Added back config-files that were lost.
This commit is contained in:
Raphaël Billet
@@ -0,0 +1,8 @@
|
|||||||
|
persistence true
|
||||||
|
persistence_location /mosquitto/data/
|
||||||
|
log_dest file /mosquitto/log/mosquitto.log
|
||||||
|
listener 1883
|
||||||
|
|
||||||
|
## Authentication ##
|
||||||
|
allow_anonymous false
|
||||||
|
password_file /mosquitto/config/password.txt
|
||||||
@@ -0,0 +1,20 @@
|
|||||||
|
http:
|
||||||
|
middlewares:
|
||||||
|
passbolt:
|
||||||
|
headers:
|
||||||
|
FrameDeny: true
|
||||||
|
AccessControlAllowMethods: 'GET,OPTIONS,PUT'
|
||||||
|
AccessControlAllowOriginList:
|
||||||
|
- origin-list-or-null
|
||||||
|
AccessControlMaxAge: 100
|
||||||
|
AddVaryHeader: true
|
||||||
|
BrowserXssFilter: true
|
||||||
|
ContentTypeNosniff: true
|
||||||
|
ForceSTSHeader: true
|
||||||
|
STSIncludeSubdomains: true
|
||||||
|
STSPreload: true
|
||||||
|
ContentSecurityPolicy: default-src 'self' 'unsafe-inline'
|
||||||
|
CustomFrameOptionsValue: SAMEORIGIN
|
||||||
|
ReferrerPolicy: same-origin
|
||||||
|
PermissionsPolicy: vibrate 'self'
|
||||||
|
STSSeconds: 315360000
|
||||||
@@ -0,0 +1,41 @@
|
|||||||
|
http:
|
||||||
|
routers:
|
||||||
|
nextcloud:
|
||||||
|
rule: "Host(`nextcloud.${DOMAIN_NAME}`)"
|
||||||
|
entrypoints:
|
||||||
|
- "websecure"
|
||||||
|
service: nextcloud
|
||||||
|
middlewares:
|
||||||
|
- nextcloud-chain
|
||||||
|
tls:
|
||||||
|
certresolver: "cloudflare"
|
||||||
|
|
||||||
|
services:
|
||||||
|
nextcloud:
|
||||||
|
loadBalancer:
|
||||||
|
servers:
|
||||||
|
- url: "http://nextcloud-aio-apache:11000"
|
||||||
|
|
||||||
|
middlewares:
|
||||||
|
nextcloud-secure-headers:
|
||||||
|
headers:
|
||||||
|
hostsProxyHeaders:
|
||||||
|
- "X-Forwarded-Host"
|
||||||
|
referrerPolicy: "same-origin"
|
||||||
|
BrowserXssFilter: true
|
||||||
|
ContentTypeNosniff: true
|
||||||
|
ForceSTSHeader: true
|
||||||
|
STSIncludeSubdomains: true
|
||||||
|
STSPreload: true
|
||||||
|
STSSeconds: 315360000
|
||||||
|
|
||||||
|
https-redirect:
|
||||||
|
redirectscheme:
|
||||||
|
scheme: https
|
||||||
|
|
||||||
|
nextcloud-chain:
|
||||||
|
chain:
|
||||||
|
middlewares:
|
||||||
|
# - ... (e.g. rate limiting middleware)
|
||||||
|
- https-redirect
|
||||||
|
- nextcloud-secure-headers
|
||||||
@@ -0,0 +1,12 @@
|
|||||||
|
tls:
|
||||||
|
options:
|
||||||
|
default:
|
||||||
|
minVersion: VersionTLS12
|
||||||
|
sniStrict: true
|
||||||
|
curvePreferences:
|
||||||
|
- CurveP521
|
||||||
|
- CurveP384
|
||||||
|
cipherSuites:
|
||||||
|
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||||
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||||
|
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
@@ -0,0 +1,54 @@
|
|||||||
|
global:
|
||||||
|
checkNewVersion: false
|
||||||
|
sendAnonymousUsage: false
|
||||||
|
|
||||||
|
# - level: [TRACE, DEBUG, INFO, WARN, ERROR, FATAL]
|
||||||
|
log:
|
||||||
|
level: ERROR
|
||||||
|
|
||||||
|
accesslog: {}
|
||||||
|
|
||||||
|
api:
|
||||||
|
dashboard: true
|
||||||
|
insecure: true
|
||||||
|
|
||||||
|
entryPoints:
|
||||||
|
web:
|
||||||
|
address: :80
|
||||||
|
http:
|
||||||
|
redirections:
|
||||||
|
entryPoint:
|
||||||
|
to: websecure
|
||||||
|
scheme: https
|
||||||
|
websecure:
|
||||||
|
address: :443
|
||||||
|
forwardedHeaders:
|
||||||
|
trustedIPs:
|
||||||
|
# Local IPs
|
||||||
|
- "127.0.0.1/32"
|
||||||
|
- "10.0.0.0/8"
|
||||||
|
- "192.168.0.0/16"
|
||||||
|
- "172.16.0.0/12"
|
||||||
|
|
||||||
|
certificatesResolvers:
|
||||||
|
cloudflare:
|
||||||
|
acme:
|
||||||
|
email: ${EMAIL_ADDRESS}
|
||||||
|
storage: /var/traefik/certs/cloudflare-acme.json
|
||||||
|
caServer: "https://acme-v02.api.letsencrypt.org/directory"
|
||||||
|
dnsChallenge:
|
||||||
|
provider: cloudflare
|
||||||
|
resolvers:
|
||||||
|
- "1.1.1.1:53"
|
||||||
|
- "9.9.9.9:53"
|
||||||
|
|
||||||
|
serversTransport:
|
||||||
|
insecureSkipVerify: true
|
||||||
|
|
||||||
|
providers:
|
||||||
|
docker:
|
||||||
|
exposedByDefault: false
|
||||||
|
network: nextcloud-aio, passbolt_frontend, pihole, hass_frontend, immich_frontend
|
||||||
|
file:
|
||||||
|
directory: "/etc/traefik/conf/"
|
||||||
|
watch: true
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
#!/usr/bin/env nix-shell
|
#!/usr/bin/env nix-shell
|
||||||
#!nix-shell -i bash -p gum openssl sops ssh-to-age age sshpass envsubst pciutils usbutils
|
#!nix-shell -i bash -p gum openssl sops ssh-to-age age sshpass envsubst pciutils usbutils mosquitto
|
||||||
|
|
||||||
prerun_action() {
|
prerun_action() {
|
||||||
echo -e "$1"
|
echo -e "$1"
|
||||||
@@ -161,11 +161,11 @@ files_generation() {
|
|||||||
echo -e "\n\n ✅ Generating necessary folder tree..."
