disu1950/dmzconf
1
0
Fork 0
forked from Decentrala/dmzconf
Code Pull Requests Activity

reorganize docs

Browse Source 
Each host gets a directory.  Containers will soon also have their own
directory.
This commit is contained in:
Malin Freeborn
2024-12-03 22:54:47 +01:00
parent 52b7c1f3e0
commit 0a899d933b
16 changed files with 19 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
hosts/krov/serverko/README.md Normal file
View File

@@ -0,0 +1,19 @@
# List of containers
## serverko
VMID Name
100 nginx12
101 ddns12
102 dmzrs12
103 tor12
104 slapd12
105 wireguard12
106 opensmptd12
107 ipv6tunnel12
108 postgres12
109 ejabberd12
110 dmzrsaccount
111 taskmanager12
112 stopreklamama12

20
hosts/krov/serverko/ipv6tunnel12/etc/network/interfaces Normal file
View File

@@ -0,0 +1,20 @@
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.208/24
gateway 192.168.1.1
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address 2001:470:1f1a:1a4::2
netmask 127
endpoint 216.66.87.14
local 192.168.1.208
ttl 255
gateway 2001:470:1f1a:1a4::1
iface eth0 inet6 static
address 2001:470:1f1a:1a4::5/96

13
hosts/krov/serverko/ipv6tunnel12/lib/systemd/system/ifuptunnel.service Normal file
View File

@@ -0,0 +1,13 @@
[Unit]
Description=Auto start ipv6 tunnel
After=network.target
[Service]
ExecStart=/usr/bin/bash /root/scripts/netstart.sh
# Remove restarts if the command is just a one-off
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target

4
hosts/krov/serverko/ipv6tunnel12/root/scripts/netstart.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
ifup he-ipv6
ip -6 route add default via 2001:470:1f1a:1a4::1 dev he-ipv6

3
hosts/krov/serverko/opensmtpd12/crontab Normal file
View File

@@ -0,0 +1,3 @@
0 2 * * 1 scp -r dmzkrovsshfs12:/var/shareddirs/nginx12opensmtpd12/krov.dmz.rs /etc/letsencrypt/live/
1 2 * * 1 chmod 600 /etc/letsencrypt/live/krov.dmz.rs/privkey.pem
2 2 * * 1 /sbin/service opensmtpd restart

1
hosts/krov/serverko/opensmtpd12/etc/mailname Normal file
View File

@@ -0,0 +1 @@
krov.dmz.rs

28
hosts/krov/serverko/opensmtpd12/etc/smtpd.conf Normal file
View File

@@ -0,0 +1,28 @@
# $OpenBSD: smtpd.conf,v 1.10 2018/05/24 11:40:17 gilles Exp $
# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.
table sendcreds file:/etc/sendcreds
table aliases file:/etc/aliases
filter "dkimsign" proc-exec "filter-dkimsign -d krov.dmz.rs -s selector1 -k /etc/dkim/selector1.private"
pki krov.dmz.rs cert "/etc/letsencrypt/live/krov.dmz.rs/fullchain.pem"
pki krov.dmz.rs key "/etc/letsencrypt/live/krov.dmz.rs/privkey.pem"
# To accept external mail, replace with: listen on all
#
listen on eth0
listen on eth0 port 587 auth sendcreds tls-require pki "krov.dmz.rs" filter "dkimsign"
#action "local" maildir alias <aliases>
action "relay" relay
action "backup" relay backup
# Uncomment the following to accept external mail for domain "example.org"
#
# match from any for domain "example.org" action "local"
#match for local action "local"
match from any for domain dmz.rs action "backup"
match from auth for any action "relay"

45
hosts/krov/serverko/slapd12/etc/default/slapd Normal file
View File

@@ -0,0 +1,45 @@
# Default location of the slapd.conf file or slapd.d cn=config directory. If
# empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback to
# /etc/ldap/slapd.conf).
SLAPD_CONF=
# System account to run the slapd server under. If empty the server
# will run as root.
SLAPD_USER="openldap"
# System group to run the slapd server under. If empty the server will
# run in the primary group of its user.
SLAPD_GROUP="openldap"
# Path to the pid file of the slapd server. If not set the init.d script
# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.d by
# default)
SLAPD_PIDFILE=
# slapd normally serves ldap only on all TCP-ports 389. slapd can also
# service requests on TCP-port 636 (ldaps) and requests via unix
# sockets.
# Example usage:
# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
SLAPD_SERVICES="ldaps:/// ldapi:///"
# If SLAPD_NO_START is set, the init script will not start or restart
# slapd (but stop will still work). Uncomment this if you are
# starting slapd via some other means or if you don't want slapd normally
# started at boot.
#SLAPD_NO_START=1
# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists,
# the init script will not start or restart slapd (but stop will still
# work). Use this for temporarily disabling startup of slapd (when doing
# maintenance, for example, or through a configuration management system)
# when you don't want to edit a configuration file.
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
# For Kerberos authentication (via SASL), slapd by default uses the system
# keytab file (/etc/krb5.keytab). To use a different keytab file,
# uncomment this line and change the path.
#export KRB5_KTNAME=/etc/krb5.keytab
# Additional options to pass to slapd
SLAPD_OPTIONS=""

4
hosts/krov/serverko/slapd12/root/aclupdate.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
./modify.sh ldifs/acldel.ldif
./modify.sh ldifs/acladd.ldif

18
hosts/krov/serverko/slapd12/root/ldifs/acladd.ldif Normal file
View File

@@ -0,0 +1,18 @@
dn: olcDatabase={1}mdb,cn=config
add: olcAccess
olcAccess: {1}to attrs=userPassword by self write by anonymous auth
dn: olcDatabase={1}mdb,cn=config
add: olcAccess
#olcAccess: {2}to * by * none
olcAccess: {2}to * by self write by dn="uid=readonlykrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=wikildapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=forumldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=gitealdapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=xmppldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=dovecotldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=postfixldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=smtpdldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=kralizecslapd,ou=Users,dc=dmz,dc=rs" read by anonymous none
dn: olcDatabase={-1}frontend,cn=config
add: olcAccess
olcAccess: {1}to attrs=userPassword by self write by anonymous auth
dn: olcDatabase={-1}frontend,cn=config
add: olcAccess
#olcAccess: {2}to * by * none
olcAccess: {2}to * by self write by dn="uid=readonlykrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=wikildapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=forumldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=gitealdapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=xmppldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=dovecotldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=postfixldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=smtpdldapkrov,ou=Users,dc=dmz,dc=rs" read by dn="uid=kralizecslapd,ou=Users,dc=dmz,dc=rs" read by anonymous none

5
hosts/krov/serverko/slapd12/root/ldifs/acldel.ldif Normal file
View File

@@ -0,0 +1,5 @@
dn: olcDatabase={-1}frontend,cn=config
delete: olcAccess
dn: olcDatabase={1}mdb,cn=config
delete: olcAccess

10
hosts/krov/serverko/slapd12/root/ldifs/tls.ldif Normal file
View File

@@ -0,0 +1,10 @@
dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/certs/ldap.krov.dmz.rs/cert.pem
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/certs/ldap.krov.dmz.rs/privkey.pem
-
replace: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/certs/ldap.krov.dmz.rs/chain.pem

3
hosts/krov/serverko/slapd12/root/modify.sh Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
ldapmodify -H ldapi:/// -Y EXTERNAL -f $1

4
hosts/krov/serverko/slapd12/root/setup.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
./modify.sh ldifs/tls.ldif
./aclupdate.sh