forked from Deuxfleurs/infrastructure
Migrate Nomad job for emails
This commit is contained in:
parent
a2adaa2101
commit
9f6f0fb53c
11 changed files with 124 additions and 149 deletions
|
@ -82,3 +82,11 @@ services:
|
||||||
args:
|
args:
|
||||||
VERSION: 0cd26dfbf4ab7be467325ed77230cf371147a98e
|
VERSION: 0cd26dfbf4ab7be467325ed77230cf371147a98e
|
||||||
image: superboum/plume:v1
|
image: superboum/plume:v1
|
||||||
|
|
||||||
|
postfix:
|
||||||
|
build:
|
||||||
|
context: ./postfix
|
||||||
|
args:
|
||||||
|
# https://packages.debian.org/fr/buster/postfix
|
||||||
|
VERSION: 3.4.14-0+deb10u1
|
||||||
|
image: superboum/amd64_postfix:v3
|
||||||
|
|
|
@ -1,8 +1,10 @@
|
||||||
FROM amd64/debian:buster
|
FROM amd64/debian:buster
|
||||||
|
|
||||||
|
ARG VERSION
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y \
|
apt-get install -y \
|
||||||
postfix \
|
postfix=$VERSION \
|
||||||
postfix-ldap
|
postfix-ldap
|
||||||
|
|
||||||
COPY entrypoint.sh /usr/local/bin/entrypoint
|
COPY entrypoint.sh /usr/local/bin/entrypoint
|
||||||
|
|
|
@ -26,5 +26,6 @@ for file in $(ls /etc/postfix-conf); do
|
||||||
done
|
done
|
||||||
|
|
||||||
echo ${MAILNAME} > /etc/mailname
|
echo ${MAILNAME} > /etc/mailname
|
||||||
|
postmap /etc/postfix/transport
|
||||||
|
|
||||||
exec "$@"
|
exec "$@"
|
||||||
|
|
0
app/config/secrets/email/dkim/smtp.private.sample
Normal file
0
app/config/secrets/email/dkim/smtp.private.sample
Normal file
0
app/config/secrets/email/dovecot/dovecot.crt.sample
Normal file
0
app/config/secrets/email/dovecot/dovecot.crt.sample
Normal file
0
app/config/secrets/email/dovecot/dovecot.key.sample
Normal file
0
app/config/secrets/email/dovecot/dovecot.key.sample
Normal file
0
app/config/secrets/email/dovecot/ldap_binddn.sample
Normal file
0
app/config/secrets/email/dovecot/ldap_binddn.sample
Normal file
0
app/config/secrets/email/dovecot/ldap_bindpwd.sample
Normal file
0
app/config/secrets/email/dovecot/ldap_bindpwd.sample
Normal file
0
app/config/secrets/email/postfix/postfix.crt.sample
Normal file
0
app/config/secrets/email/postfix/postfix.crt.sample
Normal file
0
app/config/secrets/email/postfix/postfix.key.sample
Normal file
0
app/config/secrets/email/postfix/postfix.key.sample
Normal file
|
@ -5,24 +5,39 @@ job "email" {
|
||||||
|
|
||||||
group "dovecot" {
|
group "dovecot" {
|
||||||
count = 1
|
count = 1
|
||||||
|
|
||||||
|
network {
|
||||||
|
port "auth_port" {
|
||||||
|
static = 1337
|
||||||
|
to = 1337
|
||||||
|
}
|
||||||
|
port "imaps_port" {
|
||||||
|
static = 993
|
||||||
|
to = 993
|
||||||
|
}
|
||||||
|
port "imap_port" {
|
||||||
|
static = 143
|
||||||
|
to = 143
|
||||||
|
}
|
||||||
|
port "lmtp_port" {
|
||||||
|
static = 24
|
||||||
|
to = 24
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
task "server" {
|
task "server" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_dovecot:v2"
|
image = "superboum/amd64_dovecot:v2"
|
||||||
readonly_rootfs = false
|
readonly_rootfs = false
|
||||||
port_map {
|
ports = [ "auth_port", "imaps_port", "imap_port", "lmtp_port" ]
|
||||||
auth_port = 1337
|
|
||||||
imaps_port = 993
|
|
||||||
imap_port = 143
|
|
||||||
lmtp_port = 24
|
|
||||||
}
|
|
||||||
command = "dovecot"
|
command = "dovecot"
|
||||||
args = [ "-F" ]
|
args = [ "-F" ]
|
||||||
volumes = [
|
volumes = [
|
||||||
"secrets/ssl/certs:/etc/ssl/certs",
|
