extract config files out of setup.sh

templates/etc/docker/daemon.json

@@ -0,0 +1,3 @@
+{
+    "storage-driver": "overlay2"
+}

templates/etc/forgejo/app.ini

@@ -0,0 +1,108 @@
+APP_NAME = Libre-Chip.org
+RUN_MODE = prod
+RUN_USER = git
+WORK_PATH = /data/gitea
+
+[repository]
+ROOT = /data/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH = /data/gitea
+DOMAIN = git.$BASE_DOMAIN_NAME
+SSH_DOMAIN = git.$BASE_DOMAIN_NAME
+HTTP_PORT = 3000
+ROOT_URL = https://git.$BASE_DOMAIN_NAME/
+DISABLE_SSH = false
+SSH_PORT = 22
+SSH_LISTEN_PORT = 22
+LFS_START_SERVER = true
+OFFLINE_MODE = false
+LFS_JWT_SECRET = $(forgejo generate secret LFS_JWT_SECRET)
+
+[database]
+PATH = /data/gitea/gitea.db
+DB_TYPE = sqlite3
+HOST = localhost:3306
+NAME = gitea
+USER = root
+PASSWD = 
+LOG_SQL = false
+SCHEMA = 
+SSL_MODE = disable
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+PROVIDER = file
+
+[picture]
+AVATAR_UPLOAD_PATH = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+MODE = console
+LEVEL = info
+ROOT_PATH = /data/gitea/log
+
+[security]
+INSTALL_LOCK = true
+SECRET_KEY = $SECRET_KEY
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
+PASSWORD_HASH_ALGO = pbkdf2_hi
+DISABLE_GIT_HOOKS = false
+INTERNAL_TOKEN = $INTERNAL_TOKEN
+
+[service]
+DISABLE_REGISTRATION = false
+REQUIRE_SIGNIN_VIEW = false
+REGISTER_EMAIL_CONFIRM = true
+ENABLE_NOTIFY_MAIL = true
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA = true
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = false
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = noreply.$BASE_DOMAIN_NAME
+
+[lfs]
+PATH = /data/git/lfs
+
+[mailer]
+ENABLED = true
+PROTOCOL = smtps
+SMTP_ADDR = mail.$BASE_DOMAIN_NAME
+SMTP_PORT = 465
+FROM = forgejo@$BASE_DOMAIN_NAME
+USER = forgejo
+PASSWD = $MAIL_PASSWD
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+
+[cron.update_checker]
+ENABLED = false
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer
+
+[ssh.minimum_key_sizes]
+RSA = 2047
+
+[oauth2]
+JWT_SECRET = $JWT_SECRET

templates/usr/local/bin/gitea

@@ -0,0 +1,3 @@
+#!/bin/bash
+printf -v args '%q ' "$SSH_ORIGINAL_COMMAND" "$0" "$@"
+exec ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=$args"

