Get rid of submodules: add containers back

images/rpi-email/.gitignore

+getmailrc-*
+*~

images/rpi-email/Dockerfile

+FROM resin/raspberrypi3-debian:latest
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Packages
+RUN DEBIAN_FRONTEND=noninteractive apt-get update -q --fix-missing && \
+  apt-get -y upgrade && \
+  apt-get -y install --no-install-recommends \
+  rsyslog \
+  postfix postfix-pcre postfix-ldap \
+  cron getmail4 \
+  mutt swaks \
+  dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-ldap \
+  libsasl2-2 sasl2-bin libsasl2-modules-ldap
+
+RUN addgroup --system --gid 5000 vmail && \
+    adduser --system --home /srv/vmail --uid 5000 --gid 5000 --disabled-password --disabled-login vmail
+
+RUN adduser postfix sasl
+
+COPY config /tmp/config
+
+COPY startup.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/startup.sh
+
+CMD ["/usr/local/bin/startup.sh"]

images/rpi-email/LICENSE

+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

images/rpi-email/README.md

+Based on:
+
+http://acidx.net/wordpress/2014/06/installing-a-mailserver-with-postfix-dovecot-sasl-ldap-roundcube/
+
+Copy your getmail configurations into `MAIL_DATA_PATH` volume, in `getmail` folder. They can not be built in the container as might contain sensitive information.

images/rpi-email/config/dovecot/conf.d/10-auth.conf

+##
+## Authentication processes
+##
+
+# Disable LOGIN command and all other plaintext authentications unless
+# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
+# matches the local IP (ie. you're connecting from the same computer), the
+# connection is considered secure and plaintext authentication is allowed.
+# See also ssl=required setting.
+#disable_plaintext_auth = yes
+
+# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
+# bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
+#auth_cache_size = 0
+# Time to live for cached data. After TTL expires the cached record is no
+# longer used, *except* if the main database lookup returns internal failure.
+# We also try to handle password changes automatically: If user's previous
+# authentication was successful, but this one wasn't, the cache isn't used.
+# For now this works only with plaintext authentication.
+#auth_cache_ttl = 1 hour
+# TTL for negative hits (user not found, password mismatch).
+# 0 disables caching them completely.
+#auth_cache_negative_ttl = 1 hour
+
+# Space separated list of realms for SASL authentication mechanisms that need
+# them. You can leave it empty if you don't want to support multiple realms.
+# Many clients simply use the first one listed here, so keep the default realm
+# first.
+#auth_realms =
+
+# Default realm/domain to use if none was specified. This is used for both
+# SASL realms and appending @domain to username in plaintext logins.
+#auth_default_realm = 
+
+# List of allowed characters in username. If the user-given username contains
+# a character not listed in here, the login automatically fails. This is just
+# an extra check to make sure user can't exploit any potential quote escaping
+# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
+# set this value to empty.
+#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
+
+# Username character translations before it's looked up from databases. The
+# value contains series of from -> to characters. For example "#@/@" means
+# that '#' and '/' characters are translated to '@'.
+#auth_username_translation =
+
+# Username formatting before it's looked up from databases. You can use
+# the standard variables here, eg. %Lu would lowercase the username, %n would
+# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
+# "-AT-". This translation is done after auth_username_translation changes.
+#auth_username_format = %Lu
+
+# If you want to allow master users to log in by specifying the master
+# username within the normal username string (ie. not using SASL mechanism's
+# support for it), you can specify the separator character here. The format
+# is then <username><separator><master username>. UW-IMAP uses "*" as the
+# separator, so that could be a good choice.
+#auth_master_user_separator =
+
+# Username to use for users logging in with ANONYMOUS SASL mechanism
+#auth_anonymous_username = anonymous
+
+# Maximum number of dovecot-auth worker processes. They're used to execute
+# blocking passdb and userdb queries (eg. MySQL and PAM). They're
+# automatically created and destroyed as needed.
+#auth_worker_max_count = 30
+
+# Host name to use in GSSAPI principal names. The default is to use the
+# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
+# entries.
+#auth_gssapi_hostname =
+
+# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
+# default (usually /etc/krb5.keytab) if not specified. You may need to change
+# the auth service to run as root to be able to read this file.
+#auth_krb5_keytab = 
+
+# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
+# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
+#auth_use_winbind = no
+
+# Path for Samba's ntlm_auth helper binary.
+#auth_winbind_helper_path = /usr/bin/ntlm_auth
+
+# Time to delay before replying to failed authentications.
+#auth_failure_delay = 2 secs
+
+# Require a valid SSL client certificate or the authentication fails.
+#auth_ssl_require_client_cert = no
+
+# Take the username from client's SSL certificate, using 
+# X509_NAME_get_text_by_NID() which returns the subject's DN's
+# CommonName. 
+#auth_ssl_username_from_cert = no
+
+# Space separated list of wanted authentication mechanisms:
+#   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
+#   gss-spnego
+# NOTE: See also disable_plaintext_auth setting.
+auth_mechanisms = plain login
+
+##
+## Password and user databases
+##
+
+#
+# Password database is used to verify user's password (and nothing more).
+# You can have multiple passdbs and userdbs. This is useful if you want to
+# allow both system users (/etc/passwd) and virtual users to login without
+# duplicating the system users into virtual database.
+#
+# <doc/wiki/PasswordDatabase.txt>
+#
+# User database specifies where mails are located and what user/group IDs
+# own them. For single-UID configuration use "static" userdb.
+#
+# <doc/wiki/UserDatabase.txt>
+
+#!include auth-deny.conf.ext
+#!include auth-master.conf.ext
+
+#!include auth-system.conf.ext
+#!include auth-sql.conf.ext
+!include auth-ldap.conf.ext
+#!include auth-passwdfile.conf.ext
+#!include auth-checkpassword.conf.ext
+#!include auth-vpopmail.conf.ext
+#!include auth-static.conf.ext

images/rpi-email/config/dovecot/conf.d/10-logging.conf

+##
+## Log destination.
+##
+
+# Log file to use for error messages. "syslog" logs to syslog,
+# /dev/stderr logs to stderr.
+log_path = syslog
+
+# Log file to use for informational messages. Defaults to log_path.
+#info_log_path = 
+# Log file to use for debug messages. Defaults to info_log_path.
+#debug_log_path = 
+
+# Syslog facility to use if you're logging to syslog. Usually if you don't
+# want to use "mail", you'll use local0..local7. Also other standard
+# facilities are supported.
+syslog_facility = mail
+
+##
+## Logging verbosity and debugging.
+##
+
+# Log unsuccessful authentication attempts and the reasons why they failed.
+#auth_verbose = no
+
+# In case of password mismatches, log the attempted password. Valid values are
+# no, plain and sha1. sha1 can be useful for detecting brute force password
+# attempts vs. user simply trying the same password over and over again.
+# You can also truncate the value to n chars by appending ":n" (e.g. sha1:6).
+#auth_verbose_passwords = no
+
+# Even more verbose logging for debugging purposes. Shows for example SQL
+# queries.
+#auth_debug = no
+#auth_debug = yes
+
+# In case of password mismatches, log the passwords and used scheme so the
+# problem can be debugged. Enabling this also enables auth_debug.
+#auth_debug_passwords = no
+
+# Enable mail process debugging. This can help you figure out why Dovecot
+# isn't finding your mails.
+#mail_debug = no
+
+# Show protocol level SSL errors.
+#verbose_ssl = no
+
+# mail_log plugin provides more event logging for mail processes.
+plugin {
+  # Events to log. Also available: flag_change append
+  #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
+  # Available fields: uid, box, msgid, from, subject, size, vsize, flags
+  # size and vsize are available only for expunge and copy events.
+  #mail_log_fields = uid box msgid size
+}
+
+##
+## Log formatting.
+##
+
+# Prefix for each line written to log file. % codes are in strftime(3)
+# format.
+#log_timestamp = "%b %d %H:%M:%S "
+
+# Space-separated list of elements we want to log. The elements which have
+# a non-empty variable value are joined together to form a comma-separated
+# string.
+#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
+
+# Login log format. %s contains login_log_format_elements string, %$ contains
+# the data we want to log.
+#login_log_format = %$: %s
+ 
+# Log prefix for mail processes. See doc/wiki/Variables.txt for list of
+# possible variables you can use.
+#mail_log_prefix = "%s(%u): "
+
+# Format to use for logging mail deliveries. You can use variables:
+#  %$ - Delivery status message (e.g. "saved to INBOX")
+#  %m - Message-ID
+#  %s - Subject
+#  %f - From address
+#  %p - Physical size
+#  %w - Virtual size
+#deliver_log_format = msgid=%m: %$

images/rpi-email/config/dovecot/conf.d/10-master.conf

+#default_process_limit = 100
+#default_client_limit = 1000
+
+# Default VSZ (virtual memory size) limit for service processes. This is mainly
+# intended to catch and kill processes that leak memory before they eat up
+# everything.
+#default_vsz_limit = 256M
+
+# Login user is internally used by login processes. This is the most untrusted
+# user in Dovecot system. It shouldn't have access to anything at all.
+#default_login_user = dovenull
+
+# Internal user is used by unprivileged processes. It should be separate from
+# login user, so that login processes can't disturb other processes.
+#default_internal_user = dovecot
+
+service imap-login {
+  inet_listener imap {
+    #port = 143
+  }
+  inet_listener imaps {
+    #port = 993
+    #ssl = yes
+  }
+
+  # Number of connections to handle before starting a new process. Typically
+  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
+  # is faster. <doc/wiki/LoginProcess.txt>
+  #service_count = 1
+
+  # Number of processes to always keep waiting for more connections.
+  #process_min_avail = 0
+
+  # If you set service_count=0, you probably need to grow this.
+  #vsz_limit = $default_vsz_limit
+}
+
+service pop3-login {
+  inet_listener pop3 {
+    #port = 110
+  }
+  inet_listener pop3s {
+    #port = 995
+    #ssl = yes
+  }
+}
+
+service lmtp {
+  unix_listener lmtp {
+    #mode = 0666
+    mode = 0600
+    user = vmail
+    group = vmail
+  }
+
+  # Create inet listener only if you can't use the above UNIX socket
+  #inet_listener lmtp {
+    # Avoid making LMTP visible for the entire internet
+    #address =
+    #port = 
+  #}
+}
+
+service imap {
+  # Most of the memory goes to mmap()ing files. You may need to increase this
+  # limit if you have huge mailboxes.
+  #vsz_limit = $default_vsz_limit
+
+  # Max. number of IMAP processes (connections)
+  #process_limit = 1024
+}
+
+service pop3 {
+  # Max. number of POP3 processes (connections)
+  #process_limit = 1024
+}
+
+service auth {
+  # auth_socket_path points to this userdb socket by default. It's typically
+  # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
+  # full permissions to this socket are able to get a list of all usernames and
+  # get the results of everyone's userdb lookups.
+  #
+  # The default 0666 mode allows anyone to connect to the socket, but the
+  # userdb lookups will succeed only if the userdb returns an "uid" field that
+  # matches the caller process's UID. Also if caller's uid or gid matches the
+  # socket's uid or gid the lookup succeeds. Anything else causes a failure.
+  #
+  # To give the caller full permissions to lookup all users, set the mode to
+  # something else than 0666 and Dovecot lets the kernel enforce the
+  # permissions (e.g. 0777 allows everyone full permissions).
+  unix_listener auth-userdb {
+    #mode = 0666
+    #user = 
+    #group = 
+  }
+
+  # Postfix smtp-auth
+  #unix_listener /var/spool/postfix/private/auth {
+  #  mode = 0666
+  #}
+
+  # Auth process is run as this user.
+  #user = $default_internal_user
+}
+
+service auth-worker {
+  # Auth worker process is run as root by default, so that it can access
+  # /etc/shadow. If this isn't necessary, the user should be changed to
+  # $default_internal_user.
+  #user = root
+}
+
+service dict {
+  # If dict proxy is used, mail processes should have access to its socket.
+  # For example: mode=0660, group=vmail and global mail_access_groups=vmail
+  unix_listener dict {
+    #mode = 0600
+    #user = 
+    #group = 
+  }
+}

images/rpi-email/config/dovecot/conf.d/10-ssl.conf

+##
+## SSL settings
+##
+
+# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
+#ssl = yes
+
+# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+# dropping root privileges, so keep the key file unreadable by anyone but
+# root. Included doc/mkcert.sh can be used to easily generate self-signed
+# certificate, just make sure to update the domains in dovecot-openssl.cnf
+ssl_cert = </etc/dovecot/dovecot.pem
+ssl_key = </etc/dovecot/private/dovecot.pem
+
+# If key file is password protected, give the password here. Alternatively
+# give it when starting dovecot with -p parameter. Since this file is often
+# world-readable, you may want to place this setting instead to a different
+# root owned 0600 file by using ssl_key_password = <path.
+#ssl_key_password =
+
+# PEM encoded trusted certificate authority. Set this only if you intend to use
+# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
+# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
+#ssl_ca = 
+
+# Require that CRL check succeeds for client certificates.
+#ssl_require_crl = yes
+
+# Directory and/or file for trusted SSL CA certificates. These are used only
+# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
+# directory is usually /etc/ssl/certs in Debian-based systems and the file is
+# /etc/pki/tls/cert.pem in RedHat-based systems.
+#ssl_client_ca_dir =
+#ssl_client_ca_file =
+
+# Request client to send a certificate. If you also want to require it, set
+# auth_ssl_require_client_cert=yes in auth section.
+#ssl_verify_client_cert = no
+
+# Which field from certificate to use for username. commonName and
+# x500UniqueIdentifier are the usual choices. You'll also need to set
+# auth_ssl_username_from_cert=yes.
+#ssl_cert_username_field = commonName
+
+# DH parameters length to use.
+#ssl_dh_parameters_length = 1024
+
+# SSL protocols to use
+#ssl_protocols = !SSLv2
+
+# SSL ciphers to use
+#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
+
+# Prefer the server's order of ciphers over client's.
+#ssl_prefer_server_ciphers = no
+
+# SSL crypto device to use, for valid values run "openssl engine"
+#ssl_crypto_device =

images/rpi-email/config/dovecot/conf.d/15-lda.conf

+##
+## LDA specific settings (also used by LMTP)
+##
+
+# Address to use when sending rejection mails.
+# Default is postmaster@<your domain>. %d expands to recipient domain.
+postmaster_address = postmaster@${DOMAIN}
+
+# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
+# in LMTP replies. Default is the system's real hostname@domain.
+#hostname = 
+
+# If user is over quota, return with temporary failure instead of
+# bouncing the mail.
+#quota_full_tempfail = no
+
+# Binary to use for sending mails.
+#sendmail_path = /usr/sbin/sendmail
+
+# If non-empty, send mails via this SMTP host[:port] instead of sendmail.
+#submission_host =
+
+# Subject: header to use for rejection mails. You can use the same variables
+# as for rejection_reason below.
+#rejection_subject = Rejected: %s
+
+# Human readable error message for rejection mails. You can use variables:
+#  %n = CRLF, %r = reason, %s = original subject, %t = recipient
+#rejection_reason = Your message to <%t> was automatically rejected:%n%r
+
+# Delimiter character between local-part and detail in email address.
+#recipient_delimiter = +
+
+# Header where the original recipient address (SMTP's RCPT TO: address) is taken
+# from if not available elsewhere. With dovecot-lda -a parameter overrides this. 
+# A commonly used header for this is X-Original-To.
+#lda_original_recipient_header =
+
+# Should saving a mail to a nonexistent mailbox automatically create it?
+#lda_mailbox_autocreate = no
+
+# Should automatically created mailboxes be also automatically subscribed?
+#lda_mailbox_autosubscribe = no
+
+protocol lda {
+  # Space separated list of plugins to load (default is global mail_plugins).
+  #mail_plugins = $mail_plugins
+}

images/rpi-email/config/dovecot/dovecot-ldap.conf.ext

+# This file is commonly accessed via passdb {} or userdb {} section in
+# conf.d/auth-ldap.conf.ext
+
+# This file is opened as root, so it should be owned by root and mode 0600.
+#
+# http://wiki2.dovecot.org/AuthDatabase/LDAP
+#
+# NOTE: If you're not using authentication binds, you'll need to give
+# dovecot-auth read access to userPassword field in the LDAP server.
+# With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should
+# already be something like this:
+
+# access to attribute=userPassword
+#        by dn="<dovecot's dn>" read # add this
+#        by anonymous auth
+#        by self write
+#        by * none
+
+# Space separated list of LDAP hosts to use. host:port is allowed too.
+#hosts =
+
+# LDAP URIs to use. You can use this instead of hosts list. Note that this
+# setting isn't supported by all LDAP libraries.
+#uris = 
+
+# Distinguished Name - the username used to login to the LDAP server.
+# Leave it commented out to bind anonymously (useful with auth_bind=yes).
+#dn = 
+
+# Password for LDAP server, if dn is specified.
+#dnpass = 
+
+# Use SASL binding instead of the simple binding. Note that this changes
+# ldap_version automatically to be 3 if it's lower. Also note that SASL binds
+# and auth_bind=yes don't work together.
+#sasl_bind = no
+# SASL mechanism name to use.
+#sasl_mech =
+# SASL realm to use.
+#sasl_realm =
+# SASL authorization ID, ie. the dnpass is for this "master user", but the
+# dn is still the logged in user. Normally you want to keep this empty.
+#sasl_authz_id =
+
+# Use TLS to connect to the LDAP server.
+#tls = no
+# TLS options, currently supported only with OpenLDAP:
+#tls_ca_cert_file =
+#tls_ca_cert_dir =
+#tls_cipher_suite =
+# TLS cert/key is used only if LDAP server requires a client certificate.
+#tls_cert_file =
+#tls_key_file =
+# Valid values: never, hard, demand, allow, try
+#tls_require_cert =
+
+# Use the given ldaprc path.
+#ldaprc_path =
+
+# LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h.
+# -1 = everything. You may need to recompile OpenLDAP with debugging enabled
+# to get enough output.
+#debug_level = 0
+
+# Use authentication binding for verifying password's validity. This works by
+# logging into LDAP server using the username and password given by client.
+# The pass_filter is used to find the DN for the user. Note that the pass_attrs
+# is still used, only the password field is ignored in it. Before doing any
+# search, the binding is switched back to the default DN.
+#auth_bind = no
+
+# If authentication binding is used, you can save one LDAP request per login
+# if users' DN can be specified with a common template. The template can use
+# the standard %variables (see user_filter). Note that you can't
+# use any pass_attrs if you use this setting.
+#
+# If you use this setting, it's a good idea to use a different
+# dovecot-ldap.conf.ext for userdb (it can even be a symlink, just as long as
+# the filename is different in userdb's args). That way one connection is used
+# only for LDAP binds and another connection is used for user lookups.
+# Otherwise the binding is changed to the default DN before each user lookup.
+#
+# For example:
+#   auth_bind_userdn = cn=%u,ou=people,o=org
+#
+#auth_bind_userdn =
+
+# LDAP protocol version to use. Likely 2 or 3.
+#ldap_version = 3
+
+# LDAP base. %variables can be used here.
+# For example: dc=mail, dc=example, dc=org
+base =
+
+# Dereference: never, searching, finding, always
+#deref = never
+
+# Search scope: base, onelevel, subtree
+#scope = subtree
+
+# User attributes are given in LDAP-name=dovecot-internal-name list. The
+# internal names are:
+#   uid - System UID
+#   gid - System GID
+#   home - Home directory
+#   mail - Mail location
+#
+# There are also other special fields which can be returned, see
+# http://wiki2.dovecot.org/UserDatabase/ExtraFields
+#user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
+
+# Filter for user lookup. Some variables can be used (see
+# http://wiki2.dovecot.org/Variables for full list):
+#   %u - username
+#   %n - user part in user@domain, same as %u if there's no domain
+#   %d - domain part in user@domain, empty if user there's no domain
+#user_filter = (&(objectClass=posixAccount)(uid=%u))
+
+# Password checking attributes:
+#  user: Virtual user name (user@domain), if you wish to change the
+#        user-given username to something else
+#  password: Password, may optionally start with {type}, eg. {crypt}
+# There are also other special fields which can be returned, see
+# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
+#pass_attrs = uid=user,userPassword=password
+
+# If you wish to avoid two LDAP lookups (passdb + userdb), you can use
+# userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll
+# also have to include user_attrs in pass_attrs field prefixed with "userdb_"
+# string. For example:
+#pass_attrs = uid=user,userPassword=password,\
+#  homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid
+
+# Filter for password lookups
+#pass_filter = (&(objectClass=posixAccount)(uid=%u))
+
+# Attributes and filter to get a list of all users
+#iterate_attrs = uid=user
+#iterate_filter = (objectClass=posixAccount)
+
+# Default password scheme. "{scheme}" before password overrides this.
+# List of supported schemes is in: http://wiki2.dovecot.org/Authentication
+#default_pass_scheme = CRYPT
+
+hosts = ${LDAP_SERVER_HOST}
+dn = ${LDAP_BIND_DN}
+dnpass = ${LDAP_BIND_PWD}
+ldap_version = 3
+base = ${LDAP_SEARCH_BASE}
+user_attrs = mailHomeDirectory=home,mailUidNumber=uid,mailGidNumber=gid,mailStorageDirectory=mail
+user_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
+pass_attrs = uniqueIdentifier=user,userPassword=password
+pass_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
+default_pass_scheme = CRYPT

images/rpi-email/config/postfix/drop.cidr

+# IP/CIDR			Action
+
+1.2.3.0/24			REJECT Blacklisted

images/rpi-email/config/postfix/identitycheck.pcre

+# Identity (RegEx)		Action
+
+/^(mail\.example\.com)$/	REJECT Hostname Abuse: $1
+/^(1\.2\.3\.4)$/		REJECT Hostname Abuse: $1
+/^(\[1\.2\.3\.4\])$/		REJECT Hostname Abuse: $1

images/rpi-email/config/postfix/ldap_virtual_aliases.cf

+bind = yes
+bind_dn = ${LDAP_BIND_DN}
+bind_pw = ${LDAP_BIND_PWD}
+server_host = ${LDAP_SERVER_HOST}
+search_base = ${LDAP_SEARCH_BASE}
+domain = ${DOMAIN}
+query_filter = (&(mailAlias=%s)(mailEnabled=TRUE))
+result_attribute = mail, email

images/rpi-email/config/postfix/ldap_virtual_recipients.cf

+bind = yes
+bind_dn = ${LDAP_BIND_DN}
+bind_pw = ${LDAP_BIND_PWD}
+server_host = ${LDAP_SERVER_HOST}
+search_base = ${LDAP_SEARCH_BASE}
+domain = ${DOMAIN}
+query_filter = (&(mail=%s)(mailEnabled=TRUE))
+result_attribute = mail

images/rpi-email/config/postfix/main.cf

+###################################################################################################
+### Base Settings ###
+#####################
+
+# Listen on all interfaces
+inet_interfaces = all
+
+# Use TCP IPv4
+inet_protocols = ipv4
+
+# Greet connecting clients with this banner
+smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
+
+# Fully-qualified hostname
+myhostname = mail.${DOMAIN}
+
+# Do not append domain part to incomplete addresses (this is the MUA's job)
+append_dot_mydomain = no
+
+# Trusted networks/hosts (these are allowed to relay without authentication)
+mynetworks =
+    # Local
+    127.0.0.0/8
+    # External
+    #1.2.3.4/32
+
+
+###################################################################################################
+### Local Transport ###
+#######################
+
+# Disable local transport (so that system accounts can't receive mail)
+local_transport = error:Local Transport Disabled
+
+# Don't use local alias maps
+alias_maps =
+
+# Local domain (could be omitted, since it is automatically derived from $myhostname)
+mydomain = ${DOMAIN}
+
+# Mails for these domains will be transported locally
+mydestination =
+    $myhostname
+    localhost.$mydomain
+    localhost
+
+
+###################################################################################################
+### Virtual Transport ###
+#########################
+
+# Deliver mail for virtual recipients to Dovecot
+virtual_transport = dovecot
+
+# Process one mail at one time
+dovecot_destination_recipient_limit = 1
+
+# Valid virtual domains
+virtual_mailbox_domains = hash:/etc/postfix/virtual_domains
+
+# Valid virtual recipients
+virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_recipients.cf
+
+# Virtual aliases
+virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_aliases.cf
+
+
+###################################################################################################
+### ESMTP Settings ###
+######################
+
+### SASL ###
+
+# Enable SASL (required for SMTP authentication)
+smtpd_sasl_auth_enable = yes
+
+# Enable SASL for Outlook-Clients as well
+broken_sasl_auth_clients = yes
+
+### TLS ###
+
+# Enable TLS (required to encrypt the plaintext SASL authentication)
+smtpd_tls_security_level = may
+
+# Only offer SASL in a TLS session
+smtpd_tls_auth_only = yes
+
+# Certification Authority
+smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
+
+# Public Certificate
+smtpd_tls_cert_file = /etc/ssl/certs/mail.domain.tld.crt
+
+# Private Key (without passphrase)
+smtpd_tls_key_file = /etc/ssl/private/mail.domain.tld.key
+
+# Randomizer for key creation
+tls_random_source = dev:/dev/urandom
+
+# TLS related logging (set to 2 for debugging)
+smtpd_tls_loglevel = 0
+
+# Avoid Denial-Of-Service-Attacks
+smtpd_client_new_tls_session_rate_limit = 10
+
+# Activate TLS Session Cache
+smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_session_cache
+
+# Deny some TLS-Ciphers
+smtpd_tls_exclude_ciphers =
+        EXP
+        EDH-RSA-DES-CBC-SHA
+        ADH-DES-CBC-SHA
+        DES-CBC-SHA
+        SEED-SHA
+
+# Diffie-Hellman Parameters for Perfect Forward Secrecy
+# Can be created with:
+# openssl dhparam -2 -out dh_512.pem 512
+# openssl dhparam -2 -out dh_1024.pem 1024
+smtpd_tls_dh512_param_file = ${config_directory}/certs/dh_512.pem
+smtpd_tls_dh1024_param_file = ${config_directory}/certs/dh_1024.pem
+
+
+###################################################################################################
+### Connection Policies ###
+###########################
+
+# Reject Early Talkers
+postscreen_greet_action = enforce
+
+
+###################################################################################################
+### Session Policies ###
+########################
+
+# Recipient Restrictions (RCPT TO related)
+smtpd_recipient_restrictions =
+        reject_non_fqdn_recipient
+        reject_unknown_recipient_domain
+        # Allow relaying for SASL authenticated clients and trusted hosts/networks
+        # This can be put to smtpd_relay_restrictions in Postfix 2.10 and later
+        permit_sasl_authenticated
+        permit_mynetworks
+        # If not authenticated or on mynetworks, reject mailing to external addresses
+        reject_unauth_destination
+        # Reject the following hosts
+        check_sender_ns_access cidr:/etc/postfix/drop.cidr
+        check_sender_mx_access cidr:/etc/postfix/drop.cidr
+        # Additional blacklist
+        reject_rbl_client ix.dnsbl.manitu.net
+        # Finally permit (relaying still requires SASL auth)
+        # WARNING: Due to this permit, everyone will be able to send emails to internal addresses without authentication. If this is set to reject though, the server does not receive emails from external addresses. Unfortunately I do not have a solution for this.
+        permit
+
+# Reject the request if the sender is the null address and there are multiple recipients
+smtpd_data_restrictions = reject_multi_recipient_bounce
+
+# Sender Restrictions
+smtpd_sender_restrictions =
+        reject_non_fqdn_sender
+        reject_unknown_sender_domain
+
+# HELO/EHLO Restrictions
+smtpd_helo_restrictions =
+                permit_mynetworks
+        check_helo_access pcre:/etc/postfix/identitycheck.pcre
+        #reject_non_fqdn_helo_hostname
+        reject_invalid_hostname
+
+# Deny VRFY recipient checks
+disable_vrfy_command = yes
+
+# Require HELO
+smtpd_helo_required = yes
+
+# Reject instantly if a restriction applies (do not wait until RCPT TO)
+smtpd_delay_reject = no
+
+# Client Restrictions (IP Blacklist)
+smtpd_client_restrictions = check_client_access cidr:/etc/postfix/drop.cidr

