ProjectSegfault/ansible
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
Arya
2023-05-13 09:14:40 +08:00
commit 10f95ff535
34 changed files with 1385 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
privfrontends/compose/breezewiki/compose.yml.j2 Normal file
View File

@@ -0,0 +1,9 @@
services:
breezewiki:
container_name: breezewiki
image: quay.io/pussthecatorg/breezewiki:latest
restart: unless-stopped
ports:
- "10416:10416"
volumes:
- "./config.ini:/app/config.ini"

4
privfrontends/compose/breezewiki/extras.conf.j2 Normal file
View File

@@ -0,0 +1,4 @@
canonical_origin = https://bw.projectsegfau.lt
debug = false
port = 10416
feature_search_suggestions = true

32
privfrontends/compose/gothub-dev/compose.yml.j2 Normal file
View File

@@ -0,0 +1,32 @@
version: "3"
services:
gothub:
image: codeberg.org/gothub/gothub:dev
restart: unless-stopped
ports:
- "1025:3000"
environment:
- DOCKER=true
- GOTHUB_SETUP_COMPLETE=true
- GOTHUB_PROXYING_ENABLED=true
- GOTHUB_IP_LOGGED=false
- GOTHUB_REQUEST_URL_LOGGED=false
- GOTHUB_USER_AGENT_LOGGED=false
- GOTHUB_DIAGNOSTIC_INFO_LOGGED=false
- GOTHUB_INSTANCE_PRIVACY_POLICY=https://projectsegfau.lt/legal/privacy-policy
{% if inventory_hostname == 'eu' %}
- GOTHUB_INSTANCE_COUNTRY=Luxembourg
- GOTHUB_INSTANCE_PROVIDER=BuyVM
{% else if inventory_hostname == 'us' %}
- GOTHUB_INSTANCE_COUNTRY=United States
- GOTHUB_INSTANCE_PROVIDER=Digital Ocean
{% else if inventory_hostname == 'in' %}
- GOTHUB_INSTANCE_COUNTRY=India
- GOTHUB_INSTANCE_PROVIDER=Bharti Airtel
{% endif %}
- GOTHUB_INSTANCE_CLOUDFLARE=false
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/version || exit 1
interval: 30s
timeout: 5s
retries: 2

14
privfrontends/compose/gothub/compose.yml.j2 Normal file
View File

@@ -0,0 +1,14 @@
version: "3"
services:
gothub:
image: codeberg.org/gothub/gothub:latest
restart: unless-stopped
ports:
- "1024:3000"
environment:
- DOCKER=true
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/version || exit 1
interval: 30s
timeout: 5s
retries: 2

16
privfrontends/compose/librarian/compose.yml.j2 Normal file
View File

@@ -0,0 +1,16 @@
version: '3'
services:
librarian:
image: codeberg.org/librarian/librarian:latest
ports:
- 3550:3550
volumes:
- ./extras.conf:/app/config.yml
restart: unless-stopped
stream-proxy:
image: codeberg.org/librarian/stream-proxy-ng:latest
ports:
- 3001:3001
restart: unless-stopped

78
privfrontends/compose/librarian/extras.conf.j2 Normal file
View File

@@ -0,0 +1,78 @@
DOMAIN: 'https://lbry.projectsegfau.lt'
PORT: '3550'
FIBER_PREFORK: false
# Optional: Set address to bind to, example: 127.0.0.1
ADDRESS: ''
# Running a custom API server is not recommended and is not suitable for a public instance
API_URL: 'https://api.na-backend.odysee.com/api/v1/proxy'
# Block access to claims in case of DMCA
BLOCKED_CLAIMS:
- claimId
# AUTH_TOKEN and HMAC_KEY is automatically generated
AUTH_TOKEN: '{{librarian_auth_token}}'
HMAC_KEY: '{{librarian_hmac_key}}'
# Create IMAGE_CACHE_DIR before enabling image caching
IMAGE_CACHE: false
IMAGE_CACHE_DIR: '/var/cache/librarian'
IMAGE_CACHE_CLEANUP_INTERVAL: 24h
# The next 2 options will proxy video data through the instance.
# This will cause increased bandwidth usage.
# ENABLE_STREAM_PROXY proxies videos and ENABLE_LIVESTREAM enables livestreams.
ENABLE_STREAM_PROXY: true
ENABLE_LIVESTREAM: true
# Set custom SponsorBlock URL (with https://github.com/mchangrh/sb-mirror or other)
SPONSORBLOCK_URL: 'https://sponsor.ajay.app'
# Advanced: Custom video streaming endpoint
VIDEO_STREAMING_URL: 'https://proxy.lbry.projectsegfau.lt/stream'
# Rewrite links to other frontends. example: https://yt.domain.tld
FRONTEND:
youtube: 'https://invidious.projectsegfau.lt'
twitter: 'https://nitter.projectsegfau.lt'
imgur: 'https://rimgo.projectsegfau.lt'
instagram: ''
tiktok: ''
reddit: 'https://libreddit.projectsegfau.lt'
# Default instance settings
DEFAULT_SETTINGS:
theme: 'dark' # system, light, dark
relatedVideos: true
nsfw: false
autoplay: false
speed: '1' # 0.25, 0.5, 0.75, 1, 1.25, 1.5, 1.75, 2, 4
quality: '0' # 0 - Auto, 144 - 144p, 360 - 360p, 720 - 720p, 1080 - 1080p
sponsorblock:
sponsor: true
selfpromo: true
interaction: true
intro: false
outro: false
preview: false
filler_tangent: false
# Instance privacy: This is required to get your instance listed. For more info,
# See: https://codeberg.org/librarian/librarian/wiki/Instance-privacy
INSTANCE_PRIVACY:
# This is the default if you are using NGINX and have not disabled data collection.
# Read https://codeberg.org/librarian/librarian/wiki/Instance-privacy
DATA_NOT_COLLECTED: true
DATA_COLLECTED_IP: true
DATA_COLLECTED_URL: true
DATA_COLLECTED_DEVICE: true
DATA_COLLECTED_DIAGNOSTIC_ONLY: false
{% if inventory_hostname == 'eu' %}
INSTANCE_COUNTRY: "Luxembourg"
INSTANCE_PROVIDER: "BuyVM"
{% else if inventory_hostname == 'us' %}
INSTANCE_COUNTRY: "United States"
INSTANCE_PROVIDER: "Digital Ocean"
{% else if inventory_hostname == 'in' %}
INSTANCE_COUNTRY: "India"
INSTANCE_PROVIDER: "Bharti Airtel"
{% endif %}
# Cloudflare use is discouraged. You can set this to false if it is not proxied (gray cloud icon)
INSTANCE_CLOUDFLARE: false
# Optional: Explain your usage of data (if collected) and how it is stored.
MESSAGE: ""
# Link to your privacy policy, leave blank if you don't have one.
PRIVACY_POLICY: "https://projectsegfau.lt/legal/privacy-policy"

16
privfrontends/compose/libreddit/compose.yml.j2 Normal file
View File

@@ -0,0 +1,16 @@
services:
libreddit:
image: libreddit/libreddit:latest
ports:
- 127.0.0.1:6464:8080
restart: unless-stopped
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://localhost:8080/settings"]
interval: 5m
timeout: 3s
environment:
- FRONT_PAGE=popular
- COMMENT_SORT=new
- BLUR_NSFW=on
- USE_HLS=on
- AUTOPLAY_VIDEOS=off

24
privfrontends/compose/nitter/compose.yml.j2 Normal file
View File

@@ -0,0 +1,24 @@
version: "3"
services:
nitter:
image: zedeus/nitter:latest
ports:
- "8387:8080"
volumes:
- ./extras.conf:/src/nitter.conf:ro
depends_on:
- nitter-redis
restart: unless-stopped
nitter-redis:
image: redis:6-alpine
container_name: nitter-redis
command: redis-server --save 60 1 --loglevel warning
volumes:
- nitter-redis:/data
restart: unless-stopped
volumes:
nitter-redis:

45
privfrontends/compose/nitter/extras.conf.j2 Normal file
View File

@@ -0,0 +1,45 @@
[Server]
address = "0.0.0.0"
port = 8080
https = true # disable to enable cookies when not using https
httpMaxConnections = 100
staticDir = "./public"
title = "nitter"
hostname = "nitter.projectsegfau.lt"
[Cache]
listMinutes = 240 # how long to cache list info (not the tweets, so keep it high)
rssMinutes = 10 # how long to cache rss queries
redisHost = "nitter-redis" # Change to "nitter-redis" if using docker-compose
redisPort = 6379
redisPassword = ""
redisConnections = 20 # connection pool size
redisMaxConnections = 30
# max, new connections are opened when none are available, but if the pool size
# goes above this, they're closed when released. don't worry about this unless
# you receive tons of requests per second
[Config]
hmacKey = "{{nitter_hmac_key}}" # random key for cryptographic signing of video urls
base64Media = false # use base64 encoding for proxied media urls
enableRSS = true # set this to false to disable RSS feeds
enableDebug = false # enable request logs and debug endpoints
proxy = "" # http/https url, SOCKS proxies are not supported
proxyAuth = ""
tokenCount = 10
# minimum amount of usable tokens. tokens are used to authorize API requests,
# but they expire after ~1 hour, and have a limit of 187 requests.
# the limit gets reset every 15 minutes, and the pool is filled up so there's
# always at least $tokenCount usable tokens. again, only increase this if
# you receive major bursts all the time
# Change default preferences here, see src/prefs_impl.nim for a complete list
[Preferences]
theme = "Nitter"
replaceTwitter = "nitter.projectsegfau.lt"
replaceYouTube = "invidious.projectsegfau.lt"
replaceReddit = "libreddit.projectsegfau.lt"
replaceInstagram = ""
proxyVideos = true
hlsPlayback = true
infiniteScroll = false

25
privfrontends/compose/rimgo/compose.yml.j2 Normal file
View File

@@ -0,0 +1,25 @@
services:
rimgo:
image: codeberg.org/video-prize-ranch/rimgo # Official image
ports:
- 9016:3000
environment:
- ADDRESS=0.0.0.0
- PORT=3000
- FIBER_PREFORK=false
- IMGUR_CLIENT_ID=546c25a59c58ad7
- PRIVACY_POLICY=https://projectsegfau.lt/legal/privacy-policy
- PRIVACY_MESSAGE=
{% if inventory_hostname == 'eu' %}
- PRIVACY_COUNTRY=Luxembourg
- PRIVACY_PROVIDER=BuyVM
{% else if inventory_hostname == 'us' %}
- PRIVACY_COUNTRY=USA
- PRIVACY_PROVIDER=Digital Ocean
{% else if inventory_hostname == 'in' %}
- PRIVACY_COUNTRY=India
- PRIVACY_PROVIDER=Bharti Airtel
{% endif %}
- PRIVACY_CLOUDFLARE=false
- PRIVACY_NOT_COLLECTED=true
restart: unless-stopped

16
privfrontends/compose/scribe/compose.yml.j2 Normal file
View File

@@ -0,0 +1,16 @@
version: "3.8"
services:
scribe:
image: registry.gitlab.com/lomanic/scribe-binaries:latest
restart: always
container_name: "scribe"
ports:
- 8006:8006
environment:
- SCRIBE_PORT=8006
- SCRIBE_HOST=0.0.0.0
- APP_DOMAIN=scribe.projectsegfau.lt
- LUCKY_ENV=production
- PORT=8006
- SECRET_KEY_BASE={{scribe_secret_key_base}}

41
privfrontends/compose/teddit/compose.yml.j2 Normal file
View File

@@ -0,0 +1,41 @@
version: "3.8"
services:
teddit:
restart: always
container_name: teddit
image: teddit/teddit:latest
environment:
- DOMAIN=teddit.projectsegfau.lt
- USE_HELMET=true
- USE_HELMET_HSTS=true
- TRUST_PROXY=true
- REDIS_HOST=teddit-redis
ports:
- "9061:8080"
networks:
- teddit_net
healthcheck:
test: ["CMD", "wget" ,"--no-verbose", "--tries=1", "--spider", "http://localhost:8080/about"]
interval: 1m
timeout: 3s
depends_on:
- teddit-redis
teddit-redis:
restart: always
container_name: teddit-redis
image: redis:6.2.5-alpine
command: redis-server
environment:
- REDIS_REPLICATION_MODE=master
networks:
- teddit_net
volumes:
- teddit-redis:/data
volumes:
teddit-redis:
networks:
teddit_net:

