massive update i don't feel like noting what changed

2025-09-20 15:58:32 -05:00 · 2025-09-20 15:58:32 -05:00 · fe7ede16c8
commit fe7ede16c8
parent 0d93587aef
27 changed files with 255 additions and 118 deletions
--- a/neptunium/etc/caddy/Caddyfile
+++ b/neptunium/etc/caddy/Caddyfile
@ -0,0 +1,51 @@
+# =============================================================================
+
+# ╭────────────────────────────────╮
+# │ commonly reused rules/snippets │
+# ╰────────────────────────────────╯
+
+# common settings - globally enables settings that are commonly used in every snippet
+(common-settings) {
+    encode zstd gzip
+}
+
+# log - reused log settings
+(log) {
+    log {
+        output file /var/log/caddy/{args[0]} {
+            roll_size 10MB
+            roll_keep 1
+            roll_keep_for 120h
+        }
+    }
+}
+
+# robots-txt - link /robots.txt to the same file
+(robots-txt) {
+    handle_path /robots.txt {
+        root * /var/www/robots.txt
+        file_server
+    }
+}
+
+# =============================================================================
+
+# ╭──────────────────────────╮
+# │ main/general information │
+# ╰──────────────────────────╯
+
+{
+    email synth@synth.download
+    import log caddy
+    acme_dns porkbun {
+        api_key {env.PORKBUN_API_KEY}
+        api_secret_key {env.PORKBUN_API_SECRET_KEY}
+    }
+}
+
+# ╭───────────────────────────────────────────────────────────────────────────╮
+# │ do an nginx and seperate snippets for sites into /etc/caddy/sites-enabled │
+# ╰───────────────────────────────────────────────────────────────────────────╯
+# to "disable" anything, just move the file to /etc/caddy/sites-disabled and reload caddy
+
+import /etc/caddy/sites-enabled/*
--- a/neptunium/etc/caddy/sites-enabled/aoderelay
+++ b/neptunium/etc/caddy/sites-enabled/aoderelay
@ -0,0 +1,7 @@
+relay.synth.download {
+    reverse_proxy http://192.168.1.73:19438
+
+    import common-settings
+    import log aoderelay
+    import robots-txt
+}
--- a/neptunium/etc/caddy/sites-enabled/fedi-frontends
+++ b/neptunium/etc/caddy/sites-enabled/fedi-frontends
@ -0,0 +1,85 @@
+# akkoma fe for iceshrimp
+# (ONLY iceshrimp, not compatible with any other instance)
+akko.beeping.synth.download {
+    # redirect api endpoints to iceshrimp
+    @redir {
+        path /oauth/*
+        path /api/*
+        path /nodeinfo/*
+    }
+    handle @redir {
+        reverse_proxy http://192.168.1.73:24042
+        import common-settings
+    }
+
+    # favicon
+    handle_path /favicon.png {
+        root * /var/www/site/assets/synth.download/synth.png
+        file_server
+        import common-settings
+    }
+
+    # akkoma frontend
+    handle {
+        header Cache-Control "max-age=3600"
+        try_files {path} /
+        root * /var/www/fedi-frontends/akkoma-fe
+        file_server
+        import common-settings
+    }
+    handle_path /static/* {
+        header Cache-Control "max-age=3600"
+        root * /var/www/fedi-frontends/akkoma-fe/static
+        file_server
+        import common-settings
+    }
+
+    import common-settings
+    import log akkofe
+    import robots-txt
+}
+
+# mastodon (chuckya) frontend
+chuckya-fe.synth.download {
+    root * /var/www/fedi-frontends/chuckya-fe
+    file_server
+    try_files {path} /
+
+    handle_path /favicon.png {
+        root * /var/www/site/assets/synth.download/synth.png
+        file_server
+        import common-settings
+    }
+
+    handle_path /packs {
+        root * /var/www/fedi-frontends/chuckya-fe/packs
+        file_server
+        import common-settings
+    }
+
+    import common-settings
+    import log mastofe
+    import robots-txt
+}
+
+# phanpy
+phanpy.synth.download {
+    root * /var/www/fedi-frontends/phanpy
+    file_server
+    try_files {path} /
+
+    import common-settings
+    import log phanpy
+    import robots-txt
+}
+
+# pl-fe
+pl-fe.synth.download {
+    root * /var/www/fedi-frontends/pl-fe
+    file_server
+    try_files {path} /
+
+    import common-settings
+    import log pl-fe
+    import robots-txt
+}
--- a/neptunium/etc/caddy/sites-enabled/iceshrimp
+++ b/neptunium/etc/caddy/sites-enabled/iceshrimp
@ -0,0 +1,24 @@
+*.beeping.synth.download {
+    handle /.well-known/atproto-did {
+        rewrite * /.well-known/atproto-did?protocol=ap&id=%40{http.request.host.labels.3}%40beeping.synth.download
+
+        reverse_proxy https://fed.brid.gy {
+            header_up Host fed.brid.gy
+        }
+    }
+}
+
+beeping.synth.download {
+    reverse_proxy http://192.168.1.73:24042
+
+    # favicon stuff
+    handle_path /assets/synth.download/synth.png {
+        root * /var/www/site/assets/synth.download/synth.png
+        file_server
+        import common-settings
+    }
+
+    import common-settings
+    import log iceshrimp
+    import robots-txt
+}
--- a/neptunium/etc/caddy/sites-enabled/mastodon
+++ b/neptunium/etc/caddy/sites-enabled/mastodon
@ -0,0 +1,65 @@
+*.merping.synth.download {
+    handle /.well-known/atproto-did {
+        rewrite * /.well-known/atproto-did?protocol=ap&id=@{http.request.host.labels.3}@merping.synth.download
+
+        reverse_proxy https://fed.brid.gy {
+            header_up Host fed.brid.gy
+        }
+    }
+}
+
+merping.synth.download {
+    @local {
+        file
+        not path /
+    }
+    @local_media {
+        path_regexp /system/(.*)
+    }
+    @streaming {
+        path /api/v1/streaming
+        path /api/v1/streaming/*
+    }
+    @cache_control {
+        path_regexp ^/(emoji|packs|/system/accounts/avatars|/system/media_attachments/files)
+    }
+
+    handle_errors {
+        rewrite 500.html
+        reverse_proxy http://192.168.1.73:42261 {
+            header_up Accept-Encoding identity
+        }
+    }
+
+    header {
+        Strict-Transport-Security "max-age=31536000"
+    }
+    header /sw.js Cache-Control "public, max-age=0"
+    header @cache_control Cache-Control "public, max-age=31536000, immutable"
+
+    handle @local {
+        reverse_proxy http://192.168.1.73:42261 {
+            header_up Accept-Encoding identity
+        }
+    }
+
+    handle @streaming {
+        reverse_proxy http://192.168.1.73:58834 {
+            header_up Accept-Encoding identity
+        }
+    }
+
+    reverse_proxy http://192.168.1.73:46098 {
+        header_up Accept-Encoding identity
+        header_up X-Forwarded-Port 443
+
+        transport http {
+            keepalive 5s
+            keepalive_idle_conns 10
+        }
+    }
+
+    import common-settings
+    import log mastodon
+    import robots-txt
+}
--- a/neptunium/etc/caddy/sites-enabled/pds
+++ b/neptunium/etc/caddy/sites-enabled/pds
@ -0,0 +1,18 @@
+*.pds.synth.download, pds.synth.download {
+    #root * /var/www/pds-dash
+    #file_server
+
+    # TEMP
+    reverse_proxy http://192.168.1.73:24318
+
+    # since we utilize pds-dash to provide a proper "frontend" page for the pds, we need to manually redirect all known endpoints back to the pds
+    # probably a better way to do this; haven't discovered it yet
+    reverse_proxy /xrpc/* http://192.168.1.73:24318
+    reverse_proxy /oauth/* http://192.168.1.73:24318
+    reverse_proxy /.well-known/* http://192.168.1.73:24318
+    reverse_proxy /@atproto/* http://192.168.1.73:24318
+
+    import common-settings
+    import log pds
+    import robots-txt
+}
--- a/neptunium/etc/caddy/sites-enabled/sharkey
+++ b/neptunium/etc/caddy/sites-enabled/sharkey
@ -0,0 +1,38 @@
+*.booping.synth.download {
+    handle /.well-known/atproto-did {
+        rewrite * /.well-known/atproto-did?protocol=ap&id=%40{http.request.host.labels.3}%40booping.synth.download
+
+        reverse_proxy https://fed.brid.gy {
+            header_up Host fed.brid.gy
+        }
+    }
+}
+
+booping.synth.download {
+    import common-settings
+    import log sharkey
+    import robots-txt
+
+    @activity_pub `header({'Content-Type': 'application/activity+json*'}) || header({'Content-Type': 'application/ld+json*'}) || header({'Accept': 'application/activity+json*'}) || header({'Accept': 'application/ld+json*'})`
+
+    route {
+        # media service
+        reverse_proxy /files/* http://192.168.1.73:57378
