cleaned up and moved files around

2023-11-30 13:38:58 -06:00
parent acdc4fc122
commit 099dd085c9
22 changed files with 188 additions and 834 deletions
@@ -1,30 +0,0 @@
-#GLOBAL SETTINGS
-COMPOSE_HTTP_TIMEOUT=120
-COMPOSE_IGNORE_ORPHANS=1
-DOCKER_CONFIGS=./appdata
-DOCKERGID=999
-DOCKERHOSTNAME=ProxyServer
-DOCKERLOGGING_MAXFILE=10
-DOCKERLOGGING_MAXSIZE=200k
-PGID=1000
-PUID=1000
-UMASK=000
-TZ=America/Chicago
-ADMIN_USERNAME=akanealw
-ADMIN_PASSWORD=8ung1e1!
-
-#PIHOLE
-FTLCONF_LOCAL_IPV4=192.168.1.4
-REV_SERVER=false
-REV_SERVER_DOMAIN=
-REV_SERVER_TARGET=
-REV_SERVER_CIDR=
-HOSTNAME=piholeserver3
-DOMAIN_NAME=piholeserver3.lan
-PIHOLE_WEBPORT=8000
-WEBTHEME=default-dark
-WEBPASSWORD=8PVkCY4FbyKWEACiG22^
-
-#WIREGUARD
-WG_HOST=akanealw.com
-WG_PASSWORD=wBJz7wuazWWmbfTGhM7v
@@ -1,10 +0,0 @@
-include /snippets/authelia-location.conf;
-
-location / {
-    include /snippets/authelia-proxy.conf;
-    include /snippets/authelia-authrequest.conf;
-    proxy_pass $forward_scheme://$server:$port;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection upgrade;
-    proxy_set_header Accept-Encoding gzip;
-}
@@ -1,4 +0,0 @@
-location / {
-    include /snippets/authelia-proxy.conf;
-    proxy_pass $forward_scheme://$server:$port;
-}
@@ -1,135 +0,0 @@
-theme: dark
-jwt_secret: 9DGPzQy8SZQ7rV57V3DJnw
-
-#default_redirection_url: https://akanealw.com
-
-server:
-  host: 0.0.0.0
-  port: 9091
-  path: ""
-  buffers:
-    read: 4096
-    write: 4096
-  enable_pprof: false
-  enable_expvars: false
-  disable_healthcheck: false
-  tls:
-    key: ""
-    certificate: ""
-
-ntp:
-  address: "0.debian.pool.ntp.org:123"
-  version: 3
-  max_desync: 3s
-  disable_startup_check: true
-  disable_failure: true
-
-log:
-  level: info
-
-totp:
-  disable: false
-  issuer: akanealw.com
-  algorithm: sha1
-  digits: 6
-  period: 30
-  skew: 1
-  secret_size: 32
-
-authentication_backend:
-  password_reset:
-    disable: true
-  refresh_interval: 5m
-  file:
-    path: /config/users_database.yml
-    password:
-      algorithm: argon2id
-      iterations: 1
-      salt_length: 16
-      parallelism: 8
-      memory: 64
-
-access_control:
-  default_policy: deny
-  rules:
-    ## bypass api for subdomains
-    - domain: "*.akanealw.com"
-      resources:
-        - "^/api([/?].*)?$"
-        - "^/add([/?].*)?$"  
-        - "^/public([/?].*)?$"        
-      policy: bypass
-    # bypass subdomains
-    - domain:
-      - aknlw.com
-      - auth.akanealw.com
-      - bitwarden.akanealw.com
-      - gitea.akanealw.com
-      - owncloud.akanealw.com
-      - overseerr.akanealw.com
-      - plex.akanealw.com
-      - remotely.akanealw.com
-      policy: bypass
-    # two_factor subdomains
-    - domain: 
-      - akanealw.com
-      - archive.akanealw.com
-      - bazarr.akanealw.com
-      - codeserver.akanealw.com
-      - freshrss.akanealw.com
-      - jackett.akanealw.com
-      - jdownloader.akanealw.com
-      - kavita.akanealw.com
-      - lidarr.akanealw.com
-      - metube.akanealw.com
-      - monitorr.akanealw.com
-      - mstream.akanealw.com
-      - nzbhydra.akanealw.com
-      - olivetin.akanealw.com
-      - prowlarr.akanealw.com
-      - qbittorrent.akanealw.com
-      - radarr.akanealw.com
-      - sabnzbd.akanealw.com
-      - search.akanealw.com
-      - spdf.akanealw.com
-      - sonarr.akanealw.com
-      - trilium.akanealw.com
-      - uptimekuma.akanealw.com
-      - www.akanealw.com
-      policy: two_factor
-
-session:
-  name: authelia_session
-  domain: akanealw.com
-  same_site: lax
-  secret: 8r9y4d8mY7NfQtpCe2oU
-  expiration: 6h
-  inactivity: 5m
-  remember_me_duration: 1w
-
-regulation:
-  max_retries: 3
-  find_time: 10m
-  ban_time: 12h
-
-storage:
-  local:
-    path: /config/db.sqlite3
-  encryption_key: iiB7C8Bn4A2gAhzs2fWaggUug76PZ4LU
-  
-notifier:
-  disable_startup_check: true
-  smtp:
-    username: akanealw@gmail.com
-    password: qlvmffuzpscltdgz
-    host: smtp.gmail.com
-    port: 587
-    sender: akanealw@gmail.com
-    identifier: dockerserver
-    subject: "[Authelia] {title}"
-    startup_check_address: akanealw@gmail.com
-    disable_require_tls: false
-    disable_html_emails: false
-    tls:
-      skip_verify: false
-      minimum_version: TLS1.2
@@ -1,8 +0,0 @@
-users:
-  akanealw:
-    displayname: "akanealw"
-    password: "$argon2id$v=19$m=65536,t=1,p=8$ZWJ2UGVPUDE2SnU0YXNvNg$Q3LQfN90kPI5/3Yr06WmTUjFbvIBBZPJP44YLhysT0M"
-    email: akanealw@gmail.com
-    groups:
-      - admins
-      
@@ -1,205 +0,0 @@
-version: '3'
-
-services:
-  archivebox:
-    container_name: archivebox
-    image: archivebox/archivebox:dev
-    command: server --quick-init 0.0.0.0:8000
-    environment:
-      - ALLOWED_HOSTS=*
-      - MEDIA_MAX_SIZE=750m
-      - PUBLIC_ADD_VIEW=True
-      - PUBLIC_INDEX=True
-      - PUBLIC_SNAPSHOTS=False
-      - SAVE_TITLE=True
-      - SAVE_FAVICON=True
-      - SAVE_WGET=False
-      - SAVE_WARC=False
-      - SAVE_PDF=True
-      - SAVE_SCREENSHOT=True
-      - SAVE_DOM=False
-      - SAVE_SINGLEFILE=True
-      - SAVE_READABILITY=True
-      - SAVE_MERCURY=False
-      - SAVE_GIT=False
-      - SAVE_MEDIA=False
-      - SAVE_ARCHIVE_DOT_ORG=False
-    ports:
-      - 8000:8000
-    restart: always
-    volumes:
-      - ${DOCKER_CONFIGS}/archivebox/data:/data
-
-  authelia:
-    container_name: authelia
-    image: authelia/authelia
-    environment:
-      - TZ=${TZ}
-    ports:
-      - 9091:9091
-    restart: always
-    volumes:
-      - ${DOCKER_CONFIGS}/authelia/config:/config
-
-  cronicle:
-    container_name: cronicle
-    hostname: cronicle
-    image: bluet/cronicle-docker:latest
-    environment:
-     - TZ=${TZ}
-     - CRONICLE_base_app_url=http://192.168.1.4
-     - CRONICLE_master 1
-    network_mode: "host"
-    restart: always
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /root/.ssh:/root/.ssh
-      - /home/akanealw/scripts/cronicle:/scripts
-      - ${DOCKER_CONFIGS}/cronicle/data:/opt/cronicle/data
-      - ${DOCKER_CONFIGS}/cronicle/logs:/opt/cronicle/logs
-      - ${DOCKER_CONFIGS}/cronicle/plugins:/opt/cronicle/plugins
-      - ${DOCKER_CONFIGS}/cronicle/workloads/app:/app
-      - ${DOCKER_CONFIGS}/cronicle/data/config.json:/opt/cronicle/conf/config.json
-
-  crowdsec:
-    container_name: crowdsec
-    image: crowdsecurity/crowdsec
-    environment:
-      - COLLECTIONS=crowdsecurity/sshd crowdsecurity/nginx crowdsecurity/nginx-proxy-manager
-      - BOUNCER_KEY_OPENWRT=e5eafa00ff6db5164b12426c6cfb6b62
-    ports:
-      - 8280:8080
-      - 6260:6060
-    restart: always
-    volumes:
-      - ${DOCKER_CONFIGS}/crowdsec/config:/etc/crowdsec
-      - ${DOCKER_CONFIGS}/crowdsec/config/acquis.d:/etc/crowdsec/acquis.d
-      - ${DOCKER_CONFIGS}/crowdsec/config/acquis.yaml:/etc/crowdsec/acquis.yaml
-      - ${DOCKER_CONFIGS}/crowdsec/data:/var/lib/crowdsec/data
