From 0d0ab665866acfe25fe45161ca2e64dc3edf58a9 Mon Sep 17 00:00:00 2001 From: Pizza1 Date: Sun, 16 Apr 2023 03:35:37 -0700 Subject: [PATCH] add configs --- caddy/Caddyfile | 77 +++++++++++++++++ caddy/frontends.caddy | 90 ++++++++++++++++++++ caddy/i2p.caddy | 82 ++++++++++++++++++ caddy/pubnix.caddy | 38 +++++++++ caddy/tor.caddy | 123 +++++++++++++++++++++++++++ cdn/cdnupdate | 6 ++ docker/README.md | 4 + docker/anonymousoverflow-compose.yml | 17 ++++ docker/beatbump-compose.yml | 22 +++++ docker/breezewiki/config.ini | 4 + docker/breezewiki/docker-compose.yml | 9 ++ docker/gothub-compose.yml | 15 ++++ docker/gothub-dev-compose.yml | 25 ++++++ docker/invidious-compose.yml | 76 +++++++++++++++++ docker/libreddit-compose.yml | 16 ++++ docker/nitter/docker-compose.yaml | 25 ++++++ docker/nitter/nitter.conf | 45 ++++++++++ docker/replace-compose | 4 + docker/rimgo-compose.yml | 21 +++++ docker/scribe-compose.yml | 17 ++++ docker/teddit-compose.yml | 42 +++++++++ docker/watchtower-compose.yml | 17 ++++ haproxy/haproxy.cfg | 30 +++++++ i2pd/README.md | 4 + i2pd/i2pd_funcs | 32 +++++++ knot/geodnstemplate | 28 ++++++ knot/geodnsupdate | 11 +++ knot/knot.conf | 52 +++++++++++ knot/zones/projectsegfau.lt.zone | 105 +++++++++++++++++++++++ tor/README.md | 4 + 30 files changed, 1041 insertions(+) create mode 100644 caddy/Caddyfile create mode 100644 caddy/frontends.caddy create mode 100644 caddy/i2p.caddy create mode 100644 caddy/pubnix.caddy create mode 100644 caddy/tor.caddy create mode 100755 cdn/cdnupdate create mode 100644 docker/README.md create mode 100644 docker/anonymousoverflow-compose.yml create mode 100644 docker/beatbump-compose.yml create mode 100644 docker/breezewiki/config.ini create mode 100644 docker/breezewiki/docker-compose.yml create mode 100644 docker/gothub-compose.yml create mode 100644 docker/gothub-dev-compose.yml create mode 100755 docker/invidious-compose.yml create mode 100644 docker/libreddit-compose.yml create mode 100755 docker/nitter/docker-compose.yaml create mode 100755 docker/nitter/nitter.conf create mode 100755 docker/replace-compose create mode 100644 docker/rimgo-compose.yml create mode 100644 docker/scribe-compose.yml create mode 100644 docker/teddit-compose.yml create mode 100644 docker/watchtower-compose.yml create mode 100644 haproxy/haproxy.cfg create mode 100644 i2pd/README.md create mode 100644 i2pd/i2pd_funcs create mode 100644 knot/geodnstemplate create mode 100755 knot/geodnsupdate create mode 100644 knot/knot.conf create mode 100644 knot/zones/projectsegfau.lt.zone create mode 100644 tor/README.md diff --git a/caddy/Caddyfile b/caddy/Caddyfile new file mode 100644 index 0000000..8526207 --- /dev/null +++ b/caddy/Caddyfile @@ -0,0 +1,77 @@ +(tor) { + header { + -Strict-Transport-Security + -Referrer-Policy + -X-XSS-Protection + -Content-Security-Policy + # disable clients from sniffing the media type + X-Content-Type-Options nosniff + Permissions-Policy interest-cohort=() + # clickjacking protection + X-Frame-Options SAMEORIGIN + Onion-Location http://{args.0}.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion{path} + defer + } +} +(torloc) { + header Onion-Location http://{args.0}.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion{path} +} +(i2ploc) { + header X-I2P-Location http://{args.0}{path} +} +(def) { + header { + # disable FLoC tracking + Permissions-Policy interest-cohort=() + # enable HSTS + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + # disable clients from sniffing the media type + X-Content-Type-Options nosniff + # clickjacking protection + X-Frame-Options SAMEORIGIN + # keep referrer data off of HTTP connections + Referrer-Policy no-referrer-when-downgrade + X-XSS-Protection "1; mode=block" + defer + } +} + +:80 { + redir https://wiki.projectsegfau.lt/index.php?title=Pizza-1 +} + +import /etc/private.caddy +import ./*.caddy + +stats.eu.projectsegfau.lt { + import auth + reverse_proxy localhost:9100 + import def +} +arya.projectsegfau.lt aryak.me { + reverse_proxy https://arya.p.projectsegfau.lt { + header_up Host arya.p.projectsegfau.lt + } +} +cdn.eu.projectsegfau.lt cdn.projectsegfau.lt { + encode zstd gzip + root * /var/cdn + file_server browse +} +## OLD URL REDIRECTS +invidious.mutahar.rocks { + redir https://inv.bp.projectsegfau.lt{uri} permanent +} +ferrit.projectsegfau.lt snooddit.projectsegfau.lt libreddit.mutahar.rocks { + redir https://libreddit.projectsegfau.lt{uri} permanent +} +lbry.mutahar.rocks { + redir https://lbry.projectsegfau.lt{uri} permanent +} +nitter.mutahar.rocks { + redir https://nitter.projectsegfau.lt{uri} permanent +} +#redir inv.bp.mutahar.rocks inv.bp.projectsegfau.lt permanent +#redir libreddit.mutahar.rocks libreddit.projectsegfau.lt permanent +#redir lbry.mutahar.rocks lbry.projectsegfau.lt permanent +#redir nitter.mutahar.rocks nitter.projectsegfau.lt permanent diff --git a/caddy/frontends.caddy