Update

containers/nginx-vps/nginx/sites/mta-sts

@@ -3,7 +3,7 @@ server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   location = /.well-known/mta-sts.txt {
-    return 200 "version: STSv1\nmode: enforce\nmx: mail.strypsteen.me\nmax_age: 604800";
+    return 200 "version: STSv1\nmode: enforce\nmx: vps.strypsteen.com\nmax_age: 1209600";
   }
   location / {
     return 404;

containers/postfix/postfix/main.cf

@@ -15,7 +15,6 @@ tls_ssl_options = NO_RENEGOTIATION
 tls_preempt_cipherlist = yes
 virtual_transport = lmtp:inet:localhost:24
 message_size_limit = 50000000
-smtp_address_preference = ipv4
 
 smtpd_tls_security_level = may
 smtpd_tls_auth_only = yes

containers/rspamd/Dockerfile

@@ -1,6 +1,5 @@
 FROM git.strypsteen.me/mathieu/alpine
 RUN apk add rspamd
 COPY local.d /etc/rspamd/local.d
-COPY override.d /etc/rspamd/override.d
 USER rspamd
 CMD rspamd --no-fork

containers/rspamd/override.d/rbl.conf

@@ -1 +0,0 @@
-rbls {}

homeserver/etc/containers/users/nginx/nginx.container

@@ -1,9 +1,11 @@
 [Container]
 Image=quay.io/mathieustrypsteen/nginx-home
-Network=host
+Network=pasta:-T,8000,-T,8001,-T,8002
 Volume=/etc/certificates:/etc/certificates:O
 Tmpfs=/var/lib/nginx/tmp
 Tmpfs=/var/lib/nginx/logs
+PublishPort=80:80
+PublishPort=443:443
 AutoUpdate=registry
 [Install]
 WantedBy=default.target

homeserver/etc/systemd/system/reverse-tunnel.service

@@ -3,7 +3,7 @@ Wants=network-online.target
 After=network-online.target
 StartLimitIntervalSec=0
 [Service]
-ExecStart=/usr/local/bin/ssh -NTR 80:localhost:80 -R 443:localhost:443 -R 18089:localhost:18089 tunnel@home-gw
+ExecStart=/bin/sh -c "/usr/bin/ssh -NTR 80:localhost:80 -R 443:localhost:443 -R 18089:localhost:18089 tunnel@home-gw"
 Restart=always
 RestartSec=10
 [Install]