mirror of
https://github.com/bensuperpc/infrastructure.git
synced 2024-11-09 19:57:26 +01:00
Compare commits
3 Commits
5b48945835
...
b2a3b2623e
Author | SHA1 | Date | |
---|---|---|---|
b2a3b2623e | |||
162250b0d9 | |||
b819c4398d |
9
Makefile
9
Makefile
@ -13,10 +13,15 @@
|
|||||||
|
|
||||||
DOCKER := docker
|
DOCKER := docker
|
||||||
|
|
||||||
PROFILES := caddy wordpress adminer syncthing uptime-kuma jellyfin qbittorrent psitransfer gitea it-tools privatebin homepage yacht projectsend picoshare
|
TORRENTS_SERVICES := qbittorrent transmission
|
||||||
|
SHARING_SERVICES := psitransfer picoshare privatebin projectsend jellyfin
|
||||||
|
ADMIN_SERVICES := yacht uptime-kuma adminer
|
||||||
|
UTILS_SERVICES := it-tools
|
||||||
|
|
||||||
|
PROFILES := caddy wordpress syncthing gitea homepage $(SHARING_SERVICES) $(TORRENTS_SERVICES) $(ADMIN_SERVICES) $(UTILS_SERVICES)
|
||||||
PROFILE_CMD := $(addprefix --profile ,$(PROFILES))
|
PROFILE_CMD := $(addprefix --profile ,$(PROFILES))
|
||||||
|
|
||||||
# gitea-runner transmission dozzle watchtower
|
# gitea-runner dozzle watchtower
|
||||||
|
|
||||||
COMPOSE_FILES := $(shell find . -name 'docker-compose*.yml' -type f | sed -e 's/^/--file /')
|
COMPOSE_FILES := $(shell find . -name 'docker-compose*.yml' -type f | sed -e 's/^/--file /')
|
||||||
|
|
||||||
|
@ -47,6 +47,16 @@ wordpress.bensuperpc.org {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
it-tools.bensuperpc.org {
|
||||||
|
# Load balance between 2 instances
|
||||||
|
reverse_proxy {
|
||||||
|
to it-tools0:80 it-tools1:80
|
||||||
|
lb_policy round_robin
|
||||||
|
lb_retries 3
|
||||||
|
lb_try_interval 1s
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
adminer.bensuperpc.org {
|
adminer.bensuperpc.org {
|
||||||
reverse_proxy adminer:8080
|
reverse_proxy adminer:8080
|
||||||
}
|
}
|
||||||
@ -97,10 +107,6 @@ syncthing.bensuperpc.org {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
it-tools.bensuperpc.org {
|
|
||||||
reverse_proxy it-tools:80
|
|
||||||
}
|
|
||||||
|
|
||||||
tools.bensuperpc.org {
|
tools.bensuperpc.org {
|
||||||
redir https://it-tools.bensuperpc.org permanent
|
redir https://it-tools.bensuperpc.org permanent
|
||||||
}
|
}
|
||||||
|
@ -84,7 +84,7 @@
|
|||||||
href: https://it-tools.bensuperpc.org/
|
href: https://it-tools.bensuperpc.org/
|
||||||
description: IT Tools
|
description: IT Tools
|
||||||
ping: it-tools.bensuperpc.org
|
ping: it-tools.bensuperpc.org
|
||||||
container: it-tools
|
container: it-tools0
|
||||||
|
|
||||||
- gitea:
|
- gitea:
|
||||||
icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/gitea.png
|
icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/gitea.png
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
services:
|
services:
|
||||||
# it-tools
|
# it-tools
|
||||||
it-tools:
|
it-tools0:
|
||||||
image: corentinth/it-tools:latest
|
image: corentinth/it-tools:latest
|
||||||
container_name: it-tools
|
container_name: it-tools0
|
||||||
profiles:
|
profiles:
|
||||||
- it-tools
|
- it-tools
|
||||||
restart: on-failure:5
|
restart: on-failure:5
|
||||||
@ -12,7 +12,28 @@ services:
|
|||||||
- infra-network
|
- infra-network
|
||||||
security_opt:
|
security_opt:
|
||||||
- no-new-privileges:true
|
- no-new-privileges:true
|
||||||
read_only: false
|
read_only: true
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.5'
|
||||||
|
memory: 512M
|
||||||
|
reservations:
|
||||||
|
cpus: '0.001'
|
||||||
|
memory: 20M
|
||||||
|
it-tools1:
|
||||||
|
image: corentinth/it-tools:latest
|
||||||
|
container_name: it-tools1
|
||||||
|
profiles:
|
||||||
|
- it-tools
|
||||||
|
restart: on-failure:5
|
||||||
|
depends_on:
|
||||||
|
- caddy
|
||||||
|
networks:
|
||||||
|
- infra-network
