massive update i don't feel like noting what changed

helperbot

@@ -396,9 +396,7 @@ function system_backup {
         # =============================================================================
         # pull in any other common configs and secrets
         echo "${blue}Pulling in other configurations...${normal}"
-        mkdir -p $backup_working_directory/caddy
         mkdir -p $backup_working_directory/other/etc/secrets
-        cp -r $backup_local_folder/caddy $backup_working_directory/caddy
         cp -r /etc/secrets/* $backup_working_directory/other/etc/secrets/
         # =============================================================================
         # archive and compress everything
@@ -512,12 +510,12 @@ function system_backup {
         # =============================================================================
         # pull in any other common configs and secrets
         echo "${blue}Pulling in other configurations...${normal}"
-        mkdir -p $backup_working_directory/other/etc/caddy
+        mkdir -p $backup_working_directory/system/etc/caddy
-        mkdir -p $backup_working_directory/other/etc/secrets
+        mkdir -p $backup_working_directory/system/etc/secrets
-        mkdir -p $backup_working_directory/other/var/www/mta-sts/.well-known/
+        mkdir -p $backup_working_directory/system/var/www/mta-sts/.well-known/
-        cp /etc/caddy/Caddyfile $backup_working_directory/other/etc/caddy/Caddyfile
+        cp -r /etc/caddy/* $backup_working_directory/system/etc/caddy/
-        cp -r /etc/secrets/* $backup_working_directory/other/etc/secrets/
+        cp -r /etc/secrets/* $backup_working_directory/system/etc/secrets/
-        cp /var/www/mta-sts/.well-known/mta-sts.txt $backup_working_directory/other/var/www/mta-sts/.well-known
+        cp /var/www/mta-sts/.well-known/mta-sts.txt $backup_working_directory/system/var/www/mta-sts/.well-known
         # =============================================================================
         # archive and compress everything
         echo "${blue}Compressing everything into one archive...${normal}"

neptunium/etc/caddy/Caddyfile

@@ -1,13 +1,3 @@
-# ╭──────────────────────────────────────────────────────────╮
-# │        _                     _                           │
-# │  _ __ | |__   ___  ___ _ __ | |__   ___  _ __ _   _ ___  │
-# │ | '_ \| '_ \ / _ \/ __| '_ \| '_ \ / _ \| '__| | | / __| │
-# │ | |_) | | | | (_) \__ \ |_) | | | | (_) | |  | |_| \__ \ │
-# │ | .__/|_| |_|\___/|___/ .__/|_| |_|\___/|_|   \__,_|___/ │
-# │ |_|                   |_|                                │
-# ╰──────────────────────────────────────────────────────────╯
-# caddy configurations for phosphorus
-
 # =============================================================================
 
 # ╭────────────────────────────────╮
@@ -25,7 +15,7 @@
         output file /var/log/caddy/{args[0]} {
             roll_size 10MB
             roll_keep 1
-            roll_keep_for 120h # 3 days
+            roll_keep_for 120h
         }
     }
 }
@@ -45,8 +35,12 @@
 # ╰──────────────────────────╯
 
 {
-    email merp@merpmerp.merp
+    email synth@synth.download
     import log caddy
+    acme_dns porkbun {
+        api_key {env.PORKBUN_API_KEY}
+        api_secret_key {env.PORKBUN_API_SECRET_KEY}
+    }
 }
 
