From 1cd2810480b57f75adf19246e4ac9c0858942a40 Mon Sep 17 00:00:00 2001
From: Maksim Pankov <nekota@yandex.ru>
Date: Sun, 20 Jul 2025 13:15:46 +0000
Subject: [PATCH] update

---
 services/docker-registry/docker-compose.yaml  |  2 +-
 services/gitea/docker-compose.yml             |  2 +-
 services/ingress-rtmp/stream.nginx.conf       | 31 +++++--
 services/ingress/auth.conf                    |  4 +-
 services/ingress/media.conf                   | 90 +++++++++++++++++++
 services/ingress/site.conf                    |  8 +-
 services/ingress/stream.nginx.conf            | 33 +++++++
 services/nextcloud/BACKUP.adoc                | 14 ++-
 services/nextcloud/data/config/config.php     |  6 +-
 services/nextcloud/docker-compose.yml         |  6 +-
 services/pigallery/docker-compose.yml         |  4 +-
 .../transmission/data/config/settings.json    |  2 +-
 services/transmission/docker-compose.yml      |  8 +-
 13 files changed, 176 insertions(+), 34 deletions(-)
 create mode 100644 services/ingress/media.conf
 create mode 100644 services/ingress/stream.nginx.conf

diff --git a/services/docker-registry/docker-compose.yaml b/services/docker-registry/docker-compose.yaml
index d3ae817..0f96414 100644
--- a/services/docker-registry/docker-compose.yaml
+++ b/services/docker-registry/docker-compose.yaml
@@ -11,4 +11,4 @@ services:
       REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
     volumes:
       - ./auth:/auth
-      - /mnt/Teka2/docker-registry:/data
+      - /data/services/docker-registry:/data
diff --git a/services/gitea/docker-compose.yml b/services/gitea/docker-compose.yml
index 3ec5150..5cc084b 100644
--- a/services/gitea/docker-compose.yml
+++ b/services/gitea/docker-compose.yml
@@ -23,7 +23,7 @@ services:
     networks:
       - gitea
     volumes:
-      - /mnt/Teka2/gitea-data:/data
+      - /data/services/gitea-data:/data
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     ports:
diff --git a/services/ingress-rtmp/stream.nginx.conf b/services/ingress-rtmp/stream.nginx.conf
index 1c0ddb6..8251694 100644
--- a/services/ingress-rtmp/stream.nginx.conf
+++ b/services/ingress-rtmp/stream.nginx.conf
@@ -1,15 +1,28 @@
+# rtmp_auto_push on;
 server {
     listen 1935;
 
-    # chunk_size 4096;
+    chunk_size 4096;
 
-    application stream {
+    application phone_c701cb2f_5843_4979_9d39_01f4563e4980 {
         live on;
-
-        # recorder rec1 {
-        #                 record all;
-        #                 record_path /var/rec;
-        #                 record_unique on;
-        #             }
+        record off;
+        allow publish all;
+        allow play all; 
     }
-}
\ No newline at end of file
+
+    application gopro_c701cb2f_5843_4979_9d39_01f4563e4980 {
+        live on;
+        record off;
+        allow publish all;
+        allow play all; 
+    }
+
+#    application live {
+#        live on;
+#        record off;
+#        deny play all;
+#        dash on;
+#        dash_path /mnt/Teka2/live-data/stream/;
+#    }
+}
diff --git a/services/ingress/auth.conf b/services/ingress/auth.conf
index fd00343..1e0eb43 100644
--- a/services/ingress/auth.conf
+++ b/services/ingress/auth.conf
@@ -23,9 +23,9 @@ server {
     } # managed by Certbot
 
 
-    listen 80;
 	server_name auth.maksim-pankov.ru;
+    listen 80;
     return 404; # managed by Certbot
 
