transparency confs

This commit is contained in:
nihilist 2024-02-26 11:04:02 +01:00
parent abafa05438
commit 4c961648ae
60 changed files with 3374 additions and 0 deletions

View File

@ -0,0 +1,14 @@
version: '3'
services:
anonymousoverflow:
container_name: 'app'
build:
context: .
environment:
- APP_URL=https://overflow.datura.network
- JWT_SIGNING_SECRET=nkjjijoijfeioijjfze
ports:
- '127.0.0.1:8081:8080'
restart: 'always'

View File

@ -0,0 +1,21 @@
server {
listen 443 ssl;
server_name overflow.datura.network;
ssl_certificate /root/.acme.sh/overflow.datura.network/overflow.datura.network.cer;
ssl_certificate_key /root/.acme.sh/overflow.datura.network/overflow.datura.network.key;
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name overflow.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://overflow.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost:8081;
}
}

View File

@ -0,0 +1,19 @@
version: '3.3'
services:
binternet:
container_name: binternet
image: ghcr.io/ahwxorg/binternet:latest
ports:
- '127.0.0.1:8861:80'
networks:
- binternet
networks:
binternet:
driver: bridge
ipam:
config:
- subnet: 172.16.55.0/24

View File

@ -0,0 +1,40 @@
server {
listen 80;
listen [::]:80;
server_name binternet.datura.network;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name binternet.datura.network;
ssl_certificate /root/.acme.sh/binternet.datura.network/binternet.datura.network.cer;
ssl_certificate_key /root/.acme.sh/binternet.datura.network/binternet.datura.network.key;
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name binternet.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://binternet.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
add_header X-Content-Type-Options "nosniff";
#add_header Content-Security-Policy "default-src 'self';";
location / {
proxy_pass http://localhost:8861;
}
}

View File

@ -0,0 +1,67 @@
version: '3'
services:
web:
container_name: proxitok-web
image: ghcr.io/pablouser1/proxitok:master
restart: unless-stopped
ports:
- 127.0.0.1:8083:8080
environment:
- LATTE_CACHE=/cache
- API_CACHE=redis
- REDIS_HOST=proxitok-redis
- REDIS_PORT=6379
- API_SIGNER=remote
- API_SIGNER_URL=http://proxitok-signer:8080/signature
volumes:
- proxitok-cache:/cache
depends_on:
- redis
- signer
networks:
- proxitok
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
redis:
container_name: proxitok-redis
image: redis:7-alpine
command: redis-server --save 60 1 --loglevel warning
restart: unless-stopped
networks:
- proxitok
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
tmpfs:
- /data:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
cap_drop:
- ALL
signer:
container_name: proxitok-signer
image: ghcr.io/pablouser1/signtok:master
#init: true
networks:
- proxitok
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
volumes:
proxitok-cache:
networks:
proxitok:

View File

@ -0,0 +1,42 @@
server {
listen 443 ssl;
server_name cringe.datura.network;
ssl_certificate /root/.acme.sh/cringe.datura.network/cringe.datura.network.cer;
ssl_certificate_key /root/.acme.sh/cringe.datura.network/cringe.datura.network.key;
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name cringe.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://cringe.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
#ssl_stapling on;
ssl_stapling_verify on;
# Security Headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' blob: video.twimg.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
location / {
proxy_pass http://localhost:8083;
}
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
}

View File

@ -0,0 +1,8 @@
#invidious cronjobs
0 0,6,12,18 * * * docker-compose -f /srv/invidious/docker-compose.yml stop ; docker-compose -f /srv/invidious/docker-compose.yml up -d
#@hourly docker-compose -f /srv/invidious/docker-compose.yml stop ; docker-compose -f /srv/invidious/docker-compose.yml up -d
@weekly docker-compose -f /srv/invidious/docker-compose.yml down --remove-orphans ; cp /srv/invidious/docker-compose.yml /srv/invidious.docker-compose.yml.backup ; git -C /srv/invidious reset --hard; git -C /srv/invidious pull ; cp /srv/invidious.docker-compose.yml.backup /srv/invidious/docker-compose.yml ; docker image prune -f ; docker-compose -f /srv/invidious/docker-compose.yml pull ;docker-compose -f /srv/invidious/docker-compose.yml up -d --build --force-recreate # monthly invidious upgrade!
@daily /usr/bin/python3 /srv/smart-ipv6-rotator/smart-ipv6-rotator.py clean ; /usr/bin/python3 /srv/smart-ipv6-rotator/smart-ipv6-rotator.py run --ipv6range="IPV6RANGE::/64"

View File

@ -0,0 +1,156 @@
# Warning: This docker-compose file is made for development purposes.
# Using it will build an image from the locally cloned repository.
#
# If you want to use Invidious in production, see the docker-compose.yml file provided
# in the installation documentation: https://docs.invidious.io/installation/
version: "3"
services:
ipv6nat:
container_name: ipv6nat
privileged: true
network_mode: host
restart: unless-stopped
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
- '/lib/modules:/lib/modules:ro'
image: robbertkl/ipv6nat
invidious:
build:
context: .
dockerfile: docker/Dockerfile
restart: unless-stopped
networks:
- invidious
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
ports:
- "127.0.0.1:3000:3000"
environment:
# Please read the following file for a comprehensive list of all available
# configuration options and their associated syntax:
# https://github.com/iv-org/invidious/blob/master/config/config.example.yml
INVIDIOUS_CONFIG: |
db:
dbname: invidious
user: kemal
password: kemal
host: invidious-db
port: 5432
check_tables: true
external_port: 443
domain: iv.datura.network
https_only: true
registration_enabled: true
login_enabled: true
statistics_enabled: true
hmac_key: "aeazhoiuéhouhorhnohnhr"
force_resolve: ipv6
banner: '<p><b>Datura Network</b> - <a style="color: orange;" href="https://github.com/iv-org/smart-ipv6-rotator"><u>IPv6 rotating instance</u></a> - <b><a style="color: purple;" href="http://iv.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/"><u>Onion Link</u></a></b> - <a style="color: green;" href="https://matrix.to/#/#nihilism:m.datura.network"><u>Matrix Chat</u></a> - Local Proxying + Dash by default (since 02/11/2023) </p> <p style="font-size: 14px;"> Donate Monero: <span style="color: orange;"> 82w95Xt27wfSLW1UzK48LrXDWngZr4FJ3gYqUVxQ9inQC2JReT81DesKmjcMWWbiBT4k517UwshY53aDPFuvE8AZ1EnYJZu</span> (Yearly server costs: 400€) </p>'
#banner: '<p><b>Datura Network</b> - <b><a style="color: red;">Test Instance (With Registrations) </a></b> - Local Proxying + DASH by default </p> <p style="font-size: 14px;"> Donate Monero: <span style="color: orange;"> 82w95Xt27wfSLW1UzK48LrXDWngZr4FJ3gYqUVxQ9inQC2JReT81DesKmjcMWWbiBT4k517UwshY53aDPFuvE8AZ1EnYJZu</span> </p>'
default_user_preferences:
dark_mode: "dark"
default_home: "Search"
popular_enabled: true
feed_menu: ["Subscriptions", "Playlists"]
autoplay: true
continue: true
continue_autoplay: true
#local: false
local: true
#quality: 720p
quality: dash
quality_dash: auto
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
interval: 30s
timeout: 5s
retries: 2
invidious-tor:
build:
context: .
dockerfile: docker/Dockerfile
restart: unless-stopped
networks:
- invidious
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
ports:
- "127.0.0.1:3002:3000"
environment:
# Please read the following file for a comprehensive list of all available
# configuration options and their associated syntax:
# https://github.com/iv-org/invidious/blob/master/config/config.example.yml
INVIDIOUS_CONFIG: |
db:
dbname: invidious
user: kemal
password: kemal
host: invidious-db
port: 5432
check_tables: true
external_port: 443
domain: iv.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
https_only: false
registration_enabled: true
login_enabled: true
statistics_enabled: true
hmac_key: "ejajezaouhfouhoouhfohaeo"
force_resolve: ipv6
banner: '<p><b>Datura Network</b> - <a style="color: orange;" href="https://github.com/iv-org/smart-ipv6-rotator"><u>IPv6 rotating instance</u></a> - <b><a style="color: purple;" href="http://iv.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/"><u>Onion Link</u></a></b> - <a style="color: green;" href="https://matrix.to/#/#nihilism:m.datura.network"><u>Matrix Chat</u></a> - Local Proxying + Dash by default (since 02/11/2023) </p> <p style="font-size: 14px;"> Donate Monero: <span style="color: orange;"> 82w95Xt27wfSLW1UzK48LrXDWngZr4FJ3gYqUVxQ9inQC2JReT81DesKmjcMWWbiBT4k517UwshY53aDPFuvE8AZ1EnYJZu</span> (Yearly server costs: 400€) </p>'
default_user_preferences:
dark_mode: "dark"
default_home: "Search"
popular_enabled: true
feed_menu: ["Subscriptions", "Playlists"]
autoplay: true
continue: true
continue_autoplay: true
#local: false
local: true
#quality: 720p
quality: dash
quality_dash: auto
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
interval: 30s
timeout: 5s
retries: 2
invidious-db:
image: docker.io/library/postgres:14
restart: unless-stopped
networks:
- invidious
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
volumes:
- postgresdata:/var/lib/postgresql/data
- ./config/sql:/config/sql
- ./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
environment:
POSTGRES_DB: invidious
POSTGRES_USER: kemal
POSTGRES_PASSWORD: kemal
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
volumes:
postgresdata:
networks:
invidious:
enable_ipv6: true
ipam:
config:
- subnet: fd00:dead:beec::/48

View File

@ -0,0 +1,33 @@
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
######## TOR CHANGES ########
#listen 4443;
#listen [::]:4443;
#server_name iv.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://iv.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
server_name iv.datura.network;
access_log off;
error_log /var/log/nginx/error.log crit;
ssl_certificate /root/.acme.sh/iv.datura.network/fullchain.cer;
ssl_certificate_key /root/.acme.sh/iv.datura.network/iv.datura.network.key;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host; # so Invidious knows domain
proxy_http_version 1.1; # to keep alive
proxy_set_header Connection ""; # to keep alive
}
if ($https = '') { return 301 https://$host$request_uri; } # if not connected to HTTPS, perma-redirect to HTTPS
}

View File

@ -0,0 +1,29 @@
server {
listen 443;
listen [::]:443;
server_name iv.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
if ($https != '') { return 301 http://$host$request_uri; } # if not connected to HTTP, perma-redirect to HTTP
}
server {
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name iv.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://iv.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
access_log off;
error_log /var/log/nginx/error.log crit;
location / {
proxy_pass http://127.0.0.1:3002;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host; # so Invidious knows domain
proxy_http_version 1.1; # to keep alive
proxy_set_header Connection ""; # to keep alive
}
if ($https != '') { return 301 http://$host$request_uri; } # if not connected to HTTP, perma-redirect to HTTP
}

View File

@ -0,0 +1,16 @@
debug = true
source_code = "https://github.com/realaravinth/libmedium"
#cache = "/var/lib/libmedium"
[server]
# The port at which you want authentication to listen to
# takes a number, choose from 1000-10000 if you dont know what you are doing
port = 7000
#IP address. Enter 0.0.0.0 to listen on all availale addresses
ip= "0.0.0.0"
# enter your hostname, eg: example.com
domain = "localhost"
allow_registration = true
proxy_has_tls = false
#workers = 2

View File

@ -0,0 +1,10 @@
version: "3"
services:
libmedium:
image: realaravinth/libmedium:latest
restart: unless-stopped
ports:
- "127.0.0.1:8854:7000"
volumes:
- ./config/default.toml:/etc/libmedium/config.toml

View File

@ -0,0 +1,53 @@
server {
listen 80;
listen [::]:80;
server_name libmedium.datura.network;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name libmedium.datura.network;
ssl_certificate /root/.acme.sh/libmedium.datura.network/fullchain.cer;
ssl_certificate_key /root/.acme.sh/libmedium.datura.network/libmedium.datura.network.key;
ssl_dhparam /root/.acme.sh/dhparam.pem;
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name libmedium.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://libmedium.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
# SSL Settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /root/.acme.sh/libmedium.datura.network/fullchain.cer;
resolver 1.1.1.1 208.67.222.222;
add_header Strict-Transport-Security "max-age=63072000" always;
add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
add_header X-Content-Type-Options "nosniff";
add_header Content-Security-Policy "default-src 'self';";
location / {
proxy_pass http://localhost:8854;
}
}

View File

@ -0,0 +1,52 @@
# docker-compose.yml
version: '3'
services:
libremdb:
container_name: libremdb
build:
context: .
dockerfile: Dockerfile
ports:
- "127.0.0.1:8864:3000"
env_file: .env.local.example
depends_on:
- libremdb-redis
restart: always
user: 65534:65534 # equivalent to the nobody user
read_only: true
tmpfs:
- /opt/app/.next/cache/:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
networks:
- libremdb
libremdb-redis:
container_name: libremdb_redis
image: redis
# FOR DEBUGGING ONLY
# ports:
# - "6379:6379"
restart: always
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
tmpfs:
- /data:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
cap_drop:
- ALL
networks:
- libremdb
networks:
libremdb:
driver: bridge
ipam:
config:
- subnet: 172.16.57.0/24

View File

@ -0,0 +1,45 @@
################################################################################
### PLEASE FILL/ENABLE REQUIRED VARS AT LEAST BEFORE RUNNING THE APPLICATION ###
################################################################################
################################################################################
### 1. REQUIRED VARS(site may not work as expected without these).
################################################################################
## used for meta tags. e.g: 'https://libremdb.iket.me'. don't add end slash.
NEXT_PUBLIC_URL= https://libremdb.datura.network
## used when fetching data from IMDb. not adding these could result in not getting any response.
## example useragent header: 'Mozilla/5.0 (X11; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0'
AXIOS_USERAGENT=Mozilla/5.0 (X11; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0
## example accept header: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8'
AXIOS_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
################################################################################
### 2. OPTIONAL VARS(enabling these is encouraged)
################################################################################
## for forcing a certain language for data we get from imdb. Useful when you don't want your IP to determine the preferred language.
# AXIOS_LANGUAGE='en-US,en;q=0.5'
## comment it out if you wish to enable nextjs stats collection. more at https://nextjs.org/telemetry
NEXT_TELEMETRY_DISABLED=1
################################################################################
### 3. REDIS CONFIG(optional if you don't need redis)
################################################################################
## enables caching of api routes as well as media
# USE_REDIS=true
## in case you don't want to cache media but only api routes
# USE_REDIS_FOR_API_ONLY=true
## ttl for media and api
# REDIS_CACHE_TTL_API=3600
# REDIS_CACHE_TTL_MEDIA=3600
## for docker, just set the domain to the container name, default is 'libremdb_redis'
# REDIS_URL=localhost:6379
################################################################################
### 4. INSTANCE META FIELDS(not required but good to have)
################################################################################
## example: 'https://iket.me'.
NEXT_PUBLIC_INSTANCE_MAIN_URL= https://libremdb.datura.network
## eg: 'zyachel'
NEXT_PUBLIC_INSTANCE_NAME= Datura

View File

@ -0,0 +1,40 @@
server {
listen 80;
listen [::]:80;
server_name libremdb.datura.network;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name libremdb.datura.network;
ssl_certificate /root/.acme.sh/libremdb.datura.network/libremdb.datura.network.cer;
ssl_certificate_key /root/.acme.sh/libremdb.datura.network/libremdb.datura.network.key;
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name libremdb.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://libremdb.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
add_header X-Content-Type-Options "nosniff";
add_header Content-Security-Policy "default-src 'self';";
location / {
proxy_pass http://localhost:8864;
}
}

View File

@ -0,0 +1,46 @@
version: "3.7"
services:
pixivfe:
container_name: pixivfe
hostname: pixivfe
restart: unless-stopped
user: 1000:1000
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
build:
context: .
dockerfile: Dockerfile
ports:
- "127.0.0.1:8862:8862" # Specify `127.0.0.1:8282:8282` instead if using a reverse proxy
env_file: .env
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://127.0.0.1:8282/about"]
interval: 30s
timeout: 3s
start_period: 15s
retries: 3
secrets:
- pixivfe_token
networks:
- pixivfe
secrets:
pixivfe_token:
# Copy the contents of the `PHPSESSID` cookie into `pixivfe_token.txt`
# See ./doc/How-to-get-the-cookie-(PIXIVFE_TOKEN) for instructions
file: ./docker/pixivfe_token.txt
networks:
pixivfe:
driver: bridge
ipam:
config:
- subnet: 172.16.56.0/24

View File

@ -0,0 +1 @@
12zd156az1641za6d4az5d416az51d464az6d5a64z

View File

@ -0,0 +1,14 @@
# -- PixivFE configuration
# See ./doc/Environment-variables.md for more details
# -- Required
# PIXIVFE_TOKEN=changethis # Only set here if not using a secret
PIXIVFE_PORT=8862
PIXIVFE_IMAGEPROXY=https://pximg.exozy.me
#PIXIVFE_IMAGEPROXY=https://www.pixiv.net
# -- Optional
# PIXIVFE_USERAGENT=
# PIXIVFE_BASEURL=
# PIXIVFE_ACCEPTLANGUAGE=

View File

@ -0,0 +1,40 @@
server {
listen 80;
listen [::]:80;
server_name pixivfe.datura.network;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name pixivfe.datura.network;
ssl_certificate /root/.acme.sh/pixivfe.datura.network/pixivfe.datura.network.cer;
ssl_certificate_key /root/.acme.sh/pixivfe.datura.network/pixivfe.datura.network.key;
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name pixivfe.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://pixivfe.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
add_header X-Content-Type-Options "nosniff";
#add_header Content-Security-Policy "default-src 'self';";
location / {
proxy_pass http://localhost:8862;
}
}

View File

@ -0,0 +1,48 @@
# Controls deployment options
[deployment]
host = "0.0.0.0"
port = 8000
# Amount of worker Priviblur instances to spawn. Increases speed significantly.
workers = 30
# # If you're running Priviblur behind a remote proxy, one or more of the following must be set
# # can also be set via env variables by captialzing and prefixing with PRIVIBLUR_
# #
# # For more information see
# # https://sanic.dev/en/guide/advanced/proxy-headers.html
# #
# # Default: None
# #
# forwarded_secret =
# real_ip_header =
# proxies_count =
# Controls behaviors pertaining to the way Priviblur requests Tumblr
[priviblur_backend]
# # Timeout for requests to Tumblr's API
main_response_timeout = 10
# # Timeout for fetching image responses from Tumblr
image_response_timeout = 30
# Controls logging behavior
#
# Use Python's numerical logging levels
# https://docs.python.org/3/howto/logging.html#logging-levels
[logging]
# # Sanic (Server)'s logging level'
# sanic_logging_level = 30
# # Priviblur's logging level
# priviblur_logging_level = 30
# # Priviblur extractor's logging level
# priviblur_extractor_logging_level = 20
[misc]
# # Enable sanic's dev mode
# dev_mode = false

View File

@ -0,0 +1,12 @@
version: "3"
services:
priviblur:
build:
context: .
dockerfile: docker/Dockerfile
restart: unless-stopped
ports:
- "127.0.0.1:8865:8000"
volumes:
- ./config.toml:/priviblur/config.toml:Z,ro

View File

@ -0,0 +1,40 @@
server {
listen 80;
listen [::]:80;
server_name priviblur.datura.network;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name priviblur.datura.network;
ssl_certificate /root/.acme.sh/priviblur.datura.network/priviblur.datura.network.cer;
ssl_certificate_key /root/.acme.sh/priviblur.datura.network/priviblur.datura.network.key;
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name priviblur.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://priviblur.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
add_header X-Content-Type-Options "nosniff";
add_header Content-Security-Policy "default-src 'self';";
location / {
proxy_pass http://localhost:8865;
}
}

View File

@ -0,0 +1,32 @@
version: "3"
services:
redlib:
image: quay.io/redlib/redlib:latest
# image: quay.io/redlib/redlib:latest-arm # uncomment if you use arm64
# image: quay.io/redlib/redlib:latest-armv7 # uncomment if you use armv7
restart: always
container_name: "redlib"
ports:
- "127.0.0.1:8857:8080" # Specify `127.0.0.1:8080:8080` instead if using a reverse proxy
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
# - seccomp=seccomp-redlib.json
cap_drop:
- ALL
env_file: .env
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://localhost:8080/settings"]
interval: 5m
timeout: 3s
networks:
- redlib
networks:
redlib:
driver: bridge
ipam:
config:
- subnet: 172.16.52.0/24

View File

@ -0,0 +1,47 @@
# Redlib configuration
# See the Configuration section of the README for a more detailed explanation of these settings.
# Instance-specific settings
# Enable SFW-only mode for the instance
REDLIB_SFW_ONLY=off
# Set a banner message for the instance
REDLIB_BANNER="Datura Network says fuck you redit"
# Disable search engine indexing
REDLIB_ROBOTS_DISABLE_INDEXING=off
# Set the Pushshift frontend for "removed" links
REDLIB_PUSHSHIFT_FRONTEND=www.unddit.com
# Default user settings
# Set the default theme (options: system, light, dark, black, dracula, nord, laserwave, violet, gold, rosebox, gruvboxdark, gruvboxlight)
REDLIB_DEFAULT_THEME=violet
# Set the default front page (options: default, popular, all)
REDLIB_DEFAULT_FRONT_PAGE=default
# Set the default layout (options: card, clean, compact)
REDLIB_DEFAULT_LAYOUT=card
# Enable wide mode by default
REDLIB_DEFAULT_WIDE=off
# Set the default post sort method (options: hot, new, top, rising, controversial)
REDLIB_DEFAULT_POST_SORT=hot
# Set the default comment sort method (options: confidence, top, new, controversial, old)
REDLIB_DEFAULT_COMMENT_SORT=confidence
# Enable showing NSFW content by default
REDLIB_DEFAULT_SHOW_NSFW=on
# Enable blurring NSFW content by default
REDLIB_DEFAULT_BLUR_NSFW=off
# Enable HLS video format by default
REDLIB_DEFAULT_USE_HLS=on
# Hide HLS notification by default
REDLIB_DEFAULT_HIDE_HLS_NOTIFICATION=off
# Disable autoplay videos by default
REDLIB_DEFAULT_AUTOPLAY_VIDEOS=on
# Define a default list of subreddit subscriptions (format: sub1+sub2+sub3)
REDLIB_DEFAULT_SUBSCRIPTIONS=onions+deepweb+TOR+psychonaut+monero+darknet+Drugs+hacking+news+4chan+darkwebhacking+LSD+PsychedelicStudies+PsychedelicTherapy+PsychedelicArt+RationalPsychonaut+shrooms+drugnerds+researchchemicals+psychedelics+replications
# Hide awards by default
REDLIB_DEFAULT_HIDE_AWARDS=off
# Disable the confirmation before visiting Reddit
REDLIB_DEFAULT_DISABLE_VISIT_REDDIT_CONFIRMATION=off
# Hide score by default
REDLIB_DEFAULT_HIDE_SCORE=off
# Enable fixed navbar by default
REDLIB_DEFAULT_FIXED_NAVBAR=on

View File

@ -0,0 +1,42 @@
server {
listen 80;
listen [::]:80;
server_name redlib.datura.network;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name redlib.datura.network;
ssl_certificate /root/.acme.sh/redlib.datura.network/redlib.datura.network.cer;
ssl_certificate_key /root/.acme.sh/redlib.datura.network/redlib.datura.network.key;
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name redlib.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://redlib.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
add_header X-Content-Type-Options "nosniff";
#add_header Content-Security-Policy "default-src 'self';";
location / {
proxy_pass http://localhost:8857;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header HOST $http_host;
}
}

View File

@ -0,0 +1,20 @@
server {
listen 443 ssl;
server_name api.safetwitch.datura.network;
ssl_certificate /root/.acme.sh/api.safetwitch.datura.network/api.safetwitch.datura.network.cer;
ssl_certificate_key /root/.acme.sh/api.safetwitch.datura.network/api.safetwitch.datura.network.key;
access_log off;
error_log off;
location / {
#root /app;
#index index.html;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost:5071;
#try_files $uri $uri/ /index.html;
}
}

View File

@ -0,0 +1,20 @@
version: "3.7"
services:
safetwitch-frontend:
image: codeberg.org/dragongoose/safetwitch:latest
ports:
- "127.0.0.1:5070:80"
environment:
- SAFETWITCH_BACKEND_DOMAIN=api.safetwitch.datura.network
- SAFETWITCH_INSTANCE_DOMAIN=safetwitch.datura.network
- SAFETWITCH_HTTPS=true
restart: always
safetwitch-backend:
image: codeberg.org/dragongoose/safetwitch-backend:latest
ports:
- "127.0.0.1:5071:7000"
environment:
- PORT=7000
- URL=https://api.safetwitch.datura.network
restart: always

View File

@ -0,0 +1,7 @@
SAFETWITCH_BACKEND_DOMAIN=localhost:7000
SAFETWITCH_INSTANCE_DOMAIN=localhost:5173
SAFETWITCH_HTTPS=false
SAFETWITCH_DEFAULT_LOCALE=en
SAFETWITCH_FALLBACK_LOCALE=ja
VUE_APP_I18N_LOCALE=en
VUE_APP_I18N_FALLBACK_LOCALE=ja

View File

@ -0,0 +1,26 @@
server {
listen 443 ssl;
server_name safetwitch.datura.network;
ssl_certificate /root/.acme.sh/safetwitch.datura.network/safetwitch.datura.network.cer;
ssl_certificate_key /root/.acme.sh/safetwitch.datura.network/safetwitch.datura.network.key;
access_log off;
error_log off;
location / {
#root /app;
#index index.html;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost:5070;
#try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
listen [::]:80;
server_name safetwitch.datura.network;
return 301 https://safetwitch.datura.network$request_uri;
}

View File

@ -0,0 +1,68 @@
version: "3.7"
services:
#caddy:
# container_name: caddy
# image: caddy:2-alpine
# network_mode: host
# volumes:
# - ./Caddyfile:/etc/caddy/Caddyfile:ro
# - caddy-data:/data:rw
# - caddy-config:/config:rw
# environment:
# - SEARXNG_HOSTNAME=${SEARXNG_HOSTNAME:-http://localhost:80}
# - SEARXNG_TLS=${LETSENCRYPT_EMAIL:-internal}
# cap_drop:
# - ALL
# cap_add:
# - NET_BIND_SERVICE
redis:
container_name: redis
image: docker.io/library/redis:alpine
command: redis-server --save 30 1 --loglevel warning
networks:
- searxng
volumes:
- redis-data:/data
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
- DAC_OVERRIDE
searxng:
container_name: searxng
image: searxng/searxng:latest
networks:
- searxng
ports:
- "127.0.0.1:8877:8080"
volumes:
- ./searxng:/etc/searxng:rw
environment:
#- SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME}/
- SEARXNG_BASE_URL=https://search.datura.network/
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
logging:
driver: "json-file"
options:
max-size: "1m"
max-file: "1"
networks:
searxng:
ipam:
driver: default
volumes:
#caddy-data:
caddy-config:
redis-data:

View File

@ -0,0 +1,53 @@
server {
listen 80;
listen [::]:80;
server_name search.datura.network;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name search.datura.network;
ssl_certificate /root/.acme.sh/search.datura.network/fullchain.cer;
ssl_certificate_key /root/.acme.sh/search.datura.network/search.datura.network.key;
ssl_dhparam /root/.acme.sh/dhparam.pem;
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name search.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://search.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
# SSL Settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /root/.acme.sh/search.datura.network/fullchain.cer;
resolver 1.1.1.1 208.67.222.222;
add_header Strict-Transport-Security "max-age=63072000" always;
add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
add_header X-Content-Type-Options "nosniff";
add_header Content-Security-Policy "default-src 'self';";
location / {
proxy_pass http://localhost:8877;
}
}

View File

@ -0,0 +1,13 @@
# see https://docs.searxng.org/admin/settings/settings.html#settings-use-default-settings
use_default_settings: true
server:
base_url: https://search.datura.network/ #is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml
secret_key: "jzdabjzjdkbkjbajaz" # change this!
limiter: true # can be disabled for a private instance
image_proxy: true
public_instance: true
ui:
static_use_hash: true
redis:
url: redis://redis:6379/0

View File

@ -0,0 +1,24 @@
version: "3"
networks:
gitea:
external: false
services:
server:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
networks:
- gitea
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "0.0.0.0:3009:3000"
- "222:22"

View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640" xml:space="preserve" width="32" height="32"><path style="fill:#fff" d="m395.9 484.2-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5 21.2-17.9 33.8-11.8 17.2 8.3 27.1 13 27.1 13l-.1-109.2 16.7-.1.1 117.1s57.4 24.2 83.1 40.1c3.7 2.3 10.2 6.8 12.9 14.4 2.1 6.1 2 13.1-1 19.3l-61 126.9c-6.2 12.7-21.4 18.1-33.9 12z"/><path style="fill:#609926" d="M622.7 149.8c-4.1-4.1-9.6-4-9.6-4s-117.2 6.6-177.9 8c-13.3.3-26.5.6-39.6.7v117.2c-5.5-2.6-11.1-5.3-16.6-7.9 0-36.4-.1-109.2-.1-109.2-29 .4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5c-9.8-.6-22.5-2.1-39 1.5-8.7 1.8-33.5 7.4-53.8 26.9C-4.9 212.4 6.6 276.2 8 285.8c1.7 11.7 6.9 44.2 31.7 72.5 45.8 56.1 144.4 54.8 144.4 54.8s12.1 28.9 30.6 55.5c25 33.1 50.7 58.9 75.7 62 63 0 188.9-.1 188.9-.1s12 .1 28.3-10.3c14-8.5 26.5-23.4 26.5-23.4S547 483 565 451.5c5.5-9.7 10.1-19.1 14.1-28 0 0 55.2-117.1 55.2-231.1-1.1-34.5-9.6-40.6-11.6-42.6zM125.6 353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6 321.8 60 295.4c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5 38.5-30c13.8-3.7 31-3.1 31-3.1s7.1 59.4 15.7 94.2c7.2 29.2 24.8 77.7 24.8 77.7s-26.1-3.1-43-9.1zm300.3 107.6s-6.1 14.5-19.6 15.4c-5.8.4-10.3-1.2-10.3-1.2s-.3-.1-5.3-2.1l-112.9-55s-10.9-5.7-12.8-15.6c-2.2-8.1 2.7-18.1 2.7-18.1L322 273s4.8-9.7 12.2-13c.6-.3 2.3-1 4.5-1.5 8.1-2.1 18 2.8 18 2.8L467.4 315s12.6 5.7 15.3 16.2c1.9 7.4-.5 14-1.8 17.2-6.3 15.4-55 113.1-55 113.1z"/><path style="fill:#609926" d="M326.8 380.1c-8.2.1-15.4 5.8-17.3 13.8-1.9 8 2 16.3 9.1 20 7.7 4 17.5 1.8 22.7-5.4 5.1-7.1 4.3-16.9-1.8-23.1l24-49.1c1.5.1 3.7.2 6.2-.5 4.1-.9 7.1-3.6 7.1-3.6 4.2 1.8 8.6 3.8 13.2 6.1 4.8 2.4 9.3 4.9 13.4 7.3.9.5 1.8 1.1 2.8 1.9 1.6 1.3 3.4 3.1 4.7 5.5 1.9 5.5-1.9 14.9-1.9 14.9-2.3 7.6-18.4 40.6-18.4 40.6-8.1-.2-15.3 5-17.7 12.5-2.6 8.1 1.1 17.3 8.9 21.3 7.8 4 17.4 1.7 22.5-5.3 5-6.8 4.6-16.3-1.1-22.6 1.9-3.7 3.7-7.4 5.6-11.3 5-10.4 13.5-30.4 13.5-30.4.9-1.7 5.7-10.3 2.7-21.3-2.5-11.4-12.6-16.7-12.6-16.7-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3 4.7-9.7 9.4-19.3 14.1-29-4.1-2-8.1-4-12.2-6.1-4.8 9.8-9.7 19.7-14.5 29.5-6.7-.1-12.9 3.5-16.1 9.4-3.4 6.3-2.7 14.1 1.9 19.8l-24.6 50.4z"/></svg>

After

Width:  |  Height:  |  Size: 2.2 KiB

View File

@ -0,0 +1,109 @@
APP_NAME = Git with a cup of Datura seeds
RUN_MODE = prod
RUN_USER = git
WORK_PATH = /data/gitea
[repository]
ROOT = /data/git/repositories
[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
[repository.upload]
TEMP_PATH = /data/gitea/uploads
[server]
APP_DATA_PATH = /data/gitea
DOMAIN = git.datura.network
SSH_DOMAIN = git.datura.network
HTTP_PORT = 3000
ROOT_URL = https://git.datura.network/
DISABLE_SSH = false
SSH_PORT = 22
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
LFS_JWT_SECRET = akdzlkndlkznalkdnzalndnazklndzlaknllan
OFFLINE_MODE = true
[database]
PATH = /data/gitea/gitea.db
DB_TYPE = sqlite3
HOST = localhost:3306
NAME = gitea
USER = root
PASSWD =
LOG_SQL = false
SCHEMA =
SSL_MODE = disable
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
[attachment]
PATH = /data/gitea/attachments
[log]
MODE = console
LEVEL = info
ROOT_PATH = /data/gitea/log
[security]
INSTALL_LOCK = true
SECRET_KEY =
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
INTERNAL_TOKEN = azdjzakjdnzkdjnazndzandazknandkjankjandkj
PASSWORD_HASH_ALGO = pbkdf2
[service]
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = true
ENABLE_NOTIFY_MAIL = true
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = true
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost
[lfs]
PATH = /data/git/lfs
[mailer]
ENABLED = true
FROM = surveillance@nihilism.network
PROTOCOL = smtp+starttls
SMTP_ADDR = mail.nihilism.network
SMTP_PORT = 587
USER = surveillance
PASSWD = dazklndzalkndzlknlzndnnaknkldaznlkdalnkdnlkdnalk
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = true
[cron.update_checker]
ENABLED = true
[repository.pull-request]
DEFAULT_MERGE_STYLE = merge
[repository.signing]
DEFAULT_TRUST_MODEL = committer
[oauth2]
JWT_SECRET = zndlnlndalnldnazkdnllnadlkln
[ui]
DEFAULT_THEME = space
THEMES = gitea,arc-green,space