b/caddy/frontends.caddy new file mode 100644 index 0000000..0b437ed --- /dev/null +++ b/caddy/frontends.caddy @@ -0,0 +1,90 @@ +## Privacy Frontends +inv.bp.projectsegfau.lt { + reverse_proxy localhost:3000 + import torloc invbp + header { + # disable FLoC tracking + Permissions-Policy interest-cohort=() + + # enable HSTS + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + # disable clients from sniffing the media type + X-Content-Type-Options nosniff + + # keep referrer data off of HTTP connections + Referrer-Policy no-referrer-when-downgrade + + X-XSS-Protection "1; mode=block" + defer + } +} + +gothub.dev.projectsegfau.lt { + reverse_proxy localhost:1025 + import def + import torloc gothub.dev +} + +lbry.projectsegfau.lt lbry.g.projectsegfau.lt lbry.eu.projectsegfau.lt { + reverse_proxy localhost:3550 + import def + import torloc lbry + import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p +} + +proxy.lbry.projectsegfau.lt { + reverse_proxy localhost:3001 + import def +} + +gothub.projectsegfau.lt gothub.g.projectsegfau.lt gothub.eu.projectsegfau.lt { + reverse_proxy localhost:1024 + import torloc github + import def +} + +overflow.projectsegfau.lt overflow.g.projectsegfau.lt overflow.eu.projectsegfau.lt { + reverse_proxy localhost:8694 + import torloc overflow + import def +} +libreddit.projectsegfau.lt libreddit.g.projectsegfau.lt libreddit.eu.projectsegfau.lt { + reverse_proxy localhost:6464 + import torloc libreddit + import def +} + +nitter.projectsegfau.lt nitter.g.projectsegfau.lt nitter.eu.projectsegfau.lt { + reverse_proxy localhost:8387 + import def + import torloc nitter +} + +bb.g.projectsegfau.lt bb.eu.projectsegfau.lt bb.projectsegfau.lt { + reverse_proxy localhost:3069 + import def + import torloc beatbump +} + +bw.eu.projectsegfau.lt bw.g.projectsegfau.lt bw.projectsegfau.lt { + reverse_proxy localhost:10416 + import def + import torloc breezewiki +} + +scribe.eu.projectsegfau.lt scribe.g.projectsegfau.lt scribe.projectsegfau.lt { + reverse_proxy localhost:8006 + import def + import torloc scribe +} + +teddit.eu.projectsegfau.lt teddit.projectsegfau.lt teddit.g.projectsegfau.lt { + reverse_proxy localhost:9061 + import def + import torloc teddit +} +rimgo.eu.projectsegfau.lt rimgo.projectsegfau.lt rimgo.g.projectsegfau.lt { + reverse_proxy localhost:9016 + import def + import torloc rimgo +} diff --git a/caddy/i2p.caddy b/caddy/i2p.caddy new file mode 100644 index 0000000..4df0c00 --- /dev/null +++ b/caddy/i2p.caddy @@ -0,0 +1,82 @@ + +## I2P +http://pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p:6001 { + reverse_proxy https://projectsegfau.lt { + header_up Host "projectsegfau.lt" + } + import tor www + import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p +} +http://pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p:6008 { + reverse_proxy localhost:8006 + import tor scribe + import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p +} +http://pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p:6005 { + reverse_proxy localhost:8387 + import tor nitter + import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p +} +http://pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p:6003 { + import tor lbry + import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p + reverse_proxy localhost:3550 +} +http://pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p:6004 { + import tor libreddit + import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p + reverse_proxy localhost:6464 +} +http://pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p:6007 { # NW + import tor breezewiki + import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p + reverse_proxy localhost:10416 +} +http://pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p:6006 { + import tor beatbump + import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p + reverse_proxy localhost:3069 +} +http://pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p:6016 { + import tor invbp + import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p + reverse_proxy localhost:3000 +} +http://pjsf5ahv7ce67i5ic46ghum3scwatrsyac5i6aa5bynvnnlmpzfa.b32.i2p:6017 { + import tor rimgo + import i2ploc pjsf5ahv7ce67i5ic46ghum3scwatrsyac5i6aa5bynvnnlmpzfa.b32.i2p + reverse_proxy localhost:9016 +} +http://pjsfa3dd7rxocfqanxenpop2uqfgpw4nevrmy424u5qwyasqdu6a.b32.i2p:6018 { + import tor teddit + import i2ploc pjsfa3dd7rxocfqanxenpop2uqfgpw4nevrmy424u5qwyasqdu6a.b32.i2p + reverse_proxy localhost:9061 +} +http://pjsfhqamc7k6htnumrvn4cwqqdoggeepj7u5viyimgnxg3gar72q.b32.i2p:6002 { + import tor inv + import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p + reverse_proxy https://invidious.projectsegfau.lt { + header_up Host "invidious.projectsegfau.lt" + } +} +http://pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p:6012 { + import tor search + import i2ploc pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p + reverse_proxy https://search.projectsegfau.lt { + header_up Host "search.projectsegfau.lt" + } +} +http://pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p:6013 { + import tor git + import i2ploc pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p + reverse_proxy https://git.projectsegfau.lt { + header_up Host "git.projectsegfau.lt" + } +} +http://pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p:6015 { + import i2ploc pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p + import tor todo + reverse_proxy https://todo.projectsegfau.lt { + header_up Host "todo.projectsegfau.lt" + } +} diff --git a/caddy/pubnix.caddy b/caddy/pubnix.caddy new file mode 100644 index 0000000..87388c5 --- /dev/null +++ b/caddy/pubnix.caddy @@ -0,0 +1,38 @@ +# Reverse proxy all user sites +*.p.projectsegfau.lt { + reverse_proxy 10.7.0.2:80 + import acmedns +} + +# Redirect base subdomain to the pubnix homepage +p.projectsegfau.lt { + redir https://projectsegfau.lt/pubnix +} + +# Cockpit +cockpit.p.projectsegfau.lt { + reverse_proxy 10.7.0.2:9090 { + transport http { + tls_insecure_skip_verify + } + } + import def + import torloc cockpit.p +} + +# PublAPI +publapi.p.projectsegfau.lt { + reverse_proxy 10.7.0.2:3000 + import def +} +grafana.p.projectsegfau.lt { + reverse_proxy 10.7.0.2:6943 { + header_up X-Real-IP {remote_host} + } + import def +} +geminiproxy.p.projectsegfau.lt { + reverse_proxy 10.7.0.2:8000 + import def + import torloc geminiproxy.p +} diff --git a/caddy/tor.caddy b/caddy/tor.caddy new file mode 100644 index 0000000..dadad99 --- /dev/null +++ b/caddy/tor.caddy @@ -0,0 +1,123 @@ +http://pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + reverse_proxy https://projectsegfau.lt { + header_up Host "projectsegfau.lt" + } + import tor www + import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p +} +http://www.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + reverse_proxy https://projectsegfau.lt { + header_up Host "projectsegfau.lt" + } + import tor www + import i2ploc pjsfg3pdzzocax6a4oznoyf5k4etzknfatqu23i43wxejwdaffoa.b32.i2p +} +# Privacy Frontends +http://scribe.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + reverse_proxy localhost:8006 + import tor scribe + import i2ploc pjsflkkkcn33ahmzmpyq6idy2knkzh4atp7zaetqfsnenpyori6a.b32.i2p +} +http://nitter.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + reverse_proxy localhost:8387 + import tor nitter + import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p +} +http://lbry.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor lbry + import i2ploc pjsf7uucpqf2crcmfo3nvwdmjhirxxjfyuvibdfp5x3af2ghqnaa.b32.i2p + reverse_proxy localhost:3550 +} +http://libreddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor libreddit + import i2ploc pjsfkref7g66mji45kyccqnn5hmjtjp3cfodozabpyplj2rmv5sa.b32.i2p + reverse_proxy localhost:6464 +} +http://breezewiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor breezewiki + import i2ploc pjsfk4xvekoc7wx4pteevp3q2wy7jmzlem7rvl74nx33zkdr4vyq.b32.i2p + reverse_proxy localhost:10416 +} +http://beatbump.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor beatbump + import i2ploc pjsflmvtqax7ii44qy4ladap65c3kqspbs7h7krqy7x43uovklla.b32.i2p + reverse_proxy localhost:3069 +} +http://invbp.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor invbp + import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p + reverse_proxy localhost:3000 +} +http://rimgo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor rimgo + reverse_proxy localhost:9016 +} +http://teddit.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor teddit + reverse_proxy localhost:9061 +} +http://overflow.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor overflow + reverse_proxy localhost:8694 +} +http://gothub.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor gothub + reverse_proxy localhost:1024 +} +http://gothub.dev.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor gothub.dev + reverse_proxy localhost:1025 +} +http://inv.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor inv + import i2ploc pjsfi2szfkb4guqzmfmlyq4no46fayertjrwt4h2uughccrh2lvq.b32.i2p + reverse_proxy https://invidious.projectsegfau.lt { + header_up Host "invidious.projectsegfau.lt" + } +} +http://search.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor search + import i2ploc pjsfwklrellqoj275kzeu2tz4c3j5zktnqod56s7l5dc25ro3wgq.b32.i2p + reverse_proxy https://search.projectsegfau.lt { + header_up Host "search.projectsegfau.lt" + } +} +http://git.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor git + import i2ploc pjsfdrtv2465bisenvzhfvdleznx4arlih2hlnrhpzugailnm7iq.b32.i2p + reverse_proxy https://git.projectsegfau.lt { + header_up Host "git.projectsegfau.lt" + } +} +http://todo.