 
-}
+}
\ No newline at end of file
diff --git a/services/ingress/media.conf b/services/ingress/media.conf
new file mode 100644
index 0000000..24e98b4
--- /dev/null
+++ b/services/ingress/media.conf
@@ -0,0 +1,90 @@
+server {
+    server_name media.maksim-pankov.ru;
+    set $webdav_root "/mnt/Teka1/media_data";
+
+    location / {
+	root		$webdav_root;
+	error_page	599 = @propfind_handler;
+	error_page	598 = @delete_handler;
+
+	chunked_transfer_encoding	on;
+	open_file_cache	off;
+	client_max_body_size		5g;
+	add_header	Allow 'OPTIONS, GET, HEAD, PROPFIND';
+
+	if ($request_method = PROPFIND) {
+                return 599;
+        }
+
+	if ($request_method = PROPPATCH) { # Unsupported, allways return OK.
+		add_header	Content-Type 'text/xml';
+		return		207 '<?xml version="1.0"?><a:multistatus xmlns:a="DAV:"><a:response><a:propstat><a:status>HTTP/1.1 200 OK</a:status></a:propstat></a:response></a:multistatus>';
+	}
+
+	if ($request_method = MKCOL) { # Microsoft specific handle: add trailing slash.
+		rewrite ^(.*[^/])$ $1/;
+	}
+
+#	if ($request_method = DELETE) {
+#		return 598;
+#	}
+
+	if ($request_method = OPTIONS) {
+                add_header      Allow 'OPTIONS, GET, HEAD, PROPFIND, PROPPATCH, LOCK, UNLOCK';
+                add_header      DAV '1, 2';
+                return 200;
+        }
+
+	dav_ext_methods	OPTIONS;
+	
+	create_full_put_path on;
+        dav_access    user:r group:r all:r;
+	autoindex on;
+	charset utf-8;
+
+	auth_basic "Media Server";
+	auth_basic_user_file /etc/nginx/htpasswd;
+    }
+
+    location @propfind_handler {
+	internal;
+
+	open_file_cache	off;
+	if (!-e $webdav_root/$uri) { # Microsoft specific handle.
+		return 404;
+	}
+	root		$webdav_root;
+	dav_ext_methods	PROPFIND;
+     }
+
+     location @delete_handler {
+	internal;
+
+	open_file_cache	off;
+	if (-d $webdav_root/$uri) { # Add trailing slash to dirs.
+		rewrite ^(.*[^/])$ $1/;
+	}
+	root		$webdav_root;
+	dav_methods	DELETE;
+    }
+
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/media.maksim-pankov.ru/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/media.maksim-pankov.ru/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = media.maksim-pankov.ru) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    server_name media.maksim-pankov.ru;
+    listen 80;
+    return 404; # managed by Certbot
+
+
+}
diff --git a/services/ingress/site.conf b/services/ingress/site.conf
index 3716af5..bb742d7 100644
--- a/services/ingress/site.conf
+++ b/services/ingress/site.conf
@@ -10,8 +10,11 @@ server {
         alias /mnt/Teka2/site-data/;
     }
 
-    large_client_header_buffers 4 32k;
+    location /live-data/ { 
+        proxy_pass http://192.168.0.105:7788/;
+    }
 
+    large_client_header_buffers 4 32k;
 
 
     listen 443 ssl; # managed by Certbot
@@ -22,6 +25,7 @@ server {
 
 
 }
+
 server {
     if ($host = maksim-pankov.ru) {
         return 301 https://$host$request_uri;
@@ -33,4 +37,4 @@ server {
     return 404; # managed by Certbot
 
 
-}
\ No newline at end of file
+}
diff --git a/services/ingress/stream.nginx.conf b/services/ingress/stream.nginx.conf
new file mode 100644
index 0000000..51c4fa9
--- /dev/null
+++ b/services/ingress/stream.nginx.conf
@@ -0,0 +1,33 @@
+server {
+    
+    server_name stream.maksim-pankov.ru;
+
+    location /stats {
+        if ($request_method = "GET") {
+            add_header "Access-Control-Allow-Origin"  *;
+        }
+
+        rtmp_stat all;
+        # rtmp_stat_stylesheet /stat.xsl;
+    }
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/stream.maksim-pankov.ru/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/stream.maksim-pankov.ru/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}server {
+    if ($host = stream.maksim-pankov.ru) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    
+    server_name stream.maksim-pankov.ru;
+
+    listen 80;
+    return 404; # managed by Certbot
+
+
+}
\ No newline at end of file
diff --git a/services/nextcloud/BACKUP.adoc b/services/nextcloud/BACKUP.adoc
index 3eb1391..26ca0bf 100644
--- a/services/nextcloud/BACKUP.adoc
+++ b/services/nextcloud/BACKUP.adoc
@@ -1,5 +1,11 @@
-/mnt/Teka1/nextcloud:/var/www/html
+restore www-data dir
+chown -R www-data:www-data /data/services/nextcloud
+find ./nextcloud -type f -exec chmod 640 '{}' \;
+find ./nextcloud -type d -exec chmod 750 '{}' \;
 
