add configs

This commit is contained in:
Pizza1 2023-04-16 03:35:37 -07:00
commit 0d0ab66586
30 changed files with 1041 additions and 0 deletions

77
caddy/Caddyfile Normal file
View File

@ -0,0 +1,77 @@
(tor) {
header {
-Strict-Transport-Security
-Referrer-Policy
-X-XSS-Protection
-Content-Security-Policy
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
Permissions-Policy interest-cohort=()
# clickjacking protection
X-Frame-Options SAMEORIGIN
Onion-Location http://{args.0}.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion{path}
defer
}
}
(torloc) {
header Onion-Location http://{args.0}.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion{path}
}
(i2ploc) {
header X-I2P-Location http://{args.0}{path}
}
(def) {
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
X-Frame-Options SAMEORIGIN
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
defer
}
}
:80 {
redir https://wiki.projectsegfau.lt/index.php?title=Pizza-1
}
import /etc/private.caddy
import ./*.caddy
stats.eu.projectsegfau.lt {
import auth
reverse_proxy localhost:9100
import def
}
arya.projectsegfau.lt aryak.me {
reverse_proxy https://arya.p.projectsegfau.lt {
header_up Host arya.p.projectsegfau.lt
}
}
cdn.eu.projectsegfau.lt cdn.projectsegfau.lt {
encode zstd gzip
root * /var/cdn
file_server browse
}
## OLD URL REDIRECTS
invidious.mutahar.rocks {
redir https://inv.bp.projectsegfau.lt{uri} permanent
}
ferrit.projectsegfau.lt snooddit.projectsegfau.lt libreddit.mutahar.rocks {
redir https://libreddit.projectsegfau.lt{uri} permanent
}
lbry.mutahar.rocks {
redir https://lbry.projectsegfau.lt{uri} permanent
}
nitter.mutahar.rocks {
redir https://nitter.projectsegfau.lt{uri} permanent
}
#redir inv.bp.mutahar.rocks inv.bp.projectsegfau.lt permanent
#redir libreddit.mutahar.rocks libreddit.projectsegfau.lt permanent
#redir lbry.mutahar.rocks lbry.projectsegfau.lt permanent
#redir nitter.mutahar.rocks nitter.projectsegfau.lt permanent

90
caddy/frontends.caddy Normal file
View File

@ -0,0 +1,90 @@
## Privacy Frontends
inv.bp.projectsegfau.lt {
reverse_proxy localhost:3000
import torloc invbp
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
defer
}
}
gothub.dev.projectsegfau.lt {
reverse_proxy localhost:1025
import def
import torloc gothub.dev
}
lbry.projectsegfau.lt lbry.g.projectsegfau.lt lbry.eu.projectsegfau.lt {
reverse_proxy localhost:3550
import def
import torloc lbry
import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p
}
proxy.lbry.projectsegfau.lt {
reverse_proxy localhost:3001
import def
}
gothub.projectsegfau.lt gothub.g.projectsegfau.lt gothub.eu.projectsegfau.lt {
reverse_proxy localhost:1024
import torloc github
import def
}
overflow.projectsegfau.lt overflow.g.projectsegfau.lt overflow.eu.projectsegfau.lt {
reverse_proxy localhost:8694
import torloc overflow
import def
}
libreddit.projectsegfau.lt libreddit.g.projectsegfau.lt libreddit.eu.projectsegfau.lt {
reverse_proxy localhost:6464
import torloc libreddit
import def
}
nitter.projectsegfau.lt nitter.g.projectsegfau.lt nitter.eu.projectsegfau.lt {
reverse_proxy localhost:8387
import def
import torloc nitter
}
bb.g.projectsegfau.lt bb.eu.projectsegfau.lt bb.projectsegfau.lt {
reverse_proxy localhost:3069
import def
import torloc beatbump
}
bw.eu.projectsegfau.lt bw.g.projectsegfau.lt bw.projectsegfau.lt {
reverse_proxy localhost:10416
import def
import torloc breezewiki
}
scribe.eu.projectsegfau.lt scribe.g.projectsegfau.lt scribe.projectsegfau.lt {
reverse_proxy localhost:8006
import def
import torloc scribe
}
teddit.eu.projectsegfau.lt teddit.projectsegfau.lt teddit.g.projectsegfau.lt {
reverse_proxy localhost:9061
import def
import torloc teddit
}
rimgo.eu.projectsegfau.lt rimgo.projectsegfau.lt rimgo.g.projectsegfau.lt {
reverse_proxy localhost:9016
import def
import torloc rimgo
}

