Compare commits

...

2 Commits

27 changed files with 262 additions and 25 deletions

23
env/.env vendored
View File

@ -34,6 +34,28 @@ NINEAPACHE_SERVICE_NAME=nineapache
NINEAPACHE_ACTIVATE=1 NINEAPACHE_ACTIVATE=1
NINEAPACHE_LOCAL=1 NINEAPACHE_LOCAL=1
# MTA
# passerelle courriel
MTA_SERVICE_NAME=mta
MTA_ACTIVATE=1
MTA_LOCAL=1
MTA_RELAY_HOST=
MTA_RELAY_PORT=
MTA_RELAY_USER="user"
# DEBUGING MTA
# fake-smtp server
FAKE_SMTP_NAME=fakesmtp
FAKE_SMTP_LOCAL=1
FAKE_SMTP_ACTIVATE=1
# si actif, il faut sans doute lutiliser
# comme passerelle pour le service MTA
if [ "$FAKE_SMTP_ACTIVATE" -eq 1 ]
then
MTA_RELAY_HOST="$FAKE_SMTP_NAME"
MTA_RELAY_PORT=2525
fi
# MARIADB # MARIADB
MARIADB_SERVICE_NAME=mariadb MARIADB_SERVICE_NAME=mariadb
MARIADB_ACTIVATE=1 MARIADB_ACTIVATE=1
@ -59,7 +81,6 @@ MINIO_HOST=${MINIO_SERVICE_NAME}
MINIO_PORT=9000 MINIO_PORT=9000
MINIO_URL=${PROTOCOLE}://${WEB_URL}:9001 MINIO_URL=${PROTOCOLE}://${WEB_URL}:9001
# OPENLDAP # OPENLDAP
# LDAP_SYNC Si MASTERIDENTITY = SQL permet la synchronisation des utilisateurs SQL vers LDAP # LDAP_SYNC Si MASTERIDENTITY = SQL permet la synchronisation des utilisateurs SQL vers LDAP
OPENLDAP_SERVICE_NAME=openldap OPENLDAP_SERVICE_NAME=openldap

View File

@ -0,0 +1,33 @@
FROM debian:buster-slim
RUN set -eux; \
apt-get update; \
apt-get install -y \
exim4-daemon-light \
tini \
; \
rm -rf /var/lib/apt/lists/*; \
ln -svfT /etc/hostname /etc/mailname
# https://blog.dhampir.no/content/exim4-line-length-in-debian-stretch-mail-delivery-failed-returning-message-to-sender
# https://serverfault.com/a/881197
# https://bugs.debian.org/828801
RUN echo "IGNORE_SMTP_LINE_LENGTH_LIMIT='true'" >> /etc/exim4/exim4.conf.localmacros
RUN set -eux; \
mkdir -p /var/spool/exim4 /var/log/exim4; \
chown -R Debian-exim:Debian-exim /var/spool/exim4 /var/log/exim4
COPY set-exim4-update-conf docker-entrypoint.sh /usr/local/bin/
RUN set -eux; \
set-exim4-update-conf \
dc_eximconfig_configtype 'internet' \
dc_hide_mailname 'true' \
dc_local_interfaces '0.0.0.0 ; ::0' \
dc_other_hostnames '' \
dc_relay_nets '0.0.0.0/0' \
;
EXPOSE 25
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["exim", "-bd", "-v"]

View File

@ -0,0 +1,33 @@
#!/bin/bash
set -Eeuo pipefail
if [ "$1" = 'exim' ]; then
if [ -n "${GMAIL_USER:-}" ] && [ -n "${GMAIL_PASSWORD:-}" ]; then
# see https://wiki.debian.org/GmailAndExim4
export EXIM4_SMARTHOST='smtp.gmail.com::587' \
EXIM4_SMARTHOST_USER="$GMAIL_USER" \
EXIM4_SMARTHOST_PASSWORD="$GMAIL_PASSWORD"
fi
unset GMAIL_USER GMAIL_PASSWORD # scrub env of creds
if [ -n "${EXIM4_SMARTHOST:-}" ]; then
set-exim4-update-conf \
dc_eximconfig_configtype 'smarthost' \
dc_smarthost "$EXIM4_SMARTHOST"
if [ -n "${EXIM4_SMARTHOST_USER:-}" ] && [ -n "${EXIM4_SMARTHOST_PASSWORD:-}" ]; then
echo "*:$EXIM4_SMARTHOST_USER:$EXIM4_SMARTHOST_PASSWORD" > /etc/exim4/passwd.client
fi
fi
unset EXIM4_SMARTHOST EXIM4_SMARTHOST_USER EXIM4_SMARTHOST_PASSWORD # scrub env of creds
if [ "$(id -u)" = '0' ]; then
mkdir -p /var/spool/exim4 /var/log/exim4 || :
chown -R Debian-exim:Debian-exim /var/spool/exim4 /var/log/exim4 || :
fi
if [ "$$" = 1 ]; then
set -- tini -- "$@"
fi
fi
exec "$@"

