From ab3522f6d251e232b5d6b808035a90c082d3fb48 Mon Sep 17 00:00:00 2001 From: Arya Kiran Date: Mon, 29 May 2023 16:38:34 +0800 Subject: [PATCH] update --- host_vars/eu/privfrontends_secrets.yaml | 43 +-- host_vars/in/privfrontends_secrets.yaml | 45 +-- host_vars/us/privfrontends_secrets.yaml | 47 +-- inventory.yml | 4 +- .../compose/anonymousoverflow/compose.yml.j2 | 11 + privfrontends/compose/gothub/compose.yml.j2 | 10 + privfrontends/compose/searxng/compose.yml.j2 | 48 ++++ privfrontends/compose/searxng/extras.conf.j2 | 168 +++++++++++ .../compose/watchtower/compose.yml.j2 | 15 + privfrontends/docker-tasks.yaml | 6 +- privfrontends/playbook.yaml | 8 +- privfrontends/templates/1-extras.Caddyfile | 272 ------------------ privfrontends/templates/2-extras.Caddyfile | 4 - privfrontends/templates/Caddyfile.j2 | 157 +++++++++- privfrontends/templates/eu/darknet.Caddyfile | 110 +++++++ privfrontends/templates/eu/misc.Caddyfile | 30 ++ privfrontends/templates/eu/pubnix.Caddyfile | 46 +++ .../{3-extras.Caddyfile => in/misc.Caddyfile} | 13 +- privfrontends/templates/us/misc.Caddyfile | 11 + secrets.enc | 16 +- 20 files changed, 696 insertions(+), 368 deletions(-) create mode 100644 privfrontends/compose/anonymousoverflow/compose.yml.j2 create mode 100644 privfrontends/compose/searxng/compose.yml.j2 create mode 100644 privfrontends/compose/searxng/extras.conf.j2 create mode 100644 privfrontends/compose/watchtower/compose.yml.j2 delete mode 100644 privfrontends/templates/1-extras.Caddyfile delete mode 100644 privfrontends/templates/2-extras.Caddyfile create mode 100644 privfrontends/templates/eu/darknet.Caddyfile create mode 100644 privfrontends/templates/eu/misc.Caddyfile create mode 100644 privfrontends/templates/eu/pubnix.Caddyfile rename privfrontends/templates/{3-extras.Caddyfile => in/misc.Caddyfile} (75%) create mode 100644 privfrontends/templates/us/misc.Caddyfile diff --git a/host_vars/eu/privfrontends_secrets.yaml b/host_vars/eu/privfrontends_secrets.yaml index 5ff42ad..af7530d 100644 --- a/host_vars/eu/privfrontends_secrets.yaml +++ b/host_vars/eu/privfrontends_secrets.yaml @@ -1,20 +1,25 @@ $ANSIBLE_VAULT;1.1;AES256 -39646133643236626162346636373830663432373861663535343834653965353035303164623831 -3032326366363466373337356466623232366334343736660a663664643837333333316163666538 -31303735346236313233356564356436383539633138366261646162326262303236346361386562 -6635613334363339630a313736373532613064396364396662646131393136363665333565323966 -64643437356465653035646565356466613832323638343133363531313864393339653934383139 -37653235323739336466333361333265306565633738333039373063396263333938623066613066 -37663239306438343061383335376364363463666363613430346237306531333033333636666262 -31316362333664666262373432313131613439383435373430653630653465303466333136636436 -65666363373163393231363530303138356635626230323836623431376263336538326531303939 -65303431376261356530383038643536336535306234336530323435313462646635343639663137 -66613135336666346533616637333061313966656463363363663431326138656437386630306561 -35643239366266363339633533366261313532303139613037663137306435653031376434353837 -39613733666562646332643835613766626637303736373438623461353633336363336266303865 -37383130396563623539646262653134623930376531346563616562623361346163393039336138 -66333539383265653733653637663762326261396565616366333666383238613338616638373331 -34646439336639326163363261393531336637303039663561663031633631306536356437623630 -64623830383265653764333036353461613763333662343232373563613132616137663938656536 -35383032643330653261333838306636383230663236353530313337653737306430386262303035 -376637333861323464356439313363386536 +61326662336163633231303866656435396466623935656634393531343964323833363063663332 +6261333465366566303835636162393932656561353738640a353730306361643161383637663365 +30386464646566636661666631336265663831383362646463616631636264353663353739343831 +3364653865616233340a383663343462653936613561323062353634313431366237396163306562 +31323262616336646561613063653564666666333034323232646663366363393037313937346135 +63396334383033623966343037653532353239656433616632316266346130306532373138636564 +34376138346439306164323966313731363230626239643766393537663864333966343865383537 +62636235643136626338616165653830666230316337383339623433323933636661303134303730 +31383564636365353030313436336666666534336363313037326465653439393162303133623565 +34323165643761316261636631656462373362346533623565626635663430633665393832363635 +38343037333462343166333931616634623037393637343634623931366337323230653537343836 +64386565383662346337326131393664343431323334346236393765616130393963306133303639 +39373162663862626637336365386430366434316465363339303335346162333635383534653235 +32633633626136383236396330306232363464643938393061333036376664363335663161356163 +35336535366466626230643934346539633736343136646461363838333864326533666132316532 +66323235656236666534333133336265643938643930666165653036393763643563653939663538 +64626531386166656434383632616633323161636335623165336338333466303666623563666436 +65373639653739366239313262653734396462303330636535373736373839633765646632623533 +65366265313431373239363332343766373835623964343235363830653639336661643032363532 +61633435626362653436653666343337396632336437346536646462373035383766396339306663 +31636363626639316565326436623562323732363965656438356134323864323164663137663031 +63613834393233353534613934353266353765353638633533323937363061663834333533393832 +34366433353964303437616461346163363831306630356339363838313837343430333830316361 +63366637336563626662 diff --git a/host_vars/in/privfrontends_secrets.yaml b/host_vars/in/privfrontends_secrets.yaml index 528bbbc..e5054b3 100644 --- a/host_vars/in/privfrontends_secrets.yaml +++ b/host_vars/in/privfrontends_secrets.yaml @@ -1,20 +1,27 @@ $ANSIBLE_VAULT;1.1;AES256 -64346462636531653932386537343939653733326236376434623139343837393364306238376563 -3933613335653263356565343536613262336466653633660a626338636263366265626233313730 -32316139343564666534363631613461376539653832386531313061373666633331616338663165 -3233346264323938620a613039353135633063373536613836646330663236363434376332646336 -30356137333932666333376463653830663064306366663331643933653862343234393535613238 -35666564633835353734666432333938343635656364356138386238386362663532643664643034 -64303861346439653133333633663932653135303338396534666663396665346265656463633761 -39383835643933313930303666303738666239643230613732663133653439333263333439616231 -61356164646635613136623233303939366333333734653731653861373339303139373334373530 -31363031343965623936623961643161646432303135633135336231366236656537663639653663 -66383731333164643331343133656563636333393538326336333762623362656163663363646234 -36356339386631616336376337613136663136373134356162666561303631386438306230383662 -62663464646131613861396563326636343136306564306165376530633062653762646261316461 -62626466613463363761646563336539386330333864343835636563323337616334363862336637 -64613132663230633264363034323163373065393737363130346232643931333635323735663230 -33656463326135353564666265383539353537343662346630373930313361323736633332336464 -63316135353238303032333831313865373364653131363938386465623235333536656331333232 -62376130633233396166663862646161343433663835626136303935373961643932653832613638 -366536376530363632643732323135656631 +62393338626639643838383931353333666538386437386464376434386639313034643464303566 +3364613933636666373834653234323935656566316632360a383834356137363464663861326661 +62313063323535646566353361326333306234613733306665363436656335643361396666633038 +6162633562353566310a633937373563313562363465376363393361613834343463316439643366 +33373932663331326564626465396138306531633630633863383465613436376630333263336262 +32353762353361633836353262663737353364653462386436663236616637333134323036323139 +30336132383661653362323962626430376334376361363039353263653031656635303063386234 +61393864303531333430346336346165356430613664623436306338636463363737333631376461 +63613064336438346636343562313165313963613164353161623238313066623337333230303338 +61656637623665343835306366643438636635663530666430323961653237626132663133656165 +61656163623839363461363635333831396239613534653962653462623737633765623730396434 +62363038376231626439323464643135393266333261643834643739383265333237353231336664 +39323239356134653237656365323832386663346363633732376462303035333565343662363634 +35613934386631613032363639373232333530323837353638313262663930306437383866313034 +64316334396633653462356633633733333532373662363930343236343730333838323762393561 +65346337356463396634343165636131373664346137373762326234316534633539643639313865 +66643230373565386233386235316365366632626437313163393635343361663961356337363434 +63303434383761303962333065306562646361353164646138623962386265313337643935616538 +37363464363335373961633664353533363563313834303463383562356634343833313431336339 +61386339346334626365633565353836663662363737656262636462376533323562666633373534 +33333835613639656166363464623061323933326661353231343135373432636466376238323062 +32313839313233376531656165356135363365323164393739323963656431666161336462393331 +65396139333031646266663039626434323336616332313837613139663339353834326632303938 +33613131623666643065303933383038653064393938656461633561376530633238643265653434 +63303861323537383766616230346636386130636433663463366263646266373963376531353535 +3662346663643162313761373637383439386436323230336538 diff --git a/host_vars/us/privfrontends_secrets.yaml b/host_vars/us/privfrontends_secrets.yaml index 87a7e8e..e5867df 100644 --- a/host_vars/us/privfrontends_secrets.yaml +++ b/host_vars/us/privfrontends_secrets.yaml @@ -1,20 +1,29 @@ $ANSIBLE_VAULT;1.1;AES256 -32613339666634363330653932366630643231623765363966653866656439363262383230343836 -3536666230383762623838666331353465333863393261650a653266633036646636623638633539 -65333864316332393565313239313136626366663339303235323331636337396535366662306530 -6135363132643035350a303830306266333065323037666236623634656232626437363832336630 -64336631346362306564616363326331616362316261303865343632623631356230653564313130 -39366438373739653264373439656564303438313166663333383365653730396335316334333366 -36326531643639646362323431323234326235356532623935383236373037323961613031366534 -35333732656236646666396137336166613238373866373838346137306538313065323635373338 -34613664313530656538643639643639393739373439353036633565636439373234316466636533 -39396631626662616135636130643662363236356532616238616234633833343163633230383134 -66633764633932613439636639373066333637653764653233353563326338303866323364313937 -65616533376430656262376634623331363830613634613731613936323235346633653663656336 -35656239653837663635363665653162303837326639653765616331383832666466656463303431 -35376237623365373764373866306462643333623438343934616662393134363036623232613437 -64376538393534386132383837306131336366323034373464356135343539373661636566383866 -38323861636561333063363935336339353830656563313432326539323963383634623461316539 -36393736353330353961613866316437376364623035636230666362633962323235396461343261 -36323561316533666130396432353735303239303661653331346333666439663532303065623137 -306166356434303664653536616366393864 +30383034393632393233613963333833353330663862626166363735333635336534396661323030 +3833636238656664343834363434653836623936653932340a623666323162613965643934613533 +31316265313430333531346464346664626166306435383339633166613665396464323362613334 +3139386335613664320a666234326462653064613331393464383634653030323162323265626635 +35303965613639326438373565353665396266366131623462393139313931393232663536626239 +30376535656338373133366539353431383861643239366433613139373733633563646538363061 +34643539376266616164653835343433353163663234663832376262393863393962333062353136 +37346638633737313333326432363836363561333037653830306562396536616238613433653435 +33656464663530306564363865303266366339313531643865346638393438333138346332383465 +30383736356539643132353364613239343862366436306233393931373038343136326461633138 +62396362303639633565323261376331646334333366643466303037616235306630636233393861 +34376165326461313364353730666331343235333661623936363730613337363532636331373566 +63653634393736646536663761373233613831356364613764646632626132346164623463616433 +30363436366532363366376336323032306366383932653839343733343132306263393939343936 +61613133343631353737386134653035333763666639663837343236666538636239346630363533 +32326637646337373138316431303935396532356637633339396636386133393763633662336138 +33623934373234343831666662663138313564623439333735343231643762363130623938643564 +63663436623963653536393662376164323337393664353939323430656435616330323062646463 +64623663356364366565363233383039666130303438653731643831326466366139323839646363 +34363431666264633536343638636165353064626362306362626337613865616436393462393132 +62386165366239373635353965393733393134616135636539363332636231613866653337366635 +39306165363833393233353737643231326332376538366366376564303238313361306436306434 +33643366393038303130346439646537626637666164346666333164626461633934343866663633 +63343964643034616664333737366532363838306666363030633338383531366165616330373163 +34383732353537316331666262316435616437653531383863323932626338343834656166326333 +31373232313439633434633964613038393433633939653933363563326263343238303937613735 +31346561393038313633326335613435653430343265303030363435616661356335316630623439 +62636663323232313634 diff --git a/inventory.yml b/inventory.yml index a395d14..8b48475 100644 --- a/inventory.yml +++ b/inventory.yml @@ -20,6 +20,7 @@ all: country: Luxembourg isp: BuyVM wiki_page: Pizza1 + watchtower_mtrx_username: watchtower-pizza us: ansible_host: us.projectsegfau.lt ansible_user: arya @@ -30,6 +31,7 @@ all: country: United States isp: Digital Ocean wiki_page: US_Node + watchtower_mtrx_username: watchtower-us in: ansible_host: in.projectsegfau.lt ansible_user: root @@ -39,4 +41,4 @@ all: country: India isp: Bharti Airtel wiki_page: India_Node - + watchtower_mtrx_username: watchtower-in diff --git a/privfrontends/compose/anonymousoverflow/compose.yml.j2 b/privfrontends/compose/anonymousoverflow/compose.yml.j2 new file mode 100644 index 0000000..05cae92 --- /dev/null +++ b/privfrontends/compose/anonymousoverflow/compose.yml.j2 @@ -0,0 +1,11 @@ +version: '3' + +services: + anonymousoverflow: + image: codeberg.org/aryak/anonymousoverflow-docker-builds:latest + environment: + - APP_URL=https://overflow.projectsegfau.lt + - JWT_SIGNING_SECRET={{anonymousoverflow_signing_secret}} + ports: + - '8694:8080' + restart: 'always' diff --git a/privfrontends/compose/gothub/compose.yml.j2 b/privfrontends/compose/gothub/compose.yml.j2 index 90061bf..8941b13 100644 --- a/privfrontends/compose/gothub/compose.yml.j2 +++ b/privfrontends/compose/gothub/compose.yml.j2 @@ -7,6 +7,16 @@ services: - "1024:3000" environment: - DOCKER=true + - GOTHUB_SETUP_COMPLETE=true + - GOTHUB_PROXYING_ENABLED=true + - GOTHUB_IP_LOGGED=false + - GOTHUB_REQUEST_URL_LOGGED=false + - GOTHUB_USER_AGENT_LOGGED=false + - GOTHUB_DIAGNOSTIC_INFO_LOGGED=false + - GOTHUB_INSTANCE_PRIVACY_POLICY=https://projectsegfau.lt/legal/privacy-policy + - GOTHUB_INSTANCE_COUNTRY={{country}} + - GOTHUB_INSTANCE_PROVIDER={{isp}} + - GOTHUB_INSTANCE_CLOUDFLARE=false healthcheck: test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/version || exit 1 interval: 30s diff --git a/privfrontends/compose/searxng/compose.yml.j2 b/privfrontends/compose/searxng/compose.yml.j2 new file mode 100644 index 0000000..cbfd540 --- /dev/null +++ b/privfrontends/compose/searxng/compose.yml.j2 @@ -0,0 +1,48 @@ +version: '3.7' + +services: + redis: + restart: unless-stopped + container_name: redis + image: "redis:alpine" + command: redis-server --save "" --appendonly "no" + networks: + - searxng + tmpfs: + - /var/lib/redis + cap_drop: + - ALL + cap_add: + - SETGID + - SETUID + - DAC_OVERRIDE + + searxng: + restart: unless-stopped + container_name: searxng + image: searxng/searxng:latest + networks: + - searxng + ports: + - "127.0.0.1:8081:8080" + volumes: + - ./searxng:/etc/searxng:rw + - ./extras.conf:/etc/searxng/settings.yml:rw + environment: + - SEARXNG_BASE_URL=https://search.{{inventory_hostname}}.projectsegfau.lt/ + cap_drop: + - ALL + cap_add: + - CHOWN + - SETGID + - SETUID + - DAC_OVERRIDE + logging: + driver: "json-file" + options: + max-size: "1m" + max-file: "1" +networks: + searxng: + ipam: + driver: default diff --git a/privfrontends/compose/searxng/extras.conf.j2 b/privfrontends/compose/searxng/extras.conf.j2 new file mode 100644 index 0000000..0887616 --- /dev/null +++ b/privfrontends/compose/searxng/extras.conf.j2 @@ -0,0 +1,168 @@ +use_default_settings: true +general: + debug: false + instance_name: "SearXNG | Project Segfault" + privacypolicy_url: https://projectsegfau.lt/legal/privacy-policy + donation_url: https://projectsegfau.lt/donate + contact_url: https://projectsegfau.lt/contact + enable_metrics: true +server: + # base_url is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml + secret_key: "{{searxng_secret_key}}" # change this! + limiter: false # can be disabled for a private instance + image_proxy: true + method: "GET" +ui: + static_use_hash: false + query_in_title: true + infinite_scroll: true + default_theme: simple + center_alignment: true + default_locale: "en" + results_on_new_tab: true + theme_args: + simple_style: auto +redis: + url: redis://redis:6379/0 +search: + # Filter results. 0: None, 1: Moderate, 2: Strict + safe_search: 1 + # Default search language - leave blank to detect from browser information or + # use codes from 'languages.py' + default_lang: "en" + # ban time in seconds after engine errors + ban_time_on_fail: 5 + # max ban time in seconds after engine errors + max_ban_time_on_fail: 120 + suspended_times: + # Engine suspension time after error (in seconds; set to 0 to disable) + # For error "Access denied" and "HTTP error [402, 403]" + SearxEngineAccessDenied: 86400 + # For error "CAPTCHA" + SearxEngineCaptcha: 86400 + # For error "Too many request" and "HTTP error 429" + SearxEngineTooManyRequests: 3600 + # Cloudflare CAPTCHA + cf_SearxEngineCaptcha: 1296000 + cf_SearxEngineAccessDenied: 86400 + # ReCAPTCHA + recaptcha_SearxEngineCaptcha: 604800 + formats: + - html + - csv + - json + - rss +outgoing: + enable_http2: true +enabled_plugins: + - 'Hash plugin' + - 'Self Information' + - 'Tracker URL remover' + - 'Open Access DOI rewrite' + - 'Vim-like hotkeys' + - 'Tor check plugin' + - 'Search on category select' +engines: + - name: google + use_mobile_ui: true + disabled: false + - name: bing + engine: bing + shortcut: bi + disabled: false + - name: duckduckgo + engine: duckduckgo + shortcut: ddg + disabled: true # DDG is useless since it just scrapes bing for results anyway + - name: wikiquote + engine: mediawiki + shortcut: wq + categories: general + base_url: "https://{language}.wikiquote.org/" + number_of_results: 5 + search_type: text + about: + website: https://www.wikiquote.org/ + wikidata_id: Q369 + disabled: false + - name: brave + shortcut: brave + engine: xpath + paging: true + time_range_support: true + first_page_num: 0 + time_range_url: "&tf={time_range_val}" + search_url: https://search.brave.com/search?q={query}&offset={pageno}&spellcheck=1{time_range} + url_xpath: //a[@class="result-header"]/@href + title_xpath: //span[@class="snippet-title"] + content_xpath: //p[1][@class="snippet-description"] + suggestion_xpath: //div[@class="text-gray h6"]/a + time_range_map: + day: 'pd' + week: 'pw' + month: 'pm' + year: 'py' + categories: [general, web] + headers: + Accept-Encoding: gzip, deflate + about: + website: https://brave.com/search/ + wikidata_id: Q107355971 + use_official_api: false + require_api_key: false + results: HTML + disabled: false + - name: codeberg + engine: json_engine + search_url: https://codeberg.org/api/v1/repos/search?q={query}&limit=10 + url_query: html_url + title_query: name + content_query: description + categories: [it, repos] + shortcut: cb + about: + website: https://codeberg.org/ + wikidata_id: + official_api_documentation: https://try.gitea.io/api/swagger + use_official_api: false + require_api_key: false + results: JSON + disabled: false + - name: gitlab + engine: json_engine + paging: true + search_url: https://gitlab.com/api/v4/projects?search={query}&page={pageno} + url_query: web_url + title_query: name_with_namespace + content_query: description + page_size: 20 + categories: [it, repos] + shortcut: gl + timeout: 10.0 + about: + website: https://about.gitlab.com/ + wikidata_id: Q16639197 + official_api_documentation: https://docs.gitlab.com/ee/api/ + use_official_api: false + require_api_key: false + results: JSON + disabled: false + - name: sourcehut + shortcut: srht + engine: xpath + paging: true + search_url: https://sr.ht/projects?page={pageno}&search={query} + results_xpath: (//div[@class="event-list"])[1]/div[@class="event"] + url_xpath: ./h4/a[2]/@href + title_xpath: ./h4/a[2] + content_xpath: ./p + first_page_num: 1 + categories: [it, repos] + disabled: false + about: + website: https://sr.ht + wikidata_id: Q78514485 + official_api_documentation: https://man.sr.ht/ + use_official_api: false + require_api_key: false + results: HTML diff --git a/privfrontends/compose/watchtower/compose.yml.j2 b/privfrontends/compose/watchtower/compose.yml.j2 new file mode 100644 index 0000000..7733522 --- /dev/null +++ b/privfrontends/compose/watchtower/compose.yml.j2 @@ -0,0 +1,15 @@ +version: 2 +services: + watchtower: + image: containrrr/watchtower + volumes: + - /var/run/docker.sock:/var/run/docker.sock + environment: + - TZ=Europe/Paris + - WATCHTOWER_CLEANUP=false + - DOCKER_API_VERSION=1.42 + - WATCHTOWER_INCLUDE_STOPPED=false + - WATCHTOWER_POLL_INTERVAL=3600 + - WATCHTOWER_MONITOR_ONLY=false + - WATCHTOWER_NOTIFICATION_URL=matrix://{{watchtower_mtrx_username}}:{{watchtower_mtrx_pass}}@matrix.projectsegfau.lt/ + restart: unless-stopped diff --git a/privfrontends/docker-tasks.yaml b/privfrontends/docker-tasks.yaml index bae0cd9..8139bae 100644 --- a/privfrontends/docker-tasks.yaml +++ b/privfrontends/docker-tasks.yaml @@ -1,17 +1,17 @@ --- - name: Copy docker-compose templates for the service template: - src: ../compose/{{item}}/compose.yml.j2 + src: ./compose/{{item}}/compose.yml.j2 dest: /opt/docker/{{item}}/compose.yml backup: yes register: check_status - name: check if extras file exists for the service - local_action: stat path=../compose/{{item}}/extras.conf.j2 + local_action: stat path=./compose/{{item}}/extras.conf.j2 register: file - name: Copy extras file template: - src: ../compose/{{item}}/extras.conf.j2 + src: ./compose/{{item}}/extras.conf.j2 dest: /opt/docker/{{item}}/extras.conf backup: yes when: file.stat.exists diff --git a/privfrontends/playbook.yaml b/privfrontends/playbook.yaml index 725fbbb..d12695e 100644 --- a/privfrontends/playbook.yaml +++ b/privfrontends/playbook.yaml @@ -4,7 +4,7 @@ roles: - role: caddy_ansible.caddy_ansible caddy_systemd_capabilities_enabled: true - caddy_config: "{{ lookup('template', '../templates/Caddyfile.j2') }}" + caddy_config: "{{ lookup('template', './templates/Caddyfile.j2') }}" caddy_user: "caddy" caddy_home: "/var/lib/caddy" # Static weekly builds of caddy with rfc2136 dns plugin @@ -12,8 +12,10 @@ tasks: - name: Copy per-server caddy extras copy: - src: "../{{ caddy_extras_config }}" - dest: /etc/caddy/extras.caddy + src: "./templates/{{ inventory_hostname }}/" + dest: /etc/caddy/ + remote_src: true + directory_mode: true - name: Setup docker compose for privacy frontends hosts: privfrontends vars: diff --git a/privfrontends/templates/1-extras.Caddyfile b/privfrontends/templates/1-extras.Caddyfile deleted file mode 100644 index 3e94a5d..0000000 --- a/privfrontends/templates/1-extras.Caddyfile +++ /dev/null @@ -1,272 +0,0 @@ -## OLD URL REDIRECTS -invidious.mutahar.rocks { - redir https://inv.bp.projectsegfau.lt{uri} permanent -} -ferrit.projectsegfau.lt snooddit.projectsegfau.lt libreddit.mutahar.rocks { - redir https://libreddit.projectsegfau.lt{uri} permanent -} -lbry.mutahar.rocks { - redir https://lbry.projectsegfau.lt{uri} permanent -} -nitter.mutahar.rocks { - redir https://nitter.projectsegfau.lt{uri} permanent -} -#redir inv.bp.mutahar.rocks inv.bp.projectsegfau.lt permanent -#redir libreddit.mutahar.rocks libreddit.projectsegfau.lt permanent -#redir lbry.mutahar.rocks lbry.projectsegfau.lt permanent -#redir nitter.mutahar.rocks nitter.projectsegfau.lt permanent -arya.projectsegfau.lt aryak.me { - reverse_proxy https://arya.p.projectsegfau.lt { - header_up Host arya.p.projectsegfau.lt - } -} -gothub.dev.projectsegfau.lt { - reverse_proxy localhost:1025 - import def - import torloc gothub.dev -} - -## PUBNIX -# Reverse proxy all user sites -*.p.projectsegfau.lt { - reverse_proxy 10.7.0.2:80 - import acmedns -} - -# Redirect base subdomain to the pubnix homepage -p.projectsegfau.lt { - redir https://projectsegfau.lt/pubnix -} - -# Cockpit -cockpit.p.projectsegfau.lt { - reverse_proxy 10.7.0.2:9090 { - transport http { - tls_insecure_skip_verify - } - } - import def - import torloc cockpit.p -} - -# PublAPI -publapi.p.projectsegfau.lt { - reverse_proxy 10.7.0.2:3000 - import def -} -grafana.p.projectsegfau.lt { - reverse_proxy 10.7.0.2:6943 { - header_up X-Real-IP {remote_host} - } - import def -} -geminiproxy.projectsegfau.lt geminiproxy.p.projectsegfau.lt { - reverse_proxy 10.7.0.2:8000 - import def - import torloc geminiproxy.p -} -http://pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - reverse_proxy https://projectsegfau.lt { - header_up Host "projectsegfau.lt" - } - import tor www - import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p -} -http://www.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - reverse_proxy https://projectsegfau.lt { - header_up Host "projectsegfau.lt" - } - import tor www - import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p -} -# Privacy Frontends -http://scribe.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - reverse_proxy localhost:8006 - import tor scribe - import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p -} -http://nitter.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - reverse_proxy localhost:8387 - import tor nitter - import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p -} -http://lbry.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor lbry - import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p - reverse_proxy localhost:3550 -} -http://libreddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor libreddit - import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p - reverse_proxy localhost:6464 -} -http://breezewiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor breezewiki - import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p - reverse_proxy localhost:10416 -} -http://beatbump.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor beatbump - import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p - reverse_proxy localhost:3069 -} -http://invbp.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor invbp - import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p - reverse_proxy localhost:3000 -} -http://rimgo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor rimgo - reverse_proxy localhost:9016 -} -http://teddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor teddit - reverse_proxy localhost:9061 -} -http://overflow.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor overflow - reverse_proxy localhost:8694 -} -http://gothub.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor gothub - reverse_proxy localhost:1024 -} -http://gothub.dev.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor gothub.dev - reverse_proxy localhost:1025 -} -http://inv.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor inv - import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p - reverse_proxy https://invidious.projectsegfau.lt { - header_up Host "invidious.projectsegfau.lt" - } -} -http://search.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor search - import i2ploc pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p - reverse_proxy https://search.projectsegfau.lt { - header_up Host "search.projectsegfau.lt" - } -} -http://git.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor git - import i2ploc pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p - reverse_proxy https://git.projectsegfau.lt { - header_up Host "git.projectsegfau.lt" - } -} -http://todo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor todo - import i2ploc pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p - reverse_proxy https://todo.projectsegfau.lt { - header_up Host "todo.projectsegfau.lt" - } -} -http://wiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor wiki - reverse_proxy https://wiki.projectsegfau.lt { - header_up Host "wiki.projectsegfau.lt" - } -} -http://pass.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor pass - reverse_proxy https://pass.projectsegfau.lt { - header_up Host "pass.projectsegfau.lt" - } -} -# Pubnix -http://geminiproxy.p.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor geminiproxy.p - reverse_proxy https://geminiproxy.p.projectsegfau.lt { - header_up Host "geminiproxy.p.projectsegfau.lt" - } -} -http://cockpit.p.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { - import tor cockpit.p - reverse_proxy https://cockpit.p.projectsegfau.lt { - header_up Host "cockpit.p.projectsegfau.lt" - } -} -## I2P -## I2P -http://pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p:6001 { - reverse_proxy https://projectsegfau.lt { - header_up Host "projectsegfau.lt" - } - import tor www - import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p -} -http://pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p:6008 { - reverse_proxy localhost:8006 - import tor scribe - import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p -} -http://pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p:6005 { - reverse_proxy localhost:8387 - import tor nitter - import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p -} -http://pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p:6003 { - import tor lbry - import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p - reverse_proxy localhost:3550 -} -http://pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p:6004 { - import tor libreddit - import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p - reverse_proxy localhost:6464 -} -http://pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p:6007 { # NW - import tor breezewiki - import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p - reverse_proxy localhost:10416 -} -http://pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p:6006 { - import tor beatbump - import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p - reverse_proxy localhost:3069 -} -http://pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p:6016 { - import tor invbp - import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p - reverse_proxy localhost:3000 -} -http://pjsf5ahv7ce67i5ic46ghum3scwatrsyac5i6aa5bynvnnlmpzfa.b32.i2p:6017 { - import tor rimgo - import i2ploc pjsf5ahv7ce67i5ic46ghum3scwatrsyac5i6aa5bynvnnlmpzfa.b32.i2p - reverse_proxy localhost:9016 -} -http://pjsfa3dd7rxocfqanxenpop2uqfgpw4nevrmy424u5qwyasqdu6a.b32.i2p:6018 { - import tor teddit - import i2ploc pjsfa3dd7rxocfqanxenpop2uqfgpw4nevrmy424u5qwyasqdu6a.b32.i2p - reverse_proxy localhost:9061 -} -http://pjsfhqamc7k6htnumrvn4cwqqdoggeepj7u5viyimgnxg3gar72q.b32.i2p:6002 { - import tor inv - import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p - reverse_proxy https://invidious.projectsegfau.lt { - header_up Host "invidious.projectsegfau.lt" - } -} -http://pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p:6012 { - import tor search - import i2ploc pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p - reverse_proxy https://search.projectsegfau.lt { - header_up Host "search.projectsegfau.lt" - } -} -http://pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p:6013 { - import tor git - import i2ploc pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p - reverse_proxy https://git.projectsegfau.lt { - header_up Host "git.projectsegfau.lt" - } -} -http://pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p:6015 { - import i2ploc pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p - import tor todo - reverse_proxy https://todo.projectsegfau.lt { - header_up Host "todo.projectsegfau.lt" - } -} diff --git a/privfrontends/templates/2-extras.Caddyfile b/privfrontends/templates/2-extras.Caddyfile deleted file mode 100644 index d3033f5..0000000 --- a/privfrontends/templates/2-extras.Caddyfile +++ /dev/null @@ -1,4 +0,0 @@ -fb.us.projectsegfau.lt { - import def - reverse_proxy :8065 -} diff --git a/privfrontends/templates/Caddyfile.j2 b/privfrontends/templates/Caddyfile.j2 index 4866260..7504170 100644 --- a/privfrontends/templates/Caddyfile.j2 +++ b/privfrontends/templates/Caddyfile.j2 @@ -24,7 +24,6 @@ dns rfc2136 { key_name "dynupd" key_alg "hmac-sha256" - # declared in secrets.en: https://aryak.me/blog/01-knot key "{{ rfc2136_key }}" server "107.189.12.96:53" } @@ -43,17 +42,24 @@ # clickjacking protection X-Frame-Options SAMEORIGIN - # keep referrer data off of HTTP connections - Referrer-Policy no-referrer-when-downgrade - X-XSS-Protection "1; mode=block" defer + } + log { + output discard + format filter { + wrap console + fields { + request>remote_ip replace REDACTED + request>headers>X-Forwarded-For replace REDACTED + } + } } {% if inventory_hostname == 'in' %} import acmedns {% endif %} } -{{inventory_hostname}}.projectsegfau.lt {% if inventory_hostname == 'eu' %} pizza1.projectsegfau.lt {% endif %} { +:80 {{inventory_hostname}}.projectsegfau.lt {% if inventory_hostname == 'eu' %} pizza1.projectsegfau.lt {% endif %} { redir https://wiki.projectsegfau.lt/index.php?title={{wiki_page}} } cdn.projectsegfau.lt cdn.{{inventory_hostname}}.projectsegfau.lt { @@ -80,6 +86,46 @@ inv.bp.projectsegfau.lt { X-XSS-Protection "1; mode=block" defer + } + log { + output discard + format filter { + wrap console + fields { + request>remote_ip replace REDACTED + request>headers>X-Forwarded-For replace REDACTED + } + } + } + import torloc invbp + import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p +} +i.bp.psf.lt { + reverse_proxy localhost:7573 + header { + # disable FLoC tracking + Permissions-Policy interest-cohort=() + -Content-Security-Policy + # enable HSTS + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + # disable clients from sniffing the media type + X-Content-Type-Options nosniff + + # keep referrer data off of HTTP connections + Referrer-Policy no-referrer-when-downgrade + + X-XSS-Protection "1; mode=block" + defer + } + log { + output discard + format filter { + wrap console + fields { + request>remote_ip replace REDACTED + request>headers>X-Forwarded-For replace REDACTED + } + } } import torloc invbp import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p @@ -105,6 +151,47 @@ inv.{{inventory_hostname}}.projectsegfau.lt { X-XSS-Protection "1; mode=block" defer + } + log { + output discard + format filter { + wrap console + fields { + request>remote_ip replace REDACTED + request>headers>X-Forwarded-For replace REDACTED + } + } + } + {% if inventory_hostname == 'in' %} + import acmedns + {% endif %} +} +i.{{inventory_hostname}}.psf.lt { + reverse_proxy localhost:7573 + header { + # disable FLoC tracking + Permissions-Policy interest-cohort=() + -Content-Security-Policy + # enable HSTS + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + # disable clients from sniffing the media type + X-Content-Type-Options nosniff + + # keep referrer data off of HTTP connections + Referrer-Policy no-referrer-when-downgrade + + X-XSS-Protection "1; mode=block" + defer + } + log { + output discard + format filter { + wrap console + fields { + request>remote_ip replace REDACTED + request>headers>X-Forwarded-For replace REDACTED + } + } } {% if inventory_hostname == 'in' %} import acmedns @@ -126,11 +213,51 @@ piped.{{inventory_hostname}}.projectsegfau.lt pipedproxy.{{inventory_hostname}}. X-XSS-Protection "1; mode=block" defer + } + log { + output discard + format filter { + wrap console + fields { + request>remote_ip replace REDACTED + request>headers>X-Forwarded-For replace REDACTED + } + } } {% if inventory_hostname == 'in' %} import acmedns {% endif %} } +pi.{{inventory_hostname}}.psf.lt { + reverse_proxy :6970 { + header_up Host "piped.{{inventory_hostname}}.projectsegfau.lt" + } + header { + # disable FLoC tracking + Permissions-Policy interest-cohort=() + + # enable HSTS + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + # disable clients from sniffing the media type + X-Content-Type-Options nosniff + + # keep referrer data off of HTTP connections + Referrer-Policy no-referrer-when-downgrade + + X-XSS-Protection "1; mode=block" + defer + } + log { + output discard + format filter { + wrap console + fields { + request>remote_ip replace REDACTED + request>headers>X-Forwarded-For replace REDACTED + } + } + } +} {% endif %} lbry.{{inventory_hostname}}.projectsegfau.lt lbry.projectsegfau.lt { reverse_proxy :7269 @@ -138,35 +265,35 @@ lbry.{{inventory_hostname}}.projectsegfau.lt lbry.projectsegfau.lt { import torloc lbry import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p } -gothub.{{inventory_hostname}}.projectsegfau.lt gothub.projectsegfau.lt { +gothub.{{inventory_hostname}}.projectsegfau.lt gothub.projectsegfau.lt gh.psf.lt gh.{{inventory_hostname}}.psf.lt { reverse_proxy :1024 import def import torloc gothub } -overflow.{{inventory_hostname}}.projectsegfau.lt overflow.projectsegfau.lt { +overflow.{{inventory_hostname}}.projectsegfau.lt overflow.projectsegfau.lt o.psf.lt o.{{inventory_hostname}}.psf.lt { reverse_proxy :8694 import def import torloc overflow } -teddit.{{inventory_hostname}}.projectsegfau.lt teddit.projectsegfau.lt { +teddit.{{inventory_hostname}}.projectsegfau.lt teddit.projectsegfau.lt t.psf.lt t.{{inventory_hostname}}.psf.lt { reverse_proxy :9061 import def import torloc teddit } -rimgo.{{inventory_hostname}}.projectsegfau.lt rimgo.projectsegfau.lt { +rimgo.{{inventory_hostname}}.projectsegfau.lt rimgo.projectsegfau.lt rg.psf.lt rg.{{inventory_hostname}}.psf.lt { reverse_proxy :9016 import def import torloc rimgo } -libreddit.{{inventory_hostname}}.projectsegfau.lt libreddit.projectsegfau.lt { +libreddit.{{inventory_hostname}}.projectsegfau.lt libreddit.projectsegfau.lt lr.psf.lt lr.{{inventory_hostname}}.psf.lt { reverse_proxy :6464 import def import torloc libreddit import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p } -nitter.{{inventory_hostname}}.projectsegfau.lt nitter.projectsegfau.lt { +nitter.{{inventory_hostname}}.projectsegfau.lt nitter.projectsegfau.lt n.psf.lt n.{{inventory_hostname}}.psf.lt { import def header { X-Permitted-Cross-Domain-Policies none @@ -188,13 +315,13 @@ bb.{{inventory_hostname}}.projectsegfau.lt bb.projectsegfau.lt { reverse_proxy :3069 } -bw.{{inventory_hostname}}.projectsegfau.lt bw.projectsegfau.lt { +bw.{{inventory_hostname}}.projectsegfau.lt bw.projectsegfau.lt bw.psf.lt bw.{{inventory_hostname}}.psf.lt { import def import torloc breezewiki import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p reverse_proxy :10416 } -scribe.{{inventory_hostname}}.projectsegfau.lt scribe.projectsegfau.lt { +scribe.{{inventory_hostname}}.projectsegfau.lt scribe.projectsegfau.lt sc.psf.lt sc.{{inventory_hostname}}.psf.lt { import def import torloc scribe import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p @@ -202,7 +329,7 @@ scribe.{{inventory_hostname}}.projectsegfau.lt scribe.projectsegfau.lt { } {% if inventory_hostname == 'eu' %} {% else %} -search.{{inventory_hostname}}.projectsegfau.lt { +search.{{inventory_hostname}}.projectsegfau.lt s.psf.lt s.{{inventory_hostname}}.psf.lt { import def reverse_proxy :8081 @api { @@ -265,4 +392,4 @@ search.{{inventory_hostname}}.projectsegfau.lt { } } {% endif %} -include ./extras.caddy +include ./*.Caddyfile diff --git a/privfrontends/templates/eu/darknet.Caddyfile b/privfrontends/templates/eu/darknet.Caddyfile new file mode 100644 index 0000000..f0955a3 --- /dev/null +++ b/privfrontends/templates/eu/darknet.Caddyfile @@ -0,0 +1,110 @@ +http://pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p { + reverse_proxy https://projectsegfau.lt { + header_up Host "projectsegfau.lt" + } + import tor www + import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p +} +http://www.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p { + reverse_proxy https://projectsegfau.lt { + header_up Host "projectsegfau.lt" + } + import tor www + import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p +} +# Privacy Frontends +http://scribe.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p { + reverse_proxy localhost:8006 + import tor scribe + import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p +} +http://nitter.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p { + reverse_proxy localhost:8387 + import tor nitter + import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p +} +http://lbry.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p { + import tor lbry + import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p + reverse_proxy localhost:3550 +} +http://libreddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p { + import tor libreddit + import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p + reverse_proxy localhost:6464 +} +http://breezewiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p { + import tor breezewiki + import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p + reverse_proxy localhost:10416 +} +http://beatbump.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p { + import tor beatbump + import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p + reverse_proxy localhost:3069 +} +http://invbp.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p { + import tor invbp + import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p + reverse_proxy localhost:3000 +} +http://rimgo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor rimgo + reverse_proxy localhost:9016 +} +http://teddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor teddit + reverse_proxy localhost:9061 +} +http://overflow.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor overflow + reverse_proxy localhost:8694 +} +http://gothub.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor gothub + reverse_proxy localhost:1024 +} +http://gothub.dev.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor gothub.dev + reverse_proxy localhost:1025 +} +http://inv.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p { + import tor inv + import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p + reverse_proxy https://invidious.projectsegfau.lt { + header_up Host "invidious.projectsegfau.lt" + } +} +http://search.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p { + import tor search + import i2ploc pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p + reverse_proxy https://search.projectsegfau.lt { + header_up Host "search.projectsegfau.lt" + } +} +http://git.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p { + import tor git + import i2ploc pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p + reverse_proxy https://git.projectsegfau.lt { + header_up Host "git.projectsegfau.lt" + } +} +http://todo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion http://pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p { + import tor todo + import i2ploc pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p + reverse_proxy https://todo.projectsegfau.lt { + header_up Host "todo.projectsegfau.lt" + } +} +http://wiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor wiki + reverse_proxy https://wiki.projectsegfau.lt { + header_up Host "wiki.projectsegfau.lt" + } +} +http://pass.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor pass + reverse_proxy https://pass.projectsegfau.lt { + header_up Host "pass.projectsegfau.lt" + } +} diff --git a/privfrontends/templates/eu/misc.Caddyfile b/privfrontends/templates/eu/misc.Caddyfile new file mode 100644 index 0000000..829a14c --- /dev/null +++ b/privfrontends/templates/eu/misc.Caddyfile @@ -0,0 +1,30 @@ +stats.eu.projectsegfau.lt { + import auth + reverse_proxy localhost:9100 + import def +} +aryak.me { + reverse_proxy https://prox-arya.p.projectsegfau.lt { + header_up Host prox-arya.p.projectsegfau.lt + } +} +arya.projectsegfau.lt { + redir https://aryak.me{uri} +} +## OLD URL REDIRECTS +invidious.mutahar.rocks { + redir https://inv.bp.projectsegfau.lt{uri} permanent +} +ferrit.projectsegfau.lt snooddit.projectsegfau.lt libreddit.mutahar.rocks { + redir https://libreddit.projectsegfau.lt{uri} permanent +} +lbry.mutahar.rocks { + redir https://lbry.projectsegfau.lt{uri} permanent +} +nitter.mutahar.rocks { + redir https://nitter.projectsegfau.lt{uri} permanent +} +#redir inv.bp.mutahar.rocks inv.bp.projectsegfau.lt permanent +#redir libreddit.mutahar.rocks libreddit.projectsegfau.lt permanent +#redir lbry.mutahar.rocks lbry.projectsegfau.lt permanent +#redir nitter.mutahar.rocks nitter.projectsegfau.lt permanent diff --git a/privfrontends/templates/eu/pubnix.Caddyfile b/privfrontends/templates/eu/pubnix.Caddyfile new file mode 100644 index 0000000..48cbfe6 --- /dev/null +++ b/privfrontends/templates/eu/pubnix.Caddyfile @@ -0,0 +1,46 @@ +# Reverse proxy all user sites +*.p.projectsegfau.lt { + reverse_proxy 10.7.0.2:80 + import acmedns +} +*.p.psf.lt { + @host header_regexp host Host ^([a-zA-Z0-9]+\-)?([A-Za-z0-9]+)\.p\.psf\.lt + handle @host { + reverse_proxy 10.7.0.2:80 { + header_up Host "{re.host.1}{re.host.2}.p.projectsegfau.lt" + } + } + import acmedns +} +# Redirect base subdomain to the pubnix homepage +p.projectsegfau.lt p.psf.lt { + redir https://projectsegfau.lt/pubnix +} + +# Cockpit +cockpit.p.projectsegfau.lt { + reverse_proxy 10.7.0.2:9090 { + transport http { + tls_insecure_skip_verify + } + } + import def + import torloc cockpit.p +} + +# PublAPI +publapi.p.projectsegfau.lt { + reverse_proxy 10.7.0.2:3000 + import def +} +grafana.p.projectsegfau.lt { + reverse_proxy 10.7.0.2:6943 { + header_up X-Real-IP {remote_host} + } + import def +} +geminiproxy.projectsegfau.lt geminiproxy.p.projectsegfau.lt gp.p.psf.lt { + reverse_proxy 10.7.0.2:8000 + import def + import torloc geminiproxy.p +} diff --git a/privfrontends/templates/3-extras.Caddyfile b/privfrontends/templates/in/misc.Caddyfile similarity index 75% rename from privfrontends/templates/3-extras.Caddyfile rename to privfrontends/templates/in/misc.Caddyfile index 3b9fea8..1bc4cd1 100644 --- a/privfrontends/templates/3-extras.Caddyfile +++ b/privfrontends/templates/in/misc.Caddyfile @@ -3,6 +3,7 @@ bitpuit.in.projectsegfau.lt { } # PERSONAL https://m.in.projectsegfau.lt:8448 m.in.projectsegfau.lt { + import def reverse_proxy http://192.168.1.47:8008 } files.perso.in.projectsegfau.lt files.perso.in.projectsegfau.lt:6942 { @@ -18,12 +19,12 @@ tnfiles.perso.in.projectsegfau.lt { root * /zfspool/files/tn-sw } discourse.tildevarsh.in { - reverse_proxy https://192.168.1.21:443 { - transport http { - tls_insecure_skip_verify - } - header_up X-Real-IP {remote_host} - } + reverse_proxy https://192.168.1.21:443 { + transport http { + tls_insecure_skip_verify + } + header_up X-Real-IP {remote_host} + } } jf.perso.in.projectsegfau.lt { reverse_proxy 192.168.1.20:8096 diff --git a/privfrontends/templates/us/misc.Caddyfile b/privfrontends/templates/us/misc.Caddyfile new file mode 100644 index 0000000..9b48dcb --- /dev/null +++ b/privfrontends/templates/us/misc.Caddyfile @@ -0,0 +1,11 @@ +stats.us.projectsegfau.lt { + basicauth * { + admin $2a$14$XhZ/Akcdk60yjMTKgYClr.sog.2B6WyECyc98lUJZp3diflifCR9O + } + reverse_proxy http://127.0.0.1:9100 + import def +} +fb.us.projectsegfau.lt { + import def + reverse_proxy localhost:8065 +} diff --git a/secrets.enc b/secrets.enc index 671d63b..0ee862a 100644 --- a/secrets.enc +++ b/secrets.enc @@ -1,8 +1,10 @@ $ANSIBLE_VAULT;1.1;AES256 -30366366316131343265303362623939653433343438313263376234356334633735333138663535 -6536366438653031346361343137346337623437303230340a386332396135303634376439663066 -35633161396431663834313262313734373036333838633463393534373064336530353766393065 -3934323661626637370a316464353939393237346336376663616536653361333736373533633039 -37623362313061646332633664303763346334343064383236656337383834346565636261336135 -37333234373862626462653037653234396662323964343065393135316463656164323364386539 -663038613439316436643435633433333064 +64633932333563646561656563363431393834393739343364323638653835376262303833396165 +3837323964306264333936336236633064393131626532320a343832376539353235653433386138 +66653139353635393631636261646265353565643564663139316334386439646162343766613666 +3332323135643836320a613234393233656138316232396262393562353230326664653537333839 +39396161306238363931313633396263316661383163313436323362346133653935643935636534 +61646463313934663230383838323064646635633163313731396330326631643431383837303563 +34303965643438626338633763323638633731616637393632643930346534366364643531343538 +63363161383038316438666236343566376131623832626334653239643535656535303735643665 +38643264383032633835323764383638303166386566393165663537393232613636