From be1405766c60e930641e289bfa988823c9b42aca Mon Sep 17 00:00:00 2001
From: cspark <work@cspark.dev>
Date: Wed, 26 Jun 2024 16:19:00 +0100
Subject: [PATCH] File size limit increase for git, message size limit of mail
 increase

---
 .../etc/nginx/sites-available/git.domain          |  2 ++
 root_resources/etc/ssh/sshd_config                |  2 +-
 .../certbot-docker-compose-initrenew.yml          |  2 +-
 services/service_mail/deploy-service.yml          |  2 +-
 services/service_mail/docker-compose.yml          | 15 +++++++++------
 5 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/proxy_resources/etc/nginx/sites-available/git.domain b/proxy_resources/etc/nginx/sites-available/git.domain
index fd42dc9..4465b0e 100755
--- a/proxy_resources/etc/nginx/sites-available/git.domain
+++ b/proxy_resources/etc/nginx/sites-available/git.domain
@@ -14,6 +14,8 @@ server {
         	include proxy_params;
     	}
 
+    client_max_body_size 512M;
+
     listen [::]:443 ssl; 
     listen 443 ssl; 
     ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; 
diff --git a/root_resources/etc/ssh/sshd_config b/root_resources/etc/ssh/sshd_config
index 9f0c4d3..84a175c 100755
--- a/root_resources/etc/ssh/sshd_config
+++ b/root_resources/etc/ssh/sshd_config
@@ -58,7 +58,7 @@ PermitRootLogin no
 #IgnoreRhosts yes
 
 # To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no 
+PasswordAuthentication yes
 #PermitEmptyPasswords no
 
 # Change to yes to enable challenge-response passwords (beware issues with
diff --git a/services/service_mail/certbot-docker-compose-initrenew.yml b/services/service_mail/certbot-docker-compose-initrenew.yml
index 641e009..a279849 100755
--- a/services/service_mail/certbot-docker-compose-initrenew.yml
+++ b/services/service_mail/certbot-docker-compose-initrenew.yml
@@ -30,5 +30,5 @@ services:
       - ./data/certbot/certs:/etc/letsencrypt
       - ./data/certbot/logs:/var/log/letsencrypt
       - /etc/localtime:/etc/localtime:ro
-    entrypoint: sh -c "sleep 15 && certbot certonly --standalone -d mail.{{ domain_name }} --noninteractive --agree-tos --email alerts@{{ domain_name }} --no-eff-email"
+    entrypoint: sh -c "sleep 15 && certbot certonly --standalone -d *.{{ domain_name }} --noninteractive --agree-tos --email alerts@{{ domain_name }} --no-eff-email"
 
diff --git a/services/service_mail/deploy-service.yml b/services/service_mail/deploy-service.yml
index c5a487e..c2703b0 100755
--- a/services/service_mail/deploy-service.yml
+++ b/services/service_mail/deploy-service.yml
@@ -44,7 +44,7 @@
         group: service_mail
       loop:
         - docker-compose.yml 
-          #        - certbot-docker-compose-initrenew.yml 
+          # - certbot-docker-compose-initrenew.yml 
         - myconfig.org
 
     - name: Copy SSL certificates
diff --git a/services/service_mail/docker-compose.yml b/services/service_mail/docker-compose.yml
index 6f154aa..b3fbdcf 100755
--- a/services/service_mail/docker-compose.yml
+++ b/services/service_mail/docker-compose.yml
@@ -22,9 +22,10 @@ services:
       - "993:993" # IMAPS Implicit TLS / Appears to not be used
       - "143:143" # IMAPS IMAP+STARTTLS Explicit TLS / Appears to be used
     deploy:
-      limits:
-        cpus: '0.10'
-        memory: 512M
+      resources:
+        limits:
+          cpus: '0.10'
+          memory: 512M
 
   mailserver:
     network_mode: "service:mailserver-gluetun"
@@ -59,10 +60,12 @@ services:
       - ENABLE_AMAVIS=0
       - ENABLE_SPAMASSASSIN=0
       - ENABLE_CLAMAV=0
+      - POSTFIX_MESSAGE_SIZE_LIMIT=0
     cap_add:
       - NET_ADMIN # For Fail2Ban to work
     deploy:
-      limits:
-        cpus: '0.25'
-        memory: 512M
+      resources:
+        limits:
+          cpus: '0.25'
+          memory: 512M
     restart: always