RIP Soleil Levant
This commit is contained in:
parent
f77518cf79
commit
c5282c4705
@ -120,21 +120,6 @@
|
||||
state: "present"
|
||||
regexp: "^%sudo"
|
||||
line: "%sudo ALL=(ALL) NOPASSWD: ALL"
|
||||
- name: Add extra authorized_key for soleil
|
||||
hosts: soleil
|
||||
vars:
|
||||
users:
|
||||
- arya
|
||||
- mrlerien
|
||||
- devrand
|
||||
- midou
|
||||
tasks:
|
||||
- name: Add extra authorized_key for soleil
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ item }}"
|
||||
key: "{{ corevm_ssh_key }}"
|
||||
with_items:
|
||||
- "{{ users }}"
|
||||
- name: Configure SSHD
|
||||
hosts: all
|
||||
tasks:
|
||||
|
@ -1,33 +1,13 @@
|
||||
---
|
||||
- name: Hourly Restarts (ALL NODES)
|
||||
hosts: docker,privfrontends
|
||||
hosts: privfrontends
|
||||
vars:
|
||||
services:
|
||||
- invidious-invidious-1
|
||||
tasks:
|
||||
- name: Do thing
|
||||
ansible.builtin.command: docker restart {{ item }}
|
||||
register: out
|
||||
changed_when: out.rc != 0
|
||||
with_items: "{{ services }}"
|
||||
- name: Hourly Restarts (SOLEIL+REST)
|
||||
hosts: docker,us,in
|
||||
vars:
|
||||
services:
|
||||
- breezewiki
|
||||
- anonymousoverflow-anonymousoverflow-1
|
||||
- simplytranslate-simplytranslate-1
|
||||
- scribe
|
||||
tasks:
|
||||
- name: Do thing
|
||||
ansible.builtin.command: docker restart {{ item }}
|
||||
register: out
|
||||
changed_when: out.rc != 0
|
||||
with_items: "{{ services }}"
|
||||
- name: Hourly Restarts (PIZZA+REST)
|
||||
hosts: privfrontends
|
||||
vars:
|
||||
services:
|
||||
- libreddit-libreddit-1
|
||||
- teddit
|
||||
tasks:
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Docker Prunes (Daily Cron)
|
||||
hosts: docker,backwards,eu,us,in
|
||||
hosts: privfrontends
|
||||
tasks:
|
||||
- name: Do thing
|
||||
community.docker.docker_prune:
|
||||
|
@ -1,18 +0,0 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
36323339616139653231363637313635346361663831656537353462313563633963383465353564
|
||||
6539633632313264643239633632333065653837396336610a313836363832646337643739383039
|
||||
65316662363861653738663361353739306538376632333431353932626361316665323161333665
|
||||
3065396561616463630a366530613530316161323836323334366635343839306636363837643466
|
||||
61373733383764333364393938323764613065383662353034666139373133386166353062326534
|
||||
30636236323037396535313133666364636163353165346638353661623731373338323232313065
|
||||
62313865396433336364393536366537643338303335343830623034656236616465303164613962
|
||||
65303639333461656331353636343735373965656665666634393933336333373735636165343164
|
||||
36663765306239663866656661363935666661366536306331313962376330313965306336616337
|
||||
32626566393166383934386264356631653430626533356263623861643765373633333938393934
|
||||
35333238303335656562616336653066383163646665666465623139333333396538663834316463
|
||||
32663532376165336366346336306262623637386161623937633431306235656431633366343163
|
||||
33313465643730393033386532636136623033333735643638383564393330623663396361633932
|
||||
66343063636132333639383931396433383635356564386639643739623632346237313363383261
|
||||
37643162326165313435626165623634653730333664326665386362646364316461326630623266
|
||||
30353038623137373161623661316535626462663636323165393033653266643332383862323865
|
||||
3431
|
@ -1,17 +1,29 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
31383035323330343562373837366530633935626131633737646633663838633463623465623465
|
||||
3535336536613038643534383537663866346364646365380a303939323038363036306535393033
|
||||
33363439636337386437306536316663646235643430633236353935363838663264366362613463
|
||||
6334663732663730610a306261626334636538363363643062643438373031366532616635613730
|
||||
32626636373834613665626437653930336636323266393932616631363334316434313333353239
|
||||
34663864666631303336346539303864303234353231343561653535303132366234323731623230
|
||||
31656362303362653332303064396633383265323033386264613861663762386139393161666664
|
||||
36393137323838653439626261373465333330383436616663303165353438343363393364393130
|
||||
63376635633238336337643866303633666434383437646331333235376136313062663633396662
|
||||
35323363306434363961646437646433326133346361363461316462326633366139623839366631
|
||||
63353334366566303163633237366463356530323761373264333261386166346465303936316630
|
||||
63353963383032346432373332363835346462313661396664336233356434373730363337663631
|
||||
32383632666435326138646235316538663766383236313737633536663434616361663138333164
|
||||
33623939643261353437336265633966353466313734653639396532363764653662343463643032
|
||||
33376166656366396136363438383832323933366236343437333137313334336566323932336333
|
||||
31343537356663326433
|
||||
64316635633137373166393430313734343565663930323062343462646664323332343734326663
|
||||
6635316238646330623866323131373139656436383062610a653664373465623630346530643765
|
||||
37323033333831356536343139623730396633633161656561643265343630356465323132636237
|
||||
6563333466353339390a353036333435633665366563643837303732643163376333333633626131
|
||||
64356139356438386637316635636336653432653135623036653861333264626635633335323433
|
||||
65386630396435326132396235623730316664376239363961383534353562656235313061313831
|
||||
35366432656136306331613836303837646131653135666134386635363864653338323436323734
|
||||
30343965303762313835326565636333366430353232336564616261393937336634326464633236
|
||||
66663535613433383537613766333765393966306663383831313539396533336638616130333365
|
||||
63633465626435386236336464636664356462393235316330623061333131303735653762326636
|
||||
61613730626339396236656536353664656361626131303266646666316231373835333963666231
|
||||
35353337373266653563613436383032643734333833626462353330616262633336643264386364
|
||||
32643539663733376163343166353930366132663364326236383762356161643530613162306136
|
||||
64656538303761613361323137643364373239373132333465303632313032316562663761303732
|
||||
33306165363635646131323364386263663264353837366535363136376637376463303761373435
|
||||
66333635643139356435366433326635613431353930373933393034323266393634623436393332
|
||||
36336339303838363438336437396464343062303333363536636138336465356363366462653839
|
||||
36396635306631323661623338313564656138363135306563663566373530376561363931366335
|
||||
61326264386663643637616230363565333430396336646662376665376566336361613339666537
|
||||
32393761303732663464326365646631333930363234623833666132386261396134396332356634
|
||||
37376532336332666465343034376261623435326331383530376538306632343430616164653338
|
||||
31333231313961643061393163376462346332363633653133343630366632346566373162356637
|
||||
38333134383632346330613163323934333364616536663464663431373265623835316434653361
|
||||
61653232643236653737663963396333353138316661376437623563663661313661396235313935
|
||||
61316363323366633038663139633932353365316434393462623135393631653862323735653963
|
||||
32343139326635323938666332646463346636343562323566653633656334363831353464333063
|
||||
32323638386139623062393836343336636635363836343137356331386665303564666438333334
|
||||
66653934313837393932
|
||||
|
@ -1,38 +1,5 @@
|
||||
all:
|
||||
children:
|
||||
soleil:
|
||||
hosts:
|
||||
core:
|
||||
ansible_host: core.vpn.projectsegfau.lt
|
||||
ansible_user: ansiblerunner
|
||||
ansible_port: 22
|
||||
port: 22
|
||||
ansible_become: true # Run everything as root
|
||||
wiki_page: Soleil_Levant
|
||||
server_prefix: eu
|
||||
docker:
|
||||
ansible_host: docker.vpn.projectsegfau.lt
|
||||
ansible_user: ansiblerunner
|
||||
ansible_port: 22
|
||||
port: 22
|
||||
docker_dir: /opt/docker-privfrontends
|
||||
country: France
|
||||
isp: Orange S.A.
|
||||
wiki_page: Soleil_Levant
|
||||
server_prefix: eu
|
||||
ansible_become: true # Run everything as root
|
||||
db:
|
||||
ansible_host: db.vpn.projectsegfau.lt
|
||||
ansible_user: ansiblerunner
|
||||
ansible_port: 22
|
||||
port: 22
|
||||
ansible_become: true # Run everything as root
|
||||
backwards:
|
||||
ansible_host: backwards.vpn.projectsegfau.lt
|
||||
ansible_user: ansiblerunner
|
||||
ansible_port: 22
|
||||
port: 22
|
||||
ansible_become: true # Run everything as root
|
||||
privfrontends:
|
||||
hosts:
|
||||
eu:
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Setup Caddy
|
||||
hosts: core,privfrontends
|
||||
hosts: privfrontends
|
||||
roles:
|
||||
- role: caddy-ansible
|
||||
caddy_systemd_capabilities_enabled: true
|
||||
|
@ -4,7 +4,7 @@
|
||||
path: "{{ docker_dir }}/{{ item }}"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
tags: docker,soleil,pizza
|
||||
tags: docker,pizza
|
||||
|
||||
- name: Copy docker-compose templates for the {{item}}
|
||||
ansible.builtin.template:
|
||||
@ -13,14 +13,14 @@
|
||||
backup: true
|
||||
mode: preserve
|
||||
register: check_status
|
||||
tags: docker,soleil,pizza
|
||||
tags: docker,pizza
|
||||
|
||||
- name: Check if extras file exists for the {{item}}
|
||||
delegate_to: localhost
|
||||
ansible.builtin.stat:
|
||||
path: ./compose/{{ item }}/extras.conf.j2
|
||||
register: file
|
||||
tags: docker,soleil,pizza
|
||||
tags: docker,pizza
|
||||
|
||||
- name: Copy extras file
|
||||
ansible.builtin.template:
|
||||
@ -29,7 +29,7 @@
|
||||
backup: true
|
||||
mode: preserve
|
||||
when: file.stat.exists
|
||||
tags: docker,soleil,pizza
|
||||
tags: docker,pizza
|
||||
|
||||
- name: "Update docker {{item}} image"
|
||||
ansible.builtin.command:
|
||||
@ -38,7 +38,7 @@
|
||||
when: check_status.changed
|
||||
register: updateout
|
||||
changed_when: updateout.rc != 0
|
||||
tags: docker,soleil,pizza
|
||||
tags: docker,pizza
|
||||
|
||||
- name: "Stop docker {{item}}"
|
||||
ansible.builtin.command:
|
||||
@ -47,7 +47,7 @@
|
||||
when: check_status.changed
|
||||
register: stopout
|
||||
changed_when: stopout.rc != 0
|
||||
tags: docker,soleil,pizza
|
||||
tags: docker,pizza
|
||||
|
||||
- name: "Start docker {{item}}"
|
||||
ansible.builtin.command:
|
||||
@ -56,4 +56,4 @@
|
||||
when: check_status.changed
|
||||
register: startout
|
||||
changed_when: startout.rc != 0
|
||||
tags: docker,soleil,pizza
|
||||
tags: docker,pizza
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Setup Caddy
|
||||
hosts: privfrontends,core
|
||||
hosts: privfrontends
|
||||
tasks:
|
||||
- name: Copy Caddyfile
|
||||
ansible.builtin.template:
|
||||
@ -30,17 +30,6 @@
|
||||
- nitter
|
||||
- teddit
|
||||
- watchtower
|
||||
tasks:
|
||||
# community.docker does not support compose 2.0 right now.
|
||||
# https://github.com/ansible-collections/community.docker/issues/216
|
||||
- name: Update docker compose files and restart those with changes
|
||||
ansible.builtin.include_tasks: docker-tasks.yaml
|
||||
with_items: "{{ docker_services }}"
|
||||
tags: docker,pizza
|
||||
- name: Setup docker compose for privacy frontends (soleil+normal)
|
||||
hosts: in,us,docker
|
||||
vars:
|
||||
non_pizza_docker_services:
|
||||
- anonymousoverflow
|
||||
- breezewiki
|
||||
- gothub
|
||||
@ -54,7 +43,7 @@
|
||||
tasks:
|
||||
# community.docker does not support compose 2.0 right now.
|
||||
# https://github.com/ansible-collections/community.docker/issues/216
|
||||
- name: Update docker compose files and restart those with changes (Privacy Frontends but without Pizza1)
|
||||
- name: Update docker compose files and restart those with changes
|
||||
ansible.builtin.include_tasks: docker-tasks.yaml
|
||||
with_items: "{{ non_pizza_docker_services }}"
|
||||
tags: docker,soleil
|
||||
with_items: "{{ docker_services }}"
|
||||
tags: docker,pizza
|
||||
|
@ -61,11 +61,9 @@
|
||||
|
||||
import ./*.Caddyfile
|
||||
|
||||
{{ inventory_hostname }}.projectsegfau.lt {% if inventory_hostname == 'eu' %} pizza1.projectsegfau.lt {% endif %} {% if inventory_hostname == 'core' %} soleil.projectsegfau.lt {% endif %} {
|
||||
{{ inventory_hostname }}.projectsegfau.lt {% if inventory_hostname == 'eu' %} pizza1.projectsegfau.lt {% endif %} {
|
||||
redir https://wiki.projectsegfau.lt/index.php?title={{ wiki_page }}
|
||||
}
|
||||
# PIZZA + US + IN
|
||||
{% if inventory_hostname == 'eu' or inventory_hostname == 'us' or inventory_hostname == 'in' %}
|
||||
cdn.projectsegfau.lt cdn.{{ server_prefix }}.projectsegfau.lt {
|
||||
encode zstd gzip
|
||||
root * /var/cdn
|
||||
@ -117,11 +115,8 @@ teddit.{{ server_prefix }}.projectsegfau.lt teddit.projectsegfau.lt t.psf.lt t.{
|
||||
import def
|
||||
import torloc teddit
|
||||
}
|
||||
{% endif %}
|
||||
# SOLEIL + US + IN
|
||||
{% if inventory_hostname == 'core' or inventory_hostname == 'us' or inventory_hostname == 'in' %}
|
||||
inv.{{ server_prefix }}.projectsegfau.lt inv.projectsegfau.lt invidious.projectsegfau.lt i.{{ server_prefix }}.psf.lt i.psf.lt {
|
||||
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:7573
|
||||
reverse_proxy :7573
|
||||
header {
|
||||
# disable FLoC tracking
|
||||
Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()";
|
||||
@ -148,17 +143,17 @@ inv.{{ server_prefix }}.projectsegfau.lt inv.projectsegfau.lt invidious.projects
|
||||
{% endif %}
|
||||
}
|
||||
gothub.{{ server_prefix }}.projectsegfau.lt gothub.projectsegfau.lt gh.psf.lt gh.{{ server_prefix }}.psf.lt {
|
||||
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:1024
|
||||
reverse_proxy :1024
|
||||
import def
|
||||
import torloc gothub
|
||||
}
|
||||
overflow.{{ server_prefix }}.projectsegfau.lt overflow.projectsegfau.lt o.psf.lt o.{{ server_prefix }}.psf.lt {
|
||||
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8694
|
||||
reverse_proxy :8694
|
||||
import def
|
||||
import torloc overflow
|
||||
}
|
||||
rimgo.{{ server_prefix }}.projectsegfau.lt rimgo.projectsegfau.lt rg.psf.lt rg.{{ server_prefix }}.psf.lt {
|
||||
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:9016
|
||||
reverse_proxy :9016
|
||||
import def
|
||||
import torloc rimgo
|
||||
}
|
||||
@ -166,38 +161,38 @@ bw.{{ server_prefix }}.projectsegfau.lt bw.projectsegfau.lt bw.psf.lt bw.{{ serv
|
||||
import def
|
||||
import torloc breezewiki
|
||||
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
|
||||
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:10416
|
||||
reverse_proxy :10416
|
||||
}
|
||||
scribe.{{ server_prefix }}.projectsegfau.lt scribe.projectsegfau.lt sc.psf.lt sc.{{ server_prefix }}.psf.lt {
|
||||
import def
|
||||
import torloc scribe
|
||||
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
|
||||
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8006
|
||||
reverse_proxy :8006
|
||||
}
|
||||
translate.{{ server_prefix }}.projectsegfau.lt translate.projectsegfau.lt tl.psf.lt tl.{{ server_prefix }}.psf.lt {
|
||||
import def
|
||||
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:5046
|
||||
reverse_proxy :5046
|
||||
import torloc translate
|
||||
}
|
||||
safetwitch.{{ server_prefix }}.projectsegfau.lt safetwitch.projectsegfau.lt tw.psf.lt tw.{{ server_prefix }}.psf.lt {
|
||||
import def
|
||||
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:5070
|
||||
reverse_proxy :5070
|
||||
import torloc safetwitch
|
||||
}
|
||||
api.safetwitch.{{ server_prefix }}.projectsegfau.lt {
|
||||
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:5071
|
||||
reverse_proxy :5071
|
||||
}
|
||||
hyperpipe.{{ server_prefix }}.projectsegfau.lt hyperpipe.projectsegfau.lt hp.psf.lt hp.{{ server_prefix }}.psf.lt {
|
||||
import def
|
||||
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8843
|
||||
reverse_proxy :8843
|
||||
}
|
||||
hyperpipebackend.{{ server_prefix }}.projectsegfau.lt {
|
||||
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:3536
|
||||
reverse_proxy :3536
|
||||
}
|
||||
search.{{ server_prefix }}.projectsegfau.lt search.projectsegfau.lt s.psf.lt s.{{ server_prefix }}.psf.lt {
|
||||
import def
|
||||
import torloc search
|
||||
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8081
|
||||
reverse_proxy :8081
|
||||
@api {
|
||||
path /config
|
||||
path /healthz
|
||||
@ -258,7 +253,7 @@ search.{{ server_prefix }}.projectsegfau.lt search.projectsegfau.lt s.psf.lt s.{
|
||||
}
|
||||
}
|
||||
{% if server_prefix == 'eu' %}piped.projectsegfau.lt proxy.piped.projectsegfau.lt api.piped.projectsegfau.lt {%else%} piped.{{ server_prefix }}.projectsegfau.lt pipedproxy.{{ server_prefix }}.projectsegfau.lt pipedapi.{{ server_prefix }}.projectsegfau.lt {%endif%} {
|
||||
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:6970
|
||||
reverse_proxy :6970
|
||||
header {
|
||||
# disable FLoC tracking
|
||||
Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()";
|
||||
@ -283,7 +278,7 @@ search.{{ server_prefix }}.projectsegfau.lt search.projectsegfau.lt s.psf.lt s.{
|
||||
{% endif %}
|
||||
}
|
||||
pi.{{ server_prefix }}.psf.lt pi.psf.lt {
|
||||
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:6970 {
|
||||
reverse_proxy :6970 {
|
||||
header_up Host "{% if server_prefix == 'eu' %}piped.projectsegfau.lt{%else%}piped.{{ server_prefix }}.projectsegfau.lt{%endif%}"
|
||||
}
|
||||
header {
|
||||
@ -306,4 +301,3 @@ pi.{{ server_prefix }}.psf.lt pi.psf.lt {
|
||||
}
|
||||
respond @badbots "Access to this route denied" 403
|
||||
}
|
||||
{% endif %}
|
||||
|
@ -1,99 +0,0 @@
|
||||
# ---Internal Caddyfile---
|
||||
|
||||
# Authentik
|
||||
sekuritee.projectsegfau.lt {
|
||||
reverse_proxy https://192.168.5.2:7443 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
import def
|
||||
}
|
||||
|
||||
# MailU
|
||||
mail.projectsegfau.lt {
|
||||
import def
|
||||
reverse_proxy 192.168.5.5:8082
|
||||
}
|
||||
|
||||
# Plausible
|
||||
analytics.projectsegfau.lt {
|
||||
reverse_proxy 192.168.5.2:8001
|
||||
import def
|
||||
}
|
||||
|
||||
# Website dev
|
||||
web.dev.projectsegfau.lt {
|
||||
reverse_proxy 192.168.5.2:1339
|
||||
import def
|
||||
}
|
||||
|
||||
blog.projectsegfau.lt {
|
||||
reverse_proxy 192.168.5.2:2368 {
|
||||
header_up X-Forwarded-Proto https
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
import def
|
||||
}
|
||||
|
||||
# Midou PersoVM
|
||||
matrix.midou.dev {
|
||||
reverse_proxy /_matrix/* 192.168.5.6:8008
|
||||
import def
|
||||
}
|
||||
|
||||
file.midou.dev {
|
||||
reverse_proxy 192.168.5.6:8080
|
||||
import def
|
||||
}
|
||||
|
||||
c.midou.dev {
|
||||
reverse_proxy 192.168.5.6:8978
|
||||
import def
|
||||
}
|
||||
|
||||
rss.midou.dev {
|
||||
reverse_proxy 192.168.5.6:3002
|
||||
import def
|
||||
}
|
||||
|
||||
sub.midou.dev {
|
||||
reverse_proxy 192.168.5.6:8480
|
||||
import def
|
||||
}
|
||||
|
||||
qb.midou.dev {
|
||||
reverse_proxy 192.168.5.6:8182
|
||||
import def
|
||||
}
|
||||
|
||||
slsk.midou.dev {
|
||||
reverse_proxy 192.168.5.6:8283
|
||||
import def
|
||||
}
|
||||
|
||||
# Headscale (tailscale control server)
|
||||
hs.projectsegfau.lt {
|
||||
reverse_proxy /web* https://192.168.5.5:9443 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
reverse_proxy * 192.168.5.5:8089
|
||||
}
|
||||
|
||||
# Caddy daily build (for ansible)
|
||||
cb.projectsegfau.lt {
|
||||
root * /var/www/caddy-build
|
||||
file_server browse
|
||||
encode gzip
|
||||
}
|
||||
# GotHub
|
||||
docs.gothub.app {
|
||||
redir https://gothub.app/docs{uri}
|
||||
}
|
||||
# OLD URLs
|
||||
http://mutahar.rocks, http://*.mutahar.rocks {
|
||||
redir https://projectsegfau.lt
|
||||
}
|
@ -7,7 +7,7 @@ social.projectsegfau.lt {
|
||||
|
||||
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
|
||||
# and `localhost.` resolves to [::0] on some systems: see issue #930
|
||||
reverse_proxy 192.168.5.2:4011
|
||||
reverse_proxy 192.168.1.5:4011
|
||||
|
||||
handle /media/* {
|
||||
redir https://media.social.projectsegfau.lt{uri} permanent
|
||||
@ -23,7 +23,7 @@ social.projectsegfau.lt {
|
||||
# And https://gleasonator.com/notice/AW3PsTi4WCWEUbN0uO
|
||||
media.social.projectsegfau.lt {
|
||||
handle /media/* {
|
||||
reverse_proxy 192.168.5.2:4011 {
|
||||
reverse_proxy 192.168.1.5:4011 {
|
||||
transport http {
|
||||
response_header_timeout 10s
|
||||
read_timeout 15s
|
||||
@ -32,7 +32,7 @@ media.social.projectsegfau.lt {
|
||||
}
|
||||
|
||||
handle /proxy/* {
|
||||
reverse_proxy 192.168.5.2:4011 {
|
||||
reverse_proxy 192.168.1.5:4011 {
|
||||
transport http {
|
||||
response_header_timeout 10s
|
||||
read_timeout 15s
|
||||
@ -43,29 +43,29 @@ media.social.projectsegfau.lt {
|
||||
|
||||
# Cinny
|
||||
cinny.projectsegfau.lt cy.psf.lt {
|
||||
reverse_proxy 192.168.5.2:3069
|
||||
reverse_proxy :3069
|
||||
import def
|
||||
}
|
||||
|
||||
# Website
|
||||
projectsegfau.lt {
|
||||
reverse_proxy 192.168.5.2:1337
|
||||
reverse_proxy :1337
|
||||
import def
|
||||
reverse_proxy /_matrix/* 192.168.5.2:8449 {
|
||||
reverse_proxy /_matrix/* 192.168.1.5:8449 {
|
||||
header_up Host "matrix.projectsegfau.lt"
|
||||
}
|
||||
reverse_proxy /_matrix/client/* 192.168.5.2:81 {
|
||||
reverse_proxy /_matrix/client/* 192.168.1.5:81 {
|
||||
header_up Host "matrix.projectsegfau.lt"
|
||||
}
|
||||
reverse_proxy /_synapse/* 192.168.5.2:81 {
|
||||
reverse_proxy /_synapse/* 192.168.1.5:81 {
|
||||
header_up Host "matrix.projectsegfau.lt"
|
||||
}
|
||||
reverse_proxy /.well-known/acme-challenge/* 192.168.5.5:5380
|
||||
reverse_proxy /converse 192.168.5.5:5280
|
||||
reverse_proxy /converseemojis.js 192.168.5.5:5280
|
||||
reverse_proxy /converse/* 192.168.5.5:5280
|
||||
reverse_proxy /bosh 192.168.5.5:5280
|
||||
reverse_proxy /ws 192.168.5.5:5280
|
||||
reverse_proxy /.well-known/acme-challenge/* 192.168.1.5:5380
|
||||
reverse_proxy /converse 192.168.1.5:5280
|
||||
reverse_proxy /converseemojis.js 192.168.1.5:5280
|
||||
reverse_proxy /converse/* 192.168.1.5:5280
|
||||
reverse_proxy /bosh 192.168.1.5:5280
|
||||
reverse_proxy /ws 192.168.1.5:5280
|
||||
header /.well-known/matrix/* Content-Type application/json
|
||||
header /.well-known/matrix/* Access-Control-Allow-Origin *
|
||||
handle_path /.well-known/* {
|
||||
@ -79,18 +79,19 @@ projectsegfau.lt {
|
||||
import torloc www
|
||||
}
|
||||
psf.lt {
|
||||
reverse_proxy 192.168.5.2:1337
|
||||
reverse_proxy :1337
|
||||
import def
|
||||
import torloc www
|
||||
header /.well-known/matrix/* Content-Type application/json
|
||||
header /.well-known/matrix/* Access-Control-Allow-Origin *
|
||||
handle_path /.well-known/* {
|
||||
root * /var/www/psf-well-known
|
||||
file_server
|
||||
}
|
||||
import acmedns
|
||||
header /.well-known/matrix/* Content-Type application/json
|
||||
header /.well-known/matrix/* Access-Control-Allow-Origin *
|
||||
handle_path /.well-known/* {
|
||||
root * /var/www/psf-well-known
|
||||
file_server
|
||||
}
|
||||
}
|
||||
ssync.projectsegfau.lt {
|
||||
reverse_proxy 192.168.5.2:3333
|
||||
reverse_proxy 192.168.1.5:3333
|
||||
import def
|
||||
}
|
||||
|
||||
@ -100,17 +101,17 @@ www.projectsegfau.lt www.psf.lt {
|
||||
}
|
||||
|
||||
matrix.projectsegfau.lt {
|
||||
reverse_proxy /_matrix/* 192.168.5.2:8449 {
|
||||
reverse_proxy /_matrix/* 192.168.1.5:8449 {
|
||||
header_up Host "matrix.projectsegfau.lt"
|
||||
}
|
||||
reverse_proxy /_matrix/client/* 192.168.5.2:81 {
|
||||
reverse_proxy /_matrix/client/* 192.168.1.5:81 {
|
||||
header_up Host "matrix.projectsegfau.lt"
|
||||
}
|
||||
reverse_proxy /_synapse/* 192.168.5.2:81 {
|
||||
reverse_proxy /_synapse/* 192.168.1.5:81 {
|
||||
header_up Host "matrix.projectsegfau.lt"
|
||||
}
|
||||
import def
|
||||
#reverse_proxy /_synapse/client/* 192.168.5.2:81 {
|
||||
#reverse_proxy /_synapse/client/* 192.168.1.5:81 {
|
||||
# header_up Host "matrix.projectsegfau.lt"
|
||||
#}
|
||||
handle_path / {
|
||||
@ -118,21 +119,15 @@ matrix.projectsegfau.lt {
|
||||
}
|
||||
}
|
||||
|
||||
# Directus
|
||||
cms.projectsegfau.lt {
|
||||
reverse_proxy 192.168.5.2:9456
|
||||
import def
|
||||
}
|
||||
|
||||
# Element
|
||||
chat.projectsegfau.lt el.psf.lt {
|
||||
reverse_proxy 192.168.5.2:3070
|
||||
reverse_proxy :3070
|
||||
import def
|
||||
}
|
||||
|
||||
# Gitea
|
||||
git.projectsegfau.lt {
|
||||
reverse_proxy 192.168.5.5:3444
|
||||
reverse_proxy :3444
|
||||
respond /metrics 403
|
||||
import def
|
||||
request_body {
|
||||
@ -144,7 +139,7 @@ git.projectsegfau.lt {
|
||||
import torloc git
|
||||
}
|
||||
git.psf.lt {
|
||||
reverse_proxy 192.168.5.5:3444 {
|
||||
reverse_proxy :3444 {
|
||||
header_up Host "git.projectsegfau.lt"
|
||||
}
|
||||
respond /metrics 403
|
||||
@ -159,7 +154,7 @@ git.psf.lt {
|
||||
}
|
||||
# HedgeDoc
|
||||
doc.projectsegfau.lt {
|
||||
reverse_proxy 192.168.5.2:2069 {
|
||||
reverse_proxy :2069 {
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
import def
|
||||
@ -167,30 +162,30 @@ doc.projectsegfau.lt {
|
||||
|
||||
# Hydrogen
|
||||
h2.projectsegfau.lt, hydrogen.projectsegfau.lt, h2.psf.lt {
|
||||
reverse_proxy 192.168.5.2:3071
|
||||
reverse_proxy :3071
|
||||
import def
|
||||
}
|
||||
|
||||
# Jitsi
|
||||
jitsi.projectsegfau.lt {
|
||||
reverse_proxy 192.168.5.5:8000 {
|
||||
reverse_proxy :8000 {
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
}
|
||||
# Excalidraw backend for jitsi
|
||||
excalidraw.projectsegfau.lt {
|
||||
reverse_proxy 192.168.5.5:8694
|
||||
reverse_proxy :8694
|
||||
}
|
||||
|
||||
# Maubot
|
||||
mau.projectsegfau.lt {
|
||||
reverse_proxy 192.168.5.2:29316
|
||||
reverse_proxy :29316
|
||||
import def
|
||||
}
|
||||
|
||||
# MediaWiki
|
||||
wiki.projectsegfau.lt w.psf.lt {
|
||||
reverse_proxy 192.168.5.2:8000 {
|
||||
reverse_proxy 10.0.3.39:80 {
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
import def
|
||||
@ -200,18 +195,18 @@ wiki.projectsegfau.lt w.psf.lt {
|
||||
|
||||
# Vikunja
|
||||
todo.projectsegfau.lt vi.psf.lt {
|
||||
reverse_proxy 192.168.5.2:3456
|
||||
reverse_proxy :3456
|
||||
import def
|
||||
import torloc todo
|
||||
}
|
||||
|
||||
# Vaultwarden
|
||||
pass.projectsegfau.lt vw.psf.lt {
|
||||
reverse_proxy 192.168.5.2:6980 {
|
||||
reverse_proxy :6980 {
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
import def
|
||||
reverse_proxy /notifications/hub 192.168.5.2:3012 {
|
||||
reverse_proxy /notifications/hub :3012 {
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
import torloc pass
|
||||
@ -219,10 +214,10 @@ pass.projectsegfau.lt vw.psf.lt {
|
||||
|
||||
# XMPP
|
||||
xmpp.projectsegfau.lt, conference.projectsegfau.lt, proxy.projectsegfau.lt, pubsub.projectsegfau.lt, upload.projectsegfau.lt {
|
||||
reverse_proxy 192.168.5.5:5280 {
|
||||
reverse_proxy 192.168.1.5:5280 {
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
reverse_proxy /.well-known/acme-challenge/* 192.168.5.5:5380
|
||||
reverse_proxy /.well-known/acme-challenge/* 192.168.1.5:5380
|
||||
@register {
|
||||
path /new/
|
||||
path /change_password/
|
||||
@ -247,16 +242,16 @@ xmpp.projectsegfau.lt, conference.projectsegfau.lt, proxy.projectsegfau.lt, pubs
|
||||
}
|
||||
xmpp-web.projectsegfau.lt, x.psf.lt {
|
||||
import def
|
||||
reverse_proxy 192.168.5.2:3072
|
||||
reverse_proxy :3072
|
||||
}
|
||||
healthchecks.projectsegfau.lt, hc.psf.lt {
|
||||
import def
|
||||
reverse_proxy 192.168.5.2:8450
|
||||
reverse_proxy :8450
|
||||
import torloc healthchecks
|
||||
}
|
||||
# Pubthentik
|
||||
auth.p.projectsegfau.lt {
|
||||
reverse_proxy 192.168.5.2:7444 {
|
||||
reverse_proxy :7444 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
@ -266,17 +261,13 @@ auth.p.projectsegfau.lt {
|
||||
}
|
||||
# kbin
|
||||
kbin.projectsegfau.lt, kb.psf.lt {
|
||||
reverse_proxy 192.168.5.2:80 {
|
||||
reverse_proxy 192.168.1.5:8014 {
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
import def
|
||||
}
|
||||
libretranslate.projectsegfau.lt lt.psf.lt {
|
||||
reverse_proxy 192.168.5.2:5005
|
||||
import def
|
||||
}
|
||||
gothub.dev.projectsegfau.lt gh.dev.psf.lt {
|
||||
reverse_proxy 192.168.5.2:1025
|
||||
reverse_proxy :1025
|
||||
import def
|
||||
import torloc gothub.dev
|
||||
}
|
95
privfrontends/templates/in/internal.Caddyfile
Normal file
95
privfrontends/templates/in/internal.Caddyfile
Normal file
@ -0,0 +1,95 @@
|
||||
# ---Internal Caddyfile---
|
||||
|
||||
# MailU
|
||||
mail.projectsegfau.lt {
|
||||
import def
|
||||
reverse_proxy :8082
|
||||
}
|
||||
|
||||
# Plausible
|
||||
analytics.projectsegfau.lt {
|
||||
reverse_proxy :8001
|
||||
import def
|
||||
}
|
||||
|
||||
# Website dev
|
||||
web.dev.projectsegfau.lt {
|
||||
reverse_proxy :1339
|
||||
import def
|
||||
}
|
||||
|
||||
blog.projectsegfau.lt {
|
||||
reverse_proxy :2368 {
|
||||
header_up X-Forwarded-Proto https
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
import def
|
||||
}
|
||||
|
||||
# Headscale (tailscale control server)
|
||||
hs.projectsegfau.lt {
|
||||
reverse_proxy /web* https://:9443 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
reverse_proxy * :8089
|
||||
}
|
||||
|
||||
# Caddy daily build (for ansible)
|
||||
cb.projectsegfau.lt {
|
||||
root * /var/www/caddy-build
|
||||
file_server browse
|
||||
encode gzip
|
||||
}
|
||||
|
||||
# GotHub
|
||||
docs.gothub.app {
|
||||
redir https://gothub.app/docs{uri}
|
||||
}
|
||||
# OLD URLs
|
||||
http://mutahar.rocks, http://*.mutahar.rocks {
|
||||
redir https://projectsegfau.lt
|
||||
}
|
||||
|
||||
synapseadmin.vpn.projectsegfau.lt s.v.psf.lt {
|
||||
import acmedns
|
||||
reverse_proxy :8420
|
||||
}
|
||||
|
||||
bitpuit.vpn.projectsegfau.lt b.v.psf.lt {
|
||||
import acmedns
|
||||
reverse_proxy https://192.168.1.2:8006 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
import def
|
||||
}
|
||||
|
||||
bitpuit2.vpn.projectsegfau.lt b2.v.psf.lt {
|
||||
import acmedns
|
||||
reverse_proxy https://192.168.1.58:8006 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
import def
|
||||
}
|
||||
|
||||
ansible.vpn.projectsegfau.lt a.v.psf.lt {
|
||||
import acmedns
|
||||
reverse_proxy :3527
|
||||
}
|
||||
grafana.vpn.projectsegfau.lt g.v.psf.lt {
|
||||
import acmedns
|
||||
reverse_proxy :3170
|
||||
}
|
||||
prometheus.vpn.projectsegfau.lt {
|
||||
import acmedns
|
||||
reverse_proxy :9090
|
||||
}
|
||||
rabbitmq.vpn.projectsegfau.lt rq.v.psf.lt {
|
||||
import acmedns
|
||||
reverse_proxy 192.168.1.5:15672
|
||||
}
|
@ -1,6 +1,3 @@
|
||||
dd.psf.lt {
|
||||
reverse_proxy :8008
|
||||
}
|
||||
# PERSONAL
|
||||
https://m.in.projectsegfau.lt:8448 m.in.projectsegfau.lt {
|
||||
import def
|
||||
@ -18,19 +15,3 @@ tnfiles.perso.in.projectsegfau.lt {
|
||||
}
|
||||
root * /zfspool/files/tn-sw
|
||||
}
|
||||
discourse.tildevarsh.in {
|
||||
reverse_proxy https://192.168.1.21:443 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
}
|
||||
jf.perso.in.projectsegfau.lt {
|
||||
reverse_proxy 192.168.1.20:8096
|
||||
import def
|
||||
}
|
||||
nc.perso.in.projectsegfau.lt {
|
||||
reverse_proxy 192.168.1.20:80
|
||||
import def
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user