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges:true
|
||||||
|
read_only: true
|
||||||
deploy:
|
deploy:
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
|
@ -12,6 +12,7 @@ services:
|
|||||||
- ./picoshare/env/picoshare.env
|
- ./picoshare/env/picoshare.env
|
||||||
volumes:
|
volumes:
|
||||||
- picoshare_data:/data
|
- picoshare_data:/data
|
||||||
|
- picoshare_tmpfs:/tmp
|
||||||
networks:
|
networks:
|
||||||
- infra-network
|
- infra-network
|
||||||
security_opt:
|
security_opt:
|
||||||
@ -28,4 +29,11 @@ services:
|
|||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
picoshare_data:
|
picoshare_data:
|
||||||
name: picoshare_data
|
name: picoshare_data
|
||||||
|
picoshare_tmpfs:
|
||||||
|
name: picoshare_tmpfs
|
||||||
|
driver: local
|
||||||
|
driver_opts:
|
||||||
|
type: tmpfs
|
||||||
|
device: tmpfs
|
||||||
|
o: size=1g
|
283
infrastructure/privatebin/config/conf.php
Normal file
283
infrastructure/privatebin/config/conf.php
Normal file
@ -0,0 +1,283 @@
|
|||||||
|
;<?php http_response_code(403); /*
|
||||||
|
; config file for PrivateBin
|
||||||
|
;
|
||||||
|
; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.
|
||||||
|
|
||||||
|
[main]
|
||||||
|
; (optional) set a project name to be displayed on the website
|
||||||
|
; name = "PrivateBin"
|
||||||
|
|
||||||
|
; The full URL, with the domain name and directories that point to the
|
||||||
|
; PrivateBin files, including an ending slash (/). This URL is essential to
|
||||||
|
; allow Opengraph images to be displayed on social networks.
|
||||||
|
; basepath = "https://privatebin.example.com/"
|
||||||
|
|
||||||
|
; enable or disable the discussion feature, defaults to true
|
||||||
|
discussion = true
|
||||||
|
|
||||||
|
; preselect the discussion feature, defaults to false
|
||||||
|
opendiscussion = false
|
||||||
|
|
||||||
|
; enable or disable the display of dates & times in the comments, defaults to true
|
||||||
|
; Note that internally the creation time will still get tracked in order to sort
|
||||||
|
; the comments by creation time, but you can choose not to display them.
|
||||||
|
; discussiondatedisplay = false
|
||||||
|
|
||||||
|
; enable or disable the password feature, defaults to true
|
||||||
|
password = true
|
||||||
|
|
||||||
|
; enable or disable the file upload feature, defaults to false
|
||||||
|
fileupload = false
|
||||||
|
|
||||||
|
; preselect the burn-after-reading feature, defaults to false
|
||||||
|
burnafterreadingselected = false
|
||||||
|
|
||||||
|
; which display mode to preselect by default, defaults to "plaintext"
|
||||||
|
; make sure the value exists in [formatter_options]
|
||||||
|
defaultformatter = "plaintext"
|
||||||
|
|
||||||
|
; (optional) set a syntax highlighting theme, as found in css/prettify/
|
||||||
|
; syntaxhighlightingtheme = "sons-of-obsidian"
|
||||||
|
|
||||||
|
; size limit per paste or comment in bytes, defaults to 10 Mebibytes
|
||||||
|
sizelimit = 10485760
|
||||||
|
|
||||||
|
; template to include, default is "bootstrap" (tpl/bootstrap.php), also
|
||||||
|
; available are "page" (tpl/page.php), the classic ZeroBin style and several
|
||||||
|
; bootstrap variants: "bootstrap-dark", "bootstrap-compact", "bootstrap-page",
|
||||||
|
; which can be combined with "-dark" and "-compact" for "bootstrap-dark-page"
|
||||||
|
; and finally "bootstrap-compact-page" - previews at:
|
||||||
|
; https://privatebin.info/screenshots.html
|
||||||
|
template = "bootstrap-dark"
|
||||||
|
|
||||||
|
; (optional) info text to display
|
||||||
|
; use single, instead of double quotes for HTML attributes
|
||||||
|
;info = "More information on the <a href='https://privatebin.info/'>project page</a>."
