files modified

production/bind9/bind/command.sh

@@ -44,7 +44,12 @@ $DOMAIN.        IN      TXT     \"google-site-verification=OGwhD4vhFpXHvQsbJinxA
 _dmarc                  IN      TXT     \"v=DMARC1;p=reject;rua=mailto:postmaster@$DOMAIN;pct=100;ruf=mailto:postmaster@$DOMAIN;sp=reject;aspf=s;adkim=s;ri=86400;fo=0;rf=afrf\"
 _dnsaddr                IN      TXT     \"dnsaddr=/ip4/82.223.3.135/tcp/4001/p2p/QmcLwDnTPuSuaBL6QyfPGWyrAjHZYonahiKPeYSAjcU25V\"
 _dnsaddr                IN      TXT     \"dnsaddr=/ip6/2001:ba0:1800:80e0::1/tcp/4001/p2p/QmcLwDnTPuSuaBL6QyfPGWyrAjHZYonahiKPeYSAjcU25V\"
-_dnslink                IN      TXT     \"dnslink=/ipns/QmcLwDnTPuSuaBL6QyfPGWyrAjHZYonahiKPeYSAjcU25V\"
+$DOMAIN.                IN      TXT     \"dnslink=/ipns/hatthieves.es\"
+_dnslink                IN      TXT     \"dnslink=/ipns/k2k4r8olq17uslpwyedjx5o0g5azfq8inmw0fp1jh0xqm9zrcho3p5zk\"
+_acme-challenge         IN      TXT     \"56ICipwdln5gLbl_s82sUQl_8NjxHJLkMrJmAeOVX9c\"
+_acme-challenge         IN      TXT     \"paSCs9dPonZOzoQETYyMDfc8cyATdeD4FZZXdXSRc6U\"
+_xmpp-client._tcp	IN	SRV	100 1 5222 xmpp.$DOMAIN.
+_xmpp-server._tcp	IN	SRV	100 1 5269 xmpp.$DOMAIN.
 $DKIM
 
 \$INCLUDE K$DOMAIN.+008+10060.key

production/elk/docker-compose.yml

@@ -2,7 +2,7 @@ version: '2'
 
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.8.1
     hostname: elasticsearch
     container_name: elasticsearch
     restart: always
@@ -31,7 +31,7 @@ services:
         ipv4_address: 172.1.0.101
 
   kibana:
-    image: docker.elastic.co/kibana/kibana:7.8.0
+    image: docker.elastic.co/kibana/kibana:7.8.1
     hostname: kibana
     container_name: kibana
     restart: always
@@ -45,7 +45,7 @@ services:
         ipv4_address: 172.1.0.102
     
   logstash:
-    image: docker.elastic.co/logstash/logstash:7.8.0
+    image: docker.elastic.co/logstash/logstash:7.8.1
     hostname: logstash
     container_name: logstash
     restart: always
@@ -64,7 +64,7 @@ services:
         ipv4_address: 172.1.0.103
     
 #  filebeat:
-#    image: docker.elastic.co/beats/filebeat:7.8.0
+#    image: docker.elastic.co/beats/filebeat:7.8.1
 #    hostname: filebeat
 #    container_name: filebeat
 #    restart: always

production/etherpad/etherpad/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:10-slim
+FROM node:12-slim
 RUN npm i -g npm
 RUN apt update && apt -y install git sudo && apt clean
 RUN git clone --depth 1 --branch master https://github.com/ether/etherpad-lite /etherpad

production/haraka-wildduck/docker-compose.yml

@@ -47,7 +47,7 @@ services:
             ipv4_address: 172.200.0.102
     
     mongo:
-        image: mongo
+        image: mongo:4.2
         hostname: mongo
         container_name: mongo
         restart: always

production/haraka-wildduck/haraka/config/aliases

@@ -11,7 +11,22 @@
   "root@hatthieves.es": {
     "action": "alias", "to": ["webmaster@hatthieves.es"]
   },
-  "@social.hatthieves.es": {
+  "@hatthieves.com": {
+    "action": "alias", "to": ["webmaster@hatthieves.es"]
+  },
+  "@hatthieves.co": {
+    "action": "alias", "to": ["webmaster@hatthieves.es"]
+  },
+  "@*.hatthieves.com": {
+    "action": "alias", "to": ["webmaster@hatthieves.es"]
+  },
+  "@*.hatthieves.co": {
+    "action": "alias", "to": ["webmaster@hatthieves.es"]
+  },
+  "@*.hatthieves.es": {
+    "action": "alias", "to": ["webmaster@hatthieves.es"]
+  },
+  "hola@hatthieves.es": {
     "action": "alias", "to": ["webmaster@hatthieves.es"]
   }
 }

production/haraka-wildduck/haraka/config/rcpt_to.in_host_list

@@ -1,2 +1,3 @@
 ;[main]
-host_list=hatthieves.es
+host_list=hatthieves.es,hatthieves.com,hatthieves.co
+host_list_regex=*.hatthieves.es,*.hatthieves.com,*.hatthieves.co

production/haraka-wildduck/webmail/config/default.toml

@@ -14,7 +14,7 @@ title="Wild Duck Mail - HatThieves.es"
     allowJoin=false
     enableSpecial=true # if true the allow creating addresses with special usernames
     # allowed domains for new addresses
-    domains=["hatthieves.es"]
+    domains=["hatthieves.es","hatthieves.com","hatthieves.co"]
     generalNotification=""
 
 [api]

production/haraka-wildduck/wildduck/Dockerfile

@@ -21,4 +21,4 @@ RUN npm i --production
 RUN npm i -S zonemta-wildduck zonemta-limiter
 WORKDIR /haraka
 RUN npm i
-RUN npm i -S haraka-plugin-wildduck haraka-plugin-rspamd haraka-plugin-limit haraka-plugin-karma haraka-plugin-redis haraka-plugin-mongodb
+RUN npm i -S haraka-plugin-wildduck@v1.28.1 haraka-plugin-rspamd haraka-plugin-limit haraka-plugin-karma haraka-plugin-redis haraka-plugin-mongodb

production/ipfs/data/config

@@ -106,7 +106,7 @@
       ]
     },
     "NoDNSLink": false,
-    "NoFetch": false,
+    "NoFetch": true,
     "PathPrefixes": [],
     "PublicGateways": {
       "ipfs.hatthieves.es": {

production/ipfs/docker-compose.yml

@@ -2,8 +2,8 @@ version: '2'
 