templates/var/discourse/containers/app.yml

@@ -0,0 +1,174 @@
+## this is the all-in-one, standalone Discourse Docker container template
+##
+## After making changes to this file, you MUST rebuild
+## /var/discourse/launcher rebuild app
+##
+## Based on https://meta.discourse.org/t/run-other-websites-on-the-same-machine-as-discourse/17247
+
+templates:
+  - "templates/postgres.template.yml"
+  - "templates/redis.template.yml"
+  - "templates/web.template.yml"
+  ## Uncomment the next line to enable the IPv6 listener
+  #- "templates/web.ipv6.template.yml"
+  - "templates/web.ratelimited.template.yml"
+  - "templates/web.socketed.template.yml"
+  ## Uncomment these two lines if you wish to add Lets Encrypt (https)
+  #- "templates/web.ssl.template.yml"
+  #- "templates/web.letsencrypt.ssl.template.yml"
+
+## which TCP/IP ports should this container expose?
+## If you want Discourse to share a port with another webserver like Apache or nginx,
+## see https://meta.discourse.org/t/17247 for details
+#expose:
+#  - "80:80"   # http
+#  - "443:443" # https
+
+params:
+  db_default_text_search_config: "pg_catalog.english"
+
+  ## Set db_shared_buffers to a max of 25% of the total memory.
+  ## will be set automatically by bootstrap based on detected RAM, or you can override
+  db_shared_buffers: "512MB"
+
+  ## can improve sorting performance, but adds memory usage per-connection
+  #db_work_mem: "40MB"
+
+  ## Which Git revision should this container use? (default: tests-passed)
+  #version: tests-passed
+
+env:
+  LC_ALL: en_US.UTF-8
+  LANG: en_US.UTF-8
+  LANGUAGE: en_US.UTF-8
+  # DISCOURSE_DEFAULT_LOCALE: en
+
+  ## How many concurrent web requests are supported? Depends on memory and CPU cores.
+  ## will be set automatically by bootstrap based on detected CPUs, or you can override
+  UNICORN_WORKERS: 4
+
+  ## TODO: The domain name this Discourse instance will respond to
+  ## Required. Discourse will not work with a bare IP number.
+  DISCOURSE_HOSTNAME: forum.${BASE_DOMAIN_NAME}
+
+  ## Uncomment if you want the container to be started with the same
+  ## hostname (-h option) as specified above (default "$hostname-$config")
+  #DOCKER_USE_HOSTNAME: true
+
+  ## TODO: List of comma delimited emails that will be made admin and developer
+  ## on initial signup example 'user1@example.com,user2@example.com'
+  DISCOURSE_DEVELOPER_EMAILS: 'postmaster@${BASE_DOMAIN_NAME}'
+
+  ## TODO: The SMTP mail server used to validate new accounts and send notifications
+  # SMTP ADDRESS, username, and password are required
+  # WARNING the char '#' in SMTP password can cause problems!
+  DISCOURSE_SMTP_ADDRESS: ${BASE_DOMAIN_NAME}
+  DISCOURSE_SMTP_PORT: 587
+  DISCOURSE_SMTP_USER_NAME: forum-noreply
+  DISCOURSE_SMTP_PASSWORD: "${forum_smtp_passwd}"
+  #DISCOURSE_SMTP_ENABLE_START_TLS: true           # (optional, default true)
+  DISCOURSE_SMTP_DOMAIN: ${BASE_DOMAIN_NAME}
+  DISCOURSE_NOTIFICATION_EMAIL: forum-noreply@${BASE_DOMAIN_NAME}
+
+  ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
+  #LETSENCRYPT_ACCOUNT_EMAIL: me@example.com
+
+  ## The http or https CDN address for this Discourse instance (configured to pull)
+  ## see https://meta.discourse.org/t/14857 for details
+  #DISCOURSE_CDN_URL: https://discourse-cdn.example.com
+
+  ## The maxmind geolocation IP account ID and license key for IP address lookups
+  ## see https://meta.discourse.org/t/-/173941 for details
+  #DISCOURSE_MAXMIND_ACCOUNT_ID: 123456
+  #DISCOURSE_MAXMIND_LICENSE_KEY: 1234567890123456
+
+## The Docker container is stateless; all data is stored in /shared
+volumes:
+  - volume:
+      host: /var/discourse/shared/standalone
+      guest: /shared
+  - volume:
+      host: /var/discourse/shared/standalone/log/var-log
+      guest: /var/log
+  - volume:
+      host: /usr/local/share/ca-certificates
+      guest: /usr/local/share/ca-certificates:ro
+
+## Plugins go here
+## see https://meta.discourse.org/t/19157 for details
+hooks:
+  after_code:
+    - exec:
+        cd: $home/plugins
+        cmd:
+          - git clone https://github.com/discourse/docker_manager.git
+
+## Any custom commands to run after building
+run:
+  - exec: echo "Beginning of custom commands"
+  - exec: |-
+      if rails r 'exit(1) if User.find_by_email("postmaster@${BASE_DOMAIN_NAME}")'; then
+          rails r "SiteSetting.pop3_polling_openssl_verify = false" || exit
+          rails site_settings:import <<EOF2 || exit
+      ---
+      title: Libre-Chip Forum
+      exclude_rel_nofollow_domains: ${BASE_DOMAIN_NAME}
+      share_links: email
+      share_quote_buttons: email
+      default_dark_mode_color_scheme_id: '1'
+      enable_badges: 'false'
+      pending_users_reminder_delay_minutes: '5'
+      title_prettify: 'false'
+      title_fancy_entities: 'false'
+      enable_markdown_typographer: 'false'
+      highlighted_languages: bash|c|cpp|csharp|css|diff|ini|javascript|json|lua|makefile|markdown|plaintext|python|python-repl|rust|shell|typescript|xml|yaml|wasm|llvm|coq|x86asm|verilog|vhdl|scala
+      enable_emoji_shortcuts: 'false'
+      reply_by_email_address: forum+%{reply_key}@${BASE_DOMAIN_NAME}
+      pop3_polling_period_mins: '1'
+      pop3_polling_host: ${BASE_DOMAIN_NAME}
+      pop3_polling_username: forum
+      pop3_polling_password: ${forum_smtp_passwd}
+      pop3_polling_enabled: 'true'
+      reply_by_email_enabled: 'true'
+      log_mail_processing_failures: 'true'
+      email_in: 'true'
+      email_in_allowed_groups: 1|2|0
+      default_trust_level: '1'
+      force_https: 'true'
+      moderators_manage_categories_and_groups: 'true'
+      moderators_view_emails: 'true'
+      allowed_iframes: https://www.google.com/maps/embed?|https://www.openstreetmap.org/export/embed.html?|https://calendar.google.com/calendar/embed?|https://codepen.io/|http://forum.${BASE_DOMAIN_NAME}/discobot/certificate.svg|https://forum.${BASE_DOMAIN_NAME}/discobot/certificate.svg
+      default_navigation_menu_categories: 2|3|4
+      automatic_backups_enabled: 'false'
+      sequential_replies_threshold: '4'
+      get_a_room_threshold: '10000'
+      default_composer_category: '4'
+      share_anonymized_statistics: 'false'
+      default_email_mailing_list_mode: 'true'
+      disable_mailing_list_mode: 'false'
+      enable_offline_indicator: 'true'
+      chat_enabled: 'false'
+      EOF2
+          rails r "SiteSetting.pop3_polling_openssl_verify = true" || exit
+          rails r - <<EOF2 || exit
+      u = User.new
+      u.email = "postmaster@${BASE_DOMAIN_NAME}"
+      u.username = "postmaster"
+      u.password = "$mail_passwd"
+      u.name = "Admin User"
+      u.save!
+      u.active = true
+      u.save!
+      u.grant_admin!
+      u.change_trust_level!(1) if u.trust_level < 1
+      u.email_tokens.update_all confirmed: true
+      u.activate
+      EOF2
+      fi
+  - file:
+      path: /etc/runit/1.d/000-update-certificates
+      chmod: "+x"
+      contents: |
+        #!/bin/bash
+        exec update-ca-certificates
+  - exec: echo "End of custom commands"

