General deployment #1

Merged
carsten merged 18 commits from deploy into main 2023-09-13 22:33:47 +02:00
6 changed files with 88 additions and 82 deletions
Showing only changes of commit d81ca56ba3 - Show all commits

View file

@ -36,6 +36,8 @@ services:
- AUTHENTIK_EMAIL__USE_TLS=false - AUTHENTIK_EMAIL__USE_TLS=false
- AUTHENTIK_EMAIL__USE_SSL=false - AUTHENTIK_EMAIL__USE_SSL=false
- AUTHENTIK_EMAIL__FROM=${AUTHENTIK_MAIL_FROM}@${BASE_DOMAIN} - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_MAIL_FROM}@${BASE_DOMAIN}
- AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME=false
depends_on: depends_on:
- pg-authentik - pg-authentik
- redis-authentik - redis-authentik

View file

@ -13,10 +13,10 @@ networks:
services: services:
mail: mail:
image: mailserver/docker-mailserver:11 image: mailserver/docker-mailserver:12
container_name: mail container_name: mail
restart: "${RESTART:-no}" restart: "${RESTART:-no}"
hostname: mail hostname: post
domainname: ${BASE_DOMAIN} domainname: ${BASE_DOMAIN}
environment: environment:
- SSL_TYPE=letsencrypt - SSL_TYPE=letsencrypt
@ -31,16 +31,16 @@ services:
- ENABLE_POSTGREY=0 - ENABLE_POSTGREY=0
- ENABLE_CLAMAV=0 - ENABLE_CLAMAV=0
- ENABLE_SPAMASSASSIN=0 - ENABLE_SPAMASSASSIN=0
- ENABLE_MANAGESIEVE=1 - ENABLE_MANAGESIEVE=0
- ENABLE_FAIL2BAN=0 - ENABLE_FAIL2BAN=0
- TZ=${TIMEZONE} - TZ=${TIMEZONE}
- POSTMASTER_ADDRESS=postmaster@${BASE_DOMAIN} - POSTMASTER_ADDRESS=postmaster@${BASE_DOMAIN}
ports: ports:
- "25:25" - "25:25" # SMTP (explicit TLS => STARTTLS)
- "143:143" - "143:143" # IMAP4 (explicit TLS => STARTTLS)
- "587:587" - "465:465" # ESMTP (implicit TLS)
- "465:465" - "587:587" # ESMTP (explicit TLS => STARTTLS)
- "993:993" - "993:993" # IMAP4 (implicit TLS)
- "4190:4190" # managesieve - "4190:4190" # managesieve
volumes: volumes:
# config # config
@ -50,8 +50,8 @@ services:
- ${BASE_DIR:-/srv}/mail/mail-state:/var/mail-state/ - ${BASE_DIR:-/srv}/mail/mail-state:/var/mail-state/
- ${BASE_DIR:-/srv}/mail/mail-logs:/var/log/mail/ - ${BASE_DIR:-/srv}/mail/mail-logs:/var/log/mail/
# certificates # certificates
- ${CERTS_DIR}/mail.${BASE_DOMAIN}/mail.${BASE_DOMAIN}.crt:/etc/letsencrypt/live/mail.${BASE_DOMAIN}/fullchain.pem:ro - ${CERTS_DIR}/post.${BASE_DOMAIN}/post.${BASE_DOMAIN}.crt:/etc/letsencrypt/live/post.${BASE_DOMAIN}/fullchain.pem:ro
- ${CERTS_DIR}/mail.${BASE_DOMAIN}/mail.${BASE_DOMAIN}.key:/etc/letsencrypt/live/mail.${BASE_DOMAIN}/privkey.pem:ro - ${CERTS_DIR}/post.${BASE_DOMAIN}/post.${BASE_DOMAIN}.key:/etc/letsencrypt/live/post.${BASE_DOMAIN}/privkey.pem:ro
# - ${CERTS_DIR}/mail.${BASE_DOMAIN}:/etc/letsencrypt/live/ # - ${CERTS_DIR}/mail.${BASE_DOMAIN}:/etc/letsencrypt/live/
networks: networks:
- mail - mail

