Reorganization, automation and more
- More templating and inheritance - New commands + rx_replace + rx_install + rx_cpkgdir - More transparency with secrets being sourced as variables and replaced - Modularization of configs + telegraf + nginx (partial) + fastd + wireguard + unbound - Split of unbound configurations and bind zones - Bumping of key versions (rolling keys) + ZSK/KSK + OpenDKIM - Relaxed permission defaults and other smaller tweaks...
This commit is contained in:
parent
9a0ae5369c
commit
8df9fdc4ab
|
@ -1,14 +1,14 @@
|
|||
src/
|
||||
pkg/
|
||||
secrets
|
||||
.rootbld-repositories
|
||||
secret/nginx-httpauth
|
||||
|
||||
secret/alpinepkg-httpauth/secret
|
||||
secret/letsencrypt/private.key
|
||||
secret/letsencrypt/public.pem
|
||||
config/murmur/murmur.ini
|
||||
config/transmission-daemon/settings.json
|
||||
config/wireguard/main.conf
|
||||
config/grafana/main.ini
|
||||
config/dovecot/pgsql.conf
|
||||
config/postfix/pgsql-aliases.cf
|
||||
config/postfix/pgsql-users.cf
|
||||
|
||||
config/grafana/secret
|
||||
config/wireguard/secret
|
||||
config/murmur/secret
|
||||
config/dovecot/secret
|
||||
config/postfix/secret
|
||||
config/transmission/secret
|
||||
config/gitea/secret
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
pkgname=redxen # Prefix
|
||||
pkgver="$(date +'%Y.%m.%d')" # Use current date as fallback
|
||||
url="https://git.redxen.eu/RedXen/aports" # Upstream for all configs
|
||||
arch="noarch" # Most things aren't arch specific
|
||||
license="none" # Can you even license configs?
|
||||
options="!check" # Usually software doesn't provide tests
|
||||
builddir="$srcdir" # This should be a default, sadly isn't
|
||||
_rx_pkgname="${startdir##*/}" # Usually the package name is the same as the directory
|
||||
_rx_installdir="/etc/redxen/$_rx_pkgname" # The install dir follows this pattern
|
||||
|
||||
rx_replace() {
|
||||
sed -i -- "s/$1/$(printf "%s" "$2" | sed 's/[&/\]/\\&/g')/g" "$3"
|
||||
}
|
||||
|
||||
rx_cpkgdir() {
|
||||
echo "${subpkgdir:-${pkgdir}}"
|
||||
}
|
||||
|
||||
rx_install() {
|
||||
_SRC="$1"
|
||||
if [ ! -f "$_SRC" ]; then
|
||||
if [ -f "$pkgdir/$_SRC" ]; then
|
||||
_SRC="$pkgdir/$_SRC"
|
||||
elif [ -f "$builddir/$_SRC" ]; then
|
||||
_SRC="$builddir/$_SRC"
|
||||
elif [ -f "$srcdir/$_SRC" ]; then
|
||||
_SRC="$srcdir/$_SRC"
|
||||
else
|
||||
die "Install source $_SRC wasn't found"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
install -D -m "${_rx_fperm:-444}" -- "$_SRC" "$(rx_cpkgdir)/${_rx_installdir}/${2:-${1##*/}}"
|
||||
}
|
||||
|
||||
# Defaults
|
||||
|
||||
rx_source_installall() {
|
||||
for i in $source; do
|
||||
rx_install "$i"
|
||||
done
|
||||
}
|
||||
|
||||
# Install every source file in a directory
|
||||
package() {
|
||||
rx_source_installall
|
||||
}
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
- Database host (rein)
|
||||
- PostgreSQL
|
||||
- Redis
|
||||
- InfluxDB
|
||||
- MoneroD
|
||||
- Communications host (chisa)
|
||||
- Dovecot
|
||||
- Postfix
|
||||
- RSpamD
|
||||
- OpenDKIM
|
||||
- Murmur
|
||||
- Routing host (karu, lin)
|
||||
- HAProxy
|
||||
- Unbound
|
||||
- FastD
|
||||
- BIRD
|
||||
- Wireguard
|
||||
- Game host (taro)
|
||||
- Terraria
|
||||
- Xonotic
|
||||
- Minetest
|
||||
- Minecraft
|
||||
- Misc host (masami)
|
||||
- Packages
|
||||
- Homepage
|
||||
- Gitea
|
||||
- Seedbox
|
||||
- Grafana
|
|
@ -24,7 +24,10 @@ Internal ports: 7500-7600
|
|||
SSH: 7571
|
||||
Transmission: 7572
|
||||
Mumble: 7573
|
||||
NGINX: 7574
|
||||
NGINX:
|
||||
Packages: 7574
|
||||
Homepage: 7575
|
||||
Seedbox: 7576
|
||||
Grafana: 7577
|
||||
Monerod:
|
||||
RPC: 7579
|
||||
|
|
|
@ -1,27 +0,0 @@
|
|||
pkgname=redxen-config-$_svcname
|
||||
pkgver="$(date +'%Y.%m.%d')"
|
||||
url="https://git.redxen.eu/RedXen/aports"
|
||||
arch="noarch"
|
||||
license="none"
|
||||
pkgdesc="RedXen service config for $_svcname"
|
||||
options="!check"
|
||||
builddir="$srcdir"
|
||||
_cfgpath="${_configpath:-/etc/${_svcname}}"
|
||||
|
||||
package_copy_configs() {
|
||||
for i in ${1:-$source}; do
|
||||
package_copy_cfg
|
||||
done
|
||||
}
|
||||
|
||||
package_copy_cfg() {
|
||||
install -Dm"${COPYCFG_MASK:-${_cfgumask:-644}}" "${COPYCFG_SRC:-$i}" "${COPYCFG_DEST:-${pkgdir}/${_cfgpath}/${COPYCFG_FNAME_DEST:-$i}}"
|
||||
}
|
||||
|
||||
package() {
|
||||
package_copy_configs
|
||||
}
|
||||
|
||||
replace_in_file() {
|
||||
sed -i -- "s/$1/$(echo "$2" | sed 's/[&/\]/\\&/g')/g" "$3"
|
||||
}
|
|
@ -0,0 +1,6 @@
|
|||
. ../../APKBUILD.template
|
||||
|
||||
: ${pkgname:?"No package prefix provided"}
|
||||
|
||||
pkgname="$pkgname-config-$_rx_pkgname"
|
||||
pkgdesc="RedXen configuration: $_rx_pkgname"
|
|
@ -1,11 +0,0 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=babeld
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
|
||||
pkgver=2021.02.25
|
||||
pkgrel=0
|
||||
source="redxen.conf"
|
||||
|
||||
sha512sums="965149d9b246ec9d41ed1fb9edd9d7eaa72f284af5590b1897ba17babc71da3b293953d52555fd1b3acbfe8a9c9131e1873c494fbbe72866e82b6d2c84539517 redxen.conf"
|
|
@ -1,24 +0,0 @@
|
|||
diversity true
|
||||
interface crxn0 enable-timestamps true link-quality true
|
||||
|
||||
#
|
||||
# Redistributions
|
||||
#
|
||||
|
||||
redistribute local deny
|
||||
|
||||
# Only learn CRXN routes
|
||||
in ip 10.0.0.0/8 ge 8 allow
|
||||
in ip 0.0.0.0/0 ge 0 deny
|
||||
|
||||
in ip fd8a:6111:3b1a::/48 ge 48 allow
|
||||
in ip ::/0 ge 0 deny
|
||||
|
||||
# Disable IPv4, range already taken by private network
|
||||
install ip 10.0.0.0/8 ge 8 deny
|
||||
|
||||
# Redistribute all CRXN
|
||||
redistribute ip fd8a:6111:3b1a::/48 ge 48
|
||||
|
||||
# Redistribute Freeloaders CRXN
|
||||
redistribute ip 2a04:5b81:2050::/44 ge 44
|
|
@ -1,11 +1,12 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=bird
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.05.12
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
source="redxen.conf"
|
||||
|
||||
sha512sums="063c456c53d547ca5c96a2f89870e9e7e7569c04fad166fa9f3c7d589252cba1e3f801c14b367e106ee7b119bb3abb1d44c1059996d3704352023aefd4ed1184 redxen.conf"
|
||||
sha512sums="
|
||||
063c456c53d547ca5c96a2f89870e9e7e7569c04fad166fa9f3c7d589252cba1e3f801c14b367e106ee7b119bb3abb1d44c1059996d3704352023aefd4ed1184 redxen.conf
|
||||
"
|
||||
|
|
|
@ -1,23 +1,45 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=dovecot
|
||||
_configpath="/etc/dovecot/redxen"
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.01.17
|
||||
pkgrel=2
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
depends="dovecot-lmtpd dovecot-pgsql redxen-secret-letsencrypt-chain redxen-secret-letsencrypt-private"
|
||||
install="$pkgname.pre-install"
|
||||
source="
|
||||
_rx_dovecot_base_src="
|
||||
dovecot.conf
|
||||
"
|
||||
_rx_dovecot_pgsql_src="
|
||||
pgsql.conf
|
||||
"
|
||||
source="
|
||||
$_rx_dovecot_base_src
|
||||
secret
|
||||
$_rx_dovecot_pgsql_src
|
||||
"
|
||||
|
||||
package() {
|
||||
package_copy_configs
|
||||
mkdir -p "$pkgdir"/var/mail
|
||||
build() {
|
||||
. secret
|
||||
: "${POSTGRESQL_PASSWORD:?'PostgreSQL database access password missing'}"
|
||||
|
||||
for i in $_rx_dovecot_pgsql_src; do
|
||||
cp "$i" "$i".private
|
||||
rx_replace "POSTGRESQL_PASSWORD" "$POSTGRESQL_PASSWORD" "$i".private
|
||||
done
|
||||
}
|
||||
|
||||
sha512sums="3ba2d75d7f548afe6b55ea1c97a0cbca46ef95de727c2ac919485d75f1724551b190897a718308af9f8dde8e8c8dda0d177325a66d297bcb914015e71042c85d dovecot.conf
|
||||
d4646d31915b6fc0df7cc9c06d66c369f6a622f2f0c783fd9463a05a53d1b3b3ba2ebcbe32b2391f0e44fe2a67c6eeeef3b00d3067325152054e184ac67ff745 pgsql.conf"
|
||||
package() {
|
||||
for i in $_rx_dovecot_base_src; do
|
||||
rx_install "$i"
|
||||
done
|
||||
for i in $_rx_dovecot_pgsql_src; do
|
||||
rx_install "$i".private "$i"
|
||||
done
|
||||
install -dm700 "$(rx_cpkgdir)"/var/mail
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
fdd1fa6072c77e297766582ef119da55b8d0bea435bfe7c890ca1ea2853a43936edd05ae0a08f001a335930276dcc0f7e160aa8d31ff3d8f4872e36cba37b48b dovecot.conf
|
||||
3b28fdfdafaffe19e038b8fd3d3dfdeea51b68c68a148054a1daf618a5ed6e18bdfc58154f9fd32ce982eae9d03e50b3a63ea3a21f9a358e26e4d77164530151 secret
|
||||
5ed93cd8326a1fe604a91acb38da6864ee002877a069fa8f5b67fa10b7213d21966d7500b460cb14cedc063470b346002daf3031fc6be0d25d3bd864ff4b2f2f pgsql.conf
|
||||
"
|
||||
|
|
|
@ -10,8 +10,8 @@ protocols = imap lmtp
|
|||
|
||||
# TLS stuff
|
||||
ssl = yes
|
||||
ssl_cert = </etc/ssl/redxen/letsencrypt/chain.crt
|
||||
ssl_key = </etc/ssl/redxen/letsencrypt/private.key
|
||||
ssl_cert = </etc/redxen/letsencrypt/chain.crt
|
||||
ssl_key = </etc/redxen/letsencrypt/private.key
|
||||
|
||||
# Authentication
|
||||
auth_mechanisms = plain login
|
||||
|
@ -31,12 +31,12 @@ imap_capability = +SPECIAL-USE
|
|||
# PostgreSQL UserDB
|
||||
userdb {
|
||||
driver = sql
|
||||
args = /etc/dovecot/redxen/pgsql.conf
|
||||
args = /etc/redxen/dovecot/pgsql.conf
|
||||
}
|
||||
|
||||
passdb {
|
||||
driver = sql
|
||||
args = /etc/dovecot/redxen/pgsql.conf
|
||||
args = /etc/redxen/dovecot/pgsql.conf
|
||||
}
|
||||
|
||||
# Services
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
connect = host=postgresql.routinginfo.internal port=7550 dbname=mail user=dovecot password=POSTGRESQL_PASSWORD
|
||||
driver = pgsql
|
||||
default_pass_scheme = ARGON2I
|
||||
user_query = SELECT '8' AS uid, '12' AS gid FROM users WHERE userid = '%u' AND active = '1'
|
||||
password_query = SELECT userid AS user, password FROM users WHERE userid = '%u' AND active = '1'
|
||||
iterate_query = SELECT userid AS user FROM users
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
adduser dovecot rxletsenc
|
||||
|
||||
return 0
|
|
@ -1,13 +1,33 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=fastd
|
||||
_configpath="/etc/fastd/redxen"
|
||||
_cfgumask=600
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.02.09
|
||||
pkgrel=3
|
||||
source="fastd.conf"
|
||||
pkgver=2021.06.01.04
|
||||
pkgrel=0
|
||||
source="
|
||||
fastd.conf
|
||||
"
|
||||
_peers="
|
||||
deavmi
|
||||
"
|
||||
depends="redxen-secret-fastd-peerkey"
|
||||
|
||||
sha512sums="8743f56c32dd827b76c27ff5f2c634e7a76b59e275891ee7850109b6b08a3c26cfa6f789e5659e6f1148a55857c992511195b337c5773b9480fac5e116232fe2 fastd.conf"
|
||||
for i in $_peers; do
|
||||
subpackages="$subpackages $pkgname-peer-$i:_peer"
|
||||
source="$source peers/$i"
|
||||
done
|
||||
|
||||
package() {
|
||||
rx_install fastd.conf
|
||||
}
|
||||
|
||||
_peer() {
|
||||
_peername="${subpkgname##*-peer-}"
|
||||
_rx_installdir="$_rx_installdir/peers" rx_install "$_peername"
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
9ff7544ac46576897400eff389b1a458755482b44f5771adc0c04fae1c8b25311ea5ecfe78ecc23c83b89580ccdfa239506da273705880f1afa0c0c7f3109114 fastd.conf
|
||||
4d9291172657f4871dc77296f8e902facd00ddbea226fe8091ff860530fb9be1d8f5476e6b51bab745af2a62a492e2ddf7a562482d6c09cb468a67ca0082492f deavmi
|
||||
"
|
||||
|
|
|
@ -1,16 +1,14 @@
|
|||
interface "crxn0";
|
||||
interface "tunptp0";
|
||||
method "salsa2012+umac";
|
||||
bind any:2190;
|
||||
secret "";
|
||||
log to syslog level info;
