From 8bb971a19fd5efe8d7aa99b61dbdf3ef68c2277e Mon Sep 17 00:00:00 2001 From: Arya Kiran Date: Wed, 9 Aug 2023 16:26:58 +0530 Subject: [PATCH] Update all the tor stuff --- privfrontends/docker-tasks.yaml | 12 +- privfrontends/templates/Caddyfile.j2 | 10 +- privfrontends/templates/core/apps.Caddyfile | 2 + privfrontends/templates/eu/darknet.Caddyfile | 146 ++++++++++++------- privfrontends/templates/eu/pubnix.Caddyfile | 11 +- privfrontends/templates/in/misc.Caddyfile | 3 - 6 files changed, 112 insertions(+), 72 deletions(-) diff --git a/privfrontends/docker-tasks.yaml b/privfrontends/docker-tasks.yaml index 5341117..9562bc8 100644 --- a/privfrontends/docker-tasks.yaml +++ b/privfrontends/docker-tasks.yaml @@ -1,12 +1,12 @@ --- -- name: Create directory for service +- name: Create directory for {{item}} ansible.builtin.file: path: "{{ docker_dir }}/{{ item }}" state: directory mode: "0755" tags: docker,soleil,pizza -- name: Copy docker-compose templates for the service +- name: Copy docker-compose templates for the {{item}} ansible.builtin.template: src: "./compose/{{ item }}/compose.yml.j2" dest: "{{ docker_dir }}/{{ item }}/compose.yml" @@ -15,7 +15,7 @@ register: check_status tags: docker,soleil,pizza -- name: Check if extras file exists for the service +- name: Check if extras file exists for the {{item}} delegate_to: localhost ansible.builtin.stat: path: ./compose/{{ item }}/extras.conf.j2 @@ -31,7 +31,7 @@ when: file.stat.exists tags: docker,soleil,pizza -- name: "Update docker service image" +- name: "Update docker {{item}} image" ansible.builtin.command: chdir: "{{ docker_dir }}/{{ item }}" cmd: docker compose pull @@ -40,7 +40,7 @@ changed_when: updateout.rc != 0 tags: docker,soleil,pizza -- name: "Stop docker service" +- name: "Stop docker {{item}}" ansible.builtin.command: chdir: "{{ docker_dir }}/{{ item }}" cmd: docker compose down @@ -49,7 +49,7 @@ changed_when: stopout.rc != 0 tags: docker,soleil,pizza -- name: "Start docker service" +- name: "Start docker {{item}}" ansible.builtin.command: chdir: "{{ docker_dir }}/{{ item }}" cmd: docker compose up -d --build --remove-orphans diff --git a/privfrontends/templates/Caddyfile.j2 b/privfrontends/templates/Caddyfile.j2 index b919929..53bc4b9 100644 --- a/privfrontends/templates/Caddyfile.j2 +++ b/privfrontends/templates/Caddyfile.j2 @@ -10,15 +10,15 @@ # clickjacking protection X-Frame-Options SAMEORIGIN - Onion-Location http://{args.0}.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion{path} + Onion-Location http://{args[0]}.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion{path} defer } } (torloc) { - header Onion-Location http://{args.0}.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion{path} + header Onion-Location http://{args[0]}.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion{path} } (i2ploc) { - header X-I2P-Location http://{args.0}{path} + header X-I2P-Location http://{args[0]}{path} } (acmedns) { tls { @@ -135,6 +135,7 @@ inv.{{ server_prefix }}.projectsegfau.lt inv.projectsegfau.lt invidious.projects } } } + import torloc inv {% if server_prefix == 'in' %} import acmedns {% endif %} @@ -169,10 +170,12 @@ scribe.{{ server_prefix }}.projectsegfau.lt scribe.projectsegfau.lt sc.psf.lt sc translate.{{ server_prefix }}.projectsegfau.lt translate.projectsegfau.lt tl.psf.lt tl.{{ server_prefix }}.psf.lt { import def reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:5046 + import torloc translate } safetwitch.{{ server_prefix }}.projectsegfau.lt safetwitch.projectsegfau.lt tw.psf.lt tw.{{ server_prefix }}.psf.lt { import def reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:5070 + import torloc safetwitch } api.safetwitch.{{ server_prefix }}.projectsegfau.lt { reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:5071 @@ -186,6 +189,7 @@ hyperpipebackend.{{ server_prefix }}.projectsegfau.lt { } search.{{ server_prefix }}.projectsegfau.lt search.projectsegfau.lt s.psf.lt s.{{ server_prefix }}.psf.lt { import def + import torloc search reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8081 @api { path /config diff --git a/privfrontends/templates/core/apps.Caddyfile b/privfrontends/templates/core/apps.Caddyfile index a25c3be..ae6d0aa 100644 --- a/privfrontends/templates/core/apps.Caddyfile +++ b/privfrontends/templates/core/apps.Caddyfile @@ -252,6 +252,7 @@ xmpp-web.projectsegfau.lt, x.psf.lt { healthchecks.projectsegfau.lt, hc.psf.lt { import def reverse_proxy 192.168.5.2:8450 + impor torloc healthchecks } # Pubthentik auth.p.projectsegfau.lt { @@ -276,6 +277,7 @@ libretranslate.projectsegfau.lt lt.psf.lt libretranslate.in.projectsegfau.lt { gothub.dev.projectsegfau.lt gh.dev.psf.lt { reverse_proxy 192.168.5.2:1025 import def + import torloc gothub.dev } ak.psf.lt { redir https://social.projectsegfau.lt{uri} diff --git a/privfrontends/templates/eu/darknet.Caddyfile b/privfrontends/templates/eu/darknet.Caddyfile index a3dcb49..1bbe4af 100644 --- a/privfrontends/templates/eu/darknet.Caddyfile +++ b/privfrontends/templates/eu/darknet.Caddyfile @@ -5,69 +5,48 @@ http://www.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http:/ import tor www import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p } +# PUBNIX +http://geminiproxy.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + reverse_proxy 10.7.0.2:8000 + import tor geminiproxy +} +http://cockpit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + reverse_proxy 10.7.0.2:9090 { + transport http { + tls_insecure_skip_verify + } + } + import tor cockpit +} +http://*.p.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + @host header_regexp host Host ^([a-zA-Z0-9]+\-)?([A-Za-z0-9]+)\.p\.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad\.onion + handle @host { + reverse_proxy 10.7.0.2:80 { + header_up Host "{re.host.1}{re.host.2}.p.projectsegfau.lt" + } + import tor {re.host.1}{re.host.2}.p + } +} + # Privacy Frontends -http://scribe.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p { - reverse_proxy localhost:8006 - import tor scribe - import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p -} -http://translate.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - reverse_proxy localhost:5046 - import tor translate -} -http://safetwitch.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - reverse_proxy localhost:5047 - import tor safetwitch -} -http://nitter.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p { - reverse_proxy localhost:8387 - import tor nitter - import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p -} http://lbry.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p { import tor lbry import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p - reverse_proxy localhost:3550 + reverse_proxy :3550 +} +http://nitter.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p { + reverse_proxy :8387 + import tor nitter + import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p } http://libreddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p { import tor libreddit import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p - reverse_proxy localhost:6464 -} -http://breezewiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p { - import tor breezewiki - import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p - reverse_proxy localhost:10416 -} -http://beatbump.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p { - import tor beatbump - import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p - reverse_proxy localhost:3069 -} -http://invbp.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p { - import tor invbp - import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p - reverse_proxy localhost:3000 -} -http://rimgo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor rimgo - reverse_proxy localhost:9016 + reverse_proxy :6464 } http://teddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { import tor teddit - reverse_proxy localhost:9061 -} -http://overflow.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor overflow - reverse_proxy localhost:8694 -} -http://gothub.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor gothub - reverse_proxy localhost:1024 -} -http://gothub.dev.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor gothub.dev - reverse_proxy localhost:1025 + reverse_proxy :9061 } http://inv.