|
||||||
|
|
||||||
|
; (optional) notice to display
|
||||||
|
; notice = "Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service."
|
||||||
|
|
||||||
|
; by default PrivateBin will guess the visitors language based on the browsers
|
||||||
|
; settings. Optionally you can enable the language selection menu, which uses
|
||||||
|
; a session cookie to store the choice until the browser is closed.
|
||||||
|
languageselection = false
|
||||||
|
|
||||||
|
; set the language your installs defaults to, defaults to English
|
||||||
|
; if this is set and language selection is disabled, this will be the only language
|
||||||
|
; languagedefault = "en"
|
||||||
|
|
||||||
|
; (optional) URL shortener address to offer after a new paste is created.
|
||||||
|
; It is suggested to only use this with self-hosted shorteners as this will leak
|
||||||
|
; the pastes encryption key.
|
||||||
|
; urlshortener = "https://shortener.example.com/api?link="
|
||||||
|
|
||||||
|
; (optional) Let users create a QR code for sharing the paste URL with one click.
|
||||||
|
; It works both when a new paste is created and when you view a paste.
|
||||||
|
; qrcode = true
|
||||||
|
|
||||||
|
; (optional) Let users send an email sharing the paste URL with one click.
|
||||||
|
; It works both when a new paste is created and when you view a paste.
|
||||||
|
; email = true
|
||||||
|
|
||||||
|
; (optional) IP based icons are a weak mechanism to detect if a comment was from
|
||||||
|
; a different user when the same username was used in a comment. It might get
|
||||||
|
; used to get the IP of a comment poster if the server salt is leaked and a
|
||||||
|
; SHA512 HMAC rainbow table is generated for all (relevant) IPs.
|
||||||
|
; Can be set to one these values:
|
||||||
|
; "none" / "identicon" (default) / "jdenticon" / "vizhash".
|
||||||
|
; icon = "none"
|
||||||
|
|
||||||
|
; Content Security Policy headers allow a website to restrict what sources are
|
||||||
|
; allowed to be accessed in its context. You need to change this if you added
|
||||||
|
; custom scripts from third-party domains to your templates, e.g. tracking
|
||||||
|
; scripts or run your site behind certain DDoS-protection services.
|
||||||
|
; Check the documentation at https://content-security-policy.com/
|
||||||
|
; Notes:
|
||||||
|
; - If you use any bootstrap theme, you can remove the allow-popups from the
|
||||||
|
; sandbox restrictions.
|
||||||
|
; - If you use the bootstrap5 theme, you must change default-src to 'self' to
|
||||||
|
; enable display of the svg icons
|
||||||
|
; - By default this disallows to load images from third-party servers, e.g. when
|
||||||
|
; they are embedded in pastes. If you wish to allow that, you can adjust the
|
||||||
|
; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
|
||||||
|
; for details.
|
||||||
|
; - The 'unsafe-eval' is used in two cases; to check if the browser supports
|
||||||
|
; async functions and display an error if not and for Chrome to enable
|
||||||
|
; webassembly support (used for zlib compression). You can remove it if Chrome
|
||||||
|
; doesn't need to be supported and old browsers don't need to be warned.
|
||||||
|
; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
|
||||||
|
|
||||||
|
; stay compatible with PrivateBin Alpha 0.19, less secure
|
||||||
|
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
||||||
|
; sha256 in HMAC for the deletion token
|
||||||
|
; zerobincompatibility = false
|
||||||
|
|
||||||
|
; Enable or disable the warning message when the site is served over an insecure
|
||||||
|
; connection (insecure HTTP instead of HTTPS), defaults to true.
|
||||||
|
; Secure transport methods like Tor and I2P domains are automatically whitelisted.
|
||||||
|
; It is **strongly discouraged** to disable this.
|
||||||
|
; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
|
||||||
|
; httpwarning = true
|
||||||
|
|
||||||
|
; Pick compression algorithm or disable it. Only applies to pastes/comments
|
||||||
|
; created after changing the setting.
|
||||||
|
; Can be set to one these values: "none" / "zlib" (default).
|
||||||
|
; compression = "zlib"
|
||||||
|
|
||||||
|
[expire]
|
||||||
|
; expire value that is selected per default
|
||||||
|
; make sure the value exists in [expire_options]
|
||||||
|
default = "1week"
|
||||||
|
|
||||||
|
[expire_options]
|
||||||
|
; Set each one of these to the number of seconds in the expiration period,
|
||||||
|
; or 0 if it should never expire
|
||||||
|
5min = 300
|
||||||
|
10min = 600
|
||||||
|
1hour = 3600
|
||||||
|
1day = 86400
|
||||||
|
1week = 604800
|
||||||
|
; Well this is not *exactly* one month, it's 30 days:
|
||||||
|
1month = 2592000
|
||||||
|
1year = 31536000
|
||||||
|
never = 0
|
||||||
|
|
||||||
|
[formatter_options]
|
||||||
|
; Set available formatters, their order and their labels
|
||||||
|
plaintext = "Plain Text"
|
||||||
|
syntaxhighlighting = "Source Code"
|
||||||
|
markdown = "Markdown"
|
||||||
|
|
||||||
|
[traffic]
|
||||||
|
; time limit between calls from the same IP address in seconds
|
||||||
|
; Set this to 0 to disable rate limiting.
|
||||||
|
limit = 10
|
||||||
|
|
||||||
|
; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted
|
||||||
|
; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
|
||||||
|
; be exempted, the list needs to be comma separated. Leave unset to disable
|
||||||
|
; exemptions.
|
||||||
|
; exempted = "1.2.3.4,10.10.10/24"
|
||||||
|
|
||||||
|
; (optional) If you want only some source IP addresses (v4 or v6) or subnets
|
||||||
|
; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
|
||||||
|
; ignored. If multiple values are to be exempted, the list needs to be comma
|
||||||
|
; separated. Leave unset to allow anyone to create pastes.
|
||||||
|
; creators = "1.2.3.4,10.10.10/24"
|
||||||
|
|
||||||
|
; (optional) if your website runs behind a reverse proxy or load balancer,
|
||||||
|
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
|
||||||
|
; header = "X_FORWARDED_FOR"
|
||||||
|
|
||||||
|
[purge]
|
||||||
|
; minimum time limit between two purgings of expired pastes, it is only
|
||||||
|
; triggered when pastes are created
|
||||||
|
; Set this to 0 to run a purge every time a paste is created.
|
||||||
|
limit = 300
|
||||||
|
|
||||||
|
; maximum amount of expired pastes to delete in one purge
|
||||||
|
; Set this to 0 to disable purging. Set it higher, if you are running a large
|
||||||
|
; site
|
||||||
|
batchsize = 10
|
||||||
|
|
||||||
|
[model]
|
||||||
|
; name of data model class to load and directory for storage
|
||||||
|
; the default model "Filesystem" stores everything in the filesystem
|
||||||
|
class = Filesystem
|
||||||
|
[model_options]
|
||||||
|
dir = PATH "data"
|
||||||
|
|
||||||
|
;[model]
|
||||||
|
; example of a Google Cloud Storage configuration
|
||||||
|
;class = GoogleCloudStorage
|
||||||
|
;[model_options]
|
||||||
|
;bucket = "my-private-bin"
|
||||||
|
;prefix = "pastes"
|
||||||
|
;uniformacl = false
|
||||||
|
|
||||||
|
;[model]
|
||||||
|
; example of DB configuration for MySQL
|
||||||
|
;class = Database
|
||||||
|
;[model_options]
|
||||||
|
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
|
||||||
|
;tbl = "privatebin_" ; table prefix
|
||||||
|
;usr = "privatebin"
|
||||||
|
;pwd = "Z3r0P4ss"
|
||||||
|
;opt[12] = true ; PDO::ATTR_PERSISTENT
|
||||||
|
|
||||||
|
;[model]
|
||||||
|
; example of DB configuration for SQLite
|
||||||
|
;class = Database
|
||||||
|
;[model_options]
|
||||||
|
;dsn = "sqlite:" PATH "data/db.sq3"
|
||||||
|
;usr = null
|
||||||
|
;pwd = null
|
||||||
|
;opt[12] = true ; PDO::ATTR_PERSISTENT
|
||||||
|
|
||||||
|
;[model]
|
||||||
|
; example of DB configuration for PostgreSQL
|
||||||
|
;class = Database
|
||||||
|
;[model_options]
|
||||||
|
;dsn = "pgsql:host=localhost;dbname=privatebin"
|
||||||
|
;tbl = "privatebin_" ; table prefix
|
||||||
|
;usr = "privatebin"
|
||||||
|
;pwd = "Z3r0P4ss"
|
||||||
|
;opt[12] = true ; PDO::ATTR_PERSISTENT
|
||||||
|
|
||||||
|
;[model]
|
||||||
|
; example of S3 configuration for Rados gateway / CEPH
|
||||||
|
;class = S3Storage
|
||||||
|
;[model_options]
|
||||||
|
;region = ""
|
||||||
|
;version = "2006-03-01"
|
||||||
|
;endpoint = "https://s3.my-ceph.invalid"
|
||||||
|
;use_path_style_endpoint = true
|
||||||
|
;bucket = "my-bucket"
|
||||||
|
;accesskey = "my-rados-user"
|
||||||
|
;secretkey = "my-rados-pass"
|
||||||
|
|
||||||
|
;[model]
|
||||||
|
; example of S3 configuration for AWS
|
||||||
|
;class = S3Storage
|
||||||
|
;[model_options]
|
||||||
|
;region = "eu-central-1"
|
||||||
|
;version = "latest"
|
||||||
|
;bucket = "my-bucket"
|
||||||
|
;accesskey = "access key id"
|
||||||
|
;secretkey = "secret access key"
|
||||||
|
|
||||||
|
;[model]
|
||||||
|
; example of S3 configuration for AWS using its SDK default credential provider chain
|
||||||
|
; if relying on environment variables, the AWS SDK will look for the following:
|
||||||
|
; - AWS_ACCESS_KEY_ID
|
||||||
|
; - AWS_SECRET_ACCESS_KEY
|
||||||
|
; - AWS_SESSION_TOKEN (if needed)
|
||||||
|
; for more details, see https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html#default-credential-chain
|
||||||
|
;class = S3Storage
|
||||||
|
;[model_options]
|
||||||
|
;region = "eu-central-1"
|
||||||
|
;version = "latest"
|
||||||
|
;bucket = "my-bucket"
|
||||||
|
|
||||||
|
[yourls]
|
||||||
|
; When using YOURLS as a "urlshortener" config item:
|
||||||
|
; - By default, "urlshortener" will point to the YOURLS API URL, with or without
|
||||||
|
; credentials, and will be visible in public on the PrivateBin web page.
|
||||||
|
; Only use this if you allow short URL creation without credentials.
|
||||||
|
; - Alternatively, using the parameters in this section ("signature" and
|
||||||
|
; "apiurl"), "urlshortener" needs to point to the base URL of your PrivateBin
|
||||||
|
; instance with "?shortenviayourls&link=" appended. For example:
|
||||||
|
; urlshortener = "${basepath}?shortenviayourls&link="
|
||||||
|
; This URL will in turn call YOURLS on the server side, using the URL from
|
||||||
|
; "apiurl" and the "access signature" from the "signature" parameters below.
|
||||||
|
|
||||||
|
; (optional) the "signature" (access key) issued by YOURLS for the using account
|
||||||
|
; signature = ""
|
||||||
|
; (optional) the URL of the YOURLS API, called to shorten a PrivateBin URL
|
||||||
|
; apiurl = "https://yourls.example.com/yourls-api.php"
|
||||||
|
|
||||||
|
;[sri]
|
||||||
|
; Subresource integrity (SRI) hashes used in template files. Uncomment and set
|
||||||
|
; these for all js files used. See:
|
||||||
|
; https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-i-have-changed-some-javascript-files
|
||||||
|
;privatebin.js = sha512-[…]
|
@ -10,6 +10,7 @@ services:
|
|||||||
- caddy
|
- caddy
|
||||||
volumes:
|
volumes:
|
||||||
- privatebin_data:/srv/data
|
- privatebin_data:/srv/data
|
||||||
|
- ./privatebin/config/conf.php:/srv/cfg/conf.php:ro
|
||||||
networks:
|
networks:
|
||||||
- infra-network
|
- infra-network
|
||||||
security_opt:
|
security_opt:
|
||||||
|
Loading…
Reference in New Issue
Block a user