diff options
| author | Paul Buetow <paul@buetow.org> | 2026-01-19 15:36:27 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-01-19 15:36:27 +0200 |
| commit | 55229ad06ed229c859082bb34085f277af7d8bea (patch) | |
| tree | 4c530ca0bc8ff53cd3cdf3259a7c1a21814fdd3f /frontends/etc | |
| parent | 8d55f785e6df35381a971adcc6ee5f8518eaac22 (diff) | |
| parent | 4d87a596c3188f07732a26a1cc4abb875289b969 (diff) | |
Merge branch 'master' of codeberg.org:snonux/conf
Diffstat (limited to 'frontends/etc')
| -rw-r--r-- | frontends/etc/acme-client.conf.tpl | 18 | ||||
| -rw-r--r-- | frontends/etc/gogios.json.tpl | 21 | ||||
| -rw-r--r-- | frontends/etc/hosts.wg.append | 22 | ||||
| -rw-r--r-- | frontends/etc/httpd.conf.tpl | 3 | ||||
| -rw-r--r-- | frontends/etc/login.conf.d/daemon | 4 | ||||
| -rw-r--r-- | frontends/etc/mail/reject-domains | 0 | ||||
| -rw-r--r-- | frontends/etc/mail/reject-recipients | 0 | ||||
| -rw-r--r-- | frontends/etc/mail/reject-senders | 0 | ||||
| -rw-r--r-- | frontends/etc/mail/smtpd.conf.tpl | 11 |
9 files changed, 70 insertions, 9 deletions
diff --git a/frontends/etc/acme-client.conf.tpl b/frontends/etc/acme-client.conf.tpl index 6d0e2df..32ae9fb 100644 --- a/frontends/etc/acme-client.conf.tpl +++ b/frontends/etc/acme-client.conf.tpl @@ -23,7 +23,18 @@ authority buypass-test { contact "mailto:me@example.com" } +<<<<<<< HEAD <% for my $host (@$acme_hosts) { -%> +||||||| 7b4d629 +<% for my $host (@$acme_hosts) { -%> +<% for my $prefix ('', 'www.', 'standby.') { -%> +domain <%= $prefix.$host %> { + domain key "/etc/ssl/private/<%= $prefix.$host %>.key" + domain full chain certificate "/etc/ssl/<%= $prefix.$host %>.fullchain.pem" +======= +<% for my $host (@$acme_hosts) { + next if $host eq 'blowfish.buetow.org' or $host eq 'fishfinger.buetow.org'; -%> +>>>>>>> 529caf525d3c8594bcf0208697629827113dc1fc domain <%= $host %> { alternative names { www.<%= $host %> } domain key "/etc/ssl/private/<%= $host %>.key" @@ -36,10 +47,3 @@ domain standby.<%= $host %> { sign with letsencrypt } <% } -%> - -# For the server itself (e.g. TLS, or monitoring) -domain <%= "$hostname.$domain" %> { - domain key "/etc/ssl/private/<%= "$hostname.$domain" %>.key" - domain full chain certificate "/etc/ssl/<%= "$hostname.$domain" %>.fullchain.pem" - sign with letsencrypt -} diff --git a/frontends/etc/gogios.json.tpl b/frontends/etc/gogios.json.tpl index 49221c5..509b371 100644 --- a/frontends/etc/gogios.json.tpl +++ b/frontends/etc/gogios.json.tpl @@ -14,6 +14,7 @@ "Plugin": "<%= $plugin_dir %>/check_ping", "Args": ["-H", "<%= $host %>.buetow.org", "-<%= $proto %>", "-w", "100,10%", "-c", "200,15%"], "RandomSpread": 10, +<<<<<<< HEAD "Retries": 3, "RetryInterval": 3 }, @@ -25,11 +26,25 @@ "Plugin": "<%= $plugin_dir %>/check_ping", "Args": ["-H", "<%= $host %>.wg0.wan.buetow.org", "-<%= $proto %>", "-w", "100,10%", "-c", "200,15%"], "RandomSpread": 10, +||||||| 7b4d629 +======= +>>>>>>> 529caf525d3c8594bcf0208697629827113dc1fc "Retries": 3, "RetryInterval": 3 }, <% } -%> <% } -%> + <% for my $host (qw(blowfish fishfinger f0 f1 f2 r0 r1 r2)) { -%> + <% for my $proto (4, 6) { -%> + "Check Ping<%= $proto %> <%= $host %>.wg0.wan.buetow.org": { + "Plugin": "<%= $plugin_dir %>/check_ping", + "Args": ["-H", "<%= $wg0_ips->{$host}->{$proto} %>", "-<%= $proto %>", "-w", "40,20%", "-c", "80,30%"], + "RandomSpread": 10, + "Retries": 5, + "RetryInterval": 3 + }, + <% } -%> + <% } -%> <% for my $host (qw(fishfinger blowfish)) { -%> "Check DTail <%= $host %>.buetow.org": { "Plugin": "/usr/local/bin/dtailhealth", @@ -117,7 +132,13 @@ "Plugin": "<%= $plugin_dir %>/check_procs", "RandomSpread": 10, "RunInterval": 300, +<<<<<<< HEAD + "Args": ["-w", "80", "-c", "100"] +||||||| 7b4d629 "Args": ["-w", "80", "-c", "100"] +======= + "Args": ["-w", "100", "-c", "150"] +>>>>>>> 529caf525d3c8594bcf0208697629827113dc1fc }, "Check Disk <%= $hostname %>": { "Plugin": "<%= $plugin_dir %>/check_disk", diff --git a/frontends/etc/hosts.wg.append b/frontends/etc/hosts.wg.append new file mode 100644 index 0000000..f410d66 --- /dev/null +++ b/frontends/etc/hosts.wg.append @@ -0,0 +1,22 @@ +# WireGuard mesh IPv4 and IPv6 addresses +192.168.2.110 blowfish.wg0.wan.buetow.org blowfish.wg0 +192.168.2.111 fishfinger.wg0.wan.buetow.org fishfinger.wg0 +192.168.2.120 r0.wg0.wan.buetow.org r0.wg0 +192.168.2.121 r1.wg0.wan.buetow.org r1.wg0 +192.168.2.122 r2.wg0.wan.buetow.org r2.wg0 +192.168.2.130 f0.wg0.wan.buetow.org f0.wg0 +192.168.2.131 f1.wg0.wan.buetow.org f1.wg0 +192.168.2.132 f2.wg0.wan.buetow.org f2.wg0 +192.168.2.200 earth.wg0.wan.buetow.org earth.wg0 +192.168.2.201 pixel7pro.wg0.wan.buetow.org pixel7pro.wg0 + +fd42:beef:cafe:2::110 blowfish.wg0.wan.buetow.org blowfish.wg0 +fd42:beef:cafe:2::111 fishfinger.wg0.wan.buetow.org fishfinger.wg0 +fd42:beef:cafe:2::120 r0.wg0.wan.buetow.org r0.wg0 +fd42:beef:cafe:2::121 r1.wg0.wan.buetow.org r1.wg0 +fd42:beef:cafe:2::122 r2.wg0.wan.buetow.org r2.wg0 +fd42:beef:cafe:2::130 f0.wg0.wan.buetow.org f0.wg0 +fd42:beef:cafe:2::131 f1.wg0.wan.buetow.org f1.wg0 +fd42:beef:cafe:2::132 f2.wg0.wan.buetow.org f2.wg0 +fd42:beef:cafe:2::200 earth.wg0.wan.buetow.org earth.wg0 +fd42:beef:cafe:2::201 pixel7pro.wg0.wan.buetow.org pixel7pro.wg0 diff --git a/frontends/etc/httpd.conf.tpl b/frontends/etc/httpd.conf.tpl index 6f0c51a..6a313ae 100644 --- a/frontends/etc/httpd.conf.tpl +++ b/frontends/etc/httpd.conf.tpl @@ -94,13 +94,12 @@ server "<%= $prefix %>paul.buetow.org" { } <% } -%> -# Redirect to gitub.dtail.dev <% for my $prefix (@prefixes) { -%> server "<%= $prefix %>dtail.dev" { listen on * port 8080 log style forwarded location * { - block return 302 "https://github.dtail.dev$REQUEST_URI" + block return 302 "https://codeberg.org/snonux/dtail" } } <% } -%> diff --git a/frontends/etc/login.conf.d/daemon b/frontends/etc/login.conf.d/daemon new file mode 100644 index 0000000..a995fe9 --- /dev/null +++ b/frontends/etc/login.conf.d/daemon @@ -0,0 +1,4 @@ +daemon:\ + :openfiles-max=4096:\ + :openfiles-cur=4096:\ + :tc=default: diff --git a/frontends/etc/mail/reject-domains b/frontends/etc/mail/reject-domains new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/frontends/etc/mail/reject-domains diff --git a/frontends/etc/mail/reject-recipients b/frontends/etc/mail/reject-recipients new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/frontends/etc/mail/reject-recipients diff --git a/frontends/etc/mail/reject-senders b/frontends/etc/mail/reject-senders new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/frontends/etc/mail/reject-senders diff --git a/frontends/etc/mail/smtpd.conf.tpl b/frontends/etc/mail/smtpd.conf.tpl index 7764b34..b43302d 100644 --- a/frontends/etc/mail/smtpd.conf.tpl +++ b/frontends/etc/mail/smtpd.conf.tpl @@ -10,6 +10,11 @@ table aliases file:/etc/mail/aliases table virtualdomains file:/etc/mail/virtualdomains table virtualusers file:/etc/mail/virtualusers +# Reject lists for blocking unwanted senders/domains/recipients +table reject-senders file:/etc/mail/reject-senders +table reject-domains file:/etc/mail/reject-domains +table reject-recipients file:/etc/mail/reject-recipients + listen on socket listen on all tls pki "buetow_org_tls" hostname "<%= "$hostname.$domain" %>" #listen on all @@ -18,6 +23,12 @@ action localmail mbox alias <aliases> action receive mbox virtual <virtualusers> action outbound relay +# Reject rules (processed before accept rules) +# reject-senders: full addresses, reject-domains: patterns like *@domain.com +match from any mail-from <reject-senders> reject +match from any mail-from <reject-domains> reject +match from any for rcpt-to <reject-recipients> reject + match from any for domain <virtualdomains> action receive match from local for local action localmail match from local for any action outbound |