-/mnt/Teka1/:/mnt/Teka1/
-/mnt/Teka2/:/mnt/Teka2/
-/mnt/Teka3/:/mnt/Teka3/
\ No newline at end of file
+===
+login redirect 303:
+chmod a+rwx /tmp inside docker as root
+
+====
+docker exec -it --user www-data nextcloud-app-1 php occ list
diff --git a/services/nextcloud/data/config/config.php b/services/nextcloud/data/config/config.php
index 02b4e6e..aad18ad 100644
--- a/services/nextcloud/data/config/config.php
+++ b/services/nextcloud/data/config/config.php
@@ -27,7 +27,7 @@ $CONFIG = array (
   'datadirectory' => '/var/www/html/data',
   'dbtype' => 'pgsql',
   'version' => '25.0.4.1',
-  'overwritehost' => 'skazochnik.spb.ru',
+  'overwritehost' => 'cloud.maksim-pankov.ru',
   'overwriteprotocol' => 'https',
   'dbname' => 'nextcloud',
   'dbhost' => '192.168.0.101',
@@ -42,5 +42,5 @@ $CONFIG = array (
   ),
   'maintenance' => false,
   'overwrite.cli.url' => 'https://gipat:5002',
-  'loglevel' => 2,
-);
\ No newline at end of file
+  'loglevel' => 0,
+);
diff --git a/services/nextcloud/docker-compose.yml b/services/nextcloud/docker-compose.yml
index 941795e..9e03996 100644
--- a/services/nextcloud/docker-compose.yml
+++ b/services/nextcloud/docker-compose.yml
@@ -3,10 +3,8 @@ services:
     image: "nextcloud"
     restart: always
     volumes:
-      - /mnt/Teka1/nextcloud:/var/www/html
-      - /mnt/Teka1/:/mnt/Teka1/
-      - /mnt/Teka2/:/mnt/Teka2/
-      - /mnt/Teka3/:/mnt/Teka3/
+      - /data/services/nextcloud:/var/www/html
+#      - /data/p2p/:/mnt/p2p/
     ports:
       - 5002:80
     environment:
diff --git a/services/pigallery/docker-compose.yml b/services/pigallery/docker-compose.yml
index 14126f4..fb7e25d 100644
--- a/services/pigallery/docker-compose.yml
+++ b/services/pigallery/docker-compose.yml
@@ -8,8 +8,8 @@ services:
     volumes:
       - "./config:/app/data/config"
       - "./db-data:/app/data/db"
-      - "/mnt/Teka2/photos:/app/data/images/photos:ro"
-      - "/mnt/Teka1/nextcloud/data/maksim/files/Автозагрузка/Camera:/app/data/images/autoload:ro"
+      - "/data/photos:/app/data/images/photos:ro"
+      - "/data/services/nextcloud/data/maksim/files/Автозагрузка/Camera:/app/data/images/autoload:ro"
       - "./tmp:/app/data/tmp"
     ports:
       - 7780:80
diff --git a/services/transmission/data/config/settings.json b/services/transmission/data/config/settings.json
index ef3bbd7..b911892 100644
--- a/services/transmission/data/config/settings.json
+++ b/services/transmission/data/config/settings.json
@@ -50,7 +50,7 @@
     "rpc-enabled": true,
     "rpc-host-whitelist": "",
     "rpc-host-whitelist-enabled": false,
-    "rpc-password": "{5df10b8d5ce87dc9599e117461688a7485e986f7LhkfMMb9",
+    "rpc-password": "{1db3d4c97d8d60ba8e56be621538afd953462aaazEoSb0N8",
     "rpc-port": 9091,
     "rpc-socket-mode": "0750",
     "rpc-url": "/transmission/",
diff --git a/services/transmission/docker-compose.yml b/services/transmission/docker-compose.yml
index 4ab4ef2..8832899 100644
--- a/services/transmission/docker-compose.yml
+++ b/services/transmission/docker-compose.yml
@@ -12,13 +12,11 @@ services:
       # - PEERPORT= #optional
       # - HOST_WHITELIST= #optional
     volumes:
-      - /mnt/Teka1/Videos:/mnt/Teka1/Videos
-      - /mnt/Teka2/Videos:/mnt/Teka2/Videos
-      - /mnt/Teka2/site-data:/mnt/Teka2/site-data
-      - /mnt/Share:/mnt/Share
+      - /data/p2p:/mnt/p2p
       - ./data/config:/config
     ports:
       - 9091:9091
       - 51413:51413
       - 51413:51413/udp
-    restart: always
+    restart: unless-stopped
+