Viyurz/vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fjeaj

Browse source
This commit is contained in:
Viyurz 2023-11-22 07:26:10 +00:00
commit 6581fc1187
No known key found for this signature in database
16 changed files with 452 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
maj.sh Executable file
View file

@ -0,0 +1,31 @@
#!/bin/bash
services=(nginx-rp nginx-www vw)
if [[ ! $(echo "${services[*]} all" | grep -P "\b$1\b" ) ]]; then
echo "Wrong argument."
exit 1
fi
rel_path="$(dirname "$0")"
case "$1" in
vw|all)
sudo "$rel_path/vw/backup.sh" || exit 1
;;
esac
if [[ "$1" != "all" ]]; then
docker-compose -f "$rel_path/$1/docker-compose.yaml" pull
docker-compose -f "$rel_path/$1/docker-compose.yaml" up -d
else
for service in "${services[@]}"; do
docker-compose -f "$rel_path/$service/docker-compose.yaml" pull
docker-compose -f "$rel_path/$service/docker-compose.yaml" up -d
done
fi

18
nc/docker-compose.yaml Normal file
View file

@ -0,0 +1,18 @@
services:
nextcloud:
image: nextcloud/all-in-one:latest
restart: always
container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
environment: # Is needed when using any of the options below
- APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
ports:
- 8080:8080
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
- /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work

35
nftables.conf Executable file
View file

@ -0,0 +1,35 @@
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
iif lo accept
ct state established,related accept
ct state invalid drop
# Allow ICMP ping
icmp type echo-request limit rate 1/second accept
icmpv6 type echo-request limit rate 1/second accept
# SSH
tcp dport 995 limit rate 10/minute accept
# HTTP
tcp dport { http, https } limit rate 5/second accept
# udp dport 443 limit rate 5/second accept
}
chain forward {
type filter hook forward priority 0; policy accept;
iif eth0 drop
oif eth0 drop
}
chain output {
type filter hook output priority 0; policy accept;
}
}

9
nginx-rp/docker-compose.yaml Normal file
View file

@ -0,0 +1,9 @@
services:
nginx-rp:
image: nginx:latest
restart: always
container_name: nginx-rp
network_mode: host
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt/archive/viyurz.fr:/etc/letsencrypt/archive/viyurz.fr

182
nginx-rp/nginx.conf Normal file
View file

@ -0,0 +1,182 @@
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 2048;
events {
worker_connections 1024;
}
http {
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gzip off;
# Hide NGINX version in error messages.
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging
log_not_found on;
# access_log /var/log/nginx/access.log;
# error_log /var/log/nginx/error.log warn;
keepalive_timeout 65;
ssl_certificate /etc/letsencrypt/archive/viyurz.fr/fullchain1.pem;
ssl_certificate_key /etc/letsencrypt/archive/viyurz.fr/privkey1.pem;
ssl_trusted_certificate /etc/letsencrypt/archive/viyurz.fr/chain1.pem;
# modern configuration
ssl_protocols TLSv1.3;
# intermediate configuration
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
# ssl_dhparam /path/to/dhparam;
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
# HSTS (ngx_http_headers_module is required)
add_header Strict-Transport-Security "max-age=31536000" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header Set-Cookie "Path=/; HttpOnly; Secure";
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header Accept-Encoding "";
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# The `upstream` directives ensure that you have a http/1.1 connection
# This enables the keepalive option and better performance
#
# Define the server IP and ports here.
upstream vaultwarden-default {
zone vaultwarden-default 64k;
server 127.0.0.1:8081;
keepalive 2;
}
# Needed to support websocket connections
# See: https://nginx.org/en/docs/http/websocket.html
# Instead of "close" as stated in the above link we send an empty value.
# Else all keepalive connections will not work.
map $http_upgrade $connection_upgrade {
default upgrade;
'' "";
}
# Redirect HTTP to HTTPS
server {
listen 80 default_server;
listen [::]:80 default_server;
http2 on;
server_name _;
return 308 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
http2 on;
server_name _;
server_name_in_redirect off;
return 404;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
# http3 on;
# quic_retry on;
# add_header Alt-Svc 'h3=":$server_port"; ma=86400';
# listen 443 quic reuseport;
# listen [::]:443 quic reuseport;
server_name nc.viyurz.fr;
location / {
proxy_pass http://127.0.0.1:11000;
add_header Set-Cookie "Path=/; HttpOnly; Secure";
client_body_buffer_size 512k;
proxy_read_timeout 86400s;
client_max_body_size 0;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name vw.viyurz.fr;
location / {
proxy_pass http://vaultwarden-default;
client_max_body_size 525M;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name www.viyurz.fr;
location / {
proxy_pass http://localhost:8082;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name viyurz.fr;
return 308 https://www.viyurz.fr$request_uri;
}
}

10
nginx-www/docker-compose.yaml Normal file
View file

@ -0,0 +1,10 @@
services:
nginx-www:
image: nginx:latest
restart: always
container_name: nginx-www
ports:
- 8082:80
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./index:/mnt/index

BIN
nginx-www/index/ark.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 251 KiB

BIN
nginx-www/index/favicon.ico Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 21 KiB

74
nginx-www/index/index.css Normal file
View file

@ -0,0 +1,74 @@
body {
font-weight: bold;
font-family: Arial;
text-align: center;
background-image: url("wallpaper.jpg");
background-position: -150px;
background-repeat: no-repeat;
background-size: cover;
min-height: 100vh;
margin: 0;
}
main {
display: flex;
flex-direction: column;
justify-content: center;
align-items: center;
min-height: 100vh;
}
a {
background: rgba(255, 255, 255, 0.5);
border: 2px solid white;
border-radius: 8px;
padding: 10px;
margin: 1.5vh;
width: 25vh;
height: 25vh;
display: flex;
flex-direction: column;
justify-content: space-between;
align-items: center;
transition: all .25s ease-in-out;
text-decoration: none;
color: black;
}
a:hover {
transform: scale(1.1);
}
img {
max-height: 20vh;
max-width: 20vh;
}
h5 {
position: absolute;
bottom: 10px;
right: 10px;
color: rgba(255, 255, 255, 0.5);
margin: 0;
}
@media only screen and (orientation: landscape) {
body {
background-position: center;
}
main {
flex-direction: row;
}
a {
margin: 1.5vw;
min-width: 15vw;
min-height: 15vw;
}
img {
max-height: 13vw;
max-width: 13vw;
}
}

28
nginx-www/index/index.html Normal file
View file

@ -0,0 +1,28 @@
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="stylesheet" href="index.css" />
<title>Accueil - Viyurz.fr</title>
</head>
<body>
<main>
<a href="https://nc.viyurz.fr">
<img src="nextcloud.png" />
Nextcloud
</a>
<a href="https://vw.viyurz.fr">
<img src="vaultwarden.png" />
Vaultwarden
</a>
<!--
<a href='steam://connect/viyurz.fr:27015'>
<img src="ark.png" />
ARK: Survival Evolved
</a>
-->
<h5>...Azril...is the moon falling...?</h5>
</main>
</body>
</html>

BIN
nginx-www/index/nextcloud.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 47 KiB

BIN
nginx-www/index/vaultwarden.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
nginx-www/index/wallpaper.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.4 MiB

35
nginx-www/nginx.conf Normal file
View file

@ -0,0 +1,35 @@
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 2048;
events {
worker_connections 1024;
}
http {
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gzip off;
# Hide NGINX version in error messages.
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 80 default_server;
listen [::]:80 default_server;
http2 on;
server_name _;
root /mnt/index;
}
}

17
vw/backup.sh Executable file
View file

@ -0,0 +1,17 @@
#!/bin/bash
if [[ $UID -ne 0 ]]; then
echo "Must be run as root."
exit 1
fi
backup_date="$(date '+%Y%m%d-%Hh%Mm')"
vw_data='/mnt/vwdata'
bak_folder="/mnt/backups/vwbackup"
mkdir -p "$bak_folder"
# Backup directement vers la storage box marche pas
sqlite3 "$vw_data/db.sqlite3" ".backup '$vw_data/db-$backup_date.sqlite3'" && echo "Vaultwarden backup created successfully!"
mv "$vw_data/db-$backup_date.sqlite3" "$bak_folder" && echo "Successfully moved backup to $bak_folder!"

13
vw/docker-compose.yaml Normal file
View file

@ -0,0 +1,13 @@
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
- DOMAIN=https://vw.viyurz.fr # Your domain; vaultwarden needs to know it's https to work properly with attachments
- SIGNUPS_ALLOWED=false
- INVITATIONS_ALLOWED=false
ports:
- 8081:80
volumes:
- /mnt/vwdata:/data