From 342d8ef5e1d988877efbd1bc5d333640d7523570 Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Sun, 17 Apr 2022 10:45:53 +0200
Subject: Initial commit

---
 playbooks.d/webserver/share/sites.d/_              | 19 ++++++
 .../webserver/share/sites.d/church.scriptkitties   | 77 ++++++++++++++++++++++
 playbooks.d/webserver/share/sites.d/com.voidfire   | 34 ++++++++++
 playbooks.d/webserver/share/sites.d/net.tyil       | 32 +++++++++
 playbooks.d/webserver/share/sites.d/nl.fglt        | 39 +++++++++++
 playbooks.d/webserver/share/sites.d/nl.tyil        | 36 ++++++++++
 playbooks.d/webserver/share/sites.d/nl.tyil.alt    | 29 ++++++++
 .../webserver/share/sites.d/nl.tyil.alt.imgur      | 32 +++++++++
 .../webserver/share/sites.d/nl.tyil.alt.reddit     | 32 +++++++++
 .../webserver/share/sites.d/nl.tyil.alt.twitter    | 32 +++++++++
 .../webserver/share/sites.d/nl.tyil.alt.youtube    | 32 +++++++++
 playbooks.d/webserver/share/sites.d/nl.tyil.cloud  | 37 +++++++++++
 playbooks.d/webserver/share/sites.d/nl.tyil.dist   | 34 ++++++++++
 .../webserver/share/sites.d/nl.tyil.dnd-wiki       | 53 +++++++++++++++
 playbooks.d/webserver/share/sites.d/nl.tyil.git    | 34 ++++++++++
 .../webserver/share/sites.d/nl.tyil.headphones     | 35 ++++++++++
 playbooks.d/webserver/share/sites.d/nl.tyil.home   | 64 ++++++++++++++++++
 .../webserver/share/sites.d/nl.tyil.homebrew       | 33 ++++++++++
 playbooks.d/webserver/share/sites.d/nl.tyil.p      | 41 ++++++++++++
 playbooks.d/webserver/share/sites.d/nl.tyil.radio  | 34 ++++++++++
 playbooks.d/webserver/share/sites.d/nl.tyil.searx  | 32 +++++++++
 playbooks.d/webserver/share/sites.d/nl.tyil.tv     | 32 +++++++++
 playbooks.d/webserver/share/sites.d/nl.tyil.www    | 39 +++++++++++
 ...dsgeruzq5nncg7yzdvqvhevxybwl2n35wht6uyaav6uh4ad | 12 ++++
 .../webserver/share/sites.d/pictures.memebooru     | 35 ++++++++++
 playbooks.d/webserver/share/sites.d/work.tyil      | 27 ++++++++
 26 files changed, 936 insertions(+)
 create mode 100644 playbooks.d/webserver/share/sites.d/_
 create mode 100644 playbooks.d/webserver/share/sites.d/church.scriptkitties
 create mode 100644 playbooks.d/webserver/share/sites.d/com.voidfire
 create mode 100644 playbooks.d/webserver/share/sites.d/net.tyil
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.fglt
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.alt
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.alt.imgur
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.alt.reddit
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.alt.twitter
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.alt.youtube
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.cloud
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.dist
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.dnd-wiki
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.git
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.headphones
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.home
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.homebrew
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.p
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.radio
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.searx
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.tv
 create mode 100644 playbooks.d/webserver/share/sites.d/nl.tyil.www
 create mode 100644 playbooks.d/webserver/share/sites.d/onion.ak444pkh3dsgeruzq5nncg7yzdvqvhevxybwl2n35wht6uyaav6uh4ad
 create mode 100644 playbooks.d/webserver/share/sites.d/pictures.memebooru
 create mode 100644 playbooks.d/webserver/share/sites.d/work.tyil

(limited to 'playbooks.d/webserver/share/sites.d')

diff --git a/playbooks.d/webserver/share/sites.d/_ b/playbooks.d/webserver/share/sites.d/_
new file mode 100644
index 0000000..0fea007
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/_
@@ -0,0 +1,19 @@
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	server_name _;
+
+	location / {
+		return 404;
+	}
+
+	location /stub_status {
+		allow 127.0.0.1;
+		allow 10.57.0.0/16;
+
+		deny all;
+
+		stub_status;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/church.scriptkitties b/playbooks.d/webserver/share/sites.d/church.scriptkitties
new file mode 100644
index 0000000..7227844
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/church.scriptkitties
@@ -0,0 +1,77 @@
+server {
+	listen 443 ssl http2; # managed by Certbot
+	listen [::]:443 ssl http2; # managed by Certbot
+
+	server_name scriptkitties.church;
+
+	ssl_certificate /etc/letsencrypt/live/scriptkitties.church/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/scriptkitties.church/privkey.pem;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	#include /etc/nginx/conf.d/headers.conf;
+	include /etc/nginx/conf.d/ssl.conf;
+	include mime.types;
+
+	root /var/www/church.scriptkitties;
+	index index.php;
+
+	autoindex off;
+	fastcgi_param HTTPS on;
+	client_max_body_size 10m;
+	client_body_buffer_size 128k;
+
+	location / {
+		try_files $uri /index.php?pagename=$uri&$args;
+	}
+
+	location ^~ /.well-known/ {
+		allow all;
+		rewrite ^ /index.php?pagename=$uri;
+	}
+
+	location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
+		expires 30d;
+		try_files $uri /index.php?pagename=$uri&$args;
+	}
+
+	location ~* \.php$ {
+		try_files $uri =404;
+
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
+
+		include fastcgi_params;
+		fastcgi_index index.php;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+
+		fastcgi_buffers 16 16k; 
+		fastcgi_buffer_size 32k;
+	}
+
+	location ~* \.(tpl|md|tgz|log|out)$ {
+		deny all;
+	}
+
+	location ~ /\. {
+		deny all;
+	}
+
+	location ^~ /bin {
+		deny all;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name scriptkitties.church;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	include /etc/nginx/conf.d/headers.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/com.voidfire b/playbooks.d/webserver/share/sites.d/com.voidfire
new file mode 100644
index 0000000..c54cc2c
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/com.voidfire
@@ -0,0 +1,34 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name voidfire.com;
+
+	ssl_certificate /etc/letsencrypt/live/voidfire.com/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/voidfire.com/privkey.pem;
+
+	include /etc/nginx/conf.d/ssl.conf;
+	include /etc/nginx/conf.d/certbot.conf;
+
+	root /var/www/com.voidfire;
+
+	location / {
+		try_files $uri $uri/ =404;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name voidfire.com;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+
+	location /.well-known/acme-challenge {
+		root /var/www/.acme;
+		try_files $uri $uri/ =404;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/net.tyil b/playbooks.d/webserver/share/sites.d/net.tyil
new file mode 100644
index 0000000..571fb97
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/net.tyil
@@ -0,0 +1,32 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name tyil.net;
+
+	ssl_certificate /etc/letsencrypt/live/tyil.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/tyil.net/privkey.pem;
+
+	include /etc/nginx/conf.d/ssl.conf;
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		proxy_set_header Host            $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+
+		proxy_pass http://10.57.100.7;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name tyil.net;
+
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.fglt b/playbooks.d/webserver/share/sites.d/nl.fglt
new file mode 100644
index 0000000..63e8d62
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.fglt
@@ -0,0 +1,39 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name fglt.nl;
+
+	ssl_certificate /etc/letsencrypt/live/fglt.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/fglt.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	include /etc/nginx/conf.d/headers.conf;
+	include /etc/nginx/conf.d/ssl.conf;
+
+	access_log /var/log/nginx/nl.fglt-access.log;
+	error_log /var/log/nginx/nl.fglt-error.log;
+
+	root /var/www/nl.fglt;
+
+	location / {
+		try_files $uri $uri/ =404;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name fglt.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	include /etc/nginx/conf.d/headers.conf;
+
+	access_log /var/log/nginx/nl.fglt-access.log;
+	error_log /var/log/nginx/nl.fglt-error.log;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil b/playbooks.d/webserver/share/sites.d/nl.tyil
new file mode 100644
index 0000000..891b02a
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil
@@ -0,0 +1,36 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/ssl.conf;
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location ~ ^/.well-known/openpgpkey(.+)$ {
+		add_header Access-Control-Allow-Origin *;
+
+		root /var/wkd/nl.tyil;
+		try_files $1 =404;
+	}
+
+	location / {
+		return 301 https://www.tyil.nl$request_uri;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.alt b/playbooks.d/webserver/share/sites.d/nl.tyil.alt
new file mode 100644
index 0000000..aae4826
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.alt
@@ -0,0 +1,29 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name alt.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/alt.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/alt.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/ssl.conf;
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location = / {
+		return 301 https://www.tyil.nl/services;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name alt.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.alt.imgur b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.imgur
new file mode 100644
index 0000000..8e3c8a3
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.imgur
@@ -0,0 +1,32 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name imgur.alt.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/imgur.alt.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/imgur.alt.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/ssl.conf;
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		proxy_set_header Host            $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+
+		proxy_pass http://10.57.100.7;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name imgur.alt.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.alt.reddit b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.reddit
new file mode 100644
index 0000000..ba62ade
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.reddit
@@ -0,0 +1,32 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name reddit.alt.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/reddit.alt.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/reddit.alt.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/ssl.conf;
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		proxy_set_header Host            $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+
+		proxy_pass http://10.57.100.7;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name reddit.alt.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.alt.twitter b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.twitter
new file mode 100644
index 0000000..e40baba
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.twitter
@@ -0,0 +1,32 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name twitter.alt.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/twitter.alt.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/twitter.alt.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/ssl.conf;
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		proxy_set_header Host            $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+
+		proxy_pass http://10.57.100.7;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name twitter.alt.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.alt.youtube b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.youtube
new file mode 100644
index 0000000..17bb748
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.alt.youtube
@@ -0,0 +1,32 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name youtube.alt.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/youtube.alt.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/youtube.alt.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/ssl.conf;
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		proxy_set_header Host            $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+
+		proxy_pass http://10.57.100.7;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name youtube.alt.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.cloud b/playbooks.d/webserver/share/sites.d/nl.tyil.cloud
new file mode 100644
index 0000000..09fb324
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.cloud
@@ -0,0 +1,37 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name cloud.tyil.nl;
+
+	error_log  /var/log/nginx/cloud-error.log;
+	access_log /var/log/nginx/cloud-access.log;
+
+	ssl_certificate /etc/letsencrypt/live/cloud.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/cloud.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/ssl.conf;
+	include /etc/nginx/conf.d/certbot.conf;
+
+	client_max_body_size 200M;
+
+	location / {
+		proxy_set_header Host            "cloud.tyil.nl";
+		proxy_set_header X-Forwarded-For $remote_addr;
+
+		proxy_pass http://10.57.100.7;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name cloud.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.dist b/playbooks.d/webserver/share/sites.d/nl.tyil.dist
new file mode 100644
index 0000000..66bf077
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.dist
@@ -0,0 +1,34 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name dist.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/dist.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/dist.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	include /etc/nginx/conf.d/headers.conf;
+	include /etc/nginx/conf.d/ssl.conf;
+
+	location / {
+		proxy_set_header Host            $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+
+		proxy_pass http://10.57.100.7;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name dist.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	include /etc/nginx/conf.d/headers.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.dnd-wiki b/playbooks.d/webserver/share/sites.d/nl.tyil.dnd-wiki
new file mode 100644
index 0000000..40108c1
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.dnd-wiki
@@ -0,0 +1,53 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+	server_name dnd-wiki.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/dnd-wiki.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/dnd-wiki.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/ssl.conf;
+	include /etc/nginx/conf.d/certbot.conf;
+
+	root /var/www/nl.tyil.dnd-wiki;
+
+	client_max_body_size 10M;
+
+	location / {
+		index doku.php;
+		try_files $uri $uri/ @dokuwiki;
+	}
+
+	location ~ ^/lib.*\.(gif|png|ico|jpg)$ {
+		expires 30d;
+	}
+
+	location ^~ /conf/ { return 403; }
+	location ^~ /data/ { return 403; }
+
+	location @dokuwiki {
+		rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
+		rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
+		rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
+		rewrite ^/(.*) /doku.php?id=$1 last;
+	}
+
+	location ~ \.php$ {
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		fastcgi_pass localhost:9000;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name dnd-wiki.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.git b/playbooks.d/webserver/share/sites.d/nl.tyil.git
new file mode 100644
index 0000000..e7d04f0
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.git
@@ -0,0 +1,34 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name git.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/git.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/git.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	include /etc/nginx/conf.d/headers.conf;
+	include /etc/nginx/conf.d/ssl.conf;
+
+	location / {
+		proxy_set_header Host "git.tyil.nl";
+		proxy_set_header X-Forwarded-For $remote_addr;
+
+		proxy_pass http://10.57.100.7;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name git.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	include /etc/nginx/conf.d/headers.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.headphones b/playbooks.d/webserver/share/sites.d/nl.tyil.headphones
new file mode 100644
index 0000000..9f27f69
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.headphones
@@ -0,0 +1,35 @@
+#server {
+#	listen 443 ssl; # managed by Certbot
+#	listen [::]:443 ssl; # managed by Certbot
+#
+#	server_name headphones.tyil.nl;
+#
+#	ssl_certificate /etc/letsencrypt/live/headphones.tyil.nl/fullchain.pem;
+#	ssl_certificate_key /etc/letsencrypt/live/headphones.tyil.nl/privkey.pem;
+#
+#	include /etc/nginx/conf.d/ssl.conf;
+#	include /etc/nginx/conf.d/certbot.conf;
+#
+#	location / {
+#		proxy_pass http://127.0.0.1:8181;
+#	}
+#}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name headphones.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+
+	access_log /var/log/nginx/nl.tyil.headphones-access.log;
+	error_log /var/log/nginx/nl.tyil.headphones-error.log;
+
+#	location / {
+#		return 301 https://$host$request_uri;
+#	}
+	location / {
+		proxy_pass http://localhost:8181;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.home b/playbooks.d/webserver/share/sites.d/nl.tyil.home
new file mode 100644
index 0000000..55326a3
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.home
@@ -0,0 +1,64 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name home.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/home.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/home.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/ssl.conf;
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		return 301 https://www.tyil.nl$request_uri;
+	}
+
+	location ~ ^/~(.+?)(/.*)?$ {
+		alias /home/$1/www$2;
+		autoindex on;
+	}
+
+	location /git {
+		rewrite ^/git/(.*)$ https://git.tyil.nl/$1 redirect;
+	}
+
+	location /media {
+		alias /var/media;
+
+		satisfy any;
+
+		allow 127.0.0.1;
+		allow 10.57.0.0/16;
+		allow 192.168.178.0/24;
+		deny all;
+
+		auth_basic "pls no hack";
+		auth_basic_user_file "/var/media/.htpasswd";
+
+		autoindex on;
+	}
+
+	location /media/backups { deny all; }
+	location /media/nextcloud { deny all; }
+	location /media/pictures { deny all; }
+	location /media/recordings { deny all; }
+
+	location /packages {
+		alias /var/portage/packages;
+		autoindex on;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name home.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.homebrew b/playbooks.d/webserver/share/sites.d/nl.tyil.homebrew
new file mode 100644
index 0000000..26f8272
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.homebrew
@@ -0,0 +1,33 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name homebrew.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/homebrew.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/homebrew.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	include /etc/nginx/conf.d/headers.conf;
+	include /etc/nginx/conf.d/ssl.conf;
+
+	root /var/www/nl.tyil.homebrew;
+
+	location / {
+		try_files $uri $uri/ =404;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name homebrew.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	include /etc/nginx/conf.d/headers.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.p b/playbooks.d/webserver/share/sites.d/nl.tyil.p
new file mode 100644
index 0000000..e627a0d
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.p
@@ -0,0 +1,41 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name p.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/p.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/p.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	include /etc/nginx/conf.d/headers.conf;
+	include /etc/nginx/conf.d/ssl.conf;
+
+	root /var/www/nl.tyil.p;
+
+	location = / {
+		return 301 https://www.tyil.nl/services/fiche/;
+	}
+
+	location ~ ^/(?<slug>.+)$ {
+		# Disassociate all filetypes and their Content-Type, and
+		# default everything to text/plain.
