General deployment #1
6 changed files with 88 additions and 82 deletions
|
@ -36,6 +36,8 @@ services:
|
||||||
- AUTHENTIK_EMAIL__USE_TLS=false
|
- AUTHENTIK_EMAIL__USE_TLS=false
|
||||||
- AUTHENTIK_EMAIL__USE_SSL=false
|
- AUTHENTIK_EMAIL__USE_SSL=false
|
||||||
- AUTHENTIK_EMAIL__FROM=${AUTHENTIK_MAIL_FROM}@${BASE_DOMAIN}
|
- AUTHENTIK_EMAIL__FROM=${AUTHENTIK_MAIL_FROM}@${BASE_DOMAIN}
|
||||||
|
|
||||||
|
- AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME=false
|
||||||
depends_on:
|
depends_on:
|
||||||
- pg-authentik
|
- pg-authentik
|
||||||
- redis-authentik
|
- redis-authentik
|
||||||
|
|
|
@ -13,10 +13,10 @@ networks:
|
||||||
|
|
||||||
services:
|
services:
|
||||||
mail:
|
mail:
|
||||||
image: mailserver/docker-mailserver:11
|
image: mailserver/docker-mailserver:12
|
||||||
container_name: mail
|
container_name: mail
|
||||||
restart: "${RESTART:-no}"
|
restart: "${RESTART:-no}"
|
||||||
hostname: mail
|
hostname: post
|
||||||
domainname: ${BASE_DOMAIN}
|
domainname: ${BASE_DOMAIN}
|
||||||
environment:
|
environment:
|
||||||
- SSL_TYPE=letsencrypt
|
- SSL_TYPE=letsencrypt
|
||||||
|
@ -31,16 +31,16 @@ services:
|
||||||
- ENABLE_POSTGREY=0
|
- ENABLE_POSTGREY=0
|
||||||
- ENABLE_CLAMAV=0
|
- ENABLE_CLAMAV=0
|
||||||
- ENABLE_SPAMASSASSIN=0
|
- ENABLE_SPAMASSASSIN=0
|
||||||
- ENABLE_MANAGESIEVE=1
|
- ENABLE_MANAGESIEVE=0
|
||||||
- ENABLE_FAIL2BAN=0
|
- ENABLE_FAIL2BAN=0
|
||||||
- TZ=${TIMEZONE}
|
- TZ=${TIMEZONE}
|
||||||
- POSTMASTER_ADDRESS=postmaster@${BASE_DOMAIN}
|
- POSTMASTER_ADDRESS=postmaster@${BASE_DOMAIN}
|
||||||
ports:
|
ports:
|
||||||
- "25:25"
|
- "25:25" # SMTP (explicit TLS => STARTTLS)
|
||||||
- "143:143"
|
- "143:143" # IMAP4 (explicit TLS => STARTTLS)
|
||||||
- "587:587"
|
- "465:465" # ESMTP (implicit TLS)
|
||||||
- "465:465"
|
- "587:587" # ESMTP (explicit TLS => STARTTLS)
|
||||||
- "993:993"
|
- "993:993" # IMAP4 (implicit TLS)
|
||||||
- "4190:4190" # managesieve
|
- "4190:4190" # managesieve
|
||||||
volumes:
|
volumes:
|
||||||
# config
|
# config
|
||||||
|
@ -50,8 +50,8 @@ services:
|
||||||
- ${BASE_DIR:-/srv}/mail/mail-state:/var/mail-state/
|
- ${BASE_DIR:-/srv}/mail/mail-state:/var/mail-state/
|
||||||
- ${BASE_DIR:-/srv}/mail/mail-logs:/var/log/mail/
|
- ${BASE_DIR:-/srv}/mail/mail-logs:/var/log/mail/
|
||||||
# certificates
|
# certificates
|
||||||
- ${CERTS_DIR}/mail.${BASE_DOMAIN}/mail.${BASE_DOMAIN}.crt:/etc/letsencrypt/live/mail.${BASE_DOMAIN}/fullchain.pem:ro
|
- ${CERTS_DIR}/post.${BASE_DOMAIN}/post.${BASE_DOMAIN}.crt:/etc/letsencrypt/live/post.${BASE_DOMAIN}/fullchain.pem:ro
|
||||||
- ${CERTS_DIR}/mail.${BASE_DOMAIN}/mail.${BASE_DOMAIN}.key:/etc/letsencrypt/live/mail.${BASE_DOMAIN}/privkey.pem:ro
|
- ${CERTS_DIR}/post.${BASE_DOMAIN}/post.${BASE_DOMAIN}.key:/etc/letsencrypt/live/post.${BASE_DOMAIN}/privkey.pem:ro
|
||||||
# - ${CERTS_DIR}/mail.${BASE_DOMAIN}:/etc/letsencrypt/live/
|
# - ${CERTS_DIR}/mail.${BASE_DOMAIN}:/etc/letsencrypt/live/
|
||||||
networks:
|
networks:
|
||||||
- mail
|
- mail
|
||||||
|
|
|
@ -1,15 +1,14 @@
|
||||||
(logging) {
|
(logging) {
|
||||||
log {
|
log {
|
||||||
output stdout
|
output stdout
|
||||||
format transform "{common_log}"
|
# format transform "{common_log}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
local_certs
|
# local_certs
|
||||||
# email {$TLS_EMAIL}
|
email {$TLS_EMAIL}
|
||||||
# acme_ca {$CA_URL}
|
acme_ca {$CA_URL}
|
||||||
import logging
|
|
||||||
}
|
}
|
||||||
|
|
||||||
(errorpages) {
|
(errorpages) {
|
||||||
|
@ -32,91 +31,91 @@
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
https://{$BASE_DOMAIN} {
|
# https://{$BASE_DOMAIN} {
|
||||||
import errorpages
|
# import logging
|
||||||
import logging
|
# import errorpages
|
||||||
reverse_proxy /_matrix* matrix:8008
|
# reverse_proxy /_matrix* matrix:8008
|
||||||
|
|
||||||
root * /srv/homepage
|
# root * /srv/homepage
|
||||||
file_server
|
# file_server
|
||||||
}
|
# }
|
||||||
|
|
||||||
# https://{$BASE_DOMAIN}:8448 {
|
# https://{$BASE_DOMAIN}:8448 {
|
||||||
# import errorpages
|
|
||||||
# import logging
|
# import logging
|
||||||
|
# import errorpages
|
||||||
# reverse_proxy matrix:8008
|
# reverse_proxy matrix:8008
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# needs to be http!
