Add Tor
This commit is contained in:
parent
4f849f27f7
commit
7addfb3784
|
@ -5,6 +5,10 @@ apps_include:
|
|||
- caddy
|
||||
- searxng
|
||||
- website
|
||||
- tor
|
||||
- watchtower
|
||||
|
||||
searxng_secret_key: "{{ vault_searxng_secret_key }}"
|
||||
|
||||
tor_keys:
|
||||
website: "{{ vault_tor_keys.website }}"
|
||||
|
|
|
@ -1,11 +1,20 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
61623537323039313538373562663036346638653365326439373333333236613163633764343665
|
||||
3434613163333131343732316662303065646462343135300a613630313234316663336437643662
|
||||
61323861313833383830303732306433653339326231313466643131616438353836666661306564
|
||||
6535383837633264650a393133636536643434326537636633366665313164373463633862343034
|
||||
36613030393538373464353166616164363430663361343534623135376563303663633266666332
|
||||
32383336326563333535646265643638376661356631356434303963646532356133306266353736
|
||||
37363639613166353038383736633034656637623638656662393539633538663432346665316136
|
||||
63653130303762323562663562623065326263356561626330636337366164353634323062303062
|
||||
66356531636261313462656265343731396333393263653733333530386439356665323765393030
|
||||
3231663733393164383865336531333932393863666636336539
|
||||
39313134383263306437313135636165303961346434393336396463376463646236316231343062
|
||||
3263336330376430646239383932333030333332333937320a326537393533633133663939666463
|
||||
37376165336632383734386366336536366638646338316361643339383933613731323834313835
|
||||
3433613962613932660a663135343061346363313561396532376137366262633732323664343538
|
||||
38656230366438356531336266346663633361633838383136663465343563326539313139656465
|
||||
38396437656362623235646134636663393835336633326635633332656331356635313930333336
|
||||
38643131383263373535323832346361336337336632343561323033636630393037356137353736
|
||||
61343139666435393533396464643633613066303738643866393164333630623765306134323436
|
||||
31636266393337353461616565653537356136623030383132373130313365343639316164356430
|
||||
39353739346638636132336636303134306533613364636362646135636265393337623431643431
|
||||
35363739393832646535623938623434643765633039313335626433376630633932336231366331
|
||||
34373362353965373636326563323238366664663431363634303735613366373164336363646466
|
||||
30356336343434393564396135333366623463623162623565353336353239343235383235646238
|
||||
34623134313431363438373766386533316663323330666138636135386364663034623362366337
|
||||
39346233376336626131366635336332636164373637633736303835613335343666653765333666
|
||||
36653135386262393832636235386462663832666365306364396537363763656135636434666536
|
||||
32643030373564646138393362613835646236323038613366336163373863366536316635373635
|
||||
33336231313963386438396131386335333163343766323931376662396534356566373061366462
|
||||
393562646466376565653062366130376135
|
||||
|
|
|
@ -6,6 +6,7 @@ apps_base_domain: "{{ base_domain }}"
|
|||
apps_local_domain: local.{{ apps_base_domain }}
|
||||
apps_shared_docker_network: apps_network
|
||||
apps_postfix_docker_network: postfix_network
|
||||
apps_tor_docker_network: tor_network
|
||||
|
||||
apps_vars:
|
||||
caddy:
|
||||
|
@ -35,6 +36,8 @@ apps_vars:
|
|||
extra_tasks: true
|
||||
domain: ipfs.{{ apps_local_domain }}
|
||||
gateway_domain: ipfs-gateway.{{ apps_base_domain }}
|
||||
port: 5001
|
||||
gateway_port: 8080
|
||||
version: v0.25.0
|
||||
|
||||
monerod:
|
||||
|
@ -42,6 +45,7 @@ apps_vars:
|
|||
sender: false
|
||||
extra_tasks: true
|
||||
domain: xmr.{{ apps_local_domain }}
|
||||
port: 18089
|
||||
version: latest
|
||||
|
||||
nextcloud:
|
||||
|
@ -49,6 +53,7 @@ apps_vars:
|
|||
sender: true
|
||||
extra_tasks: true
|
||||
domain: cloud.{{ apps_base_domain }}
|
||||
port: 80
|
||||
version: 28-apache
|
||||
redis_version: 7-alpine
|
||||
|
||||
|
@ -57,6 +62,7 @@ apps_vars:
|
|||
sender: false
|
||||
extra_tasks: true
|
||||
domain: search.{{ apps_base_domain }}
|
||||
port: 8080
|
||||
version: latest
|
||||
redis_version: 7-alpine
|
||||
|
||||
|
@ -78,6 +84,7 @@ apps_vars:
|
|||
extra_tasks: false
|
||||
domain: samsapti.dev
|
||||
onion: mldhltdackluvnqso7vk2azcg3ghjxbpw4im6alubymqkonb4kppqcqd.onion
|
||||
port: 80
|
||||
version: latest
|
||||
|
||||
restic:
|
||||
|
@ -95,4 +102,5 @@ apps_vars:
|
|||
apps_include: "{{ apps_vars | dict2items | map(attribute='key') | list }}"
|
||||
apps_backup: "{{ apps_vars | dict2items | selectattr('value.backup', 'true') | map(attribute='key') | list | intersect(apps_include) }}"
|
||||
apps_proxied: "{{ apps_vars | dict2items | selectattr('value.domain', 'defined') | map(attribute='key') | list | intersect(apps_include) }}"
|
||||
apps_torified: "{{ apps_vars | dict2items | selectattr('value.onion', 'defined') | map(attribute='key') | list | intersect(apps_include) }}"
|
||||
apps_senders: "{{ apps_vars | dict2items | selectattr('key', 'in', apps_include) | selectattr('value.sender', 'true') | map(attribute='value.domain') | list }}"
|
||||
|
|
|
@ -16,6 +16,12 @@
|
|||
state: present
|
||||
when: "'postfix' in apps_include"
|
||||
|
||||
- name: Create Docker network for Tor
|
||||
community.docker.docker_network:
|
||||
name: "{{ apps_tor_docker_network }}"
|
||||
state: present
|
||||
when: "'tor' in apps_include"
|
||||
|
||||
- name: Create base directory for apps
|
||||
ansible.builtin.file:
|
||||
path: "{{ apps_data_root }}"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{# code: language=ansible-jinja #}
|
||||
# THIS FILE IS MANAGED BY ANSIBLE
|
||||
|
||||
{% if 'searxng' in apps_include %}
|
||||
{% if 'searxng' in apps_proxied %}
|
||||
{{ apps_vars.searxng.domain }} {
|
||||
tls {{ tls_email }}
|
||||
|
||||
|
@ -67,7 +67,7 @@
|
|||
handle {
|
||||
encode zstd gzip
|
||||
|
||||
reverse_proxy searxng:8080 {
|
||||
reverse_proxy searxng:{{ apps_vars.searxng.port }} {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Real-IP {remote_host}
|
||||
|
@ -76,7 +76,7 @@
|
|||
}
|
||||
{% endif %}
|
||||
|
||||
{% if 'website' in apps_include %}
|
||||
{% if 'website' in apps_proxied %}
|
||||
{{ apps_base_domain }},
|
||||
www.{{ apps_base_domain }},
|
||||
www.{{ apps_vars.website.domain }} {
|
||||
|
@ -104,10 +104,12 @@ www.{{ apps_vars.website.domain }} {
|
|||
|
||||
header {
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
