restore nc stuff

checkpoint build fixes for pmb and be
update proxy
2026-03-19 16:13:21 -07:00 · 2026-03-19 16:03:12 -07:00 · 2026-03-19 15:02:05 -07:00 · 2026-03-19 14:52:24 -07:00 · 2026-03-19 14:46:30 -07:00
20 changed files with 284 additions and 397 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,6 @@
 gitea
 .env
 pmb-pf
 stump
 kavita
 venv
 zapp.db
 db/bu
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -1,9 +1,9 @@
 # syntax=docker/dockerfile:1.4
-FROM python:3-slim-bookworm AS builder
+FROM python:3.12-slim-bookworm AS builder
 # Second line optional/debug/qol
 RUN apt update && apt install -y \
-    libmariadb-dev gcc \
+    libmariadb-dev gcc python3-setuptools \
    mariadb-client
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -1,28 +1,28 @@
-alembic
+alembic==1.13.2
-blinker
+blinker==1.8.2
-click
+click==8.1.7
-dnspython
+dnspython==2.6.1
-email_validator
+email_validator==2.2.0
-Flask
+Flask==3.0.3
-Flask-Login
+Flask-Login==0.6.3
-Flask-Mail
+Flask-Mail==0.10.0
-Flask-Migrate
+Flask-Migrate==4.0.7
-Flask-SQLAlchemy
+Flask-SQLAlchemy==3.1.1
-Flask-WTF
+Flask-WTF==1.2.1
-greenlet
+greenlet==3.0.3
-idna
+idna==3.7
-itsdangerous
+itsdangerous==2.2.0
-Jinja2
+Jinja2==3.1.4
-Mako
+Mako==1.3.5
-mariadb
+mariadb==1.1.10
-MarkupSafe
+MarkupSafe==2.1.5
-packaging
+packaging==24.1
-pillow
+pillow==10.4.0
-pydenticon
+pydenticon==0.3.1
-PyJWT
+PyJWT==2.9.0
-python-dotenv
+python-dotenv==1.0.1
-SQLAlchemy
+SQLAlchemy==2.0.31
-typing_extensions
+typing_extensions==4.12.2
-uWSGI
+uWSGI==2.0.26
-Werkzeug
+Werkzeug==3.0.3
-WTForms
+WTForms==3.1.2
--- a/backend/requirements.txt.old
+++ b/backend/requirements.txt.old
@@ -1,28 +0,0 @@
 alembic==1.13.2
 blinker==1.8.2
 click==8.1.7
 dnspython==2.6.1
 email_validator==2.2.0
 Flask==3.0.3
 Flask-Login==0.6.3
 Flask-Mail==0.10.0
 Flask-Migrate==4.0.7
 Flask-SQLAlchemy==3.1.1
 Flask-WTF==1.2.1
 greenlet==3.0.3
 idna==3.7
 itsdangerous==2.2.0
 Jinja2==3.1.4
 Mako==1.3.5
 mariadb==1.1.10
 MarkupSafe==2.1.5
 packaging==24.1
 pillow==10.4.0
 pydenticon==0.3.1
 PyJWT==2.9.0
 python-dotenv==1.0.1
 SQLAlchemy==2.0.31
 typing_extensions==4.12.2
 uWSGI==2.0.28
 Werkzeug==3.0.3
 WTForms==3.1.2
--- a/compose.yaml
+++ b/compose.yaml
@@ -31,7 +31,7 @@ services:
    #tty: true
    restart: always
    # Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi)
-    #command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "--buffer-size", "16384", "--limit-as", "2048", "-w", "microblog:app"]
+    #command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
    container_name: backend
    environment:
      - MYSQL_USER=flasku
@@ -99,9 +99,9 @@ services:
  proxy:
    build: proxy
    restart: always
-    volumes:
+    #volumes:
-      - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
+    #  - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
-      - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
+    #  - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
    ports:
      - "80:80"
      - "443:443"
@@ -121,11 +121,11 @@ services:
      - frontnet
  pmb:
-    #build:
+    build:
-    #  args:
+      args:
-    #    GPG_PP: $BUILD_GPG_PP
+        GPG_PP: $BUILD_GPG_PP
-    #  context: pmb-pf
+      context: pmb-pf
-    #  dockerfile: Dockerfile
+      dockerfile: Dockerfile
    image: site_pmb:latest
    expose:
      - "25"
@@ -138,51 +138,6 @@ services:
    networks:
      - backnet
  stump:
    image: aaronleopold/stump
    container_name: stump
    # Replace my paths (prior to the colons) with your own
    volumes:
      - ./stump:/config
      - /mnt/hub/rocky-remote/st/rockybookshare/:/rocky-remote
      - /mnt/hub/rocky-remote/st/briebookshare/:/rocky-redundant
      - /mnt/hub/brie-remote/st/bookshare:/brie-remote
    #ports:
    #  - 10801:10801
    environment:
      - PUID=1000
      - PGID=1000
      - STUMP_ENABLE_UPLOAD=true
      - ENABLE_KOREADER_SYNC=true
      - ENABLE_OPDS_PROGRESSION=true
      - STUMP_MAX_SCANNER_CONCURRENCY=2
      - STUMP_MAX_THUMBNAIL_CONCURRENCY=1
    restart: unless-stopped
    networks:
      - frontnet
      - backnet
  kavita:
    image: jvmilazz0/kavita:latest    # Using the stable branch from the official dockerhub repo.