 services:
   ipfs:
-    image: ipfs/go-ipfs
-#    build: ./ipfs
+#    image: ipfs/go-ipfs
+    build: ./go-ipfs
     hostname: ipfs
     container_name: ipfs
     restart: always
@@ -11,7 +11,7 @@ services:
       - /bin/sh
       - /entrypoint.sh
     volumes:
-      - ./data:/data/ipfs
+      - ./data-ipfs:/data/ipfs
 #      - ./temp:/temp
 #      - /opt/docker/production/nms/media:/media:ro
       - /opt/docker/production/nginx/nginx/hls:/hls:ro
@@ -19,6 +19,7 @@ services:
 #      - /opt/docker/production/nms/media/live/streaming:/streaming:ro
       - ./entrypoint.sh:/entrypoint.sh:ro
 #      - ./ipfs/ipfs:/home/node/.ipfs
+#      - /opt/docker/production/webdav/webdav/public/ale/Elektor:/Elektor:ro
     expose:
       - 5001
       - 8080

production/mumble/docker-compose.yml

@@ -7,11 +7,12 @@ services:
     hostname: mumble
     container_name: mumble
     restart: always
-#    entrypoint:
-#      - murmurd
-#      - -fg
+    entrypoint:
+      - murmurd
+      - -fg
     volumes:
-      - ./data/mumble-server.ini:/etc/murmur/murmur.ini:ro
+#      - ./data/mumble-server.ini:/etc/murmur/murmur.ini:ro
+      - ./data/mumble-server.ini:/home/murmur/.murmurd/murmur.ini:ro
 #      - ./data/mumble-server.ini:/etc/mumble-server.ini:ro
       - /opt/docker/secure/privkey.pem:/etc/mumble-ssl/privkey.pem:ro
       - /opt/docker/secure/fullchain.pem:/etc/mumble-ssl/fullchain.pem:ro

production/nextcloud/docker-compose.yml

@@ -27,7 +27,7 @@ services:
         ipv4_address: 172.119.0.101
 
   mariadb-nextcloud:
-    image: mariadb
+    image: mariadb:10.5
     command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
     restart: always
     container_name: mariadb-nextcloud
@@ -49,4 +49,3 @@ networks:
     ipam:
       config:
       - subnet: 172.119.0.0/24
-

production/nginx/docker-compose.yml

@@ -81,6 +81,8 @@ services:
       doom:
       wtorrent:
       g-plv:
+      hatboy:
+      covid19map:
 
 networks:
   mynet:
@@ -238,3 +240,11 @@ networks:
   g-plv:
     external:
       name: gplv_mynet
+
+  hatboy:
+    external:
+      name: hatboy_mynet
+
+  covid19map:
+    external:
+      name: covid19map_mynet

production/nginx/nginx/conf.d/error.conf

@@ -1,7 +1,6 @@
-  error_page 404 /404.html;
-  error_page 500 /50x.html;
-  error_page 502 /50x.html;
-  error_page 503 /50x.html;
-  error_page 504 /50x.html;
+error_page 404 /404.html;
+error_page 500 /50x.html;
+error_page 502 /50x.html;
+error_page 503 /50x.html;
+error_page 504 /50x.html;
 #  error_page 404 500 502 503 504 =301 https://www.hatthieves.es;
-

production/nginx/nginx/conf.d/hatthieves.conf

@@ -21,7 +21,7 @@ server {
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;
 #  add_header Alt-Svc 'h3-25=":443"; ma=86400';
-  add_header alt-svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#  add_header alt-svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
 }
 
 server {
@@ -40,7 +40,7 @@ server {
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;
 #  add_header Alt-Svc 'h3-25=":443"; ma=86400';
-  add_header alt-svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#  add_header alt-svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   location / {
   return 301 https://www.hatthieves.es;
 #  rewrite ^/(.*)$ https://www.hatthieves.es/$1 permanent;
@@ -61,7 +61,7 @@ server {
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;
 #  add_header Alt-Svc 'h3-25=":443"; ma=86400';
-  add_header alt-svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#  add_header alt-svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   location / {
   return 301 https://www.hatthieves.es;
 #  rewrite ^/(.*)$ https://www.hatthieves.es/$1 permanent;

production/nginx/nginx/emitir.sh

@@ -2,8 +2,8 @@
 while [ True ]; do
   for i in $(cat "$1"); do
     ffmpeg -loglevel quiet -re -i async:cache:"$i" \
-      -threads 1 -async 1 -c:v libx264 -preset superfast -tune zerolatency -c:a aac -ar 44100 -f flv "$2" \
-      -threads 1 -async 1 -c:v libx264 -preset superfast -tune zerolatency -c:a aac -ar 44100 -f flv "$3"
+      -threads 1 -async 1 -c:v libx264 -preset superfast -tune zerolatency -c:a aac -ar 44100 -f flv "$2"
+#      -threads 1 -async 1 -c:v libx264 -preset superfast -tune zerolatency -c:a aac -ar 44100 -f flv "$3"
   done
 done
 

production/nginx/nginx/sites-available/bbb

@@ -13,7 +13,7 @@ server {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/chat

@@ -13,7 +13,7 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/codimd

@@ -12,6 +12,6 @@ server {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }

production/nginx/nginx/sites-available/crossposter

@@ -15,7 +15,7 @@ server {
      proxy_set_header Connection "Upgrade";
 #     proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/defaultdrop

@@ -30,7 +30,7 @@ server {
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 
 }

production/nginx/nginx/sites-available/dvwa

@@ -15,6 +15,6 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }

production/nginx/nginx/sites-available/elastic

@@ -15,7 +15,7 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/etherpad

@@ -11,7 +11,7 @@ server {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/familyark

@@ -13,6 +13,6 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }

production/nginx/nginx/sites-available/g-plv

@@ -15,6 +15,6 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }

production/nginx/nginx/sites-available/gitea

@@ -10,7 +10,7 @@ server {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_buffering off;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/glances

@@ -15,6 +15,6 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }

production/nginx/nginx/sites-available/hls

@@ -31,7 +31,7 @@ server {
     proxy_set_header Connection "Upgrade";
     proxy_buffering off;
     proxy_http_version 1.1;
-    add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#    add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
   location /live {
     alias /etc/nginx/live;
@@ -50,6 +50,6 @@ server {
     proxy_set_header Connection "Upgrade";
     proxy_buffering off;
     proxy_http_version 1.1;
-    add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#    add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }

production/nginx/nginx/sites-available/icecast2

@@ -3,7 +3,23 @@ server {
   listen [::]:443 ssl http2;
   server_name icecast.hatthieves.es music.hatthieves.es radio.hatthieves.es;
   client_max_body_size 2G;
-  location / {
+  location /style.css {
+     proxy_pass http://172.129.0.101:8000/style.css;
+     proxy_set_header X-Real-IP $remote_addr;
+     proxy_set_header Host $host;
+     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+     proxy_set_header X-Forwarded-Proto $scheme;
+     proxy_buffering off;
+  }
+  location /admin {
+     proxy_pass http://172.129.0.101:8000/admin;
+     proxy_set_header X-Real-IP $remote_addr;
+     proxy_set_header Host $host;
+     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+     proxy_set_header X-Forwarded-Proto $scheme;
+     proxy_buffering off;
+  }
+  location ~* \.(?:mp3|ogg|m3u|m3u8|xspf)$ {
      proxy_pass http://172.129.0.101:8000;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
@@ -11,5 +27,12 @@ server {
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_buffering off;
   }
+  location / {
+     proxy_pass http://172.129.0.102:3000;
+     proxy_set_header X-Real-IP $remote_addr;
+     proxy_set_header Host $host;
+     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+     proxy_set_header X-Forwarded-Proto $scheme;
+     proxy_buffering off;
+  }
 }
-