 # ╭───────────────────────────────────────────────────────────────────────────╮

neptunium/etc/caddy/sites-enabled/aoderelay

@@ -0,0 +1,7 @@
+relay.synth.download {
+    reverse_proxy http://192.168.1.73:19438
+
+    import common-settings
+    import log aoderelay
+    import robots-txt
+}

neptunium/etc/caddy/sites-enabled/fedi-frontends

@@ -1,27 +1,5 @@
-# mastodon (chuckya) frontend
-masto.beeping.synth.download, masto.booping.synth.download {
-    root * /var/www/fedi-frontends/chuckya-fe
-    file_server
-    try_files {path} /
-
-    handle_path /favicon.png {
-        root * /var/www/site/assets/synth.download/synth.png
-        file_server
-        import common-settings
-    }
-
-    handle_path /packs {
-        root * /var/www/fedi-frontends/chuckya-fe/packs
-        file_server
-        import common-settings
-    }
-
-    import common-settings
-    import log mastofe
-    import robots-txt
-}
-
 # akkoma fe for iceshrimp
+# (ONLY iceshrimp, not compatible with any other instance)
 akko.beeping.synth.download {
     # redirect api endpoints to iceshrimp
     @redir {
@@ -30,7 +8,7 @@ akko.beeping.synth.download {
         path /nodeinfo/*
     }
     handle @redir {
-        reverse_proxy 127.0.0.1:24042
+        reverse_proxy http://192.168.1.73:24042
         import common-settings
     }
 
@@ -61,8 +39,31 @@ akko.beeping.synth.download {
     import robots-txt
 }
 
+# mastodon (chuckya) frontend
+chuckya-fe.synth.download {
+    root * /var/www/fedi-frontends/chuckya-fe
+    file_server
+    try_files {path} /
+
+    handle_path /favicon.png {
+        root * /var/www/site/assets/synth.download/synth.png
+        file_server
+        import common-settings
+    }
+
+    handle_path /packs {
+        root * /var/www/fedi-frontends/chuckya-fe/packs
+        file_server
+        import common-settings
+    }
+
+    import common-settings
+    import log mastofe
+    import robots-txt
+}
+
 # phanpy
-phanpy.beeping.synth.download, phanpy.booping.synth.download {
+phanpy.synth.download {
     root * /var/www/fedi-frontends/phanpy
     file_server
     try_files {path} /
@@ -73,7 +74,7 @@ phanpy.beeping.synth.download, phanpy.booping.synth.download {
 }
 
 # pl-fe
-pl-fe.beeping.synth.download, pl-fe.booping.synth.download {
+pl-fe.synth.download {
     root * /var/www/fedi-frontends/pl-fe
     file_server
     try_files {path} /

neptunium/etc/caddy/sites-enabled/iceshrimp

@@ -0,0 +1,24 @@
+*.beeping.synth.download {
+    handle /.well-known/atproto-did {
+        rewrite * /.well-known/atproto-did?protocol=ap&id=%40{http.request.host.labels.3}%40beeping.synth.download
+
+        reverse_proxy https://fed.brid.gy {
+            header_up Host fed.brid.gy
+        }
+    }
+}
+
+beeping.synth.download {
+    reverse_proxy http://192.168.1.73:24042
+
+    # favicon stuff
+    handle_path /assets/synth.download/synth.png {
+        root * /var/www/site/assets/synth.download/synth.png
+        file_server
+        import common-settings
+    }
+
+    import common-settings
+    import log iceshrimp
+    import robots-txt
+}

neptunium/etc/caddy/sites-enabled/mastodon

@@ -1,3 +1,13 @@
+*.merping.synth.download {
+    handle /.well-known/atproto-did {
+        rewrite * /.well-known/atproto-did?protocol=ap&id=@{http.request.host.labels.3}@merping.synth.download
+
+        reverse_proxy https://fed.brid.gy {
+            header_up Host fed.brid.gy
+        }
+    }
+}
+
 merping.synth.download {
     @local {
         file
@@ -14,11 +24,11 @@ merping.synth.download {
         path_regexp ^/(emoji|packs|/system/accounts/avatars|/system/media_attachments/files)
     }
 
-    root * /srv/docker/mastodon/public
-
     handle_errors {
         rewrite 500.html
-        file_server
+        reverse_proxy http://192.168.1.73:42261 {
+            header_up Accept-Encoding identity
+        }
     }
 
     header {
@@ -28,16 +38,18 @@ merping.synth.download {
     header @cache_control Cache-Control "public, max-age=31536000, immutable"
 
     handle @local {
-        file_server
+        reverse_proxy http://192.168.1.73:42261 {
-    }
-
-    handle @streaming {
-        reverse_proxy 127.0.0.1:58834 {
             header_up Accept-Encoding identity
         }
     }
 
-    reverse_proxy 127.0.0.1:46098 {
+    handle @streaming {
+        reverse_proxy http://192.168.1.73:58834 {
+            header_up Accept-Encoding identity
+        }
+    }
+
+    reverse_proxy http://192.168.1.73:46098 {
         header_up Accept-Encoding identity
         header_up X-Forwarded-Port 443
 

neptunium/etc/caddy/sites-enabled/pds

@@ -1,13 +1,16 @@
 *.pds.synth.download, pds.synth.download {
     #root * /var/www/pds-dash
-    file_server
+    #file_server
+
+    # TEMP
+    reverse_proxy http://192.168.1.73:24318
 
     # since we utilize pds-dash to provide a proper "frontend" page for the pds, we need to manually redirect all known endpoints back to the pds
     # probably a better way to do this; haven't discovered it yet
-    reverse_proxy /xrpc/* 127.0.0.1:24318
+    reverse_proxy /xrpc/* http://192.168.1.73:24318
-    reverse_proxy /oauth/* 127.0.0.1:24318
+    reverse_proxy /oauth/* http://192.168.1.73:24318
-    reverse_proxy /.well-known/* 127.0.0.1:24318
+    reverse_proxy /.well-known/* http://192.168.1.73:24318
-    reverse_proxy /@atproto/* 127.0.0.1:24318
+    reverse_proxy /@atproto/* http://192.168.1.73:24318
 
     import common-settings
     import log pds

neptunium/etc/caddy/sites-enabled/sharkey

@@ -0,0 +1,38 @@
+*.booping.synth.download {
+    handle /.well-known/atproto-did {
+        rewrite * /.well-known/atproto-did?protocol=ap&id=%40{http.request.host.labels.3}%40booping.synth.download
+
+        reverse_proxy https://fed.brid.gy {
+            header_up Host fed.brid.gy
+        }
+    }
+}
+
+booping.synth.download {
+    import common-settings
+    import log sharkey
+    import robots-txt
+
+    @activity_pub `header({'Content-Type': 'application/activity+json*'}) || header({'Content-Type': 'application/ld+json*'}) || header({'Accept': 'application/activity+json*'}) || header({'Accept': 'application/ld+json*'})`
+
+    route {
+        # media service
+        reverse_proxy /files/* http://192.168.1.73:57378
+        reverse_proxy /avatar/* http://192.168.1.73:57378
+        reverse_proxy /url http://192.168.1.73:57378
+        reverse_proxy /twemoji-badge/* http://192.168.1.73:57378
+        reverse_proxy /identicon/* http://192.168.1.73:57378
+
+        # activitypub service
+        reverse_proxy @activity_pub http://192.168.1.73:47815
+        reverse_proxy /api/v2/search http://192.168.1.73:47815
+        reverse_proxy /api/admin/federation/refresh-remote-instance-metadata http://192.168.1.73:47815
+        reverse_proxy /api/notes/polls/refresh http://192.168.1.73:47815
+        reverse_proxy /api/federation/update-remote-user http://192.168.1.73:47815
+        reverse_proxy /api/ap/get http://192.168.1.73:47815
+        reverse_proxy /api/ap/show http://192.168.1.73:47815
+
+        # api + web frontend (+ general fallback)
+        reverse_proxy http://192.168.1.73:60628
+    }
+}

