General deployment #1

Merged
carsten merged 18 commits from deploy into main 2023-09-13 22:33:47 +02:00
6 changed files with 88 additions and 82 deletions
Showing only changes of commit d81ca56ba3 - Show all commits

View file

@ -36,6 +36,8 @@ services:
- AUTHENTIK_EMAIL__USE_TLS=false
- AUTHENTIK_EMAIL__USE_SSL=false
- AUTHENTIK_EMAIL__FROM=${AUTHENTIK_MAIL_FROM}@${BASE_DOMAIN}
- AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME=false
depends_on:
- pg-authentik
- redis-authentik

View file

@ -13,10 +13,10 @@ networks:
services:
mail:
image: mailserver/docker-mailserver:11
image: mailserver/docker-mailserver:12
container_name: mail
restart: "${RESTART:-no}"
hostname: mail
hostname: post
domainname: ${BASE_DOMAIN}
environment:
- SSL_TYPE=letsencrypt
@ -31,16 +31,16 @@ services:
- ENABLE_POSTGREY=0
- ENABLE_CLAMAV=0
- ENABLE_SPAMASSASSIN=0
- ENABLE_MANAGESIEVE=1
- ENABLE_MANAGESIEVE=0
- ENABLE_FAIL2BAN=0
- TZ=${TIMEZONE}
- POSTMASTER_ADDRESS=postmaster@${BASE_DOMAIN}
ports:
- "25:25"
- "143:143"
- "587:587"
- "465:465"
- "993:993"
- "25:25" # SMTP (explicit TLS => STARTTLS)
- "143:143" # IMAP4 (explicit TLS => STARTTLS)
- "465:465" # ESMTP (implicit TLS)
- "587:587" # ESMTP (explicit TLS => STARTTLS)
- "993:993" # IMAP4 (implicit TLS)
- "4190:4190" # managesieve
volumes:
# config
@ -50,8 +50,8 @@ services:
- ${BASE_DIR:-/srv}/mail/mail-state:/var/mail-state/
- ${BASE_DIR:-/srv}/mail/mail-logs:/var/log/mail/
# certificates
- ${CERTS_DIR}/mail.${BASE_DOMAIN}/mail.${BASE_DOMAIN}.crt:/etc/letsencrypt/live/mail.${BASE_DOMAIN}/fullchain.pem:ro
- ${CERTS_DIR}/mail.${BASE_DOMAIN}/mail.${BASE_DOMAIN}.key:/etc/letsencrypt/live/mail.${BASE_DOMAIN}/privkey.pem:ro
- ${CERTS_DIR}/post.${BASE_DOMAIN}/post.${BASE_DOMAIN}.crt:/etc/letsencrypt/live/post.${BASE_DOMAIN}/fullchain.pem:ro
- ${CERTS_DIR}/post.${BASE_DOMAIN}/post.${BASE_DOMAIN}.key:/etc/letsencrypt/live/post.${BASE_DOMAIN}/privkey.pem:ro
# - ${CERTS_DIR}/mail.${BASE_DOMAIN}:/etc/letsencrypt/live/
networks:
- mail

