migrate(ali): to ali server.dev

8 files changed, 34 insertions, 31 deletions

diff --git a/.editorconfig b/.editorconfig
index d28b4e3..4ff2eca 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -15,6 +15,9 @@ tab_width = 8
 indent_size = 2
 max_line_length = 80
 
+[*.{sh,bash}]
+indent_size = 2
+
 [*.{html,css,js,ts}]
 indent_size = 2
 
diff --git a/dictionary.txt b/dictionary.txt
index 139dee0..c89911c 100644
--- a/dictionary.txt
+++ b/dictionary.txt
@@ -50,6 +50,7 @@ sourceware
 zstd
 btrfs
 pacman
+rclone
 
 # hurd
 gnumach
@@ -73,9 +74,6 @@ sbuild
 sbuildrc
 schroot
 
-# commercial
-myqcloud
-
 # misc
 geodata
 geoip
diff --git a/services/docker/auto-backup/Dockerfile b/services/docker/auto-backup/Dockerfile
index e376174..147be21 100644
--- a/services/docker/auto-backup/Dockerfile
+++ b/services/docker/auto-backup/Dockerfile
@@ -1,13 +1,12 @@
 FROM debian
 RUN apt-get update && apt-get install -y \
-    tini ca-certificates coreutils tar zstd \
+    tini ca-certificates coreutils tar zstd rclone \
     && rm -rf /var/lib/apt/lists/*
 
 ENV CRUPEST_AUTO_BACKUP_INIT_DELAY=
 ENV CRUPEST_AUTO_BACKUP_INTERVAL=1d
 
-ADD --chmod=755 https://github.com/tencentyun/coscli/releases/download/v1.0.3/coscli-v1.0.3-linux-amd64 /app/coscli
-ADD daemon.bash /app/
+ADD daemon.bash rclone.conf /app/
 
 VOLUME [ "/data" ]
 
diff --git a/services/docker/auto-backup/daemon.bash b/services/docker/auto-backup/daemon.bash
index ff670e3..da9f853 100755
--- a/services/docker/auto-backup/daemon.bash
+++ b/services/docker/auto-backup/daemon.bash
@@ -20,16 +20,17 @@ if [[ -z "$CRUPEST_AUTO_BACKUP_INTERVAL" ]]; then
 fi
 
 note "Checking secrets..."
-[[ -n "$CRUPEST_AUTO_BACKUP_COS_ENDPOINT" ]] || die "COS endpoint not set!"
-[[ -n "$CRUPEST_AUTO_BACKUP_COS_BUCKET" ]] || die "COS bucket not set!"
-[[ -n "$CRUPEST_AUTO_BACKUP_COS_SECRET_ID" ]] || die "COS secret ID not set!"
-[[ -n "$CRUPEST_AUTO_BACKUP_COS_SECRET_KEY" ]] || die "COS secret key not set!"
+[[ -n "$RCLONE_S3_PROVIDER" ]] || die "S3 provider not set!"
+[[ -n "$RCLONE_S3_ENDPOINT" ]] || die "S3 endpoint not set!"
+[[ -n "$RCLONE_S3_ACCESS_KEY_ID" ]] || die "S3 AccessKey ID not set!"
+[[ -n "$RCLONE_S3_SECRET_ACCESS_KEY" ]] || die "S3 AccessKey Secret not set!"
+[[ -n "$CRUPEST_AUTO_BACKUP_S3_BUCKET" ]] || die "S3 bucket not set!"
 success "Secrets check passed."
 
 note "Checking tools..."
 tar --version
 zstd --version
-/app/coscli --version
+rclone --version
 success "Tools check passed."
 
 echo "Backup interval set to $CRUPEST_AUTO_BACKUP_INTERVAL..."
@@ -57,13 +58,10 @@ function backup {
   du -h "$tmp_file" | cut -f1 | xargs echo "Size of $tmp_file:"
 
   des_file_name="$current_time.$backup_file_ext"
-  echo "Upload $des_file_name to COS..."
+  echo "Upload $des_file_name to S3..."
 
-  /app/coscli --init-skip \
-    --secret-id "${CRUPEST_AUTO_BACKUP_COS_SECRET_ID}" \
-    --secret-key "${CRUPEST_AUTO_BACKUP_COS_SECRET_KEY}" \
-    --endpoint "${CRUPEST_AUTO_BACKUP_COS_ENDPOINT}" \
-    cp "$tmp_file" "cos://${CRUPEST_AUTO_BACKUP_COS_BUCKET}/$des_file_name"
+  rclone --config=/app/rclone.conf copyto \
+    "$tmp_file" "remote://${CRUPEST_AUTO_BACKUP_S3_BUCKET}/$des_file_name"
 
   echo "Remove tmp file..."
   rm "$tmp_file"
diff --git a/services/docker/auto-backup/rclone.conf b/services/docker/auto-backup/rclone.conf
new file mode 100644
index 0000000..bfcbbc3
--- /dev/null
+++ b/services/docker/auto-backup/rclone.conf
@@ -0,0 +1,4 @@
+[remote]
+type = s3
+env_auth = true
+no_head = true
diff --git a/services/templates/docker-compose.yaml.template b/services/templates/docker-compose.yaml.template
index e133462..ddd3c95 100644
--- a/services/templates/docker-compose.yaml.template
+++ b/services/templates/docker-compose.yaml.template
@@ -47,7 +47,7 @@ services:
     restart: on-failure:3
 
   mailserver:
-    image: docker.io/mailserver/docker-mailserver:latest
+    image: ghcr.io/docker-mailserver/docker-mailserver:latest
     pull_policy: always
     container_name: mailserver
     hostname: mail.@@CRUPEST_DOMAIN@@
diff --git a/services/templates/envs/auto-backup.env.template b/services/templates/envs/auto-backup.env.template
index c2a6ba9..59d5fed 100644
--- a/services/templates/envs/auto-backup.env.template
+++ b/services/templates/envs/auto-backup.env.template
@@ -1,4 +1,5 @@
-CRUPEST_AUTO_BACKUP_COS_ENDPOINT=@@CRUPEST_AUTO_BACKUP_COS_ENDPOINT@@
-CRUPEST_AUTO_BACKUP_COS_BUCKET=@@CRUPEST_AUTO_BACKUP_COS_BUCKET@@
-CRUPEST_AUTO_BACKUP_COS_SECRET_ID=@@CRUPEST_AUTO_BACKUP_COS_SECRET_ID@@
-CRUPEST_AUTO_BACKUP_COS_SECRET_KEY=@@CRUPEST_AUTO_BACKUP_COS_SECRET_KEY@@
+RCLONE_S3_PROVIDER=@@CRUPEST_AUTO_BACKUP_S3_PROVIDER@@
+RCLONE_S3_ENDPOINT=@@CRUPEST_AUTO_BACKUP_S3_ENDPOINT@@
+RCLONE_S3_ACCESS_KEY_ID=@@CRUPEST_AUTO_BACKUP_S3_ACCESS_KEY_ID@@
+RCLONE_S3_SECRET_ACCESS_KEY=@@CRUPEST_AUTO_BACKUP_S3_ACCESS_KEY_SECRET@@
+CRUPEST_AUTO_BACKUP_S3_BUCKET=@@CRUPEST_AUTO_BACKUP_S3_BUCKET@@
diff --git a/services/templates/envs/mailserver.env b/services/templates/envs/mailserver.env.template
index 9b12dfe..dffb0e8 100644
--- a/services/templates/envs/mailserver.env
+++ b/services/templates/envs/mailserver.env.template
@@ -89,10 +89,10 @@ TLS_LEVEL=
 # Configures the handling of creating mails with forged sender addresses.
 #
 # **0** => (not recommended) Mail address spoofing allowed. Any logged in user may create email messages with a forged sender address (see also https://en.wikipedia.org/wiki/Email_spoofing).
-# 1 => Mail spoofing denied. Each user may only send with his own or his alias addresses. Addresses with extension delimiters(http://www.postfix.org/postconf.5.html#recipient_delimiter) are not able to send messages.
+# 1 => Mail spoofing denied. Each user may only send with their own or their alias addresses. Addresses with extension delimiters(http://www.postfix.org/postconf.5.html#recipient_delimiter) are not able to send messages.
 SPOOF_PROTECTION=
 
-# Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as forwarder. See [postsrsd](https://github.com/roehling/postsrsd/blob/master/README.md#sender-rewriting-scheme-crash-course) for further explanation.
+# Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as forwarder. See [postsrsd](https://github.com/roehling/postsrsd/blob/main/README.rst) for further explanation.
 #  - **0** => Disabled
 #  - 1 => Enabled
 ENABLE_SRS=0
@@ -154,7 +154,7 @@ ENABLE_RSPAMD_REDIS=
 #
 # **0** => disabled
 # 1     => enabled
-RSPAMD_LEARN=0
+RSPAMD_LEARN=1
 
 # This settings controls whether checks should be performed on emails coming
 # from authenticated users (i.e. most likely outgoing emails). The default value
@@ -171,7 +171,7 @@ RSPAMD_CHECK_AUTHENTICATED=0
 #
 # **0** => disabled
 # 1     => enabled
-RSPAMD_GREYLISTING=1
+RSPAMD_GREYLISTING=0
 
 # Can be used to enable or disable the Hfilter group module.
 #
@@ -508,7 +508,7 @@ DOVECOT_MAILBOX_FORMAT=maildir
 
 # empty => no
 # yes => Allow bind authentication for LDAP
-# https://wiki.dovecot.org/AuthDatabase/LDAP/AuthBinds
+# https://doc.dovecot.org/2.4.0/core/config/auth/databases/ldap.html#authentication-bind
 DOVECOT_AUTH_BIND=
 
 # -----------------------------------------------
@@ -631,7 +631,7 @@ SRS_SECRET=
 #
 # Set a default host to relay all mail through (optionally include a port)
 # Example: [mail.example.com]:587
-DEFAULT_RELAY_HOST=
+DEFAULT_RELAY_HOST=@@CRUPEST_MAIL_SERVER_RELAY@@
 
 # -----------------------------------------------
 # --- Multi-Domain Relay Section ----------------
@@ -646,7 +646,7 @@ RELAY_HOST=
 
 # empty => 25
 # default port to relay mail
-RELAY_PORT=25
+RELAY_PORT=@@CRUPEST_MAIL_SERVER_RELAY_PORT@@
 
 # -----------------------------------------------
 # --- Relay Host Credentials Section ------------
@@ -655,7 +655,7 @@ RELAY_PORT=25
 # Configure a relay user and password to use with RELAY_HOST / DEFAULT_RELAY_HOST
 
 # empty => no default
-RELAY_USER=
+RELAY_USER=@@CRUPEST_MAIL_SERVER_RELAY_USER@@
 
 # empty => no default
-RELAY_PASSWORD=
+RELAY_PASSWORD=@@CRUPEST_MAIL_SERVER_RELAY_PASSWORD@@