jfraeysd/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
60 commits 1 branch 0 tags 261 KiB
Commit graph

4 commits

Author SHA1 Message Date
Jeremie Fraeys
dbe7b1b6b2
feat(docker): add timezone mounts to all containers for log sync 
Add /etc/localtime:/etc/localtime:ro volume mount to:
- alertmanager, authelia, traefik
- exporters (node-exporter, cadvisor)
- fail2ban, lldap, postfix
- forgejo, forgejo_runner
- grafana, loki, prometheus
- watchtower, app_core (postgres, redis)

Ensures container logs use host timezone for consistent timestamps.
 2026-03-06 15:13:52 -05:00
Jeremie Fraeys
3e0e97a00c
fix(postfix): enable TLS and fix Postmark authentication 
- Add Python script to extract certificates from Traefik acme.json
- Mount extracted certs to /etc/ssl in container for TLS support
- Enable smtpd_tls_security_level: may for incoming STARTTLS
- Remove failed_when: false on cert extraction to catch failures early
- Fix relayhost username to default to password (Postmark server token auth)
- Change default Postmark port from 2525 to 587 (blocked on some networks)
- Create SSL directory before extraction

Fixes: SMTP authentication failures and enables TLS for Authelia password reset
 2026-03-06 14:25:10 -05:00
Jeremie Fraeys
6ea9c060bd
feat(postfix): configure Postmark SMTP relay for transactional email 
- Change default relay port from 587 to 2525 (Postmark)
- Add Docker provider environment variables for API version compatibility
- Configure for Postmark server token authentication
 2026-03-06 10:31:39 -05:00
Jeremie Fraeys
78ad592664
Add core infrastructure security and utility roles 
- Add firewall role for UFW/iptables management
- Add fail2ban role for intrusion prevention with Docker-aware jails
- Add postfix role for mail relay capabilities
- Add backups role for automated infrastructure backups
  - systemd timer for scheduled backups
  - Backup scripts for Docker volumes and configurations
 2026-02-21 18:30:42 -05:00