This repository has been archived on 2023-03-15. You can view files and clone it, but cannot push or open issues or pull requests.
infrastructure/app/email/deploy/email.hcl

510 lines
11 KiB
HCL
Raw Normal View History

2019-06-01 14:02:49 +00:00
job "email" {
datacenters = ["dc1"]
type = "service"
2020-12-18 09:32:44 +00:00
priority = 65
2019-06-01 14:02:49 +00:00
group "dovecot" {
count = 1
2020-12-22 15:40:36 +00:00
network {
port "zauthentication_port" {
2020-12-22 15:40:36 +00:00
static = 1337
to = 1337
}
port "imaps_port" {
static = 993
to = 993
}
port "imap_port" {
static = 143
to = 143
}
port "lmtp_port" {
static = 24
to = 24
}
}
2019-06-01 14:02:49 +00:00
task "server" {
driver = "docker"
2022-01-26 16:20:03 +00:00
constraint {
attribute = "${attr.unique.hostname}"
operator = "="
value = "digitale"
}
2019-06-01 14:02:49 +00:00
config {
2021-09-14 15:46:06 +00:00
image = "superboum/amd64_dovecot:v6"
2019-06-01 14:02:49 +00:00
readonly_rootfs = false
ports = [ "zauthentication_port", "imaps_port", "imap_port", "lmtp_port" ]
2019-06-01 14:02:49 +00:00
command = "dovecot"
args = [ "-F" ]
volumes = [
"secrets/ssl/certs:/etc/ssl/certs",
"secrets/ssl/private:/etc/ssl/private",
2021-09-14 15:46:06 +00:00
"secrets/conf/:/etc/dovecot/",
2022-01-26 16:20:03 +00:00
"/mnt/ssd/mail:/var/mail/",
2019-06-01 14:02:49 +00:00
]
}
env {
TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=imap.deuxfleurs.fr"
}
resources {
cpu = 100
memory = 200
}
service {
name = "dovecot-imap"
port = "imap_port"
2019-06-01 14:02:49 +00:00
tags = [
"dovecot"
2019-06-01 14:02:49 +00:00
]
check {
type = "tcp"
port = "imap_port"
2019-06-01 14:02:49 +00:00
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
service {
name = "dovecot-imaps"
port = "imaps_port"
2019-06-01 14:02:49 +00:00
tags = [
"dovecot",
"(diplonat (tcp_port 993))"
2019-06-01 14:02:49 +00:00
]
2019-06-01 14:02:49 +00:00
check {
type = "tcp"
port = "imaps_port"
2019-06-01 14:02:49 +00:00
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
service {
name = "dovecot-lmtp"
port = "lmtp_port"
2019-06-01 14:02:49 +00:00
tags = [
"dovecot",
]
check {
type = "tcp"
port = "lmtp_port"
2019-06-01 14:02:49 +00:00
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
service {
name = "dovecot-auth"
port = "zauthentication_port"
2019-06-01 14:02:49 +00:00
tags = [
"dovecot",
]
check {
type = "tcp"
port = "zauthentication_port"
2019-06-01 14:02:49 +00:00
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
template {
data = file("../config/dovecot/dovecot-ldap.conf.tpl")
destination = "secrets/conf/dovecot-ldap.conf"
perms = "400"
}
2021-09-14 15:46:06 +00:00
template {
data = file("../config/dovecot/dovecot.conf")
destination = "secrets/conf/dovecot.conf"
perms = "400"
}
2020-12-22 15:40:36 +00:00
# ----- secrets ------
2019-06-01 14:02:49 +00:00
template {
# data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}"
data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"
2019-06-01 14:02:49 +00:00
destination = "secrets/ssl/certs/dovecot.crt"
perms = "400"
}
template {
# data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}"
data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}"
2019-06-01 14:02:49 +00:00
destination = "secrets/ssl/private/dovecot.key"
perms = "400"
}
}
}
group "opendkim" {
count = 1
2020-12-22 15:40:36 +00:00
network {
port "dkim_port" {
static = 8999
to = 8999
}
}
2019-06-01 14:02:49 +00:00
task "server" {
driver = "docker"
config {
image = "superboum/amd64_opendkim:v1"
readonly_rootfs = false
2020-12-22 15:40:36 +00:00
ports = [ "dkim_port" ]
2019-06-01 14:02:49 +00:00
command = "opendkim"
args = [ "-f", "-v", "-x", "/etc/opendkim.conf" ]
volumes = [
"secrets/dkim:/etc/dkim",
"/dev/log:/dev/log",
]
}
resources {
cpu = 100
memory = 50
}
service {
name = "opendkim"
port = "dkim_port"
address_mode = "host"
tags = [
"opendkim",
]
check {
type = "tcp"
port = "dkim_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
template {
data = file("../config/dkim/keytable")
2019-06-01 14:02:49 +00:00
destination = "secrets/dkim/keytable"
}
template {
data = file("../config/dkim/signingtable")
2019-06-01 14:02:49 +00:00
destination = "secrets/dkim/signingtable"
}
template {
data = file("../config/dkim/trusted")
2020-12-22 15:40:36 +00:00
destination = "secrets/dkim/trusted"
2019-06-01 14:02:49 +00:00
}
2020-12-22 15:40:36 +00:00
# --- secrets ---
2019-06-01 14:02:49 +00:00
template {
2020-12-22 15:40:36 +00:00
data = "{{ key \"secrets/email/dkim/smtp.private\" }}"
destination = "secrets/dkim/smtp.private"
perms = "600"
2019-06-01 14:02:49 +00:00
}
}
}
group "postfix" {
count = 1
2020-12-22 15:40:36 +00:00
network {
port "smtp_port" {
static = 25
to = 25
}
port "smtps_port" {
static = 465
to = 465
}
port "submission_port" {
static = 587
to = 587
}
}
2019-06-01 14:02:49 +00:00
task "server" {
driver = "docker"
config {
2020-12-22 15:40:36 +00:00
image = "superboum/amd64_postfix:v3"
2019-06-01 14:02:49 +00:00
readonly_rootfs = false
2020-12-22 15:40:36 +00:00
ports = [ "smtp_port", "smtps_port", "submission_port" ]
2019-06-01 14:02:49 +00:00
command = "postfix"
args = [ "start-fg" ]
volumes = [
2022-03-14 09:02:22 +00:00
"secrets/ssl:/etc/ssl",
2020-12-22 15:40:36 +00:00
"secrets/postfix:/etc/postfix-conf",
2019-06-01 14:02:49 +00:00
"/dev/log:/dev/log"
]
}
env {
TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr"
2020-12-22 15:40:36 +00:00
MAILNAME = "smtp.deuxfleurs.fr"
2019-06-01 14:02:49 +00:00
}
resources {
cpu = 100
2020-06-30 14:14:17 +00:00
memory = 200
2019-06-01 14:02:49 +00:00
}
service {
name = "postfix-smtp"
port = "smtp_port"
address_mode = "host"
tags = [
"postfix",
2020-05-23 15:40:06 +00:00
"(diplonat (tcp_port 25 465 587))"
2019-06-01 14:02:49 +00:00
]
check {
type = "tcp"
port = "smtp_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
service {
name = "postfix-smtps"
port = "smtps_port"
address_mode = "host"
tags = [
"postfix",
]
check {
type = "tcp"
port = "smtps_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
service {
name = "postfix-submission"
port = "submission_port"
address_mode = "host"
tags = [
"postfix",
]
check {
type = "tcp"
port = "submission_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "90s"
ignore_warnings = false
}
}
}
template {
data = file("../config/postfix/ldap-account.cf.tpl")
destination = "secrets/postfix/ldap-account.cf"
}
template {
data = file("../config/postfix/ldap-alias.cf.tpl")
destination = "secrets/postfix/ldap-alias.cf"
}
2020-06-14 09:48:53 +00:00
template {
data = file("../config/postfix/ldap-virtual-domains.cf.tpl")
2020-06-14 09:48:53 +00:00
destination = "secrets/postfix/ldap-virtual-domains.cf"
}
2020-12-22 15:40:36 +00:00
2019-06-01 14:02:49 +00:00
template {
data = file("../config/postfix/dynamicmaps.cf")
2019-06-01 14:02:49 +00:00
destination = "secrets/postfix/dynamicmaps.cf"
}
2020-12-22 15:40:36 +00:00
2019-06-01 14:02:49 +00:00
template {
data = file("../config/postfix/header_checks")
2019-06-01 14:02:49 +00:00
destination = "secrets/postfix/header_checks"
}
2020-12-22 15:40:36 +00:00
2019-06-01 14:02:49 +00:00
template {
data = file("../config/postfix/main.cf")
2019-06-01 14:02:49 +00:00
destination = "secrets/postfix/main.cf"
}
2020-12-22 15:40:36 +00:00
2019-06-01 14:02:49 +00:00
template {
data = file("../config/postfix/master.cf")
2019-06-01 14:02:49 +00:00
destination = "secrets/postfix/master.cf"
}
2020-12-22 15:40:36 +00:00
2019-06-01 14:02:49 +00:00
template {
data = file("../config/postfix/transport")
2019-06-01 14:02:49 +00:00
destination = "secrets/postfix/transport"
}
2020-12-22 15:40:36 +00:00
# --- secrets ---
2019-06-01 14:02:49 +00:00
template {
# data = "{{ key \"secrets/email/postfix/postfix.crt\" }}"
data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"
2022-03-14 09:02:22 +00:00
destination = "secrets/ssl/postfix.crt"
2020-12-22 15:40:36 +00:00
perms = "400"
}
template {
# data = "{{ key \"secrets/email/postfix/postfix.key\" }}"
data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}"
2022-03-14 09:02:22 +00:00
destination = "secrets/ssl/postfix.key"
2020-12-22 15:40:36 +00:00
perms = "400"
2019-06-01 14:02:49 +00:00
}
}
}
2020-12-04 12:53:30 +00:00
group "alps" {
count = 1
2020-12-22 15:40:36 +00:00
network {
port "alps_web_port" { to = 1323 }
}
2020-12-04 12:53:30 +00:00
task "main" {
driver = "docker"
config {
image = "lxpz/alps_amd64:v2"
2020-12-04 12:53:30 +00:00
readonly_rootfs = true
2020-12-22 15:40:36 +00:00
ports = [ "alps_web_port" ]
args = [
"-skiptlsverification",
"-theme",
"alps",
"imaps://imap.deuxfleurs.fr:993",
"smtps://smtp.deuxfleurs.fr:465"
]
2020-12-04 12:53:30 +00:00
}
resources {
2021-03-08 22:01:11 +00:00
cpu = 100
memory = 100
2020-12-04 12:53:30 +00:00
}
service {
name = "alps"
port = "alps_web_port"
address_mode = "host"
tags = [
"alps",
"traefik.enable=true",
"traefik.frontend.entryPoints=https,http",
2021-12-08 11:42:48 +00:00
"traefik.frontend.rule=Host:alps.deuxfleurs.fr",
"tricot alps.deuxfleurs.fr",
2020-12-04 12:53:30 +00:00
]
check {
type = "tcp"
port = "alps_web_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "5m"
ignore_warnings = false
}
}
}
}
}
2019-06-01 14:02:49 +00:00
group "sogo" {
count = 1
2020-12-22 15:40:36 +00:00
network {
port "sogo_web_port" { to = 8080 }
}
2019-06-01 14:02:49 +00:00
task "bundle" {
driver = "docker"
config {
2020-08-20 08:39:10 +00:00
image = "superboum/amd64_sogo:v7"
2019-06-01 14:02:49 +00:00
readonly_rootfs = false
2020-12-22 15:40:36 +00:00
ports = [ "sogo_web_port" ]
2019-06-01 14:02:49 +00:00
volumes = [
2020-12-22 15:40:36 +00:00
"secrets/sogo.conf:/etc/sogo/sogo.conf",
2019-06-01 14:02:49 +00:00
]
}
template {
data = file("../config/sogo/sogo.conf.tpl")
2019-06-01 14:02:49 +00:00
destination = "secrets/sogo.conf"
}
resources {
cpu = 200
memory = 1000
}
service {
name = "sogo"
port = "sogo_web_port"
address_mode = "host"
tags = [
"sogo",
"traefik.enable=true",
2020-02-01 11:05:24 +00:00
"traefik.frontend.entryPoints=https,http",
2021-12-08 11:42:48 +00:00
"traefik.frontend.rule=Host:www.sogo.deuxfleurs.fr,sogo.deuxfleurs.fr;PathPrefix:/",
"tricot www.sogo.deuxfleurs.fr",
"tricot sogo.deuxfleurs.fr",
2019-06-01 14:02:49 +00:00
]
check {
type = "tcp"
port = "sogo_web_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "5m"
ignore_warnings = false
}
}
}
}
}
}