82
caddy/i2p.caddy Normal file
View File

@ -0,0 +1,82 @@
## I2P
http://pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p:6001 {
reverse_proxy https://projectsegfau.lt {
header_up Host "projectsegfau.lt"
}
import tor www
import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p
}
http://pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p:6008 {
reverse_proxy localhost:8006
import tor scribe
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
}
http://pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p:6005 {
reverse_proxy localhost:8387
import tor nitter
import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p
}
http://pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p:6003 {
import tor lbry
import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p
reverse_proxy localhost:3550
}
http://pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p:6004 {
import tor libreddit
import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p
reverse_proxy localhost:6464
}
http://pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p:6007 { # NW
import tor breezewiki
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
reverse_proxy localhost:10416
}
http://pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p:6006 {
import tor beatbump
import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p
reverse_proxy localhost:3069
}
http://pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p:6016 {
import tor invbp
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy localhost:3000
}
http://pjsf5ahv7ce67i5ic46ghum3scwatrsyac5i6aa5bynvnnlmpzfa.b32.i2p:6017 {
import tor rimgo
import i2ploc pjsf5ahv7ce67i5ic46ghum3scwatrsyac5i6aa5bynvnnlmpzfa.b32.i2p
reverse_proxy localhost:9016
}
http://pjsfa3dd7rxocfqanxenpop2uqfgpw4nevrmy424u5qwyasqdu6a.b32.i2p:6018 {
import tor teddit
import i2ploc pjsfa3dd7rxocfqanxenpop2uqfgpw4nevrmy424u5qwyasqdu6a.b32.i2p
reverse_proxy localhost:9061
}
http://pjsfhqamc7k6htnumrvn4cwqqdoggeepj7u5viyimgnxg3gar72q.b32.i2p:6002 {
import tor inv
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy https://invidious.projectsegfau.lt {
header_up Host "invidious.projectsegfau.lt"
}
}
http://pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p:6012 {
import tor search
import i2ploc pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p
reverse_proxy https://search.projectsegfau.lt {
header_up Host "search.projectsegfau.lt"
}
}
http://pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p:6013 {
import tor git
import i2ploc pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p
reverse_proxy https://git.projectsegfau.lt {
header_up Host "git.projectsegfau.lt"
}
}
http://pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p:6015 {
import i2ploc pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p
import tor todo
reverse_proxy https://todo.projectsegfau.lt {
header_up Host "todo.projectsegfau.lt"
}
}

38
caddy/pubnix.caddy Normal file
View File

@ -0,0 +1,38 @@
# Reverse proxy all user sites
*.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:80
import acmedns
}
# Redirect base subdomain to the pubnix homepage
p.projectsegfau.lt {
redir https://projectsegfau.lt/pubnix
}
# Cockpit
cockpit.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:9090 {
transport http {
tls_insecure_skip_verify
}
}
import def
import torloc cockpit.p
}
# PublAPI
publapi.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:3000
import def
}
grafana.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:6943 {
header_up X-Real-IP {remote_host}
}
import def
}
geminiproxy.p.projectsegfau.lt {
reverse_proxy 10.7.0.2:8000
import def
import torloc geminiproxy.p
}

123
caddy/tor.caddy Normal file
View File

@ -0,0 +1,123 @@
http://pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy https://projectsegfau.lt {
header_up Host "projectsegfau.lt"
}
import tor www
import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p
}
http://www.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy https://projectsegfau.lt {
header_up Host "projectsegfau.lt"
}
import tor www
import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p
}
# Privacy Frontends
http://scribe.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy localhost:8006
import tor scribe
import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p
}
http://nitter.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
reverse_proxy localhost:8387
import tor nitter
import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p
}
http://lbry.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor lbry
import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p
reverse_proxy localhost:3550
}
http://libreddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor libreddit
import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p
reverse_proxy localhost:6464
}
http://breezewiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor breezewiki
import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p
reverse_proxy localhost:10416
}
http://beatbump.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor beatbump
import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p
reverse_proxy localhost:3069
}
http://invbp.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor invbp
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy localhost:3000
}
http://rimgo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor rimgo
reverse_proxy localhost:9016
}
http://teddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor teddit
reverse_proxy localhost:9061
}
http://overflow.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor overflow
reverse_proxy localhost:8694
}
http://gothub.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor gothub
reverse_proxy localhost:1024
}
http://gothub.dev.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor gothub.dev
reverse_proxy localhost:1025
}
http://inv.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor inv
import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p
reverse_proxy https://invidious.projectsegfau.lt {
header_up Host "invidious.projectsegfau.lt"
}
}
http://search.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor search
import i2ploc pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p
reverse_proxy https://search.projectsegfau.lt {
header_up Host "search.projectsegfau.lt"
}
}
http://git.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor git
import i2ploc pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p
reverse_proxy https://git.projectsegfau.lt {
header_up Host "git.projectsegfau.lt"
}
}
http://todo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor todo
import i2ploc pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p
reverse_proxy https://todo.projectsegfau.lt {
header_up Host "todo.projectsegfau.lt"
}
}
http://wiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor wiki
reverse_proxy https://wiki.projectsegfau.lt {
header_up Host "wiki.projectsegfau.lt"
}
}
http://pass.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor pass
reverse_proxy https://pass.projectsegfau.lt {
header_up Host "pass.projectsegfau.lt"
}
}
# Pubnix
http://geminiproxy.p.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor geminiproxy.p
reverse_proxy https://geminiproxy.p.projectsegfau.lt {
header_up Host "geminiproxy.p.projectsegfau.lt"
}
}
http://cockpit.p.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion {
import tor cockpit.p
reverse_proxy https://cockpit.p.projectsegfau.lt {
header_up Host "cockpit.p.projectsegfau.lt"
}
}

