diff --git a/.idea/.gitignore b/.idea/.gitignore
deleted file mode 100644
index 13566b8..0000000
--- a/.idea/.gitignore
+++ /dev/null
@@ -1,8 +0,0 @@
-# Default ignored files
-/shelf/
-/workspace.xml
-# Editor-based HTTP Client requests
-/httpRequests/
-# Datasource local storage ignored files
-/dataSources/
-/dataSources.local.xml
diff --git a/.idea/misc.xml b/.idea/misc.xml
deleted file mode 100644
index 947ef84..0000000
--- a/.idea/misc.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
deleted file mode 100644
index 391a425..0000000
--- a/.idea/modules.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/.idea/neb.iml b/.idea/neb.iml
deleted file mode 100644
index d6ebd48..0000000
--- a/.idea/neb.iml
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
deleted file mode 100644
index 35eb1dd..0000000
--- a/.idea/vcs.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-
-
-
-
-
-
\ No newline at end of file
diff --git a/.woodpecker/images.yml b/.woodpecker/images.yml
deleted file mode 100644
index 91a691f..0000000
--- a/.woodpecker/images.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-when:
- event:
- - push
- - manual
- - tag
-
\ No newline at end of file
diff --git a/images/nginx/Dockerfile b/images/nginx/Dockerfile
deleted file mode 100644
index 3e3af88..0000000
--- a/images/nginx/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-FROM nginx:alpine
-
-RUN apk add \
- certbot \
- certbot-nginx
-
-COPY content /usr/share/nginx/html
-COPY conf.d/ /etc/nginx/conf.d/
-COPY nginx.conf /etc/nginx/nginx.conf
-
-VOLUME /etc/nginx/conf.d/
-VOLUME /usr/share/nginx/html/
-
-COPY entrypoint.sh /entrypoint
-ENTRYPOINT [ "sh", "/entrypoint" ]
-CMD [ "nginx", "-g", "daemon off;" ]
\ No newline at end of file
diff --git a/images/nginx/conf.d/default.conf b/images/nginx/conf.d/default.conf
deleted file mode 100644
index 3b5746c..0000000
--- a/images/nginx/conf.d/default.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-server {
- listen 80;
- server_name _;
-
- # SSL is managed by certbot, no need for a ssl listen; it will be generated automagically!
-
- # default html page
- location / {
- root /usr/share/nginx/html;
- index index.html index.htm;
- }
-
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root /usr/share/nginx/html;
- }
-}
diff --git a/images/nginx/content/index.html b/images/nginx/content/index.html
deleted file mode 100644
index 4a98c86..0000000
--- a/images/nginx/content/index.html
+++ /dev/null
@@ -1,24 +0,0 @@
-
-
-
-
- Welcome to nginx!
-
-
-
-
- Welcome to nginx!
- This is the default page, so the admin was likely too lazy too remove it.
-
-
-
\ No newline at end of file
diff --git a/images/nginx/entrypoint.sh b/images/nginx/entrypoint.sh
deleted file mode 100755
index b28582b..0000000
--- a/images/nginx/entrypoint.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/sh
-
-trap exit TERM
-
-if [ -n "${CERTBOT_DOMAINS}" ]; then
- echo "registering..."
- if ! certbot show_account; then
- certbot register -n \
- --agree-tos \
- -m "${CERTBOT_EMAIL}"
- fi
-
- for d in $(echo "${CERTBOT_DOMAINS}" | sed 's/,/ /g'); do
- echo "requesting for $d..."
- certbot --nginx -n --keep -d "$d"
- done
-
- while :; do
- echo "renewing domains..."
- certbot --nginx --keep -n renew
- sleep 12h &
- wait $!
- done &
-else
- echo "skipping certbot due to no domains!"
