new structure

This kicks off the basic tree structure, where the docs all mirror the
reality, like an ascii penumbra.

krov/serverko/README.md

@@ -0,0 +1,19 @@
+# List of containers
+
+## serverko
+
+VMID Name  
+100  nginx12  
+101  ddns12  
+102  dmzrs12  
+103  tor12  
+104  slapd12  
+105  wireguard12  
+106  opensmptd12  
+107  ipv6tunnel12  
+108  postgres12  
+109  ejabberd12  
+110  dmzrsaccount  
+111  taskmanager12  
+112  stopreklamama12  
+

krov/serverko/ipv6tunnel12/etc/network/interfaces

@@ -0,0 +1,20 @@
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet static
+	address 192.168.1.208/24
+	gateway 192.168.1.1
+
+auto he-ipv6
+iface he-ipv6 inet6 v4tunnel
+        address 2001:470:1f1a:1a4::2
+        netmask 127
+        endpoint 216.66.87.14
+        local 192.168.1.208
+        ttl 255
+        gateway 2001:470:1f1a:1a4::1
+
+iface eth0 inet6 static
+	address 2001:470:1f1a:1a4::5/96
+

krov/serverko/ipv6tunnel12/lib/systemd/system/ifuptunnel.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Auto start ipv6 tunnel
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/bash /root/scripts/netstart.sh
+# Remove restarts if the command is just a one-off
+Restart=on-failure
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target
+

krov/serverko/ipv6tunnel12/root/scripts/netstart.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+ifup he-ipv6
+ip -6 route add default via 2001:470:1f1a:1a4::1 dev he-ipv6

krov/serverko/opensmtpd12/crontab

@@ -0,0 +1,3 @@
+0 2 * * 1 scp -r dmzkrovsshfs12:/var/shareddirs/nginx12opensmtpd12/krov.dmz.rs /etc/letsencrypt/live/
+1 2 * * 1 chmod 600 /etc/letsencrypt/live/krov.dmz.rs/privkey.pem
+2 2 * * 1 /sbin/service opensmtpd restart

krov/serverko/opensmtpd12/etc/mailname

@@ -0,0 +1 @@
+krov.dmz.rs

krov/serverko/opensmtpd12/etc/smtpd.conf

@@ -0,0 +1,28 @@
+#	$OpenBSD: smtpd.conf,v 1.10 2018/05/24 11:40:17 gilles Exp $
+
+# This is the smtpd server system-wide configuration file.
+# See smtpd.conf(5) for more information.
+
+table sendcreds file:/etc/sendcreds
+table aliases file:/etc/aliases
+
+filter "dkimsign" proc-exec "filter-dkimsign -d krov.dmz.rs -s selector1 -k /etc/dkim/selector1.private"
+
+pki krov.dmz.rs cert "/etc/letsencrypt/live/krov.dmz.rs/fullchain.pem"
+pki krov.dmz.rs key "/etc/letsencrypt/live/krov.dmz.rs/privkey.pem"
+
+# To accept external mail, replace with: listen on all
+#
+listen on eth0
+listen on eth0 port 587 auth sendcreds tls-require pki "krov.dmz.rs" filter "dkimsign"
+
+#action "local" maildir alias <aliases>
+action "relay" relay
+action "backup" relay backup
+
+# Uncomment the following to accept external mail for domain "example.org"
+#
+# match from any for domain "example.org" action "local"
+#match for local action "local"
+match from any for domain dmz.rs action "backup"
+match from auth for any action "relay"

