diff --git a/src/debian/Containerfile b/src/debian/Containerfile index 2326dc3..f65bc67 100644 --- a/src/debian/Containerfile +++ b/src/debian/Containerfile @@ -12,6 +12,7 @@ RUN rm /etc/localtime && \ echo $TZ > /etc/timezone # Install packages +ARG DEBIAN_FRONTEND=noninteractive RUN apt update -y RUN apt upgrade -y RUN apt install -y init sudo wget nano less man-db unzip diff --git a/src/gitea/Containerfile b/src/gitea/Containerfile index b76ac62..40359ab 100644 --- a/src/gitea/Containerfile +++ b/src/gitea/Containerfile @@ -39,7 +39,7 @@ RUN apt update -y && apt install -y postgresql postgresql-doc git # create gitea user with file owner UID RUN addgroup --gid $FILESUID gitea && \ - adduser gitea --ingroup gitea --uid $FILESUID --disabled-password --gecos "Gitea Server" --shell /usr/sbin/nologin + adduser gitea --ingroup gitea --uid $FILESUID --disabled-password --gecos "Gitea Server" --shell /usr/sbin/nologin --home /var/lib/gitea # copy our custom scripts COPY assets/bin/ /usr/local/bin/ diff --git a/src/mailserver/Containerfile b/src/mailserver/Containerfile index 1d21665..0d4d79f 100644 --- a/src/mailserver/Containerfile +++ b/src/mailserver/Containerfile @@ -12,7 +12,7 @@ LABEL deployopts="\ -p 993:993 \ -v /srv/volumes/mailserver/db:/vol/db \ -v /srv/volumes/mailserver/mail:/vol/mail \ --v /etc/letsencrypt:/vol/ssl" +-v /etc/letsencrypt:/vol/ssl:ro" # Build Variables # uid that the files owner user should have @@ -22,9 +22,6 @@ ARG FILESUID=5000 ### General Setup ### -# tell debian not to ask any questions during package install -ARG DEBIAN_FRONTEND=noninteractive - # install packages we want RUN apt update -y && apt install -y postfix dovecot-imapd dovecot-lmtpd diff --git a/src/mailserver/assets/main.cf b/src/mailserver/assets/main.cf index 8cea5ec..471ab0a 100644 --- a/src/mailserver/assets/main.cf +++ b/src/mailserver/assets/main.cf @@ -1,7 +1,7 @@ # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Network settings -myhostname = mail.brbytes.org +myhostname = mailtest.brbytes.org myorigin = $myhostname mydestination = $myhostname, localhost.localdomain, localhost relayhost = diff --git a/src/mailserver/docs/Build.md b/src/mailserver/docs/Build.md index 9750624..0c7b9cb 100644 --- a/src/mailserver/docs/Build.md +++ b/src/mailserver/docs/Build.md @@ -46,7 +46,7 @@ All of the excerpts in this section should be included in `main.cf`. configure the domain: ``` # domain -myhostname = mail.brbytes.org +myhostname = mailtest.brbytes.org myorigin = $myhostname mydestination = $myhostname, localhost.localdomain, localhost ``` diff --git a/src/mailserver/docs/Deploy.md b/src/mailserver/docs/Deploy.md index 018621f..2f36447 100644 --- a/src/mailserver/docs/Deploy.md +++ b/src/mailserver/docs/Deploy.md @@ -25,9 +25,25 @@ nft -f /etc/nftables ## set up domain name -Need MX and CNAME records. +Set up a DNS A Record pointing to your host machine. Make sure it works by running: +``` +ping ${dnsname:?} +``` ## get SSL certificates from letsencrypt -use certbot +install certbot: +``` +apt install certbot +``` +if you are using a firewall, you need to figure out how to define a temporary rule allowing http access. For nftables, the rule would be: +``` +nft insert rule inet myfilter myfirewall tcp dport 80 accept +``` + +Get a certificate for your domain by running: +``` +certbot certonly --standalone --pre-hook "nft insert rule inet myfilter myfirewall tcp dport 80 accept" --post-hook "nft -f /etc/nftables.conf" +``` +the application will ask you a few questions, including you domain. Including the appropriate hooks when issuing the certificate should guarantee that the hooks are also used when renewing.