From 340c1a1438f8ed5453dc41657b2a60b3692e0dda Mon Sep 17 00:00:00 2001
From: Bensuperpc <bensuperpc@gmail.com>
Date: Sun, 12 May 2024 11:11:53 +0200
Subject: [PATCH] Improve security

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
---
 Makefile                       |  2 +-
 caddy/Caddyfile                | 10 +++++-----
 caddy/bensuperpc.net/Caddyfile | 12 ++++++++++++
 docker-compose.caddy.yml       | 20 +++++++++-----------
 4 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/Makefile b/Makefile
index 7142588..a7b28f5 100644
--- a/Makefile
+++ b/Makefile
@@ -13,7 +13,7 @@
 
 DOCKER := docker
 
-PROFILES := caddy wordpress adminer uptime-kuma qbittorrent gitea jellyfin watchtower backup syncthing openssh
+PROFILES := caddy wordpress gitea adminer uptime-kuma qbittorrent jellyfin watchtower backup syncthing openssh
 PROFILE_CMD := $(addprefix --profile ,$(PROFILES))
 
 COMPOSE_FILES :=  $(shell find docker-compose*.yml | sed -e 's/^/--file /')
diff --git a/caddy/Caddyfile b/caddy/Caddyfile
index f0f8874..f789886 100644
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -8,8 +8,8 @@
 	}
 }
 
-import bensuperpc.org/Caddyfile
-import bensuperpc.com/Caddyfile
-import bensuperpc.net/Caddyfile
-import bensuperpc.ovh/Caddyfile
-import bensuperpc.fr/Caddyfile
+import bensuperpc.org/*
+import bensuperpc.com/*
+import bensuperpc.net/*
+import bensuperpc.ovh/*
+import bensuperpc.fr/*
diff --git a/caddy/bensuperpc.net/Caddyfile b/caddy/bensuperpc.net/Caddyfile
index 772e131..e64d568 100644
--- a/caddy/bensuperpc.net/Caddyfile
+++ b/caddy/bensuperpc.net/Caddyfile
@@ -5,3 +5,15 @@ bensuperpc.net {
 www.bensuperpc.net {
 	redir https://www.bensuperpc.org{uri} permanent
 }
+
+git.bensuperpc.net {
+	redir https://git.bensuperpc.org{uri} permanent
+}
+
+jellyfin.bensuperpc.net {
+	redir https://jellyfin.bensuperpc.org{uri} permanent
+}
+
+uptimekuma.bensuperpc.net {
+	redir https://uptimekuma.bensuperpc.org{uri} permanent
+}
diff --git a/docker-compose.caddy.yml b/docker-compose.caddy.yml
index b53b3fb..d90e1cb 100644
--- a/docker-compose.caddy.yml
+++ b/docker-compose.caddy.yml
@@ -20,19 +20,17 @@ services:
       - infra-network
     env_file:
       - env/caddy.env
-    cap_add:
-      - NET_ADMIN
     security_opt:
       - no-new-privileges:true
-    #    cap_drop:
-    #      - ALL
-    #    cap_add:
-    #      - CHOWN
-    #      - FOWNER
-    #      - DAC_OVERRIDE
-    #      - SETGID
-    #      - SETUID
-    #      - NET_BIND_SERVICE
+    cap_drop:
+      - ALL
+    cap_add:
+#      - CHOWN
+#      - FOWNER
+#      - DAC_OVERRIDE
+#      - SETGID
+#      - SETUID
+      - NET_BIND_SERVICE
     healthcheck:
       test: pidof caddy || exit 1
       interval: 120s