    container_name: kavita
    volumes:
      #- /your/path/to/manga:/manga
      #- /your/path/to/comics:/comics
      - /mnt/hub/rocky-remote/st/rockybookshare/:/rocky-remote
      - /mnt/hub/rocky-remote/st/briebookshare/:/rocky-redundant
      - /mnt/hub/brie-remote/st/bookshare/:/brie-remote
      - ./kavita:/kavita/config     # /kavita/config must not be changed
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
    #ports:
    #  - "5000:5000"
    restart: unless-stopped
    networks:
      - frontnet
      - backnet
  sshtun:
    build:
      context: sshtun
@@ -197,9 +152,37 @@ services:
    networks:
      - frontnet
  nextcloud:
    image: nextcloud:latest
    restart: always
    container_name: nextcloud
    volumes:
      - nextcloud-data:/var/www/html
      - nextcloud-apps:/var/www/html/custom_apps
      - nextcloud-config:/var/www/html/config
      - nextcloud-data:/var/www/html/data
    environment:
      - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.oily.dad
      - MYSQL_HOST=db
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=${DOTENV_MYSQL_NEXTCLOUD_PASSWORD}
      - NEXTCLOUD_ADMIN_USER=admin
      - NEXTCLOUD_ADMIN_PASSWORD=${DOTENV_NEXTCLOUD_ADMIN_PASSWORD}
      - NEXTCLOUD_DATA_DIR=/var/www/html/data
    networks:
      - backnet
      - frontnet
    depends_on:
      db:
        condition: service_healthy
 volumes:
  db-data:
  pmb-root:
  nextcloud-data:
  nextcloud-apps:
  nextcloud-config:
 networks:
  backnet:
--- a/compose.yaml.local
+++ b/compose.yaml.local
@@ -81,7 +81,7 @@ services:
      - GITEA__server__LANDING_PAGE=explore
      - GITEA__ui__REACTIONS="+1, -1, fu, heart, laugh, confused, hooray, eyes, gun, boom, poop, kiss, rocket, bomb, chart_with_downwards_trend, eggplant"
      # To disable new users after setup:
-      - GITEA__service__DISABLE_REGISTRATION=false
+      - GITEA__service__DISABLE_REGISTRATION=true
    networks:
      - backnet
      - frontnet
@@ -121,11 +121,11 @@ services:
      - frontnet
  pmb:
-    #build:
+    build:
-    #  args:
+      args:
-    #    GPG_PP: $BUILD_GPG_PP
+        GPG_PP: $BUILD_GPG_PP
-    #  context: pmb-pf
+      context: pmb-pf
-    #  dockerfile: Dockerfile
+      dockerfile: Dockerfile
    image: site_pmb:latest
    expose:
      - "25"
@@ -152,9 +152,37 @@ services:
    networks:
      - frontnet
  nextcloud:
    image: nextcloud:latest
    restart: always
    container_name: nextcloud
    volumes:
      - nextcloud-data:/var/www/html
      - nextcloud-apps:/var/www/html/custom_apps
      - nextcloud-config:/var/www/html/config
      - nextcloud-data:/var/www/html/data
    environment:
      - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.oily.dad
      - MYSQL_HOST=db
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=${DOTENV_MYSQL_NEXTCLOUD_PASSWORD}
      - NEXTCLOUD_ADMIN_USER=admin
      - NEXTCLOUD_ADMIN_PASSWORD=${DOTENV_NEXTCLOUD_ADMIN_PASSWORD}
      - NEXTCLOUD_DATA_DIR=/var/www/html/data
    networks:
      - backnet
      - frontnet
    depends_on:
      db:
        condition: service_healthy
 volumes:
  db-data:
  pmb-root:
  nextcloud-data:
  nextcloud-apps:
  nextcloud-config:
 networks:
  backnet:
--- a/compose.yaml.prod
+++ b/compose.yaml.prod
@@ -81,7 +81,7 @@ services:
      - GITEA__server__LANDING_PAGE=explore
      - GITEA__ui__REACTIONS="+1, -1, fu, heart, laugh, confused, hooray, eyes, gun, boom, poop, kiss, rocket, bomb, chart_with_downwards_trend, eggplant"