6
cdn/cdnupdate Executable file
View File

@ -0,0 +1,6 @@
#!/bin/bash
RSYNC_ARGS='--recursive --copy-links --copy-dirlinks --perms --xattrs --times --delete --verbose --compress --compress-choice=zstd --mkpath --cvs-exclude --human-readable --partial --progress'
# India Node
rsync --rsh='ssh -p6922' ${RSYNC_ARGS} /var/cdn/ cdn@in.projectsegfau.lt:/var/cdn
# US Node
rsync ${RSYNC_ARGS} /var/cdn/ cdn@us.projectsegfau.lt:/var/cdn

4
docker/README.md Normal file
View File

@ -0,0 +1,4 @@
# Docker
Private keys such as HMAC are not pushed for obvious reasons and are in separate envfiles
At the moment invidious isnt part of this but I'll include it in the future.

View File

@ -0,0 +1,17 @@
version: '3'
services:
anonymousoverflow:
build:
context: .
network: 'host'
environment:
- APP_URL=https://overflow.projectsegfau.lt
# JWT_SIGNING_SECRET is in private.env
env_file:
- /opt/docker/anonymousoverflow/private.env
ports:
- '8694:8080'
restart: 'always'
labels:
- "com.centurylinklabs.watchtower.enable=false"

View File

@ -0,0 +1,22 @@
version: "3"
services:
app:
image: "snuffydev/beatbump:master"
ports:
- "3069:3069"
environment:
PORT: 3069
VITE_DOMAIN: "bb.projectsegfau.lt"
VITE_SITE_URL: "https://bb.projectsegfau.lt"
VITE_DONATION_URL: "https://projectsegfau.lt/donate"
restart: unless-stopped
proxy:
build:
context: ./packages/proxy-server/deno
dockerfile: Dockerfile
ports:
- "3070:3001"
restart: unless-stopped
labels:
- "com.centurylinklabs.watchtower.enable=false"

View File

@ -0,0 +1,4 @@
canonical_origin = https://bw.projectsegfau.lt
debug = false
port = 10416
feature_search_suggestions = true

View File

@ -0,0 +1,9 @@
services:
breezewiki:
container_name: breezewiki
image: quay.io/pussthecatorg/breezewiki:latest
restart: unless-stopped
ports:
- "10416:10416" # Replace with "10416:10416" if you don't use a reverse proxy
volumes:
- "./config.ini:/app/config.ini"

15
docker/gothub-compose.yml Normal file
View File

@ -0,0 +1,15 @@
version: "3"
services:
gothub:
image: codeberg.org/gothub/gothub:latest
restart: unless-stopped
ports:
- "1024:3000"
environment:
- DOCKER=true
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/version || exit 1
interval: 30s
timeout: 5s
retries: 2

View File

@ -0,0 +1,25 @@
version: "3"
services:
gothub:
image: codeberg.org/gothub/gothub:dev
restart: unless-stopped
ports:
- "1025:3000"
environment:
- DOCKER=true
- GOTHUB_SETUP_COMPLETE=true
- GOTHUB_PROXYING_ENABLED=true
- GOTHUB_IP_LOGGED=false
- GOTHUB_REQUEST_URL_LOGGED=false
- GOTHUB_USER_AGENT_LOGGED=false
- GOTHUB_DIAGNOSTIC_INFO_LOGGED=false
- GOTHUB_INSTANCE_PRIVACY_POLICY=https://projectsegfau.lt/legal/privacy-policy
- GOTHUB_INSTANCE_COUNTRY=Luxembourg
- GOTHUB_INSTANCE_PROVIDER=BuyVM
- GOTHUB_INSTANCE_CLOUDFLARE=false
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/version || exit 1
interval: 30s
timeout: 5s
retries: 2

76
docker/invidious-compose.yml Executable file
View File

@ -0,0 +1,76 @@
version: "2.4"
services:
postgres:
image: postgres:10
restart: always
networks:
- invidious
volumes:
- postgresdata:/var/lib/postgresql/data
- ./config/sql:/config/sql
- ./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
environment:
POSTGRES_DB: invidious
POSTGRES_USER: kemal
POSTGRES_PASSWORD: kemal
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
invidious:
image: quay.io/invidious/invidious:latest
restart: always
networks:
- invidious
mem_limit: 1024M
cpus: 0.5
ports:
- "3000:3000"
env_file: /opt/docker/invidious/private.env
environment:
HMAC_KEY_PRIVATE: ${HMAC_KEY_PRIVATE}
INVIDIOUS_CONFIG: |
channel_threads: 1
check_tables: true
feed_threads: 1
db:
dbname: invidious
user: kemal
password: kemal
host: postgres
port: 5432
full_refresh: false
https_only: true
domain: inv.bp.projectsegfau.lt
external_port: 443
statistics_enabled: true
admins: ["midou"]
dark_mode: true
disable_proxy: false
banner: <a href="https://projectsegfau.lt/donate">Donate to Project Segfault</a> | <a href="https://invidious.projectsegfau.lt">FR </a> <a href="https://inv.bp.projectsegfau.lt">[LU] </a><a href="https://inv.us.projectsegfau.lt">US </a><a href="https://inv.in.projectsegfau.lt">IN</a>
enable_user_notifications: false
default_user_preferences:
local: true
extend_desc: true
quality: dash
quality_dash: 1080p
# does not work atm
hmac_key: ${HMAC_KEY_PRIVATE}
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
interval: 30s
timeout: 5s
retries: 2
depends_on:
- postgres
autoheal:
restart: always
image: willfarrell/autoheal
environment:
- AUTOHEAL_CONTAINER_LABEL=all
volumes:
- /var/run/docker.sock:/var/run/docker.sock
volumes:
postgresdata:
networks:
invidious:

View File

@ -0,0 +1,16 @@
services:
libreddit:
image: libreddit/libreddit:latest
ports:
- 127.0.0.1:6464:8080
restart: unless-stopped
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://localhost:8080/settings"]
interval: 5m
timeout: 3s
environment:
- FRONT_PAGE=popular
- COMMENT_SORT=new
- BLUR_NSFW=on
- USE_HLS=on
- AUTOPLAY_VIDEOS=off

View File

@ -0,0 +1,25 @@
version: "3"
services:
nitter:
image: zedeus/nitter:latest
container_name: nitter
ports:
- "8387:8080" # Replace with "8080:8080" if you don't use a reverse proxy
volumes:
- /opt/docker/nitter/nitter.conf:/src/nitter.conf:ro
depends_on:
- nitter-redis
restart: unless-stopped
nitter-redis:
image: redis:6-alpine
container_name: nitter-redis
command: redis-server --save 60 1 --loglevel warning
volumes:
- nitter-redis:/data
restart: unless-stopped
volumes:
nitter-redis:

45
docker/nitter/nitter.conf Executable file
View File

@ -0,0 +1,45 @@
[Server]
address = "0.0.0.0"
port = 8080
https = true # disable to enable cookies when not using https
httpMaxConnections = 100
staticDir = "./public"
title = "nitter"
hostname = "nitter.projectsegfau.lt"
[Cache]
listMinutes = 240 # how long to cache list info (not the tweets, so keep it high)
rssMinutes = 10 # how long to cache rss queries
redisHost = "nitter-redis" # Change to "nitter-redis" if using docker-compose
redisPort = 6379
redisPassword = ""
redisConnections = 20 # connection pool size
redisMaxConnections = 30
# max, new connections are opened when none are available, but if the pool size
# goes above this, they're closed when released. don't worry about this unless
# you receive tons of requests per second
[Config]
hmacKey = "xxx" # random key for cryptographic signing of video urls
base64Media = false # use base64 encoding for proxied media urls
enableRSS = true # set this to false to disable RSS feeds
enableDebug = false # enable request logs and debug endpoints
proxy = "" # http/https url, SOCKS proxies are not supported
proxyAuth = ""
tokenCount = 10
# minimum amount of usable tokens. tokens are used to authorize API requests,
# but they expire after ~1 hour, and have a limit of 187 requests.
# the limit gets reset every 15 minutes, and the pool is filled up so there's
# always at least $tokenCount usable tokens. again, only increase this if
# you receive major bursts all the time
# Change default preferences here, see src/prefs_impl.nim for a complete list
[Preferences]
theme = "Nitter"
replaceTwitter = "nitter.projectsegfau.lt"
replaceYouTube = "invidious.projectsegfau.lt"
replaceReddit = "libreddit.projectsegfau.lt"
replaceInstagram = ""
proxyVideos = true
hlsPlayback = true
infiniteScroll = false