View file

@ -1,15 +1,14 @@
(logging) {
log {
output stdout
format transform "{common_log}"
# format transform "{common_log}"
}
}
{
local_certs
# email {$TLS_EMAIL}
# acme_ca {$CA_URL}
import logging
# local_certs
email {$TLS_EMAIL}
acme_ca {$CA_URL}
}
(errorpages) {
@ -32,91 +31,91 @@
}
}
https://{$BASE_DOMAIN} {
import errorpages
import logging
reverse_proxy /_matrix* matrix:8008
# https://{$BASE_DOMAIN} {
# import logging
# import errorpages
# reverse_proxy /_matrix* matrix:8008
root * /srv/homepage
file_server
}
# root * /srv/homepage
# file_server
# }
# https://{$BASE_DOMAIN}:8448 {
# import errorpages
# import logging
# import errorpages
# reverse_proxy matrix:8008
# }
# needs to be http!
http://autoconfig.{$BASE_DOMAIN} {
file_server {
root /srv/autoconfig
}
# http://autoconfig.{$BASE_DOMAIN} {
# file_server {
# root /srv/autoconfig
# }
# }
# https://echo.{$BASE_DOMAIN} {
# import logging
# import errorpages
# reverse_proxy echo:8000
# }
https://account.{$BASE_DOMAIN} {
import logging
import errorpages
reverse_proxy authentik:80
}
https://echo.{$BASE_DOMAIN} {
https://post.{$BASE_DOMAIN} {
import errorpages
import logging
reverse_proxy echo:8000
}
https://auth.{$BASE_DOMAIN} {
import errorpages
import logging
reverse_proxy authentik:80
}
# https://git.{$BASE_DOMAIN} {
# import logging
# import errorpages
# reverse_proxy forgejo:3000
# }
https://mail.{$BASE_DOMAIN} {
import errorpages
import logging
reverse_proxy roundcube:80
}
# https://ci.{$BASE_DOMAIN} {
# import logging
# import errorpages
# reverse_proxy woodpecker:8000
# }
https://git.{$BASE_DOMAIN} {
import errorpages
import logging
reverse_proxy forgejo:3000
}
# https://cloud.{$BASE_DOMAIN} {
# import logging
# import errorpages
# redir /.well-known/carddav /remote.php/dav
# redir /.well-known/caldav /remote.php/dav
# redir /.well-known/webfinger /index.php/.well-known/webfinger
# redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo
# reverse_proxy nextcloud:80
# }
https://ci.{$BASE_DOMAIN} {
import errorpages
import logging
reverse_proxy woodpecker:8000
}
# https://passwords.{$BASE_DOMAIN} {
# import logging
# import errorpages
# reverse_proxy /notifications/hub/negotiate* vaultwarden:80
# reverse_proxy /notifications/hub* vaultwarden:3012
# reverse_proxy vaultwarden:80
# }
https://cloud.{$BASE_DOMAIN} {
import errorpages
import logging
redir /.well-known/carddav /remote.php/dav
redir /.well-known/caldav /remote.php/dav
redir /.well-known/webfinger /index.php/.well-known/webfinger
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo
reverse_proxy nextcloud:80
}
https://passwords.{$BASE_DOMAIN} {
import errorpages
import logging
reverse_proxy /notifications/hub/negotiate* vaultwarden:80
reverse_proxy /notifications/hub* vaultwarden:3012
reverse_proxy vaultwarden:80
}
https://md.{$BASE_DOMAIN} {
import errorpages
import logging
reverse_proxy hedgedoc:3000
}
# https://md.{$BASE_DOMAIN} {
# import logging
# import errorpages
# reverse_proxy hedgedoc:3000
# }
# https://ci-demo.{$BASE_DOMAIN} {
# import errorpages
# import logging
# import errorpages
# reverse_proxy docker-ci-demo:8000
# }
# https://stuff.{$BASE_DOMAIN} {
# import errorpages
# import logging
# import errorpages
# root * /srv/stuff
# file_server browse
# basicauth /dev {
@ -125,20 +124,20 @@ https://md.{$BASE_DOMAIN} {
# }
# https://hackmd-next.{$BASE_DOMAIN} {
# import errorpages
# import logging
# import errorpages
# reverse_proxy codimd:3000
# }
# https://amp.{$BASE_DOMAIN} {
# import errorpages
# import logging
# import errorpages
# reverse_proxy minecraft:8080
# }
# https://map.amp.{$BASE_DOMAIN} {
# import errorpages
# import logging
# import errorpages
# root * /srv/bluemap
# file_server

View file

@ -9,11 +9,11 @@ networks:
services:
proxy:
# image: caddy:2-alpine
build:
context: ./proxy
args:
CADDY_VERSION: 2
image: caddy:2-alpine
# build:
# context: ./proxy
# args:
# CADDY_VERSION: 2
container_name: proxy
restart: "${RESTART:-no}"
hostname: ${BASE_DOMAIN}

View file

@ -8,7 +8,7 @@ includes:
vars:
COMPOSE_FILES:
sh: touch enabled ; find ./services -iname docker-compose.yml | grep -f enabled || >&2 echo "=== No services enabled ==="
sh: touch enabled ; find ./services -iname docker-compose.yml | grep -f enabled || exit 0
COMPOSE_ARGS: -f services/docker-compose.yml -f {{.COMPOSE_FILES | splitLines | join " -f "}}
tasks:

View file

@ -29,3 +29,8 @@ tasks:
- mkdir -p /usr/local/share/zsh/site-functions
- wget -O /usr/local/share/zsh/site-functions/_task https://raw.githubusercontent.com/go-task/task/master/completion/zsh/_task
install-rmate:
desc: Install rmate shell script
cmds:
- sudo wget -O /usr/local/bin/rmate https://raw.githubusercontent.com/textmate/rmate/master/bin/rmate
- sudo chmod a+x /usr/local/bin/rmate