images/rpi-email/config/postfix/master.cf

+#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (yes)   (never) (100)
+# ==========================================================================
+smtp      inet  n       -       -       -       -       smtpd
+#smtp      inet  n       -       -       -       1       postscreen
+#smtpd     pass  -       -       -       -       -       smtpd
+#dnsblog   unix  -       -       -       -       0       dnsblog
+#tlsproxy  unix  -       -       -       -       0       tlsproxy
+#submission inet n       -       -       -       -       smtpd
+#  -o syslog_name=postfix/submission
+#  -o smtpd_tls_security_level=encrypt
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+#smtps     inet  n       -       -       -       -       smtpd
+#  -o syslog_name=postfix/smtps
+#  -o smtpd_tls_wrappermode=yes
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+#628       inet  n       -       -       -       -       qmqpd
+pickup    unix  n       -       -       60      1       pickup
+	-o content_filter=
+        -o receive_override_options=no_header_body_checks
+cleanup   unix  n       -       -       -       0       cleanup
+qmgr      unix  n       -       n       300     1       qmgr
+#qmgr     unix  n       -       n       300     1       oqmgr
+tlsmgr    unix  -       -       -       1000?   1       tlsmgr
+rewrite   unix  -       -       -       -       -       trivial-rewrite
+bounce    unix  -       -       -       -       0       bounce
+defer     unix  -       -       -       -       0       bounce
+trace     unix  -       -       -       -       0       bounce
+verify    unix  -       -       -       -       1       verify
+flush     unix  n       -       -       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+smtp      unix  -       -       -       -       -       smtp
+relay     unix  -       -       -       -       -       smtp
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq     unix  n       -       -       -       -       showq
+error     unix  -       -       -       -       -       error
+retry     unix  -       -       -       -       -       error
+discard   unix  -       -       -       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       -       -       -       lmtp
+anvil     unix  -       -       -       -       1       anvil
+scache    unix  -       -       -       -       1       scache
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent.  See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop  unix  -       n       n       -       -       pipe
+  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+#  mailbox_transport = lmtp:inet:localhost
+#  virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus     unix  -       n       n       -       -       pipe
+#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix  -       n       n       -       -       pipe
+#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp      unix  -       n       n       -       -       pipe
+  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail    unix  -       n       n       -       -       pipe
+  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp     unix  -       n       n       -       -       pipe
+  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix	-	n	n	-	2	pipe
+  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman   unix  -       n       n       -       -       pipe
+  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+  ${nexthop} ${user}
+dovecot   unix  -       n       n       -       -       pipe
+        flags=ODRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -e -f ${sender} -d ${recipient}
+
+# https://help.ubuntu.com/lts/serverguide/mail-filtering.html
+smtp-amavis     unix    -       -       -       -       2       smtp
+        -o smtp_data_done_timeout=1200
+        -o smtp_send_xforward_command=yes
+        -o disable_dns_lookups=yes
+        -o max_use=20
+
+127.0.0.1:10025 inet    n       -       -       -       -       smtpd
+        -o content_filter=
+        -o local_recipient_maps=
+        -o relay_recipient_maps=
+        -o smtpd_restriction_classes=
+        -o smtpd_delay_reject=no
+        -o smtpd_client_restrictions=permit_mynetworks,reject
+        -o smtpd_helo_restrictions=
+        -o smtpd_sender_restrictions=
+        -o smtpd_recipient_restrictions=permit_mynetworks,reject
+        -o smtpd_data_restrictions=reject_unauth_pipelining
+        -o smtpd_end_of_data_restrictions=
+        -o mynetworks=127.0.0.0/8
+        -o smtpd_error_sleep_time=0
+        -o smtpd_soft_error_limit=1001
+        -o smtpd_hard_error_limit=1000
+        -o smtpd_client_connection_count_limit=0
+        -o smtpd_client_connection_rate_limit=0
+        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
+

images/rpi-email/config/postfix/sasl/smtpd.conf

+log_level: 3
+pwcheck_method: saslauthd
+mech_list: PLAIN LOGIN
+

images/rpi-email/config/postfix/virtual_domains

+# Domain		Anything

images/rpi-email/config/saslauth/saslauthd

+#
+# Settings for saslauthd daemon
+# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
+#
+
+# Should saslauthd run automatically on startup? (default: no)
+START=yes
+
+# Description of this saslauthd instance. Recommended.
+# (suggestion: SASL Authentication Daemon)
+DESC="SASL Authentication Daemon"
+
+# Short name of this saslauthd instance. Strongly recommended.
+# (suggestion: saslauthd)
+NAME="saslauthd"
+
+# Which authentication mechanisms should saslauthd use? (default: pam)
+#
+# Available options in this Debian package:
+# getpwent  -- use the getpwent() library function
+# kerberos5 -- use Kerberos 5
+# pam       -- use PAM
+# rimap     -- use a remote IMAP server
+# shadow    -- use the local shadow password file
+# sasldb    -- use the local sasldb database file
+# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
+#
+# Only one option may be used at a time. See the saslauthd man page
+# for more information.
+#
+# Example: MECHANISMS="pam"
+MECHANISMS="ldap"
+
+# Additional options for this mechanism. (default: none)
+# See the saslauthd man page for information about mech-specific options.
+MECH_OPTIONS=""
+
+# How many saslauthd processes should we run? (default: 5)
+# A value of 0 will fork a new process for each connection.
+THREADS=5
+
+# Other options (default: -c -m /var/run/saslauthd)
+# Note: You MUST specify the -m option or saslauthd won't run!
+#
+# WARNING: DO NOT SPECIFY THE -d OPTION.
+# The -d option will cause saslauthd to run in the foreground instead of as
+# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
+# to run saslauthd in debug mode, please run it by hand to be safe.
+#
+# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
+# See the saslauthd man page and the output of 'saslauthd -h' for general
+# information about these options.
+#
+# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
+# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
+#
+# To know if your Postfix is running chroot, check /etc/postfix/master.cf.
+# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"
+# then your Postfix is running in a chroot.
+# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
+# running in a chroot.
+OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
+

images/rpi-email/config/saslauth/saslauthd.conf

+ldap_servers: ldap://${LDAP_SERVER_HOST}
+ldap_bind_dn: ${LDAP_BIND_DN}
+ldap_bind_pw: ${LDAP_BIND_PWD}
+ldap_timeout: 10
+ldap_time_limit: 10
+ldap_scope: sub
+ldap_search_base: ${LDAP_SEARCH_BASE}
+ldap_auth_method: bind
+ldap_filter: (&(uniqueIdentifier=%u)(mailEnabled=TRUE))
+ldap_debug: 0
+ldap_verbose: off
+ldap_ssl: no
+ldap_starttls: no
+ldap_referrals: yes

images/rpi-email/getmail/template.getmailrc-example

+[options]
+message_log = /var/log/getmail.log
+delete = 0
+# delete_after = 10 # days
+no_delivered_to = 1                             # Don't add a Delivered-To: header for this mailbox
+no_received = 1                                 # Don't add a Received: header for this mailbox
+verbose = 1
+read_all = False
+
+[retriever]
+type = SimplePOP3SSLRetriever
+server = pop.gmail.com
+username = your-username@gmail.com
+password = your-password
+# delete_after = 10 # days
+
+[destination]
+type = MDA_external
+path = /usr/sbin/sendmail
+arguments = ("-i", "-bm", "your-user@your-domain.com")
+unixfrom = true

images/rpi-email/startup.sh

+#!bin/bash
+
+# set LDAP password from secret
+if [ ! -z $LDAP_BIND_PWD_FILE -a -f $LDAP_BIND_PWD_FILE ]; then
+    LDAP_BIND_PWD=`cat $LDAP_BIND_PWD_FILE`;
+fi
+
+function replace {
+    #echo $1
+    sed -i "s/\${LDAP_SERVER_HOST}/${LDAP_SERVER_HOST}/g" $1
+    sed -i "s/\${LDAP_BIND_DN}/${LDAP_BIND_DN}/g" $1
+    sed -i "s/\${LDAP_SEARCH_BASE}/${LDAP_SEARCH_BASE}/g" $1
+    sed -i "s/\${DOMAIN}/${DOMAIN}/g" $1
+    sed -i "s/\${LDAP_BIND_PWD}/${LDAP_BIND_PWD}/g" $1
+}
+for i in `find /tmp/config/postfix -type f -exec ls {} \;`; do
+    replace $i
+done;
+for i in `find /tmp/config/dovecot -type f -exec ls {} \;`; do
+    replace $i
+done;
+for i in `find /tmp/config/dovecot/conf.d -type f -exec ls {} \;`; do
+    replace $i
+done;
+for i in `find /tmp/config/saslauth -type f -exec ls {} \;`; do
+    replace $i
+done;
+
+# Postfix
+cp -f /tmp/config/postfix/* /etc/postfix/
+mkdir -p /etc/postfix/sasl
+cp -f /tmp/config/postfix/sasl/* /etc/postfix/sasl/sasl
+echo "${DOMAIN}		OK" >> /etc/postfix/virtual_domains;
+for i in ${VIRTUAL_DOMAINS[@]}; do
+    echo "$i	OK" >> /etc/postfix/virtual_domains;
+done;
+postmap hash:/etc/postfix/virtual_domains
+
+# TLS certs
+cd /tmp
+openssl genrsa -des3 -passout pass:${LDAP_BIND_PWD} -out mail.domain.tld.key 4096
+chmod 600 mail.domain.tld.key
+openssl req -new -key mail.domain.tld.key -out mail.domain.tld.csr \
+        -passin pass:${LDAP_BIND_PWD} \
+        -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.${DOMAIN}"
+openssl x509 -req -days 365 -in mail.domain.tld.csr -signkey mail.domain.tld.key \
+        -out mail.domain.tld.crt -passin pass:${LDAP_BIND_PWD}
+openssl rsa -in mail.domain.tld.key -out mail.domain.tld.key.nopass \
+        -passin pass:${LDAP_BIND_PWD}
+mv mail.domain.tld.key.nopass mail.domain.tld.key
+openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 \
+        -passout pass:${LDAP_BIND_PWD} \
+        -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.${DOMAIN}"
+chmod 600 mail.domain.tld.key
+chmod 600 cakey.pem
+mv mail.domain.tld.key /etc/ssl/private/
+mv mail.domain.tld.crt /etc/ssl/certs/
+mv cakey.pem /etc/ssl/private/
+mv cacert.pem /etc/ssl/certs/
+# DH
+mkdir -p /etc/postfix/certs
+cd /etc/postfix/certs
+openssl dhparam -2 -out dh_512.pem 512
+openssl dhparam -2 -out dh_1024.pem 1024
+chown -R root:root /etc/postfix/certs/
+chmod -R 600 /etc/postfix/certs/
+
+# Dovecot
+mkdir -p /etc/dovecot/private
+openssl req -new -x509 -nodes -out /etc/dovecot/dovecot.pem -keyout /etc/dovecot/private/dovecot.pem -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.${DOMAIN}"
+cp -f /tmp/config/dovecot/* /etc/dovecot/
+cp -f /tmp/config/dovecot/conf.d/* /etc/dovecot/conf.d/
+#Saslauthd
+cp -f /tmp/config/saslauth/saslauthd /etc/default/
+cp -f /tmp/config/saslauth/saslauthd.conf /etc/
+chown root:sasl /etc/saslauthd.conf
+chmod 640 /etc/saslauthd.conf
+
+#rm -Rf /tmp/config
+
+# getmail
+# https://stackoverflow.com/a/9625233/1937418
+for i in `ls ${MAIL_DATA_PATH}/getmail/getmailrc-*`; do
+    (crontab -l 2>/dev/null; echo "*/5  *  *   *   *   sudo -u vmail getmail -r $i --getmaildir ${MAIL_DATA_PATH}/getmail/ >> /dev/null") | crontab - ;
+done;
+touch ${MAIL_DATA_PATH}/getmail/getmail.log
+#chown -R vmail:vmail ${MAIL_DATA_PATH}/getmail
+
+if [ -z "${DATA_CHOWN}" -o "${DATA_CHOWN}" != "0" ]; then
+    echo "Changing ownership of Data folder. It may take a while..."
+    chown -R vmail:vmail ${MAIL_DATA_PATH}
+fi
+
+service rsyslog start
+service postfix start
+service dovecot start
+service saslauthd start
+service cron start
+
+tail -fn 0 /var/log/mail.log
+
+tail -f /dev/null
+
+exit 0

images/rpi-gogs/Dockerfile

+FROM resin/raspberrypi3-debian:latest
+
+ENV GO_VERSION 1.9
+ENV GO_OS linux
+ENV GO_ARCH armv6l
+ENV GOGS_CUSTOM /data/gogs
+ENV GIT_HOME /home/git
+
+# Install dependencies
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+       git wget openssh-server mariadb-client \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN mkdir -p /data/gogs/data \
+    && mkdir -p /data/gogs/conf \
+    && mkdir -p /data/gogs/log \
+    && mkdir -p /data/gogs/gogs-repositories \
+    && mkdir -p /data/ssh
+
+# Create git user for Gogs
+RUN export PUID=${PUID:-1000} \
+    && export PGID=${PGID:-1000} \
+    && addgroup --gid ${PGID} git \
+    && adduser --uid ${PUID} --ingroup git --disabled-login --gecos 'Gogs Git User' --home ${GIT_HOME} --shell /bin/bash git \
+    && ln -s /data/ssh ${GIT_HOME}/.ssh
+
+RUN chown -R git:git /data
+RUN chown -R git:git ${GIT_HOME}
+
+
+RUN echo "export GOGS_CUSTOM=${GOGS_CUSTOM}" > /etc/profile.d/gogs.sh
+RUN echo "export GOROOT=${GIT_HOME}/local/go" | tee -a /etc/profile.d/gogs.sh /etc/bash.bashrc > /dev/null \
+    && echo "export GOPATH=${GIT_HOME}/go" | tee -a /etc/profile.d/gogs.sh /etc/bash.bashrc > /dev/null \
+    && echo 'export PATH=$PATH:$GOROOT/bin:$GOPATH/bin' | tee -a /etc/profile.d/gogs.sh /etc/bash.bashrc > /dev/null
+
+# ############## USER git ########################
+
+USER git
+
+# Install Golang
+RUN cd $HOME \
+    && mkdir local \
+    && cd local \
+    && wget https://storage.googleapis.com/golang/go${GO_VERSION}.${GO_OS}-${GO_ARCH}.tar.gz \
+    && tar zxvf go${GO_VERSION}.${GO_OS}-${GO_ARCH}.tar.gz \
+    && rm go${GO_VERSION}.${GO_OS}-${GO_ARCH}.tar.gz
+
+# Install Gogs
+RUN . /etc/profile.d/gogs.sh \
+    && ${GOROOT}/bin/go get -u -tags "cert" github.com/gogits/gogs \
+    && cd $GOPATH/src/github.com/gogits/gogs \
+    && go build -tags "cert"
+
+# TODO:
+# clean stuff
+# https://github.com/gogits/gogs/blob/master/docker/finalize.sh
+
+# Clean stuff
+RUN rm -r $HOME/go/src/github.com/gogits/gogs/.git
+#RUN rm -r $HOME/local
+
+# Configuration
+# $HOME doesn't work with COPY
+RUN mkdir -p ${GIT_HOME}/go/src/github.com/gogits/gogs/custom/conf
+COPY app.ini ${GIT_HOME}/go/src/github.com/gogits/gogs/custom/conf/
+# LDAP
+RUN mkdir -p ${GIT_HOME}/go/src/github.com/gogits/gogs/custom/conf/auth.d
+COPY ldap.conf ${GIT_HOME}/go/src/github.com/gogits/gogs/custom/conf/auth.d/
+
+# ############## USER root ########################
+
+USER root
+
+COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+RUN chmod 755 /usr/local/bin/docker-entrypoint.sh
+
+#ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+#CMD gosu git ${GOPATH}/src/github.com/gogits/gogs/gogs web
+ENTRYPOINT []
+CMD ["/usr/local/bin/docker-entrypoint.sh"]

images/rpi-gogs/LICENSE

+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

images/rpi-gogs/README.md

+# rpi-gogs
+
+Gogs Docker image for Raspberry Pi. Part of [Docker Raspberry Pi Home Server](https://github.com/bingen/rpi_docker_home_server).

images/rpi-gogs/app.ini

+RUN_USER = git
+RUN_MODE = prod
+
+[server]
+DOMAIN = GOGS_DOMAIN
+SSH_ROOT_PATH = /data/ssh
+PROTOCOL = https
+ROOT_URL = https://GOGS_DOMAIN/
+CERT_FILE = /data/gogs/https/cert.pem
+KEY_FILE = /data/gogs/https/key.pem
+HTTP_PORT = 2443
+
+[database]
+DB_TYPE = mysql
+HOST = DB_HOST:3306
+NAME = GOGS_DB_NAME
+USER = GOGS_DB_USER
+PASSWD = GOGS_DB_PWD
+
+[repository]
+ROOT = /data/gogs/gogs-repositories
+
+[security]
+SECRET_KEY = GOGS_SECRET_KEY
+INSTALL_LOCK = true
+
+[log]
+ROOT_PATH = /data/gogs/log
+LEVEL = Warn

images/rpi-gogs/docker-entrypoint.sh

+#!/bin/bash
+
+source /etc/profile.d/gogs.sh
+
+# set DB root password from secret
+if [ ! -z $MYSQL_ROOT_PWD_FILE -a -f $MYSQL_ROOT_PWD_FILE ]; then
+    MYSQL_ROOT_PWD=`cat $MYSQL_ROOT_PWD_FILE`;
+fi
+
+GOGS_DB_PWD=`openssl rand -base64 20`
+
+# set LDAP password from secret
+if [ ! -z $LDAP_BIND_PWD_FILE -a -f $LDAP_BIND_PWD_FILE ]; then
+    LDAP_BIND_PWD=`cat $LDAP_BIND_PWD_FILE`;
+fi
+
+# set Admin password from secret
+if [ ! -z $GOGS_ADMIN_PWD_FILE -a -f $GOGS_ADMIN_PWD_FILE ]; then
+    GOGS_ADMIN_PWD=`cat $GOGS_ADMIN_PWD_FILE`;
+fi
+
+# check needed variables
+if [[ -z ${DB_HOST} || -z ${GOGS_DB_NAME} \
+            || -z ${GOGS_DB_USER}  || -z ${GOGS_DB_PWD} \
+            || -z ${GOGS_ADMIN_PWD} || -z ${ADMIN_EMAIL} \
+            || -z ${LDAP_SERVER_HOST} || -z ${LDAP_BIND_DN} \
+            || -z ${LDAP_BIND_PWD} || -z ${LDAP_SEARCH_BASE} \
+    ]];
+then
+    echo "Missing variable! You must provide: DB_HOST, GOGS_DB_NAME, \
+GOGS_DB_USER, GOGS_DB_PWD, GOGS_ADMIN_PWD, ADMIN_EMAIL and LDAP stuff";
+    echo $DB_HOST, $GOGS_DB_NAME, $GOGS_DB_USER, ${#GOGS_DB_PWD}
+    echo ${#GOGS_ADMIN_PWD}, ${ADMIN_EMAIL},
+    echo ${LDAP_SERVER_HOST}, ${LDAP_BIND_DN}, ${#LDAP_BIND_PWD}, ${LDAP_SEARCH_BASE}
+    #env;
+    exit 1;
+fi
+
+function check_result {
+    if [ $1 != 0 ]; then
+        echo "Error: $2";
+        exit 1;
+    fi
+}
+
+# ### DB setup ###
+
+# wait for DB to be ready
+R=111
+while [ $R -eq 111 ]; do
+    mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "SHOW DATABASES"  2> /dev/null;
+    R=$?;
+done
+
+# check if DB exists
+DB_EXISTS=$(mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "SHOW DATABASES" 2> /dev/null | grep ${GOGS_DB_NAME})
+echo DB exists: ${DB_EXISTS}
+
+if [ -z "${DB_EXISTS}" ]; then
+    echo Creating Database
+    #mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "DROP DATABASE IF EXISTS ${GOGS_DB_NAME};"
+    #check_result $? "Dropping DB"
+    mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "CREATE DATABASE ${GOGS_DB_NAME};"
+    check_result $? "Creating DB"
+fi
+
+echo Creating User
+# 'IF EXISTS' for DROP USER is available from MariaDB 10.1.3 only
+mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "DROP USER ${GOGS_DB_USER};" || echo "It seems it didn't exist"
+mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "CREATE USER ${GOGS_DB_USER} IDENTIFIED BY '${GOGS_DB_PWD}';"
+check_result $? "Creating User"
+mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "GRANT ALL ON ${GOGS_DB_NAME}.* TO ${GOGS_DB_USER};"
+check_result $? "Granting permissions"
+mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "FLUSH PRIVILEGES;"
+check_result $? "Flushing privileges"
+
+unset MYSQL_ROOT_PWD
+
+# ### Start ssh server ###
+
+echo "Starting ssh server"
+# https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/45234
+mkdir -p /var/run/sshd
+#/usr/sbin/sshd
+service ssh start
+
+# SSH certs
+if [[ ! -e ${GOGS_CUSTOM}/https/cert.pem || ! -e ${GOGS_CUSTOM}/https/key.pem ]]; then
+    su git -c "mkdir -p ${GOGS_CUSTOM}/https"
+    su git -c "cd ${GOGS_CUSTOM}/https && ${GOPATH}/src/github.com/gogits/gogs/gogs cert --ca=true --duration=8760h0m0s --host=${GOGS_DOMAIN} && cd -"
+fi
+
+# ### Conf file ###
+
+echo Tweaking config files
+CONF_FILE=${GOGS_CUSTOM}/conf/app.ini
+# We need to re-generate conf file because we are changing DB pwd
+#if [[ ! -e ${CONF_FILE} ]]; then
+su git -c "mkdir -p ${GOGS_CUSTOM}/conf"
+mv ${GOPATH}/src/github.com/gogits/gogs/custom/conf/app.ini ${CONF_FILE}
+
+echo Setting domain
+sed -i "s/GOGS_DOMAIN/${GOGS_DOMAIN}/g" ${CONF_FILE}
+
+# DB conf
+echo Setting DB conf
+sed -i "s/DB_HOST/${DB_HOST}/g" ${CONF_FILE}
+sed -i "s/GOGS_DB_NAME/${GOGS_DB_NAME}/g" ${CONF_FILE}
+sed -i "s/GOGS_DB_USER/${GOGS_DB_USER}/g" ${CONF_FILE}
+sed -i "s/GOGS_DB_PWD/${GOGS_DB_PWD//\//\\/}/g" ${CONF_FILE}
+#fi
+
+# LDAP config
+LDAP_FILE=${GOGS_CUSTOM}/conf/auth.d/ldap.conf
+#if [[ ! -e ${CONF_FILE} ]]; then
+su git -c "mkdir -p ${GOGS_CUSTOM}/conf/auth.d"
+mv ${GOPATH}/src/github.com/gogits/gogs/custom/conf/auth.d/ldap.conf ${LDAP_FILE}
+
+echo Setting LDAP conf
+sed -i "s/LDAP_SERVER_HOST/${LDAP_SERVER_HOST}/g" ${LDAP_FILE}
+sed -i "s/LDAP_BIND_DN/${LDAP_BIND_DN}/g" ${LDAP_FILE}
+sed -i "s/LDAP_BIND_PWD/${LDAP_BIND_PWD}/g" ${LDAP_FILE}
+sed -i "s/LDAP_SEARCH_BASE/${LDAP_SEARCH_BASE}/g" ${LDAP_FILE}
+#fi
+
+# Create admin user if DB was new
+if [ -z "${DB_EXISTS}" ]; then
+    su -c git "${GOPATH}/src/github.com/gogits/gogs/gogs admin create-user --name admin --password ${GOGS_ADMIN_PWD} --admin --email ${ADMIN_EMAIL}"
+fi
+
+#exec "$@"
+#exec gosu git ${GOPATH}/src/github.com/gogits/gogs/gogs web
+exec su git -c "${GOPATH}/src/github.com/gogits/gogs/gogs web"

images/rpi-gogs/ldap.conf

+# LDAP authentication
+#
+id           = 101
+type         = ldap_bind_dn
+name         = LDAP BindDN
+is_activated = true
+
+[config]
+host               = LDAP_SERVER_HOST
+port               = 389
+# 0 - Unencrypted, 1 - LDAPS, 2 - StartTLS
+security_protocol  = 0
+skip_verify        = false
+bind_dn            = LDAP_BIND_DN
+bind_password      = LDAP_BIND_PWD
+user_base          = LDAP_SEARCH_BASE
+#user_dn            =
+attribute_username = uniqueIdentifier
+attribute_name     = givenName
+attribute_surname  = sn
+attribute_mail     = mail
+attributes_in_bind = false
+filter             = (&(objectclass=*)(|(uniqueIdentifier=%s)(mail=%s)))
+admin_filter       =
+group_enabled      = false
+group_dn           =
+group_filter       =
+group_member_uid   =
+user_uid           =

images/rpi-haproxy/Dockerfile

+FROM resin/raspberrypi3-debian:latest
+
+RUN echo deb http://deb.debian.org/debian jessie-backports main  >> /etc/apt/sources.list
+RUN apt-get update && apt-get install -y haproxy cron \
+    && apt-get install certbot -t jessie-backports
+
+RUN mkdir -p /run/haproxy
+
+COPY haproxy.cfg /etc/haproxy/haproxy.cfg
+COPY haproxy_letsencrypt.cfg /etc/haproxy/haproxy_letsencrypt.cfg
+
+COPY startup.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/startup.sh
+
+COPY letsencrypt.cron /usr/local/bin/
+RUN chmod +x /usr/local/bin/letsencrypt.cron
+
+#CMD haproxy -f /etc/haproxy/haproxy.cfg
+CMD /usr/local/bin/startup.sh

images/rpi-haproxy/LICENSE

+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

images/rpi-haproxy/README.md

+# rpi-haproxy
+Docker HAProxy for Raspberry Pi
+
+This is intended to be used by [Docker Raspberry Pi Home Server](https://github.com/bingen/rpi_docker_home_server), to proxy connections to Nextcloud and eventually other web services like Wordpress, etc.

images/rpi-haproxy/haproxy.cfg

+global
+    maxconn 4096
+    #tune.ssl.default-dh-param 2048
+
+defaults
+    mode http
+    timeout connect 5000ms
+    timeout client 50000ms
+    timeout server 50000ms
+    #log global
+    #log 127.0.0.1 local0 debug
+    #option tcplog
+
+# https://www.haproxy.com/blog/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/
+frontend https-in
+    mode http
+    bind *:443 ssl crt /etc/letsencrypt/haproxy/${NEXTCLOUD_URL}.pem crt /etc/letsencrypt/haproxy/${GOGS_URL}.pem
+
+    acl letsencrypt-acl path_beg /.well-known/acme-challenge/
+
+    use_backend letsencrypt-backend if letsencrypt-acl
+    use_backend nextcloud if { ssl_fc_sni ${NEXTCLOUD_URL} }
+    use_backend gogs if { ssl_fc_sni ${GOGS_URL} }
+
+    default_backend nextcloud
+
+backend nextcloud
+    # http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#option%20http-server-close
+    #option http-server-close
+    #option forwardfor
+
+    #redirect http to https
+    #redirect scheme https if !{ ssl_fc }
+
+    server nextcloud nextcloud:443 maxconn 32 check ssl verify none
+
+backend gogs
+    #redirect http to https
+    #redirect scheme https if !{ ssl_fc }
+
+    server gogs gogs:2443 maxconn 32 check ssl verify none
+
+frontend http-in
+    bind *:80
+    acl letsencrypt-acl path_beg /.well-known/acme-challenge/
+    acl is_nextcloud hdr_end(host) -i ${NEXTCLOUD_URL}
+    acl is_gogs hdr_end(host) -i ${GOGS_URL}
+
+    use_backend letsencrypt-backend if letsencrypt-acl
+    use_backend nextcloud-insecure if is_nextcloud
+    use_backend gogs-insecure if is_gogs
+    default_backend nextcloud-insecure
+
+backend nextcloud-insecure
+    server nextcloud nextcloud:80 maxconn 32
+
+backend gogs-insecure
+    server gogs gogs:2080 maxconn 32
+
+# LE Backend
+backend letsencrypt-backend
+    server letsencrypt 127.0.0.1:8888
+
+#listen admin
+#    bind 127.0.0.1:8080
+#        stats enable

images/rpi-haproxy/haproxy_letsencrypt.cfg

+defaults
+    timeout connect 5000ms
+    timeout client 50000ms
+    timeout server 50000ms
+
+# The frontend only listens on port 80
+# If it detects a LetsEncrypt request, is uses the LE backend
+frontend fe-letsencrypt
+    bind *:80
+
+    # Test URI to see if its a letsencrypt request
+    acl letsencrypt-acl path_beg /.well-known/acme-challenge/
+    use_backend letsencrypt-backend if letsencrypt-acl
+
+    default_backend letsencrypt-backend
+
+# LE Backend
+backend letsencrypt-backend
+    server letsencrypt 127.0.0.1:8888

images/rpi-haproxy/letsencrypt.cron

+#!/bin/sh
+
+# https://community.letsencrypt.org/t/renew-incorrect-validation-certificate-for-tls-sni-01-challenge/64865/2
+#certbot renew --tls-sni-01-port=8888
+certbot renew --preferred-challenges http
+
+for _URL in `ls /etc/letsencrypt/live`; do
+    cat /etc/letsencrypt/live/${_URL}/fullchain.pem \
+        /etc/letsencrypt/live/${_URL}/privkey.pem \
+        > /etc/letsencrypt/haproxy/${_URL}.pem;
+done;

images/rpi-haproxy/startup.sh

+#!/bin/bash
+
+CFG_FILE=/etc/haproxy/haproxy.cfg
+CFG_LE_FILE=/etc/haproxy/haproxy_letsencrypt.cfg
+LETSENCRYPT_PORT=8888
+
+mkdir -p /etc/letsencrypt/haproxy
+
+sed -i "s/\${NEXTCLOUD_URL}/${NEXTCLOUD_URL}/g" $CFG_FILE
+sed -i "s/\${GOGS_URL}/${GOGS_URL}/g" $CFG_FILE
+
+# Let's Encrypt
+
+# Following these instructions:
+# https://serversforhackers.com/c/letsencrypt-with-haproxy
+
+# Start temporary HAProxy
+haproxy -f $CFG_LE_FILE -D -p /tmp/haproxy.pid
+
+# Get Let's Encrypt certificates
+for _URL in ${NEXTCLOUD_URL} ${GOGS_URL}; do
+    if [[ ! -s /etc/letsencrypt/haproxy/${_URL}.pem ]]; then
+        # Query Let's Encrypt
+        certbot certonly -d ${_URL} \
+                --email ${ADMIN_EMAIL} --non-interactive --agree-tos \
+                --standalone --http-01-port=${LETSENCRYPT_PORT}
+        if [ $? -eq 0 ]; then
+            cat /etc/letsencrypt/live/${_URL}/fullchain.pem \
+                /etc/letsencrypt/live/${_URL}/privkey.pem \
+                > /etc/letsencrypt/haproxy/${_URL}.pem
+        fi
+    fi
+done;
+
+echo Killing haproxy `cat /tmp/haproxy.pid`
+kill -SIGTERM `cat /tmp/haproxy.pid`
+rm /tmp/haproxy.pid
+
+# Create renew cron job
+mv /usr/local/bin/letsencrypt.cron /etc/cron.monthly/letsencrypt
+# remove default cron job
+mv /etc/cron.d/certbot /tmp
+
+# Start HAProxy
+haproxy -f $CFG_FILE

images/rpi-mariadb/Dockerfile

+#
+# MariaDB Dockerfile
+#
+# https://github.com/bingen/rpi-mariadb
+#
+
+# Pull base image.
+FROM resin/raspberrypi3-debian:latest
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install MariaDB.
+RUN \
+  apt-get update && \
+  apt-get upgrade  && \
+  apt-get -y install mariadb-server
+RUN \
+  sed -i 's/^\(bind-address\s.*\)/# \1/' /etc/mysql/my.cnf && \
+  echo "mysqld_safe &" > /tmp/config && \
+  echo "mysqladmin --silent --wait=30 ping || exit 1" >> /tmp/config && \
+  echo "mysql -e 'GRANT ALL PRIVILEGES ON *.* TO \"root\"@\"%\" WITH GRANT OPTION;'" >> /tmp/config && \
+  bash /tmp/config && \
+  mysql -e "SELECT Host, User, Password FROM mysql.user;" > /tmp/a.out
+  #rm -f /tmp/config
+
+COPY startup.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/startup.sh
+
+# Define mountable directories.
+#VOLUME ["/var/lib/mysql"]
+
+# Define default command.
+CMD ["/usr/local/bin/startup.sh"]
+
+# Expose ports.
+EXPOSE 3306

images/rpi-mariadb/README.md

+# rpi-mariadb

images/rpi-mariadb/startup.sh

+#!bin/bash
+
+echo "Installing Mysql DB"
+mysql_install_db --user=mysql --ldata=/var/lib/mysql
+
+# set root password from secret
+if [ ! -z $MYSQL_ROOT_PWD_FILE -a -f $MYSQL_ROOT_PWD_FILE ]; then
+    MYSQL_ROOT_PWD=`cat $MYSQL_ROOT_PWD_FILE`;
+fi
+
+if [ ! -z $MYSQL_ROOT_PWD ]; then
+    # start server
+    echo "Starting server"
+    /usr/bin/mysqld_safe --datadir='/var/lib/mysql' & #--skip-grant-tables &
+    pid="$!"
+    echo "Mysql pid: $pid"
+
+    mysql=( mysql  )
+
+    for i in {30..0}; do
+        if echo 'SELECT 1' | "${mysql}" &> /dev/null; then
+            break
+        fi
+        echo 'MySQL init process in progress...'
+        sleep 1
+    done
+    if [ "$i" = 0 ]; then
+        echo >&2 'MySQL init process failed or there already was data with a root password set.'
+    fi
+
+    # Allow access from outside
+    #echo "INSERT INTO mysql.user (Host, User) VALUES ('%', 'root');" | "${mysql}"
+    echo 'GRANT ALL PRIVILEGES ON *.* TO "root"@"%" WITH GRANT OPTION;' | "${mysql}"
+    # set root password
+    echo "Setting root password"
+    #/usr/bin/mysqladmin -u root flush-privileges password "$MYSQL_ROOT_PWD"
+    echo "UPDATE mysql.user SET password=PASSWORD('$MYSQL_ROOT_PWD') WHERE user='root';" | "${mysql}"
+    #echo "SET PASSWORD FOR 'root' = PASSWORD('$MYSQL_ROOT_PWD');" | "${mysql}"
+    if [ $? != 0 ]; then
+        echo >&2 'MySQL root password setting failed.'
+        #exit 1
+    fi
+
+    # Stop server
+    echo "Stopping server"
+    #if ! kill -s TERM "$pid" || ! wait "$pid"; then
+    if ! mysqladmin -u root -p"$MYSQL_ROOT_PWD" shutdown || ! wait "$pid"; then
+        echo >&2 'MySQL stop process failed.'
+        #exit 1
+    fi
+
+fi
+
+echo "Restarting server"
+/usr/bin/mysqld_safe --datadir='/var/lib/mysql'

images/rpi-nextcloud/Dockerfile

+FROM bingen/rpi-nginx-php
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+ARG NEXTCLOUD_VERSION
+ARG NEXTCLOUD_DATA_PATH
+ARG NEXTCLOUD_BACKUP_PATH
+
+RUN apt-get update && \
+    apt-get install -y wget bzip2 vim rsync mariadb-client cron && \
+    apt-get clean
+
+# Change upload-limits and -sizes
+RUN sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 2048M/g" /etc/php/7.0/fpm/php.ini && \
+    sed -i "s/post_max_size = 8M/post_max_size =root123  2048M/g" /etc/php/7.0/fpm/php.ini && \
+    echo 'default_charset = "UTF-8"' >> /etc/php/7.0/fpm/php.ini && \
+    echo "upload_tmp_dir = ${NEXTCLOUD_DATA_PATH}" >> /etc/php/7.0/fpm/php.ini && \
+    echo "extension = apc.so" >> /etc/php/7.0/fpm/php.ini && \
+    echo "apc.enabled = 1" >> /etc/php/7.0/fpm/php.ini && \
+    echo "apc.include_once_override = 0" >> /etc/php/7.0/fpm/php.ini && \
+    echo "apc.shm_size = 256" >> /etc/php/7.0/fpm/php.ini
+
+# now add our hand-written nginx-default-configuration which makes use of all the stuff so far prepared
+COPY default /etc/nginx/sites-available/default
+
+# PHP config
+COPY php_nc.ini /tmp/php_nc.ini
+RUN cat /tmp/php_nc.ini >> /etc/php/7.0/fpm/php.ini && \
+    cat /tmp/php_nc.ini >> /etc/php/7.0/cli/php.ini
+# https://docs.nextcloud.com/server/13/admin_manual/installation/source_installation.html#php-fpm-tips-label
+RUN sed -i 's/^;env/env/g' /etc/php/7.0/fpm/pool.d/www.conf
+
+# Create the data-directory where NEXTCLOUD can store its stuff
+RUN mkdir -p "${NEXTCLOUD_DATA_PATH}" && \
+    chown -R www-data:www-data "${NEXTCLOUD_DATA_PATH}" && \
+    mkdir -p "${NEXTCLOUD_BACKUP_PATH}"
+
+# finally, download NEXTCLOUD and extract it
+RUN mkdir -p /var/www
+WORKDIR /var/www
+
+RUN wget https://download.nextcloud.com/server/releases/${NEXTCLOUD_VERSION}.tar.bz2 && \
+    tar xvf ${NEXTCLOUD_VERSION}.tar.bz2 && \
+    chown -R www-data:www-data nextcloud && \
+    rm ${NEXTCLOUD_VERSION}.tar.bz2
+
+WORKDIR /
+COPY docker-entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+COPY backup.sh /etc/cron.daily/backup
+RUN chmod +x /etc/cron.daily/backup
+
+#VOLUME ${NEXTCLOUD_DATA_PATH}
+#VOLUME ${NEXTCLOUD_BACKUP_PATH}
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+CMD service php7.0-fpm start && nginx
+#CMD ["service", "php7.0-fpm", "start", "&&", "nginx"]

images/rpi-nextcloud/LICENSE

+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

images/rpi-nextcloud/README.md

+# rpi-nextcloud
+
+Nextcloud Docker image for Raspberry Pi. Part of [Docker Raspberry Pi Home Server](https://github.com/bingen/rpi_docker_home_server).
+
+Based on [this one](https://hub.docker.com/r/schoeffm/rpi-nextcloud/). See [here](https://bitbucket.org/schoeffm/rpi-docker/src/acb764e933b38ff486f62417717cdf9d1a18d7fc/rpi-nextcloud/?at=master) too.

