Merge pull request 'nextcloud, wireguard, ipfs configs' (#12) from claudiomaradonna/dot-files:master into master

Reviewed-on: https://gitea.it/Unitoo/dot-files/pulls/12
This commit is contained in:
Claudio Maradonna 2022-04-24 01:08:23 +02:00
commit a6e131aed5
4 changed files with 172 additions and 1 deletions

View file

@ -0,0 +1,131 @@
upstream gateway {
server 127.0.0.1:8081;
}
server {
server_name ipfs.unitoo.it ipns.unitoo.it; # managed by Certbot
listen 443 default_server ssl;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always;
add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always;
proxy_pass_header Server;
proxy_read_timeout 1800s;
error_page 403 /403.html;
location /403.html {
root /var/www/html;
allow all;
}
location /403.png {
root /var/www/html;
allow all;
}
location /400.html {
root /var/www/html;
allow all;
}
location /ipns {
proxy_pass http://gateway;
proxy_set_header Host unitoo.it;
proxy_cache_bypass $http_upgrade;
proxy_intercept_errors on;
allow all;
error_page 400 /400.html;
}
location /ipfs {
proxy_pass http://gateway;
proxy_set_header Host unitoo.it;
proxy_cache_bypass $http_upgrade;
proxy_intercept_errors on;
allow all;
error_page 400 /400.html;
}
location / {
proxy_pass http://localhost:5001;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
deny all; # <- Deny other traffic
}
ssl_certificate /etc/letsencrypt/live/ipfs.unitoo.it/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ipfs.unitoo.it/privkey.pem; # managed by Certbot
include snippets/denylist.conf;
}
server {
server_name *.ipfs.unitoo.it *.ipns.unitoo.it;
listen 443 ssl;
proxy_read_timeout 1800s;
error_page 403 /403.html;
location /403.html {
root /var/www/html;
allow all;
}
location /403.png {
root /var/www/html;
allow all;
}
location /400.html {
root /var/www/html;
allow all;
}
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always;
add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always;
include snippets/denylist.conf;
location / {
proxy_set_header Host $host;
proxy_set_header X-Ipfs-Gateway-Prefix "";
proxy_pass http://gateway;
}
}
server {
server_name ipfs.unitoo.it ipns.unitoo.it;
listen 80;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always;
add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always;
proxy_pass_header Server;
proxy_read_timeout 1800s;
include snippets/denylist.conf;
location ~ "^/(ipfs|ipns|api)(/|$)" {
proxy_set_header Host unitoo.it;
proxy_set_header X-Ipfs-Gateway-Prefix "";
proxy_pass http://gateway;
}
return 404;
}

View file

@ -0,0 +1,26 @@
[Unit]
Description=IPFS Daemon
After=network.target
[Service]
#Runtime
Environment="IPFS_PATH=/mnt/ipfs"
Environment=IPFS_LOGGING="error"
ExecStart=/home/ipfs/.local/bin/ipfs daemon --enable-gc --migrate
User=ipfs
Restart=on-failure
RestartSec=10s
KillSignal=SIGINT
#Accounting
LimitNOFILE=10240
#LimitNice=10
MemoryAccounting=true
MemoryHigh=512M
MemoryMax=768M
MemorySwapMax=512M
CPUAccounting=true
CPUQuota=40%
[Install]
WantedBy=multi-user.target

View file

@ -9,7 +9,7 @@ $CONFIG = array (
), ),
'datadirectory' => '/var/www/html/nextcloud/data', 'datadirectory' => '/var/www/html/nextcloud/data',
'dbtype' => 'mysql', 'dbtype' => 'mysql',
'version' => '21.0.3.1', 'version' => '23.0.3.2',
'overwrite.cli.url' => 'http://your_domain/', 'overwrite.cli.url' => 'http://your_domain/',
'htaccess.RewriteBase' => '/', 'htaccess.RewriteBase' => '/',
'dbname' => 'nextcloud', 'dbname' => 'nextcloud',
@ -61,4 +61,5 @@ $CONFIG = array (
'mail_smtppassword' => '', 'mail_smtppassword' => '',
'maintenance' => false, 'maintenance' => false,
'default_phone_region' => 'IT', 'default_phone_region' => 'IT',
'preview_max_memory' => 768,
); );

View file

@ -0,0 +1,13 @@
[Interface]
Address=<local_address>
PrivateKey = `wg genkey`
ListenPort = <listen_port>
[Peer]
PublicKey = <server_public_key>
Endpoint = <server_public_ip>:<server_port>
AllowedIPs = <subnet>/24
# This is for if you're behind a NAT and
# want the connection to be kept alive.
PersistentKeepalive = 25