diff options
Diffstat (limited to 'services')
39 files changed, 99 insertions, 503 deletions
diff --git a/services/config.template b/services/config.template index 7ae39a7..77be817 100644 --- a/services/config.template +++ b/services/config.template @@ -3,13 +3,11 @@ CRUPEST_DATA_DIR=data CRUPEST_ROOT_URL=https://@@CRUPEST_DOMAIN@@ CRUPEST_MAIL_SERVER_DOMAIN=mail.@@CRUPEST_DOMAIN@@ CRUPEST_DOCKER_DIR=@@CRUPEST_SERVICES_DIR@@/docker -CRUPEST_SERVICES_STATE_DIR=@@CRUPEST_SERVICES_DIR@@/state CRUPEST_DATA_SECRET_DIR=@@CRUPEST_DATA_DIR@@/secret CRUPEST_DATA_CERTBOT_DIR=@@CRUPEST_DATA_DIR@@/certbot CRUPEST_DATA_GIT_DIR=@@CRUPEST_DATA_DIR@@/git CRUPEST_DATA_MAIL_SERVER_DIR=@@CRUPEST_DATA_DIR@@/mail-server CRUPEST_DATA_ROUNDCUBE_DIR=@@CRUPEST_DATA_DIR@@/roundcube CRUPEST_GENERATED_DIR=@@CRUPEST_SERVICES_DIR@@/generated -CRUPEST_GENERATED_NGINX_DIR=@@CRUPEST_GENERATED_DIR@@/nginx CRUPEST_SSL_FULLCHAIN_FILE=@@CRUPEST_DATA_CERTBOT_DIR@@/certs/live/@@CRUPEST_DOMAIN@@/fullchain.pem CRUPEST_SSL_PRIVATE_KEY_FILE=@@CRUPEST_DATA_CERTBOT_DIR@@/certs/live/@@CRUPEST_DOMAIN@@/privkey.pem diff --git a/services/docker/debian-dev/Dockerfile b/services/docker/debian-dev/Dockerfile deleted file mode 100644 index 8114c56..0000000 --- a/services/docker/debian-dev/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -FROM debian:latest - -ARG USER=crupest -ARG IN_CHINA= - -ENV CRUPEST_DEBIAN_DEV_USER=${USER} -ENV CRUPEST_DEBIAN_DEV_IN_CHINA=${IN_CHINA} - -ADD bootstrap /bootstrap -RUN /bootstrap/setup.bash - -ENV LANG=en_US.utf8 -USER ${USER} -WORKDIR /home/${USER} - -RUN --mount=type=secret,id=code-server-password,required=true,env=CRUPEST_CODE_SERVER_PASSWORD \ - mkdir -p ${HOME}/.config/code-server && \ - echo -e "auth: password\nhashed-password: " >> ${HOME}/.config/code-server/config.yaml && \ - echo -n "$CRUPEST_CODE_SERVER_PASSWORD" | argon2 $(shuf -i 10000000-99999999 -n 1 --random-source /dev/urandom) -e >> ${HOME}/.config/code-server/config.yaml - -EXPOSE 4567 -VOLUME [ "/home/${USER}" ] - -CMD [ "tini", "--", "/usr/bin/code-server", "--bind-addr", "0.0.0.0:4567" ] diff --git a/services/docker/debian-dev/bootstrap/extra/setup-cmake.bash b/services/docker/debian-dev/bootstrap/extra/setup-cmake.bash deleted file mode 100755 index 76c1ae4..0000000 --- a/services/docker/debian-dev/bootstrap/extra/setup-cmake.bash +++ /dev/null @@ -1,9 +0,0 @@ -#! /usr/bin/env bash - -set -e - -CMAKE_VERSION=$(curl -s https://api.github.com/repos/Kitware/CMake/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') -wget -O cmake-installer.sh https://github.com/Kitware/CMake/releases/download/v"$CMAKE_VERSION"/cmake-"$CMAKE_VERSION"-linux-x86_64.sh -chmod +x cmake-installer.sh -./cmake-installer.sh --skip-license --prefix=/usr -rm cmake-installer.sh diff --git a/services/docker/debian-dev/bootstrap/extra/setup-dotnet.bash b/services/docker/debian-dev/bootstrap/extra/setup-dotnet.bash deleted file mode 100755 index 0ef7743..0000000 --- a/services/docker/debian-dev/bootstrap/extra/setup-dotnet.bash +++ /dev/null @@ -1,10 +0,0 @@ -#! /usr/bin/env bash - -set -e - -wget https://packages.microsoft.com/config/debian/11/packages-microsoft-prod.deb -O packages-microsoft-prod.deb -dpkg -i packages-microsoft-prod.deb -rm packages-microsoft-prod.deb - -apt-get update -apt-get install -y dotnet-sdk-7.0 diff --git a/services/docker/debian-dev/bootstrap/extra/setup-llvm.bash b/services/docker/debian-dev/bootstrap/extra/setup-llvm.bash deleted file mode 100755 index 48dde86..0000000 --- a/services/docker/debian-dev/bootstrap/extra/setup-llvm.bash +++ /dev/null @@ -1,26 +0,0 @@ -#! /usr/bin/env bash - -set -e - -LLVM_VERSION=18 - -. /bootstrap/func.bash - -if is_true "$CRUPEST_DEBIAN_DEV_IN_CHINA"; then - base_url=https://mirrors.tuna.tsinghua.edu.cn/llvm-apt -else - base_url=https://apt.llvm.org -fi - -wget "$base_url/llvm.sh" -chmod +x llvm.sh -./llvm.sh $LLVM_VERSION all -m "$base_url" -rm llvm.sh - -update-alternatives --install /usr/bin/clang clang /usr/bin/clang-$LLVM_VERSION 100 \ - --slave /usr/bin/clang++ clang++ /usr/bin/clang++-$LLVM_VERSION \ - --slave /usr/bin/clangd clangd /usr/bin/clangd-$LLVM_VERSION \ - --slave /usr/bin/clang-format clang-format /usr/bin/clang-format-$LLVM_VERSION \ - --slave /usr/bin/clang-tidy clang-tidy /usr/bin/clang-tidy-$LLVM_VERSION \ - --slave /usr/bin/lldb lldb /usr/bin/lldb-$LLVM_VERSION \ - --slave /usr/bin/lld lld /usr/bin/lld-$LLVM_VERSION diff --git a/services/docker/debian-dev/bootstrap/home/.bashrc b/services/docker/debian-dev/bootstrap/home/.bashrc deleted file mode 100644 index 3646ee2..0000000 --- a/services/docker/debian-dev/bootstrap/home/.bashrc +++ /dev/null @@ -1,117 +0,0 @@ -# ~/.bashrc: executed by bash(1) for non-login shells. -# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) -# for examples - -# If not running interactively, don't do anything -case $- in - *i*) ;; - *) return;; -esac - -# don't put duplicate lines or lines starting with space in the history. -# See bash(1) for more options -HISTCONTROL=ignoreboth - -# append to the history file, don't overwrite it -shopt -s histappend - -# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) -HISTSIZE=1000 -HISTFILESIZE=2000 - -# check the window size after each command and, if necessary, -# update the values of LINES and COLUMNS. -shopt -s checkwinsize - -# If set, the pattern "**" used in a pathname expansion context will -# match all files and zero or more directories and subdirectories. -#shopt -s globstar - -# make less more friendly for non-text input files, see lesspipe(1) -#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" - -# set variable identifying the chroot you work in (used in the prompt below) -if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then - debian_chroot=$(cat /etc/debian_chroot) -fi - -# set a fancy prompt (non-color, unless we know we "want" color) -case "$TERM" in - xterm-color|*-256color) color_prompt=yes;; -esac - -# uncomment for a colored prompt, if the terminal has the capability; turned -# off by default to not distract the user: the focus in a terminal window -# should be on the output of commands, not on the prompt -#force_color_prompt=yes - -if [ -n "$force_color_prompt" ]; then - if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then - # We have color support; assume it's compliant with Ecma-48 - # (ISO/IEC-6429). (Lack of such support is extremely rare, and such - # a case would tend to support setf rather than setaf.) - color_prompt=yes - else - color_prompt= - fi -fi - -if [ "$color_prompt" = yes ]; then - PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' -else - PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' -fi -unset color_prompt force_color_prompt - -# If this is an xterm set the title to user@host:dir -case "$TERM" in -xterm*|rxvt*) - PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" - ;; -*) - ;; -esac - -# enable color support of ls and also add handy aliases -if [ -x /usr/bin/dircolors ]; then - test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" - alias ls='ls --color=auto' - #alias dir='dir --color=auto' - #alias vdir='vdir --color=auto' - - #alias grep='grep --color=auto' - #alias fgrep='fgrep --color=auto' - #alias egrep='egrep --color=auto' -fi - -# colored GCC warnings and errors -#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' - -# some more ls aliases -#alias ll='ls -l' -#alias la='ls -A' -#alias l='ls -CF' - -# Alias definitions. -# You