|
||||
|
||||
# TODO: Find a better way to define this (per-host /etc/network/interfaces?)
|
||||
on up "
|
||||
ip -6 addr add fd8a:6111:3b1a:dddd::X/64 scope global dev $INTERFACE
|
||||
ip -6 route add fd8a:6111:3b1a:dddd::X/64 dev $INTERFACE protocol static
|
||||
ip -6 addr add fd8a:6111:3b1a:dddd::1/64 scope global dev $INTERFACE
|
||||
ip -6 route add fd8a:6111:3b1a:dddd::1/64 dev $INTERFACE protocol static
|
||||
ip link set $INTERFACE up
|
||||
";
|
||||
|
||||
peer "peer0"
|
||||
{
|
||||
remote ipv6 "" port 2190;
|
||||
key "";
|
||||
}
|
||||
include "/etc/redxen/fastd-peerkey/secret.conf";
|
||||
include peers from "peers";
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
remote ipv6 "2a04:5b80:300:3:0:c0ff:fe91:bf87" port 2190;
|
||||
key "5c717c5c7569a06f35beb617bb56a38d3aa0071bdcca3fda56a9b42db1e89804";
|
|
@ -1,32 +1,33 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=gitea
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.05.08
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
depends="redxen-data-gitea-theme"
|
||||
source="
|
||||
redxen.ini
|
||||
secrets
|
||||
secret
|
||||
"
|
||||
|
||||
prepare() {
|
||||
default_prepare
|
||||
install -D "redxen.ini" "redxen-mod.ini"
|
||||
. secrets
|
||||
replace_in_file "POSTGRESQL_GITEA_PASSWORD" "$POSTGRESQL_GITEA_PASSWORD" "redxen-mod.ini"
|
||||
replace_in_file "GITEA_SECRET_KEY" "$GITEA_SECRET_KEY" "redxen-mod.ini"
|
||||
replace_in_file "GITEA_INTERNAL_TOKEN" "$GITEA_INTERNAL_TOKEN" "redxen-mod.ini"
|
||||
replace_in_file "GITEA_MAILER_PASSWD" "$GITEA_MAILER_PASSWD" "redxen-mod.ini"
|
||||
replace_in_file "GITEA_OAUTH_JWT_TOKEN" "$GITEA_OAUTH_JWT_TOKEN" "redxen-mod.ini"
|
||||
. secret
|
||||
rx_replace "POSTGRESQL_GITEA_PASSWORD" "$POSTGRESQL_GITEA_PASSWORD" "redxen-mod.ini"
|
||||
rx_replace "GITEA_SECRET_KEY" "$GITEA_SECRET_KEY" "redxen-mod.ini"
|
||||
rx_replace "GITEA_INTERNAL_TOKEN" "$GITEA_INTERNAL_TOKEN" "redxen-mod.ini"
|
||||
rx_replace "GITEA_MAILER_PASSWD" "$GITEA_MAILER_PASSWD" "redxen-mod.ini"
|
||||
rx_replace "GITEA_OAUTH_JWT_TOKEN" "$GITEA_OAUTH_JWT_TOKEN" "redxen-mod.ini"
|
||||
}
|
||||
|
||||
package() {
|
||||
COPYCFG_SRC="redxen-mod.ini" COPYCFG_FNAME_DEST="redxen.ini" package_copy_cfg
|
||||
mkdir -p "$pkgdir"/var/lib/gitea
|
||||
rx_install redxen-mod.ini redxen.ini
|
||||
install -dm700 "$(rx_cpkgdir)"/var/lib/gitea
|
||||
}
|
||||
|
||||
sha512sums="f530ec63e352f2daac6c66325f8ffc679c9fd3959750ccbc6f2f3e2456a0f8a8abe12ec14cdaa05507a6785f166d5d60c016f8b6a9751749c62223a9c0d8d436 redxen.ini
|
||||
012d489c5d71864cda4b99ec16b3d6edbf83d18ea14d2104afe70e320937f4dd223572e384fba040cb3d43ced8ca7267e434756e4a1cd8bd41bb6f9092ad4b9d secrets"
|
||||
sha512sums="
|
||||
e220ce0d91065f7ff4e4705f2a632147aad844bd71898d2d4ccbfc16638521a4980d204a3bcf09baf4174ffa6eab88fbd39d37458098e098ceb8dc4ed472d675 redxen.ini
|
||||
012d489c5d71864cda4b99ec16b3d6edbf83d18ea14d2104afe70e320937f4dd223572e384fba040cb3d43ced8ca7267e434756e4a1cd8bd41bb6f9092ad4b9d secret
|
||||
"
|
||||
|
|
|
@ -31,7 +31,7 @@ CONTENT_PATH = lfs
|
|||
|
||||
[database]
|
||||
DB_TYPE = postgres
|
||||
HOST = postgresql.routinginfo.redxen.localhost:7550
|
||||
HOST = postgresql.routinginfo.internal:7550
|
||||
NAME = gitea
|
||||
USER = gitea
|
||||
PASSWD = POSTGRESQL_GITEA_PASSWORD
|
||||
|
@ -51,11 +51,11 @@ REPO_INDEXER_TYPE = bleve
|
|||
|
||||
[queue.issue_indexer]
|
||||
TYPE = redis
|
||||
CONN_STR = redis://redis.routinginfo.redxen.localhost:7551/?db=7&pool_size=100&idle_timeout=180s
|
||||
CONN_STR = redis://redis.routinginfo.internal:7551/?db=7&pool_size=100&idle_timeout=180s
|
||||
|
||||
[session]
|
||||
PROVIDER = redis
|
||||
PROVIDER_CONFIG = redis://redis.routinginfo.redxen.localhost:7551/?db=6&pool_size=100&idle_timeout=180s
|
||||
PROVIDER_CONFIG = redis://redis.routinginfo.internal:7551/?db=6&pool_size=100&idle_timeout=180s
|
||||
COOKIE_SECURE = true
|
||||
|
||||
[picture]
|
||||
|
@ -94,7 +94,7 @@ MODE = console
|
|||
|
||||
[cache]
|
||||
ADAPTER = redis
|
||||
HOST = redis://redis.routinginfo.redxen.localhost:7551/?db=5&pool_size=100&idle_timeout=180s
|
||||
HOST = redis://redis.routinginfo.internal:7551/?db=5&pool_size=100&idle_timeout=180s
|
||||
ITEM_TTL = 10m
|
||||
|
||||
[oauth2]
|
||||
|
|
|
@ -1,12 +1,30 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=grafana
|
||||
_cfgumask=400
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.01.13
|
||||
pkgrel=4
|
||||
source="main.ini"
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
source="
|
||||
secret
|
||||
main.ini
|
||||
"
|
||||
|
||||
sha512sums="90d7ac741be339613b325886ef485091c3f2662fc32e98a723935ef27838547ceea89ae4800d780b51411334264d5678c3431c3e4b3c34cfedd5373cba72ab62 main.ini"
|
||||
build() {
|
||||
. secret
|
||||
: "${POSTGRESQL_PASSWORD:?'PostgreSQL password is missing'}"
|
||||
: "${SMTP_AUTH_PASSWORD:?'SMTP authentication password is missing'}"
|
||||
|
||||
cp "main.ini" "main.ini.private"
|
||||
rx_replace "POSTGRESQL_PASSWORD" "$POSTGRESQL_PASSWORD" "main.ini.private"
|
||||
rx_replace "SMTP_AUTH_PASSWORD" "$SMTP_AUTH_PASSWORD" "main.ini.private"
|
||||
}
|
||||
|
||||
package() {
|
||||
rx_install "main.ini.private" "main.ini"
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
9a0dee0934034685c2aba7ebb21283ee73fd240c4cee2aa1cfcec66ba5afc3ed3759b2c79e1facba3e3e0a38fe75f11a7f382d968798ba212c36072238c59190 secret
|
||||
8206984e9fb01cef0b06b366bd6af1cc74227d07404c68d50b0d59fadf409b2868fece46cf7931c78f2315d47385b85f4741cfb9eb397be8fbf4f0c75cb94242 main.ini
|
||||
"
|
||||
|
|
|
@ -0,0 +1,67 @@
|
|||
## Server
|
||||
[server]
|
||||
protocol = 'http'
|
||||
http_addr = '0.0.0.0'
|
||||
http_port = '7577'
|
||||
domain = 'stats.redxen.eu'
|
||||
root_url = 'https://stats.redxen.eu'
|
||||
enable_gzip = 'false'
|
||||
|
||||
## Database
|
||||
[database]
|
||||
type = 'postgres'
|
||||
host = 'postgresql.routinginfo.internal:7550'
|
||||
name = 'grafana'
|
||||
user = 'grafana'
|
||||
ssl_mode = "disable"
|
||||
password = "POSTGRESQL_PASSWORD"
|
||||
|
||||
## Remote cache
|
||||
[remote_cache]
|
||||
type = 'database'
|
||||
|
||||
## Security
|
||||
[security]
|
||||
cookie_secure = 'true'
|
||||
cookie_samesite = 'strict'
|
||||
|
||||
## Users
|
||||
[users]
|
||||
allow_sign_up = 'false'
|
||||
|
||||
## Anonymous auth
|
||||
[auth]
|
||||
disable_login_form = 'false'
|
||||
oauth_auto_login = 'false'
|
||||
|
||||
[auth.anonymous]
|
||||
enabled = 'true'
|
||||
org_name = 'RedXen'
|
||||
org_role = 'Viewer'
|
||||
|
||||
## LDAP Auth
|
||||
# [auth.ldap]
|
||||
# enabled = true
|
||||
# config_file = /etc/grafana/ldap.toml
|
||||
# allow_sign_up = true
|
||||
|
||||
## Session (legacy)
|
||||
# session_provider = 'redis'
|
||||
# session_provider_config = 'addr=db_redis:6379,pool_size=100,db=grafana'
|
||||
# session_cookie_secure = 'true'
|
||||
|
||||
## Snapshots
|
||||
[snapshots]
|
||||
external_enabled = 'false'
|
||||
|
||||
## Alpha panels
|
||||
[panels]
|
||||
enable_alpha = 'true'
|
||||
|
||||
[smtp]
|
||||
enabled = 'true'
|
||||
host = 'mail.redxen.eu:465'
|
||||
user = 'grafana'
|
||||
password = 'SMTP_AUTH_PASSWORD'
|
||||
from_address = 'grafana@redxen.eu'
|
||||
startTLS_policy = 'MandatoryStartTLS'
|
|
@ -1,17 +1,19 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=haproxy
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.03.20
|
||||
pkgrel=4
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
depends="redxen-secret-letsencrypt-full redxen-data-haproxy-errorpages"
|
||||
#checkdepends="haproxy"
|
||||
checkdepends="haproxy"
|
||||
source="main.cfg"
|
||||
options=""
|
||||
|
||||
#check() {
|
||||
# haproxy -c -f main.cfg # Certificates aren't readable by the building user
|
||||
#}
|
||||
check() {
|
||||
haproxy -c -f main.cfg
|
||||
}
|
||||
|
||||
sha512sums="dba35422a8a599a2c8d96899cdd57108f71af700b965a609953b079418efa0bb84b1955cc548e9802bda585a3bec16fd6d0d2e6f49214ee96f978fae0a19afdb main.cfg"
|
||||
sha512sums="
|
||||
f61be8fa279ef56e7609c26fe9031a8d369563524925a419adde8e3367ceb1857dc1b407327fe9c2c80ff886e1ab2bc0b73e8be31bc5237c78c1f229f0a5932d main.cfg
|
||||
"
|
||||
|
|
|
@ -21,13 +21,13 @@ defaults
|
|||
timeout http-keep-alive 240s
|
||||
default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check
|
||||
|
||||
errorfile 400 /etc/haproxy/errorpages/400.http
|
||||
errorfile 403 /etc/haproxy/errorpages/403.http
|
||||
errorfile 408 /etc/haproxy/errorpages/408.http
|
||||
errorfile 500 /etc/haproxy/errorpages/500.http
|
||||
errorfile 502 /etc/haproxy/errorpages/502.http
|
||||
errorfile 503 /etc/haproxy/errorpages/503.http
|
||||
errorfile 504 /etc/haproxy/errorpages/504.http
|
||||
errorfile 400 /etc/redxen/haproxy/errorpages/400.http
|
||||
errorfile 403 /etc/redxen/haproxy/errorpages/403.http
|
||||
errorfile 408 /etc/redxen/haproxy/errorpages/408.http
|
||||
errorfile 500 /etc/redxen/haproxy/errorpages/500.http
|
||||
errorfile 502 /etc/redxen/haproxy/errorpages/502.http
|
||||
errorfile 503 /etc/redxen/haproxy/errorpages/503.http
|
||||
errorfile 504 /etc/redxen/haproxy/errorpages/504.http
|
||||
|
||||
resolvers local
|
||||
nameserver unbound 127.0.0.1:53
|
||||
|
@ -43,19 +43,26 @@ listen git-gitea
|
|||
mode tcp
|
||||
bind ipv4@*:2442,ipv6@*:2442
|
||||
option tcp-check
|
||||
server-template gitssh 1 _gitssh._tcp.routinginfo.redxen.localhost
|
||||
server-template gitssh 1 _gitssh._tcp.routinginfo.internal
|
||||
|
||||
frontend http
|
||||
mode http
|
||||
bind ipv4@:443,ipv6@:443 ssl crt /etc/ssl/redxen/letsencrypt/full.crt alpn h2,http/1.1
|
||||
bind ipv4@:443,ipv6@:443 ssl crt /etc/redxen/letsencrypt/full.crt alpn h2,http/1.1
|
||||
bind ipv4@:80,ipv6@:80
|
||||
|
||||
acl root path /
|
||||
|
||||
acl seedbox hdr_beg(host) -i seed.redxen
|
||||
use_backend backend-transmission if seedbox
|
||||
|
||||
redirect prefix /web code 302 if seedbox root
|
||||
|
||||
http-response set-header X-Forwarded-Proto https
|
||||
http-response set-header X-XSS-Protection 1;\ mode=block
|
||||
http-response set-header X-Content-Type-Options nosniff
|
||||
http-response set-header Referrer-Policy no-referrer-when-downgrade
|
||||
http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload
|
||||
|
||||
use_backend backend-transmission if seedbox
|
||||
|
||||
use_backend backend-root if { hdr_beg(host) -i redxen }
|
||||
use_backend backend-grafana if { hdr_beg(host) -i stats.redxen }
|
||||
# use_backend backend-pleroma if { hdr_beg(host) -i social.redxen }
|
||||
|
@ -64,46 +71,40 @@ frontend http
|
|||
use_backend backend-packages if { hdr_beg(host) -i packages.redxen }
|
||||
use_backend backend-monerod if { hdr_beg(host) -i monerod.redxen }
|
||||
|
||||
http-response set-header X-Forwarded-Proto https
|
||||
http-response set-header X-XSS-Protection 1;\ mode=block
|
||||
http-response set-header X-Content-Type-Options nosniff
|
||||
http-response set-header Referrer-Policy no-referrer-when-downgrade
|
||||
http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload
|
||||
|
||||
backend backend-root
|
||||
server-template root 1 _root._tcp.routinginfo.redxen.localhost
|
||||
server-template root 1 _root._tcp.routinginfo.internal
|
||||
option httpchk HEAD / HTTP/1.1
|
||||
http-check send hdr Host redxen.eu
|
||||
|
||||
backend backend-transmission
|
||||
server-template transmission 1 _transmission._tcp.routinginfo.redxen.localhost
|
||||
server-template transmission 1 _transmission._tcp.routinginfo.internal
|
||||
|
||||
backend backend-grafana
|
||||
server-template grafana 1 _grafana._tcp.routinginfo.redxen.localhost
|
||||
server-template grafana 1 _grafana._tcp.routinginfo.internal
|
||||
option httpchk HEAD / HTTP/1.1
|
||||
http-check send hdr Host stats.redxen.eu
|
||||
|
||||
backend backend-seedown
|
||||
server-template seedown 1 _seedown._tcp.routinginfo.redxen.localhost
|
||||
server-template seedown 1 _seedown._tcp.routinginfo.internal
|
||||
option httpchk HEAD / HTTP/1.1
|
||||
http-check send hdr Host sd.redxen.eu
|
||||
|
||||
backend backend-packages
|
||||
server-template packages 1 _packages._tcp.routinginfo.redxen.localhost
|
||||
server-template packages 1 _packages._tcp.routinginfo.internal
|
||||
option httpchk HEAD / HTTP/1.1
|
||||
http-check send hdr Host packages.redxen.eu
|
||||
|
||||
# backend backend-pleroma
|
||||
# server-template pleroma 1 _pleroma._tcp.routinginfo.redxen.localhost
|
||||
# server-template pleroma 1 _pleroma._tcp.routinginfo.internal
|
||||
# option httpchk HEAD / HTTP/1.1
|
||||
# http-check send hdr Host social.redxen.eu
|
||||
|
||||
backend backend-gitea
|
||||
server-template gitea 1 _gitea._tcp.routinginfo.redxen.localhost
|
||||
server-template gitea 1 _gitea._tcp.routinginfo.internal
|
||||
option httpchk HEAD / HTTP/1.1
|
||||
http-check send hdr Host gitea.redxen.eu
|
||||
|
||||
backend backend-monerod
|
||||
server-template monerod 1 _monerod._tcp.routinginfo.redxen.localhost
|
||||
server-template monerod 1 _monerod._tcp.routinginfo.internal
