mirror of
				https://github.com/lleene/dockerconfig.git
				synced 2025-10-26 10:49:03 +01:00 
			
		
		
		
	| @ -6,25 +6,26 @@ LABEL maintainer="Lieuwe Leene <lieuwe@leene.dev>" | |||||||
| ARG HUGO_BASE="localhost" | ARG HUGO_BASE="localhost" | ||||||
| ARG SSL_ALGO=secp521r1 | ARG SSL_ALGO=secp521r1 | ||||||
|  |  | ||||||
| RUN wget -O - "https://github.com/gohugoio/hugo/releases/download/$(wget -O - https://api.github.com/repos/gohugoio/hugo/releases/latest | grep -om 1 "/v[0-9.]*/hugo_[0-9.]*_Linux-64bit.tar.gz")" | tar -xz -C /tmp \ | RUN wget -O - "https://github.com/gohugoio/hugo/releases/download/$(wget -O - https://api.github.com/repos/gohugoio/hugo/releases/latest | grep -om 1 "v[0-9.]*/hugo_extended_[0-9.]*_Linux-64bit.tar.gz")" | tar -xz -C /tmp \ | ||||||
|     && mkdir -p /usr/local/sbin \ |     && mkdir -p /usr/local/sbin \ | ||||||
|     && mv /tmp/hugo /usr/local/sbin/hugo \ |     && mv /tmp/hugo /usr/local/sbin/hugo \ | ||||||
|     && rm -rf /tmp/${HUGO_ID}_linux_amd64 \ |     && rm -rf /tmp/${HUGO_ID}_linux_amd64 \ | ||||||
|     && rm -rf /tmp/LICENSE.md \ |     && rm -rf /tmp/LICENSE.md \ | ||||||
|     && rm -rf /tmp/README.md |     && rm -rf /tmp/README.md | ||||||
|  |  | ||||||
| RUN apk add --update git asciidoctor libc6-compat libstdc++ \ | RUN apk add --update git gcompat asciidoctor libc6-compat libstdc++ \ | ||||||
|     && apk upgrade \ |     && apk upgrade \ | ||||||
|     && apk add --no-cache ca-certificates \ |     && apk add --no-cache ca-certificates \ | ||||||
|  |     && ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2 \ | ||||||
|     && git clone https://github.com/lleene/hugo-site.git /src \ |     && git clone https://github.com/lleene/hugo-site.git /src \ | ||||||
|     && git clone https://github.com/lleene/hermit.git /src/themes/hermit \ |     && git clone https://github.com/lleene/hermit.git /src/themes/hermit \ | ||||||
|     && /usr/local/sbin/hugo -b ${BASE_URL}/ -s /src -d /public --minify |     && /usr/local/sbin/hugo -b ${BASE_URL}/ -s /src -d /public --minify | ||||||
|  |  | ||||||
| RUN apk update && \ | RUN apk update && \ | ||||||
|   apk add --no-cache openssl && \ |     apk add --no-cache openssl && \ | ||||||
|   rm -rf /var/cache/apk/* |     rm -rf /var/cache/apk/* | ||||||
|  |  | ||||||
| RUN mkdir -p /etc/letsencrypt/live | WORKDIR /etc/letsencrypt/live | ||||||
|  |  | ||||||
| RUN openssl ecparam -name ${SSL_ALGO} -genkey | openssl pkey -out /etc/letsencrypt/live/ecprivkey.pem && \ | RUN openssl ecparam -name ${SSL_ALGO} -genkey | openssl pkey -out /etc/letsencrypt/live/ecprivkey.pem && \ | ||||||
|     openssl pkey -in /etc/letsencrypt/live/ecprivkey.pem -pubout -out /etc/letsencrypt/live/ecpubkey.pem  |     openssl pkey -in /etc/letsencrypt/live/ecprivkey.pem -pubout -out /etc/letsencrypt/live/ecpubkey.pem  | ||||||
|  | |||||||
							
								
								
									
										2
									
								
								config/mail/postfix-policyd-spf.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								config/mail/postfix-policyd-spf.conf
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,2 @@ | |||||||
|  | Whitelist = 192.168.0.0/31,192.168.1.0/30 | ||||||
|  | Domain_Whitelist = dockerize_internalnet | ||||||
							
								
								
									
										8
									
								
								config/nginx/Dockerfile
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								config/nginx/Dockerfile
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,8 @@ | |||||||
|  | FROM python:3.6 | ||||||
|  |  | ||||||
|  | LABEL description="Certbot + nginxproxy soft-linker." | ||||||
|  | LABEL maintainer="Lieuwe Leene <lieuwe@leene.dev>" | ||||||
|  |  | ||||||
|  | COPY ./link_certificates.py /usr/bin/link_certificates.py | ||||||
|  |  | ||||||
|  | RUN python /usr/bin/link_certificates.py /etc/letsencrypt/live | ||||||
							
								
								
									
										1
									
								
								config/nginx/credentials.ini
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								config/nginx/credentials.ini
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1 @@ | |||||||
|  | dns_google_domains_access_token = $GOOGLE_ACCESS_TOKEN | ||||||
							
								
								
									
										31
									
								
								config/nginx/link_certificates.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										31
									
								
								config/nginx/link_certificates.py
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,31 @@ | |||||||
|  | #!/usr/bin/env python3 | ||||||
|  |  | ||||||
|  | import os | ||||||
|  | import sys | ||||||
|  | import shutil | ||||||
|  |  | ||||||
|  | cert_dir = "/etc/letsencrypt/live" | ||||||
|  |  | ||||||
|  | def main(): | ||||||
|  |     if not os.access(cert_dir, os.W_OK) or not os.path.isdir(cert_dir): | ||||||
|  |         raise RuntimeError(f"Cannot access certificat directory: {cert_dir}.") | ||||||
|  |     base_domain = sys.argv[1] | ||||||
|  |     key_file = os.path.join(cert_dir, base_domain, "privkey.pem") | ||||||
|  |     cert_file = os.path.join(cert_dir, base_domain, "fullchain.pem") | ||||||
|  |     for domain in sys.argv[2:]: | ||||||
|  |         print(f"linking {domain} in {base_domain}") | ||||||
|  |         symlink = os.path.join(cert_dir, f"{domain}.{base_domain}.key") | ||||||
|  |         if os.path.isfile(symlink): | ||||||
|  |             os.remove(symlink) | ||||||
|  |         shutil.copy(key_file, symlink) | ||||||
|  |         symlink = os.path.join(cert_dir, f"{domain}.{base_domain}.crt") | ||||||
|  |         if os.path.isfile(symlink): | ||||||
|  |             os.remove(symlink) | ||||||
|  |         shutil.copy(cert_file, symlink) | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  | if __name__ == "__main__": | ||||||
|  |     sys.exit(main()) | ||||||
|  |  | ||||||
|  | # eof | ||||||
| @ -5,14 +5,26 @@ networks: | |||||||
|     driver: bridge |     driver: bridge | ||||||
|     enable_ipv6: false |     enable_ipv6: false | ||||||
|  |  | ||||||
|  | x-mail: | ||||||
| x-mail: &defaults |   &defaults | ||||||
|   restart: always |   restart: unless-stopped | ||||||
|   env_file: local.env |   env_file: local.env | ||||||
|   networks: |   networks: | ||||||
|     - internalnet |     - internalnet | ||||||
|  |  | ||||||
| services: | services: | ||||||
|  |  | ||||||
|  |   certbot: | ||||||
|  |     <<: *defaults | ||||||
|  |     image: certbot/dns-cloudflare | ||||||
|  |     container_name: certbot | ||||||
|  |     command: certonly --non-interactive --dns-cloudflare --dns-cloudflare-credentials /config/credentials.ini --agree-tos --email admin@${NGINX_HOST} -d ${NGINX_HOST} -d lieuwe.${NGINX_HOST} -d mail.${NGINX_HOST} -d inbox.${NGINX_HOST} -d nextcloud.${NGINX_HOST} -d git.${NGINX_HOST} -d autodiscover.${NGINX_HOST} --server https://acme-v02.api.letsencrypt.org/directory | ||||||
|  |     volumes: | ||||||
|  |       - certbot_state:/var/lib/letsencrypt:z | ||||||
|  |       - nginx_archive:/etc/letsencrypt/archive:z | ||||||
|  |       - nginx_certs:/etc/letsencrypt/live:z | ||||||
|  |       - ./config/nginx/credentials.ini:/config/credentials.ini:z | ||||||
|  |  | ||||||
|   hugo-html: |   hugo-html: | ||||||
|     networks: |     networks: | ||||||
|       - internalnet |       - internalnet | ||||||
| @ -23,7 +35,6 @@ services: | |||||||
|         HUGO_BASE: lieuwe.${NGINX_HOST} |         HUGO_BASE: lieuwe.${NGINX_HOST} | ||||||
|     volumes: |     volumes: | ||||||
|       - hugo_data:/public:z |       - hugo_data:/public:z | ||||||
|       - nginx_certs:/etc/letsencrypt/live:z |  | ||||||
|  |  | ||||||
|   hugo-site: |   hugo-site: | ||||||
|     <<: *defaults |     <<: *defaults | ||||||
| @ -52,6 +63,11 @@ services: | |||||||
|       - ./config/pg-init-scripts:/docker-entrypoint-initdb.d:ro,z |       - ./config/pg-init-scripts:/docker-entrypoint-initdb.d:ro,z | ||||||
|     ports: |     ports: | ||||||
|       - "5432:5432" |       - "5432:5432" | ||||||
|  |     healthcheck: | ||||||
|  |       test: "pg_isready" | ||||||
|  |       timeout: 45s | ||||||
|  |       interval: 10s | ||||||
|  |       retries: 10 | ||||||
|  |  | ||||||
|   nextcloud: |   nextcloud: | ||||||
|     <<: *defaults |     <<: *defaults | ||||||
| @ -74,7 +90,8 @@ services: | |||||||
|       - SMTP_NAME=admin@${NGINX_HOST} |       - SMTP_NAME=admin@${NGINX_HOST} | ||||||
|       - SMTP_PASSWORD=${SQL_PSWD} |       - SMTP_PASSWORD=${SQL_PSWD} | ||||||
|     depends_on: |     depends_on: | ||||||
|       - pgsqlserver |       pgsqlserver: | ||||||
|  |         condition: service_healthy | ||||||
|     links: |     links: | ||||||
|       - pgsqlserver |       - pgsqlserver | ||||||
|     expose: |     expose: | ||||||
| @ -99,13 +116,15 @@ services: | |||||||
|       - GITEA__server__KEY_FILE=/etc/letsencrypt/live/git.${NGINX_HOST}.key |       - GITEA__server__KEY_FILE=/etc/letsencrypt/live/git.${NGINX_HOST}.key | ||||||
|     volumes: |     volumes: | ||||||
|       - gitea_data:/data:z |       - gitea_data:/data:z | ||||||
|  |       - nginx_archive:/etc/letsencrypt/archive:ro,z | ||||||
|       - nginx_certs:/etc/letsencrypt/live:ro,z |       - nginx_certs:/etc/letsencrypt/live:ro,z | ||||||
|     expose: |     expose: | ||||||
|       - "3000" |       - "3000" | ||||||
|     ports: |     ports: | ||||||
|       - "222:22" |       - "222:22" | ||||||
|     depends_on: |     depends_on: | ||||||
|       - pgsqlserver |       pgsqlserver: | ||||||
|  |         condition: service_healthy | ||||||
|     links: |     links: | ||||||
|       - pgsqlserver |       - pgsqlserver | ||||||
|  |  | ||||||
| @ -122,7 +141,8 @@ services: | |||||||
|       - ROUNDCUBEMAIL_SMTP_SERVER=tls://${NGINX_HOST} |       - ROUNDCUBEMAIL_SMTP_SERVER=tls://${NGINX_HOST} | ||||||
|       - ROUNDCUBEMAIL_DB_PASSWORD=${SQL_PSWD} |       - ROUNDCUBEMAIL_DB_PASSWORD=${SQL_PSWD} | ||||||
|     depends_on: |     depends_on: | ||||||
|       - pgsqlserver |       pgsqlserver: | ||||||
|  |         condition: service_healthy | ||||||
|     links: |     links: | ||||||
|       - pgsqlserver |       - pgsqlserver | ||||||
|     expose: |     expose: | ||||||
| @ -152,18 +172,18 @@ services: | |||||||
|       - "587:587" |       - "587:587" | ||||||
|       - "993:993" |       - "993:993" | ||||||
|     volumes: |     volumes: | ||||||
|  |       - nginx_archive:/etc/letsencrypt/archive:ro,z | ||||||
|       - nginx_certs:/etc/letsencrypt/live:ro,z |       - nginx_certs:/etc/letsencrypt/live:ro,z | ||||||
|       - mail_data:/var/mail/:z |       - mail_data:/var/mail/:z | ||||||
|       - mail_state:/var/mail-state/:z |       - mail_state:/var/mail-state/:z | ||||||
|       - mail_config:/tmp/docker-mailserver/:z |       - mail_config:/tmp/docker-mailserver/:z | ||||||
|  |       - ./config/mail/postfix-policyd-spf.conf:/etc/postfix-policyd-spf-python/policyd-spf.conf:ro,z | ||||||
|     cap_add: |     cap_add: | ||||||
|       - NET_ADMIN |       - NET_ADMIN | ||||||
|     depends_on: |  | ||||||
|       - ddnsgd |  | ||||||
|  |  | ||||||
|   reverse-proxy: |   reverse-proxy: | ||||||
|     <<: *defaults |     <<: *defaults | ||||||
|     image: nginxproxy/nginx-proxy |     image: nginxproxy/nginx-proxy:1.2.3 | ||||||
|     container_name: nginx-proxy |     container_name: nginx-proxy | ||||||
|     environment: |     environment: | ||||||
|       - DEFAULT_EMAIL=admin@${NGINX_HOST} |       - DEFAULT_EMAIL=admin@${NGINX_HOST} | ||||||
| @ -174,6 +194,7 @@ services: | |||||||
|       - nginx_html:/usr/share/nginx/html:z |       - nginx_html:/usr/share/nginx/html:z | ||||||
|       - nginx_conf:/etc/nginx/conf.d/:z |       - nginx_conf:/etc/nginx/conf.d/:z | ||||||
|       - nginx_dhparam:/etc/nginx/dhparam:z |       - nginx_dhparam:/etc/nginx/dhparam:z | ||||||
|  |       - nginx_archive:/etc/nginx/archive/:ro,z | ||||||
|       - nginx_certs:/etc/nginx/certs/:z |       - nginx_certs:/etc/nginx/certs/:z | ||||||
|       - nginx_vhost:/etc/nginx/vhost.d/:z |       - nginx_vhost:/etc/nginx/vhost.d/:z | ||||||
|       - mail_html:/var/www/roundcube:z |       - mail_html:/var/www/roundcube:z | ||||||
| @ -182,55 +203,14 @@ services: | |||||||
|       - ./config/nginx/nextcloud_location:/etc/nginx/vhost.d/nextcloud.${NGINX_HOST}_location:ro,z |       - ./config/nginx/nextcloud_location:/etc/nginx/vhost.d/nextcloud.${NGINX_HOST}_location:ro,z | ||||||
|       - ./config/nginx/header_default:/etc/nginx/vhost.d/default:z |       - ./config/nginx/header_default:/etc/nginx/vhost.d/default:z | ||||||
|       - /var/run/docker.sock:/tmp/docker.sock:ro,z |       - /var/run/docker.sock:/tmp/docker.sock:ro,z | ||||||
|     depends_on: |  | ||||||
|       - ddnsgd |  | ||||||
|  |  | ||||||
|   acme-companion: |  | ||||||
|     <<: *defaults |  | ||||||
|     image: nginxproxy/acme-companion |  | ||||||
|     container_name: nginx-proxy-acme |  | ||||||
|     volumes_from: |  | ||||||
|       - reverse-proxy |  | ||||||
|     volumes: |  | ||||||
|       - acme-state:/etc/acme.sh |  | ||||||
|       - /var/run/docker.sock:/var/run/docker.sock:ro,z |  | ||||||
|     depends_on: |  | ||||||
|       - ddnsgd |  | ||||||
|  |  | ||||||
|   ddnsgd: |  | ||||||
|     <<: *defaults |  | ||||||
|     container_name: "ddnsgd" |  | ||||||
|     image: "ghcr.io/dominickbrasileiro/ddnsgd" |  | ||||||
|     environment: |  | ||||||
|       - HOSTNAME=${NGINX_HOST} |  | ||||||
|       - USERNAME=${GDNS_USERNAME} |  | ||||||
|       - PASSWORD=${GDNS_PASSWORD} |  | ||||||
|       - INTERVAL=9000 |  | ||||||
|  |  | ||||||
|   autodiscover: |  | ||||||
|     <<: *defaults |  | ||||||
|     image: monogramm/autodiscover-email-settings:latest |  | ||||||
|     container_name: autodiscover |  | ||||||
|     environment: |  | ||||||
|       - VIRTUAL_HOST=autodiscover.${NGINX_HOST},autoconfig.${NGINX_HOST} |  | ||||||
|       - VIRTUAL_PORT=8000 |  | ||||||
|       - LETSENCRYPT_HOST=autodiscover.${NGINX_HOST},autoconfig.${NGINX_HOST} |  | ||||||
|       - DOMAIN=${NGINX_HOST} |  | ||||||
|       - IMAP_HOST=mail.${NGINX_HOST} |  | ||||||
|       - IMAP_PORT=1993 |  | ||||||
|       - IMAP_SOCKET=SSL |  | ||||||
|       - SMTP_HOST=mail.${NGINX_HOST} |  | ||||||
|       - SMTP_PORT=587 |  | ||||||
|       - SMTP_SOCKET=STARTTLS |  | ||||||
|     expose: |  | ||||||
|       - "8000" |  | ||||||
|  |  | ||||||
| volumes: | volumes: | ||||||
|   acme-state: |   certbot_state: | ||||||
|  |   nginx_archive: | ||||||
|  |   nginx_certs: | ||||||
|   gitea_data: |   gitea_data: | ||||||
|   hugo_data: |   hugo_data: | ||||||
|   nextcloud_data: |   nextcloud_data: | ||||||
|   nginx_certs: |  | ||||||
|   nginx_dhparam: |   nginx_dhparam: | ||||||
|   nginx_html: |   nginx_html: | ||||||
|   nginx_conf: |   nginx_conf: | ||||||
|  | |||||||
							
								
								
									
										16
									
								
								local.env
									
									
									
									
									
								
							
							
						
						
									
										16
									
								
								local.env
									
									
									
									
									
								
							| @ -1,3 +1,4 @@ | |||||||
|  |  | ||||||
| ## Docker Env | ## Docker Env | ||||||
| PERMIT_DOCKER=network | PERMIT_DOCKER=network | ||||||
|  |  | ||||||
| @ -20,6 +21,8 @@ ENABLE_DNSBL=0 | |||||||
| ENABLE_QUOTAS=0 | ENABLE_QUOTAS=0 | ||||||
| ENABLE_POP3=0 | ENABLE_POP3=0 | ||||||
|  |  | ||||||
|  |  | ||||||
|  | ## Email Relay | ||||||
| RELAY_HOST=smtp.sendgrid.net | RELAY_HOST=smtp.sendgrid.net | ||||||
| RELAY_PORT=587 | RELAY_PORT=587 | ||||||
| RELAY_USER=apikey | RELAY_USER=apikey | ||||||
| @ -29,6 +32,7 @@ RELAY_USER=apikey | |||||||
| POSTGRES_USER="pgadmin" | POSTGRES_USER="pgadmin" | ||||||
| POSTGRES_INITDB_ARGS="--auth-host=scram-sha-256 --auth-local=scram-sha-256" | POSTGRES_INITDB_ARGS="--auth-host=scram-sha-256 --auth-local=scram-sha-256" | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Round Cube Env | ## Round Cube Env | ||||||
| ROUNDCUBEMAIL_DB_TYPE=pgsql | ROUNDCUBEMAIL_DB_TYPE=pgsql | ||||||
| ROUNDCUBEMAIL_DB_NAME=roundcube | ROUNDCUBEMAIL_DB_NAME=roundcube | ||||||
| @ -36,18 +40,22 @@ ROUNDCUBEMAIL_DB_USER=roundcube | |||||||
| ROUNDCUBEMAIL_SKIN=elastic | ROUNDCUBEMAIL_SKIN=elastic | ||||||
| ROUNDCUBEMAIL_ASPELL_DICTS=en | ROUNDCUBEMAIL_ASPELL_DICTS=en | ||||||
|  |  | ||||||
|  |  | ||||||
| ## NGINX Reverse Proxy | ## NGINX Reverse Proxy | ||||||
| NGINX_PROXY_CONTAINER=nginx-proxy | NGINX_PROXY_CONTAINER=nginx-proxy | ||||||
| LETSENCRYPT_RESTART_CONTAINER=true | LETSENCRYPT_RESTART_CONTAINER=true | ||||||
|  | ENABLE_IPV6=false | ||||||
|  |  | ||||||
|  |  | ||||||
| ## GITEA Setup | ## GITEA Setup | ||||||
|  |  | ||||||
| GITEA__server__HTTP_PORT        = 3000 | GITEA__server__HTTP_PORT        = 3000 | ||||||
| GITEA__server__DISABLE_SSH      = false | GITEA__server__DISABLE_SSH      = false | ||||||
| GITEA__server__SSH_PORT         = 222 | GITEA__server__SSH_PORT         = 222 | ||||||
| GITEA__server__SSH_LISTEN_PORT  = 222 | GITEA__server__SSH_LISTEN_PORT  = 222 | ||||||
|  | GITEA__server__DISABLE_REGISTRATION = true | ||||||
|  |  | ||||||
| GITEA__mailer__ENABLED                 = true | GITEA__mailer__ENABLED                 = true | ||||||
| GITEA__mailer__PROTOCOL                = smtp | GITEA__mailer__PROTOCOL                = sendmail | ||||||
| GITEA__mailer__SMTP_ADDR               = mailserver | GITEA__mailer__FROM                    = admin@leene.dev | ||||||
| GITEA__mailer__SMTP_PORT               = 25 | GITEA__mailer__SENDMAIL_ARGS           = -S mailserver -- | ||||||
|  |  | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user