{% if 'tor' in apps_include and 'website' in apps_torified %}
|
||||
Onion-Location "http://{{ apps_vars.website.onion }}{uri}"
|
||||
{% endif %}
|
||||
-Server
|
||||
}
|
||||
|
||||
reverse_proxy website:80
|
||||
reverse_proxy website:{{ apps_vars.website.port }}
|
||||
}
|
||||
{% endif %}
|
|
@ -36,10 +36,12 @@ services:
|
|||
PHP_UPLOAD_LIMIT: 16G
|
||||
networks:
|
||||
default:
|
||||
{{ apps_postfix_docker_network }}:
|
||||
{{ apps_shared_docker_network }}:
|
||||
aliases:
|
||||
- nextcloud
|
||||
{% if 'postfix' in apps_include %}
|
||||
{{ apps_postfix_docker_network }}:
|
||||
{% endif %}
|
||||
volumes:
|
||||
- "./data/app:/var/www/html:rw"
|
||||
- "./data/apache2/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
|
||||
|
|
22
roles/apps/templates/compose-files/tor.yml.j2
Normal file
22
roles/apps/templates/compose-files/tor.yml.j2
Normal file
|
@ -0,0 +1,22 @@
|
|||
{# code: language=ansible-jinja #}
|
||||
# THIS FILE IS MANAGED BY ANSIBLE
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: goldy/tor-hidden-service:{{ apps_vars.tor.version }}
|
||||
restart: always
|
||||
environment:
|
||||
{% for app in apps_torified %}
|
||||
{{ app | upper }}_TOR_SERVICE_HOSTS: 80:{{ app }}:{{ apps_vars[app].port }}
|
||||
{{ app | upper }}_TOR_SERVICE_VERSION: '3'
|
||||
{{ app | upper }}_TOR_SERVICE_KEY: |
|
||||
{{ tor_keys[app] | indent(width=8) }}
|
||||
{% endfor %}
|
||||
networks:
|
||||
- {{ apps_tor_docker_network }}
|
||||
|
||||
networks:
|
||||
{{ apps_tor_docker_network }}:
|
||||
external: true
|
|
@ -11,7 +11,16 @@ services:
|
|||
{{ apps_shared_docker_network }}:
|
||||
aliases:
|
||||
- website
|
||||
{% if 'tor' in apps_include %}
|
||||
{{ apps_tor_docker_network }}:
|
||||
aliases:
|
||||
- website
|
||||
{% endif %}
|
||||
|
||||
networks:
|
||||
{{ apps_shared_docker_network }}:
|
||||
external: true
|
||||
{% if 'tor' in apps_include %}
|
||||
{{ apps_tor_docker_network }}:
|
||||
external: true
|
||||
{% endif %}
|
||||
|
|
|
@ -5,7 +5,7 @@ server {
|
|||
server_name {{ apps_vars.ipfs.domain }};
|
||||
listen 8080;
|
||||
|
||||
set $upstream http://ipfs:5001;
|
||||
set $upstream http://ipfs:{{ apps_vars.ipfs.port }};
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
@ -25,7 +25,7 @@ server {
|
|||
listen 8080;
|
||||
server_name ~^([\w-]+\.(ipfs|ipns)\.)?{{ apps_vars.ipfs.gateway_domain | replace('.', '\.') }}$;
|
||||
|
||||
set $upstream http://ipfs:8080;
|
||||
set $upstream http://ipfs:{{ apps_vars.ipfs.gateway_port }};
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
|
|
@ -5,7 +5,7 @@ server {
|
|||
server_name {{ apps_vars.monerod.domain }};
|
||||
listen 8080;
|
||||
|
||||
set $upstream http://monerod:18089;
|
||||
set $upstream http://monerod:{{ apps_vars.monerod.port }};
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
|
|
@ -5,7 +5,7 @@ server {
|
|||
server_name {{ apps_vars.nextcloud.domain }};
|
||||
listen 8080;
|
||||
|
||||
set $upstream http://nextcloud:80;
|
||||
set $upstream http://nextcloud:{{ apps_vars.nextcloud.port }};
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
|
Loading…
Reference in a new issue