From 92bb25d2f0aa56c597b65b3306c14c9a240c5808 Mon Sep 17 00:00:00 2001
From: Jacob Lifshay <programmerjake@gmail.com>
Date: Sun, 14 Jul 2024 03:27:19 -0700
Subject: [PATCH] switch to upstream docker -- hopefully fixes ipv6 source
 address issues

---
 docker-compose.yml                           | 11 ++++++
 setup.sh                                     | 19 +++++++---
 templates/etc/apt/sources.list.d/docker.list |  1 +
 templates/etc/docker/daemon.json             | 37 +-------------------
 templates/var/lib/stalwart-mail/cli.sh       |  2 +-
 5 files changed, 28 insertions(+), 42 deletions(-)
 create mode 100644 templates/etc/apt/sources.list.d/docker.list

diff --git a/docker-compose.yml b/docker-compose.yml
index 106d690..bfdfa77 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,6 +28,8 @@ services:
     links:
       - forgejo
       - mail
+    networks:
+      - net_with_ipv6
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
   forgejo:
@@ -48,6 +50,8 @@ services:
       - "127.0.0.1:2222:22"
     links:
       - mail:mail.${BASE_DOMAIN_NAME}
+    networks:
+      - net_with_ipv6
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
   mail:
@@ -68,5 +72,12 @@ services:
       - /etc/letsencrypt:/etc/letsencrypt:ro
       - /etc/ssl/certs:/etc/ssl/certs:ro
       - /usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro
+    networks:
+      - net_with_ipv6
     # labels:
     #   - "com.centurylinklabs.watchtower.enable=true"
+
+networks:
+  net_with_ipv6:
+    attachable: true
+    enable_ipv6: true
\ No newline at end of file
diff --git a/setup.sh b/setup.sh
index defb4df..3ce18cd 100755
--- a/setup.sh
+++ b/setup.sh
@@ -123,13 +123,22 @@ if [[ "$(id -u)" != 0 ]]; then
     fatal "must be ran as root"
 fi
 
