diff --git a/lib/caddy.sh b/lib/caddy.sh index 7c742f0..1f939b2 100644 --- a/lib/caddy.sh +++ b/lib/caddy.sh @@ -38,7 +38,7 @@ services: - ./data/data:/data labels: - "traefik.enable=true" - - "traefik.http.routers.caddy.rule=Host(\`www.$DOMAIN\`,\`blog.$DOMAIN\`,\`documentation.$DOMAIN\`)" + - "traefik.http.routers.caddy.rule=Host(\`www.$DOMAIN\`,\`blog.$DOMAIN\`,\`documentation.$DOMAIN\`,\`$DOMAIN\`)" - "traefik.http.routers.caddy.entrypoints=websecure" - "traefik.http.routers.caddy.tls.certresolver=letsencrypt" @@ -53,6 +53,10 @@ EOF chmod 600 /federated/apps/caddy/.env cat > /federated/apps/caddy/data/etc/caddy/Caddyfile < /dev/null + + # Keep trying service port to make sure it's up before + # we proceed + RETRY="30" + while [ $RETRY -gt 0 ]; do + bash -c "$COMMAND" &> /dev/null + if [ $? -eq 0 ]; then + break + else + if [ "$RETRY" == 1 ]; then + docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null + fail "There was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' or turn on\ndebug with -d" + fi + ((RETRY--)) + sleep 7 + fi + done +} start_service_upgrade() { SERVICE="$1" COMMAND="$2" diff --git a/lib/gitea.sh b/lib/gitea.sh index 466dee2..3e89f2d 100644 --- a/lib/gitea.sh +++ b/lib/gitea.sh @@ -11,6 +11,9 @@ config_gitea() { if [ ! -d "/federated/apps/gitea" ]; then mkdir -p /federated/apps/gitea/data/data + mkdir -p /federated/apps/gitea/data/data/git/.ssh + touch /federated/apps/gitea/data/data/git/.ssh/authorized_keys + chmod 600 /federated/apps/gitea/data/data/git/.ssh/authorized_keys fi cat > /federated/apps/gitea/docker-compose.yml < /federated/apps/gitea/data/creategitea.sh </dev/null | awk -F: '{ print \$4 }' | awk -F\" '{ print \$2 }'\` +GITEA_TOKEN_2=\`curl -H "Content-Type: application/json" -d '{"name":"gitea2","scopes":["all"]}' -u gitea:$ADMINPASS http://gitea.$DOMAIN:3000/api/v1/users/gitea/tokens 2>/dev/null | awk -F: '{ pr +int \$4 }' | awk -F\" '{ print \$2 }'\` # Create the repository website, blog, and documentation -#curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"www.$DOMAIN","auto_init":true,"default_branch":"master"}' -#curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"blog.$DOMAIN","auto_init":true,"default_branch":"master"}' -#curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"documentation.$DOMAIN","auto_init":true,"default_branch":"master"}' +curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"www.$DOMAIN","auto_init":true,"default_branch":"master"}' +curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"blog.$DOMAIN","auto_init":true,"default_branch":"master"}' +curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"documentation.$DOMAIN","auto_init":true,"default_branch":"master"}' -# Create the repository and webhooks -for i in www blog documentation; do - # Create the repository - curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data "{\"name\":\"\$i.$DOMAIN\",\"auto_init\":true,\"default_branch\":\"master\"}" - # Create the webhook - curl -X 'POST' \ - "http://gitea.$DOMAIN:3000/api/v1/repos/gitea/\$i.$DOMAIN/hooks" \ +# Create the webhook inside the www repository +curl -X 'POST' \ + 'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/www.$DOMAIN/hooks' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -H "Authorization: token \$GITEA_TOKEN_2" \ @@ -98,47 +103,47 @@ for i in www blog documentation; do "push" ], "type": "gitea" - }' -done +}' # Create the webhook inside the blog repository -#curl -X 'POST' \ -# 'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/blog.$DOMAIN/hooks' \ -# -H 'accept: application/json' \ -# -H 'Content-Type: application/json' \ -# -H "Authorization: token \$GITEA_TOKEN_2" \ -# -d '{ -# "active": true, -# "config": { -# "content_type": "json", -# "url": "https://blog.$DOMAIN/webhook", -# "secret": "$WEBHOOK_SECRET" -# }, -# "events": [ -# "push" -# ], -# "type": "gitea" -#}' +curl -X 'POST' \ + 'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/blog.$DOMAIN/hooks' \ + -H 'accept: application/json' \ + -H 'Content-Type: application/json' \ + -H "Authorization: token \$GITEA_TOKEN_2" \ + -d '{ + "active": true, + "config": { + "content_type": "json", + "url": "https://blog.$DOMAIN/webhook", + "secret": "$WEBHOOK_SECRET" + }, + "events": [ + "push" + ], + "type": "gitea" +}' # Create the webhook inside the documentation repository -#curl -X 'POST' \ -# 'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/documentation.$DOMAIN/hooks' \ -# -H 'accept: application/json' \ -# -H 'Content-Type: application/json' \ -# -H "Authorization: token \$GITEA_TOKEN_2" \ -# -d '{ -# "active": true, -# "config": { -# "content_type": "json", -# "url": "https://documentation.$DOMAIN/webhook", -# "secret": "$WEBHOOK_SECRET" -# }, -# "events": [ -# "push" -# ], -# "type": "gitea" -#}' +curl -X 'POST' \ + 'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/documentation.$DOMAIN/hooks' \ + -H 'accept: application/json' \ + -H 'Content-Type: application/json' \ + -H "Authorization: token \$GITEA_TOKEN_2" \ + -d '{ + "active": true, + "config": { + "content_type": "json", + "url": "https://documentation.$DOMAIN/webhook", + "secret": "$WEBHOOK_SECRET" + }, + "events": [ + "push" + ], + "type": "gitea" +}' EOF + chmod +x /federated/apps/gitea/data/creategitea.sh kill -9 $SPINPID &> /dev/null diff --git a/lib/mail.sh b/lib/mail.sh index 07f54ca..46d09fd 100644 --- a/lib/mail.sh +++ b/lib/mail.sh @@ -101,9 +101,11 @@ EOF chmod 600 /federated/apps/mail/.env cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF' -smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname -smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, check_policy_service inet:127.0.0.1:10023, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client zen.spamhaus.org +smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_client_ +hostname +smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_invalid_helo_hostname, check_policy_service unix:private/policyd-spf, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client zen.spamhaus.org smtpd_sender_login_maps = ldap:/etc/postfix/ldap-aliases.cf +smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname EOF cat > /federated/apps/mail/data/tmp/docker-mailserver/fail2ban-jail.cf <<'EOF'