51 changed files with 3141 additions and 16 deletions
--- a/.gitignore
+++ b/.gitignore
--- a/README.md
+++ b/README.md
@ -1,16 +0,0 @@
-You can find my server configs in this repo, they are split in different branches.
-
- [🌑 Selfhost Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost)
-
- [🇺🇸 VPS Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/vpsus)
-
- [🌌 Veil Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/veil) (**New**)
-
- [🇨🇱 Oracle VPS Branch](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/oracle)
-
-
-#### Suggestions or Issues?
-
-If you got any suggestions to the nginx configs or something that is not to your liking within the privacy-focused services I provide; Open an issue or a pull request in any config. You can either create an account with your real E-mail or with a throw away one (But probably you will be considered as a bad actor for me if you don't provide any real identity like GitHub, GitLab, Codeberg or anything like that, so make sure to link any of those).
-
-*Contact*: [https://nadeko.net/contact](https://nadeko.net/contact)
--- a/i2pd/i2pd.conf
+++ b/i2pd/i2pd.conf
@ -0,0 +1,287 @@
+## Configuration file for a typical i2pd user
+## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
+## for more options you can use in this file.
+
+## Lines that begin with "## " try to explain what's going on. Lines
+## that begin with just "#" are disabled commands: you can enable them
+## by removing the "#" symbol.
+
+## Tunnels config file
+## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
+## Note: /var/lib/i2pd/tunnels.conf is a symlink to /etc/i2pd/tunnels.conf (use the latter)
+# tunconf = /var/lib/i2pd/tunnels.conf
+
+## Tunnels config files path
+## Use that path to store separated tunnels in different config files.
+## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
+## Note: /var/lib/i2pd/tunnels.d is a symlink to /etc/i2pd/tunnels.d (use the latter)
+# tunnelsdir = /var/lib/i2pd/tunnels.d
+
+## Path to certificates used for verifying .su3, families
+## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
+## Note: /var/lib/i2pd/certificates is a symlink to /usr/share/i2pd/certificates (use the latter)
+# certsdir = /var/lib/i2pd/certificates
+
+## Where to write pidfile (default: i2pd.pid, not used in Windows)
+# pidfile = /run/i2pd/i2pd.pid
+
+## Logging configuration section
+## By default logs go to stdout with level 'info' and higher
+## For Windows OS by default logs go to file with level 'warn' and higher
+##
+## Logs destination (valid values: stdout, file, syslog)
+##  * stdout - print log entries to stdout
+##  * file - log entries to a file
+##  * syslog - use syslog, see man 3 syslog
+# log = file
+## Path to logfile (default - autodetect)
+logfile = /var/log/i2pd/i2pd.log
+## Log messages above this level (debug, info, *warn, error, none)
+## If you set it to none, logging will be disabled
+# loglevel = warn
+## Write full CLF-formatted date and time to log (default: write only time)
+# logclftime = true
+
+## Daemon mode. Router will go to background after start. Ignored on Windows
+# daemon = true
+
+## Specify a family, router belongs to (default - none)
+# family =
+
+## Network interface to bind to
+## Updates address4/6 options if they are not set
+# ifname =
+## You can specify different interfaces for IPv4 and IPv6
+# ifname4 =
+# ifname6 =
+
+## Local address to bind transport sockets to
+## Overrides host option if:
+## For ipv4: if ipv4 = true and nat = false
+## For ipv6: if 'host' is not set or ipv4 = true
+# address4 =
+# address6 =
+
+## External IPv4 or IPv6 address to listen for connections
+## By default i2pd sets IP automatically
+## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true
+## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false
+# host = 1.2.3.4
+
+## Port to listen for connections
+## By default i2pd picks random port. You MUST pick a random number too,
+## don't just uncomment this
+port = 12999
+
+## Enable communication through ipv4
+ipv4 = true
+## Enable communication through ipv6
+ipv6 = false
+
+## Enable SSU transport
+ssu = false
+
+## Bandwidth configuration
+## L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec,
+## X - unlimited
+## Default is L (regular node) and X if floodfill mode enabled. If you want to
+## share more bandwidth without floodfill mode, uncomment that line and adjust
+## value to your possibilities
+bandwidth = X
+## Max % of bandwidth limit for transit. 0-100. 100 by default
+share = 100
+
+## Router will not accept transit tunnels, disabling transit traffic completely
+## (default = false)
+# notransit = true
+
+## Router will be floodfill
+## Note: that mode uses much more network connections and CPU!
+# floodfill = true
+
+[ntcp2]
+## Enable NTCP2 transport (default = true)
+# enabled = true
+## Publish address in RouterInfo (default = true)
+# published = true
+## Port for incoming connections (default is global port option value)
+# port = 4567
+
+[ssu2]
+## Enable SSU2 transport
+# enabled = true
+## Publish address in RouterInfo
+# published = true
+## Port for incoming connections (default is global port option value or port + 1 if SSU is enabled)
+# port = 4567
+
+[http]
+## Web Console settings
+## Uncomment and set to 'false' to disable Web Console
+# enabled = true
+## Address and port service will listen on
+address = 127.0.0.1
+port = 7070
+## Path to web console, default "/"
+# webroot = /
+## Uncomment following lines to enable Web Console authentication
+## You should not use Web Console via public networks without additional encryption.
+## HTTP authentication is not encryption layer!
+# auth = true
+# user = i2pd
+# pass = changeme
+## Select webconsole language
+## Currently supported english (default), afrikaans, armenian, chinese, czech, french,
+## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian
+## and uzbek languages
+# lang = english
+
+[httpproxy]
+## Uncomment and set to 'false' to disable HTTP Proxy
+# enabled = true
+## Address and port service will listen on
+address = 127.0.0.1
+port = 4444
+## Optional keys file for proxy local destination
+# keys = http-proxy-keys.dat
+## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
+## You should disable this feature if your i2pd HTTP Proxy is public,
+## because anyone could spoof the short domain via addresshelper and forward other users to phishing links
+# addresshelper = true
+## Address of a proxy server inside I2P, which is used to visit regular Internet
+# outproxy = http://false.i2p
+## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
+
+[socksproxy]
+## Uncomment and set to 'false' to disable SOCKS Proxy
+# enabled = true
+## Address and port service will listen on
+address = 127.0.0.1
+port = 4447
+## Optional keys file for proxy local destination
+# keys = socks-proxy-keys.dat
+## Socks outproxy. Example below is set to use Tor for all connections except i2p
+## Uncomment and set to 'true' to enable using of SOCKS outproxy
+# outproxy.enabled = false
+## Address and port of outproxy
+# outproxy = 127.0.0.1
+# outproxyport = 9050
+## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
+
+[sam]
+## Comment or set to 'false' to disable SAM Bridge
+enabled = true
+## Address and ports service will listen on
+# address = 127.0.0.1
+# port = 7656
+# portudp = 7655
+
+[bob]
+## Uncomment and set to 'true' to enable BOB command channel
+# enabled = false
+## Address and port service will listen on
+# address = 127.0.0.1
+# port = 2827
+
+[i2cp]
+## Uncomment and set to 'true' to enable I2CP protocol
+# enabled = false
+## Address and port service will listen on
+# address = 127.0.0.1
+# port = 7654
+
+[i2pcontrol]
+## Uncomment and set to 'true' to enable I2PControl protocol
+# enabled = false
+## Address and port service will listen on
+# address = 127.0.0.1
+# port = 7650
+## Authentication password. "itoopie" by default
+# password = itoopie
+
+[precomputation]
+## Enable or disable elgamal precomputation table
+## By default, enabled on i386 hosts
+# elgamal = true
+
+[upnp]
+## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
+# enabled = false
+## Name i2pd appears in UPnP forwardings list (default = I2Pd)
+# name = I2Pd
+
+[meshnets]
+## Enable connectivity over the Yggdrasil network
+# yggdrasil = false
+## You can bind address from your Yggdrasil subnet 300::/64
+## The address must first be added to the network interface
+# yggaddress =
+
+[reseed]
+## Options for bootstrapping into I2P network, aka reseeding
+## Enable or disable reseed data verification.
+verify = true
+## URLs to request reseed data from, separated by comma
+## Default: "mainline" I2P Network reseeds
+# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
+## Reseed URLs through the Yggdrasil, separated by comma
+# yggurls = http://[324:9de3:fea4:f6ac::ace]:7070/
+## Path to local reseed data file (.su3) for manual reseeding
+# file = /path/to/i2pseeds.su3
+## or HTTPS URL to reseed from
+# file = https://legit-website.com/i2pseeds.su3
+## Path to local ZIP file or HTTPS URL to reseed from
+# zipfile = /path/to/netDb.zip
+## If you run i2pd behind a proxy server, set proxy server for reseeding here
+## Should be http://address:port or socks://address:port
+# proxy = http://127.0.0.1:8118
+## Minimum number of known routers, below which i2pd triggers reseeding. 25 by default
+# threshold = 25
+
+[addressbook]
+## AddressBook subscription URL for initial setup
+## Default: reg.i2p at "mainline" I2P Network
+# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
+## Optional subscriptions URLs, separated by comma
+# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
+
+[limits]
+## Maximum active transit sessions (default: 5000)
+## This value is doubled if floodfill mode is enabled!
+# transittunnels = 5000
+## Limit number of open file descriptors (0 - use system limit)
+# openfiles = 0
+## Maximum size of corefile in Kb (0 - use system limit)
+# coresize = 0
+
+[trust]
+## Enable explicit trust options. false by default
+# enabled = true
+## Make direct I2P connections only to routers in specified Family.
+# family = MyFamily
+## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
+# routers =
+## Should we hide our router from other routers? false by default
+# hidden = true
+
+[exploratory]
+## Exploratory tunnels settings with default values
+# inbound.length = 2
+# inbound.quantity = 3
+# outbound.length = 2
+# outbound.quantity = 3
+
+[persist]
+## Save peer profiles on disk (default: true)
+# profiles = true
+## Save full addresses on disk (default: true)
+# addressbook = true
+
+[cpuext]
+## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
+# aesni = true
+## Use CPU AVX instructions set when work with cryptography when available (default: true)
+# avx = true
+## Force usage of CPU instructions set, even if they not found
+## DO NOT TOUCH that option if you really don't know what are you doing!
+# force = false
--- a/i2pd/i2pd.conf.pacnew
+++ b/i2pd/i2pd.conf.pacnew
@ -0,0 +1,288 @@
+## Configuration file for a typical i2pd user
+## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
+## for more options you can use in this file.
+
+## Lines that begin with "## " try to explain what's going on. Lines
+## that begin with just "#" are disabled commands: you can enable them
+## by removing the "#" symbol.
+
+## Tunnels config file
+## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
+## Note: /var/lib/i2pd/tunnels.conf is a symlink to /etc/i2pd/tunnels.conf (use the latter)
+# tunconf = /var/lib/i2pd/tunnels.conf
+
+## Tunnels config files path
+## Use that path to store separated tunnels in different config files.
+## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
+## Note: /var/lib/i2pd/tunnels.d is a symlink to /etc/i2pd/tunnels.d (use the latter)
+# tunnelsdir = /var/lib/i2pd/tunnels.d
+
+## Path to certificates used for verifying .su3, families
+## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
+## Note: /var/lib/i2pd/certificates is a symlink to /usr/share/i2pd/certificates (use the latter)
+# certsdir = /var/lib/i2pd/certificates
+
+## Where to write pidfile (default: /run/i2pd.pid, not used in Windows)
+# pidfile = /run/i2pd/i2pd.pid
+
+## Logging configuration section
+## By default logs go to stdout with level 'info' and higher
+## For Windows OS by default logs go to file with level 'warn' and higher
+##
+## Logs destination (valid values: stdout, file, syslog)
+##  * stdout - print log entries to stdout
+##  * file - log entries to a file
+##  * syslog - use syslog, see man 3 syslog
+# log = file
+## Path to logfile (default: autodetect)
+logfile = /var/log/i2pd/i2pd.log
+## Log messages above this level (debug, info, *warn, error, critical, none)
+## If you set it to none, logging will be disabled
+# loglevel = warn
+## Write full CLF-formatted date and time to log (default: write only time)
+# logclftime = true
+
+## Daemon mode. Router will go to background after start. Ignored on Windows
+## (default: true)
+# daemon = true
+
+## Specify a family, router belongs to (default - none)
+# family =
+
+## Network interface to bind to
+## Updates address4/6 options if they are not set
+# ifname =
+## You can specify different interfaces for IPv4 and IPv6
+# ifname4 =
+# ifname6 =
+
+## Local address to bind transport sockets to
+## Overrides host option if:
+## For ipv4: if ipv4 = true and nat = false
+## For ipv6: if 'host' is not set or ipv4 = true
+# address4 =
+# address6 =
+
+## External IPv4 or IPv6 address to listen for connections
+## By default i2pd sets IP automatically
+## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true
+## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false
+# host = 1.2.3.4
+
+## Port to listen for connections
+## By default i2pd picks random port. You MUST pick a random number too,
+## don't just uncomment this
+# port = 4567
+
+## Enable communication through ipv4 (default: true)
+ipv4 = true
+## Enable communication through ipv6 (default: false)
+ipv6 = false
+
+## Bandwidth configuration
+## L limit bandwidth to 32 KB/sec, O - to 256 KB/sec, P - to 2048 KB/sec,
+## X - unlimited
+## Default is L (regular node) and X if floodfill mode enabled.
+## If you want to share more bandwidth without floodfill mode, uncomment
+## that line and adjust value to your possibilities. Value can be set to
+## integer in kilobytes, it will apply that limit and flag will be used
+## from next upper limit (example: if you set 4096 flag will be X, but real
+## limit will be 4096 KB/s). Same can be done when floodfill mode is used,
+## but keep in mind that low values may be negatively evaluated by Java
+## router algorithms.
+# bandwidth = L
+## Max % of bandwidth limit for transit. 0-100 (default: 100)
+# share = 100
+
+## Router will not accept transit tunnels, disabling transit traffic completely
+## (default: false)
+# notransit = true
+
+## Router will be floodfill (default: false)
+## Note: that mode uses much more network connections and CPU!
+# floodfill = true
+
+[ntcp2]
+## Enable NTCP2 transport (default: true)
+# enabled = true
+## Publish address in RouterInfo (default: true)
+# published = true
+## Port for incoming connections (default is global port option value)
+# port = 4567
+
+[ssu2]
+## Enable SSU2 transport (default: true)
+# enabled = true
+## Publish address in RouterInfo (default: true)
+# published = true
+## Port for incoming connections (default is global port option value)
+# port = 4567
+
+[http]
+## Web Console settings
+## Enable the Web Console (default: true)
+# enabled = true
+## Address and port service will listen on (default: 127.0.0.1:7070)
+# address = 127.0.0.1
+# port = 7070
+## Path to web console (default: /)
+# webroot = /
+## Enable Web Console authentication (default: false)
+## You should not use Web Console via public networks without additional encryption.
+## HTTP authentication is not encryption layer!
+# auth = true
+# user = i2pd
+# pass = changeme
+## Select webconsole language
+## Currently supported english (default), afrikaans, armenian, chinese, czech, french,
+## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian
+## and uzbek languages
+# lang = english
+
+[httpproxy]
+## Enable the HTTP proxy (default: true)
+# enabled = true
+## Address and port service will listen on (default: 127.0.0.1:4444)
+# address = 127.0.0.1
+# port = 4444
+## Optional keys file for proxy local destination (default: http-proxy-keys.dat)
+# keys = http-proxy-keys.dat
+## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
+## You should disable this feature if your i2pd HTTP Proxy is public,
+## because anyone could spoof the short domain via addresshelper and forward other users to phishing links
+# addresshelper = true
+## Address of a proxy server inside I2P, which is used to visit regular Internet
+# outproxy = http://false.i2p
+## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
+
+[socksproxy]
+## Enable the SOCKS proxy (default: true)
+# enabled = true
+## Address and port service will listen on (default: 127.0.0.1:4447)
+# address = 127.0.0.1
+# port = 4447
+## Optional keys file for proxy local destination (default: socks-proxy-keys.dat)
+# keys = socks-proxy-keys.dat
+## Socks outproxy. Example below is set to use Tor for all connections except i2p
+## Enable using of SOCKS outproxy (works only with SOCKS4, default: false)
+# outproxy.enabled = false
+## Address and port of outproxy
+# outproxy = 127.0.0.1
+# outproxyport = 9050
+## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
+
+[sam]
+## Enable the SAM bridge (default: true)
+# enabled = false
+## Address and ports service will listen on (default: 127.0.0.1:7656, udp: 7655)
+# address = 127.0.0.1
+# port = 7656
+# portudp = 7655
+
+[bob]
+## Enable the BOB command channel (default: false)
+# enabled = false
+## Address and port service will listen on (default: 127.0.0.1:2827)
+# address = 127.0.0.1
+# port = 2827
+
+[i2cp]
+## Enable the I2CP protocol (default: false)
+# enabled = false
+## Address and port service will listen on (default: 127.0.0.1:7654)
+# address = 127.0.0.1
+# port = 7654
+
+[i2pcontrol]
+## Enable the I2PControl protocol (default: false)
+# enabled = false
+## Address and port service will listen on (default: 127.0.0.1:7650)
+# address = 127.0.0.1
+# port = 7650
+## Authentication password (default: itoopie)
+# password = itoopie
+
+[precomputation]
+## Enable or disable elgamal precomputation table
+## By default, enabled on i386 hosts
+# elgamal = true
+
+[upnp]
+## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
+# enabled = false
+## Name i2pd appears in UPnP forwardings list (default: I2Pd)
+# name = I2Pd
+
+[meshnets]
+## Enable connectivity over the Yggdrasil network  (default: false)
+# yggdrasil = false
+## You can bind address from your Yggdrasil subnet 300::/64
+## The address must first be added to the network interface
+# yggaddress =
+
+[reseed]
+## Options for bootstrapping into I2P network, aka reseeding
+## Enable reseed data verification (default: true)
+verify = true
+## URLs to request reseed data from, separated by comma
+## Default: "mainline" I2P Network reseeds
+# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
+## Reseed URLs through the Yggdrasil, separated by comma
+# yggurls = http://[324:71e:281a:9ed3::ace]:7070/
+## Path to local reseed data file (.su3) for manual reseeding
+# file = /path/to/i2pseeds.su3
+## or HTTPS URL to reseed from
+# file = https://legit-website.com/i2pseeds.su3
+## Path to local ZIP file or HTTPS URL to reseed from
+# zipfile = /path/to/netDb.zip
+## If you run i2pd behind a proxy server, set proxy server for reseeding here
+## Should be http://address:port or socks://address:port
+# proxy = http://127.0.0.1:8118
+## Minimum number of known routers, below which i2pd triggers reseeding (default: 25)
+# threshold = 25
+
+[addressbook]
+## AddressBook subscription URL for initial setup
+## Default: reg.i2p at "mainline" I2P Network
+# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
+## Optional subscriptions URLs, separated by comma
+# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
+
+[limits]
+## Maximum active transit sessions (default: 5000)
+## This value is doubled if floodfill mode is enabled!