      # To disable new users after setup:
-      - GITEA__service__DISABLE_REGISTRATION=false
+      - GITEA__service__DISABLE_REGISTRATION=true
    networks:
      - backnet
      - frontnet
@@ -121,11 +121,11 @@ services:
      - frontnet
  pmb:
-    #build:
+    build:
-    #  args:
+      args:
-    #    GPG_PP: $BUILD_GPG_PP
+        GPG_PP: $BUILD_GPG_PP
-    #  context: pmb-pf
+      context: pmb-pf
-    #  dockerfile: Dockerfile
+      dockerfile: Dockerfile
    image: site_pmb:latest
    expose:
      - "25"
@@ -152,9 +152,37 @@ services:
    networks:
      - frontnet
  nextcloud:
    image: nextcloud:latest
    restart: always
    container_name: nextcloud
    volumes:
      - nextcloud-data:/var/www/html
      - nextcloud-apps:/var/www/html/custom_apps
      - nextcloud-config:/var/www/html/config
      - nextcloud-data:/var/www/html/data
    environment:
      - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.oily.dad
      - MYSQL_HOST=db
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=${DOTENV_MYSQL_NEXTCLOUD_PASSWORD}
      - NEXTCLOUD_ADMIN_USER=admin
      - NEXTCLOUD_ADMIN_PASSWORD=${DOTENV_NEXTCLOUD_ADMIN_PASSWORD}
      - NEXTCLOUD_DATA_DIR=/var/www/html/data
    networks:
      - backnet
      - frontnet
    depends_on:
      db:
        condition: service_healthy
 volumes:
  db-data:
  pmb-root:
  nextcloud-data:
  nextcloud-apps:
  nextcloud-config:
 networks:
  backnet:
--- a/db/init/01-databases.sql
+++ b/db/init/01-databases.sql
@@ -1,12 +1,15 @@
 -- create databases
 CREATE DATABASE IF NOT EXISTS `gitea`;
 CREATE DATABASE IF NOT EXISTS `flask`;
 CREATE DATABASE IF NOT EXISTS `nextcloud`;
 -- create root user and grant rights
-CREATE USER 'gitea'@'gitea.backnet' IDENTIFIED BY 'giteap';
+CREATE USER IF NOT EXISTS 'gitea'@'gitea.backnet' IDENTIFIED BY 'giteap';
-CREATE USER 'flasku'@'backend.backnet' IDENTIFIED BY 'flaskp';
+CREATE USER IF NOT EXISTS 'flasku'@'backend.backnet' IDENTIFIED BY 'flaskp';
 CREATE USER IF NOT EXISTS 'nextcloud'@'nextcloud.backnet' IDENTIFIED BY 'nextcloudp';
 --CREATE USER 'gitea'@'localhost' IDENTIFIED BY 'gitea';
 --GRANT ALL ON `gitea` TO 'gitea'@'localhost';
 GRANT ALL ON gitea.* TO 'gitea'@'gitea.backnet';
 GRANT ALL ON flask.* TO 'flasku'@'backend.backnet';
 GRANT ALL ON nextcloud.* TO 'nextcloud'@'nextcloud.backnet';
--- a/4
+++ b/4
@@ -31,4 +31,8 @@ FLASK_ADMIN_EMAIL="git@aaa"
 FLASK_JWT_PHRASE="jwtphrase"
 FLASK_REAL_HOSTNAME="localhost"
 # Nextcloud:
 DOTENV_MYSQL_NEXTCLOUD_PASSWORD="nextcloudp"
 DOTENV_NEXTCLOUD_ADMIN_PASSWORD="adminp"
--- a/ls_rclone.sh
+++ b/ls_rclone.sh
@@ -1,5 +0,0 @@
 rclone ls :sftp: \
  --sftp-host=localhost \
  --sftp-port=11111 \
  --sftp-user=armbian \
  --sftp-key-file=/home/armbian/.ssh/armbian-brie-202604
--- a/proxy/Caddyfile
+++ b/proxy/Caddyfile
@@ -1,93 +0,0 @@
 # Global options
 {
 	# Disable auto HTTPS since we're using existing certificates
 	auto_https off
 }
 # HTTP to HTTPS redirect
 :80 {
 	redir https://{host}{uri} permanent
 }
 # Main domain - oily.dad and www.oily.dad
 oily.dad, www.oily.dad {
 	# Root directory (not strictly needed for reverse proxy)
 	root * /var/www/html
 	# Use existing SSL certificates
 	tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem
 	# Onion-Location header
 	header Onion-Location http://oilydada7ckiseinkbeathsefwgkvjrce743xy7x7iiybkuxh4vheead.onion{path}
 	# Reverse proxy to backend
 	reverse_proxy http://backend:8000 {
 		# Preserve original host header
