Init Configuration

.gitignore

@@ -0,0 +1,5 @@
+.env
+psono/postgres
+psono/data
+searxng/data
+flame/

README.md

@@ -0,0 +1,10 @@
+# Cyperpunk Network Frontpage
+
+Just my personal Frontpage 
+
+A Stack consisting of:
+  - Psono (psono.cyperpunk.de)
+  - Flame ([home.]cyperpunk.de)
+  - Searxng (search.cyperpunk.de)
+  - Redis 
+  - Postgres

compose.yml

@@ -0,0 +1,70 @@
+name: Frontpage
+services:
+  psono-combo: 
+      image: psono/psono-combo:latest 
+      container_name: psono-combo
+      sysctls:
+          - net.core.somaxconn=65535
+      volumes:
+          - ./psono/settings.yaml:/root/.psono_server/settings.yaml
+          - ./psono/config.json:/usr/share/nginx/html/config.json
+          - ./psono/config.json:/usr/share/nginx/html/portal/config.json
+      restart: unless-stopped
+      ports:
+          - 10200:80
+  
+  redis:
+    image: redis:7-alpine
+    container_name: cache
+    restart: unless-stopped
+    command: redis-server --save 60 1
+    ports:
+      - 16379:6379 
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "1m"
+        max-file: "1"
+  
+  postgres:
+    image: postgres:latest
+    container_name: psono-postgres 
+    restart: unless-stopped
+    env_file: .env
+    ports:
+      - 15432:5432
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER} 
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB}
+    volumes:
+      - ./psono/postgres:/var/lib/postgresql/data
+  
+  searxng:
+    container_name: searxng
+    image: docker.io/searxng/searxng:latest
+    restart: unless-stopped
+    ports:
+      - 11080:8080
+    volumes:
+      - ./searxng/config:/etc/searxng:rw
+      - ./searxng/data:/var/cache/searxng:rw
+    environment:
+      - SEARXNG_BASE_URL=https://search.cyperpunk.de/
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "1m"
+        max-file: "1"
+
+  flame:
+    image: pawelmalak/flame:latest
+    container_name: flame
+    volumes:
+      - ./flame:/app/data
+      - /var/run/docker.sock:/var/run/docker.sock
+    ports:
+      - 15005:5005
+    environment:
+      - PASSWORD=1P2h3i4lon
+    restart: unless-stopped

psono/config.json

@@ -0,0 +1,16 @@
+{
+  "backend_servers": [{
+    "title": "Cyperpunk",
+    "url": "https://psono.cyperpunk.de/server"
+  }],
+  "base_url": "https://psono.cyperpunk.de/",
+  "allow_custom_server": true,
+  "allow_registration": true,
+  "allow_lost_password": true,
+  "disable_download_bar": false,
+  "remember_me_default": false,
+  "trust_device_default": false,
+  "authentication_methods": ["AUTHKEY"],
+  "saml_provider": []
+}
+

