diff --git a/all/playbook.yaml b/all/playbook.yaml index 09674db..9c435a4 100644 --- a/all/playbook.yaml +++ b/all/playbook.yaml @@ -120,21 +120,6 @@ state: "present" regexp: "^%sudo" line: "%sudo ALL=(ALL) NOPASSWD: ALL" -- name: Add extra authorized_key for soleil - hosts: soleil - vars: - users: - - arya - - mrlerien - - devrand - - midou - tasks: - - name: Add extra authorized_key for soleil - ansible.posix.authorized_key: - user: "{{ item }}" - key: "{{ corevm_ssh_key }}" - with_items: - - "{{ users }}" - name: Configure SSHD hosts: all tasks: diff --git a/cron/hourly-restarts.yaml b/cron/hourly-restarts.yaml index e9530a4..8e11231 100644 --- a/cron/hourly-restarts.yaml +++ b/cron/hourly-restarts.yaml @@ -1,33 +1,13 @@ --- - name: Hourly Restarts (ALL NODES) - hosts: docker,privfrontends + hosts: privfrontends vars: services: - invidious-invidious-1 - tasks: - - name: Do thing - ansible.builtin.command: docker restart {{ item }} - register: out - changed_when: out.rc != 0 - with_items: "{{ services }}" -- name: Hourly Restarts (SOLEIL+REST) - hosts: docker,us,in - vars: - services: - breezewiki - anonymousoverflow-anonymousoverflow-1 - simplytranslate-simplytranslate-1 - scribe - tasks: - - name: Do thing - ansible.builtin.command: docker restart {{ item }} - register: out - changed_when: out.rc != 0 - with_items: "{{ services }}" -- name: Hourly Restarts (PIZZA+REST) - hosts: privfrontends - vars: - services: - libreddit-libreddit-1 - teddit tasks: diff --git a/cron/prune.yaml b/cron/prune.yaml index ae1f02d..cdc768f 100644 --- a/cron/prune.yaml +++ b/cron/prune.yaml @@ -1,6 +1,6 @@ --- - name: Docker Prunes (Daily Cron) - hosts: docker,backwards,eu,us,in + hosts: privfrontends tasks: - name: Do thing community.docker.docker_prune: diff --git a/host_vars/docker/privfrontends_secrets.yaml b/host_vars/docker/privfrontends_secrets.yaml deleted file mode 100644 index dab4a57..0000000 --- a/host_vars/docker/privfrontends_secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -36323339616139653231363637313635346361663831656537353462313563633963383465353564 -6539633632313264643239633632333065653837396336610a313836363832646337643739383039 -65316662363861653738663361353739306538376632333431353932626361316665323161333665 -3065396561616463630a366530613530316161323836323334366635343839306636363837643466 -61373733383764333364393938323764613065383662353034666139373133386166353062326534 -30636236323037396535313133666364636163353165346638353661623731373338323232313065 -62313865396433336364393536366537643338303335343830623034656236616465303164613962 -65303639333461656331353636343735373965656665666634393933336333373735636165343164 -36663765306239663866656661363935666661366536306331313962376330313965306336616337 -32626566393166383934386264356631653430626533356263623861643765373633333938393934 -35333238303335656562616336653066383163646665666465623139333333396538663834316463 -32663532376165336366346336306262623637386161623937633431306235656431633366343163 -33313465643730393033386532636136623033333735643638383564393330623663396361633932 -66343063636132333639383931396433383635356564386639643739623632346237313363383261 -37643162326165313435626165623634653730333664326665386362646364316461326630623266 -30353038623137373161623661316535626462663636323165393033653266643332383862323865 -3431 diff --git a/host_vars/eu/privfrontends_secrets.yaml b/host_vars/eu/privfrontends_secrets.yaml index 7a0081a..4ace20e 100644 --- a/host_vars/eu/privfrontends_secrets.yaml +++ b/host_vars/eu/privfrontends_secrets.yaml @@ -1,17 +1,29 @@ $ANSIBLE_VAULT;1.1;AES256 -31383035323330343562373837366530633935626131633737646633663838633463623465623465 -3535336536613038643534383537663866346364646365380a303939323038363036306535393033 -33363439636337386437306536316663646235643430633236353935363838663264366362613463 -6334663732663730610a306261626334636538363363643062643438373031366532616635613730 -32626636373834613665626437653930336636323266393932616631363334316434313333353239 -34663864666631303336346539303864303234353231343561653535303132366234323731623230 -31656362303362653332303064396633383265323033386264613861663762386139393161666664 -36393137323838653439626261373465333330383436616663303165353438343363393364393130 -63376635633238336337643866303633666434383437646331333235376136313062663633396662 -35323363306434363961646437646433326133346361363461316462326633366139623839366631 -63353334366566303163633237366463356530323761373264333261386166346465303936316630 -63353963383032346432373332363835346462313661396664336233356434373730363337663631 -32383632666435326138646235316538663766383236313737633536663434616361663138333164 -33623939643261353437336265633966353466313734653639396532363764653662343463643032 -33376166656366396136363438383832323933366236343437333137313334336566323932336333 -31343537356663326433 +64316635633137373166393430313734343565663930323062343462646664323332343734326663 +6635316238646330623866323131373139656436383062610a653664373465623630346530643765 +37323033333831356536343139623730396633633161656561643265343630356465323132636237 +6563333466353339390a353036333435633665366563643837303732643163376333333633626131 +64356139356438386637316635636336653432653135623036653861333264626635633335323433 +65386630396435326132396235623730316664376239363961383534353562656235313061313831 +35366432656136306331613836303837646131653135666134386635363864653338323436323734 +30343965303762313835326565636333366430353232336564616261393937336634326464633236 +66663535613433383537613766333765393966306663383831313539396533336638616130333365 +63633465626435386236336464636664356462393235316330623061333131303735653762326636 +61613730626339396236656536353664656361626131303266646666316231373835333963666231 +35353337373266653563613436383032643734333833626462353330616262633336643264386364 +32643539663733376163343166353930366132663364326236383762356161643530613162306136 +64656538303761613361323137643364373239373132333465303632313032316562663761303732 +33306165363635646131323364386263663264353837366535363136376637376463303761373435 +66333635643139356435366433326635613431353930373933393034323266393634623436393332 +36336339303838363438336437396464343062303333363536636138336465356363366462653839 +36396635306631323661623338313564656138363135306563663566373530376561363931366335 +61326264386663643637616230363565333430396336646662376665376566336361613339666537 +32393761303732663464326365646631333930363234623833666132386261396134396332356634 +37376532336332666465343034376261623435326331383530376538306632343430616164653338 +31333231313961643061393163376462346332363633653133343630366632346566373162356637 +38333134383632346330613163323934333364616536663464663431373265623835316434653361 +61653232643236653737663963396333353138316661376437623563663661313661396235313935 +61316363323366633038663139633932353365316434393462623135393631653862323735653963 +32343139326635323938666332646463346636343562323566653633656334363831353464333063 +32323638386139623062393836343336636635363836343137356331386665303564666438333334 +66653934313837393932 diff --git a/inventory.yml b/inventory.yml index 5550e5c..efff9ab 100644 --- a/inventory.yml +++ b/inventory.yml @@ -1,38 +1,5 @@ all: children: - soleil: - hosts: - core: - ansible_host: core.vpn.projectsegfau.lt - ansible_user: ansiblerunner - ansible_port: 22 - port: 22 - ansible_become: true # Run everything as root - wiki_page: Soleil_Levant - server_prefix: eu - docker: - ansible_host: docker.vpn.projectsegfau.lt - ansible_user: ansiblerunner - ansible_port: 22 - port: 22 - docker_dir: /opt/docker-privfrontends - country: France - isp: Orange S.A. - wiki_page: Soleil_Levant - server_prefix: eu - ansible_become: true # Run everything as root - db: - ansible_host: db.vpn.projectsegfau.lt - ansible_user: ansiblerunner - ansible_port: 22 - port: 22 - ansible_become: true # Run everything as root - backwards: - ansible_host: backwards.vpn.projectsegfau.lt - ansible_user: ansiblerunner - ansible_port: 22 - port: 22 - ansible_become: true # Run everything as root privfrontends: hosts: eu: diff --git a/privfrontends/caddy-update.yaml b/privfrontends/caddy-update.yaml index 935282d..906556e 100644 --- a/privfrontends/caddy-update.yaml +++ b/privfrontends/caddy-update.yaml @@ -1,6 +1,6 @@ --- - name: Setup Caddy - hosts: core,privfrontends + hosts: privfrontends roles: - role: caddy-ansible caddy_systemd_capabilities_enabled: true diff --git a/privfrontends/docker-tasks.yaml b/privfrontends/docker-tasks.yaml index 9562bc8..a6ab9d9 100644 --- a/privfrontends/docker-tasks.yaml +++ b/privfrontends/docker-tasks.yaml @@ -4,7 +4,7 @@ path: "{{ docker_dir }}/{{ item }}" state: directory mode: "0755" - tags: docker,soleil,pizza + tags: docker,pizza - name: Copy docker-compose templates for the {{item}} ansible.builtin.template: @@ -13,14 +13,14 @@ backup: true mode: preserve register: check_status - tags: docker,soleil,pizza + tags: docker,pizza - name: Check if extras file exists for the {{item}} delegate_to: localhost ansible.builtin.stat: path: ./compose/{{ item }}/extras.conf.j2 register: file - tags: docker,soleil,pizza + tags: docker,pizza - name: Copy extras file ansible.builtin.template: @@ -29,7 +29,7 @@ backup: true mode: preserve when: file.stat.exists - tags: docker,soleil,pizza + tags: docker,pizza - name: "Update docker {{item}} image" ansible.builtin.command: @@ -38,7 +38,7 @@ when: check_status.changed register: updateout changed_when: updateout.rc != 0 - tags: docker,soleil,pizza + tags: docker,pizza - name: "Stop docker {{item}}" ansible.builtin.command: @@ -47,7 +47,7 @@ when: check_status.changed register: stopout changed_when: stopout.rc != 0 - tags: docker,soleil,pizza + tags: docker,pizza - name: "Start docker {{item}}" ansible.builtin.command: @@ -56,4 +56,4 @@ when: check_status.changed register: startout changed_when: startout.rc != 0 - tags: docker,soleil,pizza + tags: docker,pizza diff --git a/privfrontends/playbook.yaml b/privfrontends/playbook.yaml index 9f05db1..6a462fc 100644 --- a/privfrontends/playbook.yaml +++ b/privfrontends/playbook.yaml @@ -1,6 +1,6 @@ --- - name: Setup Caddy - hosts: privfrontends,core + hosts: privfrontends tasks: - name: Copy Caddyfile ansible.builtin.template: @@ -30,17 +30,6 @@ - nitter - teddit - watchtower - tasks: - # community.docker does not support compose 2.0 right now. - # https://github.com/ansible-collections/community.docker/issues/216 - - name: Update docker compose files and restart those with changes - ansible.builtin.include_tasks: docker-tasks.yaml - with_items: "{{ docker_services }}" - tags: docker,pizza -- name: Setup docker compose for privacy frontends (soleil+normal) - hosts: in,us,docker - vars: - non_pizza_docker_services: - anonymousoverflow - breezewiki - gothub @@ -54,7 +43,7 @@ tasks: # community.docker does not support compose 2.0 right now. # https://github.com/ansible-collections/community.docker/issues/216 - - name: Update docker compose files and restart those with changes (Privacy Frontends but without Pizza1) + - name: Update docker compose files and restart those with changes ansible.builtin.include_tasks: docker-tasks.yaml - with_items: "{{ non_pizza_docker_services }}" - tags: docker,soleil + with_items: "{{ docker_services }}" + tags: docker,pizza diff --git a/privfrontends/templates/Caddyfile.j2 b/privfrontends/templates/Caddyfile.j2 index cd101af..305ba23 100644 --- a/privfrontends/templates/Caddyfile.j2 +++ b/privfrontends/templates/Caddyfile.j2 @@ -61,11 +61,9 @@ import ./*.Caddyfile -{{ inventory_hostname }}.projectsegfau.lt {% if inventory_hostname == 'eu' %} pizza1.projectsegfau.lt {% endif %} {% if inventory_hostname == 'core' %} soleil.projectsegfau.lt {% endif %} { +{{ inventory_hostname }}.projectsegfau.lt {% if inventory_hostname == 'eu' %} pizza1.projectsegfau.lt {% endif %} { redir https://wiki.projectsegfau.lt/index.php?title={{ wiki_page }} } -# PIZZA + US + IN -{% if inventory_hostname == 'eu' or inventory_hostname == 'us' or inventory_hostname == 'in' %} cdn.projectsegfau.lt cdn.{{ server_prefix }}.projectsegfau.lt { encode zstd gzip root * /var/cdn @@ -117,11 +115,8 @@ teddit.{{ server_prefix }}.projectsegfau.lt teddit.projectsegfau.lt t.psf.lt t.{ import def import torloc teddit } -{% endif %} -# SOLEIL + US + IN -{% if inventory_hostname == 'core' or inventory_hostname == 'us' or inventory_hostname == 'in' %} inv.{{ server_prefix }}.projectsegfau.lt inv.projectsegfau.lt invidious.projectsegfau.lt i.{{ server_prefix }}.psf.lt i.psf.lt { - reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:7573 + reverse_proxy :7573 header { # disable FLoC tracking Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()"; @@ -148,17 +143,17 @@ inv.{{ server_prefix }}.projectsegfau.lt inv.projectsegfau.lt invidious.projects {% endif %} } gothub.{{ server_prefix }}.projectsegfau.lt gothub.projectsegfau.lt gh.psf.lt gh.{{ server_prefix }}.psf.lt { - reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:1024 + reverse_proxy :1024 import def import torloc gothub } overflow.{{ server_prefix }}.projectsegfau.lt overflow.projectsegfau.lt o.psf.lt o.{{ server_prefix }}.psf.lt { - reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8694 + reverse_proxy :8694 import def import torloc overflow } rimgo.{{ server_prefix }}.projectsegfau.lt rimgo.projectsegfau.lt rg.psf.lt rg.{{ server_prefix }}.psf.lt { - reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:9016 + reverse_proxy :9016 import def import torloc rimgo } @@ -166,38 +161,38 @@ bw.{{ server_prefix }}.projectsegfau.lt bw.projectsegfau.lt bw.psf.lt bw.{{ serv import def import torloc breezewiki import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p - reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:10416 + reverse_proxy :10416 } scribe.{{ server_prefix }}.projectsegfau.lt scribe.projectsegfau.lt sc.psf.lt sc.{{ server_prefix }}.psf.lt { import def import torloc scribe import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p - reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8006 + reverse_proxy :8006 } translate.{{ server_prefix }}.projectsegfau.lt translate.projectsegfau.lt tl.psf.lt tl.{{ server_prefix }}.psf.lt { import def - reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:5046 + reverse_proxy :5046 import torloc translate } safetwitch.{{ server_prefix }}.projectsegfau.lt safetwitch.projectsegfau.lt tw.psf.lt tw.{{ server_prefix }}.psf.lt { import def - reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:5070 + reverse_proxy :5070 import torloc safetwitch } api.safetwitch.{{ server_prefix }}.projectsegfau.lt { - reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:5071 + reverse_proxy :5071 } hyperpipe.{{ server_prefix }}.projectsegfau.lt hyperpipe.projectsegfau.lt hp.psf.lt hp.{{ server_prefix }}.psf.lt { import def - reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8843 + reverse_proxy :8843 } hyperpipebackend.{{ server_prefix }}.projectsegfau.lt { - reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:3536 + reverse_proxy :3536 } search.{{ server_prefix }}.projectsegfau.lt search.projectsegfau.lt s.psf.lt s.{{ server_prefix }}.psf.lt { import def import torloc search - reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8081 + reverse_proxy :8081 @api { path /config path /healthz @@ -258,7 +253,7 @@ search.{{ server_prefix }}.projectsegfau.lt search.projectsegfau.lt s.psf.lt s.{ } } {% if server_prefix == 'eu' %}piped.projectsegfau.lt proxy.piped.projectsegfau.lt api.piped.projectsegfau.lt {%else%} piped.{{ server_prefix }}.projectsegfau.lt pipedproxy.{{ server_prefix }}.projectsegfau.lt pipedapi.{{ server_prefix }}.projectsegfau.lt {%endif%} { - reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:6970 + reverse_proxy :6970 header { # disable FLoC tracking Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()"; @@ -283,7 +278,7 @@ search.{{ server_prefix }}.projectsegfau.lt search.projectsegfau.lt s.psf.lt s.{ {% endif %} } pi.{{ server_prefix }}.psf.lt pi.psf.lt { - reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:6970 { + reverse_proxy :6970 { header_up Host "{% if server_prefix == 'eu' %}piped.projectsegfau.lt{%else%}piped.{{ server_prefix }}.projectsegfau.lt{%endif%}" } header { @@ -306,4 +301,3 @@ pi.{{ server_prefix }}.psf.lt pi.psf.lt { } respond @badbots "Access to this route denied" 403 } -{% endif %} diff --git a/privfrontends/templates/core/internal.Caddyfile b/privfrontends/templates/core/internal.Caddyfile deleted file mode 100644 index 4ef5001..0000000 --- a/privfrontends/templates/core/internal.Caddyfile +++ /dev/null @@ -1,99 +0,0 @@ -# ---Internal Caddyfile--- - -# Authentik -sekuritee.projectsegfau.lt { - reverse_proxy https://192.168.5.2:7443 { - transport http { - tls_insecure_skip_verify - } - header_up X-Real-IP {remote_host} - } - import def -} - -# MailU -mail.projectsegfau.lt { - import def - reverse_proxy 192.168.5.5:8082 -} - -# Plausible -analytics.projectsegfau.lt { - reverse_proxy 192.168.5.2:8001 - import def -} - -# Website dev -web.dev.projectsegfau.lt { - reverse_proxy 192.168.5.2:1339 - import def -} - -blog.projectsegfau.lt { - reverse_proxy 192.168.5.2:2368 { - header_up X-Forwarded-Proto https - header_up X-Real-IP {remote_host} - } - import def -} - -# Midou PersoVM -matrix.midou.dev { - reverse_proxy /_matrix/* 192.168.5.6:8008 - import def -} - -file.midou.dev { - reverse_proxy 192.168.5.6:8080 - import def -} - -c.midou.dev { - reverse_proxy 192.168.5.6:8978 - import def -} - -rss.midou.dev { - reverse_proxy 192.168.5.6:3002 - import def -} - -sub.midou.dev { - reverse_proxy 192.168.5.6:8480 - import def -} - -qb.midou.dev { - reverse_proxy 192.168.5.6:8182 - import def -} - -slsk.midou.dev { - reverse_proxy 192.168.5.6:8283 - import def -} - -# Headscale (tailscale control server) -hs.projectsegfau.lt { - reverse_proxy /web* https://192.168.5.5:9443 { - transport http { - tls_insecure_skip_verify - } - } - reverse_proxy * 192.168.5.5:8089 -} - -# Caddy daily build (for ansible) -cb.projectsegfau.lt { - root * /var/www/caddy-build - file_server browse - encode gzip -} -# GotHub -docs.gothub.app { - redir https://gothub.app/docs{uri} -} -# OLD URLs -http://mutahar.rocks, http://*.mutahar.rocks { - redir https://projectsegfau.lt -} diff --git a/privfrontends/templates/core/apps.Caddyfile b/privfrontends/templates/in/apps.Caddyfile similarity index 73% rename from privfrontends/templates/core/apps.Caddyfile rename to privfrontends/templates/in/apps.Caddyfile index 1f99a35..b59d44d 100644 --- a/privfrontends/templates/core/apps.Caddyfile +++ b/privfrontends/templates/in/apps.Caddyfile @@ -7,7 +7,7 @@ social.projectsegfau.lt { # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only # and `localhost.` resolves to [::0] on some systems: see issue #930 - reverse_proxy 192.168.5.2:4011 + reverse_proxy 192.168.1.5:4011 handle /media/* { redir https://media.social.projectsegfau.lt{uri} permanent @@ -23,7 +23,7 @@ social.projectsegfau.lt { # And https://gleasonator.com/notice/AW3PsTi4WCWEUbN0uO media.social.projectsegfau.lt { handle /media/* { - reverse_proxy 192.168.5.2:4011 { + reverse_proxy 192.168.1.5:4011 { transport http { response_header_timeout 10s read_timeout 15s @@ -32,7 +32,7 @@ media.social.projectsegfau.lt { } handle /proxy/* { - reverse_proxy 192.168.5.2:4011 { + reverse_proxy 192.168.1.5:4011 { transport http { response_header_timeout 10s read_timeout 15s @@ -43,29 +43,29 @@ media.social.projectsegfau.lt { # Cinny cinny.projectsegfau.lt cy.psf.lt { - reverse_proxy 192.168.5.2:3069 + reverse_proxy :3069 import def } # Website projectsegfau.lt { - reverse_proxy 192.168.5.2:1337 + reverse_proxy :1337 import def - reverse_proxy /_matrix/* 192.168.5.2:8449 { + reverse_proxy /_matrix/* 192.168.1.5:8449 { header_up Host "matrix.projectsegfau.lt" } - reverse_proxy /_matrix/client/* 192.168.5.2:81 { + reverse_proxy /_matrix/client/* 192.168.1.5:81 { header_up Host "matrix.projectsegfau.lt" } - reverse_proxy /_synapse/* 192.168.5.2:81 { + reverse_proxy /_synapse/* 192.168.1.5:81 { header_up Host "matrix.projectsegfau.lt" } - reverse_proxy /.well-known/acme-challenge/* 192.168.5.5:5380 - reverse_proxy /converse 192.168.5.5:5280 - reverse_proxy /converseemojis.js 192.168.5.5:5280 - reverse_proxy /converse/* 192.168.5.5:5280 - reverse_proxy /bosh 192.168.5.5:5280 - reverse_proxy /ws 192.168.5.5:5280 + reverse_proxy /.well-known/acme-challenge/* 192.168.1.5:5380 + reverse_proxy /converse 192.168.1.5:5280 + reverse_proxy /converseemojis.js 192.168.1.5:5280 + reverse_proxy /converse/* 192.168.1.5:5280 + reverse_proxy /bosh 192.168.1.5:5280 + reverse_proxy /ws 192.168.1.5:5280 header /.well-known/matrix/* Content-Type application/json header /.well-known/matrix/* Access-Control-Allow-Origin * handle_path /.well-known/* { @@ -79,18 +79,19 @@ projectsegfau.lt { import torloc www } psf.lt { - reverse_proxy 192.168.5.2:1337 + reverse_proxy :1337 import def import torloc www - header /.well-known/matrix/* Content-Type application/json - header /.well-known/matrix/* Access-Control-Allow-Origin * - handle_path /.well-known/* { - root * /var/www/psf-well-known - file_server - } +import acmedns + header /.well-known/matrix/* Content-Type application/json + header /.well-known/matrix/* Access-Control-Allow-Origin * + handle_path /.well-known/* { + root * /var/www/psf-well-known + file_server + } } ssync.projectsegfau.lt { - reverse_proxy 192.168.5.2:3333 + reverse_proxy 192.168.1.5:3333 import def } @@ -100,17 +101,17 @@ www.projectsegfau.lt www.psf.lt { } matrix.projectsegfau.lt { - reverse_proxy /_matrix/* 192.168.5.2:8449 { + reverse_proxy /_matrix/* 192.168.1.5:8449 { header_up Host "matrix.projectsegfau.lt" } - reverse_proxy /_matrix/client/* 192.168.5.2:81 { + reverse_proxy /_matrix/client/* 192.168.1.5:81 { header_up Host "matrix.projectsegfau.lt" } - reverse_proxy /_synapse/* 192.168.5.2:81 { + reverse_proxy /_synapse/* 192.168.1.5:81 { header_up Host "matrix.projectsegfau.lt" } import def - #reverse_proxy /_synapse/client/* 192.168.5.2:81 { + #reverse_proxy /_synapse/client/* 192.168.1.5:81 { # header_up Host "matrix.projectsegfau.lt" #} handle_path / { @@ -118,21 +119,15 @@ matrix.projectsegfau.lt { } } -# Directus -cms.projectsegfau.lt { - reverse_proxy 192.168.5.2:9456 - import def -} - # Element chat.projectsegfau.lt el.psf.lt { - reverse_proxy 192.168.5.2:3070 + reverse_proxy :3070 import def } # Gitea git.projectsegfau.lt { - reverse_proxy 192.168.5.5:3444 + reverse_proxy :3444 respond /metrics 403 import def request_body { @@ -144,7 +139,7 @@ git.projectsegfau.lt { import torloc git } git.psf.lt { - reverse_proxy 192.168.5.5:3444 { + reverse_proxy :3444 { header_up Host "git.projectsegfau.lt" } respond /metrics 403 @@ -159,7 +154,7 @@ git.psf.lt { } # HedgeDoc doc.projectsegfau.lt { - reverse_proxy 192.168.5.2:2069 { + reverse_proxy :2069 { header_up X-Real-IP {remote_host} } import def @@ -167,30 +162,30 @@ doc.projectsegfau.lt { # Hydrogen h2.projectsegfau.lt, hydrogen.projectsegfau.lt, h2.psf.lt { - reverse_proxy 192.168.5.2:3071 + reverse_proxy :3071 import def } # Jitsi jitsi.projectsegfau.lt { - reverse_proxy 192.168.5.5:8000 { + reverse_proxy :8000 { header_up X-Real-IP {remote_host} } } # Excalidraw backend for jitsi excalidraw.projectsegfau.lt { - reverse_proxy 192.168.5.5:8694 + reverse_proxy :8694 } # Maubot mau.projectsegfau.lt { - reverse_proxy 192.168.5.2:29316 + reverse_proxy :29316 import def } # MediaWiki wiki.projectsegfau.lt w.psf.lt { - reverse_proxy 192.168.5.2:8000 { + reverse_proxy 10.0.3.39:80 { header_up X-Real-IP {remote_host} } import def @@ -200,18 +195,18 @@ wiki.projectsegfau.lt w.psf.lt { # Vikunja todo.projectsegfau.lt vi.psf.lt { - reverse_proxy 192.168.5.2:3456 + reverse_proxy :3456 import def import torloc todo } # Vaultwarden pass.projectsegfau.lt vw.psf.lt { - reverse_proxy 192.168.5.2:6980 { + reverse_proxy :6980 { header_up X-Real-IP {remote_host} } import def - reverse_proxy /notifications/hub 192.168.5.2:3012 { + reverse_proxy /notifications/hub :3012 { header_up X-Real-IP {remote_host} } import torloc pass @@ -219,10 +214,10 @@ pass.projectsegfau.lt vw.psf.lt { # XMPP xmpp.projectsegfau.lt, conference.projectsegfau.lt, proxy.projectsegfau.lt, pubsub.projectsegfau.lt, upload.projectsegfau.lt { - reverse_proxy 192.168.5.5:5280 { + reverse_proxy 192.168.1.5:5280 { header_up X-Real-IP {remote_host} } - reverse_proxy /.well-known/acme-challenge/* 192.168.5.5:5380 + reverse_proxy /.well-known/acme-challenge/* 192.168.1.5:5380 @register { path /new/ path /change_password/ @@ -247,16 +242,16 @@ xmpp.projectsegfau.lt, conference.projectsegfau.lt, proxy.projectsegfau.lt, pubs } xmpp-web.projectsegfau.lt, x.psf.lt { import def - reverse_proxy 192.168.5.2:3072 + reverse_proxy :3072 } healthchecks.projectsegfau.lt, hc.psf.lt { import def - reverse_proxy 192.168.5.2:8450 + reverse_proxy :8450 import torloc healthchecks } # Pubthentik auth.p.projectsegfau.lt { - reverse_proxy 192.168.5.2:7444 { + reverse_proxy :7444 { transport http { tls_insecure_skip_verify } @@ -266,17 +261,13 @@ auth.p.projectsegfau.lt { } # kbin kbin.projectsegfau.lt, kb.psf.lt { - reverse_proxy 192.168.5.2:80 { + reverse_proxy 192.168.1.5:8014 { header_up X-Real-IP {remote_host} } import def } -libretranslate.projectsegfau.lt lt.psf.lt { - reverse_proxy 192.168.5.2:5005 - import def -} gothub.dev.projectsegfau.lt gh.dev.psf.lt { - reverse_proxy 192.168.5.2:1025 + reverse_proxy :1025 import def import torloc gothub.dev } diff --git a/privfrontends/templates/in/internal.Caddyfile b/privfrontends/templates/in/internal.Caddyfile new file mode 100644 index 0000000..417cb3f --- /dev/null +++ b/privfrontends/templates/in/internal.Caddyfile @@ -0,0 +1,95 @@ +# ---Internal Caddyfile--- + +# MailU +mail.projectsegfau.lt { + import def + reverse_proxy :8082 +} + +# Plausible +analytics.projectsegfau.lt { + reverse_proxy :8001 + import def +} + +# Website dev +web.dev.projectsegfau.lt { + reverse_proxy :1339 + import def +} + +blog.projectsegfau.lt { + reverse_proxy :2368 { + header_up X-Forwarded-Proto https + header_up X-Real-IP {remote_host} + } + import def +} + +# Headscale (tailscale control server) +hs.projectsegfau.lt { + reverse_proxy /web* https://:9443 { + transport http { + tls_insecure_skip_verify + } + } + reverse_proxy * :8089 +} + +# Caddy daily build (for ansible) +cb.projectsegfau.lt { + root * /var/www/caddy-build + file_server browse + encode gzip +} + +# GotHub +docs.gothub.app { + redir https://gothub.app/docs{uri} +} +# OLD URLs +http://mutahar.rocks, http://*.mutahar.rocks { + redir https://projectsegfau.lt +} + +synapseadmin.vpn.projectsegfau.lt s.v.psf.lt { + import acmedns + reverse_proxy :8420 +} + +bitpuit.vpn.projectsegfau.lt b.v.psf.lt { + import acmedns + reverse_proxy https://192.168.1.2:8006 { + transport http { + tls_insecure_skip_verify + } + } + import def +} + +bitpuit2.vpn.projectsegfau.lt b2.v.psf.lt { + import acmedns + reverse_proxy https://192.168.1.58:8006 { + transport http { + tls_insecure_skip_verify + } + } + import def +} + +ansible.vpn.projectsegfau.lt a.v.psf.lt { + import acmedns + reverse_proxy :3527 +} +grafana.vpn.projectsegfau.lt g.v.psf.lt { + import acmedns + reverse_proxy :3170 +} +prometheus.vpn.projectsegfau.lt { + import acmedns + reverse_proxy :9090 +} +rabbitmq.vpn.projectsegfau.lt rq.v.psf.lt { + import acmedns + reverse_proxy 192.168.1.5:15672 +} diff --git a/privfrontends/templates/in/misc.Caddyfile b/privfrontends/templates/in/misc.Caddyfile index 27b5d30..7f13c3f 100644 --- a/privfrontends/templates/in/misc.Caddyfile +++ b/privfrontends/templates/in/misc.Caddyfile @@ -1,6 +1,3 @@ -dd.psf.lt { - reverse_proxy :8008 -} # PERSONAL https://m.in.projectsegfau.lt:8448 m.in.projectsegfau.lt { import def @@ -18,19 +15,3 @@ tnfiles.perso.in.projectsegfau.lt { } root * /zfspool/files/tn-sw } -discourse.tildevarsh.in { - reverse_proxy https://192.168.1.21:443 { - transport http { - tls_insecure_skip_verify - } - header_up X-Real-IP {remote_host} - } -} -jf.perso.in.projectsegfau.lt { - reverse_proxy 192.168.1.20:8096 - import def -} -nc.perso.in.projectsegfau.lt { - reverse_proxy 192.168.1.20:80 - import def -}