From c836ea89a48f53ec1dd05c1dcdc606bb44c8b619 Mon Sep 17 00:00:00 2001 From: terminaldweller Date: Sun, 22 Jan 2023 21:06:07 +0330 Subject: update --- .newsboat/urls | 1 + .tunneltop.toml | 12 +++--- .zshrc | 16 ++++---- bin/bw_mednafen | 6 +-- terminaldweller.com/cgit/bootstrap/Dockerfile | 8 ++-- terminaldweller.com/cgit/bootstrap/bootstrap.sh | 1 - terminaldweller.com/cgit/bootstrap/crontab | 1 - .../cgit/bootstrap/docker-entrypoint.sh | 2 +- terminaldweller.com/cgit/cgit/cgitrc | 2 +- terminaldweller.com/cgit/docker-compose.yaml | 8 ++-- terminaldweller.com/ejabberd/docker-compose.yaml | 4 +- terminaldweller.com/ejabberd/ejabberd.yml | 23 +++++++---- terminaldweller.com/haproxy/docker-compose.yaml | 48 ++++++++++++++++------ 13 files changed, 82 insertions(+), 50 deletions(-) delete mode 100644 terminaldweller.com/cgit/bootstrap/crontab diff --git a/.newsboat/urls b/.newsboat/urls index 04de93d..06eaa57 100644 --- a/.newsboat/urls +++ b/.newsboat/urls @@ -64,6 +64,7 @@ https://www.youtube.com/feeds/videos.xml?channel_id=UC9YXCCz-A28lxhMA-ArfBaA "~G https://www.youtube.com/feeds/videos.xml?channel_id=UCxMZO9A4Jixjr9lbgeBiQ6w "~Vormithrax"youtube # Tech +https://www.youtube.com/feeds/videos.xml?channel_id=UCUP5UhD6cMfpN4vxW3FYJLQ "~Doing_Fed_Time"youtube https://www.youtube.com/feeds/videos.xml?channel_id=UCqK_GSMbpiV8spgD3ZGloSw "~Coin Bureau"youtube https://www.youtube.com/feeds/videos.xml?channel_id=UC-91UA-Xy2Cvb98deRXuggA "~Joshua Fluke"youtube https://www.youtube.com/feeds/videos.xml?channel_id=UC17mJJnvzAa_e9qQqLIfIeQ "~Semicolon&Sons"youtube diff --git a/.tunneltop.toml b/.tunneltop.toml index 46d6cd1..f7d5c58 100644 --- a/.tunneltop.toml +++ b/.tunneltop.toml @@ -2,7 +2,7 @@ address = "127.0.0.1" port = 9997 command = "autossh -M 0 -N -D 9997 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 1022 87.236.209.206" -test_command = 'curl -s -o -s -w "%{http_code}" -I -4 --socks5 socks5h://127.0.0.1:9997 https://icanhazallips.terminaldweller.com' +test_command = 'curl -s -o -s -w "%{http_code}" -k -I -4 --socks5 socks5h://127.0.0.1:9997 https://icanhazallips.terminaldweller.com:9380' # test_command = "" test_command_result = "200" test_interval = 300 @@ -12,7 +12,7 @@ test_timeout = 10 address = "127.0.0.1" port = 9995 command = "autossh -M 0 -N -D 0.0.0.0:9995 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o VerifyHostKeyDNS=no -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l root -p 2022 185.112.147.110" -test_command = 'curl -s -o -s -w "%{http_code}" -I -4 --socks5 socks5h://127.0.0.1:9995 https://icanhazallips.terminaldweller.com' +test_command = 'curl -s -o -s -w "%{http_code}" -k -I -4 --socks5 socks5h://127.0.0.1:9995 https://icanhazallips.terminaldweller.com:9380' # test_command = "" test_command_result = "200" test_interval = 300 @@ -22,7 +22,7 @@ test_timeout = 10 address = "127.0.0.1" port = 9990 command = "autossh -M 0 -N -D 0.0.0.0:9990 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.45.46" -test_command = 'curl -s -o -s -w "%{http_code}" -I -4 --socks5 socks5h://127.0.0.1:9990 https://icanhazallips.terminaldweller.com' +test_command = 'curl -s -o -s -w "%{http_code}" -k -I -4 --socks5 socks5h://127.0.0.1:9990 https://icanhazallips.terminaldweller.com:9380' # test_command = "" test_command_result = "200" test_interval = 300 @@ -32,7 +32,7 @@ test_timeout = 10 address = "127.0.0.1" port = 9989 command = "autossh -M 0 -N -D 0.0.0.0:9989 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.47.208" -test_command = 'curl -s -o -s -w "%{http_code}" -I -4 --socks5 socks5h://127.0.0.1:9989 https://icanhazallips.terminaldweller.com' +test_command = 'curl -s -o -s -w "%{http_code}" -k -I -4 --socks5 socks5h://127.0.0.1:9989 https://icanhazallips.terminaldweller.com:9380' # test_command = "" test_command_result = "200" test_interval = 300 @@ -102,7 +102,7 @@ test_timeout = 30 address = "127.0.0.1" port = 9053 command = "autossh -M 0 -N -L 9053:127.0.0.1:9050 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.45.46" -test_command = 'curl -s -o -s -w "%{http_code}" -I -4 --socks5 socks5h://127.0.0.1:9053 https://icanhazallips.terminaldweller.com' +test_command = 'curl -s -o -s -w "%{http_code}" -k -I -4 --socks5 socks5h://127.0.0.1:9053 https://icanhazallips.terminaldweller.com:9380' # test_command = "" test_command_result = "200" test_interval = 300 @@ -112,7 +112,7 @@ test_timeout = 20 address = "127.0.0.1" port = 9054 command = "autossh -M 0 -N -L 0.0.0.0:9054:127.0.0.1:9050 -o ServerAliveInterval=180 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -l ubuntu -p 3333 185.130.47.208" -test_command = 'curl -s -o -s -w "%{http_code}" -I -4 --socks5 socks5h://127.0.0.1:9054 https://icanhazallips.terminaldweller.com' +test_command = 'curl -s -o -s -w "%{http_code}" -k -I -4 --socks5 socks5h://127.0.0.1:9054 https://icanhazallips.terminaldweller.com:9380' # test_command = "" test_command_result = "200" test_interval = 300 diff --git a/.zshrc b/.zshrc index a8de683..19dc317 100644 --- a/.zshrc +++ b/.zshrc @@ -20,11 +20,9 @@ autoload -U compinit && compinit -u eval `dircolors ~/.dir_colors` # _evalcache dircolors ~/.dir_colors -unalias dr -alias gd="git diff --color-words" - # enable aliases with sudo in the alias alias sudo="sudo " +alias mpv="proxychains4 -q -f ~/proxies/swe/proxychains.conf mpv --save-position-on-quit --term-osd-bar --msg-module --msg-time --cache=yes --cache-secs=9600 --cache-on-disk --cache-dir=/tmp/ --demuxer-max-bytes=500MiB" alias w3m='proxychains4 -q -f ~/proxies/ice/proxychains.conf w3m -o auto_image=FALSE -o user_agent="$(get_random_ua.sh)" -graph' alias torw3m='torsocks --port 9053 w3m -o auto_image=FALSE -o user_agent="$(get_random_ua.sh)" -graph' alias rm="rm -I --one-file-system --preserve-root=all" @@ -337,9 +335,9 @@ alias mount="grc mount" alias picocom="picocom --escape b" # https://wiki.slipfox.xyz/wiki/ANSI_escape_code#OSC_(Operating_System_Command)_sequences) # https://github.com/sos4nt/dynamic-colors -alias turn_green='echo -e "\033]10;#005f5f\007"' -alias turn_blue='echo -e "\033]10;#005f87\007"' -alias turn_white='echo -e "\033]10;#c0c0c0\007"' +alias turn_green='echo -e "\033]10;#005f5f\007" ' +alias turn_blue='echo -e "\033]10;#005f87\007" ' +alias turn_white='echo -e "\033]10;#c0c0c0\007" ' alias bandwhich="turn_green && bandwhich" alias powertop="turn_green && powertop" alias mdcat="turn_green && mdcat --local --fail --paginate" @@ -724,13 +722,13 @@ dff() { } jcurl() { - torsocks --port 9054 curl -s --connect-timeout 10 "$@" | json_pp -json_opt pretty,canonical | pygmentize -l json -P style=$PYGMENTIZE_STYLE | $PAGER + curl --socks5 socks5h://127.0.0.1:9054 -s --connect-timeout 10 "$@" | json_pp -json_opt pretty,canonical | pygmentize -l json -P style=$PYGMENTIZE_STYLE | $PAGER } xcurl() { - torsocks --port 9054 curl -s --connect-timeout 10 "$@" | xml_pp | pygmentize -l xml -P style=$PYGMENTIZE_STYLE | $PAGER + curl --socks5 socks5h://127.0.0.1:9054 -s --connect-timeout 10 "$@" | xml_pp -s nice | pygmentize -l xml -P style=$PYGMENTIZE_STYLE | $PAGER } hcurl() { - torsocks --port 9054 curl -s --connect-timeout 10 -i -D /dev/stderr --user-agent "$(get_random_ua.sh)" "$@" | pygmentize -l html -P style=$PYGMENTIZE_STYLE | $PAGER + curl --socks5 socks5h://127.0.0.1:9054 -s --connect-timeout 10 -i -D /dev/stderr --user-agent "$(get_random_ua.sh)" "$@" | pygmentize -l html -P style=$PYGMENTIZE_STYLE | $PAGER } # these i stole from junegunn to try out diff --git a/bin/bw_mednafen b/bin/bw_mednafen index 84075c2..e06b66f 100755 --- a/bin/bw_mednafen +++ b/bin/bw_mednafen @@ -99,7 +99,7 @@ env -i \ --new-session \ --die-with-parent \ --hostname RESTRICTED \ - --seccomp 9 \ mednafen \ - "$@" \ - 9<"/tmp/seccomp_logging_filter.bpf" + "$@" + # --seccomp 9 \ + # 9<"/tmp/seccomp_logging_filter.bpf" diff --git a/terminaldweller.com/cgit/bootstrap/Dockerfile b/terminaldweller.com/cgit/bootstrap/Dockerfile index 2467f36..be4f278 100644 --- a/terminaldweller.com/cgit/bootstrap/Dockerfile +++ b/terminaldweller.com/cgit/bootstrap/Dockerfile @@ -1,8 +1,10 @@ FROM alpine:3.16 -RUN apk update && apk add --no-cache git cronie busybox-initscripts +#RUN apk update && apk add --no-cache git cronie busybox-initscripts +RUN apk update && apk add --no-cache git apk-cron # RUN rc-service crond start && rc-update add crond COPY ./bootstrap.sh /bootstrap.sh COPY ./docker-entrypoint.sh /docker-entrypoint.sh -COPY ./crontab /etc/crontabs/root -RUN chmod 0744 /bootstrap.sh +COPY ./cron /etc/periodic/15min/cron +# COPY ./crontab /etc/crontabs/root +# RUN chmod 0744 /bootstrap.sh ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/terminaldweller.com/cgit/bootstrap/bootstrap.sh b/terminaldweller.com/cgit/bootstrap/bootstrap.sh index 3481546..ba2e1b0 100755 --- a/terminaldweller.com/cgit/bootstrap/bootstrap.sh +++ b/terminaldweller.com/cgit/bootstrap/bootstrap.sh @@ -14,7 +14,6 @@ REPOS="cgrep \ devourer \ hived \ mdrtl \ - simplex \ scripts \ vagrantboxes \ dockerimages \ diff --git a/terminaldweller.com/cgit/bootstrap/crontab b/terminaldweller.com/cgit/bootstrap/crontab deleted file mode 100644 index 2346740..0000000 --- a/terminaldweller.com/cgit/bootstrap/crontab +++ /dev/null @@ -1 +0,0 @@ -0 */6 * * * /bootstrap.sh --update diff --git a/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh b/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh index d6d7009..2f67a11 100755 --- a/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh +++ b/terminaldweller.com/cgit/bootstrap/docker-entrypoint.sh @@ -5,4 +5,4 @@ set -x . /bootstrap.sh bootstrap update_repos -crond -n -s -P +crond -f -l 2 diff --git a/terminaldweller.com/cgit/cgit/cgitrc b/terminaldweller.com/cgit/cgit/cgitrc index 4db7d5b..90abd90 100644 --- a/terminaldweller.com/cgit/cgit/cgitrc +++ b/terminaldweller.com/cgit/cgit/cgitrc @@ -3,7 +3,7 @@ # # # Enable caching of up to 1000 output entries -cache-size=100 +# cache-size=100 ## ttl for root page cache-root-ttl=5 diff --git a/terminaldweller.com/cgit/docker-compose.yaml b/terminaldweller.com/cgit/docker-compose.yaml index 3d6c9bf..3fe10ae 100644 --- a/terminaldweller.com/cgit/docker-compose.yaml +++ b/terminaldweller.com/cgit/docker-compose.yaml @@ -8,7 +8,7 @@ services: - cgitnet ports: - "127.0.0.1:8041:80" - - "8042:22" + - "127.0.0.1:8042:22" - "8043:443" restart: unless-stopped environment: @@ -22,7 +22,7 @@ services: # - /etc/hosts:/etc/hosts:ro # - /etc/localtime:/etc/localtime:ro - ./cgit.conf:/etc/lighttpd/cgit.conf:ro - - /etc/letsencrypt/archive/git.terminaldweller.com/ssl.pem:/etc/certs/git.pem:ro + - /etc/letsencrypt/archive/git.terminaldweller.com/:/etc/certs/:ro bootstrap: image: bootstrap build: @@ -32,8 +32,8 @@ services: volumes: - storage:/etc/gitrepos/ entrypoint: ["/docker-entrypoint.sh"] - cap_drop: - - ALL + # cap_drop: + # - ALL healthcheck: test: exit 1 interval: 1d diff --git a/terminaldweller.com/ejabberd/docker-compose.yaml b/terminaldweller.com/ejabberd/docker-compose.yaml index a4ddaeb..f01085d 100644 --- a/terminaldweller.com/ejabberd/docker-compose.yaml +++ b/terminaldweller.com/ejabberd/docker-compose.yaml @@ -1,7 +1,7 @@ version: "3.4" services: ejabberd: - image: ejabberd/ecs:21.07 + image: ejabberd/ecs:23.01 networks: - ejabberdnet ports: @@ -33,5 +33,5 @@ volumes: mnesia_db: vault: # openssl dhparam -out dhparams.pem 4096 -# certbot certonly --standalone -d chat.terminaldweller.com -m devi@terminaldweller.com --agree-tos --noninteractive --dryrun +# certbot certonly --standlone -d chat.terminaldweller.com -e devi@terminaldweller.com --agree-tos --noninteractive # docker exec -it 6eebd16a2385 bin/ejabberdctl register admin chat.terminaldweller.com password diff --git a/terminaldweller.com/ejabberd/ejabberd.yml b/terminaldweller.com/ejabberd/ejabberd.yml index 815d702..fb5a6a9 100644 --- a/terminaldweller.com/ejabberd/ejabberd.yml +++ b/terminaldweller.com/ejabberd/ejabberd.yml @@ -1,13 +1,14 @@ hosts: - jabber.terminaldweller.com -auth_method: internal +auth_method: internal auth_password_format: scram # pragma: allowlist secret # anonymous_protocol: both allow_multiple_connections: true loglevel: 5 log_rotate_size: 10485760 log_rotate_count: 1 +default_db: mnesia define_macro: 'TLS_CIPHERS': "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA" @@ -45,9 +46,9 @@ listen: access: c2s starttls: true starttls_required: true - #protocol_options: 'TLS_OPTIONS' - #ciphers: 'TLS_CIPHERS' - #dhfile: 'DH_FILE' + protocol_options: 'TLS_OPTIONS' + ciphers: 'TLS_CIPHERS' + dhfile: 'DH_FILE' zlib: false tls_compression: false - port: 5223 @@ -56,6 +57,9 @@ listen: max_stanza_size: 65536 shaper: c2s_shaper access: c2s + protocol_options: 'TLS_OPTIONS' + ciphers: 'TLS_CIPHERS' + dhfile: 'DH_FILE' tls: true tls_compression: false - port: 5269 @@ -77,6 +81,8 @@ listen: '/upload': mod_http_upload '/ws': ejabberd_http_ws '/oauth': ejabberd_oauth + '/.well-known/host-meta': mod_host_meta + '/.well-known/host-meta.json': mod_host_meta - port: 5080 ip: '0.0.0.0' module: ejabberd_http @@ -133,9 +139,9 @@ access_rules: configure: allow: admin muc_create: - allow: local + allow: admin pubsub_createnode: - allow: local + allow: admin trusted_network: allow: loopback @@ -201,7 +207,7 @@ max_fsm_queue: 10000 acme: # for auto ACME requests, we need this to be true auto: false - contact: + contact: - mailto:devi@terminaldweller.com ca_url: https://acme-v02.api.letsencrypt.org/directory @@ -298,3 +304,6 @@ modules: mod_vcard_xupdate: {} mod_version: show_os: false + mod_host_meta: + bosh_service_url: "https://@HOST@:5443/bosh" + websocket_url: "wss://@HOST@:5443/ws" diff --git a/terminaldweller.com/haproxy/docker-compose.yaml b/terminaldweller.com/haproxy/docker-compose.yaml index 126613c..ce3f8d5 100644 --- a/terminaldweller.com/haproxy/docker-compose.yaml +++ b/terminaldweller.com/haproxy/docker-compose.yaml @@ -15,31 +15,50 @@ services: - "25:25" - "465:465" - "587:587" + - "127.0.0.1:8404:8404" volumes: - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro + # - ./certs:/usr/local/etc/certs:ro networks: - proxynet - metricsnet + # - certnet restart: unless-stopped cap_drop: - ALL + # certbot: + # image: certbot + # build: + # context: ./certbot + # ports: + # - "127.0.0.1:9080:80" + # - "127.0.0.1:9443:443" + # networks: + # - certnet + # # restart: unless-stopped + # volumes: + # - ./letsencrypt:/etc/letsencrypt + # - ./webroot:/webroot + # - ./certs:/certs + # # command: ["certonly","--test-cert","--webroot","-w","/webroot","-d","chat.terminaldweller.com","--email","thabogre@gmail.com","--non-interactive","--agree-tos"] + # entrypoint: ["/certbot-entrypoint.sh"] + # environment: + # - DOMAIN=chat.terminaldweller.com + # - EMAIL=devi@mail.terminaldweller.com + # nginx: + # image: nginx + # ports: + # - "127.0.0.1:8080:80" + # networks: + # - certnet + # restart: unless-stopped + # volumes: + # - ./webroot:/usr/share/nginx/html # udpproxy: # image: nginx # ports: # - "127.0.0.1:3478:3478/udp" # - "127.0.0.1:5349:5349/udp" - # - "80:80" - # - "443:443" - # - "5222:5222" - # - "5280:5280" - # - "5443:5443" - # - "143:143" - # - "993:993" - # - "110:110" - # - "995:995" - # - "25:25" - # - "465:465" - # - "587:587" # networks: # - proxynet # restart: unless-stopped @@ -57,11 +76,16 @@ services: - ./conf.yml:/opt/bitnami/prometheus/conf/prometheus.yml:ro environment: - HTTPS_PROXY=socks5h://172.17.0.1:9993 + - https_proxy=socks5h://172.17.0.1:9993 - HTTP_PROXY=socks5h://172.17.0.1:9993 + - http_proxy=socks5h://172.17.0.1:9993 - ALL_PROXY=socks5h://172.17.0.1:9993 + - all_proxy=socks5h://172.17.0.1:9993 - NO_PROXY=localhost,127.0.0.0/8,172.16.0.0/12,10.0.0.0/8,192.168.0.0/16 + - no_proxy=localhost,127.0.0.0/8,172.16.0.0/12,10.0.0.0/8,192.168.0.0/16 networks: proxynet: metricsnet: + # certnet: volumes: metricsvault: -- cgit v1.2.3