="none"
-depends="openrc transmission-redxen-openrc transmission-redxen-config"
+depends="openrc transmission-daemon transmission-redxen-config"
 options="!check"
 source="
+	runfile
 	conffile
 "
 builddir="$srcdir"
 
 package() {
-	mkdir -p "$pkgdir"/etc/init.d
-	ln -s transmission-daemon "$pkgdir"/etc/init.d/transmission-daemon.redxen
+	install -Dm755 runfile "$pkgdir"/etc/init.d/transmission-daemon.redxen
 	install -Dm644 conffile "$pkgdir"/etc/conf.d/transmission-daemon.redxen
 }
 
-sha512sums="c1df27bb036e28ea94c5fa18b40c99a96d9548c28ed8262ad753744a1737883c9fd75fbae2284ea9ad749bd9d4d5ee0b33a1876dccb3008e0ee327de29922ac7  conffile"
+sha512sums="22c65c1b3a719107a486c1d62fc6321e6e775f08a00ed07c98a0b847bd02d14420fa79424011175a8a6eed1acea0ca832fdee00321999b771e556ce7b58ba2b7  runfile
+c1df27bb036e28ea94c5fa18b40c99a96d9548c28ed8262ad753744a1737883c9fd75fbae2284ea9ad749bd9d4d5ee0b33a1876dccb3008e0ee327de29922ac7  conffile"

openrc-configs/transmission-redxen-openrc/runfile

@@ -0,0 +1,49 @@
+#!/sbin/openrc-run
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-p2p/transmission/files/transmission-daemon.initd.8,v 1.2 2011/12/04 10:35:07 swegener Exp $
+
+extra_started_commands="reload"
+description="Transmission is a fast, easy and free bittorrent client"
+description_start="Start transmission-daemon server and web interface"
+description_stop="Stop transmission-daemon server and web interface"
+description_reload="Reload transmission-daemon settings"
+
+config_dir="${config_dir:-/var/lib/transmission/config}"
+download_dir="${download_dir:-/var/lib/transmission/downloads}"
+logfile="${logfile:-/var/log/transmission/transmission.log}"
+rundir="${rundir:-/var/run/transmission}"
+
+command="/usr/bin/transmission-daemon"
+command_user="${command_user:-transmission:transmission}"
+pidfile="${pidfile:-${rundir}/transmission.pid}"
+command_args="--pid-file ${pidfile}"
+
+depend() {
+	need net
+	after firewall
+}
+
+check_config() {
+	command_args="${command_args} --config-dir ${config_dir}"
+	if [ ! -f "${config_dir}/settings.json" ]; then
+		command_args="${command_args} --download-dir ${download_dir}"
+	fi
+	if [ -n "${logfile}" ]; then
+		command_args="${command_args} --logfile ${logfile}"
+	fi
+}
+
+start_pre() {
+	check_config
+
+	checkpath -d -m 750 -o "$command_user" "$download_dir" "$config_dir" "$config_dir/resume" "$rundir"
+	checkpath -f -m 440 -o "$command_user" "$config_dir"/settings.json
+}
+
+reload() {
+	ebegin "Reloading transmission configuration"
+	start-stop-daemon --signal HUP --pidfile ${pidfile}
+	eend $?
+}
+

openrc-configs/wireguard-redxen-openrc/APKBUILD

@@ -0,0 +1,24 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=wireguard-redxen-openrc
+pkgver=2020.12.12
+pkgrel=0
+pkgdesc="Wireguard service files"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="openrc wireguard-redxen-config wireguard-tools-wg-quick"
+options="!check"
+source="
+	runfile
+	conffile
+"
+builddir="$srcdir"
+
+package() {
+	install -Dm755 runfile "$pkgdir"/etc/init.d/wireguard.redxen
+	install -Dm644 conffile "$pkgdir"/etc/conf.d/wireguard.redxen
+}
+
+sha512sums="e93f2603eb9c393183a4619dc54f5a794775c68b010e82e5f511b4136c5750f105ec5742bcbfcd01e873d1ee8d67c89153d43e02635d86fde9c9043848d0b60e  runfile
+543998954d42cc51677b37495d91436b3506dc4e92082a3eba6a0d3791d176ef98db52002bbb98022451b01f477c1dc36022697cd80f8d7a133e90736b624243  conffile"

openrc-configs/wireguard-redxen-openrc/conffile

@@ -0,0 +1 @@
+WIREGUARD_INTERFACE="rxmain"

