ProjectSegfault/ansible
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
Arya
2023-05-13 09:14:40 +08:00
commit 10f95ff535
34 changed files with 1385 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

272
privfrontends/templates/1-extras.Caddyfile Normal file
View File

@@ -0,0 +1,272 @@
## OLD URL REDIRECTS
invidious.mutahar.rocks {
redir https://inv.bp.projectsegfau.lt{uri} permanent
}
ferrit.projectsegfau.lt snooddit.projectsegfau.lt libreddit.mutahar.rocks {
redir https://libreddit.projectsegfau.lt{uri} permanent
}
lbry.mutahar.rocks {
redir https://lbry.projectsegfau.lt{uri} permanent
}
nitter.mutahar.rocks {
redir https://nitter.projectsegfau.lt{uri} permanent
}
#redir inv.bp.mutahar.rocks inv.bp.projectsegfau.lt permanent
#redir libreddit.mutahar.rocks libreddit.projectsegfau.lt permanent
#redir lbry.mutahar.rocks lbry.projectsegfau.lt permanent
#redir nitter.mutahar.rocks nitter.projectsegfau.lt permanent
arya.projectsegfau.lt aryak.me {
reverse_proxy https://arya.p.projectsegfau.lt {
header_up Host arya.p.projectsegfau.lt
}
}
gothub.dev.projectsegfau.lt {
reverse_proxy localhost:1025
import def
import torloc gothub.dev
}
## PUBNIX
# Reverse proxy all user sites
*.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:80
import acmedns
}
# Redirect base subdomain to the pubnix homepage
p.projectsegfau.lt {
redir https://projectsegfau.lt/pubnix
}
# Cockpit
cockpit.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:9090 {
transport http {
tls_insecure_skip_verify
}
}
import def
import torloc cockpit.p
}
# PublAPI
publapi.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:3000
import def
}
grafana.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:6943 {
header_up X-Real-IP {remote_host}
}
import def
}
geminiproxy.projectsegfau.lt geminiproxy.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:8000
import def
import torloc geminiproxy.p
}
http://pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy https://projectsegfau.lt {
header_up Host "projectsegfau.lt"
}
import tor www
import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p
}
http://www.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy https://projectsegfau.lt {
header_up Host "projectsegfau.lt"
}
import tor www
import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p
}
# Privacy Frontends
http://scribe.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy localhost:8006
import tor scribe
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
}
http://nitter.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy localhost:8387
import tor nitter
import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p
}
http://lbry.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor lbry
import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p
reverse_proxy localhost:3550
}
http://libreddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor libreddit
import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p
reverse_proxy localhost:6464
}
http://breezewiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor breezewiki
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
reverse_proxy localhost:10416
}
http://beatbump.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor beatbump
import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p
reverse_proxy localhost:3069
}
http://invbp.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor invbp
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy localhost:3000
}
http://rimgo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor rimgo
reverse_proxy localhost:9016
}
http://teddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor teddit
reverse_proxy localhost:9061
}
http://overflow.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor overflow
reverse_proxy localhost:8694
}
http://gothub.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor gothub
reverse_proxy localhost:1024
}
http://gothub.dev.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor gothub.dev
reverse_proxy localhost:1025
}
http://inv.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor inv
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy https://invidious.projectsegfau.lt {
header_up Host "invidious.projectsegfau.lt"
}
}
http://search.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor search
import i2ploc pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p
reverse_proxy https://search.projectsegfau.lt {
header_up Host "search.projectsegfau.lt"
}
}
http://git.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor git
import i2ploc pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p
reverse_proxy https://git.projectsegfau.lt {
header_up Host "git.projectsegfau.lt"
}
}
http://todo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor todo
import i2ploc pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p
reverse_proxy https://todo.projectsegfau.lt {
header_up Host "todo.projectsegfau.lt"
}
}
http://wiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor wiki
reverse_proxy https://wiki.projectsegfau.lt {
header_up Host "wiki.projectsegfau.lt"
}
}
http://pass.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor pass
reverse_proxy https://pass.projectsegfau.lt {
header_up Host "pass.projectsegfau.lt"
}
}
# Pubnix
http://geminiproxy.p.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor geminiproxy.p
reverse_proxy https://geminiproxy.p.projectsegfau.lt {
header_up Host "geminiproxy.p.projectsegfau.lt"
}
}
http://cockpit.p.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor cockpit.p
reverse_proxy https://cockpit.p.projectsegfau.lt {
header_up Host "cockpit.p.projectsegfau.lt"
}
}
## I2P
## I2P
http://pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p:6001 {
reverse_proxy https://projectsegfau.lt {
header_up Host "projectsegfau.lt"
}
import tor www
import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p
}
http://pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p:6008 {
reverse_proxy localhost:8006
import tor scribe
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
}
http://pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p:6005 {
reverse_proxy localhost:8387
import tor nitter
import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p
}
http://pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p:6003 {
import tor lbry
import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p
reverse_proxy localhost:3550
}
http://pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p:6004 {
import tor libreddit
import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p
reverse_proxy localhost:6464
}
http://pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p:6007 { # NW
import tor breezewiki
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
reverse_proxy localhost:10416
}
http://pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p:6006 {
import tor beatbump
import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p
reverse_proxy localhost:3069
}
http://pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p:6016 {
import tor invbp
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy localhost:3000
}
http://pjsf5ahv7ce67i5ic46ghum3scwatrsyac5i6aa5bynvnnlmpzfa.b32.i2p:6017 {
import tor rimgo
import i2ploc pjsf5ahv7ce67i5ic46ghum3scwatrsyac5i6aa5bynvnnlmpzfa.b32.i2p
reverse_proxy localhost:9016
}
http://pjsfa3dd7rxocfqanxenpop2uqfgpw4nevrmy424u5qwyasqdu6a.b32.i2p:6018 {
import tor teddit
import i2ploc pjsfa3dd7rxocfqanxenpop2uqfgpw4nevrmy424u5qwyasqdu6a.b32.i2p
reverse_proxy localhost:9061
}
http://pjsfhqamc7k6htnumrvn4cwqqdoggeepj7u5viyimgnxg3gar72q.b32.i2p:6002 {
import tor inv
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy https://invidious.projectsegfau.lt {
header_up Host "invidious.projectsegfau.lt"
}
}
http://pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p:6012 {
import tor search
import i2ploc pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p
reverse_proxy https://search.projectsegfau.lt {
header_up Host "search.projectsegfau.lt"
}
}
http://pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p:6013 {
import tor git
import i2ploc pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p
reverse_proxy https://git.projectsegfau.lt {
header_up Host "git.projectsegfau.lt"
}
}
http://pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p:6015 {
import i2ploc pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p
import tor todo
reverse_proxy https://todo.projectsegfau.lt {
header_up Host "todo.projectsegfau.lt"
}
}

4
privfrontends/templates/2-extras.Caddyfile Normal file
View File

@@ -0,0 +1,4 @@
fb.us.projectsegfau.lt {
import def
reverse_proxy :8065
}

35
privfrontends/templates/3-extras.Caddyfile Normal file
View File

@@ -0,0 +1,35 @@
bitpuit.in.projectsegfau.lt {
respond "Go fuck yourself devrand"
}
# PERSONAL
https://m.in.projectsegfau.lt:8448 m.in.projectsegfau.lt {
reverse_proxy http://192.168.1.47:8008
}
files.perso.in.projectsegfau.lt files.perso.in.projectsegfau.lt:6942 {
file_server {
browse
}
root * /zfspool/files
}
tnfiles.perso.in.projectsegfau.lt {
file_server {
browse
}
root * /zfspool/files/tn-sw
}
discourse.tildevarsh.in {
reverse_proxy https://192.168.1.21:443 {
transport http {
tls_insecure_skip_verify
}
header_up X-Real-IP {remote_host}
}
}
jf.perso.in.projectsegfau.lt {
reverse_proxy 192.168.1.20:8096
import def
}
nc.perso.in.projectsegfau.lt {
reverse_proxy 192.168.1.20:80
import def
}

275
privfrontends/templates/Caddyfile.j2 Normal file
View File

@@ -0,0 +1,275 @@
(tor) {
header {
-Strict-Transport-Security
-Referrer-Policy
-X-XSS-Protection
-Content-Security-Policy
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
Permissions-Policy interest-cohort=()
# clickjacking protection
X-Frame-Options SAMEORIGIN
Onion-Location http://{args.0}.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion{path}
defer
}
}
(torloc) {
header Onion-Location http://{args.0}.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion{path}
}
(i2ploc) {
header X-I2P-Location http://{args.0}{path}
}
(acmedns) {
tls {
dns rfc2136 {
key_name "dynupd"
key_alg "hmac-sha256"
# declared in secrets.en: https://aryak.me/blog/01-knot
key "{{ rfc2136_key }}"
server "107.189.12.96:53"
}
}
}
(def) {
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
X-Frame-Options SAMEORIGIN
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
defer
}
{% if inventory_hostname == 'in' %}
import acmedns
{% endif %}
}
{{inventory_hostname}}.projectsegfau.lt {% if inventory_hostname == 'eu' %} pizza1.projectsegfau.lt {% endif %} {
{% if inventory_hostname == 'eu' %}
redir https://wiki.projectsegfau.lt/index.php?title=Pizza1
{% elif inventory_hostname == 'us' %}
redir https://wiki.projectsegfau.lt/index.php?title=US_Node
{% elif inventory_hostname == 'in' %}
redir https://wiki.projectsegfau.lt/index.php?title=India_Node
{% else %}
{% endif %}
}
cdn.projectsegfau.lt cdn.{{inventory_hostname}}.projectsegfau.lt {
encode zstd gzip
root * /var/cdn
file_server {
browse
}
}
{% if inventory_hostname == 'eu' %}
inv.bp.projectsegfau.lt {
reverse_proxy localhost:7573
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
defer
}
import torloc invbp
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
}
proxy.lbry.projectsegfau.lt {
reverse_proxy localhost:3001
import def
}
{% else %}
inv.{{inventory_hostname}}.projectsegfau.lt {
reverse_proxy localhost:7573
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
defer
}
{% if inventory_hostname == 'in' %}
import acmedns
{% endif %}
}
piped.{{inventory_hostname}}.projectsegfau.lt pipedproxy.{{inventory_hostname}}.projectsegfau.lt pipedapi.{{inventory_hostname}}.projectsegfau.lt {
reverse_proxy :6970
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
defer
}
{% if inventory_hostname == 'in' %}
import acmedns
{% endif %}
}
{% endif %}