View File

@ -0,0 +1,972 @@
.chroma .hl{background-color:#3f424d}.chroma .ln,.chroma .lnt{color:#7f7f7f}
.chroma .k{color:#f63}
.chroma .kc{color:#fa1}
.chroma .kd{color:#9daccc}
.chroma .kn{color:#fa1}
.chroma .kp{color:#5f8700}
.chroma .kr{color:#f63}
.chroma .kt{color:#9daccc}
.chroma .na{color:#8a8a8a}
.chroma .bp,.chroma .nb{color:#9daccc}
.chroma .nc,.chroma .no{color:#fa1}
.chroma .nd{color:#9daccc}
.chroma .ni{color:#fa1}
.chroma .ne{color:#af8700}
.chroma .nf{color:#9daccc}
.chroma .nl,.chroma .nn{color:#fa1}
.chroma .nt,.chroma .nv,.chroma .nx{color:#9daccc}
.chroma .vc{color:#f81}
.chroma .vg,.chroma .vi{color:#fa1}
.chroma .s,.chroma .sa{color:#1af}
.chroma .sb{color:#a0cc75}
.chroma .dl,.chroma .sc{color:#1af}
.chroma .sd{color:#6a737d}
.chroma .s2{color:#a0cc75}
.chroma .se{color:#f63}
.chroma .sh{color:#1af}
.chroma .si,.chroma .sx{color:#fa1}
.chroma .sr{color:#97c}
.chroma .s1{color:#a0cc75}
.chroma .ss{color:#fa1}
.chroma .il,.chroma .m,.chroma .mb,.chroma .mf,.chroma .mh,.chroma .mi,.chroma .mo{color:#1af}
.chroma .o{color:#f63}
.chroma .ow{color:#5f8700}
.chroma .c,.chroma .c1,.chroma .ch,.chroma .cm{color:#6a737d}
.chroma .cs{color:#637d}
.chroma .cp,.chroma .cpf{color:#fc6}
.chroma .gd{color:#fff;background-color:#5f3737}
.chroma .ge{color:#ef5}
.chroma .gr{color:#f33}
.chroma .gh{color:#fa1}
.chroma .gi{color:#fff;background-color:#3a523a}
.chroma .go{color:#888888}
.chroma .gp{color:#555555}
.chroma .gu{color:#9daccc}
.chroma .gt{color:#f63}
.chroma .w{color:#bbbbbb}
:root {
--color-primary: #ccc;
--color-primary-dark-1: #c5c5c5;
--color-primary-dark-2: #bebebe;
--color-primary-dark-3: #b7b7b7;
--color-primary-dark-4: #b0b0b0;
--color-primary-dark-5: #a9a9a9;
--color-primary-dark-6: #a2a2a2;
--color-primary-dark-7: #9b9b9b;
--color-primary-light-1: #d3d3d3;
--color-primary-light-2: #d9d9d9;
--color-primary-light-3: #e0e0e0;
--color-primary-light-4: #e7e7e7;
--color-primary-light-5: #eeeeee;
--color-primary-light-6: #f5f5f5;
--color-primary-light-7: #fff;
--color-primary-alpha-10: #afb0b119;
--color-primary-alpha-20: #afb0b133;
--color-primary-alpha-30: #afb0b14b;
--color-primary-alpha-40: #afb0b166;
--color-primary-alpha-50: #afb0b180;
--color-primary-alpha-60: #afb0b199;
--color-primary-alpha-70: #afb0b1b3;
--color-primary-alpha-80: #afb0b1cc;
--color-primary-alpha-90: #afb0b1e1;
--color-secondary: #000;
--color-secondary-dark-1: #141414;
--color-secondary-dark-2: #0b0c0e;
--color-secondary-dark-3: #17181c;
--color-secondary-dark-4: #22242a;
--color-secondary-dark-5: #2d3139;
--color-secondary-dark-6: #393d47;
--color-secondary-dark-7: #444955;
--color-secondary-dark-7: #4f5563;
--color-secondary-dark-8: #5b6171;
--color-secondary-dark-8: #666d7f;
--color-secondary-dark-9: #71798e;
--color-secondary-dark-10: #808799;
--color-secondary-dark-11: #8e94a4;
--color-secondary-light-1: #373b46;
--color-secondary-light-2: #292c34;
--color-secondary-light-3: #1c1e23;
--color-secondary-light-4: #0e0f11;
--color-secondary-alpha-10: #45454519;
--color-secondary-alpha-20: #45454533;
--color-secondary-alpha-30: #4545454b;
--color-secondary-alpha-40: #45454566;
--color-secondary-alpha-50: #45454580;
--color-secondary-alpha-60: #45454599;
--color-secondary-alpha-70: #454545b3;
--color-secondary-alpha-80: #454545cc;
--color-secondary-alpha-90: #454545e1;
/* colors */
--color-red: #db2828;
--color-orange: #ff6600;
--color-yellow: #ffff99;
--color-olive: #abc11a;
--color-green: #199717;
--color-teal: #01fed4;
--color-blue: #226ac9;
--color-violet: #6435c9;
--color-purple: #a333c8;
--color-pink: #e03997;
--color-brown: #a5673f;
--color-grey: #767a85;
--color-black: #1e222e;
--color-gold: #a1882b;
--color-white: #ffffff;
--color-diff-removed-word-bg: #6f3333;
--color-diff-added-word-bg: #3c653c;
--color-diff-removed-row-bg: #3c2626;
--color-diff-added-row-bg: #283e2d;
--color-diff-removed-row-border: #634343;
--color-diff-added-row-border: #314a37;
--color-diff-inactive: #353846;
/* target-based colors */
--color-body: #000;
--color-box-header: #000;
--color-box-body: #070707;
--color-text-dark: #dee1e8;
--color-text: #c7cad1;
--color-text-light: #acb0b9;
--color-text-light-2: #8a8e99;
--color-text-light-3: #707687;
--color-footer: #000;
--color-timeline: #4c525e;
--color-input-text: #d5dbe6;
--color-input-background: #000;
--color-input-border: #454545;
--color-input-border-hover: #4e5465;
--color-navbar: #060606;
--color-light: #00000028;
--color-light-border: #ffffff28;
--color-hover: #ffffff10;
--color-active: #25272d;
--color-menu: #060606;
--color-card: #060606;
--color-markdown-table-row: #ffffff06;
--color-markdown-code-block: #121314;
--color-button: #070707;
--color-code-bg: #060606;
--color-shadow: #00000060;
--color-secondary-bg: #060606;
--color-text-focus: #fff;
--color-expand-button: #3c404d;
--color-placeholder-text: #6a737d;
--color-editor-line-highlight: var(--color-primary-light-5);
--color-project-board-bg: var(--color-secondary-light-2);
--color-nav-bg: var(--color-body);
--color-nav-hover-bg: var(--color-hover);
}
::-webkit-calendar-picker-indicator {
filter: invert(.8);
}
.ui.horizontal.segments > .segment {
background-color: #2d2d2d;
}
.repository .segment.reactions .ui.label.basic.blue {
background: var(--color-primary-alpha-20) !important;
}
[data-tooltip]::before,
[data-tooltip]::after {
background: #1b1c1d !important; /* .ui.inverted.popup */
border-color: #1b1c1d !important; /* .ui.inverted.popup */
color: #dbdbdb !important;
}
[data-tooltip]::before {
box-shadow: 1px 1px 0 0 #1b1c1d !important; /* .ui.inverted.popup */
}
.ui.green.progress .bar {
background-color: #848b84;
}
.ui.progress.success .bar {
background-color: #8fa37b !important;
}
.following.bar.light {
background: var(--color-body);
border-color: var(--color-secondary-alpha-40);
}
.following.bar .top.menu a.item:hover {
color: #fff;
}
.feeds .list ul li.private {
background: #25272d;
}
.ui.link.list .item,
.ui.link.list a.item,
.ui.link.list .item a:not(.ui) {
color: #dbdbdb;
}
.ui.red.label,
.ui.red.labels .label {
background-color: #7d3434 !important;
border-color: #8a2121 !important;
}
.ui.yellow.label,
.ui.yellow.labels .label {
border-color: #664d02 !important;
background-color: #936e00 !important;
}
.ui.accordion .title:not(.ui) {
color: #dbdbdb;
}
.ui.green.label,
.ui.green.labels .label,
.ui.basic.green.label {
background-color: #53682c !important;
border-color: #53682c !important;
}
.ui.green.labels a.label:hover,
.ui.basic.green.labels a.label:hover,
a.ui.ui.ui.green.label:hover,
a.ui.basic.green.label:hover {
background-color: #657a3e !important;
border-color: #657a3e !important;
color: #fff !important;
}
.ui.divider:not(.vertical):not(.horizontal) {
border-bottom-color: var(--color-secondary);
border-top-color: transparent;
}
.form .help {
color: #7f8699;
}
.ui .text.light.grey {
color: #7f8699 !important;
}
.ui.form .fields.error .field textarea,
.ui.form .fields.error .field select,
.ui.form .fields.error .field input:not([type]),
.ui.form .fields.error .field input[type="date"],
.ui.form .fields.error .field input[type="datetime-local"],
.ui.form .fields.error .field input[type="email"],
.ui.form .fields.error .field input[type="number"],
.ui.form .fields.error .field input[type="password"],
.ui.form .fields.error .field input[type="search"],
.ui.form .fields.error .field input[type="tel"],
.ui.form .fields.error .field input[type="time"],
.ui.form .fields.error .field input[type="text"],
.ui.form .fields.error .field input[type="file"],
.ui.form .fields.error .field input[type="url"],
.ui.form .field.error textarea,
.ui.form .field.error select,
.ui.form .field.error input:not([type]),
.ui.form .field.error input[type="date"],
.ui.form .field.error input[type="datetime-local"],
.ui.form .field.error input[type="email"],
.ui.form .field.error input[type="number"],
.ui.form .field.error input[type="password"],
.ui.form .field.error input[type="search"],
.ui.form .field.error input[type="tel"],
.ui.form .field.error input[type="time"],
.ui.form .field.error input[type="text"],
.ui.form .field.error input[type="file"],
.ui.form .field.error input[type="url"] {
background-color: #522;
border: 1px solid #7d3434;
color: #f9cbcb;
}
.ui.form .field.error select:focus,
.ui.form .field.error input:not([type]):focus,
.ui.form .field.error input[type="date"]:focus,
.ui.form .field.error input[type="datetime-local"]:focus,
.ui.form .field.error input[type="email"]:focus,
.ui.form .field.error input[type="number"]:focus,
.ui.form .field.error input[type="password"]:focus,
.ui.form .field.error input[type="search"]:focus,
.ui.form .field.error input[type="tel"]:focus,
.ui.form .field.error input[type="time"]:focus,
.ui.form .field.error input[type="text"]:focus,
.ui.form .field.error input[type="file"]:focus,
.ui.form .field.error input[type="url"]:focus {
background-color: #522;
border: 1px solid #a04141;
color: #f9cbcb;
}
.ui.green.button,
.ui.green.buttons .button {
background-color: #070707;
}
.ui.green.button:hover,
.ui.green.buttons .button:hover {
background-color: #141414;
}
.ui.green.button:active,
.ui.green.buttons .button:active {
background-color: #070707;
}
.ui.search > .results {
background: #2d2d2d;
border-color: var(--color-secondary);
}
.ui.search > .results .result:hover,
.ui.category.search > .results .category .result:hover {
background: var(--color-secondary);
}
.ui.search > .results .result .title {
color: #dbdbdb;
}
.ui.table > thead > tr > th {
background: var(--color-secondary);
color: #dbdbdb !important;
}
.repository.file.list #repo-files-table tr {
background: #070707;
}
.repository.file.list #repo-files-table tr:hover {
background-color: #2d2d2d !important;
}
.repository.file.editor.edit,
.repository.wiki.new .CodeMirror {
.editor-preview,
.editor-preview-side,
& + .editor-preview-side {
background: #25272d;
.markdown:not(code).ui.segment {
border-width: 0;
}
}
}
.overflow.menu .items .item {
color: #9d9d9d;
}
.overflow.menu .items .item:hover {
color: #dbdbdb;
}
.ui.list > .item > .content {
color: var(--color-secondary-dark-6) !important;
}
.ui.active.button:active,
.ui.button:active,
.ui.button:focus,
.ui.active.button {
background-color: #2e3e4e;
color: #dbdbdb;
}
.ui.active.button:hover {
background-color: #475e75;
color: #dbdbdb;
}
.repository .navbar .active.item,
.repository .navbar .active.item:hover {
border-color: transparent !important;
}
.ui .info.segment.top {
background-color: var(--color-secondary) !important;
}
.repository .diff-stats li {
border-color: var(--color-secondary);
}
.tag-code,
.tag-code td {
background: #25272d !important;
}
.tag-code td.lines-num {
background-color: #3a3e4c !important;
}
.tag-code td.lines-type-marker,
td.blob-hunk {
color: #dbdbdb !important;
}
.ui.attached.info.message,
.ui.info.message {
box-shadow: 0 0 0 1px #4b5e71 inset, 0 0 0 0 transparent;
}
.ui.bottom.attached.message {
background-color: #2c662d;
color: #ab6363;
}
