aboutsummaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorQuentin <quentin@deuxfleurs.fr>2020-12-22 16:40:36 +0100
committerQuentin <quentin@deuxfleurs.fr>2020-12-22 16:40:36 +0100
commit9f6f0fb53c257bb6732f037170bc11af1bf20d4f (patch)
tree50c8f4dc2234969575d01c0db47ea266dba0a854 /app
parenta2adaa2101d2b82d457c1ef6e9e25acb9022b9fc (diff)
downloadinfrastructure-9f6f0fb53c257bb6732f037170bc11af1bf20d4f.tar.gz
infrastructure-9f6f0fb53c257bb6732f037170bc11af1bf20d4f.zip
Migrate Nomad job for emails
Diffstat (limited to 'app')
-rw-r--r--app/build/docker-compose.yml8
-rw-r--r--app/build/postfix/Dockerfile4
-rwxr-xr-xapp/build/postfix/entrypoint.sh1
-rw-r--r--app/config/secrets/email/dkim/smtp.private.sample0
-rw-r--r--app/config/secrets/email/dovecot/dovecot.crt.sample0
-rw-r--r--app/config/secrets/email/dovecot/dovecot.key.sample0
-rw-r--r--app/config/secrets/email/dovecot/ldap_binddn.sample0
-rw-r--r--app/config/secrets/email/dovecot/ldap_bindpwd.sample0
-rw-r--r--app/config/secrets/email/postfix/postfix.crt.sample0
-rw-r--r--app/config/secrets/email/postfix/postfix.key.sample0
-rw-r--r--app/deployment/email.hcl240
11 files changed, 114 insertions, 139 deletions
diff --git a/app/build/docker-compose.yml b/app/build/docker-compose.yml
index de8ecf5..38031d2 100644
--- a/app/build/docker-compose.yml
+++ b/app/build/docker-compose.yml
@@ -82,3 +82,11 @@ services:
args:
VERSION: 0cd26dfbf4ab7be467325ed77230cf371147a98e
image: superboum/plume:v1
+
+ postfix:
+ build:
+ context: ./postfix
+ args:
+ # https://packages.debian.org/fr/buster/postfix
+ VERSION: 3.4.14-0+deb10u1
+ image: superboum/amd64_postfix:v3
diff --git a/app/build/postfix/Dockerfile b/app/build/postfix/Dockerfile
index 9e4c067..0c74fdc 100644
--- a/app/build/postfix/Dockerfile
+++ b/app/build/postfix/Dockerfile
@@ -1,8 +1,10 @@
FROM amd64/debian:buster
+ARG VERSION
+
RUN apt-get update && \
apt-get install -y \
- postfix \
+ postfix=$VERSION \
postfix-ldap
COPY entrypoint.sh /usr/local/bin/entrypoint
diff --git a/app/build/postfix/entrypoint.sh b/app/build/postfix/entrypoint.sh
index c7ace3d..fcf1a66 100755
--- a/app/build/postfix/entrypoint.sh
+++ b/app/build/postfix/entrypoint.sh
@@ -26,5 +26,6 @@ for file in $(ls /etc/postfix-conf); do
done
echo ${MAILNAME} > /etc/mailname
+postmap /etc/postfix/transport
exec "$@"
diff --git a/app/config/secrets/email/dkim/smtp.private.sample b/app/config/secrets/email/dkim/smtp.private.sample
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/app/config/secrets/email/dkim/smtp.private.sample
diff --git a/app/config/secrets/email/dovecot/dovecot.crt.sample b/app/config/secrets/email/dovecot/dovecot.crt.sample
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/app/config/secrets/email/dovecot/dovecot.crt.sample
diff --git a/app/config/secrets/email/dovecot/dovecot.key.sample b/app/config/secrets/email/dovecot/dovecot.key.sample
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/app/config/secrets/email/dovecot/dovecot.key.sample
diff --git a/app/config/secrets/email/dovecot/ldap_binddn.sample b/app/config/secrets/email/dovecot/ldap_binddn.sample
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/app/config/secrets/email/dovecot/ldap_binddn.sample
diff --git a/app/config/secrets/email/dovecot/ldap_bindpwd.sample b/app/config/secrets/email/dovecot/ldap_bindpwd.sample
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/app/config/secrets/email/dovecot/ldap_bindpwd.sample
diff --git a/app/config/secrets/email/postfix/postfix.crt.sample b/app/config/secrets/email/postfix/postfix.crt.sample
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/app/config/secrets/email/postfix/postfix.crt.sample
diff --git a/app/config/secrets/email/postfix/postfix.key.sample b/app/config/secrets/email/postfix/postfix.key.sample
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/app/config/secrets/email/postfix/postfix.key.sample
diff --git a/app/deployment/email.hcl b/app/deployment/email.hcl
index 277e356..a51ea27 100644
--- a/app/deployment/email.hcl
+++ b/app/deployment/email.hcl
@@ -5,24 +5,39 @@ job "email" {
group "dovecot" {
count = 1
+
+ network {
+ port "auth_port" {
+ static = 1337
+ to = 1337
+ }
+ port "imaps_port" {
+ static = 993
+ to = 993
+ }
+ port "imap_port" {
+ static = 143
+ to = 143
+ }
+ port "lmtp_port" {
+ static = 24
+ to = 24
+ }
+ }
+
task "server" {
driver = "docker"
config {
image = "superboum/amd64_dovecot:v2"
readonly_rootfs = false
- port_map {
- auth_port = 1337
- imaps_port = 993
- imap_port = 143
- lmtp_port = 24
- }
+ ports = [ "auth_port", "imaps_port", "imap_port", "lmtp_port" ]
command = "dovecot"
args = [ "-F" ]
volumes = [
"secrets/ssl/certs:/etc/ssl/certs",
"secrets/ssl/private:/etc/ssl/private",
- "secrets/conf/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf",
+ "secrets/conf/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf",
"/mnt/glusterfs/email/mail:/var/mail/",
]
}
@@ -34,21 +49,6 @@ job "email" {
resources {
cpu = 100
memory = 200
- network {
- mbits = 1
- port "auth_port" {
- static = "1337"
- }
- port "imap_port" {
- static = "143"
- }
- port "imaps_port" {
- static = "993"
- }
- port "lmtp_port" {
- static = "24"
- }
- }
}
service {
@@ -134,24 +134,20 @@ job "email" {
}
}
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/email/dovecot/dovecot-ldap.conf.tpl?raw"
- destination = "secrets/conf/dovecot-ldap.conf.tpl"
- mode = "file"
- }
template {
- source = "secrets/conf/dovecot-ldap.conf.tpl"
+ data = file("../config/configuration/email/dovecot/dovecot-ldap.conf.tpl")
destination = "secrets/conf/dovecot-ldap.conf"
perms = "400"
}
+ # ----- secrets ------
template {
- data = "{{ key \"configuration/email/dovecot/dovecot.crt\" }}"
+ data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}"
destination = "secrets/ssl/certs/dovecot.crt"
perms = "400"
}
template {
- data = "{{ key \"configuration/email/dovecot/dovecot.key\" }}"
+ data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}"
destination = "secrets/ssl/private/dovecot.key"
perms = "400"
}
@@ -160,15 +156,20 @@ job "email" {
group "opendkim" {
count = 1
+
+ network {
+ port "dkim_port" {
+ static = 8999
+ to = 8999
+ }
+ }
+
task "server" {
driver = "docker"
-
config {
image = "superboum/amd64_opendkim:v1"
readonly_rootfs = false
- port_map {
- dkim_port = 8999
- }
+ ports = [ "dkim_port" ]
command = "opendkim"
args = [ "-f", "-v", "-x", "/etc/opendkim.conf" ]
volumes = [
@@ -180,12 +181,6 @@ job "email" {
resources {
cpu = 100
memory = 50
- network {
- mbits = 1
- port "dkim_port" {
- static = "8999"
- }
- }
}
service {
@@ -209,72 +204,69 @@ job "email" {
}
template {
- data = "{{ key \"configuration/email/dkim/keytable\" }}"
+ data = file("../config/configuration/email/dkim/keytable")
destination = "secrets/dkim/keytable"
}
template {
- data = "{{ key \"configuration/email/dkim/signingtable\" }}"
+ data = file("../config/configuration/email/dkim/signingtable")
destination = "secrets/dkim/signingtable"
}
template {
- data = "{{ key \"configuration/email/dkim/smtp.private\" }}"
- destination = "secrets/dkim/smtp.private"
- perms = "600"
- }
- template {
- data = "{{ key \"configuration/email/dkim/smtp.txt\" }}"
- destination = "secrets/dkim/smtp.txt"
+ data = file("../config/configuration/email/dkim/trusted")
+ destination = "secrets/dkim/trusted"
}
+
+ # --- secrets ---
template {
- data = "{{ key \"configuration/email/dkim/trusted\" }}"
- destination = "secrets/dkim/trusted"
+ data = "{{ key \"secrets/email/dkim/smtp.private\" }}"
+ destination = "secrets/dkim/smtp.private"
+ perms = "600"
}
}
}
group "postfix" {
count = 1
+
+ network {
+ port "smtp_port" {
+ static = 25
+ to = 25
+ }
+ port "smtps_port" {
+ static = 465
+ to = 465
+ }
+ port "submission_port" {
+ static = 587
+ to = 587
+ }
+ }
+
task "server" {
driver = "docker"
-
config {
- image = "superboum/amd64_postfix:v1"
+ image = "superboum/amd64_postfix:v3"
readonly_rootfs = false
- port_map {
- smtp_port = 25
- smtps_port = 465
- submission_port = 587
- }
+ ports = [ "smtp_port", "smtps_port", "submission_port" ]
command = "postfix"
args = [ "start-fg" ]
volumes = [
"secrets/ssl/certs:/etc/ssl/certs",
"secrets/ssl/private:/etc/ssl/private",
- "secrets/postfix:/etc/postfix-conf",
+ "secrets/postfix:/etc/postfix-conf",
"/dev/log:/dev/log"
]
}
env {
TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr"
- MAILNAME = "smtp.deuxfleurs.fr",
+ MAILNAME = "smtp.deuxfleurs.fr"
}
resources {
cpu = 100
memory = 200
- network {
- mbits = 1
- port "smtp_port" {
- static = "25"
- }
- port "smtps_port" {
- static = "465"
- }
- port "submission_port" {
- static = "587"
- }
- }
}
service {
@@ -340,86 +332,74 @@ job "email" {
}
}
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-account.cf.tpl?raw"
- destination = "secrets/postfix/ldap-account.cf.tpl"
- mode = "file"
- }
template {
- source = "secrets/postfix/ldap-account.cf.tpl"
+ data = file("../config/configuration/email/postfix/ldap-account.cf.tpl")
destination = "secrets/postfix/ldap-account.cf"
}
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-alias.cf.tpl?raw"
- destination = "secrets/postfix/ldap-alias.cf.tpl"
- mode = "file"
- }
template {
- source = "secrets/postfix/ldap-alias.cf.tpl"
+ data = file("../config/configuration/email/postfix/ldap-alias.cf.tpl")
destination = "secrets/postfix/ldap-alias.cf"
}
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-virtual-domains.cf.tpl?raw"
- destination = "secrets/postfix/ldap-virtual-domains.cf.tpl"
- mode = "file"
- }
template {
- source = "secrets/postfix/ldap-virtual-domains.cf.tpl"
+ data = file("../config/configuration/email/postfix/ldap-virtual-domains.cf.tpl")
destination = "secrets/postfix/ldap-virtual-domains.cf"
}
-
-
+
template {
- data = "{{ key \"configuration/email/postfix/postfix.crt\" }}"
- destination = "secrets/ssl/certs/postfix.crt"
- perms = "400"
- }
- template {
- data = "{{ key \"configuration/email/postfix/postfix.key\" }}"
- destination = "secrets/ssl/private/postfix.key"
- perms = "400"
- }
- template {
- data = "{{ key \"configuration/email/postfix/dynamicmaps.cf\" }}"
+ data = file("../config/configuration/email/postfix/dynamicmaps.cf")
destination = "secrets/postfix/dynamicmaps.cf"
}
+
template {
- data = "{{ key \"configuration/email/postfix/header_checks\" }}"
+ data = file("../config/configuration/email/postfix/header_checks")
destination = "secrets/postfix/header_checks"
}
+
template {
- data = "{{ key \"configuration/email/postfix/main.cf\" }}"
+ data = file("../config/configuration/email/postfix/main.cf")
destination = "secrets/postfix/main.cf"
}
+
template {
- data = "{{ key \"configuration/email/postfix/master.cf\" }}"
+ data = file("../config/configuration/email/postfix/master.cf")
destination = "secrets/postfix/master.cf"
}
+
template {
- data = "{{ key \"configuration/email/postfix/transport\" }}"
+ data = file("../config/configuration/email/postfix/transport")
destination = "secrets/postfix/transport"
}
+
+ # --- secrets ---
template {
- data = "{{ key \"configuration/email/postfix/transport.db\" }}"
- destination = "secrets/postfix/transport.db"
+ data = "{{ key \"secrets/email/postfix/postfix.crt\" }}"
+ destination = "secrets/ssl/certs/postfix.crt"
+ perms = "400"
+ }
+
+ template {
+ data = "{{ key \"secrets/email/postfix/postfix.key\" }}"
+ destination = "secrets/ssl/private/postfix.key"
+ perms = "400"
}
}
}
group "alps" {
count = 1
+
+ network {
+ port "alps_web_port" { to = 1323 }
+ }
+
task "main" {
-
driver = "docker"
-
config {
image = "superboum/amd64_alps:v1"
readonly_rootfs = true
- port_map {
- alps_web_port = 1323
- }
+ ports = [ "alps_web_port" ]
command = "-theme"
args = [ "alps", "imaps://imap.deuxfleurs.fr:993", "smtps://smtp.deuxfleurs.fr:465" ]
}
@@ -427,10 +407,6 @@ job "email" {
resources {
cpu = 50
memory = 40
- network {
- mbits = 1
- port "alps_web_port" {}
- }
}
service {
@@ -461,42 +437,30 @@ job "email" {
group "sogo" {
count = 1
+
+ network {
+ port "sogo_web_port" { to = 8080 }
+ }
+
task "bundle" {
-
driver = "docker"
-
config {
image = "superboum/amd64_sogo:v7"
readonly_rootfs = false
- port_map {
- sogo_web_port = 8080
- }
+ ports = [ "sogo_web_port" ]
volumes = [
- "secrets/sogo.conf:/etc/sogo/sogo.conf",
+ "secrets/sogo.conf:/etc/sogo/sogo.conf",
]
}
- env {
- FAKE = 1
- }
- /* Workaround as there is no consul source and no way to template recursively... */
- artifact {
- source = "http://127.0.0.1:8500/v1/kv/configuration/email/sogo/sogo.conf.tpl?raw"
- destination = "secrets/tpl/sogo.conf.tpl"
- mode = "file"
- }
template {
- source = "secrets/tpl/sogo.conf.tpl"
+ data = file("../config/configuration/email/sogo/sogo.conf.tpl")
destination = "secrets/sogo.conf"
}
resources {
cpu = 200
memory = 1000
- network {
- mbits = 1
- port "sogo_web_port" {}
- }
}
service {