View file

@ -1,15 +1,14 @@
(logging) { (logging) {
log { log {
output stdout output stdout
format transform "{common_log}" # format transform "{common_log}"
} }
} }
{ {
local_certs # local_certs
# email {$TLS_EMAIL} email {$TLS_EMAIL}
# acme_ca {$CA_URL} acme_ca {$CA_URL}
import logging
} }
(errorpages) { (errorpages) {
@ -32,91 +31,91 @@
} }
} }
https://{$BASE_DOMAIN} { # https://{$BASE_DOMAIN} {
import errorpages # import logging
import logging # import errorpages
reverse_proxy /_matrix* matrix:8008 # reverse_proxy /_matrix* matrix:8008
root * /srv/homepage # root * /srv/homepage
file_server # file_server
} # }
# https://{$BASE_DOMAIN}:8448 { # https://{$BASE_DOMAIN}:8448 {
# import logging
# import errorpages # import errorpages
# import logging
# reverse_proxy matrix:8008 # reverse_proxy matrix:8008
# } # }
# needs to be http! # needs to be http!
http://autoconfig.{$BASE_DOMAIN} { # http://autoconfig.{$BASE_DOMAIN} {
file_server { # file_server {
root /srv/autoconfig # root /srv/autoconfig
} # }
# }
# https://echo.{$BASE_DOMAIN} {
# import logging
# import errorpages
# reverse_proxy echo:8000
# }
https://account.{$BASE_DOMAIN} {
import logging
import errorpages
reverse_proxy authentik:80
} }
https://echo.{$BASE_DOMAIN} { https://post.{$BASE_DOMAIN} {
import errorpages import errorpages
import logging import logging
reverse_proxy echo:8000 reverse_proxy echo:8000
} }
https://auth.{$BASE_DOMAIN} { # https://git.{$BASE_DOMAIN} {
import errorpages # import logging
import logging # import errorpages
reverse_proxy authentik:80 # reverse_proxy forgejo:3000
} # }
https://mail.{$BASE_DOMAIN} { # https://ci.{$BASE_DOMAIN} {
import errorpages # import logging
import logging # import errorpages
reverse_proxy roundcube:80 # reverse_proxy woodpecker:8000
} # }
https://git.{$BASE_DOMAIN} { # https://cloud.{$BASE_DOMAIN} {
import errorpages # import logging
import logging # import errorpages
reverse_proxy forgejo:3000 # redir /.well-known/carddav /remote.php/dav
} # redir /.well-known/caldav /remote.php/dav
# redir /.well-known/webfinger /index.php/.well-known/webfinger
# redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo
# reverse_proxy nextcloud:80
# }
https://ci.{$BASE_DOMAIN} { # https://passwords.{$BASE_DOMAIN} {
import errorpages # import logging
import logging # import errorpages
reverse_proxy woodpecker:8000 # reverse_proxy /notifications/hub/negotiate* vaultwarden:80
} # reverse_proxy /notifications/hub* vaultwarden:3012
# reverse_proxy vaultwarden:80
# }
https://cloud.{$BASE_DOMAIN} { # https://md.{$BASE_DOMAIN} {
import errorpages # import logging
import logging # import errorpages
redir /.well-known/carddav /remote.php/dav # reverse_proxy hedgedoc:3000
redir /.well-known/caldav /remote.php/dav # }
redir /.well-known/webfinger /index.php/.well-known/webfinger
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo
reverse_proxy nextcloud:80
}
https://passwords.{$BASE_DOMAIN} {
import errorpages
import logging
reverse_proxy /notifications/hub/negotiate* vaultwarden:80
reverse_proxy /notifications/hub* vaultwarden:3012
reverse_proxy vaultwarden:80
}
https://md.{$BASE_DOMAIN} {
import errorpages
import logging
reverse_proxy hedgedoc:3000
}
# https://ci-demo.{$BASE_DOMAIN} { # https://ci-demo.{$BASE_DOMAIN} {
# import logging
# import errorpages # import errorpages
# import logging
# reverse_proxy docker-ci-demo:8000 # reverse_proxy docker-ci-demo:8000
# } # }
# https://stuff.{$BASE_DOMAIN} { # https://stuff.{$BASE_DOMAIN} {
# import logging
# import errorpages # import errorpages
# import logging
# root * /srv/stuff # root * /srv/stuff
# file_server browse # file_server browse
# basicauth /dev { # basicauth /dev {
@ -125,20 +124,20 @@ https://md.{$BASE_DOMAIN} {
# } # }
# https://hackmd-next.{$BASE_DOMAIN} { # https://hackmd-next.{$BASE_DOMAIN} {
# import logging
# import errorpages # import errorpages
# import logging
# reverse_proxy codimd:3000 # reverse_proxy codimd:3000
# } # }
# https://amp.{$BASE_DOMAIN} { # https://amp.{$BASE_DOMAIN} {
# import logging
# import errorpages # import errorpages
# import logging
# reverse_proxy minecraft:8080 # reverse_proxy minecraft:8080
# } # }
# https://map.amp.{$BASE_DOMAIN} { # https://map.amp.{$BASE_DOMAIN} {
# import logging
# import errorpages # import errorpages
# import logging
# root * /srv/bluemap # root * /srv/bluemap
# file_server # file_server

View file

@ -9,11 +9,11 @@ networks:
services: services:
proxy: proxy:
# image: caddy:2-alpine image: caddy:2-alpine
build: # build:
context: ./proxy # context: ./proxy
args: # args:
CADDY_VERSION: 2 # CADDY_VERSION: 2
container_name: proxy container_name: proxy
restart: "${RESTART:-no}" restart: "${RESTART:-no}"
hostname: ${BASE_DOMAIN} hostname: ${BASE_DOMAIN}

View file

@ -8,7 +8,7 @@ includes:
vars: vars:
COMPOSE_FILES: COMPOSE_FILES:
sh: touch enabled ; find ./services -iname docker-compose.yml | grep -f enabled || >&2 echo "=== No services enabled ===" sh: touch enabled ; find ./services -iname docker-compose.yml | grep -f enabled || exit 0
COMPOSE_ARGS: -f services/docker-compose.yml -f {{.COMPOSE_FILES | splitLines | join " -f "}} COMPOSE_ARGS: -f services/docker-compose.yml -f {{.COMPOSE_FILES | splitLines | join " -f "}}
tasks: tasks:

View file

@ -29,3 +29,8 @@ tasks:
- mkdir -p /usr/local/share/zsh/site-functions - mkdir -p /usr/local/share/zsh/site-functions
- wget -O /usr/local/share/zsh/site-functions/_task https://raw.githubusercontent.com/go-task/task/master/completion/zsh/_task - wget -O /usr/local/share/zsh/site-functions/_task https://raw.githubusercontent.com/go-task/task/master/completion/zsh/_task
install-rmate:
desc: Install rmate shell script
cmds:
- sudo wget -O /usr/local/bin/rmate https://raw.githubusercontent.com/textmate/rmate/master/bin/rmate
- sudo chmod a+x /usr/local/bin/rmate