|
||||
option httpchk POST /json_rpc HTTP/1.1
|
||||
http-check send body \{\"method\"\:\"get_version\"\} hdr Content-Type application/json
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=hitch
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
|
||||
pkgver=2020.12.07
|
||||
pkgrel=0
|
||||
source="main.conf"
|
||||
#checkdepends="hitch"
|
||||
|
||||
#check() {
|
||||
# hitch -t --config main.conf # Certificate not readable by the building user
|
||||
#}
|
||||
|
||||
sha512sums="b830c09953bd4908fd9d69c5e386b0f314b87d44bf2c19dcfa2bb5f790a842d617888e4c47802eaab8bea676bd1d060bae47965ac0946bbb9b5dc95ca990d01d main.conf"
|
|
@ -1,6 +0,0 @@
|
|||
alpn-protos = "h2,http/1.1"
|
||||
tls-protos = TLSv1.1 TLSv1.2
|
||||
ciphers = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
|
||||
pem-file = "/cert.pem"
|
||||
workers = 2
|
||||
write-proxy-v2 = on
|
|
@ -1,16 +1,17 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=influxdb
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2020.12.29
|
||||
pkgrel=2
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
source="redxen.conf"
|
||||
|
||||
package() {
|
||||
package_copy_configs
|
||||
install -dm700 "$pkgdir"/var/lib/influxdb
|
||||
rx_source_installall
|
||||
install -dm700 "$(rx_cpkgdir)"/var/lib/influxdb
|
||||
}
|
||||
|
||||
sha512sums="e251c8e25fb0d4a258f17425d277553d65a0b4b078c60ceec973bb421fdda42130d0e9cb38a70a85f5258407b02219ce9f79e551908a9f8e593a00852f5f81b4 redxen.conf"
|
||||
sha512sums="
|
||||
e251c8e25fb0d4a258f17425d277553d65a0b4b078c60ceec973bb421fdda42130d0e9cb38a70a85f5258407b02219ce9f79e551908a9f8e593a00852f5f81b4 redxen.conf
|
||||
"
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=ipset
|
||||
_configpath="/etc/ipset.d/redxen"
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.01.28
|
||||
pkgrel=3
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
source="
|
||||
netwide4
|
||||
netwide6
|
||||
"
|
||||
|
||||
sha512sums="0c70b7b82c481ebcd755d4cf9a3c8d3490d1ea022158e32d1a4cf26152e9482858aeb09d7b68600e3d60312eba6d938a82bfa8012f2a19216dec69f05db4a250 netwide4
|
||||
dccd10b2fe5960bcf6466b27fabfbc5c80df40d33e744e84bd013c4b12e2fbb9fe4555568debb3cbbe851ff88f7b733ff19706073f2f29295d336a36efca4d07 netwide6"
|
||||
sha512sums="
|
||||
0c70b7b82c481ebcd755d4cf9a3c8d3490d1ea022158e32d1a4cf26152e9482858aeb09d7b68600e3d60312eba6d938a82bfa8012f2a19216dec69f05db4a250 netwide4
|
||||
dccd10b2fe5960bcf6466b27fabfbc5c80df40d33e744e84bd013c4b12e2fbb9fe4555568debb3cbbe851ff88f7b733ff19706073f2f29295d336a36efca4d07 netwide6
|
||||
"
|
||||
|
|
|
@ -1,16 +1,17 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=iptables
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.01.28
|
||||
pkgrel=4
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
depends="redxen-config-ipset"
|
||||
source="
|
||||
rx-rules4
|
||||
rx-rules6
|
||||
"
|
||||
|
||||
sha512sums="c29f7f22fcabdd90fb3cd63f1e67ce340145be9a832c0ce23fadfd2a83e477c90373c052c6d750d3136dfeb951098c2bc7d05e1bfd6b7cb8f886a2e632587094 rx-rules4
|
||||
92b3c7dad3bcf9583ae9af4ba111b35ac5d0eae3ca50969be2941efc72270dd423689cceb93d55fe0286949a7b4a124a0e59bb170a99776bf99c835884da060c rx-rules6"
|
||||
sha512sums="
|
||||
c29f7f22fcabdd90fb3cd63f1e67ce340145be9a832c0ce23fadfd2a83e477c90373c052c6d750d3136dfeb951098c2bc7d05e1bfd6b7cb8f886a2e632587094 rx-rules4
|
||||
92b3c7dad3bcf9583ae9af4ba111b35ac5d0eae3ca50969be2941efc72270dd423689cceb93d55fe0286949a7b4a124a0e59bb170a99776bf99c835884da060c rx-rules6
|
||||
"
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=lighttpd
|
||||
_configpath="/etc/lighttpd/redxen"
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
|
||||
pkgver=2020.12.11
|
||||
pkgrel=2
|
||||
source="main.conf"
|
||||
options="" # Default options
|
||||
checkdepends="lighttpd"
|
||||
|
||||
package() {
|
||||
package_copy_configs
|
||||
mkdir -p "$pkgdir"/http
|
||||
}
|
||||
|
||||
check() {
|
||||
lighttpd -f main.conf -t
|
||||
}
|
||||
|
||||
sha512sums="c6157585741c20022f7cd520db0c1066aae9e6d59be165d49bfd9d3b57fdc1abed681ba067470d01f2b4f22c8c99da466976e4bf28d9d881811aac2d04494cca main.conf"
|
|
@ -1,28 +0,0 @@
|
|||
var.basedir = "/http"
|
||||
var.logdir = "/var/log/lighttpd"
|
||||
var.statedir = "/run/lighttpd"
|
||||
|
||||
include "/etc/lighttpd/mime-types.conf"
|
||||
|
||||
server.bind = "[::]"
|
||||
server.modules = ( "mod_access", "mod_deflate", "mod_webdav", "mod_dirlisting" )
|
||||
server.username = "lighttpd"
|
||||
server.groupname = "lighttpd"
|
||||
server.document-root = var.basedir
|
||||
server.pid-file = "/run/lighttpd.pid"
|
||||
server.indexfiles = ("index.html")
|
||||
server.follow-symlink = "disable"
|
||||
server.event-handler = "linux-sysepoll"
|
||||
server.chroot = var.basedir
|
||||
server.port = 7574
|
||||
server.upload-dirs = ("")
|
||||
server.use-ipv6 = "enable"
|
||||
|
||||
dir-listing.activate = "enable"
|
||||
|
||||
url.access-deny = ("~")
|
||||
|
||||
deflate.filetypes = ("text/", "application/javascript")
|
||||
|
||||
webdav.activate = "enable"
|
||||
webdav.is-readonly = "enable"
|
|
@ -1,12 +1,13 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=minetest
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.04.02
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
source="redxen.conf"
|
||||
depends="$depends minetest-mineclone2"
|
||||
|
||||
sha512sums="89477b45e3ee62e1eee1c7e3d0a4e9e4f69684c5b8d55fa9c109e890e94ca63acbc2ae2430ccca67a2c24d22c101c0aa29b1f0e4d3dba98d58b418fd006a7ff2 redxen.conf"
|
||||
sha512sums="
|
||||
c98321d2da35fdd58c5c4e8f493c34a0cfd87991e34d0cbd6d89000696bb9e16d76912d42a83c31367c48d2acc1c7b70b8a33cb447b76b1e46f76ecd1107deea redxen.conf
|
||||
"
|
||||
|
|
|
@ -61,34 +61,6 @@ strict_protocol_version_checking = false
|
|||
# type: bool
|
||||
ipv6_server = true
|
||||
|
||||
### Advanced
|
||||
|
||||
# Maximum number of blocks that are simultaneously sent per client.
|
||||
# The maximum total count is calculated dynamically:
|
||||
# max_total = ceil((#clients + max_users) * per_client / 4)
|
||||
# type: int
|
||||
max_simultaneous_block_sends_per_client = 10
|
||||
max_simultaneous_block_sends_server_total = 50
|
||||
|
||||
# To reduce lag, block transfers are slowed down when a player is building something.
|
||||
# This determines how long they are slowed down after placing or removing a node.
|
||||
# type: float
|
||||
# full_block_send_enable_min_time_from_building = 2.0
|
||||
|
||||
# Maximum number of packets sent per send step, if you have a slow connection
|
||||
# try reducing it, but don't reduce it to a number below double of targeted
|
||||
# client number.
|
||||
# type: int
|
||||
max_packets_per_iteration = 8192
|
||||
|
||||
# ZLib compression level to use when sending mapblocks to the client.
|
||||
# -1 - Zlib's default compression level
|
||||
# 0 - no compresson, fastest
|
||||
# 9 - best compression, slowest
|
||||
# (levels 1-3 use Zlib's "fast" method, 4-9 use the normal method)
|
||||
# type: int min: -1 max: 9
|
||||
# map_compression_level_net = -1
|
||||
|
||||
## Game
|
||||
|
||||
# Default game when creating a new world.
|
||||
|
@ -103,7 +75,7 @@ motd = Welcome!
|
|||
|
||||
# Maximum number of players that can be connected simultaneously.
|
||||
# type: int
|
||||
max_users = 100
|
||||
max_users = 100
|
||||
|
||||
# World directory (everything in the world is stored here).
|
||||
# Not needed if starting from the main menu.
|
||||
|
@ -199,7 +171,7 @@ kick_msg_crash = This server has experienced an internal error. You will now be
|
|||
# ask_reconnect_on_crash = false
|
||||
|
||||
# From how far clients know about objects, stated in mapblocks (16 nodes).
|
||||
#
|
||||
#
|
||||
# Setting this larger than active_block_range will also cause the server
|
||||
# to maintain active objects up to this distance in the direction the
|
||||
# player is looking. (This can avoid mobs suddenly disappearing from view)
|
||||
|
@ -212,11 +184,11 @@ kick_msg_crash = This server has experienced an internal error. You will now be
|
|||
# This is also the minimum range in which active objects (mobs) are maintained.
|
||||
# This should be configured together with active_object_send_range_blocks.
|
||||
# type: int
|
||||
active_block_range = 2
|
||||
# active_block_range = 2
|
||||
|
||||
# From how far blocks are sent to clients, stated in mapblocks (16 nodes).
|
||||
# type: int
|
||||
max_block_send_distance = 8
|
||||
# max_block_send_distance = 8
|
||||
|
||||
# Maximum number of forceloaded mapblocks.
|
||||
# type: int
|
||||
|
@ -267,7 +239,7 @@ movement_acceleration_air = 1.2
|
|||
# Horizontal and vertical acceleration in fast mode,
|
||||
# in nodes per second per second.
|
||||
# type: float
|
||||
movement_acceleration_fast = 10
|
||||
movement_acceleration_fast = 10
|
||||
|
||||
# Walking and flying speed, in nodes per second.
|
||||
# type: float
|
||||
|
@ -328,7 +300,7 @@ movement_gravity = 10.4
|
|||
|
||||
# Maximum number of statically stored objects in a block.
|
||||
# type: int
|
||||
max_objects_per_block = 4096
|
||||
# max_objects_per_block = 4096
|
||||
|
||||
# See https://www.sqlite.org/pragma.html#pragma_synchronous
|
||||
# type: enum values: 0, 1, 2
|
||||
|
@ -345,7 +317,7 @@ max_objects_per_block = 4096
|
|||
# Length of a server tick and the interval at which objects are generally updated over
|
||||
# network.
|
||||
# type: float
|
||||
dedicated_server_step = 0.001
|
||||
# dedicated_server_step = 0.001
|
||||
|
||||
# Length of time between active block management cycles
|
||||
# type: float
|
||||
|
@ -353,12 +325,12 @@ dedicated_server_step = 0.001
|
|||
|
||||
# Length of time between Active Block Modifier (ABM) execution cycles
|
||||
# type: float
|
||||
abm_interval = 0.25
|
||||
# abm_interval = 0.25
|
||||
|
||||
# The time budget allowed for ABMs to execute on each step
|
||||
# (as a fraction of the ABM Interval)
|
||||
# type: float min: 0.1 max: 0.9
|
||||
abm_time_budget = 0.2
|
||||
# abm_time_budget = 0.2
|
||||
|
||||
# Length of time between NodeTimer execution cycles
|
||||
# type: float
|
||||
|
@ -392,7 +364,7 @@ abm_time_budget = 0.2
|
|||
# optimization.
|
||||
# Stated in mapblocks (16 nodes).
|
||||
# type: int min: 2
|
||||
block_send_optimize_distance = 4
|
||||
# block_send_optimize_distance = 4
|
||||
|
||||
# If enabled the server will perform map block occlusion culling based on
|
||||
# on the eye position of the player. This can reduce the number of blocks
|
||||
|
|
|
@ -1,18 +1,17 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=monerod
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.04.05
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
source="
|
||||
redxen.conf
|
||||
"
|
||||
source="redxen.conf"
|
||||
|
||||
package() {
|
||||
package_copy_configs
|
||||
mkdir -p "$pkgdir"/var/lib/monerod
|
||||
rx_source_installall
|
||||
install -dm700 "$(rx_cpkgdir)"/var/lib/monerod
|
||||
}
|
||||
|
||||
sha512sums="18a7fcff61513bc092c4d0cd358774684f519b9f2f106718a8d15d83100b660ac6ea9ee4c178a7e2cd60a5aae585b27e78d6e2bc45c5e1189a86985612f4aedf redxen.conf"
|
||||
sha512sums="
|
||||
18a7fcff61513bc092c4d0cd358774684f519b9f2f106718a8d15d83100b660ac6ea9ee4c178a7e2cd60a5aae585b27e78d6e2bc45c5e1189a86985612f4aedf redxen.conf
|
||||
"
|
||||
|
|
|
@ -1,14 +1,31 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=murmur
|
||||
_cfgumask=400
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.01.30
|
||||
pkgrel=2
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
depends="qt5-qtbase-postgresql redxen-secret-selfsigned-public redxen-secret-selfsigned-private"
|
||||
source="murmur.ini"
|
||||
install="$pkgname.pre-install"
|
||||
source="
|
||||
secret
|
||||
murmur.ini
|
||||
"
|
||||
|
||||
sha512sums="9cbed968233867662e46ca116dcc7a271496a869b88f7826fbf16b2f9034344495f0f7326f2c852cdc743496b9d93148d66379d952b6bd119147e371db1c4426 murmur.ini"
|
||||
build() {
|
||||
. secret
|
||||
: "${MUMBLE_DATABASE_PASS:?'Database password is missing'}"
|
||||
: "${MUMBLE_REGISTER_PASS:?'Registration password is missing'}"
|
||||
|
||||
cp murmur.ini murmur.ini.private
|
||||
rx_replace "MUMBLE_DATABASE_PASS" "$MUMBLE_DATABASE_PASS" murmur.ini.private
|
||||
rx_replace "MUMBLE_REGISTER_PASS" "$MUMBLE_REGISTER_PASS" murmur.ini.private
|
||||
}
|
||||
|
||||
package() {
|
||||
rx_install murmur.ini.private murmur.ini
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
5b754d97a9e6df9228c1ba96c959f3879c4e105af2785ce2fe5edf431a975e5f5bceb23cfa0c2b55dfc706d348d394a335cda32f6b5f66de1cac279f244426dc secret
|
||||
dff6e85a191dc90aec33a18c71dcf6fa78c22b3a1543bb187a864ada3b057ebd890746d9f0ba2d23c3ddef2d6fecff1290b85e617b7da636709d3b9f29ccc384 murmur.ini
|
||||
"
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
database=murmur
|
||||
dbDriver=QPSQL
|
||||
dbUsername=murmur
|
||||
dbPassword=MUMBLE_DATABASE_PASS
|
||||
dbHost=postgresql.routinginfo.internal
|
||||
dbPort=7550
|
||||
registerName="[RedXen] No mumble no talk!"
