Compare commits
6 commits
Author | SHA1 | Date | |
---|---|---|---|
b5cec5cf4c | |||
23813ac048 | |||
890b90a7c2 | |||
62037c2495 | |||
9dbfdeeb7a | |||
ac2e41e257 |
25 changed files with 221 additions and 180 deletions
8
.idea/.gitignore
vendored
8
.idea/.gitignore
vendored
|
@ -1,8 +0,0 @@
|
||||||
# Default ignored files
|
|
||||||
/shelf/
|
|
||||||
/workspace.xml
|
|
||||||
# Editor-based HTTP Client requests
|
|
||||||
/httpRequests/
|
|
||||||
# Datasource local storage ignored files
|
|
||||||
/dataSources/
|
|
||||||
/dataSources.local.xml
|
|
|
@ -1,10 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<project version="4">
|
|
||||||
<component name="DiscordProjectSettings">
|
|
||||||
<option name="show" value="ASK" />
|
|
||||||
<option name="description" value="" />
|
|
||||||
</component>
|
|
||||||
<component name="ProjectRootManager" version="2" languageLevel="JDK_17" default="true" project-jdk-name="jbr-17" project-jdk-type="JavaSDK">
|
|
||||||
<output url="file://$PROJECT_DIR$/out" />
|
|
||||||
</component>
|
|
||||||
</project>
|
|
|
@ -1,8 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<project version="4">
|
|
||||||
<component name="ProjectModuleManager">
|
|
||||||
<modules>
|
|
||||||
<module fileurl="file://$PROJECT_DIR$/.idea/neb.iml" filepath="$PROJECT_DIR$/.idea/neb.iml" />
|
|
||||||
</modules>
|
|
||||||
</component>
|
|
||||||
</project>
|
|
|
@ -1,9 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<module type="JAVA_MODULE" version="4">
|
|
||||||
<component name="NewModuleRootManager" inherit-compiler-output="true">
|
|
||||||
<exclude-output />
|
|
||||||
<content url="file://$MODULE_DIR$" />
|
|
||||||
<orderEntry type="inheritedJdk" />
|
|
||||||
<orderEntry type="sourceFolder" forTests="false" />
|
|
||||||
</component>
|
|
||||||
</module>
|
|
|
@ -1,6 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<project version="4">
|
|
||||||
<component name="VcsDirectoryMappings">
|
|
||||||
<mapping directory="" vcs="Git" />
|
|
||||||
</component>
|
|
||||||
</project>
|
|
|
@ -1,6 +0,0 @@
|
||||||
when:
|
|
||||||
event:
|
|
||||||
- push
|
|
||||||
- manual
|
|
||||||
- tag
|
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
FROM nginx:alpine
|
|
||||||
|
|
||||||
RUN apk add \
|
|
||||||
certbot \
|
|
||||||
certbot-nginx
|
|
||||||
|
|
||||||
COPY content /usr/share/nginx/html
|
|
||||||
COPY conf.d/ /etc/nginx/conf.d/
|
|
||||||
COPY nginx.conf /etc/nginx/nginx.conf
|
|
||||||
|
|
||||||
VOLUME /etc/nginx/conf.d/
|
|
||||||
VOLUME /usr/share/nginx/html/
|
|
||||||
|
|
||||||
COPY entrypoint.sh /entrypoint
|
|
||||||
ENTRYPOINT [ "sh", "/entrypoint" ]
|
|
||||||
CMD [ "nginx", "-g", "daemon off;" ]
|
|
|
@ -1,17 +0,0 @@
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name _;