35
privfrontends/docker-tasks.yaml Normal file
View File

@@ -0,0 +1,35 @@
---
- name: Copy docker-compose templates for the service
ansible.builtin.template:
src: ../compose/{{item}}/compose.yml.j2
dest: /opt/docker/{{item}}/compose.yml
backup: yes
register: check_status
- name: check if extras file exists for the service
local_action: stat path=../compose/{{item}}/extras.conf.j2
register: file
- name: Copy extras file
ansible.builtin.template:
src: ../compose/{{item}}/extras.conf.j2
dest: /opt/docker/{{item}}/extras.conf
backup: yes
when: file.stat.exists
- name: "Update docker service image"
command:
chdir: "/opt/docker/{{ item }}"
cmd: docker compose pull
when: check_status is changed
- name: "Stop docker service"
command:
chdir: "/opt/docker/{{ item }}"
cmd: docker compose down
when: check_status is changed
- name: "Start docker service"
command:
chdir: "/opt/docker/{{ item }}"
cmd: docker compose up -d --build --remove-orphans
when: check_status is changed

47
privfrontends/playbook.yaml Normal file
View File

@@ -0,0 +1,47 @@
---
- name: Setup Caddy
hosts: privfrontends
roles:
- role: caddy_ansible.caddy_ansible
caddy_systemd_capabilities_enabled: true
caddy_config: "{{ lookup('template', '../templates/Caddyfile.j2') }}"
caddy_user: "caddy"
caddy_home: "/var/lib/caddy"
# Static weekly builds of caddy with rfc2136 dns plugin
caddy_url_base: "https://cb.projectsegfau.lt/api/download"
tasks:
- name: Copy per-server caddy extras
ansible.builtin.copy:
src: "../{{ caddy_extras_config }}"
dest: /etc/caddy/extras.caddy
- name: Setup docker compose for privacy frontends
hosts: all
vars:
docker_services:
- anonymousoverflow
- beatbump
- breezewiki
- gothub
- gothub-dev
- invidious
- librarian
- libreddit
- nitter
- rimgo
- scribe
- teddit
- watchtower
non_pizza_docker_services:
- piped
- searxng-docker
tasks:
#
# community.docker does not support compose 2.0 right now.
# https://github.com/ansible-collections/community.docker/issues/216
#
- name: Update docker compose files and restart those with changes
include_tasks: docker-tasks.yaml
with_items: "{{ docker_services }}"
- name: Update docker compose files and restart those with changes (Privacy Frontends but without Pizza1)
include_tasks: docker-tasks.yaml
with_items: "{{ non_pizza_docker_services }}"

