From 9f6f0fb53c257bb6732f037170bc11af1bf20d4f Mon Sep 17 00:00:00 2001 From: Quentin Date: Tue, 22 Dec 2020 16:40:36 +0100 Subject: Migrate Nomad job for emails --- app/build/docker-compose.yml | 8 + app/build/postfix/Dockerfile | 4 +- app/build/postfix/entrypoint.sh | 1 + app/config/secrets/email/dkim/smtp.private.sample | 0 .../secrets/email/dovecot/dovecot.crt.sample | 0 .../secrets/email/dovecot/dovecot.key.sample | 0 .../secrets/email/dovecot/ldap_binddn.sample | 0 .../secrets/email/dovecot/ldap_bindpwd.sample | 0 .../secrets/email/postfix/postfix.crt.sample | 0 .../secrets/email/postfix/postfix.key.sample | 0 app/deployment/email.hcl | 240 +++++++++------------ 11 files changed, 114 insertions(+), 139 deletions(-) create mode 100644 app/config/secrets/email/dkim/smtp.private.sample create mode 100644 app/config/secrets/email/dovecot/dovecot.crt.sample create mode 100644 app/config/secrets/email/dovecot/dovecot.key.sample create mode 100644 app/config/secrets/email/dovecot/ldap_binddn.sample create mode 100644 app/config/secrets/email/dovecot/ldap_bindpwd.sample create mode 100644 app/config/secrets/email/postfix/postfix.crt.sample create mode 100644 app/config/secrets/email/postfix/postfix.key.sample diff --git a/app/build/docker-compose.yml b/app/build/docker-compose.yml index de8ecf5..38031d2 100644 --- a/app/build/docker-compose.yml +++ b/app/build/docker-compose.yml @@ -82,3 +82,11 @@ services: args: VERSION: 0cd26dfbf4ab7be467325ed77230cf371147a98e image: superboum/plume:v1 + + postfix: + build: + context: ./postfix + args: + # https://packages.debian.org/fr/buster/postfix + VERSION: 3.4.14-0+deb10u1 + image: superboum/amd64_postfix:v3 diff --git a/app/build/postfix/Dockerfile b/app/build/postfix/Dockerfile index 9e4c067..0c74fdc 100644 --- a/app/build/postfix/Dockerfile +++ b/app/build/postfix/Dockerfile @@ -1,8 +1,10 @@ FROM amd64/debian:buster +ARG VERSION + RUN apt-get update && \ apt-get install -y \ - postfix \ + postfix=$VERSION \ postfix-ldap COPY entrypoint.sh /usr/local/bin/entrypoint diff --git a/app/build/postfix/entrypoint.sh b/app/build/postfix/entrypoint.sh index c7ace3d..fcf1a66 100755 --- a/app/build/postfix/entrypoint.sh +++ b/app/build/postfix/entrypoint.sh @@ -26,5 +26,6 @@ for file in $(ls /etc/postfix-conf); do done echo ${MAILNAME} > /etc/mailname +postmap /etc/postfix/transport exec "$@" diff --git a/app/config/secrets/email/dkim/smtp.private.sample b/app/config/secrets/email/dkim/smtp.private.sample new file mode 100644 index 0000000..e69de29 diff --git a/app/config/secrets/email/dovecot/dovecot.crt.sample b/app/config/secrets/email/dovecot/dovecot.crt.sample new file mode 100644 index 0000000..e69de29 diff --git a/app/config/secrets/email/dovecot/dovecot.key.sample b/app/config/secrets/email/dovecot/dovecot.key.sample new file mode 100644 index 0000000..e69de29 diff --git a/app/config/secrets/email/dovecot/ldap_binddn.sample b/app/config/secrets/email/dovecot/ldap_binddn.sample new file mode 100644 index 0000000..e69de29 diff --git a/app/config/secrets/email/dovecot/ldap_bindpwd.sample b/app/config/secrets/email/dovecot/ldap_bindpwd.sample new file mode 100644 index 0000000..e69de29 diff --git a/app/config/secrets/email/postfix/postfix.crt.sample b/app/config/secrets/email/postfix/postfix.crt.sample new file mode 100644 index 0000000..e69de29 diff --git a/app/config/secrets/email/postfix/postfix.key.sample b/app/config/secrets/email/postfix/postfix.key.sample new file mode 100644 index 0000000..e69de29 diff --git a/app/deployment/email.hcl b/app/deployment/email.hcl index 277e356..a51ea27 100644 --- a/app/deployment/email.hcl +++ b/app/deployment/email.hcl @@ -5,24 +5,39 @@ job "email" { group "dovecot" { count = 1 + + network { + port "auth_port" { + static = 1337 + to = 1337 + } + port "imaps_port" { + static = 993 + to = 993 + } + port "imap_port" { + static = 143 + to = 143 + } + port "lmtp_port" { + static = 24 + to = 24 + } + } + task "server" { driver = "docker" config { image = "superboum/amd64_dovecot:v2" readonly_rootfs = false - port_map { - auth_port = 1337 - imaps_port = 993 - imap_port = 143 - lmtp_port = 