production/nginx/nginx/sites-available/igunublue

@@ -13,6 +13,6 @@ server {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }

production/nginx/nginx/sites-available/ipfs

@@ -14,7 +14,7 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
 #     add_header 'Access-Control-Allow-Origin' $http_origin;
 #     add_header 'Access-Control-Allow-Methods' '*';
 #     add_header 'Access-Control-Allow-Credentials' 'true';
@@ -32,7 +32,7 @@ server {
 #     proxy_set_header Connection "Upgrade";
 #     proxy_buffering off;
 #     proxy_http_version 1.1;
-#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+##     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
 #  }
   location /ipfs {
      proxy_pass http://172.105.0.101:8080/ipfs;
@@ -48,7 +48,7 @@ server {
 #     add_header 'Access-Control-Allow-Methods' '*';
 #     add_header 'Access-Control-Allow-Credentials' 'true';
 #     add_header 'Vary' 'Origin';
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
   location /ipns {
      proxy_pass http://172.105.0.101:8080/ipns;
@@ -64,7 +64,7 @@ server {
 #     add_header 'Access-Control-Allow-Methods' '*';
 #     add_header 'Access-Control-Allow-Credentials' 'true';
 #     add_header 'Vary' 'Origin';
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 #  location /p2p {
 #     proxy_pass http://172.105.0.101:4002;
@@ -76,7 +76,7 @@ server {
 #     proxy_set_header Connection "Upgrade";
 #     proxy_buffering off;
 #     proxy_http_version 1.1;
-#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+##     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
 #  }
 #  location /ws {
 #     proxy_pass http://172.105.0.101:8081;
@@ -88,7 +88,7 @@ server {
 #     proxy_set_header Connection "Upgrade";
 #     proxy_buffering off;
 #     proxy_http_version 1.1;
-#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+##     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
 #  }
 #  location /api {
 #     proxy_pass http://172.105.0.101:5001/ipfs/api/v0;
@@ -100,7 +100,7 @@ server {
 #     proxy_set_header Connection "Upgrade";
 #     proxy_buffering off;
 #     proxy_http_version 1.1;
-#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+##     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
 #     add_header Access-Control-Allow-Origin '*';
 #     add_header Access-Control-Allow-Methods '*';
 #  }

production/nginx/nginx/sites-available/jitsi

@@ -11,7 +11,7 @@ server {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/kanban

@@ -15,6 +15,6 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }

production/nginx/nginx/sites-available/kibana

@@ -15,7 +15,7 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/mastodon

@@ -15,7 +15,7 @@ server {
 #     proxy_set_header Connection "Upgrade";
 #     proxy_buffering off;
 #     proxy_http_version 1.1;
-#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+##     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
 #  }
 #  location /api/v1/streaming {
 #     proxy_set_header Host $host;
@@ -29,7 +29,7 @@ server {
 #     proxy_http_version 1.1;
 #     proxy_set_header Upgrade $http_upgrade;
 #     proxy_set_header Connection "Upgrade";
-#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+##     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
 #     tcp_nodelay on;
 #  }
 }

production/nginx/nginx/sites-available/meta

@@ -15,6 +15,6 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }

production/nginx/nginx/sites-available/mumble

@@ -12,7 +12,7 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/netdata

@@ -14,6 +14,6 @@ server {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }

production/nginx/nginx/sites-available/nextcloud

@@ -14,8 +14,12 @@ server {
      proxy_http_version 1.1;
      rewrite ^/\.well-known/carddav(.*)$ /remote.php/dav$1 redirect;
      rewrite ^/\.well-known/caldav(.*)$ /remote.php/dav$1 redirect;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+##     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+     add_header X-Frame-Options "";
+     add_header X-Download-Options "";
+     add_header X-Content-Type-Options "";
+     add_header X-Permitted-Cross-Domain-Policies "";
   }
 }
 

production/nginx/nginx/sites-available/p2p

@@ -11,7 +11,7 @@ server {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
      add_header 'Access-Control-Allow-Origin' $http_origin;
      add_header 'Access-Control-Allow-Methods' '*';
      add_header 'Access-Control-Allow-Credentials' 'true';
@@ -26,7 +26,7 @@ server {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/peertube

@@ -13,7 +13,7 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/pleroma

@@ -13,7 +13,7 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/pleroma-old

@@ -14,7 +14,7 @@ server {
 #     proxy_set_header Connection "Upgrade";
 #     proxy_buffering off;
 #     proxy_http_version 1.1;
-#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+##     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
 #  }
 }
 

production/nginx/nginx/sites-available/privatebin

@@ -13,7 +13,7 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/rocketchat

@@ -12,7 +12,7 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_http_version 1.1;
      proxy_buffering off;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/salva

@@ -13,6 +13,6 @@ server {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }

production/nginx/nginx/sites-available/tail

@@ -15,7 +15,7 @@ server {
 #     proxy_set_header Upgrade $http_upgrade;
 #     proxy_set_header Connection "Upgrade";
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
      http2_push_preload on;
      proxy_socket_keepalive on;
      proxy_connect_timeout 5m;

production/nginx/nginx/sites-available/theia

@@ -13,7 +13,7 @@ server {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/traefik

@@ -15,6 +15,6 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }

production/nginx/nginx/sites-available/video

@@ -11,7 +11,7 @@ server {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/voip

@@ -12,7 +12,7 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/webdav

@@ -12,7 +12,7 @@ server {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
      add_header 'Access-Control-Allow-Origin' $http_origin;
      add_header 'Access-Control-Allow-Methods' 'PUT, POST, GET, OPTIONS';    
      add_header 'Access-Control-Allow-Credentials' 'true';

production/nginx/nginx/sites-available/webmail

@@ -12,7 +12,7 @@ server {
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/nginx/nginx/sites-available/wordpress

@@ -14,6 +14,7 @@ server {
      proxy_set_header Connection 'Upgrade';
      proxy_buffering off;
      proxy_http_version 1.1;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+     add_header X-Frame-Options "";
   }
 }

production/nginx/nginx/sites-available/wtorrent

@@ -11,7 +11,7 @@ server {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
   location /ws {
      proxy_pass http://172.24.0.101:8888;
@@ -22,7 +22,7 @@ server {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
   location /tracker {
      proxy_pass http://172.24.0.101:8888;
@@ -33,7 +33,7 @@ server {
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_buffering off;
-     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
+#     add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600';
   }
 }
 

production/pleroma/docker-compose.yml

@@ -10,11 +10,12 @@ services:
 #      - /bin/sleep
 #      - infinity
     volumes:
-#      - ./pleroma/config:/etc/pleroma
       - ./pleroma/uploads:/var/lib/pleroma/uploads
-      - ./pleroma/config.exs:/etc/pleroma/config.exs:ro
-#      - ./pleroma/vm.args.eex:/pleroma/rel/vm.args.eex
+      - ./pleroma/config/config.exs:/etc/pleroma/config.exs:ro
+      - ./pleroma/config/prod.exs:/etc/pleroma/prod.exs:ro
       - ./pleroma/terms-of-service.html:/var/lib/pleroma/static/static/terms-of-service.html:ro
+#      - ./pleroma/config:/etc/pleroma
+#      - ./pleroma/vm.args.eex:/pleroma/rel/vm.args.eex
 #      - ./pleroma/emojis:/pleroma/priv/static/emoji/custom/images:ro
 #      - ./pleroma/images:/pleroma/priv/static/static/images:ro
 #      - ./pleroma/custom_emoji.txt:/pleroma/config/custom_emoji.txt:ro
@@ -33,7 +34,7 @@ services:
         ipv4_address: 172.2.0.101
 
   postgres:
-    image: postgres
+    image: postgres:12
     hostname: postgres-pleroma
     container_name: postgres-pleroma
     restart: always

production/pleroma/pleroma/config/config.exs

@@ -41,7 +41,7 @@
 #
 # This configuration file is loaded before any dependency and
 # is restricted to this project.
-use Mix.Config
+import Config
 
 # General application configuration
 config :pleroma, ecto_repos: [Pleroma.Repo]
@@ -97,6 +97,7 @@ config :pleroma, :uri_schemes,
     "dat",
     "dweb",
     "gopher",
+    "hyper",
     "ipfs",
     "ipns",
     "irc",
@@ -186,7 +187,9 @@ config :pleroma, :instance,
   notify_email: "noreply@example.com",
   description: "Pleroma: An efficient and flexible fediverse server",
   background_image: "/images/city.jpg",
+  instance_thumbnail: "/instance/thumbnail.jpeg",
   limit: 5_000,
+  description_limit: 5_000,
   chat_limit: 5_000,
   remote_limit: 100_000,
   upload_limit: 16_000_000,
@@ -202,6 +205,7 @@ config :pleroma, :instance,
   registrations_open: true,
   invites_enabled: false,
   account_activation_required: false,
+  account_approval_required: false,
   federating: true,
   federation_incoming_replies_max_depth: 100,
   federation_reachability_timeout_days: 7,
@@ -209,7 +213,6 @@ config :pleroma, :instance,
     Pleroma.Web.ActivityPub.Publisher
   ],
   allow_relay: true,
-  rewrite_policy: Pleroma.Web.ActivityPub.MRF.NoOpPolicy,
   public: true,
   quarantined_instances: [],
   managed_config: true,
@@ -220,13 +223,9 @@ config :pleroma, :instance,
     "text/markdown",
     "text/bbcode"
   ],
-  mrf_transparency: true,
-  mrf_transparency_exclusions: [],
   autofollowed_nicknames: [],
   max_pinned_statuses: 1,
   attachment_links: false,
-  welcome_user_nickname: nil,
-  welcome_message: nil,
   max_report_comment_size: 1000,
   safe_dm_mentions: false,
   healthcheck: false,
@@ -239,6 +238,7 @@ config :pleroma, :instance,
   max_remote_account_fields: 20,
   account_field_name_length: 512,
   account_field_value_length: 2048,
+  registration_reason_length: 500,
   external_user_synchronization: true,
   extended_nickname_format: true,
   cleanup_attachments: false,
@@ -252,6 +252,26 @@ config :pleroma, :instance,
       number: 5,
       length: 16
     ]
+  ],
+  show_reactions: true
+
+config :pleroma, :welcome,
+  direct_message: [
+    enabled: false,
+    sender_nickname: nil,
+    message: nil
+  ],
+  chat_message: [
+    enabled: false,
+    sender_nickname: nil,
+    message: nil
+  ],
+  email: [
+    enabled: false,
+    sender: nil,
+    subject: "Welcome to <%= instance_name %>",
+    html: "Welcome to <%= instance_name %>",
+    text: "Welcome to <%= instance_name %>"
   ]
 
 config :pleroma, :feed,
@@ -359,6 +379,7 @@ config :pleroma, :mrf_simple,
   federated_timeline_removal: [],
   report_removal: [],
   reject: [],
+  followers_only: [],
   accept: [],
   avatar_removal: [],
   banner_removal: [],
@@ -371,12 +392,16 @@ config :pleroma, :mrf_keyword,
 
 config :pleroma, :mrf_subchain, match_actor: %{}
 
+config :pleroma, :mrf_activity_expiration, days: 365
+
 config :pleroma, :mrf_vocabulary,
   accept: [],
   reject: []
 
+# threshold of 7 days
 config :pleroma, :mrf_object_age,
   threshold: 172_800,
+  threshold: 604_800,
   actions: [:delist, :strip_followers]
 
 config :pleroma, :rich_media,
@@ -406,6 +431,13 @@ config :pleroma, :media_proxy,
   ],
   whitelist: []
 
+config :pleroma, Pleroma.Web.MediaProxy.Invalidation.Http,
+  method: :purge,
+  headers: [],
+  options: []
+
+config :pleroma, Pleroma.Web.MediaProxy.Invalidation.Script, script_path: nil
+
 config :pleroma, :chat, enabled: true
 
 config :phoenix, :format_encoders, json: Jason
@@ -428,6 +460,11 @@ config :pleroma, Pleroma.Web.Metadata,
   ],
   unfurl_nsfw: false
 
+config :pleroma, Pleroma.Web.Preload,
+  providers: [
+    Pleroma.Web.Preload.Providers.Instance
+  ]
+
 config :pleroma, :http_security,
   enabled: true,
   sts: false,
@@ -480,13 +517,13 @@ config :pleroma, Pleroma.User,
     "user-search",
     "user_exists",
     "users",
-    "web"
+    "web",
+    "hatthieves"
   ]
 
 config :pleroma, Oban,
   repo: Pleroma.Repo,
-  verbose: false,
-  prune: {:maxlen, 1500},
+  log: false,
   queues: [
     activity_expiration: 10,
     federator_incoming: 50,
@@ -500,6 +537,7 @@ config :pleroma, Oban,
     attachments_cleanup: 5,
     new_users_digest: 1
   ],
+  plugins: [Oban.Plugins.Pruner],
   crontab: [
     {"0 0 * * *", Pleroma.Workers.Cron.ClearOauthTokenWorker},
     {"0 * * * *", Pleroma.Workers.Cron.StatsWorker},
@@ -525,6 +563,15 @@ config :auto_linker,
     rel: "ugc"
   ]
 
+config :pleroma, Pleroma.Formatter,
+  class: false,
+  rel: "ugc",
+  new_window: false,
+  truncate: false,
+  strip_prefix: false,
+  extra: true,
+  validate_tld: :no_scheme
+
 config :pleroma, :ldap,
   enabled: System.get_env("LDAP_ENABLED") == "true",
   host: System.get_env("LDAP_HOST") || "localhost",
@@ -598,7 +645,7 @@ config :pleroma, :oauth2,
 
 config :pleroma, :database, rum_enabled: false
 
-config :pleroma, :env, Mix.env()
+#config :pleroma, :env, Mix.env()
 
 config :http_signatures,
   adapter: Pleroma.Signature
@@ -622,6 +669,16 @@ config :pleroma, Pleroma.Plugs.RemoteIp, enabled: true
 
 config :pleroma, :static_fe, enabled: false
 
+# Example of frontend configuration
+# This example will make us serve the primary frontend from the
+# frontends directory within your `:pleroma, :instance, static_dir`.
+# e.g., instance/static/frontends/pleroma/develop/
+#
+# With no frontend configuration, the bundled files from the `static` directory will
+# be used.
+#
+# config :pleroma, :frontends, primary: %{"name" => "pleroma", "ref" => "develop"}
+
 config :pleroma, :web_cache_ttl,
   activity_pub: nil,
   activity_pub_question: 30_000
@@ -636,31 +693,40 @@ config :pleroma, Pleroma.Repo,
 
 config :pleroma, :connections_pool,
   checkin_timeout: 250,
+  reclaim_multiplier: 0.1,
+  connection_acquisition_wait: 250,
+  connection_acquisition_retries: 5,
   max_connections: 250,
   retry: 1,
   retry_timeout: 1000,
+  max_idle_time: 30_000,
+  retry: 0,
   await_up_timeout: 5_000
 
 config :pleroma, :pools,
   federation: [
     size: 50,
     max_overflow: 10,
-    timeout: 150_000
+    timeout: 150_000,
+    max_waiting: 10
   ],
   media: [
     size: 50,
     max_overflow: 10,
-    timeout: 150_000
+    timeout: 150_000,
+    max_waiting: 10
   ],
   upload: [
     size: 25,
     max_overflow: 5,
-    timeout: 300_000
+    timeout: 300_000,
+    max_waiting: 5
   ],
   default: [
     size: 10,
     max_overflow: 2,
-    timeout: 10_000
+    timeout: 10_000,
+    max_waiting: 2
   ]
 
 config :pleroma, :hackney_pools,
@@ -684,7 +750,17 @@ config :pleroma, :restrict_unauthenticated,
 
 config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: false
 
+config :pleroma, :mrf,
+  policies: Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy,
+  transparency: true,
+  transparency_exclusions: []
+
+config :tzdata, :http_client, Pleroma.HTTP.Tzdata
+
+config :ex_aws, http_client: Pleroma.HTTP.ExAws
+
+config :pleroma, :instances_favicons, enabled: false
+
 # Import environment specific config. This must remain at the bottom
 # of this file so it overrides the configuration defined above.
-import_config "#{Mix.env()}.exs"
-
+import_config "prod.exs"

production/pleroma/pleroma/config/prod.exs

@@ -3,43 +3,106 @@
 # NOTE: This file should not be committed to a repo or otherwise made public
 # without removing sensitive information.
 