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor todo + import i2ploc pjsfivs2sxudfy65kojxqophc6vqjqdr6woczy6hzaxvxvbj3bkq.b32.i2p + reverse_proxy https://todo.projectsegfau.lt { + header_up Host "todo.projectsegfau.lt" + } +} +http://wiki.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor wiki + reverse_proxy https://wiki.projectsegfau.lt { + header_up Host "wiki.projectsegfau.lt" + } +} +http://pass.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor pass + reverse_proxy https://pass.projectsegfau.lt { + header_up Host "pass.projectsegfau.lt" + } +} +# Pubnix +http://geminiproxy.p.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor geminiproxy.p + reverse_proxy https://geminiproxy.p.projectsegfau.lt { + header_up Host "geminiproxy.p.projectsegfau.lt" + } +} +http://cockpit.p.pjsfkvpxlinjamtawaksbnnaqs2fc2mtvmozrzckxh7f3kis6yea25ad.onion { + import tor cockpit.p + reverse_proxy https://cockpit.p.projectsegfau.lt { + header_up Host "cockpit.p.projectsegfau.lt" + } +} diff --git a/cdn/cdnupdate b/cdn/cdnupdate new file mode 100755 index 0000000..25420ff --- /dev/null +++ b/cdn/cdnupdate @@ -0,0 +1,6 @@ +#!/bin/bash +RSYNC_ARGS='--recursive --copy-links --copy-dirlinks --perms --xattrs --times --delete --verbose --compress --compress-choice=zstd --mkpath --cvs-exclude --human-readable --partial --progress' +# India Node +rsync --rsh='ssh -p6922' ${RSYNC_ARGS} /var/cdn/ cdn@in.projectsegfau.lt:/var/cdn +# US Node +rsync ${RSYNC_ARGS} /var/cdn/ cdn@us.projectsegfau.lt:/var/cdn diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 0000000..59c8c0f --- /dev/null +++ b/docker/README.md @@ -0,0 +1,4 @@ +# Docker +Private keys such as HMAC are not pushed for obvious reasons and are in separate envfiles + +At the moment invidious isnt part of this but I'll include it in the future. diff --git a/docker/anonymousoverflow-compose.yml b/docker/anonymousoverflow-compose.yml new file mode 100644 index 0000000..c4204cc --- /dev/null +++ b/docker/anonymousoverflow-compose.yml @@ -0,0 +1,17 @@ +version: '3' + +services: + anonymousoverflow: + build: + context: . + network: 'host' + environment: + - APP_URL=https://overflow.projectsegfau.lt + # JWT_SIGNING_SECRET is in private.env + env_file: + - /opt/docker/anonymousoverflow/private.env + ports: + - '8694:8080' + restart: 'always' + labels: + - "com.centurylinklabs.watchtower.enable=false" diff --git a/docker/beatbump-compose.yml b/docker/beatbump-compose.yml new file mode 100644 index 0000000..e461aa8 --- /dev/null +++ b/docker/beatbump-compose.yml @@ -0,0 +1,22 @@ +version: "3" + +services: + app: + image: "snuffydev/beatbump:master" + ports: + - "3069:3069" + environment: + PORT: 3069 + VITE_DOMAIN: "bb.projectsegfau.lt" + VITE_SITE_URL: "https://bb.projectsegfau.lt" + VITE_DONATION_URL: "https://projectsegfau.lt/donate" + restart: unless-stopped + proxy: + build: + context: ./packages/proxy-server/deno + dockerfile: Dockerfile + ports: + - "3070:3001" + restart: unless-stopped + labels: + - "com.centurylinklabs.watchtower.enable=false" diff --git a/docker/breezewiki/config.ini b/docker/breezewiki/config.ini new file mode 100644 index 0000000..62b57f1 --- /dev/null +++ b/docker/breezewiki/config.ini @@ -0,0 +1,4 @@ +canonical_origin = https://bw.projectsegfau.lt +debug = false +port = 10416 +feature_search_suggestions = true diff --git a/docker/breezewiki/docker-compose.yml b/docker/breezewiki/docker-compose.yml new file mode 100644 index 0000000..f261779 --- /dev/null +++ b/docker/breezewiki/docker-compose.yml @@ -0,0 +1,9 @@ +services: + breezewiki: + container_name: breezewiki + image: quay.io/pussthecatorg/breezewiki:latest + restart: unless-stopped + ports: + - "10416:10416" # Replace with "10416:10416" if you don't use a reverse proxy + volumes: + - "./config.ini:/app/config.ini" diff --git a/docker/gothub-compose.yml b/docker/gothub-compose.yml new file mode 100644 index 0000000..25e3140 --- /dev/null +++ b/docker/gothub-compose.yml @@ -0,0 +1,15 @@ +version: "3" +services: + gothub: + image: codeberg.org/gothub/gothub:latest + restart: unless-stopped + ports: + - "1024:3000" + environment: + - DOCKER=true + healthcheck: + test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/version || exit 1 + interval: 30s + timeout: 5s + retries: 2 + diff --git a/docker/gothub-dev-compose.yml b/docker/gothub-dev-compose.yml new file mode 100644 index 0000000..16e0c37 --- /dev/null +++ b/docker/gothub-dev-compose.yml @@ -0,0 +1,25 @@ +version: "3" +services: + gothub: + image: codeberg.org/gothub/gothub:dev + restart: unless-stopped + ports: + - "1025:3000" + environment: + - DOCKER=true + - GOTHUB_SETUP_COMPLETE=true + - GOTHUB_PROXYING_ENABLED=true + - GOTHUB_IP_LOGGED=false + - GOTHUB_REQUEST_URL_LOGGED=false + - GOTHUB_USER_AGENT_LOGGED=false + - GOTHUB_DIAGNOSTIC_INFO_LOGGED=false + - GOTHUB_INSTANCE_PRIVACY_POLICY=https://projectsegfau.lt/legal/privacy-policy + - GOTHUB_INSTANCE_COUNTRY=Luxembourg + - GOTHUB_INSTANCE_PROVIDER=BuyVM + - GOTHUB_INSTANCE_CLOUDFLARE=false + healthcheck: + test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/version || exit 1 + interval: 30s + timeout: 5s + retries: 2 + diff --git a/docker/invidious-compose.yml b/docker/invidious-compose.yml new file mode 100755 index 0000000..d1fe40f --- /dev/null +++ b/docker/invidious-compose.yml @@ -0,0 +1,76 @@ +version: "2.4" +services: + postgres: + image: postgres:10 + restart: always + networks: + - invidious + volumes: + - postgresdata:/var/lib/postgresql/data + - ./config/sql:/config/sql + - ./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh + environment: + POSTGRES_DB: invidious + POSTGRES_USER: kemal + POSTGRES_PASSWORD: kemal + healthcheck: + test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"] + invidious: + image: quay.io/invidious/invidious:latest + restart: always + networks: + - invidious + mem_limit: 1024M + cpus: 0.5 + ports: + - "3000:3000" + env_file: /opt/docker/invidious/private.env + environment: + HMAC_KEY_PRIVATE: ${HMAC_KEY_PRIVATE} + INVIDIOUS_CONFIG: | + channel_threads: 1 + check_tables: true + feed_threads: 1 + db: + dbname: invidious + user: kemal + password: kemal + host: postgres + port: 5432 + full_refresh: false + https_only: true + domain: inv.bp.projectsegfau.lt + external_port: 443 + statistics_enabled: true + admins: ["midou"] + dark_mode: true + disable_proxy: false + banner: Donate to Project Segfault | FR [LU] US IN + enable_user_notifications: false + default_user_preferences: + local: true + extend_desc: true + quality: dash + quality_dash: 1080p + # does not work atm + hmac_key: ${HMAC_KEY_PRIVATE} + healthcheck: + test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1 + interval: 30s + timeout: 5s + retries: 2 + depends_on: + - postgres + autoheal: + restart: always + image: willfarrell/autoheal + environment: + - AUTOHEAL_CONTAINER_LABEL=all + volumes: + - /var/run/docker.sock:/var/run/docker.sock + +volumes: + postgresdata: + +networks: + invidious: diff --git a/docker/libreddit-compose.yml b/docker/libreddit-compose.yml new file mode 100644 index 0000000..014f686 --- /dev/null +++ b/docker/libreddit-compose.yml @@ -0,0 +1,16 @@ +services: + libreddit: + image: libreddit/libreddit:latest + ports: + - 127.0.0.1:6464:8080 + restart: unless-stopped + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://localhost:8080/settings"] + interval: 5m + timeout: 3s + environment: + - FRONT_PAGE=popular + - COMMENT_SORT=new + - BLUR_NSFW=on + - USE_HLS=on + - AUTOPLAY_VIDEOS=off diff --git a/docker/nitter/docker-compose.yaml b/docker/nitter/docker-compose.yaml new file mode 100755 index 0000000..0c35ea0 --- /dev/null +++ b/docker/nitter/docker-compose.yaml @@ -0,0 +1,25 @@ +version: "3" + +services: + + nitter: + image: zedeus/nitter:latest + container_name: nitter + ports: + - "8387:8080" # Replace with "8080:8080" if you don't use a reverse proxy + volumes: + - /opt/docker/nitter/nitter.conf:/src/nitter.conf:ro + depends_on: + - nitter-redis + restart: unless-stopped + + nitter-redis: + image: redis:6-alpine + container_name: nitter-redis + command: redis-server --save 60 1 --loglevel warning + volumes: + - nitter-redis:/data + restart: unless-stopped + +volumes: + nitter-redis: diff --git a/docker/nitter/nitter.conf b/docker/nitter/nitter.conf new file mode 100755 index 0000000..9b1c90f --- /dev/null +++ b/docker/nitter/nitter.conf @@ -0,0 +1,45 @@ +[Server] +address = "0.0.0.0" +port = 8080 +https = true # disable to enable cookies when not using https +httpMaxConnections = 100 +staticDir = "./public" +title = "nitter" +hostname = "nitter.projectsegfau.lt" + +[Cache] +listMinutes = 240 # how long to cache list info (not the tweets, so keep it high) +rssMinutes = 10 # how long to cache rss queries +redisHost = "nitter-redis" # Change to "nitter-redis" if using docker-compose +redisPort = 6379 +redisPassword = "" +redisConnections = 20 # connection pool size +redisMaxConnections = 30 +# max, new connections are opened when none are available, but if the pool size +# goes above this, they're closed when released. don't worry about this unless +# you receive tons of requests per second + +[Config] +hmacKey = "xxx" # random key for cryptographic signing of video urls +base64Media = false # use base64 encoding for proxied media urls +enableRSS = true # set this to false to disable RSS feeds +enableDebug = false # enable request logs and debug endpoints +proxy = "" # http/https url, SOCKS proxies are not supported +proxyAuth = "" +tokenCount = 10 +# minimum amount of usable tokens. tokens are used to authorize API requests, +# but they expire after ~1 hour, and have a limit of 187 requests. +# the limit gets reset every 15 minutes, and the pool is filled up so there's +# always at least $tokenCount usable tokens. again, only increase this if +# you receive major bursts all the time + +# Change default preferences here, see src/prefs_impl.nim for a complete list +[Preferences] +theme = "Nitter" +replaceTwitter = "nitter.projectsegfau.lt" +replaceYouTube = "invidious.projectsegfau.lt" +replaceReddit = "libreddit.projectsegfau.lt" +replaceInstagram = "" +proxyVideos = true +hlsPlayback = true +infiniteScroll = false diff --git a/docker/replace-compose b/docker/replace-compose new file mode 100755 index 0000000..a74d0ba --- /dev/null +++ b/docker/replace-compose @@ -0,0 +1,4 @@ +#!/bin/bash +mv /opt/docker/${1}/*compose.y*l /opt/docker/${1}/compose.pre-public-conf.yml +ln -s /configs/docker/${1}-compose.yml /opt/docker/${1}/compose.yml +cd /opt/docker/${1} && docker compose pull && docker compose down --remove-orphans && docker compose up -d --build && cd - diff --git a/docker/rimgo-compose.yml b/docker/rimgo-compose.yml new file mode 100644 index 0000000..c53ed62 --- /dev/null +++ b/docker/rimgo-compose.yml @@ -0,0 +1,21 @@ +version: '3' + +services: + rimgo: + image: codeberg.org/video-prize-ranch/rimgo # Official image + #image: quay.io/pussthecatorg/rimgo # Unofficial image + #build: . # Uncomment to build from source + ports: + - 9016:3000 + environment: + - ADDRESS=0.0.0.0 + - PORT=3000 + - FIBER_PREFORK=false + - IMGUR_CLIENT_ID=546c25a59c58ad7 + - PRIVACY_POLICY=https://projectsegfau.lt/legal/privacy-policy + - PRIVACY_MESSAGE= + - PRIVACY_COUNTRY=Luxembourg + - PRIVACY_PROVIDER=BuyVM + - PRIVACY_CLOUDFLARE=false + - PRIVACY_NOT_COLLECTED=true + restart: unless-stopped diff --git a/docker/scribe-compose.yml b/docker/scribe-compose.yml new file mode 100644 index 0000000..0a3fc9a --- /dev/null +++ b/docker/scribe-compose.yml @@ -0,0 +1,17 @@ +version: "3.8" + +services: + scribe: + image: registry.gitlab.com/lomanic/scribe-binaries:latest + restart: always + container_name: "scribe" + ports: + - 8006:8006 + environment: + - SCRIBE_PORT=8006 + - SCRIBE_HOST=0.0.0.0 + - APP_DOMAIN=scribe.projectsegfau.lt + - LUCKY_ENV=production + - PORT=8006 + env_file: + - /opt/docker/scribe/scribe-private.env diff --git a/docker/teddit-compose.yml b/docker/teddit-compose.yml new file mode 100644 index 0000000..d13cd91 --- /dev/null +++ b/docker/teddit-compose.yml @@ -0,0 +1,42 @@ +version: "3.8" + +services: + + teddit: + restart: always + container_name: teddit + image: teddit/teddit:latest + environment: + - DOMAIN=teddit.projectsegfau.lt + - USE_HELMET=true + - USE_HELMET_HSTS=true + - TRUST_PROXY=true + - REDIS_HOST=teddit-redis + ports: + - "9061:8080" + networks: + - teddit_net + healthcheck: + test: ["CMD", "wget" ,"--no-verbose", "--tries=1", "--spider", "http://localhost:8080/about"] + interval: 1m + timeout: 3s + depends_on: + - teddit-redis + + teddit-redis: + restart: always + container_name: teddit-redis + image: redis:6.2.5-alpine + command: redis-server + environment: + - REDIS_REPLICATION_MODE=master + networks: + - teddit_net + volumes: + - teddit-redis:/data +volumes: + teddit-redis: + +networks: + teddit_net: + diff --git a/docker/watchtower-compose.yml b/docker/watchtower-compose.yml new file mode 100644 index 0000000..d6435b8 --- /dev/null +++ b/docker/watchtower-compose.yml @@ -0,0 +1,17 @@ +version: "2" +services: + watchtower: + image: containrrr/watchtower + volumes: + - /var/run/docker.sock:/var/run/docker.sock + environment: + - TZ=Europe/Paris + - WATCHTOWER_CLEANUP=false + - DOCKER_API_VERSION=1.42 + - WATCHTOWER_INCLUDE_STOPPED=false + - WATCHTOWER_POLL_INTERVAL=3600 + - WATCHTOWER_MONITOR_ONLY=false + # WATCHTOWER_NOTIFICATION_URL is in private.env + env_file: + - /opt/docker/watchtower/private.env + restart: unless-stopped diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg new file mode 100644 index 0000000..a423154 --- /dev/null +++ b/haproxy/haproxy.cfg @@ -0,0 +1,30 @@ +global + log /dev/log local0 + log /dev/log local1 notice + chroot /var/lib/haproxy + stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners + stats timeout 30s + user haproxy + group haproxy + daemon +defaults + log global + mode http + option httplog + option dontlognull + timeout connect 5000 + timeout client 50000 + timeout server 50000 +listen ssh + bind :::22 v4v6 + balance roundrobin + mode tcp + option tcp-check + tcp-check expect rstring SSH-2.0-OpenSSH.* + server pubnix 10.7.0.2:22 check inter 10s fall 2 rise 1 +listen xrdp + bind :::3389 v4v6 + balance roundrobin + mode tcp + option tcp-check + server pubnix 10.7.0.2:3389 check inter 10s fall 2 rise 1 diff --git a/i2pd/README.md b/i2pd/README.md new file mode 100644 index 0000000..f988677 --- /dev/null +++ b/i2pd/README.md @@ -0,0 +1,4 @@ +# I2Pd Info +`i2pd_funcs` was borrowed from the ~vern team (https://vern.cc/admins) with some minor modifications. + +i2pd config is the same as dpkg upstream. diff --git a/i2pd/i2pd_funcs b/i2pd/i2pd_funcs new file mode 100644 index 0000000..5e92224 --- /dev/null +++ b/i2pd/i2pd_funcs @@ -0,0 +1,32 @@ +#!