From 9edc21c59d335c7fdf8dd2da8751b5eb0b13f28e Mon Sep 17 00:00:00 2001 From: Tobias Reisinger Date: Thu, 10 Nov 2022 19:00:32 +0100 Subject: [PATCH] Add caddy default snippet --- authentik/docker-compose.yml | 4 ++-- caddy/config/conf.d/analytics.serguzim.me.conf | 3 ++- caddy/config/conf.d/auth.serguzim.me.conf | 3 ++- caddy/config/conf.d/ci.serguzim.me.conf | 3 ++- caddy/config/conf.d/cloud.serguzim.me.conf | 16 +++++++++------- caddy/config/conf.d/faas.serguzim.me.conf | 3 ++- caddy/config/conf.d/git.serguzim.me.conf | 5 +++-- caddy/config/conf.d/graph.serguzim.me.conf | 3 ++- caddy/config/conf.d/hook.serguzim.me.conf | 3 ++- caddy/config/conf.d/matrix.msrg.cc.conf | 17 ++++++++++------- caddy/config/conf.d/media.serguzim.me.conf | 3 ++- caddy/config/conf.d/msrg.cc.conf | 11 ++++++----- caddy/config/conf.d/prometheus.serguzim.me.conf | 8 +++++--- caddy/config/conf.d/recipies.serguzim.me.conf | 3 ++- caddy/config/conf.d/registry.serguzim.me.conf | 5 +++-- caddy/config/conf.d/rss.serguzim.me.conf | 3 ++- caddy/config/conf.d/serguzim.me.conf | 13 +++++++------ caddy/config/conf.d/soeder.stream.conf | 9 +++++---- caddy/config/conf.d/stream.serguzim.me.conf | 5 +++-- caddy/config/conf.d/tick.serguzim.me.conf | 3 ++- caddy/config/conf.d/wiki.serguzim.me.conf | 3 ++- caddy/config/snippets | 4 ++++ diagram.py | 12 ++++++++---- 23 files changed, 87 insertions(+), 55 deletions(-) diff --git a/authentik/docker-compose.yml b/authentik/docker-compose.yml index ba28c0c..26bd4f2 100644 --- a/authentik/docker-compose.yml +++ b/authentik/docker-compose.yml @@ -2,7 +2,7 @@ version: '3.2' services: server: - image: goauthentik.io/server:2022.8.2 + image: goauthentik.io/server:2022.10.1 restart: unless-stopped command: server volumes: @@ -21,7 +21,7 @@ services: - authentik worker: - image: goauthentik.io/server:2022.8.2 + image: goauthentik.io/server:2022.10.1 restart: unless-stopped command: worker user: root diff --git a/caddy/config/conf.d/analytics.serguzim.me.conf b/caddy/config/conf.d/analytics.serguzim.me.conf index c64b462..a924575 100644 --- a/caddy/config/conf.d/analytics.serguzim.me.conf +++ b/caddy/config/conf.d/analytics.serguzim.me.conf @@ -1,3 +1,4 @@ analytics.serguzim.me { - reverse_proxy umami:3000 + import default + reverse_proxy umami:3000 } diff --git a/caddy/config/conf.d/auth.serguzim.me.conf b/caddy/config/conf.d/auth.serguzim.me.conf index 16ba524..729fec2 100644 --- a/caddy/config/conf.d/auth.serguzim.me.conf +++ b/caddy/config/conf.d/auth.serguzim.me.conf @@ -1,3 +1,4 @@ auth.serguzim.me { - reverse_proxy authentik:9000 + import default + reverse_proxy authentik:9000 } diff --git a/caddy/config/conf.d/ci.serguzim.me.conf b/caddy/config/conf.d/ci.serguzim.me.conf index 0c39976..68ebe06 100644 --- a/caddy/config/conf.d/ci.serguzim.me.conf +++ b/caddy/config/conf.d/ci.serguzim.me.conf @@ -1,3 +1,4 @@ ci.serguzim.me { - reverse_proxy woodpecker:8000 + import default + reverse_proxy woodpecker:8000 } diff --git a/caddy/config/conf.d/cloud.serguzim.me.conf b/caddy/config/conf.d/cloud.serguzim.me.conf index 36a5e63..4316228 100644 --- a/caddy/config/conf.d/cloud.serguzim.me.conf +++ b/caddy/config/conf.d/cloud.serguzim.me.conf @@ -1,11 +1,13 @@ cloud.serguzim.me { - reverse_proxy host.docker.internal:3015 + import default - redir /.well-known/host-meta /public.php?service=host-meta 301 - redir /.well-known/host-meta.json /public.php?service=host-meta-json 301 - redir /.well-known/webfinger /public.php?service=webfinger 301 - redir /.well-known/carddav /remote.php/dav/ 301 - redir /.well-known/caldav /remote.php/dav/ 301 + reverse_proxy host.docker.internal:3015 - header Strict-Transport-Security "max-age=15552000; includeSubdomains;" + redir /.well-known/host-meta /public.php?service=host-meta 301 + redir /.well-known/host-meta.json /public.php?service=host-meta-json 301 + redir /.well-known/webfinger /public.php?service=webfinger 301 + redir /.well-known/carddav /remote.php/dav/ 301 + redir /.well-known/caldav /remote.php/dav/ 301 + + header Strict-Transport-Security "max-age=15552000; includeSubdomains;" } diff --git a/caddy/config/conf.d/faas.serguzim.me.conf b/caddy/config/conf.d/faas.serguzim.me.conf index 2aef81a..25c3cc1 100644 --- a/caddy/config/conf.d/faas.serguzim.me.conf +++ b/caddy/config/conf.d/faas.serguzim.me.conf @@ -1,3 +1,4 @@ faas.serguzim.me { - reverse_proxy host.docker.internal:8080 + import default + reverse_proxy host.docker.internal:8080 } diff --git a/caddy/config/conf.d/git.serguzim.me.conf b/caddy/config/conf.d/git.serguzim.me.conf index 70bab21..5e44bc2 100644 --- a/caddy/config/conf.d/git.serguzim.me.conf +++ b/caddy/config/conf.d/git.serguzim.me.conf @@ -1,5 +1,6 @@ git.serguzim.me { - header /attachments/* Access-Control-Allow-Origin * + import default + header /attachments/* Access-Control-Allow-Origin * - reverse_proxy gitea:3000 + reverse_proxy gitea:3000 } diff --git a/caddy/config/conf.d/graph.serguzim.me.conf b/caddy/config/conf.d/graph.serguzim.me.conf index a945974..b7e2827 100644 --- a/caddy/config/conf.d/graph.serguzim.me.conf +++ b/caddy/config/conf.d/graph.serguzim.me.conf @@ -1,3 +1,4 @@ graph.serguzim.me { - reverse_proxy grafana:3000 + import default + reverse_proxy grafana:3000 } diff --git a/caddy/config/conf.d/hook.serguzim.me.conf b/caddy/config/conf.d/hook.serguzim.me.conf index 41147c8..97fe58f 100644 --- a/caddy/config/conf.d/hook.serguzim.me.conf +++ b/caddy/config/conf.d/hook.serguzim.me.conf @@ -1,3 +1,4 @@ hook.serguzim.me { - reverse_proxy host.docker.internal:3002 + import default + reverse_proxy host.docker.internal:3002 } diff --git a/caddy/config/conf.d/matrix.msrg.cc.conf b/caddy/config/conf.d/matrix.msrg.cc.conf index 1167380..228b11e 100644 --- a/caddy/config/conf.d/matrix.msrg.cc.conf +++ b/caddy/config/conf.d/matrix.msrg.cc.conf @@ -1,16 +1,19 @@ matrix.msrg.cc { - reverse_proxy /_matrix/* synapse:8008 - reverse_proxy /_synapse/* synapse:8008 + import default - handle_path /admin/* { - rewrite * {path} - reverse_proxy synapse-admin:80 -} + reverse_proxy /_matrix/* synapse:8008 + reverse_proxy /_synapse/* synapse:8008 + + handle_path /admin/* { + rewrite * {path} + reverse_proxy synapse-admin:80 + } } msrg.cc:8008, msrg.cc:8448, matrix.msrg.cc:8008, matrix.msrg.cc:8448 { - reverse_proxy synapse:8008 + import default + reverse_proxy synapse:8008 } diff --git a/caddy/config/conf.d/media.serguzim.me.conf b/caddy/config/conf.d/media.serguzim.me.conf index 656f526..721e3ee 100644 --- a/caddy/config/conf.d/media.serguzim.me.conf +++ b/caddy/config/conf.d/media.serguzim.me.conf @@ -1,3 +1,4 @@ media.serguzim.me { - reverse_proxy host.docker.internal:3014 + import default + reverse_proxy host.docker.internal:3014 } diff --git a/caddy/config/conf.d/msrg.cc.conf