# ketreweb containers

| Container             | Purpose                                        |
|:----------------------|:-----------------------------------------------|
| ketrenet-web          | Main webserver entry for https://ketrenos.com  | 
| ketrenet-mail         | Email MTA and mailbox management               |
| ketrenet-roundcube    | Email web interface. https://mail.ketrenos.com |
| ketrenet-cron         | Update letsencrypt keys, etc.                  |
| ketrenet-dns          | DNS server                                     |
| ketrenet-mailman-core | Mailman3 Core backend                          |
| ketrenet-mailman-web  | Mailman3 Web frontend                          |
| ketrenet-database     | Mailman3 Postgres DB                           |

## Disk structure

| Directory             | Purpose                                        |
|:----------------------|:-----------------------------------------------|
| $PWD/data/$SERVICE    | Logs, error reporting, databases               |
| $SERVICE/etc          | Configuration files for $SERVICE               |
| $PWD/www              | Web content hosted by ketrenet-web directly    |

## Update certificates

The cron job to update certificates isn't quite working yet. To update 
certificates:

```bash
docker exec -it ketrenet-cron /bin/bash
/usr/bin/certbot renew --no-self-upgrade --webroot \
    -w /var/www/ketrenos.com
/usr/bin/scp -q \
    -i /keys/opnsense-letsencrypt \
    /etc/letsencrypt/live/ketrenos.com/{fullchain,privkey}.pem \
    letsencrypt@opnsense.ketrenos.com:.
/usr/bin/ssh \
    -i /keys/opnsense-letsencrypt \
    letsencrypt@opnsense.ketrenos.com \
    sudo ./update-cert.sh fullchain.pem privkey.pem
```

After that completes (without errors) outside the container use `./sync-certs` 
to push the updated certificates to all the service containers and servers.

## ketreweb

nginx and apache2
monitors keys from ./config/letsencrypt and restarts nginx and apache if changed

apache2 is only being used for mailman, which is currently offline

## ketreweb-roundcube

default container for roundcube. Provides https://mail.ketrenos.com

## ketreweb-cron

Runs letsencrypt via cron once per day
Runs email-check via cron once per day

## ketreweb-mail

uses LDAP to 192.168.1.78
dovecot
postfix

## ketrenet-dns

Runs dhcp and bind

Host needs to have following in /etc/systemd/resolved.conf:

```bash
[Resolve]
DNSStubListener=no
DNSStubListenerExtra=1053
```

```bash
sudo systemctl restart systemd-resolved
```