New install scripts, consistent folder structure

Server/Root/Server/Scripts/Backup/BackupGlobals.cfg

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+BackupsBase="/media/Disk/Backup"
+
+# ScriptDir="$( dirname "$( realpath "$0" )" )"
+# cd "$ScriptDir"
+
+RunDate="$(date +%F)"
+cd "${BackupsBase}"
+
+. ./.BackupSecrects.sec
+
+Hash2() {
+	BaseKey="$1"
+	SecStr="$2"
+	echo "$(echo "${BaseKey}$(echo "${SecStr}" | sha512sum | base64 -w0)" | sha512sum | base64 -w0)"
+}
+
+ccencryptNow() {
+	File="$1"
+	BaseKey="$2"
+	ccrypt -e -f -K"$(Hash2 "${BaseKey}" "${RunDate}")" "${File}"
+}
+
+WriteLastLog() {
+	echo "$0: $(date)" > "${BackupsBase}/Last.log"
+}

Server/Root/Server/Scripts/Backup/CloudBackup.sh

@@ -0,0 +1,61 @@
+#!/bin/sh
+# Upload a backup of the Local Cloud and of local services backups to other clouds
+
+. "$(dirname "$(realpath "$0")")/BackupGlobals.cfg"
+
+GitPush() {
+	Msg="Auto-Backup $(date) (${RunDate})"
+	git add . && git commit -m "${Msg}" && git push
+}
+
+GitPullPushPath() {
+	BackPath="$(pwd)"
+	cd "$1" && git pull && GitPush
+	cd "${BackPath}"
+}
+
+cd ./Server-Backup-Limited
+Item="Invidious-User" && cp "../${Item}/Latest.7z" "./${Item}.7z" && ccencryptNow "./${Item}.7z" "${BackupKey_Git_Invidious}"
+Item="wallabag-data" && cp "../${Item}/Latest.tar.xz" "./${Item}.tar.xz" && ccencryptNow "./${Item}.tar.xz" "${BackupKey_Git_wallabag}"
+Item="FreshRSS-data" && cp "../${Item}/Latest.tar.xz" "./${Item}.tar.xz" && ccencryptNow "./${Item}.tar.xz" "${BackupKey_Git_FreshRSS}"
+GitPush
+cd ..
+
+GitPullPushPath "/Cloud/Repos/Personal-Game-Saves"
+
+#CloudDir="/home/octo/Cloud"
+#cd "$CloudDir"
+
+#TmpDir="/media/Disk/tmp/LocalToCloudBackup"
+#mkdir "$TmpDir"
+
+#find . -type f -exec ""$ScriptDir"/LocalToCloudBackup.Job" {} \;
+#find . -type f -exec COMMAND 7z a -mx9 -mmt1 -p"$Password" "arc/"$i".7z" "$i" {} \;
+
+#rclone sync -v "$CloudDir" "MEGA-octo-tutamail.com-Crypto":
+#rclone sync -v "$CloudDir" "Dropbox-Union-20220407-Crypto":
+#rclone sync -v "$CloudDir" "Box-Union-20220407-Crypto":
+#rclone copy arc "mega octo":Backup/LocalCloud
+
+#cd /media/Disk/Backup/Social-Notes-Articles-Backups
+#git pull
+#cd /Server/Bots/MastodonFeedHTML
+#for Dir in @*@*.*
+#do
+#	cp -r $Dir /media/Disk/Backup/Social-Notes-Articles-Backups/$Dir
+#	mv $Dir $Dir.old
+#done
+#cd /media/Disk/Backup/Social-Notes-Articles-Backups
+#for Dir in @*@*.*
+#do
+#	cd $Dir
+#	for File in *.html
+#	do
+#		7z a -mx9 -mmt1 "$File.7z" "$File"
+#	done
+#	rm *.html
+#	cd ..
+#done
+#GitPush
+
+WriteLastLog

