update

9 files changed, 65 insertions, 32 deletions

diff --git a/terminaldweller.com/cgit/bootstrap/Dockerfile b/terminaldweller.com/cgit/bootstrap/Dockerfile
index 2467f36..be4f278 100644
--- a/terminaldweller.com/cgit/bootstrap/Dockerfile
+++ b/terminaldweller.com/cgit/bootstrap/Dockerfile
@@ -1,8 +1,10 @@
 FROM alpine:3.16
-RUN apk update && apk add --no-cache git cronie busybox-initscripts
+#RUN apk update && apk add --no-cache git cronie busybox-initscripts
+RUN apk update && apk add --no-cache git apk-cron
 # RUN rc-service crond start && rc-update add crond
 COPY ./bootstrap.sh /bootstrap.sh 
 COPY ./docker-entrypoint.sh /docker-entrypoint.sh
-COPY ./crontab /etc/crontabs/root
-RUN chmod 0744 /bootstrap.sh
+COPY ./cron /etc/periodic/15min/cron
+# COPY ./crontab /etc/crontabs/root
+# RUN chmod 0744 /bootstrap.sh
 ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/terminaldweller.com/cgit/bootstrap/bootstrap.sh b/terminaldweller.com/cgit/bootstrap/bootstrap.sh
index 3481546..ba2e1b0 100755
--- a/terminaldweller.com/cgit/bootstrap/bootstrap.sh
+++ b/terminaldweller.com/cgit/bootstrap/bootstrap.sh
@@ -14,7 +14,6 @@ REPOS="cgrep \
   devourer \
   hived \
   mdrtl \
-  simplex \
   scripts \
   vagrantboxes \
   dockerimages \
diff --git a/terminaldweller.com/cgit/bootstrap/crontab b/terminaldweller.com/cgit/bootstrap/crontab
deleted file mode 100644
index 2346740..0000000
--- a/terminaldweller.com/cgit/bootstrap/crontab
+++ /dev/null
@@ -1 +0,0 @@
-0 */6 * * * /bootstrap.sh --update
diff --git a/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh b/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh
index d6d7009..2f67a11 100755
--- a/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh
+++ b/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh
@@ -5,4 +5,4 @@ set -x
 . /bootstrap.sh
 bootstrap
 update_repos
-crond -n -s -P
+crond -f -l 2
diff --git a/terminaldweller.com/cgit/cgit/cgitrc b/terminaldweller.com/cgit/cgit/cgitrc
index 4db7d5b..90abd90 100644
--- a/terminaldweller.com/cgit/cgit/cgitrc
+++ b/terminaldweller.com/cgit/cgit/cgitrc
@@ -3,7 +3,7 @@
 #
 #
 # Enable caching of up to 1000 output entries
-cache-size=100
+# cache-size=100
 
 ## ttl for root page
 cache-root-ttl=5
diff --git a/terminaldweller.com/cgit/docker-compose.yaml b/terminaldweller.com/cgit/docker-compose.yaml
index 3d6c9bf..3fe10ae 100644
--- a/terminaldweller.com/cgit/docker-compose.yaml
+++ b/terminaldweller.com/cgit/docker-compose.yaml
@@ -8,7 +8,7 @@ services:
       - cgitnet
     ports:
       - "127.0.0.1:8041:80"
-      - "8042:22"
+      - "127.0.0.1:8042:22"
       - "8043:443"
     restart: unless-stopped
     environment:
@@ -22,7 +22,7 @@ services:
       # - /etc/hosts:/etc/hosts:ro
       # - /etc/localtime:/etc/localtime:ro
       - ./cgit.conf:/etc/lighttpd/cgit.conf:ro
-      - /etc/letsencrypt/archive/git.terminaldweller.com/ssl.pem:/etc/certs/git.pem:ro
+      - /etc/letsencrypt/archive/git.terminaldweller.com/:/etc/certs/:ro
   bootstrap:
     image: bootstrap
     build:
@@ -32,8 +32,8 @@ services:
     volumes:
       - storage:/etc/gitrepos/
     entrypoint: ["/docker-entrypoint.sh"]
-    cap_drop:
-      - ALL
+      # cap_drop:
+      # - ALL
     healthcheck:
       test: exit 1
       interval: 1d
diff --git a/terminaldweller.com/ejabberd/docker-compose.yaml b/terminaldweller.com/ejabberd/docker-compose.yaml
index a4ddaeb..f01085d 100644
--- a/terminaldweller.com/ejabberd/docker-compose.yaml
+++ b/terminaldweller.com/ejabberd/docker-compose.yaml
@@ -1,7 +1,7 @@
 version: "3.4" 
 services:
   ejabberd:
-    image: ejabberd/ecs:21.07
+    image: ejabberd/ecs:23.01
     networks:
       - ejabberdnet
     ports:
@@ -33,5 +33,5 @@ volumes:
   mnesia_db:
   vault:
 # openssl dhparam -out dhparams.pem 4096
-# certbot certonly --standalone -d chat.terminaldweller.com -m devi@terminaldweller.com --agree-tos --noninteractive --dryrun
+# certbot certonly --standlone -d chat.terminaldweller.com -e devi@terminaldweller.com --agree-tos --noninteractive
 # docker exec -it 6eebd16a2385 bin/ejabberdctl register admin chat.terminaldweller.com password
diff --git a/terminaldweller.com/ejabberd/ejabberd.yml b/terminaldweller.com/ejabberd/ejabberd.yml
index 815d702..fb5a6a9 100644
--- a/terminaldweller.com/ejabberd/ejabberd.yml
+++ b/terminaldweller.com/ejabberd/ejabberd.yml
@@ -1,13 +1,14 @@
 hosts:
   - jabber.terminaldweller.com
 
-auth_method: internal
+auth_method: internal 
 auth_password_format: scram # pragma: allowlist secret
 # anonymous_protocol: both
 allow_multiple_connections: true
 loglevel: 5
 log_rotate_size: 10485760
 log_rotate_count: 1
+default_db: mnesia
 
 define_macro:
   'TLS_CIPHERS': "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA"
@@ -45,9 +46,9 @@ listen:
     access: c2s
     starttls: true
     starttls_required: true
-    #protocol_options: 'TLS_OPTIONS'
-    #ciphers: 'TLS_CIPHERS'
-    #dhfile: 'DH_FILE'
+    protocol_options: 'TLS_OPTIONS'
+    ciphers: 'TLS_CIPHERS'
+    dhfile: 'DH_FILE'
     zlib: false
     tls_compression: false
   - port: 5223
@@ -56,6 +57,9 @@ listen:
     max_stanza_size: 65536
     shaper: c2s_shaper
     access: c2s
+    protocol_options: 'TLS_OPTIONS'
+    ciphers: 'TLS_CIPHERS'
+    dhfile: 'DH_FILE'
     tls: true
     tls_compression: false
   - port: 5269
@@ -77,6 +81,8 @@ listen:
       '/upload': mod_http_upload
       '/ws': ejabberd_http_ws
       '/oauth': ejabberd_oauth
+      '/.well-known/host-meta': mod_host_meta
+      '/.well-known/host-meta.json': mod_host_meta
   - port: 5080
     ip: '0.0.0.0'
     module: ejabberd_http
@@ -133,9 +139,9 @@ access_rules:
   configure:
     allow: admin
   muc_create:
-    allow: local
+    allow: admin
   pubsub_createnode:
-    allow: local
+    allow: admin
   trusted_network:
     allow: loopback
 
@@ -201,7 +207,7 @@ max_fsm_queue: 10000
 acme:
   # for auto ACME requests, we need this to be true
   auto: false
-  contact:
+  contact: 
     - mailto:devi@terminaldweller.com
   ca_url: https://acme-v02.api.letsencrypt.org/directory
 
@@ -298,3 +304,6 @@ modules:
   mod_vcard_xupdate: {}
   mod_version:
     show_os: false
+  mod_host_meta:
+    bosh_service_url: "https://@HOST@:5443/bosh"
+    websocket_url: "wss://@HOST@:5443/ws"
diff --git a/terminaldweller.com/haproxy/docker-compose.yaml b/terminaldweller.com/haproxy/docker-compose.yaml
index 126613c..ce3f8d5 100644
--- a/terminaldweller.com/haproxy/docker-compose.yaml
+++ b/terminaldweller.com/haproxy/docker-compose.yaml
@@ -15,31 +15,50 @@ services:
       - "25:25"
       - "465:465"
       - "587:587"
+      - "127.0.0.1:8404:8404"
     volumes:
       - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
+      # - ./certs:/usr/local/etc/certs:ro
     networks:
       - proxynet
       - metricsnet
+      # - certnet
     restart: unless-stopped
     cap_drop:
       - ALL
+  # certbot:
+  #   image: certbot
+  #   build:
+  #     context: ./certbot
+  #   ports:
+  #     - "127.0.0.1:9080:80"
+  #     - "127.0.0.1:9443:443"
+  #   networks:
+  #     - certnet
+  #   # restart: unless-stopped
+  #   volumes:
+  #     - ./letsencrypt:/etc/letsencrypt
+  #     - ./webroot:/webroot
+  #     - ./certs:/certs
+  #   # command: ["certonly","--test-cert","--webroot","-w","/webroot","-d","chat.terminaldweller.com","--email","thabogre@gmail.com","--non-interactive","--agree-tos"]
+  #   entrypoint: ["/certbot-entrypoint.sh"]
+  #   environment:
+  #     - DOMAIN=chat.terminaldweller.com
+  #     - EMAIL=devi@mail.terminaldweller.com
+  # nginx:
+  #   image: nginx
+  #   ports:
+  #     - "127.0.0.1:8080:80"
+  #   networks:
+  #     - certnet
+  #   restart: unless-stopped
+  #   volumes:
+  #     - ./webroot:/usr/share/nginx/html
   # udpproxy:
   #   image: nginx
   #   ports:
   #     - "127.0.0.1:3478:3478/udp"
   #     - "127.0.0.1:5349:5349/udp"
-  #     - "80:80"
-  #     - "443:443"
-  #     - "5222:5222"
-  #     - "5280:5280"
-  #     - "5443:5443"
-  #     - "143:143"
-  #     - "993:993"
-  #     - "110:110"
-  #     - "995:995"
-  #     - "25:25"
-  #     - "465:465"
-  #     - "587:587"
   #   networks:
   #     - proxynet
   #   restart: unless-stopped
@@ -57,11 +76,16 @@ services:
       - ./conf.yml:/opt/bitnami/prometheus/conf/prometheus.yml:ro
     environment:
       - HTTPS_PROXY=socks5h://172.17.0.1:9993
+      - https_proxy=socks5h://172.17.0.1:9993
       - HTTP_PROXY=socks5h://172.17.0.1:9993
+      - http_proxy=socks5h://172.17.0.1:9993
       - ALL_PROXY=socks5h://172.17.0.1:9993
+      - all_proxy=socks5h://172.17.0.1:9993
       - NO_PROXY=localhost,127.0.0.0/8,172.16.0.0/12,10.0.0.0/8,192.168.0.0/16
+      - no_proxy=localhost,127.0.0.0/8,172.16.0.0/12,10.0.0.0/8,192.168.0.0/16
 networks:
   proxynet:
   metricsnet:
+  # certnet:
 volumes:
   metricsvault: