From 91fa024a4d6749c74c8e6b022ffcbb15ee1133d5 Mon Sep 17 00:00:00 2001
From: root <root@federated.computer>
Date: Thu, 4 May 2023 15:00:42 +0000
Subject: [PATCH] Fixed gitea SSH, mail postfix spam, dmarc record, caddy
 default domain

---
 lib/caddy.sh        |  6 +++++-
 lib/dns.sh          |  2 +-
 lib/gitea.sh        | 10 +++++++++-
 lib/latest-versions |  2 +-
 lib/mail.sh         |  5 +++--
 5 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/lib/caddy.sh b/lib/caddy.sh
index 840d458..71902e6 100644
--- a/lib/caddy.sh
+++ b/lib/caddy.sh
@@ -50,7 +50,7 @@ cat > /federated/apps/caddy/.env <<EOF
 IMAGE_VERSION="latest"
 VIRTUAL_PROTO=http
 VIRTUAL_PORT=80
-VIRTUAL_HOST=www.$DOMAIN,blog.$DOMAIN,documentation.$DOMAIN
+VIRTUAL_HOST=www.$DOMAIN,blog.$DOMAIN,documentation.$DOMAIN,$DOMAIN
 EOF
 chmod 600 /federated/apps/caddy/.env
 
@@ -70,6 +70,10 @@ www.$DOMAIN:80 {
     }
   }
 }
+$DOMAIN:80 {
+  root * /srv/www.$DOMAIN/public
+  file_server
+}
 blog.$DOMAIN:80 {
   root * /srv/blog.$DOMAIN/public
   file_server
diff --git a/lib/dns.sh b/lib/dns.sh
index 011cf1b..6ed80aa 100644
--- a/lib/dns.sh
+++ b/lib/dns.sh
@@ -190,11 +190,11 @@ vpn     	IN	A	$EXTERNALIP
 connector     	IN	A	$EXTERNALIP
 baserow     	IN	A	$EXTERNALIP
 gitea     	IN	A	$EXTERNALIP
-calcom     	IN	A	$EXTERNALIP
 blog     	IN	A	$EXTERNALIP
 documentation     	IN	A	$EXTERNALIP
 *		IN	A	$EXTERNALIP
 $DOMAIN.	IN	A	$EXTERNALIP
+$DOMAIN.        IN      CNAME  	www.$DOMAIN
 EOF
 
 cat > /federated/apps/dns/data/etc/bind/zones/$DOMAIN.rev <<EOF
diff --git a/lib/gitea.sh b/lib/gitea.sh
index 318966a..a19b950 100644
--- a/lib/gitea.sh
+++ b/lib/gitea.sh
@@ -11,6 +11,9 @@ config_gitea() {
 
   if [ ! -d "/federated/apps/gitea" ]; then
     mkdir -p /federated/apps/gitea/data/data
+    mkdir -p /federated/apps/gitea/data/data/git/.ssh
+    touch /federated/apps/gitea/data/data/git/.ssh/authorized_keys
+    chmod 600 /federated/apps/gitea/data/data/git/.ssh/authorized_keys
   fi
 
   DOMAIN_ARRAY=(${DOMAIN//./ })
@@ -35,11 +38,12 @@ services:
       - "blog.$DOMAIN:$EXTERNALIP"
       - "documentation.$DOMAIN:$EXTERNALIP"
     ports:
-      - 22:22
+      - "2222:22"
     env_file:
       - ./.env
     volumes:
       - ./data/data:/data
+      - ./data/data/git/.ssh:/data/git/.ssh
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
 
@@ -64,6 +68,10 @@ GITEA__database__USER=gitea
 GITEA__database__PASSWD=$GITEA_SECRET
 GITEA__security__INSTALL_LOCK=true
 GITEA__server__ROOT_URL=https://gitea.$DOMAIN
+GITEA__server__DOMAIN=$DOMAIN
+GITEA__server__SSH_DOMAIN=$DOMAIN
+GITEA__server__SSH_PORT=2222
+GITEA__server__SSH_LISTEN_PORT=2222
 EOF
 chmod 600 /federated/apps/gitea/.env
 
diff --git a/lib/latest-versions b/lib/latest-versions
index 461e36e..7a84516 100644
--- a/lib/latest-versions
+++ b/lib/latest-versions
@@ -6,7 +6,7 @@ calcom=1.0
 postgresql=14
 proxy=1.1
 nextcloud=25.0.3
-listmonk=v2.3.0
+listmonk=v2.4.0
 panel=v1.10
 vaultwarden=1.27.0
 matrix=v1.75.0
diff --git a/lib/mail.sh b/lib/mail.sh
index 729148e..d9ebc03 100644
--- a/lib/mail.sh
+++ b/lib/mail.sh
@@ -103,7 +103,8 @@ EOF
 chmod 600 /federated/apps/mail/.env
 
 cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF'
-smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch
+smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname
+smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, check_policy_service inet:127.0.0.1:10023, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client zen.spamhaus.org
 smtpd_sender_login_maps = ldap:/etc/postfix/ldap-aliases.cf
 EOF
 
@@ -123,7 +124,7 @@ start_mail() {
   [ $? -ne 0 ] && fail "Couldn't insert DKIM record into /federated/apps/dns container"
 
   # Insert the DMARC DNS TXT entry into /federated/apps/dns container
-  echo "_dmarc.$DOMAIN. IN TXT \"v=DMARC1; p=none; rua=mailto:admin@$DOMAIN; ruf=mailto:admin@$DOMAIN; sp=none; ri=86400\"" >> /federated/apps/dns/data/etc/bind/zones/$DOMAIN
+  echo "_dmarc.$DOMAIN. IN TXT \"v=DMARC1; p=quarantine; rua=mailto:admin@$DOMAIN; ruf=mailto:admin@$DOMAIN; sp=none; ri=86400\"" >> /federated/apps/dns/data/etc/bind/zones/$DOMAIN
   [ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/dns container"
 
   # Reload DNS configuration in /federated/apps/dns container