images/rpi-nextcloud/backup.sh

+#!/bin/sh
+
+# read environment variables
+. /root/env.sh
+
+LOG_PATH=/tmp
+ERROR=""
+TIMESTAMP=`date +"%Y%m%d"`
+
+# TODO: mail
+#Mail vars
+#MAIL_FROM="postmaster@{DOMAIN}"
+#MAIL_TO=
+#MAIL_SUBJECT='Nextcloud backup report'
+
+mail() {
+    #mutt -e "set from=${MAIL_FROM}" -s "${MAIL_SUBJECT}" -- "${MAIL_TO}" <<< $1
+    echo $1
+}
+
+# Backup config file (it's important for salt and secret)
+echo "Copying config file"
+cp /var/www/nextcloud/config/config.php ${NEXTCLOUD_BACKUP_PATH}/config_${TIMESTAMP}.php
+if [ $? != 0 ]
+then
+    tmp="Error copying config file.\n"
+    echo $tmp
+    ERROR="$ERROR $tmp"
+fi
+
+# Backup Mysql DB
+DB_PWD=`grep dbpassword /var/www/nextcloud/config/config.php | awk -F "'" '{ print $4 }'`
+DB_BACKUP_FILE=${NEXTCLOUD_BACKUP_PATH}/nextcloud-sqlbkp_${TIMESTAMP}.sql
+mysqldump --lock-tables -u ${NEXTCLOUD_DB_USER} -p${DB_PWD} -h ${DB_HOST} ${NEXTCLOUD_DB_NAME} > ${DB_BACKUP_FILE}
+if [ $? != 0 ]
+then
+    tmp="Error backing Nextcloud DB up\n"
+    echo $tmp
+    ERROR="$ERROR $tmp"
+fi
+# Compress Mysql Backup
+gzip ${DB_BACKUP_FILE}
+# Remove backups older than 5 days
+find ${NEXTCLOUD_BACKUP_PATH} -maxdepth 1 -mtime +5 -type f -name "nextcloud-sqlbkp*" -delete
+find ${NEXTCLOUD_BACKUP_PATH} -maxdepth 1 -mtime +5 -type f -name "config_*\.php" -delete
+# Remove old logs too
+find ${LOG_PATH} -mtime +5 -type f -name "backup_nextcloud*" -delete
+
+# Backup Nextcloud root folder
+echo "Copying Nextcloud"
+rsync -auv --delete --ignore-errors /var/www/nextcloud/  ${NEXTCLOUD_BACKUP_PATH}/nextcloud > ${LOG_PATH}/backup_nextcloud-${TIMESTAMP}.log 2>&1
+if [ $? != 0 ]
+then
+    tmp="Error copying Nextcloud.\n"
+    echo $tmp
+    ERROR="$ERROR $tmp"
+fi
+
+# Backup Nextcloud Data folder
+echo "Copying Data"
+rsync -auv --delete --ignore-errors ${NEXTCLOUD_DATA_PATH}/  ${NEXTCLOUD_BACKUP_PATH}/data > ${LOG_PATH}/backup_nextcloud_data-${TIMESTAMP}.log 2>&1
+if [ $? != 0 ]
+then
+    tmp="Error copying Data.\n"
+    echo $tmp
+    ERROR="$ERROR $tmp"
+fi
+
+
+if [ -z "$ERROR" ]
+then
+    mail "Everything went right"
+else
+    mail "$ERROR"
+fi
+
+exit 0

images/rpi-nextcloud/default

+server { 
+    listen 80; 
+    server_name localhost;
+    root /var/www/html;
+    location ~ ^/.well-known/acme-challenge/(.*)$ {
+        allow all;
+    }
+    #rewrite ^ https://$server_name$request_uri? permanent; # enforce https 
+}
+
+server {
+    listen 443 ssl; 
+    server_name localhost;
+
+    ssl_certificate /etc/nginx/ssl/nextcloud.crt; 
+    ssl_certificate_key /etc/nginx/ssl/nextcloud.key; 
+
+    root /var/www/nextcloud;
+    index index.php;
+
+    client_max_body_size 10G; # set max upload size
+    fastcgi_buffers 64 4K;
+
+    rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
+    rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
+    rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
+
+    error_page 403 = /core/templates/403.php;
+    error_page 404 = /core/templates/404.php;
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
+        deny all;
+    }
+
+    location / {
+        rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+        rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+
+        rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
+        rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
+
+        rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
+
+        try_files $uri $uri/ index.php;
+    }
+
+    location ~ ^(.+?\.php)(/.*)?$ {
+        try_files $1 = 404;
+
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$1;
+        fastcgi_param PATH_INFO $2;
+        fastcgi_param HTTPS on;
+        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+    }
+
+    location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
+        expires 30d;
+        # Optional: Don't log access to assets
+        access_log off;
+    }
+
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+        fastcgi_index index.php;
+        include fastcgi_params;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+}
+

images/rpi-nextcloud/docker-entrypoint.sh

+#!/bin/bash
+
+#set -e
+
+#NEXTCLOUD_DB_PWD=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;`
+NEXTCLOUD_DB_PWD=`openssl rand -base64 20`
+
+if [ -z "${NEXTCLOUD_SERVER_NAME}" ]; then
+    echo >&2 'error: you have to provide a server-name (NEXTCLOUD_SERVER_NAME)'
+    exit 1
+fi
+
+sudo sed -i "s/server_name localhost/server_name ${NEXTCLOUD_SERVER_NAME}.${NEXTCLOUD_DOMAIN} ${NEXTCLOUD_SERVER_NAME}/g" /etc/nginx/sites-available/default
+
+# set Admin password from secret
+if [ ! -z $NEXTCLOUD_ADMIN_PWD_FILE -a -f $NEXTCLOUD_ADMIN_PWD_FILE ]; then
+    NEXTCLOUD_ADMIN_PWD=`cat $NEXTCLOUD_ADMIN_PWD_FILE`;
+fi
+# set LDAP password from secret
+if [ ! -z $LDAP_BIND_PWD_FILE -a -f $LDAP_BIND_PWD_FILE ]; then
+    LDAP_BIND_PWD=`cat $LDAP_BIND_PWD_FILE`;
+fi
+# set DB root password from secret
+if [ ! -z $MYSQL_ROOT_PWD_FILE -a -f $MYSQL_ROOT_PWD_FILE ]; then
+    MYSQL_ROOT_PWD=`cat $MYSQL_ROOT_PWD_FILE`;
+fi
+# set password salt from secret
+if [ ! -z $NEXTCLOUD_SALT_FILE -a -f $NEXTCLOUD_SALT_FILE ]; then
+    NEXTCLOUD_SALT=`cat $NEXTCLOUD_SALT_FILE`;
+fi
+# set NC secret from secret
+if [ ! -z $NEXTCLOUD_SECRET_FILE -a -f $NEXTCLOUD_SECRET_FILE ]; then
+    NEXTCLOUD_SECRET=`cat $NEXTCLOUD_SECRET_FILE`;
+fi
+
+# check needed variables
+if [[ -z ${DB_HOST} || -z ${NEXTCLOUD_DB_NAME} || -z ${NEXTCLOUD_DB_USER} \
+            || -z ${NEXTCLOUD_DB_PWD} || -z ${NEXTCLOUD_ADMIN_PWD} \
+            || -z ${NEXTCLOUD_DATA_PATH} || -z ${NEXTCLOUD_BACKUP_PATH} ]]; then
+    echo "Missing variable! You must provide: DB_HOST, NEXTCLOUD_DB_NAME, \
+NEXTCLOUD_DB_USER, NEXTCLOUD_DB_PWD, NEXTCLOUD_ADMIN_PWD, NEXTCLOUD_DATA_PATH, \
+NEXTCLOUD_BACKUP_PATH";
+    #env;
+    exit 1;
+fi
+
+# SSL certificates
+if [ ! -f /etc/nginx/ssl/nextcloud.crt ]; then
+    sudo mkdir /etc/nginx/ssl
+    sudo openssl genrsa -out /etc/nginx/ssl/nextcloud.key 4096
+    sudo openssl req -new -sha256 -batch -subj "/CN=$NEXTCLOUD_SERVER_NAME" -key /etc/nginx/ssl/nextcloud.key -out /etc/nginx/ssl/nextcloud.csr
+    sudo openssl x509 -req -sha256 -days 3650 -in /etc/nginx/ssl/nextcloud.csr -signkey /etc/nginx/ssl/nextcloud.key -out /etc/nginx/ssl/nextcloud.crt
+fi
+
+# Data folder
+if [ -z "${DATA_CHOWN}" -o "${DATA_CHOWN}" != "0" ]; then
+    echo "Changing ownership of Data folder. It may take a while..."
+    chown -R www-data:www-data ${NEXTCLOUD_DATA_PATH};
+fi
+
+function check_result {
+    if [ $1 != 0 ]; then
+        echo "Error: $2";
+        exit 1;
+    fi
+}
+# ### DB ###
+
+# wait for DB to be ready
+R=111
+while [ $R -eq 111 ]; do
+    mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "SHOW DATABASES"  2> /dev/null;
+    R=$?;
+done
+
+# check if DB exists
+DB_EXISTS=$(mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "SHOW DATABASES" 2> /dev/null | grep ${NEXTCLOUD_DB_NAME})
+echo DB exists: ${DB_EXISTS}
+
+if [ -z "${DB_EXISTS}" ]; then
+    echo Creating Database
+    #mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "DROP DATABASE IF EXISTS ${NEXTCLOUD_DB_NAME};"
+    #check_result $? "Dropping DB"
+    mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "CREATE DATABASE ${NEXTCLOUD_DB_NAME};"
+    check_result $? "Creating DB"
+fi
+
+echo Creating User
+# 'IF EXISTS' for DROP USER is available from MariaDB 10.1.3 only
+mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "DROP USER ${NEXTCLOUD_DB_USER};" || echo "It seems it didn't exist"
+mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "CREATE USER ${NEXTCLOUD_DB_USER} IDENTIFIED BY '${NEXTCLOUD_DB_PWD}';"
+check_result $? "Creating User"
+mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "GRANT ALL ON ${NEXTCLOUD_DB_NAME}.* TO ${NEXTCLOUD_DB_USER};"
+check_result $? "Granting permissions"
+mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "FLUSH PRIVILEGES;"
+check_result $? "Flushing privileges"
+
+unset MYSQL_ROOT_PWD
+
+# DB Backup
+if [ ! -z "${DB_EXISTS}" -a ! -z "${NEXTCLOUD_DB_BACKUP}" -a -f "${NEXTCLOUD_DB_BACKUP}" ]; then
+    echo Restoring DB Backup...
+    mysql -u ${NEXTCLOUD_DB_USER} -p${NEXTCLOUD_DB_PWD} -D ${NEXTCLOUD_DB_NAME} -h ${DB_HOST} < ${NEXTCLOUD_DB_BACKUP};
+    check_result $? "Restoring DB"
+fi
+# empty oc_users table
+echo "Removing users"
+mysql -u ${NEXTCLOUD_DB_USER} -p${NEXTCLOUD_DB_PWD} -D ${NEXTCLOUD_DB_NAME} -h ${DB_HOST} -e "TRUNCATE TABLE oc_users;";
+check_result $? "Truncating Users table"
+mysql -u ${NEXTCLOUD_DB_USER} -p${NEXTCLOUD_DB_PWD} -D ${NEXTCLOUD_DB_NAME} -h ${DB_HOST} -e "TRUNCATE TABLE oc_ldap_user_mapping;";
+check_result $? "Truncating LDAP Users mapping table"
+
+# ### Nextcloud config file ###
+
+echo "Configuring Nextcloud"
+cd /var/www/nextcloud
+sudo -u www-data php occ maintenance:install --database "mysql" --database-host ${DB_HOST} --database-name ${NEXTCLOUD_DB_NAME}  --database-user ${NEXTCLOUD_DB_USER} --database-pass ${NEXTCLOUD_DB_PWD} --admin-user "admin" --admin-pass ${NEXTCLOUD_ADMIN_PWD} --data-dir ${NEXTCLOUD_DATA_PATH}
+check_result $? "Initializing Config"
+# Password salt and secret are used by Passman and must remain the same after
+# restarting of the instance, otherwise vaults would become inaccessible
+if [ ! -z "${NEXTCLOUD_SALT}" ]; then
+    sudo -u www-data php occ config:system:set passwordsalt --value "${NEXTCLOUD_SALT}"
+fi
+if [ ! -z "${NEXTCLOUD_SECRET}" ]; then
+    sudo -u www-data php occ config:system:set secret --value "${NEXTCLOUD_SECRET}"
+fi
+sudo -u www-data php occ config:system:set trusted_domains 0 --value ${NEXTCLOUD_SERVER_NAME}.${NEXTCLOUD_DOMAIN}
+sudo -u www-data php occ config:system:set trusted_domains 1 --value ${NEXTCLOUD_DOMAIN}
+# Already in manitenance:install command:
+#sudo -u www-data php occ config:system:set datadirectory ${NEXTCLOUD_DATA_PATH}
+#sudo -u www-data php occ config:system:set dbtype --value mysql
+#sudo -u www-data php occ config:system:set dbhost --value ${DB_HOST}
+#sudo -u www-data php occ config:system:set dbname --value ${NEXTCLOUD_DB_NAME}
+#sudo -u www-data php occ config:system:set dbuser --value ${NEXTCLOUD_DB_USER}
+#sudo -u www-data php occ config:system:set dbpassword --value ${NEXTCLOUD_DB_PWD}
+sudo -u www-data php occ config:system:set mail_from_address --value postmaster
+sudo -u www-data php occ config:system:set mail_domain --value ${NEXTCLOUD_DOMAIN}
+sudo -u www-data php occ config:system:set ldapIgnoreNamingRules --value false
+sudo -u www-data php occ config:system:set ldapProviderFactory --value "\\OCA\\User_LDAP\\LDAPProviderFactory"
+# https://docs.nextcloud.com/server/13/admin_manual/configuration_server/caching_configuration.html
+sudo -u www-data php occ config:system:set memcache.local --value '\OC\Memcache\APCu'
+sudo -u www-data php occ config:app:set user_ldap enabled --value yes
+sudo -u www-data php occ config:app:set user_ldap types --value authentication
+sudo -u www-data php occ config:app:set user_ldap ldap_host --value ${LDAP_SERVER_HOST}
+sudo -u www-data php occ config:app:set user_ldap ldap_port --value 389
+sudo -u www-data php occ config:app:set user_ldap ldap_base --value ${LDAP_SEARCH_BASE}
+sudo -u www-data php occ config:app:set user_ldap ldap_base_users --value ${LDAP_SEARCH_BASE}
+sudo -u www-data php occ config:app:set user_ldap ldap_base_groups --value ${LDAP_SEARCH_BASE}
+sudo -u www-data php occ config:app:set user_ldap ldap_dn --value ${LDAP_BIND_DN}
+sudo -u www-data php occ config:app:set user_ldap ldap_agent_password --value `printf "${LDAP_BIND_PWD}" | base64`
+sudo -u www-data php occ config:app:set user_ldap ldap_email_attr --value mail
+sudo -u www-data php occ config:app:set user_ldap ldap_login_filter --value "(&(objectclass=*)(|(uniqueIdentifier=%uid)(mail=%uid)))"
+sudo -u www-data php occ config:app:set user_ldap ldap_login_filter_mode --value 1
+sudo -u www-data php occ config:app:set user_ldap ldap_loginfilter_email --value 1
+sudo -u www-data php occ config:app:set user_ldap ldap_loginfilter_username --value 1
+sudo -u www-data php occ config:app:set user_ldap ldap_user_filter_mode --value 1
+sudo -u www-data php occ config:app:set user_ldap ldap_userlist_filter --value "(objectclass=*)"
+sudo -u www-data php occ config:app:set user_ldap use_memberof_to_detect_membership --value 1
+sudo -u www-data php occ config:app:set user_ldap ldap_display_name --value "cn"
+#sudo -u www-data php occ config:app:set user_ldap ldap_expert_username_attr --value "mail"
+
+sudo -u www-data php occ config:app:set user_ldap has_memberof_filter_support --value "0"
+sudo -u www-data php occ config:app:set user_ldap home_folder_naming_rule --value ""
+sudo -u www-data php occ config:app:set user_ldap last_jpegPhoto_lookup --value "0"
+sudo -u www-data php occ config:app:set user_ldap ldap_attributes_for_group_search --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_attributes_for_user_search --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_backup_host --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_backup_port --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_cache_ttl --value "600"
+sudo -u www-data php occ config:app:set user_ldap ldap_configuration_active --value "1"
+sudo -u www-data php occ config:app:set user_ldap ldap_dynamic_group_member_url --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_experienced_admin --value "0"
+sudo -u www-data php occ config:app:set user_ldap ldap_expert_uuid_group_attr --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_expert_uuid_user_attr --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_group_display_name --value "cn"
+sudo -u www-data php occ config:app:set user_ldap ldap_group_filter --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_group_filter_mode --value "0"
+sudo -u www-data php occ config:app:set user_ldap ldap_group_member_assoc_attribute --value "uniqueMember"
+sudo -u www-data php occ config:app:set user_ldap ldap_groupfilter_groups --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_groupfilter_objectclass --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_loginfilter_attributes --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_nested_groups --value "0"
+sudo -u www-data php occ config:app:set user_ldap ldap_override_main_server --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_paging_size --value "500"
+sudo -u www-data php occ config:app:set user_ldap ldap_quota_attr --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_quota_def --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_tls --value "0"
+sudo -u www-data php occ config:app:set user_ldap ldap_turn_off_cert_check --value "0"
+sudo -u www-data php occ config:app:set user_ldap ldap_turn_on_pwd_change --value "0"
+sudo -u www-data php occ config:app:set user_ldap ldap_user_display_name_2 --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_userfilter_groups --value ""
+sudo -u www-data php occ config:app:set user_ldap ldap_userfilter_objectclass --value ""
+
+# upgrade apps
+sudo -u www-data php occ upgrade
+
+# enable apps
+sudo -u www-data php occ app:enable contacts
+sudo -u www-data php occ app:enable calendar
+sudo -u www-data php occ app:enable tasks
+#sudo -u www-data php occ app:enable spreed
+sudo -u www-data php occ app:enable bookmarks
+#sudo -u www-data php occ app:enable direct_menu
+sudo -u www-data php occ app:enable mail
+sudo -u www-data php occ app:enable news
+sudo -u www-data php occ app:enable notes
+sudo -u www-data php occ app:enable passman
+sudo -u www-data php occ app:enable tasks
+sudo -u www-data php occ app:enable drawio
+sudo -u www-data php occ app:enable gpxedit
+sudo -u www-data php occ app:enable gpxmotion
+sudo -u www-data php occ app:enable gpxpod
+sudo -u www-data php occ app:enable sharebyemail
+sudo -u www-data php occ app:enable socialsharing_email
+
+# copy variables to a file for cron
+printenv | grep "NEXTCLOUD\|DB" | sed 's/^\(.*\)$/export \1/g' > /root/env.sh
+
+service cron start
+
+exec "$@"