.ui.bottom.attached.message .pull-right {
color: #ab6363;
}
.ui.info.message {
background-color: #2c3b4a;
color: #9ebcc5;
}
.ui .warning.header,
.ui.warning.message {
background-color: #542 !important;
border-color: #ec8;
}
.ui.warning.message {
color: #ec8;
box-shadow: 0 0 0 1px #ec8;
}
.ui.warning.segment {
border-color: #ec8;
}
.ui.red.message,
.ui.error.message {
background-color: #522;
color: #f9cbcb;
box-shadow: 0 0 0 1px #a04141 inset;
}
.ui .error.header,
.ui.error.message {
background-color: #522 !important;
border-color: #a04141;
}
.ui.error.segment {
border-color: #a04141;
}
.ui.red.button,
.ui.red.buttons .button {
background-color: #7d3434;
}
.ui.red.button:hover,
.ui.red.buttons .button:hover {
background-color: #984646;
}
.ui.positive.message {
background-color: #000;
color: #fff;
box-shadow: 0 0 0 1px #1c1c1c inset, 0 0 0 0 transparent;
}
.ui.negative.message {
background-color: rgba(80, 23, 17, .6);
color: #f9cbcb;
box-shadow: 0 0 0 1px rgba(121, 71, 66, .5) inset, 0 0 0 0 transparent;
}
.ui.list .list > .item .header,
.ui.list > .item .header {
color: #dedede;
}
.ui.list .list > .item .description,
.ui.list > .item .description {
color: var(--color-secondary-dark-6);
}
.repository.file.list #repo-files-table tbody .svg.octicon-file-directory,
.repository.file.list #repo-files-table tbody .svg.octicon-file-submodule {
color: #52555b;
}
.repository.labels .ui.basic.black.label {
background-color: #bbbbbb !important;
}
.lines-commit,
.blame .lines-num {
background: #060606 !important;
}
.lines-num {
color: var(--color-secondary-dark-6) !important;
border-color: var(--color-secondary) !important;
}
td.blob-excerpt {
background-color: rgba(0, 0, 0, .15);
}
.lines-code.active,
.lines-code .active {
background: #534d1b !important;
}
.ui.ui.ui.ui.table tr.active,
.ui.ui.table td.active {
color: #dbdbdb;
}
.ui.active.label {
background: #46484e;
border-color: #46484e;
color: #dbdbdb;
}
.repository .ui.attached.message.isSigned.isVerified {
background-color: #394829;
color: var(--color-secondary-dark-6);
&.message {
color: #ab6363;
.ui.text {
color: var(--color-secondary-dark-6);
}
.pull-right {
color: #ab6363;
}
}
}
.repository .ui.attached.message.isSigned.isVerifiedUntrusted {
background-color: #4a3903;
color: var(--color-secondary-dark-6);
&.message {
color: #c2c193;
.ui.text {
color: var(--color-secondary-dark-6);
}
a {
color: #c2c193;
}
}
}
.repository .ui.attached.message.isSigned.isVerifiedUnmatched {
background-color: #4e3321;
color: var(--color-secondary-dark-6);
&.message {
color: #c2a893;
.ui.text {
color: var(--color-secondary-dark-6);
}
a {
color: #c2a893;
}
}
}
.repository .ui.attached.message.isSigned.isWarning {
background-color: rgba(80, 23, 17, .6);
&.message {
color: #d07d7d;
.ui.text {
color: #d07d7d;
}
}
}
.ui.header .sub.header {
color: var(--color-secondary-dark-6);
}
.ui.dividing.header {
border-bottom: 1px solid var(--color-secondary);
}
.ui.modal > .header {
background: var(--color-secondary);
color: #dbdbdb;
}
.ui.modal > .actions {
background: var(--color-secondary);
border-color: var(--color-secondary);
}
.ui.modal > .content {
background: #2d2d2d;
}
.minicolors-panel {
background: var(--color-secondary) !important;
border-color: #6a737d !important;
}
/* invert emojis that are hard to read otherwise */
.emoji[aria-label="check mark"],
.emoji[aria-label="currency exchange"],
.emoji[aria-label="TOP arrow"],
.emoji[aria-label="END arrow"],
.emoji[aria-label="ON! arrow"],
.emoji[aria-label="SOON arrow"],
.emoji[aria-label="heavy dollar sign"],
.emoji[aria-label="copyright"],
.emoji[aria-label="registered"],
.emoji[aria-label="trade mark"],
.emoji[aria-label="multiply"],
.emoji[aria-label="plus"],
.emoji[aria-label="minus"],
.emoji[aria-label="divide"],
.emoji[aria-label="curly loop"],
.emoji[aria-label="double curly loop"],
.emoji[aria-label="wavy dash"],
.emoji[aria-label="paw prints"],
.emoji[aria-label="musical note"],
.emoji[aria-label="musical notes"] {
filter: invert(100%);
}
.edit-diff > div > .ui.table {
border-left-color: var(--color-secondary) !important;
border-right-color: var(--color-secondary) !important;
}
/* code mirror dark theme */
.CodeMirror {
&.cm-s-default,
&.cm-s-paper {
.cm-property {
color: #a0cc75;
}
.cm-header {
color: #9daccc;
}
.cm-quote {
color: #009900;
}
.cm-keyword {
color: #cc8a61;
}
.cm-atom {
color: #ef5e77;
}
.cm-number {
color: #ff5656;
}
.cm-def {
color: #e4e4e4;
}
.cm-variable-2 {
color: #00bdbf;
}
.cm-variable-3 {
color: #008855;
}
.cm-comment {
color: #8e9ab3;
}
.cm-string {
color: #a77272;
}
.cm-string-2 {
color: #ff5500;
}
.cm-meta,
.cm-qualifier {
color: #ffb176;
}
.cm-builtin {
color: #b7c951;
}
.cm-bracket {
color: #999977;
}
.cm-tag {
color: #f1d273;
}
.cm-attribute {
color: #bfcc70;
}
.cm-hr {
color: #999999;
}
.cm-url {
color: #c5cfd0;
}
.cm-link {
color: #d8c792;
}
.cm-error {
/* color: #ff6e00; */
color: #dbdbeb;
}
}
}
footer .container .links > * {
border-left-color: #888;
}
.repository.file.list #repo-files-table tbody .svg {
color: var(--color-secondary-dark-6);
}
.repository.release #release-list > li .detail .dot {
background-color: #4e5465;
border-color: #2d2d2d;
}
.tribute-container {
box-shadow: 0 .25rem .5rem rgba(0, 0, 0, .6);
}
.repository .repo-header .ui.huge.breadcrumb.repo-title .repo-header-icon .avatar {
color: #060606;
}
img[src$="/img/matrix.svg"] {
filter: invert(80%);
}
#git-graph-container li .time {
color: #6a737d;
}
#git-graph-container.monochrome #rel-container .flow-group {
stroke: dimgrey;
fill: dimgrey;
}
#git-graph-container.monochrome #rel-container .flow-group.highlight {
stroke: darkgrey;
fill: darkgrey;
}
#git-graph-container:not(.monochrome) #rel-container .flow-group {
&.flow-color-16-5 {
stroke: #5543b1;
fill: #5543b1;
}
}
#git-graph-container:not(.monochrome) #rel-container .flow-group.highlight {
&.flow-color-16-5 {
stroke: #7058e6;
fill: #7058e6;
}
}
#git-graph-container #rev-list li.highlight.hover {
background-color: rgba(255, 255, 255, .1);
}
#git-graph-container .ui.buttons button#flow-color-monochrome.ui.button {
border-left-color: rgb(76, 80, 92);
border-left-style: solid;
border-left-width: 1px;
}
.mermaid-chart {
filter: invert(84%) hue-rotate(180deg);
}
.is-loading::after {
border-color: #4a4c58 #4a4c58 #d7d7da #d7d7da;
}
.markdown-block-error {
border: 1px solid rgba(121, 71, 66, .5) !important;
border-bottom: none !important;
}
.home .hero .svg {
color: var(--color-primary);
}
.home a {
color: var(--color-primary-light-1);
}
.ui.menu, .ui.vertical.menu {
background: #070707;
border-color: var(--color-secondary-dark-4);
}
.ui.menu.new-menu {
background: #060606;
}
.ui.menu.new-menu:after {
background: none;
}
.ui.checkbox label:active:before, .ui.checkbox label:hover:before, .ui.form input:not([type]):hover, .ui.form input[type=date]:hover, .ui.form input[type=datetime-local]:hover, .ui.form input[type=email]:hover, .ui.form input[type=file]:hover, .ui.form input[type=number]:hover, .ui.form input[type=password]:hover, .ui.form input[type=search]:hover, .ui.form input[type=tel]:hover, .ui.form input[type=text]:hover, .ui.form input[type=time]:hover, .ui.form input[type=url]:hover, .ui.form select:hover, .ui.form textarea:hover, .ui.input input:hover, .ui.radio.checkbox input:checked~label:before, .ui.radio.checkbox input:focus~label:before, .ui.radio.checkbox label:after, .ui.selection.dropdown:hover, input:hover, textarea:hover {
background: var(--color-secondary-dark-3);
}
.ui.checkbox input:checked~label:before, .ui.checkbox input:not([type=radio]):indeterminate~label:before, .ui.checkbox label:before, .ui.form input:not([type]), .ui.form input[type=date], .ui.form input[type=datetime-local], .ui.form input[type=email], .ui.form input[type=file], .ui.form input[type=number], .ui.form input[type=password], .ui.form input[type=search], .ui.form input[type=tel], .ui.form input[type=text], .ui.form input[type=time], .ui.form input[type=url], .ui.form select, .ui.form textarea, .ui.input>input, .ui.selection.dropdown, input, textarea {
background: var(--color-secondary-dark-2);
}
.ui.checkbox input:checked:focus~label:before, .ui.checkbox input:focus~label:before, .ui.checkbox input:not([type=radio]):indeterminate:focus~label:before, .ui.form input:not([type]):focus, .ui.form input[type=date]:focus, .ui.form input[type=datetime-local]:focus, .ui.form input[type=email]:focus, .ui.form input[type=file]:focus, .ui.form input[type=number]:focus, .ui.form input[type=password]:focus, .ui.form input[type=search]:focus, .ui.form input[type=tel]:focus, .ui.form input[type=text]:focus, .ui.form input[type=time]:focus, .ui.form input[type=url]:focus, .ui.form select:focus, .ui.form textarea:focus, .ui.input input:focus, .ui.radio.checkbox input:focus:checked~label:before, .ui.selection.dropdown:focus, input:focus, textarea:focus {
background: var(--color-secondary-dark-3);
}
.ui.list .list>.item .description, .ui.list>.item .description {
color: var(--color-secondary-dark-11);
}
.explore .navbar {
background-color: var(--color-box-body)!important;
}
.repository .header-wrapper {
background-color: var(--color-box-body);
}
.monaco-editor, .monaco-editor-background, .monaco-editor .inputarea.ime-input {
background-color: #181818;
}
.ui.blue.label, .ui.blue.labels .label, .ui.primary.label, .ui.primary.labels .label {
background-color: var(--color-secondary)!important;
border-color: var(--color-primary-dark-2)!important;
}
.ui.blue.button, .ui.blue.buttons .button, .ui.primary.button, .ui.primary.buttons .button {
background-color: #070707!important;
}
.ui.blue.button:hover, .ui.blue.buttons .button:hover, .ui.primary.button:hover, .ui.primary.buttons .button:hover {
background-color: #1c1c1c!important;
}
.ui.green.labels .label, .ui.ui.ui.green.label {
background-color: #1c1c1c!important;
border-color: #21ba45!important;
color: #fff;
}
.ui.red.labels .label, .ui.ui.ui.red.label {
background-color: #1c1c1c!important;
border-color: #db2828!important;
color: #fff;
}
::selection, ::-moz-selection {
background: var(--color-grey);
color: var(--color-secondary)!important;
}
.CodeMirror, .CodeMirror-selected, ::selection {
background: var(--color-primary)!important;
color: var(--color-secondary)!important;
}
.markup a, .ui.breadcrumb a {
color: var(--color-primary-light-7);
cursor: pointer;
text-decoration: none;
border-bottom: 1px solid var(--color-primary);
transition-property: all
}
.markup a:hover, .ui.breadcrumb a:hover {
color: #000;
cursor: pointer;
text-decoration: none;
background: #fff;
background-color: #fff
}
.markup .anchor {
border-bottom: none
}
.markup .anchor:hover {
color: var(--color-primary-light-7);
border-bottom: none;
background: var(--color-body);
background-color: var(--color-body)
}
.mtk1, .mtk10 {
color: #6D7178!important
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.2 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 38 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 38 KiB