psono/settings.yaml

@@ -0,0 +1,155 @@
+# Replace the keys below with the one from the generateserverkeys command.
+SECRET_KEY: '6Z4L1SNcrPuPJJeff8gZWHphbbiBBxzOGVlMAxPydzO3do3klpoPQ9rolHNZq4ul'
+ACTIVATION_LINK_SECRET: 'olUFDCKHwxMx95ZQJxrGKMIIia8mIiv3kbcDAbV8ZureOJgFKnByaTY6QClRWoiJ'
+DB_SECRET: 'dgypWM7PC8BTQG005sFcItegyNpUhndzgFUvinGXfkrqow8zqoXhXIv2PBAffxdg'
+EMAIL_SECRET_SALT: '$2b$12$foCnH4K5jAEiRyk.9yaaG.'
+PRIVATE_KEY: '1fceda4ce2f1e3e4af4e3247730942bd0f010966606fa0c69098461c1597b601'
+PUBLIC_KEY: '5a1fc9b3b83cde17daa8654e539243fe5da09f76f36db97706d62be598015869'
+
+# The URL of the web client (path to e.g activate.html without the trailing slash)
+WEB_CLIENT_URL: 'https://psono.cyperpunk.de'
+
+# The number of proxies in your environment to parse the X-Forwarded-For header. The basic setup of Psono uses 2
+# reverse proxies, the regular one and one in the combo container. If you have additional Loadbalancers you may have
+# adjust this parameter.
+NUM_PROXIES: 2
+
+# The URL of the favicon service. You can
+# a) host an own favicon server
+# b) use a privacy friendly https://favicon.psono.com/v1/icon/
+# c) use any other provider, e.g. google's https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=128&url=http://
+# WARNING: The "first url filter" (e.g. domain or IP) configured for an entry will be sent to the service.
+#
+FAVICON_SERVICE_URL: 'https://favicon.psono.com/v1/icon/'
+
+# Switch DEBUG to false if you go into production
+DEBUG: False
+
+# Adjust this according to Django Documentation https://docs.djangoproject.com/en/2.2/ref/settings/
+ALLOWED_HOSTS: ['*']
+
+# Should be your domain without "www.". Will be the last part of the username
+ALLOWED_DOMAINS: ['cyperpunk.de']
+
+# If you want to disable registration, you can comment in the following line
+# ALLOW_REGISTRATION: False
+
+# If you want to disable the lost password functionality, you can comment in the following line
+# ALLOW_LOST_PASSWORD: False
+
+# If you want to enforce that the email address and username needs to match upon registration
+# ENFORCE_MATCHING_USERNAME_AND_EMAIL: False
+
+# If you want to restrict registration to some email addresses you can specify here a list of domains to filter
+REGISTRATION_EMAIL_FILTER: ['beyerstedt-it.de', 'cyperpunk.de']
+
+# Should be the URL of the host under which the host is reachable
+# If you open the url and append /info/ to it you should have a text similar to {"info":"{\"version\": \"....}
+HOST_URL: 'https://psono.cyperpunk.de/server'
+
+# The email used to send emails, e.g. for activation
+# ATTENTION: If executed in a docker container, then "localhost" will resolve to the docker container, so
+# "localhost" will not work as host. Use the public IP or DNS record of the server.
+EMAIL_FROM: 'the-mail-for-for-example-useraccount-activations@test.com'
+EMAIL_HOST: 'smtp.example.com'
+EMAIL_HOST_USER: ''
+EMAIL_HOST_PASSWORD : ''
+EMAIL_PORT: 25
+EMAIL_SUBJECT_PREFIX: ''
+EMAIL_USE_TLS: False
+EMAIL_USE_SSL: False
+EMAIL_SSL_CERTFILE:
+EMAIL_SSL_KEYFILE:
+EMAIL_TIMEOUT: 10
+
+# If you have your own Yubico servers, you can specify here the urls as a list
+# YUBICO_API_URLS: ['https://api.yubico.com/wsapi/2.0/verify']
+
+# Cache enabled without belows Redis may lead to unexpected behaviour
+
+# Cache with Redis
+# By default you should use something different than database 0 or 1, e.g. 13 (default max is 16, can be configured in
+# redis.conf) possible URLS are:
+#    redis://[:password]@localhost:6379/0
+#    rediss://[:password]@localhost:6379/0
+#    unix://[:password]@/path/to/socket.sock?db=0
+CACHE_ENABLE: True
+CACHE_REDIS: True
+CACHE_REDIS_LOCATION: 'redis://192.168.2.2:16379/13'
+
+# Enables the management API, required for the psono-admin-client / admin portal (Default is set to False)
+MANAGEMENT_ENABLED: True
+
+# Enables the fileserver API, required for the psono-fileserver
+# FILESERVER_HANDLER_ENABLED: False
+
+# Enables files for the client
+# FILES_ENABLED: False
+
+# Allows that users can search for partial usernames
+# ALLOW_USER_SEARCH_BY_USERNAME_PARTIAL: True
+
+# Allows that users can search for email addresses too
+# ALLOW_USER_SEARCH_BY_EMAIL: True
+
+# Disables central security reports
+# DISABLE_CENTRAL_SECURITY_REPORTS: True
+
+# Configures a system wide DUO connection for all clients
+# DUO_INTEGRATION_KEY: ''
+# DUO_SECRET_KEY: ''
+# DUO_API_HOSTNAME: ''
+
+# If you are using the DUO proxy, you can configure here the necessary HTTP proxy
+# DUO_PROXY_HOST: 'the-ip-or-dns-name-goes-here'
+# DUO_PROXY_PORT: 80
+# DUO_PROXY_TYPE: 'CONNECT'
+# If your proxy requires specific headers you can also configure these here
+# DUO_PROXY_HEADERS: ''
+
+# Normally only one of the configured second factors needs to be solved. Setting this to True forces the client to solve all
+# MULTIFACTOR_ENABLED: True
+
+# Allows admins to limit the offered second factors in the client
+# ALLOWED_SECOND_FACTORS: ['yubikey_otp', 'google_authenticator', 'duo', 'webauthn', 'ivalt']
+
+# In case one wants to use iVALT, please add ivalt_secret_key. If you don't have then please write to ivat at 'support@ivalt.com'.
+# IVALT_SECRET_KEY: ''
+
+# Your Postgres Database credentials
+# ATTENTION: If executed in a docker container, then "localhost" will resolve to the docker container, so
+# "localhost" will not work as host. Use the public IP or DNS record of the server.
+DATABASES:
+    default:
+        'ENGINE': 'django.db.backends.postgresql_psycopg2'
+        'NAME': 'psono'
+        'USER': 'psono'
+        'PASSWORD': 'eMethaLmhoUSistALTIOUTiNeyOgREBA'
+        'HOST': '192.168.2.2'
+        'PORT': '15432'
+# for master / slave replication setup comment in the following (all reads will be redirected to the slave
+#    slave:
+#        'ENGINE': 'django.db.backends.postgresql_psycopg2'
+#        'NAME': 'YourPostgresDatabase'
+#        'USER': 'YourPostgresUser'
+#        'PASSWORD': 'YourPostgresPassword'
+#        'HOST': 'YourPostgresHost'
+#        'PORT': 'YourPostgresPort'
+
+# The path to the template folder can be "shadowed" if required later
+TEMPLATES: [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'DIRS': ['/root/psono/templates'],
+        'APP_DIRS': True,
+        'OPTIONS': {
+            'context_processors': [
+                'django.template.context_processors.debug',
+                'django.template.context_processors.request',
+                'django.contrib.auth.context_processors.auth',
+                'django.contrib.messages.context_processors.messages',
+            ],
+        },
+    },
+]
+

searxng/config/limiter.toml

@@ -0,0 +1,7 @@
+# This configuration file updates the default configuration file
+# See https://github.com/searxng/searxng/blob/master/searx/limiter.toml
+
+[botdetection.ip_limit]
+# activate advanced bot protection
+# enable this when running the instance for a public usage on the internet
+link_token = true

searxng/config/settings.yml

@@ -0,0 +1,11 @@
+# see https://docs.searxng.org/admin/settings/settings.html#settings-use-default-settings
+use_default_settings: true
+server:
+  # base_url is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml
+  secret_key: "f2e73ae3668a4f86c4c50a671770cde4e448a40404a1a29755ce3c9cf032142b"  # change this!
+  limiter: true  # enable this when running the instance for a public usage on the internet
+  image_proxy: true
+ui:
+  static_use_hash: true
+redis:
+  url: redis://redis:6379/0