Initial

Author: quietsy

Dockerfile

@@ -0,0 +1,83 @@
+FROM ghcr.io/linuxserver/baseimage-alpine:edge AS buildstage
+
+ARG SL_RELEASE
+
+RUN \
+  echo "**** install build packages ****" && \
+  apk add \
+    nodejs \
+    npm \
+    p7zip \
+    zip
+
+RUN \
+  echo "**** grab simplelogin ****" && \
+  mkdir /simplelogin && \
+  if [ -z ${SL_RELEASE+x} ]; then \
+    SL_RELEASE=$(curl -sX GET "https://api.github.com/repos/simple-login/app/releases/latest" \
+      | jq -r '. | .tag_name'); \
+  fi && \
+  curl -o \
+    /tmp/simplelogin.tar.gz -L \
+    "https://github.com/simple-login/app/archive/${SL_RELEASE}.tar.gz" && \
+  tar xf \
+    /tmp/simplelogin.tar.gz -C \
+    /simplelogin/ --strip-components=1
+
+RUN \
+  echo "**** build simplelogin ****" && \
+  cd /simplelogin/static && \
+  npm ci
+
+FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
+
+# set version label
+ARG BUILD_DATE
+ARG VERSION
+LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
+LABEL maintainer="quietsy"
+
+COPY --from=buildstage /simplelogin/ /code/
+
+WORKDIR /code
+
+ENV PATH="$HOME/.local/bin:/code/.venv/bin:$PATH"
+
+# Install deps
+RUN \
+  echo "**** install build packages ****" && \
+  apt-get update && \
+  apt-get install -y \
+    git \
+    libre2-dev \
+    pkg-config \
+    ninja-build \
+    clang && \
+  curl -o /tmp/uv-installer.sh -L https://astral.sh/uv/install.sh && \
+  sh /tmp/uv-installer.sh && \
+  uv python install `cat .python-version` && \
+  uv sync --locked && \
+  echo "**** install runtime packages ****" && \
+  apt-get install -y \
+    gnupg \
+    libre2-10 && \
+  echo "**** cleanup ****" && \
+  apt-get purge -y \
+    git \
+    libre2-dev \
+    pkg-config \
+    ninja-build \
+    clang && \
+  apt-get autoremove -y && \
+  apt-get autoclean -y && \
+  rm -rf \
+    /var/lib/apt/lists \
+    $HOME/.cache \
+    /tmp/*
+
+# copy local files
+COPY root/ /
+
+# ports and volumes
+EXPOSE 7777
+VOLUME /config