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 70 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 38 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 38 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 26 KiB

View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640" xml:space="preserve" width="32" height="32"><path style="fill:#fff" d="m395.9 484.2-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5 21.2-17.9 33.8-11.8 17.2 8.3 27.1 13 27.1 13l-.1-109.2 16.7-.1.1 117.1s57.4 24.2 83.1 40.1c3.7 2.3 10.2 6.8 12.9 14.4 2.1 6.1 2 13.1-1 19.3l-61 126.9c-6.2 12.7-21.4 18.1-33.9 12z"/><path style="fill:#609926" d="M622.7 149.8c-4.1-4.1-9.6-4-9.6-4s-117.2 6.6-177.9 8c-13.3.3-26.5.6-39.6.7v117.2c-5.5-2.6-11.1-5.3-16.6-7.9 0-36.4-.1-109.2-.1-109.2-29 .4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5c-9.8-.6-22.5-2.1-39 1.5-8.7 1.8-33.5 7.4-53.8 26.9C-4.9 212.4 6.6 276.2 8 285.8c1.7 11.7 6.9 44.2 31.7 72.5 45.8 56.1 144.4 54.8 144.4 54.8s12.1 28.9 30.6 55.5c25 33.1 50.7 58.9 75.7 62 63 0 188.9-.1 188.9-.1s12 .1 28.3-10.3c14-8.5 26.5-23.4 26.5-23.4S547 483 565 451.5c5.5-9.7 10.1-19.1 14.1-28 0 0 55.2-117.1 55.2-231.1-1.1-34.5-9.6-40.6-11.6-42.6zM125.6 353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6 321.8 60 295.4c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5 38.5-30c13.8-3.7 31-3.1 31-3.1s7.1 59.4 15.7 94.2c7.2 29.2 24.8 77.7 24.8 77.7s-26.1-3.1-43-9.1zm300.3 107.6s-6.1 14.5-19.6 15.4c-5.8.4-10.3-1.2-10.3-1.2s-.3-.1-5.3-2.1l-112.9-55s-10.9-5.7-12.8-15.6c-2.2-8.1 2.7-18.1 2.7-18.1L322 273s4.8-9.7 12.2-13c.6-.3 2.3-1 4.5-1.5 8.1-2.1 18 2.8 18 2.8L467.4 315s12.6 5.7 15.3 16.2c1.9 7.4-.5 14-1.8 17.2-6.3 15.4-55 113.1-55 113.1z"/><path style="fill:#609926" d="M326.8 380.1c-8.2.1-15.4 5.8-17.3 13.8-1.9 8 2 16.3 9.1 20 7.7 4 17.5 1.8 22.7-5.4 5.1-7.1 4.3-16.9-1.8-23.1l24-49.1c1.5.1 3.7.2 6.2-.5 4.1-.9 7.1-3.6 7.1-3.6 4.2 1.8 8.6 3.8 13.2 6.1 4.8 2.4 9.3 4.9 13.4 7.3.9.5 1.8 1.1 2.8 1.9 1.6 1.3 3.4 3.1 4.7 5.5 1.9 5.5-1.9 14.9-1.9 14.9-2.3 7.6-18.4 40.6-18.4 40.6-8.1-.2-15.3 5-17.7 12.5-2.6 8.1 1.1 17.3 8.9 21.3 7.8 4 17.4 1.7 22.5-5.3 5-6.8 4.6-16.3-1.1-22.6 1.9-3.7 3.7-7.4 5.6-11.3 5-10.4 13.5-30.4 13.5-30.4.9-1.7 5.7-10.3 2.7-21.3-2.5-11.4-12.6-16.7-12.6-16.7-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3 4.7-9.7 9.4-19.3 14.1-29-4.1-2-8.1-4-12.2-6.1-4.8 9.8-9.7 19.7-14.5 29.5-6.7-.1-12.9 3.5-16.1 9.4-3.4 6.3-2.7 14.1 1.9 19.8l-24.6 50.4z"/></svg>

After

Width:  |  Height:  |  Size: 2.2 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 38 KiB

View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640" xml:space="preserve" width="32" height="32"><path style="fill:#fff" d="m395.9 484.2-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5 21.2-17.9 33.8-11.8 17.2 8.3 27.1 13 27.1 13l-.1-109.2 16.7-.1.1 117.1s57.4 24.2 83.1 40.1c3.7 2.3 10.2 6.8 12.9 14.4 2.1 6.1 2 13.1-1 19.3l-61 126.9c-6.2 12.7-21.4 18.1-33.9 12z"/><path style="fill:#609926" d="M622.7 149.8c-4.1-4.1-9.6-4-9.6-4s-117.2 6.6-177.9 8c-13.3.3-26.5.6-39.6.7v117.2c-5.5-2.6-11.1-5.3-16.6-7.9 0-36.4-.1-109.2-.1-109.2-29 .4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5c-9.8-.6-22.5-2.1-39 1.5-8.7 1.8-33.5 7.4-53.8 26.9C-4.9 212.4 6.6 276.2 8 285.8c1.7 11.7 6.9 44.2 31.7 72.5 45.8 56.1 144.4 54.8 144.4 54.8s12.1 28.9 30.6 55.5c25 33.1 50.7 58.9 75.7 62 63 0 188.9-.1 188.9-.1s12 .1 28.3-10.3c14-8.5 26.5-23.4 26.5-23.4S547 483 565 451.5c5.5-9.7 10.1-19.1 14.1-28 0 0 55.2-117.1 55.2-231.1-1.1-34.5-9.6-40.6-11.6-42.6zM125.6 353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6 321.8 60 295.4c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5 38.5-30c13.8-3.7 31-3.1 31-3.1s7.1 59.4 15.7 94.2c7.2 29.2 24.8 77.7 24.8 77.7s-26.1-3.1-43-9.1zm300.3 107.6s-6.1 14.5-19.6 15.4c-5.8.4-10.3-1.2-10.3-1.2s-.3-.1-5.3-2.1l-112.9-55s-10.9-5.7-12.8-15.6c-2.2-8.1 2.7-18.1 2.7-18.1L322 273s4.8-9.7 12.2-13c.6-.3 2.3-1 4.5-1.5 8.1-2.1 18 2.8 18 2.8L467.4 315s12.6 5.7 15.3 16.2c1.9 7.4-.5 14-1.8 17.2-6.3 15.4-55 113.1-55 113.1z"/><path style="fill:#609926" d="M326.8 380.1c-8.2.1-15.4 5.8-17.3 13.8-1.9 8 2 16.3 9.1 20 7.7 4 17.5 1.8 22.7-5.4 5.1-7.1 4.3-16.9-1.8-23.1l24-49.1c1.5.1 3.7.2 6.2-.5 4.1-.9 7.1-3.6 7.1-3.6 4.2 1.8 8.6 3.8 13.2 6.1 4.8 2.4 9.3 4.9 13.4 7.3.9.5 1.8 1.1 2.8 1.9 1.6 1.3 3.4 3.1 4.7 5.5 1.9 5.5-1.9 14.9-1.9 14.9-2.3 7.6-18.4 40.6-18.4 40.6-8.1-.2-15.3 5-17.7 12.5-2.6 8.1 1.1 17.3 8.9 21.3 7.8 4 17.4 1.7 22.5-5.3 5-6.8 4.6-16.3-1.1-22.6 1.9-3.7 3.7-7.4 5.6-11.3 5-10.4 13.5-30.4 13.5-30.4.9-1.7 5.7-10.3 2.7-21.3-2.5-11.4-12.6-16.7-12.6-16.7-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3 4.7-9.7 9.4-19.3 14.1-29-4.1-2-8.1-4-12.2-6.1-4.8 9.8-9.7 19.7-14.5 29.5-6.7-.1-12.9 3.5-16.1 9.4-3.4 6.3-2.7 14.1 1.9 19.8l-24.6 50.4z"/></svg>

After

Width:  |  Height:  |  Size: 2.2 KiB

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 70 KiB

View File

@ -0,0 +1,53 @@
{{template "base/head" .}}
<div role="main" aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}" class="page-content home">
<div class="gt-mb-5 gt-px-5">
<div class="center">
<img class="logo" width="450" height="220" src="{{AssetUrlPrefix}}/img/logo.svg" alt="{{ctx.Locale.Tr "logo"}}">
<div class="hero">
<h1 class="ui icon header title">
{{AppName}}
</h1>
<!--<h2>{{ctx.Locale.Tr "startpage.app_desc"}} </h2>-->
<h2>A painful, self-inflicted Nightmare </h2>
</div>
</div>
</div>
<div class="ui stackable middle very relaxed page grid">
<div class="eight wide center column">
<h1 class="hero ui icon header">
{{svg "octicon-flame"}} {{ctx.Locale.Tr "startpage.install"}}
</h1>
<p class="large">
{{ctx.Locale.Tr "startpage.install_desc" | Str2html}}
</p>
</div>
<div class="eight wide center column">
<h1 class="hero ui icon header">
{{svg "octicon-device-desktop"}} {{ctx.Locale.Tr "startpage.platform"}}
</h1>
<p class="large">
{{ctx.Locale.Tr "startpage.platform_desc" | Str2html}}
</p>
</div>
</div>
<div class="ui stackable middle very relaxed page grid">
<div class="eight wide center column">
<h1 class="hero ui icon header">
{{svg "octicon-rocket"}} {{ctx.Locale.Tr "startpage.lightweight"}}
</h1>
<p class="large">
{{ctx.Locale.Tr "startpage.lightweight_desc" | Str2html}}
</p>
</div>
<div class="eight wide center column">
<h1 class="hero ui icon header">
{{svg "octicon-code"}} {{ctx.Locale.Tr "startpage.license"}}
</h1>
<p class="large">
{{ctx.Locale.Tr "startpage.license_desc" | Str2html}}
</p>
</div>
</div>
</div>
{{template "base/footer" .}}