+        reverse_proxy /avatar/* http://192.168.1.73:57378
+        reverse_proxy /url http://192.168.1.73:57378
+        reverse_proxy /twemoji-badge/* http://192.168.1.73:57378
+        reverse_proxy /identicon/* http://192.168.1.73:57378
+
+        # activitypub service
+        reverse_proxy @activity_pub http://192.168.1.73:47815
+        reverse_proxy /api/v2/search http://192.168.1.73:47815
+        reverse_proxy /api/admin/federation/refresh-remote-instance-metadata http://192.168.1.73:47815
+        reverse_proxy /api/notes/polls/refresh http://192.168.1.73:47815
+        reverse_proxy /api/federation/update-remote-user http://192.168.1.73:47815
+        reverse_proxy /api/ap/get http://192.168.1.73:47815
+        reverse_proxy /api/ap/show http://192.168.1.73:47815
+
+        # api + web frontend (+ general fallback)
+        reverse_proxy http://192.168.1.73:60628
+    }
+}
--- a/neptunium/etc/ssh/sshd_config.d/01-port.conf
+++ b/neptunium/etc/ssh/sshd_config.d/01-port.conf
@ -0,0 +1 @@
+Port 6721
--- a/neptunium/etc/ssh/sshd_config.d/02-nopasswd.conf
+++ b/neptunium/etc/ssh/sshd_config.d/02-nopasswd.conf
@ -0,0 +1 @@
+PasswordAuthentication no
--- a/neptunium/etc/systemd/system/3days@.timer
+++ b/neptunium/etc/systemd/system/3days@.timer
@ -0,0 +1,12 @@
+[Unit]
+Description=Runs service every 3 days for %i service
+
+[Timer]
+OnCalendar=*-*-1,3,6,9,12,15,18,21,24,27,30 00:00:00
+AccuracySec=6h
+RandomizedDelaySec=1h
+Persistent=true
+Unit=%i.service
+
+[Install]
+WantedBy=default.target
--- a/neptunium/etc/systemd/system/daily@.timer
+++ b/neptunium/etc/systemd/system/daily@.timer
@ -0,0 +1,12 @@
+[Unit]
+Description=Runs service daily for %i service
+
+[Timer]
+OnCalendar=daily
+AccuracySec=6h
+RandomizedDelaySec=1h
+Persistent=true
+Unit=%i.service
+
+[Install]
+WantedBy=default.target
--- a/neptunium/etc/systemd/system/helperbot@.service
+++ b/neptunium/etc/systemd/system/helperbot@.service
@ -0,0 +1,19 @@
+# The systemd unit for running helperbot via systemd
+# Automatically ran using timer services, ensure that body daily@.timer and 3days@.timer are also in /etc/systemd/systemd
+# Then do sudo systemctl daemon-reload
+#
+# Enable as so:
+# sudo systemctl enable {3days|daily}@helperbot@{<argument>}.timer
+#
+# For example, to create and start immediately:
+# sudo systemctl enable --now 3days@helperbot@--docker-cleanup.timer
+# sudo systemctl enable --now 3days@helperbot@--vacuum.timer
+# sudo systemctl enable --now daily@helperbot@--backup.timer
+# sudo systemctl enable --now daily@helperbot@--update-frontends.timer
+
+[Unit]
+Description=Synth.Download helperbot maintenance script
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/helperbot %i
--- a/neptunium/srv/docker/caddy/compose.yaml
+++ b/neptunium/srv/docker/caddy/compose.yaml
@ -0,0 +1,15 @@
+services:
+  caddy:
+    image: caddy:alpine
+    container_name: caddy
+    restart: unless-stopped
+    network_mode: host
+    cap_add:
+      - NET_ADMIN
+    volumes:
+      - /etc/caddy:/etc/caddy # configurations
+      - ./caddy_data:/data # internal caddy data
+      - ./caddy_config:/config # ^
+      - /srv/docker/mastodon/public:/srv/docker/mastodon/public # mastodon web frontend
+      - /var/www:/var/www # generic web system directory
+      - /var/log/caddy:/var/log/caddy # log directory
--- a/neptunium/srv/docker/postgres/compose.yaml
+++ b/neptunium/srv/docker/postgres/compose.yaml
@ -0,0 +1,21 @@
+services:
+  db:
+    # custom image for docker with pgroonga support
+    image: groonga/pgroonga:latest-alpine-17
+    restart: always
+    shm_size: 6GB
+    volumes:
+      - ./db:/var/lib/postgresql/data
+    networks:
+      - postgres_db
+    env_file:
+      - .env
+    healthcheck:
+      test: "pg_isready -U postgres -d postgres"
+      interval: 40s
+      retries: 20
+
+networks:
+  postgres_db:
+    name: postgres_db
+    driver: bridge
--- a/neptunium/srv/docker/postgres/psql.sh
+++ b/neptunium/srv/docker/postgres/psql.sh
@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+docker exec -it postgres-db-1 /bin/bash -c "psql -U postgres"