maksim/Gipat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update gipat

Browse Source
This commit is contained in:
Maksim Pankov
2025-11-01 15:12:25 +00:00
parent 4708cb0f5b
commit 440e140618
9 changed files with 137 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
services/homeassist/.gitignore vendored Normal file
View File

19
services/homeassist/configuration.example.yaml Normal file
View File

@@ -0,0 +1,19 @@
http:
# For extra security set this to only accept connections on localhost if NGINX is on the same machine
# Uncommenting this will mean that you can only reach Home Assistant using the proxy, not directly via IP from other clients.
# server_host: 127.0.0.1
use_x_forwarded_for: true
# You must set the trusted proxy IP address so that Home Assistant will properly accept connections
# Set this to your NGINX machine IP, or localhost if hosted on the same machine.
trusted_proxies: 192.168.0.101
# Loads default set of integrations. Do not remove.
default_config:
# Load frontend themes from the themes folder
frontend:
themes: !include_dir_merge_named themes
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml

11
services/homeassist/docker-compose.yaml Normal file
View File

@@ -0,0 +1,11 @@
services:
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
volumes:
- /data/services/homeassistant:/config
- /etc/localtime:/etc/localtime:ro
- /run/dbus:/run/dbus:ro
restart: unless-stopped
privileged: true
network_mode: host

23
services/ingress/home-kush.conf Normal file
View File

@@ -0,0 +1,23 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name home-kush.maksim-pankov.ru;
location / {
proxy_pass http://192.168.0.101:8123/;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/home-kush.maksim-pankov.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/home-kush.maksim-pankov.ru/privkey.pem; # managed by Certbot
}

11
services/ingress/nextcloud.conf
View File

@@ -2,12 +2,17 @@ server {
server_name cloud.maksim-pankov.ru;
location / {
proxy_pass http://gipat:5002/;
sub_filter "http://gipat:5002/" "https://cloud.maksim-pankov.ru/";
sub_filter "http://gipat:5002/" "https://cloud.maksim-pankov.ru/";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
client_max_body_size 0;
}
listen 443 ssl; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cloud.maksim-pankov.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cloud.maksim-pankov.ru/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
@@ -25,4 +30,4 @@ server {
return 404; # managed by Certbot
}
}

38
services/ingress/signaling.conf Normal file
View File

@@ -0,0 +1,38 @@
server {
server_name signaling.maksim-pankov.ru;
location / {
proxy_pass http://gipat:1988/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# proxy_read_timeout 86400;
client_max_body_size 0;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/signaling.maksim-pankov.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/signaling.maksim-pankov.ru/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = signaling.maksim-pankov.ru) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name signaling.maksim-pankov.ru;
listen 80;
return 404; # managed by Certbot
}

1
services/nextcloud/docker-compose.yml
View File

@@ -12,5 +12,6 @@ services:
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=qw6MGQcaMkvG8sR9yVsU
- PHP_OPCACHE_MEMORY_CONSUMPTION=256
- PHP_UPLOAD_LIMIT=16G

17
services/signaling/docker-compose.yaml Normal file
View File

@@ -0,0 +1,17 @@
services:
spreedbackend:
image: ghcr.io/nextcloud-releases/aio-talk:latest
environment:
NC_DOMAIN: cloud.maksim-pankov.ru
TALK_HOST: signaling.maksim-pankov.ru
TALK_PORT: 3478
TURN_SECRET: 928fa222f9c9d29b1bd25d968d81f9048716c7f69ea2d6592a4314768672e900
SIGNALING_SECRET: aed7780401fbc4a0f41584d594af16a1b8f2e7a53f71f157ce709079f0ab39a4
INTERNAL_SECRET: af887e5e85214e91b459ee82f62a0f57fcb30c8ecd0bca8641084d048644ac41
ports:
- 1988:8081
- 3478:3478/tcp
- 3478:3478/udp
# network_mode: host
restart: unless-stopped

20
services/turn/docker-compose.yaml Normal file
View File

@@ -0,0 +1,20 @@
services:
coturn:
image: coturn/coturn
command:
- "--realm"
- "cloud.maksim-pankov.ru"
- "--no-stdout-log"
- "--log-file"
- "stdout"
- "--stale-nonce=600"
# - "--use-auth-secret"
# - "--lt-cred-mech"
- "--fingerprint"
- "--no-software-attribute"
- "--no-multicast-peers"
environment:
DETECT_EXTERNAL_IP: yes
DETECT_RELAY_IP: yes
STATIC_AUTH_SECRET: fd838fd0efa4b53f243398e658dc55d7
network_mode: host