-use Mix.Config
+import Config
 
 # Configures the endpoint
-websocket_config = [
-  path: "/socket",
-  serializer: [
-    {Phoenix.Socket.V1.JSONSerializer, "~> 1.0.0"},
-    {Phoenix.Socket.V2.JSONSerializer, "~> 2.0.0"}
-  ],
-  timeout: 60_000,
-  transport_log: false,
-  compress: false
-]
-
 config :pleroma, Pleroma.Web.Endpoint,
-  url: [host: "social.hatthieves.es", scheme: "https", port: 443],
-  secret_key_base: "cXHImR89EePUjWdclU3vJUr8ZiGQiKLalhU9AMsEY5YnSG2e6MLzjmVwmxCztqa8",
-  signing_salt: "g0uP6uv4",
-  instrumenters: [Pleroma.Web.Endpoint.Instrumenter],
-  http: [
-    dispatch: [
-      {:_,
-       [
-         {"/api/v1/streaming", Pleroma.Web.MastodonAPI.WebsocketHandler, []},
-         {"/socket", Phoenix.Endpoint.CowboyWebSocket,
-          {Phoenix.Transports.WebSocket,
-           {Pleroma.Web.Endpoint, Pleroma.Web.UserSocket, websocket_config}}},
-         {:_, Phoenix.Endpoint.Cowboy2Handler, {Pleroma.Web.Endpoint, []}}
-       ]}
-    ],
-    port: 4000,
-    ip: {0, 0, 0, 0}
-#    ip: {172, 2, 0, 101}
+   url: [host: "pleroma.hatthieves.es", scheme: "https", port: 443],
+   secret_key_base: "cXHImR89EePUjWdclU3vJUr8ZiGQiKLalhU9AMsEY5YnSG2e6MLzjmVwmxCztqa8",
+   signing_salt: "g0uP6uv4",
+   http: [ip: {0, 0, 0, 0}, port: 4000]
+
+config :pleroma, :instance,
+  name: "HatThieves's Pleroma",
+  email: "info@hatthieves.es",
+  notify_email: "info@hatthieves.es",
+  limit: 8192,
+  registrations_open: true,
+  dedupe_media: true,
+  upload_limit: 25_000_000,
+  federating: true,
+  allow_relay: true,
+  public: true,
+  quarantined_instances: [],
+  dynamic_configuration: true
+
+config :logger, :console,
+  level: :info,
+  format: "\n$time $metadata[$level] $message\n",
+  metadata: [:request_id]
+
+#config :mime, :types, %{
+#  "application/xml" => ["xml"],
+#  "application/xrd+xml" => ["xrd+xml"],
+#  "application/activity+json" => ["activity+json"],
+#  "application/ld+json" => ["activity+json"]
+#}
+
+#config :pleroma, :websub, Pleroma.Web.Websub
+#config :pleroma, :ostatus, Pleroma.Web.OStatus
+#config :pleroma, :httpoison, Pleroma.HTTP
+
+#version =
+#  with {version, 0} <- System.cmd("git", ["rev-parse", "HEAD"]) do
+#    "Pleroma #{Mix.Project.config()[:version]} #{String.trim(version)}"
+#  else
+#    _ -> "Pleroma #{Mix.Project.config()[:version]} dev"
+#  end
+
+# Configures http settings, upstream proxy etc.
+config :pleroma, :http, proxy_url: nil
+
+config :pleroma, configurable_from_database: true
+
+config :pleroma, :activitypub,
+  accept_blocks: true,
+  unfollow_blocked: true,
+  outgoing_blocks: true
+
+config :pleroma, :hackney_pools,
+  federation: [
+    max_connections: 200,
+    timeout: 300_000
   ],
-  render_errors: [view: Pleroma.Web.ErrorView, accepts: ~w(json)],
-  pubsub: [name: Pleroma.PubSub, adapter: Phoenix.PubSub.PG2],
-  secure_cookie_flag: true
+  media: [
+    max_connections: 100,
+    timeout: 300_000
+  ],
+  upload: [
+    max_connections: 100,
+    timeout: 500_000
+  ]
+
+config :pleroma, :streamer,
+  workers: 15,
+  overflow_workers: 10
+
+#config :pleroma, Pleroma.Uploaders.S3, s3_bucket: nil
+
+#config :pleroma, :emoji, shortcode_globs: ["/emoji/custom/**/*.png"]
+
+#config :pleroma, :uri_schemes, additionnal_schemes: []
+
+#config :pleroma, :user, deny_follow_blocked: true
+
+config :pleroma, :mrf_rejectnonpublic,
+  allow_followersonly: false,
+  allow_direct: false
+
+config :pleroma, :mrf_simple,
+  media_removal: ["humblr.social","librem.one","quey.org","social.politicaconciencia.net","switter.at","7td.org","animalliberation.social","anime.website","barrag.net","bikeshed.party","blob.cat","busshi.moe","carnal-gabhub.ptotohype.net","carrot.army","cliterati.club","develop.gab.com","dickkickextremist.xyz","dogeposting.social","ekrem.develop.gab","expired.mentality.rip","fedi.absturztau.be","floppy.tokyo","freespeechextremist.com","freezepeach.xyz","gab.ai","gabble.xyz","gab.com","gabfed.com","gab.io","gab.polaris-1.work","gab.sleeck.eu","gleasonator.com","glindr.org","gnusocial.no","gs.smuglo.li","hagra.net","hitchhicker.social","hitchhiker.social","husk.site","inditoot.com","justicewarrior.social","kiwifarms.cc","ligma.pro","mastodon.starrevolution.org","neenster.org","not-develop.gab.com","npf.mlpol.net","pawoo.net","peertube.uno","pl.skyn3t.in","pl.smuglo.li","prout.social","qoto.org","search.fedi.app","shitposter.club","social.byoblu.com","social.sunshinegardens.org","socnet.supes.com","spinster.xyz","tube.gnous.eu","us.tv","uwu.social","video.nobodyhasthe.biz","witches.live","yggdrasil.social"],
+  media_nsfw: [],
+  federated_timeline_removal: ["humblr.social","librem.one","quey.org","social.politicaconciencia.net","switter.at","7td.org","animalliberation.social","anime.website","barrag.net","bikeshed.party","blob.cat","busshi.moe","carnal-gabhub.ptotohype.net","carrot.army","cliterati.club","develop.gab.com","dickkickextremist.xyz","dogeposting.social","ekrem.develop.gab","expired.mentality.rip","fedi.absturztau.be","floppy.tokyo","freespeechextremist.com","freezepeach.xyz","gab.ai","gabble.xyz","gab.com","gabfed.com","gab.io","gab.polaris-1.work","gab.sleeck.eu","gleasonator.com","glindr.org","gnusocial.no","gs.smuglo.li","hagra.net","hitchhicker.social","hitchhiker.social","husk.site","inditoot.com","justicewarrior.social","kiwifarms.cc","ligma.pro","mastodon.starrevolution.org","neenster.org","not-develop.gab.com","npf.mlpol.net","pawoo.net","peertube.uno","pl.skyn3t.in","pl.smuglo.li","prout.social","qoto.org","search.fedi.app","shitposter.club","social.byoblu.com","social.sunshinegardens.org","socnet.supes.com","spinster.xyz","tube.gnous.eu","us.tv","uwu.social","video.nobodyhasthe.biz","witches.live","yggdrasil.social"],
+  report_removal: ["humblr.social","librem.one","quey.org","social.politicaconciencia.net","switter.at","7td.org","animalliberation.social","anime.website","barrag.net","bikeshed.party","blob.cat","busshi.moe","carnal-gabhub.ptotohype.net","carrot.army","cliterati.club","develop.gab.com","dickkickextremist.xyz","dogeposting.social","ekrem.develop.gab","expired.mentality.rip","fedi.absturztau.be","floppy.tokyo","freespeechextremist.com","freezepeach.xyz","gab.ai","gabble.xyz","gab.com","gabfed.com","gab.io","gab.polaris-1.work","gab.sleeck.eu","gleasonator.com","glindr.org","gnusocial.no","gs.smuglo.li","hagra.net","hitchhicker.social","hitchhiker.social","husk.site","inditoot.com","justicewarrior.social","kiwifarms.cc","ligma.pro","mastodon.starrevolution.org","neenster.org","not-develop.gab.com","npf.mlpol.net","pawoo.net","peertube.uno","pl.skyn3t.in","pl.smuglo.li","prout.social","qoto.org","search.fedi.app","shitposter.club","social.byoblu.com","social.sunshinegardens.org","socnet.supes.com","spinster.xyz","tube.gnous.eu","us.tv","uwu.social","video.nobodyhasthe.biz","witches.live","yggdrasil.social"],
+  reject: ["humblr.social","librem.one","quey.org","social.politicaconciencia.net","switter.at","7td.org","animalliberation.social","anime.website","barrag.net","bikeshed.party","blob.cat","busshi.moe","carnal-gabhub.ptotohype.net","carrot.army","cliterati.club","develop.gab.com","dickkickextremist.xyz","dogeposting.social","ekrem.develop.gab","expired.mentality.rip","fedi.absturztau.be","floppy.tokyo","freespeechextremist.com","freezepeach.xyz","gab.ai","gabble.xyz","gab.com","gabfed.com","gab.io","gab.polaris-1.work","gab.sleeck.eu","gleasonator.com","glindr.org","gnusocial.no","gs.smuglo.li","hagra.net","hitchhicker.social","hitchhiker.social","husk.site","inditoot.com","justicewarrior.social","kiwifarms.cc","ligma.pro","mastodon.starrevolution.org","neenster.org","not-develop.gab.com","npf.mlpol.net","pawoo.net","peertube.uno","pl.skyn3t.in","pl.smuglo.li","prout.social","qoto.org","search.fedi.app","shitposter.club","social.byoblu.com","social.sunshinegardens.org","socnet.supes.com","spinster.xyz","tube.gnous.eu","us.tv","uwu.social","video.nobodyhasthe.biz","witches.live","yggdrasil.social"],
+  accept: [],
+  avatar_removal: ["humblr.social","librem.one","quey.org","social.politicaconciencia.net","switter.at","7td.org","animalliberation.social","anime.website","barrag.net","bikeshed.party","blob.cat","busshi.moe","carnal-gabhub.ptotohype.net","carrot.army","cliterati.club","develop.gab.com","dickkickextremist.xyz","dogeposting.social","ekrem.develop.gab","expired.mentality.rip","fedi.absturztau.be","floppy.tokyo","freespeechextremist.com","freezepeach.xyz","gab.ai","gabble.xyz","gab.com","gabfed.com","gab.io","gab.polaris-1.work","gab.sleeck.eu","gleasonator.com","glindr.org","gnusocial.no","gs.smuglo.li","hagra.net","hitchhicker.social","hitchhiker.social","husk.site","inditoot.com","justicewarrior.social","kiwifarms.cc","ligma.pro","mastodon.starrevolution.org","neenster.org","not-develop.gab.com","npf.mlpol.net","pawoo.net","peertube.uno","pl.skyn3t.in","pl.smuglo.li","prout.social","qoto.org","search.fedi.app","shitposter.club","social.byoblu.com","social.sunshinegardens.org","socnet.supes.com","spinster.xyz","tube.gnous.eu","us.tv","uwu.social","video.nobodyhasthe.biz","witches.live","yggdrasil.social"],
+  banner_removal: ["humblr.social","librem.one","quey.org","social.politicaconciencia.net","switter.at","7td.org","animalliberation.social","anime.website","barrag.net","bikeshed.party","blob.cat","busshi.moe","carnal-gabhub.ptotohype.net","carrot.army","cliterati.club","develop.gab.com","dickkickextremist.xyz","dogeposting.social","ekrem.develop.gab","expired.mentality.rip","fedi.absturztau.be","floppy.tokyo","freespeechextremist.com","freezepeach.xyz","gab.ai","gabble.xyz","gab.com","gabfed.com","gab.io","gab.polaris-1.work","gab.sleeck.eu","gleasonator.com","glindr.org","gnusocial.no","gs.smuglo.li","hagra.net","hitchhicker.social","hitchhiker.social","husk.site","inditoot.com","justicewarrior.social","kiwifarms.cc","ligma.pro","mastodon.starrevolution.org","neenster.org","not-develop.gab.com","npf.mlpol.net","pawoo.net","peertube.uno","pl.skyn3t.in","pl.smuglo.li","prout.social","qoto.org","search.fedi.app","shitposter.club","social.byoblu.com","social.sunshinegardens.org","socnet.supes.com","spinster.xyz","tube.gnous.eu","us.tv","uwu.social","video.nobodyhasthe.biz","witches.live","yggdrasil.social"]
+
+config :pleroma, :media_proxy,
+  enabled: false,
+  redirect_on_failure: true
+  #base_url: "https://cache.pleroma.social"
 
