Add caddy default snippet

2022-11-10 19:00:32 +01:00 · 2022-11-10 19:00:32 +01:00 · 9edc21c59d
parent de10e8b030
commit 9edc21c59d
23 changed files with 87 additions and 55 deletions
--- a/authentik/docker-compose.yml
+++ b/authentik/docker-compose.yml
@ -2,7 +2,7 @@ version: '3.2'

 services:
  server:
-    image: goauthentik.io/server:2022.8.2
+    image: goauthentik.io/server:2022.10.1
    restart: unless-stopped
    command: server
    volumes:
@ -21,7 +21,7 @@ services:
          - authentik

  worker:
-    image: goauthentik.io/server:2022.8.2
+    image: goauthentik.io/server:2022.10.1
    restart: unless-stopped
    command: worker
    user: root
--- a/caddy/config/conf.d/analytics.serguzim.me.conf
+++ b/caddy/config/conf.d/analytics.serguzim.me.conf
@ -1,3 +1,4 @@
 analytics.serguzim.me {
-    reverse_proxy umami:3000
+	import default
+	reverse_proxy umami:3000
 }
--- a/caddy/config/conf.d/auth.serguzim.me.conf
+++ b/caddy/config/conf.d/auth.serguzim.me.conf
@ -1,3 +1,4 @@
 auth.serguzim.me {
-    reverse_proxy authentik:9000
+	import default
+	reverse_proxy authentik:9000
 }
--- a/caddy/config/conf.d/ci.serguzim.me.conf
+++ b/caddy/config/conf.d/ci.serguzim.me.conf
@ -1,3 +1,4 @@
 ci.serguzim.me {
-    reverse_proxy woodpecker:8000
+	import default
+	reverse_proxy woodpecker:8000
 }
--- a/caddy/config/conf.d/cloud.serguzim.me.conf
+++ b/caddy/config/conf.d/cloud.serguzim.me.conf
@ -1,11 +1,13 @@
 cloud.serguzim.me {
-    reverse_proxy host.docker.internal:3015
+	import default

-    redir /.well-known/host-meta         /public.php?service=host-meta 301
-    redir /.well-known/host-meta.json    /public.php?service=host-meta-json 301
-    redir /.well-known/webfinger         /public.php?service=webfinger 301
-    redir /.well-known/carddav           /remote.php/dav/ 301
-    redir /.well-known/caldav            /remote.php/dav/ 301
+	reverse_proxy host.docker.internal:3015

-    header Strict-Transport-Security "max-age=15552000; includeSubdomains;"
+	redir /.well-known/host-meta         /public.php?service=host-meta 301
+	redir /.well-known/host-meta.json    /public.php?service=host-meta-json 301
+	redir /.well-known/webfinger         /public.php?service=webfinger 301
+	redir /.well-known/carddav           /remote.php/dav/ 301
+	redir /.well-known/caldav            /remote.php/dav/ 301
+
+	header Strict-Transport-Security "max-age=15552000; includeSubdomains;"
 }
--- a/caddy/config/conf.d/faas.serguzim.me.conf
+++ b/caddy/config/conf.d/faas.serguzim.me.conf
@ -1,3 +1,4 @@
 faas.serguzim.me {
-    reverse_proxy host.docker.internal:8080
+	import default
+	reverse_proxy host.docker.internal:8080
 }
--- a/caddy/config/conf.d/git.serguzim.me.conf
+++ b/caddy/config/conf.d/git.serguzim.me.conf
@ -1,5 +1,6 @@
 git.serguzim.me {
-    header /attachments/* Access-Control-Allow-Origin *
+	import default
+	header /attachments/* Access-Control-Allow-Origin *

-    reverse_proxy gitea:3000
+	reverse_proxy gitea:3000
 }
--- a/caddy/config/conf.d/graph.serguzim.me.conf
+++ b/caddy/config/conf.d/graph.serguzim.me.conf
@ -1,3 +1,4 @@
 graph.serguzim.me {
-    reverse_proxy grafana:3000
+	import default
+	reverse_proxy grafana:3000
 }
--- a/caddy/config/conf.d/hook.serguzim.me.conf
+++ b/caddy/config/conf.d/hook.serguzim.me.conf
@ -1,3 +1,4 @@
 hook.serguzim.me {
-    reverse_proxy host.docker.internal:3002
+	import default
+	reverse_proxy host.docker.internal:3002
 }
--- a/caddy/config/conf.d/matrix.msrg.cc.conf
+++ b/caddy/config/conf.d/matrix.msrg.cc.conf
@ -1,16 +1,19 @@
 matrix.msrg.cc {
-  reverse_proxy /_matrix/* synapse:8008
-  reverse_proxy /_synapse/* synapse:8008
+	import default