root/defaults/simplelogin.env

@@ -0,0 +1,198 @@
+# This file contains all available options in SimpleLogin.
+# Some are optional and are commented out by default.
+# Some are only relevant for our SaaS version, for example for payment integration, analytics, etc.
+
+# Server url
+URL=http://localhost:7777
+
+# If you want to enable sentry for error tracking, put your sentry dsn here.
+# SENTRY_DSN=your_sentry_dsn
+
+# Possible to use another sentry project for the front-end to avoid noises
+# If not set, fallback to SENTRY_DSN
+# SENTRY_FRONT_END_DSN=your_sentry_dsn
+
+# apply colored log to facilitate local development
+# COLOR_LOG=true
+
+# Only print email content, not sending it, for local development
+# NOT_SEND_EMAIL=true
+
+# domain used to create alias
+EMAIL_DOMAIN=sl.local
+
+# Allow SimpleLogin to enforce SPF by using the extra headers from postfix
+# ENFORCE_SPF=true
+
+# other domains that can be used to create aliases, in addition to EMAIL_DOMAIN
+# OTHER_ALIAS_DOMAINS=["domain1.com", "domain2.com"]
+
+# domains that can be used to create aliases. If set, override OTHER_ALIAS_DOMAINS
+# ALIAS_DOMAINS=["domain1.com", "domain2.com"]
+
+# (optional) domains that are only available to premium accounts
+# PREMIUM_ALIAS_DOMAINS=["premium.com"]
+
+# the alias domain used when creating the first alias for user, default to EMAIL_DOMAIN if not set
+# FIRST_ALIAS_DOMAIN = another-domain.com
+
+# transactional email is sent from this email address
+SUPPORT_EMAIL=[email protected]
+SUPPORT_NAME=Son from SimpleLogin
+
+# To use VERP
+# prefix must end with + and suffix must start with +
+# BOUNCE_PREFIX = "bounces+"
+# BOUNCE_SUFFIX = "[email protected]"
+# same as BOUNCE_PREFIX but used for reply phase. Note it doesn't have the plus sign (+) at the end.
+# BOUNCE_PREFIX_FOR_REPLY_PHASE = "bounce_reply"
+
+# to receive general stats.
+# [email protected]
+
+# Max number emails user can generate for free plan
+# Set to 5 by default
+MAX_NB_EMAIL_FREE_PLAN=10000
+
+# Close registration. Avoid people accidentally creating new account on a self-hosted SimpleLogin
+# DISABLE_REGISTRATION=1
+
+# custom domain needs to point to these MX servers
+EMAIL_SERVERS_WITH_PRIORITY=[(10, "email.hostname.")]
+
+# By default, new aliases must end with ".{random_word}". This is to avoid a person taking all "nice" aliases.
+# this option doesn't make sense in self-hosted. Set this variable to disable this option.
+DISABLE_ALIAS_SUFFIX=1
+
+# If you want to use another MTA to send email, you could set the address of your MTA here
+# By default, emails are sent using the the same Postfix server that receives emails
+# POSTFIX_SERVER=my-postfix.com
+
+# the DKIM private key used to compute DKIM-Signature
+DKIM_PRIVATE_KEY_PATH=/config/dkim.key
+
+# DB Connection
+DB_URI=postgresql://myuser:mypassword@localhost:5432/simplelogin
+
+FLASK_SECRET=secret
+
+# AWS params
+# BUCKET=to_fill
+# AWS_ACCESS_KEY_ID=to_fill
+# AWS_SECRET_ACCESS_KEY=to_fill
+# AWS_REGION=to_fill
+
+# Paddle
+# PADDLE_VENDOR_ID=123
+# PADDLE_MONTHLY_PRODUCT_ID=123
+# PADDLE_YEARLY_PRODUCT_ID=123
+# PADDLE_PUBLIC_KEY_PATH=local_data/paddle.key.pub
+# PADDLE_AUTH_CODE=123
+
+# OpenId key
+# OPENID_PRIVATE_KEY_PATH=local_data/jwtRS256.key
+# OPENID_PUBLIC_KEY_PATH=local_data/jwtRS256.key.pub
+
+# Words to generate random email alias
+WORDS_FILE_PATH=local_data/test_words.txt
+
+# Login with Github
+# GITHUB_CLIENT_ID=to_fill
+# GITHUB_CLIENT_SECRET=to_fill
+
+# Login with Google
+# GOOGLE_CLIENT_ID=to_fill
+# GOOGLE_CLIENT_SECRET=to_fill
+
+# Login with Facebook
+# FACEBOOK_CLIENT_ID=to_fill
+# FACEBOOK_CLIENT_SECRET=to_fill
+
+# Login with Proton
+# PROTON_CLIENT_ID=to_fill
+# PROTON_CLIENT_SECRET=to_fill
+# PROTON_BASE_URL=to_fill
+# PROTON_VALIDATE_CERTS=true
+# CONNECT_WITH_PROTON=true
+# CONNECT_WITH_PROTON_COOKIE_NAME=to_fill
+
+# Login with OIDC
+# CONNECT_WITH_OIDC_ICON=fa-github
+# OIDC_WELL_KNOWN_URL=to_fill
+# OIDC_SCOPES=openid email profile
+# OIDC_NAME_FIELD=name
+# OIDC_CLIENT_ID=to_fill
+# OIDC_CLIENT_SECRET=to_fill
+
+# Flask profiler
+# FLASK_PROFILER_PATH=/tmp/flask-profiler.sql
+# FLASK_PROFILER_PASSWORD=password
+
+# Where to store GPG Keyring
+GNUPGHOME=/config/gnupg
+
+# By default, files are uploaded to s3
+# Set this variable to use the local "static/upload/" directory instead
+LOCAL_FILE_UPLOAD=true
+
+# The landing page
+# LANDING_PAGE_URL=https://simplelogin.io
+
+# The status page
+# STATUS_PAGE_URL=https://status.simplelogin.io
+
+# Used when querying info on Apple API
+# APPLE_API_SECRET=secret
+# MACAPP_APPLE_API_SECRET=secret
+
+# Disable onboarding emails
+# For self-hosted instance
+DISABLE_ONBOARDING=true
+
+# By default use postfix port 25. This param is used to override the Postfix port,
+# useful when using another SMTP server when developing locally
+# POSTFIX_PORT=1025
+
+# set the 2 below variables to enable hCaptcha
+# HCAPTCHA_SECRET=very_long_string
+# HCAPTCHA_SITEKEY=00000000-0000-0000-0000-000000000000
+
+# Set the 2 below variables to enable Plausible Analytics
+# PLAUSIBLE_HOST=https://plausible.io
+# PLAUSIBLE_DOMAIN=yourdomain.com
+
+# Spamassassin server
+# SPAMASSASSIN_HOST = 127.0.0.1
+
+# if set, used to sign the forwarding emails
+# PGP_SENDER_PRIVATE_KEY_PATH=local_data/private-pgp.asc
+
+# Coinbase
+# COINBASE_WEBHOOK_SECRET=to_fill
+# COINBASE_CHECKOUT_ID=to_fill
+# COINBASE_API_KEY=to_fill
+# COINBASE_YEARLY_PRICE=30.00
+
+# set the frequency limit on alias creation
+# ALIAS_LIMIT = "100/day;50/hour;5/minute"
+
+# whether to enable spam scan using SpamAssassin
+# ENABLE_SPAM_ASSASSIN = 1
+
+# Have I Been Pwned
+# HIBP_SCAN_INTERVAL_DAYS = 7
+# HIBP_API_KEYS=[]
+
+# POSTMASTER = [email protected]
+
+# TEMP_DIR = /tmp
+
+# ALIAS_AUTOMATIC_DISABLE=true
+
+# domains that can be present in the &next= section when using absolute urls
+ALLOWED_REDIRECT_DOMAINS=[]
+
+# DNS nameservers to be used by the app
+# Multiple nameservers can be specified, separated by ','
+NAMESERVERS="1.1.1.1"
+PARTNER_API_TOKEN_SECRET="changeme"