neptunium/etc/ssh/sshd_config.d/01-port.conf

@@ -0,0 +1 @@
+Port 6721

neptunium/etc/ssh/sshd_config.d/02-nopasswd.conf

@@ -0,0 +1 @@
+PasswordAuthentication no

neptunium/etc/systemd/system/3days@.timer

@@ -0,0 +1,12 @@
+[Unit]
+Description=Runs service every 3 days for %i service
+
+[Timer]
+OnCalendar=*-*-1,3,6,9,12,15,18,21,24,27,30 00:00:00
+AccuracySec=6h
+RandomizedDelaySec=1h
+Persistent=true
+Unit=%i.service
+
+[Install]
+WantedBy=default.target

neptunium/etc/systemd/system/daily@.timer

@@ -0,0 +1,12 @@
+[Unit]
+Description=Runs service daily for %i service
+
+[Timer]
+OnCalendar=daily
+AccuracySec=6h
+RandomizedDelaySec=1h
+Persistent=true
+Unit=%i.service
+
+[Install]
+WantedBy=default.target

neptunium/etc/systemd/system/helperbot@.service

@@ -0,0 +1,19 @@
+# The systemd unit for running helperbot via systemd
+# Automatically ran using timer services, ensure that body daily@.timer and 3days@.timer are also in /etc/systemd/systemd
+# Then do sudo systemctl daemon-reload
+#
+# Enable as so:
+# sudo systemctl enable {3days|daily}@helperbot@{<argument>}.timer
+#
+# For example, to create and start immediately:
+# sudo systemctl enable --now 3days@helperbot@--docker-cleanup.timer
+# sudo systemctl enable --now 3days@helperbot@--vacuum.timer
+# sudo systemctl enable --now daily@helperbot@--backup.timer
+# sudo systemctl enable --now daily@helperbot@--update-frontends.timer
+
+[Unit]
+Description=Synth.Download helperbot maintenance script
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/helperbot %i

neptunium/srv/docker/postgres/compose.yaml

@@ -0,0 +1,21 @@
+services:
+  db:
+    # custom image for docker with pgroonga support
+    image: groonga/pgroonga:latest-alpine-17
+    restart: always
+    shm_size: 6GB
+    volumes:
+      - ./db:/var/lib/postgresql/data
+    networks:
+      - postgres_db
+    env_file:
+      - .env
+    healthcheck:
+      test: "pg_isready -U postgres -d postgres"
+      interval: 40s
+      retries: 20
+
+networks:
+  postgres_db:
+    name: postgres_db
+    driver: bridge

neptunium/srv/docker/postgres/psql.sh

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+docker exec -it postgres-db-1 /bin/bash -c "psql -U postgres"

phosphorus/etc/caddy/sites-enabled/iceshrimp

@@ -1,14 +0,0 @@
-beeping.synth.download {
-    reverse_proxy 127.0.0.1:24042
-
-    # favicon stuff
-    handle_path /assets/synth.download/synth.png {
-        root * /var/www/site/assets/synth.download/synth.png
-        file_server
-        import common-settings
-    }
-
-    import common-settings
-    import log iceshrimp
-    import robots-txt
-}

phosphorus/etc/caddy/sites-enabled/sharkey

@@ -1,28 +0,0 @@
-booping.synth.download {
-    import common-settings
-    import log sharkey
-    import robots-txt
-
-	@activity_pub `header({'Content-Type': 'application/activity+json*'}) || header({'Content-Type': 'application/ld+json*'}) || header({'Accept': 'application/activity+json*'}) || header({'Accept': 'application/ld+json*'})`
-
-	route {
-		# media service
-		reverse_proxy /files/* 127.0.0.1:57378
-		reverse_proxy /avatar/* 127.0.0.1:57378
-		reverse_proxy /url 127.0.0.1:57378
-		reverse_proxy /twemoji-badge/* 127.0.0.1:57378
-		reverse_proxy /identicon/* 127.0.0.1:57378
-
-		# activitypub service
-		reverse_proxy @activity_pub 127.0.0.1:47815
-		reverse_proxy /api/v2/search 127.0.0.1:47815
-		reverse_proxy /api/admin/federation/refresh-remote-instance-metadata 127.0.0.1:47815
-		reverse_proxy /api/notes/polls/refresh 127.0.0.1:47815
-		reverse_proxy /api/federation/update-remote-user 127.0.0.1:47815
-		reverse_proxy /api/ap/get 127.0.0.1:47815
-		reverse_proxy /api/ap/show 127.0.0.1:47815
-
-		# api + web frontend (+ general fallback)
-		reverse_proxy 127.0.0.1:60628
-	}
-}