"secrets/ssl/certs:/etc/ssl/certs",
|
||||||
"secrets/ssl/private:/etc/ssl/private",
|
"secrets/ssl/private:/etc/ssl/private",
|
||||||
"secrets/conf/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf",
|
"secrets/conf/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf",
|
||||||
"/mnt/glusterfs/email/mail:/var/mail/",
|
"/mnt/glusterfs/email/mail:/var/mail/",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -34,21 +49,6 @@ job "email" {
|
||||||
resources {
|
resources {
|
||||||
cpu = 100
|
cpu = 100
|
||||||
memory = 200
|
memory = 200
|
||||||
network {
|
|
||||||
mbits = 1
|
|
||||||
port "auth_port" {
|
|
||||||
static = "1337"
|
|
||||||
}
|
|
||||||
port "imap_port" {
|
|
||||||
static = "143"
|
|
||||||
}
|
|
||||||
port "imaps_port" {
|
|
||||||
static = "993"
|
|
||||||
}
|
|
||||||
port "lmtp_port" {
|
|
||||||
static = "24"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
|
@ -134,24 +134,20 @@ job "email" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
artifact {
|
|
||||||
source = "http://127.0.0.1:8500/v1/kv/configuration/email/dovecot/dovecot-ldap.conf.tpl?raw"
|
|
||||||
destination = "secrets/conf/dovecot-ldap.conf.tpl"
|
|
||||||
mode = "file"
|
|
||||||
}
|
|
||||||
template {
|
template {
|
||||||
source = "secrets/conf/dovecot-ldap.conf.tpl"
|
data = file("../config/configuration/email/dovecot/dovecot-ldap.conf.tpl")
|
||||||
destination = "secrets/conf/dovecot-ldap.conf"
|
destination = "secrets/conf/dovecot-ldap.conf"
|
||||||
perms = "400"
|
perms = "400"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# ----- secrets ------
|
||||||
template {
|
template {
|
||||||
data = "{{ key \"configuration/email/dovecot/dovecot.crt\" }}"
|
data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}"
|
||||||
destination = "secrets/ssl/certs/dovecot.crt"
|
destination = "secrets/ssl/certs/dovecot.crt"
|
||||||
perms = "400"
|
perms = "400"
|
||||||
}
|
}
|
||||||
template {
|
template {
|
||||||
data = "{{ key \"configuration/email/dovecot/dovecot.key\" }}"
|
data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}"
|
||||||
destination = "secrets/ssl/private/dovecot.key"
|
destination = "secrets/ssl/private/dovecot.key"
|
||||||
perms = "400"
|
perms = "400"
|
||||||
}
|
}
|
||||||
|
@ -160,15 +156,20 @@ job "email" {
|
||||||
|
|
||||||
group "opendkim" {
|
group "opendkim" {
|
||||||
count = 1
|
count = 1
|
||||||
|
|
||||||
|
network {
|
||||||
|
port "dkim_port" {
|
||||||
|
static = 8999
|
||||||
|
to = 8999
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
task "server" {
|
task "server" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_opendkim:v1"
|
image = "superboum/amd64_opendkim:v1"
|
||||||
readonly_rootfs = false
|
readonly_rootfs = false
|
||||||
port_map {
|
ports = [ "dkim_port" ]
|
||||||
dkim_port = 8999
|
|
||||||
}
|
|
||||||
command = "opendkim"
|
command = "opendkim"
|
||||||
args = [ "-f", "-v", "-x", "/etc/opendkim.conf" ]
|
args = [ "-f", "-v", "-x", "/etc/opendkim.conf" ]
|
||||||
volumes = [
|
volumes = [
|
||||||
|
@ -180,12 +181,6 @@ job "email" {
|
||||||
resources {
|
resources {
|
||||||
cpu = 100
|
cpu = 100
|
||||||
memory = 50
|
memory = 50
|
||||||
network {
|
|
||||||
mbits = 1
|
|
||||||
port "dkim_port" {
|
|
||||||
static = "8999"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
|
@ -209,72 +204,69 @@ job "email" {