Server/Root/Server/Scripts/Backup/ExternalDataBackup.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+# Make local backups of our data from various third-party services
+
+. "$(dirname "$(realpath "$0")")/BackupGlobals.cfg"
+
+# Invidious personal JSON dump
+Name="Invidious-User"
+mkdir -p "./${Name}"
+curl \
+	"${Invidious_Backup_URL}/subscription_manager?action_takeout=1&format=json" \
+	-H "${Invidious_Backup_Cookie}" \
+	| 7z a -mmt1 -mx9 "./${Name}/${RunDate}.7z" -si && cp "./${Name}/${RunDate}.7z" "./${Name}/Latest.7z"
+
+WriteLastLog

Server/Root/Server/Scripts/Backup/ServerDataBackup.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+# Make local backups of the data from the hosted services
+
+. "$(dirname "$(realpath "$0")")/BackupGlobals.cfg"
+
+SimpleBackup() {
+	mkdir -p "./$1"
+	tar cvJSf "./$1/${RunDate}.tar.xz" "/Server/$1" && \
+	cp "./$1/${RunDate}.tar.xz" "./$1/Latest.tar.xz"
+}
+
+SimpleBackup "wallabag-data"
+SimpleBackup "FreshRSS-data"
+
+# GoToSocial
+#Name="GoToSocial"
+#mkdir -p "./${Name}"
+#tar cvJSf "./${Name}/${Date}.tar.xz" /Server/GoToSocial.Home
+
+# Misskey
+#7z a -mx1 -mmt1 ./misskey-home.7z /Server/misskey-home
+#zip -r ./misskey-home.zip /Server/misskey-home.virtual
+
+#cd /media/Disk/Backup/Social-Notes-Articles-Backups
+#git pull
+#cd /Server/Bots/MastodonFeedHTML
+#for Dir in @*@*.*
+#do
+#	cp -r $Dir /media/Disk/Backup/Social-Notes-Articles-Backups/$Dir
+#	mv $Dir $Dir.old
+#done
+#cd /media/Disk/Backup/Social-Notes-Articles-Backups
+#for Dir in @*@*.*
+#do
+#	cd $Dir
+#	for File in *.html
+#	do
+#		7z a -mx9 -mmt1 "$File.7z" "$File"
+#	done
+#	rm *.html
+#	cd ..
+#done
+
+WriteLastLog

Server/Root/etc/diycron

@@ -0,0 +1,49 @@
+#!/bin/sh
+# diycron: Script to be running (as a root daemon) as a (non-conflicting) cron alternative which simply works.
+# Note: Except when required by the shell, we use 0=false, 1=true for internal commands, for consistency.
+
+If() { test "$1" = 1 && return 0 || return 1; }
+Ifn() { test "$1" = 0 && return 0 || return 1; }
+
+GetDaySeconds() { echo "$(date -d "1970-01-01 UTC $(date +%T)" +%s)"; }
+IsDayMin() { test $(($(GetDaySeconds)>$1)) = 1 && test $(($(GetDaySeconds)<$1+60)) = 1 && echo 1 || echo 0; }
+IsHourMin() { test "$1" = "$(date +%M)" && echo 1 || echo 0; }
+hm2s() { echo $((($1*60*60) + ($2*60))); }
+
+# Setting variables (that always have a "Job" prefix) for each job, to prevent multiple execution.
+ResetJobs() {
+	for Job in \
+		1 2
+	do eval "Job$Job=0"
+	done
+}
+
+ResetJobs
+while true
+do
+	# Declaration of all cronjobs like they are normal shell commands, made easy thanks to integrated functions.
+
+	# Daily checking for if the script is working
+		Ifn $Job1 && If $(IsDayMin $(hm2s 5 30)) && date > /tmp/CronTest.log && Job1=1
+	# RSS to Misskey at HH:15 and HH:45
+	#	If $(IsHourMin 15) || If $(IsHourMin 45) && sudo -u pi /Server/Bots/RSSToMisskey/Run.RSSToMisskey
+	# Downsync updated content to the sitoctt and push
+	#	If $(IsHourMin 25) && sudo -u pi /Server/Scripts/sitoctt-Downsync.sh
+
+	# Trinity rotation backup system: each of the following scripts is executed every 3 days, in a rotation where at least 1 script runs every night at 3:00
+		Ifn $Job2 && If $(IsDayMin $(hm2s 3 0)) && test $(($(date +%s) / 86400 % 3)) = 0 && Job2=1 && sleep 60 && /Server/Scripts/Backup/ExternalDataBackup.sh #& # Local backup of external data
+		Ifn $Job2 && If $(IsDayMin $(hm2s 3 0)) && test $(($(date +%s) / 86400 % 3)) = 1 && Job2=1 && sleep 60 && /Server/Scripts/Backup/ServerDataBackup.sh #& # Big backup of local services data
+		Ifn $Job2 && If $(IsDayMin $(hm2s 3 0)) && test $(($(date +%s) / 86400 % 3)) = 2 && Job2=1 && sleep 60 && /Server/Scripts/Backup/CloudBackup.sh #& # Cloud backup of the locally backed-up data
+
+	# Clean Misskey cache daily
+	#	If $(IsDayMin $(hm2s 2 30)) && curl 'https://miss.octt.eu.org/api/admin/drive/clean-remote-files' -X POST -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0' -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: text/plain;charset=UTF-8' -H 'Referer: https://miss.octt.eu.org/' -H 'Origin: https://miss.octt.eu.org' -H 'DNT: 1' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: same-origin' -H 'Connection: keep-alive' --data-raw '{"i":"TOKEN"}'
+	# System reboot every X days at 4:30 AM
+		#If $(IsDayMin $(hm2s 4 30)) && test $(($(date +%s) / 86400 % 2)) = 0 && sleep 60 && reboot
+		#If $(IsDayMin $(hm2s 4 30)) && test $(($(date +%s) / 86400 % 2)) = 0 && sleep 60 && reboot # System reboot every 2 days (every even day)
+		If $(IsDayMin $(hm2s 4 30)) && sleep 60 && reboot # System reboot every night
+
+	# Status of all jobs is reset at one time of the day, before or after all execute or have executed (in time).
+		If $(IsDayMin $(hm2s 0 0)) && ResetJobs
+	# Cooldown to wait at each cycle, to save on resources (Should always be less than 60 seconds!).
+	sleep 5
+done

Server/Root/etc/nginx/sites-available/articles

@@ -0,0 +1,20 @@
+server {
+	listen 443 ssl;
+	server_name articles.octt.eu.org;
+	ssl_certificate /etc/letsencrypt/live/articles.octt.eu.org/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/articles.octt.eu.org/privkey.pem;
+	ssl_prefer_server_ciphers on;
+	location / {
+		proxy_http_version 1.1;
+		proxy_pass http://octt.ddns.net:8036;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		proxy_set_header Accept-Encoding ""; # Needed for sub_filter
+		sub_filter ' href="http://octt.ddns.net:8036/' ' href="https://articles.octt.eu.org/';
+		sub_filter ' src="http://octt.ddns.net:8036/' ' src="https://articles.octt.eu.org/';
+		sub_filter_once off;
+	}
+}

Server/Root/etc/nginx/sites-available/epic.octt.eu.org.conf

@@ -0,0 +1,31 @@
+#server {
+#	listen 80;
+#	listen [::]:80;
+#	server_name epic.octt.eu.org;
+#	index index.html;
+#	rewrite ^ https://$server_name$request_uri? permanent;
+#}
+
+server {
+	listen 443 ssl;
+	server_name epic.octt.eu.org;
+	ssl_certificate /etc/letsencrypt/live/epic.octt.eu.org/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/epic.octt.eu.org/privkey.pem; 
+	ssl_prefer_server_ciphers on;
+	location / {
+		proxy_http_version 1.1;
+		proxy_pass http://localhost:7156;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		#sub_filter '</head>' '\n<link rel="stylesheet" href="/Static/MissOctt.css">\n</head>';
+		#sub_filter_once on;
+	}
+	location /newsmirror {
+		root /Server/www/epic.octt.eu.org;
+		try_files $uri =404;
+	}
+}

Server/Root/etc/nginx/sites-available/feeds

@@ -0,0 +1,16 @@
+server {
+	listen 443 ssl;
+	server_name feeds.octt.eu.org;
+	ssl_certificate /etc/letsencrypt/live/feeds.octt.eu.org/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/feeds.octt.eu.org/privkey.pem;
+	ssl_prefer_server_ciphers on;
+	location / {
+		proxy_http_version 1.1;
+		proxy_pass http://octt.ddns.net:8017;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+	}
+}

Server/Root/etc/nginx/sites-available/godo.octt.eu.org.conf

@@ -0,0 +1,44 @@
+server {
+	listen 80;
+	server_name godo.octt.eu.org;
+	rewrite ^ https://$server_name$request_uri? permanent;
+}
+
+server {
+	listen 443 ssl;
+	server_name godo.octt.eu.org;
+	ssl_certificate /etc/letsencrypt/live/godo.octt.eu.org/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/godo.octt.eu.org/privkey.pem; 
+	ssl_prefer_server_ciphers on;
+	location / {
+		proxy_http_version 1.1;
+		proxy_pass http://localhost:6066;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+	}
+	location = / {
+		rewrite ^ https://$server_name/@octt permanent;
+	}
+}
+
+server {
+	listen 443 ssl;
+	server_name pinafore-0.octt.eu.org;
+	ssl_certificate /etc/letsencrypt/live/pinafore-0.octt.eu.org/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/pinafore-0.octt.eu.org/privkey.pem; 
+	ssl_prefer_server_ciphers on;
+	location / {
+		proxy_http_version 1.1;
+		proxy_pass https://pinafore.social;
+		proxy_set_header Host "pinafore.social";
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+	}
+}

Server/Root/etc/nginx/sites-available/librex

@@ -0,0 +1,16 @@
+server {
+	listen 443 ssl;
+	server_name librex.octt.eu.org;
+	ssl_certificate /etc/letsencrypt/live/librex.octt.eu.org/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/librex.octt.eu.org/privkey.pem;
+	ssl_prefer_server_ciphers on;
+	location / {
+		proxy_http_version 1.1;
+		proxy_pass https://librex.devol.it;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+	}
+}

Server/Root/etc/nginx/sites-available/miss.octt.eu.org.conf

@@ -0,0 +1,30 @@
+server {
+	listen 443 ssl;
+	server_name miss.octt.eu.org;
+	ssl_certificate /etc/letsencrypt/live/miss.octt.eu.org/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/miss.octt.eu.org/privkey.pem; 
+	ssl_prefer_server_ciphers on;
+	location / {
+		proxy_http_version 1.1;
+		proxy_pass http://localhost:3033;
+		#proxy_pass http://192.168.1.157:3033;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		sub_filter '</head>' '\n<link rel="stylesheet" href="/Static/MissOctt.css">\n</head>';
+		sub_filter '<noscript><p>JavaScriptを有効にしてください<br>Please turn on your JavaScript</p></noscript>' '\n<noscript><p>🇯🇵 JavaScriptを有効にしてください<br>🇬🇧 Please enable JavaScript in the browser<br>🇮🇹 Per favore abilita JavaScript nel browser</p></noscript>\n';
+		sub_filter_once on;
+	}
+	location /Static/ {
+		root /Server/www/;
+		autoindex off;
+	}
+	location /MisskeyStatic/ {
+		root /Server/www/;
+		try_files $uri $uri.html $uri/index.html index.html;
+		autoindex off;
+	}
+}

Server/Root/etc/nginx/sites-available/root

@@ -0,0 +1,16 @@
+server {
+	listen 80;
+	rewrite ^ https://$host$request_uri? permanent;
+}
+
+server {
+	listen 443 ssl;
+	server_name hlb0.octt.eu.org;
+	ssl_certificate /etc/letsencrypt/live/hlb0.octt.eu.org/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/hlb0.octt.eu.org/privkey.pem; 
+	ssl_prefer_server_ciphers on;
+	location / {
+		root /Server/www/root;
+		try_files $uri =404;
+	}
+}