switch to upstream docker -- hopefully fixes ipv6 source address issues
This commit is contained in:
parent
a8f3a2fad8
commit
92bb25d2f0
|
@ -28,6 +28,8 @@ services:
|
||||||
links:
|
links:
|
||||||
- forgejo
|
- forgejo
|
||||||
- mail
|
- mail
|
||||||
|
networks:
|
||||||
|
- net_with_ipv6
|
||||||
labels:
|
labels:
|
||||||
- "com.centurylinklabs.watchtower.enable=true"
|
- "com.centurylinklabs.watchtower.enable=true"
|
||||||
forgejo:
|
forgejo:
|
||||||
|
@ -48,6 +50,8 @@ services:
|
||||||
- "127.0.0.1:2222:22"
|
- "127.0.0.1:2222:22"
|
||||||
links:
|
links:
|
||||||
- mail:mail.${BASE_DOMAIN_NAME}
|
- mail:mail.${BASE_DOMAIN_NAME}
|
||||||
|
networks:
|
||||||
|
- net_with_ipv6
|
||||||
labels:
|
labels:
|
||||||
- "com.centurylinklabs.watchtower.enable=true"
|
- "com.centurylinklabs.watchtower.enable=true"
|
||||||
mail:
|
mail:
|
||||||
|
@ -68,5 +72,12 @@ services:
|
||||||
- /etc/letsencrypt:/etc/letsencrypt:ro
|
- /etc/letsencrypt:/etc/letsencrypt:ro
|
||||||
- /etc/ssl/certs:/etc/ssl/certs:ro
|
- /etc/ssl/certs:/etc/ssl/certs:ro
|
||||||
- /usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro
|
- /usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro
|
||||||
|
networks:
|
||||||
|
- net_with_ipv6
|
||||||
# labels:
|
# labels:
|
||||||
# - "com.centurylinklabs.watchtower.enable=true"
|
# - "com.centurylinklabs.watchtower.enable=true"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
net_with_ipv6:
|
||||||
|
attachable: true
|
||||||
|
enable_ipv6: true
|
19
setup.sh
19
setup.sh
|
@ -123,13 +123,22 @@ if [[ "$(id -u)" != 0 ]]; then
|
||||||
fatal "must be ran as root"
|
fatal "must be ran as root"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
apt-get remove -y -q docker.io docker-doc docker-compose podman-docker containerd runc
|
||||||
|
|
||||||
mkdir -p /var/lib/stalwart-mail
|
mkdir -p /var/lib/stalwart-mail
|
||||||
apt-get update -y -q
|
apt-get update -y -q
|
||||||
apt-get install jq gettext-base diffutils -y -q
|
apt-get install ca-certificates curl jq gettext-base diffutils -y -q
|
||||||
# force using overlay2 driver so btrfs snapshots will snapshot the entire system and not miss all the docker stuff
|
# force using overlay2 driver so btrfs snapshots will snapshot the entire system and not miss all the docker stuff
|
||||||
mkdir -p /etc/docker
|
mkdir -p /etc/docker
|
||||||
write_config --src templates/etc/docker/daemon.json --dest /etc/docker/daemon.json
|
write_config --src templates/etc/docker/daemon.json --dest /etc/docker/daemon.json
|
||||||
apt-get install certbot docker-compose docker.io sudo openssl crudini git ssl-cert curl -y -q
|
write_config --src templates/etc/apt/sources.list.d/docker.list \
|
||||||
|
--dest /etc/apt/sources.list.d/docker.list \
|
||||||
|
--var dpkg_arch="$(dpkg --print-architecture)" \
|
||||||
|
--var VERSION_CODENAME="$(. /etc/os-release && echo "$VERSION_CODENAME")"
|
||||||
|
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
|
||||||
|
chmod a+r /etc/apt/keyrings/docker.asc
|
||||||
|
apt-get update -y -q
|
||||||
|
apt-get install certbot docker-ce docker-ce-cli containerd.io docker-compose-plugin sudo openssl crudini git ssl-cert -y -q
|
||||||
if ((${#test_ca_list[@]})); then
|
if ((${#test_ca_list[@]})); then
|
||||||
install -m 644 "${test_ca_list[0]}" /usr/local/share/ca-certificates/test-root.crt
|
install -m 644 "${test_ca_list[0]}" /usr/local/share/ca-certificates/test-root.crt
|
||||||
install -m 644 "${test_ca_list[1]}" /usr/local/share/ca-certificates/test-root2.crt
|
install -m 644 "${test_ca_list[1]}" /usr/local/share/ca-certificates/test-root2.crt
|
||||||
|
@ -207,7 +216,7 @@ for _ in {0..30}; do
|
||||||
done
|
done
|
||||||
echo "server up"
|
echo "server up"
|
||||||
certbot_args=(certonly -n --email "postmaster@$BASE_DOMAIN_NAME" "--server=$ACME_SERVER_URL" --cert-name server --agree-tos --webroot --webroot-path /var/www)
|
certbot_args=(certonly -n --email "postmaster@$BASE_DOMAIN_NAME" "--server=$ACME_SERVER_URL" --cert-name server --agree-tos --webroot --webroot-path /var/www)
|
||||||
certbot_args+=(--disable-hook-validation --post-hook "cd '$wd' && docker-compose -p server restart")
|
certbot_args+=(--disable-hook-validation --post-hook "cd '$wd' && docker compose -p server restart")
|
||||||
for subdomain in "${subdomains[@]}"; do
|
for subdomain in "${subdomains[@]}"; do
|
||||||
if [[ -n "$subdomain" ]]; then
|
if [[ -n "$subdomain" ]]; then
|
||||||
subdomain+=.
|
subdomain+=.
