ProjectSegfault/ansible
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Arya
2023-05-29 16:38:34 +08:00
parent 40a8d4348a
commit ab3522f6d2
20 changed files with 696 additions and 368 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
privfrontends/compose/anonymousoverflow/compose.yml.j2 Normal file
View File

@@ -0,0 +1,11 @@
version: '3'
services:
anonymousoverflow:
image: codeberg.org/aryak/anonymousoverflow-docker-builds:latest
environment:
- APP_URL=https://overflow.projectsegfau.lt
- JWT_SIGNING_SECRET={{anonymousoverflow_signing_secret}}
ports:
- '8694:8080'
restart: 'always'

10
privfrontends/compose/gothub/compose.yml.j2
View File

@@ -7,6 +7,16 @@ services:
- "1024:3000"
environment:
- DOCKER=true
- GOTHUB_SETUP_COMPLETE=true
- GOTHUB_PROXYING_ENABLED=true
- GOTHUB_IP_LOGGED=false
- GOTHUB_REQUEST_URL_LOGGED=false
- GOTHUB_USER_AGENT_LOGGED=false
- GOTHUB_DIAGNOSTIC_INFO_LOGGED=false
- GOTHUB_INSTANCE_PRIVACY_POLICY=https://projectsegfau.lt/legal/privacy-policy
- GOTHUB_INSTANCE_COUNTRY={{country}}
- GOTHUB_INSTANCE_PROVIDER={{isp}}
- GOTHUB_INSTANCE_CLOUDFLARE=false
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/version || exit 1
interval: 30s

48
privfrontends/compose/searxng/compose.yml.j2 Normal file
View File

@@ -0,0 +1,48 @@
version: '3.7'
services:
redis:
restart: unless-stopped
container_name: redis
image: "redis:alpine"
command: redis-server --save "" --appendonly "no"
networks:
- searxng
tmpfs:
- /var/lib/redis
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
- DAC_OVERRIDE
searxng:
restart: unless-stopped
container_name: searxng
image: searxng/searxng:latest
networks:
- searxng
ports:
- "127.0.0.1:8081:8080"
volumes:
- ./searxng:/etc/searxng:rw
- ./extras.conf:/etc/searxng/settings.yml:rw
environment:
- SEARXNG_BASE_URL=https://search.{{inventory_hostname}}.projectsegfau.lt/
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- DAC_OVERRIDE
logging:
driver: "json-file"
options:
max-size: "1m"
max-file: "1"
networks:
searxng:
ipam:
driver: default

168
privfrontends/compose/searxng/extras.conf.j2 Normal file
View File

@@ -0,0 +1,168 @@
use_default_settings: true
general:
debug: false
instance_name: "SearXNG | Project Segfault"
privacypolicy_url: https://projectsegfau.lt/legal/privacy-policy
donation_url: https://projectsegfau.lt/donate
contact_url: https://projectsegfau.lt/contact
enable_metrics: true
server:
# base_url is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml
secret_key: "{{searxng_secret_key}}" # change this!
limiter: false # can be disabled for a private instance
image_proxy: true
method: "GET"
ui:
static_use_hash: false
query_in_title: true
infinite_scroll: true
default_theme: simple
center_alignment: true
default_locale: "en"
results_on_new_tab: true
theme_args:
simple_style: auto
redis:
url: redis://redis:6379/0
search:
# Filter results. 0: None, 1: Moderate, 2: Strict
safe_search: 1
# Default search language - leave blank to detect from browser information or
# use codes from 'languages.py'
default_lang: "en"
# ban time in seconds after engine errors
ban_time_on_fail: 5
# max ban time in seconds after engine errors
max_ban_time_on_fail: 120
suspended_times:
# Engine suspension time after error (in seconds; set to 0 to disable)
# For error "Access denied" and "HTTP error [402, 403]"
SearxEngineAccessDenied: 86400
# For error "CAPTCHA"
SearxEngineCaptcha: 86400
# For error "Too many request" and "HTTP error 429"
SearxEngineTooManyRequests: 3600
# Cloudflare CAPTCHA
cf_SearxEngineCaptcha: 1296000
cf_SearxEngineAccessDenied: 86400
# ReCAPTCHA
recaptcha_SearxEngineCaptcha: 604800
formats:
- html
- csv
- json
- rss
outgoing:
enable_http2: true
enabled_plugins:
- 'Hash plugin'
- 'Self Information'
- 'Tracker URL remover'
- 'Open Access DOI rewrite'
- 'Vim-like hotkeys'
- 'Tor check plugin'
- 'Search on category select'
engines:
- name: google
use_mobile_ui: true
disabled: false
- name: bing
engine: bing
shortcut: bi
disabled: false
- name: duckduckgo
engine: duckduckgo
shortcut: ddg
disabled: true # DDG is useless since it just scrapes bing for results anyway
- name: wikiquote
engine: mediawiki
shortcut: wq
categories: general
base_url: "https://{language}.wikiquote.org/"
number_of_results: 5
search_type: text
about:
website: https://www.wikiquote.org/
wikidata_id: Q369
disabled: false
- name: brave
shortcut: brave
engine: xpath
paging: true
time_range_support: true
first_page_num: 0
time_range_url: "&tf={time_range_val}"
search_url: https://search.brave.com/search?q={query}&offset={pageno}&spellcheck=1{time_range}
url_xpath: //a[@class="result-header"]/@href
title_xpath: //span[@class="snippet-title"]
content_xpath: //p[1][@class="snippet-description"]
suggestion_xpath: //div[@class="text-gray h6"]/a
time_range_map:
day: 'pd'
week: 'pw'
month: 'pm'
year: 'py'
categories: [general, web]
headers:
Accept-Encoding: gzip, deflate
about:
website: https://brave.com/search/
wikidata_id: Q107355971
use_official_api: false
require_api_key: false
results: HTML
disabled: false
- name: codeberg
engine: json_engine
search_url: https://codeberg.org/api/v1/repos/search?q={query}&limit=10
url_query: html_url
title_query: name
content_query: description
categories: [it, repos]
shortcut: cb
about:
website: https://codeberg.org/
wikidata_id:
official_api_documentation: https://try.gitea.io/api/swagger
use_official_api: false
require_api_key: false
results: JSON
disabled: false
- name: gitlab
engine: json_engine
paging: true
search_url: https://gitlab.com/api/v4/projects?search={query}&page={pageno}
url_query: web_url
title_query: name_with_namespace
content_query: description
page_size: 20
categories: [it, repos]
shortcut: gl
timeout: 10.0
about:
website: https://about.gitlab.com/
wikidata_id: Q16639197
official_api_documentation: https://docs.gitlab.com/ee/api/
use_official_api: false
require_api_key: false
results: JSON
disabled: false
- name: sourcehut
shortcut: srht
engine: xpath
paging: true
search_url: https://sr.ht/projects?page={pageno}&search={query}
results_xpath: (//div[@class="event-list"])[1]/div[@class="event"]
url_xpath: ./h4/a[2]/@href
title_xpath: ./h4/a[2]
content_xpath: ./p
first_page_num: 1
categories: [it, repos]
disabled: false
about:
website: https://sr.ht
wikidata_id: Q78514485
official_api_documentation: https://man.sr.ht/
use_official_api: false
require_api_key: false
results: HTML

15
privfrontends/compose/watchtower/compose.yml.j2 Normal file
View File

@@ -0,0 +1,15 @@
version: 2
services:
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- TZ=Europe/Paris
- WATCHTOWER_CLEANUP=false
- DOCKER_API_VERSION=1.42
- WATCHTOWER_INCLUDE_STOPPED=false
- WATCHTOWER_POLL_INTERVAL=3600
- WATCHTOWER_MONITOR_ONLY=false
- WATCHTOWER_NOTIFICATION_URL=matrix://{{watchtower_mtrx_username}}:{{watchtower_mtrx_pass}}@matrix.projectsegfau.lt/
restart: unless-stopped

6
privfrontends/docker-tasks.yaml
View File

@@ -1,17 +1,17 @@
---
- name: Copy docker-compose templates for the service
template:
src: ../compose/{{item}}/compose.yml.j2
src: ./compose/{{item}}/compose.yml.j2
dest: /opt/docker/{{item}}/compose.yml
backup: yes
register: check_status
- name: check if extras file exists for the service
local_action: stat path=../compose/{{item}}/extras.conf.j2
local_action: stat path=./compose/{{item}}/extras.conf.j2
register: file
- name: Copy extras file
template:
src: ../compose/{{item}}/extras.conf.j2
src: ./compose/{{item}}/extras.conf.j2
dest: /opt/docker/{{item}}/extras.conf
backup: yes
when: file.stat.exists

8
privfrontends/playbook.yaml
View File

@@ -4,7 +4,7 @@
roles:
- role: caddy_ansible.caddy_ansible
caddy_systemd_capabilities_enabled: true
caddy_config: "{{ lookup('template', '../templates/Caddyfile.j2') }}"
caddy_config: "{{ lookup('template', './templates/Caddyfile.j2') }}"
caddy_user: "caddy"
caddy_home: "/var/lib/caddy"
# Static weekly builds of caddy with rfc2136 dns plugin
@@ -12,8 +12,10 @@
tasks:
- name: Copy per-server caddy extras
copy:
src: "../{{ caddy_extras_config }}"
dest: /etc/caddy/extras.caddy
src: "./templates/{{ inventory_hostname }}/"
dest: /etc/caddy/
remote_src: true
directory_mode: true
- name: Setup docker compose for privacy frontends
hosts: privfrontends
vars:

272
privfrontends/templates/1-extras.Caddyfile
View File

@@ -1,272 +0,0 @@
## OLD URL REDIRECTS
invidious.mutahar.rocks {
redir https://inv.bp.projectsegfau.lt{uri} permanent
}
ferrit.projectsegfau.lt snooddit.projectsegfau.lt libreddit.mutahar.rocks {
redir https://libreddit.projectsegfau.lt{uri} permanent
}
lbry.mutahar.rocks {
redir https://lbry.projectsegfau.lt{uri} permanent
}
nitter.mutahar.rocks {
redir https://nitter.projectsegfau.lt{uri} permanent
}
#redir inv.bp.mutahar.rocks inv.bp.projectsegfau.lt permanent
#redir libreddit.mutahar.rocks libreddit.projectsegfau.lt permanent
#redir lbry.mutahar.rocks lbry.projectsegfau.lt permanent
#redir nitter.mutahar.rocks nitter.projectsegfau.lt permanent
arya.projectsegfau.lt aryak.me {
reverse_proxy https://arya.p.projectsegfau.lt {
header_up Host arya.p.projectsegfau.lt
}
}
gothub.dev.projectsegfau.lt {
reverse_proxy localhost:1025
import def
import torloc gothub.dev
}
## PUBNIX
# Reverse proxy all user sites
*.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:80
import acmedns
}
# Redirect base subdomain to the pubnix homepage
p.projectsegfau.lt {
redir https://projectsegfau.lt/pubnix
}
# Cockpit
cockpit.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:9090 {
transport http {
tls_insecure_skip_verify
}
}
import def
import torloc cockpit.p
}
# PublAPI
publapi.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:3000
import def
}
grafana.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:6943 {
header_up X-Real-IP {remote_host}
}
import def
}
geminiproxy.projectsegfau.lt geminiproxy.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:8000
import def
import torloc geminiproxy.p
}
http://pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy https://projectsegfau.lt {
header_up Host "projectsegfau.lt"
}
import tor www
import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p
}
http://www.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy https://projectsegfau.lt {
header_up Host "projectsegfau.lt"
}
import tor www
import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p
}
# Privacy Frontends
http://scribe.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy localhost:8006
import tor scribe
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
}
http://nitter.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy localhost:8387
import tor nitter
import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p
}
http://lbry.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor lbry
import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p
reverse_proxy localhost:3550
}
http://libreddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor libreddit
import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p
reverse_proxy localhost:6464
}
http://breezewiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor breezewiki
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
reverse_proxy localhost:10416
}
http://beatbump.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor beatbump
import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p
reverse_proxy localhost:3069
}
http://invbp.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor invbp
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy localhost:3000
}
http://rimgo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor rimgo
reverse_proxy localhost:9016
}
http://teddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor teddit
reverse_proxy localhost:9061
}
http://overflow.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor overflow
reverse_proxy localhost:8694
}
http://gothub.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor gothub
reverse_proxy localhost:1024
}
http://gothub.dev.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor gothub.dev
reverse_proxy localhost:1025
}
http://inv.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor inv
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy https://invidious.projectsegfau.lt {
header_up Host "invidious.projectsegfau.lt"
}
}
http://search.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor search
import i2ploc pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p
reverse_proxy https://search.projectsegfau.lt {
header_up Host "search.projectsegfau.lt"
}
}
http://git.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor git
import i2ploc pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p
reverse_proxy https://git.projectsegfau.lt {
header_up Host "git.projectsegfau.lt"
}
}
http://todo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor todo
import i2ploc pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p
reverse_proxy https://todo.projectsegfau.lt {
header_up Host "todo.projectsegfau.lt"
}
}
http://wiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor wiki
reverse_proxy https://wiki.projectsegfau.lt {
header_up Host "wiki.projectsegfau.lt"
}
}
http://pass.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor pass
reverse_proxy https://pass.projectsegfau.lt {
header_up Host "pass.projectsegfau.lt"
}
}
# Pubnix
http://geminiproxy.p.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor geminiproxy.p
reverse_proxy https://geminiproxy.p.projectsegfau.lt {
header_up Host "geminiproxy.p.projectsegfau.lt"
}
}
http://cockpit.p.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor cockpit.p
reverse_proxy https://cockpit.p.projectsegfau.lt {
header_up Host "cockpit.p.projectsegfau.lt"
}
}
## I2P
## I2P
http://pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p:6001 {
reverse_proxy https://projectsegfau.lt {
header_up Host "projectsegfau.lt"
}
import tor www
import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p
}
http://pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p:6008 {
reverse_proxy localhost:8006
import tor scribe
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
}
http://pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p:6005 {
reverse_proxy localhost:8387
import tor nitter
import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p
}
http://pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p:6003 {
import tor lbry
import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p
reverse_proxy localhost:3550
}
http://pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p:6004 {
import tor libreddit
import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p
reverse_proxy localhost:6464
}
http://pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p:6007 { # NW
import tor breezewiki
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
reverse_proxy localhost:10416
}
http://pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p:6006 {
import tor beatbump
import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p
reverse_proxy localhost:3069
}
http://pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p:6016 {
import tor invbp
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy localhost:3000
}
http://pjsf5ahv7ce67i5ic46ghum3scwatrsyac5i6aa5bynvnnlmpzfa.b32.i2p:6017 {
import tor rimgo
import i2ploc pjsf5ahv7ce67i5ic46ghum3scwatrsyac5i6aa5bynvnnlmpzfa.b32.i2p
reverse_proxy localhost:9016
}
http://pjsfa3dd7rxocfqanxenpop2uqfgpw4nevrmy424u5qwyasqdu6a.b32.i2p:6018 {
import tor teddit
import i2ploc pjsfa3dd7rxocfqanxenpop2uqfgpw4nevrmy424u5qwyasqdu6a.b32.i2p
reverse_proxy localhost:9061
}
http://pjsfhqamc7k6htnumrvn4cwqqdoggeepj7u5viyimgnxg3gar72q.b32.i2p:6002 {
import tor inv
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy https://invidious.projectsegfau.lt {
header_up Host "invidious.projectsegfau.lt"
}
}
http://pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p:6012 {
import tor search
import i2ploc pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p
reverse_proxy https://search.projectsegfau.lt {
header_up Host "search.projectsegfau.lt"
}
}
http://pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p:6013 {
import tor git
import i2ploc pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p
reverse_proxy https://git.projectsegfau.lt {
header_up Host "git.projectsegfau.lt"
}
}
http://pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p:6015 {
import i2ploc pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p
import tor todo
reverse_proxy https://todo.projectsegfau.lt {
header_up Host "todo.projectsegfau.lt"
}
}

4
privfrontends/templates/2-extras.Caddyfile
View File

@@ -1,4 +0,0 @@
fb.us.projectsegfau.lt {
import def
reverse_proxy :8065
}

157
privfrontends/templates/Caddyfile.j2
View File

@@ -24,7 +24,6 @@
dns rfc2136 {
key_name "dynupd"
key_alg "hmac-sha256"
# declared in secrets.en: https://aryak.me/blog/01-knot
key "{{ rfc2136_key }}"
server "107.189.12.96:53"
}
@@ -43,17 +42,24 @@
# clickjacking protection
X-Frame-Options SAMEORIGIN
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
defer
}
log {
output discard
format filter {
wrap console
fields {
request>remote_ip replace REDACTED
request>headers>X-Forwarded-For replace REDACTED
}
}
}
{% if inventory_hostname == 'in' %}
import acmedns
{% endif %}
}
{{inventory_hostname}}.projectsegfau.lt {% if inventory_hostname == 'eu' %} pizza1.projectsegfau.lt {% endif %} {
:80 {{inventory_hostname}}.projectsegfau.lt {% if inventory_hostname == 'eu' %} pizza1.projectsegfau.lt {% endif %} {
redir https://wiki.projectsegfau.lt/index.php?title={{wiki_page}}
}
cdn.projectsegfau.lt cdn.{{inventory_hostname}}.projectsegfau.lt {
@@ -80,6 +86,46 @@ inv.bp.projectsegfau.lt {
X-XSS-Protection "1; mode=block"
defer
}
log {
output discard
format filter {
wrap console
fields {
request>remote_ip replace REDACTED
request>headers>X-Forwarded-For replace REDACTED
}
}
}
import torloc invbp
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
}
i.bp.psf.lt {
reverse_proxy localhost:7573
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
-Content-Security-Policy
# enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
defer
}
log {
output discard
format filter {
wrap console
fields {
request>remote_ip replace REDACTED
request>headers>X-Forwarded-For replace REDACTED
}
}
}
import torloc invbp
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
@@ -105,6 +151,47 @@ inv.{{inventory_hostname}}.projectsegfau.lt {
X-XSS-Protection "1; mode=block"
defer
}
log {
output discard
format filter {
wrap console
fields {
request>remote_ip replace REDACTED
request>headers>X-Forwarded-For replace REDACTED
}
}
}
{% if inventory_hostname == 'in' %}
import acmedns
{% endif %}
}
i.{{inventory_hostname}}.psf.lt {
reverse_proxy localhost:7573
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
-Content-Security-Policy
# enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
defer
}
log {
output discard
format filter {
wrap console
fields {
request>remote_ip replace REDACTED
request>headers>X-Forwarded-For replace REDACTED
}
}
}
{% if inventory_hostname == 'in' %}
import acmedns
@@ -126,11 +213,51 @@ piped.{{inventory_hostname}}.projectsegfau.lt pipedproxy.{{inventory_hostname}}.
X-XSS-Protection "1; mode=block"
defer
}
log {
output discard
format filter {
wrap console
fields {
request>remote_ip replace REDACTED
request>headers>X-Forwarded-For replace REDACTED
}
}
}
{% if inventory_hostname == 'in' %}
import acmedns
{% endif %}
}
pi.{{inventory_hostname}}.psf.lt {
reverse_proxy :6970 {
header_up Host "piped.{{inventory_hostname}}.projectsegfau.lt"
}
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
defer
}
log {
output discard
format filter {
wrap console
fields {
request>remote_ip replace REDACTED
request>headers>X-Forwarded-For replace REDACTED
}
}
}
}
{% endif %}
lbry.{{inventory_hostname}}.projectsegfau.lt lbry.projectsegfau.lt {
reverse_proxy :7269
@@ -138,35 +265,35 @@ lbry.{{inventory_hostname}}.projectsegfau.lt lbry.projectsegfau.lt {
import torloc lbry
import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p
}
gothub.{{inventory_hostname}}.projectsegfau.lt gothub.projectsegfau.lt {
gothub.{{inventory_hostname}}.projectsegfau.lt gothub.projectsegfau.lt gh.psf.lt gh.{{inventory_hostname}}.psf.lt {
reverse_proxy :1024
import def
import torloc gothub
}
overflow.{{inventory_hostname}}.projectsegfau.lt overflow.projectsegfau.lt {
overflow.{{inventory_hostname}}.projectsegfau.lt overflow.projectsegfau.lt o.psf.lt o.{{inventory_hostname}}.psf.lt {
reverse_proxy :8694
import def
import torloc overflow
}
teddit.{{inventory_hostname}}.projectsegfau.lt teddit.projectsegfau.lt {
teddit.{{inventory_hostname}}.projectsegfau.lt teddit.projectsegfau.lt t.psf.lt t.{{inventory_hostname}}.psf.lt {
reverse_proxy :9061
import def
import torloc teddit
}
rimgo.{{inventory_hostname}}.projectsegfau.lt rimgo.projectsegfau.lt {
rimgo.{{inventory_hostname}}.projectsegfau.lt rimgo.projectsegfau.lt rg.psf.lt rg.{{inventory_hostname}}.psf.lt {
reverse_proxy :9016
import def
import torloc rimgo
}
libreddit.{{inventory_hostname}}.projectsegfau.lt libreddit.projectsegfau.lt {
libreddit.{{inventory_hostname}}.projectsegfau.lt libreddit.projectsegfau.lt lr.psf.lt lr.{{inventory_hostname}}.psf.lt {
reverse_proxy :6464
import def
import torloc libreddit
import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p
}
nitter.{{inventory_hostname}}.projectsegfau.lt nitter.projectsegfau.lt {
nitter.{{inventory_hostname}}.projectsegfau.lt nitter.projectsegfau.lt n.psf.lt n.{{inventory_hostname}}.psf.lt {
import def
header {
X-Permitted-Cross-Domain-Policies none
@@ -188,13 +315,13 @@ bb.{{inventory_hostname}}.projectsegfau.lt bb.projectsegfau.lt {
reverse_proxy :3069
}
bw.{{inventory_hostname}}.projectsegfau.lt bw.projectsegfau.lt {
bw.{{inventory_hostname}}.projectsegfau.lt bw.projectsegfau.lt bw.psf.lt bw.{{inventory_hostname}}.psf.lt {
import def
import torloc breezewiki
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
reverse_proxy :10416
}
scribe.{{inventory_hostname}}.projectsegfau.lt scribe.projectsegfau.lt {
scribe.{{inventory_hostname}}.projectsegfau.lt scribe.projectsegfau.lt sc.psf.lt sc.{{inventory_hostname}}.psf.lt {
import def
import torloc scribe
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
@@ -202,7 +329,7 @@ scribe.{{inventory_hostname}}.projectsegfau.lt scribe.projectsegfau.lt {
}
{% if inventory_hostname == 'eu' %}
{% else %}
search.{{inventory_hostname}}.projectsegfau.lt {
search.{{inventory_hostname}}.projectsegfau.lt s.psf.lt s.{{inventory_hostname}}.psf.lt {
import def
reverse_proxy :8081
@api {
@@ -265,4 +392,4 @@ search.{{inventory_hostname}}.projectsegfau.lt {
}
}
{% endif %}
include ./extras.caddy
include ./*.Caddyfile

110
privfrontends/templates/eu/darknet.Caddyfile Normal file
View File

@@ -0,0 +1,110 @@
http://pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p {
reverse_proxy https://projectsegfau.lt {
header_up Host "projectsegfau.lt"
}
import tor www
import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p
}
http://www.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p {
reverse_proxy https://projectsegfau.lt {
header_up Host "projectsegfau.lt"
}
import tor www
import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p
}
# Privacy Frontends
http://scribe.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p {
reverse_proxy localhost:8006
import tor scribe
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
}
http://nitter.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p {
reverse_proxy localhost:8387
import tor nitter
import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p
}
http://lbry.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p {
import tor lbry
import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p
reverse_proxy localhost:3550
}
http://libreddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p {
import tor libreddit
import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p
reverse_proxy localhost:6464
}
http://breezewiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p {
import tor breezewiki
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
reverse_proxy localhost:10416
}
http://beatbump.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p {
import tor beatbump
import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p
reverse_proxy localhost:3069
}
http://invbp.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p {
import tor invbp
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy localhost:3000
}
http://rimgo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor rimgo
reverse_proxy localhost:9016
}
http://teddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor teddit
reverse_proxy localhost:9061
}
http://overflow.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor overflow
reverse_proxy localhost:8694
}
http://gothub.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor gothub
reverse_proxy localhost:1024
}
http://gothub.dev.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor gothub.dev
reverse_proxy localhost:1025
}
http://inv.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p {
import tor inv
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy https://invidious.projectsegfau.lt {
header_up Host "invidious.projectsegfau.lt"
}
}
http://search.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p {
import tor search
import i2ploc pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p
reverse_proxy https://search.projectsegfau.lt {
header_up Host "search.projectsegfau.lt"
}
}
http://git.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p {
import tor git
import i2ploc pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p
reverse_proxy https://git.projectsegfau.lt {
header_up Host "git.projectsegfau.lt"
}
}
http://todo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p {
import tor todo
import i2ploc pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p
reverse_proxy https://todo.projectsegfau.lt {
header_up Host "todo.projectsegfau.lt"
}
}
http://wiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor wiki
reverse_proxy https://wiki.projectsegfau.lt {
header_up Host "wiki.projectsegfau.lt"
}
}
http://pass.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor pass
reverse_proxy https://pass.projectsegfau.lt {
header_up Host "pass.projectsegfau.lt"
}
}

30
privfrontends/templates/eu/misc.Caddyfile Normal file
View File

@@ -0,0 +1,30 @@
stats.eu.projectsegfau.lt {
import auth
reverse_proxy localhost:9100
import def
}
aryak.me {
reverse_proxy https://prox-arya.p.projectsegfau.lt {
header_up Host prox-arya.p.projectsegfau.lt
}
}
arya.projectsegfau.lt {
redir https://aryak.me{uri}
}
## OLD URL REDIRECTS
invidious.mutahar.rocks {
redir https://inv.bp.projectsegfau.lt{uri} permanent
}
ferrit.projectsegfau.lt snooddit.projectsegfau.lt libreddit.mutahar.rocks {
redir https://libreddit.projectsegfau.lt{uri} permanent
}
lbry.mutahar.rocks {
redir https://lbry.projectsegfau.lt{uri} permanent
}
nitter.mutahar.rocks {
redir https://nitter.projectsegfau.lt{uri} permanent
}
#redir inv.bp.mutahar.rocks inv.bp.projectsegfau.lt permanent
#redir libreddit.mutahar.rocks libreddit.projectsegfau.lt permanent
#redir lbry.mutahar.rocks lbry.projectsegfau.lt permanent
#redir nitter.mutahar.rocks nitter.projectsegfau.lt permanent

46
privfrontends/templates/eu/pubnix.Caddyfile Normal file
View File

@@ -0,0 +1,46 @@
# Reverse proxy all user sites
*.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:80
import acmedns
}
*.p.psf.lt {
@host header_regexp host Host ^([a-zA-Z0-9]+\-)?([A-Za-z0-9]+)\.p\.psf\.lt
handle @host {
reverse_proxy 10.7.0.2:80 {
header_up Host "{re.host.1}{re.host.2}.p.projectsegfau.lt"
}
}
import acmedns
}
# Redirect base subdomain to the pubnix homepage
p.projectsegfau.lt p.psf.lt {
redir https://projectsegfau.lt/pubnix
}
# Cockpit
cockpit.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:9090 {
transport http {
tls_insecure_skip_verify
}
}
import def
import torloc cockpit.p
}
# PublAPI
publapi.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:3000
import def
}
grafana.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:6943 {
header_up X-Real-IP {remote_host}
}
import def
}
geminiproxy.projectsegfau.lt geminiproxy.p.projectsegfau.lt gp.p.psf.lt {
reverse_proxy 10.7.0.2:8000
import def
import torloc geminiproxy.p
}

13
privfrontends/templates/3-extras.Caddyfile → privfrontends/templates/in/misc.Caddyfile
View File

@@ -3,6 +3,7 @@ bitpuit.in.projectsegfau.lt {
}
# PERSONAL
https://m.in.projectsegfau.lt:8448 m.in.projectsegfau.lt {
import def
reverse_proxy http://192.168.1.47:8008
}
files.perso.in.projectsegfau.lt files.perso.in.projectsegfau.lt:6942 {
@@ -18,12 +19,12 @@ tnfiles.perso.in.projectsegfau.lt {
root * /zfspool/files/tn-sw
}
discourse.tildevarsh.in {
reverse_proxy https://192.168.1.21:443 {
transport http {
tls_insecure_skip_verify
}
header_up X-Real-IP {remote_host}
}
reverse_proxy https://192.168.1.21:443 {
transport http {
tls_insecure_skip_verify
}
header_up X-Real-IP {remote_host}
}
}
jf.perso.in.projectsegfau.lt {
reverse_proxy 192.168.1.20:8096

11
privfrontends/templates/us/misc.Caddyfile Normal file
View File

@@ -0,0 +1,11 @@
stats.us.projectsegfau.lt {
basicauth * {
admin $2a$14$XhZ/Akcdk60yjMTKgYClr.sog.2B6WyECyc98lUJZp3diflifCR9O
}
reverse_proxy http://127.0.0.1:9100
import def
}
fb.us.projectsegfau.lt {
import def
reverse_proxy localhost:8065
}