2025-02-02 17:02:20 +01:00
7 changed files with 65 additions and 96 deletions
--- a/config/hugo/Dockerfile
+++ b/config/hugo/Dockerfile
@ -6,26 +6,25 @@ LABEL maintainer="Lieuwe Leene <lieuwe@leene.dev>"
 ARG HUGO_BASE="localhost"
 ARG SSL_ALGO=secp521r1
-RUN wget -O - "https://github.com/gohugoio/hugo/releases/download/$(wget -O - https://api.github.com/repos/gohugoio/hugo/releases/latest | grep -om 1 "v[0-9.]*/hugo_extended_[0-9.]*_Linux-64bit.tar.gz")" | tar -xz -C /tmp \
+RUN wget -O - "https://github.com/gohugoio/hugo/releases/download/$(wget -O - https://api.github.com/repos/gohugoio/hugo/releases/latest | grep -om 1 "/v[0-9.]*/hugo_[0-9.]*_Linux-64bit.tar.gz")" | tar -xz -C /tmp \
    && mkdir -p /usr/local/sbin \
    && mv /tmp/hugo /usr/local/sbin/hugo \
    && rm -rf /tmp/${HUGO_ID}_linux_amd64 \
    && rm -rf /tmp/LICENSE.md \
    && rm -rf /tmp/README.md
-RUN apk add --update git gcompat asciidoctor libc6-compat libstdc++ \
+RUN apk add --update git asciidoctor libc6-compat libstdc++ \
    && apk upgrade \
    && apk add --no-cache ca-certificates \
    && ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2 \
    && git clone https://github.com/lleene/hugo-site.git /src \
    && git clone https://github.com/lleene/hermit.git /src/themes/hermit \
    && /usr/local/sbin/hugo -b ${BASE_URL}/ -s /src -d /public --minify
 RUN apk update && \
-    apk add --no-cache openssl && \
+  apk add --no-cache openssl && \
-    rm -rf /var/cache/apk/*
+  rm -rf /var/cache/apk/*
-WORKDIR /etc/letsencrypt/live
+RUN mkdir -p /etc/letsencrypt/live
 RUN openssl ecparam -name ${SSL_ALGO} -genkey | openssl pkey -out /etc/letsencrypt/live/ecprivkey.pem && \
    openssl pkey -in /etc/letsencrypt/live/ecprivkey.pem -pubout -out /etc/letsencrypt/live/ecpubkey.pem
--- a/config/mail/postfix-policyd-spf.conf
+++ b/config/mail/postfix-policyd-spf.conf
@ -1,2 +0,0 @@
 Whitelist = 192.168.0.0/31,192.168.1.0/30
 Domain_Whitelist = dockerize_internalnet
--- a/config/nginx/Dockerfile
+++ b/config/nginx/Dockerfile
@ -1,8 +0,0 @@
 FROM python:3.6
 LABEL description="Certbot + nginxproxy soft-linker."
 LABEL maintainer="Lieuwe Leene <lieuwe@leene.dev>"
 COPY ./link_certificates.py /usr/bin/link_certificates.py
 RUN python /usr/bin/link_certificates.py /etc/letsencrypt/live
--- a/config/nginx/credentials.ini
+++ b/config/nginx/credentials.ini
@ -1 +0,0 @@
 dns_google_domains_access_token = $GOOGLE_ACCESS_TOKEN
--- a/config/nginx/link_certificates.py
+++ b/config/nginx/link_certificates.py
@ -1,31 +0,0 @@
 #!/usr/bin/env python3
 import os
 import sys
 import shutil
 cert_dir = "/etc/letsencrypt/live"
 def main():
    if not os.access(cert_dir, os.W_OK) or not os.path.isdir(cert_dir):
        raise RuntimeError(f"Cannot access certificat directory: {cert_dir}.")
