This commit is contained in:
Sam A. 2024-02-10 20:03:04 +01:00
parent 4f849f27f7
commit 7addfb3784
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
11 changed files with 81 additions and 19 deletions

View file

@ -5,6 +5,10 @@ apps_include:
- caddy
- searxng
- website
- tor
- watchtower
searxng_secret_key: "{{ vault_searxng_secret_key }}"
tor_keys:
website: "{{ vault_tor_keys.website }}"

View file

@ -1,11 +1,20 @@
$ANSIBLE_VAULT;1.1;AES256
61623537323039313538373562663036346638653365326439373333333236613163633764343665
3434613163333131343732316662303065646462343135300a613630313234316663336437643662
61323861313833383830303732306433653339326231313466643131616438353836666661306564
6535383837633264650a393133636536643434326537636633366665313164373463633862343034
36613030393538373464353166616164363430663361343534623135376563303663633266666332
32383336326563333535646265643638376661356631356434303963646532356133306266353736
37363639613166353038383736633034656637623638656662393539633538663432346665316136
63653130303762323562663562623065326263356561626330636337366164353634323062303062
66356531636261313462656265343731396333393263653733333530386439356665323765393030
3231663733393164383865336531333932393863666636336539
39313134383263306437313135636165303961346434393336396463376463646236316231343062
3263336330376430646239383932333030333332333937320a326537393533633133663939666463
37376165336632383734386366336536366638646338316361643339383933613731323834313835
3433613962613932660a663135343061346363313561396532376137366262633732323664343538
38656230366438356531336266346663633361633838383136663465343563326539313139656465
38396437656362623235646134636663393835336633326635633332656331356635313930333336
38643131383263373535323832346361336337336632343561323033636630393037356137353736
61343139666435393533396464643633613066303738643866393164333630623765306134323436
31636266393337353461616565653537356136623030383132373130313365343639316164356430
39353739346638636132336636303134306533613364636362646135636265393337623431643431
35363739393832646535623938623434643765633039313335626433376630633932336231366331
34373362353965373636326563323238366664663431363634303735613366373164336363646466
30356336343434393564396135333366623463623162623565353336353239343235383235646238
34623134313431363438373766386533316663323330666138636135386364663034623362366337
39346233376336626131366635336332636164373637633736303835613335343666653765333666
36653135386262393832636235386462663832666365306364396537363763656135636434666536
32643030373564646138393362613835646236323038613366336163373863366536316635373635
33336231313963386438396131386335333163343766323931376662396534356566373061366462
393562646466376565653062366130376135

View file

@ -6,6 +6,7 @@ apps_base_domain: "{{ base_domain }}"
apps_local_domain: local.{{ apps_base_domain }}
apps_shared_docker_network: apps_network
apps_postfix_docker_network: postfix_network
apps_tor_docker_network: tor_network
apps_vars:
caddy:
@ -35,6 +36,8 @@ apps_vars:
extra_tasks: true
domain: ipfs.{{ apps_local_domain }}
gateway_domain: ipfs-gateway.{{ apps_base_domain }}
port: 5001
gateway_port: 8080
version: v0.25.0
monerod:
@ -42,6 +45,7 @@ apps_vars:
sender: false
extra_tasks: true
domain: xmr.{{ apps_local_domain }}
port: 18089
version: latest
nextcloud:
@ -49,6 +53,7 @@ apps_vars:
sender: true
extra_tasks: true
domain: cloud.{{ apps_base_domain }}
port: 80
version: 28-apache
redis_version: 7-alpine
@ -57,6 +62,7 @@ apps_vars:
sender: false
extra_tasks: true
domain: search.{{ apps_base_domain }}
port: 8080
version: latest
redis_version: 7-alpine
@ -78,6 +84,7 @@ apps_vars:
extra_tasks: false
domain: samsapti.dev
onion: mldhltdackluvnqso7vk2azcg3ghjxbpw4im6alubymqkonb4kppqcqd.onion
port: 80
version: latest
restic:
@ -95,4 +102,5 @@ apps_vars:
apps_include: "{{ apps_vars | dict2items | map(attribute='key') | list }}"
apps_backup: "{{ apps_vars | dict2items | selectattr('value.backup', 'true') | map(attribute='key') | list | intersect(apps_include) }}"
apps_proxied: "{{ apps_vars | dict2items | selectattr('value.domain', 'defined') | map(attribute='key') | list | intersect(apps_include) }}"
apps_torified: "{{ apps_vars | dict2items | selectattr('value.onion', 'defined') | map(attribute='key') | list | intersect(apps_include) }}"
apps_senders: "{{ apps_vars | dict2items | selectattr('key', 'in', apps_include) | selectattr('value.sender', 'true') | map(attribute='value.domain') | list }}"