-fi &
-
-exec "$@"
\ No newline at end of file
diff --git a/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf b/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf
new file mode 100644
index 0000000..ceaa04f
--- /dev/null
+++ b/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf
@@ -0,0 +1,27 @@
+server {
+ listen 80;
+ server_name fz.ixvd.net;
+
+ location /live/websocket {
+ proxy_pass http://firezone:13000;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection upgrade;
+ }
+
+ location / {
+ proxy_set_header X-Forwarded-For $remote_addr;
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header Host $host;
+ proxy_pass http://firezone:13000;
+ client_max_body_size 0;
+ }
+
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+}
diff --git a/servers/apoc/docker-compose.d/docker-compose.firezone.yml b/servers/apoc/docker-compose.d/docker-compose.firezone.yml
new file mode 100644
index 0000000..a673ed5
--- /dev/null
+++ b/servers/apoc/docker-compose.d/docker-compose.firezone.yml
@@ -0,0 +1,66 @@
+version: '2.2'
+# Example compose file for production deployment on Linux.
+#
+# Note: This file is meant to serve as a template. Please modify it
+# according to your needs. Read more about Docker Compose:
+#
+# https://docs.docker.com/compose/compose-file/
+#
+#
+x-deploy: &default-deploy
+ restart_policy:
+ condition: unless-stopped
+ delay: 5s
+ window: 120s
+ update_config:
+ order: start-first
+
+services:
+ firezone:
+ image: firezone/firezone:${VERSION:-latest}
+ ports:
+ - 51820:51820/udp
+ environment:
+ EXTERNAL_URL: "https://fz.ixvd.net/"
+ DATABASE_HOST: "fz-postgres"
+ DATABASE_USER: "firezone"
+ DATABASE_PASSWORD: "firezone"
+ env_file:
+ - /etc/ixvd/secrets/env/firezone.env
+ volumes:
+ - /srv/firezone/config:/var/firezone
+ cap_add:
+ - NET_ADMIN
+ - SYS_MODULE
+ sysctls:
+ - net.ipv6.conf.all.disable_ipv6=0
+ - net.ipv4.ip_forward=1
+ - net.ipv6.conf.all.forwarding=1
+ depends_on:
+ - postgres
+ networks:
+ proxy:
+ fz-internal:
+ ipv4_address: 172.90.0.10
+ ipv6_address: fcff:3990:3990::99
+
+ fz-postgres:
+ image: postgres:15
+ volumes:
+ - /srv/firezone/data:/var/lib/postgresql/data
+ environment:
+ POSTGRES_DB: firezone
+ POSTGRES_USER: firezone
+ POSTGRES_PASSWORD: firezone
+ networks:
+ - fz-internal
+
+networks:
+ fz-internal:
+ enable_ipv6: true
+ driver: bridge
+ ipam:
+ config:
+ - subnet: 172.90.0.0/16
+ - subnet: fcff:3990:3990::/64
+ gateway: fcff:3990:3990::1
diff --git a/servers/apoc/docker-compose.d/docker-compose.yml b/servers/apoc/docker-compose.d/docker-compose.yml
index ba05f0b..220765a 100644
--- a/servers/apoc/docker-compose.d/docker-compose.yml
+++ b/servers/apoc/docker-compose.d/docker-compose.yml
@@ -7,7 +7,7 @@ services:
build: custom/nginx
environment:
CERTBOT_EMAIL: "webmaster@ixvd.net"
- CERTBOT_DOMAINS: "apoc.ixvd.net,mail.ixvd.net,git.ixvd.net,my.ixvd.net,ci.ixvd.net,baikal.ixvd.net,pg.ixvd.net,snipe.ixvd.net"
+ CERTBOT_DOMAINS: "apoc.ixvd.net,mail.ixvd.net,git.ixvd.net,my.ixvd.net,ci.ixvd.net,baikal.ixvd.net,pg.ixvd.net,snipe.ixvd.net,fz.ixvd.net"
volumes:
- /srv/certbot/data:/etc/letsencrypt
- /srv/certbot/other/www:/var/www/certbot
diff --git a/servers/keymaker/docker-compose.d/custom/nginx/conf.d/nebulosus.conf b/servers/keymaker/docker-compose.d/custom/nginx/conf.d/nebulosus.conf
deleted file mode 100644
index 8f9d856..0000000
--- a/servers/keymaker/docker-compose.d/custom/nginx/conf.d/nebulosus.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-server {
- listen 80;
- server_name nebulosus.nl;
-
- # SSL is managed by certbot, no need for a ssl listen; it will be generated automagically!