-  handle_path /admin/* {
-	rewrite * {path}
-	reverse_proxy synapse-admin:80
-}
+	reverse_proxy /_matrix/* synapse:8008
+	reverse_proxy /_synapse/* synapse:8008
+
+	handle_path /admin/* {
+		rewrite * {path}
+		reverse_proxy synapse-admin:80
+	}
 }

 msrg.cc:8008,
 msrg.cc:8448,
 matrix.msrg.cc:8008,
 matrix.msrg.cc:8448 {
-  reverse_proxy synapse:8008
+	import default
+	reverse_proxy synapse:8008
 }
--- a/caddy/config/conf.d/media.serguzim.me.conf
+++ b/caddy/config/conf.d/media.serguzim.me.conf
@ -1,3 +1,4 @@
 media.serguzim.me {
-    reverse_proxy host.docker.internal:3014
+	import default
+	reverse_proxy host.docker.internal:3014
 }
--- a/caddy/config/conf.d/msrg.cc.conf
+++ b/caddy/config/conf.d/msrg.cc.conf
@ -1,8 +1,9 @@
 msrg.cc {
-    header /.well-known/openpgpkey/* Access-Control-Allow-Origin *
+	import default
+	header /.well-known/openpgpkey/* Access-Control-Allow-Origin *

-    rewrite * /function/webpage-msrg-cc{uri}
-    reverse_proxy https://faas.serguzim.me {
-        header_up Host {http.reverse_proxy.upstream.hostport}
-    }
+	rewrite * /function/webpage-msrg-cc{uri}
+	reverse_proxy https://faas.serguzim.me {
+		header_up Host {http.reverse_proxy.upstream.hostport}
+	}
 }
--- a/caddy/config/conf.d/prometheus.serguzim.me.conf
+++ b/caddy/config/conf.d/prometheus.serguzim.me.conf
@ -1,9 +1,11 @@
 prometheus.serguzim.me {
-    import auth_serguzim_me
+	import default
+	import auth_serguzim_me

-    reverse_proxy host.docker.internal:9090
+	reverse_proxy host.docker.internal:9090
 }

 prometheus.internal.serguzim.net:80 {
-    reverse_proxy host.docker.internal:9090
+	import default
+	reverse_proxy host.docker.internal:9090
 }
--- a/caddy/config/conf.d/recipies.serguzim.me.conf
+++ b/caddy/config/conf.d/recipies.serguzim.me.conf
@ -1,3 +1,4 @@
 recipies.serguzim.me {
-    reverse_proxy tandoor:80
+	import default
+	reverse_proxy tandoor:80
 }
--- a/caddy/config/conf.d/registry.serguzim.me.conf
+++ b/caddy/config/conf.d/registry.serguzim.me.conf
@ -1,4 +1,5 @@
 registry.serguzim.me {
-    reverse_proxy /metrics host.docker.internal:3029
-    reverse_proxy host.docker.internal:3021
+	import default
+	reverse_proxy /metrics host.docker.internal:3029
+	reverse_proxy host.docker.internal:3021
 }
--- a/caddy/config/conf.d/rss.serguzim.me.conf
+++ b/caddy/config/conf.d/rss.serguzim.me.conf
@ -1,3 +1,4 @@
 rss.serguzim.me {
-    reverse_proxy tt-rss:80
+	import default
+	reverse_proxy tt-rss:80
 }
--- a/caddy/config/conf.d/serguzim.me.conf
+++ b/caddy/config/conf.d/serguzim.me.conf
@ -1,11 +1,12 @@
 serguzim.me {
-    header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
-    redir https://www.serguzim.me{uri}
+	header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
+	redir https://www.serguzim.me{uri}
 }