may want to put all your additions into a separate file like -# ~/.bash_aliases, instead of adding them here directly. -# See /usr/share/doc/bash-doc/examples in the bash-doc package. - -if [ -f ~/.bash_aliases ]; then - . ~/.bash_aliases -fi - -# enable programmable completion features (you don't need to enable -# this, if it's already enabled in /etc/bash.bashrc and /etc/profile -# sources /etc/bash.bashrc). -if ! shopt -oq posix; then - if [ -f /usr/share/bash-completion/bash_completion ]; then - . /usr/share/bash-completion/bash_completion - elif [ -f /etc/bash_completion ]; then - . /etc/bash_completion - fi -fi - -alias dquilt="quilt --quiltrc=${HOME}/.quiltrc-dpkg" -. /usr/share/bash-completion/completions/quilt -complete -F _quilt_completion $_quilt_complete_opt dquilt diff --git a/services/docker/debian-dev/bootstrap/home/.quiltrc-dpkg b/services/docker/debian-dev/bootstrap/home/.quiltrc-dpkg deleted file mode 100644 index e8fc3c5..0000000 --- a/services/docker/debian-dev/bootstrap/home/.quiltrc-dpkg +++ /dev/null @@ -1,13 +0,0 @@ -d=. -while [ ! -d $d/debian -a `readlink -e $d` != / ]; - do d=$d/..; done -if [ -d $d/debian ] && [ -z $QUILT_PATCHES ]; then - # if in Debian packaging tree with unset $QUILT_PATCHES - QUILT_PATCHES="debian/patches" - QUILT_PATCH_OPTS="--reject-format=unified" - QUILT_DIFF_ARGS="-p ab --no-timestamps --no-index --color=auto" - QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index" - QUILT_COLORS="diff_hdr=1;32:diff_add=1;34:diff_rem=1;31:diff_hunk=1;33:" - QUILT_COLORS="${QUILT_COLORS}diff_ctx=35:diff_cctx=33" - if ! [ -d $d/debian/patches ]; then mkdir $d/debian/patches; fi -fi diff --git a/services/docker/debian-dev/bootstrap/official.sources b/services/docker/debian-dev/bootstrap/official.sources deleted file mode 100644 index c9aa9a0..0000000 --- a/services/docker/debian-dev/bootstrap/official.sources +++ /dev/null @@ -1,23 +0,0 @@ -Types: deb -URIs: http://deb.debian.org/debian -Suites: bookworm bookworm-updates bookworm-backports -Components: main contrib non-free non-free-firmware -Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg - -Types: deb-src -URIs: http://deb.debian.org/debian -Suites: bookworm bookworm-updates bookworm-backports -Components: main contrib non-free non-free-firmware -Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg - -Types: deb -URIs: http://deb.debian.org/debian-security -Suites: bookworm-security -Components: main contrib non-free non-free-firmware -Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg - -Types: deb-src -URIs: http://deb.debian.org/debian-security -Suites: bookworm-security -Components: main contrib non-free non-free-firmware -Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg diff --git a/services/docker/debian-dev/bootstrap/setup-apt.bash b/services/docker/debian-dev/bootstrap/setup-apt.bash deleted file mode 100755 index 38cba05..0000000 --- a/services/docker/debian-dev/bootstrap/setup-apt.bash +++ /dev/null @@ -1,41 +0,0 @@ -#! /usr/bin/env bash -# shellcheck disable=1090,1091 - -set -e - -if [[ $EUID -ne 0 ]]; then - die "This script must be run as root." -fi - -script_dir=$(dirname "$0") - -old_one="/etc/apt/sources.list" -new_one="/etc/apt/sources.list.d/debian.sources" - -echo "Setup apt sources ..." - -echo "Backup old ones to .bak ..." -if [[ -f "$old_one" ]]; then - mv "$old_one" "$old_one.bak" -fi - -if [[ -f "$new_one" ]]; then - mv "$new_one" "$new_one.bak" -fi - -echo "Copy the new one ..." -cp "$script_dir/official.sources" "$new_one" - -if [[ -n "$CRUPEST_DEBIAN_DEV_IN_CHINA" ]]; then - echo "Replace with China mirror ..." - china_mirror="mirrors.ustc.edu.cn" - sed -i "s|deb.debian.org|${china_mirror}|" "$new_one" -fi - -echo "Try to use https ..." -apt-get update -apt-get install -y apt-transport-https ca-certificates - -sed -i 's|http://|https://|' "$new_one" - -echo "APT source setup done!" diff --git a/services/docker/debian-dev/bootstrap/setup.bash b/services/docker/debian-dev/bootstrap/setup.bash deleted file mode 100755 index 65aabbb..0000000 --- a/services/docker/debian-dev/bootstrap/setup.bash +++ /dev/null @@ -1,56 +0,0 @@ -#! /usr/bin/env bash -# shellcheck disable=1090,1091 - -set -e -o pipefail - -die() { - echo "$@" >&2 - exit 1 -} - -if [[ $EUID -ne 0 ]]; then - die "This script must be run as root." -fi - -script_dir=$(dirname "$0") - -os_release_file="/etc/os-release" -if [[ -f "$os_release_file" ]]; then - debian_version=$(. "$os_release_file"; echo "$VERSION_CODENAME") - if [[ "$debian_version" != "bookworm" ]]; then - die "This script can only be run on Debian Bookworm. But it is $debian_version" - fi -else - die "$os_release_file not found. Failed to get debian version." -fi - -script_dir=$(dirname "$0") - -export DEBIAN_FRONTEND=noninteractive - -echo "Begin to setup debian..." - -bash "$script_dir/setup-apt.bash" - -echo "Installing packages..." -apt-get update -apt-get install -y \ - tini locales procps sudo vim less man bash-completion curl wget \ - build-essential git devscripts debhelper quilt argon2 - -echo "Setting up locale..." -localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 - -echo "Setting up sudo..." -sed -i.bak 's|%sudo[[:space:]]\+ALL=(ALL:ALL)[[:space:]]\+ALL|%sudo ALL=(ALL:ALL) NOPASSWD: ALL|' /etc/sudoers - -echo "Creating user $CRUPEST_DEBIAN_DEV_USER ..." -useradd -m -G sudo -s /usr/bin/bash "$CRUPEST_DEBIAN_DEV_USER" - -echo "Setting up code-server..." -curl -fsSL https://code-server.dev/install.sh | sh - -echo "Cleaning up apt source index..." -rm -rf /var/lib/apt/lists/* - -echo "Setup debian done." diff --git a/services/docker/mail-server/Dockerfile b/services/docker/mail-server/Dockerfile index 7a3be9a..8ac8792 100644 --- a/services/docker/mail-server/Dockerfile +++ b/services/docker/mail-server/Dockerfile @@ -2,10 +2,10 @@ FROM denoland/deno AS deno-build COPY --from=deno . /workdir/ WORKDIR /workdir RUN deno install -RUN deno task compile:mail-relay +RUN deno task compile:mail FROM dovecot/dovecot:latest-root -COPY --from=deno-build /workdir/mail-relay/out/crupest-relay /app/ +COPY --from=deno-build /workdir/mail/out/crupest-mail /app/ ADD dovecot.conf /etc/dovecot/dovecot.conf ADD app/* /app/ CMD ["/app/main.bash"] diff --git a/services/docker/mail-server/app/main.bash b/services/docker/mail-server/app/main.bash index 70c9b75..2dfc2ee 100755 --- a/services/docker/mail-server/app/main.bash +++ b/services/docker/mail-server/app/main.bash @@ -7,5 +7,6 @@ die() { exit 1 } -/app/crupest-relay serve --real & +/app/crupest-mail serve --real & + /dovecot/sbin/dovecot -F diff --git a/services/docker/mail-server/dovecot.conf b/services/docker/mail-server/dovecot.conf index 5d2eaf4..0c5ec30 100644 --- a/services/docker/mail-server/dovecot.conf +++ b/services/docker/mail-server/dovecot.conf @@ -6,7 +6,7 @@ state_dir = /run/dovecot log_path = /dev/stdout protocols = imap submission lmtp sieve -sendmail_path = /app/out/crupest-relay sendmail +sendmail_path = /app/out/crupest-mail sendmail submission_relay_host = 127.0.0.1 submission_relay_port = 2346 submission_relay_trusted = yes diff --git a/services/docker/nginx/Dockerfile b/services/docker/nginx/Dockerfile index 77398cd..3169e00 100644 --- a/services/docker/nginx/Dockerfile +++ b/services/docker/nginx/Dockerfile @@ -6,6 +6,5 @@ FROM nginx:mainline RUN apt update && apt-get install -y tini certbot && rm -rf /var/lib/apt/lists/* ADD mail-robots.txt /srv/mail/robots.txt ADD certbot.bash nginx-wrapper.bash /app/ -COPY configs/. /etc/nginx/ COPY --from=build-www /project/public /srv/www CMD ["/usr/bin/tini", "--", "/app/nginx-wrapper.bash"] diff --git a/services/docker/nginx/configs/templates/code.conf.template b/services/docker/nginx/configs/templates/code.conf.template deleted file mode 100644 index aa70ebc..0000000 --- a/services/docker/nginx/configs/templates/code.conf.template +++ /dev/null @@ -1,6 +0,0 @@ -server { - server_name code.${CRUPEST_DOMAIN}; - include common/http-listen; - - include common/acme-challenge; -} diff --git a/services/docker/nginx/configs/templates/mail.conf.template b/services/docker/nginx/configs/templates/mail.conf.template deleted file mode 100644 index c47630f..0000000 --- a/services/docker/nginx/configs/templates/mail.conf.template +++ /dev/null @@ -1,29 +0,0 @@ -server { - server_name mail.${CRUPEST_DOMAIN}; - include common/https-listen; - - location = /robots.txt { - root /srv/mail; - } - - location = /${CRUPEST_MAIL_SERVER_AWS_INBOUND_PATH} { - include common/proxy-common; - proxy_pass http://mail-server:2345/${CRUPEST_MAIL_SERVER_AWS_INBOUND_PATH}; - } - - location / { - include common/proxy-common; - proxy_pass http://roundcubemail:80/; - } - - client_max_body_size 5G; -} - - -server { - server_name mail.${CRUPEST_DOMAIN}; - include common/http-listen; - - include common/https-redirect; - include common/acme-challenge; -} diff --git a/services/docker/nginx/configs/templates/root.conf.template b/services/docker/nginx/configs/templates/root.conf.template deleted file mode 100644 index e3e93ad..0000000 --- a/services/docker/nginx/configs/templates/root.conf.template +++ /dev/null @@ -1,45 +0,0 @@ -server { - server_name ${CRUPEST_DOMAIN}; - include common/https-listen; - - location / { - root /srv/www; - } - - location /2fa/ { - include common/proxy-common; - proxy_pass http://2fauth:8000/; - } - - location /git/ { - include common/proxy-common; - client_max_body_size 5G; - proxy_pass http://git-server:3636; - } - - location = /github { - return 301 ${CRUPEST_GITHUB}; - } - - location = /github/ { - return 301 ${CRUPEST_GITHUB}; - } - - location /_${CRUPEST_V2RAY_PATH} { - if ($http_upgrade != "websocket") { - return 404; - } - - proxy_redirect off; - include common/proxy-common; - proxy_pass http://v2ray:10000; - } -} - -server { - server_name ${CRUPEST_DOMAIN}; - include common/http-listen; - - include common/https-redirect; - include common/acme-challenge; -} diff --git a/services/docker/nginx/configs/templates/timeline.conf.template b/services/docker/nginx/configs/templates/timeline.conf.template deleted file mode 100644 index a467594..0000000 --- a/services/docker/nginx/configs/templates/timeline.conf.template +++ /dev/null @@ -1,6 +0,0 @@ -server { - server_name timeline.${CRUPEST_DOMAIN}; - include common/http-listen; - - include common/acme-challenge; -} diff --git a/services/docker/nginx/nginx-wrapper.bash b/services/docker/nginx/nginx-wrapper.bash index c848287..a4a19ec 100755 --- a/services/docker/nginx/nginx-wrapper.bash +++ b/services/docker/nginx/nginx-wrapper.bash @@ -7,10 +7,6 @@ die() { exit 1 } -[[ -n "$CRUPEST_DOMAIN" ]] || die "CRUPEST_DOMAIN is not set. It is used as root domain." -[[ -n "$CRUPEST_GITHUB" ]] || die "CRUPEST_GITHUB is not set. It is used as GitHub redirection." -[[ -n "$CRUPEST_V2RAY_PATH" ]] || die "CRUPEST_V2RAY_PATH is not set. It is used as v2ray tunnel endpoint." - /app/certbot.bash & /docker-entrypoint.sh nginx "-g" "daemon off;" diff --git a/services/manage b/services/manage index 9248945..18b3d0f 100755 --- a/services/manage +++ b/services/manage @@ -9,9 +9,10 @@ deno --version >/dev/null 2>&1 || ( exit 1 ) -CRUPEST_PROJECT_DIR="$(realpath "$(dirname "$0")/..")" +CRUPEST_PROJECT_DIR="$(dirname "$0")/.." export CRUPEST_PROJECT_DIR -echo "Project Dir: $CRUPEST_PROJECT_DIR" +echo "Detected project Dir: $CRUPEST_PROJECT_DIR" +echo -exec deno run -A "$CRUPEST_PROJECT_DIR/deno/tools/manage-service.ts" --project-dir "$CRUPEST_PROJECT_DIR" "$@" +exec deno run -A "$CRUPEST_PROJECT_DIR/deno/tools/main.ts" service --project-dir "$CRUPEST_PROJECT_DIR" "$@" diff --git a/services/templates/disabled/docker-compose.yaml b/services/templates/disabled/docker-compose.yaml index 565ca49..0cd2256 100644 --- a/services/templates/disabled/docker-compose.yaml +++ b/services/templates/disabled/docker-compose.yaml @@ -1,22 +1,4 @@ services: - debian-dev: - pull_policy: build - build: - context: ./docker/debian-dev - dockerfile: Dockerfile - pull: true - args: - - USER=crupest - tags: - - "crupest/debian-dev:latest" - container_name: debian-dev - init: true - command: [ "/bootstrap/start/code-server.bash" ] - volumes: - - ./data/debian-dev:/data - - debian-dev-home:/home/crupest - restart: on-failure:3 - timeline: image: crupest/timeline:latest pull_policy: always @@ -27,6 +9,3 @@ services: - TIMELINE_DisableAutoBackup=true volumes: - ./data/timeline:/root/timeline - -volumes: - debian-dev-home: diff --git a/services/templates/disabled/nginx/code.conf.template b/services/templates/disabled/nginx/code.conf.template deleted file mode 100644 index 0abe042..0000000 --- a/services/templates/disabled/nginx/code.conf.template +++ /dev/null @@ -1,20 +0,0 @@ -server { - server_name code.@@CRUPEST_DOMAIN@@; - include common/https-listen; - - location / { - include common/proxy-common; - proxy_pass http://debian-dev:8080/; - } - - client_max_body_size 5G; -} - - -server { - server_name code.@@CRUPEST_DOMAIN@@; - include common/http-listen; - - include common/https-redirect; - include common/acme-challenge; -} diff --git a/services/templates/disabled/nginx/timeline.conf.template b/services/templates/disabled/nginx/timeline.conf.template index ce7341b..086c1f7 100644 --- a/services/templates/disabled/nginx/timeline.conf.template +++ b/services/templates/disabled/nginx/timeline.conf.template @@ -2,9 +2,9 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name timeline.@@CRUPEST_DOMAIN@@; - + location / { - include common/reverse-proxy; + include conf.d/common/reverse-proxy; proxy_pass http://timeline:5000/; } @@ -16,6 +16,6 @@ server { listen [::]:80; server_name timeline.@@CRUPEST_DOMAIN@@; - include common/https-redirect; - include common/acme-challenge; + include conf.d/common/https-redirect; + include conf.d/common/acme-challenge; } diff --git a/services/templates/docker-compose.yaml.template b/services/templates/docker-compose.yaml.template index 6194c78..b81875b 100644 --- a/services/templates/docker-compose.yaml.template +++ b/services/templates/docker-compose.yaml.template @@ -13,13 +13,12 @@ services: - "443:443" - "443:443/udp" env_file: - - "./@@CRUPEST_GENERATED_DIR@@/envs/nginx.env" - "./@@CRUPEST_GENERATED_DIR@@/envs/v2ray-common.env" - "./@@CRUPEST_GENERATED_DIR@@/envs/mail-server-common.env" volumes: + - "./@@CRUPEST_GENERATED_DIR@@/nginx:/etc/nginx/conf.d" - "./@@CRUPEST_DATA_CERTBOT_DIR@@/certs:/etc/letsencrypt" - "./@@CRUPEST_DATA_CERTBOT_DIR@@/data:/var/lib/letsencrypt" - - "./@@CRUPEST_DATA_CERTBOT_DIR@@/webroot:/srv/acme:ro" - "./@@CRUPEST_DATA_CERTBOT_DIR@@/webroot:/var/www/certbot" networks: default: @@ -80,29 +79,16 @@ services: env_file: - "./@@CRUPEST_GENERATED_DIR@@/envs/roundcubemail.env" volumes: - - "./@@CRUPEST_DATA_SECRET_DIR@@/gnupg:/gnupg" + - "./@@CRUPEST_GENERATED_DIR@@/my-roundcube.inc.php:/var/roundcube/config/my-roundcube.inc.php" + - "./@@CRUPEST_DATA_SECRET_DIR@@/gnupg:/var/roundcube/enigma" - "./@@CRUPEST_DATA_ROUNDCUBE_DIR@@/www/html:/var/www/html" - "./@@CRUPEST_DATA_ROUNDCUBE_DIR@@/db:/var/roundcube/db" - - "./@@CRUPEST_DATA_ROUNDCUBE_DIR@@/config:/var/roundcube/config" - "roundcubemail-temp:/tmp/roundcube-temp" networks: default: ipv4_address: "172.21.5.5" restart: on-failure:3 - 2fauth: - image: "2fauth/2fauth" - pull_policy: always - hostname: 2fauth - env_file: - - "./@@CRUPEST_GENERATED_DIR@@/envs/2fauth.env" - volumes: - - "./data/2fauth:/2fauth" - networks: - default: - ipv4_address: "172.21.5.6" - restart: "on-failure:3" - v2ray: pull_policy: build build: @@ -115,7 +101,7 @@ services: - "./@@CRUPEST_GENERATED_DIR@@/envs/v2ray.env" networks: default: - ipv4_address: "172.21.5.7" + ipv4_address: "172.21.5.6" restart: "on-failure:3" auto-backup: diff --git a/services/templates/envs/2fauth.env.template b/services/templates/envs/2fauth.env.template deleted file mode 100644 index de2ad3a..0000000 --- a/services/templates/envs/2fauth.env.template +++ /dev/null @@ -1,15 +0,0 @@ -APP_NAME=2FAuth-crupest -APP_TIMEZONE=UTC -SITE_OWNER=@@CRUPEST_EMAIL@@ -APP_KEY=@@CRUPEST_2FAUTH_APP_KEY@@ -APP_URL=@@CRUPEST_ROOT_URL@@/2fa -APP_SUBDIRECTORY=2fa -MAIL_MAILER=smtp -MAIL_HOST=@@CRUPEST_MAIL_SERVER_DOMAIN@@ -MAIL_PORT=465 -MAIL_USERNAME=@@CRUPEST_2FAUTH_MAIL_USERNAME@@ -MAIL_PASSWORD=@@CRUPEST_2FAUTH_MAIL_PASSWORD@@ -MAIL_ENCRYPTION=ssl -MAIL_FROM_NAME=2FAuth-crupest -MAIL_FROM_ADDRESS=@@CRUPEST_2FAUTH_MAIL_USERNAME@@ -TRUSTED_PROXIES=* diff --git a/services/templates/envs/mail-server.env.template b/services/templates/envs/mail-server.env.template index 274037b..9ad1c58 100644 --- a/services/templates/envs/mail-server.env.template +++ b/services/templates/envs/mail-server.env.template @@ -1,5 +1,5 @@ CRUPEST_MAIL_SERVER_MAIL_DOMAIN=@@CRUPEST_DOMAIN@@ -CRUPEST_MAIL_SERVER_DATA_PATH=/data/crupest-relay/ +CRUPEST_MAIL_SERVER_DATA_PATH=/data/crupest-mail/ CRUPEST_MAIL_SERVER_INBOUND_FALLBACK=crupest@crupest.life CRUPEST_MAIL_SERVER_AWS_INBOUND_KEY=@@CRUPEST_MAIL_SERVER_AWS_INBOUND_KEY@@ CRUPEST_MAIL_SERVER_AWS_REGION=@@CRUPEST_MAIL_SERVER_AWS_REGION@@ diff --git a/services/templates/envs/nginx.env.template b/services/templates/envs/nginx.env.template deleted file mode 100644 index 55143ab..0000000 --- a/services/templates/envs/nginx.env.template +++ /dev/null @@ -1,2 +0,0 @@ -CRUPEST_DOMAIN=@@CRUPEST_DOMAIN@@ -CRUPEST_GITHUB=@@CRUPEST_GITHUB@@ diff --git a/services/templates/my-roundcube.inc.php b/services/templates/my-roundcube.inc.php new file mode 100644 index 0000000..c07aff9 --- /dev/null +++ b/services/templates/my-roundcube.inc.php @@ -0,0 +1,3 @@ +<?php + +$config['managesieve_host'] = 'tls://%h'; diff --git a/services/docker/nginx/configs/common/acme-challenge b/services/templates/nginx/common/acme-challenge index 26054b8..8280cd8 100644 --- a/services/docker/nginx/configs/common/acme-challenge +++ b/services/templates/nginx/common/acme-challenge @@ -1,3 +1,3 @@ location /.well-known/acme-challenge { - root /srv/acme; + root /var/www/certbot; } diff --git a/services/docker/nginx/configs/common/http-listen b/services/templates/nginx/common/http-listen index 76cb18d..76cb18d 100644 --- a/services/docker/nginx/configs/common/http-listen +++ b/services/templates/nginx/common/http-listen diff --git a/services/docker/nginx/configs/common/https-listen b/services/templates/nginx/common/https-listen index db2f68e..db2f68e 100644 --- a/services/docker/nginx/configs/common/https-listen +++ b/services/templates/nginx/common/https-listen diff --git a/services/docker/nginx/configs/common/https-redirect b/services/templates/nginx/common/https-redirect index 56d095d..56d095d 100644 --- a/services/docker/nginx/configs/common/https-redirect +++ b/services/templates/nginx/common/https-redirect diff --git a/services/docker/nginx/configs/common/proxy-common b/services/templates/nginx/common/reverse-proxy index 4193548..4193548 100644 --- a/services/docker/nginx/configs/common/proxy-common +++ b/services/templates/nginx/common/reverse-proxy diff --git a/services/docker/nginx/configs/conf.d/default.conf b/services/templates/nginx/default.conf index 515942b..515942b 100644 --- a/services/docker/nginx/configs/conf.d/default.conf +++ b/services/templates/nginx/default.conf diff --git a/services/templates/nginx/mail.conf.template b/services/templates/nginx/mail.conf.template new file mode 100644 index 0000000..1c2a2ca --- /dev/null +++ b/services/templates/nginx/mail.conf.template @@ -0,0 +1,29 @@ +server { + server_name mail.@@CRUPEST_DOMAIN@@; + include conf.d/common/https-listen; + + location = /robots.txt { + root /srv/mail; + } + + location = /@@CRUPEST_MAIL_SERVER_AWS_INBOUND_PATH@@ { + include conf.d/common/reverse-proxy; + proxy_pass http://mail-server:2345/@@CRUPEST_MAIL_SERVER_AWS_INBOUND_PATH@@; + } + + location / { + include conf.d/common/reverse-proxy; + proxy_pass http://roundcubemail:80/; + } + + client_max_body_size 5G; +} + + +server { + server_name mail.@@CRUPEST_DOMAIN@@; + include conf.d/common/http-listen; + + include conf.d/common/https-redirect; + include conf.d/common/acme-challenge; +} diff --git a/services/templates/nginx/root.conf.template b/services/templates/nginx/root.conf.template new file mode 100644 index 0000000..db28f00 --- /dev/null +++ b/services/templates/nginx/root.conf.template @@ -0,0 +1,40 @@ +server { + server_name @@CRUPEST_DOMAIN@@; + include conf.d/common/https-listen; + + location / { + root /srv/www; + } + + location /git/ { + include conf.d/common/reverse-proxy; + client_max_body_size 5G; + proxy_pass http://git-server:3636; + } + + location = /github { + return 301 @@CRUPEST_GITHUB@@; + } + + location = /github/ { + return 301 @@CRUPEST_GITHUB@@; + } + + location /_@@CRUPEST_V2RAY_PATH@@ { + if ($http_upgrade != "websocket") { + return 404; + } + + proxy_redirect off; + include conf.d/common/reverse-proxy; + proxy_pass http://v2ray:10000; + } +} + +server { + server_name @@CRUPEST_DOMAIN@@; + include conf.d/common/http-listen; + + include conf.d/common/https-redirect; + include conf.d/common/acme-challenge; +} diff --git a/services/docker/nginx/configs/templates/ssl.conf.template b/services/templates/nginx/ssl.conf.template index 54205f1..181a1af 100644 --- a/services/docker/nginx/configs/templates/ssl.conf.template +++ b/services/templates/nginx/ssl.conf.template @@ -4,8 +4,8 @@ # the up-to-date file that you will need to refer to when manually updating # this file. Contents are based on https://ssl-config.mozilla.org -ssl_certificate /etc/letsencrypt/live/${CRUPEST_DOMAIN}/fullchain.pem; -ssl_certificate_key /etc/letsencrypt/live/${CRUPEST_DOMAIN}/privkey.pem; +ssl_certificate /etc/letsencrypt/live/@@CRUPEST_DOMAIN@@/fullchain.pem; +ssl_certificate_key /etc/letsencrypt/live/@@CRUPEST_DOMAIN@@/privkey.pem; ssl_session_cache shared:le_nginx_SSL:10m; ssl_session_timeout 1440m; diff --git a/services/templates/nginx/timeline.conf.template b/services/templates/nginx/timeline.conf.template new file mode 100644 index 0000000..3414510 --- /dev/null +++ b/services/templates/nginx/timeline.conf.template @@ -0,0 +1,6 @@ +server { + server_name timeline.@@CRUPEST_DOMAIN@@; + include conf.d/common/http-listen; + + include conf.d/common/acme-challenge; +} diff --git a/services/docker/nginx/configs/conf.d/websocket.conf b/services/templates/nginx/websocket.conf index 32af4c3..32af4c3 100644 --- a/services/docker/nginx/configs/conf.d/websocket.conf +++ b/services/templates/nginx/websocket.conf |