|
||||
registerPassword=MUMBLE_REGISTER_PASS
|
||||
registerUrl=https://redxen.eu/
|
||||
registerHostname=redxen.eu
|
||||
registerLocation=DE
|
||||
host=
|
||||
uname=murmur
|
||||
pidfile=/run/murmur/murmur.pid
|
||||
opusthreshold=10
|
||||
bandwidth=130000
|
||||
sslCert=/etc/redxen/selfsigned/public.pem
|
||||
sslKey=/etc/redxen/selfsigned/private.key
|
||||
port=64738
|
||||
timeout=10
|
||||
users=500
|
||||
defaultchannel=1
|
||||
welcometext="
|
||||
<center><br />
|
||||
<h1>RedXen Community</h1><br />
|
||||
<a href="https://redxen.eu">[ Homepage ]</a> <a href="https://t.me/rxtelegram">[ Telegram ]</a> <a href="https://git.redxen.eu">[ Git ]</a> <a href="https://paypal.me/caskdrx">[ Support us! ]</a><br />
|
||||
Enjoy your stay!<br />
|
||||
Have a group that you want to represent or a question? Contact me at caskd@redxen.eu<br />
|
||||
This server is powered by Alpine Linux<br />
|
||||
</center>
|
||||
|
||||
"
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
adduser murmur rxselfsig
|
||||
|
||||
return 0
|
|
@ -1,45 +1,46 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=nginx
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.05.03
|
||||
pkgver=2021.06.01.07
|
||||
pkgrel=0
|
||||
depends="nginx-mod-http-zip"
|
||||
checkdepends="nginx"
|
||||
subpackages="$pkgname-seedbox $pkgname-alpine $pkgname-homepage"
|
||||
source="
|
||||
main.conf
|
||||
modules/seedbox.conf
|
||||
modules/alpine.conf
|
||||
modules/homepage.conf
|
||||
module/seedbox.conf
|
||||
module/alpine.conf
|
||||
module/homepage.conf
|
||||
"
|
||||
|
||||
package() {
|
||||
install -Dm400 main.conf "$pkgdir"/etc/nginx/redxen.conf
|
||||
rx_install "main.conf"
|
||||
}
|
||||
|
||||
seedbox() {
|
||||
install_if="redxen-config-transmission-daemon"
|
||||
install -Dm400 "$srcdir"/seedbox.conf "$subpkgdir"/etc/nginx/http.d/redxen/seedbox.conf
|
||||
_rx_installdir="$_rx_installdir/module" rx_install seedbox.conf
|
||||
}
|
||||
|
||||
alpine() {
|
||||
install_if="redxen-secret-nginx-httpauth-alpine"
|
||||
install -Dm400 "$srcdir"/alpine.conf "$subpkgdir"/etc/nginx/http.d/redxen/alpine.conf
|
||||
install_if="redxen-secret-alpinepkg-httpauth"
|
||||
_rx_installdir="$_rx_installdir/module" rx_install alpine.conf
|
||||
}
|
||||
|
||||
homepage() {
|
||||
install_if="redxen-data-homepage"
|
||||
install -Dm400 "$srcdir"/homepage.conf "$subpkgdir"/etc/nginx/http.d/redxen/homepage.conf
|
||||
_rx_installdir="$_rx_installdir/module" rx_install homepage.conf
|
||||
}
|
||||
|
||||
check() {
|
||||
nginx -p / -c main.conf -t
|
||||
}
|
||||
|
||||
sha512sums="032fcb53d7c7fa848c67398e26d1b9d643c795c2c0c6061e58d79abc5168f6e2482172b14966a01513e5ea183a92150fdc6c0fcb581ad04668fd32e3409ef1ed main.conf
|
||||
abba14b4ed423455d9a6993b48f44c3464e37dc6a05119b3084d0519bbc62c7551cee721c25f0543b67ed80425c71dbe0ef5d3f8c9436faf7706d6d18414b149 seedbox.conf
|
||||
a8e85e18ae1f8c7f6f35fe27d879cc8642133cc63a3a44c6fd8b875eb3a3f2ccc9e3de1d95691bee574d4ead375ef096585b807dd301bc02b2fad312bc74cf24 alpine.conf
|
||||
0b5e7a0bb935ee0aa20c72ab1e7eb4ff4dcce22564fb7b354d28574e15e23bc7661414936d23be47afc9d465f44b3e2a55f14f1bb14d009286196e8615c6f729 homepage.conf"
|
||||
sha512sums="
|
||||
15708a8662984cbfc3d78c3337aa35a0e82586e2e7ba1430c2b99b5b584468e63899b40b5c15f29d892af2901135d9dc5dfdf2ea7469dd7382e7f25a797253e2 main.conf
|
||||
1a330386c6119487a338d78a23a4e116983c333f82373faaa527e22518d71959a0f330968da764ca884dd4dea227c3cf4d2f6252b1dd7f3488ef08543712788d seedbox.conf
|
||||
5ae68165edab56f41e51ad5b608a29121db878aed0309882927207d4ea9ec5e505a78b194bc8df8f943259130300edd4aa49b2e23a4ee705fa9ea761533fd133 alpine.conf
|
||||
2657b0bdfc001f94159a8cddc928e666cb20055b3df42dd0ec48146c6952c3c7b3957af52612d35d38199fde76ee0c96cb0ea39ed38e13bcc608088c88dc3a88 homepage.conf
|
||||
"
|
||||
|
|
|
@ -13,13 +13,5 @@ http {
|
|||
keepalive_timeout 300;
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
server {
|
||||
listen *:7574 reuseport so_keepalive=on;
|
||||
listen [::]:7574 reuseport so_keepalive=on;
|
||||
include http.d/redxen/*.conf;
|
||||
|
||||
location = /telegram {
|
||||
return 302 https://t.me/joinchat/RSK4t6hPtkJDLYBO;
|
||||
}
|
||||
}
|
||||
include module/*.conf;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
server {
|
||||
listen *:7574 so_keepalive=on;
|
||||
listen [::]:7574 so_keepalive=on;
|
||||
|
||||
location / {
|
||||
root /var/lib/alpine-packages;
|
||||
autoindex on;
|
||||
|
||||
limit_except GET HEAD {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location /redxen {
|
||||
auth_basic "RedXen Alpine Package Archive";
|
||||
auth_basic_user_file /etc/redxen/alpinepkg-httpauth/passwdfile;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,16 @@
|
|||
server {
|
||||
listen *:7575 so_keepalive=on;
|
||||
listen [::]:7575 so_keepalive=on;
|
||||
|
||||
location / {
|
||||
root /usr/share/redxen/homepage;
|
||||
autoindex on;
|
||||
limit_except GET HEAD {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
||||
location = /telegram {
|
||||
return 302 https://t.me/joinchat/RSK4t6hPtkJDLYBO;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
server {
|
||||
listen *:7576 so_keepalive=on;
|
||||
listen [::]:7576 so_keepalive=on;
|
||||
|
||||
location / {
|
||||
root /seedbox;
|
||||
autoindex on;
|
||||
limit_except GET HEAD {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,11 +0,0 @@
|
|||
location / {
|
||||
root /var/lib/alpine-packages;
|
||||
autoindex on;
|
||||
limit_except GET HEAD {
|
||||
deny all;
|
||||
}
|
||||
location /redxen {
|
||||
auth_basic "RedXen Alpine Package Archive";
|
||||
auth_basic_user_file /etc/nginx/httpauth-alpine;
|
||||
}
|
||||
}
|
|
@ -1,7 +0,0 @@
|
|||
location / {
|
||||
root /usr/share/redxen/homepage;
|
||||
autoindex on;
|
||||
limit_except GET HEAD {
|
||||
deny all;
|
||||
}
|
||||
}
|
|
@ -1,7 +0,0 @@
|
|||
location / {
|
||||
root /seedbox;
|
||||
autoindex on;
|
||||
limit_except GET HEAD {
|
||||
deny all;
|
||||
}
|
||||
}
|
|
@ -1,11 +1,10 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=opendkim
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
_dkim_date="2021.03.28"
|
||||
pkgver=2021.03.28
|
||||
_dkim_date=2021.05.31.01
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
depends="redxen-secret-opendkim~$_dkim_date"
|
||||
makedepends="opendkim-utils"
|
||||
|
@ -17,15 +16,17 @@ source="
|
|||
build() {
|
||||
_selector="$_dkim_date-mail"
|
||||
echo "*@redxen.eu $_selector._domainkey.redxen.eu" > signing_table
|
||||
echo "$_selector._domainkey.redxen.eu redxen.eu:$_selector:/etc/opendkim/redxen/$_selector.private" > key_table
|
||||
echo "$_selector._domainkey.redxen.eu redxen.eu:$_selector:$_rx_installdir/$_selector.private" > key_table
|
||||
}
|
||||
|
||||
package() {
|
||||
_files="$source signing_table key_table"
|
||||
for i in $_files; do
|
||||
install -Dm444 "$i" "$pkgdir"/etc/opendkim/redxen/"$i"
|
||||
rx_install "$i"
|
||||
done
|
||||
}
|
||||
|
||||
sha512sums="6f23dfc823517db661cbe50b3f1f494a1b67e0c9928893f27a3fc5a8b74f0d1304933c79d1a8584be0f61ed0a40aa470fd524561a6b578ae0644bd9f05339952 trusted_hosts
|
||||
08be7b116306a86fac7cacd4771fa900a6e67ff2b8e33cf839ceecd24c8781763ee3b7b73b5a85da8758c17c62af3615cd0e570b161167c6a0fb13d83a1a90bc opendkim.conf"
|
||||
sha512sums="
|
||||
6f23dfc823517db661cbe50b3f1f494a1b67e0c9928893f27a3fc5a8b74f0d1304933c79d1a8584be0f61ed0a40aa470fd524561a6b578ae0644bd9f05339952 trusted_hosts
|
||||
6cf9bbd8957f7ccd65ac2af63f68fc22578f23cc25e3c4279be1b76ba0f0b28d03b785726a9e1702fc4e467b87caf6273ca366b437646934d86f3c165fade0c4 opendkim.conf
|
||||
"
|
||||
|
|
|
@ -3,9 +3,9 @@ UMask 002
|
|||
|
||||
Canonicalization relaxed/simple
|
||||
|
||||
InternalHosts refile:/etc/opendkim/redxen/trusted_hosts
|
||||
KeyTable refile:/etc/opendkim/redxen/key_table
|
||||
SigningTable refile:/etc/opendkim/redxen/signing_table
|
||||
InternalHosts refile:/etc/redxen/opendkim/trusted_hosts
|
||||
KeyTable refile:/etc/redxen/opendkim/key_table
|
||||
SigningTable refile:/etc/redxen/opendkim/signing_table
|
||||
|
||||
Mode s
|
||||
PidFile /run/opendkim/opendkim.pid
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=openssh-sftp-seedbox
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
|
||||
pkgver=2020.12.07
|
||||
pkgrel=1
|
||||
source="
|
||||
seedbox-conf
|
||||
allowed_keys
|
||||
"
|
||||
|
||||
package() {
|
||||
install -dm755 -o root -g root "$pkgdir"/sftp-chroot
|
||||
install -Dm644 allowed_keys "$pkgdir"/etc/ssh/authorized_keys/seedbox
|
||||
# NOTE: Inclusion of this file doesn't work in openssh
|
||||
# It has to be appended manually to /etc/ssh/sshd_config
|
||||
install -Dm644 seedbox-conf "$pkgdir"/etc/ssh/sshd.conf.d/redxen/seedbox
|
||||
}
|
||||
|
||||
sha512sums="29d0bc0a52bd87d7544ce1d369d676ac38dcc4c18dac24b43b6bb649b7097617d53747935b0b4304dfce161158f5e8f008436bf036899b4e857b64f3c7c11a58 seedbox-conf
|
||||
f87e66868b1315cb63e89a9d7f47e7ffb889b9ec19bcd82e307774169446c546e6d3d51a977df7bffd70b83889979151a557575dc13a9f1d3c08d158e1a5a8cc allowed_keys"
|
|
@ -1 +0,0 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsD58tySBudDE7dw4aDttDv7rLWCqZ2c6N+GnrbSzqAxTcMxxn3GZeozXuz4pkl8NrGEKFk22AlB1hUl0gqnpAr0roL72mXE1WmjVc4EvEVYXLdHnm+rEi/FqvEK8D5mj1vs/ALGqtKGmY1363a8JRR7jSlBa45HkdC7IyJP0stpIkcriPS4kj/lEW0+J5KZ4NuKocjTbyVDoX67fLwBeu/YG4pz0ETKKU1/5xfBN+AxeD8brWvMMwrQzqJoAoRfLKCuD2yTSTPxek/Oa3lbNLUBF6o114gyxsc7zAWMpyNCPvstZoLCdQYqZ0sqVvcFGt0vmlrCtcQozkDVChz1E3 none
|
|
@ -1,7 +0,0 @@
|
|||
Match User seedbox
|
||||
AuthorizedKeysFile /etc/ssh/authorized_keys/seedbox
|
||||
ChrootDirectory /sftp-chroot
|
||||
ForceCommand internal-sftp
|
||||
AllowTcpForwarding no
|
||||
X11Forwarding no
|
||||
PasswordAuthentication no
|
|
@ -1,22 +1,49 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=postfix
|
||||
_configpath="/etc/postfix/redxen"
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.03.09
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
depends="postfix-pgsql redxen-secret-letsencrypt-chain redxen-secret-letsencrypt-private"
|
||||
install="$pkgname.pre-install"
|
||||
source="
|
||||
master.cf
|
||||
main.cf
|
||||
|
||||
_rx_postfix_pgsql_source="
|
||||
pgsql-aliases.cf
|
||||
pgsql-users.cf
|
||||
"
|
||||
_rx_postfix_base_source="
|
||||
master.cf
|
||||
main.cf
|
||||
"
|
||||
source="
|
||||
$_rx_postfix_base_source
|
||||
secret
|
||||
$_rx_postfix_pgsql_source
|
||||
"
|
||||
|
||||
sha512sums="b43313dc2b00848bfbc6b14bdcee2c7a024aeeae5d2a46b6aaf370d55f58ac9f9a4cf992b7d75a8acf35b75fd00d04144626169ef153614b223de87677bfda21 master.cf
|
||||
a0fe63a10948fc5b83aa66779ec79eaff31eadd2d6791fc6f531719677692dbc1c24d9d20ddb5637a942f30cd47c6c47f53f0cbe840c56b17346cc9b7b82844c main.cf
|
||||
a1778901dbc12de543d9d5897b9d50ee5ebe47b7ef6ed87a0087249657f146ff8493de455d32016660cca3c8d669592e0ea9fbe9b6696d92cac6f014277f29e5 pgsql-aliases.cf
|
||||
72c50fe20b4d1a7ea2e60fb2cac0164814ab41011eb7f0d67a8a5715a0cc43d3ad573f198a7933eb130f68ec5c25c558fad791300e5bb25e020ca76a4303db4c pgsql-users.cf"
|
||||
build() {
|
||||
. secret
|
||||
: "${POSTGRESQL_PASSWORD:?'PostgreSQL database access password missing'}"
|
||||
|
||||
for i in $_rx_postfix_pgsql_source; do
|
||||
cp "$i" "$i".private
|
||||
rx_replace "POSTGRESQL_PASSWORD" "$POSTGRESQL_PASSWORD" "$i".private
|
||||
done
|
||||
}
|
||||
|
||||
package() {
|
||||
for i in $_rx_postfix_base_source; do
|
||||
rx_install "$i"
|
||||
done
|
||||
for i in $_rx_postfix_pgsql_source; do
|
||||
rx_install "$i".private "$i"
|
||||
done
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
b43313dc2b00848bfbc6b14bdcee2c7a024aeeae5d2a46b6aaf370d55f58ac9f9a4cf992b7d75a8acf35b75fd00d04144626169ef153614b223de87677bfda21 master.cf
|
||||
88b704d0cc54bf9f09a0f027d1b39677086cdb2be4c91132f5cb3c0717156e692f5a5241c77a2aad2b4e1c4e8b08e4098365a613605486809ccefbb1fc114f27 main.cf
|
||||
e2e2073b064a921a9eeed028e17617bcd2d1235517d908b4daadef45eb4cbb8686023c532d7938a779021cdd9548afe97f59d4c3232e7e01dca229e37e8c63ff secret
|
||||
9c3ae0c3448710cb13e27cfd67864d27d364a3893ce70033df25ecd21cb0cc28a36f7d8aa9fe0cbdd0dc3516e78f34a5645a727387870d74ed8643078ec7e062 pgsql-aliases.cf
|
||||
939677c0733348509a26a9ee654bc57be6cf4ce760c40cac7d1cc802afc0f7ec4b53c3752f60e9482b78290f6e36c5c8eca98645b54b34ffbb51dfbf4080d916 pgsql-users.cf
|
||||
"
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
compatibility_level = 3.6
|
||||
|
||||
# General
|
||||
smtpd_banner = $myhostname ESMTP RedXen Mail. DO NOT MESS WITH US OR WE WILL CUT YOUR BALLS OFF!
