commit 6581fc11872a5680f8e82b15a891293b958f077a Author: Viyurz <128215328+Viyurz@users.noreply.github.com> Date: Wed Nov 22 07:26:10 2023 +0000 fjeaj diff --git a/maj.sh b/maj.sh new file mode 100755 index 0000000..74efb15 --- /dev/null +++ b/maj.sh @@ -0,0 +1,31 @@ +#!/bin/bash + + +services=(nginx-rp nginx-www vw) + + +if [[ ! $(echo "${services[*]} all" | grep -P "\b$1\b" ) ]]; then + echo "Wrong argument." + exit 1 +fi + + +rel_path="$(dirname "$0")" + + +case "$1" in + vw|all) + sudo "$rel_path/vw/backup.sh" || exit 1 + ;; +esac + + +if [[ "$1" != "all" ]]; then + docker-compose -f "$rel_path/$1/docker-compose.yaml" pull + docker-compose -f "$rel_path/$1/docker-compose.yaml" up -d +else + for service in "${services[@]}"; do + docker-compose -f "$rel_path/$service/docker-compose.yaml" pull + docker-compose -f "$rel_path/$service/docker-compose.yaml" up -d + done +fi diff --git a/nc/docker-compose.yaml b/nc/docker-compose.yaml new file mode 100644 index 0000000..5c2bea4 --- /dev/null +++ b/nc/docker-compose.yaml @@ -0,0 +1,18 @@ +services: + nextcloud: + image: nextcloud/all-in-one:latest + restart: always + container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly + environment: # Is needed when using any of the options below + - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md + - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md + - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir + ports: + - 8080:8080 + volumes: + - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work + - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'! + +volumes: + nextcloud_aio_mastercontainer: + name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work diff --git a/nftables.conf b/nftables.conf new file mode 100755 index 0000000..56fcb0a --- /dev/null +++ b/nftables.conf @@ -0,0 +1,35 @@ +#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; policy drop; + + iif lo accept + ct state established,related accept + ct state invalid drop + + # Allow ICMP ping + icmp type echo-request limit rate 1/second accept + icmpv6 type echo-request limit rate 1/second accept + + # SSH + tcp dport 995 limit rate 10/minute accept + + # HTTP + tcp dport { http, https } limit rate 5/second accept + # udp dport 443 limit rate 5/second accept + } + + chain forward { + type filter hook forward priority 0; policy accept; + + iif eth0 drop + oif eth0 drop + } + + chain output { + type filter hook output priority 0; policy accept; + } +} diff --git a/nginx-rp/docker-compose.yaml b/nginx-rp/docker-compose.yaml new file mode 100644 index 0000000..4c524d9 --- /dev/null +++ b/nginx-rp/docker-compose.yaml @@ -0,0 +1,9 @@ +services: + nginx-rp: + image: nginx:latest + restart: always + container_name: nginx-rp + network_mode: host + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf + - /etc/letsencrypt/archive/viyurz.fr:/etc/letsencrypt/archive/viyurz.fr diff --git a/nginx-rp/nginx.conf b/nginx-rp/nginx.conf new file mode 100644 index 0000000..9a611ec --- /dev/null +++ b/nginx-rp/nginx.conf @@ -0,0 +1,182 @@ +worker_processes auto; +worker_cpu_affinity auto; +worker_rlimit_nofile 2048; + + +events { + worker_connections 1024; +} + +http { + charset utf-8; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + gzip off; + + # Hide NGINX version in error messages. + server_tokens off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Logging + log_not_found on; + # access_log /var/log/nginx/access.log; + # error_log /var/log/nginx/error.log warn; + + keepalive_timeout 65; + + ssl_certificate /etc/letsencrypt/archive/viyurz.fr/fullchain1.pem; + ssl_certificate_key /etc/letsencrypt/archive/viyurz.fr/privkey1.pem; + ssl_trusted_certificate /etc/letsencrypt/archive/viyurz.fr/chain1.pem; + + # modern configuration + ssl_protocols TLSv1.3; + + # intermediate configuration + # ssl_protocols TLSv1.2 TLSv1.3; + # ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; + # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam + # ssl_dhparam /path/to/dhparam; + + ssl_prefer_server_ciphers off; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; + ssl_session_tickets off; + + # HSTS (ngx_http_headers_module is required) + add_header Strict-Transport-Security "max-age=31536000" always; + + add_header X-Robots-Tag "noindex, nofollow" always; + add_header Set-Cookie "Path=/; HttpOnly; Secure"; + + # OCSP stapling + ssl_stapling on; + ssl_stapling_verify on; + + resolver 1.1.1.1; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Scheme $scheme; + proxy_set_header Accept-Encoding ""; + + # Websocket + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + # The `upstream` directives ensure that you have a http/1.1 connection + # This enables the keepalive option and better performance + # + # Define the server IP and ports here. + upstream vaultwarden-default { + zone vaultwarden-default 64k; + server 127.0.0.1:8081; + keepalive 2; + } + + # Needed to support websocket connections + # See: https://nginx.org/en/docs/http/websocket.html + # Instead of "close" as stated in the above link we send an empty value. + # Else all keepalive connections will not work. + map $http_upgrade $connection_upgrade { + default upgrade; + '' ""; + } + + # Redirect HTTP to HTTPS + server { + listen 80 default_server; + listen [::]:80 default_server; + + http2 on; + + server_name _; + + return 308 https://$host$request_uri; + } + + server { + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + + http2 on; + + server_name _; + server_name_in_redirect off; + + return 404; + } + + server { + listen 443 ssl; + listen [::]:443 ssl; + + http2 on; + + # http3 on; + # quic_retry on; + # add_header Alt-Svc 'h3=":$server_port"; ma=86400'; + # listen 443 quic reuseport; + # listen [::]:443 quic reuseport; + + server_name nc.viyurz.fr; + + location / { + proxy_pass http://127.0.0.1:11000; + + add_header Set-Cookie "Path=/; HttpOnly; Secure"; + + client_body_buffer_size 512k; + proxy_read_timeout 86400s; + client_max_body_size 0; + } + } + + server { + listen 443 ssl; + listen [::]:443 ssl; + + http2 on; + + server_name vw.viyurz.fr; + + location / { + proxy_pass http://vaultwarden-default; + + client_max_body_size 525M; + } + } + + server { + listen 443 ssl; + listen [::]:443 ssl; + + http2 on; + + server_name www.viyurz.fr; + + location / { + proxy_pass http://localhost:8082; + } + } + + server { + listen 443 ssl; + listen [::]:443 ssl; + + http2 on; + + server_name viyurz.fr; + + return 308 https://www.viyurz.fr$request_uri; + } +} diff --git a/nginx-www/docker-compose.yaml b/nginx-www/docker-compose.yaml new file mode 100644 index 0000000..b669474 --- /dev/null +++ b/nginx-www/docker-compose.yaml @@ -0,0 +1,10 @@ +services: + nginx-www: + image: nginx:latest + restart: always + container_name: nginx-www + ports: + - 8082:80 + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf + - ./index:/mnt/index diff --git a/nginx-www/index/ark.png b/nginx-www/index/ark.png new file mode 100644 index 0000000..7d97264 Binary files /dev/null and b/nginx-www/index/ark.png differ diff --git a/nginx-www/index/favicon.ico b/nginx-www/index/favicon.ico new file mode 100644 index 0000000..993a993 Binary files /dev/null and b/nginx-www/index/favicon.ico differ diff --git a/nginx-www/index/index.css b/nginx-www/index/index.css new file mode 100644 index 0000000..c73c3c9 --- /dev/null +++ b/nginx-www/index/index.css @@ -0,0 +1,74 @@ +body { + font-weight: bold; + font-family: Arial; + text-align: center; + background-image: url("wallpaper.jpg"); + background-position: -150px; + background-repeat: no-repeat; + background-size: cover; + min-height: 100vh; + margin: 0; +} + +main { + display: flex; + flex-direction: column; + justify-content: center; + align-items: center; + min-height: 100vh; +} + +a { + background: rgba(255, 255, 255, 0.5); + border: 2px solid white; + border-radius: 8px; + padding: 10px; + margin: 1.5vh; + width: 25vh; + height: 25vh; + display: flex; + flex-direction: column; + justify-content: space-between; + align-items: center; + transition: all .25s ease-in-out; + text-decoration: none; + color: black; +} + +a:hover { + transform: scale(1.1); +} + +img { + max-height: 20vh; + max-width: 20vh; +} + +h5 { + position: absolute; + bottom: 10px; + right: 10px; + color: rgba(255, 255, 255, 0.5); + margin: 0; +} + +@media only screen and (orientation: landscape) { + body { + background-position: center; + } + + main { + flex-direction: row; + } + + a { + margin: 1.5vw; + min-width: 15vw; + min-height: 15vw; + } + + img { + max-height: 13vw; + max-width: 13vw; + } +} \ No newline at end of file diff --git a/nginx-www/index/index.html b/nginx-www/index/index.html new file mode 100644 index 0000000..e591156 --- /dev/null +++ b/nginx-www/index/index.html @@ -0,0 +1,28 @@ + + + + + + + Accueil - Viyurz.fr + + +
+ + + Nextcloud + + + + Vaultwarden + + +
...Azril...is the moon falling...?
+
+ + \ No newline at end of file diff --git a/nginx-www/index/nextcloud.png b/nginx-www/index/nextcloud.png new file mode 100644 index 0000000..d07d297 Binary files /dev/null and b/nginx-www/index/nextcloud.png differ diff --git a/nginx-www/index/vaultwarden.png b/nginx-www/index/vaultwarden.png new file mode 100644 index 0000000..eeaa0f4 Binary files /dev/null and b/nginx-www/index/vaultwarden.png differ diff --git a/nginx-www/index/wallpaper.jpg b/nginx-www/index/wallpaper.jpg new file mode 100644 index 0000000..a7776bd Binary files /dev/null and b/nginx-www/index/wallpaper.jpg differ diff --git a/nginx-www/nginx.conf b/nginx-www/nginx.conf new file mode 100644 index 0000000..9c7f7a2 --- /dev/null +++ b/nginx-www/nginx.conf @@ -0,0 +1,35 @@ +worker_processes auto; +worker_cpu_affinity auto; +worker_rlimit_nofile 2048; + + +events { + worker_connections 1024; +} + +http { + charset utf-8; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + gzip off; + + # Hide NGINX version in error messages. + server_tokens off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + server { + listen 80 default_server; + listen [::]:80 default_server; + + http2 on; + + server_name _; + + root /mnt/index; + } +} diff --git a/vw/backup.sh b/vw/backup.sh new file mode 100755 index 0000000..4d9051a --- /dev/null +++ b/vw/backup.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +if [[ $UID -ne 0 ]]; then + echo "Must be run as root." + exit 1 +fi + +backup_date="$(date '+%Y%m%d-%Hh%Mm')" +vw_data='/mnt/vwdata' +bak_folder="/mnt/backups/vwbackup" + +mkdir -p "$bak_folder" + +# Backup directement vers la storage box marche pas +sqlite3 "$vw_data/db.sqlite3" ".backup '$vw_data/db-$backup_date.sqlite3'" && echo "Vaultwarden backup created successfully!" + +mv "$vw_data/db-$backup_date.sqlite3" "$bak_folder" && echo "Successfully moved backup to $bak_folder!" diff --git a/vw/docker-compose.yaml b/vw/docker-compose.yaml new file mode 100644 index 0000000..762aa10 --- /dev/null +++ b/vw/docker-compose.yaml @@ -0,0 +1,13 @@ +services: + vaultwarden: + image: vaultwarden/server:latest + container_name: vaultwarden + restart: always + environment: + - DOMAIN=https://vw.viyurz.fr # Your domain; vaultwarden needs to know it's https to work properly with attachments + - SIGNUPS_ALLOWED=false + - INVITATIONS_ALLOWED=false + ports: + - 8081:80 + volumes: + - /mnt/vwdata:/data