restructure services based on host machine

2024-01-06 01:33:42 +00:00
parent 350eee1ff0
commit f26bfb2063
49 changed files with 0 additions and 0 deletions
--- a/nuc/pihole/.env.example
+++ b/nuc/pihole/.env.example
@@ -0,0 +1,8 @@
+# DOMAIN_ROOT is the root domain that this service will register as with Traefik
+DOMAIN_ROOT=domain.tld
+
+# WEB_UI_PASSWORD is the password for the web ui interface.  If unset, it will be randomly generated and retrievable from the logs.
+WEB_UI_PASSWORD=password
+
+# TIMEZONE is the timezone you're set in
+TIMEZONE=America/New_York
--- a/nuc/pihole/docker-compose.yml
+++ b/nuc/pihole/docker-compose.yml
@@ -0,0 +1,35 @@
+version: "3"
+
+# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
+services:
+  pihole:
+    container_name: pihole
+    image: pihole/pihole:latest
+
+    ports:
+       - 53:53/udp
+
+    environment:
+      - TZ=${TIMEZONE}
+      - CORS_HOSTS=pihole.${DOMAIN_ROOT}
+      - DOMAIN_ROOT=${DOMAIN_ROOT}
+      - WEBPASSWORD=${WEB_UI_PASSWORD}
+
+    network_mode: host
+
+
+    # Volumes store your data between container upgrades
+    volumes:
+      - pihole-config_data:/etc/pihole
+      - pihole-dnsmasq_data:/etc/dnsmasq.d
+      - ./pihole-lighttpd.conf:/etc/lighttpd/lighttpd.conf
+    cap_add:
+      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
+
+    restart: unless-stopped
+
+volumes:
+  pihole-config_data:
+    external: true
+  pihole-dnsmasq_data:
+    external: true
--- a/nuc/pihole/pihole-lighttpd.conf
+++ b/nuc/pihole/pihole-lighttpd.conf
@@ -0,0 +1,54 @@
+server.modules = (
+	"mod_indexfile",
+	"mod_access",
+	"mod_alias",
+ 	"mod_redirect",
+)
+
+server.document-root        = "/var/www/html"
+server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
+server.errorlog             = "/var/log/lighttpd/error.log"
+server.pid-file             = "/run/lighttpd.pid"
+server.username             = "www-data"
+server.groupname            = "www-data"
+server.port                 = 8081
+
+# features
+#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
+server.feature-flags       += ("server.h2proto" => "enable")
+server.feature-flags       += ("server.h2c"     => "enable")
+server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
+#server.feature-flags       += ("server.graceful-restart-bg" => "enable")
+
+# strict parsing and normalization of URL for consistency and security
+# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
+# (might need to explicitly set "url-path-2f-decode" = "disable"
+#  if a specific application is encoding URLs inside url-path)
+server.http-parseopts = (
+  "header-strict"           => "enable",# default
+  "host-strict"             => "enable",# default
+  "host-normalize"          => "enable",# default
+  "url-normalize-unreserved"=> "enable",# recommended highly
+  "url-normalize-required"  => "enable",# recommended
+  "url-ctrls-reject"        => "enable",# recommended
+  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
+ #"url-path-2f-reject"      => "enable",
+  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
+ #"url-path-dotseg-reject"  => "enable",
+ #"url-query-20-plus"       => "enable",# consistency in query string
+)
+
+index-file.names            = ( "index.php", "index.html" )
+url.access-deny             = ( "~", ".inc" )
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+# default listening port for IPv6 falls back to the IPv4 port
+include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
+include_shell "/usr/share/lighttpd/create-mime.conf.pl"
+include "/etc/lighttpd/conf-enabled/*.conf"
+
+#server.compat-module-load   = "disable"
+server.modules += (
+	"mod_dirlisting",
+	"mod_staticfile",
+)