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = "{{ key \"configuration/email/dkim/keytable\" }}"
|
data = file("../config/configuration/email/dkim/keytable")
|
||||||
destination = "secrets/dkim/keytable"
|
destination = "secrets/dkim/keytable"
|
||||||
}
|
}
|
||||||
template {
|
template {
|
||||||
data = "{{ key \"configuration/email/dkim/signingtable\" }}"
|
data = file("../config/configuration/email/dkim/signingtable")
|
||||||
destination = "secrets/dkim/signingtable"
|
destination = "secrets/dkim/signingtable"
|
||||||
}
|
}
|
||||||
template {
|
template {
|
||||||
data = "{{ key \"configuration/email/dkim/smtp.private\" }}"
|
data = file("../config/configuration/email/dkim/trusted")
|
||||||
|
destination = "secrets/dkim/trusted"
|
||||||
|
}
|
||||||
|
|
||||||
|
# --- secrets ---
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/email/dkim/smtp.private\" }}"
|
||||||
destination = "secrets/dkim/smtp.private"
|
destination = "secrets/dkim/smtp.private"
|
||||||
perms = "600"
|
perms = "600"
|
||||||
}
|
}
|
||||||
template {
|
|
||||||
data = "{{ key \"configuration/email/dkim/smtp.txt\" }}"
|
|
||||||
destination = "secrets/dkim/smtp.txt"
|
|
||||||
}
|
|
||||||
template {
|
|
||||||
data = "{{ key \"configuration/email/dkim/trusted\" }}"
|
|
||||||
destination = "secrets/dkim/trusted"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
group "postfix" {
|
group "postfix" {
|
||||||
count = 1
|
count = 1
|
||||||
|
|
||||||
|
network {
|
||||||
|
port "smtp_port" {
|
||||||
|
static = 25
|
||||||
|
to = 25
|
||||||
|
}
|
||||||
|
port "smtps_port" {
|
||||||
|
static = 465
|
||||||
|
to = 465
|
||||||
|
}
|
||||||
|
port "submission_port" {
|
||||||
|
static = 587
|
||||||
|
to = 587
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
task "server" {
|
task "server" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_postfix:v1"
|
image = "superboum/amd64_postfix:v3"
|
||||||
readonly_rootfs = false
|
readonly_rootfs = false
|
||||||
port_map {
|
ports = [ "smtp_port", "smtps_port", "submission_port" ]
|
||||||
smtp_port = 25
|
|
||||||
smtps_port = 465
|
|
||||||
submission_port = 587
|
|
||||||
}
|
|
||||||
command = "postfix"
|
command = "postfix"
|
||||||
args = [ "start-fg" ]
|
args = [ "start-fg" ]
|
||||||
volumes = [
|
volumes = [
|
||||||
"secrets/ssl/certs:/etc/ssl/certs",
|
"secrets/ssl/certs:/etc/ssl/certs",
|
||||||
"secrets/ssl/private:/etc/ssl/private",
|
"secrets/ssl/private:/etc/ssl/private",
|
||||||
"secrets/postfix:/etc/postfix-conf",
|
"secrets/postfix:/etc/postfix-conf",
|
||||||
"/dev/log:/dev/log"
|
"/dev/log:/dev/log"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
env {
|
env {
|
||||||
TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr"
|
TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr"
|
||||||
MAILNAME = "smtp.deuxfleurs.fr",
|
MAILNAME = "smtp.deuxfleurs.fr"
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
cpu = 100
|
cpu = 100
|
||||||
memory = 200
|
memory = 200
|
||||||
network {
|
|
||||||
mbits = 1
|
|
||||||
port "smtp_port" {
|
|
||||||
static = "25"
|
|
||||||
}
|
|
||||||
port "smtps_port" {
|
|
||||||
static = "465"
|
|
||||||
}
|
|
||||||
port "submission_port" {
|
|
||||||
static = "587"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
|
@ -340,86 +332,74 @@ job "email" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
artifact {
|
|
||||||
source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-account.cf.tpl?raw"
|
|
||||||
destination = "secrets/postfix/ldap-account.cf.tpl"
|
|
||||||
mode = "file"
|
|
||||||
}
|
|
||||||
template {
|
template {
|
||||||
source = "secrets/postfix/ldap-account.cf.tpl"
|
data = file("../config/configuration/email/postfix/ldap-account.cf.tpl")
|
||||||
destination = "secrets/postfix/ldap-account.cf"
|
destination = "secrets/postfix/ldap-account.cf"
|
||||||
}
|
}
|
||||||
|
|
||||||
artifact {
|
|
||||||
source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-alias.cf.tpl?raw"
|
|
||||||
destination = "secrets/postfix/ldap-alias.cf.tpl"
|
|
||||||
mode = "file"
|
|
||||||
}
|
|
||||||
template {
|
template {
|
||||||
source = "secrets/postfix/ldap-alias.cf.tpl"
|
data = file("../config/configuration/email/postfix/ldap-alias.cf.tpl")
|
||||||
destination = "secrets/postfix/ldap-alias.cf"
|
destination = "secrets/postfix/ldap-alias.cf"
|
||||||
}
|
}
|
||||||
|
|
||||||
artifact {
|
|
||||||
source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-virtual-domains.cf.tpl?raw"
|
|
||||||
destination = "secrets/postfix/ldap-virtual-domains.cf.tpl"
|
|
||||||
mode = "file"
|
|
||||||
}
|
|
||||||
template {
|
template {
|
||||||
source = "secrets/postfix/ldap-virtual-domains.cf.tpl"
|
data = file("../config/configuration/email/postfix/ldap-virtual-domains.cf.tpl")
|
||||||
destination = "secrets/postfix/ldap-virtual-domains.cf"
|
destination = "secrets/postfix/ldap-virtual-domains.cf"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = file("../config/configuration/email/postfix/dynamicmaps.cf")
|
||||||
|
destination = "secrets/postfix/dynamicmaps.cf"
|
||||||
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = "{{ key \"configuration/email/postfix/postfix.crt\" }}"
|
data = file("../config/configuration/email/postfix/header_checks")
|
||||||
|
destination = "secrets/postfix/header_checks"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = file("../config/configuration/email/postfix/main.cf")
|
||||||
|
destination = "secrets/postfix/main.cf"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = file("../config/configuration/email/postfix/master.cf")
|
||||||
|
destination = "secrets/postfix/master.cf"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = file("../config/configuration/email/postfix/transport")
|
||||||
|
destination = "secrets/postfix/transport"
|
||||||
|
}
|
||||||
|
|
||||||
|
# --- secrets ---
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/email/postfix/postfix.crt\" }}"
|
||||||
destination = "secrets/ssl/certs/postfix.crt"
|
destination = "secrets/ssl/certs/postfix.crt"
|
||||||
perms = "400"
|
perms = "400"
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = "{{ key \"configuration/email/postfix/postfix.key\" }}"
|
data = "{{ key \"secrets/email/postfix/postfix.key\" }}"
|
||||||
destination = "secrets/ssl/private/postfix.key"
|
destination = "secrets/ssl/private/postfix.key"
|
||||||
perms = "400"
|
perms = "400"
|
||||||
}
|
}
|
||||||
template {
|
|
||||||
data = "{{ key \"configuration/email/postfix/dynamicmaps.cf\" }}"
|
|
||||||
destination = "secrets/postfix/dynamicmaps.cf"
|
|
||||||
}
|
|
||||||
template {
|
|
||||||
data = "{{ key \"configuration/email/postfix/header_checks\" }}"
|
|
||||||
destination = "secrets/postfix/header_checks"
