Initial commit

Mozart/base

@@ -0,0 +1,44 @@
+server {
+    listen 80;
+    listen 443;
+    server_name git.pyllr.nl www.git.pyllr.nl;
+
+    return 301 https://git.folkert-kevelam.nl$request_uri;
+}
+
+server {
+        server_name git.folkert-kevelam.nl www.git.folkert-kevelam.nl;
+
+        location / {
+                client_max_body_size 512M;
+                proxy_pass http://10.0.3.10:3000;
+                proxy_set_header Conectionn $http_connection;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/git.folkert-kevelam.nl/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/git.folkert-kevelam.nl/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+
+server {
+    if ($host = www.git.folkert-kevelam.nl) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    if ($host = git.folkert-kevelam.nl) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    server_name git.folkert-kevelam.nl www.git.folkert-kevelam.nl;
+    listen 80;
+    return 404; # managed by Certbot
+}

Mozart/fix_network.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/sh
+
+nft delete chain ip nat post
+nft delete chain ip nat pre
+nft delete chain ip6 nat pre
+nft delete chain ip6 nat post
+
+nft delete table ip nat
+nft delete table ip6 nat
+
+nft add table ip nat
+nft add chain ip nat post { type nat hook postrouting priority 0 \; }
+nft add chain ip nat pre { type nat hook prerouting priority 0 \; }
+
+nft add rule ip nat post ip saddr 10.0.3.1/24 oif enp1s0 masquerade
+
+nft add table ip6 nat
+nft add chain ip6 nat pre { type nat hook prerouting priority 0 \; }
+nft add chain ip6 nat post { type nat hook postrouting priority 0 \; }
+
+nft add rule ip6 nast post ip6 saddr fd96:d0e4:4979::/64 oif enp1s0 masquerade
+
+ip -6 addr add fd96:d0e4:4979://64 dev lxcbr0
+
+nft add rule ip nat pre ip daddr 116.203.17.85 tcp dport 10022 dnat to 10.0.3.1:22
+nft add rule ip nat pre ip daddr 116.203.17.85 tcp dport 22 dnat to 10.0.3.10:22
+nft add rule ip nat pre ip daddr 116.203.17.85 tcp dport 20022 dnat to 10.0.3.113:22
+nft add rule ip nat pre ip daddr 116.203.17.85 tcp dport 30022 dnat to 10.0.3.17:22
+
+nft add rule ip6 nat pre ip6 daddr 2a01:4f8:1c1b:89d2::2/64 tcp dport 10022 dnat to [fe80:9400:2ff:fefa:9ba6]:22
+nft add rule ip6 nat pre ip6 daddr 2a01:4f8:1c1b:89d2::2/64 tcp dport 22 dnat to [fd96:d0e4:4979::1]:22
+nft add rule ip6 nat pre ip6 daddr 2a01:4f8:1c1b:89d2::2/64 tcp dport 20022 dnat to [fd96:d0e4:4979::2]:22
+nft add rule ip6 nat pre ip6 daddr 2a01:4f8:1c1b:89d2::2/64 tcp dport 30022 dnat to [fd96:d0e4:4979::3]:22
+
+for i in /proc/sys/net/ipv6/conf/*; do
+    echo 1 > $i/forwarding
+done

Mozart/irc_1

@@ -0,0 +1,45 @@
+server {
+    listen 80;
+    listen 443;
+
+    server_name irc.pyllr.nl www.irc.pyllr.nl;
+
+    return 301 https://irc.folkert-kevelam.nl$request_uri;
+}
+
+server {
+    server_name irc.folkert-kevelam.nl www.irc.folkert-kevelam.nl;
+
+    location / {
+            proxy_pass http://10.0.3.113:9000;
+            proxy_set_header Conectionn $http_connection;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/irc.folkert-kevelam.nl/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/irc.folkert-kevelam.nl/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+
+server {
+    if ($host = www.irc.folkert-kevelam.nl) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    if ($host = irc.folkert-kevelam.nl) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    server_name irc.folkert-kevelam.nl www.irc.folkert-kevelam.nl;
+    listen 80;
+    return 404; # managed by Certbot
+}

Mozart/todo_1

@@ -0,0 +1,39 @@
+server {
+    listen 80;
+    listen 443;
+
+    server_name irc.pyllr.nl www.irc.pyllr.nl;
+
+    return 301 https://irc.folkert-kevelam.nl$request_uri;
+}
+
+server {
+        server_name todo.folkert-kevelam.nl www.todo.folkert-kevelam.nl;
+
+        location / {
+                proxy_pass http://10.0.3.17:3456;
+                client_max_body_size 20M;
+        }
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/todo.folkert-kevelam.nl/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/todo.folkert-kevelam.nl/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+
+server {
+    if ($host = www.todo.folkert-kevelam.nl) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    if ($host = todo.folkert-kevelam.nl) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+    server_name todo.folkert-kevelam.nl www.todo.folkert-kevelam.nl;
+    return 404; # managed by Certbot
+}