|
||||
mail_name = RedXen Mail Postfix
|
||||
|
@ -15,15 +17,14 @@ relayhost =
|
|||
relay_domains = $mydestination
|
||||
|
||||
local_transport = local
|
||||
alias_maps = proxy:pgsql:/etc/postfix/redxen/pgsql-aliases.cf
|
||||
smtpd_sender_login_maps = proxy:pgsql:/etc/postfix/redxen/pgsql-users.cf
|
||||
alias_maps = proxy:pgsql:/etc/redxen/postfix/pgsql-aliases.cf
|
||||
smtpd_sender_login_maps = proxy:pgsql:/etc/redxen/postfix/pgsql-users.cf
|
||||
local_recipient_maps = $smtpd_sender_login_maps $alias_maps
|
||||
|
||||
biff = no
|
||||
append_dot_mydomain = no
|
||||
delay_warning_time = 1h
|
||||
readme_directory = no
|
||||
compatibility_level = 2
|
||||
mailbox_size_limit = 0
|
||||
recipient_delimiter = +
|
||||
notify_classes = resource, software, bounce
|
||||
|
@ -36,8 +37,8 @@ smtp_tls_security_level = may
|
|||
smtp_tls_note_starttls_offer = yes
|
||||
|
||||
smtpd_use_tls = yes
|
||||
smtpd_tls_cert_file = /etc/ssl/redxen/letsencrypt/chain.crt
|
||||
smtpd_tls_key_file = /etc/ssl/redxen/letsencrypt/private.key
|
||||
smtpd_tls_cert_file = /etc/redxen/letsencrypt/chain.crt
|
||||
smtpd_tls_key_file = /etc/redxen/letsencrypt/private.key
|
||||
smtpd_tls_security_level = may
|
||||
smtpd_tls_protocols = !SSLv2, !SSLv3
|
||||
|
||||
|
@ -70,5 +71,5 @@ milter_protocol = 6
|
|||
milter_default_action = tempfail
|
||||
internal_mail_filter_classes = bounce, notify
|
||||
|
||||
non_smtpd_milters = inet:rspamd.routinginfo.redxen.localhost:7510
|
||||
smtpd_milters = inet:opendkim.routinginfo.redxen.localhost:7514 $non_smtpd_milters
|
||||
non_smtpd_milters = inet:rspamd.routinginfo.internal:7510
|
||||
smtpd_milters = inet:opendkim.routinginfo.internal:7514 $non_smtpd_milters
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
hosts = postgresql.routinginfo.internal:7550
|
||||
dbname = mail
|
||||
user = postfix
|
||||
password = POSTGRESQL_PASSWORD
|
||||
query = SELECT target FROM aliases WHERE alias = '%u' AND active = '1'
|
|
@ -0,0 +1,5 @@
|
|||
hosts = postgresql.routinginfo.internal:7550
|
||||
dbname = mail
|
||||
user = postfix
|
||||
password = POSTGRESQL_PASSWORD
|
||||
query = SELECT userid FROM users WHERE userid = '%u' AND active = '1'
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
adduser dovecot rxletsenc
|
||||
|
||||
return 0
|
|
@ -1,12 +1,10 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=postgresql
|
||||
_configpath="/etc/postgresql/redxen"
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.01.13
|
||||
pkgrel=2
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
depends="postgresql-contrib"
|
||||
source="
|
||||
postgresql.conf
|
||||
|
@ -15,10 +13,12 @@ source="
|
|||
"
|
||||
|
||||
package() {
|
||||
package_copy_configs
|
||||
mkdir -p "$pkgdir"/var/lib/postgresql
|
||||
rx_source_installall
|
||||
install -dm700 "$(rx_cpkgdir)"/var/lib/postgresql
|
||||
}
|
||||
|
||||
sha512sums="ee33ef1dd1e2afaea8336e94fd754c3ed5eff7d312de233fbbbf8371d736b1bec03d8c436d8b9360e04048b4548c3d3d488ca940c63b8e5645d143298b9fce18 postgresql.conf
|
||||
sha512sums="
|
||||
ee33ef1dd1e2afaea8336e94fd754c3ed5eff7d312de233fbbbf8371d736b1bec03d8c436d8b9360e04048b4548c3d3d488ca940c63b8e5645d143298b9fce18 postgresql.conf
|
||||
fc4faccaf8d8a7e0a683e20b959a0ca1c6aa8b190ab1e5f1568deb9483329e82a43264ff676845eeafd4f6c8d812ce2648702ba3ea52de4eadff8dbafece274b pg_hba.conf
|
||||
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e pg_ident.conf"
|
||||
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e pg_ident.conf
|
||||
"
|
||||
|
|
|
@ -1,16 +1,17 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=redis
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2020.12.29
|
||||
pkgrel=2
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
source="redxen.conf"
|
||||
|
||||
package() {
|
||||
package_copy_configs
|
||||
install -dm700 "$pkgdir"/var/lib/redis
|
||||
rx_source_installall
|
||||
install -dm700 "$(rx_cpkgdir)"/var/lib/redis
|
||||
}
|
||||
|
||||
sha512sums="85b83fdec29dfe075aa2b4e79829b47ae42171a62878b3c69ca300a007d60e80634a92d62e646eb432aab5397c51c1f3ce406cfad3208d1e16cc5151711c4271 redxen.conf"
|
||||
sha512sums="
|
||||
35f292d3de4c7dfc9340ded312c4550431599c2704b5f036e62a758bd0a11bd8d3f5bad38680b0b7f54ccba725d3749232821d3c08cd954529ae1b2c2fccbd61 redxen.conf
|
||||
"
|
||||
|
|
|
@ -6,8 +6,8 @@ timeout 0
|
|||
tcp-keepalive 300
|
||||
|
||||
#tls-port 7551
|
||||
#tls-cert-file /etc/ssl/redxen/selfsigned/public.pem
|
||||
#tls-key-file /etc/ssl/redxen/selfsigned/private.key
|
||||
#tls-cert-file /etc/redxen/selfsigned/public.pem
|
||||
#tls-key-file /etc/redxen/selfsigned/private.key
|
||||
#tls-ca-cert-dir /etc/ssl/certs
|
||||
# tls-auth-clients optional
|
||||
# tls-protocols "TLSv1.2 TLSv1.3"
|
||||
|
|
|
@ -1,11 +1,9 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=rspamd
|
||||
_configpath="/etc/rspamd/redxen"
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.04.13
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
_baseconf="
|
||||
rspamd.conf
|
||||
|
@ -43,18 +41,21 @@ for i in $_modules; do
|
|||
done
|
||||
|
||||
package() {
|
||||
package_copy_configs "$_baseconf"
|
||||
for i in $_baseconf; do
|
||||
rx_install "$i"
|
||||
done
|
||||
}
|
||||
|
||||
_module() {
|
||||
local module=${subpkgname##$pkgname-}
|
||||
depends=""
|
||||
install -Dm644 "$srcdir"/"$module".conf "$subpkgdir"/etc/rspamd/redxen/modules/"$module".conf
|
||||
_rx_fperm=400 _rx_installdir="$_rx_installdir/modules" rx_install "$module".conf
|
||||
}
|
||||
|
||||
sha512sums="99985993e5d7c525280020e7dc30106b3efbaa8ae2830a5069ad4270a8336d33efca74ed26103e1d2f5f341a0cffc4e0f77a2757fdeab27e3b492aa99ae7f977 spf.conf
|
||||
sha512sums="
|
||||
99985993e5d7c525280020e7dc30106b3efbaa8ae2830a5069ad4270a8336d33efca74ed26103e1d2f5f341a0cffc4e0f77a2757fdeab27e3b492aa99ae7f977 spf.conf
|
||||
96bb78e91c29a9d0e120e18b00ffe2a4d4b613b24e7da02f43994b1d150da00875339feda963f6e87c16002a6fc44e99462bde0070fec3026a2e2c7079be8ccc spamtrap.conf
|
||||
d42a74d17771497960477878eedda2a00a434cbc1e994b015c21b4f631e24836cb6a7b14a24a2cb42ed15425b7758dc307a6cf602a770cfb0cc20b6f90064af9 redis.conf
|
||||
82554e0d5c955bf658f5093ed038eb66824eea0e6d0477a8e17600016a95da15bc9360b651c97c1345202a2164b0b6728323e64ea165d79a3acd6776d8d79d5b redis.conf
|
||||
914c9800ae6195726fdbb8fe7fc403fdd346f082f77a0f6663e112518f2b19ab276371089d968e36340e50f8a52317606c598985fdf9318b2384e8e887005150 rbl.conf
|
||||
a753d136a21206cdc28a1554a38f51ad55e2eec842a31dbe1d151198bb8d9bb090e0f49b6b50cbc44e5011efb2ebeb2d2657a54df2f1a0c89ce3134fbd55220c ratelimit.conf
|
||||
6ca83b91e70e43eff6de380065fc5591c6669a27497a47d74e5e096df68afea6269cfad41be982bb144f2dfb92fd5765a600cf9c4067c4612bd1aa1bf5e6ebfd phishing.conf
|
||||
|
@ -69,8 +70,9 @@ dcec5c53bd29c345ed5c47727af9a8d11328cc8f69ae61064ba3b053ee306baa79b747067097b235
|
|||
eacbbe96fdfea9112b633bdf5471fcf8b2c297513685397759d588ad47905cf225dae3e4262dacb14477a2f52e6d3bf93b57abaf205719481f11a9ec8552fe07 arc.conf
|
||||
edcbb00d62662ec412adf8adc24fedb88a7b694ea1ac39c07539f84560c2f0c210fb7b8be1e2c041f9eadb4278a4a9a9cf80dea59e05c97233204c6f41b16597 rspamd.conf
|
||||
13b794a6eb95e672345b260e6a46d9ec95efd11159279af86c3ab3a9fea33e02807d67afad0d006597bf9b913927e6bff0cfc6d2cf6a5bd0bc993560cafb0951 composites.conf
|
||||
f88d7b2c78b8aa011cf7fd81214745b5c6af10f44482c6164b3001dd366d7bedcb96f7ab0e5b33839c1b82458e1e14ab04b75594856928bac6037698e2c82f7e groups.conf
|
||||
91cdd4f25cd29b7524827683caa79efd37e1ef78698f7f0ce8c185773bd0e1fdf624215838b26165cb52151fe435b41a76714c9f0aa0ee341a473b468d4f5436 groups.conf
|
||||
78df39cbc6e09cdc5e01d27e123d82aa677a70a6f5d59ba0be8d0ce6af012c5311e4a2527e4fbc586f9cdd8da033e9f05e2371970fa23db60eaa8c16c8e85f05 logging.conf
|
||||
d5b99a03a86f35cb5b25cf0a1cf8be25a5a9158bc7f3a6362b35d6dc8e799613d03ade65b2673378fb1e2b5de67d48eb5e64a956551be9ef39c5d5d2ab2a3b36 statistic.conf
|
||||
301315c98f2816a9542a410352bf3eb7f025a57f8ccc37666f51a3371580cba06344197c2f2a4049d402472ba7c9a542a21e6938ac022030e95a472e8bba33b6 workers.conf
|
||||
2adbbed7442b2efad0c78aa735e562da68c992114b8b1b12258d39234cda66d198dddeaa5246f0b897b6174fc7b52430fada1bd1cd5870142b72d935c4f6e12f spamtrap.map"
|
||||
2adbbed7442b2efad0c78aa735e562da68c992114b8b1b12258d39234cda66d198dddeaa5246f0b897b6174fc7b52430fada1bd1cd5870142b72d935c4f6e12f spamtrap.map
|
||||
"
|
||||
|
|
|
@ -274,7 +274,7 @@ group "rbl" {
|
|||
group "statistics" {
|
||||
symbols = {
|
||||
"BAYES_SPAM" {
|
||||
weight = 5.1;
|
||||
weight = 10;
|
||||
description = "Message probably spam, probability: ";
|
||||
}
|
||||
"BAYES_HAM" {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
redis {
|
||||
servers = "redis.routinginfo.redxen.localhost:7551";
|
||||
servers = "redis.routinginfo.internal:7551";
|
||||
db = 1;
|
||||
}
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=sysctl
|
||||
_configpath="/etc/sysctl.d"
|
||||
_rx_installdir="/etc/sysctl.d"
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2020.12.10
|
||||
pkgrel=2
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
depends="busybox"
|
||||
source="
|
||||
10-memory.conf
|
||||
|
@ -14,6 +13,8 @@ source="
|
|||
30-kernel.conf
|
||||
"
|
||||
|
||||
sha512sums="8043d419de52d0a8e75ed50643bd73ef3b3e2633d9064c6f6695b796834bc162f6b3c0e28082bb601e1a6c582e92ca90aa3dd626973c741c2ff0d3e1749521b1 10-memory.conf
|
||||
sha512sums="
|
||||
8043d419de52d0a8e75ed50643bd73ef3b3e2633d9064c6f6695b796834bc162f6b3c0e28082bb601e1a6c582e92ca90aa3dd626973c741c2ff0d3e1749521b1 10-memory.conf
|
||||
117648c1a0ee1a2d554eee2a0f8584097c66300dfda945a4ac0cb52f24160ae673abe3de964d419ddca4e0822a605c7b1d4f8d8e3f85d5f7c582b9803ffa21fc 20-network.conf
|
||||
a67a62adddcc0389eef167f390d948ce69488f5755fbd19ca16d9d626511229e7dd7f03fcf0f4731fa867a45417e9554f65b5ccca7fcacc2e51f056d4152031a 30-kernel.conf"
|
||||
a67a62adddcc0389eef167f390d948ce69488f5755fbd19ca16d9d626511229e7dd7f03fcf0f4731fa867a45417e9554f65b5ccca7fcacc2e51f056d4152031a 30-kernel.conf
|
||||
"
|
||||
|
|
|
@ -1,18 +1,72 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=telegraf
|
||||
_cfgumask=400
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2020.12.23
|
||||
pkgrel=2
|
||||
source="main.conf"
|
||||
checkdepends="telegraf"
|
||||
pkgver=2021.06.01.05
|
||||
pkgrel=0
|
||||
options=""
|
||||
checkdepends="telegraf"
|
||||
source="main.conf"
|
||||
_modules="
|
||||
base
|
||||
unbound
|
||||
redis
|
||||
haproxy
|
||||
rspamd
|
||||
wireguard
|
||||
"
|
||||
|
||||
for i in $_modules; do
|
||||
source="$source $i.conf"
|
||||
subpackages="$subpackages $pkgname-$i"
|
||||
done
|
||||
|
||||
check() {
|
||||
telegraf --config main.conf --test >/dev/null
|
||||
telegraf --config main.conf --config base.conf --test >/dev/null
|
||||
}
|
||||
|
||||
sha512sums="3d342136225a8c060be6af63e0769da6fc870206471836cd4f414b9765c85930fe5a9fdb6b7a7acedb2d631264472849c53c2af7a4a387bd2c582bf1c1a0c97e main.conf"
|
||||
package() {
|
||||
rx_install main.conf
|
||||
}
|
||||
|
||||
base() {
|
||||
install_if="$pkgname"
|
||||
_rx_installdir="$_rx_installdir/module" rx_install base.conf
|
||||
}
|
||||
|
||||
unbound() {
|
||||
install_if="$pkgname redxen-config-unbound-rctrl"
|
||||
_rx_installdir="$_rx_installdir/module" rx_install unbound.conf
|
||||
}
|
||||
|
||||
redis() {
|
||||
install_if="$pkgname redxen-config-redis"
|
||||
_rx_installdir="$_rx_installdir/module" rx_install redis.conf
|
||||
}
|
||||
|
||||
haproxy() {
|
||||
install_if="$pkgname redxen-config-haproxy"
|
||||
_rx_installdir="$_rx_installdir/module" rx_install haproxy.conf
|
||||
}
|
||||
|