|
|
||||||
|
|
||||||
# SSL is managed by certbot, no need for a ssl listen; it will be generated automagically!
|
|
||||||
|
|
||||||
# default html page
|
|
||||||
location / {
|
|
||||||
root /usr/share/nginx/html;
|
|
||||||
index index.html index.htm;
|
|
||||||
}
|
|
||||||
|
|
||||||
error_page 500 502 503 504 /50x.html;
|
|
||||||
location = /50x.html {
|
|
||||||
root /usr/share/nginx/html;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,24 +0,0 @@
|
||||||
<!DOCTYPE html>
|
|
||||||
<html>
|
|
||||||
|
|
||||||
<head>
|
|
||||||
<title>Welcome to nginx!</title>
|
|
||||||
<style>
|
|
||||||
html {
|
|
||||||
color-scheme: light dark;
|
|
||||||
}
|
|
||||||
|
|
||||||
body {
|
|
||||||
width: 35em;
|
|
||||||
margin: 0 auto;
|
|
||||||
font-family: Tahoma, Verdana, Arial, sans-serif;
|
|
||||||
}
|
|
||||||
</style>
|
|
||||||
</head>
|
|
||||||
|
|
||||||
<body>
|
|
||||||
<h1>Welcome to nginx!</h1>
|
|
||||||
<span>This is the default page, so the admin was likely too lazy too remove it.</span>
|
|
||||||
</body>
|
|
||||||
|
|
||||||
</html>
|
|
|
@ -1,28 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
trap exit TERM
|
|
||||||
|
|
||||||
if [ -n "${CERTBOT_DOMAINS}" ]; then
|
|
||||||
echo "registering..."
|
|
||||||
if ! certbot show_account; then
|
|
||||||
certbot register -n \
|
|
||||||
--agree-tos \
|
|
||||||
-m "${CERTBOT_EMAIL}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
for d in $(echo "${CERTBOT_DOMAINS}" | sed 's/,/ /g'); do
|
|
||||||
echo "requesting for $d..."
|
|
||||||
certbot --nginx -n --keep -d "$d"
|
|
||||||
done
|
|
||||||
|
|
||||||
while :; do
|
|
||||||
echo "renewing domains..."
|
|
||||||
certbot --nginx --keep -n renew
|
|
||||||
sleep 12h &
|
|
||||||
wait $!
|
|
||||||
done &
|
|
||||||
else
|
|
||||||
echo "skipping certbot due to no domains!"
|
|
||||||
fi &
|
|
||||||
|
|
||||||
exec "$@"
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name fz.ixvd.net;
|
||||||
|
|
||||||
|
location /live/websocket {
|
||||||
|
proxy_pass http://firezone:13000;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection upgrade;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://firezone:13000;
|
||||||
|
client_max_body_size 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
error_page 500 502 503 504 /50x.html;
|
||||||
|
location = /50x.html {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
}
|
||||||
|
}
|
66
servers/apoc/docker-compose.d/docker-compose.firezone.yml
Normal file
66
servers/apoc/docker-compose.d/docker-compose.firezone.yml
Normal file
|
@ -0,0 +1,66 @@
|
||||||
|
version: '2.2'
|
||||||
|
# Example compose file for production deployment on Linux.
|
||||||
|
#
|
||||||
|
# Note: This file is meant to serve as a template. Please modify it
|
||||||
|
# according to your needs. Read more about Docker Compose:
|
||||||
|
#
|
||||||
|
# https://docs.docker.com/compose/compose-file/
|
||||||
|
#
|
||||||
|
#
|
||||||
|
x-deploy: &default-deploy
|
||||||
|
restart_policy:
|
||||||
|
condition: unless-stopped
|
||||||
|
delay: 5s
|
||||||
|
window: 120s
|
||||||
|
update_config:
|
||||||
|
order: start-first
|
||||||
|
|
||||||
|
services:
|
||||||
|
firezone:
|
||||||
|
image: firezone/firezone:${VERSION:-latest}
|
||||||
|
ports:
|
||||||
|
- 51820:51820/udp
|
||||||
|
environment:
|
||||||
|
EXTERNAL_URL: "https://fz.ixvd.net/"
|
||||||
|
DATABASE_HOST: "fz-postgres"
|
||||||
|
DATABASE_USER: "firezone"
|
||||||
|