phosphorus/etc/systemd/system/helperbot@.service

@@ -9,6 +9,7 @@
 # sudo systemctl enable --now 3days@helperbot@--docker-cleanup.timer
 # sudo systemctl enable --now 3days@helperbot@--vacuum.timer
 # sudo systemctl enable --now daily@helperbot@--backup.timer
+# sudo systemctl enable --now daily@helperbot@--sync-blocklists.timer
 
 [Unit]
 Description=Synth.Download helperbot maintenance script

phosphorus/srv/docker/iceshrimp/compose.yaml

@@ -7,7 +7,7 @@ services:
       - db
       - ip6net
     ports:
-      - "127.0.0.1:24042:24042"
+      - "192.168.1.73:24042:24042"
     environment:
       - ICESHRIMP_CONFIG_OVERRIDES=/app/config/configuration.ini
     volumes:

phosphorus/srv/docker/mastodon/.env

@@ -39,7 +39,11 @@ FETCH_REPLIES_MAX_GLOBAL=1000
 FETCH_REPLIES_MAX_SINGLE=500
 FETCH_REPLIES_MAX_PAGES=500
 
+# enable experimental quotes
+EXPERIMENTAL_FEATURES=inbound_quotes,outgoing_quotes
+
 # tell federation to use more cores
 SIDEKIQ_CONCURRENCY=20
+WEB_CONCURRENCY=4
 
 GITHUB_REPOSITORY=melontini/mastodon

phosphorus/srv/docker/mastodon/compose.yaml

@@ -14,7 +14,7 @@ services:
     healthcheck:
       test: ['CMD-SHELL',"curl -s --noproxy localhost localhost:3000/health | grep -q 'OK' || exit 1"]
     ports:
-      - "127.0.0.1:46098:3000"
+      - "192.168.1.73:46098:3000"
     depends_on:
       dragonfly:
         condition: service_healthy
@@ -36,7 +36,20 @@ services:
     healthcheck:
       test: ['CMD-SHELL', "curl -s --noproxy localhost localhost:4000/api/v1/streaming/health | grep -q 'OK' || exit 1"]
     ports:
-      - "127.0.0.1:58834:4000"
+      - "192.168.1.73:58834:4000"
+    depends_on:
+      dragonfly:
+        condition: service_healthy
+
+  ingress:
+    image: ghcr.io/melontini/mastodon-ingress:nightly
+    restart: always
+    env_file:
+      - .env.secrets
+      - .env
+    networks:
+      - masto
+      - db
     depends_on:
       dragonfly:
         condition: service_healthy
@@ -69,7 +82,7 @@ services:
     networks:
       - masto
     environment:
-      # these envvars are important to make dfdb act as closely as possible to redis for properly saving and loading data
+      # these envvars are important in order for dragonflydb/misskey to interact with each other properly, and to load and save all data properly
       DFLY_snapshot_cron: '* * * * *'
       DFLY_version_check: false
       DFLY_default_lua_flags: allow-undeclared-keys
@@ -129,6 +142,17 @@ services:
       interval: 5s
       retries: 20
 