+# transittunnels = 5000
+## Limit number of open file descriptors (0 - use system limit)
+# openfiles = 0
+## Maximum size of corefile in Kb (0 - use system limit)
+# coresize = 0
+
+[trust]
+## Enable explicit trust options. (default: false)
+# enabled = true
+## Make direct I2P connections only to routers in specified Family.
+# family = MyFamily
+## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
+# routers =
+## Should we hide our router from other routers? (default: false)
+# hidden = true
+
+[exploratory]
+## Exploratory tunnels settings with default values
+# inbound.length = 2
+# inbound.quantity = 3
+# outbound.length = 2
+# outbound.quantity = 3
+
+[persist]
+## Save peer profiles on disk (default: true)
+# profiles = true
+## Save full addresses on disk (default: true)
+# addressbook = true
+
+[cpuext]
+## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
+# aesni = true
+## Force usage of CPU instructions set, even if they not found (default: false)
+## DO NOT TOUCH that option if you really don't know what are you doing!
+# force = false
--- a/i2pd/tunnels.conf
+++ b/i2pd/tunnels.conf
@ -0,0 +1,33 @@
+[IRC-ILITA]
+type = client
+address = 127.0.0.1
+port = 6668
+destination = irc.ilita.i2p
+destinationport = 6667
+keys = irc-keys.dat
+
+#[IRC-IRC2P]
+#type = client
+#address = 127.0.0.1
+#port = 6669
+#destination = irc.postman.i2p
+#destinationport = 6667
+#keys = irc-keys.dat
+
+#[SMTP]
+#type = client
+#address = 127.0.0.1
+#port = 7659
+#destination = smtp.postman.i2p
+#destinationport = 25
+#keys = smtp-keys.dat
+
+#[POP3]
+#type = client
+#address = 127.0.0.1
+#port = 7660
+#destination = pop.postman.i2p
+#destinationport = 110
+#keys = pop3-keys.dat
+
+# see more examples at https://i2pd.readthedocs.io/en/latest/user-guide/tunnels/
--- a/i2pd/tunnels.d/inv.zzls.i2p.conf
+++ b/i2pd/tunnels.d/inv.zzls.i2p.conf
@ -0,0 +1,5 @@
+[librex]
+type=http
+host=127.0.0.1
+port=10051
+keys=inv.dat
--- a/i2pd/tunnels.d/librex.zzls.i2p.conf
+++ b/i2pd/tunnels.d/librex.zzls.i2p.conf
@ -0,0 +1,5 @@
+[librex]
+type=http
+host=127.0.0.1
+port=30002
+keys=librex.dat
--- a/i2pd/tunnels.d/rimgo.zzls.i2p.conf
+++ b/i2pd/tunnels.d/rimgo.zzls.i2p.conf
@ -0,0 +1,5 @@
+[rimgo]
+type=http
+host=127.0.0.1
+port=10050
+keys=rimgo-real.dat
--- a/logrotate.d/nginx
+++ b/logrotate.d/nginx
@ -0,0 +1,12 @@
+/var/log/nginx/*log {
+	daily
+	missingok
+	notifempty
+	maxage 1
+	create 640 http root
+	sharedscripts
+	compress
+	postrotate
+		test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid`
+	endscript
+}
--- a/nginx/conf.d/4get.conf
+++ b/nginx/conf.d/4get.conf
@ -0,0 +1,105 @@
+limit_req_zone $binary_remote_addr zone=4get:10m rate=4r/s;
+
+# CLEARNET
+server {
+	access_log /var/log/nginx/4get.access.log limited;
+	error_log /var/log/nginx/4get.error.log;
+	server_name 4get.zzls.xyz 4get.nadeko.net 4getus.zzls.xyz 4getus.nadeko.net;
+	root /var/www/4get-zzls;
+	include configs/general.conf;
+	include configs/robotsNone.conf;
+	include configs/security.conf;
+
+	location @upstream {
+		try_files $uri.php $uri/index.php =404;
+		fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
+		fastcgi_index index.php;
+		include fastcgi.conf;
+		fastcgi_intercept_errors on;
+	}
+
+	location ~* ^(.*)\.php$ {
+		return 301 $1;
+	}
+
+	location / {
+		try_files $uri @upstream;
+	}
+
+	location /web { 
+		try_files $uri @upstream;
+
+		if ($server_protocol ~* "HTTP/1.1") {
+			return 444;
+		}
+
+		include snippets/torblacklist.conf;
+		error_page 403 =302 /torisblocked;
+		error_page 429 =302 /rl;
+	}
+
+	location /torisblocked {
+		alias errors/$request_uri.txt;
+	}
+
+	location /rl {
+		alias errors/$request_uri.txt;
+	}
+
+	location /data {
+		return 444;
+	}
+
+	# Tor Header
+	add_header Onion-Location http://4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion$request_uri;
+
+	# QUIC
+	include configs/http3.conf;
+
+	listen 443 ssl;
+	http2 on;
+}
+
+# TOR
+server {
+	listen 10040;
+	server_name 4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion 4get.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion;
+	root /var/www/4get-zzls;
+
+	location @upstream {
+		try_files $uri.php $uri/index.php =404;
+		fastcgi_pass php-fpm;
+		fastcgi_index index.php;
+		include fastcgi.conf;
+		fastcgi_intercept_errors on;
+	}
+
+	location / {
+		try_files $uri @upstream;
+	}
+
+	location ~* ^(.*)\.php$ {
+		return 301 $1;
+	}
+}
+
+server {
+	set $x "";
+	if ($host = 4get.zzls.xyz) {
+		set $x 1;
+	}	
+	if ($host = 4get.nadeko.net) {
+		set $x 1;
+	}
+	if ($host = 4getus.nadeko.net) {
+		set $x 1;
+	}
+	if ($host = 4getus.zzls.xyz) {
+		set $x 1;
+	}
+	if ($x = 1) {
+		return 301 https://$host$request_uri;
+	}
+	listen 80;
+	server_name 4get.zzls.xyz 4get.nadeko.net 4getus.zzls.xyz 4getus.nadeko.net;
+}
--- a/nginx/conf.d/debug4get.conf
+++ b/nginx/conf.d/debug4get.conf
@ -0,0 +1,99 @@
+# CLEARNET
+server {
+	access_log /var/log/nginx/4get.access.log limited;
+	error_log /var/log/nginx/4get.error.log;
+	server_name debug4get.zzls.xyz debug4get.nadeko.net;
+	root /var/www/;
+	include configs/general.conf;
+	include configs/robotsNone.conf;
+	include configs/security.conf;
+
+	location @upstream {
+		try_files $uri.php $uri/index.php =404;
+		fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
+		fastcgi_index index.php;
+		include fastcgi.conf;
+		fastcgi_intercept_errors on;
+	}
+
+	location ~* ^(.*)\.php$ {
+		return 301 $1;
+	}
+
+	location / {
+		try_files $uri @upstream;
+	}
+
+	location /web { 
+		try_files $uri @upstream;
+		if ($server_protocol ~* "HTTP/1.1") {
+			return 444;
+		}
+
+		include snippets/torblacklist.conf;
+		error_page 403 =302 /torisblocked;
+		error_page 429 =302 /rl;
+	}
+
+	location /torisblocked {
+		alias errors/$request_uri;
+	}
+
+	location /rl {
+		alias errros/$request_uri;
+	}
+
+	location /data {
+		return 444;
+	}
+
+	# Tor Header
+	add_header Onion-Location http://debug4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion$request_uri;
+
+	# QUIC
+	include configs/http3.conf;
+
+	listen 443 ssl;
+	http2 on;
+}
+
+# TOR
+server {
+	listen 80;
+	server_name debug4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion;
+
+	root /var/www/4get;
+
+	location @upstream {
+		try_files $uri.php $uri/index.php =404;
+		fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
+		fastcgi_index index.php;
+		include fastcgi.conf;
+		fastcgi_intercept_errors on;
+	}
+
+	location / {
+		try_files $uri @upstream;
+	}
+
+	location ~* ^(.*)\.php$ {
+		return 301 $1;
+	}
+
+
+}
+
+server {
+	set $x "";
+	if ($host = debug4get.zzls.xyz) {
+		set $x 1;
+	}	
+	if ($host = debug4get.nadeko.net) {
+		set $x 1;
+	}
+	if ($x = 1) {
+		return 301 https://$host$request_uri;
+	}
+	listen 80;
+	server_name debug4get.zzls.xyz;
+}
--- a/nginx/conf.d/debuginv.conf
+++ b/nginx/conf.d/debuginv.conf
@ -0,0 +1,115 @@
+# CLEARNET
+server {
+	access_log /tmp/debuginv.access.log;
+	error_log /tmp/debuginv.error.log;
+	server_name debuginv.zzls.xyz;
+	include configs/general.conf;
+	include configs/robotsNone.conf;
+	# SECURITY HEADERS ADDED BY Invidious
+	# include configs/security.conf;
+
+	location @upstream {
+		proxy_pass http://inv-debug;
+		include configs/proxy.conf;
+		limit_rate 1000k;
+		# Disable buffering and cache so i don't kill my 
+		# SSD and bandwidth usage
+		proxy_buffering off;
+		proxy_request_buffering off;
+		proxy_cache off;
+	}
+
+	# location ~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/) {
+	# 	access_log /var/log/nginx/debuginv-proxy.access.log;
+	# 	error_log /var/log/nginx/debuginv-proxy.error.log;
+	# 	# Woops! Sorry. I don't want to kill my SSD lol!
+	# 	proxy_buffering off;
+	# 	#proxy_buffers 1024 16k;
+	# 	proxy_set_header X-Forwarded-For "";
+	# 	proxy_hide_header "alt-svc";
+	# 	sendfile_max_chunk 512k;
+	# 	proxy_hide_header Cache-Control;
+	# 	proxy_hide_header etag;
+	# 	proxy_http_version 1.1;
+	# 	proxy_intercept_errors on;
+	# 	proxy_set_header Connection keep-alive;
+	# 	proxy_max_temp_file_size 32m;
+	# 	proxy_pass http://http3-ytproxy-debug;
+	# 	add_header Cache-Control private always;
+	# 	limit_rate 6000k;
+	# }
+	location ~ (^/videoplayback) {
+		access_log /var/log/nginx/debuginv-proxy.access.log;
+		error_log /var/log/nginx/debuginv-proxy.error.log;
+		# Woops! Sorry. I don't want to kill my SSD lol!
+		proxy_buffering off;
+		#proxy_buffers 1024 16k;
+		proxy_set_header X-Forwarded-For "";
+		proxy_hide_header "alt-svc";
+		sendfile_max_chunk 512k;
+		proxy_hide_header Cache-Control;
+		proxy_hide_header etag;
+		proxy_http_version 1.1;
+		proxy_intercept_errors on;
+		proxy_set_header Connection keep-alive;
+		proxy_max_temp_file_size 32m;
+		proxy_pass http://http3-ytproxy-debug;
+		add_header Cache-Control private always;
+		limit_rate 6000k;
+	}
+
+
+	location / {
+		try_files $uri @upstream;
+	}
+
+	location /search {
+		try_files $uri @upstream;
+	}
+
+	location /api/v1/ {
+		try_files $uri @upstream;
+	}
+
+	location /api/v1/storyboards {
+		try_files $uri @upstream;
+	}
+
+	location /api/v1/captions {
+		try_files $uri @upstream;
+	}
+
+	location /api/v1/comments {
+		try_files $uri @upstream;
+	}
+
+	location ~ ^/api/v1/channels/(.+)/shorts {
+		try_files $uri @upstream;
+	}
+
+	# QUIC
+	include configs/http3.conf;
+
+	# TOR
+	add_header Onion-Location http://debuginvzzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion$request_uri;
+
+	listen 443 ssl;
+	http2 on;
+
+}
+
+server {
+	set $x "";
+	if ($host = debuginv.zzls.xyz) {
+		set $x 1;
+	}	
+	if ($host = debuginv.nadeko.net) {
+		set $x 1;
+	}
+	if ($x = 1) {
+		return 301 https://$host$request_uri;
+	}
+	listen 80;
+	server_name debuginv.zzls.xyz;
+	return 404;
+}
--- a/nginx/conf.d/disabled/ayaya.beauty.conf
+++ b/nginx/conf.d/disabled/ayaya.beauty.conf
@ -0,0 +1,50 @@
+server {
+	access_log /var/log/nginx/ayaya.beauty.access.log combined;
+	error_log /var/log/nginx/ayaya.beauty.error.log;
+	server_name ayaya.beauty;
+	include configs/general.conf;
+	include configs/security.conf;
+	include configs/robotsNone.conf;
+	include snippets/torblacklist.conf;
+
+	root /var/www/uguu/dist/public/;
+	autoindex off;
+	index index.html index.php;
+
+	client_max_body_size 512M;
+
+	location ~* \.(css|js|jpg|jpeg|gif|png|ico|xml|eot|woff|woff2|ttf|svg|otf|x-icon|avif|webp|apng)$ {
+		expires 7d;
+	}
+
+	location ~ \.php$ {
+		fastcgi_pass php-fpm;
+		fastcgi_intercept_errors on;
+		fastcgi_index index.php;
+		fastcgi_split_path_info ^(.+\.php)(.*)$;
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+	}
+
+	location /torisblocked {
+		alias errors/torisblocked.txt;
+	}
+
+	error_page 403 =302 /torisblocked;
+
+	# QUIC
+	include configs/http3.conf;
+
+	listen 443 ssl;
+	http2 on;
+
+}
+
+server {
+	if ($host = ayaya.beauty) {
+		return 301 https://$host$request_uri;
+	}
+	listen 80;
+	server_name ayaya.beauty;
+	return 404; 
+}
--- a/nginx/conf.d/disabled/i.ayaya.beauty.conf
+++ b/nginx/conf.d/disabled/i.ayaya.beauty.conf
@ -0,0 +1,32 @@
+server {
+	access_log /var/log/nginx/i.ayaya.beauty.access.log;
+	server_name i.ayaya.beauty;
+	include configs/general.conf;
+	include configs/security.conf;
+	include configs/robotsNone.conf;
+	root /mnt/ssd/i.ayaya.beauty/;
+	autoindex off;
+	index index.html;
+
+	location / {
+		rewrite ^/(.*)/$ /\$1 break;
+		try_files $uri $uri.jpg $uri.png $uri.gif $uri.css $uri.js $uri/ =404;
+		error_page 401 402 403 404 =301 https://ayaya.beauty;
+	}
+
+	# QUIC
+	include configs/http3.conf;
+
+	listen 443 ssl;
+	http2 on; 
+
+}
+
+server {
+	if ($host = i.ayaya.beauty) {
+		return 301 https://$host$request_uri;
+	}
+	listen 80;
+	server_name i.ayaya.beauty;
+	return 404; 
+}
--- a/nginx/conf.d/git.conf
+++ b/nginx/conf.d/git.conf
@ -0,0 +1,39 @@
+server {
+	server_name git.zzls.xyz;
+	rewrite ^ https://git.nadeko.net$request_uri? permanent;
+	listen 80;
+	listen 443 ssl;
+}
+
+server {
+	access_log /var/log/nginx/git.access.log;
+	server_name git.nadeko.net;
+	include configs/general.conf;
+	include configs/security.conf;
+	include configs/robots.conf;
+
+	location / {
+		proxy_pass http://forgejo;
+		include configs/proxy.conf;
+		client_max_body_size 128M;
+	}
+
+	# QUIC
+	# include configs/http3.conf;
+
+	listen 443 ssl;
+	http2 on;
+
+}
+
+server {
+	set $x "";
+	if ($host = git.nadeko.net) {
+		set $x 1;
+	}
+	if ($x = 1) {
+		return 301 https://$host$request_uri;