+apt-get remove -y -q docker.io docker-doc docker-compose podman-docker containerd runc
+
 mkdir -p /var/lib/stalwart-mail
 apt-get update -y -q
-apt-get install jq gettext-base diffutils -y -q
+apt-get install ca-certificates curl jq gettext-base diffutils -y -q
 # force using overlay2 driver so btrfs snapshots will snapshot the entire system and not miss all the docker stuff
 mkdir -p /etc/docker
 write_config --src templates/etc/docker/daemon.json --dest /etc/docker/daemon.json
-apt-get install certbot docker-compose docker.io sudo openssl crudini git ssl-cert curl -y -q
+write_config --src templates/etc/apt/sources.list.d/docker.list \
+    --dest /etc/apt/sources.list.d/docker.list \
+    --var dpkg_arch="$(dpkg --print-architecture)" \
+    --var VERSION_CODENAME="$(. /etc/os-release && echo "$VERSION_CODENAME")"
+curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
+chmod a+r /etc/apt/keyrings/docker.asc
+apt-get update -y -q
+apt-get install certbot docker-ce docker-ce-cli containerd.io docker-compose-plugin sudo openssl crudini git ssl-cert -y -q
 if ((${#test_ca_list[@]})); then
     install -m 644 "${test_ca_list[0]}" /usr/local/share/ca-certificates/test-root.crt
     install -m 644 "${test_ca_list[1]}" /usr/local/share/ca-certificates/test-root2.crt
@@ -207,7 +216,7 @@ for _ in {0..30}; do
 done
 echo "server up"
 certbot_args=(certonly -n --email "postmaster@$BASE_DOMAIN_NAME" "--server=$ACME_SERVER_URL" --cert-name server --agree-tos --webroot --webroot-path /var/www)
-certbot_args+=(--disable-hook-validation --post-hook "cd '$wd' && docker-compose -p server restart")
+certbot_args+=(--disable-hook-validation --post-hook "cd '$wd' && docker compose -p server restart")
 for subdomain in "${subdomains[@]}"; do
     if [[ -n "$subdomain" ]]; then
         subdomain+=.
@@ -218,7 +227,7 @@ done
 retry_if_failed certbot "${certbot_args[@]}"
 trap EXIT
 docker stop "$nginx_container"
-DOCKER_BUILDKIT=1 docker-compose -p server up -d
+DOCKER_BUILDKIT=1 docker compose -p server up -d
 sleep 10
 if [[ -n "$mail_passwd_hash" ]]; then
     forgejo_smtp_passwd="$(crudini --get /etc/forgejo/app.ini mailer PASSWD)"
@@ -227,7 +236,7 @@ if [[ -n "$mail_passwd_hash" ]]; then
     curl -u "admin:$mail_passwd" "https://mail.$BASE_DOMAIN_NAME/api/dkim" --data-binary '{"id":null,"algorithm":"Rsa","domain":"'"$BASE_DOMAIN_NAME"'","selector":null}' > /dev/null
     stalwart-cli account create -d 'Admin Account' -i true -a "postmaster@$BASE_DOMAIN_NAME" 'admin' "$mail_passwd"
     stalwart-cli account create -d 'Forgejo Server' -i false -a "forgejo@$BASE_DOMAIN_NAME" 'forgejo' "$forgejo_smtp_passwd"
-    add_postmaster=(docker-compose -p server exec -T -u git forgejo forgejo admin user create --admin --username postmaster --password "$mail_passwd" --email "postmaster@$BASE_DOMAIN_NAME")
+    add_postmaster=(docker compose -p server exec -T -u git forgejo forgejo admin user create --admin --username postmaster --password "$mail_passwd" --email "postmaster@$BASE_DOMAIN_NAME")
     retry_if_failed -q "${add_postmaster[@]}"
     forum_smtp_passwd="$(sed 's/^ *DISCOURSE_SMTP_PASSWORD: "*\([^"]*\)"$/\1/p; d' < /var/discourse/containers/app.yml)"
     [[ -n "$forum_smtp_passwd" ]] || fatal "can't parse smtp password out of /var/discourse/containers/app.yml"
diff --git a/templates/etc/apt/sources.list.d/docker.list b/templates/etc/apt/sources.list.d/docker.list
new file mode 100644
index 0000000..63b9b89
--- /dev/null
+++ b/templates/etc/apt/sources.list.d/docker.list
@@ -0,0 +1 @@
+deb [arch=$dpkg_arch signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $VERSION_CODENAME stable
\ No newline at end of file
diff --git a/templates/etc/docker/daemon.json b/templates/etc/docker/daemon.json
index 9b4b9b3..00798a6 100644
--- a/templates/etc/docker/daemon.json
+++ b/templates/etc/docker/daemon.json
@@ -2,41 +2,6 @@
     "storage-driver": "overlay2",
     "ipv6": true,
     "fixed-cidr-v6": "fd57:d7e4:f221::/64",
-    "experimental": true,
     "ip6tables": true,
-    "userland-proxy": false,
-    "default-address-pools": [
-        {
-            "base": "172.17.0.0/16",
-            "size": 16
-        },
-        {
-            "base": "172.18.0.0/16",
-            "size": 16
-        },
-        {
-            "base": "172.19.0.0/16",
-            "size": 16
-        },
-        {
-            "base": "172.20.0.0/14",
-            "size": 16
-        },
-        {
-            "base": "172.24.0.0/14",
-            "size": 16
-        },
-        {
-            "base": "172.28.0.0/14",
-            "size": 16
-        },
-        {
-            "base": "fd57:d7e4:f221:1::/64",
-            "size": 64
-        },
-        {
-            "base": "fd57:d7e4:f221:2::/64",
-            "size": 64
-        }
-    ]
+    "userland-proxy": true
 }
diff --git a/templates/var/lib/stalwart-mail/cli.sh b/templates/var/lib/stalwart-mail/cli.sh
index 3142209..112b8e0 100644
--- a/templates/var/lib/stalwart-mail/cli.sh
+++ b/templates/var/lib/stalwart-mail/cli.sh
@@ -1,5 +1,5 @@
 mail_passwd="$mail_passwd"
 function stalwart-cli()
 {
-    (cd "$wd" && CREDENTIALS="admin:$mail_passwd" exec docker-compose -p server exec -T -e CREDENTIALS mail stalwart-cli -u "http://localhost" "$@")
+    (cd "$wd" && CREDENTIALS="admin:$mail_passwd" exec docker compose -p server exec -T -e CREDENTIALS mail stalwart-cli -u "http://localhost" "$@")
 }