|
||||||
|
@ -218,7 +227,7 @@ done
|
||||||
retry_if_failed certbot "${certbot_args[@]}"
|
retry_if_failed certbot "${certbot_args[@]}"
|
||||||
trap EXIT
|
trap EXIT
|
||||||
docker stop "$nginx_container"
|
docker stop "$nginx_container"
|
||||||
DOCKER_BUILDKIT=1 docker-compose -p server up -d
|
DOCKER_BUILDKIT=1 docker compose -p server up -d
|
||||||
sleep 10
|
sleep 10
|
||||||
if [[ -n "$mail_passwd_hash" ]]; then
|
if [[ -n "$mail_passwd_hash" ]]; then
|
||||||
forgejo_smtp_passwd="$(crudini --get /etc/forgejo/app.ini mailer PASSWD)"
|
forgejo_smtp_passwd="$(crudini --get /etc/forgejo/app.ini mailer PASSWD)"
|
||||||
|
@ -227,7 +236,7 @@ if [[ -n "$mail_passwd_hash" ]]; then
|
||||||
curl -u "admin:$mail_passwd" "https://mail.$BASE_DOMAIN_NAME/api/dkim" --data-binary '{"id":null,"algorithm":"Rsa","domain":"'"$BASE_DOMAIN_NAME"'","selector":null}' > /dev/null
|
curl -u "admin:$mail_passwd" "https://mail.$BASE_DOMAIN_NAME/api/dkim" --data-binary '{"id":null,"algorithm":"Rsa","domain":"'"$BASE_DOMAIN_NAME"'","selector":null}' > /dev/null
|
||||||
stalwart-cli account create -d 'Admin Account' -i true -a "postmaster@$BASE_DOMAIN_NAME" 'admin' "$mail_passwd"
|
stalwart-cli account create -d 'Admin Account' -i true -a "postmaster@$BASE_DOMAIN_NAME" 'admin' "$mail_passwd"
|
||||||
stalwart-cli account create -d 'Forgejo Server' -i false -a "forgejo@$BASE_DOMAIN_NAME" 'forgejo' "$forgejo_smtp_passwd"
|
stalwart-cli account create -d 'Forgejo Server' -i false -a "forgejo@$BASE_DOMAIN_NAME" 'forgejo' "$forgejo_smtp_passwd"
|
||||||
add_postmaster=(docker-compose -p server exec -T -u git forgejo forgejo admin user create --admin --username postmaster --password "$mail_passwd" --email "postmaster@$BASE_DOMAIN_NAME")
|
add_postmaster=(docker compose -p server exec -T -u git forgejo forgejo admin user create --admin --username postmaster --password "$mail_passwd" --email "postmaster@$BASE_DOMAIN_NAME")
|
||||||
retry_if_failed -q "${add_postmaster[@]}"
|
retry_if_failed -q "${add_postmaster[@]}"
|
||||||
forum_smtp_passwd="$(sed 's/^ *DISCOURSE_SMTP_PASSWORD: "*\([^"]*\)"$/\1/p; d' < /var/discourse/containers/app.yml)"
|
forum_smtp_passwd="$(sed 's/^ *DISCOURSE_SMTP_PASSWORD: "*\([^"]*\)"$/\1/p; d' < /var/discourse/containers/app.yml)"
|
||||||
[[ -n "$forum_smtp_passwd" ]] || fatal "can't parse smtp password out of /var/discourse/containers/app.yml"
|
[[ -n "$forum_smtp_passwd" ]] || fatal "can't parse smtp password out of /var/discourse/containers/app.yml"
|
||||||
|
|
1
templates/etc/apt/sources.list.d/docker.list
Normal file
1
templates/etc/apt/sources.list.d/docker.list
Normal file
|
@ -0,0 +1 @@
|
||||||
|
deb [arch=$dpkg_arch signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $VERSION_CODENAME stable
|
|
@ -2,41 +2,6 @@
|
||||||
"storage-driver": "overlay2",
|
"storage-driver": "overlay2",
|
||||||
"ipv6": true,
|
"ipv6": true,
|
||||||
"fixed-cidr-v6": "fd57:d7e4:f221::/64",
|
"fixed-cidr-v6": "fd57:d7e4:f221::/64",
|
||||||
"experimental": true,
|
|
||||||
"ip6tables": true,
|
"ip6tables": true,
|
||||||
"userland-proxy": false,
|
"userland-proxy": true
|
||||||
"default-address-pools": [
|
|
||||||
{
|
|
||||||
"base": "172.17.0.0/16",
|
|
||||||
"size": 16
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"base": "172.18.0.0/16",
|
|
||||||
"size": 16
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"base": "172.19.0.0/16",
|
|
||||||
"size": 16
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"base": "172.20.0.0/14",
|
|
||||||
"size": 16
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"base": "172.24.0.0/14",
|
|
||||||
"size": 16
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"base": "172.28.0.0/14",
|
|
||||||
"size": 16
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"base": "fd57:d7e4:f221:1::/64",
|
|
||||||
"size": 64
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"base": "fd57:d7e4:f221:2::/64",
|
|
||||||
"size": 64
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
mail_passwd="$mail_passwd"
|
mail_passwd="$mail_passwd"
|
||||||
function stalwart-cli()
|
function stalwart-cli()
|
||||||
{
|
{
|
||||||
(cd "$wd" && CREDENTIALS="admin:$mail_passwd" exec docker-compose -p server exec -T -e CREDENTIALS mail stalwart-cli -u "http://localhost" "$@")
|
(cd "$wd" && CREDENTIALS="admin:$mail_passwd" exec docker compose -p server exec -T -e CREDENTIALS mail stalwart-cli -u "http://localhost" "$@")
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue