main

From c81052b70888eb18dca82e33444ebbd9910f5ebc Mon Sep 17 00:00:00 2001 From: terminaldweller Date: Sat, 14 Jan 2023 08:00:53 +0330 Subject: update --- .mutt/.muttrc | 2 + .vimrc | 6 + .zshrc | 29 +- bin/clipd | 83 ++++- bin/scotch | 18 +- stylus/readthedocs.css | 32 ++ terminaldweller.com/doh2/Dockerfile | 18 + terminaldweller.com/doh2/docker-compose.yaml | 19 ++ terminaldweller.com/doh2/docker-entrypoint.sh | 30 ++ terminaldweller.com/gemini/index.gmi | 75 +++-- terminaldweller.com/haproxy/conf.yml | 429 ++++++++++++++++++++++++ terminaldweller.com/haproxy/docker-compose.yaml | 90 ++--- terminaldweller.com/main/docker-compose.yaml | 1 + terminaldweller.com/main/nginx.conf | 9 +- terminaldweller.com/main/srv/index.html | 27 +- 15 files changed, 760 insertions(+), 108 deletions(-) create mode 100644 stylus/readthedocs.css create mode 100644 terminaldweller.com/doh2/Dockerfile create mode 100644 terminaldweller.com/doh2/docker-compose.yaml create mode 100755 terminaldweller.com/doh2/docker-entrypoint.sh create mode 100644 terminaldweller.com/haproxy/conf.yml diff --git a/.mutt/.muttrc b/.mutt/.muttrc index 0783b14..02f922b 100644 --- a/.mutt/.muttrc +++ b/.mutt/.muttrc @@ -25,6 +25,8 @@ macro index,pager '

source ~/.mutt/acc # macros macro index A "T~N;WNT~O;WO\CT~T” “mark all messages read" +set new_mail_command="notify-send.sh 'New Email' '%n new messages, %u unread.' &" + # gives us all the mailboxes in the sidebar set imap_check_subscribed diff --git a/.vimrc b/.vimrc index 3053774..9b45043 100644 --- a/.vimrc +++ b/.vimrc @@ -1222,6 +1222,12 @@ nnoremap rr :YcmCompleter RefactorRename nmap D (YCMHover) " nmap yfw (YCMFindSymbolInWorkspace) " nmap yfd (YCMFindSymbolInDocument) +let g:ycm_enable_semantic_highlighting = 1 +let g:ycm_enable_inlay_hints = 1 +let g:ycm_clear_inlay_hints_in_insert_mode = 1 +let g:ycm_echo_current_diagnostic = "virtual-text" +let g:ycm_enable_diagnostic_highlighting = 1 +let g:ycm_update_diagnostics_in_insert_mode = 0 let g:ycm_collect_identifiers_from_tags_files = 1 let g:ycm_seed_identifiers_with_syntax = 1 let g:ycm_auto_hover = "CursorHold" diff --git a/.zshrc b/.zshrc index 97cce16..72a24ab 100644 --- a/.zshrc +++ b/.zshrc @@ -104,7 +104,8 @@ alias pirate-get="pirate-get -S ~/magnets/" alias vps="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh 87.236.209.206 -l ubuntu -p 1022" alias vpn="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh 192.99.102.52 -l rooot -p 1022" alias vpn2="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh 145.239.165.137 -l rooot" -alias vpn3="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/dev/null -o VerifyHostKeyDNS=yes root@jump3.terminaldweller.com -p 2022" +# alias vpn3="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/dev/null -o VerifyHostKeyDNS=yes root@jump3.terminaldweller.com -p 2022" +alias vpn3="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -p 2022 root@185.112.147.110" alias vpn6="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -p 3333 ubuntu@185.130.45.46" alias vpn7="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -p 3333 ubuntu@185.130.47.81" alias vpn8="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -p 3333 ubuntu@185.130.47.208" @@ -196,19 +197,7 @@ alias socks5z="ssh -N -D 9998 -o ExitOnForwardFailure=yes -l pi 192.168.1.108" alias socks5ir="autossh -M 0 -N -D 9997 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 1022 87.236.209.206" alias socks5vpn1="autossh -M 0 -N -D 9999 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l rooot 145.239.165.137" alias socks5vpn2="autossh -M 0 -N -D 9996 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l rooot -p 1022 192.99.102.52" -alias socks5vpn3="autossh \ - -M 0 \ - -N \ - -D 0.0.0.0:9995 \ - -o StrictHostKeyChecking=no \ - -o UserKnownHostsFile=/dev/null \ - -o VerifyHostKeyDNS=no \ - -o ServerAliveInterval=180 \ - -o ServerAliveCountMax=3 \ - -o ExitOnForwardFailure=yes \ - -l root \ - -p 2022 \ - 185.112.147.110" +alias socks5vpn3="autossh -M 0 -N -D 0.0.0.0:9995 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o VerifyHostKeyDNS=no -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l root -p 2022 185.112.147.110" alias socks5vpn4="autossh -M 0 -N -D 9994 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 1022 130.185.121.80" alias socks5vpn5="autossh -M 0 -N -D 0.0.0.0:9990 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.45.46" alias socks5vpn6="autossh -M 0 -N -D 9993 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -6 -l ubuntu -p 3333 2a07:e01:3:204::1" @@ -216,6 +205,12 @@ alias socks5vpn7="autossh -M 0 -N -D 9992 -o ServerAliveInterval=180 -o ServerAl alias socks5vpn8="autossh -M 0 -N -D 0.0.0.0:9989 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.47.208" alias tormapped6="autossh -M 0 -N -L 9053:127.0.0.1:9050 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.45.46" alias tormapped8="autossh -M 0 -N -L 0.0.0.0:9054:127.0.0.1:9050 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.47.208" +alias i2pmappedserver6="autossh -M 0 -N -L 0.0.0.0:9066:127.0.0.1:7070 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.45.46" +alias i2pmapped6http="autossh -M 0 -N -L 0.0.0.0:9064:127.0.0.1:4444 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.45.46" +alias i2pmapped6socks="autossh -M 0 -N -L 0.0.0.0:9067:127.0.0.1:4447 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.45.46" +alias i2pmappedserver8="autossh -M 0 -N -L 0.0.0.0:9166:127.0.0.1:7070 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.47.208" +alias i2pmapped8http="autossh -M 0 -N -L 0.0.0.0:9164:127.0.0.1:4444 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.47.208" +alias i2pmapped8socks="autossh -M 0 -N -L 0.0.0.0:9167:127.0.0.1:4447 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.47.208" alias k9sskin="vim ~/scripts/.k9s/skin.yml" alias k9sconfig="vim ~/scripts/.k9s/config.yml" alias fixk9sskin="cp ~/scripts/.k9s/skin.yml ~/.config/k9s/skin.yml" @@ -308,7 +303,6 @@ alias ir_proxy="proxychains4 -q -f ~/proxies/ir/proxychains.conf" alias ice_proxy="proxychains4 -q -f ~/proxies/ice/proxychains.conf" alias tor_carrier_proxy="proxychains4 -q -f ~/proxies/tor_carrier/proxychains.conf" alias glow="glow --style ~/.config/glow/dark.json --pager --local" -alias mdcat="mdcat --local --fail --paginate" alias nmap="grc nmap" alias fdisk="grc fdisk" alias blkid="grc blkid" @@ -343,6 +337,11 @@ alias picocom="picocom --escape b" # https://wiki.slipfox.xyz/wiki/ANSI_escape_code#OSC_(Operating_System_Command)_sequences) # https://github.com/sos4nt/dynamic-colors alias turn_green='echo -e "\033]10;#005f5f\007"' +alias turn_blue='echo -e "\033]10;#005f87\007"' +alias turn_white='echo -e "\033]10;#c0c0c0\007"' +alias bandwhich="turn_green && bandwhich" +alias powertop="turn_green && powertop" +alias mdcat="turn_green && mdcat --local --fail --paginate" # change the 4th terminal color to #0000ff # echo -e '\e]P40000ff' diff --git a/bin/clipd b/bin/clipd index ae04207..6c6d40e 100755 --- a/bin/clipd +++ b/bin/clipd @@ -4,6 +4,15 @@ -- luarocks-5.3 install --local luaposix -- luarocks-5.3 install --local argparse -- cat .clip_history | dmenu -l 10 | xsel -ib +local string = require("string") +local signal = require("posix.signal") +local argparse = require("argparse") +local sys_stat = require("posix.sys.stat") +local unistd_getuid = require("posix.unistd.getuid") +local unistd_getgid = require("posix.unistd.getgid") +local unistd_getpid = require("posix.unistd.getpid") +local posix_syslog = require("posix.syslog") + local function default_luarocks_modules() local luarocks_handle = io.popen("luarocks-5.3 path --bin") local path_b = false @@ -24,12 +33,6 @@ local function default_luarocks_modules() end default_luarocks_modules() -local string = require("string") -local signal = require("posix.signal") -local argparse = require("argparse") - -signal.signal(signal.SIGINT, function(signum) os.exit(128 + signum) end) - local function sleep(n) os.execute("sleep " .. tonumber(n)) end local function trim(s) return s:gsub("^%s+", ""):gsub("%s+$", "") end @@ -38,6 +41,60 @@ parser:option("-s --hist_size", "history file size", 200) parser:option("-f --hist_file", "history file location", "/home/devi/.clip_history") +local function log_to_syslog(log_str, log_priority) + posix_syslog.openlog("clipd", + posix_syslog.LOG_NDELAY | posix_syslog.LOG_PID, + posix_syslog.LOG_LOCAL0) + posix_syslog.syslog(log_priority, log_str) + posix_syslog.closelog() +end + +local function check_clip_hist_perms(clip_hist) + local uid = unistd_getuid() + local gid = unistd_getgid() + for k, v in pairs(sys_stat.stat(clip_hist)) do + if k == "st_uid" then + if v ~= uid then + log_to_syslog( + "clipboard history file owned by uid other than the clipd uid", + posix_syslog.LOG_CRIT) + os.exit(1) + end + end + if k == "st_gid" then + if v ~= gid then + log_to_syslog( + "clipboard history file owned by gid other than the clipd gid", + posix_syslog.LOG_CRIT) + os.exit(1) + end + end + if k == "st_mode" then + if v & sys_stat.S_IRWXU ~= 0 then + log_to_syslog( + "file permissions are too open. they need to be 0600.", + posix_syslog.LOG_CRIT) + os.exit(1) + end + end + end +end + +local function check_pid_file() + local f = sys_stat("/var/run/clipd.pid") + if f ~= nil then + log_to_syslog("clipd is already running", posix_syslog.LOG_CRIT) + os.exit(1) + end +end + +local function write_pid_file() + local f = io.open("/var/run/clipd.pid") + f.write(unistd_getpid()) +end + +local function remove_pid_file() end + local function loop(clip_hist, clip_hist_size) local clips_table = {} local hist_current_count = 0 @@ -83,5 +140,15 @@ local function loop(clip_hist, clip_hist_size) end end -local args = parser:parse() -loop(args["hist_file"], args["hist_size"]) +local function main() + signal.signal(signal.SIGINT, function(signum) os.exit(128 + signum) end) + local args = parser:parse() + check_clip_hist_perms(args["hist_file"]) + check_pid_file() + write_pid_file() + local status, err = pcall(loop(args["hist_file"], args["hist_size"])) + if ~status then log_to_syslog(err, posix_syslog.LOG_CRIT) end + remove_pid_file() +end + +main() diff --git a/bin/scotch b/bin/scotch index 9e885cb..638b101 100755 --- a/bin/scotch +++ b/bin/scotch @@ -535,16 +535,18 @@ def main(): lines = lines[:-2] for line in lines: # this is here to support the -i option - if line[0] == "[": + if "-t" in sys.argv or "-tt" in sys.argv or "-ttt" in sys.argv: + timestamp_end_index = line.find(" ") + print(Color.six + line[: timestamp_end_index - 1], end=" ") + line = line[timestamp_end_index + 1 :] + if "-n" in sys.argv: idx = line.find("]") - if idx - 1 < 16: - print(Color.twelve + line[0 : idx + 1], end=" ") - line = line[idx + 2 :] - if line[0] == "[": + print(Color.twelve + line[0 : idx + 1], end=" ") + line = line[idx + 2 :] + if "-i" in sys.argv: idx = line.find("]") - if idx - 1 == 16: - print(Color.thirteen + line[0 : idx + 1], end=" ") - line = line[idx + 2 :] + print(Color.thirteen + line[0 : idx + 1], end=" ") + line = line[idx + 2 :] if line[0 : line.find("(")] in syscall_set: syscall = line[0 : line.find("(")] sysargs = line[line.find("(") + 1 : line.find(")")].split() diff --git a/stylus/readthedocs.css b/stylus/readthedocs.css new file mode 100644 index 0000000..51442e1 --- /dev/null +++ b/stylus/readthedocs.css @@ -0,0 +1,32 @@ +@-moz-document domain("readthedocs.io") { + #configurations-and-zone-files { + background: #121212; + } + + .wy-nav-side { + background: #121212; + } + + .wy-nav-content-wrap { + background: #121212; + } + + .wy-menu { + background: #121212; + } + + html.writer-html5.TridactylThemeDark + body.wy-body-for-nav + div.wy-grid-for-nav + nav.wy-nav-side { + background: #121212; + } + + .rst-content { + background: #121212; + } + + .wy-nav-content { + background: #121212; + } +} diff --git a/terminaldweller.com/doh2/Dockerfile b/terminaldweller.com/doh2/Dockerfile new file mode 100644 index 0000000..5b75994 --- /dev/null +++ b/terminaldweller.com/doh2/Dockerfile @@ -0,0 +1,18 @@ +FROM alpine:3.17 as builder +ENV GOPROXY=https://goproxy.io +RUN apk update && apk upgrade +RUN apk add go git +ENV GOPROXY=https://goproxy.io +RUN git clone https://github.com/AdguardTeam/dnsproxy && cd dnsproxy && go build -mod=vendor + +FROM alpine:3.17 as certbuilder +RUN apk add openssl +WORKDIR /certs +RUN openssl req -nodes -new -x509 -subj="/C=US/ST=Denial/L=springfield/O=Dis/CN=doh2.terminaldweller.com" -keyout server.key -out server.cert + +# FROM gcr.io/distroless/static-debian10 +FROM alpine:3.17 +COPY --from=certbuilder /certs /certs +COPY --from=builder /dnsproxy/dnsproxy /dnsproxy/dnsproxy +COPY ./docker-entrypoint.sh /docker-entrypoint.sh +ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/terminaldweller.com/doh2/docker-compose.yaml b/terminaldweller.com/doh2/docker-compose.yaml new file mode 100644 index 0000000..ec06a78 --- /dev/null +++ b/terminaldweller.com/doh2/docker-compose.yaml @@ -0,0 +1,19 @@ +version: "3" +services: + dnsproxy: + image: bloodstalker/dnsproxy + # build: + # context: . + networks: + - doh2net + ports: + - "8844:8844" + - "8845:8845" + - "8846:8846" + - "8847:8847" + restart: unless-stopped + entrypoint: ["/docker-entrypoint.sh"] + volumes: + - /etc/letsencrypt/archive/doh2.terminaldweller.com/:/certs/:ro +networks: + doh2net: diff --git a/terminaldweller.com/doh2/docker-entrypoint.sh b/terminaldweller.com/doh2/docker-entrypoint.sh new file mode 100755 index 0000000..c99042a --- /dev/null +++ b/terminaldweller.com/doh2/docker-entrypoint.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +/dnsproxy/dnsproxy \ + --tls-cert /certs/fullchain1.pem \ + --tls-key /certs/privkey1.pem \ + -l 0.0.0.0 \ + -p 0 \ + --https-port 8844 \ + --tls-port 8845 \ + --quic-port 8846 \ + --dnscrypt-port 8847 \ + -u sdns://AgcAAAAAAAAABzEuMC4wLjGgENk8mGSlIfMGXMOlIlCcKvq7AVgcrZxtjon911-ep0cg63Ul-I8NlFj4GplQGb_TTLiczclX57DvMV8Q-JdjgRgSZG5zLmNsb3VkZmxhcmUuY29tCi9kbnMtcXVlcnk \ + -u sdns://AQIAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20 \ + -u tls://dns.adguard.com \ + -u https://dns.adguard.com/dns-query \ + -u quic://dns.adguard.com \ + -b 1.1.1.1:53 \ + -b 9.9.9.9:53 \ + --http3 \ + -f 1.1.1.1:53 \ + -f 9.9.9.9:53 \ + --ratelimit 15 \ + --refuse-any \ + --cache \ + --cache-size 1048576 \ + --cache-min-ttl 900 \ + --cache-max-ttl 14400 \ + --cache-optimistic \ + --tls-min-version 1.3 \ + --tls-max-version 1.3 diff --git a/terminaldweller.com/gemini/index.gmi b/terminaldweller.com/gemini/index.gmi index 6e6d96c..134bf8a 100644 --- a/terminaldweller.com/gemini/index.gmi +++ b/terminaldweller.com/gemini/index.gmi @@ -2,19 +2,27 @@ This is a list of links: -The same links are available on IPFS on https://ipfs.terminaldweller.com[1] or on terminaldweller.eth[2] +This page is available on: +web2[1] +IPFS from https://ipfs.terminaldweller.com[2] or from terminaldweller.eth[3] +Gemini[4] +i2p[5] +tor[6] WKD direct and advanced are setup on/for the domain. -keyoxide[3] +keyoxide[7] +I don't use all the accounts listed on keyoxide regularly. The preferred methods of contacting me are the ones that are listed here, IRC, XMPP and email (The order is not significant). -* GPG: 9E 20 46 4F 1C CF 3B 10 32 49 FA 93 A6 A0 F5 15 8B 38 81 DFj[4] -* SSH: SHA256:tyuaTy005jkJOIPXkrJAAlCKD91d1ftEXzGTqjmEZh4[5] +* PGP FP: 9E20464F1CCF3B103249FA93A6A0F5158B3881DF - here[8] and here[9] +I also upload my PGP key to https://keys.openpgp.org and https://pgp.mit.edu . +* SSH FP: SHA256:tyuaTy005jkJOIPXkrJAAlCKD91d1ftEXzGTqjmEZh4 - here[10] and here[11] -* IRC Libera[6]: terminaldweller FP:FEF763019F0799C1B5CD190FC89080240665CDCAE1CB889D4413775447A4826F48B18DC134D3ACDDE1D932CF3280E6026099857CF46177F1D87CD9AA859C615F -* IRC OFTC[7]: terminaldweller FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876 -* IRC Tilde[8]: terminaldweller FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876 -* IRC Rizon[9]: terminaldweller FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876 +* IRC Libera[12]: terminaldweller FP:FEF763019F0799C1B5CD190FC89080240665CDCAE1CB889D4413775447A4826F48B18DC134D3ACDDE1D932CF3280E6026099857CF46177F1D87CD9AA859C615F +* IRC OFTC[13]: terminaldweller FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876 +* IRC Tilde[14]: terminaldweller FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876 +* IRC Rizon[15]: terminaldweller FP:1072EFECA623C6E3D7A6628BEB6021F77EA2C876 +You can also find me on Libera, OFTC and Rizon in ##terminaldweller. XMPP: devi@jabber.terminaldweller.com @@ -22,33 +30,40 @@ The order is significant: * Email: devi@terminaldweller.com * Email: thabogre@gmail.com * Email: farzadsadeghi@protonmail.ch +All emails have the ssh and pgp key fingerprints as signature. -Github: terminaldweller[10] +Github: terminaldweller[16] -Mastodon: @terminaldweller@terminaldweller.com[11] -If you cant find the handle then you need to log in. I'm not hosting my own mastodon instance. I'm just hosting my own webfinger. The actual handle is @terminaldweller@fosstodon.org[12] +Mastodon: @terminaldweller@terminaldweller.com[17] +If you cant find the handle then you need to log in. I'm not hosting my own mastodon instance. I'm just hosting my own webfinger. The actual handle is @terminaldweller@fosstodon.org[18] -Git mirror: git.terminaldweller.com[13] +Git mirror: git.terminaldweller.com[19] -Blog: Blog[14] RSS[15] +Blog: Blog[20] RSS[21] -Linkedin[16] +Linkedin[22] Services: N/A -[1] https://ipfs.terminaldweller.com -[2] https://terminaldweller.eth.link -[3] https://keyoxide.org/hkp/9e20464f1ccf3b103249fa93a6a0f5158b3881df -[4] https://github.com/terminaldweller.gpg -[5] https://github.com/terminaldweller.keys -[6] https://libera.chat -[7] https://oftc.net -[9] https://tilde.chat -[9] https://rizon.net -[10] https://github.com/terminaldweller -[11] https://fosstodon.org/@terminaldweller -[12] https://fosstodon.org/@terminaldweller -[13] https://git.terminaldweller.com -[14] https://blog.terminaldweller.com -[15] https://blog.terminaldweller.com/rss/feed -[16] https://www.linkedin.com/in/farzad-sadeghi +[1]https://terminaldweller.com +[2] https://ipfs.terminaldweller.com +[3] https://terminaldweller.eth.link +[4]gemini://gemini.terminaldweller.com +[5]http://iedzwh5v2vouywqy4eak3eu33amfn3rzhdcln7j4r5kcyvf46cea.b32.i2p:7774/ +[6]http://dqunl5rzlv6skqfklqr4dwi4zph2vqoaennc7qoinqs5mlug4docq2yd.onion/ +[7] https://keyoxide.org/hkp/9e20464f1ccf3b103249fa93a6a0f5158b3881df +[8] https://github.com/terminaldweller.gpg +[9] https://terminaldweller.com/keys/gpg_pubkey +[10] https://github.com/terminaldweller.keys +[11] https://terminaldweller.com/keys/id_rsa.pub +[12] https://libera.chat +[13] https://oftc.net +[14] https://tilde.chat +[15] https://rizon.net +[16] https://github.com/terminaldweller +[17] https://fosstodon.org/@terminaldweller +[18] https://fosstodon.org/@terminaldweller +[19] https://git.terminaldweller.com +[20] https://blog.terminaldweller.com +[21] https://blog.terminaldweller.com/rss/feed +[22] https://www.linkedin.com/in/farzad-sadeghi diff --git a/terminaldweller.com/haproxy/conf.yml b/terminaldweller.com/haproxy/conf.yml new file mode 100644 index 0000000..f3c8a9c --- /dev/null +++ b/terminaldweller.com/haproxy/conf.yml @@ -0,0 +1,429 @@ +# my global config +global: + scrape_interval: 60s + evaluation_interval: 120s + scrape_timeout: 10s + + external_labels: + monitor: codelab + foo: bar + +rule_files: + - "first.rules" + - "my/*.rules" + +remote_write: + - url: http://remote1/push + name: drop_expensive + write_relabel_configs: + - source_labels: [__name__] + regex: expensive.* + action: drop + oauth2: + client_id: "123" + client_secret: "456" + token_url: "http://remote1/auth" + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + + - url: http://remote2/push + name: rw_tls + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + headers: + name: value + +remote_read: + - url: http://remote1/read + read_recent: true + name: default + enable_http2: false + - url: http://remote3/read + read_recent: false + name: read_special + required_matchers: + job: special + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + +scrape_configs: + - job_name: prometheus + + honor_labels: true + # scrape_interval is defined by the configured global (15s). + # scrape_timeout is defined by the global default (10s). + + # metrics_path defaults to '/metrics' + # scheme defaults to 'http'. + + file_sd_configs: + - files: + - foo/*.slow.json + - foo/*.slow.yml + - single/file.yml + refresh_interval: 10m + - files: + - bar/*.yaml + + static_configs: + - targets: ["localhost:9090", "localhost:9191"] + labels: + my: label + your: label + + relabel_configs: + - source_labels: [job, __meta_dns_name] + regex: (.*)some-[regex] + target_label: job + replacement: foo-${1} + # action defaults to 'replace' + - source_labels: [abc] + target_label: cde + - replacement: static + target_label: abc + - regex: + replacement: static + target_label: abc + - source_labels: [foo] + target_label: abc + action: keepequal + - source_labels: [foo] + target_label: abc + action: dropequal + + authorization: + credentials_file: valid_token_file + + tls_config: + min_version: TLS10 + + - job_name: service-x + + basic_auth: + username: admin_name + password: "multiline\nmysecret\ntest" #pragma: allowlist secret + + scrape_interval: 50s + scrape_timeout: 5s + + body_size_limit: 10MB + sample_limit: 1000 + + metrics_path: /my_path + scheme: https + + dns_sd_configs: + - refresh_interval: 15s + names: + - first.dns.address.domain.com + - second.dns.address.domain.com + - names: + - first.dns.address.domain.com + + relabel_configs: + - source_labels: [job] + regex: (.*)some-[regex] + action: drop + - source_labels: [__address__] + modulus: 8 + target_label: __tmp_hash + action: hashmod + - source_labels: [__tmp_hash] + regex: 1 + action: keep + - action: labelmap + regex: 1 + - action: labeldrop + regex: d + - action: labelkeep + regex: k + + metric_relabel_configs: + - source_labels: [__name__] + regex: expensive_metric.* + action: drop + + - job_name: service-y + + consul_sd_configs: + - server: "localhost:1234" + token: mysecret + services: ["nginx", "cache", "mysql"] + tags: ["canary", "v1"] + node_meta: + rack: "123" + allow_stale: true + scheme: https + tls_config: + ca_file: valid_ca_file + cert_file: valid_cert_file + key_file: valid_key_file + insecure_skip_verify: false + + relabel_configs: + - source_labels: [__meta_sd_consul_tags] + separator: "," + regex: label:([^=]+)=([^,]+) + target_label: ${1} + replacement: ${2} + + - job_name: service-z + + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + + authorization: + credentials: mysecret + + - job_name: service-kubernetes + + kubernetes_sd_configs: + - role: endpoints + api_server: "https://localhost:1234" + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + + basic_auth: + username: "myusername" + password: "mysecret" #pragma: allowlist secret + + - job_name: service-kubernetes-namespaces + + kubernetes_sd_configs: + - role: endpoints + api_server: "https://localhost:1234" + namespaces: + names: + - default + + basic_auth: + username: "myusername" + password_file: valid_password_file #pragma: allowlist secret + + - job_name: service-kuma + + kuma_sd_configs: + - server: http://kuma-control-plane.kuma-system.svc:5676 + + - job_name: service-marathon + marathon_sd_configs: + - servers: + - "https://marathon.example.com:443" + + auth_token: "mysecret" + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + + - job_name: service-nomad + nomad_sd_configs: + - server: 'http://localhost:4646' + + - job_name: service-ec2 + ec2_sd_configs: + - region: us-east-1 + access_key: access + secret_key: mysecret #pragma: allowlist secret + profile: profile + filters: + - name: tag:environment + values: + - prod + + - name: tag:service + values: + - web + - db + + - job_name: service-lightsail + lightsail_sd_configs: + - region: us-east-1 + access_key: access + secret_key: mysecret #pragma: allowlist secret + profile: profile + + - job_name: service-azure + azure_sd_configs: + - environment: AzurePublicCloud + authentication_method: OAuth + subscription_id: 11AAAA11-A11A-111A-A111-1111A1111A11 + resource_group: my-resource-group + tenant_id: BBBB222B-B2B2-2B22-B222-2BB2222BB2B2 + client_id: 333333CC-3C33-3333-CCC3-33C3CCCCC33C + client_secret: mysecret #pragma: allowlist secret + port: 9100 + + - job_name: service-nerve + nerve_sd_configs: + - servers: + - localhost + paths: + - /monitoring + + - job_name: 0123service-xxx + metrics_path: /metrics + static_configs: + - targets: + - localhost:9090 + + - job_name: badfederation + honor_timestamps: false + metrics_path: /federate + static_configs: + - targets: + - localhost:9090 + + - job_name: 測試 + metrics_path: /metrics + static_configs: + - targets: + - localhost:9090 + + - job_name: httpsd + http_sd_configs: + - url: "http://example.com/prometheus" + + - job_name: service-triton + triton_sd_configs: + - account: "testAccount" + dns_suffix: "triton.example.com" + endpoint: "triton.example.com" + port: 9163 + refresh_interval: 1m + version: 1 + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + + - job_name: digitalocean-droplets + digitalocean_sd_configs: + - authorization: + credentials: abcdef + + - job_name: docker + docker_sd_configs: + - host: unix:///var/run/docker.sock + + - job_name: dockerswarm + dockerswarm_sd_configs: + - host: http://127.0.0.1:2375 + role: nodes + + - job_name: service-openstack + openstack_sd_configs: + - role: instance + region: RegionOne + port: 80 + refresh_interval: 1m + tls_config: + ca_file: valid_ca_file + cert_file: valid_cert_file + key_file: valid_key_file + + - job_name: service-puppetdb + puppetdb_sd_configs: + - url: https://puppetserver/ + query: 'resources { type = "Package" and title = "httpd" }' + include_parameters: true + port: 80 + refresh_interval: 1m + tls_config: + ca_file: valid_ca_file + cert_file: valid_cert_file + key_file: valid_key_file + + - job_name: hetzner + relabel_configs: + - action: uppercase + source_labels: [instance] + target_label: instance + hetzner_sd_configs: + - role: hcloud + authorization: + credentials: abcdef + - role: robot + basic_auth: + username: abcdef + password: abcdef + + - job_name: service-eureka + eureka_sd_configs: + - server: "http://eureka.example.com:8761/eureka" + + - job_name: ovhcloud + ovhcloud_sd_configs: + - service: vps + endpoint: ovh-eu + application_key: testAppKey + application_secret: testAppSecret #pragma: allowlist secret + consumer_key: testConsumerKey + refresh_interval: 1m + - service: dedicated_server + endpoint: ovh-eu + application_key: testAppKey + application_secret: testAppSecret #pragma: allowlist secret + consumer_key: testConsumerKey + refresh_interval: 1m + + - job_name: scaleway + scaleway_sd_configs: + - role: instance + project_id: 11111111-1111-1111-1111-111111111112 + access_key: SCWXXXXXXXXXXXXXXXXX + secret_key: 11111111-1111-1111-1111-111111111111 + - role: baremetal + project_id: 11111111-1111-1111-1111-111111111112 + access_key: SCWXXXXXXXXXXXXXXXXX + secret_key: 11111111-1111-1111-1111-111111111111 + + - job_name: linode-instances + linode_sd_configs: + - authorization: + credentials: abcdef + + - job_name: uyuni + uyuni_sd_configs: + - server: https://localhost:1234 + username: gopher + password: hole #pragma: allowlist secret + + - job_name: ionos + ionos_sd_configs: + - datacenter_id: 8feda53f-15f0-447f-badf-ebe32dad2fc0 + authorization: + credentials: abcdef + + - job_name: vultr + vultr_sd_configs: + - authorization: + credentials: abcdef + +alerting: + alertmanagers: + - scheme: https + static_configs: + - targets: + - "1.2.3.4:9093" + - "1.2.3.5:9093" + - "1.2.3.6:9093" + +storage: + tsdb: + out_of_order_time_window: 30m + +tracing: + endpoint: "localhost:4317" + client_type: "grpc" + headers: + foo: "bar" + timeout: 5s + compression: "gzip" + tls_config: + cert_file: valid_cert_file + key_file: valid_key_file + insecure_skip_verify: true diff --git a/terminaldweller.com/haproxy/docker-compose.yaml b/terminaldweller.com/haproxy/docker-compose.yaml index f24d17c..6e89024 100644 --- a/terminaldweller.com/haproxy/docker-compose.yaml +++ b/terminaldweller.com/haproxy/docker-compose.yaml @@ -1,7 +1,7 @@ version: "3.4" services: haproxy: - image: haproxy + image: haproxy:2.7.1-bullseye ports: - "80:80" - "443:443" @@ -17,51 +17,63 @@ services: - "587:587" volumes: - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro - - ./certs:/usr/local/etc/certs:ro + # - ./certs:/usr/local/etc/certs:ro networks: - proxynet - - certnet + - metricsnet + # - certnet restart: unless-stopped cap_drop: - ALL - certbot: - image: certbot - build: - context: ./certbot - ports: - - "127.0.0.1:9080:80" - - "127.0.0.1:9443:443" + # certbot: + # image: certbot + # build: + # context: ./certbot + # ports: + # - "127.0.0.1:9080:80" + # - "127.0.0.1:9443:443" + # networks: + # - certnet + # # restart: unless-stopped + # volumes: + # - ./letsencrypt:/etc/letsencrypt + # - ./webroot:/webroot + # - ./certs:/certs + # # command: ["certonly","--test-cert","--webroot","-w","/webroot","-d","chat.terminaldweller.com","--email","thabogre@gmail.com","--non-interactive","--agree-tos"] + # entrypoint: ["/certbot-entrypoint.sh"] + # environment: + # - DOMAIN=chat.terminaldweller.com + # - EMAIL=devi@mail.terminaldweller.com + # nginx: + # image: nginx + # ports: + # - "127.0.0.1:8080:80" + # networks: + # - certnet + # restart: unless-stopped + # volumes: + # - ./webroot:/usr/share/nginx/html + # udpproxy: + # image: nginx + # ports: + # - "127.0.0.1:3478:3478/udp" + # - "127.0.0.1:5349:5349/udp" + # networks: + # - proxynet + # restart: unless-stopped + # volumes: + # - ./nginx.conf:/etc/nginx/nginx.conf:ro + prometheus: + image: bitnami/prometheus:2.41.0 networks: - - certnet - # restart: unless-stopped - volumes: - - ./letsencrypt:/etc/letsencrypt - - ./webroot:/webroot - - ./certs:/certs - # command: ["certonly","--test-cert","--webroot","-w","/webroot","-d","chat.terminaldweller.com","--email","thabogre@gmail.com","--non-interactive","--agree-tos"] - entrypoint: ["/certbot-entrypoint.sh"] - environment: - - DOMAIN=chat.terminaldweller.com - - EMAIL=devi@mail.terminaldweller.com - nginx: - image: nginx - ports: - - "127.0.0.1:8080:80" - networks: - - certnet - restart: unless-stopped - volumes: - - ./webroot:/usr/share/nginx/html - udpproxy: - image: nginx - ports: - - "127.0.0.1:3478:3478/udp" - - "127.0.0.1:5349:5349/udp" - networks: - - proxynet + - metricsnet restart: unless-stopped volumes: - - ./nginx.conf:/etc/nginx/nginx.conf:ro + - metricsvault:/opt/bitnami/prometheus/data + - ./conf.yml:/opt/bitnami/prometheus/conf/prometheus.yml:ro networks: proxynet: - certnet: + metricsnet: + # certnet: +volumes: + metricsvault: diff --git a/terminaldweller.com/main/docker-compose.yaml b/terminaldweller.com/main/docker-compose.yaml index 2f927c0..7d73795 100644 --- a/terminaldweller.com/main/docker-compose.yaml +++ b/terminaldweller.com/main/docker-compose.yaml @@ -6,6 +6,7 @@ services: - mainnet ports: - "7773:8080" + - "127.0.0.1:7774:8081" restart: unless-stopped volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro diff --git a/terminaldweller.com/main/nginx.conf b/terminaldweller.com/main/nginx.conf index 86cb085..1a9ea0e 100644 --- a/terminaldweller.com/main/nginx.conf +++ b/terminaldweller.com/main/nginx.conf @@ -2,6 +2,13 @@ events { worker_connections 1024; } http { + server { + listen 8081; + location / { + root /srv/; + add_header Access-Control-Allow-Origin "*"; + } + } server { listen 8080 ssl http2; keepalive_timeout 70; @@ -35,7 +42,7 @@ http { add_header Access-Control-Allow-Origin "*"; } location / { - alias /srv/; + root /srv/; add_header Access-Control-Allow-Origin "*"; } } diff --git a/terminaldweller.com/main/srv/index.html b/terminaldweller.com/main/srv/index.html index e66fdd3..dc1a110 100644 --- a/terminaldweller.com/main/srv/index.html +++ b/terminaldweller.com/main/srv/index.html @@ -3,6 +3,7 @@ + main