Initial commit

linode/web/docker-compose.yml

@@ -0,0 +1,52 @@
+version: "3.8"
+services:
+  swag:
+    image: ghcr.io/linuxserver/swag
+    container_name: swag-proxy
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=America/Denver
+      - URL=alexmickelson.guru
+      - SUBDOMAINS=wildcard
+      - VALIDATION=dns
+      - DNSPLUGIN=cloudflare
+    volumes:
+      - ./nginx/default.conf:/config/nginx/site-confs/default
+      - /data/swag:/config
+      - /var/www/html:/var/www/html:ro
+    ports:
+      - 443:443
+      - 80:80 #optional
+    restart: unless-stopped
+    networks:
+      linode-web:
+      proxy:
+
+  pihole:
+    container_name: pihole
+    image: pihole/pihole
+    ports:
+      - 0.0.0.0:53:53/tcp
+      - 0.0.0.0:53:53/udp
+      # - 67:67/udp # dhcp
+        #- "80:80/tcp"
+    environment:
+      TZ: 'America/Denver'
+      VIRTUAL_HOST: alexmickelson.guru
+      WEBPASSWORD: chaos-concise-nickname
+    volumes:
+      - /data/pihole/etc-pihole/:/etc/pihole/
+      - /data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/
+    cap_add:
+      - NET_ADMIN
+    restart: unless-stopped
+    networks:
+      linode-web:
+
+networks: 
+  linode-web:
+  proxy:
+    external: true

linode/web/nginx/default.conf

@@ -0,0 +1,58 @@
+error_page 502 /502.html;
+
+
+server {
+  listen 80 default_server;
+  listen [::]:80 default_server;
+  server_name _;
+  return 301 https://$host$request_uri;
+}
+
+server {
+  listen 443 ssl http2 default_server;
+  listen [::]:443 ssl http2 default_server;
+  include /config/nginx/ssl.conf;
+  include /config/nginx/proxy.conf;
+  include /config/nginx/resolver.conf;
+
+  root /var/www/html;
+  index index.html index.htm index.php;
+
+  server_name alexmickelson.guru;
+
+  location /admin/ {
+    rewrite /(.*) /$1 break;
+    proxy_pass http://pihole;
+    proxy_set_header Host $http_host;
+
+    # allow 172.18.0.0/24;
+    # deny all;
+  }
+  location / {
+    try_files $uri $uri/ /index.html;
+    allow all;
+  }
+  # allow 172.18.0.0/24;
+  # deny all;
+}
+
+# server {
+#   listen 443 ssl http2;
+#   listen [::]:443 ssl http2;
+#   include /config/nginx/ssl.conf;
+#   include /config/nginx/proxy.conf;
+#   include /config/nginx/resolver.conf;
+
+#   root /config/www;
+#   index index.html index.htm index.php;
+
+#   server_name wg.alexmickelson.guru;
+
+#   location / {
+#     proxy_pass http://wireguard-web:51821/;
+#   }
+#   allow 172.18.0.0/24;
+#   deny all;
+# }
+
+proxy_cache_path cache/ keys_zone=auth_cache:10m;

linode/wireguard/docker-compose.yml

@@ -0,0 +1,35 @@
+version: "3.8"
+services:
+  wg-easy:
+    environment:
+      - WG_HOST=45.79.102.212
+      - WG_DEFAULT_ADDRESS=10.11.0.x
+      - WG_ALLOWED_IPS=0.0.0.0/0, ::/0
+      - WG_PERSISTENT_KEEPALIVE=25
+      - WG_DEFAULT_DNS=45.79.102.212
+      # - WG_PORT=51820
+    env_file:
+      - ./wg-easy.env
+    image: weejewel/wg-easy
+    container_name: wireguard-web
+    volumes:
+      - /data/wireguard:/etc/wireguard
+    ports:
+      - 51820:51820/udp
+      - 51821:51821/tcp
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+    networks:
+      default:
+      proxy:
+
+networks:
+  default:
+
+  proxy:
+    external: true