Viyurz/vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add rootless + matrix server discovery

Browse source
This commit is contained in:
Viyurz 2023-12-05 16:45:59 +00:00
parent 76b8394bd9
commit 3f73831980
5 changed files with 32 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nginx-rp/nginx.conf
View file

@ -76,7 +76,7 @@ http {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Scheme $scheme;
# Needed to support websocket connections # Needed to support websocket connections

10
nginx-rp/reverse-proxy.conf
View file

@ -190,11 +190,19 @@ server {
server_name viyurz.fr; server_name viyurz.fr;
location /.well-known/matrix/server { location ~ ^/.well-known/matrix/server$ {
default_type application/json; default_type application/json;
return 200 '{ "m.server": "matrix.viyurz.fr:443" }'; return 200 '{ "m.server": "matrix.viyurz.fr:443" }';
} }
location ~ ^/.well-known/matrix/client$ {
default_type application/json;
add_header Access-Control-Allow-Origin '*';
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Set-Cookie "Path=/; HttpOnly; Secure";
return 200 '{ "m.homeserver": { "base_url": "https://matrix.viyurz.fr" } }';
}
location / { location / {
return 308 https://www.viyurz.fr$request_uri; return 308 https://www.viyurz.fr$request_uri;
} }

19
setup-rootless.sh Executable file
View file

@ -0,0 +1,19 @@
#!/bin/bash
sudo apt install -y uidmap fuse-overlayfs slirp4netns rootlesskit
if ! grep -q '/usr/share/docker.io/contrib' "$HOME/.profile" > /dev/null; then
echo 'export PATH="/usr/share/docker.io/contrib:$PATH"' >> "$HOME/.profile"
fi
if ! grep -q 'DOCKER_HOST' "$HOME/.profile" > /dev/null; then
echo "export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock" >> "$HOME/.profile"
fi
sudo loginctl enable-linger "$USER"
PATH="/usr/share/docker.io/contrib:$PATH" dockerd-rootless-setuptool.sh install
echo '{"storage-driver": "fuse-overlayfs"}' > "$HOME/.config/docker/daemon.json"
systemctl --user enable --now docker

2
synapse/docker-compose.yaml
View file

@ -3,6 +3,7 @@ services:
container_name: synapse_postgres container_name: synapse_postgres
image: postgres:alpine image: postgres:alpine
restart: always restart: always
user: '70:70'
environment: environment:
LANG: C LANG: C
POSTGRES_INITDB_ARGS: "--locale=C --encoding=UTF8" POSTGRES_INITDB_ARGS: "--locale=C --encoding=UTF8"
@ -18,6 +19,7 @@ services:
image: matrixdotorg/synapse:latest image: matrixdotorg/synapse:latest
# command: generate # command: generate
restart: always restart: always
user: '991:991'
environment: environment:
# SYNAPSE_SERVER_NAME: viyurz.fr # SYNAPSE_SERVER_NAME: viyurz.fr
# SYNAPSE_REPORT_STATS: "yes" # SYNAPSE_REPORT_STATS: "yes"

1
vw/docker-compose.yaml
View file

@ -3,6 +3,7 @@ services:
image: vaultwarden/server:latest image: vaultwarden/server:latest
container_name: vaultwarden container_name: vaultwarden
restart: always restart: always
user: '1000:1000'
environment: environment:
- DOMAIN=https://vw.viyurz.fr # Your domain; vaultwarden needs to know it's https to work properly with attachments - DOMAIN=https://vw.viyurz.fr # Your domain; vaultwarden needs to know it's https to work properly with attachments
- SIGNUPS_ALLOWED=false - SIGNUPS_ALLOWED=false