/usr/bin/env bash +i2pown() { chmod 640 "$1" && chown i2pd:i2pd "$1"; } +geni2p() { /root/i2pd-tools/vain "$2" -o "$1" && i2pown "$1"; } +vgi2p() { for i in "$@"; do geni2p "/var/lib/i2pd/pjsf.$i.dat" "pjsf"; done; } +create_i2p() { + if [[ -z "$4" ]]; then + printf 'Usage: create_i2p service_name keyfile_name clearnet_domain port [type] [host] [inport]\n' + return 1 + fi + + [[ -f /var/lib/i2pd/pjsf.$2.dat ]] || vgi2p "$1" + printf '[%s]\ntype = %s\nhost = %s\nport = %s\nkeys = pjsf.%s.dat\n%s' "$3" "${5:-http}" "${6:-127.0.0.1}" "$4" "$2" "${7:+inport = $7}" | tee "/etc/i2pd/tunnels.d/$1.conf" + systemctl restart i2pd +} + +delete_i2p() { + if [[ -z "$1" ]]; then + printf 'Usage: delete_i2p service_name\n' + return 1 + fi + + rm -f /var/lib/i2pd/pjsf.$1.dat + rm -f /etc/i2pd/tunnels.d/$1.conf + systemctl restart i2pd +} + +i2pup() { export http_proxy="http://127.0.0.1:4444"; } +i2pdown() { unset http_proxy; } + +i2pb32() { /root/i2pd-tools/keyinfo ~i2pd/pjsf.$1.dat; } +i2pb64() { /root/i2pd-tools/keyinfo -d ~i2pd/pjsf.$1.dat; } +i2pport() { grep -R '^port = '"$1"'$' /etc/i2pd/tunnels.d/; } diff --git a/knot/geodnstemplate b/knot/geodnstemplate new file mode 100644 index 0000000..97948c5 --- /dev/null +++ b/knot/geodnstemplate @@ -0,0 +1,28 @@ +REPLACEME: + - geo: "*;*;*" + A: 107.189.12.96 + AAAA: 2605:6400:30:f79f:9e20:f366:f052:5a25 + TXT: "Worldwide-BuyVM-Lux" + - geo: "EU;*;*" + A: 107.189.12.96 + TXT: "Europe-BuyVM-Lux" + AAAA: 2605:6400:30:f79f:9e20:f366:f052:5a25 + - geo: "AF;*;*" + A: 107.189.12.96 + AAAA: 2605:6400:30:f79f:9e20:f366:f052:5a25 + TXT: "Africa-BuyVM-Lux" + - geo: "NA;*;*" + A: 143.198.131.196 + AAAA: 2604:a880:4:1d0::52:7000 + TXT: "NorthAmerica-DigitalOcean-SanFrancisco" + - geo: "SA;*;*" + A: 143.198.131.196 + AAAA: 2604:a880:4:1d0::52:7000 + TXT: "SouthAmerica-DigitalOcean-SanFrancisco" + - geo: "OC;*;*" + A: 143.198.131.196 + AAAA: 2604:a880:4:1d0::52:7000 + TXT: "Oceania-DigitalOcean-SanFrancisco" + - geo: "AS;*;*" + A: 110.227.202.171 + TXT: "Asia-Airtel-Ind" diff --git a/knot/geodnsupdate b/knot/geodnsupdate new file mode 100755 index 0000000..24dedd1 --- /dev/null +++ b/knot/geodnsupdate @@ -0,0 +1,11 @@ +#!/usr/bin/env bash +geoconf=/etc/knot/geo.conf +remote='7S23i@us.projectsegfau.lt' +printf '' > $geoconf +for i in $(> $geoconf + sed -i "s/REPLACEME/${i}/" $geoconf +done +scp $geoconf "${remote}":/var/geo.conf +ssh $remote "sudo systemctl restart knot" +systemctl restart knot diff --git a/knot/knot.conf b/knot/knot.conf new file mode 100644 index 0000000..2a42cda --- /dev/null +++ b/knot/knot.conf @@ -0,0 +1,52 @@ +server: + rundir: "/run/knot" + user: knot:knot + listen: 107.189.12.96@53 + +log: + - target: syslog + any: info + +database: + storage: "/var/lib/knot" + +# See aryak.me/blog/knot for setup instructions. +include: /etc/knot/secrets.conf + +remote: + - id: secondary + address: 143.198.131.196@53 + key: us-node + +acl: + - id: acl_secondary + address: 143.198.131.196 + key: us-node + action: transfer + - id: acl_dynupdates + address: [143.198.131.196, 92.148.60.159, 51.91.103.130, 110.227.202.171, 107.189.12.96] + action: update + key: dynupd + +template: + - id: default + storage: "/etc/knot/zones" + file: "%s.zone" + dnssec-signing: on + semantic-checks: on + zonefile-sync: -1 + zonefile-load: difference-no-serial + journal-content: all + +mod-geoip: + - id: geo + config-file: "/etc/knot/geo.conf" + mode: geodb + geodb-file: "/var/lib/knot/GeoLite2-City.mmdb" + geodb-key: [ continent/code, country/iso_code, city/names/en ] + +zone: + - domain: projectsegfau.lt + notify: secondary + acl: [acl_secondary, acl_dynupdates] + module: mod-geoip/geo diff --git a/knot/zones/projectsegfau.lt.zone b/knot/zones/projectsegfau.lt.zone new file mode 100644 index 0000000..d99a080 --- /dev/null +++ b/knot/zones/projectsegfau.lt.zone @@ -0,0 +1,105 @@ +; To be placed in /var/lib/knot/zones/projectsegfau.lt.zone +$ORIGIN projectsegfau.lt. ; 'default' domain as FQDN for this zone +$TTL 300 ; default time-to-live for this zone + +projectsegfau.lt. IN SOA ns1.projectsegfau.lt. ns2.projectsegfau.lt. ( + 2023022702 ;Serial + 14400 ;Refresh + 300 ;Retry + 1209600 ;Expire + 300 ;Negative response caching TTL +) + +; The nameserver that are authoritative for this zone. +@ IN NS ns1.projectsegfau.lt. +@ IN NS ns2.projectsegfau.lt. +ns1 A 107.189.12.96 +ns2 A 143.198.131.196 + +; Pizza-1 +pizza1 A 107.189.12.96 +pizza A 107.189.12.96 +*.eu A 107.189.12.96 +*.bp A 107.189.12.96 +pizza1 AAAA 2605:6400:30:f79f:9e20:f366:f052:5a25 +pizza AAAA 2605:6400:30:f79f:9e20:f366:f052:5a25 +*.eu AAAA 2605:6400:30:f79f:9e20:f366:f052:5a25 +*.bp AAAA 2605:6400:30:f79f:9e20:f366:f052:5a25 +*.p.projectsegfau.lt. A 107.189.12.96 +p.projectsegfau.lt. A 107.189.12.96 +*.p.projectsegfau.lt. AAAA 2605:6400:30:f79f:9e20:f366:f052:5a25 +p.projectsegfau.lt. AAAA 2605:6400:30:f79f:9e20:f366:f052:5a25 +ferrit.projectsegfau.lt. CNAME pizza.projectsegfau.lt. +proxy.lbry.projectsegfau.lt. CNAME pizza.projectsegfau.lt. +arya.projectsegfau.lt. CNAME pizza.projectsegfau.lt. +gothub.dev.projectsegfau.lt. CNAME pizza.projectsegfau.lt. + +; Soleil Levant +* A 92.148.60.159 +@ A 92.148.60.159 +web.dev.projectsegfau.lt. A 92.148.60.159 +auth.p.projectsegfau.lt. A 92.148.60.159 +autoconfig.projectsegfau.lt. CNAME mail.projectsegfau.lt. +autodiscover.projectsegfau.lt. CNAME mail.projectsegfau.lt. +_xmpp-client._tcp SRV 10 0 5222 xmpp.projectsegfau.lt. +_xmpp-server._tcp SRV 10 0 5269 xmpp.projectsegfau.lt. +_xmpps-client._tcp SRV 10 0 5223 xmpp.projectsegfau.lt. +_xmpps-server._tcp SRV 10 0 5270 xmpp.projectsegfau.lt. +_of._tcp.of.projectsegfau.lt SRV 5 0 27015 of.projectsegfau.lt. + +; US Node +*.us A 143.198.131.196 +us A 143.198.131.196 +*.us AAAA 2604:a880:4:1d0::52:7000 +us AAAA 2604:a880:4:1d0::52:7000 + +; IN Node +in A 110.227.202.171 +*.in A 110.227.202.171 + +; Status VPS +status A 51.91.103.130 +hole A 51.91.103.130 +wg A 51.91.103.130 +hole AAAA 2001:41d0:404:200::5149 +status AAAA 2001:41d0:404:200::5149 +wg AAAA 2001:41d0:404:200::5149 + +; Mail Stuff +mail.projectsegfau.lt. A 92.148.60.159 +feb2023._domainkey IN TXT "v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+gF5p8pTKZMPe4rDdsDTedelOTeIcEYzy5Fd1b3Tv0gWTOkk7Lx+opIY0lUU9k+K+UbPJ4asUT6zrdZusXrp85g36Rh8+lZbZWr6mqE/GJjIh9kIvXRWasHZpcnws2Ex2Mc2tefJ9FtFntpoX/v0zR2Wr8wiztZrHL23VaY+7kLgPe4PC0CM4tLyuuraC0AYVjI/yCvo8XZkb7kvOfi+EpThN3B91zSGVnZXPJdtQdE/JJ2psthhRilHBwo1Rs+PsFNFvi1chHPP44z2JPS7OyALR+ycDvXz2Hj6WS8s9pcXk7NPi0sLY+h+5Ha6KoDa4sjBmmEN07U+hE+2/rE9IQIDAQAB" +dkim._domainkey.projectsegfau.lt. 600 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z7evsQCm7e0ZN+dx3ygeSHRi6NCOjVInqnrnDe2xkooUp/szLXZ1xsGQAYM+tZ8+M0WKdIm7uQq8xCEdjDCO/l/fE6b4/3u11aj44tLXBsse5gQvOH/SQpw/zwzgU07tnOjajCExnuIeZaDNw6S5iN2oGUlkvIzIw2zv5PFVa9ax4/N0TuTMKQOysFh" "JHv2lJjvA/WgqioOOqDFjlhc959lYNqMkjaEb0r2FLky1uQx2c01MzkkXuoNVG+7anrcgzPrQ9AMTBvAsqwStwX+6JpNcwh6MpCBHQmAaFC5TkECwZLopujB+LoTbZcY2ejP8EeKSa04yU/jEnPtsMdb5wIDAQAB" +@ TXT "v=spf1 ip4:107.189.12.96 ip4:92.148.60.159 include:relay.selea.se ~all" +_dmarc.projectsegfau.lt. 600 IN TXT "v=DMARC1; p=reject; rua=mailto:admin@projectsegfau.lt; ruf=mailto:admin@projectsegfau.lt; adkim=s; aspf=s" +_imap._tcp.projectsegfau.lt. 600 IN SRV 20 1 143 mail.projectsegfau.lt. +_pop3._tcp.projectsegfau.lt. 600 IN SRV 20 1 110 mail.projectsegfau.lt. +_submission._tcp.projectsegfau.lt. 600 IN SRV 20 1 587 mail.projectsegfau.lt. +_autodiscover._tcp.projectsegfau.lt. 600 IN SRV 10 1 443 mail.projectsegfau.lt. +_submissions._tcp.projectsegfau.lt. 600 IN SRV 10 1 465 mail.projectsegfau.lt. +_imaps._tcp.projectsegfau.lt. 600 IN SRV 10 1 993 mail.projectsegfau.lt. +_pop3s._tcp.projectsegfau.lt. 600 IN SRV 10 1 995 mail.projectsegfau.lt. +autoconfig.projectsegfau.lt. 600 IN CNAME mail.projectsegfau.lt. +_25._tcp.mail.projectsegfau.lt. 86400 IN TLSA 2 1 1 0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3 +projectsegfau.lt. MX 10 mail.projectsegfau.lt. +p.projectsegfau.lt. TXT "buyvm-validation=b6444ab72efafcdef664a693ce2ba26ebd03ed1c7377cd08926db831e94a3d5a" + + +; Simplelogin +sl A 51.91.103.130 +sl AAAA 2001:41d0:404:200::5149 +sl.projectsegfau.lt. MX 10 sl.projectsegfau.lt. +dkim._domainkey.sl TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC79GZdNBCBZ28EGJcnar/yY3QWlAoeQW0sEQIpibzAtYMtZZw7kBzbKNxRdnMGDOQE1hzo/gJUVv+A2tgsYswXOCjO+l0gtwcKsNuP79Tn9guGtsq5aLeoYuTbvC1SrHLLufv01oEGvT6VlOm3e3+XbGjvXKVQw4ym3H55wD7WbQIDAQAB" +_dmarc.sl.projectsegfau.lt. 600 IN TXT "v=DMARC1; p=quarantine; rua=mailto:admin@projectsegfau.lt; ruf=mailto:admin@projectsegfau.lt; adkim=r; aspf=r" +sl TXT "v=spf1 ip4:51.91.103.130 ~all" + +; Crypto TXT +@ TXT "oa1:btc recipient_address=bc1qrc8ywgp95a6p3zausp4nff70qzstp6h8z86sxd; recipient_name=Project Segfault; tx_description=Donate to Project Segfault" +@ TXT "oa1:ltc recipient_address=ltc1qn3ald586h2ntt0n3zkvwsmju2e5vndgtvvgatj; recipient_name=Project Segfault; tx_description=Donate to Project Segfault" +@ TXT "oa1:xmr recipient_address=47L7Qsto7XcifY3CdG18ySe5Tt83kpFLDLve9jQwbc9taPBLNGv6ZrJNUKpMG9Nj9zHgCZ4FQMSyt75e8Jvx12JFLtJyFdA; recipient_name=Project Segfault; tx_description=Donate to Project Segfault" +_token._dnswl.projectsegfau.lt. IN TXT "1q5i422gbg9qqlekp8zag8scwwb7oicd" +; PTR(s) +159.60.148.92.in-addr.arpa. PTR mail.projectsegfau.lt. +171.202.227.110.in-addr.arpa. PTR in.projectsegfau.lt. +196.131.198.143.in-addr.arpa. PTR us.projectsegfau.lt. +130.103.91.51.in-addr.arpa. PTR sl.projectsegfau.lt. +96.12.189.107.in-addr.arpa. PTR pizza1.projectsegfau.lt. diff --git a/tor/README.md b/tor/README.md new file mode 100644 index 0000000..ff778fb --- /dev/null +++ b/tor/README.md @@ -0,0 +1,4 @@ +# Tor +Our tor configs are basically the same as the upstream dpkg. + +The vanity URL pjsf....onion was made with https://github.com/cathugger/mkp224o