Improve docker-compose

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>

infrastructure/services/caddy/config/Caddyfile

@@ -0,0 +1,15 @@
+{
+	email bensuperpc@gmail.com
+	key_type p384
+
+	log {
+		output file /data/logs/access.log
+		format json
+	}
+}
+
+import bensuperpc.org/*
+import bensuperpc.com/*
+import bensuperpc.net/*
+import bensuperpc.ovh/*
+import bensuperpc.fr/*

infrastructure/services/caddy/config/bensuperpc.com/Caddyfile

@@ -0,0 +1,7 @@
+bensuperpc.com {  
+  	redir https://www.bensuperpc.org{uri} permanent
+}
+
+www.bensuperpc.com {  
+  	redir https://www.bensuperpc.org{uri} permanent
+}

infrastructure/services/caddy/config/bensuperpc.fr/Caddyfile

@@ -0,0 +1,7 @@
+bensuperpc.fr {
+	redir https://www.bensuperpc.org{uri} permanent
+}
+
+www.bensuperpc.fr {
+	redir https://www.bensuperpc.org{uri} permanent
+}

infrastructure/services/caddy/config/bensuperpc.net/Caddyfile

@@ -0,0 +1,19 @@
+bensuperpc.net {
+	redir https://www.bensuperpc.org{uri} permanent
+}
+
+www.bensuperpc.net {
+	redir https://www.bensuperpc.org{uri} permanent
+}
+
+git.bensuperpc.net {
+	redir https://git.bensuperpc.org{uri} permanent
+}
+
+jellyfin.bensuperpc.net {
+	redir https://jellyfin.bensuperpc.org{uri} permanent
+}
+
+uptimekuma.bensuperpc.net {
+	redir https://uptimekuma.bensuperpc.org{uri} permanent
+}

infrastructure/services/caddy/config/bensuperpc.org/Caddyfile

@@ -0,0 +1,170 @@
+www.bensuperpc.org {
+	reverse_proxy homepage:3000
+}
+
+bensuperpc.org {
+	redir https://www.{host}{uri} permanent
+}
+
+homepage.bensuperpc.org {
+	redir https://www.bensuperpc.org{uri} permanent
+}
+
+public.bensuperpc.org {
+	root * /public_data
+	file_server browse
+}
+
+wordpress.bensuperpc.org {
+	root * /var/www/html
+	php_fastcgi wordpress:9000
+
+	file_server
+	encode zstd gzip
+
+	@disallowed {
+		path /xmlrpc.php
+		path *.sql
+		path /wp-content/uploads/*.php
+	}
+
+	rewrite @disallowed '/index.php'
+
+	respond /uploads/*.php 404
+
+	header {
+		# disable FLoC tracking
+		Permissions-Policy interest-cohort=()
+
+		# enable HSTS
+		Strict-Transport-Security max-age=31536000;
+
+		# disable clients from sniffing the media type
+		X-Content-Type-Options nosniff
+
+		# clickjacking protection
+		# X-Frame-Options DENY
+
+		# Disable powerful features we don't need
+        Permissions-Policy "geolocation=(), camera=(), microphone=() interest-cohort=()"
+	}
+}
+
+it-tools.bensuperpc.org {
+	# Load balance between 2 instances
+	reverse_proxy {
+		to it-tools0:80 it-tools1:80
+		lb_policy round_robin
+		lb_retries 3
+		lb_try_interval 1s
+	}
+}
+
+adminer.bensuperpc.org {
+	reverse_proxy adminer:8080
+}
+
+uptimekuma.bensuperpc.org {
+	reverse_proxy uptime-kuma:3001
+}
+
+torrent.bensuperpc.org {
+	reverse_proxy qbittorrent:8080
+}
+
+qbittorrent.bensuperpc.org {
+	redir https://torrent.bensuperpc.org permanent
+}
+
+transmission.bensuperpc.org {
+	reverse_proxy transmission:9091
+}
+
+gitea.bensuperpc.org {
+	redir https://git.bensuperpc.org permanent
+}
+
+git.bensuperpc.org {
+	reverse_proxy gitea:3000
+}
+
+jellyfin.bensuperpc.org {
+	reverse_proxy jellyfin:8096
+}
+
+transfer.bensuperpc.org {
+	reverse_proxy psitransfer:3000
+}
+
+psitransfer.bensuperpc.org {
+	redir https://transfer.bensuperpc.org{uri} permanent
+}
+
+picoshare.bensuperpc.org {
+	reverse_proxy picoshare:4001
+}
+
+syncthing.bensuperpc.org {
+	reverse_proxy syncthing:8384 {
+		header_up Host {upstream_hostport}
+	}
+}
+
+tools.bensuperpc.org {
+	redir https://it-tools.bensuperpc.org permanent
+}
+
+privatebin.bensuperpc.org {
+	reverse_proxy privatebin:8080
+}
+
+pastebin.bensuperpc.org {
+	redir https://privatebin.bensuperpc.org permanent
+}
+
+yacht.bensuperpc.org {
+	reverse_proxy yacht:8000
+}
+
+projectsend.bensuperpc.org {
+	reverse_proxy projectsend:80
+}
+
+dufs.bensuperpc.org {
+	reverse_proxy dufs:5000
+}
+
+stirlingpdf.bensuperpc.org {
+	reverse_proxy stirlingpdf:8080
+}
+
+link.bensuperpc.org {
+	# TODO: Use service with database
+	# Friendly links
+	redir /gnous https://gnous.eu permanent
+	redir /proxy https://imagisphe.re permanent
+	redir /patch https://spaceint.fr permanent
+	redir /greep https://greep.fr permanent
+
+	# Youtube links
+	redir /rickroll https://www.youtube.com/watch?v=dQw4w9WgXcQ permanent
+	redir /babyshark https://www.youtube.com/watch?v=XqZsoesa55w permanent
+	redir /cowcowcow https://www.youtube.com/watch?v=FavUpD_IjVY permanent
+	redir /badapple https://www.youtube.com/watch?v=FtutLA63Cp8 permanent
+	redir /macdo https://www.youtube.com/watch?v=Q16KpquGsIc permanent
+	redir /superiser https://www.youtube.com/watch?v=srnyVw-OR0g permanent
+	redir /daicon https://youtu.be/-840keiiFDE?si=zIPIokytxcnGw5fJ&t=162 permanent
+	redir /scp https://www.youtube.com/watch?v=FGCDndN20G8 permanent
+	redir /scpfb https://youtu.be/9zrKk-1E8zM?si=8R_ZBVG3GzMUYOe8&t=36 permanent
+	redir /mother https://youtu.be/w3NyycHR3fE?si=rNNSW9zYv0bcO2Eu permanent
+	redir /cpu https://www.youtube.com/watch?v=y39D4529FM4 permanent
+	redir /lechanteur https://youtu.be/HXdP15Ubu6M?si=N0qvhqo--3pmSGmb permanent
+	redir /nohero https://youtu.be/4DuUejBkMqE?si=bkB8G6PHwCp56jxb permanent
+	redir /indochine https://youtu.be/M7X6oYg6iro?si=ZRarm3qamTJ8vIJ0 permanent
+	redir /bna https://youtu.be/3T3ofoKfEoY?si=_7HkGQXMC7rBng8O permanent
+	redir /jojo https://youtu.be/U0TXIXTzJEY?si=2acWJWX06ju2w4uj permanent
+	redir /patapon https://youtu.be/H6CbNHLHkmk?si=ZvU8SzrOK-oCUXT5 permanent
+	redir /darkwater https://youtu.be/Tr8ZgF4Dc0E?si=CEOmm2J6Jp5rdbbt permanent
+	redir /train https://youtu.be/l8mScKWj3kQ?si=BV07uJ9eP3kzV9Kl permanent
+	redir /jdg https://www.youtube.com/@joueurdugrenier permanent
+}

infrastructure/services/caddy/config/bensuperpc.ovh/Caddyfile

@@ -0,0 +1,7 @@
+bensuperpc.ovh {
+	redir https://www.bensuperpc.org{uri} permanent
+}
+
+www.bensuperpc.ovh {
+	redir https://www.bensuperpc.org{uri} permanent
+}

infrastructure/services/caddy/docker-compose.caddy.yml

@@ -0,0 +1,63 @@
+services:
+  # Caddy
+  caddy:
+    image: caddy:latest
+    container_name: caddy
+    profiles:
+      - caddy
+    depends_on:
+      main_infrastructure:
+        condition: service_completed_successfully
+    restart: on-failure:5
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - caddy_data:/data:rw
+      - caddy_config:/config:rw
+      - ./config:/etc/caddy:ro
+      - wordpress:/var/www/html:rw
+      - public_data:/public_data:ro
+
+    networks:
+      - infra-network
+    env_file:
+      - ./env/caddy.env
+    security_opt:
+      - no-new-privileges:true
+    healthcheck:
+      test: pidof caddy || exit 1
+      interval: 120s
+      timeout: 10s
+      retries: 3
+
+  caddy_backup:
+    image: mazzolino/restic:latest
+    container_name: caddy_backup
+    profiles:
+      - caddy
+    depends_on:
+      - caddy
+    restart: on-failure:5
+    env_file:
+      - ./env/caddy_backup.env
+    volumes:
+      - caddy_backup:/mnt/restic
+      - caddy_data:/data:ro
+    network_mode: none
+    cap_drop:
+      - NET_ADMIN
+      - NET_RAW
+      - SYS_ADMIN
+
+volumes:
+  caddy_data:
+    name: caddy_data
+  caddy_config:
+    name: caddy_config
+  caddy_backup:
+    name: caddy_backup
+  wordpress:
+    name: wordpress
+  public_data:
+    name: public_data

infrastructure/services/caddy/env/caddy_backup.env

@@ -0,0 +1,14 @@
+#RUN_ON_STARTUP=true
+RESTIC_REPOSITORY=/mnt/restic
+RESTIC_BACKUP_SOURCES=/data
+RESTIC_PASSWORD=YFQh8v3Wi95v0p6h88D4u8C8z4gLfdMw
+# Backup (exuclusive with Check and Prune)
+BACKUP_CRON=*/30 * * * *
+RESTIC_BACKUP_ARGS=--tag docker-volumes --verbose
+#RESTIC_FORGET_ARGS=--prune --keep-last 8 --keep-daily 7 --keep-weekly 5 --keep-monthly 12 --keep-yearly 4
+# Check (exuclusive with Check and Prune)
+#CHECK_CRON=*/30 * * * *
+#RESTIC_CHECK_ARGS=--read-data-subset=40%
+# Prune (exuclusive with Check and Prune)
+#PRUNE_CRON=*/30 * * * *
+#RESTIC_PRUNE_ARGS=