openrc-configs/wireguard-redxen-openrc/runfile

@@ -0,0 +1,41 @@
+#!/sbin/openrc-run
+
+description="Control wg-quick connections"
+
+check_interface() {
+	if [ -d /sys/class/net/"${WIREGUARD_INTERFACE:-wg0}" ]; then
+		mark_service_started
+		return 0
+	fi
+	mark_service_stopped
+	return 1
+}
+
+start() {
+	check_interface || /usr/bin/wg-quick up "${WIREGUARD_INTERFACE:-wg0}"
+	/sbin/iptables -A INPUT -i eth0 -p udp --dport 51820 -j ACCEPT
+	/sbin/iptables -A FORWARD -i "${WIREGUARD_INTERFACE:-wg0}" -o eth0 -j ACCEPT
+	/sbin/iptables -A FORWARD -i eth0 -o "${WIREGUARD_INTERFACE:-wg0}" -j ACCEPT
+	/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+	/sbin/ip6tables -A INPUT -i eth0 -p udp --dport 51820 -j ACCEPT
+	/sbin/ip6tables -A FORWARD -i "${WIREGUARD_INTERFACE:-wg0}" -o eth0 -j ACCEPT
+	/sbin/ip6tables -A FORWARD -i eth0 -o "${WIREGUARD_INTERFACE:-wg0}" -j ACCEPT
+	/sbin/ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+}
+
+stop() {
+	check_interface && /usr/bin/wg-quick down "${WIREGUARD_INTERFACE:-wg0}"
+	/sbin/iptables -D INPUT -i eth0 -p udp --dport 51820 -j ACCEPT
+	/sbin/iptables -D FORWARD -i "${WIREGUARD_INTERFACE:-wg0}" -o eth0 -j ACCEPT
+	/sbin/iptables -D FORWARD -i eth0 -o "${WIREGUARD_INTERFACE:-wg0}" -j ACCEPT
+	/sbin/iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+	/sbin/ip6tables -D INPUT -i eth0 -p udp --dport 51820 -j ACCEPT
+	/sbin/ip6tables -D FORWARD -i "${WIREGUARD_INTERFACE:-wg0}" -o eth0 -j ACCEPT
+	/sbin/ip6tables -D FORWARD -i eth0 -o "${WIREGUARD_INTERFACE:-wg0}" -j ACCEPT
+	/sbin/ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+}
+
+restart() {
+	stop
+	start
+}

openrc-configs/yggdrasil-redxen-openrc/APKBUILD

@@ -0,0 +1,23 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=yggdrasil-redxen-openrc
+pkgver=2020.12.10
+pkgrel=0
+pkgdesc="Yggdrasil service files"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="openrc yggdrasil-openrc yggdrasil-redxen-config"
+options="!check"
+source="
+	conffile
+"
+builddir="$srcdir"
+
+package() {
+	mkdir -p "$pkgdir"/etc/init.d
+	ln -s yggdrasil "$pkgdir"/etc/init.d/yggdrasil.redxen
+	install -Dm644 conffile "$pkgdir"/etc/conf.d/yggdrasil.redxen
+}
+
+sha512sums="80efc154b8371a06f69d30f13e285e2dbff7227381920400b1b497eafef3cb096c7748f158e6e18ff692e13452da8fc07a5e4738a025989202323303c5e1c04d  conffile"

openrc-configs/yggdrasil-redxen-openrc/conffile

@@ -0,0 +1,4 @@
+yggdrasil_config_file=/etc/yggdrasil/redxen.conf
+
+output_log=/var/log/yggdrasil.log
+error_log=/var/log/yggdrasil.log

software-configs/haproxy-redxen-config/APKBUILD

@@ -1,8 +1,8 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=haproxy-redxen-config
-pkgver=2020.12.7
-pkgrel=0
+pkgver=2020.12.12
+pkgrel=1
 pkgdesc="HAProxy frontend configuration"
 url="https://git.redxen.eu/RedXen"
 arch="noarch"
@@ -21,4 +21,4 @@ check() {
 	haproxy -c -f main.cfg
 }
 
-sha512sums="a64fbfc6304ee0bbe9c840b4368f4d3e098ffa4c74b8c047a22b4cadc7b2d8e32cc17e144754134f98960cd95abaab79f498b620e977a1e68ae14f0c2014ce40  main.cfg"
+sha512sums="badcf29fb4647a1504e5f7c6e4aae21269cba6f85fe0953aa1cdf1a72efba77a5b0b84ce05feb1d30683b05f73367155fbf52067ec4489b8c431effdd87f4a1e  main.cfg"

software-configs/haproxy-redxen-config/main.cfg

@@ -1,6 +1,8 @@
 global
   maxconn 2048
   maxconnrate 40
+  stats socket /run/haproxy.sock mode 600 user telegraf
+  stats timeout 2m
 
 defaults
   mode http
@@ -47,21 +49,18 @@ frontend http
   bind ipv4@:443,ipv6@:443 ssl crt /etc/ssl/redxen/letsencrypt/fullchain.crt alpn h2,http/1.1
   bind ipv4@:80,ipv6@:80
 
-  acl root url /
-  use_backend backend-root if { hdr(host) -i redxen.eu }
+  acl root path /
 
+  redirect prefix /web code 302 if { hdr_beg(host) -i seed } root
   use_backend backend-transmission if { hdr_beg(host) -i seed }
-  redirect prefix /web code 302  if { hdr_beg(host) -i seed } root
 
+  use_backend backend-root if { hdr(host) -i redxen.eu }
   use_backend backend-grafana if { hdr_beg(host) -i stats }
-
   use_backend backend-pleroma if { hdr_beg(host) -i social }
-
   use_backend backend-gitea if { hdr_beg(host) -i git }
-
   use_backend backend-seedown if { hdr_beg(host) -i sd }
 
-  http-response add-header X-Forwarded-Proto https
+  http-response set-header X-Forwarded-Proto https
   http-response set-header X-XSS-Protection 1;\ mode=block
   http-response set-header X-Content-Type-Options nosniff
   http-response set-header Referrer-Policy no-referrer-when-downgrade
@@ -73,20 +72,21 @@ frontend http
 
   backend backend-transmission
     server-template transmission 1 _transmission._tcp.routinginfo.redxen.localhost
-    option httpchk HEAD / HTTP/1.1
 
   backend backend-grafana
-    server-template grafana 5 _grafana._tcp.routinginfo.redxen.localhost
+    server-template grafana 1 _grafana._tcp.routinginfo.redxen.localhost
     option httpchk HEAD / HTTP/1.1
     http-check send hdr Host stats.redxen.eu
 
   backend backend-seedown
     server-template seedown 1 _seedown._tcp.routinginfo.redxen.localhost
     option httpchk HEAD / HTTP/1.1
+    http-check send hdr Host sd.redxen.eu
 
   backend backend-pleroma
     server-template pleroma 1 _pleroma._tcp.routinginfo.redxen.localhost
     option httpchk HEAD / HTTP/1.1
+    http-check send hdr Host social.redxen.eu
 
   backend backend-gitea
     server-template gitea 1 _gitea._tcp.routinginfo.redxen.localhost

software-configs/iptables-redxen-config/rules-v4

@@ -7,19 +7,11 @@
 -A INPUT -i lo -j ACCEPT
 -A INPUT -i tun0 -j ACCEPT
 -A INPUT -p icmp -j ACCEPT
--A INPUT -i eth1 -p tcp -m tcp --dport 7521 -j ACCEPT
 -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
 -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
--A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i eth1 -p tcp -m tcp --dport 7521 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
--A INPUT -p udp -m udp --dport 53 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 2442 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 7777 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 25565 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 64738 -j ACCEPT
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 COMMIT
 # Mangle
 *mangle

software-configs/iptables-redxen-config/rules-v6

@@ -10,16 +10,8 @@
 -A INPUT -i eth1 -p tcp -m tcp --dport 7521 -j ACCEPT
 -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
 -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
--A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
--A INPUT -p udp -m udp --dport 53 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 2442 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 7777 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 25565 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 64738 -j ACCEPT
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 COMMIT
 # Mangle
 *mangle

software-configs/lighttpd-redxen-config/APKBUILD

@@ -0,0 +1,24 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=lighttpd-redxen-config
+pkgver=2020.12.11
+pkgrel=0
+pkgdesc="LigHTTPd configuration"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="lighttpd"
+source="
+	main.conf
+"
+
+package() {
+	install -dm755 "$pkgdir"/http
+	install -Dm440 main.conf "$pkgdir"/etc/lighttpd/redxen/main.conf
+}
+
+check() {
+	lighttpd -f main.conf -t
+}
+
+sha512sums="c6157585741c20022f7cd520db0c1066aae9e6d59be165d49bfd9d3b57fdc1abed681ba067470d01f2b4f22c8c99da466976e4bf28d9d881811aac2d04494cca  main.conf"

software-configs/lighttpd-redxen-config/main.conf

@@ -0,0 +1,28 @@
+var.basedir           = "/http"
+var.logdir            = "/var/log/lighttpd"
+var.statedir          = "/run/lighttpd"
+
+include "/etc/lighttpd/mime-types.conf"
+
+server.bind           = "[::]"
+server.modules        = ( "mod_access", "mod_deflate", "mod_webdav", "mod_dirlisting" )
+server.username       = "lighttpd"
+server.groupname      = "lighttpd"
+server.document-root  = var.basedir
+server.pid-file       = "/run/lighttpd.pid"
+server.indexfiles     = ("index.html")
+server.follow-symlink = "disable"
+server.event-handler  = "linux-sysepoll"
+server.chroot         = var.basedir
+server.port           = 7574
+server.upload-dirs    = ("")
+server.use-ipv6       = "enable"
+
+dir-listing.activate  = "enable"
+
+url.access-deny       = ("~")
+
+deflate.filetypes    = ("text/", "application/javascript")
+
+webdav.activate       = "enable"
+webdav.is-readonly    = "enable"

software-configs/murmur-redxen-config/APKBUILD

@@ -1,7 +1,7 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=murmur-redxen-config
-pkgver=2020.12.7
+pkgver=2020.12.12
 pkgrel=0
 pkgdesc="Murmur configuration files"
 url="https://git.redxen.eu/RedXen"
@@ -18,4 +18,4 @@ package() {
 }
 
 
-sha512sums="43a8ca7f16b0b39f08e35aebe77e7dd9ca5a779733d0e981c07db81c15785b74d3e60baf4b7ea87313e678bfcfbed1329436dcf1df9404b6f4b835a26235e53e  murmur.ini"
+sha512sums="0bc394f306a4ece3115bc0c5948fec251d763b8ef166ce26fbd6b44f8ca906c608ac5c0d3cd79fffdb42146b1ab374092ef92db46e4e453782acc046b21925ba  murmur.ini"

software-configs/nginx-redxen-config/APKBUILD

@@ -0,0 +1,26 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=nginx-redxen-config
+pkgver=2020.12.11
+pkgrel=0
+pkgdesc="NGINX configuration"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="nginx nginx-mod-http-zip"
+source="
+	main.conf
+"
+options="!check"
+
+package() {
+
+	install -dm755 "$pkgdir"/http
+	install -Dm400 main.conf "$pkgdir"/etc/nginx/redxen.conf
+}
+
+check() {
+	nginx -p / -c main.conf -t
+}
+
+sha512sums="acb7c066a734e040c876985ee74de473918194d87e2a6d565238ef4a9894ad8ab9bf2c35d79c3ef2445131731efdb7a999f834f16c34e445a5c899ef689f393a  main.conf"

software-configs/nginx-redxen-config/main.conf

@@ -0,0 +1,26 @@
+user nginx www-data;
+
+events {
+	worker_connections 1024;
+}
+
+http {
+	gzip                              on;
+	gzip_vary                         on;
+	tcp_nopush                        on;
+	tcp_nodelay                       on;
+	keepalive_timeout                 300;
+	include                           /etc/nginx/mime.types;
+	default_type                      application/octet-stream;
+	root                              /http;
+	server {
+		listen                            *:7574 reuseport so_keepalive=on;
+		listen                            [::]:7574 reuseport so_keepalive=on;
+		location / {
+			autoindex                 on;
+			limit_except              GET HEAD {
+				deny all;
+			}
+		}
+	}
+}

software-configs/postgresql-redxen-config/APKBUILD

@@ -1,13 +1,13 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=postgresql-redxen-config
-pkgver=2020.12.7
-pkgrel=0
+pkgver=2020.12.12
+pkgrel=1
 pkgdesc="PostgreSQL configuration files"
 url="https://git.redxen.eu/RedXen"
 arch="noarch"
 license="none"
-depends="postgresql"
+depends="postgresql postgresql-contrib"
 options="!check" # PostgreSQL doesn't have configuration checks
 source="
 	postgresql.conf
@@ -22,6 +22,6 @@ package() {
 	install -Dm644 pg_ident.conf "$pkgdir"/etc/postgresql/redxen/pg_ident.conf
 }
 
-sha512sums="4888ad8feb31f9957935753cff19c1ba801b297cb1f214ddd02ba5a4a116fafe544f7fcd5553c754c333adfabcf121f8134dd129e6d9d8d378247fae0d23ca9c  postgresql.conf
-914d64b5c4876b38633aef6a8eca968dbb789ec36ea5592c731f526f2f2530d9be8d724cf238ca8f966584abfbb6047ce739b9180b3ce2d60e984af5e7788d8b  pg_hba.conf
+sha512sums="f48d721b03a7dd483fc7f0c016a75a13d121e3d105b0874fc21e7cf5fdec11b5deeb2d0607e258499f303c2a4974d3ead17a25b51594c509c86ce5ef016d2cee  postgresql.conf
+2af9c5acacaa2f82e15931d676bac4b89ade6ff91503e09583a35da36d69d0370a314db1de78665ba5cdb8f98cc7f09684efe9c97caa9385541159d170254cd6  pg_hba.conf
 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e  pg_ident.conf"

software-configs/postgresql-redxen-config/pg_hba.conf

@@ -1,3 +1,5 @@
 local	all	postgres	trust
 host	murmur	murmur	0200::/7	md5
 host	grafana	grafana	0200::/7	md5
+host	all	telegraf	127.0.0.1/32	md5
+host	all	telegraf	::1/128	md5

software-configs/postgresql-redxen-config/postgresql.conf

@@ -25,6 +25,24 @@ ssl = off
 shared_buffers = 128MB
 dynamic_shared_memory_type = posix
 
