Pulumi code for my server setup
update tranquil, configure smarthost instead of msmtp
+48
-71
-14
services/haring/atproto/tranquil/msmtprc
-14
services/haring/atproto/tranquil/msmtprc
···
1
-
defaults
2
-
auth on
3
-
tls on
4
-
tls_trust_file /etc/ssl/certs/ca-certificates.crt
5
-
6
-
account migadu
7
-
host smtp.migadu.com
8
-
port 465
9
-
tls_starttls off
10
-
from tranquil@bas.sh
11
-
user hi@bas.sh
12
-
passwordeval sh -c 'echo "$SMTP_PASSWORD"'
13
-
14
-
account default: migadu
+48
-57
services/haring/atproto/tranquil/tranquil.ts
+48
-57
services/haring/atproto/tranquil/tranquil.ts
···
44
44
},
45
45
});
46
46
47
-
const msmtprcFile = new asset.FileAsset(path.join(import.meta.dirname, "msmtprc"));
48
-
const copyMsmtprc = new remote.CopyToRemote("tranquil-msmtprc", {
49
-
connection: defaultConnection,
50
-
source: msmtprcFile,
51
-
remotePath: "/home/bas/docker/tranquil/msmtprc",
52
-
});
53
-
54
47
const PDS_USER_HANDLE_DOMAINS = ["tranquil.bas.sh", "t.bas.sh", "on.bas.sh", "of.bas.sh"];
55
48
for (const host of PDS_USER_HANDLE_DOMAINS) {
56
49
new DnsRecord(`tranquil-${host}`, {
···
71
64
});
72
65
}
73
66
74
-
export const tranquilService = new ContainerService(
75
-
"tranquil",
76
-
{
77
-
localImage: tranquilImage.digest,
78
-
servicePort: 3000,
79
-
hostRule: "HostRegexp(`^(.+?\\.)?(t(ranquil)|o(n|f))\\.bas\\.sh$`)",
80
-
mounts: [
81
-
confMount("tranquil/backups", "/var/lib/tranquil/backups"),
82
-
confMount("tranquil/blobs", "/var/lib/tranquil/blobs"),
83
-
mount(copyMsmtprc.remotePath, "/etc/msmtprc", { kind: "file" }),
84
-
],
85
-
envs: {
86
-
DATABASE_URL: interpolate`postgres://postgres:${getEnv("POSTGRES_PASSWORD")}@${postgresTranquilService.container.name}/pds`,
87
-
PDS_HOSTNAME: "tranquil.bas.sh",
88
-
BLOB_STORAGE_PATH: "/var/lib/tranquil/blobs",
89
-
BACKUP_STORAGE_PATH: "/var/lib/tranquil/backups",
90
-
JWT_SECRET: getEnv("TRANQUIL_JWT_SECRET"),
91
-
DPOP_SECRET: getEnv("TRANQUIL_DPOP_SECRET"),
92
-
MASTER_KEY: getEnv("TRANQUIL_MASTER_KEY"),
93
-
MAIL_FROM_ADDRESS: "tranquil@bas.sh",
94
-
MAIL_FROM_NAME: "Tranquil PDS",
95
-
SMTP_PASSWORD: getEnv("SMTP_PASSWORD"),
96
-
DISCORD_BOT_TOKEN: getEnv("TRANQUIL_DISCORD_BOT_TOKEN"),
97
-
INVITE_CODE_REQUIRED: true,
98
-
ACCEPTING_REPO_IMPORTS: true,
99
-
PDS_USER_HANDLE_DOMAINS,
100
-
CONTACT_EMAIL: getEnv("EMAIL"),
101
-
PDS_AGE_ASSURANCE_OVERRIDE: true,
102
-
CRAWLERS: fetchRelays(),
103
-
},
104
-
labels: {
105
-
"traefik.http.middlewares.tranquil-redirect.redirectregex.regex":
106
-
"^https://(t|on)\\.bas\\.sh/(.*)$",
107
-
"traefik.http.middlewares.tranquil-redirect.redirectregex.replacement":
108
-
"https://tranquil.bas.sh/${2}",
109
-
"traefik.http.routers.tranquil-redirect.entrypoints": "https",
110
-
"traefik.http.routers.tranquil-redirect.rule": "HostRegexp(`^(t|on)\\.bas\\.sh$`)",
111
-
"traefik.http.routers.tranquil-redirect.middlewares": "cloudflare,tranquil-redirect",
67
+
export const tranquilService = new ContainerService("tranquil", {
68
+
localImage: tranquilImage.digest,
69
+
servicePort: 3000,
70
+
hostRule: "HostRegexp(`^(.+?\\.)?(t(ranquil)|o(n|f))\\.bas\\.sh$`)",
71
+
mounts: [
72
+
confMount("tranquil/backups", "/var/lib/tranquil/backups"),
73
+
confMount("tranquil/blobs", "/var/lib/tranquil/blobs"),
74
+
],
75
+
envs: {
76
+
DATABASE_URL: interpolate`postgres://postgres:${getEnv("POSTGRES_PASSWORD")}@${postgresTranquilService.container.name}/pds`,
77
+
PDS_HOSTNAME: "tranquil.bas.sh",
78
+
BLOB_STORAGE_PATH: "/var/lib/tranquil/blobs",
79
+
BACKUP_STORAGE_PATH: "/var/lib/tranquil/backups",
80
+
JWT_SECRET: getEnv("TRANQUIL_JWT_SECRET"),
81
+
DPOP_SECRET: getEnv("TRANQUIL_DPOP_SECRET"),
82
+
MASTER_KEY: getEnv("TRANQUIL_MASTER_KEY"),
83
+
MAIL_FROM_ADDRESS: "tranquil@bas.sh",
84
+
MAIL_FROM_NAME: "Tranquil PDS - Bas",
85
+
MAIL_SMARTHOST_HOST: "smtp.migadu.com",
86
+
MAIL_SMARTHOST_PORT: 465,
87
+
MAIL_SMARTHOST_USERNAME: "hi@bas.sh",
88
+
MAIL_SMARTHOST_PASSWORD: getEnv("SMTP_PASSWORD"),
89
+
MAIL_SMARTHOST_TLS: "implicit",
90
+
DISCORD_BOT_TOKEN: getEnv("TRANQUIL_DISCORD_BOT_TOKEN"),
91
+
INVITE_CODE_REQUIRED: true,
92
+
ACCEPTING_REPO_IMPORTS: true,
93
+
PDS_USER_HANDLE_DOMAINS,
94
+
CONTACT_EMAIL: getEnv("EMAIL"),
95
+
PDS_AGE_ASSURANCE_OVERRIDE: true,
96
+
CRAWLERS: fetchRelays(),
97
+
},
98
+
labels: {
99
+
"traefik.http.middlewares.tranquil-redirect.redirectregex.regex":
100
+
"^https://(t|on)\\.bas\\.sh/(.*)$",
101
+
"traefik.http.middlewares.tranquil-redirect.redirectregex.replacement":
102
+
"https://tranquil.bas.sh/${2}",
103
+
"traefik.http.routers.tranquil-redirect.entrypoints": "https",
104
+
"traefik.http.routers.tranquil-redirect.rule": "HostRegexp(`^(t|on)\\.bas\\.sh$`)",
105
+
"traefik.http.routers.tranquil-redirect.middlewares": "cloudflare,tranquil-redirect",
112
106
113
-
"traefik.http.middlewares.tranquil-user-redirect.redirectregex.regex":
114
-
"^https://(.+\\.(t(ranquil)?|o(n|f))\\.bas\\.sh)/(.*)$",
115
-
"traefik.http.middlewares.tranquil-user-redirect.redirectregex.replacement":
116
-
"https://bsky.app/profile/${1}",
117
-
"traefik.http.routers.tranquil-user-redirect.entrypoints": "https",
118
-
"traefik.http.routers.tranquil-user-redirect.rule":
119
-
"HostRegexp(`^.+\\.(t(ranquil)?|o(n|f))\\.bas\\.sh$`) && !PathPrefix(`/.well-known`)",
120
-
"traefik.http.routers.tranquil-user-redirect.middlewares":
121
-
"cloudflare,tranquil-user-redirect",
122
-
},
107
+
"traefik.http.middlewares.tranquil-user-redirect.redirectregex.regex":
108
+
"^https://(.+\\.(t(ranquil)?|o(n|f))\\.bas\\.sh)/(.*)$",
109
+
"traefik.http.middlewares.tranquil-user-redirect.redirectregex.replacement":
110
+
"https://bsky.app/profile/${1}",
111
+
"traefik.http.routers.tranquil-user-redirect.entrypoints": "https",
112
+
"traefik.http.routers.tranquil-user-redirect.rule":
113
+
"HostRegexp(`^.+\\.(t(ranquil)?|o(n|f))\\.bas\\.sh$`) && !PathPrefix(`/.well-known`)",
114
+
"traefik.http.routers.tranquil-user-redirect.middlewares": "cloudflare,tranquil-user-redirect",
123
115
},
124
-
{ dependsOn: [copyMsmtprc] },
125
-
);
116
+
});