"Updates"

README.md

@@ -1,4 +1,4 @@
 # BikiniBottom
 
-![BikiniBottom](scanopy-topology-2026-01-14.png)
+![BikiniBottom](scanopy-topology-2026-02-02.png)
 

TuringPi/nfs-server.md

@@ -161,6 +161,7 @@ sudo vim /etc/exports
 #
 # /export 192.168.1.0/24(rw,no_root_squash,no_subtree_check)
 /srv/nfs4           192.168.1.0/24(rw,sync,no_subtree_check,crossmnt,fsid=0)
+/srv/nfs4/cloud     192.168.1.0/24(rw,sync,wdelay,hide,nocrossmnt,insecure,no_root_squash,no_all_squash,subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,rw,insecure,no_root_squash,no_all_squash)
 /srv/nfs4/media     192.168.1.0/24(rw,sync,wdelay,hide,nocrossmnt,insecure,no_root_squash,no_all_squash,subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,rw,insecure,no_root_squash,no_all_squash)
 /srv/nfs4/downloads 192.168.1.0/24(rw,sync,wdelay,hide,nocrossmnt,insecure,no_root_squash,no_all_squash,subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,rw,insecure,no_root_squash,no_all_squash)
 /srv/nfs4/backups   192.168.1.0/24(ro,sync,no_subtree_check)
@@ -188,6 +189,7 @@ UUID=0c390345-ca52-45fd-9097-6e931d651a8f       /       ext4    defaults,x-syste
 # LVM
 /dev/hdds/datas         /mnt/data               ext4    defaults,nofail,user_xattr,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0,acl 0 2
 # NFS exports
+/mnt/data/cloud                 /srv/nfs4/cloud         none    bind,nofail     0 0
 /mnt/data/media                 /srv/nfs4/media         none    bind,nofail     0 0
 /mnt/data/media/downloads       /srv/nfs4/downloads     none    bind,nofail     0 0
 /opt/backups                    /srv/nfs4/backups       none    bind,nofail     0 0
@@ -200,10 +202,11 @@ cat /var/lib/nfs/etab
 ```
 
 ```shell
-/srv/nfs4               192.168.1.0/24(rw,sync,wdelay,hide,crossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,no_pnfs,fsid=0,anonuid=65534,anongid=65534,sec=sys,rw,secure,root_squash,no_all_squash)
 /srv/nfs4/backups       192.168.1.0/24(ro,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,ro,secure,root_squash,no_all_squash)
-/srv/nfs4/downloads     192.168.1.0/24(rw,sync,wdelay,hide,nocrossmnt,insecure,no_root_squash,no_all_squash,subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,rw,insecure,no_root_squash,no_all_squash)
 /srv/nfs4/media 192.168.1.0/24(rw,sync,wdelay,hide,nocrossmnt,insecure,no_root_squash,no_all_squash,subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,rw,insecure,no_root_squash,no_all_squash)
+/srv/nfs4/cloud 192.168.1.0/24(rw,sync,wdelay,hide,nocrossmnt,insecure,no_root_squash,no_all_squash,subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,rw,insecure,no_root_squash,no_all_squash)
+/srv/nfs4/downloads     192.168.1.0/24(rw,sync,wdelay,hide,nocrossmnt,insecure,no_root_squash,no_all_squash,subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,rw,insecure,no_root_squash,no_all_squash)
+/srv/nfs4       192.168.1.0/24(rw,sync,wdelay,hide,crossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,no_pnfs,fsid=0,anonuid=65534,anongid=65534,sec=sys,rw,secure,root_squash,no_all_squash)
 ```
 
 #### Mount needed <folder> on client(s)

installs_on_host/Caddyfile

@@ -74,7 +74,7 @@ asm.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy sheldon:50154
+        reverse_proxy patrick:50154
 }
 
 books.delmar.bzh {
@@ -110,7 +110,7 @@ cloud.delmar.bzh {
                 X-Robots-Tag "noindex, nofollow"
         }
 
-        reverse_proxy sheldon:11000 {
+        reverse_proxy patrick:11000 {
                 header_up Host {upstream_hostport}
                 header_up X-Real-IP {remote_host}
         }
@@ -121,7 +121,7 @@ cloud.delmar.bzh {
 }
 
 cloud.delmar.bzh:8443 {
-        reverse_proxy sheldon:8080 {
+        reverse_proxy patrick:32772 {
                 transport http {
                         tls_insecure_skip_verify
                 }
@@ -161,7 +161,7 @@ ctr.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy sheldon:47810
+        reverse_proxy patrick:47810
 }
 
 cvs.delmar.bzh {
@@ -179,7 +179,7 @@ dev.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy sheldon:19080
+        reverse_proxy patrick:19080
 }
 
 dia.delmar.bzh {
@@ -197,7 +197,7 @@ dkr.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy bob:3552
+        reverse_proxy patrick:32771
 }
 
 draw.delmar.bzh {
@@ -206,7 +206,7 @@ draw.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy sheldon:24928
+        reverse_proxy patrick:24928
 }
 
 gen.delmar.bzh {
@@ -215,7 +215,7 @@ gen.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy sheldon:15578
+        reverse_proxy patrick:15578
 }
 
 git.delmar.bzh {
@@ -242,7 +242,7 @@ homepage.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy gary:7575
+        reverse_proxy patrick:7575
 }
 
 home-assistant.delmar.bzh {
@@ -251,7 +251,7 @@ home-assistant.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy gary:8123
+        reverse_proxy patrick:8123
 }
 
 inv.delmar.bzh {
@@ -273,7 +273,7 @@ it.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy sheldon:11404
+        reverse_proxy patrick:11404
 }
 
 jellyfin.delmar.bzh {
@@ -282,7 +282,7 @@ jellyfin.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy gary:8096
+        reverse_proxy patrick:8096
 }
 
 jellyseerr.delmar.bzh {
@@ -291,7 +291,7 @@ jellyseerr.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy gary:5055
+        reverse_proxy patrick:5055
 }
 
 kontadenn.delmar.bzh {
@@ -318,7 +318,7 @@ mail.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy sheldon:10003 {
+        reverse_proxy patrick:10003 {
                 transport http {
                         proxy_protocol v2
                 }
@@ -337,15 +337,6 @@ mailbear.delmar.bzh {
         }
 }
 
-minio.delmar.bzh {
-        encode {
-                zstd
-                gzip
-                minimum_length 1024
-        }
-        reverse_proxy sandy:9000
-}
-
 mon.delmar.bzh {
         encode {
                 zstd
@@ -417,7 +408,7 @@ pdf.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy sheldon:16080
+        reverse_proxy patrick:16080
 }
 
 penpot.delmar.bzh {
@@ -445,7 +436,7 @@ scanopy.delmar.bzh
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy patrick:60072
+        reverse_proxy carlo:60072
 }
 
 search.delmar.bzh
@@ -454,6 +445,50 @@ search.delmar.bzh
                 gzip
                 minimum_length 1024
         }
+        @api {
+                path /config
+                path /healthz
+                path /stats/errors
+                path /stats/checker
+        }
+        @static {
+                path /static/*
+        }
+        @imageproxy {
+                path /image_proxy
+        }
+        header {
+                # CSP (https://content-security-policy.com)
+                Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https:; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; img-src * data:; frame-src https:;"
+
+                # Disable browser features
+                Permissions-Policy "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()"
+
+                # Only allow same-origin requests
+                Referrer-Policy "same-origin"
+
+                # Prevent MIME type sniffing from the declared Content-Type
+                X-Content-Type-Options "nosniff"
+
+                # Comment header to allow indexing by search engines
+                X-Robots-Tag "noindex, nofollow, noarchive, nositelinkssearchbox, nosnippet, notranslate, noimageindex"
+
+                # enable HSTS
+                # WARNING: Once this value is set, the site must continue to support HTTPS until the expiry time is reached.
+
+                # Strict-Transport-Security max-age=15768000;
+
+                # Remove "Server" header
+                -Server
+                Access-Control-Allow-Methods "GET, OPTIONS"
+                Access-Control-Allow-Origin "*"
+        }
+        route {
+                # Cache policy
+                header Cache-Control "no-cache"
+                header @static Cache-Control "public, max-age=30, stale-while-revalidate=60"
+                header @imageproxy Cache-Control "public, max-age=3600"
+        }
         reverse_proxy patrick:23485
 }
 
@@ -529,7 +564,7 @@ ugo.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy gary:8090
+        reverse_proxy patrick:8090
 }
 
 vault.delmar.bzh {
@@ -538,7 +573,7 @@ vault.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy gary:16081
+        reverse_proxy patrick:16081
 }
 
 wizarr.delmar.bzh {
@@ -547,7 +582,7 @@ wizarr.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy gary:5690
+        reverse_proxy patrick:5690
 }
 
 www.delmar.bzh {
@@ -574,7 +609,7 @@ xcd.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy sheldon:7576
+        reverse_proxy patrick:32768
 }
 
 zik.delmar.bzh {
@@ -583,5 +618,17 @@ zik.delmar.bzh {
                 gzip
                 minimum_length 1024
         }
-        reverse_proxy gary:32768
+        reverse_proxy patrick:32773
+        basic_auth / {
+                admin $2a$14$RuKvTkZWcLpyX/ptJmkmYOd6WpDACXi.fIcz2feCcvTW73vZ/4TSi
+        }
+}
+
+muzik.delmar.bzh {
+        encode {
+                zstd
+                gzip
+                minimum_length 1024
+        }
+        reverse_proxy patrick:32785
 }