 config :pleroma, Pleroma.Repo,
   adapter: Ecto.Adapters.Postgres,
@@ -47,81 +110,8 @@ config :pleroma, Pleroma.Repo,
   password: "pl3r0m4.",
   database: "pleroma",
   hostname: "172.2.0.102",
-  pool_size: 150
-
-config :pleroma, :instance,
-  name: "HatThieves/Pleroma",
-  email: "info@hatthieves.es",
-  notify_email: "info@hatthieves.es",
-  limit: 5000,
-  registrations_open: true,
-  dedupe_media: true,
-  upload_limit: 25_000_000,
-  federating: true,
-  allow_relay: true,
-  rewrite_policy: Pleroma.Web.ActivityPub.MRF.NoOpPolicy,
-  public: true,
-  quarantined_instances: [],
-  dynamic_configuration: true,
-  managed_config: true
-
-config :logger, :console,
-  format: "$time $metadata[$level] $message\n",
-  metadata: [:request_id]
-
-config :pleroma, :frontend_configurations,
-  pleroma_fe: %{
-    theme: "monokai",
-    background: "/static/aurora_borealis.jpg",
-    logo: "/static/logo.png",
-    logoMask: true,
-    logoMargin: ".1em",
-    redirectRootNoLogin: "/main/all",
-    redirectRootLogin: "/main/friends",
-    chatDisabled: false,
-    showInstanceSpecificPanel: true,
-    collapseMessageWithSubject: false,
-    scopeCopy: true,
-    subjectLineBehavior: "email",
-    postContentType: "text/plain",
-    alwaysShowSubjectInput: true,
-    hidePostStats: false,
-    hideUserStats: false,
-    loginMethod: "password",
-    webPushNotifications: true,
-    noAttachmentLinks: false,
-    nsfwCensorImage: "",
-    showFeaturesPanel: true,
-    minimalScopesMode: false
-  },
-  masto_fe: %{
-    showInstanceSpecificPanel: true
-  }
-
-config :pleroma, :hackney_pools,
-  federation: [
-    max_connections: 130,
-    timeout: 150_000
-  ],
-  media: [
-    max_connections: 50,
-    timeout: 150_000
-  ],
-  upload: [
-    max_connections: 50,
-    timeout: 300_000
-  ]
-
-config :logger, :console,
-  level: :error,
-  format: "$metadata[$level] $message",
-  metadata: [:request_id]
-
-config :logger, :ex_syslogger,
-  level: :error,
-  ident: "pleroma",
-  format: "$metadata[$level] $message",
-  metadata: [:request_id]
+  pool_size: 200
+#  timeout: 50000
 
 # Configure web push notifications
 config :web_push_encryption, :vapid_details,
@@ -129,31 +119,66 @@ config :web_push_encryption, :vapid_details,
   public_key: "BF7FikUMwkHL_bbWDaoJwzRep41IqeBz4JzMEMbHTJYGBAgDx-qRHUh-A1BAxlmCBDNdpexFEfONt8xEzvhEQAw",
   private_key: "t0FMHZsmzkZ1cXjI86ttRDlm_vzLiWQcMc8fhljqooY"
 
-config :pleroma, Pleroma.Upload,
-  uploader: Pleroma.Uploaders.Local,
-  filters: [Pleroma.Upload.Filter.Dedupe],
-  link_name: true,
-  proxy_remote: false,
-  proxy_opts: [
-    redirect_on_failure: false,
-    max_body_length: 25 * 1_048_576,
-    http: [
-      follow_redirect: true,
-      pool: :upload
-    ]
-  ]
+# Enable Strict-Transport-Security once SSL is working:
+# config :pleroma, :http_security,
+#   sts: true
 
