FunctionalHacker/dotfiles
FunctionalHacker/dotfiles
2
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

Convert server to LAN only mode

Browse source
This commit is contained in:
Marko Korhonen 2025-04-07 15:28:38 -05:00
parent d95766012d
commit 9e251961c9
5 changed files with 257 additions and 204 deletions
Download patch file Download diff file Expand all files Collapse all files

10
docker/authentik/docker-compose.yaml
View file

@ -66,16 +66,6 @@ services:
environment: environment:
GEOIPUPDATE_EDITION_IDS: GeoLite2-City GEOIPUPDATE_EDITION_IDS: GeoLite2-City
GEOIPUPDATE_FREQUENCY: '8' GEOIPUPDATE_FREQUENCY: '8'
whoami-test:
image: traefik/whoami
container_name: whoami-test
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
environment:
- TZ
networks: networks:
authentik: authentik:
external: true external: true

251
docker/caddy/Caddyfile
View file

@ -1,196 +1,67 @@
{ {
order umami first auto_https off
} }
(common_site_settings) { http://index.korhonen.lan {
encode zstd gzip root * /var/www/index.korhonen.cc
file_server browse
tls {
dns cloudflare {$CLOUDFLARE_API_TOKEN}
resolvers 1.1.1.1
}
header {
Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
}
} }
korhonen.cc, *.korhonen.cc { http://home.korhonen.lan {
import common_site_settings reverse_proxy home-assistant:8123
}
@static {
file http://sso.korhonen.lan, http://sso.korhonen.cc {
path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2 *.pdf *.webmanifest reverse_proxy authentik:9000
} }
@homepage-www-redir host www.korhonen.cc http://git.korhonen.lan {
handle @homepage-www-redir { rewrite /user/login /user/oauth2/authentik
redir https://korhonen.cc reverse_proxy forgejo:3000
} }
@homepage host korhonen.cc http://search.korhonen.lan {
handle @homepage { reverse_proxy searx:8080
# Redirect finnish WIP }
# @redirFinnish {
# header Accept-Language *fi-FI* http://jellyfin.korhonen.lan {
# not path *.js *.css *.png *.jpg *.jpeg *.svg reverse_proxy jellyfin:8096
# not path /en* /fi* }
# }
# redir @redirFinnish /fi{uri} http://cloud.korhonen.lan {
# # Redirect login page to Authentik
# uri strip_prefix /en redir /login /apps/sociallogin/custom_oidc/korhonen-sso 301
header @static Cache-Control max-age=5184000 # .htaccess / data / config / ... shouldn't be accessible from outside
root * /var/www/korhonen.cc @forbidden {
file_server path /.htaccess
} path /data/*
path /config/*
@wkd host openpgpkey.korhonen.cc path /db_structure
handle @wkd { path /.xml
root * /var/www/wkd path /README
file_server browse path /3rdparty/*
header Access-Control-Allow-Origin "*" path /lib/*
} path /templates/*
path /occ
@index host index.korhonen.cc path /console.php
handle @index { }
umami { handle @forbidden {
event_endpoint "https://umami.korhonen.cc/api/send" respond 404
website_uuid "9fe4f5c0-8e63-4479-a58d-d399cdbc0a3a" }
client_ip_header X-Real-IP
device_detection redir /.well-known/carddav /remote.php/dav 301
allowed_extensions "" .tar.zst .json .html redir /.well-known/caldav /remote.php/dav 301
}
root * /var/www/index.korhonen.cc root * /var/www/nextcloud
file_server browse php_fastcgi nextcloud:9000 {
} root /var/www/html
# Tells nextcloud to remove /index.php from URLs in links
@home-assistant host home.korhonen.cc env front_controller_active true
handle @home-assistant { }
reverse_proxy home-assistant:8123 file_server
} }
@authentik host sso.korhonen.cc http://collabora.korhonen.lan {
handle @authentik { reverse_proxy collabora:9980
reverse_proxy authentik:9000
}
@forgejo host git.korhonen.cc
handle @forgejo {
rewrite /user/login /user/oauth2/authentik
reverse_proxy forgejo:3000
}
@woodpecker host ci.korhonen.cc
handle @woodpecker {
reverse_proxy woodpecker:8000
}
@searx host search.korhonen.cc
handle @searx {
reverse_proxy searx:8080
}
@freshrss host rss.korhonen.cc
handle @freshrss {
reverse_proxy freshrss
}
@jellyfin host jellyfin.korhonen.cc
handle @jellyfin {
reverse_proxy jellyfin:8096
}
@pihole host pihole.korhonen.cc
handle @pihole {
reverse_proxy pihole
}
@umami host umami.korhonen.cc
handle @umami {
reverse_proxy umami:3000
}
@nextcloud host cloud.korhonen.cc
handle @nextcloud {
# Redirect login page to Authentik
redir /login /apps/sociallogin/custom_oidc/korhonen-sso 301
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
handle @forbidden {
respond 404
}
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
root * /var/www/nextcloud
php_fastcgi nextcloud:9000 {
root /var/www/html
# Tells nextcloud to remove /index.php from URLs in links
env front_controller_active true
}
file_server
}
@tvheadend host tvheadend.korhonen.cc
handle @tvheadend {
reverse_proxy tvheadend:9981
}
@collabora host collabora.korhonen.cc
handle @collabora {
reverse_proxy collabora:9980
}
@grafana host grafana.korhonen.cc
handle @grafana {
reverse_proxy grafana:3000
}
@drop host drop.korhonen.cc
handle @drop {
reverse_proxy drop:3000
}
@ipvX host ipv6.korhonen.cc ipv4.korhonen.cc
handle @ipvX {
respond {remote_host}
}
@ott host ott.korhonen.cc
handle @ott {
reverse_proxy opentogethertube:8080
}
handle {
respond "404 Not Found" 404
}
handle_errors {
@homepage_404 {
expression {http.error.status_code} == 404
host korhonen.cc
}
handle @homepage_404 {
root * /var/www/korhonen.cc
rewrite * /404.html
file_server
}
respond "{err.status_code} {err.status_text}"
}
} }