DATABASE_PASSWORD: "firezone"
|
||||||
|
env_file:
|
||||||
|
- /etc/ixvd/secrets/env/firezone.env
|
||||||
|
volumes:
|
||||||
|
- /srv/firezone/config:/var/firezone
|
||||||
|
cap_add:
|
||||||
|
- NET_ADMIN
|
||||||
|
- SYS_MODULE
|
||||||
|
sysctls:
|
||||||
|
- net.ipv6.conf.all.disable_ipv6=0
|
||||||
|
- net.ipv4.ip_forward=1
|
||||||
|
- net.ipv6.conf.all.forwarding=1
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
networks:
|
||||||
|
proxy:
|
||||||
|
fz-internal:
|
||||||
|
ipv4_address: 172.90.0.10
|
||||||
|
ipv6_address: fcff:3990:3990::99
|
||||||
|
|
||||||
|
fz-postgres:
|
||||||
|
image: postgres:15
|
||||||
|
volumes:
|
||||||
|
- /srv/firezone/data:/var/lib/postgresql/data
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: firezone
|
||||||
|
POSTGRES_USER: firezone
|
||||||
|
POSTGRES_PASSWORD: firezone
|
||||||
|
networks:
|
||||||
|
- fz-internal
|
||||||
|
|
||||||
|
networks:
|
||||||
|
fz-internal:
|
||||||
|
enable_ipv6: true
|
||||||
|
driver: bridge
|
||||||
|
ipam:
|
||||||
|
config:
|
||||||
|
- subnet: 172.90.0.0/16
|
||||||
|
- subnet: fcff:3990:3990::/64
|
||||||
|
gateway: fcff:3990:3990::1
|
|
@ -7,7 +7,7 @@ services:
|
||||||
build: custom/nginx
|
build: custom/nginx
|
||||||
environment:
|
environment:
|
||||||
CERTBOT_EMAIL: "webmaster@ixvd.net"
|
CERTBOT_EMAIL: "webmaster@ixvd.net"
|
||||||
CERTBOT_DOMAINS: "apoc.ixvd.net,mail.ixvd.net,git.ixvd.net,my.ixvd.net,ci.ixvd.net,baikal.ixvd.net,pg.ixvd.net,snipe.ixvd.net"
|
CERTBOT_DOMAINS: "apoc.ixvd.net,mail.ixvd.net,git.ixvd.net,my.ixvd.net,ci.ixvd.net,baikal.ixvd.net,pg.ixvd.net,snipe.ixvd.net,fz.ixvd.net"
|
||||||
volumes:
|
volumes:
|
||||||
- /srv/certbot/data:/etc/letsencrypt
|
- /srv/certbot/data:/etc/letsencrypt
|
||||||
- /srv/certbot/other/www:/var/www/certbot
|
- /srv/certbot/other/www:/var/www/certbot
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name nebulosus.nl;
|
|
||||||
|
|
||||||
# SSL is managed by certbot, no need for a ssl listen; it will be generated automagically!
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://site;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,8 +0,0 @@
|
||||||
version: '2.2'
|
|
||||||
|
|
||||||
|
|
||||||
services:
|
|
||||||
site:
|
|
||||||
image: git.ixvd.net/nebulosus/web
|
|
||||||
networks:
|
|
||||||
- proxy
|
|
|
@ -7,7 +7,7 @@ services:
|
||||||
build: custom/nginx
|
build: custom/nginx
|
||||||
environment:
|
environment:
|
||||||
CERTBOT_EMAIL: "webmaster@ixvd.net"
|
CERTBOT_EMAIL: "webmaster@ixvd.net"
|
||||||
CERTBOT_DOMAINS: "keymaker.ixvd.net,ixvd.net,via.ixvd.net,cdn.ixvd.net,park.ixvd.net,nebulosus.nl"
|
CERTBOT_DOMAINS: "keymaker.ixvd.net,ixvd.net,via.ixvd.net,cdn.ixvd.net,park.ixvd.net"
|
||||||
volumes:
|
volumes:
|
||||||
- /srv/certbot/data:/etc/letsencrypt
|
- /srv/certbot/data:/etc/letsencrypt
|
||||||
- /srv/certbot/other/www:/var/www/certbot
|
- /srv/certbot/other/www:/var/www/certbot
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
FROM nginx:alpine
|
||||||
|
|
||||||
|
RUN apk add \
|
||||||
|
certbot \
|
||||||
|
certbot-nginx
|
||||||
|
|
||||||
|
COPY content /usr/share/nginx/html
|
||||||
|
COPY conf.d/ /etc/nginx/conf.d/
|
||||||
|
COPY nginx.conf /etc/nginx/nginx.conf
|
||||||
|
|
||||||
|
COPY entrypoint.sh /entrypoint
|
||||||
|
ENTRYPOINT [ "sh", "/entrypoint" ]
|
||||||
|
CMD [ "nginx", "-g", "daemon off;" ]
|
|
@ -0,0 +1,21 @@
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name localhost;
|
||||||
|
|
||||||
|
# SSL is managed by certbot, no need for a ssl listen; it will be generated automagically!
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
# default html page
|
||||||
|
location / {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
index index.html index.htm;
|
||||||
|
}
|
||||||
|
|
||||||
|
error_page 500 502 503 504 /50x.html;
|
||||||
|
location = /50x.html {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,26 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
|
||||||
|
<head>
|
||||||
|
<title>Welcome to nginx!</title>
|
||||||
|
<style>
|
||||||
|
html {
|
||||||
|
color-scheme: light dark;
|
||||||
|
}
|
||||||
|
|
||||||
|
body {
|
||||||
|
width: 35em;
|
||||||
|
margin: 0 auto;
|
||||||
|
font-family: Tahoma, Verdana, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<h1>Welcome to nginx!</h1>
|
||||||
|
<hr/>
|
||||||
|
<span>If you're seeing this, it means the admin was too lazy to remove this page.</span><br/>
|
||||||
|
<span>Expected something here? contact the admin: webmaster@ixvd.net</span>
|
||||||
|
</body>
|
||||||
|
|
||||||
|
</html>
|
|
@ -0,0 +1,28 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
trap exit TERM
|
||||||
|
|
||||||
|
if [ -n "${CERTBOT_DOMAINS}" ]; then
|
||||||
|
echo "registering..."
|
||||||
|
if ! certbot show_account; then
|
||||||
|
certbot register -n \
|
||||||
|
--agree-tos \
|
||||||
|
-m "${CERTBOT_EMAIL}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
for d in $(echo "${CERTBOT_DOMAINS}" | sed 's/,/ /g'); do
|
||||||
|
echo "requesting for $d..."
|
||||||
|
certbot --nginx -n --keep -d "$d"
|
||||||
|
done
|
||||||
|
|
||||||
|
while :; do
|
||||||
|
echo "renewing domains..."
|
||||||
|
certbot --nginx --keep -n renew
|
||||||
|
sleep 12h &
|
||||||
|
wait $!
|
||||||
|
done &
|
||||||
|
else
|
||||||
|
echo "skipping certbot due to no domains!"
|
||||||
|
fi &
|
||||||
|
|
||||||
|
exec "$@"
|
|
@ -0,0 +1,35 @@
|
||||||
|
|
||||||
|
user nginx;
|
||||||
|
worker_processes auto;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/error.log notice;
|
||||||
|
pid /var/run/nginx.pid;
|
||||||
|
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
# docker resolver and quad9;
|
||||||
|
resolver 127.0.0.11 9.9.9.9 ipv6=off;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
#tcp_nopush on;
|
||||||
|
|
||||||
|
keepalive_timeout 65;
|
||||||
|
|
||||||
|
#gzip on;
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
}
|
|
@ -4,8 +4,7 @@ version: '2.2'
|
||||||
services:
|
services:
|
||||||
# default nginx setup
|
# default nginx setup
|
||||||
nginx:
|
nginx:
|
||||||
build:
|
build: custom/nginx
|
||||||
context: ../../../images/nginx
|
|
||||||
environment:
|
environment:
|
||||||
CERTBOT_EMAIL: "webmaster@ixvd.net"
|
CERTBOT_EMAIL: "webmaster@ixvd.net"
|
||||||
CERTBOT_DOMAINS: "localhost"
|
CERTBOT_DOMAINS: "localhost"
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
07453417352829e9a47d22b3d8e15e0bb2d12df86f92165bda2568883d1817ab -
|
059c7c3eb87d4a9bd30b70ba9016b875783b9206cbd44b4c2dc1bb8f59787127 -
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
for target in $@; do
|
|
||||||
ip=$(dig $target +short)
|
|
||||||
printf "%-20s -> %20s (%s)\n" "$target" "$(dig -x $ip +short)" "$ip"
|
|
||||||
done
|
|
|
@ -1,18 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
argi=1
|
|
||||||
|
|
||||||
while getopts '5qh' opt; do
|
|
||||||
case $opt in
|
|
||||||
5) argi=2 ;;
|
|
||||||
q) argi=3 ;;
|
|
||||||
h) echo "-5 = 5 minutes, -q = a quarter (15 min)"; exit ;;
|
|
||||||
\?) exit 1 ;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
shift $((OPTIND-1))
|
|
||||||
|
|
||||||
LOADVAL=$(awk "{ print \$$argi; }" < /proc/loadavg)
|
|
||||||
NUMCPUS=$(getconf _NPROCESSORS_ONLN)
|
|
||||||
echo "$LOADVAL * 100 / $NUMCPUS" | bc
|
|
||||||
|
|
Loading…
Reference in a new issue