+  # used to passthrough web files via local network
+  darkhttpd:
+    image: p3terx/darkhttpd
+    restart: unless-stopped
+    ports:
+      - "192.168.1.73:42261:80"
+    volumes:
+      - ./public/system:/mastodon/public/system
+    command:
+      - "/mastodon/public/system"
+
   # tor is a wip - consider setting up later
   ## Uncomment to enable federation with tor instances along with adding the following ENV variables
   ## http_hidden_proxy=http://privoxy:8118

phosphorus/srv/docker/pds/.env

@@ -10,5 +10,5 @@ PDS_BSKY_APP_VIEW_URL=https://api.bsky.app
 PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app
 PDS_REPORT_SERVICE_URL=https://mod.bsky.app
 PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
-PDS_CRAWLERS=https://bsky.network
+PDS_CRAWLERS=https://bsky.network,https://relay.cerulea.blue,https://relay.fire.hose.cam,https://relay2.fire.hose.cam,https://relay3.fr.hose.cam,https://atproto.africa
 LOG_ENABLED=true

phosphorus/srv/docker/pds/compose.yaml

@@ -4,7 +4,7 @@ services:
     image: ghcr.io/bluesky-social/pds:latest
     restart: unless-stopped
     ports:
-      - "127.0.0.1:24318:3000"
+      - "192.168.1.73:24318:3000"
     networks:
       - ip6net
     volumes:

phosphorus/srv/docker/postgres/compose.yaml

@@ -8,6 +8,7 @@ services:
       - ./db:/var/lib/postgresql/data
     networks:
       - postgres_db
+    # default user values
     env_file:
       - .env
     healthcheck:

phosphorus/srv/docker/sharkey/compose.yaml

@@ -12,10 +12,10 @@
 services:
   # api obviously handles most api endpoints, as well as serving the web frontend
   api:
-    image: registry.activitypub.software/transfem-org/sharkey:latest
+    image: registry.activitypub.software/transfem-org/sharkey:develop
     restart: always
     ports:
-      - "127.0.0.1:60628:3001"
+      - "192.168.1.73:60628:3001"
     networks:
       - ip6net
       - db
@@ -34,7 +34,7 @@ services:
 
   # queue/process handling. basically the actual backend
   worker:
-    image: registry.activitypub.software/transfem-org/sharkey:latest
+    image: registry.activitypub.software/transfem-org/sharkey:develop
     restart: always
     networks:
       - db
@@ -52,10 +52,10 @@ services:
 
   # handles federation/activitypub requests
   activity:
-    image: registry.activitypub.software/transfem-org/sharkey:latest
+    image: registry.activitypub.software/transfem-org/sharkey:develop
     restart: always
     ports:
-      - "127.0.0.1:47815:3002"
+      - "192.168.1.73:47815:3002"
     networks:
       - ip6net
       - db
@@ -75,10 +75,10 @@ services:
 
   # handles media/reverse proxy (/files/*)
   media:
-    image: registry.activitypub.software/transfem-org/sharkey:latest
+    image: registry.activitypub.software/transfem-org/sharkey:develop
     restart: always
     ports:
-      - "127.0.0.1:57378:3003"
+      - "192.168.1.73:57378:3003"
     networks:
       - ip6net
       - db

phosphorus/srv/docker/sharkey/default.yml

@@ -101,8 +101,8 @@ db:
 
   # Auth
   # You can set user and pass from environment variables instead.
-  user: example-misskey-user
+  #user: example-misskey-user
-  pass: example-misskey-pass
+  #pass: example-misskey-pass
 
   ## Log a warning to the server console if any query takes longer than this to complete.
   ## Measured in milliseconds; set to 0 to disable. (default: 300)
@@ -309,6 +309,10 @@ maxRemoteCwLength: 5000
 maxAltTextLength: 100000
 # Amount of characters that will be saved for remote media descriptions (alt text). Longer descriptions will be truncated to this length. (minimum: 1)
 maxRemoteAltTextLength: 100000
+# Amount of characters that can be used when writing user bios. Longer descriptions will be rejected. (minimum: 1)
+maxBioLength: 2048
+# Amount of characters that will be saved for remote user bios. Longer descriptions will be truncated to this length. (minimum: 1)
+maxRemoteBioLength: 10000
 
 # Proxy for HTTP/HTTPS
 #proxy: http://127.0.0.1:3128