Migrate Nomad job for emails

This commit is contained in:
Quentin 2020-12-22 16:40:36 +01:00
parent a2adaa2101
commit 9f6f0fb53c
11 changed files with 124 additions and 149 deletions

View file

@ -82,3 +82,11 @@ services:
args: args:
VERSION: 0cd26dfbf4ab7be467325ed77230cf371147a98e VERSION: 0cd26dfbf4ab7be467325ed77230cf371147a98e
image: superboum/plume:v1 image: superboum/plume:v1
postfix:
build:
context: ./postfix
args:
# https://packages.debian.org/fr/buster/postfix
VERSION: 3.4.14-0+deb10u1
image: superboum/amd64_postfix:v3

View file

@ -1,8 +1,10 @@
FROM amd64/debian:buster FROM amd64/debian:buster
ARG VERSION
RUN apt-get update && \ RUN apt-get update && \
apt-get install -y \ apt-get install -y \
postfix \ postfix=$VERSION \
postfix-ldap postfix-ldap
COPY entrypoint.sh /usr/local/bin/entrypoint COPY entrypoint.sh /usr/local/bin/entrypoint

View file

@ -26,5 +26,6 @@ for file in $(ls /etc/postfix-conf); do
done done
echo ${MAILNAME} > /etc/mailname echo ${MAILNAME} > /etc/mailname
postmap /etc/postfix/transport
exec "$@" exec "$@"

View file

@ -5,24 +5,39 @@ job "email" {
group "dovecot" { group "dovecot" {
count = 1 count = 1
network {
port "auth_port" {
static = 1337
to = 1337
}
port "imaps_port" {
static = 993
to = 993
}
port "imap_port" {
static = 143
to = 143
}
port "lmtp_port" {
static = 24
to = 24
}
}
task "server" { task "server" {
driver = "docker" driver = "docker"
config { config {
image = "superboum/amd64_dovecot:v2" image = "superboum/amd64_dovecot:v2"
readonly_rootfs = false readonly_rootfs = false
port_map { ports = [ "auth_port", "imaps_port", "imap_port", "lmtp_port" ]
auth_port = 1337
imaps_port = 993
imap_port = 143
lmtp_port = 24
}
command = "dovecot" command = "dovecot"
args = [ "-F" ] args = [ "-F" ]
volumes = [ volumes = [
"secrets/ssl/certs:/etc/ssl/certs", "secrets/ssl/certs:/etc/ssl/certs",
"secrets/ssl/private:/etc/ssl/private", "secrets/ssl/private:/etc/ssl/private",
"secrets/conf/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf", "secrets/conf/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf",
"/mnt/glusterfs/email/mail:/var/mail/", "/mnt/glusterfs/email/mail:/var/mail/",
] ]
} }
@ -34,21 +49,6 @@ job "email" {
resources { resources {
cpu = 100 cpu = 100
memory = 200 memory = 200
network {
mbits = 1
port "auth_port" {
static = "1337"
}
port "imap_port" {
static = "143"
}
port "imaps_port" {
static = "993"
}
port "lmtp_port" {
static = "24"
}
}
} }
service { service {
@ -134,24 +134,20 @@ job "email" {
} }
} }
artifact {
source = "http://127.0.0.1:8500/v1/kv/configuration/email/dovecot/dovecot-ldap.conf.tpl?raw"
destination = "secrets/conf/dovecot-ldap.conf.tpl"
mode = "file"
}
template { template {
source = "secrets/conf/dovecot-ldap.conf.tpl" data = file("../config/configuration/email/dovecot/dovecot-ldap.conf.tpl")
destination = "secrets/conf/dovecot-ldap.conf" destination = "secrets/conf/dovecot-ldap.conf"
perms = "400" perms = "400"
} }
# ----- secrets ------
template { template {
data = "{{ key \"configuration/email/dovecot/dovecot.crt\" }}" data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}"
destination = "secrets/ssl/certs/dovecot.crt" destination = "secrets/ssl/certs/dovecot.crt"
perms = "400" perms = "400"
} }
template { template {
data = "{{ key \"configuration/email/dovecot/dovecot.key\" }}" data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}"
destination = "secrets/ssl/private/dovecot.key" destination = "secrets/ssl/private/dovecot.key"
perms = "400" perms = "400"
} }
@ -160,15 +156,20 @@ job "email" {
group "opendkim" { group "opendkim" {
count = 1 count = 1
network {
port "dkim_port" {
static = 8999
to = 8999
}
}
task "server" { task "server" {
driver = "docker" driver = "docker"
config { config {
image = "superboum/amd64_opendkim:v1" image = "superboum/amd64_opendkim:v1"
readonly_rootfs = false readonly_rootfs = false
port_map { ports = [ "dkim_port" ]
dkim_port = 8999
}
command = "opendkim" command = "opendkim"
args = [ "-f", "-v", "-x", "/etc/opendkim.conf" ] args = [ "-f", "-v", "-x", "/etc/opendkim.conf" ]
volumes = [ volumes = [
@ -180,12 +181,6 @@ job "email" {
resources { resources {
cpu = 100 cpu = 100
memory = 50 memory = 50
network {
mbits = 1
port "dkim_port" {
static = "8999"
}
}
} }
service { service {
@ -209,72 +204,69 @@ job "email" {
} }
template { template {
data = "{{ key \"configuration/email/dkim/keytable\" }}" data = file("../config/configuration/email/dkim/keytable")
destination = "secrets/dkim/keytable" destination = "secrets/dkim/keytable"
} }
template { template {
data = "{{ key \"configuration/email/dkim/signingtable\" }}" data = file("../config/configuration/email/dkim/signingtable")
destination = "secrets/dkim/signingtable" destination = "secrets/dkim/signingtable"
} }
template { template {
data = "{{ key \"configuration/email/dkim/smtp.private\" }}" data = file("../config/configuration/email/dkim/trusted")
destination = "secrets/dkim/trusted"
}
# --- secrets ---
template {
data = "{{ key \"secrets/email/dkim/smtp.private\" }}"
destination = "secrets/dkim/smtp.private" destination = "secrets/dkim/smtp.private"
perms = "600" perms = "600"
} }
template {
data = "{{ key \"configuration/email/dkim/smtp.txt\" }}"
destination = "secrets/dkim/smtp.txt"
}
template {
data = "{{ key \"configuration/email/dkim/trusted\" }}"
destination = "secrets/dkim/trusted"
}
} }
} }
group "postfix" { group "postfix" {
count = 1 count = 1
network {
port "smtp_port" {
static = 25
to = 25
}
port "smtps_port" {
static = 465
to = 465
}
port "submission_port" {
static = 587
to = 587
}
}
task "server" { task "server" {
driver = "docker" driver = "docker"
config { config {
image = "superboum/amd64_postfix:v1" image = "superboum/amd64_postfix:v3"
readonly_rootfs = false readonly_rootfs = false
port_map { ports = [ "smtp_port", "smtps_port", "submission_port" ]
smtp_port = 25
smtps_port = 465
submission_port = 587
}
command = "postfix" command = "postfix"
args = [ "start-fg" ] args = [ "start-fg" ]
volumes = [ volumes = [
"secrets/ssl/certs:/etc/ssl/certs", "secrets/ssl/certs:/etc/ssl/certs",
"secrets/ssl/private:/etc/ssl/private", "secrets/ssl/private:/etc/ssl/private",
"secrets/postfix:/etc/postfix-conf", "secrets/postfix:/etc/postfix-conf",
"/dev/log:/dev/log" "/dev/log:/dev/log"
] ]
} }
env { env {
TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr" TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr"
MAILNAME = "smtp.deuxfleurs.fr", MAILNAME = "smtp.deuxfleurs.fr"
} }
resources { resources {
cpu = 100 cpu = 100
memory = 200 memory = 200
network {
mbits = 1
port "smtp_port" {
static = "25"
}
port "smtps_port" {
static = "465"
}
port "submission_port" {
static = "587"
}
}
} }
service { service {
@ -340,86 +332,74 @@ job "email" {
} }
} }
artifact {
source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-account.cf.tpl?raw"
destination = "secrets/postfix/ldap-account.cf.tpl"
mode = "file"
}
template { template {
source = "secrets/postfix/ldap-account.cf.tpl" data = file("../config/configuration/email/postfix/ldap-account.cf.tpl")
destination = "secrets/postfix/ldap-account.cf" destination = "secrets/postfix/ldap-account.cf"
} }
artifact {
source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-alias.cf.tpl?raw"
destination = "secrets/postfix/ldap-alias.cf.tpl"
mode = "file"
}
template { template {
source = "secrets/postfix/ldap-alias.cf.tpl" data = file("../config/configuration/email/postfix/ldap-alias.cf.tpl")
destination = "secrets/postfix/ldap-alias.cf" destination = "secrets/postfix/ldap-alias.cf"
} }
artifact {
source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-virtual-domains.cf.tpl?raw"
destination = "secrets/postfix/ldap-virtual-domains.cf.tpl"
mode = "file"
}
template { template {
source = "secrets/postfix/ldap-virtual-domains.cf.tpl" data = file("../config/configuration/email/postfix/ldap-virtual-domains.cf.tpl")
destination = "secrets/postfix/ldap-virtual-domains.cf" destination = "secrets/postfix/ldap-virtual-domains.cf"
} }
template {
data = file("../config/configuration/email/postfix/dynamicmaps.cf")
destination = "secrets/postfix/dynamicmaps.cf"
}
template { template {
data = "{{ key \"configuration/email/postfix/postfix.crt\" }}" data = file("../config/configuration/email/postfix/header_checks")
destination = "secrets/postfix/header_checks"
}
template {
data = file("../config/configuration/email/postfix/main.cf")
destination = "secrets/postfix/main.cf"
}
template {
data = file("../config/configuration/email/postfix/master.cf")
destination = "secrets/postfix/master.cf"
}
template {
data = file("../config/configuration/email/postfix/transport")
destination = "secrets/postfix/transport"
}
# --- secrets ---
template {
data = "{{ key \"secrets/email/postfix/postfix.crt\" }}"
destination = "secrets/ssl/certs/postfix.crt" destination = "secrets/ssl/certs/postfix.crt"
perms = "400" perms = "400"
} }
template { template {
data = "{{ key \"configuration/email/postfix/postfix.key\" }}" data = "{{ key \"secrets/email/postfix/postfix.key\" }}"
destination = "secrets/ssl/private/postfix.key" destination = "secrets/ssl/private/postfix.key"
perms = "400" perms = "400"
} }
template {
data = "{{ key \"configuration/email/postfix/dynamicmaps.cf\" }}"
destination = "secrets/postfix/dynamicmaps.cf"
}
template {
data = "{{ key \"configuration/email/postfix/header_checks\" }}"
destination = "secrets/postfix/header_checks"
}
template {
data = "{{ key \"configuration/email/postfix/main.cf\" }}"
destination = "secrets/postfix/main.cf"
}
template {
data = "{{ key \"configuration/email/postfix/master.cf\" }}"
destination = "secrets/postfix/master.cf"
}
template {
data = "{{ key \"configuration/email/postfix/transport\" }}"
destination = "secrets/postfix/transport"
}
template {
data = "{{ key \"configuration/email/postfix/transport.db\" }}"
destination = "secrets/postfix/transport.db"
}
} }
} }
group "alps" { group "alps" {
count = 1 count = 1
task "main" {
driver = "docker"
network {
port "alps_web_port" { to = 1323 }
}
task "main" {
driver = "docker"
config { config {
image = "superboum/amd64_alps:v1" image = "superboum/amd64_alps:v1"
readonly_rootfs = true readonly_rootfs = true
port_map { ports = [ "alps_web_port" ]
alps_web_port = 1323
}
command = "-theme" command = "-theme"
args = [ "alps", "imaps://imap.deuxfleurs.fr:993", "smtps://smtp.deuxfleurs.fr:465" ] args = [ "alps", "imaps://imap.deuxfleurs.fr:993", "smtps://smtp.deuxfleurs.fr:465" ]
} }
@ -427,10 +407,6 @@ job "email" {
resources { resources {
cpu = 50 cpu = 50
memory = 40 memory = 40
network {
mbits = 1
port "alps_web_port" {}
}
} }
service { service {
@ -461,42 +437,30 @@ job "email" {
group "sogo" { group "sogo" {
count = 1 count = 1
task "bundle" {
driver = "docker"
network {
port "sogo_web_port" { to = 8080 }
}
task "bundle" {
driver = "docker"
config { config {
image = "superboum/amd64_sogo:v7" image = "superboum/amd64_sogo:v7"
readonly_rootfs = false readonly_rootfs = false
port_map { ports = [ "sogo_web_port" ]
sogo_web_port = 8080
}
volumes = [ volumes = [
"secrets/sogo.conf:/etc/sogo/sogo.conf", "secrets/sogo.conf:/etc/sogo/sogo.conf",
] ]
} }
env {
FAKE = 1
}
/* Workaround as there is no consul source and no way to template recursively... */
artifact {
source = "http://127.0.0.1:8500/v1/kv/configuration/email/sogo/sogo.conf.tpl?raw"
destination = "secrets/tpl/sogo.conf.tpl"
mode = "file"
}
template { template {
source = "secrets/tpl/sogo.conf.tpl" data = file("../config/configuration/email/sogo/sogo.conf.tpl")
destination = "secrets/sogo.conf" destination = "secrets/sogo.conf"
} }
resources { resources {
cpu = 200 cpu = 200
memory = 1000 memory = 1000
network {
mbits = 1
port "sogo_web_port" {}
}
} }
service { service {