Compare commits

..

2 Commits

27 changed files with 262 additions and 25 deletions

23
env/.env vendored
View File

@ -34,6 +34,28 @@ NINEAPACHE_SERVICE_NAME=nineapache
NINEAPACHE_ACTIVATE=1
NINEAPACHE_LOCAL=1
# MTA
# passerelle courriel
MTA_SERVICE_NAME=mta
MTA_ACTIVATE=1
MTA_LOCAL=1
MTA_RELAY_HOST=
MTA_RELAY_PORT=
MTA_RELAY_USER="user"
# DEBUGING MTA
# fake-smtp server
FAKE_SMTP_NAME=fakesmtp
FAKE_SMTP_LOCAL=1
FAKE_SMTP_ACTIVATE=1
# si actif, il faut sans doute lutiliser
# comme passerelle pour le service MTA
if [ "$FAKE_SMTP_ACTIVATE" -eq 1 ]
then
MTA_RELAY_HOST="$FAKE_SMTP_NAME"
MTA_RELAY_PORT=2525
fi
# MARIADB
MARIADB_SERVICE_NAME=mariadb
MARIADB_ACTIVATE=1
@ -59,7 +81,6 @@ MINIO_HOST=${MINIO_SERVICE_NAME}
MINIO_PORT=9000
MINIO_URL=${PROTOCOLE}://${WEB_URL}:9001
# OPENLDAP
# LDAP_SYNC Si MASTERIDENTITY = SQL permet la synchronisation des utilisateurs SQL vers LDAP
OPENLDAP_SERVICE_NAME=openldap

View File

@ -0,0 +1,33 @@
FROM debian:buster-slim
RUN set -eux; \
apt-get update; \
apt-get install -y \
exim4-daemon-light \
tini \
; \
rm -rf /var/lib/apt/lists/*; \
ln -svfT /etc/hostname /etc/mailname
# https://blog.dhampir.no/content/exim4-line-length-in-debian-stretch-mail-delivery-failed-returning-message-to-sender
# https://serverfault.com/a/881197
# https://bugs.debian.org/828801
RUN echo "IGNORE_SMTP_LINE_LENGTH_LIMIT='true'" >> /etc/exim4/exim4.conf.localmacros
RUN set -eux; \
mkdir -p /var/spool/exim4 /var/log/exim4; \
chown -R Debian-exim:Debian-exim /var/spool/exim4 /var/log/exim4
COPY set-exim4-update-conf docker-entrypoint.sh /usr/local/bin/
RUN set -eux; \
set-exim4-update-conf \
dc_eximconfig_configtype 'internet' \
dc_hide_mailname 'true' \
dc_local_interfaces '0.0.0.0 ; ::0' \
dc_other_hostnames '' \
dc_relay_nets '0.0.0.0/0' \
;
EXPOSE 25
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["exim", "-bd", "-v"]

View File

@ -0,0 +1,33 @@
#!/bin/bash
set -Eeuo pipefail
if [ "$1" = 'exim' ]; then
if [ -n "${GMAIL_USER:-}" ] && [ -n "${GMAIL_PASSWORD:-}" ]; then
# see https://wiki.debian.org/GmailAndExim4
export EXIM4_SMARTHOST='smtp.gmail.com::587' \
EXIM4_SMARTHOST_USER="$GMAIL_USER" \
EXIM4_SMARTHOST_PASSWORD="$GMAIL_PASSWORD"
fi
unset GMAIL_USER GMAIL_PASSWORD # scrub env of creds
if [ -n "${EXIM4_SMARTHOST:-}" ]; then
set-exim4-update-conf \
dc_eximconfig_configtype 'smarthost' \
dc_smarthost "$EXIM4_SMARTHOST"
if [ -n "${EXIM4_SMARTHOST_USER:-}" ] && [ -n "${EXIM4_SMARTHOST_PASSWORD:-}" ]; then
echo "*:$EXIM4_SMARTHOST_USER:$EXIM4_SMARTHOST_PASSWORD" > /etc/exim4/passwd.client
fi
fi
unset EXIM4_SMARTHOST EXIM4_SMARTHOST_USER EXIM4_SMARTHOST_PASSWORD # scrub env of creds
if [ "$(id -u)" = '0' ]; then
mkdir -p /var/spool/exim4 /var/log/exim4 || :
chown -R Debian-exim:Debian-exim /var/spool/exim4 /var/log/exim4 || :
fi
if [ "$$" = 1 ]; then
set -- tini -- "$@"
fi
fi
exec "$@"

View File

@ -0,0 +1,28 @@
#!/usr/bin/env bash
set -Eeuo pipefail
conf='/etc/exim4/update-exim4.conf.conf'
args=()
while [ "$#" -gt 0 ]; do
key="$1"
value="$2"
shift 2
if ! grep -qE "^#?${key}=" "$conf"; then
echo >&2 "error: '$key' not found in '$conf'"
exit 1
fi
sed_escaped_value="$(sed -e 's/[\/&]/\\&/g' <<<"$value")"
args+=( -e "s/^#?(${key})=.*/\1='${sed_escaped_value}'/" )
done
if [ "${#args[@]}" -eq 0 ]; then
echo >&2 "error: nothing to do?"
exit 1
fi
set -x
sed -ri "${args[@]}" "$conf"
update-exim4.conf -v

25
misc/tools/mergeenv.sh Executable file
View File

@ -0,0 +1,25 @@
#!/usr/bin/env -S -i bash
env_files="env/.env env/.env.local"
merged_env="env/.env.merge"
if [ -n "$1" ]
then
env_files="$env_files $1/env/.env $1/env/.env.local"
merged_env="$1/env/.env.merge"
fi
unset PWD
unset SHLVL
for env_file in $env_files
do
set -a
if [ -f "$env_file" ]
then
. $env_file
fi
set +a
done
unset username
export -p | cut -d" " -f3- | sed "/OLDPWD/d" | head -n -1 | sort > "$merged_env"
exit 0

41
nine.sh
View File

@ -113,7 +113,8 @@ destroyall(){
env(){
for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do
mergeenv $dir/env/.env.merge env/.env.merge $dir/env/.env $dir/env/.env.local
#mergeenv $dir/env/.env.merge env/.env.merge $dir/env/.env $dir/env/.env.local
misc/tools/mergeenv.sh $dir
done
}
@ -123,18 +124,40 @@ env(){
# Construction du dockercompose
dockercompose() {
echo "services:" > docker-compose.yml
echo "services:" > services.yml
echo "secrets:" > secrets.yml
echo "networks:" > networks.yml
echo " nine-network:" >> networks.yml
echo " name: nine-network" >> networks.yml
for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do
# Construction du docker-compose
if [ -f "$dir/dockercompose/dockercompose.yml" ]; then
cat "$dir/dockercompose/dockercompose.yml" >> docker-compose.yml
unset section
while read; do
case $REPLY in
"services:")
section=${REPLY%:}
;;
"secrets:")
section=${REPLY%:}
;;
"networks:")
section=${REPLY%:}
;;
*)
if [ -n "$section" ]; then
echo "$REPLY" >> ${section}.yml
fi
;;
esac
done < "$dir/dockercompose/dockercompose.yml"
fi
done
cat services.yml secrets.yml networks.yml > docker-compose.yml
rm -f services.yml secrets.yml networks.yml
echo "networks:" >> docker-compose.yml
echo " nine-network:" >> docker-compose.yml
echo " name: nine-network" >> docker-compose.yml
}
#===========================================================================================================================================
@ -186,9 +209,9 @@ services() {
#===========================================================================================================================================
# Include variable d'environnement global
mergeenv env/.env.merge env/.env env/.env.local
#mergeenv env/.env.merge env/.env env/.env.local
misc/tools/mergeenv.sh
. env/.env.merge
# Include service
declare -A services
for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do
@ -316,4 +339,4 @@ else
EchoRouge "nine.sh regen monservice > lance destroy monservice puis up monservice"
fi
echo
echo
echo

View File

@ -0,0 +1,14 @@
# Passerelle courriel pour les autres conteneurs
services:
mta:
image: postfix
container_name: mta
restart: unless-stopped
env_file: ./services/01-mta/env/.env.merge
networks:
- nine-network
secrets:
- postfix_password
secrets:
postfix_password:
file: ./services/01-mta/secrets/postfix_password.txt

4
services/01-mta/env/.env vendored Normal file
View File

@ -0,0 +1,4 @@
POSTFIX_HOSTNAME="nine.local"
POSTFIX_RELAY_HOST="$MTA_RELAY_HOST:$MTA_RELAY_PORT"
POSTFIX_RELAY_USER="$MTA_RELAY_USER"
POSTFIX_RELAY_PASSWORD_FILE="/run/secrets/postfix_password"

View File

@ -0,0 +1,22 @@
#!/bin/bash
function upmta {
if [[ $MTA_ACTIVATE == 1 && $MTA_LOCAL == 1 ]]
then
Title ${MTA_SERVICE_NAME^^}
EchoVert "CONTAINER"
upservice ${MTA_SERVICE_NAME}
Echo
fi
}
function destroymta {
if [[ $MTA_LOCAL == 1 ]]
then
Title "DESTROY ${MTA_SERVICE_NAME}"
stop ${MTA_SERVICE_NAME} 1
docker-compose rm -s -v -f "${MTA_SERVICE_NAME}"
echo ""
fi
}

View File

@ -0,0 +1 @@
secret

View File

@ -1,4 +1,4 @@
services:
# Nineapache
# Reverse proxy de l'ensemble des services
# Seul port ouvert sur l'exterieur

View File

@ -1,4 +1,4 @@
services:
# Mariadb
# Base de données des services
# Port interne 3306

View File

@ -1,4 +1,4 @@
services:
# Minio
# Stocakge S3
# Port interne 9000 pour le stockage / Port interne 9001 pour l'interface web
@ -12,4 +12,4 @@
networks:
- nine-network
volumes:
- './services/30-minio/volume/data:/data'
- './services/30-minio/volume/data:/data'

View File

@ -1,4 +1,4 @@
services:
# Openldap
# Annuaire
# Port interne 1389 & 1636

View File

@ -1,4 +1,4 @@
services:
# Redis
# Base de données redis pour les services qui souhaitent stocker leur session en bdd
# Port interne 6379

View File

@ -1,4 +1,4 @@
services:
# Keycloak
# serveur SSO
# Port interne 8999 & 8443

View File

@ -1,4 +1,4 @@
services:
# Dokuwiki
# Wiki
# Port interne 80

View File

@ -1,4 +1,4 @@
services:
# Nextcloud
# Hébergement de fichiers et une plateforme de collaboration
# Port interne 80

View File

@ -1,4 +1,4 @@
services:
# Nineboard
# Tableaux de bord collaboratif
# Port interne 80

View File

@ -1,4 +1,4 @@
services:
# Ninegate
# Portail collaboratif
# Port interne 80

View File

@ -1,4 +1,4 @@
services:
# Nineskeletor
# Portail collaboratif
# Port interne 80

View File

@ -1,4 +1,4 @@
services:
# Wordpress
# Reseau de blog
# Port interne 80

View File

@ -1,4 +1,4 @@
services:
# Adminer
# Gestionnaire BDD
# Port interne 8080

View File

@ -0,0 +1,11 @@
# Passerelle courriel pour les autres conteneurs
services:
fakesmtp:
image: reg.cadoles.com/cadoles/fake-smtp
container_name: fakesmtp
restart: unless-stopped
env_file: ./services/90-fakesmtp/env/.env.merge
networks:
- nine-network
ports:
- "8080:8080"

0
services/90-fakesmtp/env/.env vendored Normal file
View File

View File

@ -0,0 +1,22 @@
#!/bin/bash
function upfakesmtp {
if [[ $FAKE_SMTP_ACTIVATE == 1 && $FAKE_SMTP_LOCAL == 1 ]]
then
Title ${FAKE_SMTP_NAME^^}
EchoVert "CONTAINER"
upservice ${FAKE_SMTP_NAME}
Echo
fi
}
function destroyfakesmtp {
if [[ $FAKE_SMTP_LOCAL == 1 ]]
then
Title "DESTROY ${FAKE_SMTP_NAME}"
stop ${FAKE_SMTP_NAME} 1
docker-compose rm -s -v -f "${FAKE_SMTP_NAME}"
echo ""
fi
}

View File

@ -1,4 +1,4 @@
services:
# Phpldapadmin
# Gestionnaire Annuaire
# Port interne 80