From ffd55e5427212b6d40e1cb7a268bbae867cb516c Mon Sep 17 00:00:00 2001
From: Maksim Pankov <nekota@yandex.ru>
Date: Sun, 17 Nov 2024 20:36:18 +0000
Subject: [PATCH] auth

---
 services/auth/docker-compose.yml      |  10 +++
 services/deluge/.gitignore            |   2 -
 services/deluge/data/config/core.conf | 100 --------------------------
 services/deluge/docker-compose.yml    |  27 -------
 services/ingress/auth.conf            |  30 ++++++++
 services/ingress/blog.conf            |  20 +++++-
 6 files changed, 59 insertions(+), 130 deletions(-)
 create mode 100644 services/auth/docker-compose.yml
 delete mode 100644 services/deluge/.gitignore
 delete mode 100644 services/deluge/data/config/core.conf
 delete mode 100644 services/deluge/docker-compose.yml
 create mode 100644 services/ingress/auth.conf

diff --git a/services/auth/docker-compose.yml b/services/auth/docker-compose.yml
new file mode 100644
index 0000000..352de33
--- /dev/null
+++ b/services/auth/docker-compose.yml
@@ -0,0 +1,10 @@
+services:
+  auth:
+    image: casbin/casdoor:latest
+    ports:
+      - 8000:8000
+    environment:
+      - driverName=postgres
+      - dataSourceName=user=casdoor password=73F(+b3zW_D-4LM3fTgh host=192.168.0.101 port=5432 dbname=casdoor
+
+
diff --git a/services/deluge/.gitignore b/services/deluge/.gitignore
deleted file mode 100644
index 8cfd319..0000000
--- a/services/deluge/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-data/config/**/*
-!data/config/core.conf
\ No newline at end of file
diff --git a/services/deluge/data/config/core.conf b/services/deluge/data/config/core.conf
deleted file mode 100644
index fb58ae6..0000000
--- a/services/deluge/data/config/core.conf
+++ /dev/null
@@ -1,100 +0,0 @@
-{
-    "file": 1,
-    "format": 1
-}{
-    "add_paused": false,
-    "allow_remote": true,
-    "auto_manage_prefer_seeds": false,
-    "auto_managed": true,
-    "cache_expiry": 60,
-    "cache_size": 512,
-    "copy_torrent_file": false,
-    "daemon_port": 58846,
-    "del_copy_torrent_file": false,
-    "dht": true,
-    "dont_count_slow_torrents": false,
-    "download_location": "/mnt/Teka1/Games",
-    "download_location_paths_list": [
-        "/mnt/Teka2/Videos",
-        "/downloads"
-    ],
-    "enabled_plugins": [],
-    "enc_in_policy": 1,
-    "enc_level": 2,
-    "enc_out_policy": 1,
-    "geoip_db_location": "/usr/share/GeoIP/GeoIP.dat",
-    "ignore_limits_on_local_network": true,
-    "info_sent": 0.0,
-    "listen_interface": "",
-    "listen_ports": [
-        6882,
-        6882
-    ],
-    "listen_random_port": null,
-    "listen_reuse_port": true,
-    "listen_use_sys_port": false,
-    "lsd": true,
-    "max_active_downloading": 5,
-    "max_active_limit": -1,
-    "max_active_seeding": -1,
-    "max_connections_global": 200,
-    "max_connections_per_second": 20,
-    "max_connections_per_torrent": -1,
-    "max_download_speed": -1.0,
-    "max_download_speed_per_torrent": -1,
-    "max_half_open_connections": 20,
-    "max_upload_slots_global": -1,
-    "max_upload_slots_per_torrent": -1,
-    "max_upload_speed": 1024.0,
-    "max_upload_speed_per_torrent": -1,
-    "move_completed": false,
-    "move_completed_path": "/downloads",
-    "move_completed_paths_list": [
-        "/mnt/Teka1/Games"
-    ],
-    "natpmp": true,
-    "new_release_check": false,
-    "outgoing_interface": "",
-    "outgoing_ports": [
-        0,
-        0
-    ],
-    "path_chooser_accelerator_string": "Tab",
-    "path_chooser_auto_complete_enabled": true,
-    "path_chooser_max_popup_rows": 20,
-    "path_chooser_show_chooser_button_on_localhost": true,
-    "path_chooser_show_hidden_files": false,
-    "peer_tos": "0x00",
-    "plugins_location": "/config/plugins",
-    "pre_allocate_storage": false,
-    "prioritize_first_last_pieces": false,
-    "proxy": {
-        "anonymous_mode": false,
-        "force_proxy": false,
-        "hostname": "",
-        "password": "",
-        "port": 8080,
-        "proxy_hostnames": true,
-        "proxy_peer_connections": true,
-        "proxy_tracker_connections": true,
-        "type": 0,
-        "username": ""
-    },
-    "queue_new_to_top": false,
-    "random_outgoing_ports": true,
-    "random_port": false,
-    "rate_limit_ip_overhead": true,
-    "remove_seed_at_ratio": false,
-    "seed_time_limit": 180,
-    "seed_time_ratio_limit": 7.0,
-    "send_info": false,
-    "sequential_download": false,
-    "share_ratio_limit": 2.0,
-    "shared": false,
-    "stop_seed_at_ratio": false,
-    "stop_seed_ratio": 2.0,
-    "super_seeding": false,
-    "torrentfiles_location": "/config/torrents",
-    "upnp": true,
-    "utpex": true
-}
\ No newline at end of file
diff --git a/services/deluge/docker-compose.yml b/services/deluge/docker-compose.yml
deleted file mode 100644
index 3c7cc75..0000000
--- a/services/deluge/docker-compose.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-version: '3'
-services:
-  deluge:
-    image: lscr.io/linuxserver/deluge:latest
-    container_name: deluge
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Etc/MSK
-      - DELUGE_LOGLEVEL=error #optional
-    volumes:
-      - ./data/config:/config
-      - ./data/downloads:/downloads
-      - /mnt/Teka1/Videos:/mnt/Teka1/Videos
-      - /mnt/Teka2/Videos:/mnt/Teka2/Videos
-    ports:
-      # - 8112:8112 # Web UI
-      - 58846:58846 # RPC
-      - 6881:6881 # Inbound torrent traffic
-      - 6881:6881/udp # Inbound torrent traffic 
-    restart: always
-
-# The admin interface is available at http://SERVER-IP:8112 with a default user/password of admin/deluge.
-#
-# To change the password (recommended) log in to the web interface and go to Preferences->Interface->Password.
-#
-# Change the inbound port to 6881 (or whichever port you've mapped for the container) under Preferences->Network, otherwise random ports will be used.
\ No newline at end of file
diff --git a/services/ingress/auth.conf b/services/ingress/auth.conf
new file mode 100644
index 0000000..151a7a7
--- /dev/null
+++ b/services/ingress/auth.conf
@@ -0,0 +1,30 @@
+server {
+	server_name auth.maksim-pankov.ru;
+	location / {
+		proxy_pass http://127.0.0.1:8000/;
+                proxy_set_header Host $proxy_host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		client_max_body_size 0;
+	}
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/auth.maksim-pankov.ru/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/auth.maksim-pankov.ru/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+
+server {
+    if ($host = auth.maksim-pankov.ru) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+	server_name auth.maksim-pankov.ru;
+    return 404; # managed by Certbot
+
+
+}
diff --git a/services/ingress/blog.conf b/services/ingress/blog.conf
index c8d637a..2b11225 100644
--- a/services/ingress/blog.conf
+++ b/services/ingress/blog.conf
@@ -1,7 +1,25 @@
 server {
         server_name blog.maksim-pankov.ru;
-        listen 80;
         location / {
                 root /opt/blog_content/;
         }        
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/blog.maksim-pankov.ru/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/blog.maksim-pankov.ru/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
 }
+server {
+    if ($host = blog.maksim-pankov.ru) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+        server_name blog.maksim-pankov.ru;
+        listen 80;
+    return 404; # managed by Certbot
+
+
+}
\ No newline at end of file