aports/DEPLOYMENT-NOTES

79 lines
2.5 KiB
Plaintext

Some services need some preparation or configuration to work. Not all can work out of the box.
General:
- Every database-backed service needs manual user creation and db creation
- Every runlevel that is wanted needs to be stacked on default (services are added to their specific runlevel automatically)
- Every service that needs ports needs entries in /etc/iptables/rx-rules{4,6}
- Every service that needs data storage needs a volume to back it
ifupdown-ng:
- Public networks should be configured manually since RAs aren't usually configured, private ones also shouldn't rely on the rather unstable DHCP
``` HETZNER EXAMPLE
auto eth0
iface eth0 inet static
address
netmask 255.255.255.255
gateway 172.31.1.1
pointopoint 172.31.1.1
iface eth0 inet6 static
address
netmask 64
gateway fe80::1
```
```
auto eth1
iface eth1 inet static
address 10.0.X.X
netmask 255.255.255.255
mtu 1450
pointopoint 10.0.0.1
post-up ip route add 10.0.0.0/16 via 10.0.0.1 dev eth1
```
Yggdrasil:
- Yggdrasil needs manual configuration for peers and whitelisting
Unbound:
- Set `RESOLV_CONF=no` in /etc/udhcpc/udhcpc.conf to prevent automatic DNS configuration
OpenSSH SFTP Chroot (part of seedbox):
- Bind mounts from location of chroot to /sftp-chroot
NOTE: Usually `mount -o bind /seedbox /sftp-chroot`
- seedbox user needs to be manually appended to /etc/ssh/sshd_config
Pleroma:
- Migration might be needed between upgrades (/pleroma/bin/pleroma_ctl migrate)
Wireguard & FastD:
- Require the following forwarding rules
```
*filter
-A FORWARD -i rxmain -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o rxmain -j ACCEPT
-A FORWARD -i rxmain -o crxn0 -j ACCEPT
-A FORWARD -i crxn0 -o rxmain -j ACCEPT
*nat
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o crxn0 -j MASQUERADE
```
FastD:
- Requires forwarding on router so that nodes can comminicate via the router
```
-A FORWARD -i crxn0 -o crxn0 -j ACCEPT
```
- Router requires this on up
```
ip -6 addr add fd8a:6111:3b1a:X::1/64 scope global dev $INTERFACE
ip -6 route add fd8a:6111:3b1a:X::1/64 dev $INTERFACE protocol static
ip link set $INTERFACE up
```
- Clients require this on up
```
ip -6 addr add fd8a:6111:3b1a:X::Y/64 scope global dev $INTERFACE
ip link set $INTERFACE up
ip -6 route add fd8a:6111:3b1a::/48 via fd8a:6111:3b1a:X::1 dev $INTERFACE
ip -6 route add fd8a:6111:3b1a:X::/64 via fd8a:6111:3b1a:X::1 dev $INTERFACE
ip -6 route del fd8a:6111:3b1a:X::/64 dev $INTERFACE
```