internal listen 8080 port

.github/workflows/deploy.yml

@@ -8,4 +8,4 @@ jobs:
     steps:
       - run: install -m 700 -d ~/.ssh
       - run: install -m 600 <(echo '${{ secrets.DEPLOY_KEY }}') ~/.ssh/deploy_key
-      - run: ssh -i ~/.ssh/deploy_key -o 'StrictHostKeyChecking no' kou029w@fogtype.com 'sh -c "cd ~/fogtype.com && git pull --rebase && docker compose --project-name=keiunet up --detach --remove-orphans"'
+      - run: ssh -i ~/.ssh/deploy_key -o 'StrictHostKeyChecking no' kou029w@fogtype.com 'sh -c "cd ~/fogtype.com && git pull --rebase && docker compose up --detach --remove-orphans"'

compose.yml

@@ -1,3 +1,4 @@
+name: keiunet
 services:
   https:
     image: caddy:2.6.4-alpine@sha256:eefd3d61e9ee8f35e046f614982d9a970006e3943c6e5f09957a4048f4c80d35
@@ -14,6 +15,8 @@ services:
       - caddy_config:/config
     networks:
       - fogtype
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
   dns:
     image: coredns/coredns:1.10.1@sha256:a0ead06651cf580044aeb0a0feba63591858fb2e43ade8c9dea45a6a89ae7e5e
     restart: unless-stopped
@@ -62,11 +65,34 @@ services:
     restart: unless-stopped
     networks:
       - fogtype
+  mox:
+    image: r.xmox.nl/mox:latest@sha256:67a7619cea5bb6150d02a9c662a50266550d6d5f80c681e30f8f998e1deee52b
+    restart: on-failure
+    network_mode: host
+    environment:
+      MOX_DOCKER: "yes"
+    volumes:
+      - caddy_data:/var/lib/caddy/data:ro
+      - mox_data:/mox/data
+      - mox_config:/mox/config
+      - type: bind
+        source: ./etc/mox/config/mox.conf
+        target: /mox/config/mox.conf
+      - type: bind
+        source: ./etc/mox/config/domains.conf
+        target: /mox/config/domains.conf
+    healthcheck:
+      test: "netstat -nlt | grep ':25 '"
+      interval: "1s"
+      timeout: "1s"
+      retries: 10
 volumes:
   caddy_data:
   caddy_config:
   gotosocial_data:
   vikunja_data:
+  mox_data:
+  mox_config:
 networks:
   fogtype:
     ipam:

etc/caddy/Caddyfile

@@ -9,6 +9,7 @@ fogtype.com {
 		header access-control-allow-origin *
 		file_server
 	}
+	reverse_proxy /.well-known/mta-sts.txt host.docker.internal:8081
 	reverse_proxy http://gts:8080
 }
 www.fogtype.com {

etc/mox/config/domains.conf

@@ -0,0 +1,45 @@
+Domains:
+	fogtype.com:
+		LocalpartCatchallSeparator: +
+		DKIM:
+			Selectors:
+				2023a:
+					Expiration: 72h
+					PrivateKeyFile: dkim/2023a._domainkey.fogtype.com.key.pkcs8.pem
+				2023b:
+					Expiration: 72h
+					PrivateKeyFile: dkim/2023b._domainkey.fogtype.com.key.pkcs8.pem
+			Sign:
+				- 2023a
+		DMARC:
+			Localpart: dmarc-reports
+			Account: nebel
+			Mailbox: DMARC
+		MTASTS:
+			PolicyID: 20230420T000000
+			Mode: enforce
+			MaxAge: 24h
+		TLSRPT:
+			Localpart: tls-reports
+			Account: nebel
+			Mailbox: TLSRPT
+Accounts:
+	nebel:
+		Domain: fogtype.com
+		Destinations:
+			nebel: nil
+		SubjectPass:
+			Period: 12h
+		RejectsMailbox: Rejects
+		AutomaticJunkFlags:
+			Enabled: true
+			JunkMailboxRegexp: ^(junk|spam)
+			NeutralMailboxRegexp: ^(inbox|neutral|postmaster|dmarc|tlsrpt|rejects)
+		JunkFilter:
+			Threshold: 0.95
+			Params:
+				Onegrams: true
+				MaxPower: 0.01
+				TopWords: 10
+				IgnoreWords: 0.1
+				RareWords: 2

etc/mox/config/mox.conf

@@ -0,0 +1,39 @@
+DataDir: ../data
+LogLevel: info
+User: 1000
+Hostname: fogtype.com
+CheckUpdates: true
+AdminPasswordFile: adminpasswd
+Listeners:
+	internal:
+		IPs:
+			- 127.0.0.1
+		AccountHTTP:
+			Enabled: true
+			Port: 8080
+		AdminHTTP:
+			Enabled: true
+			Port: 8080
+		MetricsHTTP:
+			Enabled: true
+		MTASTSHTTPS:
+			Enabled: true
+			Port: 8081
+			NonTLS: true
+	public:
+		IPs:
+			- ::
+		TLS:
+			KeyCerts:
+				-
+					CertFile: /var/lib/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/fogtype.com/fogtype.com.crt
+					KeyFile: /var/lib/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/fogtype.com/fogtype.com.key
+		SMTP:
+			Enabled: true
+		Submissions:
+			Enabled: true
+		IMAPS:
+			Enabled: true
+Postmaster:
+	Account: nebel
+	Mailbox: Postmaster