Files
57_Wolve c00ca055f2 feat(copyparty): add file-server deployment with SFTP/FTPS + security-notices updater
New deployments/copyparty/: copyparty (copyparty/ac) behind Caddy/LE for the
web UI/WebDAV, plus its own SFTP (password auth) and FTPS listeners published
directly. Ships update.sh, which drives container updates off copyparty's
security-advisories API (api.copyparty.eu/advisories) -- policies latest|security|off.

- Real client IP end-to-end: Caddy XFF/X-Real-IP + copyparty xff-src: lan.
- SFTP host key + self-signed FTPS cert generated/persisted in /cfg; admin
  password generated on first deploy; conf auto-included via the image's % /cfg.
- Firewall opens 80/443 + SFTP/FTPS + passive range (colon form for ports.d).
- Wired into automations.sh, README, .gitignore; cloud-init for fresh VMs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 15:56:24 -05:00

43 lines
1.8 KiB
Plaintext

# ── Secrets / runtime config ────────────────────────────────────────────────
# Populated env / config files (keep the *.example templates).
.env
**/.env
globals/globals.env
ssh-notify.conf
auto-update.conf
!*.env.example
!**/.env.example
!*.conf.example
# ── Private keys (NEVER commit) ─────────────────────────────────────────────
# age identities and SSH private keys. globals/age-pubkey.txt and
# globals/authorized_keys are PUBLIC and intentionally tracked.
*-private-key.txt
*age-key*
*.age.key
id_ed25519
id_ed25519_*
*.pem
# Squid TLS-interception CA -- generated on the host at deploy time, never
# committed (the private key can MITM any client that trusts it).
deployments/squid/ssl/
# copyparty generated config -- cfg/copyparty.conf holds the admin password and
# cfg/ftps.pem the FTPS key; both are generated on the host at deploy time. The
# copyparty.conf.example template stays tracked.
deployments/copyparty/cfg/
# ── Backups ─────────────────────────────────────────────────────────────────
*.tar.gz.age
*-backup-*.tar.gz*
# ── Build output ────────────────────────────────────────────────────────────
dist/
# ── Editor / OS noise ───────────────────────────────────────────────────────
*.tmp
*.swp
.DS_Store
Thumbs.db