Add complete infrastructure automation and documentation
Some checks failed
Deploy to Production / Deploy to Server (push) Has been cancelled
Some checks failed
Deploy to Production / Deploy to Server (push) Has been cancelled
- infrastructure/setup.sh: Master provisioning script for fresh Ubuntu servers - infrastructure/docker-compose.yml: Production Docker Compose configuration - infrastructure/.env.template: Environment variables template - infrastructure/nginx/: Nginx configuration with security headers - infrastructure/postfix/: Postfix + OpenDKIM email configuration - infrastructure/README.md: Complete disaster recovery guide - scripts/docfast-backup.sh: SQLite backup script with rotation All services now fully reproducible with documented disaster recovery procedures.
This commit is contained in:
openclawd
parent
d99eea517c
commit
3820d7ea4d
9 changed files with 766 additions and 0 deletions
11
infrastructure/postfix/TrustedHosts
Normal file
11
infrastructure/postfix/TrustedHosts
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
# OpenDKIM Trusted Hosts
|
||||
# These hosts are allowed to send mail through this server
|
||||
|
||||
# Localhost
|
||||
127.0.0.1
|
||||
localhost
|
||||
|
||||
# Docker networks (adjust based on your Docker setup)
|
||||
172.17.0.0/16
|
||||
172.18.0.0/16
|
||||
172.19.0.0/16
|
||||
44
infrastructure/postfix/main.cf
Normal file
44
infrastructure/postfix/main.cf
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
# Postfix main configuration for DocFast
|
||||
# Minimal SMTP relay for application email sending
|
||||
|
||||
# Basic configuration
|
||||
smtpd_banner = $myhostname ESMTP
|
||||
biff = no
|
||||
append_dot_mydomain = no
|
||||
readme_directory = no
|
||||
compatibility_level = 3.6
|
||||
|
||||
# Network configuration
|
||||
myhostname = docfast.dev
|
||||
mydomain = docfast.dev
|
||||
myorigin = docfast.dev
|
||||
inet_interfaces = 127.0.0.1, 172.17.0.1 # localhost + Docker bridge
|
||||
inet_protocols = ipv4
|
||||
mydestination = # Empty = relay only, no local delivery
|
||||
mynetworks = 127.0.0.0/8, 172.17.0.0/16, 172.18.0.0/16
|
||||
|
||||
# TLS configuration
|
||||
smtp_tls_security_level = may
|
||||
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
||||
|
||||
# OpenDKIM integration
|
||||
milter_protocol = 6
|
||||
milter_default_action = accept
|
||||
smtpd_milters = inet:localhost:8891
|
||||
non_smtpd_milters = $smtpd_milters
|
||||
|
||||
# Size limits
|
||||
mailbox_size_limit = 0
|
||||
message_size_limit = 10240000 # 10MB
|
||||
|
||||
# Other settings
|
||||
recipient_delimiter = +
|
||||
disable_vrfy_command = yes
|
||||
smtpd_helo_required = yes
|
||||
|
||||
# Rate limiting
|
||||
smtpd_client_connection_count_limit = 10
|
||||
smtpd_client_connection_rate_limit = 10
|
||||
|
||||
# Logging
|
||||
maillog_file = /var/log/postfix.log
|
||||
38
infrastructure/postfix/opendkim.conf
Normal file
38
infrastructure/postfix/opendkim.conf
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
# OpenDKIM Configuration for DocFast
|
||||
|
||||
# Logging
|
||||
Syslog yes
|
||||
SyslogSuccess yes
|
||||
LogWhy yes
|
||||
|
||||
# Operating mode (s = sign, v = verify, sv = both)
|
||||
Mode sv
|
||||
|
||||
# Canonicalization
|
||||
Canonicalization relaxed/simple
|
||||
|
||||
# Domain and selector
|
||||
Domain docfast.dev
|
||||
Selector mail
|
||||
KeyFile /etc/opendkim/keys/docfast.dev/mail.private
|
||||
|
||||
# Network
|
||||
Socket inet:8891@localhost
|
||||
PidFile /run/opendkim/opendkim.pid
|
||||
|
||||
# Security
|
||||
OversignHeaders From
|
||||
TrustAnchorFile /usr/share/dns/root.key
|
||||
UserID opendkim
|
||||
|
||||
# Trusted hosts (who can send mail through this server)
|
||||
InternalHosts /etc/opendkim/TrustedHosts
|
||||
ExternalIgnoreList /etc/opendkim/TrustedHosts
|
||||
|
||||
# Additional security options
|
||||
RequireSafeKeys yes
|
||||
SendReports yes
|
||||
ReportAddress "postmaster@docfast.dev"
|
||||
|
||||
# Performance
|
||||
MaximumHeaders 30
|
||||
Loading…
Add table
Add a link
Reference in a new issue