commit 38a9eb3991b30ddf2b710754555bb4761a7a9479
Author: ION606 <ion606@ion-server.lan>
Date:   Mon Aug 25 14:15:52 2025 -0400

    init

diff --git a/Caddyfile b/Caddyfile
new file mode 100644
index 0000000..373ee75
--- /dev/null
+++ b/Caddyfile
@@ -0,0 +1,10 @@
+(tempfiles.ion606.com) {
+  encode gzip zstd
+  reverse_proxy lufi:8758
+}
+
+(bin.ion606.com) {
+  encode gzip zstd
+  reverse_proxy privatebin:8758
+}
+
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..ffb71fa
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,63 @@
+services:
+  caddy:
+    image: caddy:2-alpine
+    restart: unless-stopped
+    command: ["caddy", "run", "--config", "/etc/caddy/Caddyfile"]
+    ports:
+      - "8756:80"
+      - "8757:443"
+    networks:
+      - edge
+    environment:
+      - ACME_AGREE=true
+      - EMAIL=support@ion606.com
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy_data:/data
+      - caddy_config:/config
+    security_opt:
+      - no-new-privileges:true
+    read_only: true
+
+  lufi:
+    image: victorrds/lufi:latest
+    restart: unless-stopped
+    networks:
+      - edge
+    expose:
+      - "8758"
+    volumes:
+      - ./lufi.conf:/etc/lufi.conf:ro
+      - lufi_files:/var/lufi/files
+    labels:
+      - caddy=files.example.com
+      - caddy.reverse_proxy={{upstreams 8758}}
+    security_opt:
+      - no-new-privileges:true
+
+  privatebin:
+    image: privatebin/nginx-fpm-alpine:latest
+    restart: unless-stopped
+    networks:
+      - edge
+    expose:
+      - "8758"
+    volumes:
+      - privatebin_data:/srv/data
+      - ./privatebin.conf.php:/srv/cfg/conf.php:ro
+    labels:
+      - caddy=bin.example.com
+      - caddy.reverse_proxy={{upstreams 8758}}
+    security_opt:
+      - no-new-privileges:true
+    read_only: true
+
+networks:
+  edge:
+
+volumes:
+  caddy_data:
+  caddy_config:
+  lufi_files:
+  privatebin_data:
+
diff --git a/lufi.conf b/lufi.conf
new file mode 100644
index 0000000..b794dbb
--- /dev/null
+++ b/lufi.conf
@@ -0,0 +1,19 @@
+{
+  # required contact info displayed on the about page
+  contact => 'mailto:support@ion606.com',
+
+  # listen defaults are fine in Docker; we’re proxied by Caddy
+  proxy   => 1,           # very important when running behind Caddy/NGINX
+
+  # provisioning/limits
+  provisioning => {
+    max_file_size => 524288000,  # 500 MiB per upload
+    max_delay     => 604800,     # 7 days (seconds)
+    max_files     => 20,         # files per “batch”
+  },
+
+  # housekeeping
+  loglevel => 'warn',
+  minion   => {cleanup => 1},    # enable built-in cleanup worker
+}
+