View File

@ -0,0 +1,56 @@
upstream gitbackend {
#server 127.0.0.1:3009;
server 10.8.0.2:3009;
}
server {
listen 80;
listen [::]:80;
server_name git.datura.network;
return 301 https://$server_name$request_uri;
}
server {
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name git.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://git.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name git.datura.network;
ssl_certificate /root/.acme.sh/git.datura.network/fullchain.cer;
ssl_trusted_certificate /root/.acme.sh/git.datura.network/git.datura.network.cer;
ssl_certificate_key /root/.acme.sh/git.datura.network/git.datura.network.key;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
ssl_stapling on;
ssl_stapling_verify on;
resolver 80.67.188.188 80.67.169.40 valid=300s;
resolver_timeout 10s;
add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
add_header X-Content-Type-Options nosniff; #MIME-type sniffing
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_pass http://gitbackend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
client_max_body_size 20G;
}
}

View File

@ -0,0 +1,37 @@
# DB Version: 15
# OS Type: linux
# DB Type: web
# Total Memory (RAM): 8 GB
# CPUs num: 4
# Data Storage: ssd
max_connections = 200
shared_buffers = 2GB
effective_cache_size = 6GB
maintenance_work_mem = 512MB
checkpoint_completion_target = 0.9
checkpoint_timeout = 86400
wal_buffers = 16MB
default_statistics_target = 100
random_page_cost = 1.1
effective_io_concurrency = 200
work_mem = 5242kB
min_wal_size = 1GB
max_wal_size = 30GB
max_worker_processes = 4
max_parallel_workers_per_gather = 2
max_parallel_workers = 4
max_parallel_maintenance_workers = 2
# Other custom params
synchronous_commit=off
# This one shouldn't be on regularly, because DB migrations often take a long time
# statement_timeout = 10000
# Listen beyond localhost
listen_addresses = '*'
# Fix a memory leak issue with postgres 15
# https://github.com/LemmyNet/lemmy/issues/4406
jit = 0

View File

@ -0,0 +1,133 @@
version: "3.7"
x-logging: &default-logging
driver: "json-file"
options:
max-size: "50m"
max-file: "4"
services:
proxy:
image: nginx:1-alpine
ports:
# actual and only port facing any connection from outside
# Note, change the left number if port 1236 is already in use on your system
# You could use port 80 if you won't use a reverse proxy
- "1236:1236"
- "8536:8536"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro,Z
restart: unless-stopped
depends_on:
- pictrs
- lemmy-ui
logging: *default-logging
lemmy:
# use "image" to pull down an already compiled lemmy. make sure to comment out "build".
image: dessalines/lemmy:0.19.3
platform: linux/x86_64 # no arm64 support. uncomment platform if using m1.
# use "build" to build your local lemmy server image for development. make sure to comment out "image".
# run: docker compose up --build
#build:
# context: ../
# dockerfile: docker/Dockerfile
# args:
# RUST_RELEASE_MODE: release
# CARGO_BUILD_FEATURES: default
# this hostname is used in nginx reverse proxy and also for lemmy ui to connect to the backend, do not change
hostname: lemmy
restart: unless-stopped
environment:
- RUST_LOG="warn,lemmy_server=debug,lemmy_api=debug,lemmy_api_common=debug,lemmy_api_crud=debug,lemmy_apub=debug,lemmy_db_schema=debug,lemmy_db_views=debug,lemmy_db_views_actor=debug,lemmy_db_views_moderator=debug,lemmy_routes=debug,lemmy_utils=debug,lemmy_websocket=debug"
- RUST_BACKTRACE=full
ports:
# prometheus metrics can be enabled with the `prometheus` config option. they are available on
# port 10002, path /metrics by default
- "10002:10002"
volumes:
- ./lemmy.hjson:/config/config.hjson:Z
depends_on:
- postgres
- pictrs
logging: *default-logging
lemmy-ui:
# use "image" to pull down an already compiled lemmy-ui. make sure to comment out "build".
image: dessalines/lemmy-ui:0.19.3
# platform: linux/x86_64 # no arm64 support. uncomment platform if using m1.
# use "build" to build your local lemmy ui image for development. make sure to comment out "image".
# run: docker compose up --build
# build:
# context: ../../lemmy-ui # assuming lemmy-ui is cloned besides lemmy directory
# dockerfile: dev.dockerfile
environment:
# this needs to match the hostname defined in the lemmy service
- LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536
# set the outside hostname here
#- LEMMY_UI_LEMMY_EXTERNAL_HOST=localhost:1236
- LEMMY_UI_LEMMY_EXTERNAL_HOST=lemmy.datura.network
- LEMMY_UI_HTTPS=true
- LEMMY_UI_DEBUG=true
depends_on:
- lemmy
restart: unless-stopped
logging: *default-logging
init: true
pictrs:
image: asonix/pictrs:0.5.0-rc.2
# this needs to match the pictrs url in lemmy.hjson
hostname: pictrs
# we can set options to pictrs like this, here we set max. image size and forced format for conversion
# entrypoint: /sbin/tini -- /usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp
environment:
- PICTRS_OPENTELEMETRY_URL=http://otel:4137
- PICTRS__API_KEY=API_KEY
- RUST_LOG=debug
- RUST_BACKTRACE=full
- PICTRS__MEDIA__VIDEO_CODEC=vp9
- PICTRS__MEDIA__GIF__MAX_WIDTH=256
- PICTRS__MEDIA__GIF__MAX_HEIGHT=256
- PICTRS__MEDIA__GIF__MAX_AREA=65536
- PICTRS__MEDIA__GIF__MAX_FRAME_COUNT=400
user: 991:991
volumes:
- ./volumes/pictrs:/mnt:Z
restart: unless-stopped
logging: *default-logging
postgres:
image: postgres:16-alpine
# this needs to match the database host in lemmy.hson
# Tune your settings via
# https://pgtune.leopard.in.ua/#/
# You can use this technique to add them here
# https://stackoverflow.com/a/30850095/1655478
hostname: postgres
command:
[
"postgres",
"-c",
"session_preload_libraries=auto_explain",
"-c",
"auto_explain.log_min_duration=5ms",
"-c",
"auto_explain.log_analyze=true",
"-c",
"track_activity_query_size=1048576",
]
ports:
# use a different port so it doesnt conflict with potential postgres db running on the host
- "5433:5432"
environment:
- POSTGRES_USER=lemmy
- POSTGRES_PASSWORD=lemmypasswd
- POSTGRES_DB=lemmy
volumes:
- ./volumes/postgres:/var/lib/postgresql/data:Z
restart: unless-stopped
logging: *default-logging

View File

@ -0,0 +1,89 @@
{
# settings related to the postgresql database
database: {
# Configure the database by specifying a URI
#
# This is the preferred method to specify database connection details since
# it is the most flexible.
# Connection URI pointing to a postgres instance
#
# This example uses peer authentication to obviate the need for creating,
# configuring, and managing passwords.
#
# For an explanation of how to use connection URIs, see [here][0] in
# PostgreSQL's documentation.
#
# [0]: https://www.postgresql.org/docs/current/libpq-connect.html#id-1.7.3.8.3.6
#uri: "postgresql:///lemmy?user=lemmy&host=/var/run/postgresql"
# or
# Configure the database by specifying parts of a URI
#
# Note that specifying the `uri` field should be preferred since it provides
# greater control over how the connection is made. This merely exists for
# backwards-compatibility.
# Username to connect to postgres
user: "lemmy"
# Password to connect to postgres
password: "lemmypasswd"
# Host where postgres is running
host: "postgres"
# Port where postgres can be accessed
port: 5432
#port: 5344
# Name of the postgres database for lemmy
database: "lemmy"
# Maximum number of active sql connections
pool_size: 5
}
# Settings related to activitypub federation
# Pictrs image server configuration.
pictrs: {
# Address where pictrs is available (for image hosting)
url: "http://localhost:8080/"
# Set a custom pictrs API key. ( Required for deleting images )
api_key: "lemmypasswd"
}
# Email sending configuration. All options except login/password are mandatory
email: {
# Hostname and port of the smtp server
smtp_server: "localhost:25"
# Login name for smtp server
smtp_login: "string"
# Password to login to the smtp server
smtp_password: "string"
# Address to send emails from, eg "noreply@your-instance.com"
smtp_from_address: "noreply@example.com"
# Whether or not smtp connections should use tls. Can be none, tls, or starttls
tls_type: "none"
}
# Parameters for automatic configuration of new instance (only used at first start)
#setup: {
# # Username for the admin user
# admin_username: "nihilist"
# # Password for the admin user. It must be at least 10 characters.
# admin_password: ""
# # Name of the site (can be changed later)
# site_name: "Datura Network - Lemmy"
# # Email for the admin user (optional, can be omitted and set later through the website)
# admin_email: "nihilist@nihilism.network"
#}
# the domain name of your instance (mandatory)
hostname: "lemmy.datura.network"
# Address where lemmy should listen for incoming requests
bind: "0.0.0.0"
# Port where lemmy should listen for incoming requests
port: 8536
# Whether the site is available over TLS. Needs to be true for federation to work.
tls_enabled: true
# The number of activitypub federation workers that can be in-flight concurrently
worker_count: 0
# The number of activitypub federation retry workers that can be in-flight concurrently
retry_count: 0
prometheus: {
bind: "127.0.0.1"
port: 10002
}
}

View File

@ -0,0 +1,73 @@
worker_processes 1;
events {
worker_connections 1024;
}
http {
upstream lemmy {
# this needs to map to the lemmy (server) docker service hostname
server "lemmy:8536";
}
upstream lemmy-ui {
# this needs to map to the lemmy-ui docker service hostname
server "lemmy-ui:1234";
}
server {
# this is the port inside docker, not the public one yet
listen 1236;
listen 8536;
# change if needed, this is facing the public web
server_name localhost;
server_tokens off;
gzip on;
gzip_types text/css application/javascript image/svg+xml;
gzip_vary on;
# Upload limit, relevant for pictrs
client_max_body_size 20M;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# frontend general requests
location / {
# distinguish between ui requests and backend
# don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top
set $proxpass "http://lemmy-ui";
if ($http_accept = "application/activity+json") {
set $proxpass "http://lemmy";
}
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
set $proxpass "http://lemmy";
}
if ($request_method = POST) {
set $proxpass "http://lemmy";
}
proxy_pass $proxpass;
rewrite ^(.+)/+$ $1 permanent;
# Send actual client IP upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# backend
location ~ ^/(api|pictrs|feeds|nodeinfo|version|.well-known) {
proxy_pass "http://lemmy";
# proxy common stuff
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Send actual client IP upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}

View File

@ -0,0 +1,71 @@
server {
listen 80;
listen [::]:80;
server_name lemmy.datura.network;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl http2;
server_name lemmy.datura.network;
ssl_certificate /root/.acme.sh/lemmy.datura.network/fullchain.cer;
ssl_certificate_key /root/.acme.sh/lemmy.datura.network/lemmy.datura.network.key;
ssl_dhparam /root/.acme.sh/dhparam.pem;
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name lemmy.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://lemmy.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets on;
ssl_stapling on;
ssl_stapling_verify on;
# Hide nginx version
server_tokens off;
# Upload limit, relevant for pictrs
client_max_body_size 20M;
# Enable compression for JS/CSS/HTML bundle, for improved client load times.
# It might be nice to compress JSON, but leaving that out to protect against potential
# compression+encryption information leak attacks like BREACH.
gzip on;
gzip_types text/css application/javascript image/svg+xml;
gzip_vary on;
# Various content security headers
add_header Referrer-Policy "same-origin";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "DENY";
add_header X-XSS-Protection "1; mode=block";
location / {
proxy_pass http://localhost:1236;
set $proxpass "http://127.0.0.1:1236";
if ($http_accept = "application/activity+json") {
set $proxpass "http://127.0.0.1:1236";
}
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
set $proxpass "http://127.0.0.1:1236";
}
#proxy_pass $proxpass;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

View File

@ -0,0 +1,16 @@
[Unit]
Description=monerod
After=network.target
Wants=network.target
[Service]
ExecStart=/usr/bin/monerod --zmq-pub tcp://127.0.0.1:18083 --disable-dns-checkpoints --enable-dns-blocklist --data-dir /srv/XMR --block-sync-size=50 --out-peers 100 --prep-blocks-threads=128 --prune-blockchain --sync-pruned-blocks --rpc-bind-port=18081 --rpc-bind-ip=0.0.0.0 --p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080 --confirm-external-bind --non-interactive
Restart=on-failure
RestartSec=10s
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

3
3-Anonymity/monero/torrc Normal file
View File

@ -0,0 +1,3 @@
HiddenServiceDir /var/lib/tor/monero-service/
HiddenServicePort 18080 127.0.0.1:18080
HiddenServicePort 18081 127.0.0.1:18081

49
3-Anonymity/tor/torrc Normal file
View File

@ -0,0 +1,49 @@
HiddenServiceDir /var/lib/tor/onions/daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/
HiddenServicePort 80 127.0.0.1:4443
#HiddenServicePort 443 127.0.0.1:4444
HiddenServicePort 18080 127.0.0.1:18080
HiddenServicePort 18081 127.0.0.1:18081
SocksPort 192.168.240.1:9050
#Added configuration
BridgeRelay 1
# Replace "TODO1" with a Tor port of your choice.
# This port must be externally reachable.
# Avoid port 9001 because it's commonly associated with Tor and censors may be scanning the Internet for this port.
ORPort 0.0.0.0:28710
AddressDisableIPv6 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
# Replace "TODO2" with an obfs4 port of your choice.
# This port must be externally reachable and must be different from the one specified for ORPort.
# Avoid port 9001 because it's commonly associated with Tor and censors may be scanning the Internet for this port.
ServerTransportListenAddr obfs4 0.0.0.0:8042
# Local communication port between Tor and obfs4. Always set this to "auto".
# "Ext" means "extended", not "external". Don't try to set a specific port number, nor listen on 0.0.0.0.
ExtORPort auto
# Replace "<address@email.com>" with your email address so we can contact you if there are problems with your bridge.
# This is optional but encouraged.
ContactInfo nihilism@nihilist.network
# Pick a nickname that you like for your bridge. This is optional.
Nickname Nihilism
BandwidthBurst 100Mb
BandwidthRate 100Mb
HiddenServiceDir /var/lib/tor/onions/nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion/
HiddenServicePort 80 127.0.0.1:4445
ORPort 0.0.0.0:28711
ExtORPort auto
AddressDisableIPv6 1

166
4-Scripts/bandwidth.sh Normal file
View File

@ -0,0 +1,166 @@
#!/bin/bash
# Current month total bandwidth in MB
#apt install vnstat -y ; systemctl enable --now vnstat
#vnstat -i enp5s0
#
# while true; do
#i=$(vnstat --oneline | awk -F\; '{ print $11 }')
#DAILY
#i=$(vnstat --oneline | awk -F\; '{ print $4 }')
#j=$(vnstat --oneline | awk -F\; '{ print $5 }')
#MONTHLY
#i=$(vnstat --oneline | awk -F\; '{ print $9 }')
#j=$(vnstat --oneline | awk -F\; '{ print $10 }')
#i=$(vnstat --oneline -i eth0 | awk -F\; '{ print $9 }')
j=$(vnstat --oneline -i eth0 | awk -F\; '{ print $10 }')
month=$(vnstat --oneline -i eth0 | awk -F\; '{ print $8 }')
bn1=$(echo $j | awk '{ print $1 }')
#bn1=$(echo $i | awk '{ print $1 }')
#bn2=$(echo $j | awk '{ print $1 }')
bunit1=$(echo $j | awk '{ print $2 }')
#bunit2=$(echo $j | awk '{ print $2 }')
#echo "bn1= $bn1 bunit1= $bunit1"
#case "$bunit1" in
# KiB) bnB1=$(echo "$bn1*1024" | bc)
# ;;
# MiB) bnB1=$(echo "$bn1*1024*1024" | bc)
# ;;
# GiB) bnB1=$(echo "$bn1*1024*1024*1024" | bc)
# ;;
# TiB) bnB1=$(echo "$bn1*1024*1024*1024*1024" | bc)
# ;;
#esac
# we want TiBs ! not Bytes!
case "$bunit1" in
KiB) bnB1=$(echo "$bn1/1024/1024" | bc)
;;
MiB) bnB1=$(echo "$bn1/1024" | bc)
;;
GiB) bnB1=$(echo "$bn1" | bc)
;;
TiB) bnB1=$(echo "$bn1*1024" | bc)
;;
esac
#echo "bn1= $bn1 bunit1= $bunit1 bnB1= $bnB1"
#case "$bunit2" in
# KiB) bnB2=$(echo "$bn2*1024" | bc)
# ;;
# MiB) bnB2=$(echo "$bn2*1024*1024" | bc)
# ;;
# GiB) bnB2=$(echo "$bn2*1024*1024*1024" | bc)
# ;;
# TiB) bnB2=$(echo "$bn2*1024*1024*1024*1024" | bc)
# ;;
#esac
#if (( $(echo "$bnB1 > $bnB2" |bc -l) )); then
# bandwidth_number=$bnB1
#else
# bandwidth_number=$bnB2
#fi
bandwidth_number=$bnB1 # here only outbound matters!
#convert gibibytes into gigabyte (*1.073742)
echo -en "total sent out for $month : "
final=$(echo "$bandwidth_number * 1.073742" | bc)
echo -en $final GB
echo
#final="50001.0001"
monthly_limit=20000 # in gigabytes, here its a monthly 20TB
server_bandwidth=1000 # in megabytes here its a 1Gbps server (1000Mbps)
if [ "$(echo "$final < ($monthly_limit*0.5)" | bc -l)" == 1 ]; then
echo -en "Bandwidth usage below 50% ($final/$monthly_limit GB monthly), leaving bandwidth at 100% ("
echo -en "$(echo "$server_bandwidth * 1 " | bc -l) Mbps)"
## wondershaper eth0 1024*1000 1024*1000 # this is upload limit in Kbps : so 1000Mbps
wondershaper eth0 1024000 1024000
echo
wondershaper clear eth0
else
echo -en "Bandwidth usage above 50% ($final/$monthly_limit GB monthly), limiting the Bandwidth to 75% ("
echo -en "$(echo "$server_bandwidth * 0.75 " | bc -l) Mbps)"
## wondershaper eth0 1024*1000 1024*750 # this is upload limit in Kbps : so 750Mbps instead of 1000Mbps
wondershaper clear eth0
wondershaper eth0 768000 768000
fi
if [ "$(echo "$final < ($monthly_limit*0.75)" | bc -l)" == 1 ]; then
echo -en "Bandwidth usage below 75% ($final/$monthly_limit GB monthly), leaving bandwidth as is \n"
else
echo -en "Bandwidth usage above 75% ($final/$monthly_limit GB monthly), limiting the Bandwidth to 50% ("
echo -en "$(echo "$server_bandwidth * 0.5 " | bc -l) Mbps)"
## wondershaper eth0 1024*1000 1024*750 # this is upload limit in Kbps : so 750Mbps instead of 1000Mbps
wondershaper clear eth0
wondershaper eth0 512000 512000
fi
if [ "$(echo "$final < ($monthly_limit*0.80)" | bc -l)" == 1 ]; then
echo -en "Bandwidth usage below 80% ($final/$monthly_limit GB monthly), leaving bandwidth as is \n"
else
echo -en "Bandwidth usage above 80% ($final/$monthly_limit GB monthly), limiting the Bandwidth to 25% ("
echo -en "$(echo "$server_bandwidth * 0.5 " | bc -l) Mbps)"
## wondershaper eth0 1024*1000 1024*750 # this is upload limit in Kbps : so 750Mbps instead of 1000Mbps
wondershaper clear eth0
wondershaper eth0 256000 256000
fi
if [ "$(echo "$final < ($monthly_limit*0.90)" | bc -l)" == 1 ]; then
echo -en "Bandwidth usage below 90% ($final/$monthly_limit GB monthly), leaving bandwidth as is \n"
else
echo -en "Bandwidth usage above 90% ($final/$monthly_limit GB monthly), limiting the Bandwidth to 10% ("
echo -en "$(echo "$server_bandwidth * 0.5 " | bc -l) Mbps)"
## wondershaper eth0 1024*1000 1024*750 # this is upload limit in Kbps : so 750Mbps instead of 1000Mbps
wondershaper clear eth0
wondershaper eth0 10240 10240
fi
if [ "$(echo "$final < ($monthly_limit*0.95)" | bc -l)" == 1 ]; then
echo -en "Bandwidth usage below 95% ($final/$monthly_limit GB monthly), leaving bandwidth as is \n"
else
echo -en "Bandwidth usage above 95% ($final/$monthly_limit GB monthly), limiting the Bandwidth to 5% ("
echo -en "$(echo "$server_bandwidth * 0.5 " | bc -l) Mbps)"
## wondershaper eth0 1024*1000 1024*750 # this is upload limit in Kbps : so 750Mbps instead of 1000Mbps
wondershaper clear eth0
wondershaper eth0 5120 5120
fi
# if below : leave as default
# if datacap > 75% : limit bandwidth to 50%
## wondershaper -a eth0 -u 1024*500 # this is upload limit in Kbps : so 750Mbps instead of 1000Mbps
# if datacap > 80% : limit bandwidth to 25%
## wondershaper -a eth0 -u 1024*250 # this is upload limit in Kbps : so 750Mbps instead of 1000Mbps
# if datacap > 90% : limit bandwidth to 10%
## wondershaper -a eth0 -u 1024*100 # this is upload limit in Kbps : so 750Mbps instead of 1000Mbps
# if datacap > 95% : limit bandwidth to 5% >>> THROTTLE INVIDIOUS HARD TO FINISH THE MONTH!
## wondershaper -a eth0 -u 1024*50 # this is upload limit in Kbps : so 750Mbps instead of 1000Mbps
# if datacap > 98% : limit bandwidth to 1%
## wondershaper -a eth0 -u 1024*10 # this is upload limit in Kbps : so 750Mbps instead of 1000Mbps
echo
# done

4
4-Scripts/iftop.sh Normal file
View File

@ -0,0 +1,4 @@
#!/bin/bash
#iftop -i enp5s0 -N -l -P -o 3600s -m 1G
iftop -i eth0 -N -l -P -o 3600s -G net6 -F mask -m 100M