Been getting config files downloaded

conf/caddy/Caddyfile

@@ -0,0 +1,181 @@
+# Global options
+{
+  email info@data-pro.nu
+  # Optional: acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
+}
+
+# Common security headers
+(nextcloud_security_headers) {
+  header {
+    # HTTPS only: instruct browser to only access via HTTPS for 180+ days
+    Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
+
+    # Prevent MIME-type sniffing
+    X-Content-Type-Options "nosniff"
+
+    # Disallow embedding in iframes (Clickjacking)
+    X-Frame-Options "SAMEORIGIN"
+
+    # Search engine no-index
+    X-Robots-Tag "noindex, nofollow"
+
+    # Cross-domain policy restrictions
+    X-Permitted-Cross-Domain-Policies "none"
+
+    # Basic XSS protection (legacy)
+    X-XSS-Protection "1; mode=block"
+
+    # No referrer leakage
+    Referrer-Policy "no-referrer"
+  }
+}
+
+# KEYCLOAK
+
+keycloak.data-pro.nu {
+  import nextcloud_security_headers
+
+  reverse_proxy keycloak:8080
+
+  log {
+    output file /var/log/caddy/keycloak-access.log {
+      roll_size 10mb
+      roll_keep 5
+      roll_keep_for 720h
+    }
+    format json
+  }
+
+  tls caddy@data-pro.nu
+}
+
+
+# NEXTCLOUD
+Nextcloud.data-pro.nu {
+  import nextcloud_security_headers
+
+  # Enable compression
+  encode zstd gzip
+
+  # Permanent redirects for CalDAV/CardDAV discovery
+  redir /.well-known/carddav /remote.php/dav 301
+  redir /.well-known/caldav /remote.php/dav 301
+
+  # WebSocket for Janus subpath (optional)
+  handle_path /janus* {
+    reverse_proxy janus:8088
+  }
+
+  handle /ws {
+    reverse_proxy janus:8188 {
+      header_up Host {host}
+      header_up Connection upgrade
+      header_up Upgrade {header.Upgrade}
+    }
+  }
+
+  # Main Nextcloud reverse proxy
+  reverse_proxy nextcloud:80
+
+  # Access logging
+  log {
+    output file /var/log/caddy/access.log {
+      roll_size 10mb
+      roll_keep 5
+      roll_keep_for 720h
+    }
+    format json
+  }
+}
+
+# GITLAB
+gitlab.data-pro.nu {
+    reverse_proxy gitlab:443 {
+        transport http {
+            tls_insecure_skip_verify
+        }
+    }
+}
+
+# SIGNALING (JANUS WS fallback)
+signaling.data-pro.nu {
+  encode gzip
+  reverse_proxy localhost:8090
+  tls info@data-pro.nu
+
+  handle_path /janus* {
+    reverse_proxy janus:8088
+  }
+
+  handle_path /ws {
+    reverse_proxy janus:8188 {
+      header_up Host {host}
+      header_up Connection "upgrade"
+      header_up Upgrade {header.Upgrade}
+    }
+  }
+
+  handle {
+    reverse_proxy signaling:8090
+  }
+
+  log {
+    output file /var/log/caddy/signaling-access.log
+    format console
+  }
+}
+
+
+# COLLABORA
+collabora.data-pro.nu {
+    reverse_proxy collabora:9980
+    encode gzip
+    tls caddy@data-pro.nu
+}
+
+
+# JANUS DIRECT
+janus.data-pro.nu {
+  reverse_proxy janus:8188
+  encode gzip
+}
+
+turn.data-pro.nu {
+  tls {
+    on_demand
+  }
+  respond "TURN server is running on UDP 3478 and TLS 5349" 200
+}
+
+# GITEA
+gitea.data-pro.nu {
+
+  # Optional but recommended: same security header set you use elsewhere
+  import nextcloud_security_headers
+
+  encode zstd gzip
+
+  reverse_proxy gitea:3000
+
+  log {
+    output file /var/log/caddy/gitea-access.log {
+      roll_size 10mb
+      roll_keep 5
+      roll_keep_for 720h
+    }
+    format json
+  }
+
+  tls caddy@data-pro.nu
+}
+
+# n8n
+n8n.data-pro.nu {
+  # (Optional but nice) reuse your common security headers snippet
+  import nextcloud_security_headers
+
+  # (Optional) gzip/zstd
+  encode zstd gzip
+
+  reverse_proxy n8n:5678
+}

conf/janus/janus.transport.http.jcfg

@@ -0,0 +1,79 @@
+# Web server stuff: whether any should be enabled, which ports they
+# should use, whether security should be handled directly or demanded to
+# an external application (e.g., web frontend) and what should be the
+# base path for the Janus API protocol. Notice that by default
+# all the web servers will try and bind on both IPv4 and IPv6: if you
+# want to only bind to IPv4 addresses (e.g., because your system does not
+# support IPv6), you should set the web server 'ip' property to '0.0.0.0'.
+# To see debug logs from the HTTP server library, set 'mhd_debug'.
+general: {
+	enabled = true
+	#events = true					# Whether to notify event handlers about transport events (default=true)
+	json = "indented"				# Whether the JSON messages should be indented (default),
+									# plain (no indentation) or compact (no indentation and no spaces)
+	base_path = "/janus"			# Base path to bind to in the web server (plain HTTP only)
+	http = true						# Whether to enable the plain HTTP interface
+	port = 8088						# Web server HTTP port
+	interface = "eth0"				# Whether we should bind this server to a specific interface only
+	#ip = "192.168.0.1"				# Whether we should bind this server to a specific IP address (v4 or v6) only
+	https = false					# Whether to enable HTTPS (default=false)
+	#secure_port = 8089				# Web server HTTPS port, if enabled
+	#secure_interface = "eth0"		# Whether we should bind this server to a specific interface only
+	#secure_ip = "192.168.0.1"		# Whether we should bind this server to a specific IP address (v4 or v6) only
+	#acl = "127.,192.168.0."		# Only allow requests coming from this comma separated list of addresses
+	#acl_forwarded = true			# Whether we should check the X-Forwarded-For header too for the ACL
+									# (default=false, since without a proxy in the middle this could be abused)
+	#mhd_connection_limit = 1020		# Open connections limit in libmicrohttpd (default=1020)
+	#mhd_debug = false					# Ask libmicrohttpd to write warning and error messages to stderr (default=false)
+}
+
+# Janus can also expose an admin/monitor endpoint, to allow you to check
+# which sessions are up, which handles they're managing, their current
+# status and so on. This provides a useful aid when debugging potential
+# issues in Janus. The configuration is pretty much the same as the one
+# already presented above for the webserver stuff, as the API is very
+# similar: choose the base bath for the admin/monitor endpoint (/admin
+# by default), ports, etc. Besides, you can specify
+# a secret that must be provided in all requests as a crude form of
+# authorization mechanism, and partial or full source IPs if you want to
+# limit access basing on IP addresses. For security reasons, this
+# endpoint is disabled by default, enable it by setting admin_http=true.
+admin: {
+	admin_base_path = "/admin"			# Base path to bind to in the admin/monitor web server (plain HTTP only)
+	admin_http = false					# Whether to enable the plain HTTP interface
+	admin_port = 7088					# Admin/monitor web server HTTP port
+	#admin_interface = "eth0"			# Whether we should bind this server to a specific interface only
+	#admin_ip = "192.168.0.1"			# Whether we should bind this server to a specific IP address (v4 or v6) only
+	admin_https = false					# Whether to enable HTTPS (default=false)
+	#admin_secure_port = 7889			# Admin/monitor web server HTTPS port, if enabled
+	#admin_secure_interface = "eth0"	# Whether we should bind this server to a specific interface only
+	#admin_secure_ip = "192.168.0.1"	# Whether we should bind this server to a specific IP address (v4 or v6) only
+	#admin_acl = "127.,192.168.0."		# Only allow requests coming from this comma separated list of addresses
+	#admin_acl_forwarded = true			# Whether we should check the X-Forwarded-For header too for the admin ACL
+										# (default=false, since without a proxy in the middle this could be abused)
+}
+
+# The HTTP servers created in Janus support CORS out of the box, but by
+# default they return a wildcard (*) in the 'Access-Control-Allow-Origin'
+# header. This works fine in most situations, except when we have to
+# respond to a credential request (withCredentials=true in the XHR). If
+# you need that, uncomment and set the 'allow_origin' below to specify
+# what must be returned in 'Access-Control-Allow-Origin'. More details:
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
+# In case you want to enforce the Origin validation, rather than leave
+# it to browsers, you can set 'enforce_cors' to 'true' to have Janus
+# return a '403 Forbidden' for all requests that don't comply.
+cors: {
+	#allow_origin = "http://foo.example"
+	#enforce_cors = true
+}
+
+# Certificate and key to use for HTTPS, if enabled (and passphrase if needed).
+# You can also disable insecure protocols and ciphers by configuring the
+# 'ciphers' property accordingly (no limitation by default).
+certificates: {
+	#cert_pem = "/path/to/cert.pem"
+	#cert_key = "/path/to/key.pem"
+	#cert_pwd = "secretpassphrase"
+	#ciphers = "PFS:-VERS-TLS1.0:-VERS-TLS1.1:-3DES-CBC:-ARCFOUR-128"
+}

conf/janus/janus.transport.websockets.jcfg

@@ -0,0 +1,73 @@
+# WebSockets stuff: whether they should be enabled, which ports they
+# should use, and so on.
+general: {
+	events = true					# Whether to notify event handlers about transport events (default=true)
+	json = "indented"				# Whether the JSON messages should be indented (default),
+									# plain (no indentation) or compact (no indentation and no spaces)
+	#pingpong_trigger = 30			# After how many seconds of idle, a PING should be sent
+	#pingpong_timeout = 10			# After how many seconds of not getting a PONG, a timeout should be detected
+        enabled = true
+	ws = true						# Whether to enable the WebSockets API
+	ws_port = 8188					# WebSockets server port
+	#ws_interface = "eth0"			# Whether we should bind this server to a specific interface only
+	ws_ip = "0.0.0.0"			# Whether we should bind this server to a specific IP address only
+	#ws_unix = "/run/ws.sock"		# Use WebSocket server over UNIX socket instead of TCP
+	wss = false						# Whether to enable secure WebSockets
+	#wss_port = 8989				# WebSockets server secure port, if enabled
+	#wss_interface = "eth0"			# Whether we should bind this server to a specific interface only
+	#wss_ip = "192.168.0.1"			# Whether we should bind this server to a specific IP address only
+	#wss_unix = "/run/wss.sock"		# Use WebSocket server over UNIX socket instead of TCP
+	ws_logging = "err,warn,debug"		# libwebsockets debugging level as a comma separated list of things
+									# to debug, supported values: err, warn, notice, info, debug, parser,
+									# header, ext, client, latency, user, count (plus 'none' and 'all')
+	#ws_acl = "127.,192.168.0."		# Only allow requests coming from this comma separated list of addresses
+	#ws_acl_forwarded = true		# Whether we should check the X-Forwarded-For header too for the ACL
+									# (default=false, since without a proxy in the middle this could be abused)
+        
+}
+
+# If you want to expose the Admin API via WebSockets as well, you need to
+# specify a different server instance, as you cannot mix Janus API and
+# Admin API messaging. Notice that by default the Admin API support via
+# WebSockets is disabled.
+admin: {
+	admin_ws = false					# Whether to enable the Admin API WebSockets API
+	admin_ws_port = 7188				# Admin API WebSockets server port, if enabled
+	#admin_ws_interface = "eth0"		# Whether we should bind this server to a specific interface only
+	#admin_ws_ip = "192.168.0.1"		# Whether we should bind this server to a specific IP address only
+	#admin_ws_unix = "/run/aws.sock"	# Use WebSocket server over UNIX socket instead of TCP
+	admin_wss = false					# Whether to enable the Admin API secure WebSockets
+	#admin_wss_port = 7989				# Admin API WebSockets server secure port, if enabled
+	#admin_wss_interface = "eth0"		# Whether we should bind this server to a specific interface only
+	#admin_wss_ip = "192.168.0.1"		# Whether we should bind this server to a specific IP address only
+	#admin_wss_unix = "/run/awss.sock"	# Use WebSocket server over UNIX socket instead of TCP
+	#admin_ws_acl = "127.,192.168.0."	# Only allow requests coming from this comma separated list of addresses
+	#admin_ws_acl_forwarded = true		# Whether we should check the X-Forwarded-For header too for the ACL
+										# (default=false, since without a proxy in the middle this could be abused)
+}
+
+# The HTTP servers created in Janus support CORS out of the box, but by
+# default they return a wildcard (*) in the 'Access-Control-Allow-Origin'
+# header. This works fine in most situations, except when we have to
+# respond to a credential request (withCredentials=true in the XHR). If
+# you need that, uncomment and set the 'allow_origin' below to specify
+# what must be returned in 'Access-Control-Allow-Origin'. More details:
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
+# In case you want to enforce the Origin validation, rather than leave
+# it to browsers, you can set 'enforce_cors' to 'true' to have Janus
+# return a '403 Forbidden' for all requests that don't comply.
+cors: {
+	#allow_origin = "http://foo.example"
+	#enforce_cors = true
+}
+
+# Certificate and key to use for any secure WebSocket server, if enabled (and passphrase if needed).
+# You can also disable insecure protocols and ciphers by configuring the
+# 'ciphers' property accordingly (no limitation by default).
+# Examples of recommended cipher strings at https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html
+certificates: {
+	#cert_pem = "/path/to/cert.pem"
+	#cert_key = "/path/to/key.pem"
+	#cert_pwd = "secretpassphrase"
+	#ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
+}

conf/nextcloud/config/config.php

@@ -0,0 +1,98 @@
+<?php
+$CONFIG = array (
+  'htaccess.RewriteBase' => '/',
+  'memcache.local' => '\\OC\\Memcache\\APCu',
+  'apps_paths' => 
+  array (
+    0 => 
+    array (
+      'path' => '/var/www/html/apps',
+      'url' => '/apps',
+      'writable' => false,
+    ),
+    1 => 
+    array (
+      'path' => '/var/www/html/custom_apps',
+      'url' => '/custom_apps',
+      'writable' => true,
+    ),
+  ),
+  'memcache.distributed' => '\\OC\\Memcache\\Redis',
+  'memcache.locking' => '\\OC\\Memcache\\Redis',
+  'redis' => 
+  array (
+    'host' => 'redis',
+    'password' => '',
+    'port' => 6379,
+  ),
+  'upgrade.disable-web' => true,
+  'instanceid' => 'ocqtehxjv8x8',
+  'passwordsalt' => 'CKSAncvdHjZzkSh2A2w9M9v8algtxh',
+  'secret' => 'kYXhPWpJmvJA3fQevaPsqq7WTId6F5qdlHIjxvPPMvsiA1C+',
+  'trusted_domains' => 
+  array (
+    0 => 'localhost',
+    1 => 'nextcloud',
+    2 => 'nextcloud.data-pro.nu',
+  ),
+  'datadirectory' => '/var/www/html/data',
+  'dbtype' => 'mysql',
+  'version' => '32.0.6.1',
+  'overwrite.cli.url' => 'https://nextcloud.data-pro.nu',
+  'dbname' => 'nextcloud',
+  'dbhost' => 'mariadb',
+  'dbport' => '',
+  'dbtableprefix' => 'oc_',
+  'mysql.utf8mb4' => true,
+  'dbuser' => 'nextcloud',
+  'dbpassword' => 'MySQL2',
+  'installed' => true,
+  'forwarded_for_headers' => 
+  array (
+    0 => 'HTTP_X_FORWARDED_FOR',
+  ),
+  'overwritehost' => 'nextcloud.data-pro.nu',
+  'overwriteprotocol' => 'https',
+  'overwritecondaddr' => '^10\\.|^192\\.168\\.|^172\\.(1[6-9]|2[0-9]|3[0-1])\\.',
+  'maintenance_window_start' => 1,
+  'maintenance' => false,
+  'default_phone_region' => 'NL',
+  'mail_from_address' => 'info',
+  'mail_smtpmode' => 'smtp',
+  'mail_sendmailmode' => 'smtp',
+  'mail_domain' => 'data-pro.nu',
+  'mail_smtphost' => 'smtp.soverin.net',
+  'mail_smtpport' => '587',
+  'mail_smtpauth' => true,
+  'mail_smtpname' => 'info@data-pro.nu',
+  'mail_smtppassword' => 'NgbjK-gTrcQ-PYSNK-4WBbP-bbxbb',
+  'talk.signaling-server-url' => 'http://signaling.data-pro.nu:8080',
+  'talk.websocket_url' => 'wss://janus.data-pro.nu:8089/janus',
+  'loglevel' => 0,
+  'app_install_overwrite' => 
+  array (
+    0 => 'files_texteditor',
+    1 => 'memories',
+  ),
+  'spreed' => 
+  array (
+    'signaling_server' => 'wss://signaling.data-pro.nu/ws',
+    'turn_servers' => 
+    array (
+      0 => 
+      array (
+        'url' => 'turn:turn.data-pro.nu:3478?transport=udp',
+        'secret' => 'chy2gng!thg!wep_GCW',
+      ),
+    ),
+  ),
+  'memories.db.triggers.fcu' => true,
+  'config_preset' => 7,
+  'trusted_proxies' => 
+  array (
+    0 => '172.18.0.0/16',
+    1 => '172.18.0.2',
+  ),
+  'memories.exiftool' => '/var/www/html/custom_apps/memories/bin-ext/exiftool-amd64-glibc',
+  'memories.vod.path' => '/var/www/html/custom_apps/memories/bin-ext/go-vod-amd64',
+);

conf/signaling/config/server.conf

@@ -0,0 +1,38 @@
+[http]
+listen = 0.0.0.0:8090
+
+[https]
+enabled = true
+
+
+
+[app]
+debug = true
+
+[sessions]
+hashkey = 230295c728f18d8e6a864e72520e431d
+blockkey = 6a2222826c54d764f22b324f59ccb393
+
+[backend]
+backends = backend-1
+allowall = false
+timeout = 10
+connectionsperhost = 8
+
+[nats]
+url = nats://loopback
+
+[backend-1]
+url = https://nextcloud.data-pro.nu
+secret = geheim123
+
+trustedproxies = 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+
+[mcu]
+type = janus
+url = ws://janus:8188
+
+[turn]
+apikey = STATIC
+secret = chy2gng!thg!wep_GCW
+servers = turn:turn.data-pro.nu:443?transport=tcp