||||
rspamd() {
|
||||
install_if="$pkgname redxen-config-rspamd"
|
||||
_rx_installdir="$_rx_installdir/module" rx_install rspamd.conf
|
||||
}
|
||||
|
||||
wireguard() {
|
||||
install_if="$pkgname redxen-config-wireguard"
|
||||
_rx_installdir="$_rx_installdir/module" rx_install wireguard.conf
|
||||
}
|
||||
|
||||
|
||||
sha512sums="
|
||||
5a0f1dab5c4887700f7f29eeb0d1be28690737f1689a12e67861be4c0bb8276ece8fcb279983e6e3bc5484bd6aa932b663d6ff775c68e33c1190fcdbaa3b1889 main.conf
|
||||
532d6b79eafb7629ef3f2a16f2f9323369d93357b301e44c111661eab8108a3d09dae1fd2c7f8a4c3d832c66285e2098fcd7713f37b545b5616d7c9a749a2684 base.conf
|
||||
5a81b295f17189115fe93d1d68d94181aaab32dfcdd3e4d0480991c515d0cec57cb58bac354b893a5109a9e62d400a278489c9d64b997968ad8f326e02c7ddb1 unbound.conf
|
||||
a4bc80850c94291d00b2ad56e50216ab36515bcc176b3c5678b24c3d5a3740b9de9006df8e37e42942a50227e6b27321d267e27decffbf6d9a37755d3224121e redis.conf
|
||||
f219fcd9c1aeb4503e813f00c51cc2a2ccb8c297727f3542e614c784b977ef6a32d492de750b8d4338f95172dfdc0e388a72662e80c92a890e2bfc7d34e3396d haproxy.conf
|
||||
0e5e8282a77553cf75b3184367486d37f4dd6e6ed5a216f2ca5b94f4fe7b151565eb5d9fc35f5eadc154da41aa39f0f7979ded054be9da94b981326ca13c6b8f rspamd.conf
|
||||
3f6d05082d4e01fb7498c82fb92fb479c5766148c9dcfd118d248ceaf6838f4794b940a8fcff0ec6020000806c6418f93e5aa60cbf32fd826fa4f9870f925ba7 wireguard.conf
|
||||
"
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
[[outputs.influxdb]]
|
||||
urls = ["http://influxdb.routinginfo.internal:7552"]
|
||||
database = "telegraf"
|
||||
|
||||
[[inputs.cpu]]
|
||||
percpu = true
|
||||
totalcpu = true
|
||||
collect_cpu_time = true
|
||||
report_active = true
|
||||
|
||||
[[inputs.disk]]
|
||||
ignore_fs = ["tmpfs", "devtmpfs", "devfs", "overlay", "aufs", "squashfs"]
|
||||
|
||||
[[inputs.diskio]]
|
||||
[[inputs.kernel]]
|
||||
[[inputs.kernel_vmstat]]
|
||||
[[inputs.mem]]
|
||||
[[inputs.processes]]
|
||||
[[inputs.swap]]
|
||||
[[inputs.system]]
|
||||
[[inputs.net]]
|
|
@ -0,0 +1,3 @@
|
|||
[[inputs.haproxy]]
|
||||
servers = ["socket:/run/haproxy.sock"]
|
||||
keep_field_names = true
|
|
@ -1,33 +1,11 @@
|
|||
[agent]
|
||||
interval = "10s"
|
||||
round_interval = true
|
||||
metric_batch_size = 1000
|
||||
metric_buffer_limit = 10000
|
||||
flush_interval = "10s"
|
||||
precision = "10s"
|
||||
debug = false
|
||||
quiet = false
|
||||
logfile = ""
|
||||
omit_hostname = false
|
||||
|
||||
[[outputs.influxdb]]
|
||||
urls = ["http://influxdb.routinginfo.redxen.localhost:7552"]
|
||||
database = "telegraf"
|
||||
|
||||
[[inputs.cpu]]
|
||||
percpu = true
|
||||
totalcpu = true
|
||||
collect_cpu_time = true
|
||||
report_active = true
|
||||
|
||||
[[inputs.disk]]
|
||||
ignore_fs = ["tmpfs", "devtmpfs", "devfs", "overlay", "aufs", "squashfs"]
|
||||
|
||||
[[inputs.diskio]]
|
||||
[[inputs.kernel]]
|
||||
[[inputs.kernel_vmstat]]
|
||||
[[inputs.mem]]
|
||||
[[inputs.processes]]
|
||||
[[inputs.swap]]
|
||||
[[inputs.system]]
|
||||
[[inputs.net]]
|
||||
interval = "10s"
|
||||
round_interval = true
|
||||
metric_batch_size = 1000
|
||||
metric_buffer_limit = 10000
|
||||
flush_interval = "10s"
|
||||
precision = "1s"
|
||||
debug = false
|
||||
quiet = false
|
||||
logfile = ""
|
||||
omit_hostname = false
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
[[inputs.http]]
|
||||
urls = ["http://localhost:7579/json_rpc"]
|
||||
method = "POST"
|
||||
data_format = "json"
|
||||
content_encoding = "identity"
|
||||
body = '{"method":"get_info"}'
|
||||
json_query = "result"
|
||||
headers = { "Content-Type" = "application/json", "Transfer-Encoding" = "identity" }
|
||||
tag_keys = [
|
||||
"nettype"
|
||||
]
|
||||
name_override = "monerod"
|
|
@ -0,0 +1,2 @@
|
|||
[[inputs.redis]]
|
||||
servers = ["tcp://localhost:7551"]
|
|
@ -0,0 +1,8 @@
|
|||
[[inputs.http]]
|
||||
urls = ["http://localhost:7512/stat"]
|
||||
data_format = "json"
|
||||
tag_keys = [
|
||||
"config_id",
|
||||
"version"
|
||||
]
|
||||
name_override = "rspamd"
|
|
@ -0,0 +1,2 @@
|
|||
[[inputs.unbound]]
|
||||
server = "localhost:8953"
|
|
@ -0,0 +1,2 @@
|
|||
[[inputs.wireguard]]
|
||||
devices = ["rxmain"]
|
|
@ -1,18 +0,0 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname="transmission-daemon"
|
||||
_configpath="/etc/transmission"
|
||||
_cfgumask=400
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
|
||||
pkgver=2021.01.26
|
||||
pkgrel=2
|
||||
source="settings.json"
|
||||
|
||||
package() {
|
||||
package_copy_configs
|
||||
mkdir -p "$pkgdir"/etc/transmission/resume "$pkgdir"/seedbox
|
||||
}
|
||||
|
||||
sha512sums="6b6ca000655811ffdf1d51609cf0315f8516a7a7c0f602d97848071d6441bd13e053d896d9a56bc5c772b9c5ee600419480460db13dfdf03921e4d90a2a01887 settings.json"
|
|
@ -0,0 +1,35 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
source="
|
||||
secret
|
||||
settings.json
|
||||
"
|
||||
depends="transmission-daemon"
|
||||
|
||||
build() {
|
||||
. secret
|
||||
: "${TRANSMISSION_USERNAME:?'Transmission username is missing'}"
|
||||
: "${TRANSMISSION_PASSWORD:?'Transmission password is missing'}"
|
||||
|
||||
cp "settings.json" "settings.json.private"
|
||||
TRANSMISSION_PASS_SALT="$(cat /dev/urandom | tr -dc '[:alnum:]./' | head -c 8)"
|
||||
TRANSMISSION_PASS_HASH="$(printf '%s%s' "$TRANSMISSION_PASSWORD" "$TRANSMISSION_PASS_SALT" | sha1sum)"
|
||||
TRANSMISSION_PASS_SALTED="{${TRANSMISSION_PASS_HASH%% *}$TRANSMISSION_PASS_SALT"
|
||||
rx_replace "TRANSMISSION_USERNAME" "$TRANSMISSION_USERNAME" settings.json.private
|
||||
rx_replace "TRANSMISSION_PASSWORD" "$TRANSMISSION_PASS_SALTED" settings.json.private
|
||||
}
|
||||
|
||||
package() {
|
||||
rx_install "settings.json.private" "settings.json"
|
||||
install -dm700 "$(rx_cpkgdir)"/"$_rx_installdir"/resume "$(rx_cpkgdir)"/seedbox
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
7435cdea2f9a63d09164c6c7cf6105e24a27316150bbebb7c2abda0a72c9ffcbd36632be1f9d77bccdc616fa8b84a9bfeaa4b5b32349d11a3d4f9c12ee884963 secret
|
||||
900829893fa4cd61c7950d640f8a4b043f33de90abce9007b8c5d76d464df3542e0ca2630deb93344d4a896f999f0da4f2474ad77cb7d628247c34c78aec515b settings.json
|
||||
"
|
|
@ -0,0 +1,70 @@
|
|||
{
|
||||
"alt-speed-down": 50,
|
||||
"alt-speed-enabled": false,
|
||||
"alt-speed-time-begin": 540,
|
||||
"alt-speed-time-day": 127,
|
||||
"alt-speed-time-enabled": false,
|
||||
"alt-speed-time-end": 1020,
|
||||
"alt-speed-up": 50,
|
||||
"bind-address-ipv4": "0.0.0.0",
|
||||
"bind-address-ipv6": "::",
|
||||
"blocklist-enabled": true,
|
||||
"blocklist-url": "https://github.com/sahsu/transmission-blocklist/releases/latest/download/blocklist.gz",
|
||||
"cache-size-mb": 50,
|
||||
"dht-enabled": true,
|
||||
"download-dir": "/seedbox",
|
||||
"download-queue-enabled": true,
|
||||
"download-queue-size": 50,
|
||||
"encryption": 2,
|
||||
"idle-seeding-limit": 30,
|
||||
"idle-seeding-limit-enabled": false,
|
||||
"incomplete-dir": "/seedbox",
|
||||
"incomplete-dir-enabled": true,
|
||||
"lpd-enabled": false,
|
||||
"message-level": 2,
|
||||
"peer-congestion-algorithm": "",
|
||||
"peer-id-ttl-hours": 1,
|
||||
"peer-limit-global": 2000,
|
||||
"peer-limit-per-torrent": 30,
|
||||
"peer-port": 51413,
|
||||
"peer-port-random-high": 65535,
|
||||
"peer-port-random-low": 49152,
|
||||
"peer-port-random-on-start": false,
|
||||
"peer-socket-tos": "default",
|
||||
"pex-enabled": true,
|
||||
"port-forwarding-enabled": false,
|
||||
"preallocation": 0,
|
||||
"prefetch-enabled": true,
|
||||
"queue-stalled-enabled": true,
|
||||
"queue-stalled-minutes": 30,
|
||||
"ratio-limit": 20,
|
||||
"ratio-limit-enabled": false,
|
||||
"rename-partial-files": true,
|
||||
"rpc-authentication-required": true,
|
||||
"rpc-bind-address": "0.0.0.0",
|
||||
"rpc-enabled": true,
|
||||
"rpc-host-whitelist": "127.0.0.1",
|
||||
"rpc-host-whitelist-enabled": false,
|
||||
"rpc-port": 7572,
|
||||
"rpc-url": "/",
|
||||
"rpc-username": "TRANSMISSION_USERNAME",
|
||||
"rpc-password": "TRANSMISSION_PASSWORD",
|
||||
"rpc-whitelist": "127.0.0.1",
|
||||
"rpc-whitelist-enabled": false,
|
||||
"scrape-paused-torrents-enabled": true,
|
||||
"script-torrent-done-enabled": false,
|
||||
"script-torrent-done-filename": "",
|
||||
"seed-queue-enabled": false,
|
||||
"seed-queue-size": 100,
|
||||
"speed-limit-down": 100,
|
||||
"speed-limit-down-enabled": false,
|
||||
"speed-limit-up": 100,
|
||||
"speed-limit-up-enabled": false,
|
||||
"start-added-torrents": true,
|
||||
"trash-original-torrent-files": false,
|
||||
"umask": 18,
|
||||
"upload-slots-per-torrent": 1000,
|
||||
"utp-enabled": true,
|
||||
"watch-dir": "/watch",
|
||||
"watch-dir-enabled": false
|
||||
}
|
|
@ -1,102 +1,62 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=unbound
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
_dkim_date=2021.03.28
|
||||
_dnssec_date=2021.04.05
|
||||
pkgver=2021.04.29
|
||||
pkgrel=2
|
||||
pkgver=2021.06.01.04
|
||||
pkgrel=0
|
||||
depends="alpine-baselayout ca-certificates-bundle dns-root-hints dnssec-root"
|
||||
makedepends="redxen-secret-opendkim-dns~$_dkim_date bind-dnssec-tools redxen-secret-dnssec~$_dnssec_date"
|
||||
checkdepends="bind-tools unbound"
|
||||
subpackages="$pkgname-acl $pkgname-rctrl $pkgname-internal $pkgname-auth-rx:auth_rx $pkgname-auth-crxn:auth_crxn"
|
||||
source="
|
||||
includes.conf
|
||||
base.conf
|
||||
acl.conf
|
||||
rctrl.conf
|
||||
internal.conf
|
||||
|
||||
auth-redxen.conf
|
||||
auth-crxn.conf
|
||||
zones/redxen.eu
|
||||
zones/crxn
|
||||
"
|
||||
checkdepends="unbound"
|
||||
options="checkroot"
|
||||
builddir="$srcdir"
|
||||
_modules="
|
||||
acl
|
||||
rctrl
|
||||
auth_redxen
|
||||
auth_crxn
|
||||
auth_internal
|
||||
"
|
||||
source="
|
||||
base.conf
|
||||
"
|
||||
|
||||
prepare() {
|
||||
default_prepare
|
||||
# Add everything dynamic
|
||||
cat redxen.eu /etc/opendkim/redxen/dns-record /etc/dns/redxen.eu/*.key > redxen.eu-cat
|
||||
}
|
||||
|
||||
# DNSSEC signing happens here
|
||||
build() {
|
||||
msg "Signing redxen.eu zone"
|
||||
dnssec-signzone -K /etc/dns/redxen.eu -f redxen.eu-signed -e "+90d" -o redxen.eu -t redxen.eu-cat
|
||||
}
|
||||
for i in $_modules; do
|
||||
_authname="${i##auth_}"
|
||||
if [ "${i%%_*}" = "auth" ]; then
|
||||
checkdepends="$checkdepends redxen-data-bindzone-$_authname"
|
||||
fi
|
||||
subpackages="$subpackages $pkgname-$i:_module_ins"
|
||||
source="$source $i.conf"
|
||||
done
|
||||
|
||||
check() {
|
||||
msg "Checking configuration validity"
|
||||
/usr/sbin/unbound-checkconf base.conf
|
||||
/usr/sbin/unbound-checkconf acl.conf
|
||||
/usr/sbin/unbound-checkconf rctrl.conf
|
||||
/usr/sbin/unbound-checkconf internal.conf
|
||||
|
||||
# Cannot be checked because it expects files in a read-only path, not crucial
|
||||
#/usr/sbin/unbound-checkconf auth-zones.conf
|
||||
/usr/sbin/named-checkzone redxen.eu ./redxen.eu-signed
|
||||
/usr/sbin/named-checkzone crxn ./crxn
|
||||
for i in $_modules; do
|
||||
/usr/sbin/unbound-checkconf "$i".conf
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
package() {
|
||||
for i in includes.conf base.conf acl.conf rctrl.conf internal.conf auth-redxen.conf auth-crxn.conf; do
|
||||
install -Dm644 "$i" "$pkgdir"/etc/unbound/"$i"
|
||||
done
|
||||
# Unsigned zones
|
||||
for i in crxn; do
|
||||
install -Dm644 "$i" "$pkgdir"/etc/unbound/zones/"$i"
|
||||
done
|
||||
# Signed zones
|
||||
for i in redxen.eu; do
|
||||
install -Dm644 "$i-signed" "$pkgdir"/etc/unbound/zones/"${i%%-signed}"
|
||||
install -Dm644 "dsset-$i." "$pkgdir"/etc/dns/"$i"/"dsset-$i."
|
||||
done
|
||||
rx_install base.conf
|
||||
}
|
||||
|
||||
acl() {
|
||||
amove etc/unbound/acl.conf
|
||||
_module_ins() {
|
||||
_modname="${subpkgname##${pkgname}-}"
|
||||
_authname="${_modname##auth_}"
|
||||
if [ "${_modname%%_*}" = "auth" ]; then
|
||||
msg "Matched auth zone $_authname, adding depends to bindzone"
|
||||
depends="$depends redxen-data-bindzone-$_authname"
|
||||
fi
|
||||
_rx_installdir="$_rx_installdir/module" rx_install "$_modname".conf
|
||||
}
|
||||
|
||||
rctrl() {
|
||||
amove etc/unbound/rctrl.conf
|
||||
}
|
||||
|
||||
internal() {
|
||||
amove etc/unbound/internal.conf
|
||||
}
|
||||
|
||||
auth_rx() {
|
||||
amove etc/unbound/auth-redxen.conf
|
||||
amove etc/unbound/zones/redxen.eu
|
||||
# Zone is signed, include the DS key in the package
|
||||
amove etc/dns/redxen.eu
|
||||
}
|
||||
|
||||
auth_crxn() {
|
||||
amove etc/unbound/auth-crxn.conf
|
||||
amove etc/unbound/zones/crxn
|
||||
}
|
||||
|
||||
sha512sums="428b251c4bdd8ca0cd6174b3c76d5fb6acf25734dc75325fd06ce5e867b2ba9c25ddd5d485f17562b7d8cdea62708e04bd44e854d028de9688298cb018b86d54 includes.conf
|
||||
d3754ced9d8055ff7f1d364a93c403bba3f220a60ea519bceee5e9c43112d6a00d20d15cf659fdd6ad6834cf14afd6ecb5d9e1497ff2932572fd970750655749 base.conf
|
||||
sha512sums="
|
||||
bcb4c8e66d185f56751cc8f44ced802622abbd91bad08bae38b549d0e38438cd876784ac432ddd30347c4f6e5f0c205aafb085beecb1a58224074b3ac2b8f817 base.conf
|
||||
75709787e0872197c83def93b343550934f6b2e4903873aaf72f357fb8b4a1d7c5b8ba84913f052ad01aeca03f58ca589a22bf867c1c2e40e01f9588c7c580c4 acl.conf
|
||||
d94ad338e2ea43c3ecdc62c861eddc0bb706807b738dd985309bcdf0b5fb435d7260bf272e2bbe40a774ec5b8fa49cbf23624c2c5213eea94f4f14aa3720abfa rctrl.conf
|
||||
1eb7833b06f158f13b7c52ee14cd4e455acd9a8de344d6410092a5de98b1f4a62e209ce1e744cfc1a8afd588d3f54c5ce35a59ca31e3dd0fc16d517975fc6aa1 internal.conf
|
||||
28c917fe7f69643887097553312c4f1ffc747dffdbf150430e6c4b2e5833567922810716cb59a27887915664777ac3263be3c826956f504499f0ebdcc0b3aac5 auth-redxen.conf
|
||||
91847e65c48e585f298bb766b2b20c43f5380686b594233da3b722962b03f2f4c858bf299b745027dadd184408a87b1e85ebf03b027196756455afea69f79cf9 auth-crxn.conf
|
||||
44ffaafac7f0255218aaa1d32e496df3cfa051972b2817aaabe4db802aa1e209f6022546126f93d2b349d431e82380568cfb1f48f2610b9aae4cd047fa26e8d0 redxen.eu
|
||||
7a487f4f350310c2f1d3f7bf422352264b8ebe3dec1b5892685c59912aed8542711e253638d30f87e2b9b97144a12222de10ebe23ce6bb54a958ec7e5b35743d crxn"
|
||||
a013d162067027aabde0ce0810bfa9ac7e329ad77a52c93afed2faa56f92c73f5933327b70c2ba5e0ef663852462185653aef5138c62da8043c19179cb3e2607 auth_redxen.conf
|
||||
e678f22aa89a9df3db35921a20225abd2b0408ff1e6815b12ec135a740d95bc8a0669aebae3d0945e29c3896f43a0da88375a1c241fabcd410a65e47466c1f6d auth_crxn.conf
|
||||
b854e0d09875653676336ffc9e36690b2abe1a565f25fafd9cd0940cb5b6d8bb57e1d43a7a9b072c11fcadc9073e1dceceea9a517e4d55bee1d217fd1bd759e6 auth_internal.conf
|
||||
"
|
||||
|
|
|
@ -3,4 +3,4 @@ auth-zone:
|
|||
fallback-enabled: no
|
||||
for-downstream: yes
|
||||
for-upstream: yes
|
||||
zonefile: "/etc/unbound/zones/crxn"
|
||||
zonefile: "/etc/redxen/bindzone/crxn"
|
|
@ -0,0 +1,6 @@
|
|||
auth-zone:
|
||||
name: internal
|
||||
fallback-enabled: no
|
||||
for-downstream: yes
|
||||
for-upstream: yes
|
||||
zonefile: "/etc/redxen/bindzone/internal"
|
|
@ -3,4 +3,4 @@ auth-zone:
|
|||
fallback-enabled: no
|
||||
for-downstream: yes
|
||||
for-upstream: yes
|
||||
zonefile: "/etc/unbound/zones/redxen.eu"
|
||||
zonefile: "/etc/redxen/bindzone/redxen.eu"
|
|
@ -20,3 +20,5 @@ server:
|
|||
serve-expired: yes
|
||||
serve-expired-ttl: 86400
|
||||
serve-expired-ttl-reset: yes
|
||||
|
||||
include: "/etc/redxen/unbound/module/*.conf"
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
include: "/etc/unbound/base.conf"
|
||||
#include: "/etc/unbound/acl.conf"
|
||||
#include: "/etc/unbound/rctrl.conf"
|
||||
#include: "/etc/unbound/internal.conf"
|
||||
#include: "/etc/unbound/auth-redxen.conf"
|
||||
#include: "/etc/unbound/auth-crxn.conf"
|
|
@ -1,36 +0,0 @@
|
|||
server:
|
||||
local-zone: "redxen.localhost." static
|
||||
|
||||
# Machines
|
||||
local-data: "8101153.nbg1-dc3.hetzner.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805"
|
||||
local-data: "8201371.fsn1-dc14.hetzner.redxen.localhost. 86400 IN AAAA 200:8656:aa4:dc68:888:d92c:914b:866b"
|
||||
local-data: "9013723.fsn1-dc14.hetzner.redxen.localhost. 86400 IN AAAA 200:2749:8af:bdf9:f011:997e:7bbb:35f3"
|
||||
local-data: "9227948.nbg1-dc3.hetzner.redxen.localhost. 86400 IN AAAA 201:3b84:3e03:9e0f:4885:fb55:45f6:ebbd"
|
||||
local-data: "9804624.nbg1-dc3.hetzner.redxen.localhost. 86400 IN AAAA 205:bb23:5a95:218e:3943:a6e:254e:a347"
|
||||
|
||||
# Familiar names
|
||||
local-data: "lain.nurnberg.hetzner.redxen.localhost. 86400 IN CNAME 8101153.nbg1-dc3.hetzner.redxen.localhost."
|
||||
local-data: "arisu.falkenstein.hetzner.redxen.localhost. 86400 IN CNAME 8201371.fsn1-dc14.hetzner.redxen.localhost."
|
||||
local-data: "chisa.falkenstein.hetzner.redxen.localhost. 86400 IN CNAME 9013723.fsn1-dc14.hetzner.redxen.localhost."
|
||||
local-data: "masami.nurnberg.hetzner.redxen.localhost. 86400 IN CNAME 9227948.nbg1-dc3.hetzner.redxen.localhost."
|
||||
local-data: "taro.nurnberg.hetzner.redxen.localhost. 86400 IN CNAME 9804624.nbg1-dc3.hetzner.redxen.localhost."
|
||||
|
||||
# Services
|
||||
local-data: "_grafana._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7577 8201371.fsn1-dc14.hetzner.redxen.localhost."
|
||||
local-data: "_transmission._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7572 9013723.fsn1-dc14.hetzner.redxen.localhost."
|
||||
local-data: "_gitea._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7570 9227948.nbg1-dc3.hetzner.redxen.localhost."
|
||||
local-data: "_gitssh._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7571 9227948.nbg1-dc3.hetzner.redxen.localhost."
|
||||
local-data: "_monerod._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7579 9804624.nbg1-dc3.hetzner.redxen.localhost."
|
||||
# local-data: "_pleroma._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 8088 6051167.nbg1-dc3.hetzner.redxen.localhost."
|
||||
|
||||
# NGINX servers
|
||||
local-data: "_root._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7574 8101153.nbg1-dc3.hetzner.redxen.localhost."
|
||||
local-data: "_seedown._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7574 9013723.fsn1-dc14.hetzner.redxen.localhost."
|
||||
local-data: "_packages._tcp.routinginfo.redxen.localhost. 60 IN SRV 0 5 7574 8201371.fsn1-dc14.hetzner.redxen.localhost."