24 - } + ports = [ "auth_port", "imaps_port", "imap_port", "lmtp_port" ] command = "dovecot" args = [ "-F" ] volumes = [ "secrets/ssl/certs:/etc/ssl/certs", "secrets/ssl/private:/etc/ssl/private", - "secrets/conf/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf", + "secrets/conf/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf", "/mnt/glusterfs/email/mail:/var/mail/", ] } @@ -34,21 +49,6 @@ job "email" { resources { cpu = 100 memory = 200 - network { - mbits = 1 - port "auth_port" { - static = "1337" - } - port "imap_port" { - static = "143" - } - port "imaps_port" { - static = "993" - } - port "lmtp_port" { - static = "24" - } - } } service { @@ -134,24 +134,20 @@ job "email" { } } - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/email/dovecot/dovecot-ldap.conf.tpl?raw" - destination = "secrets/conf/dovecot-ldap.conf.tpl" - mode = "file" - } template { - source = "secrets/conf/dovecot-ldap.conf.tpl" + data = file("../config/configuration/email/dovecot/dovecot-ldap.conf.tpl") destination = "secrets/conf/dovecot-ldap.conf" perms = "400" } + # ----- secrets ------ template { - data = "{{ key \"configuration/email/dovecot/dovecot.crt\" }}" + data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}" destination = "secrets/ssl/certs/dovecot.crt" perms = "400" } template { - data = "{{ key \"configuration/email/dovecot/dovecot.key\" }}" + data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}" destination = "secrets/ssl/private/dovecot.key" perms = "400" } @@ -160,15 +156,20 @@ job "email" { group "opendkim" { count = 1 + + network { + port "dkim_port" { + static = 8999 + to = 8999 + } + } + task "server" { driver = "docker" - config { image = "superboum/amd64_opendkim:v1" readonly_rootfs = false - port_map { - dkim_port = 8999 - } + ports = [ "dkim_port" ] command = "opendkim" args = [ "-f", "-v", "-x", "/etc/opendkim.conf" ] volumes = [ @@ -180,12 +181,6 @@ job "email" { resources { cpu = 100 memory = 50 - network { - mbits = 1 - port "dkim_port" { - static = "8999" - } - } } service { @@ -209,72 +204,69 @@ job "email" { } template { - data = "{{ key \"configuration/email/dkim/keytable\" }}" + data = file("../config/configuration/email/dkim/keytable") destination = "secrets/dkim/keytable" } template { - data = "{{ key \"configuration/email/dkim/signingtable\" }}" + data = file("../config/configuration/email/dkim/signingtable") destination = "secrets/dkim/signingtable" } template { - data = "{{ key \"configuration/email/dkim/smtp.private\" }}" - destination = "secrets/dkim/smtp.private" - perms = "600" - } - template { - data = "{{ key \"configuration/email/dkim/smtp.txt\" }}" - destination = "secrets/dkim/smtp.txt" + data = file("../config/configuration/email/dkim/trusted") + destination = "secrets/dkim/trusted" } + + # --- secrets --- template { - data = "{{ key \"configuration/email/dkim/trusted\" }}" - destination = "secrets/dkim/trusted" + data = "{{ key \"secrets/email/dkim/smtp.private\" }}" + destination = "secrets/dkim/smtp.private" + perms = "600" } } } group "postfix" { count = 1 + + network { + port "smtp_port" { + static = 25 + to = 25 + } + port "smtps_port" { + static = 465 + to = 465 + } + port "submission_port" { + static = 587 + to = 587 + } + } + task "server" { driver = "docker" - config { - image = "superboum/amd64_postfix:v1" + image = "superboum/amd64_postfix:v3" readonly_rootfs = false - port_map { - smtp_port = 25 - smtps_port = 465 - submission_port = 587 - } + ports = [ "smtp_port", "smtps_port", "submission_port" ] command = "postfix" args = [ "start-fg" ] volumes = [ "secrets/ssl/certs:/etc/ssl/certs", "secrets/ssl/private:/etc/ssl/private", - "secrets/postfix:/etc/postfix-conf", + "secrets/postfix:/etc/postfix-conf", "/dev/log:/dev/log" ] } env { TLSINFO = "/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr" - MAILNAME = "smtp.deuxfleurs.fr", + MAILNAME = "smtp.deuxfleurs.fr" } resources { cpu = 100 memory = 200 - network { - mbits = 1 - port "smtp_port" { - static = "25" - } - port "smtps_port" { - static = "465" - } - port "submission_port" { - static = "587" - } - } } service { @@ -340,86 +332,74 @@ job "email" { } } - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-account.cf.tpl?raw" - destination = "secrets/postfix/ldap-account.cf.tpl" - mode = "file" - } template { - source = "secrets/postfix/ldap-account.cf.tpl" + data = file("../config/configuration/email/postfix/ldap-account.cf.tpl") destination = "secrets/postfix/ldap-account.cf" } - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-alias.cf.tpl?raw" - destination = "secrets/postfix/ldap-alias.cf.tpl" - mode = "file" - } template { - source = "secrets/postfix/ldap-alias.cf.tpl" + data = file("../config/configuration/email/postfix/ldap-alias.cf.tpl") destination = "secrets/postfix/ldap-alias.cf" } - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-virtual-domains.cf.tpl?raw" - destination = "secrets/postfix/ldap-virtual-domains.cf.tpl" - mode = "file" - } template { - source = "secrets/postfix/ldap-virtual-domains.cf.tpl" + data = file("../config/configuration/email/postfix/ldap-virtual-domains.cf.tpl") destination = "secrets/postfix/ldap-virtual-domains.cf" } - - + template { - data = "{{ key \"configuration/email/postfix/postfix.crt\" }}" - destination = "secrets/ssl/certs/postfix.crt" - perms = "400" - } - template { - data = "{{ key \"configuration/email/postfix/postfix.key\" }}" - destination = "secrets/ssl/private/postfix.key" - perms = "400" - } - template { - data = "{{ key \"configuration/email/postfix/dynamicmaps.cf\" }}" + data = file("../config/configuration/email/postfix/dynamicmaps.cf") destination = "secrets/postfix/dynamicmaps.cf" } + template { - data = "{{ key \"configuration/email/postfix/header_checks\" }}" + data = file("../config/configuration/email/postfix/header_checks") destination = "secrets/postfix/header_checks" } + template { - data = "{{ key \"configuration/email/postfix/main.cf\" }}" + data = file("../config/configuration/email/postfix/main.cf") destination = "secrets/postfix/main.cf" } + template { - data = "{{ key \"configuration/email/postfix/master.cf\" }}" + data = file("../config/configuration/email/postfix/master.cf") destination = "secrets/postfix/master.cf" } + template { - data = "{{ key \"configuration/email/postfix/transport\" }}" + data = file("../config/configuration/email/postfix/transport") destination = "secrets/postfix/transport" } + + # --- secrets --- template { - data = "{{ key \"configuration/email/postfix/transport.db\" }}" - destination = "secrets/postfix/transport.db" + data = "{{ key \"secrets/email/postfix/postfix.crt\" }}" + destination = "secrets/ssl/certs/postfix.crt" + perms = "400" + } + + template { + data = "{{ key \"secrets/email/postfix/postfix.key\" }}" + destination = "secrets/ssl/private/postfix.key" + perms = "400" } } } group "alps" { count = 1 + + network { + port "alps_web_port" { to = 1323 } + } + task "main" { - driver = "docker" - config { image = "superboum/amd64_alps:v1" readonly_rootfs = true - port_map { - alps_web_port = 1323 - } + ports = [ "alps_web_port" ] command = "-theme" args = [ "alps", "imaps://imap.deuxfleurs.fr:993", "smtps://smtp.deuxfleurs.fr:465" ] } @@ -427,10 +407,6 @@ job "email" { resources { cpu = 50 memory = 40 - network { - mbits = 1 - port "alps_web_port" {} - } } service { @@ -461,42 +437,30 @@ job "email" { group "sogo" { count = 1 + + network { + port "sogo_web_port" { to = 8080 } + } + task "bundle" { - driver = "docker" - config { image = "superboum/amd64_sogo:v7" readonly_rootfs = false - port_map { - sogo_web_port = 8080 - } + ports = [ "sogo_web_port" ] volumes = [ - "secrets/sogo.conf:/etc/sogo/sogo.conf", + "secrets/sogo.conf:/etc/sogo/sogo.conf", ] } - env { - FAKE = 1 - } - /* Workaround as there is no consul source and no way to template recursively... */ - artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/email/sogo/sogo.conf.tpl?raw" - destination = "secrets/tpl/sogo.conf.tpl" - mode = "file" - } template { - source = "secrets/tpl/sogo.conf.tpl" + data = file("../config/configuration/email/sogo/sogo.conf.tpl") destination = "secrets/sogo.conf" } resources { cpu = 200 memory = 1000 - network { - mbits = 1 - port "sogo_web_port" {} - } } service { -- cgit v1.2.3