bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Fixed gitea SSH, mail postfix spam, dmarc record, caddy default domain

Browse Source
This commit is contained in:
root 2023-05-04 15:00:42 +00:00
parent 0f9ae8bde6
commit 91fa024a4d
5 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/caddy.sh
View File

@ -50,7 +50,7 @@ cat > /federated/apps/caddy/.env <<EOF
IMAGE_VERSION="latest" IMAGE_VERSION="latest"
VIRTUAL_PROTO=http VIRTUAL_PROTO=http
VIRTUAL_PORT=80 VIRTUAL_PORT=80
VIRTUAL_HOST=www.$DOMAIN,blog.$DOMAIN,documentation.$DOMAIN VIRTUAL_HOST=www.$DOMAIN,blog.$DOMAIN,documentation.$DOMAIN,$DOMAIN
EOF EOF
chmod 600 /federated/apps/caddy/.env chmod 600 /federated/apps/caddy/.env
@ -70,6 +70,10 @@ www.$DOMAIN:80 {
} }
} }
} }
$DOMAIN:80 {
root * /srv/www.$DOMAIN/public
file_server
}
blog.$DOMAIN:80 { blog.$DOMAIN:80 {
root * /srv/blog.$DOMAIN/public root * /srv/blog.$DOMAIN/public
file_server file_server

2
lib/dns.sh
View File

@ -190,11 +190,11 @@ vpn IN A $EXTERNALIP
connector IN A $EXTERNALIP connector IN A $EXTERNALIP
baserow IN A $EXTERNALIP baserow IN A $EXTERNALIP
gitea IN A $EXTERNALIP gitea IN A $EXTERNALIP
calcom IN A $EXTERNALIP
blog IN A $EXTERNALIP blog IN A $EXTERNALIP
documentation IN A $EXTERNALIP documentation IN A $EXTERNALIP
* IN A $EXTERNALIP * IN A $EXTERNALIP
$DOMAIN. IN A $EXTERNALIP $DOMAIN. IN A $EXTERNALIP
$DOMAIN. IN CNAME www.$DOMAIN
EOF EOF
cat > /federated/apps/dns/data/etc/bind/zones/$DOMAIN.rev <<EOF cat > /federated/apps/dns/data/etc/bind/zones/$DOMAIN.rev <<EOF

10
lib/gitea.sh
View File

@ -11,6 +11,9 @@ config_gitea() {
if [ ! -d "/federated/apps/gitea" ]; then if [ ! -d "/federated/apps/gitea" ]; then
mkdir -p /federated/apps/gitea/data/data mkdir -p /federated/apps/gitea/data/data
mkdir -p /federated/apps/gitea/data/data/git/.ssh
touch /federated/apps/gitea/data/data/git/.ssh/authorized_keys
chmod 600 /federated/apps/gitea/data/data/git/.ssh/authorized_keys
fi fi
DOMAIN_ARRAY=(${DOMAIN//./ }) DOMAIN_ARRAY=(${DOMAIN//./ })
@ -35,11 +38,12 @@ services:
- "blog.$DOMAIN:$EXTERNALIP" - "blog.$DOMAIN:$EXTERNALIP"
- "documentation.$DOMAIN:$EXTERNALIP" - "documentation.$DOMAIN:$EXTERNALIP"
ports: ports:
- 22:22 - "2222:22"
env_file: env_file:
- ./.env - ./.env
volumes: volumes:
- ./data/data:/data - ./data/data:/data
- ./data/data/git/.ssh:/data/git/.ssh
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
@ -64,6 +68,10 @@ GITEA__database__USER=gitea
GITEA__database__PASSWD=$GITEA_SECRET GITEA__database__PASSWD=$GITEA_SECRET
GITEA__security__INSTALL_LOCK=true GITEA__security__INSTALL_LOCK=true
GITEA__server__ROOT_URL=https://gitea.$DOMAIN GITEA__server__ROOT_URL=https://gitea.$DOMAIN
GITEA__server__DOMAIN=$DOMAIN
GITEA__server__SSH_DOMAIN=$DOMAIN
GITEA__server__SSH_PORT=2222
GITEA__server__SSH_LISTEN_PORT=2222
EOF EOF
chmod 600 /federated/apps/gitea/.env chmod 600 /federated/apps/gitea/.env

2
lib/latest-versions
View File

@ -6,7 +6,7 @@ calcom=1.0
postgresql=14 postgresql=14
proxy=1.1 proxy=1.1
nextcloud=25.0.3 nextcloud=25.0.3
listmonk=v2.3.0 listmonk=v2.4.0
panel=v1.10 panel=v1.10
vaultwarden=1.27.0 vaultwarden=1.27.0
matrix=v1.75.0 matrix=v1.75.0

5
lib/mail.sh
View File

@ -103,7 +103,8 @@ EOF
chmod 600 /federated/apps/mail/.env chmod 600 /federated/apps/mail/.env
cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF' cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF'
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, check_policy_service inet:127.0.0.1:10023, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client zen.spamhaus.org
smtpd_sender_login_maps = ldap:/etc/postfix/ldap-aliases.cf smtpd_sender_login_maps = ldap:/etc/postfix/ldap-aliases.cf
EOF EOF
@ -123,7 +124,7 @@ start_mail() {
[ $? -ne 0 ] && fail "Couldn't insert DKIM record into /federated/apps/dns container" [ $? -ne 0 ] && fail "Couldn't insert DKIM record into /federated/apps/dns container"
# Insert the DMARC DNS TXT entry into /federated/apps/dns container # Insert the DMARC DNS TXT entry into /federated/apps/dns container
echo "_dmarc.$DOMAIN. IN TXT \"v=DMARC1; p=none; rua=mailto:admin@$DOMAIN; ruf=mailto:admin@$DOMAIN; sp=none; ri=86400\"" >> /federated/apps/dns/data/etc/bind/zones/$DOMAIN echo "_dmarc.$DOMAIN. IN TXT \"v=DMARC1; p=quarantine; rua=mailto:admin@$DOMAIN; ruf=mailto:admin@$DOMAIN; sp=none; ri=86400\"" >> /federated/apps/dns/data/etc/bind/zones/$DOMAIN
[ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/dns container" [ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/dns container"
# Reload DNS configuration in /federated/apps/dns container # Reload DNS configuration in /federated/apps/dns container