|
||||
|
||||
# Services (no CNAME/SRV support)
|
||||
local-data: "postgresql.routinginfo.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805"
|
||||
local-data: "redis.routinginfo.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805"
|
||||
local-data: "influxdb.routinginfo.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805"
|
||||
local-data: "rspamd.routinginfo.redxen.localhost. 86400 IN AAAA 200:2749:8af:bdf9:f011:997e:7bbb:35f3"
|
||||
local-data: "opendkim.routinginfo.redxen.localhost. 86400 IN AAAA 201:3b84:3e03:9e0f:4885:fb55:45f6:ebbd"
|
|
@ -1,11 +0,0 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=varnish
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
|
||||
pkgver=2020.12.07
|
||||
pkgrel=1
|
||||
source="main.vcl"
|
||||
|
||||
sha512sums="6674a942017c0f1be2ff6eefb9f2a92a0f7d615e4ce367e880bceef0ec2646f3aac4180f2bb32557ac9ae8590b02882d05afbc7478bee9069a8138945e6835fc main.vcl"
|
|
@ -1,73 +0,0 @@
|
|||
vcl 4.1;
|
||||
import std;
|
||||
|
||||
backend default {
|
||||
.host = "127.0.0.1";
|
||||
.port = "7500";
|
||||
.max_connections = 300;
|
||||
.first_byte_timeout = 240s;
|
||||
.connect_timeout = 10s;
|
||||
.between_bytes_timeout = 2s;
|
||||
}
|
||||
sub vcl_recv {
|
||||
unset req.http.user-agent;
|
||||
if ( req.method != "GET" &&
|
||||
req.method != "HEAD" &&
|
||||
req.method != "PUT" &&
|
||||
req.method != "POST" &&
|
||||
req.method != "TRACE" &&
|
||||
req.method != "OPTIONS" &&
|
||||
req.method != "PATCH" &&
|
||||
req.method != "DELETE") {
|
||||
return (pipe);
|
||||
}
|
||||
if (req.method == "GET" || req.method == "HEAD") {
|
||||
return (hash);
|
||||
}
|
||||
return (pass);
|
||||
}
|
||||
sub vcl_hash {
|
||||
hash_data(req.url);
|
||||
hash_data(req.http.host);
|
||||
if (req.http.cookie ~ "pleroma_key|gitea_incredible|grafana_session") {
|
||||
hash_data(req.http.cookie);
|
||||
}
|
||||
if (req.http.authorization) {
|
||||
hash_data(req.http.authorization);
|
||||
}
|
||||
return (lookup);
|
||||
}
|
||||
sub vcl_backend_response {
|
||||
set beresp.do_stream = false;
|
||||
set beresp.do_gzip = true;
|
||||
if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) {
|
||||
if (bereq.is_bgfetch){
|
||||
return (abandon);
|
||||
}
|
||||
set beresp.uncacheable = true;
|
||||
return (deliver);
|
||||
}
|
||||
if (beresp.http.Set-Cookie || beresp.http.Cache-Control ~ "no-cache|no-store|private") {
|
||||
set beresp.uncacheable = true;
|
||||
return (deliver);
|
||||
}
|
||||
if (beresp.http.ETag || beresp.http.Last-Modified || bereq.http.If-Modified-Since) {
|
||||
set beresp.grace = 1h;
|
||||
set beresp.keep = 12h;
|
||||
}
|
||||
if (beresp.status == 301) {
|
||||
set beresp.ttl = 24h;
|
||||
}
|
||||
return (deliver);
|
||||
}
|
||||
sub vcl_deliver {
|
||||
if (req.proto ~ "HTTP/2.0" && resp.http.keep-alive) {
|
||||
unset resp.http.keep-alive;
|
||||
}
|
||||
if (obj.hits > 0) {
|
||||
set resp.http.X-Cache = "HIT";
|
||||
} else {
|
||||
set resp.http.X-Cache = "MISS";
|
||||
}
|
||||
return (deliver);
|
||||
}
|
|
@ -1,25 +1,62 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=wireguard
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.05.17
|
||||
pkgrel=2
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
subpackages="$pkgname-sysctl"
|
||||
source="
|
||||
secret
|
||||
main.conf
|
||||
sysctl.conf
|
||||
"
|
||||
_users=""
|
||||
|
||||
build() {
|
||||
. secret
|
||||
: "${WIREGUARD_PRIVATEKEY:?'Private key missing'}"
|
||||
|
||||
cp main.conf main.conf.private
|
||||
rx_replace "WIREGUARD_PRIVATEKEY" "$WIREGUARD_PRIVATEKEY" main.conf.private
|
||||
for i in $_users; do
|
||||
msg "Added ${i#*::} as :${i%::*}"
|
||||
printf "[Peer]\nPublicKey = %s\nAllowedIPs = 172.22.12.%s/32, fd42:42:42::2:%s/128\n" "${i#*::}" "${i%::*}" "${i%::*}" >> main.conf.private
|
||||
done
|
||||
}
|
||||
|
||||
package() {
|
||||
install -Dm400 main.conf "$pkgdir"/etc/wireguard/rxmain.conf
|
||||
rx_install main.conf.private rxmain.conf
|
||||
}
|
||||
|
||||
sysctl() {
|
||||
install_if="redxen-config-wireguard"
|
||||
install -Dm644 "$srcdir"/sysctl.conf "$subpkgdir"/etc/sysctl.d/90-wireguard.conf
|
||||
_rx_installdir="/etc/sysctl.d" rx_install sysctl.conf 90-wireguard.conf
|
||||
}
|
||||
|
||||
sha512sums="e07fc910ad58d739066b05af3e7d7f0f0bfda3aeb06118d94a836a1cc122ded158e0fec6a9b68e256613aefba000e67e6435cf378e0bd88814273c4a7e5a07b2 main.conf
|
||||
b79ffbc64f2e193dc9402f7506b56b66892aa5387d13ac209ae344f9ce0f17aec3fdc503bf6855650d413dba3b66ffa3f937dd803850028579f5f5ed747c56b0 sysctl.conf"
|
||||
adduser() {
|
||||
for i in $@; do
|
||||
_users="$_users $i"
|
||||
done
|
||||
}
|
||||
|
||||
adduser "2::Xb+ASR5NdnIB+dXWEA4H0V3d0LC0KocKeFeQDyqDqjk=" \
|
||||
"3::kz9vLMnPtfka11n1EJpzHb4966ieJSo4BU1P2joHLXo=" # caskd <caskd@redxen.eu>
|
||||
adduser "12::2FRcncz/oSmqFQLrHqICi4fEkgxrCeS9P8TTv5gcfCw=" # cherry <cherry@redxen.eu>
|
||||
adduser "16::d459SqKVWko+wBhoFrU+yrFVM4BqI8FSmPtdrWepkw0=" # viggi <viggi@redxen.eu>
|
||||
adduser "18::Fb8sYfZghohEpznWpt46x1cmmkymt2ksQL7fEBI6qlc=" # MartijnTim <martijntim@redxen.eu>
|
||||
adduser "20::QHx0BCbRDKXX3OvdZwX9jYN2BMJPcPj4r/gYekkBTXY=" \
|
||||
"21::THwCjbASYrGxjOiw/gvmiiXoQJpQF1LzLXbaEW8FVU4=" # Nova <novaburst@kalli.st>
|
||||
adduser "24::zPg/v+EVJUhrSe1a3+ayzJuXakWUbgvcTgv3j4T11ks=" \
|
||||
"25::ht/GLP/r7WWM2JP0Ya+vdA7+aigoy9tY8b4wOm2VAUg=" \
|
||||
"26::PrGVHgZAM6vSK4I70QgYurIinKZE3b2Rrq5NQ8RDqS8=" # Shokara <shokara@snopyta.org>
|
||||
adduser "30::S/4jSds8CNsyk1SjI03AxWtB3E9lhtW49dia+x9hoVs=" \
|
||||
"31::SFPtaY7fn632wJXIkVYFtaPop7fGoX6pEkTkqZklHXM=" \
|
||||
"32::g9hn9jKFUwU7cijAuleeDUL2EqiAOD8shY/pTAk0qTA=" \
|
||||
"33::JlvGHLrhbce2yQAQEgbnIduXNwswTW9VIkDwvtOEiVQ=" # deavmi <deavmi@redxen.eu>
|
||||
|
||||
sha512sums="
|
||||
72d9999cd7a0be1f334cdf4690c56dac591f6149176a74e70dda7f239d3a82e4c62077efb487e4f59d10b50e24a9d18e3afe0735e7418bf2a4b41623dabdeb87 secret
|
||||
77aafee9d5af31710cf3d85788b7e61883348a9e42cf13fde34b1c30a9f3c825e8180605647435cf59cf7de731c0b5d2c1d868dbf9011033fde53128e134d08e main.conf
|
||||
b79ffbc64f2e193dc9402f7506b56b66892aa5387d13ac209ae344f9ce0f17aec3fdc503bf6855650d413dba3b66ffa3f937dd803850028579f5f5ed747c56b0 sysctl.conf
|
||||
"
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
[Interface]
|
||||
Address = 172.22.12.1/24, fd42:42:42::2:1/120
|
||||
ListenPort = 51820
|
||||
PrivateKey = WIREGUARD_PRIVATEKEY
|
|
@ -1,12 +1,12 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=xonotic
|
||||
_configpath="/etc/xonotic-server/redxen/data"
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
. ../APKBUILD-config.template
|
||||
|
||||
pkgver=2021.01.30
|
||||
pkgrel=7
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
source="server.cfg"
|
||||
|
||||
sha512sums="f875dc170b46d25914e2a1a09b0b1867f43c5eeea105931e5dd209a248e1a562d36541fc9d7f844f856d98a3adfb4dd1c66ebe6911fb2f15d7f56b7f3553a08b server.cfg"
|
||||
sha512sums="
|
||||
f875dc170b46d25914e2a1a09b0b1867f43c5eeea105931e5dd209a248e1a562d36541fc9d7f844f856d98a3adfb4dd1c66ebe6911fb2f15d7f56b7f3553a08b server.cfg
|
||||
"
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_svcname=yggdrasil
|
||||
_cfgumask=600
|
||||
|
||||
. ../APKBUILD-config.common
|
||||
|
||||
pkgver=2020.12.10
|
||||
pkgrel=2
|
||||
source="redxen.conf"
|
||||
|
||||
sha512sums="630d13a1256257b804c37e167a08fa96e622d393bca1b2ec2f8f6f60f286b00954fa3ff07cd215e5835b18ef7fc8bedfc1d881303af80625936302f5d72b6496 redxen.conf"
|
|
@ -1,10 +0,0 @@
|
|||
{
|
||||
Peers: [
|
||||
]
|
||||
Listen: [
|
||||
tls://0.0.0.0:7521
|
||||
]
|
||||
MulticastInterfaces: []
|
||||
AllowedEncryptionPublicKeys: [
|
||||
]
|
||||
}
|
|
@ -1,8 +0,0 @@
|
|||
pkgname="redxen-cron-$_cronname"
|
||||
pkgdesc="Cronjob files for $_cronname"
|
||||
url="https://git.redxen.eu/RedXen/aports"
|
||||
arch="noarch"
|
||||
license="none"
|
||||
depends="dcron"
|
||||
options="!check"
|
||||
builddir="$srcdir"
|
|
@ -0,0 +1,14 @@
|
|||
. ../../APKBUILD.template
|
||||
|
||||
: ${pkgname:?"No package prefix provided"}
|
||||
|
||||
pkgname="$pkgname-cron-$_rx_pkgname"
|
||||
pkgdesc="RedXen cronjobs: $_rx_pkgname"
|
||||
depends="dcron"
|
||||
_rx_fperm=544
|
||||
|
||||
package() {
|
||||
for i in $source; do
|
||||
_rx_installdir="/etc/periodic/$i" rx_install "$i" "$_rx_pkgname"
|
||||
done
|
||||
}
|
|
@ -1,17 +0,0 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_cronname=dovecot
|
||||
|
||||
. ../APKBUILD-cron.common
|
||||
|
||||
pkgver=2021.01.29
|
||||
pkgrel=0
|
||||
install_if="redxen-config-dovecot"
|
||||
source="cron-daily"
|
||||
|
||||
package() {
|
||||
mkdir -p "$pkgdir"/var/mail/snapshots
|
||||
install -Dm544 cron-daily "$pkgdir"/etc/periodic/daily/snapshot-mail
|
||||
}
|
||||
|
||||
sha512sums="f89295c25569d57bd5b52255d06036be3d5bd8e40c2f9eeb8f4d6468d2dd510e9c7382348936f47e075d64105888fba9c6a2245c419acea862cd20f6339b1d42 cron-daily"
|
|
@ -1,17 +0,0 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_cronname=gitea
|
||||
|
||||
. ../APKBUILD-cron.common
|
||||
|
||||
pkgver=2021.01.29
|
||||
pkgrel=0
|
||||
install_if="redxen-config-gitea"
|
||||
source="cron-daily"
|
||||
|
||||
package() {
|
||||
install -dm700 "$pkgdir"/gitea/snapshots
|
||||
install -Dm544 cron-daily "$pkgdir"/etc/periodic/daily/snapshot-gitea
|
||||
}
|
||||
|
||||
sha512sums="1628ddf15426b3f6aeb03d81e2f12d701925f943ddf77da2b9af0b44c10baaf5be6f1f8a9a2bff17d09242127dde54d9fdf06bdc3826fb8ff4e35ec28f3da644 cron-daily"
|
|
@ -1,17 +0,0 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_cronname=influxdb
|
||||
|
||||
. ../APKBUILD-cron.common
|
||||
|
||||
pkgver=2021.01.29
|
||||
pkgrel=0
|
||||
install_if="redxen-config-influxdb"
|
||||
source="cron-daily"
|
||||
|
||||
package() {
|
||||
install -dm700 "$pkgdir"/var/lib/influxdb/snapshots
|
||||
install -Dm544 cron-daily "$pkgdir"/etc/periodic/daily/snapshot-influxdb
|
||||
}
|
||||
|
||||
sha512sums="11069cdc37181ec5e131164fad9a6215278fd50954ec4dace0eac059a5b665fc514e5285823191c27a76ce2a3215dbc10158c8e5dfcd01b6a3b04b0d5b3f1907 cron-daily"
|
|
@ -1,17 +0,0 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_cronname=postgresql
|
||||
|
||||
. ../APKBUILD-cron.common
|
||||
|
||||
pkgver=2021.01.29
|
||||
pkgrel=0
|
||||
install_if="redxen-config-postgresql"
|
||||
source="cron-daily"
|
||||
|
||||
package() {
|
||||
install -dm700 "$pkgdir"/var/lib/postgresql/redxen_snapshots
|
||||
install -Dm544 cron-daily "$pkgdir"/etc/periodic/daily/snapshot-postgresql
|
||||
}
|
||||
|
||||
sha512sums="c6dfc277e98287d715651a3b54a9661c527dac4cc4be932a23888a5cfa659fc971ffa20982820c9a91064dad90968124b5764e9827a4ecf038b35b4cce5d430b cron-daily"
|
|
@ -1,17 +0,0 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
_cronname=redis
|
||||
|
||||
. ../APKBUILD-cron.common
|
||||
|
||||
pkgver=2021.01.29
|
||||
pkgrel=0
|
||||
install_if="redxen-config-redis"
|
||||
source="cron-daily"
|
||||
|
||||
package() {
|
||||
install -dm700 "$pkgdir"/var/lib/redis/snapshots
|
||||
install -Dm544 cron-daily "$pkgdir"/etc/periodic/daily/snapshot-redis
|
||||
}
|
||||
|
||||
sha512sums="216621fc0e36d2c86a808b3c855e04197c21a769b89f7d661eeee0661b2648a42cd453ac217f6f693a389f5bbfcee3dd990183c3b3a780977a83e97dfb836cd5 cron-daily"
|
|
@ -0,0 +1,13 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
|
||||
. ../APKBUILD-cron.template
|
||||
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
install_if="redxen-config-dovecot"
|
||||
source="daily"
|
||||
|
||||
sha512sums="
|
||||
f89295c25569d57bd5b52255d06036be3d5bd8e40c2f9eeb8f4d6468d2dd510e9c7382348936f47e075d64105888fba9c6a2245c419acea862cd20f6339b1d42 daily
|
||||
"
|
|
@ -0,0 +1,13 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
|
||||
. ../APKBUILD-cron.template
|
||||
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
install_if="redxen-config-gitea"
|
||||
source="daily"
|
||||
|
||||
sha512sums="
|
||||
1628ddf15426b3f6aeb03d81e2f12d701925f943ddf77da2b9af0b44c10baaf5be6f1f8a9a2bff17d09242127dde54d9fdf06bdc3826fb8ff4e35ec28f3da644 daily
|
||||
"
|
|
@ -0,0 +1,13 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
|
||||
. ../APKBUILD-cron.template
|
||||
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
install_if="redxen-config-influxdb"
|
||||
source="daily"
|
||||
|
||||
sha512sums="
|
||||
11069cdc37181ec5e131164fad9a6215278fd50954ec4dace0eac059a5b665fc514e5285823191c27a76ce2a3215dbc10158c8e5dfcd01b6a3b04b0d5b3f1907 daily
|
||||
"
|
|
@ -0,0 +1,13 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
|
||||
. ../APKBUILD-cron.template
|
||||
|
||||
pkgver=2021.06.01.03
|
||||
pkgrel=0
|
||||
install_if="redxen-config-postgresql"
|
||||
source="daily"
|
||||
|
||||
sha512sums="
|
||||
c6dfc277e98287d715651a3b54a9661c527dac4cc4be932a23888a5cfa659fc971ffa20982820c9a91064dad90968124b5764e9827a4ecf038b35b4cce5d430b daily
|
||||
"
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue