Merge branch 'master' of git.projectsegfau.lt:ProjectSegfault/ansible
This commit is contained in:
commit
effb658a7e
38
cron/hourly-restarts.yaml
Normal file
38
cron/hourly-restarts.yaml
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
---
|
||||||
|
- name: Hourly Restarts (ALL NODES)
|
||||||
|
hosts: docker,privfrontends
|
||||||
|
vars:
|
||||||
|
services:
|
||||||
|
- invidious-invidious-1
|
||||||
|
tasks:
|
||||||
|
- name: Do thing
|
||||||
|
ansible.builtin.command: docker restart {{ item }}
|
||||||
|
register: out
|
||||||
|
changed_when: out.rc != 0
|
||||||
|
with_items: "{{ services }}"
|
||||||
|
- name: Hourly Restarts (SOLEIL+REST)
|
||||||
|
hosts: docker,us,in
|
||||||
|
vars:
|
||||||
|
services:
|
||||||
|
- breezewiki
|
||||||
|
- anonymousoverflow-anonymousoverflow-1
|
||||||
|
- simplytranslate-simplytranslate-1
|
||||||
|
- scribe
|
||||||
|
tasks:
|
||||||
|
- name: Do thing
|
||||||
|
ansible.builtin.command: docker restart {{ item }}
|
||||||
|
register: out
|
||||||
|
changed_when: out.rc != 0
|
||||||
|
with_items: "{{ services }}"
|
||||||
|
- name: Hourly Restarts (PIZZA+REST)
|
||||||
|
hosts: privfrontends
|
||||||
|
vars:
|
||||||
|
services:
|
||||||
|
- libreddit-libreddit-1
|
||||||
|
- teddit
|
||||||
|
tasks:
|
||||||
|
- name: Do thing
|
||||||
|
ansible.builtin.command: docker restart {{ item }}
|
||||||
|
register: out
|
||||||
|
changed_when: out.rc != 0
|
||||||
|
with_items: "{{ services }}"
|
18
host_vars/docker/privfrontends_secrets.yaml
Normal file
18
host_vars/docker/privfrontends_secrets.yaml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
36323339616139653231363637313635346361663831656537353462313563633963383465353564
|
||||||
|
6539633632313264643239633632333065653837396336610a313836363832646337643739383039
|
||||||
|
65316662363861653738663361353739306538376632333431353932626361316665323161333665
|
||||||
|
3065396561616463630a366530613530316161323836323334366635343839306636363837643466
|
||||||
|
61373733383764333364393938323764613065383662353034666139373133386166353062326534
|
||||||
|
30636236323037396535313133666364636163353165346638353661623731373338323232313065
|
||||||
|
62313865396433336364393536366537643338303335343830623034656236616465303164613962
|
||||||
|
65303639333461656331353636343735373965656665666634393933336333373735636165343164
|
||||||
|
36663765306239663866656661363935666661366536306331313962376330313965306336616337
|
||||||
|
32626566393166383934386264356631653430626533356263623861643765373633333938393934
|
||||||
|
35333238303335656562616336653066383163646665666465623139333333396538663834316463
|
||||||
|
32663532376165336366346336306262623637386161623937633431306235656431633366343163
|
||||||
|
33313465643730393033386532636136623033333735643638383564393330623663396361633932
|
||||||
|
66343063636132333639383931396433383635356564386639643739623632346237313363383261
|
||||||
|
37643162326165313435626165623634653730333664326665386362646364316461326630623266
|
||||||
|
30353038623137373161623661316535626462663636323165393033653266643332383862323865
|
||||||
|
3431
|
@ -1,25 +1,17 @@
|
|||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
61326662336163633231303866656435396466623935656634393531343964323833363063663332
|
31383035323330343562373837366530633935626131633737646633663838633463623465623465
|
||||||
6261333465366566303835636162393932656561353738640a353730306361643161383637663365
|
3535336536613038643534383537663866346364646365380a303939323038363036306535393033
|
||||||
30386464646566636661666631336265663831383362646463616631636264353663353739343831
|
33363439636337386437306536316663646235643430633236353935363838663264366362613463
|
||||||
3364653865616233340a383663343462653936613561323062353634313431366237396163306562
|
6334663732663730610a306261626334636538363363643062643438373031366532616635613730
|
||||||
31323262616336646561613063653564666666333034323232646663366363393037313937346135
|
32626636373834613665626437653930336636323266393932616631363334316434313333353239
|
||||||
63396334383033623966343037653532353239656433616632316266346130306532373138636564
|
34663864666631303336346539303864303234353231343561653535303132366234323731623230
|
||||||
34376138346439306164323966313731363230626239643766393537663864333966343865383537
|
31656362303362653332303064396633383265323033386264613861663762386139393161666664
|
||||||
62636235643136626338616165653830666230316337383339623433323933636661303134303730
|
36393137323838653439626261373465333330383436616663303165353438343363393364393130
|
||||||
31383564636365353030313436336666666534336363313037326465653439393162303133623565
|
63376635633238336337643866303633666434383437646331333235376136313062663633396662
|
||||||
34323165643761316261636631656462373362346533623565626635663430633665393832363635
|
35323363306434363961646437646433326133346361363461316462326633366139623839366631
|
||||||
38343037333462343166333931616634623037393637343634623931366337323230653537343836
|
63353334366566303163633237366463356530323761373264333261386166346465303936316630
|
||||||
64386565383662346337326131393664343431323334346236393765616130393963306133303639
|
63353963383032346432373332363835346462313661396664336233356434373730363337663631
|
||||||
39373162663862626637336365386430366434316465363339303335346162333635383534653235
|
32383632666435326138646235316538663766383236313737633536663434616361663138333164
|
||||||
32633633626136383236396330306232363464643938393061333036376664363335663161356163
|
33623939643261353437336265633966353466313734653639396532363764653662343463643032
|
||||||
35336535366466626230643934346539633736343136646461363838333864326533666132316532
|
33376166656366396136363438383832323933366236343437333137313334336566323932336333
|
||||||
66323235656236666534333133336265643938643930666165653036393763643563653939663538
|
31343537356663326433
|
||||||
64626531386166656434383632616633323161636335623165336338333466303666623563666436
|
|
||||||
65373639653739366239313262653734396462303330636535373736373839633765646632623533
|
|
||||||
65366265313431373239363332343766373835623964343235363830653639336661643032363532
|
|
||||||
61633435626362653436653666343337396632336437346536646462373035383766396339306663
|
|
||||||
31636363626639316565326436623562323732363965656438356134323864323164663137663031
|
|
||||||
63613834393233353534613934353266353765353638633533323937363061663834333533393832
|
|
||||||
34366433353964303437616461346163363831306630356339363838313837343430333830316361
|
|
||||||
63366637336563626662
|
|
||||||
|
@ -8,6 +8,8 @@ all:
|
|||||||
ansible_port: 22
|
ansible_port: 22
|
||||||
port: 22
|
port: 22
|
||||||
ansible_become: true # Run everything as root
|
ansible_become: true # Run everything as root
|
||||||
|
wiki_page: Soleil_Levant
|
||||||
|
server_prefix: eu
|
||||||
docker:
|
docker:
|
||||||
ansible_host: docker.vpn.projectsegfau.lt
|
ansible_host: docker.vpn.projectsegfau.lt
|
||||||
ansible_user: ansiblerunner
|
ansible_user: ansiblerunner
|
||||||
@ -17,6 +19,7 @@ all:
|
|||||||
country: France
|
country: France
|
||||||
isp: Orange S.A.
|
isp: Orange S.A.
|
||||||
wiki_page: Soleil_Levant
|
wiki_page: Soleil_Levant
|
||||||
|
server_prefix: eu
|
||||||
ansible_become: true # Run everything as root
|
ansible_become: true # Run everything as root
|
||||||
lxc:
|
lxc:
|
||||||
ansible_host: lxc.vpn.projectsegfau.lt
|
ansible_host: lxc.vpn.projectsegfau.lt
|
||||||
@ -44,6 +47,7 @@ all:
|
|||||||
ansible_port: 222
|
ansible_port: 222
|
||||||
port: 222
|
port: 222
|
||||||
docker_dir: /opt/docker-privfrontends
|
docker_dir: /opt/docker-privfrontends
|
||||||
|
server_prefix: eu
|
||||||
ansible_become: true # Run everything as root
|
ansible_become: true # Run everything as root
|
||||||
caddy_extras_config: templates/1-extras.Caddyfile
|
caddy_extras_config: templates/1-extras.Caddyfile
|
||||||
country: Luxembourg
|
country: Luxembourg
|
||||||
@ -61,6 +65,7 @@ all:
|
|||||||
country: United States
|
country: United States
|
||||||
isp: Digital Ocean
|
isp: Digital Ocean
|
||||||
wiki_page: US_Node
|
wiki_page: US_Node
|
||||||
|
server_prefix: us
|
||||||
watchtower_mtrx_username: watchtower-us
|
watchtower_mtrx_username: watchtower-us
|
||||||
in:
|
in:
|
||||||
ansible_host: in.vpn.projectsegfau.lt
|
ansible_host: in.vpn.projectsegfau.lt
|
||||||
@ -69,6 +74,7 @@ all:
|
|||||||
port: 22
|
port: 22
|
||||||
ansible_become: true # Run everything as root
|
ansible_become: true # Run everything as root
|
||||||
docker_dir: /opt/docker-privfrontends
|
docker_dir: /opt/docker-privfrontends
|
||||||
|
server_prefix: in
|
||||||
caddy_extras_config: templates/3-extras.Caddyfile
|
caddy_extras_config: templates/3-extras.Caddyfile
|
||||||
country: India
|
country: India
|
||||||
isp: Bharti Airtel
|
isp: Bharti Airtel
|
||||||
|
@ -5,14 +5,14 @@ services:
|
|||||||
image: codeberg.org/hyperpipe/hyperpipe:latest
|
image: codeberg.org/hyperpipe/hyperpipe:latest
|
||||||
container_name: hyperpipe-frontend
|
container_name: hyperpipe-frontend
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
entrypoint: sh -c 'find /usr/share/nginx/html -type f -exec sed -i s/pipedapi.kavin.rocks/{% if inventory_hostname == 'eu' %}api.piped.projectsegfau.lt{%else%}pipedapi.{{inventory_hostname}}.projectsegfau.lt{%endif%}/g {} \; -exec sed -i s/hyperpipeapi.onrender.com/hyperpipebackend.{{ inventory_hostname }}.projectsegfau.lt/g {} \; && /docker-entrypoint.sh && nginx -g "daemon off;"'
|
entrypoint: sh -c 'find /usr/share/nginx/html -type f -exec sed -i s/pipedapi.kavin.rocks/{% if server_prefix == 'eu' %}api.piped.projectsegfau.lt{%else%}pipedapi.{{server_prefix}}.projectsegfau.lt{%endif%}/g {} \; -exec sed -i s/hyperpipeapi.onrender.com/hyperpipebackend.{{ server_prefix }}.projectsegfau.lt/g {} \; && /docker-entrypoint.sh && nginx -g "daemon off;"'
|
||||||
ports:
|
ports:
|
||||||
- '8843:80'
|
- '8843:80'
|
||||||
hyperpipe-backend:
|
hyperpipe-backend:
|
||||||
image: codeberg.org/hyperpipe/hyperpipe-backend:latest
|
image: codeberg.org/hyperpipe/hyperpipe-backend:latest
|
||||||
container_name: hyperpipe-backend
|
container_name: hyperpipe-backend
|
||||||
environment:
|
environment:
|
||||||
- HYP_PROXY={% if inventory_hostname == 'eu' %}proxy.piped.projectsegfau.lt{%else%}pipedproxy.{{inventory_hostname}}.projectsegfau.lt{%endif%}
|
- HYP_PROXY={% if server_prefix == 'eu' %}proxy.piped.projectsegfau.lt{%else%}pipedproxy.{{server_prefix}}.projectsegfau.lt{%endif%}
|
||||||
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
ports:
|
ports:
|
||||||
|
@ -5,7 +5,7 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- "5070:80"
|
- "5070:80"
|
||||||
environment:
|
environment:
|
||||||
- SAFETWITCH_BACKEND_DOMAIN=api.safetwitch.{{inventory_hostname}}.projectsegfau.lt
|
- SAFETWITCH_BACKEND_DOMAIN=api.safetwitch.{{server_prefix}}.projectsegfau.lt
|
||||||
- SAFETWITCH_INSTANCE_DOMAIN=safetwitch.projectsegfau.lt
|
- SAFETWITCH_INSTANCE_DOMAIN=safetwitch.projectsegfau.lt
|
||||||
- SAFETWITCH_HTTPS=true
|
- SAFETWITCH_HTTPS=true
|
||||||
restart: always
|
restart: always
|
||||||
@ -15,5 +15,5 @@ services:
|
|||||||
- "5071:7000"
|
- "5071:7000"
|
||||||
environment:
|
environment:
|
||||||
- PORT=7000
|
- PORT=7000
|
||||||
- URL=https://api.safetwitch.{{inventory_hostname}}.projectsegfau.lt
|
- URL=https://api.safetwitch.{{server_prefix}}.projectsegfau.lt
|
||||||
restart: always
|
restart: always
|
||||||
|
@ -24,12 +24,12 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- searxng
|
- searxng
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:8081:8080"
|
- "8081:8080"
|
||||||
volumes:
|
volumes:
|
||||||
- ./searxng:/etc/searxng:rw
|
- ./searxng:/etc/searxng:rw
|
||||||
- ./extras.conf:/etc/searxng/settings.yml:rw
|
- ./extras.conf:/etc/searxng/settings.yml:rw
|
||||||
environment:
|
environment:
|
||||||
- SEARXNG_BASE_URL=https://search.{{inventory_hostname}}.projectsegfau.lt/
|
- SEARXNG_BASE_URL=https://{% if server_prefix == 'eu' %}search.projectsegfau.lt{%else%}search.{{inventory_hostname}}.projectsegfau.lt{%endif%}/
|
||||||
cap_drop:
|
cap_drop:
|
||||||
- ALL
|
- ALL
|
||||||
cap_add:
|
cap_add:
|
||||||
|
@ -3,7 +3,7 @@ services:
|
|||||||
simplytranslate:
|
simplytranslate:
|
||||||
image: quay.io/pussthecatorg/simplytranslate:latest
|
image: quay.io/pussthecatorg/simplytranslate:latest
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:5046:5000"
|
- "5046:5000"
|
||||||
volumes:
|
volumes:
|
||||||
- "./extras.conf:/etc/simplytranslate/web.conf"
|
- "./extras.conf:/etc/simplytranslate/web.conf"
|
||||||
restart: always
|
restart: always
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
path: "{{ docker_dir }}/{{ item }}"
|
path: "{{ docker_dir }}/{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
tags: docker
|
tags: docker,soleil,pizza
|
||||||
|
|
||||||
- name: Copy docker-compose templates for the service
|
- name: Copy docker-compose templates for the service
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
@ -13,14 +13,14 @@
|
|||||||
backup: true
|
backup: true
|
||||||
mode: preserve
|
mode: preserve
|
||||||
register: check_status
|
register: check_status
|
||||||
tags: docker
|
tags: docker,soleil,pizza
|
||||||
|
|
||||||
- name: Check if extras file exists for the service
|
- name: Check if extras file exists for the service
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: ./compose/{{ item }}/extras.conf.j2
|
path: ./compose/{{ item }}/extras.conf.j2
|
||||||
register: file
|
register: file
|
||||||
tags: docker
|
tags: docker,soleil,pizza
|
||||||
|
|
||||||
- name: Copy extras file
|
- name: Copy extras file
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
@ -29,7 +29,7 @@
|
|||||||
backup: true
|
backup: true
|
||||||
mode: preserve
|
mode: preserve
|
||||||
when: file.stat.exists
|
when: file.stat.exists
|
||||||
tags: docker
|
tags: docker,soleil,pizza
|
||||||
|
|
||||||
- name: "Update docker service image"
|
- name: "Update docker service image"
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
@ -38,7 +38,7 @@
|
|||||||
when: check_status.changed
|
when: check_status.changed
|
||||||
register: updateout
|
register: updateout
|
||||||
changed_when: updateout.rc != 0
|
changed_when: updateout.rc != 0
|
||||||
tags: docker
|
tags: docker,soleil,pizza
|
||||||
|
|
||||||
- name: "Stop docker service"
|
- name: "Stop docker service"
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
@ -47,7 +47,7 @@
|
|||||||
when: check_status.changed
|
when: check_status.changed
|
||||||
register: stopout
|
register: stopout
|
||||||
changed_when: stopout.rc != 0
|
changed_when: stopout.rc != 0
|
||||||
tags: docker
|
tags: docker,soleil,pizza
|
||||||
|
|
||||||
- name: "Start docker service"
|
- name: "Start docker service"
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
@ -56,4 +56,4 @@
|
|||||||
when: check_status.changed
|
when: check_status.changed
|
||||||
register: startout
|
register: startout
|
||||||
changed_when: startout.rc != 0
|
changed_when: startout.rc != 0
|
||||||
tags: docker
|
tags: docker,soleil,pizza
|
||||||
|
@ -1,8 +1,7 @@
|
|||||||
---
|
---
|
||||||
- name: Setup Caddy
|
- name: Setup Caddy
|
||||||
hosts: privfrontends
|
hosts: privfrontends,core
|
||||||
tasks:
|
tasks:
|
||||||
# This is run again so config still updates even if i dont run the role which isnt needed most of the time
|
|
||||||
- name: Copy Caddyfile
|
- name: Copy Caddyfile
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: ./templates/Caddyfile.j2
|
src: ./templates/Caddyfile.j2
|
||||||
@ -26,18 +25,9 @@
|
|||||||
hosts: privfrontends
|
hosts: privfrontends
|
||||||
vars:
|
vars:
|
||||||
docker_services:
|
docker_services:
|
||||||
- anonymousoverflow
|
|
||||||
- breezewiki
|
|
||||||
- gothub
|
|
||||||
- gothub-dev
|
|
||||||
- hyperpipe
|
|
||||||
- librarian
|
- librarian
|
||||||
- libreddit
|
- libreddit
|
||||||
- nitter
|
- nitter
|
||||||
- rimgo
|
|
||||||
- safetwitch
|
|
||||||
- scribe
|
|
||||||
- simplytranslate
|
|
||||||
- teddit
|
- teddit
|
||||||
- watchtower
|
- watchtower
|
||||||
tasks:
|
tasks:
|
||||||
@ -46,19 +36,28 @@
|
|||||||
- name: Update docker compose files and restart those with changes
|
- name: Update docker compose files and restart those with changes
|
||||||
ansible.builtin.include_tasks: docker-tasks.yaml
|
ansible.builtin.include_tasks: docker-tasks.yaml
|
||||||
with_items: "{{ docker_services }}"
|
with_items: "{{ docker_services }}"
|
||||||
tags: docker
|
tags: docker,pizza
|
||||||
- name: Setup docker compose for privacy frontends (non-pizza1)
|
- name: Setup docker compose for privacy frontends (soleil+normal)
|
||||||
hosts: in,us
|
hosts: in,us,docker
|
||||||
vars:
|
vars:
|
||||||
non_pizza_docker_services:
|
non_pizza_docker_services:
|
||||||
|
- anonymousoverflow
|
||||||
|
- breezewiki
|
||||||
|
- gothub
|
||||||
|
- gothub-dev
|
||||||
- searxng
|
- searxng
|
||||||
|
- hyperpipe
|
||||||
|
- rimgo
|
||||||
|
- safetwitch
|
||||||
|
- scribe
|
||||||
|
- simplytranslate
|
||||||
tasks:
|
tasks:
|
||||||
# community.docker does not support compose 2.0 right now.
|
# community.docker does not support compose 2.0 right now.
|
||||||
# https://github.com/ansible-collections/community.docker/issues/216
|
# https://github.com/ansible-collections/community.docker/issues/216
|
||||||
- name: Update docker compose files and restart those with changes (Privacy Frontends but without Pizza1)
|
- name: Update docker compose files and restart those with changes (Privacy Frontends but without Pizza1)
|
||||||
ansible.builtin.include_tasks: docker-tasks.yaml
|
ansible.builtin.include_tasks: docker-tasks.yaml
|
||||||
with_items: "{{ non_pizza_docker_services }}"
|
with_items: "{{ non_pizza_docker_services }}"
|
||||||
tags: docker
|
tags: docker,soleil
|
||||||
|
|
||||||
- name: Setup cron jobs
|
- name: Setup cron jobs
|
||||||
hosts: privfrontends
|
hosts: privfrontends
|
||||||
|
@ -33,7 +33,7 @@
|
|||||||
(def) {
|
(def) {
|
||||||
header {
|
header {
|
||||||
# disable FLoC tracking
|
# disable FLoC tracking
|
||||||
Permissions-Policy interest-cohort=()
|
Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()";
|
||||||
|
|
||||||
# enable HSTS
|
# enable HSTS
|
||||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
@ -60,245 +60,25 @@
|
|||||||
import acmedns
|
import acmedns
|
||||||
{% endif %}
|
{% endif %}
|
||||||
}
|
}
|
||||||
:80 {{inventory_hostname}}.projectsegfau.lt {% if inventory_hostname == 'eu' %} pizza1.projectsegfau.lt {% endif %} {
|
:80 {{ inventory_hostname }}.projectsegfau.lt {% if inventory_hostname == 'eu' %} pizza1.projectsegfau.lt {% endif %} {% if inventory_hostname == 'core' %} soleil.projectsegfau.lt {% endif %} {
|
||||||
redir https://wiki.projectsegfau.lt/index.php?title={{wiki_page}}
|
redir https://wiki.projectsegfau.lt/index.php?title={{ wiki_page }}
|
||||||
}
|
}
|
||||||
cdn.projectsegfau.lt cdn.{{inventory_hostname}}.projectsegfau.lt {
|
# PIZZA + US + IN
|
||||||
|
{% if inventory_hostname == 'eu' or inventory_hostname == 'us' or inventory_hostname == 'in' %}
|
||||||
|
cdn.projectsegfau.lt cdn.{{ server_prefix }}.projectsegfau.lt {
|
||||||
encode zstd gzip
|
encode zstd gzip
|
||||||
root * /var/cdn
|
root * /var/cdn
|
||||||
file_server {
|
file_server {
|
||||||
browse
|
browse
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
{% if inventory_hostname == 'eu' %}
|
lbry.{{ server_prefix }}.projectsegfau.lt lbry.projectsegfau.lt {
|
||||||
inv.bp.projectsegfau.lt {
|
|
||||||
reverse_proxy localhost:7573
|
|
||||||
header {
|
|
||||||
# disable FLoC tracking
|
|
||||||
Permissions-Policy interest-cohort=()
|
|
||||||
|
|
||||||
# enable HSTS
|
|
||||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
||||||
# disable clients from sniffing the media type
|
|
||||||
X-Content-Type-Options nosniff
|
|
||||||
|
|
||||||
# keep referrer data off of HTTP connections
|
|
||||||
Referrer-Policy no-referrer-when-downgrade
|
|
||||||
|
|
||||||
X-XSS-Protection "1; mode=block"
|
|
||||||
defer
|
|
||||||
}
|
|
||||||
log {
|
|
||||||
output discard
|
|
||||||
format filter {
|
|
||||||
wrap console
|
|
||||||
fields {
|
|
||||||
request>remote_ip replace REDACTED
|
|
||||||
request>headers>X-Forwarded-For replace REDACTED
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
import torloc invbp
|
|
||||||
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
|
|
||||||
}
|
|
||||||
i.bp.psf.lt {
|
|
||||||
reverse_proxy localhost:7573
|
|
||||||
header {
|
|
||||||
# disable FLoC tracking
|
|
||||||
Permissions-Policy interest-cohort=()
|
|
||||||
-Content-Security-Policy
|
|
||||||
# enable HSTS
|
|
||||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
||||||
# disable clients from sniffing the media type
|
|
||||||
X-Content-Type-Options nosniff
|
|
||||||
|
|
||||||
# keep referrer data off of HTTP connections
|
|
||||||
Referrer-Policy no-referrer-when-downgrade
|
|
||||||
|
|
||||||
X-XSS-Protection "1; mode=block"
|
|
||||||
defer
|
|
||||||
}
|
|
||||||
log {
|
|
||||||
output discard
|
|
||||||
format filter {
|
|
||||||
wrap console
|
|
||||||
fields {
|
|
||||||
request>remote_ip replace REDACTED
|
|
||||||
request>headers>X-Forwarded-For replace REDACTED
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
import torloc invbp
|
|
||||||
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
|
|
||||||
}
|
|
||||||
proxy.lbry.projectsegfau.lt {
|
|
||||||
reverse_proxy localhost:3001
|
|
||||||
import def
|
|
||||||
}
|
|
||||||
gothub.dev.projectsegfau.lt gh.dev.psf.lt {
|
|
||||||
reverse_proxy localhost:1025
|
|
||||||
import def
|
|
||||||
}
|
|
||||||
{% else %}
|
|
||||||
inv.{{inventory_hostname}}.projectsegfau.lt {
|
|
||||||
reverse_proxy localhost:7573
|
|
||||||
header {
|
|
||||||
# disable FLoC tracking
|
|
||||||
Permissions-Policy interest-cohort=()
|
|
||||||
|
|
||||||
# enable HSTS
|
|
||||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
||||||
# disable clients from sniffing the media type
|
|
||||||
X-Content-Type-Options nosniff
|
|
||||||
|
|
||||||
# keep referrer data off of HTTP connections
|
|
||||||
Referrer-Policy no-referrer-when-downgrade
|
|
||||||
|
|
||||||
X-XSS-Protection "1; mode=block"
|
|
||||||
defer
|
|
||||||
}
|
|
||||||
log {
|
|
||||||
output discard
|
|
||||||
format filter {
|
|
||||||
wrap console
|
|
||||||
fields {
|
|
||||||
request>remote_ip replace REDACTED
|
|
||||||
request>headers>X-Forwarded-For replace REDACTED
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
{% if inventory_hostname == 'in' %}
|
|
||||||
import acmedns
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
i.{{inventory_hostname}}.psf.lt {
|
|
||||||
reverse_proxy localhost:7573
|
|
||||||
header {
|
|
||||||
# disable FLoC tracking
|
|
||||||
Permissions-Policy interest-cohort=()
|
|
||||||
-Content-Security-Policy
|
|
||||||
# enable HSTS
|
|
||||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
||||||
# disable clients from sniffing the media type
|
|
||||||
X-Content-Type-Options nosniff
|
|
||||||
|
|
||||||
# keep referrer data off of HTTP connections
|
|
||||||
Referrer-Policy no-referrer-when-downgrade
|
|
||||||
|
|
||||||
X-XSS-Protection "1; mode=block"
|
|
||||||
defer
|
|
||||||
}
|
|
||||||
log {
|
|
||||||
output discard
|
|
||||||
format filter {
|
|
||||||
wrap console
|
|
||||||
fields {
|
|
||||||
request>remote_ip replace REDACTED
|
|
||||||
request>headers>X-Forwarded-For replace REDACTED
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
{% if inventory_hostname == 'in' %}
|
|
||||||
import acmedns
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
piped.{{inventory_hostname}}.projectsegfau.lt pipedproxy.{{inventory_hostname}}.projectsegfau.lt pipedapi.{{inventory_hostname}}.projectsegfau.lt {
|
|
||||||
reverse_proxy :6970
|
|
||||||
header {
|
|
||||||
# disable FLoC tracking
|
|
||||||
Permissions-Policy interest-cohort=()
|
|
||||||
|
|
||||||
# enable HSTS
|
|
||||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
||||||
# disable clients from sniffing the media type
|
|
||||||
X-Content-Type-Options nosniff
|
|
||||||
|
|
||||||
# keep referrer data off of HTTP connections
|
|
||||||
Referrer-Policy no-referrer-when-downgrade
|
|
||||||
|
|
||||||
X-XSS-Protection "1; mode=block"
|
|
||||||
defer
|
|
||||||
}
|
|
||||||
log {
|
|
||||||
output discard
|
|
||||||
format filter {
|
|
||||||
wrap console
|
|
||||||
fields {
|
|
||||||
request>remote_ip replace REDACTED
|
|
||||||
request>headers>X-Forwarded-For replace REDACTED
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
{% if inventory_hostname == 'in' %}
|
|
||||||
import acmedns
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
pi.{{inventory_hostname}}.psf.lt {
|
|
||||||
reverse_proxy :6970 {
|
|
||||||
header_up Host "piped.{{inventory_hostname}}.projectsegfau.lt"
|
|
||||||
}
|
|
||||||
header {
|
|
||||||
# disable FLoC tracking
|
|
||||||
Permissions-Policy interest-cohort=()
|
|
||||||
|
|
||||||
# enable HSTS
|
|
||||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
||||||
# disable clients from sniffing the media type
|
|
||||||
X-Content-Type-Options nosniff
|
|
||||||
|
|
||||||
# keep referrer data off of HTTP connections
|
|
||||||
Referrer-Policy no-referrer-when-downgrade
|
|
||||||
|
|
||||||
X-XSS-Protection "1; mode=block"
|
|
||||||
defer
|
|
||||||
}
|
|
||||||
log {
|
|
||||||
output discard
|
|
||||||
format filter {
|
|
||||||
wrap console
|
|
||||||
fields {
|
|
||||||
request>remote_ip replace REDACTED
|
|
||||||
request>headers>X-Forwarded-For replace REDACTED
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
{% endif %}
|
|
||||||
lbry.{{inventory_hostname}}.projectsegfau.lt lbry.projectsegfau.lt {
|
|
||||||
reverse_proxy :3550
|
reverse_proxy :3550
|
||||||
import def
|
import def
|
||||||
import torloc lbry
|
import torloc lbry
|
||||||
import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p
|
import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p
|
||||||
}
|
}
|
||||||
gothub.{{inventory_hostname}}.projectsegfau.lt gothub.projectsegfau.lt gh.psf.lt gh.{{inventory_hostname}}.psf.lt {
|
nitter.{{ server_prefix }}.projectsegfau.lt nitter.projectsegfau.lt n.psf.lt n.{{ server_prefix }}.psf.lt {
|
||||||
reverse_proxy :1024
|
|
||||||
import def
|
|
||||||
import torloc gothub
|
|
||||||
}
|
|
||||||
overflow.{{inventory_hostname}}.projectsegfau.lt overflow.projectsegfau.lt o.psf.lt o.{{inventory_hostname}}.psf.lt {
|
|
||||||
reverse_proxy :8694
|
|
||||||
import def
|
|
||||||
import torloc overflow
|
|
||||||
}
|
|
||||||
teddit.{{inventory_hostname}}.projectsegfau.lt teddit.projectsegfau.lt t.psf.lt t.{{inventory_hostname}}.psf.lt {
|
|
||||||
reverse_proxy :9061
|
|
||||||
import def
|
|
||||||
import torloc teddit
|
|
||||||
}
|
|
||||||
rimgo.{{inventory_hostname}}.projectsegfau.lt rimgo.projectsegfau.lt rg.psf.lt rg.{{inventory_hostname}}.psf.lt {
|
|
||||||
reverse_proxy :9016
|
|
||||||
import def
|
|
||||||
import torloc rimgo
|
|
||||||
}
|
|
||||||
|
|
||||||
libreddit.{{inventory_hostname}}.projectsegfau.lt libreddit.projectsegfau.lt lr.psf.lt lr.{{inventory_hostname}}.psf.lt {
|
|
||||||
reverse_proxy :6464
|
|
||||||
import def
|
|
||||||
import torloc libreddit
|
|
||||||
import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p
|
|
||||||
}
|
|
||||||
|
|
||||||
nitter.{{inventory_hostname}}.projectsegfau.lt nitter.projectsegfau.lt n.psf.lt n.{{inventory_hostname}}.psf.lt {
|
|
||||||
import def
|
import def
|
||||||
header {
|
header {
|
||||||
X-Permitted-Cross-Domain-Policies none
|
X-Permitted-Cross-Domain-Policies none
|
||||||
@ -313,48 +93,100 @@ nitter.{{inventory_hostname}}.projectsegfau.lt nitter.projectsegfau.lt n.psf.lt
|
|||||||
import torloc nitter
|
import torloc nitter
|
||||||
import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p
|
import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p
|
||||||
}
|
}
|
||||||
bb.{{inventory_hostname}}.projectsegfau.lt bb.projectsegfau.lt {
|
libreddit.{{ server_prefix }}.projectsegfau.lt libreddit.projectsegfau.lt lr.psf.lt lr.{{ server_prefix }}.psf.lt {
|
||||||
|
reverse_proxy :6464
|
||||||
import def
|
import def
|
||||||
import torloc beatbump
|
import torloc libreddit
|
||||||
import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p
|
import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p
|
||||||
redir https://hyperpipe.projectsegfau.lt{uri}
|
|
||||||
}
|
}
|
||||||
|
teddit.{{ server_prefix }}.projectsegfau.lt teddit.projectsegfau.lt t.psf.lt t.{{ server_prefix }}.psf.lt {
|
||||||
|
reverse_proxy :9061
|
||||||
|
import def
|
||||||
|
import torloc teddit
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
|
# SOLEIL + US + IN
|
||||||
|
{% if inventory_hostname == 'core' or inventory_hostname == 'us' or inventory_hostname == 'in' %}
|
||||||
|
inv.{{ server_prefix }}.projectsegfau.lt inv.projectsegfau.lt invidious.projectsegfau.lt i.{{ server_prefix }}.psf.lt i.psf.lt {
|
||||||
|
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:7573
|
||||||
|
header {
|
||||||
|
# disable FLoC tracking
|
||||||
|
Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()";
|
||||||
|
|
||||||
bw.{{inventory_hostname}}.projectsegfau.lt bw.projectsegfau.lt bw.psf.lt bw.{{inventory_hostname}}.psf.lt {
|
# enable HSTS
|
||||||
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
|
# disable clients from sniffing the media type
|
||||||
|
X-Content-Type-Options nosniff
|
||||||
|
|
||||||
|
# keep referrer data off of HTTP connections
|
||||||
|
Referrer-Policy no-referrer-when-downgrade
|
||||||
|
-Content-Security-Policy
|
||||||
|
|
||||||
|
X-XSS-Protection "1; mode=block"
|
||||||
|
defer
|
||||||
|
}
|
||||||
|
log {
|
||||||
|
output discard
|
||||||
|
format filter {
|
||||||
|
wrap console
|
||||||
|
fields {
|
||||||
|
request>remote_ip replace REDACTED
|
||||||
|
request>headers>X-Forwarded-For replace REDACTED
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
{% if server_prefix == 'in' %}
|
||||||
|
import acmedns
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
gothub.{{ server_prefix }}.projectsegfau.lt gothub.projectsegfau.lt gh.psf.lt gh.{{ server_prefix }}.psf.lt {
|
||||||
|
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:1024
|
||||||
|
import def
|
||||||
|
import torloc gothub
|
||||||
|
}
|
||||||
|
overflow.{{ server_prefix }}.projectsegfau.lt overflow.projectsegfau.lt o.psf.lt o.{{ server_prefix }}.psf.lt {
|
||||||
|
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8694
|
||||||
|
import def
|
||||||
|
import torloc overflow
|
||||||
|
}
|
||||||
|
rimgo.{{ server_prefix }}.projectsegfau.lt rimgo.projectsegfau.lt rg.psf.lt rg.{{ server_prefix }}.psf.lt {
|
||||||
|
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:9016
|
||||||
|
import def
|
||||||
|
import torloc rimgo
|
||||||
|
}
|
||||||
|
bw.{{ server_prefix }}.projectsegfau.lt bw.projectsegfau.lt bw.psf.lt bw.{{ server_prefix }}.psf.lt {
|
||||||
import def
|
import def
|
||||||
import torloc breezewiki
|
import torloc breezewiki
|
||||||
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
|
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
|
||||||
reverse_proxy :10416
|
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:10416
|
||||||
}
|
}
|
||||||
scribe.{{inventory_hostname}}.projectsegfau.lt scribe.projectsegfau.lt sc.psf.lt sc.{{inventory_hostname}}.psf.lt {
|
scribe.{{ server_prefix }}.projectsegfau.lt scribe.projectsegfau.lt sc.psf.lt sc.{{ server_prefix }}.psf.lt {
|
||||||
import def
|
import def
|
||||||
import torloc scribe
|
import torloc scribe
|
||||||
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
|
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
|
||||||
reverse_proxy :8006
|
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8006
|
||||||
}
|
}
|
||||||
translate.{{inventory_hostname}}.projectsegfau.lt translate.projectsegfau.lt tl.psf.lt tl.{{inventory_hostname}}.psf.lt {
|
translate.{{ server_prefix }}.projectsegfau.lt translate.projectsegfau.lt tl.psf.lt tl.{{ server_prefix }}.psf.lt {
|
||||||
import def
|
import def
|
||||||
reverse_proxy :5046
|
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:5046
|
||||||
}
|
}
|
||||||
safetwitch.{{inventory_hostname}}.projectsegfau.lt safetwitch.projectsegfau.lt tw.psf.lt tw.{{inventory_hostname}}.psf.lt {
|
safetwitch.{{ server_prefix }}.projectsegfau.lt safetwitch.projectsegfau.lt tw.psf.lt tw.{{ server_prefix }}.psf.lt {
|
||||||
import def
|
import def
|
||||||
reverse_proxy :5070
|
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:5070
|
||||||
}
|
}
|
||||||
api.safetwitch.{{inventory_hostname}}.projectsegfau.lt {
|
api.safetwitch.{{ server_prefix }}.projectsegfau.lt {
|
||||||
reverse_proxy :5071
|
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:5071
|
||||||
}
|
}
|
||||||
hyperpipe.{{inventory_hostname}}.projectsegfau.lt hyperpipe.projectsegfau.lt hp.psf.lt hp.{{inventory_hostname}}.psf.lt {
|
hyperpipe.{{ server_prefix }}.projectsegfau.lt hyperpipe.projectsegfau.lt hp.psf.lt hp.{{ server_prefix }}.psf.lt {
|
||||||
import def
|
import def
|
||||||
reverse_proxy :8843
|
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8843
|
||||||
}
|
}
|
||||||
hyperpipebackend.{{inventory_hostname}}.projectsegfau.lt {
|
hyperpipebackend.{{ server_prefix }}.projectsegfau.lt {
|
||||||
reverse_proxy :3536
|
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:3536
|
||||||
}
|
}
|
||||||
{% if inventory_hostname == 'eu' %}
|
search.{{ server_prefix }}.projectsegfau.lt search.projectsegfau.lt s.psf.lt s.{{ server_prefix }}.psf.lt {
|
||||||
{% else %}
|
|
||||||
search.{{inventory_hostname}}.projectsegfau.lt s.psf.lt s.{{inventory_hostname}}.psf.lt {
|
|
||||||
import def
|
import def
|
||||||
reverse_proxy :8081
|
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:8081
|
||||||
@api {
|
@api {
|
||||||
path /config
|
path /config
|
||||||
path /healthz
|
path /healthz
|
||||||
@ -414,5 +246,67 @@ search.{{inventory_hostname}}.projectsegfau.lt s.psf.lt s.{{inventory_hostname}}
|
|||||||
Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
|
Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
{% if server_prefix == 'eu' %}piped.projectsegfau.lt proxy.piped.projectsegfau.lt api.piped.projectsegfau.lt {%else%} piped.{{ server_prefix }}.projectsegfau.lt pipedproxy.{{ server_prefix }}.projectsegfau.lt pipedapi.{{ server_prefix }}.projectsegfau.lt {%endif%} {
|
||||||
|
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:6970
|
||||||
|
header {
|
||||||
|
# disable FLoC tracking
|
||||||
|
Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()";
|
||||||
|
|
||||||
|
# enable HSTS
|
||||||
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
|
# disable clients from sniffing the media type
|
||||||
|
X-Content-Type-Options nosniff
|
||||||
|
|
||||||
|
# keep referrer data off of HTTP connections
|
||||||
|
Referrer-Policy no-referrer-when-downgrade
|
||||||
|
|
||||||
|
X-XSS-Protection "1; mode=block"
|
||||||
|
defer
|
||||||
|
}
|
||||||
|
log {
|
||||||
|
output discard
|
||||||
|
format filter {
|
||||||
|
wrap console
|
||||||
|
fields {
|
||||||
|
request>remote_ip replace REDACTED
|
||||||
|
request>headers>X-Forwarded-For replace REDACTED
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
{% if server_prefix == 'in' %}
|
||||||
|
import acmedns
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
pi.{{ server_prefix }}.psf.lt pi.psf.lt {
|
||||||
|
reverse_proxy {% if inventory_hostname == 'core' %}192.168.5.2{% endif %}:6970 {
|
||||||
|
header_up Host "{% if server_prefix == 'eu' %}piped.projectsegfau.lt{%else%}piped.{{ server_prefix }}.projectsegfau.lt{%endif%}"
|
||||||
|
}
|
||||||
|
header {
|
||||||
|
# disable FLoC tracking
|
||||||
|
Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()";
|
||||||
|
|
||||||
|
# enable HSTS
|
||||||
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
|
# disable clients from sniffing the media type
|
||||||
|
X-Content-Type-Options nosniff
|
||||||
|
|
||||||
|
# keep referrer data off of HTTP connections
|
||||||
|
Referrer-Policy no-referrer-when-downgrade
|
||||||
|
|
||||||
|
X-XSS-Protection "1; mode=block"
|
||||||
|
defer
|
||||||
|
}
|
||||||
|
log {
|
||||||
|
output discard
|
||||||
|
format filter {
|
||||||
|
wrap console
|
||||||
|
fields {
|
||||||
|
request>remote_ip replace REDACTED
|
||||||
|
request>headers>X-Forwarded-For replace REDACTED
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
import ./*.Caddyfile
|
import ./*.Caddyfile
|
||||||
|
289
privfrontends/templates/core/apps.Caddyfile
Normal file
289
privfrontends/templates/core/apps.Caddyfile
Normal file
@ -0,0 +1,289 @@
|
|||||||
|
# ---Apps Caddyfile---
|
||||||
|
|
||||||
|
# Akkoma
|
||||||
|
social.projectsegfau.lt {
|
||||||
|
import def
|
||||||
|
encode gzip
|
||||||
|
|
||||||
|
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
|
||||||
|
# and `localhost.` resolves to [::0] on some systems: see issue #930
|
||||||
|
reverse_proxy 192.168.5.2:4011
|
||||||
|
|
||||||
|
handle /media/* {
|
||||||
|
redir https://media.social.projectsegfau.lt{uri} permanent
|
||||||
|
}
|
||||||
|
handle /proxy/* {
|
||||||
|
redir https://media.social.projectsegfau.lt{uri} permanent
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Security mitigation
|
||||||
|
# See https://webb.spiderden.org/2023/05/26/pleroma-mitigation/
|
||||||
|
# And https://poa.st/notice/AWDToOiKAl4BPhdEB6
|
||||||
|
# And https://gleasonator.com/notice/AW3PsTi4WCWEUbN0uO
|
||||||
|
media.social.projectsegfau.lt {
|
||||||
|
handle /media/* {
|
||||||
|
reverse_proxy 192.168.5.2:4011 {
|
||||||
|
transport http {
|
||||||
|
response_header_timeout 10s
|
||||||
|
read_timeout 15s
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
handle /proxy/* {
|
||||||
|
reverse_proxy 192.168.5.2:4011 {
|
||||||
|
transport http {
|
||||||
|
response_header_timeout 10s
|
||||||
|
read_timeout 15s
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Cinny
|
||||||
|
cinny.projectsegfau.lt cy.psf.lt {
|
||||||
|
reverse_proxy 192.168.5.2:3069
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
|
||||||
|
# Website
|
||||||
|
projectsegfau.lt {
|
||||||
|
reverse_proxy 192.168.5.2:1337
|
||||||
|
import def
|
||||||
|
reverse_proxy /_matrix/* 192.168.5.2:8449 {
|
||||||
|
header_up Host "matrix.projectsegfau.lt"
|
||||||
|
}
|
||||||
|
reverse_proxy /_matrix/client/* 192.168.5.2:81 {
|
||||||
|
header_up Host "matrix.projectsegfau.lt"
|
||||||
|
}
|
||||||
|
reverse_proxy /_synapse/* 192.168.5.2:81 {
|
||||||
|
header_up Host "matrix.projectsegfau.lt"
|
||||||
|
}
|
||||||
|
reverse_proxy /.well-known/acme-challenge/* 192.168.5.5:5380
|
||||||
|
reverse_proxy /converse 192.168.5.5:5280
|
||||||
|
reverse_proxy /converseemojis.js 192.168.5.5:5280
|
||||||
|
reverse_proxy /converse/* 192.168.5.5:5280
|
||||||
|
reverse_proxy /bosh 192.168.5.5:5280
|
||||||
|
reverse_proxy /ws 192.168.5.5:5280
|
||||||
|
header /.well-known/matrix/* Content-Type application/json
|
||||||
|
header /.well-known/matrix/* Access-Control-Allow-Origin *
|
||||||
|
handle_path /.well-known/* {
|
||||||
|
root * /var/www/well-known
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
header /.well-known/host-meta Content-Type application/xrd+xml
|
||||||
|
header /.well-known/host-meta.json Content-Type application/json
|
||||||
|
header /.well-known/host-meta.json Access-Control-Allow-Origin *
|
||||||
|
header /.well-known/host-meta Access-Control-Allow-Origin *
|
||||||
|
import torloc www
|
||||||
|
}
|
||||||
|
psf.lt {
|
||||||
|
reverse_proxy 192.168.5.2:1337
|
||||||
|
import def
|
||||||
|
import torloc www
|
||||||
|
header /.well-known/matrix/* Content-Type application/json
|
||||||
|
header /.well-known/matrix/* Access-Control-Allow-Origin *
|
||||||
|
handle_path /.well-known/* {
|
||||||
|
root * /var/www/psf-well-known
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ssync.projectsegfau.lt {
|
||||||
|
reverse_proxy 192.168.5.2:3333
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
|
||||||
|
www.projectsegfau.lt www.psf.lt {
|
||||||
|
redir https://projectsegfau.lt{uri}
|
||||||
|
import torloc www
|
||||||
|
}
|
||||||
|
|
||||||
|
matrix.projectsegfau.lt {
|
||||||
|
reverse_proxy /_matrix/* 192.168.5.2:8449 {
|
||||||
|
header_up Host "matrix.projectsegfau.lt"
|
||||||
|
}
|
||||||
|
reverse_proxy /_matrix/client/* 192.168.5.2:81 {
|
||||||
|
header_up Host "matrix.projectsegfau.lt"
|
||||||
|
}
|
||||||
|
reverse_proxy /_synapse/* 192.168.5.2:81 {
|
||||||
|
header_up Host "matrix.projectsegfau.lt"
|
||||||
|
}
|
||||||
|
import def
|
||||||
|
#reverse_proxy /_synapse/client/* 192.168.5.2:81 {
|
||||||
|
# header_up Host "matrix.projectsegfau.lt"
|
||||||
|
#}
|
||||||
|
handle_path / {
|
||||||
|
redir https://wiki.projectsegfau.lt/Matrix
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Directus
|
||||||
|
cms.projectsegfau.lt {
|
||||||
|
reverse_proxy 192.168.5.2:9456
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
|
||||||
|
# Element
|
||||||
|
chat.projectsegfau.lt el.psf.lt {
|
||||||
|
reverse_proxy 192.168.5.2:3070
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
|
||||||
|
# Gitea
|
||||||
|
git.projectsegfau.lt {
|
||||||
|
reverse_proxy 192.168.5.5:3444
|
||||||
|
respond /metrics 403
|
||||||
|
import def
|
||||||
|
request_body {
|
||||||
|
max_size 500MB
|
||||||
|
}
|
||||||
|
header {
|
||||||
|
Content-Security-Policy "default-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; frame-ancestors 'self'; frame-src 'self';"
|
||||||
|
}
|
||||||
|
import torloc git
|
||||||
|
}
|
||||||
|
git.psf.lt {
|
||||||
|
reverse_proxy 192.168.5.5:3444 {
|
||||||
|
header_up Host "git.projectsegfau.lt"
|
||||||
|
}
|
||||||
|
respond /metrics 403
|
||||||
|
import def
|
||||||
|
request_body {
|
||||||
|
max_size 500MB
|
||||||
|
}
|
||||||
|
header {
|
||||||
|
Content-Security-Policy "default-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; frame-ancestors 'self'; frame-src 'self';"
|
||||||
|
}
|
||||||
|
import torloc git
|
||||||
|
}
|
||||||
|
# HedgeDoc
|
||||||
|
doc.projectsegfau.lt {
|
||||||
|
reverse_proxy 192.168.5.2:2069 {
|
||||||
|
header_up X-Real-IP {remote_host}
|
||||||
|
}
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
|
||||||
|
# Hydrogen
|
||||||
|
h2.projectsegfau.lt, hydrogen.projectsegfau.lt, h2.psf.lt {
|
||||||
|
reverse_proxy 192.168.5.2:3071
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
|
||||||
|
# Jitsi
|
||||||
|
jitsi.projectsegfau.lt {
|
||||||
|
reverse_proxy 192.168.5.5:8000 {
|
||||||
|
header_up X-Real-IP {remote_host}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
# Excalidraw backend for jitsi
|
||||||
|
excalidraw.projectsegfau.lt {
|
||||||
|
reverse_proxy 192.168.5.5:8694
|
||||||
|
}
|
||||||
|
|
||||||
|
# Maubot
|
||||||
|
mau.projectsegfau.lt {
|
||||||
|
reverse_proxy 192.168.5.2:29316
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
|
||||||
|
# MediaWiki
|
||||||
|
wiki.projectsegfau.lt w.psf.lt {
|
||||||
|
reverse_proxy 192.168.5.3:8000 {
|
||||||
|
header_up X-Real-IP {remote_host}
|
||||||
|
}
|
||||||
|
import def
|
||||||
|
encode gzip
|
||||||
|
import torloc wiki
|
||||||
|
}
|
||||||
|
|
||||||
|
# Vikunja
|
||||||
|
todo.projectsegfau.lt vi.psf.lt {
|
||||||
|
reverse_proxy 192.168.5.2:3456
|
||||||
|
import def
|
||||||
|
import torloc todo
|
||||||
|
}
|
||||||
|
|
||||||
|
# Vaultwarden
|
||||||
|
pass.projectsegfau.lt vw.psf.lt {
|
||||||
|
reverse_proxy 192.168.5.2:6980 {
|
||||||
|
header_up X-Real-IP {remote_host}
|
||||||
|
}
|
||||||
|
import def
|
||||||
|
reverse_proxy /notifications/hub 192.168.5.2:3012 {
|
||||||
|
header_up X-Real-IP {remote_host}
|
||||||
|
}
|
||||||
|
import torloc pass
|
||||||
|
}
|
||||||
|
|
||||||
|
# XMPP
|
||||||
|
xmpp.projectsegfau.lt, conference.projectsegfau.lt, proxy.projectsegfau.lt, pubsub.projectsegfau.lt, upload.projectsegfau.lt {
|
||||||
|
reverse_proxy 192.168.5.5:5280 {
|
||||||
|
header_up X-Real-IP {remote_host}
|
||||||
|
}
|
||||||
|
reverse_proxy /.well-known/acme-challenge/* 192.168.5.5:5380
|
||||||
|
@register {
|
||||||
|
path /new/
|
||||||
|
path /change_password/
|
||||||
|
path /delete/
|
||||||
|
path /new
|
||||||
|
path /change_password
|
||||||
|
path /delete
|
||||||
|
}
|
||||||
|
redir @register /register{uri}
|
||||||
|
import def
|
||||||
|
header /.well-known/host-meta Content-Type application/xrd+xml
|
||||||
|
header /.well-known/host-meta.json Content-Type application/json
|
||||||
|
header /.well-known/host-meta.json Access-Control-Allow-Origin *
|
||||||
|
header /.well-known/host-meta Access-Control-Allow-Origin *
|
||||||
|
handle_path /.well-known/* {
|
||||||
|
root * /var/www/well-known
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
handle_path / {
|
||||||
|
redir https://wiki.projectsegfau.lt/XMPP
|
||||||
|
}
|
||||||
|
}
|
||||||
|
xmpp-web.projectsegfau.lt, x.psf.lt {
|
||||||
|
import def
|
||||||
|
reverse_proxy 192.168.5.2:3072
|
||||||
|
}
|
||||||
|
healthchecks.projectsegfau.lt, hc.psf.lt {
|
||||||
|
import def
|
||||||
|
reverse_proxy 192.168.5.2:8450
|
||||||
|
}
|
||||||
|
# Pubthentik
|
||||||
|
auth.p.projectsegfau.lt {
|
||||||
|
reverse_proxy 192.168.5.2:7444 {
|
||||||
|
transport http {
|
||||||
|
tls_insecure_skip_verify
|
||||||
|
}
|
||||||
|
header_up X-Real-IP {remote_host}
|
||||||
|
}
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
# kbin
|
||||||
|
kbin.projectsegfau.lt, kb.psf.lt {
|
||||||
|
reverse_proxy kbin.projectsegfau.lt:443 {
|
||||||
|
transport http {
|
||||||
|
tls_insecure_skip_verify
|
||||||
|
}
|
||||||
|
header_up X-Real-IP {remote_host}
|
||||||
|
}
|
||||||
|
#reverse_proxy 192.168.5.2:8643
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
gothub.dev.projectsegfau.lt gh.dev.psf.lt {
|
||||||
|
reverse_proxy 192.168.5.2:1025
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
ak.psf.lt {
|
||||||
|
redir https://social.projectsegfau.lt{uri}
|
||||||
|
}
|
||||||
|
j.psf.lt {
|
||||||
|
redir https://jitsi.projectsegfau.lt{uri}
|
||||||
|
}
|
||||||
|
d.psf.lt {
|
||||||
|
redir https://doc.projectsegfau.lt{uri}
|
||||||
|
}
|
104
privfrontends/templates/core/internal.Caddyfile
Normal file
104
privfrontends/templates/core/internal.Caddyfile
Normal file
@ -0,0 +1,104 @@
|
|||||||
|
# ---Internal Caddyfile---
|
||||||
|
|
||||||
|
# Authentik
|
||||||
|
sekuritee.projectsegfau.lt {
|
||||||
|
reverse_proxy https://192.168.5.2:7443 {
|
||||||
|
transport http {
|
||||||
|
tls_insecure_skip_verify
|
||||||
|
}
|
||||||
|
header_up X-Real-IP {remote_host}
|
||||||
|
}
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
# Grafana
|
||||||
|
grafana.projectsegfau.lt {
|
||||||
|
reverse_proxy 192.168.5.2:3169
|
||||||
|
handle_path /api/live {
|
||||||
|
reverse_proxy 192.168.5.2:3169
|
||||||
|
}
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
|
||||||
|
# MailU
|
||||||
|
mail.projectsegfau.lt {
|
||||||
|
log {
|
||||||
|
output file /var/log/caddy/mail.projectsegfau.lt.log {
|
||||||
|
roll_disabled
|
||||||
|
roll_size 512M
|
||||||
|
roll_uncompressed
|
||||||
|
roll_local_time
|
||||||
|
roll_keep 3
|
||||||
|
roll_keep_for 48h
|
||||||
|
}
|
||||||
|
}
|
||||||
|
import def
|
||||||
|
reverse_proxy 192.168.5.5:8082
|
||||||
|
}
|
||||||
|
|
||||||
|
# Plausible
|
||||||
|
analytics.projectsegfau.lt {
|
||||||
|
reverse_proxy 192.168.5.2:8001
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
|
||||||
|
# Website dev
|
||||||
|
web.dev.projectsegfau.lt {
|
||||||
|
reverse_proxy 192.168.5.2:1339
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
|
||||||
|
blog.projectsegfau.lt {
|
||||||
|
reverse_proxy 192.168.5.2:2368 {
|
||||||
|
header_up X-Forwarded-Proto https
|
||||||
|
header_up X-Real-IP {remote_host}
|
||||||
|
}
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
prometheus.projectsegfau.lt {
|
||||||
|
reverse_proxy 192.168.5.2:9090
|
||||||
|
basicauth /* {
|
||||||
|
admin $2a$14$1asDwG2gbyJ3.SungtdOyeqBlW1IiKQ//qI3ienQCTldaosx1qzSC
|
||||||
|
}
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
|
||||||
|
# Midou PersoVM
|
||||||
|
matrix.midou.dev {
|
||||||
|
reverse_proxy /_matrix/* 192.168.5.6:8008
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
|
||||||
|
file.midou.dev {
|
||||||
|
reverse_proxy 192.168.5.6:8080
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
|
||||||
|
c.midou.dev {
|
||||||
|
reverse_proxy 192.168.5.6:8978
|
||||||
|
import def
|
||||||
|
}
|
||||||
|
|
||||||
|
# Headscale (tailscale control server)
|
||||||
|
hs.projectsegfau.lt {
|
||||||
|
reverse_proxy /web* https://192.168.5.5:9443 {
|
||||||
|
transport http {
|
||||||
|
tls_insecure_skip_verify
|
||||||
|
}
|
||||||
|
}
|
||||||
|
reverse_proxy * 192.168.5.5:8089
|
||||||
|
}
|
||||||
|
|
||||||
|
# Caddy daily build (for ansible)
|
||||||
|
cb.projectsegfau.lt {
|
||||||
|
root * /var/www/caddy-build
|
||||||
|
file_server browse
|
||||||
|
encode gzip
|
||||||
|
}
|
||||||
|
# GotHub
|
||||||
|
docs.gothub.app {
|
||||||
|
redir https://gothub.app/docs{uri}
|
||||||
|
}
|
||||||
|
# OLD URLs
|
||||||
|
http://mutahar.rocks, http://*.mutahar.rocks {
|
||||||
|
redir https://projectsegfau.lt
|
||||||
|
}
|
@ -5,6 +5,41 @@ stats.eu.projectsegfau.lt {
|
|||||||
reverse_proxy localhost:9100
|
reverse_proxy localhost:9100
|
||||||
import def
|
import def
|
||||||
}
|
}
|
||||||
|
inv.bp.projectsegfau.lt, i.bp.psf.lt {
|
||||||
|
reverse_proxy localhost:7573
|
||||||
|
header {
|
||||||
|
# disable FLoC tracking
|
||||||
|
Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()";
|
||||||
|
|
||||||
|
# enable HSTS
|
||||||
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
|
# disable clients from sniffing the media type
|
||||||
|
X-Content-Type-Options nosniff
|
||||||
|
-Content-Security-Policy
|
||||||
|
|
||||||
|
# keep referrer data off of HTTP connections
|
||||||
|
Referrer-Policy no-referrer-when-downgrade
|
||||||
|
|
||||||
|
X-XSS-Protection "1; mode=block"
|
||||||
|
defer
|
||||||
|
}
|
||||||
|
log {
|
||||||
|
output discard
|
||||||
|
format filter {
|
||||||
|
wrap console
|
||||||
|
fields {
|
||||||
|
request>remote_ip replace REDACTED
|
||||||
|
request>headers>X-Forwarded-For replace REDACTED
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
import torloc invbp
|
||||||
|
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
|
||||||
|
}
|
||||||
|
proxy.lbry.projectsegfau.lt {
|
||||||
|
reverse_proxy localhost:3001
|
||||||
|
import def
|
||||||
|
}
|
||||||
aryak.me {
|
aryak.me {
|
||||||
reverse_proxy https://prox-arya.p.projectsegfau.lt {
|
reverse_proxy https://prox-arya.p.projectsegfau.lt {
|
||||||
header_up Host prox-arya.p.projectsegfau.lt
|
header_up Host prox-arya.p.projectsegfau.lt
|
||||||
@ -14,6 +49,12 @@ arya.projectsegfau.lt {
|
|||||||
redir https://aryak.me{uri}
|
redir https://aryak.me{uri}
|
||||||
}
|
}
|
||||||
## OLD URL REDIRECTS
|
## OLD URL REDIRECTS
|
||||||
|
bb.us.projectsegfau.lt bb.in.projectsegfau.lt bb.eu.projectsegfau.lt bb.projectsegfau.lt {
|
||||||
|
import def
|
||||||
|
import torloc beatbump
|
||||||
|
import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p
|
||||||
|
redir https://hyperpipe.projectsegfau.lt{uri}
|
||||||
|
}
|
||||||
invidious.mutahar.rocks {
|
invidious.mutahar.rocks {
|
||||||
redir https://inv.bp.projectsegfau.lt{uri} permanent
|
redir https://inv.bp.projectsegfau.lt{uri} permanent
|
||||||
}
|
}
|
||||||
|
@ -5,7 +5,3 @@ stats.us.projectsegfau.lt {
|
|||||||
reverse_proxy http://127.0.0.1:9100
|
reverse_proxy http://127.0.0.1:9100
|
||||||
import def
|
import def
|
||||||
}
|
}
|
||||||
fb.us.projectsegfau.lt {
|
|
||||||
import def
|
|
||||||
reverse_proxy localhost:8065
|
|
||||||
}
|
|
||||||
|
Loading…
Reference in New Issue
Block a user