4
docker/replace-compose Executable file
View File

@ -0,0 +1,4 @@
#!/bin/bash
mv /opt/docker/${1}/*compose.y*l /opt/docker/${1}/compose.pre-public-conf.yml
ln -s /configs/docker/${1}-compose.yml /opt/docker/${1}/compose.yml
cd /opt/docker/${1} && docker compose pull && docker compose down --remove-orphans && docker compose up -d --build && cd -

21
docker/rimgo-compose.yml Normal file
View File

@ -0,0 +1,21 @@
version: '3'
services:
rimgo:
image: codeberg.org/video-prize-ranch/rimgo # Official image
#image: quay.io/pussthecatorg/rimgo # Unofficial image
#build: . # Uncomment to build from source
ports:
- 9016:3000
environment:
- ADDRESS=0.0.0.0
- PORT=3000
- FIBER_PREFORK=false
- IMGUR_CLIENT_ID=546c25a59c58ad7
- PRIVACY_POLICY=https://projectsegfau.lt/legal/privacy-policy
- PRIVACY_MESSAGE=
- PRIVACY_COUNTRY=Luxembourg
- PRIVACY_PROVIDER=BuyVM
- PRIVACY_CLOUDFLARE=false
- PRIVACY_NOT_COLLECTED=true
restart: unless-stopped

17
docker/scribe-compose.yml Normal file
View File

@ -0,0 +1,17 @@
version: "3.8"
services:
scribe:
image: registry.gitlab.com/lomanic/scribe-binaries:latest
restart: always
container_name: "scribe"
ports:
- 8006:8006
environment:
- SCRIBE_PORT=8006
- SCRIBE_HOST=0.0.0.0
- APP_DOMAIN=scribe.projectsegfau.lt
- LUCKY_ENV=production
- PORT=8006
env_file:
- /opt/docker/scribe/scribe-private.env

42
docker/teddit-compose.yml Normal file
View File

@ -0,0 +1,42 @@
version: "3.8"
services:
teddit:
restart: always
container_name: teddit
image: teddit/teddit:latest
environment:
- DOMAIN=teddit.projectsegfau.lt
- USE_HELMET=true
- USE_HELMET_HSTS=true
- TRUST_PROXY=true
- REDIS_HOST=teddit-redis
ports:
- "9061:8080"
networks:
- teddit_net
healthcheck:
test: ["CMD", "wget" ,"--no-verbose", "--tries=1", "--spider", "http://localhost:8080/about"]
interval: 1m
timeout: 3s
depends_on:
- teddit-redis
teddit-redis:
restart: always
container_name: teddit-redis
image: redis:6.2.5-alpine
command: redis-server
environment:
- REDIS_REPLICATION_MODE=master
networks:
- teddit_net
volumes:
- teddit-redis:/data
volumes:
teddit-redis:
networks:
teddit_net:

View File

@ -0,0 +1,17 @@
version: "2"
services:
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- TZ=Europe/Paris
- WATCHTOWER_CLEANUP=false
- DOCKER_API_VERSION=1.42
- WATCHTOWER_INCLUDE_STOPPED=false
- WATCHTOWER_POLL_INTERVAL=3600
- WATCHTOWER_MONITOR_ONLY=false
# WATCHTOWER_NOTIFICATION_URL is in private.env
env_file:
- /opt/docker/watchtower/private.env
restart: unless-stopped

30
haproxy/haproxy.cfg Normal file
View File

@ -0,0 +1,30 @@
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
listen ssh
bind :::22 v4v6
balance roundrobin
mode tcp
option tcp-check
tcp-check expect rstring SSH-2.0-OpenSSH.*
server pubnix 10.7.0.2:22 check inter 10s fall 2 rise 1
listen xrdp
bind :::3389 v4v6
balance roundrobin
mode tcp
option tcp-check
server pubnix 10.7.0.2:3389 check inter 10s fall 2 rise 1

4
i2pd/README.md Normal file
View File

@ -0,0 +1,4 @@
# I2Pd Info
`i2pd_funcs` was borrowed from the ~vern team (https://vern.cc/admins) with some minor modifications.
i2pd config is the same as dpkg upstream.

32
i2pd/i2pd_funcs Normal file
View File

@ -0,0 +1,32 @@
#!/usr/bin/env bash
i2pown() { chmod 640 "$1" && chown i2pd:i2pd "$1"; }
geni2p() { /root/i2pd-tools/vain "$2" -o "$1" && i2pown "$1"; }
vgi2p() { for i in "$@"; do geni2p "/var/lib/i2pd/pjsf.$i.dat" "pjsf"; done; }
create_i2p() {
if [[ -z "$4" ]]; then
printf 'Usage: create_i2p service_name keyfile_name clearnet_domain port [type] [host] [inport]\n'
return 1
fi
[[ -f /var/lib/i2pd/pjsf.$2.dat ]] || vgi2p "$1"
printf '[%s]\ntype = %s\nhost = %s\nport = %s\nkeys = pjsf.%s.dat\n%s' "$3" "${5:-http}" "${6:-127.0.0.1}" "$4" "$2" "${7:+inport = $7}" | tee "/etc/i2pd/tunnels.d/$1.conf"
systemctl restart i2pd
}
delete_i2p() {
if [[ -z "$1" ]]; then
printf 'Usage: delete_i2p service_name\n'
return 1
fi
rm -f /var/lib/i2pd/pjsf.$1.dat
rm -f /etc/i2pd/tunnels.d/$1.conf
systemctl restart i2pd
}
i2pup() { export http_proxy="http://127.0.0.1:4444"; }
i2pdown() { unset http_proxy; }
i2pb32() { /root/i2pd-tools/keyinfo ~i2pd/pjsf.$1.dat; }
i2pb64() { /root/i2pd-tools/keyinfo -d ~i2pd/pjsf.$1.dat; }
i2pport() { grep -R '^port = '"$1"'$' /etc/i2pd/tunnels.d/; }

28
knot/geodnstemplate Normal file
View File

@ -0,0 +1,28 @@
REPLACEME:
- geo: "*;*;*"
A: 107.189.12.96
AAAA: 2605:6400:30:f79f:9e20:f366:f052:5a25
TXT: "Worldwide-BuyVM-Lux"
- geo: "EU;*;*"
A: 107.189.12.96
TXT: "Europe-BuyVM-Lux"
AAAA: 2605:6400:30:f79f:9e20:f366:f052:5a25
- geo: "AF;*;*"
A: 107.189.12.96
AAAA: 2605:6400:30:f79f:9e20:f366:f052:5a25
TXT: "Africa-BuyVM-Lux"
- geo: "NA;*;*"
A: 143.198.131.196
AAAA: 2604:a880:4:1d0::52:7000
TXT: "NorthAmerica-DigitalOcean-SanFrancisco"
- geo: "SA;*;*"
A: 143.198.131.196
AAAA: 2604:a880:4:1d0::52:7000
TXT: "SouthAmerica-DigitalOcean-SanFrancisco"
- geo: "OC;*;*"
A: 143.198.131.196
AAAA: 2604:a880:4:1d0::52:7000
TXT: "Oceania-DigitalOcean-SanFrancisco"
- geo: "AS;*;*"
A: 110.227.202.171
TXT: "Asia-Airtel-Ind"

11
knot/geodnsupdate Executable file
View File

@ -0,0 +1,11 @@
#!/usr/bin/env bash
geoconf=/etc/knot/geo.conf
remote='7S23i@us.projectsegfau.lt'
printf '' > $geoconf
for i in $(</var/geodnsdomains); do
cat /etc/knot/geodnstemplate >> $geoconf
sed -i "s/REPLACEME/${i}/" $geoconf
done
scp $geoconf "${remote}":/var/geo.conf
ssh $remote "sudo systemctl restart knot"
systemctl restart knot

52
knot/knot.conf Normal file
View File

@ -0,0 +1,52 @@
server:
rundir: "/run/knot"
user: knot:knot
listen: 107.189.12.96@53
log:
- target: syslog
any: info
database:
storage: "/var/lib/knot"
# See aryak.me/blog/knot for setup instructions.
include: /etc/knot/secrets.conf
remote:
- id: secondary
address: 143.198.131.196@53
key: us-node
acl:
- id: acl_secondary
address: 143.198.131.196
key: us-node
action: transfer
- id: acl_dynupdates
address: [143.198.131.196, 92.148.60.159, 51.91.103.130, 110.227.202.171, 107.189.12.96]
action: update
key: dynupd
template:
- id: default
storage: "/etc/knot/zones"
file: "%s.zone"
dnssec-signing: on
semantic-checks: on
zonefile-sync: -1
zonefile-load: difference-no-serial
journal-content: all
mod-geoip:
- id: geo
config-file: "/etc/knot/geo.conf"
mode: geodb
geodb-file: "/var/lib/knot/GeoLite2-City.mmdb"
geodb-key: [ continent/code, country/iso_code, city/names/en ]
zone:
- domain: projectsegfau.lt
notify: secondary
acl: [acl_secondary, acl_dynupdates]
module: mod-geoip/geo