templates/var/lib/stalwart-mail/cli.sh

@@ -0,0 +1,5 @@
+mail_passwd="$mail_passwd"
+function stalwart-cli()
+{
+    (cd "$wd" && CREDENTIALS="admin:$mail_passwd" exec docker-compose -p server exec -T -e CREDENTIALS mail stalwart-cli -u "http://localhost" "$@")
+}

templates/var/lib/stalwart-mail/etc/config.toml

@@ -0,0 +1,70 @@
+[server.listener."smtp"]
+bind = ["[::]:25"]
+protocol = "smtp"
+
+[server.listener."submission"]
+bind = ["[::]:587"]
+protocol = "smtp"
+
+[server.listener."submissions"]
+bind = ["[::]:465"]
+protocol = "smtp"
+tls.implicit = true
+
+[server.listener."imaptls"]
+bind = ["[::]:993"]
+protocol = "imap"
+tls.implicit = true
+
+[server.listener.pop3s]
+bind = "[::]:995"
+protocol = "pop3"
+tls.implicit = true
+
+[server.listener.http]
+protocol = "http"
+bind = "[::]:80"
+
+[server.http]
+use-x-forwarded = true
+
+[certificate.default]
+cert = "%{file:/etc/letsencrypt/live/server/fullchain.pem}%"
+private-key = "%{file:/etc/letsencrypt/live/server/privkey.pem}%"
+default = true
+
+[storage]
+data = "rocksdb"
+fts = "rocksdb"
+blob = "rocksdb"
+lookup = "rocksdb"
+directory = "internal"
+
+[store.rocksdb]
+type = "rocksdb"
+path = "/opt/stalwart-mail/data"
+compression = "lz4"
+
+[directory.internal]
+type = "internal"
+store = "rocksdb"
+
+[tracer.log]
+type = "log"
+level = "info"
+path = "/opt/stalwart-mail/logs"
+prefix = "stalwart.log"
+rotate = "daily"
+ansi = false
+enable = true
+
+[authentication.fallback-admin]
+user = "admin"
+secret = "$mail_passwd_hash"
+
+[lookup.default]
+hostname = "mail.$BASE_DOMAIN_NAME"
+
+[session.auth]
+must-match-sender = [ {if = "authenticated_as == 'forum-noreply'", then = false},
+                      {else = true} ]