diff options
Diffstat (limited to 'terminaldweller.com')
| -rw-r--r-- | terminaldweller.com/cgit/bootstrap/Dockerfile | 3 | ||||
| -rwxr-xr-x | terminaldweller.com/cgit/bootstrap/bootstrap.sh | 7 | ||||
| -rwxr-xr-x | terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh | 3 | ||||
| -rw-r--r-- | terminaldweller.com/ejabberd/docker-compose.yaml | 2 | ||||
| -rw-r--r-- | terminaldweller.com/haproxy/haproxy.cfg | 10 | ||||
| -rw-r--r-- | terminaldweller.com/main/docker-compose.yaml | 21 | ||||
| -rw-r--r-- | terminaldweller.com/main/nginx.conf | 30 | ||||
| -rw-r--r-- | terminaldweller.com/main/srv/.well-known/webfinger/finger.json | 1 |
8 files changed, 72 insertions, 5 deletions
diff --git a/terminaldweller.com/cgit/bootstrap/Dockerfile b/terminaldweller.com/cgit/bootstrap/Dockerfile index fe212dd..2467f36 100644 --- a/terminaldweller.com/cgit/bootstrap/Dockerfile +++ b/terminaldweller.com/cgit/bootstrap/Dockerfile @@ -4,4 +4,5 @@ RUN apk update && apk add --no-cache git cronie busybox-initscripts COPY ./bootstrap.sh /bootstrap.sh COPY ./docker-entrypoint.sh /docker-entrypoint.sh COPY ./crontab /etc/crontabs/root -ENTRYPOINT ["/bootstrap.sh"] +RUN chmod 0744 /bootstrap.sh +ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/terminaldweller.com/cgit/bootstrap/bootstrap.sh b/terminaldweller.com/cgit/bootstrap/bootstrap.sh index d504064..3481546 100755 --- a/terminaldweller.com/cgit/bootstrap/bootstrap.sh +++ b/terminaldweller.com/cgit/bootstrap/bootstrap.sh @@ -32,17 +32,20 @@ REPOS="cgrep \ grpc \ faultreiber \ luatablegen \ + magni \ cfe-extra" bootstrap() { for REPO in ${REPOS}; do - (cd "${GIT_REPO_DIR}" && git clone --bare "${ORIGIN_HTTPS}/${REPO}") + if [ ! -d ${GIT_REPO_DIR}/${REPO}.git ]; then + (cd "${GIT_REPO_DIR}" && git clone --bare "${ORIGIN_HTTPS}/${REPO}") + fi done } update_repos() { for REPO in ${REPOS}; do - (cd "${GIT_REPO_DIR}/${REPO}".git && git fetch || true) + (cd "${GIT_REPO_DIR}/${REPO}".git && git fetch origin *:*) done } diff --git a/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh b/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh index 833d95b..d6d7009 100755 --- a/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh +++ b/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh @@ -3,5 +3,6 @@ set -e set -x . /bootstrap.sh -on_startup /etc/gitrepos/ +bootstrap +update_repos crond -n -s -P diff --git a/terminaldweller.com/ejabberd/docker-compose.yaml b/terminaldweller.com/ejabberd/docker-compose.yaml index 1ca57b2..3ba143a 100644 --- a/terminaldweller.com/ejabberd/docker-compose.yaml +++ b/terminaldweller.com/ejabberd/docker-compose.yaml @@ -33,5 +33,5 @@ volumes: mnesia_db: vault: # openssl dhparam -out dhparams.pem 4096 -# certbot certonly --standlone -d chat.terminaldweller.com -e devi@terminaldweller.com --agree-tos --noninteractive +# certbot certonly --standlone -d chat.terminaldweller.com -m devi@terminaldweller.com --agree-tos --noninteractive # docker exec -it 6eebd16a2385 bin/ejabberdctl register admin chat.terminaldweller.com password diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg index c6c9ce7..26265ae 100644 --- a/terminaldweller.com/haproxy/haproxy.cfg +++ b/terminaldweller.com/haproxy/haproxy.cfg @@ -46,6 +46,7 @@ frontend http acl git-host hdr_sub(host) -i git.terminaldweller.com acl cargo-host hdr_sub(host) -i cargo.terminaldweller.com acl browsh-host hdr_sub(host) -i browsh.terminaldweller.com + acl main-host hdr_sub(host) -i terminaldweller.com acl mila-api-acl url_beg /mila acl crypto-api-acl url_beg /crypto acl http ssl_fc,not @@ -65,6 +66,7 @@ frontend http http-request redirect scheme https code 301 if http browsh-host !letsencrypt-acl #http-request redirect scheme https code 301 if http jabber-host !letsencrypt-acl http-request redirect scheme https code 301 if http rssgen-host !letsencrypt-acl + http-request redirect scheme https code 301 if http main-host !letsencrypt-acl #Conditions use_backend blog-backend-cert if letsencrypt-acl blog-host @@ -79,6 +81,7 @@ frontend http use_backend searx-backend-cert if letsencrypt-acl git-host use_backend searx-backend-cert if letsencrypt-acl cargo-host use_backend vpn6-cert-backend if letsencrypt-acl browsh-host + use_backend searx-backend-cert if letsencrypt-acl main-host # use_backend editor-backend-cert if letsencrypt-acl editor-host use_backend certbot-backend if letsencrypt-acl !jabber-host !blog-host !api-host use_backend blog-backend if blog-host @@ -113,6 +116,7 @@ frontend https acl discord-host-s req.ssl_sni -i discord.terminaldweller.com acl rssgen-host-s req.ssl_sni -i rssgen.terminaldweller.com acl browsh-host-s req.ssl_sni -i browsh.terminaldweller.com + acl main-host-s req.ssl_sni -i terminaldweller.com #Conditions use_backend mail-backend-s if mail-host-s #use_backend chat-backend-s if chat-host-s @@ -128,6 +132,7 @@ frontend https use_backend git-backend-s if git-host-s use_backend rssgen-backend-s if rssgen-host-s use_backend browsh-backend-s if browsh-host-s + use_backend main-backend-s if main-host-s #frontend jabber5222 # bind *:5222 @@ -393,3 +398,8 @@ backend browsh-backend-s backend vpn6-cert-backend mode http server vpn6-cert-host 185.130.45.46:80 + +backend main-backend-s + mode tcp + option tcp-check + server main-host-s 185.130.47.208:7773 diff --git a/terminaldweller.com/main/docker-compose.yaml b/terminaldweller.com/main/docker-compose.yaml new file mode 100644 index 0000000..2f927c0 --- /dev/null +++ b/terminaldweller.com/main/docker-compose.yaml @@ -0,0 +1,21 @@ +version: "3" +services: + nginx: + image: nginx:stable + networks: + - mainnet + ports: + - "7773:8080" + restart: unless-stopped + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf:ro + - /etc/letsencrypt/archive/terminaldweller.com/:/certs/ + - ./srv:/srv + cap_drop: + - ALL + cap_add: + - CHOWN + - SETGID + - SETUID +networks: + mainnet: diff --git a/terminaldweller.com/main/nginx.conf b/terminaldweller.com/main/nginx.conf new file mode 100644 index 0000000..4007cca --- /dev/null +++ b/terminaldweller.com/main/nginx.conf @@ -0,0 +1,30 @@ +events { + worker_connections 1024; +} +# curl https://fosstodon.org/.well-known/webfinger?resource=acct:terminaldweller@fosstodon.org +http { + server { + listen 8080 ssl http2; + keepalive_timeout 70; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + ssl_ciphers HIGH:!aNULL:!MD5:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers on; + ssl_certificate /certs/fullchain1.pem; + ssl_certificate_key /certs/privkey1.pem; + ssl_protocols TLSv1.2 TLSv1.3; + add_header Content-Security-Policy "default-src 'self';"; + add_header X-Frame-Options SAMEORIGIN always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "no-referrer"; + sendfile on; + tcp_nopush on; + + location /.well-known/webfinger { + add_header Access-Control-Allow-Origin "*"; + add_header Content-Type "application/json"; + alias /srv/.well-known/webfinger/finger.json; + } + # https://metacode.biz/openpgp/web-key-directory? + } +} diff --git a/terminaldweller.com/main/srv/.well-known/webfinger/finger.json b/terminaldweller.com/main/srv/.well-known/webfinger/finger.json new file mode 100644 index 0000000..c7cdb78 --- /dev/null +++ b/terminaldweller.com/main/srv/.well-known/webfinger/finger.json @@ -0,0 +1 @@ +{"subject":"acct:terminaldweller@fosstodon.org","aliases":["https://fosstodon.org/@terminaldweller","https://fosstodon.org/users/terminaldweller"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"https://fosstodon.org/@terminaldweller"},{"rel":"self","type":"application/activity+json","href":"https://fosstodon.org/users/terminaldweller"},{"rel":"http://ostatus.org/schema/1.0/subscribe","template":"https://fosstodon.org/authorize_interaction?uri={uri}"}]}
\ No newline at end of file |