init

config/api/api/dovecot/dovecot.conf

@@ -0,0 +1,39 @@
+# Dovecot configuration for Personal Internet Cell
+protocols = imap pop3 lmtp
+
+# SSL/TLS settings
+ssl = yes
+ssl_cert = </etc/ssl/certs/mail.crt
+ssl_key = </etc/ssl/private/mail.key
+
+# Authentication
+auth_mechanisms = plain login
+passdb {
+  driver = passwd-file
+  args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/users
+}
+
+userdb {
+  driver = static
+  args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
+}
+
+# Mailbox settings
+mail_location = maildir:/var/mail/vhosts/%d/%n
+mail_privileged_group = vmail
+mail_access_groups = vmail
+
+# IMAP settings
+imap_max_line_length = 64k
+
+# LMTP settings
+service lmtp {
+  inet_listener lmtp {
+    port = 24
+  }
+}
+
+# Logging
+log_path = /var/log/dovecot.log
+info_log_path = /var/log/dovecot-info.log
+debug_log_path = /var/log/dovecot-debug.log

config/api/api/postfix/main.cf

@@ -0,0 +1,38 @@
+# Postfix configuration for Personal Internet Cell
+myhostname = mail.cell
+mydomain = cell
+myorigin = $mydomain
+
+# Network settings
+inet_interfaces = all
+inet_protocols = ipv4
+
+# Mailbox settings
+home_mailbox = Maildir/
+mailbox_command =
+
+# Authentication
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_security_options = noanonymous
+smtpd_sasl_local_domain = $myhostname
+
+# TLS settings
+smtpd_tls_cert_file = /etc/ssl/certs/mail.crt
+smtpd_tls_key_file = /etc/ssl/private/mail.key
+smtpd_use_tls = yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# Relay settings
+relay_domains = cell, *.cell
+smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
+
+# Virtual domains
+virtual_mailbox_domains = cell
+virtual_mailbox_base = /var/mail/vhosts
+virtual_mailbox_maps = hash:/etc/postfix/vmaps
+virtual_alias_maps = hash:/etc/postfix/vmaps
+
+# Security
+disable_vrfy_command = yes
+strict_rfc821_envelopes = yes

config/api/api/radicale/config

@@ -0,0 +1,19 @@
+[server]
+hosts = 0.0.0.0:5232
+daemon = False
+pid = /tmp/radicale.pid
+
+[auth]
+type = htpasswd
+htpasswd_filename = /etc/radicale/users
+htpasswd_encryption = bcrypt
+
+[storage]
+type = filesystem
+filesystem_folder = /var/lib/radicale/collections
+
+[web]
+type = internal
+
+[logging]
+level = info

config/api/api/webdav/webdav.conf

@@ -0,0 +1,22 @@
+# WebDAV configuration for Personal Internet Cell
+[global]
+# WebDAV server settings
+port = 8080
+host = 0.0.0.0
+root = /var/lib/webdav
+
+# Authentication
+auth_type = basic
+auth_file = /etc/webdav/users
+
+# SSL/TLS settings
+ssl = no
+ssl_cert = /etc/ssl/certs/webdav.crt
+ssl_key = /etc/ssl/private/webdav.key
+
+# Logging
+log_level = info
+log_file = /var/log/webdav.log
+
+# File permissions
+umask = 022

config/api/caddy/Caddyfile

@@ -0,0 +1,92 @@
+# Personal Internet Cell - Caddy Configuration
+# This serves as the main reverse proxy and TLS termination point
+
+# Global settings
+{
+    # Auto-generate certificates for .cell domains
+    auto_https disable_redirects
+}
+
+# Main cell domain - replace 'mycell' with your cell name
+mycell.cell {
+    # TLS with internal CA
+    tls internal
+
+    # API endpoints
+    handle /api/* {
+        reverse_proxy cell-api:3000
+    }
+
+    # Web UI
+    handle / {
+        reverse_proxy cell-webui:80
+    }
+
+    # Email web interface
+    handle /mail {
+        reverse_proxy cell-mail:80
+    }
+
+    # Calendar and contacts
+    handle /calendar {
+        reverse_proxy cell-radicale:5232
+    }
+
+    # File storage
+    handle /files {
+        reverse_proxy cell-webdav:80
+    }
+
+    # DNS management interface
+    handle /dns {
+        reverse_proxy cell-dns:8080
+    }
+
+    # RainLoop Webmail
+    handle_path /webmail/* {
+        reverse_proxy cell-rainloop:8888
+    }
+
+    # FileGator File Browser
+    handle /files-ui* {
+        reverse_proxy cell-filegator:8080
+    }
+}
+
+# Peer cell domains (will be dynamically added)
+# Example: bob.cell {
+#     reverse_proxy cell-wireguard:51820
+# }
+
+# Local development
+localhost {
+    # API endpoints
+    handle /api/* {
+        reverse_proxy cell-api:3000
+    }
+
+    # Web UI
+    handle / {
+        reverse_proxy cell-webui:80
+    }
+
+    # Email web interface
+    handle /mail {
+        reverse_proxy cell-mail:80
+    }
+
+    # Calendar and contacts
+    handle /calendar {
+        reverse_proxy cell-radicale:5232
+    }
+
+    # File storage
+    handle /files {
+        reverse_proxy cell-webdav:80
+    }
+
+    # DNS management interface
+    handle /dns {
+        reverse_proxy cell-dns:8080
+    }
+} 

config/api/cell.env

@@ -0,0 +1,26 @@
+# Personal Internet Cell - Environment Configuration
+
+# Cell Configuration
+CELL_NAME=mycell
+CELL_DOMAIN=mycell.cell
+
+# Network Configuration
+CELL_IP_RANGE=172.20.0.0/16
+WIREGUARD_PORT=51820
+
+# API Configuration
+API_PORT=3000
+API_HOST=0.0.0.0
+
+# Service Ports
+DNS_PORT=53
+DHCP_PORT=67
+NTP_PORT=123
+MAIL_SMTP_PORT=25
+MAIL_SUBMISSION_PORT=587
+MAIL_IMAP_PORT=993
+RADICALE_PORT=5232
+WEBDAV_PORT=8080
+
+# Development
+DEBUG=false 

config/api/dhcp/dnsmasq.conf

@@ -0,0 +1,32 @@
+# Personal Internet Cell - dnsmasq Configuration
+# Provides DHCP and local DNS resolution
+
+# Interface to listen on
+interface=eth0
+bind-interfaces
+
+# DHCP configuration
+dhcp-range=172.20.1.50,172.20.1.150,12h
+dhcp-option=3,172.20.0.1  # Gateway
+dhcp-option=6,172.20.0.2  # DNS server
+dhcp-option=42,172.20.0.4 # NTP server
+
+# DNS configuration
+port=53
+domain=local.cell
+expand-hosts
+local=/local.cell/
+
+# DNS forwarding
+server=8.8.8.8
+server=1.1.1.1
+
+# Cache size
+cache-size=1000
+
+# Logging
+log-queries
+log-dhcp
+
+# Static leases (optional)
+# dhcp-host=00:11:22:33:44:55,192.168.1.100,mydevice 

config/api/dns/Corefile

@@ -0,0 +1,42 @@
+# Personal Internet Cell - CoreDNS Configuration
+# Handles .cell TLD resolution and peer discovery
+
+. {
+    # Forward all non-.cell domains to upstream DNS
+    forward . 8.8.8.8 1.1.1.1
+    
+    # Cache responses
+    cache
+    
+    # Log queries
+    log
+    
+    # Health check endpoint
+    health
+}
+
+# .cell TLD zone
+cell {
+    # File-based zone for static records
+    file /data/cell.zone
+    
+    # Dynamic peer records (will be managed by API)
+    reload
+    
+    # Allow zone transfers
+    transfer {
+        to *
+    }
+    
+    # Log queries
+    log
+}
+
+# Local network zone
+local.cell {
+    # File-based zone for local services
+    file /data/local.zone
+    
+    # Log queries
+    log
+} 

config/api/dovecot/dovecot.conf

@@ -0,0 +1,39 @@
+# Dovecot configuration for Personal Internet Cell
+protocols = imap pop3 lmtp
+
+# SSL/TLS settings
+ssl = yes
+ssl_cert = </etc/ssl/certs/mail.crt
+ssl_key = </etc/ssl/private/mail.key
+
+# Authentication
+auth_mechanisms = plain login
+passdb {
+  driver = passwd-file
+  args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/users
+}
+
+userdb {
+  driver = static
+  args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
+}
+
+# Mailbox settings
+mail_location = maildir:/var/mail/vhosts/%d/%n
+mail_privileged_group = vmail
+mail_access_groups = vmail
+
+# IMAP settings
+imap_max_line_length = 64k
+
+# LMTP settings
+service lmtp {
+  inet_listener lmtp {
+    port = 24
+  }
+}
+
+# Logging
+log_path = /var/log/dovecot.log
+info_log_path = /var/log/dovecot-info.log
+debug_log_path = /var/log/dovecot-debug.log

config/api/ntp/chrony.conf

@@ -0,0 +1,28 @@
+# Personal Internet Cell - chrony Configuration
+# Provides NTP time synchronization
+
+# Allow NTP client access from local network
+allow 172.20.0.0/16
+allow 127.0.0.1
+
+# NTP servers to sync with
+server time.google.com iburst
+server time.cloudflare.com iburst
+server pool.ntp.org iburst
+
+# Local stratum for this server
+local stratum 10
+
+# Log settings
+logdir /var/log/chrony
+log measurements statistics tracking
+
+# Key file for authentication (optional)
+# keyfile /etc/chrony/chrony.keys
+
+# Drift file
+driftfile /var/lib/chrony/drift
+
+# Make chrony work as a server
+port 123
+bindaddress 0.0.0.0 

config/api/postfix/main.cf

@@ -0,0 +1,38 @@
+# Postfix configuration for Personal Internet Cell
+myhostname = mail.cell
+mydomain = cell
+myorigin = $mydomain
+
+# Network settings
+inet_interfaces = all
+inet_protocols = ipv4
+
+# Mailbox settings
+home_mailbox = Maildir/
+mailbox_command =
+
+# Authentication
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_security_options = noanonymous
+smtpd_sasl_local_domain = $myhostname
+
+# TLS settings
+smtpd_tls_cert_file = /etc/ssl/certs/mail.crt
+smtpd_tls_key_file = /etc/ssl/private/mail.key
+smtpd_use_tls = yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# Relay settings
+relay_domains = cell, *.cell
+smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
+
+# Virtual domains
+virtual_mailbox_domains = cell
+virtual_mailbox_base = /var/mail/vhosts
+virtual_mailbox_maps = hash:/etc/postfix/vmaps
+virtual_alias_maps = hash:/etc/postfix/vmaps
+
+# Security
+disable_vrfy_command = yes
+strict_rfc821_envelopes = yes

config/api/radicale/config

@@ -0,0 +1,19 @@
+[server]
+hosts = 0.0.0.0:5232
+daemon = False
+pid = /tmp/radicale.pid
+
+[auth]
+type = htpasswd
+htpasswd_filename = /etc/radicale/users
+htpasswd_encryption = bcrypt
+
+[storage]
+type = filesystem
+filesystem_folder = /var/lib/radicale/collections
+
+[web]
+type = internal
+
+[logging]
+level = info

config/api/webdav/webdav.conf

@@ -0,0 +1,22 @@
+# WebDAV configuration for Personal Internet Cell
+[global]
+# WebDAV server settings
+port = 8080
+host = 0.0.0.0
+root = /var/lib/webdav
+
+# Authentication
+auth_type = basic
+auth_file = /etc/webdav/users
+
+# SSL/TLS settings
+ssl = no
+ssl_cert = /etc/ssl/certs/webdav.crt
+ssl_key = /etc/ssl/private/webdav.key
+
+# Logging
+log_level = info
+log_file = /var/log/webdav.log
+
+# File permissions
+umask = 022

config/api/wireguard/coredns/Corefile

@@ -0,0 +1,6 @@
+. {
+    loop
+    errors
+    health
+    forward . /etc/resolv.conf
+}

config/api/wireguard/templates/peer.conf

@@ -0,0 +1,11 @@
+[Interface]
+Address = ${CLIENT_IP}
+PrivateKey = $(cat /config/${PEER_ID}/privatekey-${PEER_ID})
+ListenPort = 51820
+DNS = ${PEERDNS}
+
+[Peer]
+PublicKey = $(cat /config/server/publickey-server)
+PresharedKey = $(cat /config/${PEER_ID}/presharedkey-${PEER_ID})
+Endpoint = ${SERVERURL}:${SERVERPORT}
+AllowedIPs = ${ALLOWEDIPS}

config/api/wireguard/templates/server.conf

@@ -0,0 +1,6 @@
+[Interface]
+Address = ${INTERFACE}.1
+ListenPort = 51820
+PrivateKey = $(cat /config/server/privatekey-server)
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth+ -j MASQUERADE