aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorterminaldweller <thabogre@gmail.com>2022-06-28 11:02:59 +0000
committerterminaldweller <thabogre@gmail.com>2022-06-28 11:02:59 +0000
commit3f1128ba07cfc4bea03a0cc80100dcfe5da4425f (patch)
tree66f548adfd8db2f19a8fdf54d20e5d9bc1d2198e
parentupdate (diff)
downloadscripts-3f1128ba07cfc4bea03a0cc80100dcfe5da4425f.tar.gz
scripts-3f1128ba07cfc4bea03a0cc80100dcfe5da4425f.zip
jabber, steam
-rwxr-xr-xchroot/steam_wrapper4
-rw-r--r--terminaldweller.com/ejabberd/docker-compose.yaml14
-rw-r--r--terminaldweller.com/ejabberd/ejabberd.yml12
-rw-r--r--terminaldweller.com/haproxy/haproxy.cfg3
4 files changed, 20 insertions, 13 deletions
diff --git a/chroot/steam_wrapper b/chroot/steam_wrapper
index 2354c3b..4a147d5 100755
--- a/chroot/steam_wrapper
+++ b/chroot/steam_wrapper
@@ -3,4 +3,6 @@
# xhost +
# enable anyone to use pulseaudio over tcp:
# load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1;192.168.1.0/24 auth-anonymous=1
-env DISPLAY=:0.0 PULSE_SERVER=127.0.0.1 steam
+#
+# also make sure we are using quad9, not pihole. pihole doesnt like steam.
+env DISPLAY=:0.0 PULSE_SERVER=127.0.0.1 steam -tcp -no-cef-sandbox
diff --git a/terminaldweller.com/ejabberd/docker-compose.yaml b/terminaldweller.com/ejabberd/docker-compose.yaml
index 4a6f2fe..3e6de12 100644
--- a/terminaldweller.com/ejabberd/docker-compose.yaml
+++ b/terminaldweller.com/ejabberd/docker-compose.yaml
@@ -8,18 +8,22 @@ services:
- "80:80"
- "5222:5222"
- "127.0.0.1:5269:5269"
- - "127.0.0.1:5280:5280"
+ - "5280:5280"
- "5443:5443"
- - "127.0.0.1:1883:1883"
+ - "1883:1883"
- "127.0.0.1:5080:5080"
- - "127.0.0.1:3478:3478/udp"
- - "127.0.0.1:5349:5349"
restart: unless-stopped
volumes:
- ./ejabberd.yml:/home/ejabberd/conf/ejabberd.yml
- ./acme:/var/lib/ejabberd/acme
- ./dh:/usr/local/etc/ejabberd
+ - confs_certs:/home/ejabberd/conf/
+ - mnesia_db:/home/ejabberd/database/
networks:
ejabberdnet:
+volumes:
+ confs_certs:
+ mnesia_db:
# openssl dhparam -out dhparams.pem 4096
-# sudo certbot certonly --standalone --email devi@terminaldweller.com --non-interactive --agree-tos -d chat.terminaldweller.com --preferred-challenges http
+# certbot certonly --standlone -d chat.terminaldweller.com -e devi@terminaldweller.com --agree-tos --noninteractive --dry-run
+# docker exec -it 6eebd16a2385 bin/ejabberdctl register admin chat.terminaldweller.com password
diff --git a/terminaldweller.com/ejabberd/ejabberd.yml b/terminaldweller.com/ejabberd/ejabberd.yml
index 87eb940..90d0207 100644
--- a/terminaldweller.com/ejabberd/ejabberd.yml
+++ b/terminaldweller.com/ejabberd/ejabberd.yml
@@ -19,10 +19,8 @@ c2s_ciphers: 'TLS_CIPHERS'
s2s_ciphers: 'TLS_CIPHERS'
c2s_protocol_options: 'TLS_OPTIONS'
s2s_protocol_options: 'TLS_OPTIONS'
-certfiles:
- - '/var/lib/ejabberd/acme/ejabberd.pem'
-
-auth_password_format: scram
+#certfiles:
+# - '/var/lib/ejabberd/acme/ejabberd.pem'
listen:
- port: 5222
@@ -179,9 +177,11 @@ shaper_rules:
max_fsm_queue: 10000
acme:
+ # for auto ACME requests, we need this to be true
auto: false
- contact: 'mailto:devi@terminaldweller.com'
- ca_url: 'https://acme-staging-v02.api.letsencrypt.org'
+ contact:
+ - mailto:devi@terminaldweller.com
+ ca_url: https://acme-v02.api.letsencrypt.org/directory
oauth_expire: 31536000
oauth_access: all
diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg
index 5247f4c..9930fe6 100644
--- a/terminaldweller.com/haproxy/haproxy.cfg
+++ b/terminaldweller.com/haproxy/haproxy.cfg
@@ -26,7 +26,7 @@ resolvers docker_resolver
resolve_retries 3
timeout retry 1000ms
timeout resolve 1000ms
-
+
#Frontends
frontend http
bind *:80
@@ -52,6 +52,7 @@ frontend http
use_backend blog-backend-cert if letsencrypt-acl editor-host
use_backend blog-backend-cert if letsencrypt-acl editorsave-host
use_backend cloud-one-cert if letsencrypt-acl devourer-host
+ use_backend cloud-one-cert if letsencrypt-acl chat-host
use_backend api-crypto-backend-cert if letsencrypt-acl api-host
use_backend api-mila-backend-cert if letsencrypt-acl api-host
use_backend searx-backend-cert if letsencrypt-acl searx-host