|
|
||||||
}
|
|
||||||
template {
|
|
||||||
data = "{{ key \"configuration/email/postfix/main.cf\" }}"
|
|
||||||
destination = "secrets/postfix/main.cf"
|
|
||||||
}
|
|
||||||
template {
|
|
||||||
data = "{{ key \"configuration/email/postfix/master.cf\" }}"
|
|
||||||
destination = "secrets/postfix/master.cf"
|
|
||||||
}
|
|
||||||
template {
|
|
||||||
data = "{{ key \"configuration/email/postfix/transport\" }}"
|
|
||||||
destination = "secrets/postfix/transport"
|
|
||||||
}
|
|
||||||
template {
|
|
||||||
data = "{{ key \"configuration/email/postfix/transport.db\" }}"
|
|
||||||
destination = "secrets/postfix/transport.db"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
group "alps" {
|
group "alps" {
|
||||||
count = 1
|
count = 1
|
||||||
task "main" {
|
|
||||||
|
|
||||||
driver = "docker"
|
|
||||||
|
|
||||||
|
network {
|
||||||
|
port "alps_web_port" { to = 1323 }
|
||||||
|
}
|
||||||
|
|
||||||
|
task "main" {
|
||||||
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_alps:v1"
|
image = "superboum/amd64_alps:v1"
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
port_map {
|
ports = [ "alps_web_port" ]
|
||||||
alps_web_port = 1323
|
|
||||||
}
|
|
||||||
command = "-theme"
|
command = "-theme"
|
||||||
args = [ "alps", "imaps://imap.deuxfleurs.fr:993", "smtps://smtp.deuxfleurs.fr:465" ]
|
args = [ "alps", "imaps://imap.deuxfleurs.fr:993", "smtps://smtp.deuxfleurs.fr:465" ]
|
||||||
}
|
}
|
||||||
|
@ -427,10 +407,6 @@ job "email" {
|
||||||
resources {
|
resources {
|
||||||
cpu = 50
|
cpu = 50
|
||||||
memory = 40
|
memory = 40
|
||||||
network {
|
|
||||||
mbits = 1
|
|
||||||
port "alps_web_port" {}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
|
@ -461,42 +437,30 @@ job "email" {
|
||||||
|
|
||||||
group "sogo" {
|
group "sogo" {
|
||||||
count = 1
|
count = 1
|
||||||
task "bundle" {
|
|
||||||
|
|
||||||
driver = "docker"
|
|
||||||
|
|
||||||
|
network {
|
||||||
|
port "sogo_web_port" { to = 8080 }
|
||||||
|
}
|
||||||
|
|
||||||
|
task "bundle" {
|
||||||
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_sogo:v7"
|
image = "superboum/amd64_sogo:v7"
|
||||||
readonly_rootfs = false
|
readonly_rootfs = false
|
||||||
port_map {
|
ports = [ "sogo_web_port" ]
|
||||||
sogo_web_port = 8080
|
|
||||||
}
|
|
||||||
volumes = [
|
volumes = [
|
||||||
"secrets/sogo.conf:/etc/sogo/sogo.conf",
|
"secrets/sogo.conf:/etc/sogo/sogo.conf",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
env {
|
|
||||||
FAKE = 1
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Workaround as there is no consul source and no way to template recursively... */
|
|
||||||
artifact {
|
|
||||||
source = "http://127.0.0.1:8500/v1/kv/configuration/email/sogo/sogo.conf.tpl?raw"
|
|
||||||
destination = "secrets/tpl/sogo.conf.tpl"
|
|
||||||
mode = "file"
|
|
||||||
}
|
|
||||||
template {
|
template {
|
||||||
source = "secrets/tpl/sogo.conf.tpl"
|
data = file("../config/configuration/email/sogo/sogo.conf.tpl")
|
||||||
destination = "secrets/sogo.conf"
|
destination = "secrets/sogo.conf"
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
cpu = 200
|
cpu = 200
|
||||||
memory = 1000
|
memory = 1000
|
||||||
network {
|
|
||||||
mbits = 1
|
|
||||||
port "sogo_web_port" {}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
|
|
Loading…
Reference in a new issue