Restrict gitea resources, add local+public route for copyparty

2025-12-05 23:00:24 -08:00 · 2025-11-29 03:36:53 -08:00
parent 412dc6ec60
commit fd7eaf35e5
5 changed files with 16 additions and 12 deletions
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -44,8 +44,10 @@ yt.local.msws.xyz, yt.msws.xyz {
  reverse_proxy invidious:3000
 }

-files.msws.xyz {
-  reverse_proxy copyparty:3923
+files.local.msws.xyz {
+  reverse_proxy copyparty:3923 {
+    header_up CF-CONNECTING-IP 10.0.0.140
+  }
 }

 #*.code.msws.xyz {
--- a/caddy/compose.yml
+++ b/caddy/compose.yml
@@ -20,7 +20,6 @@ services:
      - CADDY_ADMIN=caddy-caddy-1:2019
    networks:
      - cloudflared
-      - copyparty

 volumes:
  caddy_data:
@@ -29,5 +28,3 @@ volumes:
 networks:
  cloudflared:
    external: true
-  copyparty:
-    external: true
--- a/cf-tunnel/compose.yml
+++ b/cf-tunnel/compose.yml
@@ -10,13 +10,13 @@ services:
      - cloudflared
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
-  cloudflared-internal:
+  cloudflared-ssh-infra:
    image: cloudflare/cloudflared:latest
-    container_name: cf-tunnel-internal
+    container_name: cf-tunnel-ssh-infra
    restart: always
    command: tunnel run
    environment:
-      TUNNEL_TOKEN: "${PRIVATE_TUNNEL_TOKEN}"
+      TUNNEL_TOKEN: "${SSH_INFRA_TUNNEL_TOKEN}"
    network_mode: "host"
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
--- a/copyparty/compose.yml
+++ b/copyparty/compose.yml
@@ -3,10 +3,11 @@ services:
    image: copyparty/ac:latest
    container_name: copyparty
    user: "1000:1000"
+    restart: always
    volumes:
      - ${PWD}/cfg:/cfg:z
-      - ${PWD}/data/public:/public:z
-      - ${PWD}/data/private:/private:z
+      - /mnt/samsung/copyparty/public:/public:z
+      - /mnt/samsung/copyparty/private:/private:z

    environment:
      LD_PRELOAD: /usr/lib/libmimalloc-secure.so.2
@@ -24,8 +25,8 @@ services:
      retries: 5
      start_period: 15s
    networks:
-      - copyparty
+      - cloudflared

 networks:
-  copyparty:
+  cloudflared:
    external: true
--- a/gitea/compose.yml
+++ b/gitea/compose.yml
@@ -47,6 +47,10 @@ services:
      timeout: 10s
      retries: 3
      start_period: 10s
+    deploy:
+      resources:
+        limits:
+          cpus: "1"

  runner:
    image: gitea/act_runner:nightly