272
privfrontends/templates/1-extras.Caddyfile Normal file
View File

@@ -0,0 +1,272 @@
## OLD URL REDIRECTS
invidious.mutahar.rocks {
redir https://inv.bp.projectsegfau.lt{uri} permanent
}
ferrit.projectsegfau.lt snooddit.projectsegfau.lt libreddit.mutahar.rocks {
redir https://libreddit.projectsegfau.lt{uri} permanent
}
lbry.mutahar.rocks {
redir https://lbry.projectsegfau.lt{uri} permanent
}
nitter.mutahar.rocks {
redir https://nitter.projectsegfau.lt{uri} permanent
}
#redir inv.bp.mutahar.rocks inv.bp.projectsegfau.lt permanent
#redir libreddit.mutahar.rocks libreddit.projectsegfau.lt permanent
#redir lbry.mutahar.rocks lbry.projectsegfau.lt permanent
#redir nitter.mutahar.rocks nitter.projectsegfau.lt permanent
arya.projectsegfau.lt aryak.me {
reverse_proxy https://arya.p.projectsegfau.lt {
header_up Host arya.p.projectsegfau.lt
}
}
gothub.dev.projectsegfau.lt {
reverse_proxy localhost:1025
import def
import torloc gothub.dev
}
## PUBNIX
# Reverse proxy all user sites
*.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:80
import acmedns
}
# Redirect base subdomain to the pubnix homepage
p.projectsegfau.lt {
redir https://projectsegfau.lt/pubnix
}
# Cockpit
cockpit.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:9090 {
transport http {
tls_insecure_skip_verify
}
}
import def
import torloc cockpit.p
}
# PublAPI
publapi.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:3000
import def
}
grafana.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:6943 {
header_up X-Real-IP {remote_host}
}
import def
}
geminiproxy.projectsegfau.lt geminiproxy.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:8000
import def
import torloc geminiproxy.p
}
http://pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy https://projectsegfau.lt {
header_up Host "projectsegfau.lt"
}
import tor www
import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p
}
http://www.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy https://projectsegfau.lt {
header_up Host "projectsegfau.lt"
}
import tor www
import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p
}
# Privacy Frontends
http://scribe.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy localhost:8006
import tor scribe
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
}
http://nitter.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy localhost:8387
import tor nitter
import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p
}
http://lbry.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor lbry
import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p
reverse_proxy localhost:3550
}
http://libreddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor libreddit
import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p
reverse_proxy localhost:6464
}
http://breezewiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor breezewiki
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
reverse_proxy localhost:10416
}
http://beatbump.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor beatbump
import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p
reverse_proxy localhost:3069
}
http://invbp.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor invbp
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy localhost:3000
}
http://rimgo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor rimgo
reverse_proxy localhost:9016
}
http://teddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor teddit
reverse_proxy localhost:9061
}
http://overflow.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor overflow
reverse_proxy localhost:8694
}
http://gothub.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor gothub
reverse_proxy localhost:1024
}
http://gothub.dev.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor gothub.dev
reverse_proxy localhost:1025
}
http://inv.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor inv
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy https://invidious.projectsegfau.lt {
header_up Host "invidious.projectsegfau.lt"
}
}
http://search.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor search
import i2ploc pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p
reverse_proxy https://search.projectsegfau.lt {
header_up Host "search.projectsegfau.lt"
}
}
http://git.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor git
import i2ploc pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p
reverse_proxy https://git.projectsegfau.lt {
header_up Host "git.projectsegfau.lt"
}
}
http://todo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor todo
import i2ploc pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p
reverse_proxy https://todo.projectsegfau.lt {
header_up Host "todo.projectsegfau.lt"
}
}
http://wiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor wiki
reverse_proxy https://wiki.projectsegfau.lt {
header_up Host "wiki.projectsegfau.lt"
}
}
http://pass.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor pass
reverse_proxy https://pass.projectsegfau.lt {
header_up Host "pass.projectsegfau.lt"
}
}
# Pubnix
http://geminiproxy.p.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor geminiproxy.p
reverse_proxy https://geminiproxy.p.projectsegfau.lt {
header_up Host "geminiproxy.p.projectsegfau.lt"
}
}
http://cockpit.p.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor cockpit.p
reverse_proxy https://cockpit.p.projectsegfau.lt {
header_up Host "cockpit.p.projectsegfau.lt"
}
}
## I2P
## I2P
http://pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p:6001 {
reverse_proxy https://projectsegfau.lt {
header_up Host "projectsegfau.lt"
}
import tor www
import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p
}
http://pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p:6008 {
reverse_proxy localhost:8006
import tor scribe
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
}
http://pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p:6005 {
reverse_proxy localhost:8387
import tor nitter
import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p
}
http://pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p:6003 {
import tor lbry
import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p
reverse_proxy localhost:3550
}
http://pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p:6004 {
import tor libreddit
import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p
reverse_proxy localhost:6464
}
http://pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p:6007 { # NW
import tor breezewiki
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
reverse_proxy localhost:10416
}
http://pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p:6006 {
import tor beatbump
import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p
reverse_proxy localhost:3069
}
http://pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p:6016 {
import tor invbp
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy localhost:3000
}
http://pjsf5ahv7ce67i5ic46ghum3scwatrsyac5i6aa5bynvnnlmpzfa.b32.i2p:6017 {
import tor rimgo
import i2ploc pjsf5ahv7ce67i5ic46ghum3scwatrsyac5i6aa5bynvnnlmpzfa.b32.i2p
reverse_proxy localhost:9016
}
http://pjsfa3dd7rxocfqanxenpop2uqfgpw4nevrmy424u5qwyasqdu6a.b32.i2p:6018 {
import tor teddit
import i2ploc pjsfa3dd7rxocfqanxenpop2uqfgpw4nevrmy424u5qwyasqdu6a.b32.i2p
reverse_proxy localhost:9061
}
http://pjsfhqamc7k6htnumrvn4cwqqdoggeepj7u5viyimgnxg3gar72q.b32.i2p:6002 {
import tor inv
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy https://invidious.projectsegfau.lt {
header_up Host "invidious.projectsegfau.lt"
}
}
http://pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p:6012 {
import tor search
import i2ploc pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p
reverse_proxy https://search.projectsegfau.lt {
header_up Host "search.projectsegfau.lt"
}
}
http://pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p:6013 {
import tor git
import i2ploc pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p
reverse_proxy https://git.projectsegfau.lt {
header_up Host "git.projectsegfau.lt"
}
}
http://pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p:6015 {
import i2ploc pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p
import tor todo
reverse_proxy https://todo.projectsegfau.lt {
header_up Host "todo.projectsegfau.lt"
}
}

4
privfrontends/templates/2-extras.Caddyfile Normal file
View File

@@ -0,0 +1,4 @@
fb.us.projectsegfau.lt {
import def
reverse_proxy :8065
}

35
privfrontends/templates/3-extras.Caddyfile Normal file
View File

@@ -0,0 +1,35 @@
bitpuit.in.projectsegfau.lt {
respond "Go fuck yourself devrand"
}
# PERSONAL
https://m.in.projectsegfau.lt:8448 m.in.projectsegfau.lt {
reverse_proxy http://192.168.1.47:8008
}
files.perso.in.projectsegfau.lt files.perso.in.projectsegfau.lt:6942 {
file_server {
browse
}
root * /zfspool/files
}
tnfiles.perso.in.projectsegfau.lt {
file_server {
browse
}
root * /zfspool/files/tn-sw
}
discourse.tildevarsh.in {
reverse_proxy https://192.168.1.21:443 {
transport http {
tls_insecure_skip_verify
}
header_up X-Real-IP {remote_host}
}
}
jf.perso.in.projectsegfau.lt {
reverse_proxy 192.168.1.20:8096
import def
}
nc.perso.in.projectsegfau.lt {
reverse_proxy 192.168.1.20:80
import def
}

275
privfrontends/templates/Caddyfile.j2 Normal file
View File

@@ -0,0 +1,275 @@
(tor) {
header {
-Strict-Transport-Security
-Referrer-Policy
-X-XSS-Protection
-Content-Security-Policy
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
Permissions-Policy interest-cohort=()
# clickjacking protection
X-Frame-Options SAMEORIGIN
Onion-Location http://{args.0}.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion{path}
defer
}
}
(torloc) {
header Onion-Location http://{args.0}.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion{path}
}
(i2ploc) {
header X-I2P-Location http://{args.0}{path}
}
(acmedns) {
tls {
dns rfc2136 {
key_name "dynupd"
key_alg "hmac-sha256"
# declared in secrets.en: https://aryak.me/blog/01-knot
key "{{ rfc2136_key }}"
server "107.189.12.96:53"
}
}
}
(def) {
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
X-Frame-Options SAMEORIGIN
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
defer
}
{% if inventory_hostname == 'in' %}
import acmedns
{% endif %}
}
{{inventory_hostname}}.projectsegfau.lt {% if inventory_hostname == 'eu' %} pizza1.projectsegfau.lt {% endif %} {
{% if inventory_hostname == 'eu' %}
redir https://wiki.projectsegfau.lt/index.php?title=Pizza1
{% elif inventory_hostname == 'us' %}
redir https://wiki.projectsegfau.lt/index.php?title=US_Node
{% elif inventory_hostname == 'in' %}
redir https://wiki.projectsegfau.lt/index.php?title=India_Node
{% else %}
{% endif %}
}
cdn.projectsegfau.lt cdn.{{inventory_hostname}}.projectsegfau.lt {
encode zstd gzip
root * /var/cdn
file_server {
browse
}
}
{% if inventory_hostname == 'eu' %}
inv.bp.projectsegfau.lt {
reverse_proxy localhost:7573
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
defer
}
import torloc invbp
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
}
proxy.lbry.projectsegfau.lt {
reverse_proxy localhost:3001
import def
}
{% else %}
inv.{{inventory_hostname}}.projectsegfau.lt {
reverse_proxy localhost:7573
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
defer
}
{% if inventory_hostname == 'in' %}
import acmedns
{% endif %}
}
piped.{{inventory_hostname}}.projectsegfau.lt pipedproxy.{{inventory_hostname}}.projectsegfau.lt pipedapi.{{inventory_hostname}}.projectsegfau.lt {
reverse_proxy :6970
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
defer
}
{% if inventory_hostname == 'in' %}
import acmedns
{% endif %}
}
{% endif %}
lbry.{{inventory_hostname}}.projectsegfau.lt lbry.projectsegfau.lt {
reverse_proxy :7269
import def
import torloc lbry
import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p
}
gothub.{{inventory_hostname}}.projectsegfau.lt gothub.projectsegfau.lt {
reverse_proxy :1024
import def
import torloc gothub
}
overflow.{{inventory_hostname}}.projectsegfau.lt overflow.projectsegfau.lt {
reverse_proxy :8694
import def
import torloc overflow
}
teddit.{{inventory_hostname}}.projectsegfau.lt teddit.projectsegfau.lt {
reverse_proxy :9061
import def
import torloc teddit
}
rimgo.{{inventory_hostname}}.projectsegfau.lt rimgo.projectsegfau.lt {
reverse_proxy :9016
import def
import torloc rimgo
}
libreddit.{{inventory_hostname}}.projectsegfau.lt libreddit.projectsegfau.lt {
reverse_proxy :6464
import def
import torloc libreddit
import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p
}
nitter.{{inventory_hostname}}.projectsegfau.lt nitter.projectsegfau.lt {
import def
header {
X-Permitted-Cross-Domain-Policies none
Permissions-Policy "Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(self), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()"
header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; script-src-attr 'none'; img-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self'; font-src 'self'; object-src 'none'; media-src 'self' blob:; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'"
}
reverse_proxy :8387 {
transport http {
compression off
}
}
import torloc nitter
import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p
}
bb.{{inventory_hostname}}.projectsegfau.lt bb.projectsegfau.lt {
import def
import torloc beatbump
import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p
reverse_proxy :3069
}
bw.{{inventory_hostname}}.projectsegfau.lt bw.projectsegfau.lt {
import def
import torloc breezewiki
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
reverse_proxy :10416
}
scribe.{{inventory_hostname}}.projectsegfau.lt scribe.projectsegfau.lt {
import def
import torloc scribe
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
reverse_proxy :8006
}
{% if inventory_hostname == 'eu' %}
{% else %}
search.{{inventory_hostname}}.projectsegfau.lt {
import def
reverse_proxy :8081
@api {
path /config
path /healthz
path /stats/errors
path /stats/checker
}
@static {
path /static/*
}
@notstatic {
not path /static/*
}
@imageproxy {
path /image_proxy
}
@notimageproxy {
not path /image_proxy
}
header {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disable some features
Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"
# Disable some features (legacy)
Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
# Referer
Referrer-Policy "no-referrer"
# X-Robots-Tag
X-Robots-Tag "noindex, noarchive, nofollow"
# Remove Server header
-Server
}
header @api {
Access-Control-Allow-Methods "GET, OPTIONS"
Access-Control-Allow-Origin "*"
}
# Cache
header @static {
# Cache
Cache-Control "public, max-age=31536000"
defer
}
header @notstatic {
# No Cache
Cache-Control "no-cache, no-store"
Pragma "no-cache"
}
# CSP (see http://content-security-policy.com/ )
header @imageproxy {
Content-Security-Policy "default-src 'none'; img-src 'self' data:"
}
header @notimageproxy {
Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
}
}
{% endif %}
include ./extras.caddy