update gocq

e11c70d7 · nanahira · 7aab4fd4 · e11c70d7 · e11c70d7 · e11c70d7
Commit e11c70d7 authored Mar 02, 2023 by nanahira
10 changed files
--- a/gocq/templates/config.yml.j2
+++ b/gocq/templates/config.yml.j2
@@ -85,8 +85,6 @@ servers:
  # 正向WS设置
  - ws:
      # 正向WS服务器监听地址
-      host: '{{ansible_ssh_host}}'
+      address: '{{ansible_ssh_host}}:{{port}}'
-      # 正向WS服务器监听端口
-      port: {{port}}
      middlewares:
        <<: *default # 引用默认中间件
--- a/ocserv-single/data/.gitkeep
+++ b/ocserv-single/data/.gitkeep
--- a/ocserv-single/data/dhparam.pem
+++ b/ocserv-single/data/dhparam.pem
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAwgkW5I65xbV1f/2tvAPSf4FgFXts3JMMnfTq6/rghgMa+MLxHwat
+zWsht65BiX68xyPSo1ZcHquiqQkL848XHsNSJJZLy6iarnA9t3vPeQJceKOCRlOS
+qeeyfkFRnuogKZytL7gV0o9mkkU6rZ/9KABDTGOdW+cl2Da+lpn1bGJ6cL5NZp5r
+g9RmcqTgHBqOobgXEPEYHjYDZ4QdirjgQvG0urztYxNzp4uHFsibv3M70POah+MM
+BuD8qHcsEzVuNm0K03+FRjwe/05b+X41DA578yQUjxh0hJR3yFVilDKC92dadVYo
+pORGmlM26m2fhy8ZMqrbvxjVSloXFbJOawIBAg==
+-----END DH PARAMETERS-----
--- a/ocserv-single/docker-compose.yml.j2
+++ b/ocserv-single/docker-compose.yml.j2
+version: '2'
+services:
+  ocserv:
+    image: git-registry.mycard.moe/railgun/ocserv
+    privileged: true
+    network_mode: host
+    restart: always
+    volumes:
+      - ./templates/ocserv.conf:/etc/ocserv/ocserv.conf:ro
+      - {{certs_path}}:/etc/ssl/railgun/certs:ro
+      - ./data/dhparam.pem:/etc/ssl/railgun/dhparam.pem:ro
--- a/ocserv-single/templates/.gitkeep
+++ b/ocserv-single/templates/.gitkeep
--- a/ocserv-single/templates/ocpasswd.j2
+++ b/ocserv-single/templates/ocpasswd.j2
+{% for user in users %}
+{{  }}
+{% endfor %}
--- a/ocserv-single/templates/ocserv.conf.j2
+++ b/ocserv-single/templates/ocserv.conf.j2
+auth = "plain[passwd=/etc/ocserv/ocpasswd]"
+listen-host-is-dyndns = true
+tcp-port = {{port}}
+udp-port = {{port}}
+run-as-user = nobody
+run-as-group = daemon
+socket-file = /run/ocserv.socket
+server-cert = /etc/ssl/railgun/certs/fullchain.pem
+server-key = /etc/ssl/railgun/certs/privkey.pem
+dh-params = /etc/ssl/railgun/dhparam.pem
+ca-cert = /etc/ssl/certs/ssl-cert-snakeoil.pem
+isolate-workers = true
+stats-report-time = 360
+server-stats-reset-time = 604800
+keepalive = 32400
+dpd = 90
+mobile-dpd = 1800
+switch-to-tcp-timeout = 25
+try-mtu-discovery = true
+cert-user-oid = 0.9.2342.19200300.100.1.1
+compression = true
+no-compress-limit = 256
+tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128"                         
+auth-timeout = 240
+idle-timeout = 1200
+mobile-idle-timeout = 1800
+min-reauth-time = 300
+max-ban-score = 80
+ban-reset-time = 300
+cookie-timeout = 86400
+persistent-cookies = true
+deny-roaming = false
+rekey-time = 172800
+rekey-method = ssl
+use-occtl = true
+pid-file = /run/ocserv.pid
+device = ocs1
+predictable-ips = true
+ipv4-network = 10.0.0.1/24
+ipv4-network = {{network}}
+dns = {{dns}}
+ping-leases = false
+{% for net in routes %}
+route = {{net}}
+{% endfor %}
+cisco-client-compat = true
+dtls-legacy = true
--- a/squid/data/.gitkeep
+++ b/squid/data/.gitkeep
--- a/squid/docker-compose.yml.j2
+++ b/squid/docker-compose.yml.j2
+version: '2.4'
+services:
+  squid:
+    restart: always
+    image: ubuntu/squid
+    ports:
+      - "{{ansible_ssh_host}}:3128:3128"
+    environment:
+      TZ: Asia/Shanghai
--- a/squid/templates/.gitkeep
+++ b/squid/templates/.gitkeep