-      - ${DOCKER_CONFIGS}/nginxproxymanager/data/logs:/logs/nginx:ro
-      - /var/log/auth.log:/logs/auth.log:ro
-      - /var/log/syslog:/logs/syslog:ro
-
-  nginxproxymanager:
-    container_name: nginxproxymanager
-    image: jc21/nginx-proxy-manager:2.10.4
-    environment:
-      - X_FRAME_OPTIONS=sameorigin
-      - DB_SQLITE_FILE=/data/database.sqlite
-    ports:
-      - 443:443/tcp
-      - 80:80/tcp
-      - 81:81/tcp
-    restart: always
-    volumes:
-      - ${DOCKER_CONFIGS}/nginxproxymanager/data:/data
-      - ${DOCKER_CONFIGS}/nginxproxymanager/letsencrypt:/etc/letsencrypt
-      - ${DOCKER_CONFIGS}/nginxproxymanager/snippets:/snippets:ro
-      - /etc/localtime:/etc/localtime:ro
-
-  orbital-sync:
-    container_name: orbital-sync
-    image: mattwebbio/orbital-sync:1
-    environment:
-      - PRIMARY_HOST_BASE_URL=http://192.168.1.2:80
-      - PRIMARY_HOST_PASSWORD=${WEBPASSWORD}
-      - SECONDARY_HOST_1_BASE_URL=http://192.168.1.3:80
-      - SECONDARY_HOST_1_PASSWORD=${WEBPASSWORD}
-      - SECONDARY_HOST_2_BASE_URL=http://192.168.1.4:8180
-      - SECONDARY_HOST_2_PASSWORD=${WEBPASSWORD}
-      - INTERVAL_MINUTES=30
-    restart: always
-
-  pihole:
-    container_name: pihole
-    image: cbcrowe/pihole-unbound:latest
-    hostname: ${HOSTNAME}
-    domainname: ${DOMAIN_NAME}
-    environment:
-      - FTLCONF_LOCAL_IPV4=${FTLCONF_LOCAL_IPV4}
-      - TZ=${TZ}
-      - WEBPASSWORD=${WEBPASSWORD}
-      - WEBTHEME=${WEBTHEME:-default-dark}
-      - REV_SERVER=${REV_SERVER:-false}
-      - REV_SERVER_TARGET=${REV_SERVER_TARGET}
-      - REV_SERVER_DOMAIN=${REV_SERVER_DOMAIN}
-      - REV_SERVER_CIDR=${REV_SERVER_CIDR}
-      - PIHOLE_DNS_=127.0.0.1#5335
-      - DNSSEC="true"
-      - DNSMASQ_LISTENING=single
-    ports:
-      - 53:53
-      - 53:53/udp
-      - 8180:80
-    restart: always
-    volumes:
-      - ${DOCKER_CONFIGS}/pihole/unbound:/etc/pihole:rw
-      - ${DOCKER_CONFIGS}/pihole/dnsmasq-unbound:/etc/dnsmasq.d:rw
-
-  vaultwarden:
-    container_name: vaultwarden
-    image: vaultwarden/server:latest
-    environment:
-      - TZ=${TZ}
-      - ADMIN_TOKEN=h/oRssGu83I1E1WQGiSchYMAJnM0JcDXmjeI/A3QgMCasn/IK9zZldH5FXim0rSi
-      - DATABASE_URL=data/db.sqlite3
-      - DISABLE_ADMIN_TOKEN=false
-      - DOMAIN=https://bitwarden.akanealw.com
-      - ENABLE_DB_WAL=true
-      - INVITATIONS_ALLOWED=false
-      - SHOW_PASSWORD_HINT=false
-      - SIGNUPS_ALLOWED=false
-      - SIGNUPS_VERIFY=false
-      - SMTP_PORT=587
-      - SMTP_SSL=true
-    ports:
-      - 8089:80
-    restart: always
-    volumes:
-      - ${DOCKER_CONFIGS}/vaultwarden:/data
-      - /etc/localtime:/etc/localtime:ro
-
-  vaultwarden-backup:
-    container_name: vaultwarden-backup
-    image: bruceforce/vaultwarden-backup
-    environment:
-      - BACKUP_DIR=/data/backups
-      - CRON_TIME=15 * * * *
-      - TIMESTAMP=true
-      - UID=${PUID}
-      - GID=${PGID}
-    depends_on:
-      - vaultwarden
-    init: true
-    restart: always
-    volumes:
-      - /home/akanealw/docker/appdata/vaultwarden:/data
-      - /home/akanealw/backups/vaultwardenbackups:/data/backups
-
-  wg-easy:
-    container_name: wg-easy      
-    image: weejewel/wg-easy
-    environment:
-      - WG_HOST=${WG_HOST}
-      - PASSWORD=${WG_PASSWORD}
-      - WG_DEFAULT_DNS=162.222.10.80, 9.9.9.9
-      - WG_PORT=51830
-      - WG_PERSISTENT_KEEPALIVE=25
-      - WG_DEFAULT_ADDRESS=10.8.0.x
-      - WG_MTU=1420
-      - WG_ALLOWED_IPS=10.8.0.0/24