-config :pleroma, Pleroma.Uploaders.Local, uploads: "uploads"
+# Configure S3 support if desired.
+# The public S3 endpoint is different depending on region and provider,
+# consult your S3 provider's documentation for details on what to use.
+#
+# config :pleroma, Pleroma.Uploaders.S3,
+#   bucket: "some-bucket",
+#   public_endpoint: "https://s3.amazonaws.com"
+#
+# Configure S3 credentials:
+# config :ex_aws, :s3,
+#   access_key_id: "xxxxxxxxxxxxx",
+#   secret_access_key: "yyyyyyyyyyyy",
+#   region: "us-east-1",
+#   scheme: "https://"
+#
+# For using third-party S3 clones like wasabi, also do:
+# config :ex_aws, :s3,
+#   host: "s3.wasabisys.com"
 
-config :pleroma, :chat, enabled: false
+
+# Configure Openstack Swift support if desired.
+#
+# Many openstack deployments are different, so config is left very open with
+# no assumptions made on which provider you're using. This should allow very
+# wide support without needing separate handlers for OVH, Rackspace, etc.
+#
+# config :pleroma, Pleroma.Uploaders.Swift,
+#  container: "some-container",
+#  username: "api-username-yyyy",
+#  password: "api-key-xxxx",
+#  tenant_id: "<openstack-project/tenant-id>",
+#  auth_url: "https://keystone-endpoint.provider.com",
+#  storage_url: "https://swift-endpoint.prodider.com/v1/AUTH_<tenant>/<container>",
+#  object_url: "https://cdn-endpoint.provider.com/<container>"
+#
+
+#config :pleroma, Pleroma.Upload,
+#  uploader: Pleroma.Uploaders.Local,
+#  filters: [Pleroma.Upload.Filter.Dedupe],
+#  link_name: true,
+#  proxy_remote: true,
+#  proxy_opts: [
+#    redirect_on_failure: false,
+#    max_body_length: 25 * 1_048_576,
+#    http: [
+#      follow_redirect: true,
+#      pool: :upload
+#    ]
+#  ]
+
+#config :pleroma, Pleroma.Uploaders.Local, uploads: "uploads"
+
+config :pleroma, :chat, enabled: true
 
 config :phoenix, :format_encoders, json: Jason
 
-config :pleroma, :gopher,
-  enabled: true,
-  ip: {172,2,0,101},
-  port: 9999
-
 config :pleroma, :suggestions,
   enabled: true,
   third_party_engine:
@@ -161,8 +186,11 @@ config :pleroma, :suggestions,
   timeout: 300_000,
   web: "https://vinayaka.distsn.org/?{{host}}+{{user}}"
 
-#config :pleroma_job_queue, :queues,
-#  federator_incoming: 100,
-#  federator_outgoing: 100
+config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
+config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
+
+config :pleroma, :mrf,
+  policies: Pleroma.Web.ActivityPub.MRF.SimplePolicy,
+  transparency: true,
+  transparency_exclusions: []
 
-import_config "#{Mix.env()}.secret.exs"

production/pleroma/pleroma/config/prod.secret.exs

@@ -179,7 +179,7 @@ config :pleroma, :chat, enabled: true
 config :phoenix, :format_encoders, json: Jason
 
 config :pleroma, :gopher,
-  enabled: true,
+  enabled: false,
   ip: {172, 2, 0, 101},
   port: 9999
 

production/prosody/docker-compose.yml

@@ -2,8 +2,8 @@ version: '2'
 
 services:
   prosody:
-    build: ./prosody
-#    image: 'prosody/prosody'
+#    build: ./prosody
+    image: 'prosody/prosody'
     hostname: prosody
     container_name: prosody
     restart: always

production/rocket/docker-compose.yml

@@ -1,7 +1,7 @@
 version: '2'
 services:
   db-rocketchat1:
-    image: mongo
+    image: mongo:4.2
     restart: always
     container_name: db-rocketchat1
     hostname: db-rocketchat1
@@ -14,11 +14,14 @@ services:
         ipv4_address: 172.133.0.99
 
   db-rocketchat2:
-    image: mongo
+    image: mongo:4.2
     restart: always
     container_name: db-rocketchat2
     hostname: db-rocketchat2
-    command: --keyFile /opt/keyfile --replSet "rs0"
+#    command: --keyFile /opt/keyfile --replSet "rs0" --repair
+    entrypoint:
+      - /bin/sleep
+      - infinity
     volumes:
       - ./mongo/data2:/data/db
       - ./mongo/mongodb-keyfile:/opt/keyfile

production/wordpress/docker-compose.yml

@@ -19,6 +19,7 @@ services:
       - ./wordpress/header.php:/usr/src/wordpress/wp-content/themes/twentyseventeen/header.php
       - ./wordpress/footer.php:/usr/src/wordpress/wp-content/themes/twentyseventeen/footer.php
       - ./wordpress/google258093a68d45ac64.html:/var/www/html/google258093a68d45ac64.html
+      - ./wordpress/ads.txt:/var/www/html/ads.txt
       - ./wordpress/htaccess:/var/www/html/.htaccess
       - ./wordpress/wp-content:/var/www/html/wp-content
       - ./wordpress/apache2.conf:/etc/apache2/apache2.conf:ro

scripts/docker-clear

@@ -1,3 +1,4 @@
 #/bin/bash
 docker system prune -f -a
+docker system prune -f --volumes
 truncate -s 0 /var/lib/docker/containers/*/*-json.log

scripts/update-certs.sh

@@ -1,12 +1,13 @@
 #!/bin/bash
+RUTA=/opt/docker/production
 # dehydrated -c -t dns-01 -o /root/letsencrypt -d "hatthieves.es *.hatthieves.es" -k /etc/dehydrated/manual.rb
 cat /root/letsencrypt/hatthieves.es/fullchain.pem > /opt/docker/secure/fullchain.pem
 cat /root/letsencrypt/hatthieves.es/privkey.pem > /opt/docker/secure/privkey.pem
-cd /opt/docker/nginx; docker-compose down; docker-compose up -d
-cd /opt/docker/haraka-wildduck; docker-compose down; docker-compose up -d
-cd /opt/docker/prosody; docker-compose down; docker-compose up -d
-cd /opt/docker/coturn; docker-compose down; docker-compose up -d
-cd /opt/docker/mumble; docker-compose down; docker-compose up -d
-cd /opt/docker/rocket; docker-compose down; docker-compose up -d
+cd $RUTA/nginx; docker-compose down; docker-compose up -d
+cd $RUTA/haraka-wildduck; docker-compose down; docker-compose up -d
+cd $RUTA/prosody; docker-compose down; docker-compose up -d
+cd $RUTA/coturn; docker-compose down; docker-compose up -d
+cd $RUTA/mumble; docker-compose down; docker-compose up -d
+#cd $RUTA/rocket; docker-compose down; docker-compose up -d
 echo -e "\nCERTS UPDATED!! :-)"
 exit 0