From 0a971ebdacf736dcb1c6443f9f1af0be110e20cb Mon Sep 17 00:00:00 2001 From: Adrian Amaglio Date: Tue, 31 Oct 2023 17:00:18 +0100 Subject: [PATCH] adding some leftovers --- .../wg-ariege1.sh | 22 +++++++++ services/chiloe.eu/deploy_http.sh | 5 ++ services/chiloe.eu/nginx_server.conf | 22 +++++++++ .../deploy_http.sh | 5 ++ .../nginx_server.conf | 16 ++++++ services/radiodemo.oma-radio.fr/.known_hosts | 2 + .../radiodemo.oma-radio.fr/deploy_http.sh | 5 ++ services/sftp.jean-cloud.net/deploy.sh | 11 +++++ .../sftp.jean-cloud.net/docker-compose.yml | 18 +++++++ .../static.jean-cloud.net/nginx_server.conf | 15 ++++++ .../docker-compose.yml | 49 +++++++++++++++++++ .../nginx_server.conf | 32 ++++++++++++ 12 files changed, 202 insertions(+) create mode 100755 services/ariege1.studios.oma-radio.fr/wg-ariege1.sh create mode 100755 services/chiloe.eu/deploy_http.sh create mode 100755 services/chiloe.eu/nginx_server.conf create mode 100755 services/feministesucl34.communisteslibertaires.org/deploy_http.sh create mode 100755 services/feministesucl34.communisteslibertaires.org/nginx_server.conf create mode 100644 services/radiodemo.oma-radio.fr/.known_hosts create mode 100755 services/radiodemo.oma-radio.fr/deploy_http.sh create mode 100755 services/sftp.jean-cloud.net/deploy.sh create mode 100644 services/sftp.jean-cloud.net/docker-compose.yml create mode 100755 services/static.jean-cloud.net/nginx_server.conf create mode 100644 services/wordpress.feministesucl34.jean-cloud.net/docker-compose.yml create mode 100755 services/wordpress.feministesucl34.jean-cloud.net/nginx_server.conf diff --git a/services/ariege1.studios.oma-radio.fr/wg-ariege1.sh b/services/ariege1.studios.oma-radio.fr/wg-ariege1.sh new file mode 100755 index 0000000..3e33d7b --- /dev/null +++ b/services/ariege1.studios.oma-radio.fr/wg-ariege1.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +set -euo pipefail + +. .env +filename="$(basename "$0")" +ifname="${filename:3:-3}" + +echo " +[Interface] +PrivateKey = $(cat $DATA_DIR/privatekey) +ListenPort = 51822 +Address = 10.100.2.254/32 + +[Peer] # adrian +PublicKey = 34DD9W9Pr2EpVK4IvU3tVY6fsIvGqDisUYr5Xtk62FI= +AllowedIPs = 10.100.2.253/32 + +[Peer] # Passerelle +PublicKey = SM40+PyJSNk+Rmsa7Ym4+PwBgkRlRCsqEC7s7wfo/QE= +AllowedIPs = 10.100.2.0/24,192.168.100.0/24 +" diff --git a/services/chiloe.eu/deploy_http.sh b/services/chiloe.eu/deploy_http.sh new file mode 100755 index 0000000..f465dc5 --- /dev/null +++ b/services/chiloe.eu/deploy_http.sh @@ -0,0 +1,5 @@ +#!/bin/bash +set -euo pipefail +. "$SECRET_DIR/.env" + +rclone sync --config=/notfound --sftp-host sftp.jean-cloud.net --sftp-user chiloeRO --sftp-port 2929 --sftp-pass "$SFTP_PASS" :sftp:/public/ "$HTTP_DIR" diff --git a/services/chiloe.eu/nginx_server.conf b/services/chiloe.eu/nginx_server.conf new file mode 100755 index 0000000..f965ea7 --- /dev/null +++ b/services/chiloe.eu/nginx_server.conf @@ -0,0 +1,22 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + server_name $JC_SERVICE www.$JC_SERVICE; + root $HTTP_DIR; + + # Security headers + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self' fonts.gstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; base-uri 'self'; form-action 'self';" always; + add_header X-Content-Type-Options "nosniff"; + add_header X-Frame-Options SAMEORIGIN always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "strict-origin-when-cross-origin"; + add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';"; + + location / { + index index.html; + try_files $uri $uri/ =404; + } +} diff --git a/services/feministesucl34.communisteslibertaires.org/deploy_http.sh b/services/feministesucl34.communisteslibertaires.org/deploy_http.sh new file mode 100755 index 0000000..51086e0 --- /dev/null +++ b/services/feministesucl34.communisteslibertaires.org/deploy_http.sh @@ -0,0 +1,5 @@ +#!/bin/bash +set -euo pipefail +. "$SECRET_DIR/.env" + +rclone sync --config=/notfound --sftp-host sftp.jean-cloud.net --sftp-user feministesucl34 --sftp-port 2929 --sftp-pass "$SFTP_PASS" :sftp:/public/ "$HTTP_DIR" diff --git a/services/feministesucl34.communisteslibertaires.org/nginx_server.conf b/services/feministesucl34.communisteslibertaires.org/nginx_server.conf new file mode 100755 index 0000000..272e401 --- /dev/null +++ b/services/feministesucl34.communisteslibertaires.org/nginx_server.conf @@ -0,0 +1,16 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + server_name $JC_SERVICE; + + location = /wp-login.php { + return 301 https://wordpress.feministesucl34.jean-cloud.net/wp-login.php; + } + + location / { + root $HTTP_DIR; + try_files $uri $uri/ =404; + } +} diff --git a/services/radiodemo.oma-radio.fr/.known_hosts b/services/radiodemo.oma-radio.fr/.known_hosts new file mode 100644 index 0000000..ce5c099 --- /dev/null +++ b/services/radiodemo.oma-radio.fr/.known_hosts @@ -0,0 +1,2 @@ +gitlab.com ssh-dss AAAAB3NzaC1kc3MAAACBAMPKInNPflcRle9F5Qt2j9aI0EZuWQzdXTbYvsl+ChaacqCOWRMiOmXHXqetFz6jD/6Fcqg20ZATxqSskQBaRn97O/mbH+GQk4d3zw9WAEURicE8rKJop3qGtdfFxLzrTuF/PAkKRDMmutT3hwZIOO8CFWOl1BiuUYTncJTeonrfAAAAFQCujauoy3Yy+ul72b/WsTECUPj9yQAAAIBIV2yyF7RZf7IYS8tsWcKP7Y5Bv9eFdbvbtsaxcFCHcmHIGoJQrIdPoueoOb5EUTYz0NgYKsKaZzDZkgFk28GsmLxKvhnPjaw0lJVSKRchEE5xVlamOlabiRMjQ7X/bAdejkBJe96AjZZL3UO4acpwfy3Tnnap0w6YCDeaxoyHpwAAAIAU+dyNaL3Hy15VIV32QwWMekvxeptUY/DW03LNcgZZDoin87TE9xuQhM0qF3pi2i2a2ExuslgdttmYWvrbEz8eW+RFgvT5pKwWpalKWetHvtN3oYZP37ZIO1Y3Hd5A4YVcpYp1ccRayveLlCRwxb4HdGXT2OmYU+lmvimIR8zQ6A== +gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 diff --git a/services/radiodemo.oma-radio.fr/deploy_http.sh b/services/radiodemo.oma-radio.fr/deploy_http.sh new file mode 100755 index 0000000..0cb10cc --- /dev/null +++ b/services/radiodemo.oma-radio.fr/deploy_http.sh @@ -0,0 +1,5 @@ +#!/bin/bash +set -euo pipefail + +git_update.sh -b main -d "$HTTP_DIR" -K "$DOCKER_DIR/.known_hosts" -i "$DATA_DIR/website" "$GIT_SOURCE_REPO" +hugo_rclone.sh "$HTTP_DIR" diff --git a/services/sftp.jean-cloud.net/deploy.sh b/services/sftp.jean-cloud.net/deploy.sh new file mode 100755 index 0000000..29c4600 --- /dev/null +++ b/services/sftp.jean-cloud.net/deploy.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +cd "$DATA_DIR" + +[ ! -f users.conf ] && touch users.conf + +# Create key if not exists +if [ ! -f ssh_host_ed25519_key ] ; then + ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N '' + ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key -N '' +fi diff --git a/services/sftp.jean-cloud.net/docker-compose.yml b/services/sftp.jean-cloud.net/docker-compose.yml new file mode 100644 index 0000000..0c01f9f --- /dev/null +++ b/services/sftp.jean-cloud.net/docker-compose.yml @@ -0,0 +1,18 @@ +version: '3' +services: + sshd: + image: docker.io/atmoz/sftp:alpine + volumes: + - $DATA_DIR/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key:ro + - $DATA_DIR/ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key:ro + - $DATA_DIR/users.conf:/etc/sftp/users.conf:ro + + - $DATA_DIR/home/feministesucl34:/home/feministesucl34RO:ro + - $DATA_DIR/home/leida:/home/leida + - $DATA_DIR/home/leida:/home/leidaRO + - $DATA_DIR/home/chiloe:/home/chiloe + - $DATA_DIR/home/chiloe:/home/chiloeRO + - $DATA_DIR/home/collectifarthadie:/home/collectifarthadieRO:ro + ports: + - '2929:22' + diff --git a/services/static.jean-cloud.net/nginx_server.conf b/services/static.jean-cloud.net/nginx_server.conf new file mode 100755 index 0000000..7c7eac5 --- /dev/null +++ b/services/static.jean-cloud.net/nginx_server.conf @@ -0,0 +1,15 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + server_name static.oma-radio.fr www.static.oma-radio.fr $JC_SERVICE www.$JC_SERVICE; + root $HTTP_DIR/public/; + + location / { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET'; + index index.html; + try_files $uri $uri/ =404; + } +} diff --git a/services/wordpress.feministesucl34.jean-cloud.net/docker-compose.yml b/services/wordpress.feministesucl34.jean-cloud.net/docker-compose.yml new file mode 100644 index 0000000..908fcb4 --- /dev/null +++ b/services/wordpress.feministesucl34.jean-cloud.net/docker-compose.yml @@ -0,0 +1,49 @@ +version: '3.1' + +services: + + wp: + image: wordpress:5.8-apache + restart: unless-stopped + env_file: $DATA_DIR/env + environment: + WORDPRESS_DB_HOST: db + WORDPRESS_DB_USER: wpdbuser + WORDPRESS_DB_NAME: wpdb + #WORDPRESS_CONFIG_EXTRA: "define( 'WP_HOME', 'https://feministesucl34.jean-cloud.net/wordpress' ); define( 'WP_SITEURL', 'https://feministesucl34.jean-cloud.net/wordpress' );" + volumes: + - $DATA_DIR/wordpress:/var/www/html + - $DATA_DIR/static:/var/www/html/static + networks: + default: + ipv4_address: 172.29.9.100 + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + db: + image: mariadb:10.4 + restart: unless-stopped + env_file: $DATA_DIR/env + environment: + MYSQL_DATABASE: wpdb + MYSQL_USER: wpdbuser + MYSQL_RANDOM_ROOT_PASSWORD: 'yes' + volumes: + - $DATA_DIR/db:/var/lib/mysql + networks: + default: + ipv4_address: 172.29.9.101 + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + +networks: + default: + ipam: + config: + - subnet: 172.29.9.0/24 + diff --git a/services/wordpress.feministesucl34.jean-cloud.net/nginx_server.conf b/services/wordpress.feministesucl34.jean-cloud.net/nginx_server.conf new file mode 100755 index 0000000..411a805 --- /dev/null +++ b/services/wordpress.feministesucl34.jean-cloud.net/nginx_server.conf @@ -0,0 +1,32 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate $JC_CERTS/fullchain.pem; + ssl_certificate_key $JC_CERTS/privkey.pem; + server_name wordpress.feministesucl34.jean-cloud.net www.wordpress.feministesucl34.jean-cloud.net; + location / { + client_max_body_size 2G; + #proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Proto https; + proxy_pass http://172.29.9.100; + proxy_redirect off; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate $JC_CERTS/fullchain.pem; + ssl_certificate_key $JC_CERTS/privkey.pem; + server_name feministesucl34.jean-cloud.net www.feministesucl34.jean-cloud.net; + + location = /wp-login.php { + return 301 https://wordpress.feministesucl34.jean-cloud.net/wp-login.php; + } + + location / { + root /data/feministesucl34.jean-cloud.net/static; + try_files $uri $uri/ =404; + } +}