+vacuum_cost_delay = 0
+vacuum_cost_page_hit = 1
+vacuum_cost_page_miss = 10
+vacuum_cost_page_dirty = 20
+vacuum_cost_limit = 200
+
+bgwriter_delay = 200ms
+bgwriter_lru_maxpages = 100
+bgwriter_lru_multiplier = 2.0
+bgwriter_flush_after = 512kB
+
+effective_io_concurrency = 1
+max_worker_processes = 8
+max_parallel_maintenance_workers = 2
+max_parallel_workers_per_gather = 2
+parallel_leader_participation = on
+max_parallel_workers = 8
+
 #------------------------------------------------------------------------------
 # WRITE-AHEAD LOG
 #------------------------------------------------------------------------------
@@ -57,12 +75,20 @@ cluster_name = 'redxen-main'
 # STATISTICS
 #------------------------------------------------------------------------------
 
-stats_temp_directory = '/run/postgresql/12-main.pg_stat_tmp'
+track_activities = on
+track_counts = on
+track_io_timing = on
+track_functions = all
+track_activity_query_size = 1024
+stats_temp_directory = '/run/postgresql/main.pg_stat_tmp'
 
 #------------------------------------------------------------------------------
 # AUTOVACUUM
 #------------------------------------------------------------------------------
 
+autovacuum = on
+autovacuum_naptime = 1min
+
 #------------------------------------------------------------------------------
 # CLIENT CONNECTION DEFAULTS
 #------------------------------------------------------------------------------

software-configs/sysctl-redxen-config/10-memory.conf

@@ -0,0 +1,7 @@
+vm.overcommit_memory = 2
+vm.overcommit_ratio = 95
+
+vm.zone_reclaim_mode = 3
+
+vm.dirty_ratio = 10
+vm.dirty_background_ratio = 5

software-configs/sysctl-redxen-config/20-network.conf

@@ -0,0 +1,29 @@
+# IPV4
+net.ipv4.icmp_echo_ignore_broadcasts = 1
+
+net.ipv4.conf.all.log_martians = 1
+net.ipv4.conf.all.rp_filter = 1
+net.ipv4.conf.default.rp_filter = 1 
+
+# TCP Tweaks
+net.ipv4.tcp_ecn = 1
+net.ipv4.tcp_tw_reuse = 1
+net.ipv4.tcp_mtu_probing = 1
+net.ipv4.tcp_slow_start_after_idle = 1
+
+net.ipv4.tcp_syncookies = 1
+net.ipv4.tcp_synack_retries = 5
+
+net.ipv4.tcp_keepalive_time = 60
+net.ipv4.tcp_keepalive_intvl = 10
+net.ipv4.tcp_keepalive_probes = 6
+
+net.ipv4.tcp_rfc1337 = 1
+
+# UDP Tweaks
+net.ipv4.udp_rmem_min = 8192
+net.ipv4.udp_wmem_min = 8192
+
+# Misc
+net.core.netdev_max_backlog = 16384
+net.core.somaxconn = 8192

software-configs/sysctl-redxen-config/30-kernel.conf

@@ -0,0 +1,10 @@
+kernel.sysrq = 0
+
+# Memory execution prevention
+#kernel.exec-shield = 2
+kernel.randomize_va_space=2
+
+kernel.dmesg_restrict = 1
+kernel.kptr_restrict = 2
+
+#kernel.kexec_load_disabled = 1

software-configs/sysctl-redxen-config/APKBUILD

@@ -0,0 +1,26 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=sysctl-redxen-config
+pkgver=2020.12.10
+pkgrel=0
+pkgdesc="sysctl settings for servers"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="openrc"
+source="
+	10-memory.conf
+	20-network.conf
+	30-kernel.conf
+"
+options="!check"
+
+package() {
+	install -Dm644 10-memory.conf "$pkgdir"/etc/sysctl.d/10-memory.conf
+	install -Dm644 20-network.conf "$pkgdir"/etc/sysctl.d/20-network.conf
+	install -Dm644 30-kernel.conf "$pkgdir"/etc/sysctl.d/30-kernel.conf
+}
+
+sha512sums="8043d419de52d0a8e75ed50643bd73ef3b3e2633d9064c6f6695b796834bc162f6b3c0e28082bb601e1a6c582e92ca90aa3dd626973c741c2ff0d3e1749521b1  10-memory.conf
+117648c1a0ee1a2d554eee2a0f8584097c66300dfda945a4ac0cb52f24160ae673abe3de964d419ddca4e0822a605c7b1d4f8d8e3f85d5f7c582b9803ffa21fc  20-network.conf
+a67a62adddcc0389eef167f390d948ce69488f5755fbd19ca16d9d626511229e7dd7f03fcf0f4731fa867a45417e9554f65b5ccca7fcacc2e51f056d4152031a  30-kernel.conf"

software-configs/telegraf-redxen-config/APKBUILD

@@ -21,4 +21,4 @@ check() {
 	telegraf --config main.conf --test >/dev/null
 }
 
-sha512sums="7f5c6d5fb4b3fa9e44fff7bf5fd600abad615ce00bd7e77977042f4a5f9729da0b5118b9d30e4ee1629c060ceef298a45c9dfa0ab503380599d0d77b77374804  main.conf"
+sha512sums="9a50d6b90693fe991be5a99dc3d31f34137894620cf1023a00ee8d8ad3bd1e8c71c4b136d40d42dc663c8719f4f8ee8bd44b51ba3a5fc5d781d6b956ddb03d0c  main.conf"

software-configs/telegraf-redxen-config/main.conf

@@ -3,9 +3,7 @@
   round_interval = true
   metric_batch_size = 1000
   metric_buffer_limit = 10000
-  collection_jitter = "5s"
   flush_interval = "30s"
-  flush_jitter = "0s"
   precision = ""
   debug = false
   quiet = false

software-configs/unbound-redxen-config/APKBUILD

@@ -1,7 +1,7 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=unbound-redxen-config
-pkgver=2020.12.7
+pkgver=2020.12.12
 pkgrel=0
 pkgdesc="Unbound configurations and some other stuff."
 url="https://git.redxen.eu/RedXen"
@@ -29,6 +29,6 @@ package() {
 
 
 sha512sums="0741bc9c6e94a656f35ae452288f0212a2a2df9eda3688a2d3f04012d686adee5f03e3e9f4c72685626f672baaacbd00be71ee0d8699989f47abfd34b72b2b3d  main.conf
-598ad87d4dfed44d9711fb8164610306907454a3aea3333dc16a098839d9217e86d65075d9a4c3b0ca03d283059d05e99cbd7e9fba9a61b706f99ed356fffb08  base.conf
-14eaa203361d5b5c25c21796ca0ace6aaa89d6cdae464d51dc6896868c27c0e973d346c027f501b407157ebec247752cf3287e3cbd53c8b1cc6eaf11335d4a57  internal.conf
-9d4ee8a276c6b16f0a034cb0ff989b3f2589eef4c59f14f2f431a9a3e3136e9d648506547cee13f97cdd2d92d4bb84b0098b72511fc851f700c2e2a0208884f3  redxen-dns.conf"
+d7b03d004ddfe4d7ee1b1c4a6d6200635ee385f68034b3ff10c624d3e6fc1fc9e906efddd20ba0bd54638534f17d7800ff49b4c0c8ddea4564cc4e936851b692  base.conf
+b812d66a3682f56bd5ec38f56ebf1b9abbf6b3019ab2f867e5177ded0bf1540c49f88462cff7c17e8293f5ec4324405b0268e7f748d89612ddd9866a04d6e0ba  internal.conf
+b1c40b398877571861edbef8b3c236034f0a19d53485df276318738a53949dfa3b9e7428bd6d13b96cd228a0a76fb467dc44395ef064638c0eaf90b359e33e59  redxen-dns.conf"

software-configs/unbound-redxen-config/base.conf

@@ -1,9 +1,8 @@
 server:
 	access-control: 0.0.0.0/0 refuse_non_local
 	access-control: ::/0 refuse_non_local
-
-	# Local Host
 	access-control: 127.0.0.0/8 allow
+	access-control: ::/128 allow
 	#log-replies: yes
 	interface: 0.0.0.0
 	interface: ::0
@@ -28,7 +27,7 @@ server:
 remote-control:
 	control-enable: yes
 	control-use-cert: no
-	control-interface: 127.0.0.1
+	control-interface: ::1
 forward-zone:
 	name: "."
 	forward-tls-upstream: yes

software-configs/unbound-redxen-config/internal.conf

@@ -4,16 +4,19 @@ server:
 	# Machines
 	local-data: "8101153.nbg1-dc3.hetzner.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805"
 	local-data: "8201371.fsn1-dc14.hetzner.redxen.localhost. 86400 IN AAAA 200:8656:aa4:dc68:888:d92c:914b:866b"
+	local-data: "9013723.fsn1-dc14.hetzner.redxen.localhost. 86400 IN AAAA 200:2749:8af:bdf9:f011:997e:7bbb:35f3"
 
 	# Familiar names
-	local-data: "lain.nurnberg.redxen.localhost. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.localhost."
-	local-data: "arisu.falkenstein.redxen.localhost. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.localhost."
+	local-data: "lain.nurnberg.hetzner.redxen.localhost. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.localhost."
+	local-data: "arisu.falkenstein.hetzner.redxen.localhost. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.localhost."
+	local-data: "chisa.falkenstein.hetzner.redxen.localhost. 86400 IN CNAME 9013723.fsn1-dc14.hetzner.redxen.localhost."
 	