images/rpi-nextcloud/php_nc.ini

+; https://docs.nextcloud.com/server/13/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
+opcache.enable=1
+opcache.enable_cli=1
+opcache.interned_strings_buffer=8
+opcache.max_accelerated_files=10000
+opcache.memory_consumption=128
+opcache.save_comments=1
+opcache.revalidate_freq=1

images/rpi-nginx-php/Dockerfile

+FROM bingen/rpi-nginx
+
+# update and install php5
+RUN apt-get update && \
+    apt-get install -y php7.0 php7.0-fpm php-pear php7.0-common php7.0-mcrypt \
+    php7.0-mysql php7.0-cli php7.0-gd php7.0-curl php7.0-apcu php7.0-opcache \
+    php7.0-mbstring php7.0-ldap php7.0-zip && \
+    apt-get clean
+
+# overwrite the default-configuration with our own settings - enabling PHP
+COPY default /etc/nginx/sites-available/default
+
+CMD service php7.0-fpm start && nginx

images/rpi-nginx-php/README.md

+# rpi-nginx-php
+
+Nginx with PHP Docker image for Raspberry Pi. Part of [Docker Raspberry Pi Home Server](https://github.com/bingen/rpi_docker_home_server).
+
+Based on https://bitbucket.org/schoeffm/rpi-docker/src/acb764e933b38ff486f62417717cdf9d1a18d7fc/rpi-nginx-php5/?at=master

images/rpi-nginx-php/default

+# You may add here your
+# server {
+#	...
+# }
+# statements for each of your virtual hosts to this file
+
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+#
+# Generally, you will want to move this file somewhere, and start with a clean
+# file but keep this around for reference. Or just disable in sites-enabled.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+server {
+	#listen   80; ## listen for ipv4; this line is default and implied
+	#listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /usr/share/nginx/www;
+	index index.html index.htm index.php;
+
+	# Make site accessible from http://localhost/
+	server_name localhost;
+
+	location / {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		try_files $uri $uri/ /index.html;
+		# Uncomment to enable naxsi on this location
+		# include /etc/nginx/naxsi.rules
+	}
+
+	location /doc/ {
+		alias /usr/share/doc/;
+		autoindex on;
+		allow 127.0.0.1;
+		allow ::1;
+		deny all;
+	}
+
+	# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
+	#location /RequestDenied {
+	#	proxy_pass http://127.0.0.1:8080;    
+	#}
+
+	#error_page 404 /404.html;
+
+	# redirect server error pages to the static page /50x.html
+	#
+	#error_page 500 502 503 504 /50x.html;
+	#location = /50x.html {
+	#	root /usr/share/nginx/www;
+	#}
+
+	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+	#
+	#location ~ \.php$ {
+	#	fastcgi_split_path_info ^(.+\.php)(/.+)$;
+	#	# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+	#
+	#	# With php7.0-cgi alone:
+	#	fastcgi_pass 127.0.0.1:9000;
+	#	# With php7.0-fpm:
+	#	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+	#	fastcgi_index index.php;
+	#	include fastcgi_params;
+	#}
+
+	# deny access to .htaccess files, if Apache's document root
+	# concurs with nginx's one
+	#
+	#location ~ /\.ht {
+	#	deny all;
+	#}
+
+
+    # pass the PHP scripts to PHP-FPM server listening on unix socket
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+        fastcgi_index index.php;
+        include fastcgi_params;
+    }
+                    
+    # deny access to .htaccess files
+    location ~ /\.ht {
+        deny all;
+    }
+
+
+
+}
+
+
+# another virtual host using mix of IP-, name-, and port-based configuration
+#
+#server {
+#	listen 8000;
+#	listen somename:8080;
+#	server_name somename alias another.alias;
+#	root html;
+#	index index.html index.htm;
+#
+#	location / {
+#		try_files $uri $uri/ =404;
+#	}
+#}
+
+
+# HTTPS server
+#
+#server {
+#	listen 443;
+#	server_name localhost;
+#
+#	root html;
+#	index index.html index.htm;
+#
+#	ssl on;
+#	ssl_certificate cert.pem;
+#	ssl_certificate_key cert.key;
+#
+#	ssl_session_timeout 5m;
+#
+#	ssl_protocols SSLv3 TLSv1;
+#	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
+#	ssl_prefer_server_ciphers on;
+#
+#	location / {
+#		try_files $uri $uri/ =404;
+#	}
+#}
+

images/rpi-nginx/Dockerfile

+FROM resin/raspberrypi3-debian:stretch
+
+#ENV NGINX_VERSION 1.2.1-2.2+wheezy3
+
+# update and install nginx
+RUN apt-get update && \
+    apt-get install -y nginx && \
+    #=${NGINX_VERSION}
+    apt-get clean
+
+# trim the original configuration for our little raspberry
+RUN sed -i "s/worker_processes 4;/worker_processes 2;/g" /etc/nginx/nginx.conf
+RUN sed -i "s/worker_connections 768;/worker_connections 256;/g" /etc/nginx/nginx.conf
+RUN echo "daemon off;" >> /etc/nginx/nginx.conf
+
+# like in the official nginx-image - forward request and error logs to docker log collector
+RUN ln -sf /dev/stdout /var/log/nginx/access.log
+RUN ln -sf /dev/stderr /var/log/nginx/error.log
+
+VOLUME ["/var/cache/nginx"]
+
+# Ports to be exposed
+EXPOSE 80 443
+
+CMD ["nginx"]

images/rpi-nginx/README.md

+# rpi-nginx
+
+Nginx Docker image for Raspberry Pi. Part of [Docker Raspberry Pi Home Server](https://github.com/bingen/rpi_docker_home_server).
+
+Based on https://bitbucket.org/schoeffm/rpi-docker/src/acb764e933b38ff486f62417717cdf9d1a18d7fc/rpi-nginx/?at=master

images/rpi-openldap/.gitignore

+users/*.ldif
+

images/rpi-openldap/Dockerfile

+FROM resin/raspberrypi3-debian:latest
+
+# Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
+RUN groupadd -r openldap && useradd -r -g openldap -u 999 openldap
+
+# Install OpenLDAP, ldap-utils and ssl-tools from baseimage and clean apt-get files
+RUN apt-get -y update \
+    && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \
+       ldap-utils \
+       openssl \
+       slapd \
+#       ca-certificates \
+#       curl \
+#       patch \
+#       php5-ldap \
+#       php5-readline \
+#    && curl -o phpldapadmin.tgz -SL https://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/${PHPLDAPADMIN_VERSION}/phpldapadmin-${PHPLDAPADMIN_VERSION}.tgz \
+#    && echo "$PHPLDAPADMIN_SHA1 *phpldapadmin.tgz" | sha1sum -c - \
+#    && mkdir -p /var/www/phpldapadmin_bootstrap /var/www/phpldapadmin \
+#    && tar -xzf phpldapadmin.tgz --strip 1 -C /var/www/phpldapadmin_bootstrap \
+#    && apt-get remove -y --purge --auto-remove curl ca-certificates \
+#    && rm phpldapadmin.tgz \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+COPY data /tmp/data/
+COPY startup.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/startup.sh
+
+# Set phpLDAPadmin data directory in a data volume
+# VOLUME ["/var/www/phpldapadmin"]
+VOLUME ["/etc/ldap"]
+
+#CMD ["/usr/sbin/slapd", "-g", "openldap", "-u", "openldap", "-F", "/etc/ldap/slapd.d", "-d0"]
+#CMD ["/usr/sbin/slapd", "-h", "ldap:/// ldapi:///", "-g", "openldap", "-u", "openldap", "-F", "/etc/ldap/slapd.d", "-d7"]
+#CMD ["/bin/bash"]
+CMD ["/usr/local/bin/startup.sh"]
+
+EXPOSE 389 636
+#80 443

images/rpi-openldap/LICENSE

+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

images/rpi-openldap/README.md

+# rpi-openladp
+
+OpenLDAP Docker image for Raspberry Pi. Part of [Docker Raspberry Pi Home Server](https://github.com/bingen/rpi_docker_home_server).
+
+Based on https://github.com/osixia/docker-openldap

images/rpi-openldap/data/000-addou_people.ldif

+dn: ou=people,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}
+changetype: add
+objectClass: organizationalUnit
+objectClass: top
+ou: people

images/rpi-openldap/data/000-addou_services.ldif

+dn: ou=services,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}
+objectClass: organizationalUnit
+objectClass: top
+ou: services

images/rpi-openldap/data/000_admin_ext.ldif

+dn: cn=admin,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}
+changetype: modify
+add: objectClass
+objectClass: extensibleObject

images/rpi-openldap/data/001_admin_mail.ldif

+dn: cn=admin,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}
+changetype: modify
+add: mail
+mail: admin@${LDAP_DOMAIN}

images/rpi-openldap/data/_acl_add_0.ldif

+dn: olcDatabase={1}mdb,cn=config
+changetype: modify
+add: olcAccess
+olcAccess: {0}to dn.subtree="dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}" attrs=userPassword
+    by self write
+    by dn.base="cn=admin,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}" write
+    by dn.children="ou=services,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}" read
+    by anonymous auth
+    by * none

images/rpi-openldap/data/_acl_add_1.ldif

+dn: olcDatabase={1}mdb,cn=config
+changetype: modify
+add: olcAccess
+olcAccess: {1}to dn.subtree="dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}"
+    by self read
+    by dn.base="cn=admin,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}" write
+    by dn.children="ou=services,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}" read
+    by * none

images/rpi-openldap/data/_acl_del.ldif

+dn: olcDatabase={1}mdb,cn=config
+changetype: modify
+delete: olcAccess
+olcAccess: {0}

images/rpi-openldap/data/_postfix-book.ldif

+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 7068a199
+dn: cn=postfix-book,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: postfix-book
+olcAttributeTypes: {0}( 1.3.6.1.4.1.29426.1.10.1 NAME 'mailHomeDirectory' DESC
+  'The absolute path to the mail user home directory' EQUALITY caseExactIA5Mat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.29426.1.10.2 NAME 'mailAlias' DESC 'RFC822
+  Mailbox - mail alias' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr
+ ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+olcAttributeTypes: {2}( 1.3.6.1.4.1.29426.1.10.3 NAME 'mailUidNumber' DESC 'UI
+ D required to access the mailbox' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {3}( 1.3.6.1.4.1.29426.1.10.4 NAME 'mailGidNumber' DESC 'GI
+ D required to access the mailbox' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {4}( 1.3.6.1.4.1.29426.1.10.5 NAME 'mailEnabled' DESC 'TRUE
+  to enable, FALSE to disable account' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {5}( 1.3.6.1.4.1.29426.1.10.6 NAME 'mailGroupMember' DESC '
+ Name of a mail distribution list' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4
+ .1.1466.115.121.1.26 )
+olcAttributeTypes: {6}( 1.3.6.1.4.1.29426.1.10.7 NAME 'mailQuota' DESC 'Mail q
+ uota limit in kilobytes' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.26 )
+olcAttributeTypes: {7}( 1.3.6.1.4.1.29426.1.10.8 NAME 'mailStorageDirectory' D
+ ESC 'The absolute path to the mail users mailbox' EQUALITY caseExactIA5Match 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcObjectClasses: {0}( 1.3.6.1.4.1.29426.1.2.2.1 NAME 'PostfixBookMailAccount'
+  DESC 'Mail account used in Postfix Book' SUP top AUXILIARY MUST mail MAY ( m
+ ailHomeDirectory $ mailAlias $ mailGroupMember $ mailUidNumber $ mailGidNumbe
+ r $ mailEnabled $ mailQuota $ mailStorageDirectory ) )
+olcObjectClasses: {1}( 1.3.6.1.4.1.29426.1.2.2.2 NAME 'PostfixBookMailForward'
+  DESC 'Mail forward used in Postfix Book' SUP top AUXILIARY MUST ( mail $ mai
+ lAlias ) )

images/rpi-openldap/data/postfix-book.schema

+# $Id$
+#
+# State of Mind
+# Private Enterprise Number: 29426
+#
+# OID prefix: 1.3.6.1.4.1.29426
+#
+# Attributes: 1.3.6.1.4.1.29426.1.10.x
+#
+
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.1 NAME 'mailHomeDirectory'
+	DESC 'The absolute path to the mail user home directory'
+        EQUALITY caseExactIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.2 NAME 'mailAlias'
+        DESC 'RFC822 Mailbox - mail alias'
+        EQUALITY caseIgnoreIA5Match
+        SUBSTR caseIgnoreIA5SubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.3 NAME 'mailUidNumber'
+        DESC 'UID required to access the mailbox'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.4 NAME 'mailGidNumber'
+        DESC 'GID required to access the mailbox'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.5 NAME 'mailEnabled'
+	DESC 'TRUE to enable, FALSE to disable account'
+        EQUALITY booleanMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.6 NAME 'mailGroupMember'
+	DESC 'Name of a mail distribution list'
+        EQUALITY caseExactIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.7 NAME 'mailQuota'
+	DESC 'Mail quota limit in kilobytes'
+        EQUALITY caseExactIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.8 NAME 'mailStorageDirectory'
+	DESC 'The absolute path to the mail users mailbox'
+        EQUALITY caseExactIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+
+#
+# Objects: 1.3.6.1.4.1.29426.1.2.2.x
+#
+
+objectclass ( 1.3.6.1.4.1.29426.1.2.2.1 NAME 'PostfixBookMailAccount'
+        SUP top AUXILIARY
+	DESC 'Mail account used in Postfix Book'
+	MUST ( mail )
+        MAY ( mailHomeDirectory $ mailAlias $ mailGroupMember 
+		$ mailUidNumber $ mailGidNumber $ mailEnabled
+		$ mailQuota $mailStorageDirectory ) )
+
+objectclass ( 1.3.6.1.4.1.29426.1.2.2.2 NAME 'PostfixBookMailForward'
+        SUP top AUXILIARY
+	DESC 'Mail forward used in Postfix Book'
+	MUST ( mail $ mailAlias ))
+

images/rpi-openldap/data/serviceimport_gogs.ldif

+# gogs
+dn: uid=${LDAP_GOGS_UID},ou=services,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}
+objectClass: simpleSecurityObject
+objectClass: account
+objectClass: top
+uid: ${LDAP_GOGS_UID}
+userPassword: ${LDAP_GOGS_PWD}
+

images/rpi-openldap/data/serviceimport_mail.ldif

+# postfix, dovecot, roundcube, ...
+dn: uid=${LDAP_MAIL_UID},ou=services,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}
+objectClass: simpleSecurityObject
+objectClass: account
+objectClass: top
+uid: ${LDAP_MAIL_UID}
+userPassword: ${LDAP_MAIL_PWD}
+

images/rpi-openldap/data/serviceimport_nextcloud.ldif

+# nextcloud
+dn: uid=${LDAP_NEXTCLOUD_UID},ou=services,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}
+objectClass: simpleSecurityObject
+objectClass: account
+objectClass: top
+uid: ${LDAP_NEXTCLOUD_UID}
+userPassword: ${LDAP_NEXTCLOUD_PWD}
+

images/rpi-openldap/startup.sh

+#!bin/bash
+
+# if [ -f "${BKP_FILE}" ]; then
+#     rm -f /var/lib/ldap/*
+#     /usr/sbin/slapadd -l "${BKP_FILE}"
+#     chown -R openldap:openldap /var/lib/ldap/*
+# else
+#     echo "Warning: No LDAP backup file found!"
+# fi
+
+# https://github.com/moby/moby/issues/8231#issuecomment-63871343
+ulimit -n 1024
+
+# Passwords
+if [ ! -z $LDAP_ADMIN_PWD_FILE -a -f $LDAP_ADMIN_PWD_FILE ]; then
+    LDAP_ADMIN_PWD=`cat $LDAP_ADMIN_PWD_FILE`;
+fi
+if [ ! -z $LDAP_MAIL_PWD_FILE -a -f $LDAP_MAIL_PWD_FILE ]; then
+    LDAP_MAIL_PWD=`cat $LDAP_MAIL_PWD_FILE`;
+fi
+if [ ! -z $LDAP_NEXTCLOUD_PWD_FILE -a -f $LDAP_NEXTCLOUD_PWD_FILE ]; then
+    LDAP_NEXTCLOUD_PWD=`cat $LDAP_NEXTCLOUD_PWD_FILE`;
+fi
+if [ ! -z $LDAP_GOGS_PWD_FILE -a -f $LDAP_GOGS_PWD_FILE ]; then
+    LDAP_GOGS_PWD=`cat $LDAP_GOGS_PWD_FILE`;
+fi
+
+echo slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_PWD} | debconf-set-selections \
+    && echo slapd slapd/internal/adminpw password ${LDAP_ADMIN_PWD} | debconf-set-selections \
+    && echo slapd slapd/password2 password ${LDAP_ADMIN_PWD} | debconf-set-selections \
+    && echo slapd slapd/password1 password ${LDAP_ADMIN_PWD} | debconf-set-selections \
+    && echo slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION | debconf-set-selections \
+    && echo slapd slapd/domain string ${LDAP_DOMAIN} | debconf-set-selections \
+    && echo slapd shared/organization string ${LDAP_ORGANIZATION} | debconf-set-selections \
+    && echo slapd slapd/purge_database boolean true | debconf-set-selections \
+    && echo slapd slapd/move_old_database boolean true | debconf-set-selections \
+    && echo slapd slapd/allow_ldap_v2 boolean false | debconf-set-selections \
+    && echo slapd slapd/no_configuration boolean false | debconf-set-selections \
+    && echo slapd slapd/dump_database select when needed | debconf-set-selections \
+    && dpkg-reconfigure -f noninteractive slapd
+
+
+echo "Starting server"
+/usr/sbin/slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d & # -d 7 &
+#pid="$!"
+#echo $pid
+for i in {30..0}; do
+    ldapsearch -x -w ${LDAP_ADMIN_PWD} -D cn=admin,dc=${LDAP_DOMAIN},dc=${LDAP_EXTENSION} -b dc=${LDAP_DOMAIN},dc=${LDAP_EXTENSION} -LLL # &> /dev/null
+    r="$?"
+    echo result $r
+    # TODO: it returns 49, Bad Credentials,
+    # but as long as it's not 255 (Can't contact), it's started
+    #if [ "$r" -eq 0 ]; then
+    if [ "$r" -ne 255 ]; then
+        break
+    fi
+    echo 'LDAP init process in progress...'
+    sleep 1
+done
+if [ "$i" = 0 ]; then
+    echo >&2 'LDAP init process failed.'
+    exit 1
+fi
+
+function replace {
+    echo $1
+    sed -i "s/\${LDAP_ORGANIZATION}/${LDAP_ORGANIZATION}/g" $1
+    sed -i "s/\${LDAP_EXTENSION}/${LDAP_EXTENSION}/g" $1
+    sed -i "s/\${LDAP_DOMAIN}/${LDAP_DOMAIN}/g" $1
+    sed -i "s/\${VOLUMES_PATH}/${VOLUMES_PATH//\//\\/}/g" $1
+    sed -i "s/\${LDAP_MAIL_UID}/${LDAP_MAIL_UID}/g" $1
+    sed -i "s/\${LDAP_NEXTCLOUD_UID}/${LDAP_NEXTCLOUD_UID}/g" $1
+    sed -i "s/\${LDAP_GOGS_UID}/${LDAP_GOGS_UID}/g" $1
+    sed -i "s/\${LDAP_MAIL_PWD}/${LDAP_MAIL_PWD}/g" $1
+    sed -i "s/\${LDAP_NEXTCLOUD_PWD}/${LDAP_NEXTCLOUD_PWD}/g" $1
+    sed -i "s/\${LDAP_GOGS_PWD}/${LDAP_GOGS_PWD}/g" $1
+}
+ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/data/_postfix-book.ldif
+for i in `ls /tmp/data/[^_]*.ldif`; do
+    replace $i
+    #echo ldapadd -w ${LDAP_ADMIN_PWD} -D "cn=admin,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}" -f $i
+    ldapadd -w ${LDAP_ADMIN_PWD} -D "cn=admin,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}" -f $i
+done;
+# Del 3 ACLs
+for i in 1 2 3; do
+    ldapmodify  -Y EXTERNAL -H ldapi:/// -f /tmp/data/_acl_del.ldif;
+done
+# Add 2 ACLs
+replace /tmp/data/_acl_add_0.ldif;
+ldapmodify  -Y EXTERNAL -H ldapi:/// -f /tmp/data/_acl_add_0.ldif
+replace /tmp/data/_acl_add_1.ldif;
+ldapmodify  -Y EXTERNAL -H ldapi:/// -f /tmp/data/_acl_add_1.ldif
+
+echo "Stopping server"
+pid=$(ps -U openldap -o pid=)
+#echo $pid
+if [ ! -z "$pid" ] && ! kill -s TERM "$pid" ; then
+    echo >&2 'LDAP stop process failed.'
+    #exit 1
+fi
+#ps -e -o user,pid,command
+
+rm -Rf /tmp/data
+
+echo "Restarting server"
+/usr/sbin/slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d -d${DEBUG_LEVEL}

images/rpi-openldap/users/userimport_example.ldif.template

+# Some User
+# ldapadd -W -D "cn=admin,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}" -f userimport_example.ldif
+dn: uniqueIdentifier=example,ou=people,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: PostfixBookMailAccount
+objectClass: extensibleObject
+cn: Example Lastname
+givenName: Example
+mail: example@${LDAP_DOMAIN}
+mailEnabled: TRUE
+mailGidNumber: 5000
+mailHomeDirectory: ${MAIL_DATA_PATH}/example@${LDAP_DOMAIN}
+mailQuota: 10240000
+mailStorageDirectory: maildir:${MAIL_DATA_PATH}/example@${LDAP_DOMAIN}/Maildir
+mailUidNumber: 5000
+sn: Lastname
+uniqueIdentifier: example
+userPassword: aaa
+

images/rpi-sftp/Dockerfile

+FROM resin/raspberrypi3-debian:latest
+
+# Install dependencies
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+       openssh-server \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+RUN chmod 755 /usr/local/bin/docker-entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+CMD ["/usr/sbin/sshd", "-D"]

images/rpi-sftp/LICENSE

+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

images/rpi-sftp/README.md

+# rpi-sftp
+
+SFTP Docker image for Raspberry Pi, to be used by [rpi-paperless](https://github.com/bingen/rpi-paperless). Part of [Docker Raspberry Pi Home Server](https://github.com/bingen/rpi_docker_home_server).

images/rpi-sftp/docker-entrypoint.sh

+#!/bin/bash
+
+# Set consumption directory
+mkdir -p ${PAPERLESS_CONSUMPTION_DIR}
+
+# set FTP user password from secret
+if [ ! -z ${PAPERLESS_FTP_PWD_FILE} -a -f ${PAPERLESS_FTP_PWD_FILE} ]; then
+    PAPERLESS_FTP_PWD=`cat $PAPERLESS_FTP_PWD_FILE`;
+fi
+
+# create FTP user
+useradd -d ${PAPERLESS_CONSUMPTION_DIR} -p `openssl passwd -1 ${PAPERLESS_FTP_PWD}` ${PAPERLESS_FTP_USER}
+
+chown ${PAPERLESS_FTP_USER} ${PAPERLESS_CONSUMPTION_DIR}
+chmod 777 ${PAPERLESS_CONSUMPTION_DIR}
+
+# Copy Server Public key if any (this is needed at least for Brother ADS-2400n)
+if [[ -s ${PAPERLESS_CONSUMPTION_DIR}/ssh_host_rsa_key.pub ]]; then
+    cp ${PAPERLESS_CONSUMPTION_DIR}/ssh_host_rsa_key.pub /etc/ssh/;
+fi
+
+# https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/45234
+mkdir -p /var/run/sshd
+
+exec "$@"