firscleancommit

2026-04-13 16:50:34 +02:00
commit ff7c79409a
4 changed files with 175 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,55 @@
 ./data
 ./git
 *.save
 # -------------------------
 # SSH private keys
 # -------------------------
 id_*
 *.pem
 *.key
 *.private
 # -------------------------
 # SSH runtime files
 # -------------------------
 authorized_keys
 known_hosts
 known_hosts.old
 # -------------------------
 # Agent / sockets
 # -------------------------
 ssh-agent*
 *.sock
 # -------------------------
 # Backup / temp
 # -------------------------
 *.bak
 *.tmp
 *.swp
 *~
 # -------------------------
 # Logs
 # -------------------------
 *.log
 # -------------------------
 # OS files
 # -------------------------
 .DS_Store
 Thumbs.db
 # -------------------------
 # Editors
 # -------------------------
 .vscode/
 .idea/
 # -------------------------
 # Git safety
 # -------------------------
 .env
 *.env
 *.secret
--- a/80
+++ b/80
@@ -0,0 +1,80 @@
 {
 	email {$ACME_EMAIL}
 }
 ### FUNKSJONER ###
 (remote-ip) {
 	@internal remote_ip 10.10.10.0/24 127.0.0.1/8
 	@external remote_ip 0.0.0.0/0
 }
 (common-auth) {
 	basicauth {
 		tvh {$HASH}
 	}
 }
 (rate-limit) {
 	rate_limit {
 		zone git_zone {
 			key {remote_host}
 			events 30
 			window 10s
 		}
 	}
 }
 (read-only) {
 	@readonly {
 		method POST PUT DELETE PATCH
 	}
 	respond @readonly 403
 }
 ### TJENESTER ###
 git.{$DOMENESHOP_DNS} {
 	import remote-ip
 	handle @external {
 		import rate-limit
 		reverse_proxy gitea:3000
 	}
 }
 lms.home.{$DOMENESHOP_DNS}  {
 	tls internal
 	import remote-ip
 	handle @internal {
 		reverse_proxy lms:9000        
 	}
 	respond "Forbidden" 403
 }
 pihole.home.{$DOMENESHOP_DNS} {
 	tls internal
 	import remote-ip
 	handle @internal {
 		redir / /admin
 		reverse_proxy pihole:80
 	}
 }
 nextcloud.{$DOMENESHOP_DNS}  {
 	import remote-ip
 	handle @external {
 		import rate-limit
 		encode gzip zstd
 		reverse_proxy nextcloud-app:80
 	}
 }
 portainer.{$DOMENESHOP_DNS} {
 	import remote-ip
 	handle @external {
 		import common-auth
 		import rate-limit
 		import read-only
 		reverse_proxy portainer:9000
 	}
 	respond "Forbidden" 403
 }
 portainer.home.{$DOMENESHOP_DNS} {
 	import remote-ip
 	handle @internal {
 		reverse_proxy portainer:9000
 	}
        respond "Forbidden" 403
 }
--- a/10
+++ b/10
@@ -0,0 +1,10 @@
 FROM caddy:2-builder AS builder
 RUN --mount=type=cache,target=/go/pkg/mod \
    --mount=type=cache,target=/root/.cache/go-build \
    xcaddy build \
    --with github.com/mholt/caddy-ratelimit
 FROM caddy:2
 COPY --from=builder /usr/bin/caddy /usr/bin/caddy
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -0,0 +1,30 @@
 services:
  caddy:
    build: .
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    env_file:
      - .env
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - caddy_data:/data
      - caddy_config:/config
    networks:
      - proxy_net
      - edge_net
      - proxy_swarm
 networks:
  proxy_net:
    external: true
  edge_net:
    external: true
  proxy_swarm:
    external: true
 volumes:
  caddy_data:
  caddy_config: