diff --git a/.gitignore b/.gitignore index 967a5e6..c04e1d7 100644 --- a/.gitignore +++ b/.gitignore @@ -16,6 +16,22 @@ config/wireguard/ *.crt *.pem +# Runtime-generated config files (machine-specific, generated at startup) +config/api/caddy/Caddyfile +config/api/calendar.json +config/api/cell_config.json +config/api/wireguard.json +config/api/webdav/webdav.conf +config/api/dhcp/ +config/caddy/Caddyfile +config/dhcp/dnsmasq.conf +config/dns/Corefile +config/mail/mailserver.env +config/mail/config/dovecot-quotas.cf +config/ntp/chrony.conf +config/radicale/ +config/webdav/users.passwd + # Logs *.log logs/ diff --git a/config/api/caddy/Caddyfile b/config/api/caddy/Caddyfile deleted file mode 100644 index 98b1b29..0000000 --- a/config/api/caddy/Caddyfile +++ /dev/null @@ -1,57 +0,0 @@ -{ - auto_https off -} - -# Main cell domain — no service-IP restriction needed -http://pic0.lan, http://172.20.0.2:80 { - handle /api/* { - reverse_proxy cell-api:3000 - } - handle /calendar* { - reverse_proxy cell-radicale:5232 - } - handle /files* { - reverse_proxy cell-filegator:8080 - } - handle /webmail* { - reverse_proxy cell-rainloop:8888 - } - handle { - reverse_proxy cell-webui:80 - } -} - -# Per-service virtual IPs — each gets its own IP so iptables can target them -http://calendar.lan, http://172.20.0.21:80 { - reverse_proxy cell-radicale:5232 -} - -http://files.lan, http://172.20.0.22:80 { - reverse_proxy cell-filegator:8080 -} - -http://mail.lan, http://webmail.lan, http://172.20.0.23:80 { - reverse_proxy cell-rainloop:8888 -} - -http://webdav.lan, http://172.20.0.24:80 { - reverse_proxy cell-webdav:80 -} - -http://api.lan { - reverse_proxy cell-api:3000 -} - -http://webui.lan { - reverse_proxy cell-webui:80 -} - -# Catch-all for direct IP / localhost -:80 { - handle /api/* { - reverse_proxy cell-api:3000 - } - handle { - reverse_proxy cell-webui:80 - } -} diff --git a/config/api/calendar.json b/config/api/calendar.json deleted file mode 100644 index 81fbc2e..0000000 --- a/config/api/calendar.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "port": 5233 -} \ No newline at end of file diff --git a/config/api/cell_config.json b/config/api/cell_config.json deleted file mode 100644 index 1a4a6a6..0000000 --- a/config/api/cell_config.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "_identity": { - "cell_name": "pic0", - "domain": "dec", - "ip_range": "172.20.0.0/16", - "wireguard_port": 51820 - }, - "_pending_restart": { - "needs_restart": false, - "changes": [], - "containers": [], - "network_recreate": false - }, - "calendar": { - "port": 5233 - }, - "wireguard": { - "port": 51820, - "address": "", - "private_key": "" - } -} \ No newline at end of file diff --git a/config/api/webdav/webdav.conf b/config/api/webdav/webdav.conf deleted file mode 100644 index 3fe6ffe..0000000 --- a/config/api/webdav/webdav.conf +++ /dev/null @@ -1,22 +0,0 @@ -# WebDAV configuration for Personal Internet Cell -[global] -# WebDAV server settings -port = 8080 -host = 0.0.0.0 -root = /var/lib/webdav - -# Authentication -auth_type = basic -auth_file = /etc/webdav/users - -# SSL/TLS settings -ssl = no -ssl_cert = /etc/ssl/certs/webdav.crt -ssl_key = /etc/ssl/private/webdav.key - -# Logging -log_level = info -log_file = /var/log/webdav.log - -# File permissions -umask = 022 diff --git a/config/caddy/Caddyfile b/config/caddy/Caddyfile deleted file mode 100644 index 22cbd0b..0000000 --- a/config/caddy/Caddyfile +++ /dev/null @@ -1,57 +0,0 @@ -{ - auto_https off -} - -# Main cell domain — no service-IP restriction needed -http://pic0.dec, http://172.20.0.2:80 { - handle /api/* { - reverse_proxy cell-api:3000 - } - handle /calendar* { - reverse_proxy cell-radicale:5232 - } - handle /files* { - reverse_proxy cell-filegator:8080 - } - handle /webmail* { - reverse_proxy cell-rainloop:8888 - } - handle { - reverse_proxy cell-webui:80 - } -} - -# Per-service virtual IPs — each gets its own IP so iptables can target them -http://calendar.dec, http://172.20.0.21:80 { - reverse_proxy cell-radicale:5232 -} - -http://files.dec, http://172.20.0.22:80 { - reverse_proxy cell-filegator:8080 -} - -http://mail.dec, http://webmail.dec, http://172.20.0.23:80 { - reverse_proxy cell-rainloop:8888 -} - -http://webdav.dec, http://172.20.0.24:80 { - reverse_proxy cell-webdav:80 -} - -http://api.dec { - reverse_proxy cell-api:3000 -} - -http://webui.dec { - reverse_proxy cell-webui:80 -} - -# Catch-all for direct IP / localhost -:80 { - handle /api/* { - reverse_proxy cell-api:3000 - } - handle { - reverse_proxy cell-webui:80 - } -} diff --git a/config/dhcp/dnsmasq.conf b/config/dhcp/dnsmasq.conf deleted file mode 100644 index 928afd9..0000000 --- a/config/dhcp/dnsmasq.conf +++ /dev/null @@ -1,32 +0,0 @@ -# Personal Internet Cell - dnsmasq Configuration -# Provides DHCP and local DNS resolution - -# Interface to listen on -interface=eth0 -bind-interfaces - -# DHCP configuration -dhcp-range=172.20.1.50,172.20.1.150,12h -dhcp-option=3,172.20.0.1 # Gateway -dhcp-option=6,172.20.0.2 # DNS server -dhcp-option=42,172.20.0.4 # NTP server - -# DNS configuration -port=53 -domain=local.cell -expand-hosts -local=/local.cell/ - -# DNS forwarding -server=8.8.8.8 -server=1.1.1.1 - -# Cache size -cache-size=1000 - -# Logging -log-queries -log-dhcp - -# Static leases (optional) -# dhcp-host=00:11:22:33:44:55,192.168.1.100,mydevice \ No newline at end of file diff --git a/config/dns/Corefile b/config/dns/Corefile deleted file mode 100644 index 74bf426..0000000 --- a/config/dns/Corefile +++ /dev/null @@ -1,12 +0,0 @@ -. { - forward . 8.8.8.8 1.1.1.1 - cache - log - health -} - -dec { - file /data/dec.zone - log -} - diff --git a/config/mail/config/dovecot-quotas.cf b/config/mail/config/dovecot-quotas.cf deleted file mode 100644 index e69de29..0000000 diff --git a/config/mail/mailserver.env b/config/mail/mailserver.env deleted file mode 100644 index 56c8f47..0000000 --- a/config/mail/mailserver.env +++ /dev/null @@ -1,3 +0,0 @@ -OVERRIDE_HOSTNAME=mail.cell.local -POSTMASTER_ADDRESS=admin@cell.local -LOG_LEVEL=warn diff --git a/config/ntp/chrony.conf b/config/ntp/chrony.conf deleted file mode 100644 index 9fd6540..0000000 --- a/config/ntp/chrony.conf +++ /dev/null @@ -1,24 +0,0 @@ -# Personal Internet Cell - chrony Configuration -# Provides NTP time synchronization - -# Allow NTP client access from local network -allow 172.20.0.0/16 -allow 127.0.0.1 - -# NTP servers to sync with -server time.google.com iburst -server time.cloudflare.com iburst -server pool.ntp.org iburst - -# Local stratum for this server -local stratum 10 - -# Key file for authentication (optional) -# keyfile /etc/chrony/chrony.keys - -# Drift file -driftfile /var/lib/chrony/drift - -# Make chrony work as a server -port 123 -bindaddress 0.0.0.0 \ No newline at end of file diff --git a/config/webdav/users.passwd b/config/webdav/users.passwd deleted file mode 100644 index e69de29..0000000