 		header_up Host {host}
 		header_up X-Real-IP {remote}
 		# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
 	}
 }
 # Subdomain for Gitea - gut.oily.dad
 gut.oily.dad {
 	# Use existing SSL certificates
 	tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem
 	# Reverse proxy to Gitea
 	reverse_proxy http://gitea:3000 {
 		# WebSocket support for Gitea
 		header_up Connection {>Connection}
 		header_up Upgrade {>Upgrade}
 		# Preserve original headers
 		header_up Host {host}
 		header_up X-Real-IP {remote}
 		# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
 	}
 }
 # Subdomain for Stump - stump.oily.dad
 stump.oily.dad {
 	# kavita supports gzip seems to work with stump
 	encode gzip
 	# Use existing SSL certificates
 	tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem
 	# Reverse proxy to Stump
 	reverse_proxy http://stump:10801 {
 	#reverse_proxy http://kavita:5000 {
 		# WebSocket support for Stump (if needed)
 		header_up Connection {>Connection}
 		header_up Upgrade {>Upgrade}
 		# Preserve original headers
 		header_up Host {host}
 		header_up X-Real-IP {remote}
 		# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
 	}
 }
 # Subdomain for Kavita - book.oily.dad
 book.oily.dad {
 	# kavita supports gzip
 	encode gzip
 	# Use existing SSL certificates
 	tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem
 	# Reverse proxy to Kavita
 	#reverse_proxy http://stump:10801 {
 	reverse_proxy http://kavita:5000 {
 		# WebSocket support for Kavita (if needed)
 		header_up Connection {>Connection}
 		header_up Upgrade {>Upgrade}
 		# Preserve original headers
 		header_up Host {host}
 		header_up X-Real-IP {remote}
 		# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
 	}
 }
--- a/proxy/Caddyfile.maybeno
+++ b/proxy/Caddyfile.maybeno
@@ -1,65 +0,0 @@
 # Global options
 {
 	# Disable auto HTTPS since we're using existing certificates
 	auto_https off
 }
 # HTTP to HTTPS redirect
 :80 {
 	redir https://{host}{uri} permanent
 }
 # Main domain - oily.dad and www.oily.dad
 oily.dad, www.oily.dad {
 	# Root directory (not strictly needed for reverse proxy)
 	root * /var/www/html
 	# Use existing SSL certificates
 	tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem
 	# Onion-Location header
 	header Onion-Location http://oilydada7ckiseinkbeathsefwgkvjrce743xy7x7iiybkuxh4vheead.onion{path}
 	# Reverse proxy to backend
 	reverse_proxy http://backend:8000 {
 		# Preserve original host header
 		header_up Host {host}
 		header_up X-Real-IP {remote}
 		# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
 	}
 }
 # Subdomain for Gitea - gut.oily.dad
 gut.oily.dad {
 	# Root directory (not strictly needed for reverse proxy)
 	root * /var/www/html
 	# Use existing SSL certificates
 	tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem
 	# Reverse proxy to Gitea
 	reverse_proxy http://gitea:3000 {
 		# WebSocket support for Gitea
 		header_up Connection {>Connection}
 		header_up Upgrade {>Upgrade}
 		# Preserve original headers
 		header_up Host {host}
 		header_up X-Real-IP {remote}
 		# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
 	}
 }
 # Subdomain for Stump (comics/books) - book.oily.dad
 book.oily.dad {
 	# Root directory (not strictly needed for reverse proxy)
 	root * /var/www/html
 	# Use existing SSL certificates
 	tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem
 	# Reverse proxy to Stump
 	#reverse_proxy http://stump:10801 {
