Fixed caddy default domain, gitea webhooks, mail settings

lib/caddy.sh

@@ -38,7 +38,7 @@ services:
       - ./data/data:/data
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.caddy.rule=Host(\`www.$DOMAIN\`,\`blog.$DOMAIN\`,\`documentation.$DOMAIN\`)"
+      - "traefik.http.routers.caddy.rule=Host(\`www.$DOMAIN\`,\`blog.$DOMAIN\`,\`documentation.$DOMAIN\`,\`$DOMAIN\`)"
       - "traefik.http.routers.caddy.entrypoints=websecure"
       - "traefik.http.routers.caddy.tls.certresolver=letsencrypt"
 
@@ -53,6 +53,10 @@ EOF
 chmod 600 /federated/apps/caddy/.env
 
 cat > /federated/apps/caddy/data/etc/caddy/Caddyfile <<EOF
+$DOMAIN:80 {
+  root * /srv/www.$DOMAIN.com/public
+  file_server
+}
 www.$DOMAIN:80 {
   root * /srv/www.$DOMAIN/public
   file_server

lib/functions.sh

@@ -85,6 +85,32 @@ create_password() {
   SECRET=`tr -cd '[:alnum:]' < /dev/urandom | fold -w32 | head -n1`
   echo "$SECRET";
 }
+start_service_convert() {
+  SERVICE="$1"
+  COMMAND="$2"
+
+  # Start /federated/apps/SERVICE with output to /dev/null
+  echo -ne "\n* Starting /federated/apps/$SERVICE service.."
+
+  docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE up -d &> /dev/null
+
+  # Keep trying service port to make sure it's up before
+  # we proceed
+  RETRY="30"
+  while [ $RETRY -gt 0 ]; do
+    bash -c "$COMMAND" &> /dev/null
+    if [ $? -eq 0 ]; then
+      break
+    else
+      if [ "$RETRY" == 1 ]; then
+        docker-compose -f /federated/apps/$SERVICE/docker-compose.yml -p $SERVICE down &> /dev/null
+        fail "There was a problem starting service /federated/apps/$SERVICE\nCheck the output of 'docker logs $SERVICE' or turn on\ndebug with -d"
+      fi
+      ((RETRY--))
+      sleep 7
+    fi
+  done
+}
 start_service_upgrade() {
   SERVICE="$1"
   COMMAND="$2"

lib/gitea.sh

@@ -11,6 +11,9 @@ config_gitea() {
 
   if [ ! -d "/federated/apps/gitea" ]; then
     mkdir -p /federated/apps/gitea/data/data
+    mkdir -p /federated/apps/gitea/data/data/git/.ssh
+    touch /federated/apps/gitea/data/data/git/.ssh/authorized_keys
+    chmod 600 /federated/apps/gitea/data/data/git/.ssh/authorized_keys
   fi
 
 cat > /federated/apps/gitea/docker-compose.yml <<EOF
@@ -31,11 +34,12 @@ services:
       - "blog.$DOMAIN:$EXTERNALIP"
       - "documentation.$DOMAIN:$EXTERNALIP"
     ports:
-      - 22:22
+      - "2222:22"
     env_file:
       - ./.env
     volumes:
       - ./data/data:/data
+      - ./data/data/git/.ssh:/data/git/.ssh
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     labels:
@@ -61,6 +65,10 @@ GITEA__database__USER=gitea
 GITEA__database__PASSWD=$GITEA_SECRET
 GITEA__security__INSTALL_LOCK=true
 GITEA__server__ROOT_URL=https://gitea.$DOMAIN
+GITEA__server__DOMAIN=$DOMAIN
+GITEA__server__SSH_DOMAIN=$DOMAIN
+GITEA__server__SSH_PORT=2222
+GITEA__server__SSH_LISTEN_PORT=2222
 EOF
 chmod 600 /federated/apps/gitea/.env
 
@@ -70,20 +78,17 @@ cat > /federated/apps/gitea/data/creategitea.sh <<EOF
 #!/bin/bash
 
 # Get the Gitea API token
-GITEA_TOKEN_2=\`curl -H "Content-Type: application/json" -d '{"name":"gitea2","scopes":["all"]}' -u gitea:$ADMINPASS http://gitea.$DOMAIN:3000/api/v1/users/gitea/tokens 2>/dev/null | awk -F: '{ print \$4 }' | awk -F\" '{ print \$2 }'\`
+GITEA_TOKEN_2=\`curl -H "Content-Type: application/json" -d '{"name":"gitea2","scopes":["all"]}' -u gitea:$ADMINPASS http://gitea.$DOMAIN:3000/api/v1/users/gitea/tokens 2>/dev/null | awk -F: '{ pr
+int \$4 }' | awk -F\" '{ print \$2 }'\`
 
