ProjectSegfault/ansible
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

RIP Soleil Levant

Browse Source
This commit is contained in:
Arya 2023-09-14 14:42:16 +05:30
parent f77518cf79
commit c5282c4705
Signed by: arya
GPG Key ID: 842D12BDA50DF120
14 changed files with 198 additions and 321 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
all/playbook.yaml
View File

@ -120,21 +120,6 @@
state: "present" state: "present"
regexp: "^%sudo" regexp: "^%sudo"
line: "%sudo ALL=(ALL) NOPASSWD: ALL" line: "%sudo ALL=(ALL) NOPASSWD: ALL"
- name: Add extra authorized_key for soleil
hosts: soleil
vars:
users:
- arya
- mrlerien
- devrand
- midou
tasks:
- name: Add extra authorized_key for soleil
ansible.posix.authorized_key:
user: "{{ item }}"
key: "{{ corevm_ssh_key }}"
with_items:
- "{{ users }}"
- name: Configure SSHD - name: Configure SSHD
hosts: all hosts: all
tasks: tasks:

22
cron/hourly-restarts.yaml
View File

@ -1,33 +1,13 @@
--- ---
- name: Hourly Restarts (ALL NODES) - name: Hourly Restarts (ALL NODES)
hosts: docker,privfrontends hosts: privfrontends
vars: vars:
services: services:
- invidious-invidious-1 - invidious-invidious-1
tasks:
- name: Do thing
ansible.builtin.command: docker restart {{ item }}
register: out
changed_when: out.rc != 0
with_items: "{{ services }}"
- name: Hourly Restarts (SOLEIL+REST)
hosts: docker,us,in
vars:
services:
- breezewiki - breezewiki
- anonymousoverflow-anonymousoverflow-1 - anonymousoverflow-anonymousoverflow-1
- simplytranslate-simplytranslate-1 - simplytranslate-simplytranslate-1
- scribe - scribe
tasks:
- name: Do thing
ansible.builtin.command: docker restart {{ item }}
register: out
changed_when: out.rc != 0
with_items: "{{ services }}"
- name: Hourly Restarts (PIZZA+REST)
hosts: privfrontends
vars:
services:
- libreddit-libreddit-1 - libreddit-libreddit-1
- teddit - teddit
tasks: tasks:

2
cron/prune.yaml
View File

@ -1,6 +1,6 @@
--- ---
- name: Docker Prunes (Daily Cron) - name: Docker Prunes (Daily Cron)
hosts: docker,backwards,eu,us,in hosts: privfrontends
tasks: tasks:
- name: Do thing - name: Do thing
community.docker.docker_prune: community.docker.docker_prune:

18
host_vars/docker/privfrontends_secrets.yaml
View File

@ -1,18 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
36323339616139653231363637313635346361663831656537353462313563633963383465353564
6539633632313264643239633632333065653837396336610a313836363832646337643739383039
65316662363861653738663361353739306538376632333431353932626361316665323161333665
3065396561616463630a366530613530316161323836323334366635343839306636363837643466
61373733383764333364393938323764613065383662353034666139373133386166353062326534
30636236323037396535313133666364636163353165346638353661623731373338323232313065
62313865396433336364393536366537643338303335343830623034656236616465303164613962
65303639333461656331353636343735373965656665666634393933336333373735636165343164
36663765306239663866656661363935666661366536306331313962376330313965306336616337
32626566393166383934386264356631653430626533356263623861643765373633333938393934
35333238303335656562616336653066383163646665666465623139333333396538663834316463
32663532376165336366346336306262623637386161623937633431306235656431633366343163
33313465643730393033386532636136623033333735643638383564393330623663396361633932
66343063636132333639383931396433383635356564386639643739623632346237313363383261
37643162326165313435626165623634653730333664326665386362646364316461326630623266
30353038623137373161623661316535626462663636323165393033653266643332383862323865
3431

44
host_vars/eu/privfrontends_secrets.yaml
View File

@ -1,17 +1,29 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
31383035323330343562373837366530633935626131633737646633663838633463623465623465 64316635633137373166393430313734343565663930323062343462646664323332343734326663
3535336536613038643534383537663866346364646365380a303939323038363036306535393033 6635316238646330623866323131373139656436383062610a653664373465623630346530643765
33363439636337386437306536316663646235643430633236353935363838663264366362613463 37323033333831356536343139623730396633633161656561643265343630356465323132636237
6334663732663730610a306261626334636538363363643062643438373031366532616635613730 6563333466353339390a353036333435633665366563643837303732643163376333333633626131
32626636373834613665626437653930336636323266393932616631363334316434313333353239 64356139356438386637316635636336653432653135623036653861333264626635633335323433
34663864666631303336346539303864303234353231343561653535303132366234323731623230 65386630396435326132396235623730316664376239363961383534353562656235313061313831
31656362303362653332303064396633383265323033386264613861663762386139393161666664 35366432656136306331613836303837646131653135666134386635363864653338323436323734
36393137323838653439626261373465333330383436616663303165353438343363393364393130 30343965303762313835326565636333366430353232336564616261393937336634326464633236
63376635633238336337643866303633666434383437646331333235376136313062663633396662 66663535613433383537613766333765393966306663383831313539396533336638616130333365
35323363306434363961646437646433326133346361363461316462326633366139623839366631 63633465626435386236336464636664356462393235316330623061333131303735653762326636
63353334366566303163633237366463356530323761373264333261386166346465303936316630 61613730626339396236656536353664656361626131303266646666316231373835333963666231
63353963383032346432373332363835346462313661396664336233356434373730363337663631 35353337373266653563613436383032643734333833626462353330616262633336643264386364
32383632666435326138646235316538663766383236313737633536663434616361663138333164 32643539663733376163343166353930366132663364326236383762356161643530613162306136
33623939643261353437336265633966353466313734653639396532363764653662343463643032 64656538303761613361323137643364373239373132333465303632313032316562663761303732
33376166656366396136363438383832323933366236343437333137313334336566323932336333 33306165363635646131323364386263663264353837366535363136376637376463303761373435
31343537356663326433 66333635643139356435366433326635613431353930373933393034323266393634623436393332
36336339303838363438336437396464343062303333363536636138336465356363366462653839
36396635306631323661623338313564656138363135306563663566373530376561363931366335
61326264386663643637616230363565333430396336646662376665376566336361613339666537
32393761303732663464326365646631333930363234623833666132386261396134396332356634
37376532336332666465343034376261623435326331383530376538306632343430616164653338
31333231313961643061393163376462346332363633653133343630366632346566373162356637
38333134383632346330613163323934333364616536663464663431373265623835316434653361
61653232643236653737663963396333353138316661376437623563663661313661396235313935
61316363323366633038663139633932353365316434393462623135393631653862323735653963
32343139326635323938666332646463346636343562323566653633656334363831353464333063
32323638386139623062393836343336636635363836343137356331386665303564666438333334
66653934313837393932

33
inventory.yml
View File

@ -1,38 +1,5 @@
all: all:
children: children:
soleil:
hosts:
core:
ansible_host: core.vpn.projectsegfau.lt
ansible_user: ansiblerunner
ansible_port: 22
port: 22
ansible_become: true # Run everything as root
wiki_page: Soleil_Levant
server_prefix: eu
docker:
ansible_host: docker.vpn.projectsegfau.lt
ansible_user: ansiblerunner
ansible_port: 22
port: 22
docker_dir: /opt/docker-privfrontends
country: France
isp: Orange S.A.
wiki_page: Soleil_Levant
server_prefix: eu
ansible_become: true # Run everything as root
db:
ansible_host: db.vpn.projectsegfau.lt
ansible_user: ansiblerunner
ansible_port: 22
port: 22
ansible_become: true # Run everything as root
backwards:
ansible_host: backwards.vpn.projectsegfau.lt
ansible_user: ansiblerunner
ansible_port: 22
port: 22
ansible_become: true # Run everything as root
privfrontends: privfrontends:
hosts: hosts:
eu: eu:

2
privfrontends/caddy-update.yaml
View File

@ -1,6 +1,6 @@
--- ---
- name: Setup Caddy - name: Setup Caddy
hosts: core,privfrontends hosts: privfrontends
roles: roles:
- role: caddy-ansible - role: caddy-ansible
caddy_systemd_capabilities_enabled: true caddy_systemd_capabilities_enabled: true