|
echo -e "\n\n ✅ Generating necessary folder tree..."
|
||||||
mkdir -p extra-files/var/lib/sops-nix/
|
mkdir -p extra-files/var/lib/sops-nix/
|
||||||
mkdir -p extra-files/etc/nixos/secrets/
|
mkdir -p extra-files/etc/nixos/secrets/
|
||||||
mkdir -p extra-files/mnt/config-storage/traefik/config/conf
|
mkdir -p extra-files/mnt/config-storage/traefik/config/conf/
|
||||||
mkdir -p extra-files/mnt/config-storage/hass/mqtt/config
|
mkdir -p extra-files/mnt/config-storage/hass/mqtt/config/
|
||||||
mkdir -p extra-files/mnt/config-storage/hass/mqtt/data
|
mkdir -p extra-files/mnt/config-storage/hass/mqtt/data/
|
||||||
mkdir -p extra-files/mnt/data-storage/nextcloud
|
mkdir -p extra-files/mnt/data-storage/nextcloud/
|
||||||
mkdir -p extra-files/mnt/data-storage/immich
|
mkdir -p extra-files/mnt/data-storage/immich/
|
||||||
|
|
||||||
echo -e "\n\n ✅ Generating sops-nix keys..."
|
echo -e "\n\n ✅ Generating sops-nix keys..."
|
||||||
ssh-to-age -private-key -i extra-files/home/numbus-admin/.ssh/id_ed25519 > extra-files/var/lib/sops-nix/key.txt
|
ssh-to-age -private-key -i extra-files/home/numbus-admin/.ssh/id_ed25519 > extra-files/var/lib/sops-nix/key.txt
|
||||||
@@ -231,14 +231,14 @@ files_generation() {
|
|||||||
done
|
done
|
||||||
|
|
||||||
echo -e "\n\n ✅ Writing docker configuration files..."
|
echo -e "\n\n ✅ Writing docker configuration files..."
|
||||||
envsubst < config-files/traefik/headers.yaml > extra-files/mnt/config-storage/traefik/config/conf/headers.yaml
|
envsubst < config-files/docker/traefik/headers.yaml > extra-files/mnt/config-storage/traefik/config/conf/headers.yaml
|
||||||
envsubst < config-files/traefik/nextcloud.yaml > extra-files/mnt/config-storage/traefik/config/conf/nextcloud.yaml
|
envsubst < config-files/docker/traefik/nextcloud.yaml > extra-files/mnt/config-storage/traefik/config/conf/nextcloud.yaml
|
||||||
envsubst < config-files/traefik/tls.yaml > extra-files/mnt/config-storage/traefik/config/conf/tls.yaml
|
envsubst < config-files/docker/traefik/tls.yaml > extra-files/mnt/config-storage/traefik/config/conf/tls.yaml
|
||||||
envsubst < config-files/traefik/traefik.yaml > extra-files/mnt/config-storage/traefik/config/traefik.yaml
|
envsubst < config-files/docker/traefik/traefik.yaml > extra-files/mnt/config-storage/traefik/config/traefik.yaml
|
||||||
envsubst < config-files/hass/mosquitto.conf > extra-files/mnt/config-storage/hass/mqtt/config/mosquitto.conf
|
envsubst < config-files/docker/hass/mosquitto.conf > extra-files/mnt/config-storage/hass/mqtt/config/mosquitto.conf
|
||||||
touch extra-files/mnt/config-storage/hass/mqtt/config/password.txt
|
touch extra-files/mnt/config-storage/hass/mqtt/config/password.txt
|
||||||
chmod 0700 extra-files/mnt/config-storage/hass/mqtt/config/password.txt
|
chmod 0700 extra-files/mnt/config-storage/hass/mqtt/config/password.txt
|
||||||
nix shell nixpkgs#mosquitto -c mosquitto_passwd -b extra-files/mnt/config-storage/hass/mqtt/config/password.txt $HOME_ASSISTANT_MQTT_USER $HOME_ASSISTANT_MQTT_PASSWORD
|
mosquitto_passwd -b extra-files/mnt/config-storage/hass/mqtt/config/password.txt $HOME_ASSISTANT_MQTT_USER $HOME_ASSISTANT_MQTT_PASSWORD
|
||||||
}
|
}
|
||||||
|
|
||||||
disk_config_generation() {
|
disk_config_generation() {
|
||||||
|
|||||||
Reference in New Issue
Block a user