-    cap_add:
-      - NET_ADMIN
-      - SYS_MODULE
-    sysctls:
-      - net.ipv4.ip_forward=1
-      - net.ipv4.conf.all.src_valid_mark=1
-    ports:
-      - 51830:51820/udp
-      - 51831:51821
-    restart: always
-    volumes:
-      - ${DOCKER_CONFIGS}/wireguard:/etc/wireguard
-
-networks:
-  proxy:
@@ -1,10 +0,0 @@
-filenames:
-  - /logs/nginx/*.log
-labels:
-  type: nginx-proxy-manager
---
-filenames:
- - /logs/auth.log
- - /logs/syslog
-labels:
-  type: syslog
@@ -1,13 +0,0 @@
-daemon=900
-use=web
-protocol=dyndns2
-
-protocol=googledomains,
-login=XIQcIciDPkL98kcu,
-password=eowszqJ33jjzkN6Y
-akanealw.com
-
-protocol=googledomains,
-login=fl8RMB9sWyaYIbXQ,
-password=lYkyofVtT1KQp59M
-aknlw.com
@@ -1,25 +0,0 @@
-## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
-auth_request /authelia;
-
-## Set the $target_url variable based on the original request.
-
-## Comment this line if you're using nginx without the http_set_misc module.
-set_escape_uri $target_url $scheme://$http_host$request_uri;
-
-## Uncomment this line if you're using NGINX without the http_set_misc module.
-# set $target_url $scheme://$http_host$request_uri;
-
-## Save the upstream response headers from Authelia to variables.
-auth_request_set $user $upstream_http_remote_user;
-auth_request_set $groups $upstream_http_remote_groups;
-auth_request_set $name $upstream_http_remote_name;
-auth_request_set $email $upstream_http_remote_email;
-
-## Inject the response headers from the variables into the request made to the backend.
-proxy_set_header Remote-User $user;
-proxy_set_header Remote-Groups $groups;
-proxy_set_header Remote-Name $name;
-proxy_set_header Remote-Email $email;
-
-## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
-error_page 401 =302 https://auth.akanealw.com/?rd=$target_url;
@@ -1,36 +0,0 @@
-set $upstream_authelia http://authelia:9091/api/verify;
-
-## Virtual endpoint created by nginx to forward auth requests.
-location /authelia {
-    ## Essential Proxy Configuration
-    internal;
-    proxy_pass $upstream_authelia;
-
-    ## Headers
-    ## The headers starting with X-* are required.
-    proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
-    proxy_set_header X-Original-Method $request_method;
-    proxy_set_header X-Forwarded-Method $request_method;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header X-Forwarded-Host $http_host;
-    proxy_set_header X-Forwarded-Uri $request_uri;
-    proxy_set_header X-Forwarded-For $remote_addr;
-    proxy_set_header Content-Length "";
-    proxy_set_header Connection "";
-
-    ## Basic Proxy Configuration
-    proxy_pass_request_body off;
-    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Timeout if the real server is dead
-    proxy_redirect http:// $scheme://;
-    proxy_http_version 1.1;
-    proxy_cache_bypass $cookie_session;
-    proxy_no_cache $cookie_session;
-    proxy_buffers 4 32k;
-    client_body_buffer_size 128k;
-
-    ## Advanced Proxy Configuration
-    send_timeout 5m;
-    proxy_read_timeout 240;
-    proxy_send_timeout 240;
-    proxy_connect_timeout 240;
-}
@@ -1,8 +0,0 @@
-## Headers
-proxy_set_header Host $host;
-proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
-proxy_set_header X-Forwarded-Proto $scheme;
-proxy_set_header X-Forwarded-Host $http_host;
-proxy_set_header X-Forwarded-Uri $request_uri;
-proxy_set_header X-Forwarded-Ssl on;
-proxy_set_header X-Forwarded-For $remote_addr;