From ffd4cecfe96f9155702a024a2a0950a2f45b57dd Mon Sep 17 00:00:00 2001 From: Arya Kiran Date: Thu, 20 Jul 2023 14:24:04 +0530 Subject: [PATCH] caddyfmt on server-specific confs --- privfrontends/templates/core/apps.Caddyfile | 36 ++++---- .../templates/core/internal.Caddyfile | 6 +- privfrontends/templates/eu/misc.Caddyfile | 88 +++++++++---------- privfrontends/templates/eu/pubnix.Caddyfile | 8 +- privfrontends/templates/in/misc.Caddyfile | 42 ++++----- privfrontends/templates/us/misc.Caddyfile | 14 ++- 6 files changed, 95 insertions(+), 99 deletions(-) diff --git a/privfrontends/templates/core/apps.Caddyfile b/privfrontends/templates/core/apps.Caddyfile index 0641b34..bf60a1c 100644 --- a/privfrontends/templates/core/apps.Caddyfile +++ b/privfrontends/templates/core/apps.Caddyfile @@ -22,23 +22,23 @@ social.projectsegfau.lt { # And https://poa.st/notice/AWDToOiKAl4BPhdEB6 # And https://gleasonator.com/notice/AW3PsTi4WCWEUbN0uO media.social.projectsegfau.lt { - handle /media/* { - reverse_proxy 192.168.5.2:4011 { - transport http { - response_header_timeout 10s - read_timeout 15s - } - } - } + handle /media/* { + reverse_proxy 192.168.5.2:4011 { + transport http { + response_header_timeout 10s + read_timeout 15s + } + } + } - handle /proxy/* { - reverse_proxy 192.168.5.2:4011 { - transport http { - response_header_timeout 10s - read_timeout 15s - } - } - } + handle /proxy/* { + reverse_proxy 192.168.5.2:4011 { + transport http { + response_header_timeout 10s + read_timeout 15s + } + } + } } # Cinny @@ -275,8 +275,8 @@ kbin.projectsegfau.lt, kb.psf.lt { import def } gothub.dev.projectsegfau.lt gh.dev.psf.lt { - reverse_proxy 192.168.5.2:1025 - import def + reverse_proxy 192.168.5.2:1025 + import def } ak.psf.lt { redir https://social.projectsegfau.lt{uri} diff --git a/privfrontends/templates/core/internal.Caddyfile b/privfrontends/templates/core/internal.Caddyfile index e59e478..378ca57 100644 --- a/privfrontends/templates/core/internal.Caddyfile +++ b/privfrontends/templates/core/internal.Caddyfile @@ -80,12 +80,12 @@ c.midou.dev { # Headscale (tailscale control server) hs.projectsegfau.lt { - reverse_proxy /web* https://192.168.5.5:9443 { + reverse_proxy /web* https://192.168.5.5:9443 { transport http { tls_insecure_skip_verify } } - reverse_proxy * 192.168.5.5:8089 + reverse_proxy * 192.168.5.5:8089 } # Caddy daily build (for ansible) @@ -100,5 +100,5 @@ docs.gothub.app { } # OLD URLs http://mutahar.rocks, http://*.mutahar.rocks { - redir https://projectsegfau.lt + redir https://projectsegfau.lt } diff --git a/privfrontends/templates/eu/misc.Caddyfile b/privfrontends/templates/eu/misc.Caddyfile index 197b600..3ab8f72 100644 --- a/privfrontends/templates/eu/misc.Caddyfile +++ b/privfrontends/templates/eu/misc.Caddyfile @@ -1,71 +1,71 @@ stats.eu.projectsegfau.lt { - basicauth * { - admin $2a$14$4R5m1Kl74xwVp8MsR.jFeOpa6ssXwHN7ANwJi300zIrienTG44Abi - } - reverse_proxy localhost:9100 - import def + basicauth * { + admin $2a$14$4R5m1Kl74xwVp8MsR.jFeOpa6ssXwHN7ANwJi300zIrienTG44Abi + } + reverse_proxy localhost:9100 + import def } inv.bp.projectsegfau.lt, i.bp.psf.lt { - reverse_proxy localhost:7573 - header { - # disable FLoC tracking - Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()"; + reverse_proxy localhost:7573 + header { + # disable FLoC tracking + Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()"; - # enable HSTS - Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" - # disable clients from sniffing the media type - X-Content-Type-Options nosniff - -Content-Security-Policy + # enable HSTS + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + # disable clients from sniffing the media type + X-Content-Type-Options nosniff + -Content-Security-Policy - # keep referrer data off of HTTP connections - Referrer-Policy no-referrer-when-downgrade + # keep referrer data off of HTTP connections + Referrer-Policy no-referrer-when-downgrade - X-XSS-Protection "1; mode=block" - defer - } - log { - output discard - format filter { - wrap console - fields { - request>remote_ip replace REDACTED - request>headers>X-Forwarded-For replace REDACTED - } - } - } - import torloc invbp - import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p + X-XSS-Protection "1; mode=block" + defer + } + log { + output discard + format filter { + wrap console + fields { + request>remote_ip replace REDACTED + request>headers>X-Forwarded-For replace REDACTED + } + } + } + import torloc invbp + import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p } proxy.lbry.projectsegfau.lt { - reverse_proxy localhost:3001 - import def + reverse_proxy localhost:3001 + import def } aryak.me { - reverse_proxy https://prox-arya.p.projectsegfau.lt { - header_up Host prox-arya.p.projectsegfau.lt - } + reverse_proxy https://prox-arya.p.projectsegfau.lt { + header_up Host prox-arya.p.projectsegfau.lt + } } arya.projectsegfau.lt { redir https://aryak.me{uri} } ## OLD URL REDIRECTS bb.us.projectsegfau.lt bb.in.projectsegfau.lt bb.eu.projectsegfau.lt bb.projectsegfau.lt { - import def - import torloc beatbump - import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p - redir https://hyperpipe.projectsegfau.lt{uri} + import def + import torloc beatbump + import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p + redir https://hyperpipe.projectsegfau.lt{uri} } invidious.mutahar.rocks { - redir https://inv.bp.projectsegfau.lt{uri} permanent + redir https://inv.bp.projectsegfau.lt{uri} permanent } ferrit.projectsegfau.lt snooddit.projectsegfau.lt libreddit.mutahar.rocks { - redir https://libreddit.projectsegfau.lt{uri} permanent + redir https://libreddit.projectsegfau.lt{uri} permanent } lbry.mutahar.rocks { - redir https://lbry.projectsegfau.lt{uri} permanent + redir https://lbry.projectsegfau.lt{uri} permanent } nitter.mutahar.rocks { - redir https://nitter.projectsegfau.lt{uri} permanent + redir https://nitter.projectsegfau.lt{uri} permanent } #redir inv.bp.mutahar.rocks inv.bp.projectsegfau.lt permanent #redir libreddit.mutahar.rocks libreddit.projectsegfau.lt permanent diff --git a/privfrontends/templates/eu/pubnix.Caddyfile b/privfrontends/templates/eu/pubnix.Caddyfile index 48cbfe6..7386eea 100644 --- a/privfrontends/templates/eu/pubnix.Caddyfile +++ b/privfrontends/templates/eu/pubnix.Caddyfile @@ -4,12 +4,12 @@ import acmedns } *.p.psf.lt { - @host header_regexp host Host ^([a-zA-Z0-9]+\-)?([A-Za-z0-9]+)\.p\.psf\.lt - handle @host { + @host header_regexp host Host ^([a-zA-Z0-9]+\-)?([A-Za-z0-9]+)\.p\.psf\.lt + handle @host { reverse_proxy 10.7.0.2:80 { header_up Host "{re.host.1}{re.host.2}.p.projectsegfau.lt" - } - } + } + } import acmedns } # Redirect base subdomain to the pubnix homepage diff --git a/privfrontends/templates/in/misc.Caddyfile b/privfrontends/templates/in/misc.Caddyfile index d924eed..4651ae3 100644 --- a/privfrontends/templates/in/misc.Caddyfile +++ b/privfrontends/templates/in/misc.Caddyfile @@ -1,5 +1,5 @@ bitpuit.in.projectsegfau.lt { - respond "Go fuck yourself devrand" + respond "Go fuck yourself devrand" } dd.psf.lt { reverse_proxy :8008 @@ -9,34 +9,34 @@ libretranslate.in.projectsegfau.lt { } # PERSONAL https://m.in.projectsegfau.lt:8448 m.in.projectsegfau.lt { - import def - reverse_proxy http://192.168.1.47:8008 + import def + reverse_proxy http://192.168.1.47:8008 } files.perso.in.projectsegfau.lt files.perso.in.projectsegfau.lt:6942 { - file_server { - browse - } - root * /zfspool/files + file_server { + browse + } + root * /zfspool/files } tnfiles.perso.in.projectsegfau.lt { - file_server { - browse - } - root * /zfspool/files/tn-sw + file_server { + browse + } + root * /zfspool/files/tn-sw } discourse.tildevarsh.in { - reverse_proxy https://192.168.1.21:443 { - transport http { - tls_insecure_skip_verify - } - header_up X-Real-IP {remote_host} - } + reverse_proxy https://192.168.1.21:443 { + transport http { + tls_insecure_skip_verify + } + header_up X-Real-IP {remote_host} + } } jf.perso.in.projectsegfau.lt { - reverse_proxy 192.168.1.20:8096 - import def + reverse_proxy 192.168.1.20:8096 + import def } nc.perso.in.projectsegfau.lt { - reverse_proxy 192.168.1.20:80 - import def + reverse_proxy 192.168.1.20:80 + import def } diff --git a/privfrontends/templates/us/misc.Caddyfile b/privfrontends/templates/us/misc.Caddyfile index 9b48dcb..b7f8f3e 100644 --- a/privfrontends/templates/us/misc.Caddyfile +++ b/privfrontends/templates/us/misc.Caddyfile @@ -1,11 +1,7 @@ stats.us.projectsegfau.lt { - basicauth * { - admin $2a$14$XhZ/Akcdk60yjMTKgYClr.sog.2B6WyECyc98lUJZp3diflifCR9O - } - reverse_proxy http://127.0.0.1:9100 - import def -} -fb.us.projectsegfau.lt { - import def - reverse_proxy localhost:8065 + basicauth * { + admin $2a$14$XhZ/Akcdk60yjMTKgYClr.sog.2B6WyECyc98lUJZp3diflifCR9O + } + reverse_proxy http://127.0.0.1:9100 + import def }