View File

@ -0,0 +1,28 @@
#!/usr/bin/env bash
set -Eeuo pipefail
conf='/etc/exim4/update-exim4.conf.conf'
args=()
while [ "$#" -gt 0 ]; do
key="$1"
value="$2"
shift 2
if ! grep -qE "^#?${key}=" "$conf"; then
echo >&2 "error: '$key' not found in '$conf'"
exit 1
fi
sed_escaped_value="$(sed -e 's/[\/&]/\\&/g' <<<"$value")"
args+=( -e "s/^#?(${key})=.*/\1='${sed_escaped_value}'/" )
done
if [ "${#args[@]}" -eq 0 ]; then
echo >&2 "error: nothing to do?"
exit 1
fi
set -x
sed -ri "${args[@]}" "$conf"
update-exim4.conf -v

25
misc/tools/mergeenv.sh Executable file
View File

@ -0,0 +1,25 @@
#!/usr/bin/env -S -i bash
env_files="env/.env env/.env.local"
merged_env="env/.env.merge"
if [ -n "$1" ]
then
env_files="$env_files $1/env/.env $1/env/.env.local"
merged_env="$1/env/.env.merge"
fi
unset PWD
unset SHLVL
for env_file in $env_files
do
set -a
if [ -f "$env_file" ]
then
. $env_file
fi
set +a
done
unset username
export -p | cut -d" " -f3- | sed "/OLDPWD/d" | head -n -1 | sort > "$merged_env"
exit 0

39
nine.sh
View File

@ -113,7 +113,8 @@ destroyall(){
env(){ env(){
for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do
mergeenv $dir/env/.env.merge env/.env.merge $dir/env/.env $dir/env/.env.local #mergeenv $dir/env/.env.merge env/.env.merge $dir/env/.env $dir/env/.env.local
misc/tools/mergeenv.sh $dir
done done
} }
@ -123,18 +124,40 @@ env(){
# Construction du dockercompose # Construction du dockercompose
dockercompose() { dockercompose() {
echo "services:" > docker-compose.yml
echo "services:" > services.yml
echo "secrets:" > secrets.yml
echo "networks:" > networks.yml
echo " nine-network:" >> networks.yml
echo " name: nine-network" >> networks.yml
for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do
# Construction du docker-compose # Construction du docker-compose
if [ -f "$dir/dockercompose/dockercompose.yml" ]; then if [ -f "$dir/dockercompose/dockercompose.yml" ]; then
cat "$dir/dockercompose/dockercompose.yml" >> docker-compose.yml unset section
while read; do
case $REPLY in
"services:")
section=${REPLY%:}
;;
"secrets:")
section=${REPLY%:}
;;
"networks:")
section=${REPLY%:}
;;
*)
if [ -n "$section" ]; then
echo "$REPLY" >> ${section}.yml
fi
;;
esac
done < "$dir/dockercompose/dockercompose.yml"
fi fi
done done
cat services.yml secrets.yml networks.yml > docker-compose.yml
rm -f services.yml secrets.yml networks.yml
echo "networks:" >> docker-compose.yml
echo " nine-network:" >> docker-compose.yml
echo " name: nine-network" >> docker-compose.yml
} }
#=========================================================================================================================================== #===========================================================================================================================================
@ -186,9 +209,9 @@ services() {
#=========================================================================================================================================== #===========================================================================================================================================
# Include variable d'environnement global # Include variable d'environnement global
mergeenv env/.env.merge env/.env env/.env.local #mergeenv env/.env.merge env/.env env/.env.local
misc/tools/mergeenv.sh
. env/.env.merge . env/.env.merge
# Include service # Include service
declare -A services declare -A services
for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do

View File

@ -0,0 +1,14 @@
# Passerelle courriel pour les autres conteneurs
services:
mta:
image: postfix
container_name: mta
restart: unless-stopped
env_file: ./services/01-mta/env/.env.merge
networks:
- nine-network
secrets:
- postfix_password
secrets:
postfix_password:
file: ./services/01-mta/secrets/postfix_password.txt

4
services/01-mta/env/.env vendored Normal file
View File

@ -0,0 +1,4 @@
POSTFIX_HOSTNAME="nine.local"
POSTFIX_RELAY_HOST="$MTA_RELAY_HOST:$MTA_RELAY_PORT"
POSTFIX_RELAY_USER="$MTA_RELAY_USER"
POSTFIX_RELAY_PASSWORD_FILE="/run/secrets/postfix_password"

View File

@ -0,0 +1,22 @@
#!/bin/bash
function upmta {
if [[ $MTA_ACTIVATE == 1 && $MTA_LOCAL == 1 ]]
then
Title ${MTA_SERVICE_NAME^^}
EchoVert "CONTAINER"
upservice ${MTA_SERVICE_NAME}
Echo
fi
}
function destroymta {
if [[ $MTA_LOCAL == 1 ]]
then
Title "DESTROY ${MTA_SERVICE_NAME}"
stop ${MTA_SERVICE_NAME} 1
docker-compose rm -s -v -f "${MTA_SERVICE_NAME}"
echo ""
fi
}

View File

@ -0,0 +1 @@
secret

View File

@ -1,4 +1,4 @@
services:
# Nineapache # Nineapache
# Reverse proxy de l'ensemble des services # Reverse proxy de l'ensemble des services
# Seul port ouvert sur l'exterieur # Seul port ouvert sur l'exterieur

View File

@ -1,4 +1,4 @@
services:
# Mariadb # Mariadb
# Base de données des services # Base de données des services
# Port interne 3306 # Port interne 3306

View File

@ -1,4 +1,4 @@
services:
# Minio # Minio
# Stocakge S3 # Stocakge S3
# Port interne 9000 pour le stockage / Port interne 9001 pour l'interface web # Port interne 9000 pour le stockage / Port interne 9001 pour l'interface web

View File

@ -1,4 +1,4 @@
services:
# Openldap # Openldap
# Annuaire # Annuaire
# Port interne 1389 & 1636 # Port interne 1389 & 1636

View File

@ -1,4 +1,4 @@
services:
# Redis # Redis
# Base de données redis pour les services qui souhaitent stocker leur session en bdd # Base de données redis pour les services qui souhaitent stocker leur session en bdd
# Port interne 6379 # Port interne 6379

View File

@ -1,4 +1,4 @@
services:
# Keycloak # Keycloak
# serveur SSO # serveur SSO
# Port interne 8999 & 8443 # Port interne 8999 & 8443

View File

@ -1,4 +1,4 @@
services:
# Dokuwiki # Dokuwiki
# Wiki # Wiki
# Port interne 80 # Port interne 80

View File

@ -1,4 +1,4 @@
services:
# Nextcloud # Nextcloud
# Hébergement de fichiers et une plateforme de collaboration # Hébergement de fichiers et une plateforme de collaboration
# Port interne 80 # Port interne 80

View File

@ -1,4 +1,4 @@
services:
# Nineboard # Nineboard
# Tableaux de bord collaboratif # Tableaux de bord collaboratif
# Port interne 80 # Port interne 80

View File

@ -1,4 +1,4 @@
services:
# Ninegate # Ninegate
# Portail collaboratif # Portail collaboratif
# Port interne 80 # Port interne 80

View File

@ -1,4 +1,4 @@
services:
# Nineskeletor # Nineskeletor
# Portail collaboratif # Portail collaboratif
# Port interne 80 # Port interne 80

View File

@ -1,4 +1,4 @@
services:
# Wordpress # Wordpress
# Reseau de blog # Reseau de blog
# Port interne 80 # Port interne 80

View File

@ -1,4 +1,4 @@
services:
# Adminer # Adminer
# Gestionnaire BDD # Gestionnaire BDD
# Port interne 8080 # Port interne 8080

View File

@ -0,0 +1,11 @@
# Passerelle courriel pour les autres conteneurs
services:
fakesmtp:
image: reg.cadoles.com/cadoles/fake-smtp
container_name: fakesmtp
restart: unless-stopped
env_file: ./services/90-fakesmtp/env/.env.merge
networks:
- nine-network
ports:
- "8080:8080"

0
services/90-fakesmtp/env/.env vendored Normal file
View File

View File

@ -0,0 +1,22 @@
#!/bin/bash
function upfakesmtp {
if [[ $FAKE_SMTP_ACTIVATE == 1 && $FAKE_SMTP_LOCAL == 1 ]]
then
Title ${FAKE_SMTP_NAME^^}
EchoVert "CONTAINER"
upservice ${FAKE_SMTP_NAME}
Echo
fi
}
function destroyfakesmtp {
if [[ $FAKE_SMTP_LOCAL == 1 ]]
then
Title "DESTROY ${FAKE_SMTP_NAME}"
stop ${FAKE_SMTP_NAME} 1
docker-compose rm -s -v -f "${FAKE_SMTP_NAME}"
echo ""
fi
}

View File

@ -1,4 +1,4 @@
services:
# Phpldapadmin # Phpldapadmin
# Gestionnaire Annuaire # Gestionnaire Annuaire
# Port interne 80 # Port interne 80