lbry.{{inventory_hostname}}.projectsegfau.lt lbry.projectsegfau.lt {
reverse_proxy :7269
import def
import torloc lbry
import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p
}
gothub.{{inventory_hostname}}.projectsegfau.lt gothub.projectsegfau.lt {
reverse_proxy :1024
import def
import torloc gothub
}
overflow.{{inventory_hostname}}.projectsegfau.lt overflow.projectsegfau.lt {
reverse_proxy :8694
import def
import torloc overflow
}
teddit.{{inventory_hostname}}.projectsegfau.lt teddit.projectsegfau.lt {
reverse_proxy :9061
import def
import torloc teddit
}
rimgo.{{inventory_hostname}}.projectsegfau.lt rimgo.projectsegfau.lt {
reverse_proxy :9016
import def
import torloc rimgo
}
libreddit.{{inventory_hostname}}.projectsegfau.lt libreddit.projectsegfau.lt {
reverse_proxy :6464
import def
import torloc libreddit
import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p
}
nitter.{{inventory_hostname}}.projectsegfau.lt nitter.projectsegfau.lt {
import def
header {
X-Permitted-Cross-Domain-Policies none
Permissions-Policy "Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(self), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()"
header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; script-src-attr 'none'; img-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self'; font-src 'self'; object-src 'none'; media-src 'self' blob:; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'"
}
reverse_proxy :8387 {
transport http {
compression off
}
}
import torloc nitter
import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p
}
bb.{{inventory_hostname}}.projectsegfau.lt bb.projectsegfau.lt {
import def
import torloc beatbump
import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p
reverse_proxy :3069
}
bw.{{inventory_hostname}}.projectsegfau.lt bw.projectsegfau.lt {
import def
import torloc breezewiki
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
reverse_proxy :10416
}
scribe.{{inventory_hostname}}.projectsegfau.lt scribe.projectsegfau.lt {
import def
import torloc scribe
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
reverse_proxy :8006
}
{% if inventory_hostname == 'eu' %}
{% else %}
search.{{inventory_hostname}}.projectsegfau.lt {
import def
reverse_proxy :8081
@api {
path /config
path /healthz
path /stats/errors
path /stats/checker
}
@static {
path /static/*
}
@notstatic {
not path /static/*
}
@imageproxy {
path /image_proxy
}
@notimageproxy {
not path /image_proxy
}
header {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disable some features
Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"
# Disable some features (legacy)
Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
# Referer
Referrer-Policy "no-referrer"
# X-Robots-Tag
X-Robots-Tag "noindex, noarchive, nofollow"
# Remove Server header
-Server
}
header @api {
Access-Control-Allow-Methods "GET, OPTIONS"
Access-Control-Allow-Origin "*"
}
# Cache
header @static {
# Cache
Cache-Control "public, max-age=31536000"
defer
}
header @notstatic {
# No Cache
Cache-Control "no-cache, no-store"
Pragma "no-cache"
}
# CSP (see http://content-security-policy.com/ )
header @imageproxy {
Content-Security-Policy "default-src 'none'; img-src 'self' data:"
}
header @notimageproxy {
Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
}
}
{% endif %}
include ./extras.caddy