krov/serverko/slapd12/etc/default/slapd

@@ -0,0 +1,45 @@
+# Default location of the slapd.conf file or slapd.d cn=config directory. If
+# empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback to
+# /etc/ldap/slapd.conf).
+SLAPD_CONF=
+
+# System account to run the slapd server under. If empty the server
+# will run as root.
+SLAPD_USER="openldap"
+
+# System group to run the slapd server under. If empty the server will
+# run in the primary group of its user.
+SLAPD_GROUP="openldap"
+
+# Path to the pid file of the slapd server. If not set the init.d script
+# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.d by
+# default)
+SLAPD_PIDFILE=
+
+# slapd normally serves ldap only on all TCP-ports 389. slapd can also
+# service requests on TCP-port 636 (ldaps) and requests via unix
+# sockets.
+# Example usage:
+# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
+SLAPD_SERVICES="ldaps:/// ldapi:///"
+
+# If SLAPD_NO_START is set, the init script will not start or restart
+# slapd (but stop will still work).  Uncomment this if you are
+# starting slapd via some other means or if you don't want slapd normally
+# started at boot.
+#SLAPD_NO_START=1
+
+# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists,
+# the init script will not start or restart slapd (but stop will still
+# work).  Use this for temporarily disabling startup of slapd (when doing
+# maintenance, for example, or through a configuration management system)
+# when you don't want to edit a configuration file.
+SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
+
+# For Kerberos authentication (via SASL), slapd by default uses the system
+# keytab file (/etc/krb5.keytab).  To use a different keytab file,
+# uncomment this line and change the path.
+#export KRB5_KTNAME=/etc/krb5.keytab
+
+# Additional options to pass to slapd
+SLAPD_OPTIONS=""

krov/serverko/slapd12/root/aclupdate.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+./modify.sh ldifs/acldel.ldif
+./modify.sh ldifs/acladd.ldif

krov/serverko/slapd12/root/ldifs/acladd.ldif

@@ -0,0 +1,18 @@
+dn: olcDatabase={1}mdb,cn=config
+add: olcAccess
+olcAccess: {1}to attrs=userPassword by self write by anonymous auth
+
+dn: olcDatabase={1}mdb,cn=config
+add: olcAccess
+#olcAccess: {2}to * by * none
+olcAccess: {2}to * by self write by dn="uid=readonlykrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=wikildapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=forumldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=gitealdapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=xmppldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=dovecotldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=postfixldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=smtpdldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=kralizecslapd,ou=Users,dc=dmz,dc=rs" read by anonymous none
+
+dn: olcDatabase={-1}frontend,cn=config
+add: olcAccess
+olcAccess: {1}to attrs=userPassword by self write by anonymous auth
+
+dn: olcDatabase={-1}frontend,cn=config
+add: olcAccess
+#olcAccess: {2}to * by * none
+olcAccess: {2}to * by self write by dn="uid=readonlykrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=wikildapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=forumldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=gitealdapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=xmppldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=dovecotldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=postfixldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=smtpdldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=kralizecslapd,ou=Users,dc=dmz,dc=rs" read by anonymous none
+

krov/serverko/slapd12/root/ldifs/acldel.ldif

@@ -0,0 +1,5 @@
+dn: olcDatabase={-1}frontend,cn=config
+delete: olcAccess
+
+dn: olcDatabase={1}mdb,cn=config
+delete: olcAccess

krov/serverko/slapd12/root/ldifs/tls.ldif

@@ -0,0 +1,10 @@
+dn: cn=config
+changetype: modify
+replace: olcTLSCertificateFile
+olcTLSCertificateFile: /etc/ssl/certs/ldap.krov.dmz.rs/cert.pem
+-
+replace: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: /etc/ssl/certs/ldap.krov.dmz.rs/privkey.pem
+-
+replace: olcTLSCACertificateFile
+olcTLSCACertificateFile: /etc/ssl/certs/ldap.krov.dmz.rs/chain.pem

krov/serverko/slapd12/root/modify.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+ldapmodify -H ldapi:/// -Y EXTERNAL -f $1

krov/serverko/slapd12/root/setup.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+./modify.sh ldifs/tls.ldif
+./aclupdate.sh

krov/srv1/README.md

@@ -0,0 +1,15 @@
+# List of containers
+
+## srv1
+
+VMID Name  
+102  tor12  
+103  dendrite  
+106  icecast12  
+107  mariadb12  
+108  mpd12  
+109  ympd  
+111  sshfs11
+113  ollama12  
+114  chatbot12  
+115  goodvibes12