 	# Services
 	local-data: "_murmur._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7573 8201371.fsn1-dc14.hetzner.redxen.localhost."
-	local-data: "_root._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7574 8201371.fsn1-dc14.hetzner.redxen.localhost."
-	local-data: "_transmission._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7572 8201371.fsn1-dc14.hetzner.redxen.localhost."
 	local-data: "_grafana._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7577 8201371.fsn1-dc14.hetzner.redxen.localhost."
+	local-data: "_transmission._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7572 9013723.fsn1-dc14.hetzner.redxen.localhost."
+	local-data: "_root._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7574 9013723.fsn1-dc14.hetzner.redxen.localhost."
+	local-data: "_seedown._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7574 9013723.fsn1-dc14.hetzner.redxen.localhost."
 
 	# Services (no CNAME/SRV support)
 	local-data: "postgresql.routinginfo.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805"

software-configs/unbound-redxen-config/redxen-dns.conf

@@ -11,22 +11,42 @@ server:
 	local-data: "8101153.nbg1-dc3.hetzner.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:9a10::1"
 	local-data: "8201371.fsn1-dc14.hetzner.redxen.eu. 86400 IN A 78.46.207.237"
 	local-data: "8201371.fsn1-dc14.hetzner.redxen.eu. 86400 IN AAAA 2a01:4f8:c17:436e::1"
+	local-data: "9013723.fsn1-dc14.hetzner.redxen.eu. 86400 IN A 168.119.99.213"
+	local-data: "9013723.fsn1-dc14.hetzner.redxen.eu. 86400 IN AAAA 2a01:4f8:c17:fd5e::1"
 
 	# Familiar records
-	local-data: "lain.nurnberg.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
-	local-data: "arisu.falkenstein.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
+	local-data: "lain.nurnberg.hetzner.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
+	local-data: "arisu.falkenstein.hetzner.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
+	local-data: "chisa.falkenstein.hetzner.redxen.eu. 86400 IN CNAME 9013723.fsn1-dc14.hetzner.redxen.eu."
 
 	# Services
-	local-data: "stats.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
+
+	# Grafana
+	local-data: "stats.redxen.eu. 86400 IN A 94.130.110.3"
+	local-data: "stats.redxen.eu. 86400 IN A 78.46.207.237"
 	local-data: "stats.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
-	local-data: "git.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
-	local-data: "git.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
-	local-data: "seed.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
-	local-data: "seed.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
-	local-data: "sd.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
+
+	local-data: "stats.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:9a10::1"
+	local-data: "stats.redxen.eu. 86400 IN AAAA 2a01:4f8:c17:436e::1"
+	local-data: "stats.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
+
+	# Seedbox HTTP
+	local-data: "sd.redxen.eu. 86400 IN A 94.130.110.3"
+	local-data: "sd.redxen.eu. 86400 IN A 78.46.207.237"
 	local-data: "sd.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
-	local-data: "social.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
-	local-data: "social.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
+
+	local-data: "sd.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:9a10::1"
+	local-data: "sd.redxen.eu. 86400 IN AAAA 2a01:4f8:c17:436e::1"
+	local-data: "sd.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
+
+	# Transmission
+	local-data: "seed.redxen.eu. 86400 IN A 94.130.110.3"
+	local-data: "seed.redxen.eu. 86400 IN A 78.46.207.237"
+	local-data: "seed.redxen.eu. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.eu."
+
+	local-data: "seed.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:9a10::1"
+	local-data: "seed.redxen.eu. 86400 IN AAAA 2a01:4f8:c17:436e::1"
+	local-data: "seed.redxen.eu. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.eu."
 
 	# Services SRV
 	local-data: "_mumble._tcp.redxen.eu. 86400 IN SRV 0 5 64738 8101153.nbg1-dc3.hetzner.redxen.eu."
@@ -61,3 +81,36 @@ server:
 	local-data: "n3.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8b23::1"
 	local-data: "n4.redxen.eu. 86400 IN A 94.130.107.187"
 	local-data: "n4.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8990::1"
+
+	local-data: "redxen.eu. 86400 IN A 78.46.197.89"
+	local-data: "redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:6ed1::1"
+	local-data: "redxen.eu. 86400 IN A 94.130.108.207"
+	local-data: "redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8d8d::1"
+	local-data: "redxen.eu. 86400 IN A 116.203.235.73"
+	local-data: "redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:e8b9::1"
+	local-data: "redxen.eu. 86400 IN A 94.130.108.81"
+	local-data: "redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8b23::1"
+	local-data: "redxen.eu. 86400 IN A 94.130.107.187"
+	local-data: "redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8990::1"
+
+	local-data: "git.redxen.eu. 86400 IN A 78.46.197.89"
+	local-data: "git.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:6ed1::1"
+	local-data: "git.redxen.eu. 86400 IN A 94.130.108.207"
+	local-data: "git.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8d8d::1"
+	local-data: "git.redxen.eu. 86400 IN A 116.203.235.73"
+	local-data: "git.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:e8b9::1"
+	local-data: "git.redxen.eu. 86400 IN A 94.130.108.81"
+	local-data: "git.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8b23::1"
+	local-data: "git.redxen.eu. 86400 IN A 94.130.107.187"
+	local-data: "git.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8990::1"
+
+	local-data: "social.redxen.eu. 86400 IN A 78.46.197.89"
+	local-data: "social.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:6ed1::1"
+	local-data: "social.redxen.eu. 86400 IN A 94.130.108.207"
+	local-data: "social.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8d8d::1"
+	local-data: "social.redxen.eu. 86400 IN A 116.203.235.73"
+	local-data: "social.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:e8b9::1"
+	local-data: "social.redxen.eu. 86400 IN A 94.130.108.81"
+	local-data: "social.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8b23::1"
+	local-data: "social.redxen.eu. 86400 IN A 94.130.107.187"
+	local-data: "social.redxen.eu. 86400 IN AAAA 2a01:4f8:c0c:8990::1"

software-configs/wireguard-redxen-config/APKBUILD

@@ -10,11 +10,14 @@ license="none"
 depends="wireguard-tools-wg wireguard-tools-wg-quick"
 source="
 	main.conf
+	sysctl.conf
 "
 options="!check"
 
 package() {
-	install -Dm400 main.conf "$pkgdir"/etc/wireguard/wg0.conf
+	install -Dm400 main.conf "$pkgdir"/etc/wireguard/rxmain.conf
+	install -Dm644 sysctl.conf "$pkgdir"/etc/sysctl.d/90-wireguard.conf
 }
 
-sha512sums="46c6f9939e42f1f3f56df7780446738dae5c92798c9ee8f714c29cac192cb3799c818fe40a0c53d32b1513879b1a579db899988a26f5387c377925af2d2908c4  main.conf"
+sha512sums="658dcc9ae4e2e5e7b667d36952143d5986f267ceac3a4053493e92bbef8388cae2fb3f0db4ff2779d09caaae34b35a5712a7b791cb409be83975c084cdb839e8  main.conf
+b79ffbc64f2e193dc9402f7506b56b66892aa5387d13ac209ae344f9ce0f17aec3fdc503bf6855650d413dba3b66ffa3f937dd803850028579f5f5ed747c56b0  sysctl.conf"

software-configs/wireguard-redxen-config/sysctl.conf

@@ -0,0 +1,2 @@
+net.ipv4.ip_forward = 1
+net.ipv6.conf.all.forwarding = 1

software-configs/yggdrasil-redxen-config/APKBUILD

@@ -1,7 +1,7 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=yggdrasil-redxen-config
-pkgver=2020.12.7
+pkgver=2020.12.10
 pkgrel=0
 pkgdesc="Yggdrasil tunnel configuration"
 url="https://git.redxen.eu/RedXen"
@@ -14,7 +14,7 @@ source="
 options="!check"
 
 package() {
-	install -Dm600 redxen.conf "$pkgdir"/etc/yggdrasil.conf
+	install -Dm600 redxen.conf "$pkgdir"/etc/yggdrasil/redxen.conf
 }
 
-sha512sums="84b36afbbdc68e595df65ab2321284ee615415ab7ce00c1fd81988a595959cebc1b18f5f0998876fb106f4220dce8ef8e2ffb9f822f2341e276f2d1643c4e7e0  redxen.conf"
+sha512sums="630d13a1256257b804c37e167a08fa96e622d393bca1b2ec2f8f6f60f286b00954fa3ff07cd215e5835b18ef7fc8bedfc1d881303af80625936302f5d72b6496  redxen.conf"

software-configs/yggdrasil-redxen-config/redxen.conf

@@ -2,7 +2,7 @@
 	Peers: [
 	]
 	Listen: [
-		tcp://0.0.0.0:7521
+		tls://0.0.0.0:7521
 	]
 	MulticastInterfaces: []
 	AllowedEncryptionPublicKeys: [