14
privfrontends/docker-tasks.yaml
View File

@ -4,7 +4,7 @@
path: "{{ docker_dir }}/{{ item }}" path: "{{ docker_dir }}/{{ item }}"
state: directory state: directory
mode: "0755" mode: "0755"
tags: docker,soleil,pizza tags: docker,pizza
- name: Copy docker-compose templates for the {{item}} - name: Copy docker-compose templates for the {{item}}
ansible.builtin.template: ansible.builtin.template:
@ -13,14 +13,14 @@
backup: true backup: true
mode: preserve mode: preserve
register: check_status register: check_status
tags: docker,soleil,pizza tags: docker,pizza
- name: Check if extras file exists for the {{item}} - name: Check if extras file exists for the {{item}}
delegate_to: localhost delegate_to: localhost
ansible.builtin.stat: ansible.builtin.stat:
path: ./compose/{{ item }}/extras.conf.j2 path: ./compose/{{ item }}/extras.conf.j2
register: file register: file
tags: docker,soleil,pizza tags: docker,pizza
- name: Copy extras file - name: Copy extras file
ansible.builtin.template: ansible.builtin.template:
@ -29,7 +29,7 @@
backup: true backup: true
mode: preserve mode: preserve
when: file.stat.exists when: file.stat.exists
tags: docker,soleil,pizza tags: docker,pizza
- name: "Update docker {{item}} image" - name: "Update docker {{item}} image"
ansible.builtin.command: ansible.builtin.command:
@ -38,7 +38,7 @@
when: check_status.changed when: check_status.changed
register: updateout register: updateout
changed_when: updateout.rc != 0 changed_when: updateout.rc != 0
tags: docker,soleil,pizza tags: docker,pizza
- name: "Stop docker {{item}}" - name: "Stop docker {{item}}"
ansible.builtin.command: ansible.builtin.command:
@ -47,7 +47,7 @@
when: check_status.changed when: check_status.changed
register: stopout register: stopout
changed_when: stopout.rc != 0 changed_when: stopout.rc != 0
tags: docker,soleil,pizza tags: docker,pizza
- name: "Start docker {{item}}" - name: "Start docker {{item}}"
ansible.builtin.command: ansible.builtin.command:
@ -56,4 +56,4 @@
when: check_status.changed when: check_status.changed
register: startout register: startout
changed_when: startout.rc != 0 changed_when: startout.rc != 0
tags: docker,soleil,pizza tags: docker,pizza

19
privfrontends/playbook.yaml
View File

@ -1,6 +1,6 @@
--- ---
- name: Setup Caddy - name: Setup Caddy
hosts: privfrontends,core hosts: privfrontends
tasks: tasks:
- name: Copy Caddyfile - name: Copy Caddyfile
ansible.builtin.template: ansible.builtin.template:
@ -30,17 +30,6 @@
- nitter - nitter
- teddit - teddit
- watchtower - watchtower
tasks:
# community.docker does not support compose 2.0 right now.
# https://github.com/ansible-collections/community.docker/issues/216
- name: Update docker compose files and restart those with changes
ansible.builtin.include_tasks: docker-tasks.yaml
with_items: "{{ docker_services }}"
tags: docker,pizza
- name: Setup docker compose for privacy frontends (soleil+normal)
hosts: in,us,docker
vars:
non_pizza_docker_services:
- anonymousoverflow - anonymousoverflow
- breezewiki - breezewiki
- gothub - gothub
@ -54,7 +43,7 @@
tasks: tasks:
# community.docker does not support compose 2.0 right now. # community.docker does not support compose 2.0 right now.
# https://github.com/ansible-collections/community.docker/issues/216 # https://github.com/ansible-collections/community.docker/issues/216
- name: Update docker compose files and restart those with changes (Privacy Frontends but without Pizza1) - name: Update docker compose files and restart those with changes
ansible.builtin.include_tasks: docker-tasks.yaml ansible.builtin.include_tasks: docker-tasks.yaml
with_items: "{{ non_pizza_docker_services }}" with_items: "{{ docker_services }}"
tags: docker,soleil tags: docker,pizza

36
privfrontends/templates/Caddyfile.j2
View File

@ -61,11 +61,9 @@
import ./*.Caddyfile import ./*.Caddyfile
{{ inventory_hostname }}.projectsegfau.lt {% if inventory_hostname == 'eu' %} pizza1.projectsegfau.lt {% endif %} {% if inventory_hostname == 'core' %} soleil.projectsegfau.lt {% endif %} { {{ inventory_hostname }}.projectsegfau.lt {% if inventory_hostname == 'eu' %} pizza1.projectsegfau.lt {% endif %} {
redir https://wiki.projectsegfau.lt/index.php?title={{ wiki_page }} redir https://wiki.projectsegfau.lt/index.php?title={{ wiki_page }}
} }
# PIZZA + US + IN
{% if inventory_hostname == 'eu' or inventory_hostname == 'us' or inventory_hostname == 'in' %}
cdn.projectsegfau.lt cdn.{{ server_prefix }}.projectsegfau.lt { cdn.projectsegfau.lt cdn.{{ server_prefix }}.projectsegfau.lt {
encode zstd gzip encode zstd gzip
root * /var/cdn root * /var/cdn
@ -117,11 +115,8 @@ teddit.{{ server_prefix }}.projectsegfau.lt teddit.projectsegfau.lt t.psf.lt t.{
import def import def
import torloc teddit import torloc teddit
} }
{% endif %}
# SOLEIL + US + IN
{% if inventory_hostname == 'core' or inventory_hostname == 'us' or inventory_hostname == 'in' %}
inv.{{ server_prefix }}.projectsegfau.lt inv.projectsegfau.lt invidious.projectsegfau.lt i.{{ server_prefix }}.psf.lt i.psf.lt { inv.{{ server_prefix }}.projectsegfau.lt inv.projectsegfau.lt invidious.projectsegfau.lt i.{{ server_prefix }}.psf.lt i.psf.lt {
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:7573 reverse_proxy :7573
header { header {
# disable FLoC tracking # disable FLoC tracking
Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()"; Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()";
@ -148,17 +143,17 @@ inv.{{ server_prefix }}.projectsegfau.lt inv.projectsegfau.lt invidious.projects
{% endif %} {% endif %}
} }
gothub.{{ server_prefix }}.projectsegfau.lt gothub.projectsegfau.lt gh.psf.lt gh.{{ server_prefix }}.psf.lt { gothub.{{ server_prefix }}.projectsegfau.lt gothub.projectsegfau.lt gh.psf.lt gh.{{ server_prefix }}.psf.lt {
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:1024 reverse_proxy :1024
import def import def
import torloc gothub import torloc gothub
} }
overflow.{{ server_prefix }}.projectsegfau.lt overflow.projectsegfau.lt o.psf.lt o.{{ server_prefix }}.psf.lt { overflow.{{ server_prefix }}.projectsegfau.lt overflow.projectsegfau.lt o.psf.lt o.{{ server_prefix }}.psf.lt {
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8694 reverse_proxy :8694
import def import def
import torloc overflow import torloc overflow
} }
rimgo.{{ server_prefix }}.projectsegfau.lt rimgo.projectsegfau.lt rg.psf.lt rg.{{ server_prefix }}.psf.lt { rimgo.{{ server_prefix }}.projectsegfau.lt rimgo.projectsegfau.lt rg.psf.lt rg.{{ server_prefix }}.psf.lt {
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:9016 reverse_proxy :9016
import def import def
import torloc rimgo import torloc rimgo
} }
@ -166,38 +161,38 @@ bw.{{ server_prefix }}.projectsegfau.lt bw.projectsegfau.lt bw.psf.lt bw.{{ serv
import def import def
import torloc breezewiki import torloc breezewiki
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:10416 reverse_proxy :10416
} }
scribe.{{ server_prefix }}.projectsegfau.lt scribe.projectsegfau.lt sc.psf.lt sc.{{ server_prefix }}.psf.lt { scribe.{{ server_prefix }}.projectsegfau.lt scribe.projectsegfau.lt sc.psf.lt sc.{{ server_prefix }}.psf.lt {
import def import def
import torloc scribe import torloc scribe
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8006 reverse_proxy :8006
} }
translate.{{ server_prefix }}.projectsegfau.lt translate.projectsegfau.lt tl.psf.lt tl.{{ server_prefix }}.psf.lt { translate.{{ server_prefix }}.projectsegfau.lt translate.projectsegfau.lt tl.psf.lt tl.{{ server_prefix }}.psf.lt {
import def import def
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:5046 reverse_proxy :5046
import torloc translate import torloc translate
} }
safetwitch.{{ server_prefix }}.projectsegfau.lt safetwitch.projectsegfau.lt tw.psf.lt tw.{{ server_prefix }}.psf.lt { safetwitch.{{ server_prefix }}.projectsegfau.lt safetwitch.projectsegfau.lt tw.psf.lt tw.{{ server_prefix }}.psf.lt {
import def import def
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:5070 reverse_proxy :5070
import torloc safetwitch import torloc safetwitch
} }
api.safetwitch.{{ server_prefix }}.projectsegfau.lt { api.safetwitch.{{ server_prefix }}.projectsegfau.lt {
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:5071 reverse_proxy :5071
} }
hyperpipe.{{ server_prefix }}.projectsegfau.lt hyperpipe.projectsegfau.lt hp.psf.lt hp.{{ server_prefix }}.psf.lt { hyperpipe.{{ server_prefix }}.projectsegfau.lt hyperpipe.projectsegfau.lt hp.psf.lt hp.{{ server_prefix }}.psf.lt {
import def import def
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8843 reverse_proxy :8843
} }
hyperpipebackend.{{ server_prefix }}.projectsegfau.lt { hyperpipebackend.{{ server_prefix }}.projectsegfau.lt {
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:3536 reverse_proxy :3536
} }
search.{{ server_prefix }}.projectsegfau.lt search.projectsegfau.lt s.psf.lt s.{{ server_prefix }}.psf.lt { search.{{ server_prefix }}.projectsegfau.lt search.projectsegfau.lt s.psf.lt s.{{ server_prefix }}.psf.lt {
import def import def
import torloc search import torloc search
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8081 reverse_proxy :8081
@api { @api {
path /config path /config
path /healthz path /healthz
@ -258,7 +253,7 @@ search.{{ server_prefix }}.projectsegfau.lt search.projectsegfau.lt s.psf.lt s.{
} }
} }
{% if server_prefix == 'eu' %}piped.projectsegfau.lt proxy.piped.projectsegfau.lt api.piped.projectsegfau.lt {%else%} piped.{{ server_prefix }}.projectsegfau.lt pipedproxy.{{ server_prefix }}.projectsegfau.lt pipedapi.{{ server_prefix }}.projectsegfau.lt {%endif%} { {% if server_prefix == 'eu' %}piped.projectsegfau.lt proxy.piped.projectsegfau.lt api.piped.projectsegfau.lt {%else%} piped.{{ server_prefix }}.projectsegfau.lt pipedproxy.{{ server_prefix }}.projectsegfau.lt pipedapi.{{ server_prefix }}.projectsegfau.lt {%endif%} {
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:6970 reverse_proxy :6970
header { header {
# disable FLoC tracking # disable FLoC tracking
Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()"; Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()";
@ -283,7 +278,7 @@ search.{{ server_prefix }}.projectsegfau.lt search.projectsegfau.lt s.psf.lt s.{
{% endif %} {% endif %}
} }
pi.{{ server_prefix }}.psf.lt pi.psf.lt { pi.{{ server_prefix }}.psf.lt pi.psf.lt {
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:6970 { reverse_proxy :6970 {
header_up Host "{% if server_prefix == 'eu' %}piped.projectsegfau.lt{%else%}piped.{{ server_prefix }}.projectsegfau.lt{%endif%}" header_up Host "{% if server_prefix == 'eu' %}piped.projectsegfau.lt{%else%}piped.{{ server_prefix }}.projectsegfau.lt{%endif%}"
} }
header { header {
@ -306,4 +301,3 @@ pi.{{ server_prefix }}.psf.lt pi.psf.lt {
} }
respond @badbots "Access to this route denied" 403 respond @badbots "Access to this route denied" 403
} }
{% endif %}

99
privfrontends/templates/core/internal.Caddyfile
View File

@ -1,99 +0,0 @@
# ---Internal Caddyfile---
# Authentik
sekuritee.projectsegfau.lt {
reverse_proxy https://192.168.5.2:7443 {
transport http {
tls_insecure_skip_verify
}
header_up X-Real-IP {remote_host}
}
import def
}
# MailU
mail.projectsegfau.lt {
import def
reverse_proxy 192.168.5.5:8082
}
# Plausible
analytics.projectsegfau.lt {
reverse_proxy 192.168.5.2:8001
import def
}
# Website dev
web.dev.projectsegfau.lt {
reverse_proxy 192.168.5.2:1339
import def
}
blog.projectsegfau.lt {
reverse_proxy 192.168.5.2:2368 {
header_up X-Forwarded-Proto https
header_up X-Real-IP {remote_host}
}
import def
}
# Midou PersoVM
matrix.midou.dev {
reverse_proxy /_matrix/* 192.168.5.6:8008
import def
}
file.midou.dev {
reverse_proxy 192.168.5.6:8080
import def
}
c.midou.dev {
reverse_proxy 192.168.5.6:8978
import def
}
rss.midou.dev {
reverse_proxy 192.168.5.6:3002
import def
}
sub.midou.dev {
reverse_proxy 192.168.5.6:8480
import def
}
qb.midou.dev {
reverse_proxy 192.168.5.6:8182
import def
}
slsk.midou.dev {
reverse_proxy 192.168.5.6:8283
import def
}
# Headscale (tailscale control server)
hs.projectsegfau.lt {
reverse_proxy /web* https://192.168.5.5:9443 {
transport http {
tls_insecure_skip_verify
}
}
reverse_proxy * 192.168.5.5:8089
}
# Caddy daily build (for ansible)
cb.projectsegfau.lt {
root * /var/www/caddy-build
file_server browse
encode gzip
}
# GotHub
docs.gothub.app {
redir https://gothub.app/docs{uri}
}
# OLD URLs
http://mutahar.rocks, http://*.mutahar.rocks {
redir https://projectsegfau.lt
}

101
privfrontends/templates/core/apps.Caddyfile → privfrontends/templates/in/apps.Caddyfile
View File

@ -7,7 +7,7 @@ social.projectsegfau.lt {
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
# and `localhost.` resolves to [::0] on some systems: see issue #930 # and `localhost.` resolves to [::0] on some systems: see issue #930
reverse_proxy 192.168.5.2:4011 reverse_proxy 192.168.1.5:4011
handle /media/* { handle /media/* {
redir https://media.social.projectsegfau.lt{uri} permanent redir https://media.social.projectsegfau.lt{uri} permanent
@ -23,7 +23,7 @@ social.projectsegfau.lt {
# And https://gleasonator.com/notice/AW3PsTi4WCWEUbN0uO # And https://gleasonator.com/notice/AW3PsTi4WCWEUbN0uO
media.social.projectsegfau.lt { media.social.projectsegfau.lt {
handle /media/* { handle /media/* {
reverse_proxy 192.168.5.2:4011 { reverse_proxy 192.168.1.5:4011 {
transport http { transport http {
response_header_timeout 10s response_header_timeout 10s
read_timeout 15s read_timeout 15s
@ -32,7 +32,7 @@ media.social.projectsegfau.lt {
} }
handle /proxy/* { handle /proxy/* {
reverse_proxy 192.168.5.2:4011 { reverse_proxy 192.168.1.5:4011 {
transport http { transport http {
response_header_timeout 10s response_header_timeout 10s
read_timeout 15s read_timeout 15s
@ -43,29 +43,29 @@ media.social.projectsegfau.lt {
# Cinny # Cinny
cinny.projectsegfau.lt cy.psf.lt { cinny.projectsegfau.lt cy.psf.lt {
reverse_proxy 192.168.5.2:3069 reverse_proxy :3069
import def import def
} }
# Website # Website
projectsegfau.lt { projectsegfau.lt {
reverse_proxy 192.168.5.2:1337 reverse_proxy :1337
import def import def
reverse_proxy /_matrix/* 192.168.5.2:8449 { reverse_proxy /_matrix/* 192.168.1.5:8449 {
header_up Host "matrix.projectsegfau.lt" header_up Host "matrix.projectsegfau.lt"
} }
reverse_proxy /_matrix/client/* 192.168.5.2:81 { reverse_proxy /_matrix/client/* 192.168.1.5:81 {
header_up Host "matrix.projectsegfau.lt" header_up Host "matrix.projectsegfau.lt"
} }
reverse_proxy /_synapse/* 192.168.5.2:81 { reverse_proxy /_synapse/* 192.168.1.5:81 {
header_up Host "matrix.projectsegfau.lt" header_up Host "matrix.projectsegfau.lt"
} }
reverse_proxy /.well-known/acme-challenge/* 192.168.5.5:5380 reverse_proxy /.well-known/acme-challenge/* 192.168.1.5:5380
reverse_proxy /converse 192.168.5.5:5280 reverse_proxy /converse 192.168.1.5:5280
reverse_proxy /converseemojis.js 192.168.5.5:5280 reverse_proxy /converseemojis.js 192.168.1.5:5280
reverse_proxy /converse/* 192.168.5.5:5280 reverse_proxy /converse/* 192.168.1.5:5280
reverse_proxy /bosh 192.168.5.5:5280 reverse_proxy /bosh 192.168.1.5:5280
reverse_proxy /ws 192.168.5.5:5280 reverse_proxy /ws 192.168.1.5:5280
header /.well-known/matrix/* Content-Type application/json header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin * header /.well-known/matrix/* Access-Control-Allow-Origin *
handle_path /.well-known/* { handle_path /.well-known/* {
@ -79,18 +79,19 @@ projectsegfau.lt {
import torloc www import torloc www
} }
psf.lt { psf.lt {
reverse_proxy 192.168.5.2:1337 reverse_proxy :1337
import def import def
import torloc www import torloc www
header /.well-known/matrix/* Content-Type application/json import acmedns
header /.well-known/matrix/* Access-Control-Allow-Origin * header /.well-known/matrix/* Content-Type application/json
handle_path /.well-known/* { header /.well-known/matrix/* Access-Control-Allow-Origin *
root * /var/www/psf-well-known handle_path /.well-known/* {
file_server root * /var/www/psf-well-known
} file_server
}
} }
ssync.projectsegfau.lt { ssync.projectsegfau.lt {
reverse_proxy 192.168.5.2:3333 reverse_proxy 192.168.1.5:3333
import def import def
} }
@ -100,17 +101,17 @@ www.projectsegfau.lt www.psf.lt {
} }
matrix.projectsegfau.lt { matrix.projectsegfau.lt {
reverse_proxy /_matrix/* 192.168.5.2:8449 { reverse_proxy /_matrix/* 192.168.1.5:8449 {
header_up Host "matrix.projectsegfau.lt" header_up Host "matrix.projectsegfau.lt"
} }
reverse_proxy /_matrix/client/* 192.168.5.2:81 { reverse_proxy /_matrix/client/* 192.168.1.5:81 {
header_up Host "matrix.projectsegfau.lt" header_up Host "matrix.projectsegfau.lt"
} }
reverse_proxy /_synapse/* 192.168.5.2:81 { reverse_proxy /_synapse/* 192.168.1.5:81 {
header_up Host "matrix.projectsegfau.lt" header_up Host "matrix.projectsegfau.lt"
} }
import def import def
#reverse_proxy /_synapse/client/* 192.168.5.2:81 { #reverse_proxy /_synapse/client/* 192.168.1.5:81 {
# header_up Host "matrix.projectsegfau.lt" # header_up Host "matrix.projectsegfau.lt"
#} #}
handle_path / { handle_path / {
@ -118,21 +119,15 @@ matrix.projectsegfau.lt {
} }
} }
# Directus
cms.projectsegfau.lt {
reverse_proxy 192.168.5.2:9456
import def
}
# Element # Element
chat.projectsegfau.lt el.psf.lt { chat.projectsegfau.lt el.psf.lt {
reverse_proxy 192.168.5.2:3070 reverse_proxy :3070
import def import def
} }
# Gitea # Gitea
git.projectsegfau.lt { git.projectsegfau.lt {
reverse_proxy 192.168.5.5:3444 reverse_proxy :3444
respond /metrics 403 respond /metrics 403
import def import def
request_body { request_body {
@ -144,7 +139,7 @@ git.projectsegfau.lt {
import torloc git import torloc git
} }
git.psf.lt { git.psf.lt {
reverse_proxy 192.168.5.5:3444 { reverse_proxy :3444 {
header_up Host "git.projectsegfau.lt" header_up Host "git.projectsegfau.lt"
} }
respond /metrics 403 respond /metrics 403
@ -159,7 +154,7 @@ git.psf.lt {
} }
# HedgeDoc # HedgeDoc
doc.projectsegfau.lt { doc.projectsegfau.lt {
reverse_proxy 192.168.5.2:2069 { reverse_proxy :2069 {
header_up X-Real-IP {remote_host} header_up X-Real-IP {remote_host}
} }
import def import def
@ -167,30 +162,30 @@ doc.projectsegfau.lt {
# Hydrogen # Hydrogen
h2.projectsegfau.lt, hydrogen.projectsegfau.lt, h2.psf.lt { h2.projectsegfau.lt, hydrogen.projectsegfau.lt, h2.psf.lt {
reverse_proxy 192.168.5.2:3071 reverse_proxy :3071
import def import def
} }
# Jitsi # Jitsi
jitsi.projectsegfau.lt { jitsi.projectsegfau.lt {
reverse_proxy 192.168.5.5:8000 { reverse_proxy :8000 {
header_up X-Real-IP {remote_host} header_up X-Real-IP {remote_host}
} }
} }
# Excalidraw backend for jitsi # Excalidraw backend for jitsi
excalidraw.projectsegfau.lt { excalidraw.projectsegfau.lt {
reverse_proxy 192.168.5.5:8694 reverse_proxy :8694
} }
# Maubot # Maubot
mau.projectsegfau.lt { mau.projectsegfau.lt {
reverse_proxy 192.168.5.2:29316 reverse_proxy :29316
import def import def
} }
# MediaWiki # MediaWiki
wiki.projectsegfau.lt w.psf.lt { wiki.projectsegfau.lt w.psf.lt {
reverse_proxy 192.168.5.2:8000 { reverse_proxy 10.0.3.39:80 {
header_up X-Real-IP {remote_host} header_up X-Real-IP {remote_host}
} }
import def import def
@ -200,18 +195,18 @@ wiki.projectsegfau.lt w.psf.lt {
# Vikunja # Vikunja
todo.projectsegfau.lt vi.psf.lt { todo.projectsegfau.lt vi.psf.lt {
reverse_proxy 192.168.5.2:3456 reverse_proxy :3456
import def import def
import torloc todo import torloc todo
} }
# Vaultwarden # Vaultwarden
pass.projectsegfau.lt vw.psf.lt { pass.projectsegfau.lt vw.psf.lt {
reverse_proxy 192.168.5.2:6980 { reverse_proxy :6980 {
header_up X-Real-IP {remote_host} header_up X-Real-IP {remote_host}
} }
import def import def
reverse_proxy /notifications/hub 192.168.5.2:3012 { reverse_proxy /notifications/hub :3012 {
header_up X-Real-IP {remote_host} header_up X-Real-IP {remote_host}
} }
import torloc pass import torloc pass
@ -219,10 +214,10 @@ pass.projectsegfau.lt vw.psf.lt {
# XMPP # XMPP
xmpp.projectsegfau.lt, conference.projectsegfau.lt, proxy.projectsegfau.lt, pubsub.projectsegfau.lt, upload.projectsegfau.lt { xmpp.projectsegfau.lt, conference.projectsegfau.lt, proxy.projectsegfau.lt, pubsub.projectsegfau.lt, upload.projectsegfau.lt {
reverse_proxy 192.168.5.5:5280 { reverse_proxy 192.168.1.5:5280 {
header_up X-Real-IP {remote_host} header_up X-Real-IP {remote_host}
} }
reverse_proxy /.well-known/acme-challenge/* 192.168.5.5:5380 reverse_proxy /.well-known/acme-challenge/* 192.168.1.5:5380
@register { @register {
path /new/ path /new/
path /change_password/ path /change_password/
@ -247,16 +242,16 @@ xmpp.projectsegfau.lt, conference.projectsegfau.lt, proxy.projectsegfau.lt, pubs
} }
xmpp-web.projectsegfau.lt, x.psf.lt { xmpp-web.projectsegfau.lt, x.psf.lt {
import def import def
reverse_proxy 192.168.5.2:3072 reverse_proxy :3072
} }
healthchecks.projectsegfau.lt, hc.psf.lt { healthchecks.projectsegfau.lt, hc.psf.lt {
import def import def
reverse_proxy 192.168.5.2:8450 reverse_proxy :8450
import torloc healthchecks import torloc healthchecks
} }
# Pubthentik # Pubthentik
auth.p.projectsegfau.lt { auth.p.projectsegfau.lt {
reverse_proxy 192.168.5.2:7444 { reverse_proxy :7444 {
transport http { transport http {
tls_insecure_skip_verify tls_insecure_skip_verify
} }
@ -266,17 +261,13 @@ auth.p.projectsegfau.lt {
} }
# kbin # kbin
kbin.projectsegfau.lt, kb.psf.lt { kbin.projectsegfau.lt, kb.psf.lt {
reverse_proxy 192.168.5.2:80 { reverse_proxy 192.168.1.5:8014 {
header_up X-Real-IP {remote_host} header_up X-Real-IP {remote_host}
} }
import def import def
} }
libretranslate.projectsegfau.lt lt.psf.lt {
reverse_proxy 192.168.5.2:5005
import def
}
gothub.dev.projectsegfau.lt gh.dev.psf.lt { gothub.dev.projectsegfau.lt gh.dev.psf.lt {
reverse_proxy 192.168.5.2:1025 reverse_proxy :1025
import def import def
import torloc gothub.dev import torloc gothub.dev
} }

95
privfrontends/templates/in/internal.Caddyfile Normal file
View File

@ -0,0 +1,95 @@
# ---Internal Caddyfile---
# MailU
mail.projectsegfau.lt {
import def
reverse_proxy :8082
}
# Plausible
analytics.projectsegfau.lt {
reverse_proxy :8001
import def
}
# Website dev
web.dev.projectsegfau.lt {
reverse_proxy :1339
import def
}
blog.projectsegfau.lt {
reverse_proxy :2368 {
header_up X-Forwarded-Proto https
header_up X-Real-IP {remote_host}
}
import def
}
# Headscale (tailscale control server)
hs.projectsegfau.lt {
reverse_proxy /web* https://:9443 {
transport http {
tls_insecure_skip_verify
}
}
reverse_proxy * :8089
}
# Caddy daily build (for ansible)
cb.projectsegfau.lt {
root * /var/www/caddy-build
file_server browse
encode gzip
}
# GotHub
docs.gothub.app {
redir https://gothub.app/docs{uri}
}
# OLD URLs
http://mutahar.rocks, http://*.mutahar.rocks {
redir https://projectsegfau.lt
}
synapseadmin.vpn.projectsegfau.lt s.v.psf.lt {
import acmedns
reverse_proxy :8420
}
bitpuit.vpn.projectsegfau.lt b.v.psf.lt {
import acmedns
reverse_proxy https://192.168.1.2:8006 {
transport http {
tls_insecure_skip_verify
}
}
import def
}
bitpuit2.vpn.projectsegfau.lt b2.v.psf.lt {
import acmedns
reverse_proxy https://192.168.1.58:8006 {
transport http {
tls_insecure_skip_verify
}
}
import def
}
ansible.vpn.projectsegfau.lt a.v.psf.lt {
import acmedns
reverse_proxy :3527
}
grafana.vpn.projectsegfau.lt g.v.psf.lt {
import acmedns
reverse_proxy :3170
}
prometheus.vpn.projectsegfau.lt {
import acmedns
reverse_proxy :9090
}
rabbitmq.vpn.projectsegfau.lt rq.v.psf.lt {
import acmedns
reverse_proxy 192.168.1.5:15672
}

19
privfrontends/templates/in/misc.Caddyfile
View File

@ -1,6 +1,3 @@
dd.psf.lt {
reverse_proxy :8008
}
# PERSONAL # PERSONAL
https://m.in.projectsegfau.lt:8448 m.in.projectsegfau.lt { https://m.in.projectsegfau.lt:8448 m.in.projectsegfau.lt {
import def import def
@ -18,19 +15,3 @@ tnfiles.perso.in.projectsegfau.lt {
} }
root * /zfspool/files/tn-sw root * /zfspool/files/tn-sw
} }
discourse.tildevarsh.in {
reverse_proxy https://192.168.1.21:443 {
transport http {
tls_insecure_skip_verify
}
header_up X-Real-IP {remote_host}
}
}
jf.perso.in.projectsegfau.lt {
reverse_proxy 192.168.1.20:8096
import def
}
nc.perso.in.projectsegfau.lt {
reverse_proxy 192.168.1.20:80
import def
}