+		types { } default_type text/plain;
+
+		alias "/var/www/nl.tyil.p/${slug}/index.txt";
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name p.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	include /etc/nginx/conf.d/headers.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.radio b/playbooks.d/webserver/share/sites.d/nl.tyil.radio
new file mode 100644
index 0000000..e71f55d
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.radio
@@ -0,0 +1,34 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name radio.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/radio.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/radio.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	include /etc/nginx/conf.d/headers.conf;
+	include /etc/nginx/conf.d/ssl.conf;
+
+	location / {
+		proxy_set_header Host            $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+
+		proxy_pass http://10.57.100.7;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name radio.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	include /etc/nginx/conf.d/headers.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.searx b/playbooks.d/webserver/share/sites.d/nl.tyil.searx
new file mode 100644
index 0000000..643ec0b
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.searx
@@ -0,0 +1,32 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name searx.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/searx.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/searx.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/ssl.conf;
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		proxy_set_header Host            $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+
+		proxy_pass http://10.57.100.7;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name searx.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.tv b/playbooks.d/webserver/share/sites.d/nl.tyil.tv
new file mode 100644
index 0000000..569ef73
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.tv
@@ -0,0 +1,32 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name tv.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/tv.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/tv.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/ssl.conf;
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		proxy_set_header Host            $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+
+		proxy_pass http://10.57.100.7;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name tv.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/nl.tyil.www b/playbooks.d/webserver/share/sites.d/nl.tyil.www
new file mode 100644
index 0000000..5717b98
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/nl.tyil.www
@@ -0,0 +1,39 @@
+server {
+	listen 443 ssl http2; # managed by Certbot
+	listen [::]:443 ssl http2; # managed by Certbot
+
+	server_name www.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/www.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/www.tyil.nl/privkey.pem;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	include /etc/nginx/conf.d/headers.conf;
+	include /etc/nginx/conf.d/ssl.conf;
+
+	root /var/www/nl.tyil.www/public;
+
+	error_page 404 /http-404.html;
+
+	location /atom.xml {
+		return 301 https://www.tyil.nl/posts/index.xml;
+	}
+
+	location / {
+		try_files $uri $uri/ =404;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name www.tyil.nl;
+
+	include /etc/nginx/conf.d/certbot.conf;
+	include /etc/nginx/conf.d/headers.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/onion.ak444pkh3dsgeruzq5nncg7yzdvqvhevxybwl2n35wht6uyaav6uh4ad b/playbooks.d/webserver/share/sites.d/onion.ak444pkh3dsgeruzq5nncg7yzdvqvhevxybwl2n35wht6uyaav6uh4ad
new file mode 100644
index 0000000..77c4a75
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/onion.ak444pkh3dsgeruzq5nncg7yzdvqvhevxybwl2n35wht6uyaav6uh4ad
@@ -0,0 +1,12 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name ak444pkh3dsgeruzq5nncg7yzdvqvhevxybwl2n35wht6uyaav6uh4ad.onion;
+
+	root /var/www/nl.tyil.www;
+
+	location / {
+		try_files $uri $uri/ =404;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/pictures.memebooru b/playbooks.d/webserver/share/sites.d/pictures.memebooru
new file mode 100644
index 0000000..eca3b4e
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/pictures.memebooru
@@ -0,0 +1,35 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name memebooru.pictures;
+
+	ssl_certificate /etc/letsencrypt/live/memebooru.pictures/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/memebooru.pictures/privkey.pem;
+
+	include /etc/nginx/conf.d/ssl.conf;
+	include /etc/nginx/conf.d/certbot.conf;
+
+	client_max_body_size 100M;
+	client_body_timeout 30s;
+
+	location / {
+		proxy_set_header Host            $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+
+		proxy_pass http://10.57.100.7;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name memebooru.pictures;
+
+	include /etc/nginx/conf.d/certbot.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver/share/sites.d/work.tyil b/playbooks.d/webserver/share/sites.d/work.tyil
new file mode 100644
index 0000000..cdb957a
--- /dev/null
+++ b/playbooks.d/webserver/share/sites.d/work.tyil
@@ -0,0 +1,27 @@
+server {
+	listen 443 ssl; # managed by Certbot
+	listen [::]:443 ssl; # managed by Certbot
+
+	server_name tyil.work;
+
+	ssl_certificate /etc/letsencrypt/live/tyil.work/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/tyil.work/privkey.pem;
+
+	include /etc/nginx/conf.d/ssl.conf;
+	include /etc/nginx/conf.d/certbot.conf;
+
+	return 301 https://www.tyil.nl$request_uri;
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name tyil.work;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+
+	include /etc/nginx/conf.d/certbot.conf;
+}
-- 
cgit v1.1