From 5c357ce5841d66853e852fdc647e8452d0a3baaf Mon Sep 17 00:00:00 2001 From: Arya Kiran Date: Thu, 29 Feb 2024 19:55:39 +0530 Subject: [PATCH 1/5] more pizza1 changes --- inventory.yml | 4 ++-- privfrontends/templates/Caddyfile.j2 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/inventory.yml b/inventory.yml index be852c7..6c51568 100644 --- a/inventory.yml +++ b/inventory.yml @@ -10,8 +10,8 @@ all: docker_dir: /opt/docker-privfrontends server_prefix: eu ansible_become: true # Run everything as root - country: Netherlands - isp: Nonic Cloud + country: Germany + isp: Avoro wiki_page: Pizza-1 watchtower_mtrx_username: psf-watchtower-pizza rsyncnet_slug: pizza1 diff --git a/privfrontends/templates/Caddyfile.j2 b/privfrontends/templates/Caddyfile.j2 index afed9fe..e1caebd 100644 --- a/privfrontends/templates/Caddyfile.j2 +++ b/privfrontends/templates/Caddyfile.j2 @@ -33,7 +33,7 @@ key_name "dynupd" key_alg "hmac-sha256" key "{{ rfc2136_key }}" - server "89.33.85.209:53" + server "45.145.41.226:53" } } } From 67411f76e7d7e1b93d310b56dd7255c5806e8972 Mon Sep 17 00:00:00 2001 From: Arya Kiran Date: Thu, 29 Feb 2024 19:57:24 +0530 Subject: [PATCH 2/5] update wg as well --- pizza1/configs/wireguard/wg0.conf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pizza1/configs/wireguard/wg0.conf b/pizza1/configs/wireguard/wg0.conf index 88e9edf..94ffef0 100644 --- a/pizza1/configs/wireguard/wg0.conf +++ b/pizza1/configs/wireguard/wg0.conf @@ -2,9 +2,8 @@ Address = 10.7.0.1/24, fddd:2c4:2c4:2c4::1/64 PrivateKey = {{wireguard_private_key}} ListenPort = 51820 -PostUp = iptables -I FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -I POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 89.33.85.209; ip6tables -t nat -I POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a12:bec0:20b:21fe::1 -PostUp = iptables -D FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 89.33.85.209; ip6tables -t nat -D POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a12:bec0:20b:21fe::1 - +PostUp = iptables -I FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -I POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 45.145.41.226; ip6tables -t nat -I POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a0d:5940:99:3::1 +PostDown = iptables -D FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 45.145.41.226; ip6tables -t nat -D POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a0d:5940:99:3::1 [Peer] PublicKey = {{wireguard_pubnix_pubkey}} AllowedIPs = 10.7.0.2/32, fddd:2c4:2c4:2c4::2/128 From 73691e9ec4be963e1fef46f1b3100592d63b22d7 Mon Sep 17 00:00:00 2001 From: Arya Kiran Date: Thu, 29 Feb 2024 20:00:13 +0530 Subject: [PATCH 3/5] matrixmpp --- privfrontends/templates/in/apps.Caddyfile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/privfrontends/templates/in/apps.Caddyfile b/privfrontends/templates/in/apps.Caddyfile index 4f6ae5d..335761d 100644 --- a/privfrontends/templates/in/apps.Caddyfile +++ b/privfrontends/templates/in/apps.Caddyfile @@ -236,6 +236,14 @@ rssbridge.projectsegfau.lt, rb.psf.lt { import def } +# MatriXMPP Ejabberd +matrixmpp.projectsegfau.lt { + reverse_proxy :8446 { + header_up X-Real-IP {remote_host} + } + import acmedns +} + gothub.dev.projectsegfau.lt gh.dev.psf.lt { reverse_proxy :1025 import def From 041f9df702f2b4d28890960cfaad5ea8c358b826 Mon Sep 17 00:00:00 2001 From: Arya Kiran Date: Thu, 29 Feb 2024 20:39:19 +0530 Subject: [PATCH 4/5] fixes for caddy IN --- privfrontends/templates/in/apps.Caddyfile | 2 +- privfrontends/templates/in/misc.Caddyfile | 27 +++++++++++++++++++---- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/privfrontends/templates/in/apps.Caddyfile b/privfrontends/templates/in/apps.Caddyfile index 335761d..416c5d8 100644 --- a/privfrontends/templates/in/apps.Caddyfile +++ b/privfrontends/templates/in/apps.Caddyfile @@ -237,7 +237,7 @@ rssbridge.projectsegfau.lt, rb.psf.lt { } # MatriXMPP Ejabberd -matrixmpp.projectsegfau.lt { +matrixmpp.projectsegfau.lt https://matrixmpp.projectsegfau.lt:8448 { reverse_proxy :8446 { header_up X-Real-IP {remote_host} } diff --git a/privfrontends/templates/in/misc.Caddyfile b/privfrontends/templates/in/misc.Caddyfile index 090232b..f441639 100644 --- a/privfrontends/templates/in/misc.Caddyfile +++ b/privfrontends/templates/in/misc.Caddyfile @@ -1,8 +1,4 @@ # PERSONAL -https://m.in.projectsegfau.lt:8448 m.in.projectsegfau.lt { - import def - reverse_proxy http://192.168.1.47:8008 -} files.perso.in.projectsegfau.lt files.perso.in.projectsegfau.lt:6942 { file_server { browse @@ -17,3 +13,26 @@ tnfiles.perso.in.projectsegfau.lt { root * /zfspool/files/tn-sw import acmedns } +mozhi.aryak.me { + reverse_proxy :5046 +} +dhairya.aryak.me { + header /.well-known/matrix/* Content-Type application/json + header /.well-known/matrix/* Access-Control-Allow-Origin * + handle_path /.well-known/* { + root * /var/www/perso-well-known + file_server + } +} +http://*.tildevarsh.in https://tildevarsh.in { + respond `R.I.P ~varsh, you'll be missed. :q! + If you are a varsh user and want to get your data, email me@aryak.me with your username from your registered email address. + ` +} + +schfiles.aryak.me { + file_server { + browse + } + root * /zfspool/schfiles +} From 3c85c3ca29af59be06669fcec3d7374e4c3256c8 Mon Sep 17 00:00:00 2001 From: Arya Kiran Date: Thu, 29 Feb 2024 20:46:43 +0530 Subject: [PATCH 5/5] add well-known file --- privfrontends/templates/in/apps.Caddyfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/privfrontends/templates/in/apps.Caddyfile b/privfrontends/templates/in/apps.Caddyfile index 416c5d8..23bafd2 100644 --- a/privfrontends/templates/in/apps.Caddyfile +++ b/privfrontends/templates/in/apps.Caddyfile @@ -241,6 +241,12 @@ matrixmpp.projectsegfau.lt https://matrixmpp.projectsegfau.lt:8448 { reverse_proxy :8446 { header_up X-Real-IP {remote_host} } + header /.well-known/matrix/* Content-Type application/json + header /.well-known/matrix/* Access-Control-Allow-Origin * + handle_path /.well-known/* { + root * /var/www/matrixmpp-well-known + file_server + } import acmedns }