DerGrumpf/frontpage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Init Configuration

Browse Source
This commit is contained in:
phil
2025-07-17 22:43:01 +02:00
parent 93ad0f99af
commit 34700fe504
7 changed files with 274 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored Normal file
View File

@@ -0,0 +1,5 @@
.env
psono/postgres
psono/data
searxng/data
flame/

10
README.md
View File

@@ -0,0 +1,10 @@
# Cyperpunk Network Frontpage
Just my personal Frontpage
A Stack consisting of:
- Psono (psono.cyperpunk.de)
- Flame ([home.]cyperpunk.de)
- Searxng (search.cyperpunk.de)
- Redis
- Postgres

70
compose.yml Normal file
View File

@@ -0,0 +1,70 @@
name: Frontpage
services:
psono-combo:
image: psono/psono-combo:latest
container_name: psono-combo
sysctls:
- net.core.somaxconn=65535
volumes:
- ./psono/settings.yaml:/root/.psono_server/settings.yaml
- ./psono/config.json:/usr/share/nginx/html/config.json
- ./psono/config.json:/usr/share/nginx/html/portal/config.json
restart: unless-stopped
ports:
- 10200:80
redis:
image: redis:7-alpine
container_name: cache
restart: unless-stopped
command: redis-server --save 60 1
ports:
- 16379:6379
logging:
driver: "json-file"
options:
max-size: "1m"
max-file: "1"
postgres:
image: postgres:latest
container_name: psono-postgres
restart: unless-stopped
env_file: .env
ports:
- 15432:5432
environment:
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_DB=${POSTGRES_DB}
volumes:
- ./psono/postgres:/var/lib/postgresql/data
searxng:
container_name: searxng
image: docker.io/searxng/searxng:latest
restart: unless-stopped
ports:
- 11080:8080
volumes:
- ./searxng/config:/etc/searxng:rw
- ./searxng/data:/var/cache/searxng:rw
environment:
- SEARXNG_BASE_URL=https://search.cyperpunk.de/
logging:
driver: "json-file"
options:
max-size: "1m"
max-file: "1"
flame:
image: pawelmalak/flame:latest
container_name: flame
volumes:
- ./flame:/app/data
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 15005:5005
environment:
- PASSWORD=1P2h3i4lon
restart: unless-stopped

16
psono/config.json Normal file
View File

@@ -0,0 +1,16 @@
{
"backend_servers": [{
"title": "Cyperpunk",
"url": "https://psono.cyperpunk.de/server"
}],
"base_url": "https://psono.cyperpunk.de/",
"allow_custom_server": true,
"allow_registration": true,
"allow_lost_password": true,
"disable_download_bar": false,
"remember_me_default": false,
"trust_device_default": false,
"authentication_methods": ["AUTHKEY"],
"saml_provider": []
}

155
psono/settings.yaml Normal file
View File

@@ -0,0 +1,155 @@
# Replace the keys below with the one from the generateserverkeys command.
SECRET_KEY: '6Z4L1SNcrPuPJJeff8gZWHphbbiBBxzOGVlMAxPydzO3do3klpoPQ9rolHNZq4ul'
ACTIVATION_LINK_SECRET: 'olUFDCKHwxMx95ZQJxrGKMIIia8mIiv3kbcDAbV8ZureOJgFKnByaTY6QClRWoiJ'
DB_SECRET: 'dgypWM7PC8BTQG005sFcItegyNpUhndzgFUvinGXfkrqow8zqoXhXIv2PBAffxdg'
EMAIL_SECRET_SALT: '$2b$12$foCnH4K5jAEiRyk.9yaaG.'
PRIVATE_KEY: '1fceda4ce2f1e3e4af4e3247730942bd0f010966606fa0c69098461c1597b601'
PUBLIC_KEY: '5a1fc9b3b83cde17daa8654e539243fe5da09f76f36db97706d62be598015869'
# The URL of the web client (path to e.g activate.html without the trailing slash)
WEB_CLIENT_URL: 'https://psono.cyperpunk.de'
# The number of proxies in your environment to parse the X-Forwarded-For header. The basic setup of Psono uses 2
# reverse proxies, the regular one and one in the combo container. If you have additional Loadbalancers you may have
# adjust this parameter.
NUM_PROXIES: 2
# The URL of the favicon service. You can
# a) host an own favicon server
# b) use a privacy friendly https://favicon.psono.com/v1/icon/
# c) use any other provider, e.g. google's https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=128&url=http://
# WARNING: The "first url filter" (e.g. domain or IP) configured for an entry will be sent to the service.
#
FAVICON_SERVICE_URL: 'https://favicon.psono.com/v1/icon/'
# Switch DEBUG to false if you go into production
DEBUG: False
# Adjust this according to Django Documentation https://docs.djangoproject.com/en/2.2/ref/settings/
ALLOWED_HOSTS: ['*']
# Should be your domain without "www.". Will be the last part of the username
ALLOWED_DOMAINS: ['cyperpunk.de']
# If you want to disable registration, you can comment in the following line
# ALLOW_REGISTRATION: False
# If you want to disable the lost password functionality, you can comment in the following line
# ALLOW_LOST_PASSWORD: False
# If you want to enforce that the email address and username needs to match upon registration
# ENFORCE_MATCHING_USERNAME_AND_EMAIL: False
# If you want to restrict registration to some email addresses you can specify here a list of domains to filter
REGISTRATION_EMAIL_FILTER: ['beyerstedt-it.de', 'cyperpunk.de']
# Should be the URL of the host under which the host is reachable
# If you open the url and append /info/ to it you should have a text similar to {"info":"{\"version\": \"....}
HOST_URL: 'https://psono.cyperpunk.de/server'
# The email used to send emails, e.g. for activation
# ATTENTION: If executed in a docker container, then "localhost" will resolve to the docker container, so
# "localhost" will not work as host. Use the public IP or DNS record of the server.
EMAIL_FROM: 'the-mail-for-for-example-useraccount-activations@test.com'
EMAIL_HOST: 'smtp.example.com'
EMAIL_HOST_USER: ''
EMAIL_HOST_PASSWORD : ''
EMAIL_PORT: 25
EMAIL_SUBJECT_PREFIX: ''
EMAIL_USE_TLS: False
EMAIL_USE_SSL: False
EMAIL_SSL_CERTFILE:
EMAIL_SSL_KEYFILE:
EMAIL_TIMEOUT: 10
# If you have your own Yubico servers, you can specify here the urls as a list
# YUBICO_API_URLS: ['https://api.yubico.com/wsapi/2.0/verify']
# Cache enabled without belows Redis may lead to unexpected behaviour
# Cache with Redis
# By default you should use something different than database 0 or 1, e.g. 13 (default max is 16, can be configured in
# redis.conf) possible URLS are:
# redis://[:password]@localhost:6379/0
# rediss://[:password]@localhost:6379/0
# unix://[:password]@/path/to/socket.sock?db=0
CACHE_ENABLE: True
CACHE_REDIS: True
CACHE_REDIS_LOCATION: 'redis://192.168.2.2:16379/13'
# Enables the management API, required for the psono-admin-client / admin portal (Default is set to False)
MANAGEMENT_ENABLED: True
# Enables the fileserver API, required for the psono-fileserver
# FILESERVER_HANDLER_ENABLED: False
# Enables files for the client
# FILES_ENABLED: False
# Allows that users can search for partial usernames
# ALLOW_USER_SEARCH_BY_USERNAME_PARTIAL: True
# Allows that users can search for email addresses too
# ALLOW_USER_SEARCH_BY_EMAIL: True
# Disables central security reports
# DISABLE_CENTRAL_SECURITY_REPORTS: True
# Configures a system wide DUO connection for all clients
# DUO_INTEGRATION_KEY: ''
# DUO_SECRET_KEY: ''
# DUO_API_HOSTNAME: ''
# If you are using the DUO proxy, you can configure here the necessary HTTP proxy
# DUO_PROXY_HOST: 'the-ip-or-dns-name-goes-here'
# DUO_PROXY_PORT: 80
# DUO_PROXY_TYPE: 'CONNECT'
# If your proxy requires specific headers you can also configure these here
# DUO_PROXY_HEADERS: ''
# Normally only one of the configured second factors needs to be solved. Setting this to True forces the client to solve all
# MULTIFACTOR_ENABLED: True
# Allows admins to limit the offered second factors in the client
# ALLOWED_SECOND_FACTORS: ['yubikey_otp', 'google_authenticator', 'duo', 'webauthn', 'ivalt']
# In case one wants to use iVALT, please add ivalt_secret_key. If you don't have then please write to ivat at 'support@ivalt.com'.
# IVALT_SECRET_KEY: ''
# Your Postgres Database credentials
# ATTENTION: If executed in a docker container, then "localhost" will resolve to the docker container, so
# "localhost" will not work as host. Use the public IP or DNS record of the server.
DATABASES:
default:
'ENGINE': 'django.db.backends.postgresql_psycopg2'
'NAME': 'psono'
'USER': 'psono'
'PASSWORD': 'eMethaLmhoUSistALTIOUTiNeyOgREBA'
'HOST': '192.168.2.2'
'PORT': '15432'
# for master / slave replication setup comment in the following (all reads will be redirected to the slave
# slave:
# 'ENGINE': 'django.db.backends.postgresql_psycopg2'
# 'NAME': 'YourPostgresDatabase'
# 'USER': 'YourPostgresUser'
# 'PASSWORD': 'YourPostgresPassword'
# 'HOST': 'YourPostgresHost'
# 'PORT': 'YourPostgresPort'
# The path to the template folder can be "shadowed" if required later
TEMPLATES: [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': ['/root/psono/templates'],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]

7
searxng/config/limiter.toml Normal file
View File

@@ -0,0 +1,7 @@
# This configuration file updates the default configuration file
# See https://github.com/searxng/searxng/blob/master/searx/limiter.toml
[botdetection.ip_limit]
# activate advanced bot protection
# enable this when running the instance for a public usage on the internet
link_token = true

11
searxng/config/settings.yml Normal file
View File

@@ -0,0 +1,11 @@
# see https://docs.searxng.org/admin/settings/settings.html#settings-use-default-settings
use_default_settings: true
server:
# base_url is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml
secret_key: "f2e73ae3668a4f86c4c50a671770cde4e448a40404a1a29755ce3c9cf032142b" # change this!
limiter: true # enable this when running the instance for a public usage on the internet
image_proxy: true
ui:
static_use_hash: true
redis:
url: redis://redis:6379/0