root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-sl-config

@@ -0,0 +1,49 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+mkdir -p \
+    /config/gnupg \
+    /config/upload
+
+if [[ ! -f "/config/dkim.key" ]]; then
+    openssl genrsa -out /config/dkim.key -traditional 1024
+fi
+
+if [[ ! -f "/config/dkim.pub.key" ]]; then
+    openssl rsa -in /config/dkim.key -pubout -out /config/dkim.pub.key
+fi
+
+if [[ ! -f "/config/simplelogin.env" ]]; then
+    cp /defaults/simplelogin.env /config/simplelogin.env
+fi
+
+lsiown -R abc:abc /config
+
+ln -s /config /sl
+ln -s /config/upload /code/static/upload
+cp /config/simplelogin.env /code/.env
+
+if [[ -z "${DB_URI}" ]]; then
+    echo "*** No DB_URI set, cannot configure database settings. ***"
+    sleep infinity
+else
+    echo "*** Waiting for DB_URI ${DB_URI} to be reachable. ***"
+    DBCOUNT=0
+    HOST=$(echo $DB_URI | awk -F[:@/] '{print $6}')
+    PORT=$(echo $DB_URI | awk -F[:@/] '{print $7}')
+    while true; do
+        if nc -w1 "${HOST}" "${PORT}" >/dev/null 2>&1; then
+            break
+        fi
+        DBCOUNT=$((DBCOUNT+1))
+        if [[ ${DBCOUNT} -gt 6 ]]; then
+            echo "*** Defined DB_URI ${DB_URI} is not reachable, cannot proceed. ***"
+            sleep infinity
+        fi
+        sleep 5
+    done
+fi
+
+cd /code
+alembic upgrade head
+/code/.venv/bin/python /code/init_app.py

root/etc/s6-overlay/s6-rc.d/init-sl-config/dependencies.d/init-config

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-sl-config/run

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-sl-config/run

root/etc/s6-overlay/s6-rc.d/init-sl-config/type

@@ -0,0 +1 @@
+3

root/etc/s6-overlay/s6-rc.d/init-sl-config/up

@@ -0,0 +1,5 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+exec s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 7777" \
+    cd /code /code/.venv/bin/gunicorn wsgi:app -b 0.0.0.0:7777 -w 1 --timeout 15