    base_domain = sys.argv[1]
    key_file = os.path.join(cert_dir, base_domain, "privkey.pem")
    cert_file = os.path.join(cert_dir, base_domain, "fullchain.pem")
    for domain in sys.argv[2:]:
        print(f"linking {domain} in {base_domain}")
        symlink = os.path.join(cert_dir, f"{domain}.{base_domain}.key")
        if os.path.isfile(symlink):
            os.remove(symlink)
        shutil.copy(key_file, symlink)
        symlink = os.path.join(cert_dir, f"{domain}.{base_domain}.crt")
        if os.path.isfile(symlink):
            os.remove(symlink)
        shutil.copy(cert_file, symlink)
 if __name__ == "__main__":
    sys.exit(main())
 # eof
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -5,26 +5,14 @@ networks:
    driver: bridge
    enable_ipv6: false
-x-mail:
+
-  &defaults
+x-mail: &defaults
-  restart: unless-stopped
+  restart: always
  env_file: local.env
  networks:
    - internalnet
 services:
  certbot:
    <<: *defaults
    image: certbot/dns-cloudflare
    container_name: certbot
    command: certonly --non-interactive --dns-cloudflare --dns-cloudflare-credentials /config/credentials.ini --agree-tos --email admin@${NGINX_HOST} -d ${NGINX_HOST} -d lieuwe.${NGINX_HOST} -d mail.${NGINX_HOST} -d inbox.${NGINX_HOST} -d nextcloud.${NGINX_HOST} -d git.${NGINX_HOST} -d autodiscover.${NGINX_HOST} --server https://acme-v02.api.letsencrypt.org/directory
    volumes:
      - certbot_state:/var/lib/letsencrypt:z
      - nginx_archive:/etc/letsencrypt/archive:z
      - nginx_certs:/etc/letsencrypt/live:z
      - ./config/nginx/credentials.ini:/config/credentials.ini:z
  hugo-html:
    networks: 
      - internalnet
@ -35,6 +23,7 @@ services:
        HUGO_BASE: lieuwe.${NGINX_HOST}
    volumes:
      - hugo_data:/public:z
      - nginx_certs:/etc/letsencrypt/live:z
  hugo-site:
    <<: *defaults
@ -63,11 +52,6 @@ services:
      - ./config/pg-init-scripts:/docker-entrypoint-initdb.d:ro,z
    ports:
      - "5432:5432"
    healthcheck:
      test: "pg_isready"
      timeout: 45s
      interval: 10s
      retries: 10
  nextcloud:
    <<: *defaults
@ -90,8 +74,7 @@ services:
      - SMTP_NAME=admin@${NGINX_HOST}
      - SMTP_PASSWORD=${SQL_PSWD}
    depends_on:
-      pgsqlserver:
+      - pgsqlserver
        condition: service_healthy
    links:
      - pgsqlserver
    expose:
@ -116,15 +99,13 @@ services:
      - GITEA__server__KEY_FILE=/etc/letsencrypt/live/git.${NGINX_HOST}.key
    volumes:
      - gitea_data:/data:z
      - nginx_archive:/etc/letsencrypt/archive:ro,z
      - nginx_certs:/etc/letsencrypt/live:ro,z
    expose:
      - "3000"
    ports:
      - "222:22"
    depends_on:
-      pgsqlserver:
+      - pgsqlserver
        condition: service_healthy
    links:
      - pgsqlserver
@ -141,8 +122,7 @@ services:
      - ROUNDCUBEMAIL_SMTP_SERVER=tls://${NGINX_HOST}
      - ROUNDCUBEMAIL_DB_PASSWORD=${SQL_PSWD}
    depends_on:
-      pgsqlserver:
+      - pgsqlserver
        condition: service_healthy
    links:
      - pgsqlserver
    expose:
@ -172,18 +152,18 @@ services:
      - "587:587"
      - "993:993"
    volumes:
      - nginx_archive:/etc/letsencrypt/archive:ro,z
      - nginx_certs:/etc/letsencrypt/live:ro,z
      - mail_data:/var/mail/:z
      - mail_state:/var/mail-state/:z
      - mail_config:/tmp/docker-mailserver/:z
      - ./config/mail/postfix-policyd-spf.conf:/etc/postfix-policyd-spf-python/policyd-spf.conf:ro,z
    cap_add:
      - NET_ADMIN
    depends_on:
      - ddnsgd