|
# needs to be http!
|
||||||
http://autoconfig.{$BASE_DOMAIN} {
|
# http://autoconfig.{$BASE_DOMAIN} {
|
||||||
file_server {
|
# file_server {
|
||||||
root /srv/autoconfig
|
# root /srv/autoconfig
|
||||||
}
|
# }
|
||||||
|
# }
|
||||||
|
|
||||||
|
# https://echo.{$BASE_DOMAIN} {
|
||||||
|
# import logging
|
||||||
|
# import errorpages
|
||||||
|
# reverse_proxy echo:8000
|
||||||
|
# }
|
||||||
|
|
||||||
|
https://account.{$BASE_DOMAIN} {
|
||||||
|
import logging
|
||||||
|
import errorpages
|
||||||
|
reverse_proxy authentik:80
|
||||||
}
|
}
|
||||||
|
|
||||||
https://echo.{$BASE_DOMAIN} {
|
https://post.{$BASE_DOMAIN} {
|
||||||
import errorpages
|
import errorpages
|
||||||
import logging
|
import logging
|
||||||
reverse_proxy echo:8000
|
reverse_proxy echo:8000
|
||||||
}
|
}
|
||||||
|
|
||||||
https://auth.{$BASE_DOMAIN} {
|
# https://git.{$BASE_DOMAIN} {
|
||||||
import errorpages
|
# import logging
|
||||||
import logging
|
# import errorpages
|
||||||
reverse_proxy authentik:80
|
# reverse_proxy forgejo:3000
|
||||||
}
|
# }
|
||||||
|
|
||||||
https://mail.{$BASE_DOMAIN} {
|
# https://ci.{$BASE_DOMAIN} {
|
||||||
import errorpages
|
# import logging
|
||||||
import logging
|
# import errorpages
|
||||||
reverse_proxy roundcube:80
|
# reverse_proxy woodpecker:8000
|
||||||
}
|
# }
|
||||||
|
|
||||||
https://git.{$BASE_DOMAIN} {
|
# https://cloud.{$BASE_DOMAIN} {
|
||||||
import errorpages
|
# import logging
|
||||||
import logging
|
# import errorpages
|
||||||
reverse_proxy forgejo:3000
|
# redir /.well-known/carddav /remote.php/dav
|
||||||
}
|
# redir /.well-known/caldav /remote.php/dav
|
||||||
|
# redir /.well-known/webfinger /index.php/.well-known/webfinger
|
||||||
|
# redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo
|
||||||
|
# reverse_proxy nextcloud:80
|
||||||
|
# }
|
||||||
|
|
||||||
https://ci.{$BASE_DOMAIN} {
|
# https://passwords.{$BASE_DOMAIN} {
|
||||||
import errorpages
|
# import logging
|
||||||
import logging
|
# import errorpages
|
||||||
reverse_proxy woodpecker:8000
|
# reverse_proxy /notifications/hub/negotiate* vaultwarden:80
|
||||||
}
|
# reverse_proxy /notifications/hub* vaultwarden:3012
|
||||||
|
# reverse_proxy vaultwarden:80
|
||||||
|
# }
|
||||||
|
|
||||||
https://cloud.{$BASE_DOMAIN} {
|
# https://md.{$BASE_DOMAIN} {
|
||||||
import errorpages
|
# import logging
|
||||||
import logging
|
# import errorpages
|
||||||
redir /.well-known/carddav /remote.php/dav
|
# reverse_proxy hedgedoc:3000
|
||||||
redir /.well-known/caldav /remote.php/dav
|
# }
|
||||||
redir /.well-known/webfinger /index.php/.well-known/webfinger
|
|
||||||
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo
|
|
||||||
reverse_proxy nextcloud:80
|
|
||||||
}
|
|
||||||
|
|
||||||
https://passwords.{$BASE_DOMAIN} {
|
|
||||||
import errorpages
|
|
||||||
import logging
|
|
||||||
reverse_proxy /notifications/hub/negotiate* vaultwarden:80
|
|
||||||
reverse_proxy /notifications/hub* vaultwarden:3012
|
|
||||||
reverse_proxy vaultwarden:80
|
|
||||||
}
|
|
||||||
|
|
||||||
https://md.{$BASE_DOMAIN} {
|
|
||||||
import errorpages
|
|
||||||
import logging
|
|
||||||
reverse_proxy hedgedoc:3000
|
|
||||||
}
|
|
||||||
|
|
||||||
# https://ci-demo.{$BASE_DOMAIN} {
|
# https://ci-demo.{$BASE_DOMAIN} {
|
||||||
# import errorpages
|
|
||||||
# import logging
|
# import logging
|
||||||
|
# import errorpages
|
||||||
# reverse_proxy docker-ci-demo:8000
|
# reverse_proxy docker-ci-demo:8000
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# https://stuff.{$BASE_DOMAIN} {
|
# https://stuff.{$BASE_DOMAIN} {
|
||||||
# import errorpages
|
|
||||||
# import logging
|
# import logging
|
||||||
|
# import errorpages
|
||||||
# root * /srv/stuff
|
# root * /srv/stuff
|
||||||
# file_server browse
|
# file_server browse
|
||||||
# basicauth /dev {
|
# basicauth /dev {
|
||||||
|
@ -125,20 +124,20 @@ https://md.{$BASE_DOMAIN} {
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# https://hackmd-next.{$BASE_DOMAIN} {
|
# https://hackmd-next.{$BASE_DOMAIN} {
|
||||||
# import errorpages
|
|
||||||
# import logging
|
# import logging
|
||||||
|
# import errorpages
|
||||||
# reverse_proxy codimd:3000
|
# reverse_proxy codimd:3000
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# https://amp.{$BASE_DOMAIN} {
|
# https://amp.{$BASE_DOMAIN} {
|
||||||
# import errorpages
|
|
||||||
# import logging
|
# import logging
|
||||||
|
# import errorpages
|
||||||
# reverse_proxy minecraft:8080
|
# reverse_proxy minecraft:8080
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# https://map.amp.{$BASE_DOMAIN} {
|
# https://map.amp.{$BASE_DOMAIN} {
|
||||||
# import errorpages
|
|
||||||
# import logging
|
# import logging
|
||||||
|
# import errorpages
|
||||||
# root * /srv/bluemap
|
# root * /srv/bluemap
|
||||||
# file_server
|
# file_server
|
||||||
|
|
||||||
|
|
|
@ -9,11 +9,11 @@ networks:
|
||||||
|
|
||||||
services:
|
services:
|
||||||
proxy:
|
proxy:
|
||||||
# image: caddy:2-alpine
|
image: caddy:2-alpine
|
||||||
build:
|
# build:
|
||||||
context: ./proxy
|
# context: ./proxy
|
||||||
args:
|
# args:
|
||||||
CADDY_VERSION: 2
|
# CADDY_VERSION: 2
|
||||||
container_name: proxy
|
container_name: proxy
|
||||||
restart: "${RESTART:-no}"
|
restart: "${RESTART:-no}"
|
||||||
hostname: ${BASE_DOMAIN}
|
hostname: ${BASE_DOMAIN}
|
||||||
|
|
|
@ -8,7 +8,7 @@ includes:
|
||||||
|
|
||||||
vars:
|
vars:
|
||||||
COMPOSE_FILES:
|
COMPOSE_FILES:
|
||||||
sh: touch enabled ; find ./services -iname docker-compose.yml | grep -f enabled || >&2 echo "=== No services enabled ==="
|
sh: touch enabled ; find ./services -iname docker-compose.yml | grep -f enabled || exit 0
|
||||||
COMPOSE_ARGS: -f services/docker-compose.yml -f {{.COMPOSE_FILES | splitLines | join " -f "}}
|
COMPOSE_ARGS: -f services/docker-compose.yml -f {{.COMPOSE_FILES | splitLines | join " -f "}}
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
|
|
@ -29,3 +29,8 @@ tasks:
|
||||||
- mkdir -p /usr/local/share/zsh/site-functions
|
- mkdir -p /usr/local/share/zsh/site-functions
|
||||||
- wget -O /usr/local/share/zsh/site-functions/_task https://raw.githubusercontent.com/go-task/task/master/completion/zsh/_task
|
- wget -O /usr/local/share/zsh/site-functions/_task https://raw.githubusercontent.com/go-task/task/master/completion/zsh/_task
|
||||||
|
|
||||||
|
install-rmate:
|
||||||
|
desc: Install rmate shell script
|
||||||
|
cmds:
|
||||||
|
- sudo wget -O /usr/local/bin/rmate https://raw.githubusercontent.com/textmate/rmate/master/bin/rmate
|
||||||
|
- sudo chmod a+x /usr/local/bin/rmate
|
||||||
|
|
Loading…
Reference in a new issue