b/caddy/config/conf.d/msrg.cc.conf index c9643d7..728d418 100644 --- a/caddy/config/conf.d/msrg.cc.conf +++ b/caddy/config/conf.d/msrg.cc.conf @@ -1,8 +1,9 @@ msrg.cc { - header /.well-known/openpgpkey/* Access-Control-Allow-Origin * + import default + header /.well-known/openpgpkey/* Access-Control-Allow-Origin * - rewrite * /function/webpage-msrg-cc{uri} - reverse_proxy https://faas.serguzim.me { - header_up Host {http.reverse_proxy.upstream.hostport} - } + rewrite * /function/webpage-msrg-cc{uri} + reverse_proxy https://faas.serguzim.me { + header_up Host {http.reverse_proxy.upstream.hostport} + } } diff --git a/caddy/config/conf.d/prometheus.serguzim.me.conf b/caddy/config/conf.d/prometheus.serguzim.me.conf index 65f99c6..18cf8db 100644 --- a/caddy/config/conf.d/prometheus.serguzim.me.conf +++ b/caddy/config/conf.d/prometheus.serguzim.me.conf @@ -1,9 +1,11 @@ prometheus.serguzim.me { - import auth_serguzim_me + import default + import auth_serguzim_me - reverse_proxy host.docker.internal:9090 + reverse_proxy host.docker.internal:9090 } prometheus.internal.serguzim.net:80 { - reverse_proxy host.docker.internal:9090 + import default + reverse_proxy host.docker.internal:9090 } diff --git a/caddy/config/conf.d/recipies.serguzim.me.conf b/caddy/config/conf.d/recipies.serguzim.me.conf index e27f122..ad5f23a 100644 --- a/caddy/config/conf.d/recipies.serguzim.me.conf +++ b/caddy/config/conf.d/recipies.serguzim.me.conf @@ -1,3 +1,4 @@ recipies.serguzim.me { - reverse_proxy tandoor:80 + import default + reverse_proxy tandoor:80 } diff --git a/caddy/config/conf.d/registry.serguzim.me.conf b/caddy/config/conf.d/registry.serguzim.me.conf index 57c6dbf..e6e16e0 100644 --- a/caddy/config/conf.d/registry.serguzim.me.conf +++ b/caddy/config/conf.d/registry.serguzim.me.conf @@ -1,4 +1,5 @@ registry.serguzim.me { - reverse_proxy /metrics host.docker.internal:3029 - reverse_proxy host.docker.internal:3021 + import default + reverse_proxy /metrics host.docker.internal:3029 + reverse_proxy host.docker.internal:3021 } diff --git a/caddy/config/conf.d/rss.serguzim.me.conf b/caddy/config/conf.d/rss.serguzim.me.conf index 51e646a..d3dce1a 100644 --- a/caddy/config/conf.d/rss.serguzim.me.conf +++ b/caddy/config/conf.d/rss.serguzim.me.conf @@ -1,3 +1,4 @@ rss.serguzim.me { - reverse_proxy tt-rss:80 + import default + reverse_proxy tt-rss:80 } diff --git a/caddy/config/conf.d/serguzim.me.conf b/caddy/config/conf.d/serguzim.me.conf index 0056cd1..7f971fb 100644 --- a/caddy/config/conf.d/serguzim.me.conf +++ b/caddy/config/conf.d/serguzim.me.conf @@ -1,11 +1,12 @@ serguzim.me { - header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" - redir https://www.serguzim.me{uri} + header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" + redir https://www.serguzim.me{uri} } www.serguzim.me { - rewrite * /function/webpage-serguzim-me{uri} - reverse_proxy https://faas.serguzim.me { - header_up Host {http.reverse_proxy.upstream.hostport} - } + import default + rewrite * /function/webpage-serguzim-me{uri} + reverse_proxy https://faas.serguzim.me { + header_up Host {http.reverse_proxy.upstream.hostport} + } } diff --git a/caddy/config/conf.d/soeder.stream.conf b/caddy/config/conf.d/soeder.stream.conf index 6020847..7307652 100644 --- a/caddy/config/conf.d/soeder.stream.conf +++ b/caddy/config/conf.d/soeder.stream.conf @@ -1,6 +1,7 @@ xn--sder-5qa.stream { - rewrite * /function/webpage-soeder-stream{uri} - reverse_proxy https://faas.serguzim.me { - header_up Host {http.reverse_proxy.upstream.hostport} - } + import default + rewrite * /function/webpage-soeder-stream{uri} + reverse_proxy https://faas.serguzim.me { + header_up Host {http.reverse_proxy.upstream.hostport} + } } diff --git a/caddy/config/conf.d/stream.serguzim.me.conf b/caddy/config/conf.d/stream.serguzim.me.conf index 77f2dbd..9e4c2a4 100644 --- a/caddy/config/conf.d/stream.serguzim.me.conf +++ b/caddy/config/conf.d/stream.serguzim.me.conf @@ -1,5 +1,6 @@ stream.serguzim.me { - import auth_serguzim_me + import default + import auth_serguzim_me - reverse_proxy host.docker.internal:8888 + reverse_proxy host.docker.internal:8888 } diff --git a/caddy/config/conf.d/tick.serguzim.me.conf b/caddy/config/conf.d/tick.serguzim.me.conf index 1a0fe67..ad65919 100644 --- a/caddy/config/conf.d/tick.serguzim.me.conf +++ b/caddy/config/conf.d/tick.serguzim.me.conf @@ -1,3 +1,4 @@ tick.serguzim.me { - reverse_proxy host.docker.internal:8086 + import default + reverse_proxy influxdb:8086 } diff --git a/caddy/config/conf.d/wiki.serguzim.me.conf b/caddy/config/conf.d/wiki.serguzim.me.conf index 25d0781..7dcabb1 100644 --- a/caddy/config/conf.d/wiki.serguzim.me.conf +++ b/caddy/config/conf.d/wiki.serguzim.me.conf @@ -1,3 +1,4 @@ wiki.serguzim.me { - reverse_proxy wiki-js:3000 + import default + reverse_proxy wiki-js:3000 } diff --git a/caddy/config/snippets b/caddy/config/snippets index e6cd914..566fe66 100644 --- a/caddy/config/snippets +++ b/caddy/config/snippets @@ -13,3 +13,7 @@ trusted_proxies private_ranges } } + +(default) { + encode zstd gzip +} diff --git a/diagram.py b/diagram.py index 3819118..493b53d 100644 --- a/diagram.py +++ b/diagram.py @@ -49,8 +49,8 @@ def get_custom_icon(name, url): with Diagram("serguzim.net", show=False): + node001 = Cluster("node001.serguzim.net") node002 = Cluster("node002.serguzim.net") - node004 = Cluster("node004.serguzim.net") exoscale_objectstore = ObjectStorage("Exoscale Object Storage") @@ -77,11 +77,15 @@ with Diagram("serguzim.net", show=False): graph = Grafana("graph.serguzim.me") add_to_groups(graph, services, db_users) + ICON_URL = "https://avatars.githubusercontent.com/u/40275816" + harbor = Custom("registry.serguzim.me", get_custom_icon("harbor", ICON_URL)) + add_to_groups(harbor, services, db_users, objectstore_users) + ICON_URL = "https://avatars.githubusercontent.com/u/23747925" mail = Custom("mail.serguzim.me", get_custom_icon("mailcow", ICON_URL)) add_to_groups(mail, services) - ICON_URL = "https://avatars.githubusercontent.com/u/8418310?s=200&v=4" + ICON_URL = "https://avatars.githubusercontent.com/u/8418310" matrix = Custom("matrix.serguzim.me", get_custom_icon("matrix", ICON_URL)) add_to_groups(matrix, services, db_users, objectstore_users) @@ -102,12 +106,12 @@ with Diagram("serguzim.net", show=False): proxy >> services objectstore_users >> exoscale_objectstore - with node004: + with node001: services = [] proxy = Caddy() - ICON_URL = "https://www.pikpng.com/pngl/m/11-111495_minecraft-block-png-minecraft-logo-clipart.png" + ICON_URL = "https://icon-icons.com/downloadimage.php?id=168974&root=2699/PNG/256/&file=minecraft_logo_icon_168974.png" minecraft = Custom("minecraft.serguzim.me", get_custom_icon("minecraft", ICON_URL)) add_to_groups(minecraft, services)