 # Create the repository website, blog, and documentation
-#curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"www.$DOMAIN","auto_init":true,"default_branch":"master"}'
+curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"www.$DOMAIN","auto_init":true,"default_branch":"master"}'
-#curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"blog.$DOMAIN","auto_init":true,"default_branch":"master"}'
+curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"blog.$DOMAIN","auto_init":true,"default_branch":"master"}'
-#curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"documentation.$DOMAIN","auto_init":true,"default_branch":"master"}'
+curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data '{"name":"documentation.$DOMAIN","auto_init":true,"default_branch":"master"}'
 
-# Create the repository and webhooks
+# Create the webhook inside the www repository
-for i in www blog documentation; do
+curl -X 'POST' \
-  # Create the repository
+  'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/www.$DOMAIN/hooks' \
-  curl -k -X POST http://gitea.$DOMAIN:3000/api/v1/user/repos -H "content-type: application/json" -H "Authorization: token \$GITEA_TOKEN_2" --data "{\"name\":\"\$i.$DOMAIN\",\"auto_init\":true,\"default_branch\":\"master\"}"
-  # Create the webhook
-  curl -X 'POST' \
-  "http://gitea.$DOMAIN:3000/api/v1/repos/gitea/\$i.$DOMAIN/hooks" \
   -H 'accept: application/json' \
   -H 'Content-Type: application/json' \
   -H "Authorization: token \$GITEA_TOKEN_2" \
@@ -98,47 +103,47 @@ for i in www blog documentation; do
     "push"
   ],
   "type": "gitea"
-  }'
+}'
-done
 
 # Create the webhook inside the blog repository
-#curl -X 'POST' \
+curl -X 'POST' \
-#  'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/blog.$DOMAIN/hooks' \
+  'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/blog.$DOMAIN/hooks' \
-#  -H 'accept: application/json' \
+  -H 'accept: application/json' \
-#  -H 'Content-Type: application/json' \
+  -H 'Content-Type: application/json' \
-#  -H "Authorization: token \$GITEA_TOKEN_2" \
+  -H "Authorization: token \$GITEA_TOKEN_2" \
-#  -d '{
+  -d '{
-#  "active": true,
+  "active": true,
-#  "config": {
+  "config": {
-#    "content_type": "json",
+    "content_type": "json",
-#    "url": "https://blog.$DOMAIN/webhook",
+    "url": "https://blog.$DOMAIN/webhook",
-#    "secret": "$WEBHOOK_SECRET"
+    "secret": "$WEBHOOK_SECRET"
-#  },
+  },
-#  "events": [
+  "events": [
-#    "push"
+    "push"
-#  ],
+  ],
-#  "type": "gitea"
+  "type": "gitea"
-#}'
+}'
 
 # Create the webhook inside the documentation repository
-#curl -X 'POST' \
+curl -X 'POST' \
-#  'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/documentation.$DOMAIN/hooks' \
+  'http://gitea.$DOMAIN:3000/api/v1/repos/gitea/documentation.$DOMAIN/hooks' \
-#  -H 'accept: application/json' \
+  -H 'accept: application/json' \
-#  -H 'Content-Type: application/json' \
+  -H 'Content-Type: application/json' \
-#  -H "Authorization: token \$GITEA_TOKEN_2" \
+  -H "Authorization: token \$GITEA_TOKEN_2" \
-#  -d '{
+  -d '{
-#  "active": true,
+  "active": true,
-#  "config": {
+  "config": {
-#    "content_type": "json",
+    "content_type": "json",
-#    "url": "https://documentation.$DOMAIN/webhook",
+    "url": "https://documentation.$DOMAIN/webhook",
-#    "secret": "$WEBHOOK_SECRET"
+    "secret": "$WEBHOOK_SECRET"
-#  },
+  },
-#  "events": [
+  "events": [
-#    "push"
+    "push"
-#  ],
+  ],
-#  "type": "gitea"
+  "type": "gitea"
-#}'
+}'
 EOF
+
 chmod +x /federated/apps/gitea/data/creategitea.sh
  
 kill -9 $SPINPID &> /dev/null

lib/mail.sh

@@ -101,9 +101,11 @@ EOF
 chmod 600 /federated/apps/mail/.env
 
 cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF'
-smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname
+smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_client_
-smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, check_policy_service inet:127.0.0.1:10023, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client zen.spamhaus.org
+hostname
+smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_invalid_helo_hostname, check_policy_service unix:private/policyd-spf, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client zen.spamhaus.org
 smtpd_sender_login_maps = ldap:/etc/postfix/ldap-aliases.cf
+smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname
 EOF
 
 cat > /federated/apps/mail/data/tmp/docker-mailserver/fail2ban-jail.cf <<'EOF'