 	reverse_proxy http://kavita:5000
 }
--- a/proxy/Caddyfile.old
+++ b/proxy/Caddyfile.old
@@ -1,74 +0,0 @@
 # Global options
 {
 	# Disable auto HTTPS since we're using existing certificates
 	auto_https off
 }
 # HTTP to HTTPS redirect
 :80 {
 	redir https://{host}{uri} permanent
 }
 # Main domain - oily.dad and www.oily.dad
 oily.dad, www.oily.dad {
 	# Root directory (not strictly needed for reverse proxy)
 	root * /var/www/html
 	# Use existing SSL certificates
 	tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem
 	# Onion-Location header
 	header Onion-Location http://oilydada7ckiseinkbeathsefwgkvjrce743xy7x7iiybkuxh4vheead.onion{path}
 	# Reverse proxy to backend
 	reverse_proxy http://backend:8000 {
 		# Preserve original host header
 		header_up Host {host}
 		header_up X-Real-IP {remote}
 		# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
 	}
 }
 # Subdomain for Gitea - gut.oily.dad
 gut.oily.dad {
 	# Root directory (not strictly needed for reverse proxy)
 	root * /var/www/html
 	# Use existing SSL certificates
 	tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem
 	# Reverse proxy to Gitea
 	reverse_proxy http://gitea:3000 {
 		# WebSocket support for Gitea
 		header_up Connection {>Connection}
 		header_up Upgrade {>Upgrade}
 		# Preserve original headers
 		header_up Host {host}
 		header_up X-Real-IP {remote}
 		# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
 	}
 }
 # Subdomain for Stump (comics/books) - book.oily.dad
 book.oily.dad {
 	# Root directory (not strictly needed for reverse proxy)
 	root * /var/www/html
 	# Use existing SSL certificates
 	tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem
 	# Reverse proxy to Stump
 	#reverse_proxy http://stump:10801 {
 	reverse_proxy http://kavita:5000 {
 		# WebSocket support for Stump (if needed)
 		header_up Connection {>Connection}
 		header_up Upgrade {>Upgrade}
 		# Preserve original headers
 		header_up Host {host}
 		header_up X-Real-IP {remote}
 		# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
 	}
 }
--- a/proxy/Dockerfile
+++ b/proxy/Dockerfile
@@ -1,10 +1,2 @@
-FROM caddy:alpine
+FROM nginx:alpine
-
+COPY conf /etc/nginx/conf.d/default.conf
 # Copy Caddyfile configuration
 COPY Caddyfile /etc/caddy/Caddyfile
 # Create directory for www root
 RUN mkdir -p /var/www/html
 # Caddy runs as non-root user by default
 # Ports 80 and 443 are exposed by the base image
--- a/proxy/baseconf
+++ b/proxy/baseconf
@@ -0,0 +1,20 @@
 server {
    listen       80;
    server_name  localhost;
    location / {
        proxy_pass   http://backend:8000;
    }
    location /gutty{
        proxy_pass   http://gitea:3000;
    }
    location /nextcloud{
        client_max_body_size 512M;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass   http://nextcloud/;
    }
 }
--- a/proxy/conf
+++ b/proxy/conf
@@ -0,0 +1,20 @@
 server {
    listen       80;
    server_name  localhost;
    location / {
        proxy_pass   http://backend:8000;
    }
    location /gutty{
        proxy_pass   http://gitea:3000;
    }
    location /nextcloud{
        client_max_body_size 512M;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass   http://nextcloud/;
    }
 }
--- a/proxy/giteaconf
+++ b/proxy/giteaconf
@@ -0,0 +1,17 @@
 server {
    listen       80;
    server_name  localhost;
    location / {
        client_max_body_size 512M;
        #proxy_pass http://localhost:3000;
        proxy_pass http://gitea:3000;
