diff options
| author | Paul Buetow <paul@buetow.org> | 2026-01-19 15:36:27 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-01-19 15:36:27 +0200 |
| commit | 55229ad06ed229c859082bb34085f277af7d8bea (patch) | |
| tree | 4c530ca0bc8ff53cd3cdf3259a7c1a21814fdd3f /frontends/Rexfile | |
| parent | 8d55f785e6df35381a971adcc6ee5f8518eaac22 (diff) | |
| parent | 4d87a596c3188f07732a26a1cc4abb875289b969 (diff) | |
Merge branch 'master' of codeberg.org:snonux/conf
Diffstat (limited to 'frontends/Rexfile')
| -rw-r--r-- | frontends/Rexfile | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/frontends/Rexfile b/frontends/Rexfile index 5194265..f9bf79f 100644 --- a/frontends/Rexfile +++ b/frontends/Rexfile @@ -85,6 +85,25 @@ our @f3s_hosts = our @acme_hosts = qw/foo.zone dtail.dev buetow.org git.buetow.org paul.buetow.org joern.buetow.org dory.buetow.org ecat.buetow.org blog.buetow.org znc.buetow.org stats.foo.zone irregular.ninja alt.irregular.ninja snonux.foo gogios.buetow.org blowfish.buetow.org fishfinger.buetow.org/; push @acme_hosts, @f3s_hosts; +<<<<<<< HEAD +||||||| 7b4d629 +our @dns_zones = qw/buetow.org dtail.dev foo.zone irregular.ninja snonux.foo/; +our @dns_zones_remove = qw/paul.cyou/; +our @acme_hosts = qw/buetow.org git.buetow.org paul.buetow.org dory.buetow.org solarcat.buetow.org fotos.buetow.org znc.buetow.org dtail.dev foo.zone irregular.ninja alt.irregular.ninja snonux.foo/; +======= + +# WireGuard IP addresses for ping checks +our %wg0_ips = ( + 'blowfish' => { '4' => '192.168.2.110', '6' => 'fd42:beef:cafe:2::110' }, + 'fishfinger' => { '4' => '192.168.2.111', '6' => 'fd42:beef:cafe:2::111' }, + 'f0' => { '4' => '192.168.2.130', '6' => 'fd42:beef:cafe:2::130' }, + 'f1' => { '4' => '192.168.2.131', '6' => 'fd42:beef:cafe:2::131' }, + 'f2' => { '4' => '192.168.2.132', '6' => 'fd42:beef:cafe:2::132' }, + 'r0' => { '4' => '192.168.2.120', '6' => 'fd42:beef:cafe:2::120' }, + 'r1' => { '4' => '192.168.2.121', '6' => 'fd42:beef:cafe:2::121' }, + 'r2' => { '4' => '192.168.2.122', '6' => 'fd42:beef:cafe:2::122' }, +); +>>>>>>> 529caf525d3c8594bcf0208697629827113dc1fc # UTILITY TASKS @@ -290,6 +309,16 @@ task 'relayd', sub { append_if_no_such_line '/etc/rc.conf.local', 'relayd_flags='; + # Increase daemon login class file descriptor limits for relayd with many TLS certs + file '/etc/login.conf.d/daemon', + source => './etc/login.conf.d/daemon', + owner => 'root', + group => 'wheel', + mode => '644', + on_change => sub { + run 'doas rm -f /etc/login.conf.db && doas cap_mkdb /etc/login.conf'; + }; + file '/etc/relayd.conf', content => template( './etc/relayd.conf.tpl', @@ -334,6 +363,17 @@ task 'smtpd', mode => '644', on_change => sub { service 'smtpd' => 'restart' }; + # Reject lists for blocking unwanted senders/domains/recipients + Rex::Logger::info('Dealing with mail reject lists'); + for my $reject_list (qw/reject-senders reject-domains reject-recipients/) { + file "/etc/mail/$reject_list", + source => "./etc/mail/$reject_list", + owner => 'root', + group => 'wheel', + mode => '644', + on_change => sub { service 'smtpd' => 'restart' }; + } + Rex::Logger::info('Dealing with smtpd.conf'); file '/etc/mail/smtpd.conf', content => template('./etc/mail/smtpd.conf.tpl'), @@ -484,7 +524,17 @@ task 'gogios', mode => '755'; file '/etc/gogios.json', +<<<<<<< HEAD content => template( './etc/gogios.json.tpl', acme_hosts => \@acme_hosts ), +||||||| 7b4d629 + file '/var/run/gogios', + ensure => 'directory', + owner => '_gogios', + group => '_gogios', + mode => '755'; +======= + content => template( './etc/gogios.json.tpl', acme_hosts => \@acme_hosts, wg0_ips => \%wg0_ips ), +>>>>>>> 529caf525d3c8594bcf0208697629827113dc1fc owner => 'root', group => 'wheel', mode => '744'; |