forked from unitoo/configurations
Merge pull request 'nextcloud, wireguard, ipfs configs' (#12) from claudiomaradonna/dot-files:master into master
Reviewed-on: https://gitea.it/Unitoo/dot-files/pulls/12
This commit is contained in:
commit
a6e131aed5
4 changed files with 172 additions and 1 deletions
131
ipfs/etc/nginx/sites-available/ipfs-gateway.conf
Normal file
131
ipfs/etc/nginx/sites-available/ipfs-gateway.conf
Normal file
|
@ -0,0 +1,131 @@
|
||||||
|
upstream gateway {
|
||||||
|
server 127.0.0.1:8081;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name ipfs.unitoo.it ipns.unitoo.it; # managed by Certbot
|
||||||
|
listen 443 default_server ssl;
|
||||||
|
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
|
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||||
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
||||||
|
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always;
|
||||||
|
add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always;
|
||||||
|
|
||||||
|
proxy_pass_header Server;
|
||||||
|
proxy_read_timeout 1800s;
|
||||||
|
|
||||||
|
error_page 403 /403.html;
|
||||||
|
|
||||||
|
location /403.html {
|
||||||
|
root /var/www/html;
|
||||||
|
allow all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /403.png {
|
||||||
|
root /var/www/html;
|
||||||
|
allow all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /400.html {
|
||||||
|
root /var/www/html;
|
||||||
|
allow all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /ipns {
|
||||||
|
proxy_pass http://gateway;
|
||||||
|
proxy_set_header Host unitoo.it;
|
||||||
|
proxy_cache_bypass $http_upgrade;
|
||||||
|
|
||||||
|
proxy_intercept_errors on;
|
||||||
|
|
||||||
|
allow all;
|
||||||
|
|
||||||
|
error_page 400 /400.html;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /ipfs {
|
||||||
|
proxy_pass http://gateway;
|
||||||
|
proxy_set_header Host unitoo.it;
|
||||||
|
proxy_cache_bypass $http_upgrade;
|
||||||
|
|
||||||
|
proxy_intercept_errors on;
|
||||||
|
|
||||||
|
allow all;
|
||||||
|
|
||||||
|
error_page 400 /400.html;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:5001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_cache_bypass $http_upgrade;
|
||||||
|
deny all; # <- Deny other traffic
|
||||||
|
}
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/ipfs.unitoo.it/fullchain.pem; # managed by Certbot
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/ipfs.unitoo.it/privkey.pem; # managed by Certbot
|
||||||
|
|
||||||
|
include snippets/denylist.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name *.ipfs.unitoo.it *.ipns.unitoo.it;
|
||||||
|
listen 443 ssl;
|
||||||
|
|
||||||
|
proxy_read_timeout 1800s;
|
||||||
|
|
||||||
|
error_page 403 /403.html;
|
||||||
|
|
||||||
|
location /403.html {
|
||||||
|
root /var/www/html;
|
||||||
|
allow all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /403.png {
|
||||||
|
root /var/www/html;
|
||||||
|
allow all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /400.html {
|
||||||
|
root /var/www/html;
|
||||||
|
allow all;
|
||||||
|
}
|
||||||
|
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||||
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
||||||
|
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always;
|
||||||
|
add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always;
|
||||||
|
|
||||||
|
include snippets/denylist.conf;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Ipfs-Gateway-Prefix "";
|
||||||
|
proxy_pass http://gateway;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name ipfs.unitoo.it ipns.unitoo.it;
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||||
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
||||||
|
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always;
|
||||||
|
add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always;
|
||||||
|
|
||||||
|
proxy_pass_header Server;
|
||||||
|
proxy_read_timeout 1800s;
|
||||||
|
|
||||||
|
include snippets/denylist.conf;
|
||||||
|
|
||||||
|
location ~ "^/(ipfs|ipns|api)(/|$)" {
|
||||||
|
proxy_set_header Host unitoo.it;
|
||||||
|
proxy_set_header X-Ipfs-Gateway-Prefix "";
|
||||||
|
proxy_pass http://gateway;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 404;
|
||||||
|
}
|
26
ipfs/lib/systemd/system/ipfs.service
Normal file
26
ipfs/lib/systemd/system/ipfs.service
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
[Unit]
|
||||||
|
Description=IPFS Daemon
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
#Runtime
|
||||||
|
Environment="IPFS_PATH=/mnt/ipfs"
|
||||||
|
Environment=IPFS_LOGGING="error"
|
||||||
|
ExecStart=/home/ipfs/.local/bin/ipfs daemon --enable-gc --migrate
|
||||||
|
User=ipfs
|
||||||
|
Restart=on-failure
|
||||||
|
RestartSec=10s
|
||||||
|
KillSignal=SIGINT
|
||||||
|
|
||||||
|
#Accounting
|
||||||
|
LimitNOFILE=10240
|
||||||
|
#LimitNice=10
|
||||||
|
MemoryAccounting=true
|
||||||
|
MemoryHigh=512M
|
||||||
|
MemoryMax=768M
|
||||||
|
MemorySwapMax=512M
|
||||||
|
CPUAccounting=true
|
||||||
|
CPUQuota=40%
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -9,7 +9,7 @@ $CONFIG = array (
|
||||||
),
|
),
|
||||||
'datadirectory' => '/var/www/html/nextcloud/data',
|
'datadirectory' => '/var/www/html/nextcloud/data',
|
||||||
'dbtype' => 'mysql',
|
'dbtype' => 'mysql',
|
||||||
'version' => '21.0.3.1',
|
'version' => '23.0.3.2',
|
||||||
'overwrite.cli.url' => 'http://your_domain/',
|
'overwrite.cli.url' => 'http://your_domain/',
|
||||||
'htaccess.RewriteBase' => '/',
|
'htaccess.RewriteBase' => '/',
|
||||||
'dbname' => 'nextcloud',
|
'dbname' => 'nextcloud',
|
||||||
|
@ -61,4 +61,5 @@ $CONFIG = array (
|
||||||
'mail_smtppassword' => '',
|
'mail_smtppassword' => '',
|
||||||
'maintenance' => false,
|
'maintenance' => false,
|
||||||
'default_phone_region' => 'IT',
|
'default_phone_region' => 'IT',
|
||||||
|
'preview_max_memory' => 768,
|
||||||
);
|
);
|
||||||
|
|
13
wireguard/client/etc/wireguard/wg0.conf
Normal file
13
wireguard/client/etc/wireguard/wg0.conf
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
[Interface]
|
||||||
|
Address=<local_address>
|
||||||
|
PrivateKey = `wg genkey`
|
||||||
|
ListenPort = <listen_port>
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
PublicKey = <server_public_key>
|
||||||
|
Endpoint = <server_public_ip>:<server_port>
|
||||||
|
AllowedIPs = <subnet>/24
|
||||||
|
|
||||||
|
# This is for if you're behind a NAT and
|
||||||
|
# want the connection to be kept alive.
|
||||||
|
PersistentKeepalive = 25
|
Loading…
Reference in a new issue