195
docker/caddy/Caddyfile.old Normal file
View file

@ -0,0 +1,195 @@
# My old public configuration.
# Currently don't have a public IP so running everything in LAN
# in the current configuration
{
order umami first
}
(common_site_settings) {
encode zstd gzip
tls {
dns cloudflare {$CLOUDFLARE_API_TOKEN}
resolvers 1.1.1.1
}
header {
Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
}
}
korhonen.cc, *.korhonen.cc {
import common_site_settings
@static {
file
path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2 *.pdf *.webmanifest
}
@homepage-www-redir host www.korhonen.cc
handle @homepage-www-redir {
redir https://korhonen.cc
}
@homepage host korhonen.cc
handle @homepage {
# Redirect finnish WIP
# @redirFinnish {
# header Accept-Language *fi-FI*
# not path *.js *.css *.png *.jpg *.jpeg *.svg
# not path /en* /fi*
# }
# redir @redirFinnish /fi{uri}
#
# uri strip_prefix /en
header @static Cache-Control max-age=5184000
root * /var/www/korhonen.cc
file_server
}
@wkd host openpgpkey.korhonen.cc
handle @wkd {
root * /var/www/wkd
file_server browse
header Access-Control-Allow-Origin "*"
}
@index host index.korhonen.cc
handle @index {
umami {
event_endpoint "https://umami.korhonen.cc/api/send"
website_uuid "9fe4f5c0-8e63-4479-a58d-d399cdbc0a3a"
client_ip_header X-Real-IP
device_detection
allowed_extensions "" .tar.zst .json .html
}
root * /var/www/index.korhonen.cc
file_server browse
}
@home-assistant host home.korhonen.cc
handle @home-assistant {
reverse_proxy home-assistant:8123
}
@authentik host sso.korhonen.cc
handle @authentik {
reverse_proxy authentik:9000
}
@forgejo host git.korhonen.cc
handle @forgejo {
rewrite /user/login /user/oauth2/authentik
reverse_proxy forgejo:3000
}
@woodpecker host ci.korhonen.cc
handle @woodpecker {
reverse_proxy woodpecker:8000
}
@searx host search.korhonen.cc
handle @searx {
reverse_proxy searx:8080
}
@freshrss host rss.korhonen.cc
handle @freshrss {
reverse_proxy freshrss
}
@jellyfin host jellyfin.korhonen.cc
handle @jellyfin {
reverse_proxy jellyfin:8096
}
@pihole host pihole.korhonen.cc
handle @pihole {
reverse_proxy pihole
}
@umami host umami.korhonen.cc
handle @umami {
reverse_proxy umami:3000
}
@nextcloud host cloud.korhonen.cc
handle @nextcloud {
# Redirect login page to Authentik
redir /login /apps/sociallogin/custom_oidc/korhonen-sso 301
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
handle @forbidden {
respond 404
}
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
root * /var/www/nextcloud
php_fastcgi nextcloud:9000 {
root /var/www/html
# Tells nextcloud to remove /index.php from URLs in links
env front_controller_active true
}
file_server
}
@tvheadend host tvheadend.korhonen.cc
handle @tvheadend {
reverse_proxy tvheadend:9981
}
@collabora host collabora.korhonen.cc
handle @collabora {
reverse_proxy collabora:9980
}
@drop host drop.korhonen.cc
handle @drop {
reverse_proxy drop:3000
}
@ipvX host ipv6.korhonen.cc ipv4.korhonen.cc
handle @ipvX {
respond {remote_host}
}
@ott host ott.korhonen.cc
handle @ott {
reverse_proxy opentogethertube:8080
}
handle {
respond "404 Not Found" 404
}
handle_errors {
@homepage_404 {
expression {http.error.status_code} == 404
host korhonen.cc
}
handle @homepage_404 {
root * /var/www/korhonen.cc
rewrite * /404.html
file_server
}
respond "{err.status_code} {err.status_text}"
}
}

2
docker/homeautomation/docker-compose.yaml
View file

@ -11,8 +11,6 @@ services:
restart: unless-stopped restart: unless-stopped
environment: environment:
- TZ=Europe/Helsinki - TZ=Europe/Helsinki
devices:
- /dev/ttyACM0
volumes: volumes:
- hass:/config - hass:/config
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro

3
root/etc/pacman.conf
View file

@ -30,6 +30,5 @@ Include = /etc/pacman.d/mirrorlist
Server = file:///var/www/index.korhonen.cc/repo/arch_linux/$repo/$arch Server = file:///var/www/index.korhonen.cc/repo/arch_linux/$repo/$arch
{%@@ else @@%} {%@@ else @@%}
Include = /etc/pacman.d/pacserve Include = /etc/pacman.d/pacserve
Server = https://index.korhonen.cc/repo/arch_linux/$repo/$arch Server = http://index.korhonen.lan/repo/arch_linux/$repo/$arch
{%@@ endif @@%} {%@@ endif @@%}