Merge branch 'master' of git.projectsegfau.lt:ProjectSegfault/ansible

2024-03-03 11:41:11 +01:00 · 2024-03-03 11:41:11 +01:00 · 4c762f1436
commit 4c762f1436
parent 132a23e0b8 3c85c3ca29
5 changed files with 42 additions and 10 deletions
--- a/inventory.yml
+++ b/inventory.yml
@ -10,8 +10,8 @@ all:
          docker_dir: /opt/docker-privfrontends
          server_prefix: eu
          ansible_become: true # Run everything as root
-          country: Netherlands
-          isp: Nonic Cloud
+          country: Germany
+          isp: Avoro
          wiki_page: Pizza-1
          watchtower_mtrx_username: psf-watchtower-pizza
          rsyncnet_slug: pizza1
--- a/pizza1/configs/wireguard/wg0.conf
+++ b/pizza1/configs/wireguard/wg0.conf
@ -2,9 +2,8 @@
 Address = 10.7.0.1/24, fddd:2c4:2c4:2c4::1/64
 PrivateKey = {{wireguard_private_key}}
 ListenPort = 51820
-PostUp = iptables -I FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -I POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 89.33.85.209; ip6tables -t nat -I POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a12:bec0:20b:21fe::1
-PostUp = iptables -D FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 89.33.85.209; ip6tables -t nat -D POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a12:bec0:20b:21fe::1
-
+PostUp = iptables -I FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -I POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 45.145.41.226; ip6tables -t nat -I POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a0d:5940:99:3::1
+PostDown = iptables -D FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 45.145.41.226; ip6tables -t nat -D POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a0d:5940:99:3::1
 [Peer]
 PublicKey = {{wireguard_pubnix_pubkey}}
 AllowedIPs = 10.7.0.2/32, fddd:2c4:2c4:2c4::2/128
--- a/privfrontends/templates/Caddyfile.j2
+++ b/privfrontends/templates/Caddyfile.j2
@ -33,7 +33,7 @@
                key_name "dynupd"
                key_alg "hmac-sha256"
                key "{{ rfc2136_key }}"
-                server "89.33.85.209:53"
+                server "45.145.41.226:53"
        }
 	}
 }
--- a/privfrontends/templates/in/apps.Caddyfile
+++ b/privfrontends/templates/in/apps.Caddyfile
@ -236,6 +236,20 @@ rssbridge.projectsegfau.lt, rb.psf.lt {
 	import def
 }

+# MatriXMPP Ejabberd
+matrixmpp.projectsegfau.lt https://matrixmpp.projectsegfau.lt:8448 {
+	reverse_proxy :8446 {
+		header_up X-Real-IP {remote_host}
+	}
+	header /.well-known/matrix/* Content-Type application/json
+	header /.well-known/matrix/* Access-Control-Allow-Origin *
+	handle_path /.well-known/* {
+		root * /var/www/matrixmpp-well-known
+		file_server
+	}
+	import acmedns
+}
+
 gothub.dev.projectsegfau.lt gh.dev.psf.lt {
 	reverse_proxy :1025
 	import def
--- a/privfrontends/templates/in/misc.Caddyfile
+++ b/privfrontends/templates/in/misc.Caddyfile
@ -1,8 +1,4 @@
 # PERSONAL
-https://m.in.projectsegfau.lt:8448 m.in.projectsegfau.lt {
-	import def
-	reverse_proxy http://192.168.1.47:8008
-}
 files.perso.in.projectsegfau.lt files.perso.in.projectsegfau.lt:6942 {
 	file_server {
 		browse
@ -17,3 +13,26 @@ tnfiles.perso.in.projectsegfau.lt {
 	root * /zfspool/files/tn-sw
 	import acmedns
 }
+mozhi.aryak.me {
+        reverse_proxy :5046
+}
+dhairya.aryak.me {
+        header /.well-known/matrix/* Content-Type application/json
+        header /.well-known/matrix/* Access-Control-Allow-Origin *
+        handle_path /.well-known/* {
+                root * /var/www/perso-well-known
+                file_server
+        }
+}
+http://*.tildevarsh.in https://tildevarsh.in {
+        respond `R.I.P ~varsh, you'll be missed. :q!
+        If you are a varsh user and want to get your data, email me@aryak.me with your username from your registered email address.
+        `
+}
+
+schfiles.aryak.me {
+        file_server {
+                browse
+        }
+        root * /zfspool/schfiles
+}