+	}
+	listen 80;
+	server_name git.nadeko.net;
+}
--- a/nginx/conf.d/inv.conf
+++ b/nginx/conf.d/inv.conf
@ -0,0 +1,66 @@
+limit_req_zone $binary_remote_addr zone=invidious-apirl:1m rate=40r/s;
+
+server {
+    server_name inv.zzls.xyz;
+    rewrite ^ https://inv.nadeko.net$request_uri? permanent;
+    listen 443 ssl;
+}
+
+# CLEARNET
+server {
+	access_log /var/log/nginx/inv.access.log limited;
+	error_log /var/log/nginx/inv.error.log;
+	server_name inv.nadeko.net;
+	include configs/general.conf;
+	include configs/robotsNone.conf;
+	# SECURITY HEADERS ADDED BY Invidious
+	# include configs/security.conf;
+
+	# The messed up invidious configuration
+	include conf.d/inv.conf.locations;
+
+	# QUIC
+	include configs/http3.conf;
+
+	# TOR
+	add_header Onion-Location http://inv.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion$request_uri;
+
+	listen 443 ssl;
+	http2 on;
+}
+
+# TOR
+server {
+	listen 10040;
+	server_name inv.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion inv.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion;
+	include configs/general.conf;
+	include configs/robotsNone.conf;
+
+	include conf.d/inv.conf.locations;
+}
+
+# I2P
+server {
+	listen 10051;
+	server_name zzlsbhhfvwg3oh36tcvx4r7n6jrw7zibvyvfxqlodcwn3mfrvzuq.b32.i2p;
+	include configs/general.conf;
+	include configs/robotsNone.conf;
+
+	include conf.d/inv.conf.locations;
+}
+
+server {
+	set $x "";
+	if ($host = inv.zzls.xyz) {
+		set $x 1;
+	}	
+	if ($host = inv.nadeko.net) {
+		set $x 1;
+	}
+	if ($x = 1) {
+		return 301 https://$host$request_uri;
+	}
+	listen 80;
+	server_name inv.zzls.xyz inv.nadeko.net;
+	return 404;
+}
--- a/nginx/conf.d/inv.conf.locations
+++ b/nginx/conf.d/inv.conf.locations
@ -0,0 +1,64 @@
+location @upstream {
+	proxy_pass http://inv;
+	include configs/proxy.conf;
+	limit_rate 1000k;
+	# Disable buffering and cache so i don't kill my 
+	# SSD and bandwidth usage
+	proxy_buffering off;
+	proxy_request_buffering off;
+	proxy_cache off;
+	proxy_intercept_errors on;
+	error_page 502 = @fallback;
+}
+
+location ~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/) {
+	# Woops! Sorry. I don't want to kill my SSD lol!
+	proxy_buffering off;
+	#proxy_buffers 1024 16k;
+	proxy_set_header X-Forwarded-For "";
+	proxy_hide_header "alt-svc";
+	sendfile_max_chunk 512k;
+	proxy_hide_header Cache-Control;
+	proxy_hide_header etag;
+	proxy_http_version 1.1;
+	proxy_set_header Connection keep-alive;
+	proxy_max_temp_file_size 32m;
+	proxy_pass http://http3-ytproxy;
+	add_header Cache-Control private always;
+	limit_rate 8000k;
+	limit_conn addr 100;
+}
+
+location / {
+	try_files $uri @upstream;
+}
+
+location /search {
+	try_files $uri @upstream;
+}
+
+location /api/v1 {
+	limit_req zone=invidious-apirl nodelay burst=10;
+	try_files $uri @upstream;
+}
+
+location /api/v1/storyboards {
+	try_files $uri @upstream;
+}
+
+location /api/v1/captions {
+	try_files $uri @upstream;
+}
+
+location /api/v1/comments {
+	try_files $uri @upstream;
+}
+
+location ~ ^/api/v1/channels/(.+)/shorts {
+	try_files $uri @upstream;
+}
+
+location @fallback {
+	root /etc/nginx/errors;
+	try_files $uri /502.html = 502;
+}
--- a/nginx/conf.d/keygenmusic.conf
+++ b/nginx/conf.d/keygenmusic.conf
@ -0,0 +1,46 @@
+server {
+	access_log /var/log/nginx/keygenmusic.zzls.xyz.access.log;
+	root /var/www/keygenmusic.tk-mirror;
+	index index.html;
+	server_name keygenmusic.zzls.xyz keygenmusic.nadeko.net;
+	include configs/general.conf;
+	include configs/security.conf;
+
+	location / {
+		try_files $uri $uri/ =404;
+	}
+
+	location /kgm {
+		alias /mnt/ssd/luna.zzls.xyz/keygenmusic.tk/kgm;
+	}
+
+	location /kgm/ver.txt {
+		alias /var/www/keygenmusic.tk-mirror/kgm/ver.txt;
+	}
+
+	location /kgm/lib.txt {
+		alias /var/www/keygenmusic.tk-mirror/kgm/lib.txt;
+	}
+
+	# QUIC
+	include configs/http3.conf;
+
+	listen 443 ssl;
+	http2 on;
+}
+
+server {
+	set $x "";
+	if ($host = keygenmusic.zzls.xyz) {
+		set $x 1;
+	}	
+	if ($host = keygenmusic.nadeko.net) {
+		set $x 1;
+	}
+	if ($x = 1) {
+		return 301 https://$host$request_uri;
+	}
+	listen 80;
+	server_name keygenmusic.zzls.xyz keygenmusic.nadeko.net;
+	return 404;
+}
--- a/nginx/conf.d/luna.conf
+++ b/nginx/conf.d/luna.conf
@ -0,0 +1,50 @@
+server {
+    server_name luna.zzls.xyz;
+    rewrite ^ https://luna.nadeko.net$request_uri? permanent;
+    listen 443 ssl;
+}
+
+server {
+	access_log /var/log/nginx/luna.zzls.xyz.access.log combined;
+	error_log /var/log/nginx/luna.zzls.xyz.error.log;
+	server_name luna.nadeko.net;
+	index index.php /_h5ai/public/index.php;
+	root /mnt/ssd/luna.zzls.xyz/;
+	include configs/general.conf;
+	include configs/security.conf;
+	add_header Access-Control-Allow-Origin *;
+
+	location /_h5ai/private {
+		return 403;
+	}
+
+	location ~ [^/]\.php(/|$) {
+		fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+		if (!-f $document_root$fastcgi_script_name) {
+			return 404;
+		}
+		fastcgi_param HTTP_PROXY "";
+		fastcgi_pass php-fpm;
+		fastcgi_index index.php;
+		include fastcgi_params;
+		fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
+		fastcgi_param  PATH_INFO         $fastcgi_path_info;
+		add_header Access-Control-Allow-Origin *;
+	}
+
+	listen 443 ssl;
+	http2 on;
+
+}
+server {
+	set $x "";
+	if ($host = luna.nadeko.net) {
+		set $x 1;
+	}
+	if ($x = 1) {
+		return 301 https://$host$request_uri;
+	}
+	listen 80;
+	server_name luna.nadeko.net;
+	return 404;
+}
--- a/nginx/conf.d/matrix.conf
+++ b/nginx/conf.d/matrix.conf
@ -0,0 +1,53 @@
+server {
+	server_name matrix.zzls.xyz matrix.nadeko.net;
+	include configs/general.conf;
+	include configs/robotsNone.conf;
+	include configs/security.conf;
+
+	location /.well-known/matrix/server {
+		return 200 '{ "m.server": "matrix.zzls.xyz:8448" }';
+	}
+
+	location /.well-known/matrix/client {
+		default_type application/json;
+		add_header Access-Control-Allow-Origin '*';
+		return 200 '{ "m.homeserver": { "base_url": "https://matrix.zzls.xyz" }, "org.matrix.msc3575.proxy": {"url": "https://matrix.zzls.xyz"}}';
+	}
+
+	#location ~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) {
+	#	proxy_pass http://127.0.0.1:40022;
+	#	proxy_set_header X-Forwarded-For $remote_addr;
+	#	proxy_set_header X-Forwarded-Proto $scheme;
+	#		proxy_set_header Host $host;
+	#}
+
+	location ~ ^(/_matrix|/_synapse/client|/health) {
+		proxy_pass http://matrix;
+		include configs/proxy.conf;
+		client_max_body_size 64M;
+	}
+
+	# QUIC
+	include configs/http3.conf;
+
+	listen 443 ssl reuseport;
+	listen 8448 ssl default_server reuseport;
+	listen 8448 quic default_server reuseport;
+	http2 on;
+}
+
+server {
+	set $x "";
+	if ($host = matrix.zzls.xyz) {
+		set $x 1;
+	}	
+	if ($host = matrix.nadeko.net) {
+		set $x 1;
+	}
+	if ($x = 1) {
+		return 301 https://$host$request_uri;
+	}
+	listen 80;
+	server_name matrix.zzls.xyz;
+	return 404;
+}
--- a/nginx/conf.d/pbin.conf
+++ b/nginx/conf.d/pbin.conf
@ -0,0 +1,33 @@
+server {
+	server_name pbin.zzls.xyz pbin.nadeko.net;
+	include configs/general.conf;
+	include configs/security.conf;
+	include configs/robotsNone.conf;
+
+	location / {
+		proxy_pass http://privatebin;
+		include configs/proxy.conf;
+	}
+
+	# QUIC
+	include configs/http3.conf;
+
+	listen 443 ssl;
+	http2 on;
+
+}
+server {
+	set $x "";
+	if ($host = pbin.zzls.xyz) {
+		set $x 1;
+	}	
+	if ($host = pbin.nadeko.net) {
+		set $x 1;
+	}
+	if ($x = 1) {
+		return 301 https://$host$request_uri;
+	}
+	listen 80;
+	server_name pbin.zzls.xyz;
+	return 404;
+}
--- a/nginx/conf.d/ri.conf
+++ b/nginx/conf.d/ri.conf
@ -0,0 +1,61 @@
+# CLEARNET
+server {
+	access_log off;
+	server_name ri.zzls.xyz ri.nadeko.net;
+	include configs/general.conf;
+	include configs/robotsNone.conf;
+
+	location / {
+		proxy_pass http://rimgo;
+		include configs/proxy.conf;
+	}
+
+	# QUIC
+	include configs/http3.conf;
+
+	listen 443 ssl;
+	http2 on;
+
+}
+
+# TOR
+server {
+	listen 10040;
+	server_name rimgo.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion rimgo.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion;
+	include configs/general.conf;
+	include configs/robotsNone.conf;
+
+	location / {
+		proxy_pass http://rimgo;
+		include configs/proxy.conf;
+	}
+}
+
+# I2P
+server {
+	listen 30001;
+	server_name zzls3ubaix5wjfar4hskwqnh3vvwvrzoxsvcx64on2aogcxrvhoq.b32.i2p;
+	include configs/general.conf;
+	include configs/robotsNone.conf;
+
+	location / {
+		proxy_pass http://rimgo;
+		include configs/proxy.conf;
+	}
+}
+
+server {
+	set $x "";
+	if ($host = ri.zzls.xyz) {
+		set $x 1;
+	}	
+	if ($host = ri.nadeko.net) {
+		set $x 1;
+	}
+	if ($x = 1) {
+		return 301 https://$host$request_uri;
+	}
+	listen 80;
+	server_name ri.zzls.xyz ri.nadeko.net;
+	return 404;
+}
--- a/nginx/configs/general.conf
+++ b/nginx/configs/general.conf
@ -0,0 +1,16 @@
+# GZIP
+gzip              on;
+gzip_vary         on;
+gzip_proxied      any;
+gzip_comp_level   6;
+gzip_types        text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
+
+# BROTLI
+brotli            on;
+brotli_comp_level 6;
+brotli_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
+
+# fuck bots .kill
+if ($poop) {
+	return 444;
+}
--- a/nginx/configs/http3.conf
+++ b/nginx/configs/http3.conf
@ -0,0 +1,2 @@
+add_header Alt-Svc 'h3=":443"; ma=86400';
+listen 443 quic;
--- a/nginx/configs/proxy.conf
+++ b/nginx/configs/proxy.conf
@ -0,0 +1,20 @@
+proxy_http_version                 1.1;
+proxy_cache_bypass                 $http_upgrade;
+
+# Proxy SSL
+proxy_ssl_server_name              on;
+
+# Proxy headers
+proxy_set_header Upgrade           $http_upgrade;
+#proxy_set_header Connection        $connection_upgrade;
+proxy_set_header X-Real-IP         $remote_addr;
+proxy_set_header Forwarded         $proxy_add_forwarded;
+proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Forwarded-Host  $host;
+proxy_set_header X-Forwarded-Port  $server_port;
+
+# Proxy timeouts
+proxy_connect_timeout              60s;
+proxy_send_timeout                 60s;
+proxy_read_timeout                 60s;
--- a/nginx/configs/robots.conf
+++ b/nginx/configs/robots.conf
@ -0,0 +1,26 @@
+location /robots.txt { return 200 "User-agent: AhrefsBot
+Disallow: /
+
+User-agent: dotbot
+Disallow: /
+
+User-agent: SiteAuditBot
+Disallow: /
+
+User-agent: SemrushBot-BA
+Disallow: /
+
+User-agent: SemrushBot-SI
+Disallow: /
+
+User-agent: SemrushBot-SWA
+Disallow: /
+
+User-agent: SemrushBot-CT
+Disallow: /
+
+User-agent: SplitSignalBot
+Disallow: /
+
+User-agent: SemrushBot-COUB
+Disallow: /"; }
--- a/nginx/configs/robotsNone.conf
+++ b/nginx/configs/robotsNone.conf
@ -0,0 +1 @@
+location /robots.txt { return 200 "User-agent: *\nDisallow: /";}
--- a/nginx/configs/security.conf
+++ b/nginx/configs/security.conf
@ -0,0 +1,6 @@
+# security headers
+add_header X-Content-Type-Options    "nosniff" always;
+add_header Referrer-Policy           "same-origin" always;
+add_header X-Frame-Options           "sameorigin" always;
+add_header Permissions-Policy        "interest-cohort=()" always;
+add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
--- a/nginx/configs/shituseragents.conf
+++ b/nginx/configs/shituseragents.conf
--- a/nginx/configs/ssl.conf
+++ b/nginx/configs/ssl.conf
@ -0,0 +1,5 @@
+# ECDSA
+ssl_certificate /etc/ssl/nadeko.net/fullchain.ec.crt;
+ssl_certificate_key /etc/ssl/nadeko.net/nadeko.net.ec.key;
+
+include configs/sslConfig.conf;
--- a/nginx/configs/sslConfig.conf
+++ b/nginx/configs/sslConfig.conf
@ -0,0 +1,12 @@
+# SSL
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+ssl_prefer_server_ciphers off;
+ssl_session_timeout 1d;
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+ssl_early_data on;
+
+# Custom 4096bits Diffie-Hellman parameter for DHE ciphersuites (Not the one bundled with letsencrypt
+# Changed to a custom one for trust purposes
+ssl_dhparam /etc/nginx/dhparam.pem;
--- a/nginx/dhparam.pem
+++ b/nginx/dhparam.pem
@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICDAKCAgEAiK/Y67KsiSrOlySdj5iBvVc64vUPIZOBWxQ05ggVhuTWJeZKGjes
+/R6VA43Zh9Yo1U2cQl5semyPNzseEk5cwiK1ZOXz9WJiCmrdOFkB9uIpcL0Gz/r6
+56m4F9ki1/ikJZzKRiBxvt6rQS9K4FMjkMliOFqwqVCt1Bh3EYYXebUjWrkKHb4t
+kraEorQbObFodvKcBVG7dcI4EVZhL6wgznp/xZdHYG65jo1GPC7yTJHiTuvD7Ng9
+EsMssnfpdss3f6SmtWGuAkH7vWht7NJse3oePiTRVRiFuW4i4wO5Omu4CJ8kKlwi
+dmG8/o4eQbYWNqfMsCZFBx04i33SsUFQAPZXUQGGmLeNNFdncA0g3agN457ZQvuS
+buhMpiZUw2sI13UH1D7vZBZSTvc+cleRk2w24wHqcMJ8HAuHQ4WhdrC24w8uD8H8
+hJu78K4FibQ7no1syZEhHR/8AkRPAj/dGMlgJQ/dpI07cll/yMiICkytUydYPwT4
+lXbT+oN1rwA7HSttkMFt+z2Oi3RtH9VaIl3zY5bRCk28+GW2mo8+bL5JGl0qooe
+OQsYn+mbZLdtUYhYaaYktJaLyPyQ6WtrssJas+gSdW/1RmT+WRkARaIC201WS+aS
+guGOj0Lr0My+pW/Jj3wB8Hi6tpm+02KNaQUFubNWgcQZU33Ejj1rnfcCAQICAgFF
+-----END DH PARAMETERS-----
--- a/nginx/errors/502.html
+++ b/nginx/errors/502.html
@ -0,0 +1,187 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+	<meta charset="UTF-8">
+	<meta http-equiv="X-UA-Compatible" content="IE=edge">
+	<meta name="viewport" content="width=device-width, initial-scale=1.0">
+	<link rel="stylesheet" href="https://zzls.xyz/style.css" type="text/css">
+	<link rel="icon" type="image/gif" href="./favicon.gif">
+	<style>
+		@font-face {
+			font-family: "Gaiatype";
+			src: url("./Gaiatype.woff2") format('woff');
+		}
+
+		html {
+			background-image: linear-gradient(to bottom,
+					rgba(11, 11, 11, 0.85),
+					rgba(11, 11, 11, 0.85)),
+				url(./bg.gif);
+			background-attachment: fixed;
+			height: 100%;
+			/* filter: invert(0); */
+		}
+
+		h1 {
+			color: rgb(220, 100, 170);
+			font-family: 'Gaiatype';
+			font-size: 2em;
+		}
+
+		h2 {
+			color: #bde0e4;
+			text-align: center;
+			font-family: 'Gaiatype';
+		}
+
+		@keyframes xd {
+			0% {
+				letter-spacing: normal;
+				/* transform: rotate(2deg); */
+			}
+
+			50% {
+				letter-spacing: 3px;
+				/* transform: rotate(0deg); */
+			}
+
+			100% {
+				letter-spacing: normal;
+				/* transform: rotate(2deg); */
+			}
+		}
+
+		@keyframes erm {
+			0% {
+				transform: rotate(2deg);
+			}
+
+			50% {
+				transform: rotate(-2deg);
+			}
+
+			100% {
+				transform: rotate(2deg);
+			}
+		}
+
+		p {
+			text-align: center;
+		}
+
+		.lol {
+			animation: erm 10s infinite;
+		}
+		/* .lol2 {
+			animation: erm 8s infinite;
+		} */
+
+		body {
+			opacity: 0;
+			transition: opacity 1s;
+		}
+
+		/* .content {
+			min-height: 100%;
+			display: grid;
+			grid-template-rows: auto 1fr auto;
+		} */
+
+		.lain {
+			position: absolute;
+			right: 0;
+			bottom: 0;
+			width: 50%;
+			pointer-events: none;
+			z-index: -1;
+		}
+
+		ul {
+			list-style-type: none;
+		}
+
+		audio {
+			position: fixed;
+			top: 0;
+			left: -100;
+			right: 0;
+			opacity: 0.2;
+			transition: opacity 0.5s ease;
+			/* font-family: 'Gaiatype'; */
+			--box-shadow1: rgba(249, 249, 250, 0);
+			--box-shadow2: rgba(91, 91, 102, 0.0);
+			--box-shadow3: rgba(82, 82, 94, 0.0);
+		}
+
+		audio:hover {
+			opacity: 8;
+		}
+
+		audio::-webkit-media-controls-panel{
+background-color: rgba(200,200,200,1);
+width:350px;
+}
+
+footer {
+	display: flex;
+  flex-direction: column;
+  align-items: center;
+  text-align: center;
+}
+
+footer img {
+  /* width: 100%; */
+  max-width: 100%;
+}
+
+footer p {
+  margin-top: 10px;
+  max-width: 315px;
+  /* margin: 0 auto; */
+}
+	</style>
+
+
+	<title>502 Bad Gateway</title>
+</head>
+
+<body onload="document.body.style.opacity='1'">
+	<audio controls autoplay loop>
+		<source src="./kahgy.ogg" type="audio/ogg">
+	</audio>
+	</div>
+	<div class="overlay fade-out"></div>
+	<div style="font-size: 1.2ch;margin: 0 auto;">
+		<a>Go to zzls.xyz?: </a><a href="https://zzls.xyz">Yes</a>
+	</div>
+
+	<div class="content">
+
+		<h1 class="lol lol2">502 Bad Gateway</h1>
+		<p style="text-align: center; font-size: large;"><b>You just reached an <span style="color: rgb(255, 100, 100);">error page</span>... Great, enjoy the music.</b></p>
+
+		<p>This does not mean that the server is down, or else you would not have been able access this error page.</p>
+		<h2>Contact</h2>
+		<p>Notify me about this shitty error in case I haven't noticed about it yet xD</p>
+		<ul>
+			<li>E-mail: <a style="font-size: large;"
+					href="mailto:admin [at] zzls.xyz"><code>admin [at] zzls.xyz</code></a> <a>PGP Key: <a
+						href="./admin@zzls.xyz.asc">76C578BB918EB8F556C0ABDEA9CB7D007A846255</a></a></li>
+			<li>Mastodon: <a href="https://noc.social/@fijxu">https://noc.social/@fijxu</a></li>
+			<li>Twitter: <a href="https://twitter.com/fijxu__">https://twitter.com/fijxu__</a> <a>Just @ me. No DMs</a>
+			</li>
+		</ul>
+	</div>
+</body>
+
+<footer>
+	<img src="https://count.ayaya.beauty/get/@502zzlsreal2?theme=rule34" alt="The counter is dead or your browser doesn't support the <img> element , xDDDd.">
+	<p>This counter resets every 5 minutes, so if this number is higher than 10, you are clearly not the only one with this error. CONTACT THE ADMIN TO FIX HIS SHIT xD</p>
+</footer>
+
+<script>
+	document.getElementById("domain").innerText = "(" + window.location.hostname + ")";
+</script>
+
+</html>
--- a/nginx/errors/Gaiatype.woff2
+++ b/nginx/errors/Gaiatype.woff2
--- a/nginx/errors/admin@zzls.xyz.asc
+++ b/nginx/errors/admin@zzls.xyz.asc
@ -0,0 +1,13 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xjMEZUDy0BYJKwYBBAHaRw8BAQdAL9RfyeA84n+J0GyVfJpPHPqtw9e4ZGQVt/l+
+qUs0qrDNH3p6bHMueHl6IEFkbWluIDxhZG1pbkB6emxzLnh5ej7CjwQTFggANxYh
+BHbFeLuRjrj1VsCr3qnLfQB6hGJVBQJlQPLQBQkDwmcAAhsDBAsJCAcFFQgJCgsF
+FgIDAQAACgkQqct9AHqEYlUugAD8CLpr1tqosErf0KDqG5nWkHBj/lcixwQ/Ii4Y
+soa+q+kBAN9bKzUkma9yVGwlDg/pDW6sKztgB8MU+FKPRgxSPwEJzjgEZUDy0RIK
+KwYBBAGXVQEFAQEHQCa0sUBxzKEikQvxiPjgpEVpprMWELgs3eB+T1YrkYkrAwEI
+B8J+BBgWCAAmFiEEdsV4u5GOuPVWwKveqct9AHqEYlUFAmVA8tEFCQPCZwACGwwA
+CgkQqct9AHqEYlVlbAD/U2gC6NG4ueUxeEVTpbNfhs8zDnIrq9YrecGpKtpAbCcA
+/0Z/z7XtD73hJtfEqqzzjtLccugoTzx88dVEEAutDEIJ
+=eQVs
+-----END PGP PUBLIC KEY BLOCK-----
--- a/nginx/errors/bg.gif
+++ b/nginx/errors/bg.gif
--- a/nginx/errors/comunitty.ogg
+++ b/nginx/errors/comunitty.ogg
--- a/nginx/errors/favicon.gif
+++ b/nginx/errors/favicon.gif
--- a/nginx/errors/kahgy.ogg
+++ b/nginx/errors/kahgy.ogg
--- a/nginx/errors/torisblocked.txt
+++ b/nginx/errors/torisblocked.txt
@ -0,0 +1,5 @@
+Tor and Proxies are not allowed in this service, sorry. 
+Check if this service offers a Tor version instead, if yes, use it, if not, well, there is no way to use this service.
+
+Tor y Proxies no estan permitidos en este servicio, lo siento. 
+Revisa si este servicio ofrece una version para Tor, si es asi, usalo, si no, pues no hay forma de usar este servicio.
--- a/nginx/fastcgi.conf
+++ b/nginx/fastcgi.conf
@ -0,0 +1,26 @@
+
+fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;
--- a/nginx/mime.types
+++ b/nginx/mime.types
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -0,0 +1,69 @@
+worker_processes auto;
+worker_rlimit_nofile 65535;
+
+include /etc/nginx/modules-enabled/*.conf;
+load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
+load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
+
+events {
+	worker_connections 4096;
+	multi_accept off;
+}
+
+http {
+	log_format limited '$remote_addr - $remote_user [$time_local] '
+		'"$request_method /bogus $server_protocol" $status $body_bytes_sent '
+		'"-" "Bogus/66.6" - "$http_host"';
+
+	access_log off;
+	error_log /dev/null;
+
+	# Basic Settings
+	charset utf-8;
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	server_tokens off;
+	log_not_found off;
+	types_hash_max_size 1024;
+	types_hash_bucket_size 128;
+	server_names_hash_bucket_size 128;
+
+	# MIME
+	include mime.types;
+
+	# SSL
+	include configs/ssl.conf;
+
+	# reset timed out connections freeing ram
+	reset_timedout_connection on;
+	# maximum time between packets the client can pause when sending nginx any data
+	client_body_timeout 10s;
+	# maximum time the client has to send the entire header to nginx
+	client_header_timeout 10s;
+	# timeout which a single keep-alive client connection will stay open
+	keepalive_timeout 60s;
+	# maximum time between packets nginx is allowed to pause when sending the client data
+	send_timeout 10s;
+
+	client_body_buffer_size 32k;
+	client_max_body_size 2m;
+
+	open_file_cache max=1024 inactive=10s;
+	open_file_cache_valid 60s;
+	open_file_cache_min_uses 2;
+	open_file_cache_errors on;
+
+	# PERFORMANCE / ASYNC I/O
+	aio threads=default;
+	aio_write on;
+	directio 2m;
+
+	# Maps
+	include /etc/nginx/snippets/maps.conf;
+	include /etc/nginx/snippets/poop.conf;
+
+	limit_conn_zone $binary_remote_addr zone=addr:10m;
+	include /etc/nginx/configs/upstreams.conf;
+	include /etc/nginx/conf.d/*.conf;
+}
--- a/nginx/snippets/maps.conf
+++ b/nginx/snippets/maps.conf
@ -0,0 +1,27 @@
+# Connection header for WebSocket reverse proxy
+
+map $http_upgrade $connection_upgrade {
+	default upgrade;
+	""      close;
+}
+
+map $remote_addr $proxy_forwarded_elem {
+
+	# IPv4 addresses can be sent as-is
+	~^[0-9.]+$        "for=$remote_addr";
+
+	# IPv6 addresses need to be bracketed and quoted
+	~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\"";
+
+	# Unix domain socket names cannot be represented in RFC 7239 syntax
+	default           "for=unknown";
+}
+
+map $http_forwarded $proxy_add_forwarded {
+
+	# If the incoming Forwarded header is syntactically valid, append to it
+	"~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
+
+	# Otherwise, replace it
+	default "$proxy_forwarded_elem";
+}
--- a/nginx/snippets/poop.conf
+++ b/nginx/snippets/poop.conf
@ -0,0 +1,10 @@
+map $http_user_agent $poop {
+    default			0;
+    ~*my-tiny-bot		1;
+    ~*thesis-research-bot	1;
+    ~*SemrushBot		1;
+    ~*Bytespider		1;
+    ~*PetalBot			1;
+    ~*Amazonbot			1;
+    ~*FriendlyCrawler			1;
+}
--- a/systemd/system/http3-ytproxy.service
+++ b/systemd/system/http3-ytproxy.service
@ -0,0 +1,39 @@
+[Unit]
+Description=Http3 YTProxy for Invidious
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=http
+Group=http
+Environment="DISABLE_WEBP=1"
+Environment="DISABLE_IPV6=1"
+WorkingDirectory=/opt/http3-ytproxy
+ExecStart=/opt/http3-ytproxy/http3-ytproxy
+Restart=on-failure
+RestartSec=5s
+
+ReadWritePaths=/opt/http3-ytproxy/socket
+NoNewPrivileges=yes
+MemoryDenyWriteExecute=true
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=strict
+ProtectControlGroups=true
+RestrictSUIDSGID=true
+RestrictRealtime=true
+LockPersonality=true
+ProtectKernelLogs=true
+ProtectKernelTunables=true
+ProtectHostname=true
+ProtectKernelModules=true
+PrivateUsers=true
+ProtectClock=true
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
+
+[Install]
+WantedBy=multi-user.target
--- a/systemd/system/invidious-debug.service
+++ b/systemd/system/invidious-debug.service
@ -0,0 +1,17 @@
+[Unit]
+Description=Invidious (An alternative YouTube front-end) DEBUG
+After=syslog.target
+After=network.target
+
+[Service]
+RestartSec=2s
+Type=simple
+User=invidious
+Group=invidious
+WorkingDirectory=/opt/invidious/invidious-debug
+ExecStart=/opt/invidious/invidious-debug/invidious
+Restart=always
+RuntimeMaxSec=1h
+
+[Install]
+WantedBy=multi-user.target
--- a/systemd/system/invidious@.service
+++ b/systemd/system/invidious@.service
@ -0,0 +1,35 @@
+[Unit]
+Description=Invidious (An alternative YouTube front-end)
+After=syslog.target
+After=network.target
+
+[Service]
+RestartSec=10s
+Type=simple
+User=invidious
+Group=invidious
+WorkingDirectory=/opt/invidious/invidious
+ExecStart=/opt/invidious/invidious/invidious -o invidious%i.log -p %i
+StandardOutput=null
+#StandardError=null
+Restart=always
+#RuntimeMaxSec=1h
+LimitNOFILE=16384
+
+# Security
+#PrivateTmp=yes
+#NoNewPrivileges=true
+#ProtectSystem=yes
+#ProtectDevices=yes
+#DevicePolicy=closed
+#ProtectKernelTunables=yes
+#ProtectControlGroups=yes
+#ProtectHostname=yes
+#ProtectKernelLogs=true
+#PrivateUsers=yes
+#ReadWriteDirectories=/home/invidious/invidious
+#ProtectControlGroups=yes
+#RestrictNamespaces=net uts ipc pid user cgroup
+
+[Install]
+WantedBy=multi-user.target
--- a/systemd/system/matrix-sliding-sync.service
+++ b/systemd/system/matrix-sliding-sync.service
@ -0,0 +1,19 @@
+[Unit]
+Description=Matrix sliding sync proxy (MSC3575)
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=root
+Group=root
+Environment=LANG=en_US.UTF-8
+WorkingDirectory=/opt/sliding-sync
+ExecStart=/opt/sliding-sync/syncv3
+ExecReload=/usr/bin/kill -HUP $MAINPID
+EnvironmentFile=/opt/sliding-sync/.env
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=multi-user.target
--- a/systemd/system/minecraft.service
+++ b/systemd/system/minecraft.service
@ -0,0 +1,28 @@
+[Unit]
+Description=Minecraft Serber
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=forking
+User=mc
+Group=mc
+Environment=JAVA_HOME=/usr/lib/jvm/java-8-openjdk
+WorkingDirectory=/opt/mc/server/
+ExecStart=/usr/bin/tmux new-session -s minecraft -d '/usr/lib/jvm/java-8-openjdk/bin/java -Xmx512M -Xms512M -jar project-poseidon-1.1.8.jar nogui'
+ExecStop=/usr/bin/tmux send -t minecraft.0 stop ENTER
+#ExecRestart=/usr/bin/tmux send -t minecraft.0 stop ENTER; sleep 10; /usr/bin/tmux new-session -s minecraft -d 'java -Xmx512M -Xms512M -jar project-poseidon-1.1.8.jar nogui'
+TimeoutStopSec=10
+TimeoutStartSec=10
+StandardOutput=null
+StandardError=null
+RemainAfterExit=yes
+KillMode=none
+RestartMode=direct
+#KillSignal=SIGINT
+#RestartKillSignal=SIGINT
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
--- a/systemd/system/rimgo.service
+++ b/systemd/system/rimgo.service
@ -0,0 +1,37 @@
+[Unit]
+Description=Rimgo - An Imgur Proxy
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=rimgo
+Group=rimgo
+WorkingDirectory=/opt/rimgo
+ExecStart=/opt/rimgo/rimgo
+Restart=on-failure
+RestartSec=3s
+
+ReadWritePaths=/opt/rimgo
+NoNewPrivileges=yes
+MemoryDenyWriteExecute=true
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=strict
+ProtectControlGroups=true
+RestrictSUIDSGID=true
+RestrictRealtime=true
+LockPersonality=true
+ProtectKernelLogs=true
+ProtectKernelTunables=true
+ProtectHostname=true
+ProtectKernelModules=true
+PrivateUsers=true
+ProtectClock=true
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
+
+[Install]
+WantedBy=multi-user.target
				`@ -0,0 +1 @@`
				`location /robots.txt { return 200 "User-agent: *\nDisallow: /";}`