adding some leftovers

services/ariege1.studios.oma-radio.fr/wg-ariege1.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -euo pipefail
+
+. .env
+filename="$(basename "$0")"
+ifname="${filename:3:-3}"
+
+echo "
+[Interface]
+PrivateKey = $(cat $DATA_DIR/privatekey)
+ListenPort = 51822
+Address = 10.100.2.254/32
+
+[Peer] # adrian
+PublicKey = 34DD9W9Pr2EpVK4IvU3tVY6fsIvGqDisUYr5Xtk62FI=
+AllowedIPs = 10.100.2.253/32
+
+[Peer] # Passerelle
+PublicKey = SM40+PyJSNk+Rmsa7Ym4+PwBgkRlRCsqEC7s7wfo/QE=
+AllowedIPs = 10.100.2.0/24,192.168.100.0/24
+"

services/chiloe.eu/deploy_http.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+set -euo pipefail
+. "$SECRET_DIR/.env"
+
+rclone sync --config=/notfound --sftp-host sftp.jean-cloud.net --sftp-user chiloeRO --sftp-port 2929 --sftp-pass "$SFTP_PASS" :sftp:/public/ "$HTTP_DIR"

services/chiloe.eu/nginx_server.conf

@@ -0,0 +1,22 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  ssl_certificate $JC_CERT/fullchain.pem;
+  ssl_certificate_key $JC_CERT/privkey.pem;
+  server_name $JC_SERVICE www.$JC_SERVICE;
+  root $HTTP_DIR;
+
+  # Security headers
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+  add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self' fonts.gstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; base-uri 'self'; form-action 'self';" always;
+  add_header X-Content-Type-Options "nosniff";
+  add_header X-Frame-Options SAMEORIGIN always;
+  add_header X-XSS-Protection "1; mode=block" always;
+  add_header Referrer-Policy "strict-origin-when-cross-origin";
+  add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
+
+  location / {
+          index index.html;
+          try_files $uri $uri/ =404;
+  }
+}

services/feministesucl34.communisteslibertaires.org/deploy_http.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+set -euo pipefail
+. "$SECRET_DIR/.env"
+
+rclone sync --config=/notfound --sftp-host sftp.jean-cloud.net --sftp-user feministesucl34 --sftp-port 2929 --sftp-pass "$SFTP_PASS" :sftp:/public/ "$HTTP_DIR"

services/feministesucl34.communisteslibertaires.org/nginx_server.conf

@@ -0,0 +1,16 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  ssl_certificate $JC_CERT/fullchain.pem;
+  ssl_certificate_key $JC_CERT/privkey.pem;
+  server_name $JC_SERVICE;
+
+  location = /wp-login.php {
+    return 301 https://wordpress.feministesucl34.jean-cloud.net/wp-login.php;
+  }
+
+  location /  {
+    root $HTTP_DIR;
+    try_files $uri $uri/ =404;
+  }
+}

services/radiodemo.oma-radio.fr/.known_hosts

@@ -0,0 +1,2 @@
+gitlab.com ssh-dss AAAAB3NzaC1kc3MAAACBAMPKInNPflcRle9F5Qt2j9aI0EZuWQzdXTbYvsl+ChaacqCOWRMiOmXHXqetFz6jD/6Fcqg20ZATxqSskQBaRn97O/mbH+GQk4d3zw9WAEURicE8rKJop3qGtdfFxLzrTuF/PAkKRDMmutT3hwZIOO8CFWOl1BiuUYTncJTeonrfAAAAFQCujauoy3Yy+ul72b/WsTECUPj9yQAAAIBIV2yyF7RZf7IYS8tsWcKP7Y5Bv9eFdbvbtsaxcFCHcmHIGoJQrIdPoueoOb5EUTYz0NgYKsKaZzDZkgFk28GsmLxKvhnPjaw0lJVSKRchEE5xVlamOlabiRMjQ7X/bAdejkBJe96AjZZL3UO4acpwfy3Tnnap0w6YCDeaxoyHpwAAAIAU+dyNaL3Hy15VIV32QwWMekvxeptUY/DW03LNcgZZDoin87TE9xuQhM0qF3pi2i2a2ExuslgdttmYWvrbEz8eW+RFgvT5pKwWpalKWetHvtN3oYZP37ZIO1Y3Hd5A4YVcpYp1ccRayveLlCRwxb4HdGXT2OmYU+lmvimIR8zQ6A==
+gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9

services/radiodemo.oma-radio.fr/deploy_http.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+set -euo pipefail
+
+git_update.sh -b main -d "$HTTP_DIR" -K "$DOCKER_DIR/.known_hosts" -i "$DATA_DIR/website" "$GIT_SOURCE_REPO"
+hugo_rclone.sh "$HTTP_DIR"

services/sftp.jean-cloud.net/deploy.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+cd "$DATA_DIR"
+
+[ ! -f users.conf ] && touch users.conf
+
+# Create key if not exists
+if [ ! -f ssh_host_ed25519_key ] ; then
+	ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N ''
+	ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key -N ''
+fi

services/sftp.jean-cloud.net/docker-compose.yml

@@ -0,0 +1,18 @@
+version: '3'
+services:
+    sshd:
+      image: docker.io/atmoz/sftp:alpine
+      volumes:
+        - $DATA_DIR/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key:ro
+        - $DATA_DIR/ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key:ro
+        - $DATA_DIR/users.conf:/etc/sftp/users.conf:ro
+
+        - $DATA_DIR/home/feministesucl34:/home/feministesucl34RO:ro
+        - $DATA_DIR/home/leida:/home/leida
+        - $DATA_DIR/home/leida:/home/leidaRO
+        - $DATA_DIR/home/chiloe:/home/chiloe
+        - $DATA_DIR/home/chiloe:/home/chiloeRO
+        - $DATA_DIR/home/collectifarthadie:/home/collectifarthadieRO:ro
+      ports:
+        - '2929:22'
+

services/static.jean-cloud.net/nginx_server.conf

@@ -0,0 +1,15 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  ssl_certificate $JC_CERT/fullchain.pem;
+  ssl_certificate_key $JC_CERT/privkey.pem;
+  server_name static.oma-radio.fr www.static.oma-radio.fr $JC_SERVICE www.$JC_SERVICE;
+  root $HTTP_DIR/public/;
+
+  location / {
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Methods' 'GET';
+    index index.html;
+    try_files $uri $uri/ =404;
+  }
+}

services/wordpress.feministesucl34.jean-cloud.net/docker-compose.yml

@@ -0,0 +1,49 @@
+version: '3.1'
+
+services:
+
+  wp:
+    image: wordpress:5.8-apache
+    restart: unless-stopped
+    env_file: $DATA_DIR/env
+    environment:
+      WORDPRESS_DB_HOST: db
+      WORDPRESS_DB_USER: wpdbuser
+      WORDPRESS_DB_NAME: wpdb
+      #WORDPRESS_CONFIG_EXTRA: "define( 'WP_HOME', 'https://feministesucl34.jean-cloud.net/wordpress' ); define( 'WP_SITEURL', 'https://feministesucl34.jean-cloud.net/wordpress' );"
+    volumes:
+      - $DATA_DIR/wordpress:/var/www/html
+      - $DATA_DIR/static:/var/www/html/static
+    networks:
+      default:
+        ipv4_address: 172.29.9.100
+    deploy:
+      resources:
+        limits:
+          cpus: '0.50'
+          memory: 100M
+  db:
+    image: mariadb:10.4
+    restart: unless-stopped
+    env_file: $DATA_DIR/env
+    environment:
+      MYSQL_DATABASE: wpdb
+      MYSQL_USER: wpdbuser
+      MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
+    volumes:
+      - $DATA_DIR/db:/var/lib/mysql
+    networks:
+      default:
+        ipv4_address: 172.29.9.101
+    deploy:
+      resources:
+        limits:
+          cpus: '0.50'
+          memory: 100M
+
+networks:
+  default:
+    ipam:
+      config:
+        - subnet: 172.29.9.0/24
+

services/wordpress.feministesucl34.jean-cloud.net/nginx_server.conf

@@ -0,0 +1,32 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  ssl_certificate $JC_CERTS/fullchain.pem;
+  ssl_certificate_key $JC_CERTS/privkey.pem;
+  server_name wordpress.feministesucl34.jean-cloud.net www.wordpress.feministesucl34.jean-cloud.net;
+  location  / {
+    client_max_body_size 2G;
+    #proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-Proto https;
+    proxy_pass http://172.29.9.100;
+    proxy_redirect off;
+  }
+}
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  ssl_certificate $JC_CERTS/fullchain.pem;
+  ssl_certificate_key $JC_CERTS/privkey.pem;
+  server_name feministesucl34.jean-cloud.net www.feministesucl34.jean-cloud.net;
+
+  location = /wp-login.php {
+    return 301 https://wordpress.feministesucl34.jean-cloud.net/wp-login.php;
+  }
+
+  location /  {
+    root /data/feministesucl34.jean-cloud.net/static;
+    try_files $uri $uri/ =404;
+  }
+}