        proxy_set_header Connection $http_connection;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
 } 
--- a/proxy/sslconf
+++ b/proxy/sslconf
@@ -0,0 +1,72 @@
 #server {
 #    listen       80;
 #    server_name  localhost;
 #    location / {
 #        proxy_pass   http://backend:8000;
 #    }
 # always redirect to https
 server {
 	listen 80 default_server;
 	server_name _;
 	return 301 https://$host$request_uri;
 }
 server {
 	listen 443 ssl http2;
 	# use the certificates
 	ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
 	server_name oily.dad www.oily.dad;
 	root /var/www/html;
 	index index.php index.html index.htm;
 	add_header Onion-Location http://oilydada7ckiseinkbeathsefwgkvjrce743xy7x7iiybkuxh4vheead.onion$request_uri;
 	location / {
 		proxy_pass http://backend:8000/;
 	}
 }
 server {
 	listen 443 ssl http2;
 	# use the certificates
 	ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
 	server_name gut.oily.dad;
 	root /var/www/html;
 	index index.php index.html index.htm;
 	location / {
 		client_max_body_size 512M;
 	        #proxy_pass http://localhost:3000;
 	        proxy_set_header Connection $http_connection;
        	proxy_set_header Upgrade $http_upgrade;
 	        proxy_set_header Host $host;
 	        proxy_set_header X-Real-IP $remote_addr;
 	        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 	        proxy_set_header X-Forwarded-Proto $scheme;
 		proxy_pass http://gitea:3000/;
 	}
 }
 server {
 	listen 443 ssl http2;
 	# use the certificates
 	ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
 	server_name nextcloud.oily.dad;
 	root /var/www/html;
 	index index.php index.html index.htm;
 	location / {
 		client_max_body_size 512M;
 		proxy_set_header Host $host;
 		proxy_set_header X-Real-IP $remote_addr;
 		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 		proxy_set_header X-Forwarded-Proto $scheme;
 		proxy_pass http://nextcloud/;
 	}
 }
--- a/sshtun/Dockerfile
+++ b/sshtun/Dockerfile
@@ -1,20 +1,15 @@
-FROM debian:13-slim
+FROM debian:12-slim
-RUN apt update
+RUN apt update && apt install -y openssh-server socat
 RUN apt install -y \
 	openssh-server \
 	socat
-RUN adduser --disabled-password --gecos "" armbian
+RUN adduser --disabled-password --gecos "" finn
-# ssh:
+RUN mkdir /home/finn/.ssh
-RUN mkdir /home/armbian/.ssh
+
-# only one pubkey -- wildcard just to conceal filename
+# only one pubkey -- wildcard to conceal filename
-COPY ./oilykey/*.pub /home/armbian/.ssh/authorized_keys
+COPY ./oilykey/*.pub /home/finn/.ssh/authorized_keys
-COPY ./oilykey/* /home/armbian/.ssh/
+
-RUN chown -R armbian:armbian /home/armbian/.ssh/
+RUN mkdir /var/run/sshd
 RUN chmod 600 /home/armbian/.ssh/*
 #RUN mkdir /var/run/sshd
 RUN echo "PermitRootLogin no" >> /etc/ssh/sshd_config
 RUN echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
--- a/sshtun/manual_rclone.sh
+++ b/sshtun/manual_rclone.sh
@@ -1,8 +0,0 @@
 rclone mount :sftp: /armbian/briemount \
  --sftp-host=localhost \
  --sftp-port=11111 \
  --sftp-user=armbian \
  --sftp-key-file=/home/armbian/.ssh/armbian-brie-202604 \
  --vfs-cache-mode off \
  --allow-other \
  --daemon
Author	SHA1	Message	Date
finn	996e602774	restore nc stuff	2026-03-19 16:13:21 -07:00
finn	c116021b29	checkpoint build fixes for pmb and be	2026-03-19 16:03:12 -07:00
finn	d813c3c70e	update proxy	2026-03-19 15:02:05 -07:00
finn	854b7a2338	update db helper	2026-03-19 14:52:24 -07:00
finn	901e5b29b6	add nc to network	2026-03-19 14:46:30 -07:00