View File

@ -0,0 +1,105 @@
; To be placed in /var/lib/knot/zones/projectsegfau.lt.zone
$ORIGIN projectsegfau.lt. ; 'default' domain as FQDN for this zone
$TTL 300 ; default time-to-live for this zone
projectsegfau.lt. IN SOA ns1.projectsegfau.lt. ns2.projectsegfau.lt. (
2023022702 ;Serial
14400 ;Refresh
300 ;Retry
1209600 ;Expire
300 ;Negative response caching TTL
)
; The nameserver that are authoritative for this zone.
@ IN NS ns1.projectsegfau.lt.
@ IN NS ns2.projectsegfau.lt.
ns1 A 107.189.12.96
ns2 A 143.198.131.196
; Pizza-1
pizza1 A 107.189.12.96
pizza A 107.189.12.96
*.eu A 107.189.12.96
*.bp A 107.189.12.96
pizza1 AAAA 2605:6400:30:f79f:9e20:f366:f052:5a25
pizza AAAA 2605:6400:30:f79f:9e20:f366:f052:5a25
*.eu AAAA 2605:6400:30:f79f:9e20:f366:f052:5a25
*.bp AAAA 2605:6400:30:f79f:9e20:f366:f052:5a25
*.p.projectsegfau.lt. A 107.189.12.96
p.projectsegfau.lt. A 107.189.12.96
*.p.projectsegfau.lt. AAAA 2605:6400:30:f79f:9e20:f366:f052:5a25
p.projectsegfau.lt. AAAA 2605:6400:30:f79f:9e20:f366:f052:5a25
ferrit.projectsegfau.lt. CNAME pizza.projectsegfau.lt.
proxy.lbry.projectsegfau.lt. CNAME pizza.projectsegfau.lt.
arya.projectsegfau.lt. CNAME pizza.projectsegfau.lt.
gothub.dev.projectsegfau.lt. CNAME pizza.projectsegfau.lt.
; Soleil Levant
* A 92.148.60.159
@ A 92.148.60.159
web.dev.projectsegfau.lt. A 92.148.60.159
auth.p.projectsegfau.lt. A 92.148.60.159
autoconfig.projectsegfau.lt. CNAME mail.projectsegfau.lt.
autodiscover.projectsegfau.lt. CNAME mail.projectsegfau.lt.
_xmpp-client._tcp SRV 10 0 5222 xmpp.projectsegfau.lt.
_xmpp-server._tcp SRV 10 0 5269 xmpp.projectsegfau.lt.
_xmpps-client._tcp SRV 10 0 5223 xmpp.projectsegfau.lt.
_xmpps-server._tcp SRV 10 0 5270 xmpp.projectsegfau.lt.
_of._tcp.of.projectsegfau.lt SRV 5 0 27015 of.projectsegfau.lt.
; US Node
*.us A 143.198.131.196
us A 143.198.131.196
*.us AAAA 2604:a880:4:1d0::52:7000
us AAAA 2604:a880:4:1d0::52:7000
; IN Node
in A 110.227.202.171
*.in A 110.227.202.171
; Status VPS
status A 51.91.103.130
hole A 51.91.103.130
wg A 51.91.103.130
hole AAAA 2001:41d0:404:200::5149
status AAAA 2001:41d0:404:200::5149
wg AAAA 2001:41d0:404:200::5149
; Mail Stuff
mail.projectsegfau.lt. A 92.148.60.159
feb2023._domainkey IN TXT "v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+gF5p8pTKZMPe4rDdsDTedelOTeIcEYzy5Fd1b3Tv0gWTOkk7Lx+opIY0lUU9k+K+UbPJ4asUT6zrdZusXrp85g36Rh8+lZbZWr6mqE/GJjIh9kIvXRWasHZpcnws2Ex2Mc2tefJ9FtFntpoX/v0zR2Wr8wiztZrHL23VaY+7kLgPe4PC0CM4tLyuuraC0AYVjI/yCvo8XZkb7kvOfi+EpThN3B91zSGVnZXPJdtQdE/JJ2psthhRilHBwo1Rs+PsFNFvi1chHPP44z2JPS7OyALR+ycDvXz2Hj6WS8s9pcXk7NPi0sLY+h+5Ha6KoDa4sjBmmEN07U+hE+2/rE9IQIDAQAB"
dkim._domainkey.projectsegfau.lt. 600 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z7evsQCm7e0ZN+dx3ygeSHRi6NCOjVInqnrnDe2xkooUp/szLXZ1xsGQAYM+tZ8+M0WKdIm7uQq8xCEdjDCO/l/fE6b4/3u11aj44tLXBsse5gQvOH/SQpw/zwzgU07tnOjajCExnuIeZaDNw6S5iN2oGUlkvIzIw2zv5PFVa9ax4/N0TuTMKQOysFh" "JHv2lJjvA/WgqioOOqDFjlhc959lYNqMkjaEb0r2FLky1uQx2c01MzkkXuoNVG+7anrcgzPrQ9AMTBvAsqwStwX+6JpNcwh6MpCBHQmAaFC5TkECwZLopujB+LoTbZcY2ejP8EeKSa04yU/jEnPtsMdb5wIDAQAB"
@ TXT "v=spf1 ip4:107.189.12.96 ip4:92.148.60.159 include:relay.selea.se ~all"
_dmarc.projectsegfau.lt. 600 IN TXT "v=DMARC1; p=reject; rua=mailto:admin@projectsegfau.lt; ruf=mailto:admin@projectsegfau.lt; adkim=s; aspf=s"
_imap._tcp.projectsegfau.lt. 600 IN SRV 20 1 143 mail.projectsegfau.lt.
_pop3._tcp.projectsegfau.lt. 600 IN SRV 20 1 110 mail.projectsegfau.lt.
_submission._tcp.projectsegfau.lt. 600 IN SRV 20 1 587 mail.projectsegfau.lt.
_autodiscover._tcp.projectsegfau.lt. 600 IN SRV 10 1 443 mail.projectsegfau.lt.
_submissions._tcp.projectsegfau.lt. 600 IN SRV 10 1 465 mail.projectsegfau.lt.
_imaps._tcp.projectsegfau.lt. 600 IN SRV 10 1 993 mail.projectsegfau.lt.
_pop3s._tcp.projectsegfau.lt. 600 IN SRV 10 1 995 mail.projectsegfau.lt.
autoconfig.projectsegfau.lt. 600 IN CNAME mail.projectsegfau.lt.
_25._tcp.mail.projectsegfau.lt. 86400 IN TLSA 2 1 1 0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
projectsegfau.lt. MX 10 mail.projectsegfau.lt.
p.projectsegfau.lt. TXT "buyvm-validation=b6444ab72efafcdef664a693ce2ba26ebd03ed1c7377cd08926db831e94a3d5a"
; Simplelogin
sl A 51.91.103.130
sl AAAA 2001:41d0:404:200::5149
sl.projectsegfau.lt. MX 10 sl.projectsegfau.lt.
dkim._domainkey.sl TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC79GZdNBCBZ28EGJcnar/yY3QWlAoeQW0sEQIpibzAtYMtZZw7kBzbKNxRdnMGDOQE1hzo/gJUVv+A2tgsYswXOCjO+l0gtwcKsNuP79Tn9guGtsq5aLeoYuTbvC1SrHLLufv01oEGvT6VlOm3e3+XbGjvXKVQw4ym3H55wD7WbQIDAQAB"
_dmarc.sl.projectsegfau.lt. 600 IN TXT "v=DMARC1; p=quarantine; rua=mailto:admin@projectsegfau.lt; ruf=mailto:admin@projectsegfau.lt; adkim=r; aspf=r"
sl TXT "v=spf1 ip4:51.91.103.130 ~all"
; Crypto TXT
@ TXT "oa1:btc recipient_address=bc1qrc8ywgp95a6p3zausp4nff70qzstp6h8z86sxd; recipient_name=Project Segfault; tx_description=Donate to Project Segfault"
@ TXT "oa1:ltc recipient_address=ltc1qn3ald586h2ntt0n3zkvwsmju2e5vndgtvvgatj; recipient_name=Project Segfault; tx_description=Donate to Project Segfault"
@ TXT "oa1:xmr recipient_address=47L7Qsto7XcifY3CdG18ySe5Tt83kpFLDLve9jQwbc9taPBLNGv6ZrJNUKpMG9Nj9zHgCZ4FQMSyt75e8Jvx12JFLtJyFdA; recipient_name=Project Segfault; tx_description=Donate to Project Segfault"
_token._dnswl.projectsegfau.lt. IN TXT "1q5i422gbg9qqlekp8zag8scwwb7oicd"
; PTR(s)
159.60.148.92.in-addr.arpa. PTR mail.projectsegfau.lt.
171.202.227.110.in-addr.arpa. PTR in.projectsegfau.lt.
196.131.198.143.in-addr.arpa. PTR us.projectsegfau.lt.
130.103.91.51.in-addr.arpa. PTR sl.projectsegfau.lt.
96.12.189.107.in-addr.arpa. PTR pizza1.projectsegfau.lt.

4
tor/README.md Normal file
View File

@ -0,0 +1,4 @@
# Tor
Our tor configs are basically the same as the upstream dpkg.
The vanity URL pjsf....onion was made with https://github.com/cathugger/mkp224o