gitea ui tweaks

Reviewed-on: #5

.gitignore

@@ -1,7 +1,8 @@
-gitea/
+gitea
 .env
-pmb-pf/
+pmb-pf
 venv
 zapp.db
 db/bu
-tor/hidden_service/
+tor/hidden_service
+sshtun/oilykey

backend/app/templates/base.html

@@ -19,10 +19,12 @@
       <a {% block profilecurrent %}{% endblock %} href="{{ url_for('user', username=current_user.username) }}">profile</a>
       <a href="{{ url_for('logout') }}">logout</a>
       {% endif %}
-
+      <a href="https://gut.oily.dad/explore/repos">
+        <img style="vertical-align: middle; horizontal-align: center; height: 22px" src="https://gut.oily.dad/assets/img/logo.svg" alt="Logo" aria-hidden="true">
+      </a>
     </nav>
+
     <h2>oily.dad</h2>
-		<h5>oilydada7ckiseinkbeathsefwgkvjrce743xy7x7iiybkuxh4vheead.onion</h5>
     </header>
     <hr>
     {% with messages = get_flashed_messages() %}

compose.yaml

@@ -77,8 +77,10 @@ services:
       - GITEA__mailer__SMTP_PORT=25
       - GITEA__service__REGISTER_EMAIL_CONFIRM=true
       - GITEA__service__ENABLE_NOTIFY_MAIL=true
+      - GITEA__server__LANDING_PAGE=explore
+      - GITEA__ui__REACTIONS="+1, -1, fu, heart, laugh, confused, hooray, eyes, gun, boom, poop, kiss"
       # To disable new users after setup:
-      #- GITEA__service__DISABLE_REGISTRATION=false
+      - GITEA__service__DISABLE_REGISTRATION=true
     networks:
       - backnet
       - frontnet
@@ -100,8 +102,8 @@ services:
       - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
       - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
     ports:
-      - 80:80
-      - 443:443
+      - "80:80"
+      - "443:443"
     depends_on: 
       - backend
     networks:
@@ -135,6 +137,20 @@ services:
     networks:
       - backnet
 
+  sshtun:
+    build:
+      context: sshtun
+      dockerfile: Dockerfile
+    restart: on-failure
+    environment:
+      - USE_TUN=${USE_TUN}
+    ports:
+      - "22222:22"
+    expose:
+      - "11112"
+    networks:
+      - frontnet
+
 volumes:
   db-data:
   pmb-root:

compose.yaml.local

@@ -78,7 +78,7 @@ services:
       - GITEA__service__REGISTER_EMAIL_CONFIRM=true
       - GITEA__service__ENABLE_NOTIFY_MAIL=true
       # To disable new users after setup:
-      #- GITEA__service__DISABLE_REGISTRATION=false
+      - GITEA__service__DISABLE_REGISTRATION=true
     networks:
       - backnet
       - frontnet
@@ -100,8 +100,8 @@ services:
     #  - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
     #  - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
     ports:
-      - 80:80
-      - 443:443
+      - "80:80"
+      - "443:443"
     depends_on: 
       - backend
     networks:
@@ -135,6 +135,20 @@ services:
     networks:
       - backnet
 
+  sshtun:
+    build:
+      context: sshtun
+      dockerfile: Dockerfile
+    restart: on-failure
+    environment:
+      - USE_TUN=${USE_TUN}
+    ports:
+      - "22222:22"
+    expose:
+      - "11112"
+    networks:
+      - frontnet
+
 volumes:
   db-data:
   pmb-root:

compose.yaml.prod

@@ -77,8 +77,10 @@ services:
       - GITEA__mailer__SMTP_PORT=25
       - GITEA__service__REGISTER_EMAIL_CONFIRM=true
       - GITEA__service__ENABLE_NOTIFY_MAIL=true
+      - GITEA__server__LANDING_PAGE=explore
+      - GITEA__ui__REACTIONS="+1, -1, fu, heart, laugh, confused, hooray, eyes, gun, boom, poop, kiss"
       # To disable new users after setup:
-      #- GITEA__service__DISABLE_REGISTRATION=false
+      - GITEA__service__DISABLE_REGISTRATION=true
     networks:
       - backnet
       - frontnet
@@ -100,8 +102,8 @@ services:
       - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
       - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
     ports:
-      - 80:80
-      - 443:443
+      - "80:80"
+      - "443:443"
     depends_on: 
       - backend
     networks:
@@ -135,6 +137,20 @@ services:
     networks:
       - backnet
 
+  sshtun:
+    build:
+      context: sshtun
+      dockerfile: Dockerfile
+    restart: on-failure
+    environment:
+      - USE_TUN=${USE_TUN}
+    ports:
+      - "22222:22"
+    expose:
+      - "11112"
+    networks:
+      - frontnet
+
 volumes:
   db-data:
   pmb-root:

dotenv

@@ -13,6 +13,9 @@ BUILD_GPG_PP=
 # Tor:
 # true/false:
 USE_TOR=false
+# SSH Tun:
+# true/false:
+USE_TUN=false
 
 # Backend:
 FLASK_SECRET_KEY="flaskkey"

proxy/conf

@@ -22,6 +22,7 @@ server {
 	root /var/www/html;
 	index index.php index.html index.htm;
 
+	add_header Onion-Location http://oilydada7ckiseinkbeathsefwgkvjrce743xy7x7iiybkuxh4vheead.onion$request_uri;
 
 	location / {
 		proxy_pass http://backend:8000/;

proxy/sslconf

@@ -22,6 +22,7 @@ server {
 	root /var/www/html;
 	index index.php index.html index.htm;
 
+	add_header Onion-Location http://oilydada7ckiseinkbeathsefwgkvjrce743xy7x7iiybkuxh4vheead.onion$request_uri;
 
 	location / {
 		proxy_pass http://backend:8000/;

sshtun/Dockerfile

@@ -0,0 +1,18 @@
+FROM debian:12-slim
+
+RUN apt update && apt install -y openssh-server socat
+
+RUN adduser --disabled-password --gecos "" finn
+
+RUN mkdir /home/finn/.ssh
+
+# only one pubkey -- wildcard to conceal filename
+COPY ./oilykey/*.pub /home/finn/.ssh/authorized_keys
+
+RUN mkdir /var/run/sshd
+RUN echo "PermitRootLogin no" >> /etc/ssh/sshd_config
+RUN echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
+
+COPY ./entrypoint.sh /
+
+ENTRYPOINT ["/entrypoint.sh"]

sshtun/entrypoint.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+# Container goal: egress
+# first:	physical_box$ autossh -N -R 11111:localhost:11434 -i sshtun/oilykey/<SOMEKEY> -p 22222 <rem_vps_url>
+# will forward rem_c_port:physical_box:physical_box_port ...some args...  rem_vps_p rem_vps_url
+# then:		frontnet_c$ curl sshtun.frontnet:11112 --> physical_box:11434
+
+if $USE_TUN ; then
+	echo "@@@@@@@@@@ SSH TUNNEL ENABLED BY ENV"
+	nohup socat TCP-LISTEN:11112,fork TCP:localhost:11111 &
+	/usr/sbin/sshd -De
+else
+	echo "@@@@@@@@@@ SSH TUNNEL DISABLED BY ENV"
+fi
+