General deployment #1
6 changed files with 88 additions and 82 deletions
|
@ -36,6 +36,8 @@ services:
|
|||
- AUTHENTIK_EMAIL__USE_TLS=false
|
||||
- AUTHENTIK_EMAIL__USE_SSL=false
|
||||
- AUTHENTIK_EMAIL__FROM=${AUTHENTIK_MAIL_FROM}@${BASE_DOMAIN}
|
||||
|
||||
- AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME=false
|
||||
depends_on:
|
||||
- pg-authentik
|
||||
- redis-authentik
|
||||
|
|
|
@ -13,10 +13,10 @@ networks:
|
|||
|
||||
services:
|
||||
mail:
|
||||
image: mailserver/docker-mailserver:11
|
||||
image: mailserver/docker-mailserver:12
|
||||
container_name: mail
|
||||
restart: "${RESTART:-no}"
|
||||
hostname: mail
|
||||
hostname: post
|
||||
domainname: ${BASE_DOMAIN}
|
||||
environment:
|
||||
- SSL_TYPE=letsencrypt
|
||||
|
@ -31,16 +31,16 @@ services:
|
|||
- ENABLE_POSTGREY=0
|
||||
- ENABLE_CLAMAV=0
|
||||
- ENABLE_SPAMASSASSIN=0
|
||||
- ENABLE_MANAGESIEVE=1
|
||||
- ENABLE_MANAGESIEVE=0
|
||||
- ENABLE_FAIL2BAN=0
|
||||
- TZ=${TIMEZONE}
|
||||
- POSTMASTER_ADDRESS=postmaster@${BASE_DOMAIN}
|
||||
ports:
|
||||
- "25:25"
|
||||
- "143:143"
|
||||
- "587:587"
|
||||
- "465:465"
|
||||
- "993:993"
|
||||
- "25:25" # SMTP (explicit TLS => STARTTLS)
|
||||
- "143:143" # IMAP4 (explicit TLS => STARTTLS)
|
||||
- "465:465" # ESMTP (implicit TLS)
|
||||
- "587:587" # ESMTP (explicit TLS => STARTTLS)
|
||||
- "993:993" # IMAP4 (implicit TLS)
|
||||
- "4190:4190" # managesieve
|
||||
volumes:
|
||||
# config
|
||||
|
@ -50,8 +50,8 @@ services:
|
|||
- ${BASE_DIR:-/srv}/mail/mail-state:/var/mail-state/
|
||||
- ${BASE_DIR:-/srv}/mail/mail-logs:/var/log/mail/
|
||||
# certificates
|
||||
- ${CERTS_DIR}/mail.${BASE_DOMAIN}/mail.${BASE_DOMAIN}.crt:/etc/letsencrypt/live/mail.${BASE_DOMAIN}/fullchain.pem:ro
|
||||
- ${CERTS_DIR}/mail.${BASE_DOMAIN}/mail.${BASE_DOMAIN}.key:/etc/letsencrypt/live/mail.${BASE_DOMAIN}/privkey.pem:ro
|
||||
- ${CERTS_DIR}/post.${BASE_DOMAIN}/post.${BASE_DOMAIN}.crt:/etc/letsencrypt/live/post.${BASE_DOMAIN}/fullchain.pem:ro
|
||||
- ${CERTS_DIR}/post.${BASE_DOMAIN}/post.${BASE_DOMAIN}.key:/etc/letsencrypt/live/post.${BASE_DOMAIN}/privkey.pem:ro
|
||||
# - ${CERTS_DIR}/mail.${BASE_DOMAIN}:/etc/letsencrypt/live/
|
||||
networks:
|
||||
- mail
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
(logging) {
|
||||
log {
|
||||
output stdout
|
||||
format transform "{common_log}"
|
||||
# format transform "{common_log}"
|
||||
}
|
||||
}
|
||||
|
||||
{
|
||||
local_certs
|
||||
# email {$TLS_EMAIL}
|
||||
# acme_ca {$CA_URL}
|
||||
import logging
|
||||
# local_certs
|
||||
email {$TLS_EMAIL}
|
||||
acme_ca {$CA_URL}
|
||||
}
|
||||
|
||||
(errorpages) {
|
||||
|
@ -32,91 +31,91 @@
|
|||
}
|
||||
}
|
||||
|
||||
https://{$BASE_DOMAIN} {
|
||||
import errorpages
|
||||
import logging
|
||||
reverse_proxy /_matrix* matrix:8008
|
||||
# https://{$BASE_DOMAIN} {
|
||||
# import logging
|
||||
# import errorpages
|
||||
# reverse_proxy /_matrix* matrix:8008
|
||||
|
||||
root * /srv/homepage
|
||||
file_server
|
||||
}
|
||||
# root * /srv/homepage
|
||||
# file_server
|
||||
# }
|
||||
|
||||
# https://{$BASE_DOMAIN}:8448 {
|
||||
# import errorpages
|
||||
# import logging
|
||||
# import errorpages
|
||||
# reverse_proxy matrix:8008
|
||||
# }
|
||||
|
||||
# needs to be http!
|
||||
http://autoconfig.{$BASE_DOMAIN} {
|
||||
file_server {
|
||||
root /srv/autoconfig
|
||||
}
|
||||
# http://autoconfig.{$BASE_DOMAIN} {
|
||||
# file_server {
|
||||
# root /srv/autoconfig
|
||||
# }
|
||||
# }
|
||||
|
||||
# https://echo.{$BASE_DOMAIN} {
|
||||
# import logging
|
||||
# import errorpages
|
||||
# reverse_proxy echo:8000
|
||||
# }
|
||||
|
||||
https://account.{$BASE_DOMAIN} {
|
||||
import logging
|
||||
import errorpages
|
||||
reverse_proxy authentik:80
|
||||
}
|
||||
|
||||
https://echo.{$BASE_DOMAIN} {
|
||||
https://post.{$BASE_DOMAIN} {
|
||||
import errorpages
|
||||
import logging
|
||||
reverse_proxy echo:8000
|
||||
}
|
||||
|
||||
https://auth.{$BASE_DOMAIN} {
|
||||
import errorpages
|
||||
import logging
|
||||
reverse_proxy authentik:80
|
||||
}
|
||||
# https://git.{$BASE_DOMAIN} {
|
||||
# import logging
|
||||
# import errorpages
|
||||
# reverse_proxy forgejo:3000
|
||||
# }
|
||||
|
||||
https://mail.{$BASE_DOMAIN} {
|
||||
import errorpages
|
||||
import logging
|
||||
reverse_proxy roundcube:80
|
||||
}
|
||||
# https://ci.{$BASE_DOMAIN} {
|
||||
# import logging
|
||||
# import errorpages
|
||||
# reverse_proxy woodpecker:8000
|
||||
# }
|
||||
|
||||
https://git.{$BASE_DOMAIN} {
|
||||
import errorpages
|
||||
import logging
|
||||
reverse_proxy forgejo:3000
|
||||
}
|
||||
# https://cloud.{$BASE_DOMAIN} {
|
||||
# import logging
|
||||
# import errorpages
|
||||
# redir /.well-known/carddav /remote.php/dav
|
||||
# redir /.well-known/caldav /remote.php/dav
|
||||
# redir /.well-known/webfinger /index.php/.well-known/webfinger
|
||||
# redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo
|
||||
# reverse_proxy nextcloud:80
|
||||
# }
|
||||
|
||||
https://ci.{$BASE_DOMAIN} {
|
||||
import errorpages
|
||||
import logging
|
||||
reverse_proxy woodpecker:8000
|
||||
}
|
||||
# https://passwords.{$BASE_DOMAIN} {
|
||||
# import logging
|
||||
# import errorpages
|
||||
# reverse_proxy /notifications/hub/negotiate* vaultwarden:80
|
||||
# reverse_proxy /notifications/hub* vaultwarden:3012
|
||||
# reverse_proxy vaultwarden:80
|
||||
# }
|
||||
|
||||
https://cloud.{$BASE_DOMAIN} {
|
||||
import errorpages
|
||||
import logging
|
||||
redir /.well-known/carddav /remote.php/dav
|
||||
redir /.well-known/caldav /remote.php/dav
|
||||
redir /.well-known/webfinger /index.php/.well-known/webfinger
|
||||
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo
|
||||
reverse_proxy nextcloud:80
|
||||
}
|
||||
|
||||
https://passwords.{$BASE_DOMAIN} {
|
||||
import errorpages
|
||||
import logging
|
||||
reverse_proxy /notifications/hub/negotiate* vaultwarden:80
|
||||
reverse_proxy /notifications/hub* vaultwarden:3012
|
||||
reverse_proxy vaultwarden:80
|
||||
}
|
||||
|
||||
https://md.{$BASE_DOMAIN} {
|
||||
import errorpages
|
||||
import logging
|
||||
reverse_proxy hedgedoc:3000
|
||||
}
|
||||
# https://md.{$BASE_DOMAIN} {
|
||||
# import logging
|
||||
# import errorpages
|
||||
# reverse_proxy hedgedoc:3000
|
||||
# }
|
||||
|
||||
# https://ci-demo.{$BASE_DOMAIN} {
|
||||
# import errorpages
|
||||
# import logging
|
||||
# import errorpages
|
||||
# reverse_proxy docker-ci-demo:8000
|
||||
# }
|
||||
|
||||
# https://stuff.{$BASE_DOMAIN} {
|
||||
# import errorpages
|
||||
# import logging
|
||||
# import errorpages
|
||||
# root * /srv/stuff
|
||||
# file_server browse
|
||||
# basicauth /dev {
|
||||
|
@ -125,20 +124,20 @@ https://md.{$BASE_DOMAIN} {
|
|||
# }
|
||||
|
||||
# https://hackmd-next.{$BASE_DOMAIN} {
|
||||
# import errorpages
|
||||
# import logging
|
||||
# import errorpages
|
||||
# reverse_proxy codimd:3000
|
||||
# }
|
||||
|
||||
# https://amp.{$BASE_DOMAIN} {
|
||||
# import errorpages
|
||||
# import logging
|
||||
# import errorpages
|
||||
# reverse_proxy minecraft:8080
|
||||
# }
|
||||
|
||||
# https://map.amp.{$BASE_DOMAIN} {
|
||||
# import errorpages
|
||||
# import logging
|
||||
# import errorpages
|
||||
# root * /srv/bluemap
|
||||
# file_server
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ networks:
|
|||
|
||||
services:
|
||||
proxy:
|
||||
# image: caddy:2-alpine
|
||||
build:
|
||||
context: ./proxy
|
||||
args:
|
||||
CADDY_VERSION: 2
|
||||
image: caddy:2-alpine
|
||||
# build:
|
||||
# context: ./proxy
|
||||
# args:
|
||||
# CADDY_VERSION: 2
|
||||
container_name: proxy
|
||||
restart: "${RESTART:-no}"
|
||||
hostname: ${BASE_DOMAIN}
|
||||
|
|
|
@ -8,7 +8,7 @@ includes:
|
|||
|
||||
vars:
|
||||
COMPOSE_FILES:
|
||||
sh: touch enabled ; find ./services -iname docker-compose.yml | grep -f enabled || >&2 echo "=== No services enabled ==="
|
||||
sh: touch enabled ; find ./services -iname docker-compose.yml | grep -f enabled || exit 0
|
||||
COMPOSE_ARGS: -f services/docker-compose.yml -f {{.COMPOSE_FILES | splitLines | join " -f "}}
|
||||
|
||||
tasks:
|
||||
|
|
|
@ -29,3 +29,8 @@ tasks:
|
|||
- mkdir -p /usr/local/share/zsh/site-functions
|
||||
- wget -O /usr/local/share/zsh/site-functions/_task https://raw.githubusercontent.com/go-task/task/master/completion/zsh/_task
|
||||
|
||||
install-rmate:
|
||||
desc: Install rmate shell script
|
||||
cmds:
|
||||
- sudo wget -O /usr/local/bin/rmate https://raw.githubusercontent.com/textmate/rmate/master/bin/rmate
|
||||
- sudo chmod a+x /usr/local/bin/rmate
|
||||
|
|
Loading…
Reference in a new issue