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfhqamc7k6htnumrvn4cwqqdoggeepj7u5viyimgnxg3gar72q.b32.i2p { import tor inv @@ -76,6 +55,61 @@ http://inv.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http:/ header_up Host "invidious.projectsegfau.lt" } } +http://invbp.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p { + import tor invbp + import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p + reverse_proxy :7573 +} +http://gothub.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor gothub + reverse_proxy https://gothub.projectsegfau.lt { + header_up Host "gothub.projectsegfau.lt" + } +} +http://gothub.dev.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor gothub.dev + reverse_proxy https://gothub.dev.projectsegfau.lt { + header_up Host "gothub.dev.projectsegfau.lt" + } +} +http://overflow.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor overflow + reverse_proxy https://overflow.projectsegfau.lt { + header_up Host "overflow.projectsegfau.lt" + } +} +http://rimgo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor rimgo + reverse_proxy https://rimgo.projectsegfau.lt { + header_up Host "rimgo.projectsegfau.lt" + } +} +http://breezewiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p { + import tor breezewiki + import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p + reverse_proxy https://bw.projectsegfau.lt { + header_up Host "bw.projectsegfau.lt" + } +} +http://scribe.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p { + reverse_proxy https://scribe.projectsegfau.lt { + header_up Host "scribe.projectsegfau.lt" + } + import tor scribe + import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p +} +http://translate.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + reverse_proxy https://translate.projectsegfau.lt { + header_up Host "translate.projectsegfau.lt" + } + import tor translate +} +http://safetwitch.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + reverse_proxy https://safetwitch.projectsegfau.lt { + header_up Host "safetwitch.projectsegfau.lt" + } + import tor safetwitch +} http://search.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p { import tor search import i2ploc pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p @@ -83,6 +117,8 @@ http://search.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion htt header_up Host "search.projectsegfau.lt" } } + + http://git.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p { import tor git import i2ploc pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p @@ -109,3 +145,9 @@ http://pass.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { header_up Host "pass.projectsegfau.lt" } } +http://healthchecks.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor healthchecks + reverse_proxy https://healthchecks.projectsegfau.lt { + header_up Host "healthchecks.projectsegfau.lt" + } +} diff --git a/privfrontends/templates/eu/pubnix.Caddyfile b/privfrontends/templates/eu/pubnix.Caddyfile index 7386eea..aafaaac 100644 --- a/privfrontends/templates/eu/pubnix.Caddyfile +++ b/privfrontends/templates/eu/pubnix.Caddyfile @@ -9,6 +9,7 @@ reverse_proxy 10.7.0.2:80 { header_up Host "{re.host.1}{re.host.2}.p.projectsegfau.lt" } + import torloc {re.host.1}{re.host.2}.p } import acmedns } @@ -25,7 +26,7 @@ cockpit.p.projectsegfau.lt { } } import def - import torloc cockpit.p + import torloc cockpit } # PublAPI @@ -33,14 +34,8 @@ publapi.p.projectsegfau.lt { reverse_proxy 10.7.0.2:3000 import def } -grafana.p.projectsegfau.lt { - reverse_proxy 10.7.0.2:6943 { - header_up X-Real-IP {remote_host} - } - import def -} geminiproxy.projectsegfau.lt geminiproxy.p.projectsegfau.lt gp.p.psf.lt { reverse_proxy 10.7.0.2:8000 import def - import torloc geminiproxy.p + import torloc geminiproxy } diff --git a/privfrontends/templates/in/misc.Caddyfile b/privfrontends/templates/in/misc.Caddyfile index 958eb69..27b5d30 100644 --- a/privfrontends/templates/in/misc.Caddyfile +++ b/privfrontends/templates/in/misc.Caddyfile @@ -1,6 +1,3 @@ -bitpuit.in.projectsegfau.lt { - respond "Go fuck yourself devrand" -} dd.psf.lt { reverse_proxy :8008 }