View file

@ -16,6 +16,12 @@
state: present
when: "'postfix' in apps_include"
- name: Create Docker network for Tor
community.docker.docker_network:
name: "{{ apps_tor_docker_network }}"
state: present
when: "'tor' in apps_include"
- name: Create base directory for apps
ansible.builtin.file:
path: "{{ apps_data_root }}"

View file

@ -1,7 +1,7 @@
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
{% if 'searxng' in apps_include %}
{% if 'searxng' in apps_proxied %}
{{ apps_vars.searxng.domain }} {
tls {{ tls_email }}
@ -67,7 +67,7 @@
handle {
encode zstd gzip
reverse_proxy searxng:8080 {
reverse_proxy searxng:{{ apps_vars.searxng.port }} {
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-Proto {http.request.scheme}
header_up X-Real-IP {remote_host}
@ -76,7 +76,7 @@
}
{% endif %}
{% if 'website' in apps_include %}
{% if 'website' in apps_proxied %}
{{ apps_base_domain }},
www.{{ apps_base_domain }},
www.{{ apps_vars.website.domain }} {
@ -104,10 +104,12 @@ www.{{ apps_vars.website.domain }} {
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
{% if 'tor' in apps_include and 'website' in apps_torified %}
Onion-Location "http://{{ apps_vars.website.onion }}{uri}"
{% endif %}
-Server
}
reverse_proxy website:80
reverse_proxy website:{{ apps_vars.website.port }}
}
{% endif %}

View file

@ -36,10 +36,12 @@ services:
PHP_UPLOAD_LIMIT: 16G
networks:
default:
{{ apps_postfix_docker_network }}:
{{ apps_shared_docker_network }}:
aliases:
- nextcloud
{% if 'postfix' in apps_include %}
{{ apps_postfix_docker_network }}:
{% endif %}
volumes:
- "./data/app:/var/www/html:rw"
- "./data/apache2/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"

View file

@ -0,0 +1,22 @@
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:
app:
image: goldy/tor-hidden-service:{{ apps_vars.tor.version }}
restart: always
environment:
{% for app in apps_torified %}
{{ app | upper }}_TOR_SERVICE_HOSTS: 80:{{ app }}:{{ apps_vars[app].port }}
{{ app | upper }}_TOR_SERVICE_VERSION: '3'
{{ app | upper }}_TOR_SERVICE_KEY: |
{{ tor_keys[app] | indent(width=8) }}
{% endfor %}
networks:
- {{ apps_tor_docker_network }}
networks:
{{ apps_tor_docker_network }}:
external: true

View file

@ -11,7 +11,16 @@ services:
{{ apps_shared_docker_network }}:
aliases:
- website
{% if 'tor' in apps_include %}
{{ apps_tor_docker_network }}:
aliases:
- website
{% endif %}
networks:
{{ apps_shared_docker_network }}:
external: true
{% if 'tor' in apps_include %}
{{ apps_tor_docker_network }}:
external: true
{% endif %}

View file

@ -5,7 +5,7 @@ server {
server_name {{ apps_vars.ipfs.domain }};
listen 8080;
set $upstream http://ipfs:5001;
set $upstream http://ipfs:{{ apps_vars.ipfs.port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
@ -25,7 +25,7 @@ server {
listen 8080;
server_name ~^([\w-]+\.(ipfs|ipns)\.)?{{ apps_vars.ipfs.gateway_domain | replace('.', '\.') }}$;
set $upstream http://ipfs:8080;
set $upstream http://ipfs:{{ apps_vars.ipfs.gateway_port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;

View file

@ -5,7 +5,7 @@ server {
server_name {{ apps_vars.monerod.domain }};
listen 8080;
set $upstream http://monerod:18089;
set $upstream http://monerod:{{ apps_vars.monerod.port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;

View file

@ -5,7 +5,7 @@ server {
server_name {{ apps_vars.nextcloud.domain }};
listen 8080;
set $upstream http://nextcloud:80;
set $upstream http://nextcloud:{{ apps_vars.nextcloud.port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;