-
- location / {
- proxy_pass http://site;
- }
-}
diff --git a/servers/keymaker/docker-compose.d/docker-compose.nebulosus.yml b/servers/keymaker/docker-compose.d/docker-compose.nebulosus.yml
deleted file mode 100644
index 1f69786..0000000
--- a/servers/keymaker/docker-compose.d/docker-compose.nebulosus.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-version: '2.2'
-
-
-services:
- site:
- image: git.ixvd.net/nebulosus/web
- networks:
- - proxy
diff --git a/servers/keymaker/docker-compose.d/docker-compose.yml b/servers/keymaker/docker-compose.d/docker-compose.yml
index ea306c6..1518226 100644
--- a/servers/keymaker/docker-compose.d/docker-compose.yml
+++ b/servers/keymaker/docker-compose.d/docker-compose.yml
@@ -7,7 +7,7 @@ services:
build: custom/nginx
environment:
CERTBOT_EMAIL: "webmaster@ixvd.net"
- CERTBOT_DOMAINS: "keymaker.ixvd.net,ixvd.net,via.ixvd.net,cdn.ixvd.net,park.ixvd.net,nebulosus.nl"
+ CERTBOT_DOMAINS: "keymaker.ixvd.net,ixvd.net,via.ixvd.net,cdn.ixvd.net,park.ixvd.net"
volumes:
- /srv/certbot/data:/etc/letsencrypt
- /srv/certbot/other/www:/var/www/certbot
@@ -30,4 +30,4 @@ networks:
external: true
internal:
external: true
-
+
\ No newline at end of file
diff --git a/servers/skel/docker-compose.d/custom/nginx/Dockerfile b/servers/skel/docker-compose.d/custom/nginx/Dockerfile
index e69de29..6bb5b49 100644
--- a/servers/skel/docker-compose.d/custom/nginx/Dockerfile
+++ b/servers/skel/docker-compose.d/custom/nginx/Dockerfile
@@ -0,0 +1,13 @@
+FROM nginx:alpine
+
+RUN apk add \
+ certbot \
+ certbot-nginx
+
+COPY content /usr/share/nginx/html
+COPY conf.d/ /etc/nginx/conf.d/
+COPY nginx.conf /etc/nginx/nginx.conf
+
+COPY entrypoint.sh /entrypoint
+ENTRYPOINT [ "sh", "/entrypoint" ]
+CMD [ "nginx", "-g", "daemon off;" ]
\ No newline at end of file
diff --git a/servers/skel/docker-compose.d/custom/nginx/conf.d/default.conf b/servers/skel/docker-compose.d/custom/nginx/conf.d/default.conf
index e69de29..18f1f8d 100644
--- a/servers/skel/docker-compose.d/custom/nginx/conf.d/default.conf
+++ b/servers/skel/docker-compose.d/custom/nginx/conf.d/default.conf
@@ -0,0 +1,21 @@
+server {
+ listen 80;
+ server_name localhost;
+
+ # SSL is managed by certbot, no need for a ssl listen; it will be generated automagically!
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ # default html page
+ location / {
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ }
+
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+}
diff --git a/servers/skel/docker-compose.d/custom/nginx/content/index.html b/servers/skel/docker-compose.d/custom/nginx/content/index.html
index e69de29..c66cf70 100644
--- a/servers/skel/docker-compose.d/custom/nginx/content/index.html
+++ b/servers/skel/docker-compose.d/custom/nginx/content/index.html
@@ -0,0 +1,26 @@
+
+
+
+
+ Welcome to nginx!
+
+
+
+
+ Welcome to nginx!
+
+ If you're seeing this, it means the admin was too lazy to remove this page.
+ Expected something here? contact the admin: webmaster@ixvd.net
+
+
+
\ No newline at end of file
diff --git a/servers/skel/docker-compose.d/custom/nginx/entrypoint.sh b/servers/skel/docker-compose.d/custom/nginx/entrypoint.sh
index e69de29..df5fa5c 100755
--- a/servers/skel/docker-compose.d/custom/nginx/entrypoint.sh
+++ b/servers/skel/docker-compose.d/custom/nginx/entrypoint.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+trap exit TERM
+
+if [ -n "${CERTBOT_DOMAINS}" ]; then
+ echo "registering..."
+ if ! certbot show_account; then
+ certbot register -n \
+ --agree-tos \
+ -m "${CERTBOT_EMAIL}"
+ fi
+
+ for d in $(echo "${CERTBOT_DOMAINS}" | sed 's/,/ /g'); do
+ echo "requesting for $d..."
+ certbot --nginx -n --keep -d "$d"
+ done
+
+ while :; do
+ echo "renewing domains..."
+ certbot --nginx --keep -n renew
+ sleep 12h &
+ wait $!
+ done &
+else
+ echo "skipping certbot due to no domains!"
+fi &
+
+exec "$@"
\ No newline at end of file
diff --git a/servers/skel/docker-compose.d/custom/nginx/nginx.conf b/servers/skel/docker-compose.d/custom/nginx/nginx.conf
index e69de29..2f54d99 100644
--- a/servers/skel/docker-compose.d/custom/nginx/nginx.conf
+++ b/servers/skel/docker-compose.d/custom/nginx/nginx.conf
@@ -0,0 +1,35 @@
+
+user nginx;
+worker_processes auto;
+
+error_log /var/log/nginx/error.log notice;
+pid /var/run/nginx.pid;
+
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ # docker resolver and quad9;
+ resolver 127.0.0.11 9.9.9.9 ipv6=off;
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ keepalive_timeout 65;
+
+ #gzip on;
+
+ include /etc/nginx/conf.d/*.conf;
+}
diff --git a/servers/skel/docker-compose.d/docker-compose.yml b/servers/skel/docker-compose.d/docker-compose.yml
index abcc778..159ffe1 100644
--- a/servers/skel/docker-compose.d/docker-compose.yml
+++ b/servers/skel/docker-compose.d/docker-compose.yml
@@ -4,8 +4,7 @@ version: '2.2'
services:
# default nginx setup
nginx:
- build:
- context: ../../../images/nginx
+ build: custom/nginx
environment:
CERTBOT_EMAIL: "webmaster@ixvd.net"
CERTBOT_DOMAINS: "localhost"
diff --git a/skel/etc/ixvd/skel-sum.txt b/skel/etc/ixvd/skel-sum.txt
index debf3d8..47dacea 100644
--- a/skel/etc/ixvd/skel-sum.txt
+++ b/skel/etc/ixvd/skel-sum.txt
@@ -1 +1 @@
-07453417352829e9a47d22b3d8e15e0bb2d12df86f92165bda2568883d1817ab -
+059c7c3eb87d4a9bd30b70ba9016b875783b9206cbd44b4c2dc1bb8f59787127 -
diff --git a/tools/diagnostics/domain-lookup.sh b/tools/diagnostics/domain-lookup.sh
deleted file mode 100755
index 4497bac..0000000
--- a/tools/diagnostics/domain-lookup.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-
-for target in $@; do
- ip=$(dig $target +short)
- printf "%-20s -> %20s (%s)\n" "$target" "$(dig -x $ip +short)" "$ip"
-done
diff --git a/tools/diagnostics/load-percentage.sh b/tools/diagnostics/load-percentage.sh
deleted file mode 100755
index 7a1fd60..0000000
--- a/tools/diagnostics/load-percentage.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-
-argi=1
-
-while getopts '5qh' opt; do
- case $opt in
- 5) argi=2 ;;
- q) argi=3 ;;
- h) echo "-5 = 5 minutes, -q = a quarter (15 min)"; exit ;;
- \?) exit 1 ;;
- esac
-done
-shift $((OPTIND-1))
-
-LOADVAL=$(awk "{ print \$$argi; }" < /proc/loadavg)
-NUMCPUS=$(getconf _NPROCESSORS_ONLN)
-echo "$LOADVAL * 100 / $NUMCPUS" | bc
-