 www.serguzim.me {
-    rewrite * /function/webpage-serguzim-me{uri}
-    reverse_proxy https://faas.serguzim.me {
-        header_up Host {http.reverse_proxy.upstream.hostport}
-    }
+	import default
+	rewrite * /function/webpage-serguzim-me{uri}
+	reverse_proxy https://faas.serguzim.me {
+		header_up Host {http.reverse_proxy.upstream.hostport}
+	}
 }
--- a/caddy/config/conf.d/soeder.stream.conf
+++ b/caddy/config/conf.d/soeder.stream.conf
@ -1,6 +1,7 @@
 xn--sder-5qa.stream {
-    rewrite * /function/webpage-soeder-stream{uri}
-    reverse_proxy https://faas.serguzim.me {
-        header_up Host {http.reverse_proxy.upstream.hostport}
-    }
+	import default
+	rewrite * /function/webpage-soeder-stream{uri}
+	reverse_proxy https://faas.serguzim.me {
+		header_up Host {http.reverse_proxy.upstream.hostport}
+	}
 }
--- a/caddy/config/conf.d/stream.serguzim.me.conf
+++ b/caddy/config/conf.d/stream.serguzim.me.conf
@ -1,5 +1,6 @@
 stream.serguzim.me {
-    import auth_serguzim_me
+	import default
+	import auth_serguzim_me

-    reverse_proxy host.docker.internal:8888
+	reverse_proxy host.docker.internal:8888
 }
--- a/caddy/config/conf.d/tick.serguzim.me.conf
+++ b/caddy/config/conf.d/tick.serguzim.me.conf
@ -1,3 +1,4 @@
 tick.serguzim.me {
-    reverse_proxy host.docker.internal:8086
+	import default
+	reverse_proxy influxdb:8086
 }
--- a/caddy/config/conf.d/wiki.serguzim.me.conf
+++ b/caddy/config/conf.d/wiki.serguzim.me.conf
@ -1,3 +1,4 @@
 wiki.serguzim.me {
-    reverse_proxy wiki-js:3000
+	import default
+	reverse_proxy wiki-js:3000
 }
--- a/caddy/config/snippets
+++ b/caddy/config/snippets
@ -13,3 +13,7 @@
        trusted_proxies private_ranges
    }
 }
+
+(default) {
+	encode zstd gzip
+}
--- a/diagram.py
+++ b/diagram.py
@ -49,8 +49,8 @@ def get_custom_icon(name, url):

 with Diagram("serguzim.net", show=False):

+    node001 = Cluster("node001.serguzim.net")
    node002 = Cluster("node002.serguzim.net")
-    node004 = Cluster("node004.serguzim.net")

    exoscale_objectstore = ObjectStorage("Exoscale Object Storage")

@ -77,11 +77,15 @@ with Diagram("serguzim.net", show=False):
        graph = Grafana("graph.serguzim.me")
        add_to_groups(graph, services, db_users)

+        ICON_URL = "https://avatars.githubusercontent.com/u/40275816"
+        harbor = Custom("registry.serguzim.me", get_custom_icon("harbor", ICON_URL))
+        add_to_groups(harbor, services, db_users, objectstore_users)
+
        ICON_URL = "https://avatars.githubusercontent.com/u/23747925"
        mail = Custom("mail.serguzim.me", get_custom_icon("mailcow", ICON_URL))
        add_to_groups(mail, services)

-        ICON_URL = "https://avatars.githubusercontent.com/u/8418310?s=200&v=4"
+        ICON_URL = "https://avatars.githubusercontent.com/u/8418310"
        matrix = Custom("matrix.serguzim.me", get_custom_icon("matrix", ICON_URL))
        add_to_groups(matrix, services, db_users, objectstore_users)

@ -102,12 +106,12 @@ with Diagram("serguzim.net", show=False):
        proxy >> services
        objectstore_users >> exoscale_objectstore

-    with node004:
+    with node001:
        services = []

        proxy = Caddy()

-        ICON_URL = "https://www.pikpng.com/pngl/m/11-111495_minecraft-block-png-minecraft-logo-clipart.png"
+        ICON_URL = "https://icon-icons.com/downloadimage.php?id=168974&root=2699/PNG/256/&file=minecraft_logo_icon_168974.png"
        minecraft = Custom("minecraft.serguzim.me", get_custom_icon("minecraft", ICON_URL))
        add_to_groups(minecraft, services)