  reverse-proxy:
    <<: *defaults
-    image: nginxproxy/nginx-proxy:1.2.3
+    image: nginxproxy/nginx-proxy
    container_name: nginx-proxy
    environment:
      - DEFAULT_EMAIL=admin@${NGINX_HOST}
@ -194,7 +174,6 @@ services:
      - nginx_html:/usr/share/nginx/html:z
      - nginx_conf:/etc/nginx/conf.d/:z
      - nginx_dhparam:/etc/nginx/dhparam:z
      - nginx_archive:/etc/nginx/archive/:ro,z
      - nginx_certs:/etc/nginx/certs/:z
      - nginx_vhost:/etc/nginx/vhost.d/:z
      - mail_html:/var/www/roundcube:z
@ -203,14 +182,55 @@ services:
      - ./config/nginx/nextcloud_location:/etc/nginx/vhost.d/nextcloud.${NGINX_HOST}_location:ro,z
      - ./config/nginx/header_default:/etc/nginx/vhost.d/default:z
      - /var/run/docker.sock:/tmp/docker.sock:ro,z
    depends_on:
      - ddnsgd
  acme-companion:
    <<: *defaults
    image: nginxproxy/acme-companion
    container_name: nginx-proxy-acme
    volumes_from:
      - reverse-proxy
    volumes:
      - acme-state:/etc/acme.sh
      - /var/run/docker.sock:/var/run/docker.sock:ro,z
    depends_on:
      - ddnsgd
  ddnsgd:
    <<: *defaults
    container_name: "ddnsgd"
    image: "ghcr.io/dominickbrasileiro/ddnsgd"
    environment:
      - HOSTNAME=${NGINX_HOST}
      - USERNAME=${GDNS_USERNAME}
      - PASSWORD=${GDNS_PASSWORD}
      - INTERVAL=9000
  autodiscover:
    <<: *defaults
    image: monogramm/autodiscover-email-settings:latest
    container_name: autodiscover
    environment:
      - VIRTUAL_HOST=autodiscover.${NGINX_HOST},autoconfig.${NGINX_HOST}
      - VIRTUAL_PORT=8000
      - LETSENCRYPT_HOST=autodiscover.${NGINX_HOST},autoconfig.${NGINX_HOST}
      - DOMAIN=${NGINX_HOST}
      - IMAP_HOST=mail.${NGINX_HOST}
      - IMAP_PORT=1993
      - IMAP_SOCKET=SSL
      - SMTP_HOST=mail.${NGINX_HOST}
      - SMTP_PORT=587
      - SMTP_SOCKET=STARTTLS
    expose:
      - "8000"
 volumes:
-  certbot_state:
+  acme-state:
  nginx_archive:
  nginx_certs:
  gitea_data:
  hugo_data:
  nextcloud_data:
  nginx_certs:
  nginx_dhparam:
  nginx_html:
  nginx_conf:
--- a/local.env
+++ b/local.env
@ -1,4 +1,3 @@
 ## Docker Env
 PERMIT_DOCKER=network
@ -21,8 +20,6 @@ ENABLE_DNSBL=0
 ENABLE_QUOTAS=0
 ENABLE_POP3=0
 ## Email Relay
 RELAY_HOST=smtp.sendgrid.net
 RELAY_PORT=587
 RELAY_USER=apikey
@ -32,7 +29,6 @@ RELAY_USER=apikey
 POSTGRES_USER="pgadmin"
 POSTGRES_INITDB_ARGS="--auth-host=scram-sha-256 --auth-local=scram-sha-256"
 ## Round Cube Env
 ROUNDCUBEMAIL_DB_TYPE=pgsql
 ROUNDCUBEMAIL_DB_NAME=roundcube
@ -40,22 +36,18 @@ ROUNDCUBEMAIL_DB_USER=roundcube
 ROUNDCUBEMAIL_SKIN=elastic
 ROUNDCUBEMAIL_ASPELL_DICTS=en
 ## NGINX Reverse Proxy
 NGINX_PROXY_CONTAINER=nginx-proxy
 LETSENCRYPT_RESTART_CONTAINER=true
 ENABLE_IPV6=false
 ## GITEA Setup
 GITEA__server__HTTP_PORT        = 3000
 GITEA__server__DISABLE_SSH      = false
 GITEA__server__SSH_PORT         = 222
 GITEA__server__SSH_LISTEN_PORT  = 222
 GITEA__server__DISABLE_REGISTRATION = true
 GITEA__mailer__ENABLED                 = true
-GITEA__mailer__PROTOCOL                = sendmail
+GITEA__mailer__PROTOCOL                = smtp
-GITEA__mailer__FROM                    = admin@leene.dev
+GITEA__mailer__SMTP_ADDR               = mailserver
-GITEA__mailer__SENDMAIL_ARGS           = -S mailserver --
+GITEA__mailer__SMTP_PORT               = 25
		`@ -1,2 +0,0 @@`
			`Whitelist = 192.168.0.0/31,192.168.1.0/30`
			`Domain_Whitelist = dockerize_internalnet`
		`@ -1 +0,0 @@`
			`dns_google_domains_access_token = $GOOGLE_ACCESS_TOKEN`